diff --git a/.ansible-lint b/.ansible-lint deleted file mode 100644 index 397b347d2c..0000000000 --- a/.ansible-lint +++ /dev/null @@ -1,68 +0,0 @@ ---- -# .ansible-lint -# exclude_paths included in this file are parsed relative to this file's location -# and not relative to the CWD of execution. CLI arguments passed to the --exclude -# option will be parsed relative to the CWD of execution. -exclude_paths: - - .cache/ # implicit unless exclude_paths is defined in config - - cache_plugins - - callback_plugins - - files - - filter_plugins - - handlers - - library - - scripts - # Ignore playbooks with strange error happening in - - playbooks/groups/copr-db.yml - # Some playbooks contains hardcoded paths, so exclude them from check - - playbooks/list-vms-per-host.yml - - playbooks/set_root_auth_keys.yml - - playbooks/update-proxy-dns.yml - - playbooks/update_ticketkey.yml - - playbooks/vhost_reboot.yml - - playbooks/vhost_update_reboot.yml -# parseable: true -# quiet: true -# verbosity: 1 - -# Mock modules or roles in order to pass ansible-playbook --syntax-check -mock_modules: - - include_playbook -# - zuul_return -# # note the foo.bar is invalid as being neither a module or a collection -# - fake_namespace.fake_collection.fake_module -# - fake_namespace.fake_collection.fake_module.fake_submodule -mock_roles: - - linux-system-roles.network - -use_default_rules: true -# Load custom rules from this specific folder -# rulesdir: -# - ./rule/directory/ - -# Offline mode disables installation of requirements.yml -offline: true - -# Define required Ansible's variables to satisfy syntax check -extra_vars: - target: localhost - vhost: localhost -# multiline_string_variable: | -# line1 -# line2 -# complex_variable: ":{;\t$()" - -# List of additional kind:pattern to be added at the top of the default -# match list, first match determines the file kind. -kinds: - # - playbook: "**/examples/*.{yml,yaml}" - # - galaxy: "**/folder/galaxy.yml" - - tasks: "**/tasks/*.yml" - - vars: "**/vars/*.yml" - # - meta: "**/meta/main.yml" - - yaml: "**/*.yaml-too" - -skip_list: - - yaml - - role-name[path] - - var-naming[no-role-prefix] diff --git a/.gitignore b/.gitignore index 3a14f17b97..b94898552f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,2 @@ *.swp *.pyc - -# emacs projectile -.projectile diff --git a/.mailmap b/.mailmap deleted file mode 100644 index af8eb2f941..0000000000 --- a/.mailmap +++ /dev/null @@ -1,5 +0,0 @@ -Rick Elrod -Rick Elrod Ricky Elrod -Rick Elrod Ricky Elrod - -# ... others go here ... diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml deleted file mode 100644 index 4e63c40921..0000000000 --- a/.pre-commit-config.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# See https://pre-commit.com for more information -# See https://pre-commit.com/hooks.html for more hooks -repos: - -# - repo: https://github.com/pre-commit/pre-commit-hooks -# rev: v3.2.0 -# hooks: -# - id: trailing-whitespace -# - id: end-of-file-fixer -# - id: check-yaml -# - id: check-added-large-files - -- repo: https://github.com/adrienverge/yamllint - rev: v1.35.1 - hooks: - - id: yamllint - -# - repo: https://github.com/ansible/ansible-lint -# rev: v24.12.1 -# hooks: -# - id: ansible-lint diff --git a/.yamllint.yaml b/.yamllint.yaml deleted file mode 100644 index b5251e97f3..0000000000 --- a/.yamllint.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -extends: default - -rules: - comments: - min-spaces-from-content: 1 - level: error - comments-indentation: false - braces: - max-spaces-inside: 1 - document-start: - level: error - octal-values: - forbid-implicit-octal: true - forbid-explicit-octal: true - indentation: - spaces: 2 - indent-sequences: whatever - level: warning - line-length: disable - # line-length: - # max: 100 - # level: warning - truthy: - allowed-values: ['true', 'false', 'yes', 'no'] -... diff --git a/.zuul.yaml b/.zuul.yaml deleted file mode 100644 index 7a02e6f580..0000000000 --- a/.zuul.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- project: - check: - jobs: - - fi-ansible-lint-diff - - fi-yamllint-diff diff --git a/CONVENTIONS b/CONVENTIONS index 67eea24aac..f6b37fefe7 100644 --- a/CONVENTIONS +++ b/CONVENTIONS @@ -23,7 +23,7 @@ specific function. Examples: host update, vhost update, vhost reboot. The playbooks/groups/ directory should contain one playbook per group. This should be used in the case of multiple machines/instances in a group. MUST include a hosts entry that describes the hosts in the group. -Examples: packages, proxy, virthost, etc. +Examples: packages, proxy, unbound, virthost, etc. Try and be descriptive with the name here. The playbooks/hosts/ directory should contain one playbook per 'host' diff --git a/README b/README deleted file mode 120000 index 42061c01a1..0000000000 --- a/README +++ /dev/null @@ -1 +0,0 @@ -README.md \ No newline at end of file diff --git a/README b/README new file mode 100644 index 0000000000..18e9647f4f --- /dev/null +++ b/README @@ -0,0 +1,70 @@ +== ansible repository/structure == + +files - files and templates for use in playbooks/tasks + - subdirs for specific tasks/dirs highly recommended + +inventory - where the inventory and additional vars is stored + - All files in this directory in ini format + - added together for total inventory + group_vars: + - per group variables set here in a file per group + host_vars: + - per host variables set here in a file per host + +library - library of custom local ansible modules + +playbooks - collections of plays we want to run on systems + + groups: groups of hosts configured from one playbook. + + hosts: playbooks for single hosts. + + manual: playbooks that are only run manually by an admin as needed. + +tasks - snippets of tasks that should be included in plays + +roles - specific roles to be use in playbooks. + Each role has it's own files/templates/vars + +filter_plugins - Jinja filters + +master.yml - This is the master playbook, consisting of all + current group and host playbooks. Note that the + daily cron doesn't run this, it runs even over + playbooks that are not yet included in master. + This playbook is usefull for making changes over + multiple groups/hosts usually with -t (tag). + +== Paths == + +public path for everything is: + + /srv/web/infra/ansible + +private path - which is sysadmin-main accessible only is: + + /srv/private/ansible + +In general to run any ansible playbook you will want to run: + +sudo -i ansible-playbook /path/to/playbook.yml + +== Scheduled check-diff == + +Every night a cron job runs over all playbooks under playbooks/{groups}{hosts} +with the ansible --check --diff options. A report from this is sent to +sysadmin-logs. In the ideal state this report would be empty. + +== Idempotency == + +All playbooks should be idempotent. Ie, if run once they should bring the +machine(s) to the desired state, and if run again N times after that they should +make 0 changes (because the machine(s) are in the desired state). +Please make sure your playbooks are idempotent. + +== Can be run anytime == + +When a playbook or change is checked into ansible you should assume +that it could be run at ANY TIME. Always make sure the checked in state +is the desired state. Always test changes when they land so they don't +surprise you later. diff --git a/README.cloud b/README.cloud new file mode 100644 index 0000000000..5bff2e419b --- /dev/null +++ b/README.cloud @@ -0,0 +1,187 @@ +== Cloud information == + +The dashboard for the production cloud instance is: +https://fedorainfracloud.org/dashboard/ + +You can download credentials via the dashboard (under security and access) + +=== Transient instances === + +Transient instances are short term use instances for Fedora +contributors. They can be terminated at any time and shouldn't be +relied on for any production use. If you have an application +or longer term item that should always be around +please create a persistent playbook instead. (see below) + +to startup a new transient cloud instance and configure for basic +server use run (as root): + +sudo -i ansible-playbook /srv/web/infra/ansible/playbooks/transient_cloud_instance.yml -e 'name=somename' + +The -i is important - ansible's tools need access to root's sshagent as well +as the cloud credentials to run the above playbooks successfully. + +This will setup a new instance, provision it and email sysadmin-main that +the instance was created and it's ip address. + +You will then be able to login, as root if you are in the sysadmin-main group. +(If you are making the instance for another user, see below) + +You MUST pass a name to it, ie: -e 'name=somethingdescriptive' +You can optionally override defaults by passing any of the following: +image=imagename (default is centos70_x86_64) +instance_type=some instance type (default is m1.small) +root_auth_users='user1 user2 user3 @group1' (default always includes sysadmin-main group) + +Note: if you run this playbook with the same name= multiple times +openstack is smart enough to just return the current ip of that instance +and go on. This way you can re-run if you want to reconfigure it without +reprovisioning it. + + +Sizes options +------------- + +Name Memory_MB Disk VCPUs +m1.tiny 512 0 1 +m1.small 2048 20 1 +m1.medium 4096 40 2 +m1.large 8192 80 4 +m1.xlarge 16384 160 8 +m1.builder 5120 50 3 + + +=== Persistent cloud instances === + +Persistent cloud instances are ones that we want to always have up and +configured. These are things like dev instances for various applications, +proof of concept servers for evaluating something, etc. They will be +reprovisioned after a reboot/maint window for the cloud. + +Setting up a new persistent cloud host: + +1) Select an available floating IP + + source /srv/private/ansible/files/openstack/novarc + nova floating-ip-list + +Note that an "available floating IP" is one that has only a "-" in the Fixed IP +column of the above `nova` command. Ignore the fact that the "Server Id" column +is completely blank for all instances. If there are no ip's with -, use: + + nova floating-ip-create + +and retry the list. + +2) Add that IP addr to dns (typically as foo.fedorainfracloud.org) + +3) Create persistent storage disk for the instance (if necessary.. you might not + need this). + + nova volume-create --display-name SOME_NAME SIZE_IN_GB + +4) Add to ansible inventory in the persistent-cloud group. + You should use the FQDN for this and not the IP. Names are good. + +5) setup the host_vars file. It should looks something like this:: + + instance_type: m1.medium + image: + keypair: fedora-admin-20130801 + security_group: default # NOTE: security_group MUST contain default. + zone: nova + tcp_ports: [22, 80, 443] + + inventory_tenant: persistent + inventory_instance_name: taiga + hostbase: taiga + public_ip: 209.132.184.50 + root_auth_users: ralph maxamillion + description: taiga frontend server + + volumes: + - volume_id: VOLUME_UUID_GOES_HERE + device: /dev/vdc + + cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + +6) setup the host playbook + +7) run the playbook: + sudo -i ansible-playbook /srv/web/infra/ansible/playbooks/hosts/$YOUR_HOSTNAME_HERE.yml + +You should be able to run that playbook over and over again safely, it will +only setup/create a new instance if the ip is not up/responding. + +=== SECURITY GROUPS === + +FIXME: needs work for new cloud. + +- to edit security groups you must either have your own cloud account or + be a member of sysadmin-main + +This gives you the credential to change things in the persistent tenant +- source /srv/private/ansible/files/openstack/persistent-admin/ec2rc.sh + +This lists all security groups in that tenant: +- euca-describe-groups | grep GROUP + +the output will look like this: +euca-describe-groups | grep GROU +GROUP d4e664a10e2c4210839150be09c46e5e default default +GROUP d4e664a10e2c4210839150be09c46e5e jenkins jenkins instance group +GROUP d4e664a10e2c4210839150be09c46e5e logstash logstash security group +GROUP d4e664a10e2c4210839150be09c46e5e smtpserver list server group. needs web and smtp +GROUP d4e664a10e2c4210839150be09c46e5e webserver webserver security group +GROUP d4e664a10e2c4210839150be09c46e5e wideopen wideopen + + +This lets you list the rules in a specific group: +- euca-describe-group groupname + +the output will look like this: + +euca-describe-group wideopen +GROUP d4e664a10e2c4210839150be09c46e5e wideopen wideopen +PERMISSION d4e664a10e2c4210839150be09c46e5e wideopen ALLOWS tcp 1 65535 FROM CIDR 0.0.0.0/0 +PERMISSION d4e664a10e2c4210839150be09c46e5e wideopen ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0 + + +To create a new group: +euca-create-group -d "group description here" groupname + +To add a rule to a group: +euca-authorize -P tcp -p 22 groupname +euca-authorize -P icmp -t -1:-1 groupname + +To delete a rule from a group: +euca-revoke -P tcp -p 22 groupname + +Notes: +- Be careful removing or adding rules to existing groups b/c you could be +impacting other instances using that security group. + +- You will almost always want to allow 22/tcp (sshd) and icmp -1 -1 (ping +and traceroute and friends). + +=== TERMINATING INSTANCES === + +For transient: +1. source /srv/private/ansible/files/openstack/novarc + +2. export OS_TENANT_NAME=transient + +2. nova list | grep + +3. nova delete + + - OR - + +For persistent: +1. source /srv/private/ansible/files/openstack/novarc + +2. nova list | grep + +3. nova delete diff --git a/README.md b/README.md deleted file mode 100644 index 063a913353..0000000000 --- a/README.md +++ /dev/null @@ -1,143 +0,0 @@ -Fedora Infrastructure -===================== - -Welcome! This is the Fedora Infrastructure Ansible Pagure project. - -Pull requests and forks can be made against this repository hosted -at https://pagure.io/fedora-infra/ansible - -This repository is also mirrored for production runs to -https://infrastructure.fedoraproject.org/infra/ansible/ -but this is the working repository where changes are made. - -If you would like to help out with Fedora Infrastructure, see: - -* https://docs.fedoraproject.org/en-US/infra/gettingstarted/ -* https://docs.fedoraproject.org/en-US/infra/apprentice/ - -Ansible repository/structure ----------------------------- - -``` -files - files and templates for use in playbooks/tasks - - subdirs for specific tasks/dirs highly recommended - -inventory - where the inventory and additional vars is stored - - All files in this directory in ini format - - added together for total inventory - group_vars: - - per group variables set here in a file per group - host_vars: - - per host variables set here in a file per host - -library - library of custom local ansible modules - -playbooks - collections of plays we want to run on systems - - groups: groups of hosts configured from one playbook. - - hosts: playbooks for single hosts. - - manual: playbooks that are only run manually by an admin as needed. - -tasks - snippets of tasks that should be included in plays - -roles - specific roles to be use in playbooks. - Each role has it's own files/templates/vars - -filter_plugins - Jinja filters - -main.yml - This is the main playbook, consisting of all - current group and host playbooks. Note that the - daily cron doesn't run this, it runs even over - playbooks that are not yet included in main. - This playbook is usefull for making changes over - multiple groups/hosts usually with -t (tag). -``` - -Paths ------ - -The public path on batcave01 (our control host) for everything is `/srv/web/infra/ansible` - -The private path on batcave01 (our control host) (which is sysadmin-main accessible only) -is `/srv/private/ansible` - -In general to run any ansible playbook you will want to run: - -``` -sudo -i ansible-playbook /path/to/playbook.yml -``` - -(On batcave01, our control host) - -Scheduled check-diff --------------------- - -Every night a cron job runs over all playbooks under `playbooks/{groups}{hosts}` -with `ansible --check --diff`. A report from this is sent to sysadmin-logs. -In the ideal state this report would be empty. - -Idempotency ------------ - -All playbooks should be idempotent. Ie, if run once they should bring the -machine(s) to the desired state, and if run again N times after that they should -make 0 changes (because the machine(s) are in the desired state). -Please make sure your playbooks are idempotent. - -Can be run anytime ------------------- - -When a playbook or change is checked into ansible you should assume -that it could be run at ***ANY TIME***. Always make sure the checked in state -is the desired state. Always test changes when they land so they don't -surprise you later. - -Contributing and Licensing --------------------------- - -Contributions to this repository are subject to the Fedora Project -Contributor Agreement. If no license is specified, the MIT license is used, otherwise -the contribution is under the specified acceptable Fedora License. -See https://docs.fedoraproject.org/en-US/legal/fpca/ -for more information. - -Contributing Pull Requests --------------------------- - -If found a way to improve this repository or fix an issue found in our -infrastructure tracker (see https://pagure.io/fedora-infrastructure/issues) -open a pull-request. - -You either should have capability to run the playbooks after they have been reviewed, -and merged or find the person responsible and work with them to make sure the changes -will be aplied afterwards. - -We are currently working on a simple to use list of Point Of Contanct people for the applications -here, untill it is done, you can, look at people that recently edited the ansible files, -or if you belong to sysadmin group, view the /etc/ansible_utils/rbac.yaml located on batcave01, -where you can see the groups of people that have capabilities to run the relevant playbooks. - -For example, to upgrade Release Monitoring, you need to run playbook openshift-apps/release-monitoring.yaml. -People in sysadmin-releasemonitoring have that capability, and you cand find the members in https://accounts.fedoraproject.org/group/sysadmin-releasemonitoring/ - -If the application in question is not on the critical path it should be sufficient, -if person responsible for the application reviews the PR. - -If the files in question are on the critical path, that are necessary for functioning packager workflow, -at least two different people should review the PR. - -If there is any risk at all, that the application of the changes would induce downtime, -work closely with other to ensure that the downtime is properly scheduled: - -- there is an issue in https://pagure.io/fedora-infrastructure/issues specifying the downtime -- there is an email sent to the devel-list -- https://status.fedoraproject.org is updated (see https://docs.fedoraproject.org/en-US/infra/sysadmin_guide/status-fedora/) - -Applications on critical path: pagure, mirrormanager, toddlers, bodhi, noggin, mdapi, rpmautospec, -pagure-dist-git, mirror_from_pagure, fedora-messaging, dist-git, PDC/FPDC, FMN, sigul -robosignatory, tag2distrepo, ci-resultsdb-listener, stylo, mirrorlist -resultsdb, Nagios, koschei, wiki / mediawiki, wiki / moin, waiverdb, -greenwave, ODCS, Mailman3 / HK, mailman 2, OSBS, pungi, koji, MBS, -IPA, rabbitmq, geoip,ipsilon diff --git a/STYLEGUIDE b/STYLEGUIDE deleted file mode 100644 index bdbadd27ea..0000000000 --- a/STYLEGUIDE +++ /dev/null @@ -1,20 +0,0 @@ -infrastructure ansible style guide -================================== - -* Use 'yml' instead of 'yaml' - -* do add '.j2' to the end of templates - -* in general let readablity trump grepability, i.e.: - -DONT: -- name: This is some play - module: name=thing arg=thing2 anotherlongerarg=thing arg4=anodheranth - -DO: -- name: This is some play - module: - - name: thing - - arg: thing2 -..etc - diff --git a/TODO b/TODO new file mode 100644 index 0000000000..31f74ea7ec --- /dev/null +++ b/TODO @@ -0,0 +1,17 @@ +- make it easy to run playbooks against cloud instances w/o modifying + inventory or changing host entries in playbooks + +- define standards for: + - playbook naming + - play naming + - hosts or service or groups for talking to sets of systems + - tags: + - config + - service + - initonly + +- figure out how and where we are going to run these from cron + +- merge in tasks/playbooks/inventory/etc from: + - builders + diff --git a/callback_plugins/fedmsg_callback.py b/callback_plugins/fedmsg_callback.py new file mode 100644 index 0000000000..bf00b31808 --- /dev/null +++ b/callback_plugins/fedmsg_callback.py @@ -0,0 +1,98 @@ +# (C) 2012, Michael DeHaan, +# based on the log_plays example +# skvidal@fedoraproject.org +# rbean@redhat.com + +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + +import os +import pwd + +import fedmsg +import fedmsg.config + +try: + from ansible.plugins.callback import CallbackBase +except ImportError: + # Ansible v1 compat + CallbackBase = object + +def getlogin(): + try: + user = os.getlogin() + except OSError, e: + user = pwd.getpwuid(os.geteuid())[0] + return user + + +class CallbackModule(CallbackBase): + """ Publish playbook starts and stops to fedmsg. """ + + playbook_path = None + + def __init__(self): + config = fedmsg.config.load_config() + config.update(dict( + name='relay_inbound', + cert_prefix='shell', + active=True, + )) + # It seems like recursive playbooks call this over and over again and + # fedmsg doesn't like to be initialized more than once. So, here, just + # catch that and ignore it. + try: + fedmsg.init(**config) + except ValueError: + pass + + + def playbook_on_play_start(self, pattern): + # This gets called once for each play.. but we just issue a message once + # for the first one. One per "playbook" + play = getattr(self, 'play', None) + if play: + # figure out where the playbook FILE is + path = os.path.abspath(play.playbook.filename) + + # Bail out early without publishing if we're in --check mode + if play.playbook.check: + return + + if not self.playbook_path: + fedmsg.publish( + modname="ansible", topic="playbook.start", + msg=dict( + playbook=path, + userid=getlogin(), + extra_vars=play.playbook.extra_vars, + inventory=play.playbook.inventory.host_list, + playbook_checksum=play.playbook.check, + check=play.playbook.check, + ), + ) + self.playbook_path = path + + def playbook_on_stats(self, stats): + if not self.playbook_path: + return + + results = dict([(h, stats.summarize(h)) for h in stats.processed]) + fedmsg.publish( + modname="ansible", topic="playbook.complete", + msg=dict( + playbook=self.playbook_path, + userid=getlogin(), + results=results, + ), + ) diff --git a/callback_plugins/fedmsg_callback2.py b/callback_plugins/fedmsg_callback2.py new file mode 100644 index 0000000000..aac0a31445 --- /dev/null +++ b/callback_plugins/fedmsg_callback2.py @@ -0,0 +1,116 @@ +# (C) 2012, Michael DeHaan, +# based on the log_plays example +# skvidal@fedoraproject.org +# rbean@redhat.com + +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + +import os +import pwd + +import fedmsg +import fedmsg.config + +try: + from ansible.plugins.callback import CallbackBase +except ImportError: + # Ansible v1 compat + CallbackBase = object + +try: + from ansible.utils.hashing import secure_hash +except ImportError: + from ansible.utils import md5 as secure_hash + +def getlogin(): + try: + user = os.getlogin() + except OSError, e: + user = pwd.getpwuid(os.geteuid())[0] + return user + + +class CallbackModule(CallbackBase): + """ Publish playbook starts and stops to fedmsg. """ + + CALLBACK_NAME = 'fedmsg_callback2' + CALLBACK_TYPE = 'notification' + CALLBACK_VERSION = 2.0 + CALLBACK_NEEDS_WHITELIST = True + + playbook_path = None + + def __init__(self): + config = fedmsg.config.load_config() + config.update(dict( + name='relay_inbound', + cert_prefix='shell', + active=True, + )) + # It seems like recursive playbooks call this over and over again and + # fedmsg doesn't like to be initialized more than once. So, here, just + # catch that and ignore it. + try: + fedmsg.init(**config) + except ValueError: + pass + self.play = None + self.playbook = None + + super(CallbackModule, self).__init__() + + def set_play_context(self, play_context): + self.play_context = play_context + + def v2_playbook_on_start(self, playbook): + self.playbook = playbook + + def v2_playbook_on_play_start(self, play): + # This gets called once for each play.. but we just issue a message once + # for the first one. One per "playbook" + if self.playbook: + # figure out where the playbook FILE is + path = os.path.abspath(self.playbook._file_name) + + # Bail out early without publishing if we're in --check mode + if self.play_context.check_mode: + return + + if not self.playbook_path: + fedmsg.publish( + modname="ansible", topic="playbook.start", + msg=dict( + playbook=path, + userid=getlogin(), + extra_vars=play._variable_manager.extra_vars, + inventory=play._variable_manager._inventory._sources, + playbook_checksum=secure_hash(path), + check=self.play_context.check_mode, + ), + ) + self.playbook_path = path + + def v2_playbook_on_stats(self, stats): + if not self.playbook_path: + return + + results = dict([(h, stats.summarize(h)) for h in stats.processed]) + fedmsg.publish( + modname="ansible", topic="playbook.complete", + msg=dict( + playbook=self.playbook_path, + userid=getlogin(), + results=results, + ), + ) diff --git a/callback_plugins/fedora_messaging_callback.py b/callback_plugins/fedora_messaging_callback.py deleted file mode 100644 index 3ec8b8b252..0000000000 --- a/callback_plugins/fedora_messaging_callback.py +++ /dev/null @@ -1,137 +0,0 @@ -# (C) 2012, Michael DeHaan, -# based on the log_plays example -# skvidal@fedoraproject.org -# rbean@redhat.com -# karsten@redhat.com changes for fedora-messaging -# abompard@redhat.com changes to adapt to ansible's specific python - -# Ansible is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Ansible is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -import json -import logging -import os -import pwd -import uuid -from subprocess import run, PIPE, STDOUT -from tempfile import NamedTemporaryFile - -try: - from ansible.plugins.callback import CallbackBase -except ImportError: - # Ansible v1 compat - CallbackBase = object - -try: - from ansible.utils.hashing import secure_hash -except ImportError: - from ansible.utils import md5 as secure_hash - -LOGGER = logging.getLogger(__name__) -FEDORA_MESSAGING_CONF = "/etc/fedora-messaging/batcave-messaging.toml" - - -def getlogin(): - try: - user = os.getlogin() - except OSError: - user = pwd.getpwuid(os.geteuid())[0] - return user - - -def send_message(msg): - msg["id"] = str(uuid.uuid4()) - msg["headers"] = { - "fedora_messaging_schema": "base.message", - "fedora_messaging_severity": 20, - } - env = os.environ.copy() - env["FEDORA_MESSAGING_CONF"] = FEDORA_MESSAGING_CONF - with NamedTemporaryFile(mode="w+", buffering=1) as msg_file: - json.dump(msg, msg_file) - msg_file.write("\n") - result = run( - ["fedora-messaging", "publish", msg_file.name], - stdout=PIPE, stderr=STDOUT, text=True, env=env, - ) - if result.returncode > 0: - LOGGER.warning(f"Fedora Messaging plugin failed: {result.stdout}") - print(f"Fedora Messaging plugin failed: {result.stdout}") - - -class CallbackModule(CallbackBase): - """ Publish playbook starts and stops to fedora_messaging. """ - - CALLBACK_NAME = "fedora_messaging_callback" - CALLBACK_TYPE = "notification" - CALLBACK_VERSION = 2.0 - CALLBACK_NEEDS_WHITELIST = True - - playbook_path = None - - def __init__(self): - self.play = None - self.playbook = None - - super(CallbackModule, self).__init__() - - def set_play_context(self, play_context): - self.play_context = play_context - - def v2_playbook_on_start(self, playbook): - self.playbook = playbook - - def v2_playbook_on_play_start(self, play): - # This gets called once for each play.. but we just issue a message once - # for the first one. One per "playbook" - if not self.playbook: - return - # figure out where the playbook FILE is - path = os.path.abspath(self.playbook._file_name) - - # Bail out early without publishing if we're in --check mode - if self.play_context.check_mode: - return - - # Only publish on playbook start - if self.playbook_path: - return - - msg = { - "topic": "ansible.playbook.start", - "body": { - 'playbook': path, - 'userid': getlogin(), - 'extra_vars': play._variable_manager.extra_vars, - 'inventory': play._variable_manager._inventory._sources, - 'playbook_checksum': secure_hash(path), - 'check': self.play_context.check_mode - }, - } - send_message(msg) - self.playbook_path = path - - def v2_playbook_on_stats(self, stats): - if not self.playbook_path: - return - - results = dict([(h, stats.summarize(h)) for h in stats.processed]) - msg = { - "topic": "ansible.playbook.complete", - "body": { - 'playbook': self.playbook_path, - 'userid': getlogin(), - 'results': results - }, - } - send_message(msg) diff --git a/callback_plugins/logdetail.py b/callback_plugins/logdetail.py index 21aa97caae..289e7ed75f 100644 --- a/callback_plugins/logdetail.py +++ b/callback_plugins/logdetail.py @@ -15,36 +15,13 @@ # You should have received a copy of the GNU General Public License # along with Ansible. If not, see . -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -DOCUMENTATION = r''' -callback: logdetail -callback_type: notification -short_description: Logs playbook results, per date, playbook and host. -description: Logs playbook results, per date, playbook and host, in I(log_path). -options: - log_path: - description: The path where log files will be created. - default: /var/log/ansible - ini: - - section: callback_logdetail - key: log_path - env: - - name: ANSIBLE_LOGDETAIL_PATH -''' +from __future__ import absolute_import import os import time import json import pwd -import gzip - -try: - from ansible.utils.hashing import secure_hash -except ImportError: - from ansible.utils import md5 as secure_hash +from ansible import utils try: from ansible.plugins.callback import CallbackBase @@ -52,31 +29,31 @@ except ImportError: # Ansible v1 compat CallbackBase = object -TIME_FORMAT = "%b %d %Y %H:%M:%S" +TIME_FORMAT="%b %d %Y %H:%M:%S" -MSG_FORMAT = "%(now)s\t%(count)s\t%(category)s\t%(name)s\t%(data)s\n" +MSG_FORMAT="%(now)s\t%(count)s\t%(category)s\t%(name)s\t%(data)s\n" +LOG_PATH = '/var/log/ansible' def getlogin(): try: user = os.getlogin() - except OSError: + except OSError, e: user = pwd.getpwuid(os.geteuid())[0] return user - class LogMech(object): - def __init__(self, logpath): + def __init__(self): self.started = time.time() self.pid = str(os.getpid()) self._pb_fn = None self._last_task_start = None self.play_info = {} - self.logpath = logpath + self.logpath = LOG_PATH if not os.path.exists(self.logpath): try: - os.makedirs(self.logpath, mode=0o750) - except OSError as e: + os.makedirs(self.logpath, mode=0750) + except OSError, e: if e.errno != 17: raise @@ -97,13 +74,13 @@ class LogMech(object): def logpath_play(self): # this is all to get our path to look nice ish tstamp = time.strftime('%Y/%m/%d/%H.%M.%S', time.localtime(self.started)) - path = os.path.normpath(self.logpath + '/' + self.playbook_id + '/' + tstamp + '/') + path = os.path.normpath(self.logpath + '/' + self.playbook_id + '/' + tstamp + '/') if not os.path.exists(path): try: os.makedirs(path) - except OSError as e: - if e.errno != 17: # if it is not dir exists then raise it up + except OSError, e: + if e.errno != 17: # if it is not dir exists then raise it up raise return path @@ -119,8 +96,8 @@ class LogMech(object): def task_to_json(self, task): res = {} res['task_name'] = task.name - res['task_module'] = task.action - res['task_args'] = task.args + res['task_module'] = task.module_name + res['task_args'] = task.module_args if self.playbook_id == 'ansible-cmd': res['task_userid'] = getlogin() for k in ("delegate_to", "environment", "with_first_found", @@ -138,21 +115,22 @@ class LogMech(object): host = 'HOSTMISSING' if type(data) == dict: - name = data.get('module_name', None) + name = data.get('module_name',None) else: name = "unknown" + # we're in setup - move the invocation info up one level if 'invocation' in data: invoc = data['invocation'] if not name and 'module_name' in invoc: name = invoc['module_name'] - # don't add this since it can often contain complete passwords :( + #don't add this since it can often contain complete passwords :( del(data['invocation']) if task: - name = task._name + name = task.name data['task_start'] = self._last_task_start data['task_end'] = time.time() data.update(self.task_to_json(task)) @@ -165,7 +143,7 @@ class LogMech(object): if self.play_info.get('check', False) and self.play_info.get('diff', False): category = 'CHECK_DIFF:' + category - elif self.play_info.get('check', False): + elif self.play_info.get('check', False): category = 'CHECK:' + category # Sometimes this is None.. othertimes it's fine. Othertimes it has @@ -174,12 +152,14 @@ class LogMech(object): name = name.strip() sanitize_host = host.replace(' ', '_').replace('>', '-') - fd = gzip.open(self.logpath_play + '/' + sanitize_host + '.log.gz', 'at') + fd = open(self.logpath_play + '/' + sanitize_host + '.log', 'a') now = time.strftime(TIME_FORMAT, time.localtime()) fd.write(MSG_FORMAT % dict(now=now, name=name, count=count, category=category, data=json.dumps(data))) fd.close() +logmech = LogMech() + class CallbackModule(CallbackBase): """ logs playbook results, per host, in /var/log/ansible/hosts @@ -192,72 +172,101 @@ class CallbackModule(CallbackBase): def __init__(self): self._task_count = 0 self._play_count = 0 - self.task = None - self.playbook = None - super(CallbackModule, self).__init__() - self.set_options() - self.logmech = LogMech(self.get_option('log_path')) + def on_any(self, *args, **kwargs): + pass - def set_play_context(self, play_context): - self.play_context = play_context - def v2_runner_on_failed(self, result, ignore_errors=False): + def runner_on_failed(self, host, res, ignore_errors=False): category = 'FAILED' - self.logmech.log(result._host.get_name(), category, result._result, self.task, self._task_count) + task = getattr(self,'task', None) + logmech.log(host, category, res, task, self._task_count) - def v2_runner_on_ok(self, result): + + def runner_on_ok(self, host, res): category = 'OK' - self.logmech.log(result._host.get_name(), category, result._result, self.task, self._task_count) + task = getattr(self,'task', None) + logmech.log(host, category, res, task, self._task_count) - def v2_runner_on_skipped(self, result): + + def runner_on_error(self, host, res): + category = 'ERROR' + task = getattr(self,'task', None) + logmech.log(host, category, res, task, self._task_count) + + def runner_on_skipped(self, host, item=None): category = 'SKIPPED' + task = getattr(self,'task', None) res = {} - res['item'] = self._get_item_label(getattr(result._result, 'results', {})) - self.logmech.log(result._host.get_name(), category, res, self.task, self._task_count) + res['item'] = item + logmech.log(host, category, res, task, self._task_count) - def v2_runner_on_unreachable(self, result): + def runner_on_unreachable(self, host, output): category = 'UNREACHABLE' + task = getattr(self,'task', None) res = {} - res['output'] = result._result - self.logmech.log(result._host.get_name(), category, res, self.task, self._task_count) + res['output'] = output + logmech.log(host, category, res, task, self._task_count) - def v2_runner_on_async_failed(self, result): + def runner_on_no_hosts(self): + pass + + def runner_on_async_poll(self, host, res, jid, clock): + pass + + def runner_on_async_ok(self, host, res, jid): + pass + + def runner_on_async_failed(self, host, res, jid): category = 'ASYNC_FAILED' - self.logmech.log(result._host.get_name(), category, result._result, self.task, self._task_count) + task = getattr(self,'task', None) + logmech.log(host, category, res, task, self._task_count) - def v2_playbook_on_start(self, playbook): - self.playbook = playbook + def playbook_on_start(self): + pass - def v2_playbook_on_task_start(self, task, is_conditional): - self.task = task - if self.task: - self.task._name = task.get_name().strip() - self.logmech._last_task_start = time.time() + def playbook_on_notify(self, host, handler): + pass + + def playbook_on_no_hosts_matched(self): + pass + + def playbook_on_no_hosts_remaining(self): + pass + + def playbook_on_task_start(self, name, is_conditional): + logmech._last_task_start = time.time() self._task_count += 1 - def v2_playbook_on_setup(self): - self._task_count += 1 + def playbook_on_vars_prompt(self, varname, private=True, prompt=None, encrypt=None, confirm=False, salt_size=None, salt=None, default=None): + pass - def v2_playbook_on_import_for_host(self, result, imported_file): + def playbook_on_setup(self): + self._task_count += 1 + pass + + def playbook_on_import_for_host(self, host, imported_file): + task = getattr(self,'task', None) res = {} res['imported_file'] = imported_file - self.logmech.log(result._host.get_name(), 'IMPORTED', res, self.task) + logmech.log(host, 'IMPORTED', res, task) - def v2_playbook_on_not_import_for_host(self, result, missing_file): + def playbook_on_not_import_for_host(self, host, missing_file): + task = getattr(self,'task', None) res = {} res['missing_file'] = missing_file - self.logmech.log(result._host.get_name(), 'NOTIMPORTED', res, self.task) + logmech.log(host, 'NOTIMPORTED', res, task) - def v2_playbook_on_play_start(self, play): + def playbook_on_play_start(self, pattern): self._task_count = 0 + play = getattr(self, 'play', None) if play: # figure out where the playbook FILE is - path = os.path.abspath(self.playbook._file_name) + path = os.path.abspath(play.playbook.filename) # tel the logger what the playbook is - self.logmech.playbook_id = path + logmech.playbook_id = path # if play count == 0 # write out playbook info now @@ -266,35 +275,33 @@ class CallbackModule(CallbackBase): pb_info['playbook_start'] = time.time() pb_info['playbook'] = path pb_info['userid'] = getlogin() - pb_info['extra_vars'] = play._variable_manager.extra_vars - pb_info['inventory'] = play._variable_manager._inventory._sources - pb_info['playbook_checksum'] = secure_hash(path) - if hasattr(self, "play_context"): - pb_info['check'] = self.play_context.check_mode - pb_info['diff'] = self.play_context.diff - self.logmech.play_log(json.dumps(pb_info, indent=4)) + pb_info['extra_vars'] = play.playbook.extra_vars + pb_info['inventory'] = play.playbook.inventory.host_list + pb_info['playbook_checksum'] = utils.md5(path) + pb_info['check'] = play.playbook.check + pb_info['diff'] = play.playbook.diff + logmech.play_log(json.dumps(pb_info, indent=4)) self._play_count += 1 # then write per-play info that doesn't duplcate the playbook info info = {} info['play'] = play.name info['hosts'] = play.hosts + info['transport'] = play.transport info['number'] = self._play_count - if hasattr(self, "play_context"): - info['transport'] = str(self.play_context.connection) - info['check'] = self.play_context.check_mode - info['diff'] = self.play_context.diff - self.logmech.play_info = info - try: - self.logmech.play_log(json.dumps(info, indent=4)) - except TypeError: - print(("Failed to conver to JSON:", info)) + info['check'] = play.playbook.check + info['diff'] = play.playbook.diff + logmech.play_info = info + logmech.play_log(json.dumps(info, indent=4)) - def v2_playbook_on_stats(self, stats): + + def playbook_on_stats(self, stats): results = {} - for host in list(stats.processed.keys()): + for host in stats.processed.keys(): results[host] = stats.summarize(host) - self.logmech.log(host, 'STATS', results[host]) - self.logmech.play_log(json.dumps({'stats': results}, indent=4)) - self.logmech.play_log(json.dumps({'playbook_end': time.time()}, indent=4)) - print(('logs written to: %s' % self.logmech.logpath_play)) + logmech.log(host, 'STATS', results[host]) + logmech.play_log(json.dumps({'stats': results}, indent=4)) + logmech.play_log(json.dumps({'playbook_end': time.time()}, indent=4)) + print 'logs written to: %s' % logmech.logpath_play + + diff --git a/callback_plugins/logdetail2.py b/callback_plugins/logdetail2.py new file mode 100644 index 0000000000..fb2f19427a --- /dev/null +++ b/callback_plugins/logdetail2.py @@ -0,0 +1,278 @@ +# (C) 2012, Michael DeHaan, +# based on the log_plays example +# skvidal@fedoraproject.org + +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + +from __future__ import absolute_import + +import os +import time +import json +import pwd + +try: + from ansible.utils.hashing import secure_hash +except ImportError: + from ansible.utils import md5 as secure_hash + +try: + from ansible.plugins.callback import CallbackBase +except ImportError: + # Ansible v1 compat + CallbackBase = object + +TIME_FORMAT="%b %d %Y %H:%M:%S" + +MSG_FORMAT="%(now)s\t%(count)s\t%(category)s\t%(name)s\t%(data)s\n" + +LOG_PATH = '/var/log/ansible' + +def getlogin(): + try: + user = os.getlogin() + except OSError, e: + user = pwd.getpwuid(os.geteuid())[0] + return user + +class LogMech(object): + def __init__(self): + self.started = time.time() + self.pid = str(os.getpid()) + self._pb_fn = None + self._last_task_start = None + self.play_info = {} + self.logpath = LOG_PATH + if not os.path.exists(self.logpath): + try: + os.makedirs(self.logpath, mode=0750) + except OSError, e: + if e.errno != 17: + raise + + # checksum of full playbook? + + @property + def playbook_id(self): + if self._pb_fn: + return os.path.basename(self._pb_fn).replace('.yml', '').replace('.yaml', '') + else: + return "ansible-cmd" + + @playbook_id.setter + def playbook_id(self, value): + self._pb_fn = value + + @property + def logpath_play(self): + # this is all to get our path to look nice ish + tstamp = time.strftime('%Y/%m/%d/%H.%M.%S', time.localtime(self.started)) + path = os.path.normpath(self.logpath + '/' + self.playbook_id + '/' + tstamp + '/') + + if not os.path.exists(path): + try: + os.makedirs(path) + except OSError, e: + if e.errno != 17: # if it is not dir exists then raise it up + raise + + return path + + def play_log(self, content): + # record out playbook.log + # include path to playbook, checksums, user running playbook + # any args we can get back from the invocation + fd = open(self.logpath_play + '/' + 'playbook-' + self.pid + '.info', 'a') + fd.write('%s\n' % content) + fd.close() + + def task_to_json(self, task): + res = {} + res['task_name'] = task.name + res['task_module'] = task.action + res['task_args'] = task.args + if self.playbook_id == 'ansible-cmd': + res['task_userid'] = getlogin() + for k in ("delegate_to", "environment", "with_first_found", + "local_action", "notified_by", "notify", + "register", "sudo", "sudo_user", "tags", + "transport", "when"): + v = getattr(task, k, None) + if v: + res['task_' + k] = v + + return res + + def log(self, host, category, data, task=None, count=0): + if not host: + host = 'HOSTMISSING' + + if type(data) == dict: + name = data.get('module_name',None) + else: + name = "unknown" + + + # we're in setup - move the invocation info up one level + if 'invocation' in data: + invoc = data['invocation'] + if not name and 'module_name' in invoc: + name = invoc['module_name'] + + #don't add this since it can often contain complete passwords :( + del(data['invocation']) + + if task: + name = task.name + data['task_start'] = self._last_task_start + data['task_end'] = time.time() + data.update(self.task_to_json(task)) + + if 'task_userid' not in data: + data['task_userid'] = getlogin() + + if category == 'OK' and data.get('changed', False): + category = 'CHANGED' + + if self.play_info.get('check', False) and self.play_info.get('diff', False): + category = 'CHECK_DIFF:' + category + elif self.play_info.get('check', False): + category = 'CHECK:' + category + + # Sometimes this is None.. othertimes it's fine. Othertimes it has + # trailing whitespace that kills logview. Strip that, when possible. + if name: + name = name.strip() + + sanitize_host = host.replace(' ', '_').replace('>', '-') + fd = open(self.logpath_play + '/' + sanitize_host + '.log', 'a') + now = time.strftime(TIME_FORMAT, time.localtime()) + fd.write(MSG_FORMAT % dict(now=now, name=name, count=count, category=category, data=json.dumps(data))) + fd.close() + + +logmech = LogMech() + +class CallbackModule(CallbackBase): + """ + logs playbook results, per host, in /var/log/ansible/hosts + """ + CALLBACK_NAME = 'logdetail2' + CALLBACK_TYPE = 'notification' + CALLBACK_VERSION = 2.0 + CALLBACK_NEEDS_WHITELIST = True + + def __init__(self): + self._task_count = 0 + self._play_count = 0 + self.task = None + self.playbook = None + + super(CallbackModule, self).__init__() + + def set_play_context(self, play_context): + self.play_context = play_context + + def v2_runner_on_failed(self, result, ignore_errors=False): + category = 'FAILED' + logmech.log(result._host.get_name(), category, result._result, self.task, self._task_count) + + def v2_runner_on_ok(self, result): + category = 'OK' + logmech.log(result._host.get_name(), category, result._result, self.task, self._task_count) + + def v2_runner_on_skipped(self, result): + category = 'SKIPPED' + res = {} + res['item'] = self._get_item(getattr(result._result, 'results', {})) + logmech.log(result._host.get_name(), category, res, self.task, self._task_count) + + def v2_runner_on_unreachable(self, result): + category = 'UNREACHABLE' + res = {} + res['output'] = result._result + logmech.log(result._host.get_name(), category, res, self.task, self._task_count) + + def v2_runner_on_async_failed(self, result): + category = 'ASYNC_FAILED' + logmech.log(result._host.get_name(), category, result._result, self.task, self._task_count) + + def v2_playbook_on_start(self, playbook): + self.playbook = playbook + + def v2_playbook_on_task_start(self, task, is_conditional): + self.task = task + logmech._last_task_start = time.time() + self._task_count += 1 + + def v2_playbook_on_setup(self): + self._task_count += 1 + + def v2_playbook_on_import_for_host(self, result, imported_file): + res = {} + res['imported_file'] = imported_file + logmech.log(result._host.get_name(), 'IMPORTED', res, self.task) + + def v2_playbook_on_not_import_for_host(self, result, missing_file): + res = {} + res['missing_file'] = missing_file + logmech.log(result._host.get_name(), 'NOTIMPORTED', res, self.task) + + def v2_playbook_on_play_start(self, play): + self._task_count = 0 + + if play: + # figure out where the playbook FILE is + path = os.path.abspath(self.playbook._file_name) + + # tel the logger what the playbook is + logmech.playbook_id = path + + # if play count == 0 + # write out playbook info now + if not self._play_count: + pb_info = {} + pb_info['playbook_start'] = time.time() + pb_info['playbook'] = path + pb_info['userid'] = getlogin() + pb_info['extra_vars'] = play._variable_manager.extra_vars + pb_info['inventory'] = play._variable_manager._inventory._sources + pb_info['playbook_checksum'] = secure_hash(path) + pb_info['check'] = self.play_context.check_mode + pb_info['diff'] = self.play_context.diff + logmech.play_log(json.dumps(pb_info, indent=4)) + + self._play_count += 1 + # then write per-play info that doesn't duplcate the playbook info + info = {} + info['play'] = play.name + info['hosts'] = play.hosts + info['transport'] = self.play_context.connection + info['number'] = self._play_count + info['check'] = self.play_context.check_mode + info['diff'] = self.play_context.diff + logmech.play_info = info + logmech.play_log(json.dumps(info, indent=4)) + + + def v2_playbook_on_stats(self, stats): + results = {} + for host in stats.processed.keys(): + results[host] = stats.summarize(host) + logmech.log(host, 'STATS', results[host]) + logmech.play_log(json.dumps({'stats': results}, indent=4)) + logmech.play_log(json.dumps({'playbook_end': time.time()}, indent=4)) + print('logs written to: %s' % logmech.logpath_play) + + diff --git a/files/2fa/pam_url.conf.cloud b/files/2fa/pam_url.conf.cloud new file mode 100644 index 0000000000..9ce7690b81 --- /dev/null +++ b/files/2fa/pam_url.conf.cloud @@ -0,0 +1,21 @@ +pam_url: +{ + settings: + { + url = "https://fas-all.phx2.fedoraproject.org:8443/"; # URI to fetch + returncode = "OK"; # The remote script/cgi should return a 200 http code and this string as its only results + userfield = "user"; # userfield name to send + passwdfield = "token"; # passwdfield name to send + extradata = "&do=login"; # extradata to send + prompt = "Password+Token: "; # password prompt + }; + + ssl: + { + verify_peer = true; # Should we verify SSL ? + verify_host = true; # Should we verify the CN in the SSL cert? + client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate + client_key = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert) + ca_cert = "/etc/pki/tls/private/totpcgi-ca.cert"; + }; +}; diff --git a/files/2fa/pam_url.conf.fakefas01.fedoraproject.org b/files/2fa/pam_url.conf.fakefas01.fedoraproject.org new file mode 100644 index 0000000000..9ce7690b81 --- /dev/null +++ b/files/2fa/pam_url.conf.fakefas01.fedoraproject.org @@ -0,0 +1,21 @@ +pam_url: +{ + settings: + { + url = "https://fas-all.phx2.fedoraproject.org:8443/"; # URI to fetch + returncode = "OK"; # The remote script/cgi should return a 200 http code and this string as its only results + userfield = "user"; # userfield name to send + passwdfield = "token"; # passwdfield name to send + extradata = "&do=login"; # extradata to send + prompt = "Password+Token: "; # password prompt + }; + + ssl: + { + verify_peer = true; # Should we verify SSL ? + verify_host = true; # Should we verify the CN in the SSL cert? + client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate + client_key = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert) + ca_cert = "/etc/pki/tls/private/totpcgi-ca.cert"; + }; +}; diff --git a/files/2fa/pam_url.conf.fed-cloud09.cloud.fedoraproject.org b/files/2fa/pam_url.conf.fed-cloud09.cloud.fedoraproject.org new file mode 100644 index 0000000000..9ce7690b81 --- /dev/null +++ b/files/2fa/pam_url.conf.fed-cloud09.cloud.fedoraproject.org @@ -0,0 +1,21 @@ +pam_url: +{ + settings: + { + url = "https://fas-all.phx2.fedoraproject.org:8443/"; # URI to fetch + returncode = "OK"; # The remote script/cgi should return a 200 http code and this string as its only results + userfield = "user"; # userfield name to send + passwdfield = "token"; # passwdfield name to send + extradata = "&do=login"; # extradata to send + prompt = "Password+Token: "; # password prompt + }; + + ssl: + { + verify_peer = true; # Should we verify SSL ? + verify_host = true; # Should we verify the CN in the SSL cert? + client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate + client_key = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert) + ca_cert = "/etc/pki/tls/private/totpcgi-ca.cert"; + }; +}; diff --git a/files/2fa/pam_url.conf.j2 b/files/2fa/pam_url.conf.j2 new file mode 100644 index 0000000000..6dcf99cbad --- /dev/null +++ b/files/2fa/pam_url.conf.j2 @@ -0,0 +1,27 @@ +pam_url: +{ + settings: + { + {% if env == 'staging' %} + url = "https://fas-all.stg.phx2.fedoraproject.org:8443/"; # URI to fetch + {% elif datacenter == 'phx2' %} + url = "https://fas-all.phx2.fedoraproject.org:8443/"; # URI to fetch + {% else %} + url = "https://fas-all.vpn.fedoraproject.org:8443/"; # URI to fetch + {% endif %} + returncode = "OK"; # The remote script/cgi should return a 200 http code and this string as its only results + userfield = "user"; # userfield name to send + passwdfield = "token"; # passwdfield name to send + extradata = "&do=login"; # extradata to send + prompt = "Password+Token: "; # password prompt + }; + + ssl: + { + verify_peer = true; # Should we verify SSL ? + verify_host = true; # Should we verify the CN in the SSL cert? + client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate + client_key = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert) + ca_cert = "/etc/pki/tls/private/totpcgi-ca.cert"; + }; +}; diff --git a/files/2fa/pam_url.conf.stg.fedoraproject.org b/files/2fa/pam_url.conf.stg.fedoraproject.org new file mode 100644 index 0000000000..508c5d9cf7 --- /dev/null +++ b/files/2fa/pam_url.conf.stg.fedoraproject.org @@ -0,0 +1,21 @@ +pam_url: +{ + settings: + { + url = "https://fas-all.stg.phx2.fedoraproject.org:8443/"; # URI to fetch + returncode = "OK"; # The remote script/cgi should return a 200 http code and this string as its only results + userfield = "user"; # userfield name to send + passwdfield = "token"; # passwdfield name to send + extradata = "&do=login"; # extradata to send + prompt = "Password+Token: "; # password prompt + }; + + ssl: + { + verify_peer = true; # Should we verify SSL ? + verify_host = true; # Should we verify the CN in the SSL cert? + client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate + client_key = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert) + ca_cert = "/etc/pki/tls/private/totpcgi-ca.cert"; + }; +}; diff --git a/files/2fa/pam_url.conf.taskotron-stg01.qa.fedoraproject.org b/files/2fa/pam_url.conf.taskotron-stg01.qa.fedoraproject.org new file mode 100644 index 0000000000..6dcf99cbad --- /dev/null +++ b/files/2fa/pam_url.conf.taskotron-stg01.qa.fedoraproject.org @@ -0,0 +1,27 @@ +pam_url: +{ + settings: + { + {% if env == 'staging' %} + url = "https://fas-all.stg.phx2.fedoraproject.org:8443/"; # URI to fetch + {% elif datacenter == 'phx2' %} + url = "https://fas-all.phx2.fedoraproject.org:8443/"; # URI to fetch + {% else %} + url = "https://fas-all.vpn.fedoraproject.org:8443/"; # URI to fetch + {% endif %} + returncode = "OK"; # The remote script/cgi should return a 200 http code and this string as its only results + userfield = "user"; # userfield name to send + passwdfield = "token"; # passwdfield name to send + extradata = "&do=login"; # extradata to send + prompt = "Password+Token: "; # password prompt + }; + + ssl: + { + verify_peer = true; # Should we verify SSL ? + verify_host = true; # Should we verify the CN in the SSL cert? + client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate + client_key = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert) + ca_cert = "/etc/pki/tls/private/totpcgi-ca.cert"; + }; +}; diff --git a/files/2fa/pam_url.conf.vpn.fedoraproject.org b/files/2fa/pam_url.conf.vpn.fedoraproject.org new file mode 100644 index 0000000000..6e102e12f7 --- /dev/null +++ b/files/2fa/pam_url.conf.vpn.fedoraproject.org @@ -0,0 +1,21 @@ +pam_url: +{ + settings: + { + url = "https://fas-all.vpn.fedoraproject.org:8443/"; # URI to fetch + returncode = "OK"; # The remote script/cgi should return a 200 http code and this string as its only results + userfield = "user"; # userfield name to send + passwdfield = "token"; # passwdfield name to send + extradata = "&do=login"; # extradata to send + prompt = "Password+Token: "; # password prompt + }; + + ssl: + { + verify_peer = true; # Should we verify SSL ? + verify_host = true; # Should we verify the CN in the SSL cert? + client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate + client_key = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert) + ca_cert = "/etc/pki/tls/private/totpcgi-ca.cert"; + }; +}; diff --git a/files/2fa/sudo.pam b/files/2fa/sudo.pam new file mode 100644 index 0000000000..9912cdef59 --- /dev/null +++ b/files/2fa/sudo.pam @@ -0,0 +1,9 @@ +#%PAM-1.0 +auth required pam_env.so +auth sufficient pam_url.so config=/etc/pam_url.conf +auth requisite pam_succeed_if.so uid >= 500 quiet +auth required pam_deny.so +account include system-auth +password include system-auth +session optional pam_keyinit.so revoke +session required pam_limits.so diff --git a/files/2fa/sudo.pam.dev.fedoraproject.org b/files/2fa/sudo.pam.dev.fedoraproject.org new file mode 100644 index 0000000000..030bb26463 --- /dev/null +++ b/files/2fa/sudo.pam.dev.fedoraproject.org @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth include system-auth +account include system-auth +password include system-auth +session optional pam_keyinit.so revoke +session required pam_limits.so diff --git a/files/artboard/artboard-backup b/files/artboard/artboard-backup new file mode 100755 index 0000000000..dd5e18952a --- /dev/null +++ b/files/artboard/artboard-backup @@ -0,0 +1,6 @@ +#!/bin/sh +SNAPSHOTTIME=$(date +"%m-%d-%Y") +cd /srv/persist +echo "Snapshot taken $SNAPSHOTTIME.\n" >> /var/www/html/artboard/artboard-backup-summary.log +tar -zcvf "artboard-backup.tar.gz" artboard + diff --git a/files/artboard/artboard.conf b/files/artboard/artboard.conf new file mode 100644 index 0000000000..2728550aba --- /dev/null +++ b/files/artboard/artboard.conf @@ -0,0 +1,16 @@ + + Options Indexes FollowSymLinks + + AllowOverride All + + + # Apache 2.4 + Require all granted + + + # Apache 2.2 + Order deny,allow + Allow from all + + + diff --git a/files/artboard/redirect.conf b/files/artboard/redirect.conf new file mode 100644 index 0000000000..fad4ddfa41 --- /dev/null +++ b/files/artboard/redirect.conf @@ -0,0 +1,2 @@ +RedirectMatch "^/$" /artboard/ + diff --git a/files/aws/iam/policies/fcos-builds-releng.json b/files/aws/iam/policies/fcos-builds-releng.json deleted file mode 100644 index 3ce6d2e77b..0000000000 --- a/files/aws/iam/policies/fcos-builds-releng.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": [ - "s3:PutAnalyticsConfiguration", - "s3:GetObjectVersionTagging", - "s3:CreateBucket", - "s3:ReplicateObject", - "s3:GetObjectAcl", - "s3:GetBucketObjectLockConfiguration", - "s3:DeleteBucketWebsite", - "s3:PutLifecycleConfiguration", - "s3:GetObjectVersionAcl", - "s3:HeadBucket", - "s3:DeleteObject", - "s3:GetBucketPolicyStatus", - "s3:GetObjectRetention", - "s3:GetBucketWebsite", - "s3:ListJobs", - "s3:PutReplicationConfiguration", - "s3:PutObjectLegalHold", - "s3:GetObjectLegalHold", - "s3:GetBucketNotification", - "s3:PutBucketCORS", - "s3:GetReplicationConfiguration", - "s3:ListMultipartUploadParts", - "s3:PutObject", - "s3:GetObject", - "s3:PutBucketNotification", - "s3:DescribeJob", - "s3:PutBucketLogging", - "s3:GetAnalyticsConfiguration", - "s3:PutBucketObjectLockConfiguration", - "s3:GetObjectVersionForReplication", - "s3:CreateJob", - "s3:GetLifecycleConfiguration", - "s3:ListBucketByTags", - "s3:GetInventoryConfiguration", - "s3:GetBucketTagging", - "s3:PutAccelerateConfiguration", - "s3:DeleteObjectVersion", - "s3:GetBucketLogging", - "s3:ListBucketVersions", - "s3:RestoreObject", - "s3:ListBucket", - "s3:GetAccelerateConfiguration", - "s3:GetBucketPolicy", - "s3:PutEncryptionConfiguration", - "s3:GetEncryptionConfiguration", - "s3:GetObjectVersionTorrent", - "s3:AbortMultipartUpload", - "s3:GetBucketRequestPayment", - "s3:UpdateJobPriority", - "s3:GetObjectTagging", - "s3:GetMetricsConfiguration", - "s3:DeleteBucket", - "s3:PutBucketVersioning", - "s3:GetBucketPublicAccessBlock", - "s3:ListBucketMultipartUploads", - "s3:PutMetricsConfiguration", - "s3:UpdateJobStatus", - "s3:GetBucketVersioning", - "s3:GetBucketAcl", - "s3:PutInventoryConfiguration", - "s3:GetObjectTorrent", - "s3:GetAccountPublicAccessBlock", - "s3:PutBucketWebsite", - "s3:ListAllMyBuckets", - "s3:PutBucketRequestPayment", - "s3:PutObjectRetention", - "s3:GetBucketCORS", - "s3:GetBucketLocation", - "s3:ReplicateDelete", - "s3:GetObjectVersion" - ], - "Resource": "*", - "Condition": { - "IpAddress": { - "aws:SourceIp": "209.132.181.102/32" - } - } - } - ] -} diff --git a/files/aws/iam/policies/fcos-poc-artifacts.json b/files/aws/iam/policies/fcos-poc-artifacts.json deleted file mode 100644 index cdce0774c2..0000000000 --- a/files/aws/iam/policies/fcos-poc-artifacts.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": "s3:PutObjectAcl", - "Resource": [ - "arn:aws:s3:::fcos-builds/*", - "arn:aws:s3:::fcos-builds" - ] - }, - { - "Sid": "VisualEditor1", - "Effect": "Allow", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::fcos-builds/*", - "arn:aws:s3:::fcos-builds" - ] - } - ] -} diff --git a/files/aws/iam/policies/fcos-upload-amis.json b/files/aws/iam/policies/fcos-upload-amis.json deleted file mode 100644 index c398e0e47c..0000000000 --- a/files/aws/iam/policies/fcos-upload-amis.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": [ - "ec2:ImportVolume", - "ec2:CreateTags", - "ec2:RegisterImage", - "ec2:DeregisterImage", - "ec2:CancelConversionTask", - "ec2:CreateSnapshot", - "ec2:ImportSnapshot", - "ec2:CancelImportTask", - "ec2:DeleteSnapshot", - "ec2:CopyImage", - "ec2:DescribeImageAttribute", - "ec2:ModifyImageAttribute", - "ec2:DescribeSnapshots", - "ec2:DescribeSnapshotAttribute", - "ec2:DescribeImportSnapshotTasks", - "ec2:DescribeImages", - "ec2:DeleteVolume", - "ec2:ModifySnapshotAttribute", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeVolumes", - "ec2:DescribeRegions", - "ec2:DescribeConversionTasks", - "ec2:DescribeTags" - ], - "Resource": "*" - }, - { - "Sid": "VisualEditor1", - "Effect": "Allow", - "Action": "ec2:CreateTags", - "Resource": [ - "arn:aws:ec2:*::snapshot/*", - "arn:aws:ec2:*::image/*" - ] - } - ] -} diff --git a/files/aws/iam/policies/fedora-centos-ec2.json b/files/aws/iam/policies/fedora-centos-ec2.json deleted file mode 100644 index 1aea024a24..0000000000 --- a/files/aws/iam/policies/fedora-centos-ec2.json +++ /dev/null @@ -1,51 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "AllowDescription", - "Effect": "Allow", - "Action": [ - "ec2:Describe*", - "iam:PassRole", - "iam:ListInstanceProfiles", - "ec2:ImportKeyPair", - "ec2:CreateKeyPair", - "ec2:CreateSecurityGroup" - ], - "Resource": [ - "*" - ] - }, - { - "Sid": "AllowWhenOwnerOrUntagged", - "Effect": "Allow", - "Action": [ - "ec2:*" - ], - "Condition": { - "StringEqualsIfExists": { - "ec2:ResourceTag/FedoraGroup": [ - "centos" - ] - } - }, - "Resource": [ - "arn:aws:ec2:*:*:capacity-reservation/*", - "arn:aws:ec2:*:*:elasticGpu/*", - "arn:aws:ec2:*::fpga-image/*", - "arn:aws:ec2:*::image/*", - "arn:aws:ec2:*:*:instance/*", - "arn:aws:ec2:*:*:key-pair/*", - "arn:aws:ec2:*:*:launch-template/*", - "arn:aws:ec2:*:*:network-interface/*", - "arn:aws:ec2:*:*:placement-group/*", - "arn:aws:ec2:*:*:reserved-instances/*", - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*::snapshot/*", - "arn:aws:ec2:*::spot-instance-request/*", - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:subnet/*" - ] - } - ] -} diff --git a/files/aws/iam/policies/fedora-copr-ec2.json b/files/aws/iam/policies/fedora-copr-ec2.json deleted file mode 100644 index 09db7ce71f..0000000000 --- a/files/aws/iam/policies/fedora-copr-ec2.json +++ /dev/null @@ -1,51 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "AllowDescription", - "Effect": "Allow", - "Action": [ - "ec2:Describe*", - "iam:PassRole", - "iam:ListInstanceProfiles", - "ec2:ImportKeyPair", - "ec2:CreateKeyPair", - "ec2:CreateSecurityGroup" - ], - "Resource": [ - "*" - ] - }, - { - "Sid": "AllowWhenOwnerOrUntagged", - "Effect": "Allow", - "Action": [ - "ec2:*" - ], - "Condition": { - "StringEqualsIfExists": { - "ec2:ResourceTag/FedoraGroup": [ - "copr" - ] - } - }, - "Resource": [ - "arn:aws:ec2:*:*:capacity-reservation/*", - "arn:aws:ec2:*:*:elasticGpu/*", - "arn:aws:ec2:*::fpga-image/*", - "arn:aws:ec2:*::image/*", - "arn:aws:ec2:*:*:instance/*", - "arn:aws:ec2:*:*:key-pair/*", - "arn:aws:ec2:*:*:launch-template/*", - "arn:aws:ec2:*:*:network-interface/*", - "arn:aws:ec2:*:*:placement-group/*", - "arn:aws:ec2:*:*:reserved-instances/*", - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*::snapshot/*", - "arn:aws:ec2:*::spot-instance-request/*", - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:subnet/*" - ] - } - ] -} diff --git a/files/aws/iam/policies/fedora-infra-ec2.json b/files/aws/iam/policies/fedora-infra-ec2.json deleted file mode 100644 index 24d608a686..0000000000 --- a/files/aws/iam/policies/fedora-infra-ec2.json +++ /dev/null @@ -1,45 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": [ - "ec2:Describe*", - "iam:PassRole", - "ec2:ImportKeyPair", - "ec2:CreateKeyPair", - "ec2:CreateSecurityGroup", - "iam:ListInstanceProfiles" - ], - "Resource": "*" - }, - { - "Sid": "VisualEditor1", - "Effect": "Allow", - "Action": "ec2:*", - "Resource": [ - "arn:aws:ec2:*:*:subnet/*", - "arn:aws:ec2:*:*:elasticGpu/*", - "arn:aws:ec2:*:*:reserved-instances/*", - "arn:aws:ec2:*:*:launch-template/*", - "arn:aws:ec2:*::snapshot/*", - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:placement-group/*", - "arn:aws:ec2:*:*:network-interface/*", - "arn:aws:ec2:*:*:capacity-reservation/*", - "arn:aws:ec2:*:*:key-pair/*", - "arn:aws:ec2:*::spot-instance-request/*", - "arn:aws:ec2:*:*:instance/*", - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*::fpga-image/*", - "arn:aws:ec2:*::image/*" - ], - "Condition": { - "StringEqualsIfExists": { - "ec2:ResourceTag/FedoraGroup": "infra" - } - } - } - ] -} diff --git a/files/aws/iam/policies/robosignatory-fcos-devel.json b/files/aws/iam/policies/robosignatory-fcos-devel.json deleted file mode 100644 index 816757a5db..0000000000 --- a/files/aws/iam/policies/robosignatory-fcos-devel.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "WriteToTestBucket", - "Effect": "Allow", - "Action": [ - "s3:GetBucketPublicAccessBlock", - "s3:PutObject", - "s3:GetObjectAcl", - "s3:GetObject", - "s3:GetBucketTagging", - "s3:GetObjectTagging", - "s3:ListBucket", - "s3:GetBucketAcl", - "s3:PutObjectAcl" - ], - "Resource": [ - "arn:aws:s3:::*/*", - "arn:aws:s3:::robosig-dev-fcos-builds" - ] - }, - { - "Sid": "ReadFromProdBucket", - "Effect": "Allow", - "Action": [ - "s3:GetObject", - "s3:ListBucket" - ], - "Resource": [ - "arn:aws:s3:::*/*", - "arn:aws:s3:::fcos-builds" - ] - } - ] -} diff --git a/files/common/RPM-GPG-KEY-EPEL-7 b/files/common/RPM-GPG-KEY-EPEL-7 deleted file mode 100644 index f205ede463..0000000000 --- a/files/common/RPM-GPG-KEY-EPEL-7 +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.11 (GNU/Linux) - -mQINBFKuaIQBEAC1UphXwMqCAarPUH/ZsOFslabeTVO2pDk5YnO96f+rgZB7xArB -OSeQk7B90iqSJ85/c72OAn4OXYvT63gfCeXpJs5M7emXkPsNQWWSju99lW+AqSNm -jYWhmRlLRGl0OO7gIwj776dIXvcMNFlzSPj00N2xAqjMbjlnV2n2abAE5gq6VpqP -vFXVyfrVa/ualogDVmf6h2t4Rdpifq8qTHsHFU3xpCz+T6/dGWKGQ42ZQfTaLnDM -jToAsmY0AyevkIbX6iZVtzGvanYpPcWW4X0RDPcpqfFNZk643xI4lsZ+Y2Er9Yu5 -S/8x0ly+tmmIokaE0wwbdUu740YTZjCesroYWiRg5zuQ2xfKxJoV5E+Eh+tYwGDJ -n6HfWhRgnudRRwvuJ45ztYVtKulKw8QQpd2STWrcQQDJaRWmnMooX/PATTjCBExB -9dkz38Druvk7IkHMtsIqlkAOQMdsX1d3Tov6BE2XDjIG0zFxLduJGbVwc/6rIc95 -T055j36Ez0HrjxdpTGOOHxRqMK5m9flFbaxxtDnS7w77WqzW7HjFrD0VeTx2vnjj -GqchHEQpfDpFOzb8LTFhgYidyRNUflQY35WLOzLNV+pV3eQ3Jg11UFwelSNLqfQf -uFRGc+zcwkNjHh5yPvm9odR1BIfqJ6sKGPGbtPNXo7ERMRypWyRz0zi0twARAQAB -tChGZWRvcmEgRVBFTCAoNykgPGVwZWxAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMB -AgAiBQJSrmiEAhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBqL66iNSxk -5cfGD/4spqpsTjtDM7qpytKLHKruZtvuWiqt5RfvT9ww9GUUFMZ4ZZGX4nUXg49q -ixDLayWR8ddG/s5kyOi3C0uX/6inzaYyRg+Bh70brqKUK14F1BrrPi29eaKfG+Gu -MFtXdBG2a7OtPmw3yuKmq9Epv6B0mP6E5KSdvSRSqJWtGcA6wRS/wDzXJENHp5re -9Ism3CYydpy0GLRA5wo4fPB5uLdUhLEUDvh2KK//fMjja3o0L+SNz8N0aDZyn5Ax -CU9RB3EHcTecFgoy5umRj99BZrebR1NO+4gBrivIfdvD4fJNfNBHXwhSH9ACGCNv -HnXVjHQF9iHWApKkRIeh8Fr2n5dtfJEF7SEX8GbX7FbsWo29kXMrVgNqHNyDnfAB -VoPubgQdtJZJkVZAkaHrMu8AytwT62Q4eNqmJI1aWbZQNI5jWYqc6RKuCK6/F99q -thFT9gJO17+yRuL6Uv2/vgzVR1RGdwVLKwlUjGPAjYflpCQwWMAASxiv9uPyYPHc -ErSrbRG0wjIfAR3vus1OSOx3xZHZpXFfmQTsDP7zVROLzV98R3JwFAxJ4/xqeON4 -vCPFU6OsT3lWQ8w7il5ohY95wmujfr6lk89kEzJdOTzcn7DBbUru33CQMGKZ3Evt -RjsC7FDbL017qxS+ZVA/HGkyfiu4cpgV8VUnbql5eAZ+1Ll6Dw== -=hdPa ------END PGP PUBLIC KEY BLOCK----- diff --git a/files/common/RPM-GPG-KEY-EPEL-8 b/files/common/RPM-GPG-KEY-EPEL-8 deleted file mode 100644 index 30b69a6295..0000000000 --- a/files/common/RPM-GPG-KEY-EPEL-8 +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBFz3zvsBEADJOIIWllGudxnpvJnkxQz2CtoWI7godVnoclrdl83kVjqSQp+2 -dgxuG5mUiADUfYHaRQzxKw8efuQnwxzU9kZ70ngCxtmbQWGmUmfSThiapOz00018 -+eo5MFabd2vdiGo1y+51m2sRDpN8qdCaqXko65cyMuLXrojJHIuvRA/x7iqOrRfy -a8x3OxC4PEgl5pgDnP8pVK0lLYncDEQCN76D9ubhZQWhISF/zJI+e806V71hzfyL -/Mt3mQm/li+lRKU25Usk9dWaf4NH/wZHMIPAkVJ4uD4H/uS49wqWnyiTYGT7hUbi -ecF7crhLCmlRzvJR8mkRP6/4T/F3tNDPWZeDNEDVFUkTFHNU6/h2+O398MNY/fOh -yKaNK3nnE0g6QJ1dOH31lXHARlpFOtWt3VmZU0JnWLeYdvap4Eff9qTWZJhI7Cq0 -Wm8DgLUpXgNlkmquvE7P2W5EAr2E5AqKQoDbfw/GiWdRvHWKeNGMRLnGI3QuoX3U -pAlXD7v13VdZxNydvpeypbf/AfRyrHRKhkUj3cU1pYkM3DNZE77C5JUe6/0nxbt4 -ETUZBTgLgYJGP8c7PbkVnO6I/KgL1jw+7MW6Az8Ox+RXZLyGMVmbW/TMc8haJfKL -MoUo3TVk8nPiUhoOC0/kI7j9ilFrBxBU5dUtF4ITAWc8xnG6jJs/IsvRpQARAQAB -tChGZWRvcmEgRVBFTCAoOCkgPGVwZWxAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMB -AgAiBQJc9877AhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAh6kWrL4bW -oWagD/4xnLWws34GByVDQkjprk0fX7Iyhpm/U7BsIHKspHLL+Y46vAAGY/9vMvdE -0fcr9Ek2Zp7zE1RWmSCzzzUgTG6BFoTG1H4Fho/7Z8BXK/jybowXSZfqXnTOfhSF -alwDdwlSJvfYNV9MbyvbxN8qZRU1z7PEWZrIzFDDToFRk0R71zHpnPTNIJ5/YXTw -NqU9OxII8hMQj4ufF11040AJQZ7br3rzerlyBOB+Jd1zSPVrAPpeMyJppWFHSDAI -WK6x+am13VIInXtqB/Cz4GBHLFK5d2/IYspVw47Solj8jiFEtnAq6+1Aq5WH3iB4 -bE2e6z00DSF93frwOyWN7WmPIoc2QsNRJhgfJC+isGQAwwq8xAbHEBeuyMG8GZjz -xohg0H4bOSEujVLTjH1xbAG4DnhWO/1VXLX+LXELycO8ZQTcjj/4AQKuo4wvMPrv -9A169oETG+VwQlNd74VBPGCvhnzwGXNbTK/KH1+WRH0YSb+41flB3NKhMSU6dGI0 -SGtIxDSHhVVNmx2/6XiT9U/znrZsG5Kw8nIbbFz+9MGUUWgJMsd1Zl9R8gz7V9fp -n7L7y5LhJ8HOCMsY/Z7/7HUs+t/A1MI4g7Q5g5UuSZdgi0zxukiWuCkLeAiAP4y7 -zKK4OjJ644NDcWCHa36znwVmkz3ixL8Q0auR15Oqq2BjR/fyog== -=84m8 ------END PGP PUBLIC KEY BLOCK----- diff --git a/files/common/RPM-GPG-KEY-EPEL-9 b/files/common/RPM-GPG-KEY-EPEL-9 deleted file mode 100644 index 234c12fb6e..0000000000 --- a/files/common/RPM-GPG-KEY-EPEL-9 +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBGE3mOsBEACsU+XwJWDJVkItBaugXhXIIkb9oe+7aadELuVo0kBmc3HXt/Yp -CJW9hHEiGZ6z2jwgPqyJjZhCvcAWvgzKcvqE+9i0NItV1rzfxrBe2BtUtZmVcuE6 -2b+SPfxQ2Hr8llaawRjt8BCFX/ZzM4/1Qk+EzlfTcEcpkMf6wdO7kD6ulBk/tbsW -DHX2lNcxszTf+XP9HXHWJlA2xBfP+Dk4gl4DnO2Y1xR0OSywE/QtvEbN5cY94ieu -n7CBy29AleMhmbnx9pw3NyxcFIAsEZHJoU4ZW9ulAJ/ogttSyAWeacW7eJGW31/Z -39cS+I4KXJgeGRI20RmpqfH0tuT+X5Da59YpjYxkbhSK3HYBVnNPhoJFUc2j5iKy -XLgkapu1xRnEJhw05kr4LCbud0NTvfecqSqa+59kuVc+zWmfTnGTYc0PXZ6Oa3rK -44UOmE6eAT5zd/ToleDO0VesN+EO7CXfRsm7HWGpABF5wNK3vIEF2uRr2VJMvgqS -9eNwhJyOzoca4xFSwCkc6dACGGkV+CqhufdFBhmcAsUotSxe3zmrBjqA0B/nxIvH -DVgOAMnVCe+Lmv8T0mFgqZSJdIUdKjnOLu/GRFhjDKIak4jeMBMTYpVnU+HhMHLq -uDiZkNEvEEGhBQmZuI8J55F/a6UURnxUwT3piyi3Pmr2IFD7ahBxPzOBCQARAQAB -tCdGZWRvcmEgKGVwZWw5KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAk4EEwEI -ADgWIQT/itE0RZcQbs6BO5GKOHK/MihGfAUCYTeY6wIbDwULCQgHAgYVCgkICwIE -FgIDAQIeAQIXgAAKCRCKOHK/MihGfFX/EACBPWv20+ttYu1A5WvtHJPzwbj0U4yF -3zTQpBglQ2UfkRpYdipTlT3Ih6j5h2VmgRPtINCc/ZE28adrWpBoeFIS2YAKOCLC -nZYtHl2nCoLq1U7FSttUGsZ/t8uGCBgnugTfnIYcmlP1jKKA6RJAclK89evDQX5n -R9ZD+Cq3CBMlttvSTCht0qQVlwycedH8iWyYgP/mF0W35BIn7NuuZwWhgR00n/VG -4nbKPOzTWbsP45awcmivdrS74P6mL84WfkghipdmcoyVb1B8ZP4Y/Ke0RXOnLhNe -CfrXXvuW+Pvg2RTfwRDtehGQPAgXbmLmz2ZkV69RGIr54HJv84NDbqZovRTMr7gL -9k3ciCzXCiYQgM8yAyGHV0KEhFSQ1HV7gMnt9UmxbxBE2pGU7vu3CwjYga5DpwU7 -w5wu1TmM5KgZtZvuWOTDnqDLf0cKoIbW8FeeCOn24elcj32bnQDuF9DPey1mqcvT -/yEo/Ushyz6CVYxN8DGgcy2M9JOsnmjDx02h6qgWGWDuKgb9jZrvRedpAQCeemEd -fhEs6ihqVxRFl16HxC4EVijybhAL76SsM2nbtIqW1apBQJQpXWtQwwdvgTVpdEtE -r4ArVJYX5LrswnWEQMOelugUG6S3ZjMfcyOa/O0364iY73vyVgaYK+2XtT2usMux -VL469Kj5m13T6w== -=Mjs/ ------END PGP PUBLIC KEY BLOCK----- diff --git a/files/common/epel10.repo b/files/common/epel10.repo deleted file mode 100644 index 3b1a29be65..0000000000 --- a/files/common/epel10.repo +++ /dev/null @@ -1,13 +0,0 @@ -[epel] -name=Extras Packages for Enterprise Linux $releasever - $basearch -baseurl=https://infrastructure.fedoraproject.org/pub/epel/10/Everything/$basearch/ -enabled=1 -gpgcheck=1 -gpgkey=https://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-10 - -[epel-testing] -name=Extras Packages for Enterprise Linux $releasever - $basearch -baseurl=https://infrastructure.fedoraproject.org/pub/epel/testing/10/Everything/$basearch/ -enabled=0 -gpgcheck=1 -gpgkey=https://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-10 diff --git a/files/common/epel6.repo b/files/common/epel6.repo new file mode 100644 index 0000000000..d195e79ea5 --- /dev/null +++ b/files/common/epel6.repo @@ -0,0 +1,13 @@ +[epel] +name=Extras Packages for Enterprise Linux $releasever - $basearch +baseurl=http://infrastructure.fedoraproject.org/pub/epel/6/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6 + +[epel-testing] +name=Extras Packages for Enterprise Linux $releasever - $basearch +baseurl=http://infrastructure.fedoraproject.org/pub/epel/testing/6/$basearch/ +enabled=0 +gpgcheck=1 +gpgkey=http://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6 diff --git a/files/common/epel7.repo b/files/common/epel7.repo index 1a005aa589..6dc4c9325b 100644 --- a/files/common/epel7.repo +++ b/files/common/epel7.repo @@ -1,20 +1,20 @@ [epel] name=Extras Packages for Enterprise Linux $releasever - $basearch -baseurl=https://infrastructure.fedoraproject.org/pub/epel/7/$basearch/ +baseurl=http://infrastructure.fedoraproject.org/pub/epel/7/$basearch/ enabled=1 gpgcheck=1 -gpgkey=https://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 +gpgkey=http://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 [epel-testing] name=Extras Packages for Enterprise Linux $releasever - $basearch -baseurl=https://infrastructure.fedoraproject.org/pub/epel/testing/7/$basearch/ +baseurl=http://infrastructure.fedoraproject.org/pub/epel/testing/7/$basearch/ enabled=0 gpgcheck=1 -gpgkey=https://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 +gpgkey=http://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 [epel-beta] name=Extras Packages for Enterprise Linux beta $releasever - $basearch -baseurl=https://infrastructure.fedoraproject.org/pub/epel/beta/7/$basearch/ +baseurl=http://infrastructure.fedoraproject.org/pub/epel/beta/7/$basearch/ enabled=0 gpgcheck=1 -gpgkey=https://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 +gpgkey=http://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 diff --git a/files/common/epel8.repo b/files/common/epel8.repo deleted file mode 100644 index faf7c551fb..0000000000 --- a/files/common/epel8.repo +++ /dev/null @@ -1,13 +0,0 @@ -[epel] -name=Extras Packages for Enterprise Linux $releasever - $basearch -baseurl=https://infrastructure.fedoraproject.org/pub/epel/8/Everything/$basearch/ -enabled=1 -gpgcheck=1 -gpgkey=https://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8 - -[epel-testing] -name=Extras Packages for Enterprise Linux $releasever - $basearch -baseurl=https://infrastructure.fedoraproject.org/pub/epel/testing/8/Everything/$basearch/ -enabled=0 -gpgcheck=1 -gpgkey=https://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8 diff --git a/files/common/epel9.repo b/files/common/epel9.repo deleted file mode 100644 index b78f55a725..0000000000 --- a/files/common/epel9.repo +++ /dev/null @@ -1,13 +0,0 @@ -[epel] -name=Extras Packages for Enterprise Linux $releasever - $basearch -baseurl=https://infrastructure.fedoraproject.org/pub/epel/9/Everything/$basearch/ -enabled=1 -gpgcheck=1 -gpgkey=https://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9 - -[epel-testing] -name=Extras Packages for Enterprise Linux $releasever - $basearch -baseurl=https://infrastructure.fedoraproject.org/pub/epel/testing/9/Everything/$basearch/ -enabled=0 -gpgcheck=1 -gpgkey=https://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9 diff --git a/files/common/fedora-updates-testing.repo b/files/common/fedora-updates-testing.repo index 05e87ff1e3..5b195dc6a7 100644 --- a/files/common/fedora-updates-testing.repo +++ b/files/common/fedora-updates-testing.repo @@ -1,10 +1,7 @@ [updates-testing] name=Fedora $releasever - $basearch - Test Updates -{% if ansible_distribution_major_version|int >27 %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/testing/$releasever/Everything/$basearch/ -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/testing/$releasever/$basearch/ -{% endif %} +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/$basearch/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch enabled=0 gpgcheck=1 @@ -12,11 +9,8 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch [updates-testing-debuginfo] name=Fedora $releasever - $basearch - Test Updates Debug -{% if ansible_distribution_major_version|int >27 %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/testing/$releasever/Everything/$basearch/debug/ -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/testing/$releasever/$basearch/debug/ -{% endif %} +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/$basearch/debug/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch enabled=0 gpgcheck=1 @@ -24,11 +18,8 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch [updates-testing-source] name=Fedora $releasever - Test Updates Source -{% if ansible_distribution_major_version|int >27 %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/testing/$releasever/Everything/SRPMS/ -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/testing/$releasever/SRPMS/ -{% endif %} +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/SRPMS/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch enabled=0 gpgcheck=1 diff --git a/files/common/fedora-updates-testing.repo-secondary b/files/common/fedora-updates-testing.repo-secondary index c2c47a87b3..4359d0a094 100644 --- a/files/common/fedora-updates-testing.repo-secondary +++ b/files/common/fedora-updates-testing.repo-secondary @@ -1,10 +1,7 @@ [updates-testing] name=Fedora $releasever - $basearch - Test Updates -{% if ansible_distribution_major_version|int >27 %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/testing/$releasever/Everything/$basearch/ -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/testing/$releasever/$basearch/ -{% endif %} +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/testing/$releasever/$basearch/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch enabled=0 gpgcheck=1 @@ -12,11 +9,8 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch [updates-testing-debuginfo] name=Fedora $releasever - $basearch - Test Updates Debug -{% if ansible_distribution_major_version|int >27 %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/testing/$releasever/Everything/$basearch/debug/ -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/testing/$releasever/$basearch/debug/ -{% endif %} +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/testing/$releasever/$basearch/debug/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch enabled=0 gpgcheck=1 @@ -24,11 +18,8 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch [updates-testing-source] name=Fedora $releasever - Test Updates Source -{% if ansible_distribution_major_version|int >27 %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/testing/$releasever/Everything/SRPMS/ -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/testing/$releasever/SRPMS/ -{% endif %} +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/testing/$releasever/SRPMS/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch enabled=0 gpgcheck=1 diff --git a/files/common/fedora-updates.repo b/files/common/fedora-updates.repo index 63a029f532..ee6b7c8f4f 100644 --- a/files/common/fedora-updates.repo +++ b/files/common/fedora-updates.repo @@ -1,10 +1,7 @@ [updates] name=Fedora $releasever - $basearch - Updates -{% if ansible_distribution_major_version|int > 27 %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/$releasever/Everything/$basearch/ -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/$releasever/$basearch/ -{% endif %} +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/$releasever/$basearch/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch enabled=1 gpgcheck=1 @@ -12,11 +9,8 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch [updates-debuginfo] name=Fedora $releasever - $basearch - Updates - Debug -{% if ansible_distribution_major_version|int > 27 %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/$releasever/Everything/$basearch/debug/ -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/$releasever/$basearch/debug/ -{% endif %} +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/$releasever/$basearch/debug/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch enabled=0 gpgcheck=1 @@ -24,11 +18,8 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch [updates-source] name=Fedora $releasever - Updates Source -{% if ansible_distribution_major_version|int > 27 %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/$releasever/Everything/SRPMS/ -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/$releasever/SRPMS/ -{% endif %} +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/$releasever/SRPMS/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch enabled=0 gpgcheck=1 diff --git a/files/common/fedora-updates.repo-secondary b/files/common/fedora-updates.repo-secondary index c3475c21e7..bbd9f3483d 100644 --- a/files/common/fedora-updates.repo-secondary +++ b/files/common/fedora-updates.repo-secondary @@ -1,10 +1,7 @@ [updates] name=Fedora $releasever - $basearch - Updates -{% if ansible_distribution_major_version|int >27 %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/$releasever/Everything/$basearch/ -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/$releasever/$basearch/ -{% endif %} +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/$releasever/$basearch/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch enabled=1 gpgcheck=1 @@ -12,11 +9,8 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch [updates-debuginfo] name=Fedora $releasever - $basearch - Updates - Debug -{% if ansible_distribution_major_version|int >27 %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/$releasever/Everything/$basearch/debug/ -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/$releasever/$basearch/debug/ -{% endif %} +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/$releasever/$basearch/debug/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch enabled=0 gpgcheck=1 @@ -24,11 +18,8 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch [updates-source] name=Fedora $releasever - Updates Source -{% if ansible_distribution_major_version|int >27 %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/$releasever/SRPMS/ -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/$releasever/Everything/SRPMS/ -{% endif %} +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/$releasever/SRPMS/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch enabled=0 gpgcheck=1 diff --git a/files/common/fedora.repo b/files/common/fedora.repo index 7386c01645..372580acdf 100644 --- a/files/common/fedora.repo +++ b/files/common/fedora.repo @@ -1,24 +1,18 @@ [fedora] name=Fedora $releasever - $basearch -{% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched == True else FedoraRawhideNumber|int ) %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/releases/$releasever/Everything/$basearch/os/ +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/os/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub/fedora/linux/development/$releasever/Everything/$basearch/os/ -{% endif %} enabled=1 metadata_expire=7d -gpgcheck=1 +gpgcheck=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch [fedora-debuginfo] name=Fedora $releasever - $basearch - Debug -{% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched == True else FedoraRawhideNumber|int ) %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/releases/$releasever/Everything/$basearch/debug/tree/ +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/debug/tree/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub/fedora/linux/development/$releasever/Everything/$basearch/debug/tree/ -{% endif %} enabled=0 metadata_expire=7d gpgcheck=1 @@ -26,12 +20,9 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch [fedora-source] name=Fedora $releasever - Source -{% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched|int is defined else FedoraRawhideNumber|int ) %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/releases/$releasever/Everything/source/tree/ +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/source/tree/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub/fedora/linux/development/$releasever/Everything/source/tree -{% endif %} enabled=0 metadata_expire=7d gpgcheck=1 diff --git a/files/common/fedora.repo-secondary b/files/common/fedora.repo-secondary index 29cd964a78..434d3ce1f5 100644 --- a/files/common/fedora.repo-secondary +++ b/files/common/fedora.repo-secondary @@ -1,24 +1,18 @@ [fedora] name=Fedora $releasever - $basearch -{% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched == True else FedoraRawhideNumber|int ) %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/releases/$releasever/Everything/$basearch/os/ +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/$releasever/Everything/$basearch/os/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub/fedora-secondary/development/$releasever/Everything/$basearch/os/ -{% endif %} enabled=1 metadata_expire=7d -gpgcheck=1 +gpgcheck=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch [fedora-debuginfo] name=Fedora $releasever - $basearch - Debug -{% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched == True else FedoraRawhideNumber|int ) %} -baseurl=http://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/releases/$releasever/Everything/$basearch/debug/tree/ +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/$releasever/Everything/$basearch/debug/tree/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub/fedora-secondary/development/$releasever/Everything/$basearch/debug/tree/ -{% endif %} enabled=0 metadata_expire=7d gpgcheck=1 @@ -26,12 +20,8 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch [fedora-source] name=Fedora $releasever - Source -{% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched == True else FedoraRawhideNumber|int ) %} -baseurl=http://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/releases/$releasever/Everything/source/tree/ -#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub/fedora-secondary/development/$releasever/Everything/source/tree/ -{% endif %} +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/$releasever/Everything/source/tree/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch enabled=0 metadata_expire=7d diff --git a/files/common/infrastructure-testing.repo b/files/common/infrastructure-testing.repo index abbe4d330e..501bc6502e 100644 --- a/files/common/infrastructure-testing.repo +++ b/files/common/infrastructure-testing.repo @@ -1,7 +1,7 @@ [infrastructure-testing] name=Extras Packages from Fedora Infrastructure $releasever - $basearch - Testing -baseurl=https://infrastructure.fedoraproject.org/repo/testing/$releasever/$basearch/ +baseurl=http://infrastructure.fedoraproject.org/repo/testing/$releasever/$basearch/ enabled=0 gpgcheck=1 -gpgkey=https://infrastructure.fedoraproject.org/repo/RPM-GPG-KEY-INFRASTRUCTURE +gpgkey=http://infrastructure.fedoraproject.org/repo/RPM-GPG-KEY-INFRASTRUCTURE diff --git a/files/common/infrastructure.repo b/files/common/infrastructure.repo index acf1d013dd..98ceb3fa55 100644 --- a/files/common/infrastructure.repo +++ b/files/common/infrastructure.repo @@ -1,6 +1,6 @@ [infrastructure] name=Extras Packages from Fedora Infrastructure $releasever - $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/$releasever/$basearch/ +baseurl=http://infrastructure.fedoraproject.org/repo/$releasever/$basearch/ enabled=1 gpgcheck=1 -gpgkey=https://infrastructure.fedoraproject.org/repo/RPM-GPG-KEY-INFRASTRUCTURE +gpgkey=http://infrastructure.fedoraproject.org/repo/RPM-GPG-KEY-INFRASTRUCTURE diff --git a/files/common/mock b/files/common/mock deleted file mode 100644 index 347fc0c820..0000000000 --- a/files/common/mock +++ /dev/null @@ -1,15 +0,0 @@ -#%PAM-1.0 -auth sufficient pam_rootok.so -auth sufficient pam_succeed_if.so user ingroup mock use_uid quiet -account sufficient pam_succeed_if.so user ingroup packager use_uid quiet -auth sufficient pam_succeed_if.so user ingroup packager use_uid quiet -# Uncomment the following line to implicitly trust users in the "wheel" group. -#auth sufficient pam_wheel.so trust use_uid -# Uncomment the following line to require a user to be in the "wheel" group. -#auth required pam_wheel.so use_uid -auth include system-auth -account sufficient pam_succeed_if.so user ingroup mock use_uid quiet -account include system-auth -password include system-auth -session include system-auth -session optional pam_xauth.so diff --git a/files/common/nbde_client-network-flush b/files/common/nbde_client-network-flush deleted file mode 100644 index c2a5700875..0000000000 --- a/files/common/nbde_client-network-flush +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/sh - -# do_flush() flushes every active network interface. It is intended to -# run before NetworkManager starts, so that when it does it will be able -# to set up the network using the regular host configuration. -do_flush() { - for f in /sys/class/net/*; do - iface="${f##*/}" - [ "${iface}" = "lo" ] && continue - echo "Preparing to flush interface ${iface}" >&2 - ip -statistics address flush dev "${iface}" - rm -f /run/NetworkManager/system-connections/default_connection.nmconnection >&2 - done -} - -# reset_autoconn_prio() will reset the autoconnect priority -# of the existing NM connections to zero. -reset_autoconn_prio() { - nmcli -t -f NAME connection show 2>/dev/null | while read -r _c; do - if ! _prio="$(nmcli -t connection show "${_c}" \ - | grep connection.autoconnect-priority: \ - | cut -d: -f2)" || [ -z "${_prio}" ]; then - continue - fi - [ "${_prio}" -ge 0 ] && continue - echo "Setting autoconnect-priority of connection ${_c} to zero" >&2 - nmcli connection modify "${_c}" connection.autoconnect-priority 0 - done -} - -case "${1}" in -reset-autoconn-prio) - reset_autoconn_prio;; -flush) - do_flush;; -esac - -# vim:set ts=2 sw=2 et: diff --git a/files/common/noautodefault.conf b/files/common/noautodefault.conf deleted file mode 100644 index 06b53d81da..0000000000 --- a/files/common/noautodefault.conf +++ /dev/null @@ -1,2 +0,0 @@ -[main] -no-auto-default=* diff --git a/files/common/original-epel8.repo b/files/common/original-epel8.repo deleted file mode 100644 index 61cd8502fe..0000000000 --- a/files/common/original-epel8.repo +++ /dev/null @@ -1,24 +0,0 @@ -[epel] -name=Extra Packages for Enterprise Linux $releasever - $basearch -#baseurl=https://download.fedoraproject.org/pub/epel/$releasever/Everything/$basearch -metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir -enabled=1 -gpgcheck=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 - -[epel-debuginfo] -name=Extra Packages for Enterprise Linux $releasever - $basearch - Debug -#baseurl=https://download.fedoraproject.org/pub/epel/$releasever/Everything/$basearch/debug -metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-$releasever&arch=$basearch&infra=$infra&content=$contentdir -enabled=0 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 -gpgcheck=1 - -[epel-source] -name=Extra Packages for Enterprise Linux $releasever - $basearch - Source -#baseurl=https://download.fedoraproject.org/pub/epel/$releasever/Everything/SRPMS -metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-$releasever&arch=$basearch&infra=$infra&content=$contentdir -enabled=0 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 -gpgcheck=1 diff --git a/files/common/original-epel9.repo b/files/common/original-epel9.repo deleted file mode 100644 index b49f3d58b5..0000000000 --- a/files/common/original-epel9.repo +++ /dev/null @@ -1,24 +0,0 @@ -[epel] -name=Extra Packages for Enterprise Linux $releasever - $basearch -#baseurl=https://download.example/pub/epel/$releasever/Everything/$basearch/ -metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir -enabled=1 -gpgcheck=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever - -[epel-debuginfo] -name=Extra Packages for Enterprise Linux $releasever - $basearch - Debug -#baseurl=https://download.example/pub/epel/$releasever/Everything/$basearch/debug/ -metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-$releasever&arch=$basearch&infra=$infra&content=$contentdir -enabled=0 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever -gpgcheck=1 - -[epel-source] -name=Extra Packages for Enterprise Linux $releasever - $basearch - Source -#baseurl=https://download.example/pub/epel/$releasever/Everything/source/tree/ -metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-$releasever&arch=$basearch&infra=$infra&content=$contentdir -enabled=0 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever -gpgcheck=1 diff --git a/files/common/rhel-7-aarch64-server-rpms.repo b/files/common/rhel-7-aarch64-server-rpms.repo new file mode 100644 index 0000000000..ba48078c4b --- /dev/null +++ b/files/common/rhel-7-aarch64-server-rpms.repo @@ -0,0 +1,4 @@ +[rhel7-aarch64-server] +name = rhel7 $basearch server +baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-rpms +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release diff --git a/files/common/rhel-8-aarch64-server-rpms.repo b/files/common/rhel-8-aarch64-server-rpms.repo deleted file mode 100644 index 6a70399465..0000000000 --- a/files/common/rhel-8-aarch64-server-rpms.repo +++ /dev/null @@ -1,19 +0,0 @@ -[rhel8-beta-dvd] -name = rhel8 beta base dvd -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel-8.0-beta-1-$basearch/AppStream -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release - -[rhel8-beta-BaseOS] -name = rhel8 beta BaseOS $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel-8.0-beta-1-aarch64/BaseOS -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release - -[rhel8-beta-ha] -name = rhel8 beta ha $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel8-beta/aarch64/rhel-8-for-aarch64-ha-beta-rpms -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release - -[rhel8-beta-appstream] -name = rhel8 beta appstream $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel8-beta/aarch64/rhel-8-for-aarch64-appstream-beta-rpms -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release diff --git a/files/common/rhel10.repo b/files/common/rhel10.repo deleted file mode 100644 index f8e7b40927..0000000000 --- a/files/common/rhel10.repo +++ /dev/null @@ -1,34 +0,0 @@ -[rhel10-dvd-BaseOS] -name = rhel10 baseos dvd -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/RHEL10-$basearch/BaseOS -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 - -[rhel10-dvd-AppStream] -name = rhel10 AppStream dvd -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/RHEL10-$basearch/AppStream -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 - -[rhel10-BaseOS] -name = rhel10 BaseOS $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel10/10.0/repos/$basearch/baseos -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 - -[rhel10-AppStream] -name = rhel10 AppStream $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel10/10.0/repos/$basearch/appstream -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 - -[rhel10-CRB] -name = rhel10 CodeReadyBuilder $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel10/10.0/repos/$basearch/crb -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 diff --git a/files/common/rhel6.repo b/files/common/rhel6.repo new file mode 100644 index 0000000000..3c533fa197 --- /dev/null +++ b/files/common/rhel6.repo @@ -0,0 +1,14 @@ +[rhel6-dvd] +name = rhel6 base dvd +baseurl=http://infrastructure.fedoraproject.org/repo/rhel/RHEL6-$basearch/ +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release + +[rhel6-base] +name = rhel6 base $basearch +baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel-$basearch-server-6/ +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release + +[rhel6-optional] +name = rhel6 optional $basearch +baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel-$basearch-server-optional-6/ +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release diff --git a/files/common/rhel7-power-rhev.repo b/files/common/rhel7-power-rhev.repo new file mode 100644 index 0000000000..c801acdef8 --- /dev/null +++ b/files/common/rhel7-power-rhev.repo @@ -0,0 +1,4 @@ +[rhel7-rhev] +name = rhel7 rhev $basearch +baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-for-rhev-power-agents-rpms +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release diff --git a/files/common/rhel7.repo b/files/common/rhel7.repo index 8ed58ddd9e..c76f2a913a 100644 --- a/files/common/rhel7.repo +++ b/files/common/rhel7.repo @@ -1,24 +1,24 @@ [rhel7-dvd] name = rhel7 base dvd -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/RHEL7-$basearch/ +baseurl=http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-$basearch/ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release [rhel7-base] name = rhel7 base $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-rpms +baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-rpms gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release [rhel7-optional] name = rhel7 optional $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-optional-rpms +baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-optional-rpms gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release [rhel7-extras] name = rhel7 extras $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-extras-rpms +baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-extras-rpms gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release [rhel7-ha] name = rhel7 ha $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-ha-for-rhel-7-server-rpms/ +baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-ha-for-rhel-7-server-rpms/ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release diff --git a/files/common/rhel7ah.repo b/files/common/rhel7ah.repo new file mode 100644 index 0000000000..31899caa7e --- /dev/null +++ b/files/common/rhel7ah.repo @@ -0,0 +1,4 @@ +[rhel7-atomic-host] +name = rhel7 Atomic Host $basearch +baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-atomic-host-rpms +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release diff --git a/files/common/rhel8.repo b/files/common/rhel8.repo deleted file mode 100644 index 0e1ae3bd20..0000000000 --- a/files/common/rhel8.repo +++ /dev/null @@ -1,41 +0,0 @@ -[rhel8-dvd-BaseOS] -name = rhel8 baseos dvd -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/RHEL8.0-$basearch/BaseOS -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 - -[rhel8-dvd-AppStream] -name = rhel8 AppStream dvd -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/RHEL8.0-$basearch/AppStream -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 - -[rhel8-BaseOS] -name = rhel8 BaseOS $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel8/$basearch/rhel-8-for-$basearch-baseos-rpms -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 - -[rhel8-AppStream] -name = rhel8 AppStream $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel8/$basearch/rhel-8-for-$basearch-appstream-rpms -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 - -[rhel8-CRB] -name = rhel8 CodeReadyBuilder $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel8/$basearch/codeready-builder-for-rhel-8-$basearch-rpms/ -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 - -[rhel8-advanced-virt] -name = rhel8 AdvancedVirt $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel8/$basearch/rhel-8-advanced-virt/ -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 diff --git a/files/common/rhel9.repo b/files/common/rhel9.repo deleted file mode 100644 index 39e007a58e..0000000000 --- a/files/common/rhel9.repo +++ /dev/null @@ -1,41 +0,0 @@ -[rhel9-dvd-BaseOS] -name = rhel9 baseos dvd -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/RHEL9.0-$basearch/BaseOS -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 - -[rhel9-dvd-AppStream] -name = rhel9 AppStream dvd -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/RHEL9.0-$basearch/AppStream -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 - -[rhel9-BaseOS] -name = rhel9 BaseOS $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel9/$basearch/rhel-9-for-$basearch-baseos-rpms -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 - -[rhel9-AppStream] -name = rhel9 AppStream $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel9/$basearch/rhel-9-for-$basearch-appstream-rpms -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 - -[rhel9-CRB] -name = rhel9 CodeReadyBuilder $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel9/$basearch/codeready-builder-for-rhel-9-$basearch-rpms/ -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 - -[rhel9-advanced-virt] -name = rhel9 AdvancedVirt $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel9/$basearch/rhel-9-advanced-virt/ -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=0 -gpgcheck=1 diff --git a/files/common/rhos16.repo b/files/common/rhos16.repo deleted file mode 100644 index 513573f9c5..0000000000 --- a/files/common/rhos16.repo +++ /dev/null @@ -1,4 +0,0 @@ -[rhel8-rhos16] -name = rhel8 openstack $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel8/other/rhel-8-x86_64-openstack-16-rpms -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release diff --git a/files/common/rsyslog-logrotate b/files/common/rsyslog-logrotate deleted file mode 100644 index f55c91d88c..0000000000 --- a/files/common/rsyslog-logrotate +++ /dev/null @@ -1,20 +0,0 @@ -/var/log/cron -/var/log/maillog -/var/log/messages -/var/log/secure -/var/log/spooler -{ - missingok - sharedscripts - postrotate - /usr/bin/systemctl reload rsyslog.service >/dev/null 2>&1 || true - endscript - daily - rotate 7 - ifempty - compress - compresscmd /usr/bin/xz - uncompresscmd /usr/bin/xz - compressext .xz - dateext -} diff --git a/files/common/sysadmin-main b/files/common/sysadmin-main index 0c59b85dde..f8056503a5 100644 --- a/files/common/sysadmin-main +++ b/files/common/sysadmin-main @@ -2,5 +2,16 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAD9QDskl41P2f4wqBuDBRD3VJ7MfKD6gMetMEaOy2b/Czf ssh-rsa AAAAB3NzaC1yc2EAAAABIwAACAEAstHxky7hl1inyHBy+q/9M+Aen2HSfy8IoW+sAO6HSuHEUT7qWB8AlSNjHhahjXx7sy/BUkUed+NB/177rjlThokZDJ0yoM9KKymp26ETGaamBSkWBxZatTj96BWfD0P2K9jc/9vxtgKBq3VK9UaOt6VtJ9q6mKY3DdWLZn+K6iGQAKMCAgd8cCMgD6epBB5/litz7WhYv+aYTyjZGUGbBojQUiWgXDv9lR7p0w+VP7pnZEeb3//k4pZhsPrKFwwRVRLxBvWgVKNvA6nMXmsdikHCLLj8YAevhEY1xAba+iCKOpTqT7Bu+1Fnb9St8u5iDod21gRmN7MGGWYsO+Iu2MNAW9sw2nsA/sdNR0HEEgBqJLhERjGv399fWKyiZaF90n59lg8Pb6EzE6wHRs6rSB+9uKApBzPk99BEHLvC6mhn6RjrOC+TWSTcmXojAwQYCadqIdgWUaBsxaugKEXBFcmRuDWtpDfsqmM1kjeGU6MiaMlqPW0KjsMaVVChLO5ZvB/T7qW4wr5ZjLri475MuHocCMP0ECSUk7I3YW2h8RU6FEFmTpuULFRQo01iPreY5XJ7l0+xy2eggAWo+X2h3nGjXhCPOelBg+LYe0WOmPgB5oc1m5HZtFTcFzYbhAE+xQKlbwNeYT8HmNmEMhPjVoNyOOV7NAap+ueS2u/7li5D59O5Iy8aa5n/WiuYfkqH4pG796nFyLr5L/LVudzyaYFb/Gk8C1j/NAWYw53D/9aOA277HHe5t0/daJhbo98u0asF5mvPld3swPuPqkEZzgUfmNgH5CkvcQcMzaOvj6qr6xNmQfgsHroCShb46kplQ2uSf1pMAqsjN7jGhk6l+Bu6hKHnJKhZJVLiuAZtgYvkCB1ahaO3wRVozA1VKCAlqHOqoCq4YLIobUL95H08Kwcz7vIRIadX1TkOoLb2EwPkE/xrhDp4BySh+j6YNklSBkiRHvJMBNnRIj8NTRjYyj2o1Om7kJ770lEdryg2og8QBaFWCmFkwzg1QVrBOuu0dN7kt2l7VI7Ib4lavKSVTrqUdxdSbthUlu/b4Qif+pbyEtUFgykRsHVs+5Ofg7FZpsgCJ8rLFjzeVF/hAYX7t3XaIPLu+DL8kzamb/CRy1b7+iAw9nJbd7ED2SGyU6+c2coMPG23y6+YxgEmNG/rkCLCypkEEDOZe4DuMerZQ/RxMo06+glC6HC/3VN2dHlVLtEEV33B04/6Z0plAhqtjG7PVs08f8a5msV/VYn5ifa4z0oIXX1r5CIg3Ejp1JguLhBHpWa7YbS2Mwu6GAbD+hQfCYrsUkFonoOLu5czpITLo7ceJFTQmAt7OxZEoZBfmtYfzADQsQVYQb6J4QwvM3iKJOn30dgtYnJOVlDZEn+0fivedxoBAt9jHJ8lVp2ov/dOFnimi5V+2QIMB0fKTkChsk10zsDZ/KUk6zfijjEju0WfjRHCd357KswNv3aXHazfRIw77S2UOenD+xmUDZ6WgnxservUSDNDz7NldLf/gdPOMO4uSwKZixzsoCNioeLEmQv4gomNK7DyZBLMHLlWlbliqP+QWuIJO1rfoH2vaxzzA7l5tJW1gfnxm87RrrwIf9v5kpdJM6gQZxqmBCRsKQd5VkrEJ/xaFfkv080pWNV0drWTZW8fAAgfUNYB260Hyk3rHsjQlVtQxGJ1aAcgjMi3eGKQMwptbUMYHqct75czX6xp6zgXPiC/glX6AtuiZQ5bOI07imil20ien/ks/dnel8L+dmYDasL9m0B2jZ3lbl3eR1Dy7UhqGyERx//vYQapEBuwFcqQ9UdIWCGGG2Pte1I39BSehUUGSCOOD38a/GCu0l7OWZKdwq80MK/Ixgz4neiZQZ7MD2wPy6vk6Num18PZPN7OynMrI2UG5MViQ0GAhRgxwbUCvc7uKnGRqZo9q2mCabCxLbv+hJ4bppxpHHJxMDDXilTKMfZb0YRbvjBUi7LFKLN3MBMK2U1jHE+PjBgweqF8Jtuw04CQMxK3unajZOVkYAIq8IdMbw0oBVP4++eGB9z0x1eH+IsqL6IgknbbyoMgQqW9/8atm8HW2QYCX47oPd4FHs8rgJZk3bz8MwN3tp8WCRtYnJuwkWGWSq77ans0Ycl/tUfSSwUjnSvMsJnuSbxvdX0XbP5eRWikk0pJz5lM9sjYFOPHrQ44/U254yBa0N6UhyNTQnMGzRvY+fADE49b10hXZwCCrxpY9KvGr1XNJMnMcUke+4p9RS5LUwcZ8A6v7oWtZaZwnuBzvKk+HAn2gevD7Stjto+TnRCx1qcbx8iOhAEC6nvbLl+U313TmawrO/usrI5w3EFKP/4BnlKJDtNBeklJ0MpU3R1fmisqfegjuBW2bbaxq8Uo6m7uqPsYuAl7E6rOyZHLbtA8szvbQ46MSqAHezqxHJajWn2oZXMtbddgO5vlkxbRp3SSVKaPOeIj3XOGl78Owp4gFNRE0RY2EuUvrwUhXZR4wx1VHYjS6o9HAwOx3dH+pf1OiblUEanLQ9HLuOBkLhP8wn1M2slsSw+A1gyuI0ayjRujYFXdw6Mqp6XKTdU8vNue2c3d0I+TMifBypP0oJtxXmEoPp/VsU9yLKA2FF7Xvv/Xq1gtZcuZWAbSwMok/ENY1xeIFyjV+0yBidmax3jaf9yus/XEpyeBS3iIz63ymU10Kb2vrWjubg/sa2yd+q0y96dLdDRbnbwGwMmg6mXvTlVXf8c= ricky@padlock01.home.elrod.me ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5bNJQBrvT/YuvfLO0y6smZW5N+946uISkzmDi9myffLgHAZP4nBGeH/4GcB5ns9HJ19xVtbIwqOz4QwIqKh4gKU7DgaqND2Iu0bUUFL1KXPLGyAIW+9N3yHB+nKkH31alDnF4dpKkvO63DRkqh4ptxwEQbZDCFqn+vXuMnG4cPmDEweR3QZUt5m0Vc7HXzbehZxjUZ3xRWvT/pu+khBhJcRFkLlA60Fnqv7Q+MQP1C0Cpf3hiX1LcXUogXkNooAqx1YYRd8VqvI8e9yQW+a99x8FftnmXKlGCxP33ng6+U6Y2H7u3cRDrlRTbWqkry4SuUYo+6MtvZVgL0fw6PsZ jstanley@hawtness.rmrf.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJH1lA7WHRCbaFtvzbw0HxHYJstZjuXhax1+eL+SUJ5fFRGosEc4fLrSCP0gSFDfXmNzuspoBgcQTqnNO8FdIUwkJLDEu0vTQls1aT9YUXb+RVwKB7ULA3b1dqFkmOgLEjTJL9AplK4OJ9Su0kq6QBV4mXCxMsgEML/gn6r8muZmu2L/LdzUnxKKggyq7O5q1K/eW5Yy21fpvbHt2UPQX1f6gt4ty7E9Nnuhi7SHCI7fNIa+kHyIesfTm/SzeK/PY9rDwZKjuyS8o22GJXGEScJomK1cjMESH/J+t8Hffaj88BjGHNczvcnXAjq6y73VJQ9DiGLD4zmFquQMxDu0Tf kevin@jelerak.scrye.com +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDefONrBaBJlCxKtDwkYWVhf96lMhRQfwVJyBoBd4Pk6TqKMlAu2eST1xRZlV4cJSxAWgZpOaFgqJ5EGd6mq8PvVk+mKXdtX7CAoWm4f3c6otUFsFDCTw3gVvYSlEk23XBHuACsbAVNL4HmP+9C7PxQBePukbMBFD2smsyQkPcX7lZw+lDJW5lOTz3dHAA92bcopDycxRDI99gGkawzjlmxpm2C9nhRabKS6mpGw3N64d8hwHkkFbtHY7rS0/0Cka0geYYYv0NVki1IIctkhZE9LndcWbVcVe1pIlR0RyW2sorfgCgoa5fRZZhukUCtspdv981h/0b87RpRVUJKuRd1 lmacken@tomservo +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsmLoA/97DrE7roCHOY7NdB5TV/g7oxAsk74HgHcFRYAbn/rkoa7r9ZsgR7qzwd6Z+5Z77qFqvl1Bs3XtJf+1vJ3kwdcNFdKTw1DgTdE/rNPI7QzUgXKKKv/WCiU6UDBX4HHWq8Yuq4tkr/yepS8sLzMz2e0pHU4uWFQuvr5ttP9ABGohhDnPr0IcaT5vm+uBTJItJBrhqGws2fnVxhWEm8Y96AZb2vFZVwiMdcKKqfVZby3/wTuEtaDbv0krQNtLJcjaOTWLHWnxJEvLWSdFgkuIDvoNKR7ZV2lsmh5UD/smStgf8TkORR59r63dp2kWAn0/Jl59ARsdXDXGCiduF3GamxglTUA+kYbkN/PBQbl6o+nNKy4Q5TI53WNmhpdsbEJWCjzT+V1ju5JejFEHIhnWyBoBUWB2NKxWaSlToI2B9E0iJ0HK68IlA7bO4X7SD8q5cZBVTKMByFxt9uQXFeZeG7QRCPIsg6bXsirnFn5028iz+RfVFe3Mavp18v1hObvH6SDTczQauuAhTwYOtphaPZj+iHbaKvKndvlOWdGoyrNxgcx+t4loyEEcEWD0Astdp0bZD39nag94PD7hnoENOC0oE6mbtyUuSCGrU6ogee8qxYAt0AP3Rq1LLaRWXqe/1rM5A9oaDNwNkWA/JWbJbZQf0vvWTZmTib3rfew== mdomsch@fedoraproject.org +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7U0WbKLL/D6iR03/vdDZJ8Lkj1jjAkindSvC4PkXVgi6qJo1YBZnIgsmoQopYcra2yzHFt58crygIh79P/rpQowWY99W+Sk4kB9UNuiAiX/LRi+1YdxwCKcRNTVOwuji6MGZoscACERmIjPY6P1oFPERoXhUkOuzPcrDK/0z/Bp9dpNRVZE/0zN6dvHA9QODLGvcFtgnX73SbZfoIbaVP/37IvOZvjGI1jxC5DwCmY+ihM13GpELP6BM8iihlnl1pjk1vtqPxD9g9Llr14Sc6cZJKl1WCulqhde4SEMOjpMJ8J8cGYBSsdh49hB36pdKQuTTnuCXpEt5Tl8PUKCrr mmcgrath@desktop.mmcgrath.net +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3eVd6Ccegp1r1mhm7tPnlGUcw0zsAbR2p9hrFZ7RKxdIponuVV9ix4lgwpNEVDs0j4vxAApeLpJrsV8R8+YLUZO3Mzi+2s8nM8LXrKHtJT9wKKqoU3O/lC79drbWk3EMgETyP61Zpjkub0hwG2MjviPee63zCuRbxzxyalzk+AtwkRSxYaS2Ha0uKxGDiq1c/Iu6HRgm8HrtW+Pr6QbSSoHLhGUpR0HkgoC6852xXGhrRMkzXXbD9L6vaK9F39YmzD7Z8yey+xDTFW529avkEIWDeqBpbae+HjKqEQaBx71/rcmXhqKYrEagzUGpS8Bwskp3JMksd/v9tMuUhGQ2XaooCeKzvM0KnVUk/Q031ZtjNYxLpy/rEqbyt18+8wYOvVoGgnRZ/yJ/UVwYbGJrttYrrQmaJv7b357bkgDJobkIki+zGzi1xkvb85JWEt0mfh38H2vCnpwQtSAIyF/hmrS+1xsD/oAoc83IUhsVYcDhLbBEVKMX2IsJLMAPwCE6GexRYyVE5vEN4PMV9A8VmGuIC3IzkPEbStdtlbP4ttNKtfwS+MrY+ceAABDixls6xpedgT1he44R+7C1p+w4uj4TnYReLVce6+KgfJ6mz8CTXVULLWM4l2H3PylEUyoHGRDpVanGAvm7h2D0HgxErWIkjZkL79GFhzQc1xjzixQ== notting@nostromo.devel.redhat.com +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDAeAohiRJ2v/RO7R9GS93TF92Gc9ixK6HM7wlbMdlZ4yYAbeoEX8VpeNaSTfo/Nw3zazr9VpmpHg+H70K8ljQsPgRwcgpetRVpF55M5FYjqM5oM+N94HV3nSGcnWbSIho1R31DaDH2ptxVqgh2m5DG7Bc45w9Bd4wjfdQ8nBrGv93tuH7X/cee4g6GvexLm5nXhAngdEmiyxw5MHuJAvj+54l4wMXRWpeF6XlI2iamW42nLSfRMCFkGNiXvBm8zkfkeH2L7I2cNKXXoP/cPCd3G/teIsI9FDqYpZ6CS0zMkWhlTuh7rlCjc9+nJsLdDLgwhb75skiUOOfimGvCCxWeHuCsSL+KpCu4AgI9UAVgO6xblDlmbQXxlGopep29U/s00W/0qv3Zp8Ks4Za0xHdoIwHiaLM0OYymFaNDd3ZqFG0FN23ZjcGqUmFGhGfUQRDt72+e9HtXlBJ0mUaCX9+e4wFGTVciG1/5CKsLHCaLRf+knsWXrv2zcv9BoZ9SCAK32zCZw05wjcmr7jYDCTLmtC6kEBNaOeE9Qqi2oomo4ji8ybg+Qq+1BwOtJKExvmZaooBZud0qd24HmCU0/0ysw732jGcqexzxsCR0VArd+7LKexOD7KwMW0VUss6fdOWac9gwCLx9FaKYh8mVvcQjKhKGI3aO2sXRUWSbBJw8w== ricky@alpha.rzhou.org +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAxnzCHH11nDM1m7yvqo6Uanq5vcZjBcs/mr3LccxwJ59ENzSXwUgEQy/P8vby9VKMwsskoaqZcvJdOSZBFhNV970NTPb69OIXPQAl/xhaLwiJOn606fB+/S8WepeuntS0qLiebbEiA9vIQLteZ+bWl1s/didD/sFo3/wItoTGA4GuShUu1AyWJx5Ue7Y34rwGR+kIvDoy2GHUcunn2PjGt4r3v2vpiR8GuK0JRupJAGYbYCiMBDRMkR0cgEyHW6+QQNqMlA6nRJjp94PcUMKaZK6Tc+6h5v8kLLtzuZ6ZupwMMC4X8sh85YcxqoW9DynrvO28pzaMNBHm7qr9LeY9PIhXscSa35GAcGZ7UwPK4aJAAuIzCf8BzazyvUM3Ye7GPCXHxUwY0kdXk+MHMVKFzZDChNp/ovgdhxNrw9Xzcs4yw7XYambN9Bk567cI6/tWcPuYLYD4ZJQP0qSXVzVgFEPss1lDcgd0k4if+pINyxM8eVFZVAqU+BMeDC+6W8HUUPgv6LiyTWs+xTXTuORwBTSF1pOqWB4LjqsCGIiMAc6n/xdALBGUN7qsuKDU6Q7bwPppaxypi4KCvuJsqW+8sDtMUaZ34I5Zo1q7cu03wqnOljUGoAY6IDn3J66F2KlPPyb/q3PDV3WbY/jnH16L29/xUA73nFUW1p+WXutwmSU= ssmoogen@ponyo.int.smoogespace.com +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFZ3AD/I0OfU84IrK573amZptucuBrDxHoue/c+PUsD3MGIA6QXRceq3ZkLuz25OAAu53hFxzCE4d6eVS299rVR8Cd+tVU8aqBdTHzdqv52Vs8zRfXMW69sV7fhwRLaQDcRTwY90Wmz2MbZmN996XmJDNtUIWI2mML+PBYEdO0PyiB2ttb7mmA3SwtC/rwEMJL2YHh+bTzlJ9W4BgFcFwizMXU3mk5uGp2/q3nKzEvgTROM8yWvqdM34cRYpjFKyOlpo6k3SPt76hgDUEIsAu6Ul1S0FHTCRMIihcxZOSN4frMtXVjX0NhW9mKcn1IRBpzd0Yon/gPB8OJ31ojIIop spot@pterodactyl +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDfgKJEBuHFlFc8/IHDeIpdprNnAFQHkicXAFfAzIJSkhUaOJFjsulmgPZn2TJJpYqFAxYUjhWJOdrOwx7AHSg6gWu4TT4a0sTay+Z0eqZOShf5UL/M587DxJk1JZU8g812yDKZMc7Sv7K6zdteONnCvno1kALSg0F2MVMJXFjE/tSontkIRH6IuG19R19NGEj1h56uGwdfe78xjOmv5wk6RZBjaOKqiPSQKNqCKbY9Kyz6yrem2M5uxRK45u3wSPJdmopo8l/nwf0p6ydrUSL5C/aXGh7LPqh31eTBDQUbWHw9LQMk1SibMGQPwJt59lLMlzc5OQZAJEbadsDAgl6VVA6MZkBQROiK9E087kvPesMoGWE0KBgvTqzpBZj0uHATP9i097dv80gjupMyaePsnQOxk0wRho9nRkxRo18Drt3QPVND4YGHzahMe/YR2N83MkbnGoP8K+GsFhLMAp3NKh6yUofFxTgRiB6H8ULKf3CV+hlk0Z9RJR3CpgMTKILYHPlaleJqoP6sXg6tJxI0rUE+0jUKvaTj+N2gX0MjKfUINk5mTbjD2mdVrPtKOBvos2luNhY5nTDpJuAHQqnFHPlPw8l3lXC2VBWOjqfTeeS+qD7ArKe6F7IO5ZNxJ2mTUuodhaPySta1MS37DWoz6UqeJu+wKIsHok90+EU4aAvUABh3RXSQA1E3IaxkooMhhrdIQO6K4L0M+CZ7lP35sW5pnwsN4sFlPec9Xn5e15LTlb9yFlx7Nm4DE2SX1s9QyMRE7z0LNO0X7wiihojuyQM6OQwc+ZaaDw5HerBisX/3LcC9osVLQQg1pt91YcCczUQ08qfUJV6aOD962K+EGzVFQGGauJDzgEH9BHQg7QwCWr0f3mu8/TNBzys2c0YsywDUc3AT1KP6TEJcR/dy6WbhJD3qyO/BLfCzRrHUOIaz+WbwmfTX8tGEQnVV5sEkZ39PWA1hRQ83b3MNV8cRJl+h/FnTk62yM4ZqGu73+x8JiEG3HAJp9/xYfNSwg8++PojJBXe+yM6DrTh5fTnBhxatLEKB658p8jTqJtF4+YD9D8+L39xEns6GQ7FphNqTC6IcpXyqq+zNuzF7vs/T+5n7978dUs3sK6YpBX4BlDxK6MsRF1WYqajEVeBJEMwdX2rfGkN9B5GfWdmdrzBjZQ6yyvlx5Dg++qgxpMiVOXSnw5v7H03PrT1we9wKre/2SQ1A2Oq/UDt/7tR2cMLoaPDNBpFT1W44LJB7o9iDT9YHUG3dC7R8JoeJ5YjyFmxbUQ5xg1oHnrBaPrGCuEYdQWhuDmp9Px2yRu8Agxzr9rNCZ/W8nWJVmvwvlXoldrum2rAECx0wiWqBhQ/+eX65 badger@unaka.lan +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAmS3g5fSXizcCqKMI1n5WPFrfMyu7BMrMkMYyck07rB/cf2orO8kKj5schjILA8NYJFStlv2CGRXmQlendj523FPzPmzxvTP/OT4qdywa4LKGvAxOkRGCMMxWzVFLdEMzsLUE/+FLX+xd1US9UPLGRsbMkdz4ORCc0G8gqTr835H56mQPI+/zPFeQjHoHGYtQA1wnJH/0LCuFFfU82IfzrXzFDIBAA5i2S+eEOk7/SA4Ciek1CthNtqPX27M6UqkJMBmVpnAdeDz2noWMvlzAAUQ7dHL84CiXbUnF3hhYrHDbmD+kEK+KiRrYh3PT+5YfEPVI/xiDJ2fdHGxY7Dr2TQ== root@lockbox01.phx2.fedoraproject.org +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDnI+8JwOdXUO6T7gI6oXHUG4oQJsMsCwEGnRBjU4po93i9g9C5sShgqJMvBI2wzDdgL/xOFJeHuo+WTP6W/oiv8KHEco3wXSI4OlsPanORGn2TajwzEaYlfxJNlQPvmuxFxcrfkPF8cOGa0DRNTLZK7abO3tKfZV7IJyNX3Z0LFZ+VwcJBy1ryg0GonMYkjEreiAgJyGCJ1crnKiRMPSu/QONb0MTytMlJRtc/Lfi/KkT8C/LQ/e3zA5DWo9Ykb79M1k4MmtmE8mIUlWUQ9hagMhCj3/6Uze04H48fpYzDPr6AHU6rqxLTdBGgLCeSIUkE1ReZpAk2E+QAB/fTliydT93ig5i2RDt3YHcAa994C85bc0D+A21u0H/LzR1wbIItx+MpOkZePHevDSe4y8ULx0cUiEHxmTTZ2C6j+1EqaP5PeWEqlU3iXTgiqOzTEwfEaH7nScBpGbFmPnzdgO7xLuKebnvWjGu6d8Jd41KN5dN5WNMJaNEXBl65ySfeQYCCX/JZ5bfvC/07zAKj0/RKOFMyS07rb0rKh3EBcRx/tHgCq0hJ23NwfkShchj7v2Zh+JjgHKBv1+ZiIwnx2/WuYwvKwyqXZ5Jpy+lgxcC7l11w1ZN3tCd66E6NdU8AJIOz0n+trIorsipQBY0In3ZBLUU0PUYwno73e7ZabgcE7Q== patrick-new@fedora.thuis.local +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDep2yv5JTFJ0IdCiqumMFfNdu3H5Ej/rVVDEotS+3n5+1plKvajPXOA9c/0RLrBC/vL8LqDVrxBaiCvPFCIRN9a3Y1ru3Dwg++NmcMEvYq/H3SMHhZsH1yjlCD2r38znpX+D+CBMQnn7F5jqYFAnaMeESrgGGFFANfJN9HdHjb6eIrBGJyUOJ2JnZnhLFT5y7ru2xRMDmgsO3U+crmecYAeX/4iUadUxit36defAniVOA/3Jwva4Gjz73vIDTHNy1mxB8Y2ZBBl9WcL4qHc6wnAyFaiULcT5++Gdjn+MIyL86G/7mIIgC+fcVk/5JrdwMBiAZYMUZO/pzPobOe0spF threebean@marat ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2xAeq5uO72kY4mSFgFl9ZSveiAqe4tUv8hemrxwZH+w24RFOGrW1nOV+hjQhRpYVNwvqJkrd9N7VY/HXkd9df2AgQyYoiVfeMPTA7lB0/e/S1Bd6XGdWudvqRU1O6Rug0j3RQOuz7WDJgnanBVcBl8+X7EaPGpv9aILgh6CJDOVAO2GgaFdzI7CHtR99CMqNG7BsQF8C9Y8ALK+8HOPRE0R1wzgaAw85HTo0gyIWcrZqr4HI/QDuLjUQ6AZSgzE7dTiwZuFnUjLBnL0YP1bxJglt9IFx6r6jvdp/yMD+Bn/91WvmBL/AD+GIQ/ZydoeLo+JQW22ibiX/SzdAE4Cd3 pingou@FedoraProject -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDLVoyChksxZ1T64H8sJ3JjZNwUEIBQ1RKoY3cL1FfntvkvmgluWw/AGKQME49W6iRC6o9IgCRrOPErtd8FtetX1jI7Lkrd5znqRkVUj+FrCyaOq4lCICAYX8q1QC2URlteXiHtoaOWUqHD20c0tQwktCXtBAxfLCQCVjfubvSs7rWRDSyC2diUTCfJGYYLyo41Pr5IyMKg6BMUE/BAURHwTncMXtRMjx8JqxZtMImp4cO5p4QV6BVydn99X/ueHOVE910OrPL46cOsBMV3EIm+Hwr7lAHa7eF6bTv1bsysNPHZZ23TzvEjIB71l2ptlJThm3iECmgRlb4ssllqH2zcnwjSOivnAaalgaHk937At6QlrOdtB2WY6sxklxYG1Uaq0P+IOIRhEOw/6/5mcqBH/G8ebYfwiv5CwJ0EzRZW78y6VOHfUo/XQEetcLMYMS7B1rSaQDMTsfIGTrjBXS5kKn/AEnVYYWbD+wVGC64ShQVhtXzpYEzHTRf2XQwCCnEUF9tSSAt3uuBhlaT5vXXac6rz7qy+4d54xTzxWZnmvgG3pWjaqZ84P8aqz72m6TQR0z1FKVgQkAXvnYunM6BXTzN5Osnr2rz68d4ONUWkldGnDmrIIMo7rxJTeMbCjCqTKMyaTamtAE+Vg3KQldbCOys6HEp+irelZkKdat+VcQ== mobrien@fedoraproject.org + diff --git a/files/communishift/haproxy.cfg b/files/communishift/haproxy.cfg deleted file mode 100644 index c13c168185..0000000000 --- a/files/communishift/haproxy.cfg +++ /dev/null @@ -1,95 +0,0 @@ -# this config needs haproxy-1.1.28 or haproxy-1.2.1 - -global - log 127.0.0.1 local0 warning - maxconn 4096 - chroot /var/lib/haproxy - user haproxy - group haproxy - daemon - stats socket /var/run/haproxy-stat user haproxy group nrpe mode 0664 - stats socket /var/run/haproxy-admin level admin user root group root mode 0660 - #debug - #quiet - -defaults - log global - mode tcp - option tcplog - option dontlognull - option httpclose - option redispatch - retries 3 - maxconn 5000 - timeout connect 5s - timeout client 500s - timeout server 500s - -frontend stats-frontend - mode http - option httplog - bind 0.0.0.0:8080 - default_backend stats-backend - -backend stats-backend - mode http - option httplog - balance hdr(appserver) - stats enable - stats uri / - -frontend os-masters-kapi - mode tcp - bind 0.0.0.0:6443 - default_backend os-masters-backend-kapi - -backend os-masters-backend-kapi - mode tcp - server os-node01.fedorainfracloud.org os-node01.fedorainfracloud.org:6443 weight 1 maxconn 16384 check - server os-node02.fedorainfracloud.org os-node02.fedorainfracloud.org:6443 weight 1 maxconn 16384 check - server os-node09.fedorainfracloud.org os-node09.fedorainfracloud.org:6443 weight 1 maxconn 16384 check -# temp bootstrap node - server os-node11.fedorainfracloud.org os-node11.fedorainfracloud.org:6443 weight 1 maxconn 16384 check - -frontend os-masters-machineconfig - mode tcp - bind 0.0.0.0:22623 - default_backend os-masters-backend-machineconfig - -backend os-masters-backend-machineconfig - mode tcp - server os-node01.fedorainfracloud.org os-node01.fedorainfracloud.org:22623 weight 1 maxconn 16384 check - server os-node02.fedorainfracloud.org os-node02.fedorainfracloud.org:22623 weight 1 maxconn 16384 check - server os-node09.fedorainfracloud.org os-node09.fedorainfracloud.org:22623 weight 1 maxconn 16384 check -# temp bootstrap node - server os-node11.fedorainfracloud.org os-node11.fedorainfracloud.org:22623 weight 1 maxconn 16384 check - -frontend os-routers-https - mode tcp - bind 0.0.0.0:443 - default_backend os-routers-https - -backend os-routers-https - server os-node03.fedorainfracloud.org os-node03.fedorainfracloud.org:443 weight 1 maxconn 16384 check - server os-node04.fedorainfracloud.org os-node04.fedorainfracloud.org:443 weight 1 maxconn 16384 check - server os-node05.fedorainfracloud.org os-node05.fedorainfracloud.org:443 weight 1 maxconn 16384 check - server os-node06.fedorainfracloud.org os-node06.fedorainfracloud.org:443 weight 1 maxconn 16384 check - server os-node07.fedorainfracloud.org os-node07.fedorainfracloud.org:443 weight 1 maxconn 16384 check - server os-node08.fedorainfracloud.org os-node08.fedorainfracloud.org:443 weight 1 maxconn 16384 check - server os-node10.fedorainfracloud.org os-node10.fedorainfracloud.org:443 weight 1 maxconn 16384 check - server os-node11.fedorainfracloud.org os-node11.fedorainfracloud.org:443 weight 1 maxconn 16384 check - -frontend os-routers-http - mode tcp - bind 0.0.0.0:80 - default_backend os-routers-http - -backend os-routers-http - server os-node03.fedorainfracloud.org os-node03.fedorainfracloud.org:80 weight 1 maxconn 16384 check - server os-node04.fedorainfracloud.org os-node04.fedorainfracloud.org:80 weight 1 maxconn 16384 check - server os-node05.fedorainfracloud.org os-node05.fedorainfracloud.org:80 weight 1 maxconn 16384 check - server os-node06.fedorainfracloud.org os-node06.fedorainfracloud.org:80 weight 1 maxconn 16384 check - server os-node07.fedorainfracloud.org os-node07.fedorainfracloud.org:80 weight 1 maxconn 16384 check - server os-node08.fedorainfracloud.org os-node08.fedorainfracloud.org:80 weight 1 maxconn 16384 check - server os-node10.fedorainfracloud.org os-node10.fedorainfracloud.org:80 weight 1 maxconn 16384 check - server os-node11.fedorainfracloud.org os-node11.fedorainfracloud.org:80 weight 1 maxconn 16384 check diff --git a/files/communishift/objects/README.md b/files/communishift/objects/README.md deleted file mode 100644 index ce226fd82f..0000000000 --- a/files/communishift/objects/README.md +++ /dev/null @@ -1,28 +0,0 @@ -Instructions ------------- - -The files in this directory are the configuration files for communishift to be applied. - -For OIDC auth, get the client secret for "communishift" from ansible-private/files/ipsilon/openidc.production.static, and run: -> oc create secret generic fedoraidp-clientsecret --from-literal=clientSecret= -n openshift-config - -For certificates, first install [cert-manager](https://docs.cert-manager.io/en/release-0.10/) -NOTE: The 0.11 version is buggy, as is the operator hub '1.0' version. Use 0.10 unless you want -to spend a lot of time debugging. - -Next create the Issuer object. You may need to wait a minute or two for the cert-manager install -to complete and have all pods up. -To do this, first create a new access key ID and secret key in AWS for the communishift_acme_dns01 user, and update issuer.yml with the access key ID and then create a secret with the private access key -> oc create -f issuer.yml -> oc -n cert-manager create secret generic route53-access-key-secret --from-literal=access-key=THEACCESSKEY -This gives it the ability to create a TXT record for acmechallenges.fedorainfracloud.org. -To allow certificates for other hostnames, those hostnames need a CNAME of "_acme-challenge." pointing to "acmechallenges.fedorainfracloud.org". - -After that, create the two certificate requests for the API server and ingress default cert: -> oc -n openshift-config create -f cert_api.yml -> oc -n openshift-ingress create -f cert_apps.yml -This will start the request of the certificates. -Then run the following commands to update the ingress router (will take affect after its restart) and API server with their new certs: - -> oc patch apiserver cluster --type=merge -p '{"spec": {"servingCerts": {"namedCertificates": {"names": "api.os.fedorainfracloud.org"}, "servingCertificate": {"name": "api-certificate"}}}}' -> oc patch ingresscontroller.operator default --type=merge -p '{"spec":{"defaultCertificate": {"name": "apps-certificate"}}}' -n openshift-ingress-operator diff --git a/files/communishift/objects/cert_api.yml b/files/communishift/objects/cert_api.yml deleted file mode 100644 index 44d6ff6ed0..0000000000 --- a/files/communishift/objects/cert_api.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: Certificate -metadata: - name: api-certificate - namespace: openshift-config -spec: - secretName: api-certificate - renewBefore: 360h # 15d - commonName: api.os.fedorainfracloud.org - dnsNames: - - 'api.os.fedorainfracloud.org' - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer diff --git a/files/communishift/objects/cert_apps.yml b/files/communishift/objects/cert_apps.yml deleted file mode 100644 index a449378e9e..0000000000 --- a/files/communishift/objects/cert_apps.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: Certificate -metadata: - name: apps-certificate - namespace: openshift-ingress -spec: - secretName: apps-certificate - renewBefore: 360h # 15d - commonName: apps.os.fedorainfracloud.org - dnsNames: - - '*.apps.os.fedorainfracloud.org' - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer diff --git a/files/communishift/objects/issuer.yml b/files/communishift/objects/issuer.yml deleted file mode 100644 index df3870916a..0000000000 --- a/files/communishift/objects/issuer.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: letsencrypt-production -spec: - acme: - email: admin@fedoraproject.org - server: https://acme-v02.api.letsencrypt.org/directory - privateKeySecretRef: - name: letsencrypt-production-account-key - solvers: - - dns01: - cnameStrategy: Follow - route53: - region: us-east-1 - accessKeyID: THEACCESSKEYID - secretAccessKeySecretRef: - namespace: cert-manager - name: route53-access-key-secret - key: access-key - hostedZoneID: Z2MFECC8O90CBA diff --git a/files/communishift/objects/machineconfigs/README.md b/files/communishift/objects/machineconfigs/README.md deleted file mode 100644 index 20cc85edd5..0000000000 --- a/files/communishift/objects/machineconfigs/README.md +++ /dev/null @@ -1,12 +0,0 @@ -MachineConfig files -------------------- - -The files in this directory are used as machineconfig files for communishift. -Note that they're template files: some changes will need to be made before "oc create -f". - -Specifically: -- The templates have two "DOBOTH" replacements. You want to create the file twice, - once with both DOBOTH cases replaced with "master" and once replaced with "worker". -- The mc_firewall.yml.template has a bit FILL_IN_HERE. Run "./to_data.sh firewall.sh", - and copy the output from that script into the FILL_IN_HERE bit in the MC. - Then run that MC twice as per the previous point (master and worker). diff --git a/files/communishift/objects/machineconfigs/firewall.sh b/files/communishift/objects/machineconfigs/firewall.sh deleted file mode 100644 index 0cea10a4c9..0000000000 --- a/files/communishift/objects/machineconfigs/firewall.sh +++ /dev/null @@ -1,10 +0,0 @@ -set -xe - -iptables -N fedora-block-ports -iptables -A fedora-block-ports -p tcp --dport 111 -j REJECT -iptables -A fedora-block-ports -p udp --dport 111 -j REJECT -iptables -A fedora-block-ports -p tcp --dport 22623 --src 38.145.48.42 -j ACCEPT -iptables -A fedora-block-ports -p tcp --dport 22623 --src 38.145.48.43 -j ACCEPT -iptables -A fedora-block-ports -p tcp --dport 22623 -j REJECT - -iptables -I INPUT 1 -j fedora-block-ports diff --git a/files/communishift/objects/machineconfigs/mc_chrony.yml.template b/files/communishift/objects/machineconfigs/mc_chrony.yml.template deleted file mode 100644 index 7ef78dc2bc..0000000000 --- a/files/communishift/objects/machineconfigs/mc_chrony.yml.template +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: machineconfiguration.openshift.io/v1 -kind: MachineConfig -metadata: - generation: 1 - name: 50-chrony-DOBOTH - labels: - machineconfiguration.openshift.io/role: DOBOTH -spec: - config: - ignition: - version: "2.2.0" - storage: - files: - - contents: - source: "data:,server%20cloud-noc01.fedorainfracloud.org%20port%20124" - verification: {} - filesystem: root - mode: 0644 - path: /etc/chrony.conf diff --git a/files/communishift/objects/machineconfigs/mc_firewall.yml.template b/files/communishift/objects/machineconfigs/mc_firewall.yml.template deleted file mode 100644 index 6dfc994716..0000000000 --- a/files/communishift/objects/machineconfigs/mc_firewall.yml.template +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: machineconfiguration.openshift.io/v1 -kind: MachineConfig -metadata: - generation: 1 - name: 40-firewall-DOBOTH - labels: - machineconfiguration.openshift.io/role: DOBOTH -spec: - config: - ignition: - version: "2.2.0" - storage: - files: - - path: /etc/fedora_firewall.sh - mode: 0755 - filesystem: root - contents: - source: "FILL_IN_HERE" - systemd: - units: - - name: "fedora_firewall.service" - enabled: true - contents: |- - [Unit] - Descrption=Block firewall ports for Fedora - - [Service] - Type=oneshot - ExecStart=bash /etc/fedora_firewall.sh - - [Install] - WantedBy=multi-user.target diff --git a/files/communishift/objects/machineconfigs/to_data.sh b/files/communishift/objects/machineconfigs/to_data.sh deleted file mode 100755 index 0e27d3bab4..0000000000 --- a/files/communishift/objects/machineconfigs/to_data.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -echo -n "data:," -cat $1 | tr '\n' '*' | sed -e 's/*/%0A/g' | sed -e 's/ /%20/g' -echo diff --git a/files/communishift/objects/oidc_cm.yml b/files/communishift/objects/oidc_cm.yml deleted file mode 100644 index d4d7c5e06b..0000000000 --- a/files/communishift/objects/oidc_cm.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -apiVersion: config.openshift.io/v1 -kind: OAuth -metadata: - name: cluster -spec: - identityProviders: - - name: fedoraidp - login: true - challenge: false - mappingMethod: claim - type: OpenID - openID: - clientID: communishift - clientSecret: - name: fedoraidp-clientsecret - extraScopes: - - email - - profile - claims: - preferredUsername: - - nickname - name: - - name - email: - - email - issuer: https://id.fedoraproject.org diff --git a/files/debuginfod/debuginfod.service.d b/files/debuginfod/debuginfod.service.d deleted file mode 100644 index 019a2effc2..0000000000 --- a/files/debuginfod/debuginfod.service.d +++ /dev/null @@ -1,10 +0,0 @@ -[Service] -TasksMax=40 -CPUAccounting=yes -IOAccounting=yes -IPAccounting=yes -BlockIOAccounting=yes -MemoryAccounting=yes -TasksAccounting=yes -ConditionPathExists=/mnt/fedora_koji_prod/koji/packages - diff --git a/files/debuginfod/sysconfig.debuginfod b/files/debuginfod/sysconfig.debuginfod deleted file mode 100644 index 4abb6db636..0000000000 --- a/files/debuginfod/sysconfig.debuginfod +++ /dev/null @@ -1,18 +0,0 @@ -# -DEBUGINFOD_PORT="8002" -#DEBUGINFOD_VERBOSE="-vv" - -DEBUGINFOD_PATHS="--cors --fdcache-mintmp=15 --fdcache-mbs=100000 --fdcache-prefetch-fds=1024 -t43200 -g604800 -C20 -c6 -vv -r --koji-sigcache -R /mnt/fedora_koji_prod/koji/packages -X /data/ -I \.(module_f|fc)(35|36|37|38|39|4.)[.+].*\.rpm" - -# to age old fedoras, change the -I regex - -# prefer reliability/durability over performance -#DEBUGINFOD_PRAGMAS="-D 'pragma synchronous=full;'" - -# upstream debuginfods -#DEBUGINFOD_URLS="http://secondhost:8002 http://thirdhost:8002" -#DEBUGINFOD_TIMEOUT="5" -#DEBUGINFOD_CACHE_DIR="" - -# Don't use tmpfs /tmp on scarce-RAM machine. -TMPDIR=/var/tmp diff --git a/files/download/download-sync.cron b/files/download/download-sync.cron index 828f810d06..90e771163b 100644 --- a/files/download/download-sync.cron +++ b/files/download/download-sync.cron @@ -1,4 +1,4 @@ # run twice daily rsync of download. but lock it -MAILTO=root@fedoraproject.org +MAILTO=smooge@gmail.com,root@fedoraproject.org 00 11,23 * * * root /usr/local/bin/lock-wrapper sync-up-downloads "/usr/local/bin/sync-up-downloads" diff --git a/files/download/download-sync.cron.cc-rdu01 b/files/download/download-sync.cron.cc-rdu01 deleted file mode 100644 index 0c6b11453c..0000000000 --- a/files/download/download-sync.cron.cc-rdu01 +++ /dev/null @@ -1,5 +0,0 @@ -# Run quick mirror fedora every 10minutes -MAILTO=root@fedoraproject.org -*/10 * * * * root flock -n -E0 /tmp/download-sync -c '/root/quick-fedora-mirror/quick-fedora-mirror -c /root/quick-fedora-mirror.conf' -## Need to run this to keep centos mirror up to date. -00 1,7,13,19 * * * root /usr/local/bin/lock-wrapper sync-up-downloads "/usr/local/bin/sync-up-centos" diff --git a/files/download/download-sync.cron.ib01 b/files/download/download-sync.cron.ib01 index b9bd80558d..17d8cfeb79 100644 --- a/files/download/download-sync.cron.ib01 +++ b/files/download/download-sync.cron.ib01 @@ -1,4 +1,2 @@ # Run quick mirror fedora every 10minutes */10 * * * * root flock -n -E0 /tmp/download-sync -c '/root/quick-fedora-mirror/quick-fedora-mirror -c /root/quick-fedora-mirror/quick-fedora-mirror.conf' -## Need to run this to keep centos mirror up to date. -00 1,7,13,19 * * * root /usr/local/bin/lock-wrapper sync-up-downloads "/usr/local/bin/sync-up-centos" diff --git a/files/download/sync-up-centos.sh.cc-rdu01 b/files/download/sync-up-centos.sh.cc-rdu01 deleted file mode 100644 index 380f54671c..0000000000 --- a/files/download/sync-up-centos.sh.cc-rdu01 +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash - -## -## This script is used to sync data from main download servers to -## secondary server at RDU community cage. -## - -RSYNC='/usr/bin/rsync' -RS_OPT="-avSHP --numeric-ids --log-file=/var/log/rsync-update.log" -RS_DEADLY="--delete --delete-excluded --delete-delay --delay-updates" -EPL_EXCLUDES="" -FED_EXCLUDES="" - -# CentOS -${RSYNC} ${RS_OPT} ${RS_DEADLY} master-1.centos.org::CentOS-community-cage/centos/ /srv/centos/ | tail -n2 | logger -p local0.notice -t rsync_centos -if [[ $? -ne 0 ]]; then - echo "Unable to finish sync to CentOS" -fi -# CentOS-altarch -${RSYNC} ${RS_OPT} ${RS_DEADLY} master-1.centos.org::CentOS-community-cage/altarch/ /srv/centos-altarch/ | tail -n2 | logger -p local0.notice -t rsync_centos_alt -if [[ $? -ne 0 ]]; then - echo "Unable to finish sync to CentOS-altarch" -fi - -${RSYNC} ${RS_OPT} ${RS_DEADLY} rsync.stream.centos.org::CentOS-Stream-All/ /srv/centos-stream/ | tail -n2 | logger -p local0.notice -t rsync_centos_stream -if [[ $? -ne 0 ]]; then - echo "Unable to finish sync to CentOS-stream" -fi diff --git a/files/download/sync-up-centos.sh.ib01 b/files/download/sync-up-centos.sh.ib01 deleted file mode 100644 index b824e082fe..0000000000 --- a/files/download/sync-up-centos.sh.ib01 +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash - -## -## This script is used to sync data from main download servers to -## secondary server at ibiblio. -## - -RSYNC='/usr/bin/rsync' -RS_OPT="-avSHP --numeric-ids --log-file=/var/log/rsync-update.log" -RS_DEADLY="--delete --delete-excluded --delete-delay --delay-updates" -EPL_EXCLUDES="" -FED_EXCLUDES="" - -# CentOS -${RSYNC} ${RS_OPT} ${RS_DEADLY} download-cc-rdu01.fedoraproject.org::centos/ /srv/centos/ | tail -n2 | logger -p local0.notice -t rsync_centos -if [[ $? -ne 0 ]]; then - echo "Unable to finish sync to CentOS" -fi -# CentOS-altarch -${RSYNC} ${RS_OPT} ${RS_DEADLY} download-cc-rdu01.fedoraproject.org::centos-altarch/ /srv/centos-altarch/ | tail -n2 | logger -p local0.notice -t rsync_centos_alt -if [[ $? -ne 0 ]]; then - echo "Unable to finish sync to CentOS-altarch" -fi - -${RSYNC} ${RS_OPT} ${RS_DEADLY} rsync.stream.centos.org::CentOS-Stream-All/ /srv/centos-stream/ | tail -n2 | logger -p local0.notice -t rsync_centos_stream -if [[ $? -ne 0 ]]; then - echo "Unable to finish sync to CentOS-stream" -fi diff --git a/files/download/sync-up-downloads.sh.cc-rdu01 b/files/download/sync-up-downloads.sh.cc-rdu01 deleted file mode 100755 index a95b2dce83..0000000000 --- a/files/download/sync-up-downloads.sh.cc-rdu01 +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash - -## -## This script is used to sync data from main download servers to -## secondary server at RDU community cage. -## - -RSYNC='/usr/bin/rsync' -RS_OPT="-avSHP --numeric-ids --log-file=/var/log/rsync-update.log" -RS_DEADLY="--delete --delete-excluded --delete-delay --delay-updates" -EPL_EXCLUDES="" -FED_EXCLUDES="" - -SERVER=download-ib01.fedoraproject.org - -# http://dl.fedoraproject.org/pub/epel/ -${RSYNC} ${RS_OPT} ${RS_DEADLY} ${EPL_EXCLUDES} ${SERVER}::fedora-epel/ /srv/pub/epel/ | tail -n2 | logger -p local0.notice -t rsync_updates_epel -if [[ $? -ne 0 ]]; then - echo "Unable to finish sync to epel" -fi - -# http://dl.fedoraproject.org/pub/fedora/ -${RSYNC} ${RS_OPT} ${RS_DEADLY} ${FED_EXCLUDES} ${SERVER}::fedora-enchilada0/ /srv/pub/fedora/ | tail -n2 | logger -p local0.notice -t rsync_updates_fedora -if [[ $? -ne 0 ]]; then - echo "Unable to finish sync to fedora" -fi -# http://dl.fedoraproject.org/pub/fedora-secondary/ -${RSYNC} ${RS_OPT} ${RS_DEADLY} ${FED_EXCLUDES} ${SERVER}::fedora-secondary0/ /srv/pub/fedora-secondary/ | tail -n2 | logger -p local0.notice -t rsync_updates_fedora_2nd -if [[ $? -ne 0 ]]; then - echo "Unable to finish sync to fedora-secondary" -fi - - -# Let MM know I'm all up to date -#/usr/bin/report_mirror diff --git a/files/download/sync-up-downloads.sh.ib01 b/files/download/sync-up-downloads.sh.ib01 index fa2c3e64cc..dde40cf266 100755 --- a/files/download/sync-up-downloads.sh.ib01 +++ b/files/download/sync-up-downloads.sh.ib01 @@ -6,7 +6,7 @@ ## RSYNC='/usr/bin/rsync' -RS_OPT="-avSHP --numeric-ids" +RS_OPT="-avSHP --numeric-ids " RS_DEADLY="--delete --delete-excluded --delete-delay --delay-updates" ALT_EXCLUDES="" EPL_EXCLUDES="" @@ -55,12 +55,12 @@ function sync_stuff() { fi } + sync_stuff ${DATE_EPEL} rsync_epel fedora-epel0 /srv/pub/epel/ "-e" sync_stuff ${DATE_FED} rsync_fedora fedora-enchilada0 /srv/pub/fedora/ "-f" sync_stuff ${DATE_ARCHIVE} rsync_archive fedora-archive0 /srv/pub/archive/ "-f" sync_stuff ${DATE_ALT} rsync_alt fedora-alt0 /srv/pub/alt/ "-f" sync_stuff ${DATE_SECOND} rsync_second fedora-secondary0 /srv/pub/fedora-secondary/ "-f" - # Let MM know I'm all up to date #/usr/bin/report_mirror diff --git a/files/fedora-cloud/fed-cloud09.pem b/files/fedora-cloud/fed-cloud09.pem new file mode 100644 index 0000000000..addcb6cadc --- /dev/null +++ b/files/fedora-cloud/fed-cloud09.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID2DCCAsACCQCxRWmzwjSj6TANBgkqhkiG9w0BAQUFADCBrTELMAkGA1UEBhMC +VVMxCzAJBgNVBAgMAk5NMRAwDgYDVQQHDAdSYWxlaWdoMRAwDgYDVQQKDAdSZWQg +SGF0MRcwFQYDVQQLDA5GZWRvcmEgUHJvamVjdDEsMCoGA1UEAwwjZmVkLWNsb3Vk +MDkuY2xvdWQuZmVkb3JhcHJvamVjdC5vcmcxJjAkBgkqhkiG9w0BCQEWF2FkbWlu +QGZlZG9yYXByb2plY3Qub3JnMB4XDTE0MDkxODEwMjMxMloXDTE1MDkxODEwMjMx +Mlowga0xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOTTEQMA4GA1UEBwwHUmFsZWln +aDEQMA4GA1UECgwHUmVkIEhhdDEXMBUGA1UECwwORmVkb3JhIFByb2plY3QxLDAq +BgNVBAMMI2ZlZC1jbG91ZDA5LmNsb3VkLmZlZG9yYXByb2plY3Qub3JnMSYwJAYJ +KoZIhvcNAQkBFhdhZG1pbkBmZWRvcmFwcm9qZWN0Lm9yZzCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBALFOYDRhow6sEyCvm4jNlIAxs9vYDF07q3sEHzVj +zXy0NNlUgZPRCijWFyHRDwy383f7ZtRlqVCGXxm4l8ltQUU+jmXcnIY1xY2A1TPv +nWv+f1dGSv+SfWGAjqgwyajr6wyPAOnpwui2v03/xalAx6Xl7padfdlAEsNjAvNb +5uZkW7DLlDu3jSIroDSKsJUQW9kc1elT90W0mNgw3MpFA5zdj0QRxi2JpBth6PeT +CewN4r7QZ5cP4EzfHMLKT21kJzm+j5jlaQEak4yKWDEeLh4+RxgTnmss4zYKTUit +7H+j9KaxqVsneB8Sg7EtVnXafYLrSlr9fwOV5DWklLzvjBMCAwEAATANBgkqhkiG +9w0BAQUFAAOCAQEAHToeNGFaGlybHICw1ncLCmdu6vikPPn/UShfS25U54Q9eIMn +zqlhbbEyzuF4wKjV35W0BORWKJ+hQ2vpfk21jUMVOsdl7IMEXtIWotfO17ufWM28 +zhwcPAlrs/Pr5dF7ihbOGKAHhEYVopSH8OTFayAQKWWKGv52lZsgwfrnDDu0TjIo +zmhCEmOWZf+CeEWT/AP7BJ6g4Apz9grUmaRvaQGft5y5sGC8tsV0im/C9WaMfVhF +wemG2KcOuKJDXtvd7DHNBoHcDrB1cN1i0uKhj0nxXsXpeag9Xh4BmkgHMU8rnegK +q7hOy15qVU/lOBZUtfx69aYHPpOGJ7Jc1xFIiQ== +-----END CERTIFICATE----- diff --git a/files/fedora-cloud/fed09-ssh-key.pub b/files/fedora-cloud/fed09-ssh-key.pub new file mode 100644 index 0000000000..92ed6f374e --- /dev/null +++ b/files/fedora-cloud/fed09-ssh-key.pub @@ -0,0 +1,2 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCv8WqXOuL78Rd7ZvDqoi84M7uRV3uueXTXtvlPdyNQBzIBmxh+spw9IhtoR+FlzgQQ1MN4B7YVLTGki6QDxWDM5jgTVfzxTh/HTg7kJ31HbM1/jDuBK7HMfay2BGx/HCqS2oxIBgIBwIMQAU93jBZUxNyYWvO+5TiU35IHEkYOtHyGYtTtuGCopYRQoAAOIVIIzzDbPvopojCBF5cMYglR/G02YgWM7hMpQ9IqEttLctLmpg6ckcp/sDTHV/8CbXbrSN6pOYxn1YutOgC9MHNmxC1joMH18qkwvSnzXaeVNh4PBWnm1f3KVTSZXKuewPThc3fk2sozgM9BH6KmZoKl + diff --git a/files/fedora-cloud/fed_cloud09_nova_public_key b/files/fedora-cloud/fed_cloud09_nova_public_key new file mode 100644 index 0000000000..4aa7d68948 --- /dev/null +++ b/files/fedora-cloud/fed_cloud09_nova_public_key @@ -0,0 +1 @@ +{{fed_cloud09_nova_public_key}} diff --git a/files/fedora-cloud/fedora-admin-20130801.pub b/files/fedora-cloud/fedora-admin-20130801.pub new file mode 100644 index 0000000000..3b5454d539 --- /dev/null +++ b/files/fedora-cloud/fedora-admin-20130801.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1sBKROSJ3rzI0IlBkM926Dvpiw3a4wYSys0ZeKRohWZg369ilZkUkRhsy0g4JU85lt6rxf5JLwURF+fWBEohauF1Uvklc25LdZpRS3IBQPaXvWeM8lygQQomFc0Df6iUbCYFWnEWMjKd7FGYX3DgOZLnG8tV2vX7jFjqitsh5LRAbmghUBRarw/ix4CFx7+VIeKCBkAybviQIW828N1IqJC6/e7v6/QStpblYpCFPqMflXhQ/KS2D043Yy/uUjmOjMWwOMFS6Qk+py1C0mDU0TUptFYwDP5o9IK/c5HaccmOl2IyUPB1/RCtTfOn6wXPRTMUU+5w+TcPH6MPvvuiSQ== root@lockbox01.phx2.fedoraproject.org diff --git a/files/fedora-cloud/haproxy.cfg b/files/fedora-cloud/haproxy.cfg new file mode 100644 index 0000000000..8548645e9a --- /dev/null +++ b/files/fedora-cloud/haproxy.cfg @@ -0,0 +1,135 @@ +#--------------------------------------------------------------------- +# Example configuration for a possible web application. See the +# full configuration options online. +# +# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt +# +#--------------------------------------------------------------------- + +#--------------------------------------------------------------------- +# Global settings +#--------------------------------------------------------------------- +global + # to have these messages end up in /var/log/haproxy.log you will + # need to: + # + # 1) configure syslog to accept network log events. This is done + # by adding the '-r' option to the SYSLOGD_OPTIONS in + # /etc/sysconfig/syslog + # + # 2) configure local2 events to go to the /var/log/haproxy.log + # file. A line like the following can be added to + # /etc/sysconfig/syslog + # + # local2.* /var/log/haproxy.log + # + log 127.0.0.1 local2 + + chroot /var/lib/haproxy + pidfile /var/run/haproxy.pid + maxconn 4000 + user haproxy + group haproxy + daemon + + # turn on stats unix socket + stats socket /var/lib/haproxy/stats + + tune.ssl.default-dh-param 1024 + ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK + + +#--------------------------------------------------------------------- +# common defaults that all the 'listen' and 'backend' sections will +# use if not designated in their block +#--------------------------------------------------------------------- +defaults + mode http + log global + option httplog + option dontlognull + option http-server-close + option forwardfor except 127.0.0.0/8 + option redispatch + retries 3 + timeout http-request 10s + timeout queue 1m + timeout connect 10s + timeout client 1m + timeout server 1m + timeout http-keep-alive 10s + timeout check 10s + maxconn 3000 + +#frontend keystone_public *:5000 +# default_backend keystone_public +#frontend keystone_admin *:35357 +# default_backend keystone_admin +frontend neutron + bind 0.0.0.0:9696 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/fedorainfracloud.org.combined + default_backend neutron + # HSTS (15768000 seconds = 6 months) + rspadd Strict-Transport-Security:\ max-age=15768000 + +frontend cinder + bind 0.0.0.0:8776 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/fedorainfracloud.org.combined + default_backend cinder + # HSTS (15768000 seconds = 6 months) + rspadd Strict-Transport-Security:\ max-age=15768000 + +frontend swift + bind 0.0.0.0:8080 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/fedorainfracloud.org.combined + default_backend swift + # HSTS (15768000 seconds = 6 months) + rspadd Strict-Transport-Security:\ max-age=15768000 + +frontend nova + bind 0.0.0.0:8774 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/fedorainfracloud.org.combined + default_backend nova + # HSTS (15768000 seconds = 6 months) + rspadd Strict-Transport-Security:\ max-age=15768000 + +frontend ceilometer + bind 0.0.0.0:8777 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/fedorainfracloud.org.combined + default_backend ceilometer + # HSTS (15768000 seconds = 6 months) + rspadd Strict-Transport-Security:\ max-age=15768000 + +frontend ec2 + bind 0.0.0.0:8773 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/fedorainfracloud.org.combined + default_backend ec2 + # HSTS (15768000 seconds = 6 months) + rspadd Strict-Transport-Security:\ max-age=15768000 + +frontend glance + bind 0.0.0.0:9292 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/fedorainfracloud.org.combined + default_backend glance + # HSTS (15768000 seconds = 6 months) + rspadd Strict-Transport-Security:\ max-age=15768000 + +backend neutron + server neutron 127.0.0.1:8696 check + +backend cinder + server cinder 127.0.0.1:6776 check + +backend swift + server swift 127.0.0.1:7080 check + +backend nova + server nova 127.0.0.1:6774 check + +backend ceilometer + server ceilometer 127.0.0.1:6777 check + +backend ec2 + server ec2 127.0.0.1:6773 check + +backend glance + server glance 127.0.0.1:7292 check + +backend keystone_public + server keystone_public 127.0.0.1:5000 check + +backend keystone_admin + server keystone_admin 127.0.0.1:35357 check diff --git a/files/fedora-cloud/hosts b/files/fedora-cloud/hosts new file mode 100644 index 0000000000..ef76e1dad2 --- /dev/null +++ b/files/fedora-cloud/hosts @@ -0,0 +1,24 @@ +127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 +::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 + +# http://docs.openstack.org/icehouse/install-guide/install/yum/content/basics-neutron-networking-controller-node.html +# controller +{{ controller_public_ip }} controller + +# network +{{ network_public_ip }} network + +# compute1 +{{ compute1_private_ip }} fed-cloud10.cloud.fedoraproject.org +{{ compute2_private_ip }} fed-cloud11.cloud.fedoraproject.org +{{ compute3_private_ip }} fed-cloud12.cloud.fedoraproject.org +{{ compute4_private_ip }} fed-cloud13.cloud.fedoraproject.org +{{ compute5_private_ip }} fed-cloud14.cloud.fedoraproject.org +{{ compute6_private_ip }} fed-cloud15.cloud.fedoraproject.org +# +# This is needed for 2fa to work correctly. +# +209.132.181.6 infrastructure infrastructure.fedoraproject.org +209.132.181.32 fas-all.phx2.fedoraproject.org + +{{ controller_private_ip }} fed-cloud09.cloud.fedoraproject.org fedorainfracloud.org diff --git a/files/fedora-cloud/ifcfg-br-ex b/files/fedora-cloud/ifcfg-br-ex new file mode 100644 index 0000000000..c05f74eb50 --- /dev/null +++ b/files/fedora-cloud/ifcfg-br-ex @@ -0,0 +1,9 @@ +DEVICE=br-ex +DEVICETYPE=ovs +TYPE=OVSBridge +BOOTPROTO=static +IPADDR={{ network_public_ip }} +NETMASK={{ public_netmask }} # your netmask +GATEWAY={{ public_gateway_ip }} # your gateway +DNS1={{ public_dns }} # your nameserver +ONBOOT=yes diff --git a/files/fedora-cloud/ifcfg-eth0 b/files/fedora-cloud/ifcfg-eth0 new file mode 100644 index 0000000000..4c91be4c88 --- /dev/null +++ b/files/fedora-cloud/ifcfg-eth0 @@ -0,0 +1,8 @@ +DEVICE="eth0" +NAME="eth0" +ONBOOT=yes +BOOTPROTO=none +HWADDR="f0:1f:af:e3:5f:0c" +DEVICETYPE=ovs +TYPE=OVSPort +OVS_BRIDGE=br-ex diff --git a/files/fedora-cloud/keystonerc_msuchy b/files/fedora-cloud/keystonerc_msuchy new file mode 100644 index 0000000000..5c6ed9c936 --- /dev/null +++ b/files/fedora-cloud/keystonerc_msuchy @@ -0,0 +1,5 @@ +export OS_USERNAME=msuchy +export OS_TENANT_NAME=copr +export OS_PASSWORD=TBD +export OS_AUTH_URL=http://209.132.184.9:5000/v2.0/ +export PS1='[\u@\h \W(keystone_msuchy)]\$ ' diff --git a/files/fedora-cloud/my.cnf b/files/fedora-cloud/my.cnf new file mode 100644 index 0000000000..52e69ea61b --- /dev/null +++ b/files/fedora-cloud/my.cnf @@ -0,0 +1,4 @@ +[client] +host=localhost +user=root +password={{ DBPASSWORD }} diff --git a/files/fedora-cloud/nova-ssh-config b/files/fedora-cloud/nova-ssh-config new file mode 100644 index 0000000000..a9ecad07c3 --- /dev/null +++ b/files/fedora-cloud/nova-ssh-config @@ -0,0 +1 @@ +StrictHostKeyChecking no diff --git a/files/fedora-cloud/openstack-nova-novncproxy b/files/fedora-cloud/openstack-nova-novncproxy new file mode 100644 index 0000000000..98c73d8b4b --- /dev/null +++ b/files/fedora-cloud/openstack-nova-novncproxy @@ -0,0 +1,2 @@ +# You may specify other parameters to the nova-novncproxy here +OPTIONS="--novncproxy_host 209.132.184.9 --ssl_only" diff --git a/files/fedora-cloud/packstack-controller-answers.txt b/files/fedora-cloud/packstack-controller-answers.txt new file mode 100644 index 0000000000..08e406e3d7 --- /dev/null +++ b/files/fedora-cloud/packstack-controller-answers.txt @@ -0,0 +1,512 @@ +[general] + +# Path to a Public key to install on servers. If a usable key has not +# been installed on the remote servers the user will be prompted for a +# password and this key will be installed so the password will not be +# required again +CONFIG_SSH_KEY=/root/.ssh/id_rsa.pub + +# Set to 'y' if you would like Packstack to install MySQL +CONFIG_MARIADB_INSTALL=y + +# Set to 'y' if you would like Packstack to install OpenStack Image +# Service (Glance) +CONFIG_GLANCE_INSTALL=y + +# Set to 'y' if you would like Packstack to install OpenStack Block +# Storage (Cinder) +CONFIG_CINDER_INSTALL=y + +# Set to 'y' if you would like Packstack to install OpenStack Compute +# (Nova) +CONFIG_NOVA_INSTALL=y + +# Set to 'y' if you would like Packstack to install OpenStack +# Networking (Neutron) +CONFIG_NEUTRON_INSTALL=y + +# Set to 'y' if you would like Packstack to install OpenStack +# Dashboard (Horizon) +CONFIG_HORIZON_INSTALL=y + +# Set to 'y' if you would like Packstack to install OpenStack Object +# Storage (Swift) +CONFIG_SWIFT_INSTALL=y + +# Set to 'y' if you would like Packstack to install OpenStack +# Metering (Ceilometer) +CONFIG_CEILOMETER_INSTALL=y + +# Set to 'y' if you would like Packstack to install OpenStack +# Orchestration (Heat) +CONFIG_HEAT_INSTALL=n + +# Set to 'y' if you would like Packstack to install the OpenStack +# Client packages. An admin "rc" file will also be installed +CONFIG_CLIENT_INSTALL=y + +# Comma separated list of NTP servers. Leave plain if Packstack +# should not install ntpd on instances. +CONFIG_NTP_SERVERS= + +# Set to 'y' if you would like Packstack to install Nagios to monitor +# OpenStack hosts +CONFIG_NAGIOS_INSTALL=n + +# Comma separated list of servers to be excluded from installation in +# case you are running Packstack the second time with the same answer +# file and don't want Packstack to touch these servers. Leave plain if +# you don't need to exclude any server. +EXCLUDE_SERVERS= + +# Set to 'y' if you want to run OpenStack services in debug mode. +# Otherwise set to 'n'. +CONFIG_DEBUG_MODE=n + +# Set to 'y' if you want to use VMware vCenter as hypervisor and +# storageOtherwise set to 'n'. +CONFIG_VMWARE_BACKEND=n + +# The IP address of the server on which to install MySQL +CONFIG_MARIADB_HOST={{ controller_public_ip }} + +# Username for the MySQL admin user +CONFIG_MARIADB_USER=root + +# Password for the MySQL admin user +CONFIG_MARIADB_PW={{ DBPASSWORD }} + +# Set the server for the AMQP service +CONFIG_AMQP_BACKEND=rabbitmq + +# The IP address of the server on which to install the AMQP service +CONFIG_AMQP_HOST={{ controller_public_ip }} + +# Enable SSL for the AMQP service +CONFIG_AMQP_ENABLE_SSL=n + +# Enable Authentication for the AMQP service +CONFIG_AMQP_ENABLE_AUTH=y + +# The password for the NSS certificate database of the AMQP service +CONFIG_AMQP_NSS_CERTDB_PW={{ CONFIG_AMQP_NSS_CERTDB_PW }} + +# The port in which the AMQP service listens to SSL connections +CONFIG_AMQP_SSL_PORT=5671 + +# The filename of the certificate that the AMQP service is going to +# use +CONFIG_AMQP_SSL_CERT_FILE=/etc/pki/tls/certs/fedorainfracloud.org.pem + +# The filename of the private key that the AMQP service is going to +# use +CONFIG_AMQP_SSL_KEY_FILE=/etc/pki/tls/private/fedorainfracloud.org.key + +# Auto Generates self signed SSL certificate and key +CONFIG_AMQP_SSL_SELF_SIGNED=n + +# User for amqp authentication +CONFIG_AMQP_AUTH_USER=amqp_user + +# Password for user authentication +CONFIG_AMQP_AUTH_PASSWORD={{ CONFIG_AMQP_AUTH_PASSWORD }} + +# The password to use for the Keystone to access DB +CONFIG_KEYSTONE_DB_PW={{ KEYSTONE_DBPASS }} + +# The token to use for the Keystone service api +CONFIG_KEYSTONE_ADMIN_TOKEN={{ ADMIN_TOKEN }} + +# The password to use for the Keystone admin user +CONFIG_KEYSTONE_ADMIN_PW={{ ADMIN_PASS }} + +# The password to use for the Keystone demo user +CONFIG_KEYSTONE_DEMO_PW={{ DEMO_PASS }} + +# Kestone token format. Use either UUID or PKI +CONFIG_KEYSTONE_TOKEN_FORMAT=PKI + +# The password to use for the Glance to access DB +CONFIG_GLANCE_DB_PW={{ GLANCE_DBPASS }} + +# The password to use for the Glance to authenticate with Keystone +CONFIG_GLANCE_KS_PW={{ GLANCE_PASS }} + +# The password to use for the Cinder to access DB +CONFIG_CINDER_DB_PW={{ CINDER_DBPASS }} + +# The password to use for the Cinder to authenticate with Keystone +CONFIG_CINDER_KS_PW={{ CINDER_PASS }} + +# The Cinder backend to use, valid options are: lvm, gluster, nfs, +# vmdk +CONFIG_CINDER_BACKEND=lvm + +# Create Cinder's volumes group. This should only be done for testing +# on a proof-of-concept installation of Cinder. This will create a +# file-backed volume group and is not suitable for production usage. +CONFIG_CINDER_VOLUMES_CREATE=n + +# Cinder's volumes group size. Note that actual volume size will be +# extended with 3% more space for VG metadata. +CONFIG_CINDER_VOLUMES_SIZE=5G + +# A single or comma separated list of gluster volume shares to mount, +# eg: ip-address:/vol-name, domain:/vol-name +CONFIG_CINDER_GLUSTER_MOUNTS= + +# A single or comma seprated list of NFS exports to mount, eg: ip- +# address:/export-name +CONFIG_CINDER_NFS_MOUNTS= + +# The IP address of the VMware vCenter datastore +CONFIG_VCENTER_HOST= + +# The username to authenticate to VMware vCenter datastore +CONFIG_VCENTER_USER= + +# The password to authenticate to VMware vCenter datastore +CONFIG_VCENTER_PASSWORD= + +# A comma separated list of IP addresses on which to install the Nova +# Compute services +CONFIG_COMPUTE_HOSTS={{ controller_public_ip }} + +# The IP address of the server on which to install the Nova Conductor +# service +CONFIG_NOVA_CONDUCTOR_HOST={{ controller_public_ip }} + +# The password to use for the Nova to access DB +CONFIG_NOVA_DB_PW={{ NOVA_DBPASS }} + +# The password to use for the Nova to authenticate with Keystone +CONFIG_NOVA_KS_PW={{ NOVA_PASS }} + +# The overcommitment ratio for virtual to physical CPUs. Set to 1.0 +# to disable CPU overcommitment +CONFIG_NOVA_SCHED_CPU_ALLOC_RATIO=16.0 + +# The overcommitment ratio for virtual to physical RAM. Set to 1.0 to +# disable RAM overcommitment +CONFIG_NOVA_SCHED_RAM_ALLOC_RATIO=1.5 + +# Private interface for Flat DHCP on the Nova compute servers +CONFIG_NOVA_COMPUTE_PRIVIF=lo + +# The list of IP addresses of the server on which to install the Nova +# Nova network manager +CONFIG_NOVA_NETWORK_MANAGER=nova.network.manager.FlatDHCPManager + +# Public interface on the Nova network server +CONFIG_NOVA_NETWORK_PUBIF=eth0 + +# Private interface for network manager on the Nova network server +CONFIG_NOVA_NETWORK_PRIVIF=eth1 + +# IP Range for network manager +CONFIG_NOVA_NETWORK_FIXEDRANGE={{ internal_interface_cidr }} + +# IP Range for Floating IP's +CONFIG_NOVA_NETWORK_FLOATRANGE={{ public_interface_cidr }} + +# Name of the default floating pool to which the specified floating +# ranges are added to +CONFIG_NOVA_NETWORK_DEFAULTFLOATINGPOOL=external + +# Automatically assign a floating IP to new instances +CONFIG_NOVA_NETWORK_AUTOASSIGNFLOATINGIP=n + +# First VLAN for private networks +CONFIG_NOVA_NETWORK_VLAN_START=100 + +# Number of networks to support +CONFIG_NOVA_NETWORK_NUMBER=1 + +# Number of addresses in each private subnet +CONFIG_NOVA_NETWORK_SIZE=255 + +# The IP address of the VMware vCenter server +CONFIG_VCENTER_HOST= + +# The username to authenticate to VMware vCenter server +CONFIG_VCENTER_USER= + +# The password to authenticate to VMware vCenter server +CONFIG_VCENTER_PASSWORD= + +# The name of the vCenter cluster +CONFIG_VCENTER_CLUSTER_NAME= + +# The password to use for Neutron to authenticate with Keystone +CONFIG_NEUTRON_KS_PW={{ NEUTRON_PASS }} + +# The password to use for Neutron to access DB +CONFIG_NEUTRON_DB_PW={{ NEUTRON_DBPASS }} + +# A comma separated list of IP addresses on which to install Neutron +CONFIG_NETWORK_HOSTS={{ controller_public_ip }} + +# The name of the bridge that the Neutron L3 agent will use for +# external traffic, or 'provider' if using provider networks +CONFIG_NEUTRON_L3_EXT_BRIDGE=provider + + +# The name of the L2 plugin to be used with Neutron +CONFIG_NEUTRON_L2_PLUGIN=ml2 + +# A comma separated list of IP addresses on which to install Neutron +# metadata agent +CONFIG_NEUTRON_METADATA_PW={{ NEUTRON_PASS }} + +# Set to 'y' if you would like Packstack to install Neutron LBaaS +CONFIG_LBAAS_INSTALL=y + +# Set to 'y' if you would like Packstack to install Neutron L3 +# Metering agent +CONFIG_NEUTRON_METERING_AGENT_INSTALL=y + +# Whether to configure neutron Firewall as a Service +CONFIG_NEUTRON_FWAAS=y + +# A comma separated list of network type driver entrypoints to be +# loaded from the neutron.ml2.type_drivers namespace. +CONFIG_NEUTRON_ML2_TYPE_DRIVERS=local,flat,gre + +# A comma separated ordered list of network_types to allocate as +# tenant networks. The value 'local' is only useful for single-box +# testing but provides no connectivity between hosts. +CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES=gre + +# A comma separated ordered list of networking mechanism driver +# entrypoints to be loaded from the neutron.ml2.mechanism_drivers +# namespace. +CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS=openvswitch + +# A comma separated list of physical_network names with which flat +# networks can be created. Use * to allow flat networks with arbitrary +# physical_network names. +CONFIG_NEUTRON_ML2_FLAT_NETWORKS=* + +# A comma separated list of :: +# or specifying physical_network names usable for +# VLAN provider and tenant networks, as well as ranges of VLAN tags on +# each available for allocation to tenant networks. +CONFIG_NEUTRON_ML2_VLAN_RANGES= + +# A comma separated list of : tuples enumerating +# ranges of GRE tunnel IDs that are available for tenant network +# allocation. Should be an array with tun_max +1 - tun_min > 1000000 +CONFIG_NEUTRON_ML2_TUNNEL_ID_RANGES=1:1000 + +# Multicast group for VXLAN. If unset, disables VXLAN enable sending +# allocate broadcast traffic to this multicast group. When left +# unconfigured, will disable multicast VXLAN mode. Should be an +# Multicast IP (v4 or v6) address. +CONFIG_NEUTRON_ML2_VXLAN_GROUP= + +# A comma separated list of : tuples enumerating +# ranges of VXLAN VNI IDs that are available for tenant network +# allocation. Min value is 0 and Max value is 16777215. +CONFIG_NEUTRON_ML2_VNI_RANGES= + +# The name of the L2 agent to be used with Neutron +CONFIG_NEUTRON_L2_AGENT=openvswitch + +# The type of network to allocate for tenant networks (eg. vlan, +# local) +CONFIG_NEUTRON_LB_TENANT_NETWORK_TYPE=gre + +# A comma separated list of VLAN ranges for the Neutron linuxbridge +# plugin (eg. physnet1:1:4094,physnet2,physnet3:3000:3999) +CONFIG_NEUTRON_LB_VLAN_RANGES= + +# A comma separated list of interface mappings for the Neutron +# linuxbridge plugin (eg. physnet1:br-eth1,physnet2:br-eth2,physnet3 +# :br-eth3) +CONFIG_NEUTRON_LB_INTERFACE_MAPPINGS= + +# Type of network to allocate for tenant networks (eg. vlan, local, +# gre, vxlan) +CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE=gre + +# A comma separated list of VLAN ranges for the Neutron openvswitch +# plugin (eg. physnet1:1:4094,physnet2,physnet3:3000:3999) +CONFIG_NEUTRON_OVS_VLAN_RANGES=floatnet + +# A comma separated list of bridge mappings for the Neutron +# openvswitch plugin (eg. physnet1:br-eth1,physnet2:br-eth2,physnet3 +# :br-eth3) +CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=floatnet:br-ex + +# A comma separated list of colon-separated OVS bridge:interface +# pairs. The interface will be added to the associated bridge. +CONFIG_NEUTRON_OVS_BRIDGE_IFACES= + +# A comma separated list of tunnel ranges for the Neutron openvswitch +# plugin (eg. 1:1000) +CONFIG_NEUTRON_OVS_TUNNEL_RANGES=1:1000 + +# The interface for the OVS tunnel. Packstack will override the IP +# address used for tunnels on this hypervisor to the IP found on the +# specified interface. (eg. eth1) +CONFIG_NEUTRON_OVS_TUNNEL_IF=eth1 + +# VXLAN UDP port +CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT=4789 + +# To set up Horizon communication over https set this to "y" +CONFIG_HORIZON_SSL=y + +# PEM encoded certificate to be used for ssl on the https server, +# leave blank if one should be generated, this certificate should not +# require a passphrase +CONFIG_SSL_CERT=/etc/pki/tls/certs/fedorainfracloud.org.pem + +# PEM encoded CA certificates from which the certificate chain of the +# # server certificate can be assembled. +CONFIG_SSL_CACHAIN=/etc/pki/tls/certs/fedorainfracloud.org.digicert.pem + +# Keyfile corresponding to the certificate if one was entered +CONFIG_SSL_KEY=/etc/pki/tls/private/fedorainfracloud.key + +# The password to use for the Swift to authenticate with Keystone +CONFIG_SWIFT_KS_PW={{ SWIFT_PASS }} + +# A comma separated list of IP addresses on which to install the +# Swift Storage services, each entry should take the format +# [/dev], for example 127.0.0.1/vdb will install /dev/vdb +# on 127.0.0.1 as a swift storage device(packstack does not create the +# filesystem, you must do this first), if /dev is omitted Packstack +# will create a loopback device for a test setup +CONFIG_SWIFT_STORAGES={{ swift_storages }} + +# Number of swift storage zones, this number MUST be no bigger than +# the number of storage devices configured +CONFIG_SWIFT_STORAGE_ZONES=1 + +# Number of swift storage replicas, this number MUST be no bigger +# than the number of storage zones configured +CONFIG_SWIFT_STORAGE_REPLICAS=1 + +# FileSystem type for storage nodes +CONFIG_SWIFT_STORAGE_FSTYPE=ext4 + +# Shared secret for Swift +CONFIG_SWIFT_HASH={{ SWIFT_HASH }} + +# Size of the swift loopback file storage device +CONFIG_SWIFT_STORAGE_SIZE=2G + +# Whether to provision for demo usage and testing. Note that +# provisioning is only supported for all-in-one installations. +CONFIG_PROVISION_DEMO=n + +# Whether to configure tempest for testing. Note that provisioning is +# only supported for all-in-one installations. +CONFIG_PROVISION_TEMPEST=n + +# The CIDR network address for the floating IP subnet +CONFIG_PROVISION_DEMO_FLOATRANGE= + +# The uri of the tempest git repository to use +CONFIG_PROVISION_TEMPEST_REPO_URI=https://github.com/openstack/tempest.git + +# The revision of the tempest git repository to use +CONFIG_PROVISION_TEMPEST_REPO_REVISION=master + +# Whether to configure the ovs external bridge in an all-in-one +# deployment +CONFIG_PROVISION_ALL_IN_ONE_OVS_BRIDGE=n + +# The password used by Heat user to authenticate against MySQL +CONFIG_HEAT_DB_PW={{ HEAT_DBPASS }} + +# The encryption key to use for authentication info in database +CONFIG_HEAT_AUTH_ENC_KEY={{ HEAT_AUTH_ENC_KEY }} + +# The password to use for the Heat to authenticate with Keystone +CONFIG_HEAT_KS_PW={{ HEAT_PASS }} + +# Set to 'y' if you would like Packstack to install Heat CloudWatch +# API +CONFIG_HEAT_CLOUDWATCH_INSTALL=n + +# Set to 'y' if you would like Packstack to install Heat +# CloudFormation API +CONFIG_HEAT_CFN_INSTALL=n + +# The IP address of the server on which to install Heat CloudWatch +# API service +CONFIG_HEAT_CLOUDWATCH_HOST={{ controller_public_ip }} + +# The IP address of the server on which to install Heat +# CloudFormation API service +CONFIG_HEAT_CFN_HOST={{ controller_public_ip }} + +# The IP address of the management node +CONFIG_CONTROLLER_HOST={{ controller_public_ip }} + +# Secret key for signing metering messages. +CONFIG_CEILOMETER_SECRET={{ CEILOMETER_SECRET }} + +# The password to use for Ceilometer to authenticate with Keystone +CONFIG_CEILOMETER_KS_PW={{ CEILOMETER_PASS }} + +# The IP address of the server on which to install mongodb +CONFIG_MONGODB_HOST=127.0.0.1 + +# The password of the nagiosadmin user on the Nagios server +CONFIG_NAGIOS_PW= + +# To subscribe each server to EPEL enter "y" +CONFIG_USE_EPEL=y + +# A comma separated list of URLs to any additional yum repositories +# to install +CONFIG_REPO= + +# To subscribe each server with Red Hat subscription manager, include +# this with CONFIG_RH_PW +CONFIG_RH_USER= + +# To subscribe each server with Red Hat subscription manager, include +# this with CONFIG_RH_USER +CONFIG_RH_PW= + +# To subscribe each server to Red Hat Enterprise Linux 6 Server Beta +# channel (only needed for Preview versions of RHOS) enter "y" +CONFIG_RH_BETA_REPO=n + +# To subscribe each server with RHN Satellite,fill Satellite's URL +# here. Note that either satellite's username/password or activation +# key has to be provided +CONFIG_SATELLITE_URL= + +# Username to access RHN Satellite +CONFIG_SATELLITE_USER= + +# Password to access RHN Satellite +CONFIG_SATELLITE_PW= + +# Activation key for subscription to RHN Satellite +CONFIG_SATELLITE_AKEY= + +# Specify a path or URL to a SSL CA certificate to use +CONFIG_SATELLITE_CACERT= + +# If required specify the profile name that should be used as an +# identifier for the system in RHN Satellite +CONFIG_SATELLITE_PROFILE= + +# Comma separated list of flags passed to rhnreg_ks. Valid flags are: +# novirtinfo, norhnsd, nopackages +CONFIG_SATELLITE_FLAGS= + +# Specify a HTTP proxy to use with RHN Satellite +CONFIG_SATELLITE_PROXY= + +# Specify a username to use with an authenticated HTTP proxy +CONFIG_SATELLITE_PROXY_USER= + +# Specify a password to use with an authenticated HTTP proxy. +CONFIG_SATELLITE_PROXY_PW= diff --git a/files/fedora-cloud/uninstall.sh b/files/fedora-cloud/uninstall.sh new file mode 100644 index 0000000000..a2d2618494 --- /dev/null +++ b/files/fedora-cloud/uninstall.sh @@ -0,0 +1,32 @@ +# Warning! Dangerous step! Destroys VMs +# if you do know what you are doing feel free to remove the line below to proceed +exit 1 +# also if you really insist to remove VM, uncomment that vgremove near bottom + +for x in $(virsh list --all | grep instance- | awk '{print $2}') ; do + virsh destroy $x ; + virsh undefine $x ; +done ; + +# Warning! Dangerous step! Removes lots of packages, including many +# which may be unrelated to RDO. +yum remove -y nrpe "*openstack*" \ +"*nova*" "*keystone*" "*glance*" "*cinder*" "*swift*" \ +mysql mysql-server httpd "*memcache*" ; + +ps -ef | grep -i repli | grep swift | awk '{print $2}' | xargs kill ; + +# Warning! Dangerous step! Deletes local application data +rm -rf /etc/nagios /etc/yum.repos.d/packstack_* /root/.my.cnf \ +/var/lib/mysql/* /var/lib/glance /var/lib/nova /etc/nova /etc/swift \ +/srv/node/device*/* /var/lib/cinder/ /etc/rsync.d/frag* \ +/var/cache/swift /var/log/keystone ; + +umount /srv/node/device* ; +killall -9 dnsmasq tgtd httpd ; +#vgremove -f cinder-volumes ; +losetup -a | sed -e 's/:.*//g' | xargs losetup -d ; +find /etc/pki/tls -name "ssl_ps*" | xargs rm -rf ; +for x in $(df | grep "/lib/" | sed -e 's/.* //g') ; do + umount $x ; +done diff --git a/files/hotfix/autocloud/consumer.py b/files/hotfix/autocloud/consumer.py new file mode 100644 index 0000000000..c216553251 --- /dev/null +++ b/files/hotfix/autocloud/consumer.py @@ -0,0 +1,135 @@ +# -*- coding: utf-8 -*- +from datetime import datetime + +import requests +import fedmsg.consumers +import fedfind.release + +from sqlalchemy import exc + +import autocloud + +from autocloud.models import init_model, ComposeDetails, ComposeJobDetails +from autocloud.producer import publish_to_fedmsg +from autocloud.utils import is_valid_image, produce_jobs + +import logging +log = logging.getLogger("fedmsg") + +DEBUG = autocloud.DEBUG + + +class AutoCloudConsumer(fedmsg.consumers.FedmsgConsumer): + """ + Fedmsg consumer for Autocloud + """ + + if DEBUG: + topic = [ + 'org.fedoraproject.dev.__main__.pungi.compose.status.change' + ] + + else: + topic = [ + 'org.fedoraproject.prod.pungi.compose.status.change' + ] + + config_key = 'autocloud.consumer.enabled' + + def __init__(self, *args, **kwargs): + self.supported_archs = [arch for arch, _ in ComposeJobDetails.ARCH_TYPES] + + log.info("Autocloud Consumer is ready for action.") + super(AutoCloudConsumer, self).__init__(*args, **kwargs) + + def consume(self, msg): + """ This is called when we receive a message matching the topic. """ + + log.info('Received %r %r' % (msg['topic'], msg['body']['msg_id'])) + + STATUS_F = ('FINISHED_INCOMPLETE', 'FINISHED',) + VARIANTS_F = ('CloudImages',) + + images = [] + compose_db_update = False + msg_body = msg['body'] + status = msg_body['msg']['status'] + compose_images_json = None + + if status in STATUS_F: + location = msg_body['msg']['location'] + json_metadata = '{}/metadata/images.json'.format(location) + resp = requests.get(json_metadata) + compose_images_json = getattr(resp, 'json', False) + + if compose_images_json is not None: + compose_images_json = compose_images_json() + compose_images = compose_images_json['payload']['images'] + compose_details = compose_images_json['payload']['compose'] + compose_images = dict((variant, compose_images[variant]) + for variant in VARIANTS_F + if variant in compose_images) + compose_id = compose_details['id'] + rel = fedfind.release.get_release(cid=compose_id) + release = rel.release + compose_details.update({'release': release}) + + compose_images_variants = [variant for variant in VARIANTS_F + if variant in compose_images] + + for variant in compose_images_variants: + compose_image = compose_images[variant] + for arch, payload in compose_image.iteritems(): + + if arch not in self.supported_archs: + continue + + for item in payload: + relative_path = item['path'] + if not is_valid_image(relative_path): + continue + absolute_path = '{}/{}'.format(location, relative_path) + item.update({ + 'compose': compose_details, + 'absolute_path': absolute_path, + }) + images.append(item) + compose_db_update = True + + if compose_db_update: + session = init_model() + compose_date = datetime.strptime(compose_details['date'], '%Y%m%d') + try: + cd = ComposeDetails( + date=compose_date, + compose_id=compose_details['id'], + respin=compose_details['respin'], + type=compose_details['type'], + status=u'q', + location=location, + ) + + session.add(cd) + session.commit() + + compose_details.update({ + 'status': 'queued', + 'compose_job_id': cd.id, + }) + publish_to_fedmsg(topic='compose.queued', + **compose_details) + except exc.IntegrityError: + session.rollback() + cd = session.query(ComposeDetails).filter_by( + compose_id=compose_details['id']).first() + log.info('Compose already exists %s: %s' % ( + compose_details['id'], + cd.id + )) + session.close() + + num_images = len(images) + for pos, image in enumerate(images): + image.update({'pos': (pos+1, num_images)}) + + produce_jobs(images) diff --git a/files/hotfix/mailman3/mailman3-broken-unicode-emails.patch b/files/hotfix/mailman3/mailman3-broken-unicode-emails.patch deleted file mode 100644 index 3065157385..0000000000 --- a/files/hotfix/mailman3/mailman3-broken-unicode-emails.patch +++ /dev/null @@ -1,19 +0,0 @@ ---- a/src/mailman/email/message.py -+++ b/src/mailman/email/message.py -@@ -47,6 +47,16 @@ class Message(email.message.Message): - def __setstate__(self, values): - self.__dict__ = values - -+ def as_string(self): -+ # Work around for https://bugs.python.org/issue27321 and -+ # https://bugs.python.org/issue32330. -+ try: -+ value = email.message.Message.as_string(self) -+ except (KeyError, UnicodeEncodeError): -+ value = email.message.Message.as_bytes(self).decode( -+ 'ascii', 'replace') -+ return value -+ - @property - def sender(self): - """The address considered to be the author of the email. diff --git a/files/hotfix/python-openid/fetchers.py b/files/hotfix/python-openid/fetchers.py new file mode 100644 index 0000000000..bdacfb9410 --- /dev/null +++ b/files/hotfix/python-openid/fetchers.py @@ -0,0 +1,430 @@ +# -*- test-case-name: openid.test.test_fetchers -*- +""" +This module contains the HTTP fetcher interface and several implementations. +""" + +__all__ = ['fetch', 'getDefaultFetcher', 'setDefaultFetcher', 'HTTPResponse', + 'HTTPFetcher', 'createHTTPFetcher', 'HTTPFetchingError', + 'HTTPError'] + +import urllib2 +import time +import cStringIO +import sys + +import openid +import openid.urinorm + +# Try to import httplib2 for caching support +# http://bitworking.org/projects/httplib2/ +try: + import httplib2 +except ImportError: + # httplib2 not available + httplib2 = None + +# try to import pycurl, which will let us use CurlHTTPFetcher +try: + import pycurl +except ImportError: + pycurl = None + +USER_AGENT = "python-openid/%s (%s)" % (openid.__version__, sys.platform) +MAX_RESPONSE_KB = 1024 + +def fetch(url, body=None, headers=None): + """Invoke the fetch method on the default fetcher. Most users + should need only this method. + + @raises Exception: any exceptions that may be raised by the default fetcher + """ + fetcher = getDefaultFetcher() + return fetcher.fetch(url, body, headers) + +def createHTTPFetcher(): + """Create a default HTTP fetcher instance + + prefers Curl to urllib2.""" + if pycurl is None: + fetcher = Urllib2Fetcher() + else: + fetcher = CurlHTTPFetcher() + + return fetcher + +# Contains the currently set HTTP fetcher. If it is set to None, the +# library will call createHTTPFetcher() to set it. Do not access this +# variable outside of this module. +_default_fetcher = None + +def getDefaultFetcher(): + """Return the default fetcher instance + if no fetcher has been set, it will create a default fetcher. + + @return: the default fetcher + @rtype: HTTPFetcher + """ + global _default_fetcher + + if _default_fetcher is None: + setDefaultFetcher(createHTTPFetcher()) + + return _default_fetcher + +def setDefaultFetcher(fetcher, wrap_exceptions=True): + """Set the default fetcher + + @param fetcher: The fetcher to use as the default HTTP fetcher + @type fetcher: HTTPFetcher + + @param wrap_exceptions: Whether to wrap exceptions thrown by the + fetcher wil HTTPFetchingError so that they may be caught + easier. By default, exceptions will be wrapped. In general, + unwrapped fetchers are useful for debugging of fetching errors + or if your fetcher raises well-known exceptions that you would + like to catch. + @type wrap_exceptions: bool + """ + global _default_fetcher + if fetcher is None or not wrap_exceptions: + _default_fetcher = fetcher + else: + _default_fetcher = ExceptionWrappingFetcher(fetcher) + +def usingCurl(): + """Whether the currently set HTTP fetcher is a Curl HTTP fetcher.""" + fetcher = getDefaultFetcher() + if isinstance(fetcher, ExceptionWrappingFetcher): + fetcher = fetcher.fetcher + return isinstance(fetcher, CurlHTTPFetcher) + +class HTTPResponse(object): + """XXX document attributes""" + headers = None + status = None + body = None + final_url = None + + def __init__(self, final_url=None, status=None, headers=None, body=None): + self.final_url = final_url + self.status = status + self.headers = headers + self.body = body + + def __repr__(self): + return "<%s status %s for %s>" % (self.__class__.__name__, + self.status, + self.final_url) + +class HTTPFetcher(object): + """ + This class is the interface for openid HTTP fetchers. This + interface is only important if you need to write a new fetcher for + some reason. + """ + + def fetch(self, url, body=None, headers=None): + """ + This performs an HTTP POST or GET, following redirects along + the way. If a body is specified, then the request will be a + POST. Otherwise, it will be a GET. + + + @param headers: HTTP headers to include with the request + @type headers: {str:str} + + @return: An object representing the server's HTTP response. If + there are network or protocol errors, an exception will be + raised. HTTP error responses, like 404 or 500, do not + cause exceptions. + + @rtype: L{HTTPResponse} + + @raise Exception: Different implementations will raise + different errors based on the underlying HTTP library. + """ + raise NotImplementedError + +def _allowedURL(url): + return url.startswith('http://') or url.startswith('https://') + +class HTTPFetchingError(Exception): + """Exception that is wrapped around all exceptions that are raised + by the underlying fetcher when using the ExceptionWrappingFetcher + + @ivar why: The exception that caused this exception + """ + def __init__(self, why=None): + Exception.__init__(self, why) + self.why = why + +class ExceptionWrappingFetcher(HTTPFetcher): + """Fetcher that wraps another fetcher, causing all exceptions + + @cvar uncaught_exceptions: Exceptions that should be exposed to the + user if they are raised by the fetch call + """ + + uncaught_exceptions = (SystemExit, KeyboardInterrupt, MemoryError) + + def __init__(self, fetcher): + self.fetcher = fetcher + + def fetch(self, *args, **kwargs): + try: + return self.fetcher.fetch(*args, **kwargs) + except self.uncaught_exceptions: + raise + except: + exc_cls, exc_inst = sys.exc_info()[:2] + if exc_inst is None: + # string exceptions + exc_inst = exc_cls + + raise HTTPFetchingError(why=exc_inst) + +class Urllib2Fetcher(HTTPFetcher): + """An C{L{HTTPFetcher}} that uses urllib2. + """ + + # Parameterized for the benefit of testing frameworks, see + # http://trac.openidenabled.com/trac/ticket/85 + urlopen = staticmethod(urllib2.urlopen) + + def fetch(self, url, body=None, headers=None): + if not _allowedURL(url): + raise ValueError('Bad URL scheme: %r' % (url,)) + + if headers is None: + headers = {} + + headers.setdefault( + 'User-Agent', + "%s Python-urllib/%s" % (USER_AGENT, urllib2.__version__,)) + + req = urllib2.Request(url, data=body, headers=headers) + try: + f = self.urlopen(req) + try: + return self._makeResponse(f) + finally: + f.close() + except urllib2.HTTPError, why: + try: + return self._makeResponse(why) + finally: + why.close() + + def _makeResponse(self, urllib2_response): + resp = HTTPResponse() + resp.body = urllib2_response.read(MAX_RESPONSE_KB * 1024) + resp.final_url = urllib2_response.geturl() + resp.headers = dict(urllib2_response.info().items()) + + if hasattr(urllib2_response, 'code'): + resp.status = urllib2_response.code + else: + resp.status = 200 + + return resp + +class HTTPError(HTTPFetchingError): + """ + This exception is raised by the C{L{CurlHTTPFetcher}} when it + encounters an exceptional situation fetching a URL. + """ + pass + +# XXX: define what we mean by paranoid, and make sure it is. +class CurlHTTPFetcher(HTTPFetcher): + """ + An C{L{HTTPFetcher}} that uses pycurl for fetching. + See U{http://pycurl.sourceforge.net/}. + """ + ALLOWED_TIME = 20 # seconds + + def __init__(self): + HTTPFetcher.__init__(self) + if pycurl is None: + raise RuntimeError('Cannot find pycurl library') + + def _parseHeaders(self, header_file): + header_file.seek(0) + + # Remove the status line from the beginning of the input + unused_http_status_line = header_file.readline().lower () + while unused_http_status_line.lower().startswith('http/1.1 1'): + unused_http_status_line = header_file.readline() + unused_http_status_line = header_file.readline() + + lines = [line.strip() for line in header_file] + + # and the blank line from the end + empty_line = lines.pop() + if empty_line: + raise HTTPError("No blank line at end of headers: %r" % (line,)) + + headers = {} + for line in lines: + try: + name, value = line.split(':', 1) + except ValueError: + raise HTTPError( + "Malformed HTTP header line in response: %r" % (line,)) + + value = value.strip() + + # HTTP headers are case-insensitive + name = name.lower() + headers[name] = value + + return headers + + def _checkURL(self, url): + # XXX: document that this can be overridden to match desired policy + # XXX: make sure url is well-formed and routeable + return _allowedURL(url) + + def fetch(self, url, body=None, headers=None): + stop = int(time.time()) + self.ALLOWED_TIME + off = self.ALLOWED_TIME + + if headers is None: + headers = {} + + headers.setdefault('User-Agent', + "%s %s" % (USER_AGENT, pycurl.version,)) + + header_list = [] + if headers is not None: + for header_name, header_value in headers.iteritems(): + header_list.append('%s: %s' % (header_name, header_value)) + + c = pycurl.Curl() + try: + c.setopt(pycurl.NOSIGNAL, 1) + + if header_list: + c.setopt(pycurl.HTTPHEADER, header_list) + + # Presence of a body indicates that we should do a POST + if body is not None: + c.setopt(pycurl.POST, 1) + c.setopt(pycurl.POSTFIELDS, body) + + while off > 0: + if not self._checkURL(url): + raise HTTPError("Fetching URL not allowed: %r" % (url,)) + + data = cStringIO.StringIO() + def write_data(chunk): + if data.tell() > 1024*MAX_RESPONSE_KB: + return 0 + else: + return data.write(chunk) + + response_header_data = cStringIO.StringIO() + c.setopt(pycurl.WRITEFUNCTION, write_data) + c.setopt(pycurl.HEADERFUNCTION, response_header_data.write) + c.setopt(pycurl.TIMEOUT, off) + c.setopt(pycurl.URL, openid.urinorm.urinorm(url)) + + c.perform() + + response_headers = self._parseHeaders(response_header_data) + code = c.getinfo(pycurl.RESPONSE_CODE) + if code in [301, 302, 303, 307]: + url = response_headers.get('location') + if url is None: + raise HTTPError( + 'Redirect (%s) returned without a location' % code) + + # Redirects are always GETs + c.setopt(pycurl.POST, 0) + + # There is no way to reset POSTFIELDS to empty and + # reuse the connection, but we only use it once. + else: + resp = HTTPResponse() + resp.headers = response_headers + resp.status = code + resp.final_url = url + resp.body = data.getvalue() + return resp + + off = stop - int(time.time()) + + raise HTTPError("Timed out fetching: %r" % (url,)) + finally: + c.close() + +class HTTPLib2Fetcher(HTTPFetcher): + """A fetcher that uses C{httplib2} for performing HTTP + requests. This implementation supports HTTP caching. + + @see: http://bitworking.org/projects/httplib2/ + """ + + def __init__(self, cache=None): + """@param cache: An object suitable for use as an C{httplib2} + cache. If a string is passed, it is assumed to be a + directory name. + """ + if httplib2 is None: + raise RuntimeError('Cannot find httplib2 library. ' + 'See http://bitworking.org/projects/httplib2/') + + super(HTTPLib2Fetcher, self).__init__() + + # An instance of the httplib2 object that performs HTTP requests + self.httplib2 = httplib2.Http(cache) + + # We want httplib2 to raise exceptions for errors, just like + # the other fetchers. + self.httplib2.force_exception_to_status_code = False + + def fetch(self, url, body=None, headers=None): + """Perform an HTTP request + + @raises Exception: Any exception that can be raised by httplib2 + + @see: C{L{HTTPFetcher.fetch}} + """ + if body: + method = 'POST' + else: + method = 'GET' + + if headers is None: + headers = {} + + # httplib2 doesn't check to make sure that the URL's scheme is + # 'http' so we do it here. + if not (url.startswith('http://') or url.startswith('https://')): + raise ValueError('URL is not a HTTP URL: %r' % (url,)) + + httplib2_response, content = self.httplib2.request( + url, method, body=body, headers=headers) + + # Translate the httplib2 response to our HTTP response abstraction + + # When a 400 is returned, there is no "content-location" + # header set. This seems like a bug to me. I can't think of a + # case where we really care about the final URL when it is an + # error response, but being careful about it can't hurt. + try: + final_url = httplib2_response['content-location'] + except KeyError: + # We're assuming that no redirects occurred + assert not httplib2_response.previous + + # And this should never happen for a successful response + assert httplib2_response.status != 200 + final_url = url + + return HTTPResponse( + body=content, + final_url=final_url, + headers=dict(httplib2_response.items()), + status=httplib2_response.status, + ) diff --git a/files/httpd/apachestatus.conf b/files/httpd/apachestatus.conf index cfd499349f..747fb1a32e 100644 --- a/files/httpd/apachestatus.conf +++ b/files/httpd/apachestatus.conf @@ -2,13 +2,4 @@ ExtendedStatus on SetHandler server-status - - # Apache 2.4 - - Require ip 127.0.0.1 - Require ip ::1 - Require host localhost - Require valid-user - - diff --git a/files/httpd/fedorahosted-redirects.conf b/files/httpd/fedorahosted-redirects.conf index 239930bd88..8480ea38a3 100644 --- a/files/httpd/fedorahosted-redirects.conf +++ b/files/httpd/fedorahosted-redirects.conf @@ -237,15 +237,6 @@ RewriteRule ^/pki/p/k/pki/(.*) https://releases.pagure.org/dogtagpki/$1 [L,R] RewriteRule ^/pki/p/k/pki https://releases.pagure.org/dogtagpki/ [L,R] RewriteRule ^/pki https://pagure.io/dogtagpki [R=301] -RewriteRule ^/generic-logos/ https://pagure.io/generic-logos/ [R=301] -RewriteRule ^/generic-logos https://pagure.io/generic-logos/ [R=301] -RewriteRule ^/released/generic-logos/(.*) https://releases.pagure.org/generic-logos/$1 [R=301] -RewriteRule ^/released/generic-logos https://releases.pagure.org/generic-logos/ [R=301] - -RewriteRule ^/beakerlib/wiki/Manual https://github.com/beakerlib/beakerlib/wiki/man [R=301] -RewriteRule ^/beakerlib/wiki/(.*) https://github.com/beakerlib/beakerlib/wiki/$1 [R=301] -RewriteRule ^/beakerlib/(.*) https://github.com/beakerlib/beakerlib/ [R=301] - # Ipsilon wiki is now moving content ReWriteCond %{REQUEST_URI} !^/ipsilon/.* diff --git a/files/httpd/h2.conf.j2 b/files/httpd/h2.conf.j2 deleted file mode 100644 index 2627ea8a32..0000000000 --- a/files/httpd/h2.conf.j2 +++ /dev/null @@ -1 +0,0 @@ -Protocols h2 {% if not inventory_hostname.startswith('proxy') %} h2c {% endif %} http/1.1 diff --git a/files/httpd/headers.conf.j2 b/files/httpd/headers.conf.j2 index 3fb1104608..e5e830d36f 100644 --- a/files/httpd/headers.conf.j2 +++ b/files/httpd/headers.conf.j2 @@ -1,13 +1,3 @@ -ServerTokens ProductOnly - Header set AppTime "%D" PassEnv HOSTNAME -{% if 'proxy' in inventory_hostname %} -Header set X-Fedora-ProxyServer "{{ inventory_hostname }}" -{% else %} -Header set X-Fedora-AppServer "{{ inventory_hostname }}" -{% endif %} -{% if inventory_hostname in groups['proxies'] and ansible_distribution == 'Fedora' %} - -ErrorDocument 421 "You have hit an incorrect proxy for a Fedora Project website due to a bug in Firefox. Please refresh" -{% endif %} +Header set AppServer "{{ inventory_hostname }}" diff --git a/files/httpd/httpd.logrotate b/files/httpd/httpd.logrotate new file mode 100644 index 0000000000..171befe580 --- /dev/null +++ b/files/httpd/httpd.logrotate @@ -0,0 +1,13 @@ +/var/log/httpd/*log { + daily + rotate 7 + missingok + ifempty + compress + compresscmd /usr/bin/xz + uncompresscmd /usr/bin/xz + compressext .xz + dateext + sharedscripts + copytruncate +} diff --git a/files/httpd/httpd.logrotate.j2 b/files/httpd/httpd.logrotate.j2 deleted file mode 100644 index 2a0dad210c..0000000000 --- a/files/httpd/httpd.logrotate.j2 +++ /dev/null @@ -1,17 +0,0 @@ -/var/log/httpd/*log -{% if ansible_hostname.startswith("kojipkgs") %} -/var/log/httpd/*.log.????-??-?? -{% endif %} -{ - daily - rotate 7 - missingok - ifempty - compress - compresscmd /usr/bin/xz - uncompresscmd /usr/bin/xz - compressext .xz - dateext - sharedscripts - copytruncate -} diff --git a/files/keyserver/sks.conf b/files/keyserver/sks.conf new file mode 100644 index 0000000000..e91dfd764b --- /dev/null +++ b/files/keyserver/sks.conf @@ -0,0 +1,83 @@ +ServerName keys.fedoraproject.org +Listen 80.239.156.219:11371 +NameVirtualHost *:443 + + + LoadModule proxy_module modules/mod_proxy.so + + + + LoadModule proxy_http_module modules/mod_proxy_http.so + + + + LoadModule proxy_balancer_module modules/mod_proxy_balancer.so + + + + LoadModule headers_module modules/mod_headers.so + + + + LoadModule authz_host_module modules/mod_authz_host.so + + + + LoadModule log_config_module modules/mod_log_config.so + + + + LoadModule env_module modules/mod_env.so + + + + Options FollowSymLinks + AllowOverride None + Order deny,allow + Deny from all + + + + ServerAdmin sysadmin-keys-members@fedoraproject.org + ServerName keys.fedoraproject.org + ProxyPass / http://127.0.0.1:11371/ + ProxyPassReverse / http://127.0.0.1:11371/ + SetEnv proxy-nokeepalive 1 + ProxyVia Full + + + ServerAdmin sysadmin-keys-members@fedoraproject.org + ServerName keys.fedoraproject.org + ServerAlias keys01.fedoraproject.org + + SSLEngine on + SSLCertificateFile /etc/pki/tls/wildcard-2014.fedoraproject.org.cert + SSLCertificateChainFile /etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert + SSLCertificateKeyFile /etc/pki/tls/wildcard-2014.fedoraproject.org.key + ProxyPass / http://localhost:11371/ + ProxyPassReverse / http://localhost:11371/ + SetEnv proxy-nokeepalive 1 + ProxyVia Full + + + ServerAdmin sysadmin-keys-members@fedoraproject.org + ServerName pool.sks-keyservers.net + ServerAlias sks-keyservers.net + ServerAlias *.sks-keyservers.net + + SSLEngine on + SSLCertificateFile /etc/pki/tls/keys_fedoraproject_org.crt.pem + SSLCertificateKeyFile /etc/pki/tls/keys_fedoraproject_org.key + ProxyPass / http://localhost:11371/ + ProxyPassReverse / http://localhost:11371/ + SetEnv proxy-nokeepalive 1 + ProxyVia Full + + + ServerAdmin sysadmin-keys-members@fedoraproject.org + ServerName keys.fedoraproject.org + ProxyPass / http://127.0.0.1:11371/ + ProxyPassReverse / http://127.0.0.1:11371/ + SetEnv proxy-nokeepalive 1 + ProxyVia Full + diff --git a/files/lists-dev/apache.conf.j2 b/files/lists-dev/apache.conf.j2 new file mode 100644 index 0000000000..96e9bea5b2 --- /dev/null +++ b/files/lists-dev/apache.conf.j2 @@ -0,0 +1,17 @@ + + ServerAdmin admin@fedoraproject.org + ServerName {{ ansible_hostname }} + + + ServerAdmin admin@fedoraproject.org + ServerName {{ ansible_hostname }} + + SSLEngine on + SSLCertificateFile /etc/pki/tls/certs/localhost.crt + SSLCertificateKeyFile /etc/pki/tls/private/localhost.key + #SSLCertificateChainFile /etc/pki/tls/cert.pem + SSLHonorCipherOrder On + SSLCipherSuite {{ ssl_ciphers }} + SSLProtocol {{ ssl_protocols }} + + diff --git a/files/lists-dev/mailman.logrotate.j2 b/files/lists-dev/mailman.logrotate.j2 new file mode 100644 index 0000000000..048e3a3051 --- /dev/null +++ b/files/lists-dev/mailman.logrotate.j2 @@ -0,0 +1,11 @@ +{{ mailman_webui_basedir }}/var/logs/*.log { + missingok + sharedscripts + su mailman mailman + postrotate + /bin/kill -HUP `cat {{ mailman_webui_basedir }}/var/master.pid 2>/dev/null` 2>/dev/null || true + # Don't run "mailman3 reopen" with SELinux on here in the logrotate + # context, it will be blocked + #/usr/bin/mailman3 reopen >/dev/null 2>&1 || true + endscript +} diff --git a/files/lists-dev/mailman3.service.j2 b/files/lists-dev/mailman3.service.j2 new file mode 100644 index 0000000000..402cbb7cd2 --- /dev/null +++ b/files/lists-dev/mailman3.service.j2 @@ -0,0 +1,15 @@ +[Unit] +Description=GNU Mailing List Manager +After=syslog.target network.target + +[Service] +Type=forking +PIDFile={{ mailman_webui_basedir }}/var/master.pid +User=mailman +Group=mailman +ExecStart={{ mailman_webui_basedir }}/venv-3.4/bin/mailman -C /etc/mailman.cfg start +ExecReload={{ mailman_webui_basedir }}/venv-3.4/bin/mailman -C /etc/mailman.cfg restart +ExecStop={{ mailman_webui_basedir }}/venv-3.4/bin/mailman -C /etc/mailman.cfg stop + +[Install] +WantedBy=multi-user.target diff --git a/files/lists-dev/pg_hba.conf b/files/lists-dev/pg_hba.conf new file mode 100644 index 0000000000..90087fed5b --- /dev/null +++ b/files/lists-dev/pg_hba.conf @@ -0,0 +1,3 @@ +local all all peer +host all all 127.0.0.1/32 md5 +host all all ::1/128 md5 diff --git a/files/lists-dev/pgpass.j2 b/files/lists-dev/pgpass.j2 new file mode 100644 index 0000000000..a7bd44af62 --- /dev/null +++ b/files/lists-dev/pgpass.j2 @@ -0,0 +1,2 @@ +*:*:mailman:mailmanadmin:{{ lists_dev_mm_db_pass }} +*:*:hyperkitty:hyperkittyadmin:{{ lists_dev_hk_db_pass }} diff --git a/files/lists-dev/ssl.conf b/files/lists-dev/ssl.conf new file mode 100644 index 0000000000..adb7c7c9b9 --- /dev/null +++ b/files/lists-dev/ssl.conf @@ -0,0 +1,2 @@ +LoadModule ssl_module modules/mod_ssl.so +Listen 443 diff --git a/files/lists-dev/sudoers-norequiretty-postgres b/files/lists-dev/sudoers-norequiretty-postgres new file mode 100644 index 0000000000..5f28d197c4 --- /dev/null +++ b/files/lists-dev/sudoers-norequiretty-postgres @@ -0,0 +1 @@ +Defaults>postgres !requiretty diff --git a/files/loopabull/loopabull@.service b/files/loopabull/loopabull@.service new file mode 100644 index 0000000000..043c555762 --- /dev/null +++ b/files/loopabull/loopabull@.service @@ -0,0 +1,17 @@ +[Unit] +Description=loopabull worker #%i +After=network.target +Documentation=https://github.com/maxamillion/loopabull + +[Service] +ExecStart=/usr/bin/loopabull $CONFIG_FILE +User=root +Group=root +Restart=on-failure +Type=simple +EnvironmentFile=-/etc/sysconfig/loopabull +Restart=on-failure +PrivateTmp=yes + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/files/loopabull/serializer.py b/files/loopabull/serializer.py new file mode 100644 index 0000000000..cdbbfd7f09 --- /dev/null +++ b/files/loopabull/serializer.py @@ -0,0 +1 @@ +config = { "rabbitmq.serializer.enabled": True } \ No newline at end of file diff --git a/files/mysql/my.cnf b/files/mysql/my.cnf new file mode 100644 index 0000000000..fb4a7de97d --- /dev/null +++ b/files/mysql/my.cnf @@ -0,0 +1,74 @@ +[mysqld] +datadir=/var/lib/mysql +socket=/var/lib/mysql/mysql.sock +user=mysql +# Default to using old password format for compatibility with mysql 3.x +# clients (those using the mysqlclient10 compatibility package). +old_passwords=1 +max_connections=900 +query_cache_size=64M +query_cache_limit=2M +ft_min_word_len=3 + +log-slow-queries=/var/log/mysqld/slow-queries.log +long_query_time = 2 +general_log = 1 +general_log_file = /var/log/mysqld/mysql-transfer.log + +skip-locking +key_buffer = 384M +key_buffer_size=64M +max_allowed_packet = 16M +table_cache = 2048 +sort_buffer_size = 8M +join_buffer_size = 8M +read_buffer_size = 2M +read_rnd_buffer_size = 16M +bulk_insert_buffer_size = 64M +myisam_sort_buffer_size = 128M +myisam_max_sort_file_size=15G +myisam_max_extra_sort_file_size = 10G +thread_cache_size = 8 +# Try number of CPU's*2 for thread_concurrency +thread_concurrency = 16 +thread_stack = 192K + +transaction_isolation = REPEATABLE-READ + +back_log = 50 +binlog_cache_size = 1M +max_heap_table_size = 128M + +tmp_table_size = 128M + +innodb_additional_mem_pool_size = 16M +innodb_buffer_pool_size = 4G +innodb_file_io_threads = 4 +innodb_thread_concurrency = 16 +innodb_flush_log_at_trx_commit = 1 +innodb_log_buffer_size = 8M +#innodb_log_file_size = 2G +#innodb_log_files_in_group = 3 +innodb_max_dirty_pages_pct = 90 + + +[mysqld_safe] +log-error=/var/log/mysqld.log +pid-file=/var/run/mysqld/mysqld.pid +open-files-limit = 8192 + +[isamchk] +key_buffer = 512M +sort_buffer_size = 512M +read_buffer = 8M +write_buffer = 8M + +[myisamchk] +key_buffer = 512M +sort_buffer_size = 512M +read_buffer = 8M +write_buffer = 8M + +[mysqlhotcopy] +interactive-timeout + diff --git a/files/openshift/Gemfile b/files/openshift/Gemfile new file mode 100644 index 0000000000..1a8a78806e --- /dev/null +++ b/files/openshift/Gemfile @@ -0,0 +1,50 @@ +source 'http://rubygems.org' + +gem 'rails', '~> 3.0.13' +gem 'json' +gem 'parseconfig' +gem 'mongo' +gem 'xml-simple' +gem 'rack' +gem 'regin' +gem 'open4' +gem 'stickshift-common' +gem 'stickshift-controller' +gem 'rest-client' +gem 'systemu' + +# Add plugin gems here +gem 'gearchanger-mcollective-plugin' +gem 'uplift-bind-plugin' +gem 'swingshift-mongo-plugin' +gem 'dnsruby' + +# Bundle edge Rails instead: +# gem 'rails', :git => 'git://github.com/rails/rails.git' + +# Use unicorn as the web server +# gem 'unicorn' + +# Deploy with Capistrano +# gem 'capistrano' + +# To use debugger (ruby-debug for Ruby 1.8.7+, ruby-debug19 for Ruby 1.9.2+) +# gem 'ruby-debug' +# gem 'ruby-debug19', :require => 'ruby-debug' + +# Bundle the extra gems: +# gem 'bj' +# gem 'nokogiri' +# gem 'sqlite3-ruby', :require => 'sqlite3' +# gem 'aws-s3', :require => 'aws/s3' + +# Bundle gems for the local environment. Make sure to +# put test-only gems in this group so their generators +# and rake tasks are available in development mode: +group :development, :test do + # The require part from http://tinyurl.com/3pf68ho + gem 'mocha', :require => nil + gem 'cucumber' + gem 'rcov' +end + diff --git a/files/openshift/jenkins.repo b/files/openshift/jenkins.repo new file mode 100644 index 0000000000..5ab0572477 --- /dev/null +++ b/files/openshift/jenkins.repo @@ -0,0 +1,5 @@ +[jenkins] +name=Jenkins +baseurl=http://pkg.jenkins-ci.org/redhat +gpgcheck=1 +gpgkey=http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key diff --git a/files/openshift/mcollective-client.cfg b/files/openshift/mcollective-client.cfg new file mode 100644 index 0000000000..3e8a44f598 --- /dev/null +++ b/files/openshift/mcollective-client.cfg @@ -0,0 +1,18 @@ +topicprefix = /topic/ +main_collective = mcollective +collectives = mcollective +libdir = /usr/libexec/mcollective +loglevel = debug +logfile = /var/log/mcollective-client.log + +# Plugins +securityprovider = psk +plugin.psk = unset +connector = qpid +plugin.qpid.host=127.0.0.1 +plugin.qpid.secure=false +plugin.qpid.timeout=5 + +# Facts +factsource = yaml +plugin.yaml = /etc/mcollective/facts.yaml \ No newline at end of file diff --git a/files/openshift/mongo-acct.sh b/files/openshift/mongo-acct.sh new file mode 100644 index 0000000000..15e8973e00 --- /dev/null +++ b/files/openshift/mongo-acct.sh @@ -0,0 +1,7 @@ +#!/bin/bash +mongo stickshift_broker_dev --eval 'db.addUser("stickshift", "mooo")' +mongo stickshift_broker_dev --eval 'db.auth_user.update({"_id":"admin"}, {"_id":"admin","user":"admin","password":"2a8462d93a13e51387a5e607cbd1139f"} , true)' +echo "Acct setup done on `date`" > /etc/mongo-acct-setup + + + \ No newline at end of file diff --git a/files/openshift/mongodb.conf b/files/openshift/mongodb.conf new file mode 100644 index 0000000000..b983014e4c --- /dev/null +++ b/files/openshift/mongodb.conf @@ -0,0 +1,91 @@ +## +### Basic Defaults +## +bind_ip = 127.0.0.1 +port = 27017 +fork = true +pidfilepath = /var/run/mongodb/mongodb.pid +logpath = /var/log/mongodb/mongodb.log +dbpath =/var/lib/mongodb +journal = true + +# Enables periodic logging of CPU utilization and I/O wait +#cpu = true + +# Turn on/off security. Off is currently the default +#noauth = true +auth = true + +# Verbose logging output. +#verbose = true + +# Inspect all client data for validity on receipt (useful for +# developing drivers) +#objcheck = true + +# Enable db quota management +#quota = true + +# Set oplogging level where n is +# 0=off (default) +# 1=W +# 2=R +# 3=both +# 7=W+some reads +#oplog = 0 + +# Diagnostic/debugging option +#nocursors = true + +# Ignore query hints +#nohints = true + +# Disable the HTTP interface (Defaults to port+1000). +nohttpinterface = true + +# Turns off server-side scripting. This will result in greatly limited +# functionality +#noscripting = true + +# Turns off table scans. Any query that would do a table scan fails. +#notablescan = true + +# Disable data file preallocation. +#noprealloc = true + +# Specify .ns file size for new databases. +# nssize = + +# Accout token for Mongo monitoring server. +#mms-token = + +# Server name for Mongo monitoring server. +#mms-name = + +# Ping interval for Mongo monitoring server. +#mms-interval = + +# Replication Options + +# in replicated mongo databases, specify here whether this is a slave or master +#slave = true +#source = master.example.com +# Slave only: specify a single database to replicate +#only = master.example.com +# or +#master = true +#source = slave.example.com + +# Address of a server to pair with. +#pairwith = +# Address of arbiter server. +#arbiter = +# Automatically resync if slave data is stale +#autoresync +# Custom size for replication operation log. +#oplogSize = +# Size limit for in-memory storage of op ids. +#opIdMem = + +# smallfiles +smallfiles = true \ No newline at end of file diff --git a/files/openshift/openshift-el6.repo b/files/openshift/openshift-el6.repo new file mode 100644 index 0000000000..87e34a7074 --- /dev/null +++ b/files/openshift/openshift-el6.repo @@ -0,0 +1,5 @@ +[openshift] +name=OpenShift +baseurl=http://mirror.openshift.com/pub/crankcase/rhel-6/x86_64/ +enabled=1 +gpgcheck=0 diff --git a/files/openshift/openshift.repo b/files/openshift/openshift.repo new file mode 100644 index 0000000000..77aa0895d9 --- /dev/null +++ b/files/openshift/openshift.repo @@ -0,0 +1,22 @@ +[rhel7-openshift-3.4] +name = rhel7 openshift 3.4 $basearch +baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-openshift-3.4-rpms/ +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release + +[rhel7-openshift-3.5] +name = rhel7 openshift 3.5 $basearch +baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-openshift-3.5-rpms/ +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release + +{% if env == 'staging' %} +[rhel7-openshift-3.6] +name = rhel7 openshift 3.6 $basearch +baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-openshift-3.6-rpms/ +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release + +# OpenShift 3.6 needs this for new openvswitch +[rhel7-fast-datapath] +name = rhel7 fast datapath $basearch +baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-fast-datapath/ +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +{% endif %} diff --git a/files/openshift/qpidd.conf b/files/openshift/qpidd.conf new file mode 100644 index 0000000000..be2e0b862e --- /dev/null +++ b/files/openshift/qpidd.conf @@ -0,0 +1,3 @@ +cluster-mechanism=DIGEST-MD5 ANONYMOUS +auth=no + diff --git a/files/osbs/buildroot-Dockerfile-production.j2 b/files/osbs/buildroot-Dockerfile-production.j2 new file mode 100644 index 0000000000..8f9ef88c18 --- /dev/null +++ b/files/osbs/buildroot-Dockerfile-production.j2 @@ -0,0 +1,9 @@ +FROM registry.fedoraproject.org/fedora +ADD ./infra-tags.repo /etc/yum.repos.d/infra-tags.repo +RUN dnf -y install --refresh dnf-plugins-core && dnf -y install docker git python-setuptools e2fsprogs koji python-backports-lzma osbs-client python-osbs-client gssproxy fedpkg python-docker-squash atomic-reactor python-atomic-reactor* go-md2man +RUN sed -i 's|.*default_ccache_name.*| default_ccache_name = DIR:/tmp/ccache_%{uid}|g' /etc/krb5.conf +ADD ./krb5.osbs_{{osbs_url}}.keytab /etc/ +ADD ./ca.crt /etc/pki/ca-trust/source/anchors/osbs.ca.crt +RUN update-ca-trust +CMD ["python2", "/usr/bin/atomic-reactor", "--verbose", "inside-build"] + diff --git a/files/osbs/buildroot-Dockerfile-staging.j2 b/files/osbs/buildroot-Dockerfile-staging.j2 new file mode 100644 index 0000000000..0de835a94c --- /dev/null +++ b/files/osbs/buildroot-Dockerfile-staging.j2 @@ -0,0 +1,8 @@ +FROM registry.fedoraproject.org/fedora +ADD ./infra-tags.repo /etc/yum.repos.d/infra-tags.repo +RUN dnf -y install --refresh dnf-plugins-core && dnf -y install docker git python3-docker-py python3-setuptools e2fsprogs koji osbs-client gssproxy fedpkg python3-docker-squash atomic-reactor python3-atomic-reactor* go-md2man +RUN sed -i 's|.*default_ccache_name.*| default_ccache_name = DIR:/tmp/ccache_%{uid}|g' /etc/krb5.conf +ADD ./krb5.osbs_{{osbs_url}}.keytab /etc/ +ADD ./ca.crt /etc/pki/ca-trust/source/anchors/osbs.ca.crt +RUN update-ca-trust +CMD ["python3", "/usr/bin/atomic-reactor", "--verbose", "inside-build"] diff --git a/files/osbs/cleanup-docker-storage b/files/osbs/cleanup-docker-storage new file mode 100644 index 0000000000..0419b4e6f9 --- /dev/null +++ b/files/osbs/cleanup-docker-storage @@ -0,0 +1,5 @@ +SHELL=/bin/bash +MAILTO=maxamillion@fedoraproject.org + +5 0 * * * root for i in $(docker ps -a | awk '/Exited/ { print $1 }'); do docker rm $i; done && for i in $(docker images -q -f 'dangling=true'); do docker rmi $i; done + diff --git a/files/osbs/cleanup-old-osbs-builds b/files/osbs/cleanup-old-osbs-builds new file mode 100644 index 0000000000..27cf132ff4 --- /dev/null +++ b/files/osbs/cleanup-old-osbs-builds @@ -0,0 +1,4 @@ +SHELL=/bin/bash +MAILTO=maxamillion@fedoraproject.org + +0 0 * * * root oadm prune builds --orphans --keep-younger-than=720h0m0s --confirm \ No newline at end of file diff --git a/files/osbs/docker-storage-setup b/files/osbs/docker-storage-setup new file mode 100644 index 0000000000..5959fe01e9 --- /dev/null +++ b/files/osbs/docker-storage-setup @@ -0,0 +1 @@ +VG="vg-docker" \ No newline at end of file diff --git a/files/osbs/docker-storage-setup.staging b/files/osbs/docker-storage-setup.staging new file mode 100644 index 0000000000..e29e2a65b0 --- /dev/null +++ b/files/osbs/docker-storage-setup.staging @@ -0,0 +1 @@ +STORAGE_DRIVER="overlay2" \ No newline at end of file diff --git a/files/osbs/docker.custom.service b/files/osbs/docker.custom.service new file mode 100644 index 0000000000..010b78a4f1 --- /dev/null +++ b/files/osbs/docker.custom.service @@ -0,0 +1,8 @@ +# Ansible managed + +[Unit] +Wants=iptables.service +After=iptables.service + +[Service] +ExecStartPost=/usr/local/bin/fix-docker-iptables \ No newline at end of file diff --git a/files/osbs/docker.service b/files/osbs/docker.service new file mode 100644 index 0000000000..80544cf46a --- /dev/null +++ b/files/osbs/docker.service @@ -0,0 +1,32 @@ +[Unit] +Description=Docker Application Container Engine +Documentation=http://docs.docker.com +After=network.target +Wants=docker-storage-setup.service + +[Service] +Type=notify +NotifyAccess=all +EnvironmentFile=-/etc/sysconfig/docker +EnvironmentFile=-/etc/sysconfig/docker-storage +EnvironmentFile=-/etc/sysconfig/docker-network +Environment=GOTRACEBACK=crash +ExecStart=/usr/bin/docker daemon \ + --exec-opt native.cgroupdriver=systemd \ + $OPTIONS \ + $DOCKER_STORAGE_OPTIONS \ + $DOCKER_NETWORK_OPTIONS \ + $INSECURE_REGISTRY +ExecStartPost=/usr/local/bin/fix-docker-iptables +LimitNOFILE=1048576 +LimitNPROC=1048576 +LimitCORE=infinity +MountFlags=slave +StandardOutput=null +StandardError=null +TimeoutStartSec=0 +Restart=on-abnormal + +[Install] +WantedBy=multi-user.target + diff --git a/files/osbs/fedora-dnsmasq.conf.production b/files/osbs/fedora-dnsmasq.conf.production new file mode 100644 index 0000000000..bf361767e5 --- /dev/null +++ b/files/osbs/fedora-dnsmasq.conf.production @@ -0,0 +1,2 @@ +server=/fedoraproject.org/10.5.126.21 +server=/fedoraproject.org/10.5.126.22 diff --git a/files/osbs/fedora-dnsmasq.conf.staging b/files/osbs/fedora-dnsmasq.conf.staging new file mode 100644 index 0000000000..bf361767e5 --- /dev/null +++ b/files/osbs/fedora-dnsmasq.conf.staging @@ -0,0 +1,2 @@ +server=/fedoraproject.org/10.5.126.21 +server=/fedoraproject.org/10.5.126.22 diff --git a/files/osbs/fix-docker-iptables.production b/files/osbs/fix-docker-iptables.production new file mode 100644 index 0000000000..7d5fc56bd5 --- /dev/null +++ b/files/osbs/fix-docker-iptables.production @@ -0,0 +1,74 @@ +#!/bin/bash -xe +# Note: this is done as a script because it needs to be run after +# every docker service restart. +# And just doing an iptables-restore is going to mess up kubernetes' +# NAT table. +# And it gets even better with openshift! It thinks I'm stupid and need +# to be corrected by automatically adding the "allow all" rules back at +# the top as soon as I remove them. +# To circumvent that, we're just adding a new chain for this, as it seems +# that it doesn't do anything with the firewall if we keep its rules in +# place. (it doesn't check the order of its rules, only that they exist) + +if [ "`iptables -nL | grep FILTER_FORWARD`" == "" ]; +then + iptables -N FILTER_FORWARD +fi +if [ "`iptables -nL | grep 'FILTER_FORWARD all'`" == "" ]; +then + iptables -I FORWARD 1 -j FILTER_FORWARD + iptables -I FORWARD 2 -j REJECT + iptables -I DOCKER-ISOLATION 1 -j FILTER_FORWARD +fi + +# Delete all old rules +iptables --flush FILTER_FORWARD + +# Re-insert some basic rules +iptables -A FILTER_FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT +iptables -A FILTER_FORWARD --src 10.1.0.0/16 --dst 10.1.0.0/16 -j ACCEPT + +# Now insert access to allowed boxes +# docker-registry +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.125.56 --dport 443 -j ACCEPT + +#koji.fp.o +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.125.61 --dport 80 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.125.61 --dport 443 -j ACCEPT + +# pkgs +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.125.44 --dport 80 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.125.44 --dport 443 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.125.44 --dport 9418 -j ACCEPT + +# DNS +iptables -A FILTER_FORWARD -p udp -m udp -d 10.5.126.21 --dport 53 -j ACCEPT +iptables -A FILTER_FORWARD -p udp -m udp -d 10.5.126.22 --dport 53 -j ACCEPT + +# mirrors.fp.o +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.51 --dport 443 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.52 --dport 443 -j ACCEPT + +# Kerberos +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.51 --dport 1088 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.52 --dport 1088 -j ACCEPT + +# dl.phx2 +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.93 --dport 80 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.93 --dport 443 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.94 --dport 80 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.94 --dport 443 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.95 --dport 80 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.95 --dport 443 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.96 --dport 80 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.96 --dport 443 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.97 --dport 80 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.97 --dport 443 -j ACCEPT + + +# Docker is CRAZY and forces Google DNS upon us..... +iptables -A FILTER_FORWARD -p udp -m udp -d 8.8.8.8 --dport 53 -j ACCEPT +iptables -A FILTER_FORWARD -p udp -m udp -d 8.8.4.4 --dport 53 -j ACCEPT + +iptables -A FORWARD -j REJECT --reject-with icmp-host-prohibited + diff --git a/files/osbs/fix-docker-iptables.staging b/files/osbs/fix-docker-iptables.staging new file mode 100644 index 0000000000..b23489d631 --- /dev/null +++ b/files/osbs/fix-docker-iptables.staging @@ -0,0 +1,81 @@ +#!/bin/bash -xe +# Note: this is done as a script because it needs to be run after +# every docker service restart. +# And just doing an iptables-restore is going to mess up kubernetes' +# NAT table. +# And it gets even better with openshift! It thinks I'm stupid and need +# to be corrected by automatically adding the "allow all" rules back at +# the top as soon as I remove them. +# To circumvent that, we're just adding a new chain for this, as it seems +# that it doesn't do anything with the firewall if we keep its rules in +# place. (it doesn't check the order of its rules, only that they exist) + +if [ "`iptables -nL | grep FILTER_FORWARD`" == "" ]; +then + iptables -N FILTER_FORWARD +fi +if [ "`iptables -nL | grep 'FILTER_FORWARD all'`" == "" ]; +then + iptables -I FORWARD 1 -j FILTER_FORWARD + iptables -I FORWARD 2 -j REJECT + iptables -I DOCKER-ISOLATION 1 -j FILTER_FORWARD +fi + +# Delete all old rules +iptables --flush FILTER_FORWARD + +# Re-insert some basic rules +iptables -A FILTER_FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT +iptables -A FILTER_FORWARD --src 10.1.0.0/16 --dst 10.1.0.0/16 -j ACCEPT + +# Now insert access to allowed boxes +# osbs +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.128.177 --dport 443 -j ACCEPT + +# docker-registry +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.128.123 --dport 443 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.128.124 --dport 443 -j ACCEPT + +#koji.fp.o +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.128.139 --dport 80 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.128.139 --dport 443 -j ACCEPT + +# pkgs.stg +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.128.175 --dport 80 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.128.175 --dport 443 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.128.175 --dport 9418 -j ACCEPT + +# DNS +iptables -A FILTER_FORWARD -p udp -m udp -d 10.5.126.21 --dport 53 -j ACCEPT +iptables -A FILTER_FORWARD -p udp -m udp -d 10.5.126.22 --dport 53 -j ACCEPT + +# mirrors.fp.o +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.51 --dport 443 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.52 --dport 443 -j ACCEPT + +# dl.phx2 +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.93 --dport 80 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.93 --dport 443 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.94 --dport 80 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.94 --dport 443 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.95 --dport 80 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.95 --dport 443 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.96 --dport 80 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.96 --dport 443 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.97 --dport 80 -j ACCEPT +iptables -A FILTER_FORWARD -p tcp -m tcp -d 10.5.126.97 --dport 443 -j ACCEPT + + +# Docker is CRAZY and forces Google DNS upon us..... +iptables -A FILTER_FORWARD -p udp -m udp -d 8.8.8.8 --dport 53 -j ACCEPT +iptables -A FILTER_FORWARD -p udp -m udp -d 8.8.4.4 --dport 53 -j ACCEPT + +# proxy +iptables -A FILTER_FORWARD -p tcp --dst 10.5.128.177 --dport 443 -j ACCEPT + +# Kerberos +iptables -A FILTER_FORWARD -p tcp --dst 10.5.128.177 --dport 1088 -j ACCEPT + + +iptables -A FILTER_FORWARD -j REJECT --reject-with icmp-host-prohibited + diff --git a/files/osbs/maxamillion-atomic-reactor-epel.repo b/files/osbs/maxamillion-atomic-reactor-epel.repo new file mode 100644 index 0000000000..867bbeaa19 --- /dev/null +++ b/files/osbs/maxamillion-atomic-reactor-epel.repo @@ -0,0 +1,8 @@ +[maxamillion-atomic-reactor] +name=Copr repo for atomic-reactor owned by maxamillion +baseurl=https://copr-be.cloud.fedoraproject.org/results/maxamillion/atomic-reactor/epel-7-$basearch/ +skip_if_unavailable=True +gpgcheck=1 +gpgkey=https://copr-be.cloud.fedoraproject.org/results/maxamillion/atomic-reactor/pubkey.gpg +enabled=1 +enabled_metadata=1 \ No newline at end of file diff --git a/files/osbs/maxamillion-atomic-reactor-fedora.repo b/files/osbs/maxamillion-atomic-reactor-fedora.repo new file mode 100644 index 0000000000..6879f370a7 --- /dev/null +++ b/files/osbs/maxamillion-atomic-reactor-fedora.repo @@ -0,0 +1,8 @@ +[maxamillion-atomic-reactor] +name=Copr repo for atomic-reactor owned by maxamillion +baseurl=https://copr-be.cloud.fedoraproject.org/results/maxamillion/atomic-reactor/fedora-$releasever-$basearch/ +skip_if_unavailable=True +gpgcheck=1 +gpgkey=https://copr-be.cloud.fedoraproject.org/results/maxamillion/atomic-reactor/pubkey.gpg +enabled=1 +enabled_metadata=1 \ No newline at end of file diff --git a/files/phabricator/phabricator-vhost.conf b/files/phabricator/phabricator-vhost.conf new file mode 100644 index 0000000000..abf1d6f3a6 --- /dev/null +++ b/files/phabricator/phabricator-vhost.conf @@ -0,0 +1,19 @@ +NameVirtualHost *:80 + + + Options All + AllowOverride All + Require all granted + + + + ServerName {{domain}} + DocumentRoot /srv/www/facebook/phabricator/webroot + + RewriteEngine on + RewriteRule ^/rsrc/(.*) - [L,QSA] + RewriteRule ^/favicon.ico - [L,QSA] + RewriteRule ^(.*)$ /index.php?__path__=$1 [B,L,QSA] + + SetEnv PHABRICATOR_ENV custom/myconfig + diff --git a/files/phabricator/phabricator.conf.php b/files/phabricator/phabricator.conf.php new file mode 100644 index 0000000000..f15abc8ded --- /dev/null +++ b/files/phabricator/phabricator.conf.php @@ -0,0 +1,18 @@ + 'http://{{domain}}/', + + 'mysql.host' => 'localhost', + 'mysql.user' => 'root', + + 'metamta.default-address' => 'phabricator@{{domain}}', + 'metamta.domain' => '{{domain}}', + + 'phabricator.timezone' => 'America/New_York', + 'pygments.enabled' => true, + + // NOTE: Check default.conf.php for detailed explanations of all the + // configuration options, including these. + +) + phabricator_read_config_file('production'); diff --git a/files/rdiff-backup/run-rdiff-backups b/files/rdiff-backup/run-rdiff-backups index 0c2b970c92..ec6ebf3586 100644 --- a/files/rdiff-backup/run-rdiff-backups +++ b/files/rdiff-backup/run-rdiff-backups @@ -5,5 +5,5 @@ source /root/sshagent >>/dev/null TMPDIR=`mktemp -d /tmp/backups.XXXX` cd $TMPDIR -git clone https://infrastructure.fedoraproject.org/infra/ansible +git clone https://infrastructure.fedoraproject.org/infra/ansible.git ansible-playbook -i ansible/inventory ansible/playbooks/rdiff-backup.yml diff --git a/files/reg-server/cron-prod b/files/reg-server/cron-prod new file mode 100644 index 0000000000..26a9c5c1c6 --- /dev/null +++ b/files/reg-server/cron-prod @@ -0,0 +1,5 @@ +SHELL=/bin/bash +MAILTO=maxamillion@fedoraproject.org + +*/5 * * * * root cd /var/lib/reg-server/ && reg-server -r registry.fedoraproject.org --once + diff --git a/files/reg-server/cron-stg b/files/reg-server/cron-stg new file mode 100644 index 0000000000..de1bee6a1d --- /dev/null +++ b/files/reg-server/cron-stg @@ -0,0 +1,5 @@ +SHELL=/bin/bash +MAILTO=maxamillion@fedoraproject.org + +*/5 * * * * root cd /var/lib/reg-server/ && reg-server -r registry.stg.fedoraproject.org --once + diff --git a/files/reg-server/repositories.html b/files/reg-server/repositories.html new file mode 100644 index 0000000000..572fbc6efe --- /dev/null +++ b/files/reg-server/repositories.html @@ -0,0 +1,69 @@ +{{define "repositories"}} + + + + + + + + + + {{ .RegistryDomain }} + + + + +

{{ .RegistryDomain }}

+
+ clear +
+ +
+ + + + + + {{ range $key, $value := .Repositories }} + + + + + + {{ end }} +
Repository NamePull Command
+ + {{ $value.Name }} + + + + docker pull {{ $value.URI }} + +
+
+ +
+

Last Updated: {{ .LastUpdated }}

+

+ Fedora Container Layered Images brought to you by the + Fedora Atomic Working + Group +

+

+ reg-server + was originally written and is maintained upstream by + @jessfraz +

+
+ + + + +{{end}} diff --git a/files/reg-server/tags.html b/files/reg-server/tags.html new file mode 100644 index 0000000000..0100489b01 --- /dev/null +++ b/files/reg-server/tags.html @@ -0,0 +1,74 @@ +{{define "tags"}} + + + + + + + + + + {{ .RegistryDomain }}/{{ .Name }} + + + + +

{{ .RegistryDomain }}/{{ .Name }}

+
+ + + + + + + {{ range $key, $value := .Repositories }} + + + + + + {{ end }} +
NameTagCreated
+ {{ $value.Name }} + + {{ $value.Tag }} + + {{ $value.Created.Format "02 Jan, 2006 15:04:05 UTC" }} +
+
+ +
+ Fedora Container Layered Images brought to you by the + Fedora Atomic Working + Group +

+

+ reg-server + was originally written and is maintained upstream by + @jessfraz +

+
+ + + + + +{{end}} diff --git a/files/releng/relengpush b/files/releng/relengpush deleted file mode 100755 index 0b8cae74f4..0000000000 --- a/files/releng/relengpush +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -# This file exists to facilitate fully automated mass rebuilds without relying -# on user intervention or an individual users's account permissions -sudo /usr/local/bin/relengpush-int $@ \ No newline at end of file diff --git a/files/releng/relengpush-int b/files/releng/relengpush-int deleted file mode 100755 index 5fbd2957de..0000000000 --- a/files/releng/relengpush-int +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -# This file exists to facilitate fully automated mass rebuilds without relying -# on user intervention or an individual users's account permissions -ssh -i /etc/pki/releng $@ \ No newline at end of file diff --git a/files/scripts/create-filelist b/files/scripts/create-filelist old mode 100644 new mode 100755 index d71add8d6e..d59c2781cd --- a/files/scripts/create-filelist +++ b/files/scripts/create-filelist @@ -1,4 +1,5 @@ -#!/usr/bin/python3 +#!/usr/bin/python +from __future__ import print_function # A simple script to generate a file list in a format easily consumable by a # shell script. @@ -26,9 +27,6 @@ except ImportError: SUPPORTED_IMAGE_FORMATS = [] -CHECKSUM_ALGORITHMS = ("sha1", "md5", "sha256", "sha512") - - class SEntry(object): """A simpler DirEntry-like object.""" @@ -39,10 +37,7 @@ class SEntry(object): self.name = direntry.name info = direntry.stat(follow_symlinks=False) - # Make sure we have an int here. Whether the stat calls give us ints - # or floats depends on the python version, and the extra precision - # isn't really helpful. - self.modtime = int(max(info.st_mtime, info.st_ctime)) + self.modtime = max(info.st_mtime, info.st_ctime) self.readable_group = info.st_mode & stat.S_IRGRP self.readable_world = info.st_mode & stat.S_IROTH self.size = info.st_size @@ -64,16 +59,16 @@ class SEntry(object): self.ftype = ftype + perm -def get_checksum(algo, fname): - """Return the checksum of a file in hex.""" +def sha1(fname): + """Return the SHA1 checksum of a file in hex.""" fh = open(fname, 'rb') - hasher = getattr(hashlib, algo)() + sha1 = hashlib.sha1() block = fh.read(2 ** 16) while len(block) > 0: - hasher.update(block) + sha1.update(block) block = fh.read(2 ** 16) - return hasher.hexdigest() + return sha1.hexdigest() def recursedir(path='.', skip=[], alwaysskip=['.~tmp~'], in_restricted=False): @@ -90,20 +85,12 @@ def recursedir(path='.', skip=[], alwaysskip=['.~tmp~'], in_restricted=False): continue if dentry.name in alwaysskip: continue - if dentry.name.startswith('.nfs'): - continue # Skip things which are not at least group readable # Symlinks are followed here so that clients won't see dangling # symlinks to content they can't transfer. It's the default, but to # avoid confusion it's been made explicit. - try: - s = dentry.stat(follow_symlinks=True) - except os.error: - print('Could not stat {0}. Dangling symlink?'.format(dentry.name), file=sys.stderr) - continue - - if not (s.st_mode & stat.S_IRGRP): + if not (dentry.stat(follow_symlinks=True).st_mode & stat.S_IRGRP): # print('{} is not group readable; skipping.'.format(dentry.path)) continue @@ -120,15 +107,6 @@ def recursedir(path='.', skip=[], alwaysskip=['.~tmp~'], in_restricted=False): yield se -def write_checksum_section(algo, files, output): - print('\n[Checksums {}]'.format(algo.upper()), file=output) - - # It's OK if the checksum section is empty, but we should include it anyway - # as the client expects it. - for f in sorted(files): - print('{0}\t{1}'.format(get_checksum(algo, f), f), file=output) - - def parseopts(): null = open(os.devnull, 'w') p = argparse.ArgumentParser( @@ -206,8 +184,12 @@ def main(): entry.size, entry.path[2:]), file=opts.timelist) - for algo in CHECKSUM_ALGORITHMS: - write_checksum_section(algo, checksums, opts.timelist) + print('\n[Checksums SHA1]', file=opts.timelist) + + # It's OK if the checksum section is empty, but we should include it anyway + # as the client expects it. + for f in sorted(checksums): + print('{0}\t{1}'.format(sha1(f), f), file=opts.timelist) print('\n[End]', file=opts.timelist) diff --git a/files/scripts/create-filelist.py2 b/files/scripts/create-filelist.py2 deleted file mode 100644 index 5491856a9c..0000000000 --- a/files/scripts/create-filelist.py2 +++ /dev/null @@ -1,209 +0,0 @@ -#!/usr/bin/python -from __future__ import print_function - -# A simple script to generate a file list in a format easily consumable by a -# shell script. - -# Originally written by Jason Tibbitts in 2016. -# Donated to the public domain. If you require a statement of license, please -# consider this work to be licensed as "CC0 Universal", any version you choose. - -import argparse -import hashlib -import os -import stat -import sys - -# Get scandir from whatever module provides it today -try: - from os import scandir -except ImportError: - from scandir import scandir - -# productmd is optional, needed only for the imagelist feature -try: - from productmd.images import SUPPORTED_IMAGE_FORMATS -except ImportError: - SUPPORTED_IMAGE_FORMATS = [] - - -class SEntry(object): - """A simpler DirEntry-like object.""" - - def __init__(self, direntry, restricted=False): - self.direntry = direntry - self.restricted = restricted - self.path = direntry.path - self.name = direntry.name - - info = direntry.stat(follow_symlinks=False) - # Make sure we have an int here. Whether the stat calls give us ints - # or floats depends on the python version, and the extra precision - # isn't really helpful. - self.modtime = int(max(info.st_mtime, info.st_ctime)) - self.readable_group = info.st_mode & stat.S_IRGRP - self.readable_world = info.st_mode & stat.S_IROTH - self.size = info.st_size - - ftype = 'f' - perm = '' - if direntry.is_symlink(): - ftype = 'l' - elif direntry.is_dir(): - ftype = 'd' - - if self.restricted: - perm = '*' - - # Note that we want an unreadable state to override the restricted state - if not self.readable_world: - perm = '-' - - self.ftype = ftype + perm - - -def sha1(fname): - """Return the SHA1 checksum of a file in hex.""" - fh = open(fname, 'rb') - sha1 = hashlib.sha1() - block = fh.read(2 ** 16) - while len(block) > 0: - sha1.update(block) - block = fh.read(2 ** 16) - - return sha1.hexdigest() - - -def recursedir(path='.', skip=[], alwaysskip=['.~tmp~'], in_restricted=False): - """Like scandir, but recursively. - - Will skip everything in the skip array, but only at the top level - directory. - - Returns SEntry objects. If in_restricted is true, all returned entries will - be marked as restricted even if their permissions are not restricted. - """ - for dentry in scandir(path): - if dentry.name in skip: - continue - if dentry.name in alwaysskip: - continue - if dentry.name.startswith('.nfs'): - continue - - # Skip things which are not at least group readable - # Symlinks are followed here so that clients won't see dangling - # symlinks to content they can't transfer. It's the default, but to - # avoid confusion it's been made explicit. - try: - s = dentry.stat(follow_symlinks=True) - except os.error: - print('Could not stat {0}. Dangling symlink?'.format(dentry.name), file=sys.stderr) - continue - - if not (s.st_mode & stat.S_IRGRP): - # print('{} is not group readable; skipping.'.format(dentry.path)) - continue - - se = SEntry(dentry, in_restricted) - if dentry.is_dir(follow_symlinks=False): - this_restricted = in_restricted - if not se.readable_world: - # print('{} is not world readable; marking as restricted.'.format(se.path), file=sys.stderr) - this_restricted = True - - # Don't pass skip here, because we only skip in the top level - for re in recursedir(se.path, alwaysskip=alwaysskip, in_restricted=this_restricted): - yield re - yield se - - -def parseopts(): - null = open(os.devnull, 'w') - p = argparse.ArgumentParser( - description='Generate a list of files and times, suitable for consumption by quick-fedora-mirror, ' - 'and (optionally) a much smaller list of only files that match one of the productmd ' - ' supported image types, for use by fedfind.') - p.add_argument('-c', '--checksum', action='store_true', - help='Include checksums of all repomd.xml files in the file list.') - p.add_argument('-C', '--checksum-file', action='append', dest='checksum_files', - help='Include checksums of all instances of the specified file.') - p.add_argument('-s', '--skip', action='store_true', - help='Skip the file lists in the top directory') - p.add_argument('-S', '--skip-file', action='append', dest='skip_files', - help='Skip the specified file in the top directory.') - - p.add_argument('-d', '--dir', help='Directory to scan (default: .).') - - p.add_argument('-t', '--timelist', type=argparse.FileType('w'), default=sys.stdout, - help='Filename of the file list with times (default: stdout).') - p.add_argument('-f', '--filelist', type=argparse.FileType('w'), default=null, - help='Filename of the file list without times (default: no plain file list is generated).') - p.add_argument('-i', '--imagelist', type=argparse.FileType('w'), default=null, - help='Filename of the image file list for fedfind (default: not generated). Requires ' - 'the productmd library.') - - opts = p.parse_args() - - if not opts.dir: - opts.dir = '.' - - opts.checksum_files = opts.checksum_files or [] - if opts.checksum: - opts.checksum_files += ['repomd.xml'] - - opts.skip_files = opts.skip_files or [] - if opts.skip: - if not opts.timelist.name == '': - opts.skip_files += [os.path.basename(opts.timelist.name)] - if not opts.filelist.name == '': - opts.skip_files += [os.path.basename(opts.filelist.name)] - if not opts.imagelist.name == '': - opts.skip_files += [os.path.basename(opts.imagelist.name)] - - return opts - - -def main(): - opts = parseopts() - if opts.imagelist.name != os.devnull and not SUPPORTED_IMAGE_FORMATS: - sys.exit("--imagelist requires the productmd library!") - checksums = {} - - os.chdir(opts.dir) - - print('[Version]', file=opts.timelist) - # XXX Technically this should be version 3. But old clients will simply - # ignore the extended file types for restricted directories, and so we can - # add this now and let things simmer for a while before bumping the format - # and hard-breaking old clients. - print('2', file=opts.timelist) - print(file=opts.timelist) - print('[Files]', file=opts.timelist) - - for entry in recursedir(skip=opts.skip_files): - print(entry.path, file=opts.filelist) - - # write to filtered list if appropriate - imgs = ['.{0}'.format(form) for form in SUPPORTED_IMAGE_FORMATS] - if any(entry.path.endswith(img) for img in imgs): - print(entry.path, file=opts.imagelist) - if entry.name in opts.checksum_files: - checksums[entry.path[2:]] = True - - print('{0}\t{1}\t{2}\t{3}'.format(entry.modtime, entry.ftype, - entry.size, entry.path[2:]), - file=opts.timelist) - - print('\n[Checksums SHA1]', file=opts.timelist) - - # It's OK if the checksum section is empty, but we should include it anyway - # as the client expects it. - for f in sorted(checksums): - print('{0}\t{1}'.format(sha1(f), f), file=opts.timelist) - - print('\n[End]', file=opts.timelist) - - -if __name__ == '__main__': - main() diff --git a/files/scripts/fix-home-fedora-ownerships.sh b/files/scripts/fix-home-fedora-ownerships.sh deleted file mode 100755 index ff84c85e37..0000000000 --- a/files/scripts/fix-home-fedora-ownerships.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -for dname in */; do - dname="${dname%%/}" - downer="$(stat --format %U "$dname")" - # skip directories owned by root - if [ "$downer" = "root" ]; then - continue - fi - # verify that the directory actually is the home directory of the same-named user - IFS=":" read -r _ _ _ _ _ homedir _ < <(getent passwd "$dname") - if [ "$homedir" != "/home/fedora/$dname" ]; then - continue - fi - echo "fixing ownership: $dname" - chown -R "$dname:" "$dname" -done diff --git a/files/scripts/jobs-summary b/files/scripts/jobs-summary deleted file mode 100644 index 79d056b44f..0000000000 --- a/files/scripts/jobs-summary +++ /dev/null @@ -1,146 +0,0 @@ -#!/usr/bin/env python3 -# vim: set et ts=4 sw=4 si - -import json -import os -import sys -import datetime -from argparse import ArgumentParser -from enum import Enum -from subprocess import run, PIPE - - -class TermHandler(type): - - def is_tty(cls): - if "NO_COLOR" in os.environ: - return False - if "FORCE_COLOR" in os.environ: - return True - return sys.stdout.isatty() - - def __getattr__(cls, name): - if cls.is_tty(): - return getattr(cls, f"_{name}") - else: - return "" - - -class Color(metaclass=TermHandler): - _END = '\033[0m' - _HEADER = '\033[95m' - _OKBLUE = '\033[94m' - _OKCYAN = '\033[96m' - _OKGREEN = '\033[92m' - _WARNING = '\033[93m' - _FAIL = '\033[91m' - _BOLD = '\033[1m' - _UNDERLINE = '\033[4m' - - # def __getattribute__(self, name): - # print("Calling __getattribute__") - # return object.__getattribute__(self, f"_{name}") - - -class Status(Enum): - ACTIVE = f"{Color.OKBLUE}ACTIVE{Color.END}" - FAILED = f"{Color.FAIL}FAILED{Color.END}" - DONE = f"{Color.OKGREEN}DONE{Color.END}" - UNKNOWN = f"{Color.WARNING}UNKNOWN{Color.END}" - - -def fromisoformat(date_string): - try: - return datetime.datetime.fromisoformat(date_string.rstrip("Z")) - except AttributeError: - return datetime.datetime( - year=int(date_string[0:4]), - month=int(date_string[5:7]), - day=int(date_string[8:10]), - hour=int(date_string[11:13]), - minute=int(date_string[14:16]), - second=int(date_string[17:19]), - ) - - -def get_duration(date_string, until=None): - until = fromisoformat(until) if until is not None else datetime.datetime.now() - date = fromisoformat(date_string) - duration = int((until - date).total_seconds()) - hours = int(duration / 3600) - minutes = int((duration % 3600) / 60) - seconds = int(duration % 60) - output = [ - f"{hours}h" if hours else "", - f"{minutes}m" if minutes else "", - f"{seconds}s" if seconds else "", - ] - return "".join(output) - - -def parse_json_output(project_name): - jobs = {} - statuses = {} - result = run(["oc", "-n", project_name, "get", "jobs", "--sort-by=.metadata.creationTimestamp", "-o", "json"], stdout=PIPE, check=True, universal_newlines=True) - result = json.loads(result.stdout) - for job in result["items"]: - try: - cronjob = list([ref["name"] for ref in job["metadata"]["ownerReferences"] if ref["kind"] == "CronJob"])[0] - except (KeyError, IndexError): - continue - full_name = job["metadata"]["name"] - jobs[cronjob] = full_name - details = None - if job["status"].get("active", 0) > 0: - status = Status.ACTIVE - duration = get_duration(job['status']['startTime']) - details = f"for {duration}" - failures = job["status"].get("failed", 0) - if failures > 0: - details += f" {Color.WARNING}(failed {failures} time{'s' if failures > 1 else ''}, was restarted){Color.END}" - elif job["status"].get("failed", 0) > 0: - status = Status.FAILED - try: - completed = job['status']['conditions'][0]['lastTransitionTime'] - except KeyError: - pass - else: - at = get_duration(completed) - duration = get_duration(job['status']['startTime'], completed) - details = f"{at} ago, ran for {duration}" - elif job["status"].get("succeeded") == job["spec"]["completions"]: - status = Status.DONE - completed = job['status']['completionTime'] - at = get_duration(completed) - duration = get_duration(job['status']['startTime'], completed) - details = f"{at} ago, ran for {duration}" - else: - status = Status.UNKNOWN - statuses[cronjob] = (status, details) - return jobs, statuses - - -def project_report(project_name): - jobs, statuses = parse_json_output(project_name) - for name in sorted(jobs): - full_name = jobs[name] - status, details = statuses[name] - showlogs = f"oc -n {project_name} logs job/{full_name}" - if status == Status.ACTIVE: - showlogs += " -f --since 1s" - else: - showlogs += " | less" - print(f"{Color.BOLD}→ {name}:{Color.END} {status.value} {details or ''}") - print(showlogs) - - -def main(): - parser = ArgumentParser() - parser.add_argument("project_name", nargs="+") - args = parser.parse_args() - for project_name in args.project_name: - project_report(project_name) - - -if __name__ == "__main__": - main() diff --git a/files/scripts/linuxsystemroles-logs-clean b/files/scripts/linuxsystemroles-logs-clean deleted file mode 100755 index cca129c376..0000000000 --- a/files/scripts/linuxsystemroles-logs-clean +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/bash -# -# Contact: -# Email: systemroles-owner@lists.fedorahosted.org -# IRC/matrix: #systemroles - @all - irc.libera.chat - -set -euo pipefail - -AGE_IN_DAYS=${AGE_IN_DAYS:-183} -newest_date=$(date --date="${AGE_IN_DAYS} days ago" +%Y%m%d) - -function normalize_image_name() { - if [[ "${1:-}" =~ ^(RHEL-[[:digit:]]+\.[[:digit:]]+)[.-]([[:alnum:]._-]+)?$ ]]; then - echo "${BASH_REMATCH[1]}" - else - echo "${1:-}" - fi -} - -if [ -z "${1:-}" ]; then - echo "Need a directory to pushd in" >&2 - exit 1 -fi - -pushd "${1}" - -find -maxdepth 1 -type d | while read dir; do - # Case: linux-system-roles-certificate-pull-linux-system-roles_certificate-80-4f880f7-rhel-x-20210305-152227 - if [[ "${dir}" =~ ^./linux-system-roles-[[:alnum:]._-]+-pull-linux-system-roles_([[:alnum:]._-]+)-[[:digit:]]+-([[:xdigit:]]+|HEAD)-([[:alnum:]._-]+)-([[:digit:]]+)-([[:digit:]]+)$ ]]; then - echo "${BASH_REMATCH[1]}" "$(normalize_image_name "${BASH_REMATCH[3]}")" "${BASH_REMATCH[4]}" "${BASH_REMATCH[5]}" "${dir}" - # Case: lsr-citool_bootloader-19-0f14842_20220104-080416 - elif [[ "${dir}" =~ ^./lsr-citool_([[:alnum:]._-]+)-[[:digit:]]+-([[:xdigit:]]+|HEAD)_([[:digit:]]+)-([[:digit:]]+)$ ]]; then - echo "${BASH_REMATCH[1]}" "unknown" "${BASH_REMATCH[3]}" "${BASH_REMATCH[4]}" "${dir}" - # Case: lsr-citool_certificate-132-212741b_RHEL-9.1.0-20220814.1_20220818-223408 - elif [[ "${dir}" =~ ^./lsr-citool_([[:alnum:]._-]+)-[[:digit:]]+-([[:xdigit:]]+|HEAD)_([[:alnum:]._-]+)_([[:digit:]]+)-([[:digit:]]+)$ ]]; then - echo "${BASH_REMATCH[1]}" "$(normalize_image_name "${BASH_REMATCH[3]}")" "${BASH_REMATCH[4]}" "${BASH_REMATCH[5]}" "${dir}" - # Case: lsr-citool_network-509-82dd06b_RHEL-6.10-updates-20201110.17 - elif [[ "${dir}" =~ ^./lsr-citool_([[:alnum:]._-]+)-[[:digit:]]+-([[:xdigit:]]+|HEAD)_([[:alnum:]._-]+)$ ]]; then - tmod="$(stat -c %Y "${dir}")" - tmod="$(date --date="@${tmod}" +'%Y%m%d %H%M%S')" - echo "${BASH_REMATCH[1]}" "$(normalize_image_name "${BASH_REMATCH[3]}")" "${tmod}" "${dir}" - # Case: lsr-citool_* (artifacts of early lsr-citool development) - elif [[ "${dir}" =~ ^./lsr-citool_.*$ ]]; then - tmod="$(stat -c %Y "${dir}")" - tmod="$(date --date="@${tmod}" +'%Y%m%d %H%M%S')" - echo unknown unknown "${tmod}" "${dir}" - fi -done | sort -n -r | while read role image date time dir; do - # `sort -n -r` ensures that the most recent log for $role $image is on the top - if [[ "${role}" = unknown && "${date}" -lt "${newest_date}" ]]; then - # Let not artifacts of early stage of lsr-citool development to rot forever - rm -rf "${dir}" - continue - fi - latest_file=".latest_${role}_${image}" - if [[ -f "${latest_file}" ]]; then - # Latest log for $role $image seen already - if [[ "${date}" -lt "${newest_date}" ]]; then - rm -rf "${dir}" - fi - else - echo keeping ${role} ${image} ${date} ${time} ${dir} - echo "${dir}" > "${latest_file}" - fi -done -rm -rf .latest_* - -popd diff --git a/files/scripts/linuxsystemroles-logs-clean.test b/files/scripts/linuxsystemroles-logs-clean.test deleted file mode 100755 index 81d590dd52..0000000000 --- a/files/scripts/linuxsystemroles-logs-clean.test +++ /dev/null @@ -1,417 +0,0 @@ -#!/bin/bash -# -# Test `linuxsystemroles-logs-clean` script. -# -# Usage: ./linuxsystemroles-logs-clean.test -# -# Expects `linuxsystemroles-logs-clean` script in the same directory. - -set -euo pipefail - -: <<_EOF_ - -Roles (as found in log names at /srv/pub/alt/linuxsystemroles/logs): - "ad_integration" - "bootloader" - "certificate" - "ci-test" - "ci-testing" - "cockpit" - "crypto_policies" - "firewall" - "ha_cluster" - "kdump" - "kernel_settings" - "logging" - "metrics" - "mssql" - "nbde_client" - "nbde_server" - "network" - "podman" - "postfix" - "postgresql" - "rhc" - "selinux" - "ssh" - "storage" - "timesync" - "tlog" - "tuned" - "vpn" - -Images (as found in log names at /srv/pub/alt/linuxsystemroles/logs): - "centos-6" - "centos-7" - "centos-8" - "fedora-33" - "fedora-34" - "fedora-35" - "rhel-6" - "rhel-7" - "rhel-8" - "rhel-8-y" - "rhel-x" - "CentOS-7-latest" - "CentOS-Stream-8" - "Fedora-36" - "Fedora-37" - "RHEL-6.10-updates-20201110.17" - "RHEL-7.9-updates-20221012.4" - "RHEL-8.8.0-20221211.0" - "RHEL-9.2.0-20221212.0" - -_EOF_ - -ME="$(basename ${0})" -HERE="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)" -NOW="$(date +'%Y-%m-%d %H:%M:%S')" -TEMPDIR="$(mktemp -d /var/tmp/${ME}.XXXXXXXXXX)" -STATUS=0 - -trap "rm -rf ${TEMPDIR}" ABRT EXIT HUP INT QUIT TERM - -## -# failure - report test's failure and set STATUS to 1 -# -# Parameters: -# $1 - message -# -function failure() { - echo $* >&2 - STATUS=1 -} - -## -# error - report an error and exit with 2 -# -# Parameters: -# $1 - message -# -function error() { - echo $* >&2 - exit 2 -} - -## -# log_1_name - generate a name of a directory with logs -# -# Parameters: -# $1 - role name -# $2 - pull request number -# $3 - commit hash -# $4 - image name -# $5 - date -# $6 - time -# -function log_1_name() { - echo "linux-system-roles-${1}-pull-linux-system-roles_${1}-${2}-${3}-${4}-${5}-${6}" -} - -## -# log_2_name - see log_1_name -# -function log_2_name() { - if [[ -z "${4:-}" ]]; then - echo "lsr-citool_${1}-${2}-${3}_${5}-${6}" - elif [[ -z "${5:-}" || -z "${6:-}" ]]; then - echo "lsr-citool_${1}-${2}-${3}_${4}" - else - echo "lsr-citool_${1}-${2}-${3}_${4}_${5}-${6}" - fi -} - -## -# log_3_name - see log_1_name -# -function log_3_name() { - # Produced by early stage of development of lsr-citool - echo "lsr-citool_ci-tt" -} - -## -# log_4_name - see log_1_name -# -function log_4_name() { - # Produced by early stage of development of lsr-citool - echo "lsr-citool_repoName-7-54sd5fsd_${5}-${6}" -} - -## -# stay - decides whether log should stay or be removed (auxiliary function -# used by prep_test) -# -# Parameters: -# $1 - days ago divided by 10 (integer division) -# -function stay() { - if [[ ${1:-0} -ge 18 ]]; then - echo 0 - else - echo 1 - fi -} - -## -# stay3 - decides which group of logs should stay (see prep_test) -# -# Parameters: -# $1 - group A days ago divided by 10 (integer division) -# $2 - group B days ago divided by 10 (integer division) -# $3 - group C days ago divided by 10 (integer division) -# $4 - selector -# -function stay3() { - local A="$(stay "${1:-}")" - local B="$(stay "${2:-}")" - local C="$(stay "${3:-}")" - - # It is assumed that group A is younger than group B is younger than group C - # (see prep_test). Thus, A should stay if all groups are deletion candidates - if [[ "${A}${B}${C}" = "000" ]]; then - A=1 - fi - - case "${4:-}" in - A) echo "${A}";; - B) echo "${B}";; - C) echo "${C}";; - *) error "stay3: Invalid selector (${4:-})";; - esac -} - -## -# create_log - create a log -# -# Options: -# -n - do not include time stamp into log name -# -# Parameters: -# $1 - log name generator -# $2 - role name -# $3 - pull request number -# $4 - commit hash -# $5 - image name -# $6 - time ago (___) -# $7 - stay flag (1 - log should stay, 0 - log should be removed) -# -function create_log() { - local INCLUDE_STAMP=1 - local LOG_STAMP="" - local LOG_DATE="" - local LOG_TIME="" - local LOG_NAME="" - local TEMP="" - - if [[ "X${1:-}" = X-n ]]; then - INCLUDE_STAMP=0 - shift - fi - - if [[ "${6:-}" =~ ^([[:digit:]]+)_([[:digit:]]+)_([[:digit:]]+)_([[:digit:]]+)$ ]]; then - if [[ "${BASH_REMATCH[1]}" -gt 0 ]]; then - TEMP+="${BASH_REMATCH[1]} days ago " - fi - if [[ "${BASH_REMATCH[2]}" -gt 0 ]]; then - TEMP+="${BASH_REMATCH[2]} hours ago " - fi - if [[ "${BASH_REMATCH[3]}" -gt 0 ]]; then - TEMP+="${BASH_REMATCH[3]} minutes ago " - fi - if [[ "${BASH_REMATCH[4]}" -gt 0 ]]; then - TEMP+="${BASH_REMATCH[4]} seconds ago " - fi - LOG_STAMP="$(date --date="${NOW} ${TEMP}" +'%Y-%m-%d %H:%M:%S')" - LOG_DATE="$(date --date="${LOG_STAMP}" +%Y%m%d)" - LOG_TIME="$(date --date="${LOG_STAMP}" +%H%M%S)" - else - error "create_log: Invalid time ago (${6:-})" - fi - - if [[ ${INCLUDE_STAMP} -eq 1 ]]; then - LOG_NAME="$(${1} "${2}" "${3}" "${4}" "${5}" ${LOG_DATE} ${LOG_TIME})" - else - LOG_NAME="$(${1} "${2}" "${3}" "${4}" "${5}" "" "")" - fi - - mkdir -p ${TEMPDIR}/logs/${LOG_NAME} - echo log > ${TEMPDIR}/logs/${LOG_NAME}/log - - touch --date="${LOG_STAMP}" ${TEMPDIR}/logs/${LOG_NAME}/log ${TEMPDIR}/logs/${LOG_NAME} - - echo ${7} ${LOG_NAME} >> ${TEMPDIR}/assertions -} - -## -# prep_test - prepare a test directory -# -# Parameters: -# $1 - A-group age (1 - young, 0 - old) -# $2 - B-group age (1 - young, 0 - old) -# $3 - C-group age (1 - young, 0 - old) -# $4 - D-group age (1 - young, 0 - old) -# -function prep_test() { - local A="" - local B="" - local C="" - local D="" - - if [[ ${1:-1} -eq 0 ]]; then - A=20 - fi - if [[ ${2:-1} -eq 0 ]]; then - B=20 - fi - if [[ ${3:-1} -eq 0 ]]; then - C=20 - fi - if [[ ${4:-1} -eq 0 ]]; then - D=20 - fi - - create_log log_1_name certificate 0 HEAD centos-8 ${A}5_0_0_0 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_1_name certificate 0 HEAD rhel-8-y ${A}5_0_0_5 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_1_name certificate 0 HEAD rhel-x ${A}5_0_0_10 $(stay3 "${A}" "${B}" "${C}" A) - - create_log log_1_name certificate 1 3dbef8b centos-8 ${B}5_0_5_0 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_1_name certificate 1 3dbef8b rhel-8-y ${B}5_0_5_5 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_1_name certificate 1 3dbef8b rhel-x ${B}5_0_5_10 $(stay3 "${A}" "${B}" "${C}" B) - - create_log log_1_name certificate 15 0c2a97e centos-8 ${C}5_0_10_0 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_1_name certificate 15 0c2a97e rhel-8-y ${C}5_0_10_5 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_1_name certificate 15 0c2a97e rhel-x ${C}5_0_10_10 $(stay3 "${A}" "${B}" "${C}" C) - - create_log log_1_name network 127 2936b72 fedora-35 ${A}5_0_1_0 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_1_name network 127 2936b72 rhel-6 ${A}5_0_1_5 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_1_name network 127 2936b72 rhel-x ${A}5_0_1_10 $(stay3 "${A}" "${B}" "${C}" A) - - create_log log_1_name network 136 5480c71 fedora-35 ${B}5_0_6_0 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_1_name network 136 5480c71 rhel-6 ${B}5_0_6_5 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_1_name network 136 5480c71 rhel-x ${B}5_0_6_10 $(stay3 "${A}" "${B}" "${C}" B) - - create_log log_1_name network 201 c09573b fedora-35 ${C}5_0_11_0 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_1_name network 201 c09573b rhel-6 ${C}5_0_11_5 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_1_name network 201 c09573b rhel-x ${C}5_0_11_10 $(stay3 "${A}" "${B}" "${C}" C) - - create_log log_1_name timesync 17 ec8e4f4 centos-6 ${A}5_0_2_0 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_1_name timesync 17 ec8e4f4 fedora-34 ${A}5_0_2_5 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_1_name timesync 17 ec8e4f4 rhel-7 ${A}5_0_2_10 $(stay3 "${A}" "${B}" "${C}" A) - - create_log log_1_name timesync 22 41265d0 centos-6 ${B}5_0_7_0 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_1_name timesync 22 41265d0 fedora-34 ${B}5_0_7_5 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_1_name timesync 22 41265d0 rhel-7 ${B}5_0_7_10 $(stay3 "${A}" "${B}" "${C}" B) - - create_log log_1_name timesync 99 f5dae11 centos-6 ${C}5_0_12_0 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_1_name timesync 99 f5dae11 fedora-34 ${C}5_0_12_5 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_1_name timesync 99 f5dae11 rhel-7 ${C}5_0_12_10 $(stay3 "${A}" "${B}" "${C}" C) - - create_log log_2_name ad_integration 1 aeae773 "" ${A}5_0_3_0 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_2_name ad_integration 1 aeae773 CentOS-7-latest ${A}5_0_3_5 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_2_name ad_integration 1 aeae773 CentOS-Stream-8 ${A}5_0_3_10 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_2_name ad_integration 1 aeae773 Fedora-37 ${A}5_0_3_15 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_2_name ad_integration 1 aeae773 RHEL-6.10-updates-20201110.17 ${A}5_0_3_20 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_2_name ad_integration 1 aeae773 RHEL-9.2.0-20221212.0 ${A}5_0_3_25 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_2_name ad_integration 1 aeae773 RHEL-6.10-updates-20201210.18 ${A}5_0_3_30 $(stay "${A}") - create_log log_2_name ad_integration 1 aeae773 RHEL-9.2.1-20221221.1 ${A}5_0_3_35 $(stay "${A}") - - create_log log_2_name ad_integration 11 f1f12e2 "" ${B}5_0_8_0 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_2_name ad_integration 11 f1f12e2 CentOS-7-latest ${B}5_0_8_5 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_2_name ad_integration 11 f1f12e2 CentOS-Stream-8 ${B}5_0_8_10 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_2_name ad_integration 11 f1f12e2 Fedora-37 ${B}5_0_8_15 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_2_name ad_integration 11 f1f12e2 RHEL-6.10-updates-20201110.17 ${B}5_0_8_20 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_2_name ad_integration 11 f1f12e2 RHEL-9.2.0-20221212.0 ${B}5_0_8_25 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_2_name ad_integration 11 f1f12e2 RHEL-6.10-updates-20201210.18 ${B}5_0_8_30 $(stay "${B}") - create_log log_2_name ad_integration 11 f1f12e2 RHEL-9.2.1-20221221.1 ${B}5_0_8_35 $(stay "${B}") - - create_log log_2_name ad_integration 32 1148efe "" ${C}5_0_13_0 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_2_name ad_integration 32 1148efe CentOS-7-latest ${C}5_0_13_5 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_2_name ad_integration 32 1148efe CentOS-Stream-8 ${C}5_0_13_10 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_2_name ad_integration 32 1148efe Fedora-37 ${C}5_0_13_15 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_2_name ad_integration 32 1148efe RHEL-6.10-updates-20201110.17 ${C}5_0_13_20 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_2_name ad_integration 32 1148efe RHEL-9.2.0-20221212.0 ${C}5_0_13_25 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_2_name ad_integration 32 1148efe RHEL-6.10-updates-20201210.18 ${C}5_0_13_30 $(stay "${C}") - create_log log_2_name ad_integration 32 1148efe RHEL-9.2.1-20221221.1 ${C}5_0_13_35 $(stay "${C}") - - create_log log_2_name bootloader 2 264569a "" ${A}5_0_4_0 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_2_name bootloader 2 264569a CentOS-Stream-8 ${A}5_0_4_5 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_2_name bootloader 2 264569a Fedora-36 ${A}5_0_4_10 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_2_name bootloader 2 264569a RHEL-8.8.0-20221211.0 ${A}5_0_4_15 $(stay3 "${A}" "${B}" "${C}" A) - create_log -n log_2_name bootloader 2 264569a RHEL-9.2.0-20221212.0 ${A}5_0_4_20 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_2_name bootloader 2 264569a RHEL-8.8.1-20221221.5 ${A}5_0_4_25 $(stay "${A}") - create_log -n log_2_name bootloader 2 264569a RHEL-9.2.2-20221222.11 ${A}5_0_4_30 $(stay "${A}") - - create_log log_2_name bootloader 21 d1f589b "" ${B}5_0_9_0 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_2_name bootloader 21 d1f589b CentOS-Stream-8 ${B}5_0_9_5 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_2_name bootloader 21 d1f589b Fedora-36 ${B}5_0_9_10 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_2_name bootloader 21 d1f589b RHEL-8.8.0-20221211.0 ${B}5_0_9_15 $(stay3 "${A}" "${B}" "${C}" B) - create_log -n log_2_name bootloader 21 d1f589b RHEL-9.2.0-20221212.0 ${B}5_0_9_20 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_2_name bootloader 21 d1f589b RHEL-8.8.1-20221221.5 ${B}5_0_9_25 $(stay "${B}") - create_log -n log_2_name bootloader 21 d1f589b RHEL-9.2.2-20221222.11 ${B}5_0_9_30 $(stay "${B}") - - create_log log_2_name bootloader 82 bfa1e33 "" ${C}5_0_14_0 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_2_name bootloader 82 bfa1e33 CentOS-Stream-8 ${C}5_0_14_5 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_2_name bootloader 82 bfa1e33 Fedora-36 ${C}5_0_14_10 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_2_name bootloader 82 bfa1e33 RHEL-8.8.0-20221211.0 ${C}5_0_14_15 $(stay3 "${A}" "${B}" "${C}" C) - create_log -n log_2_name bootloader 82 bfa1e33 RHEL-9.2.0-20221212.0 ${C}5_0_14_20 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_2_name bootloader 82 bfa1e33 RHEL-8.8.1-20221221.5 ${C}5_0_14_25 $(stay "${C}") - create_log -n log_2_name bootloader 82 bfa1e33 RHEL-9.2.2-20221222.11 ${C}5_0_14_30 $(stay "${C}") - - create_log -n log_3_name "" "" "" "" ${D}5_0_30_0 $(stay ${D}) - create_log log_4_name "" "" "" "" ${D}5_0_30_5 $(stay ${D}) -} - -## -# verify_results - verify the test results -# -function verify_results() { - while read PRESENT LOG_NAME; do - if [[ "${PRESENT}" -eq 0 && -d ${TEMPDIR}/logs/${LOG_NAME} ]]; then - failure "[FAIL] Log ${LOG_NAME} should be removed." - elif [[ "${PRESENT}" -eq 1 && ! -d ${TEMPDIR}/logs/${LOG_NAME} ]]; then - failure "[FAIL] Log ${LOG_NAME} should be present." - fi - done < ${TEMPDIR}/assertions -} - -## -# clean_test - remove test assets -# -function clean_test() { - rm -rf ${TEMPDIR}/logs ${TEMPDIR}/assertions -} - -## -# test_log_pruning - test log pruning script -# -# Parameters: -# see prep_test -# -function test_log_pruning() { - prep_test "$@" - ${HERE}/linuxsystemroles-logs-clean ${TEMPDIR}/logs >/dev/null - verify_results - clean_test -} - -test_log_pruning 0 0 0 0 -test_log_pruning 0 0 0 1 -test_log_pruning 0 0 1 0 -test_log_pruning 0 0 1 1 - -test_log_pruning 0 1 0 0 -test_log_pruning 0 1 0 1 -test_log_pruning 0 1 1 0 -test_log_pruning 0 1 1 1 - -test_log_pruning 1 0 0 0 -test_log_pruning 1 0 0 1 -test_log_pruning 1 0 1 0 -test_log_pruning 1 0 1 1 - -test_log_pruning 1 1 0 0 -test_log_pruning 1 1 0 1 -test_log_pruning 1 1 1 0 -test_log_pruning 1 1 1 1 - -[[ ${STATUS} -eq 0 ]] diff --git a/files/scripts/restart-broken-ipv6 b/files/scripts/restart-broken-ipv6 deleted file mode 100755 index 69253174cd..0000000000 --- a/files/scripts/restart-broken-ipv6 +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -ping6 -q -c 1 -w 2 2600:: >& /dev/null -if [ $? -ne 0 ]; -then - nmcli c up eth0 >& /dev/null -fi diff --git a/files/trac/trac-vhost.conf b/files/trac/trac-vhost.conf new file mode 100644 index 0000000000..113ce3dff9 --- /dev/null +++ b/files/trac/trac-vhost.conf @@ -0,0 +1,10 @@ + + ServerName trac-dev.cloud.fedoraproject.org + WSGIScriptAlias / /srv/www/trac/trac.wsgi + + + WSGIProcessGroup %{GLOBAL} + Order deny,allow + Allow from all + + diff --git a/files/trac/trac.wsgi b/files/trac/trac.wsgi new file mode 100644 index 0000000000..2162930d9e --- /dev/null +++ b/files/trac/trac.wsgi @@ -0,0 +1,15 @@ +import __main__ +if hasattr(__main__, '__requires__'): + if isinstance(__main__.__requires__, basestring): + __main__.__requires__ = [__main__.__requires__] +else: + __main__.__requires__ = [] +__main__.__requires__.append('Trac') + +import os + +os.environ['TRAC_ENV_PARENT_DIR'] = '/srv/www/trac/projects' +os.environ['PYTHON_EGG_CACHE'] = '/var/cache/trac' + +import trac.web.main +application = trac.web.main.dispatch_request diff --git a/files/twisted/ssh-pub-key b/files/twisted/ssh-pub-key new file mode 100644 index 0000000000..01232559f6 --- /dev/null +++ b/files/twisted/ssh-pub-key @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDxFYkms3bEGIGpH0Dg0JgvsdHI/pWkS4ynCn/poyVcKc+SL1StKoOFPzzFh7dGVIeQ6q8MLbm246H8Swx57R13Q3bhtTs5Gpy5bNC7HejkWbrrMEJuKxVKhIintbC+tT04OFBFklVePuxacsc3EBdTHSnz9o41MfJnjv58VxJB5bwfgsV7FMDLHnBpujlPPH1hZG5A0fwD8VgCwaRVirIs9Kw35yKEUm8D76vOxjAqm7UTexEcPNFb4tYGzI00hbPS374FzoO4ZuXxv1ymakw9iyL54Hwbyj8JxBbgfZ6TvgLSSN9OU+KRqz1NqfepSj+y8up0Q+W8J5UObvf02VZrJKVgnIVe5gw4iDx/5E7F4qmf8qa5YUlJnP3LWRz6jhtQE+m6Ro7zItnoqPR3EtQZ9rMgaS1+/qPX7hcB35hlGZbhj0IDY+HE98ehUivUuxSoLOp8c+COaJ2b5+wSQigi9jRYx0qPeCOCCtA8vF8z4SOmD3I6IsPzlCiejeC5y3tWoQqJPR430TPBJ7CMNbbHPNF8GyzM7vFukqSpgacLq1f/YgBwqiRLVk+ktgUM/+fHuE6mUDMdE+Ag2lfwHnLI7DOwaJdr7JoAoSi6R+uTRhx1d4AET1sMv/HXKD+4Abu0WyaT3l/xO+hBABz+KO33gPUdCsKOw7lvJFZRC+OSyQ== diff --git a/files/virthost/libvirtd.conf.os b/files/virthost/libvirtd.conf.os deleted file mode 100644 index 151364ec26..0000000000 --- a/files/virthost/libvirtd.conf.os +++ /dev/null @@ -1,3 +0,0 @@ -unix_sock_group = "libvirt" -unix_sock_rw_perms = "0770" -auth_unix_rw = "none" diff --git a/files/zodbot/karma-to-cookies-db.py b/files/zodbot/karma-to-cookies-db.py deleted file mode 100755 index cf9c9896f1..0000000000 --- a/files/zodbot/karma-to-cookies-db.py +++ /dev/null @@ -1,71 +0,0 @@ -#!/usr/bin/env python3 - -import os -import shelve -from argparse import ArgumentParser - -import sqlalchemy as sa -from sqlalchemy.ext.declarative import declarative_base - - -Base = declarative_base() - - -class Cookie(Base): - __tablename__ = "cookies" - __table_args__ = ( - sa.Index("idx_cookies_to_user_release", "to_user", "release"), - ) - from_user = sa.Column(sa.String(254), nullable=False, primary_key=True) - to_user = sa.Column(sa.String(254), nullable=False, primary_key=True) - release = sa.Column(sa.String(63), nullable=False, primary_key=True) - value = sa.Column(sa.Integer, nullable=False, default=1) - date = sa.Column(sa.DateTime, nullable=False, server_default=sa.func.current_timestamp()) - - -def get_pg_url(): - with open(os.path.expanduser("~/.pgpass")) as fh: - for line in fh: - hostname, port, database, username, password = line.strip().split(":") - if username == "maubot": - return f"postgresql://{username}:{password}@{hostname}/{database}" - - -def parse_args(): - parser = ArgumentParser() - parser.add_argument("-i", "--instance", required=True, help="The maubot instance name") - parser.add_argument("karma_db", help="The Limnoria Karma DB") - # parser.add_argument("cookies_db", help="The Maubot Cookies DB") - return parser.parse_args() - - -def main(): - args = parse_args() - karma_data = shelve.open(args.karma_db, flag="r", protocol=2) - # engine = sa.create_engine(f"sqlite:///{args.cookies_db}") - engine = sa.create_engine(get_pg_url()) - Cookie.__table__.schema = f"mbp_{args.instance}" - # Base.metadata.create_all(engine) - Session = sa.orm.sessionmaker(bind=engine) - session = Session() - for mode, data in karma_data.items(): - direction, release = mode.split("-") - if direction != "forwards": - continue - if not release.startswith("f"): - continue - release = release[1:] # Only the number - print(release, len(data)) - for agent, gifts in data.items(): - for recip, value in gifts.items(): - cookie = Cookie(from_user=agent, to_user=recip, release=release, value=value) - session.add(cookie) - try: - session.commit() - except sa.exc.IntegrityError: - session.rollback() - continue - - -if __name__ == "__main__": - main() diff --git a/filter_plugins/fedmsg.py b/filter_plugins/fedmsg.py new file mode 100644 index 0000000000..b31f14cb41 --- /dev/null +++ b/filter_plugins/fedmsg.py @@ -0,0 +1,39 @@ +import operator + + +def invert_fedmsg_policy(groups, vars, env): + """ Given hostvars that map hosts -> topics, invert that + and return a dict that maps topics -> hosts. + + Really, returns a list of tuples -- not a dict. + """ + + if env == 'staging': + hosts = groups['staging'] + groups['fedmsg-qa-network-stg'] + groups['openshift-pseudohosts-stg'] + else: + hosts = [h for h in groups['all'] if h not in groups['staging'] + groups['openshift-pseudohosts-stg']] + + inverted = {} + for host in hosts: + prefix = '.'.join([vars[host]['fedmsg_prefix'], + vars[host]['fedmsg_env']]) + fqdn = vars[host].get('fedmsg_fqdn', host) + + for cert in vars[host]['fedmsg_certs']: + for topic in cert.get('can_send', []): + key = prefix + '.' + topic + inverted[key] = inverted.get(key, []) + inverted[key].append(cert['service'] + '-' + fqdn) + + result = inverted.items() + # Sort things so they come out in a reliable order (idempotence) + [inverted[key].sort() for key in inverted] + result.sort(key=operator.itemgetter(0)) + return result + + +class FilterModule(object): + def filters(self): + return { + "invert_fedmsg_policy": invert_fedmsg_policy, + } diff --git a/filter_plugins/openstack.py b/filter_plugins/openstack.py new file mode 100644 index 0000000000..81407f0ab6 --- /dev/null +++ b/filter_plugins/openstack.py @@ -0,0 +1,107 @@ +from ansible import errors +from glanceclient import Client as GlanceClient +from keystoneclient import session +from keystoneclient.auth.identity import v2 as identity +from neutronclient.neutron.client import Client as NeutronClient +from novaclient.v3.client import Client +import glanceclient.exc +import json +import novaclient.exceptions + +def flavor_id_to_name(host_vars, user, password, tenant, auth_url): + nt = Client(user, password, tenant, auth_url, service_type="compute") + try: + flavor = nt.flavors.get(host_vars) + except novaclient.exceptions.NotFound: + raise errors.AnsibleFilterError('There is no flavor of name {0} accessible for tenant {1}'.format(host_vars, tenant)) + return flavor.name + + +def flavor_name_to_id(host_vars, user, password, tenant, auth_url): + nt = Client(user, password, tenant, auth_url, service_type="compute") + for i in nt.flavors.list(): + if i.name == host_vars: + return i.id + raise errors.AnsibleFilterError('There is no flavor of id {0} accessible for tenant {1}'.format(host_vars, tenant)) + +def image_id_to_name(host_vars, user, password, tenant, auth_url): + auth = identity.Password(auth_url=auth_url, username=user, + password=password, tenant_name=tenant) + sess = session.Session(auth=auth) + token = auth.get_token(sess) + endpoint = auth.get_endpoint(sess, service_name='glance', service_type='image') + glance = GlanceClient('2', endpoint=endpoint, token=token) + try: + return glance.images.get(host_vars).name + except glanceclient.exc.HTTPNotFound: + raise errors.AnsibleFilterError('There is no image of id {0} accessible for tenant {1}'.format(host_vars, tenant)) + +def image_name_to_id(host_vars, user, password, tenant, auth_url): + auth = identity.Password(auth_url=auth_url, username=user, + password=password, tenant_name=tenant) + sess = session.Session(auth=auth) + token = auth.get_token(sess) + endpoint = auth.get_endpoint(sess, service_name='glance', service_type='image') + glance = GlanceClient('2', endpoint=endpoint, token=token) + for i in glance.images.list(): + if i.name == host_vars: + return i.id + raise errors.AnsibleFilterError('There is no image of name {0} accessible for tenant {1}'.format(host_vars, tenant)) + +def network_name_to_id(host_vars, user, password, tenant, auth_url): + """ Accept one name of network or list of names of networks and return the same + structure, but names replaced by ids of the network(s). """ + auth = identity.Password(auth_url=auth_url, username=user, + password=password, tenant_name=tenant) + sess = session.Session(auth=auth) + token = auth.get_token(sess) + endpoint = auth.get_endpoint(sess, service_name='neutron', service_type='network') + neutron = NeutronClient('2.0', endpoint_url=endpoint, token=token) + result_as_list = isinstance(host_vars, list) + if not result_as_list: + host_vars = [host_vars] + result = [] + for net in host_vars: + networks = neutron.list_networks(name=net, fields='name')["networks"] + if networks: + result += [networks[0]['id']] + else: + raise errors.AnsibleFilterError('There is no network of name {0} accessible for tenant {1}'.format(net, tenant)) + if result_as_list: + return result + else: + return result[0] + +def network_id_to_name(host_vars, user, password, tenant, auth_url): + """ Accept one id of network or list of ids of networks and return the same + structure, but ids replaced by name of the network(s). """ + auth = identity.Password(auth_url=auth_url, username=user, + password=password, tenant_name=tenant) + sess = session.Session(auth=auth) + token = auth.get_token(sess) + endpoint = auth.get_endpoint(sess, service_name='neutron', service_type='network') + neutron = NeutronClient('2.0', endpoint_url=endpoint, token=token) + result_as_list = isinstance(host_vars, list) + if not result_as_list: + host_vars = [host_vars] + result = [] + for net in host_vars: + networks = neutron.list_networks(id=net, fields='name')["networks"] + if networks: + result += [networks[0]['name']] + else: + raise errors.AnsibleFilterError('There is no network of id {0} accessible for tenant {1}'.format(net, tenant)) + if result_as_list: + return result + else: + return result[0] + +class FilterModule (object): + def filters(self): + return {"flavor_id_to_name": flavor_id_to_name, + "flavor_name_to_id": flavor_name_to_id, + "image_id_to_name": image_id_to_name, + "image_name_to_id": image_name_to_id, + "network_name_to_id": network_name_to_id, + "network_id_to_name": network_id_to_name, + } diff --git a/handlers/restart_services.yml b/handlers/restart_services.yml index cfdb02735f..93e20433dd 100644 --- a/handlers/restart_services.yml +++ b/handlers/restart_services.yml @@ -1,190 +1,182 @@ ######################################## # Handlers for restarting services # ---- -- name: Reload systemd - ansible.builtin.command: systemctl daemon-reload -- name: Restart apache - ansible.builtin.command: /usr/local/bin/conditional-restart.sh httpd httpd +- name: restart apache + command: /usr/local/bin/conditional-restart.sh httpd httpd -- name: Reload apache +- name: reload apache action: service name=httpd state=reloaded -- name: Restart collectd +- name: restart collectd action: service name=collectd state=restarted -- name: Restart crond +- name: restart crond action: service name=crond state=restarted -- name: Restart fm-consumer@koji_sync_listener - action: service name=fm-consumer@koji_sync_listener state=restarted enabled=yes +- name: restart fedmsg-gateway + command: /usr/local/bin/conditional-restart.sh fedmsg-gateway fedmsg-gateway -- name: Reload httpd - ansible.builtin.command: /usr/local/bin/conditional-reload.sh httpd httpd +- name: restart fedmsg-hub + command: /usr/local/bin/conditional-restart.sh fedmsg-hub fedmsg-hub + # Note that, we're cool with arbitrary restarts on bodhi-backend02, just + # not bodhi-backend01 or bodhi-backend03. 01 and 03 is where the releng/mash + # stuff happens and we # don't want to interrupt that. + when: inventory_hostname not in ['bodhi-backend01.phx2.fedoraproject.org', 'bodhi-backend03.phx2.fedoraproject.org'] -- name: Restart iptables +- name: restart fedmsg-irc + command: /usr/local/bin/conditional-restart.sh fedmsg-irc fedmsg-irc + +- name: restart fedmsg-relay + command: /usr/local/bin/conditional-restart.sh fedmsg-relay fedmsg-relay + +- name: restart koji-sync-listener + action: service name=koji-sync-listener state=restarted + +- name: reload httpd + command: /usr/local/bin/conditional-reload.sh httpd httpd + +- name: restart iptables action: service name=iptables state=restarted -- name: Restart nftables - action: service name=nftables state=restarted - -- name: Restart ip6tables +- name: restart ip6tables action: service name=ip6tables state=restarted -- name: Restart libvirtd +- name: restart jenkins + action: service name=jenkins state=restarted + +- name: restart libvirtd action: service name=libvirtd state=restarted -- name: Restart virtnetworkd - action: service name=virtnetworkd state=restarted - -- name: Restart libvirtd.socket - action: service name=libvirtd.socket state=stopped - notify: Restart libvirtd - -- name: Restart mailman +- name: restart mailman action: service name=mailman state=restarted -- name: Restart named +- name: restart named action: service name=named state=restarted -- name: Restart ntpd +- name: restart ntpd action: service name=ntpd state=restarted -- name: Restart sshd - action: service name=sshd state=restarted - -- name: Restart openvpn (Fedora) +- name: restart openvpn (Fedora) when: ansible_distribution == "Fedora" action: service name=openvpn-client@openvpn state=restarted - # notify: - # - Fix openvpn routing + #notify: + #- fix openvpn routing -- name: Restart openvpn (RHEL7+) - when: ansible_distribution == "RedHat" and ansible_distribution_major_version|int >= 7 +- name: restart openvpn (RHEL6) + when: ansible_distribution == "RedHat" and ansible_distribution_major_version|int == 6 + action: service name=openvpn state=restarted + #notify: + #- fix openvpn routing + +- name: restart openvpn (RHEL7) + when: ansible_distribution == "RedHat" and ansible_distribution_major_version|int == 7 action: service name=openvpn-client@openvpn state=restarted - # notify: - # - Fix openvpn routing + #notify: + #- fix openvpn routing -- name: Fix openvpn routing +- name: fix openvpn routing action: shell /etc/openvpn/fix-routes.sh -- name: Restart xinetd +- name: restart xinetd action: service name=xinetd state=restarted - when: not inventory_hostname.startswith('proxy') -- name: Restart netapproute +- name: restart netapproute action: command /etc/sysconfig/network-scripts/ifup-routes eth1 -- name: Restart network +- name: restart network action: service name=network state=restarted -- name: Rebuild postfix transport - ansible.builtin.command: /usr/sbin/postmap /etc/postfix/transport +- name: rebuild postfix transport + command: /usr/sbin/postmap /etc/postfix/transport -- name: Rebuild postfix bysender - ansible.builtin.command: /usr/sbin/postmap /etc/postfix/bysender +- name: rebuild postfix tls_policy + command: /usr/sbin/postmap /etc/postfix/tls_policy -- name: Rebuild postfix tls_policy - ansible.builtin.command: /usr/sbin/postmap /etc/postfix/tls_policy - -- name: Restart postfix +- name: restart postfix service: name=postfix state=restarted -- name: Reload proxyhttpd - ansible.builtin.command: /usr/local/bin/proxy-conditional-reload.sh httpd httpd +- name: reload proxyhttpd + command: /usr/local/bin/proxy-conditional-reload.sh httpd httpd -- name: Run rkhunter - ansible.builtin.command: rkhunter --propupd +- name: restart glusterd + service: name=glusterd state=restarted -- name: Restart moksha-hub +- name: restart supervisord + service: name=supervisord state=restarted + +- name: run rkhunter + command: rkhunter --propupd + +- name: restart moksha-hub service: name=moksha-hub state=restarted -- name: Restart dhcpd +- name: restart dhcpd service: name=dhcpd state=restarted -- name: Restart memcached +- name: restart memcached service: name=memcached state=restarted -- name: Restart nagios - ansible.builtin.shell: nagios -v /etc/nagios/nagios.cfg && systemctl restart nagios +- name: reload systemd + command: systemctl daemon-reload -- name: Restart bridge - ansible.builtin.shell: /usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge +- name: restart nagios + shell: nagios -v /etc/nagios/nagios.cfg && systemctl restart nagios -- name: Reload libvirtd +- name: restart bridge + shell: /usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge + +- name: reload libvirtd service: name=libvirtd state=reloaded ignore_errors: true when: ansible_virtualization_role == 'host' -- name: Restart pagure_ev +- name: restart pagure_ev service: name=pagure_ev state=restarted -- name: Update ca-trust - ansible.builtin.command: /usr/bin/update-ca-trust +- name: "update ca-trust" + command: /usr/bin/update-ca-trust -- name: Restart stunnel +- name: restart stunnel service: name=stunnel state=restarted -- name: Restart mirrorlist-server +- name: restart cinder api + service: name=openstack-cinder-api state=restarted + +- name: restart cinder scheduler + service: name=openstack-cinder-scheduler state=restarted + +- name: restart cinder volume + service: name=openstack-cinder-volume state=restarted + +- name: restart autocloud + service: name=autocloud state=restarted + +- name: restart mirrorlist-server service: name=mirrorlist-server state=restarted -- name: Restart NetworkManager +- name: restart NetworkManager service: name=NetworkManager state=restarted -- name: Reload NetworkManager-connections - ansible.builtin.command: nmcli c reload +- name: reload NetworkManager-connections + command: nmcli c reload -- name: Restart basset-worker +- name: restart basset-worker service: name=basset-worker state=restarted -- name: Apply interface-changes - ansible.builtin.command: nmcli con up {{ item.split()[1] }} +- name: apply interface-changes + command: nmcli con up {{ item.split()[1] }} async: 1 poll: 0 - loop: "{{ if_uuid.stdout_lines|flatten(levels=1) }}" - when: item.split()[1] not in ansible_ifcfg_disabled + with_items: + - "{{ if_uuid.stdout_lines }}" -- name: Flush journald tmpfiles to persistent store - ansible.builtin.command: pkill -f -USR1 systemd-journald +- name: flush journald tmpfiles to persistent store + command: pkill -f -USR1 systemd-journald -- name: Restart idmapd +- name: restart idmapd service: name=nfs-idmapd state=restarted -- name: Restart buildmaster - service: name=buildmaster state=restarted +- name: restart darkserver + service: name=darkserver state=restarted -- name: Restart rabbitmq - systemd: - name: rabbitmq-server - state: restarted - daemon_reload: yes - -- name: Restart chronyd - service: name=chronyd state=restarted - -- name: Restart kojira - systemd: - name: kojira - state: restarted - -- name: Restart haveged - service: name=haveged state=restarted - -- name: Restart obs-signd - service: name=signd state=restarted - -- name: Restart swap.swap - service: name="swap.swap" state=restarted - -- name: Restart varnish - service: name=varnish state=restarted - -- name: Reload varnish - service: name=varnish state=reload - -- name: Restart systemd-oomd - service: name=systemd-oomd state=reload - -- name: Restart debuginfod - service: name=debuginfod state=restarted diff --git a/inventory/backups b/inventory/backups index f00d329c53..21d4790e40 100644 --- a/inventory/backups +++ b/inventory/backups @@ -1,20 +1,27 @@ # -# This is the list of clients we backup with rdiff-backup. +# This is the list of clients we backup with rdiff-backup. # [backup_clients] -copr-fe.aws.fedoraproject.org -copr-keygen.aws.fedoraproject.org -db01.iad2.fedoraproject.org -db03.iad2.fedoraproject.org -db-datanommer02.iad2.fedoraproject.org -db-fas01.iad2.fedoraproject.org -batcave01.iad2.fedoraproject.org -pagure02.fedoraproject.org -people01.fedoraproject.org -pkgs01.iad2.fedoraproject.org -log01.iad2.fedoraproject.org -db-openqa01.iad2.fedoraproject.org -db-koji01.iad2.fedoraproject.org -value02.iad2.fedoraproject.org -tang01.iad2.fedoraproject.org -ipa01.iad2.fedoraproject.org +db01.phx2.fedoraproject.org +db03.phx2.fedoraproject.org +db-datanommer02.phx2.fedoraproject.org +db-fas01.phx2.fedoraproject.org +batcave01.phx2.fedoraproject.org +infinote.fedoraproject.org +pagure01.fedoraproject.org +people02.fedoraproject.org +pkgs02.phx2.fedoraproject.org +log01.phx2.fedoraproject.org +db-qa01.qa.fedoraproject.org +db-koji01.phx2.fedoraproject.org +#copr-be.cloud.fedoraproject.org +copr-fe.cloud.fedoraproject.org +copr-keygen.cloud.fedoraproject.org +#copr-dist-git.fedorainfracloud.org +value01.phx2.fedoraproject.org +taiga.fedorainfracloud.org +taskotron01.qa.fedoraproject.org +nuancier01.phx2.fedoraproject.org +magazine2.fedorainfracloud.org +communityblog.fedorainfracloud.org +upstreamfirst.fedorainfracloud.org diff --git a/inventory/builders b/inventory/builders index 8e19db7c1b..3c91197ebd 100644 --- a/inventory/builders +++ b/inventory/builders @@ -1,101 +1,114 @@ [buildvm] -buildvm-x86-01.iad2.fedoraproject.org -buildvm-x86-02.iad2.fedoraproject.org -buildvm-x86-03.iad2.fedoraproject.org -buildvm-x86-04.iad2.fedoraproject.org -buildvm-x86-05.iad2.fedoraproject.org -buildvm-x86-06.iad2.fedoraproject.org -buildvm-x86-07.iad2.fedoraproject.org -buildvm-x86-08.iad2.fedoraproject.org -buildvm-x86-09.iad2.fedoraproject.org -buildvm-x86-10.iad2.fedoraproject.org -buildvm-x86-11.iad2.fedoraproject.org -buildvm-x86-12.iad2.fedoraproject.org -buildvm-x86-13.iad2.fedoraproject.org -buildvm-x86-14.iad2.fedoraproject.org -buildvm-x86-15.iad2.fedoraproject.org -buildvm-x86-16.iad2.fedoraproject.org -buildvm-x86-17.iad2.fedoraproject.org -buildvm-x86-18.iad2.fedoraproject.org -buildvm-x86-19.iad2.fedoraproject.org -buildvm-x86-20.iad2.fedoraproject.org -buildvm-x86-21.iad2.fedoraproject.org -buildvm-x86-22.iad2.fedoraproject.org -buildvm-x86-23.iad2.fedoraproject.org -buildvm-x86-24.iad2.fedoraproject.org -buildvm-x86-25.iad2.fedoraproject.org -buildvm-x86-26.iad2.fedoraproject.org -buildvm-x86-27.iad2.fedoraproject.org -buildvm-x86-28.iad2.fedoraproject.org -buildvm-x86-29.iad2.fedoraproject.org -buildvm-x86-30.iad2.fedoraproject.org -buildvm-x86-31.iad2.fedoraproject.org -buildvm-x86-32.iad2.fedoraproject.org +buildvm-01.phx2.fedoraproject.org +buildvm-02.phx2.fedoraproject.org +buildvm-03.phx2.fedoraproject.org +buildvm-04.phx2.fedoraproject.org +buildvm-05.phx2.fedoraproject.org +buildvm-06.phx2.fedoraproject.org +buildvm-07.phx2.fedoraproject.org +buildvm-08.phx2.fedoraproject.org +buildvm-09.phx2.fedoraproject.org +buildvm-10.phx2.fedoraproject.org +buildvm-11.phx2.fedoraproject.org +buildvm-12.phx2.fedoraproject.org +buildvm-13.phx2.fedoraproject.org +buildvm-14.phx2.fedoraproject.org +buildvm-15.phx2.fedoraproject.org +buildvm-16.phx2.fedoraproject.org +buildvm-17.phx2.fedoraproject.org +buildvm-18.phx2.fedoraproject.org +buildvm-19.phx2.fedoraproject.org +buildvm-20.phx2.fedoraproject.org +buildvm-21.phx2.fedoraproject.org +buildvm-22.phx2.fedoraproject.org +buildvm-23.phx2.fedoraproject.org +buildvm-24.phx2.fedoraproject.org +buildvm-25.phx2.fedoraproject.org +buildvm-26.phx2.fedoraproject.org +buildvm-27.phx2.fedoraproject.org +buildvm-28.phx2.fedoraproject.org +buildvm-29.phx2.fedoraproject.org +buildvm-30.phx2.fedoraproject.org +buildvm-31.phx2.fedoraproject.org +buildvm-32.phx2.fedoraproject.org -[buildvm_stg] -buildvm-x86-01.stg.iad2.fedoraproject.org -buildvm-x86-02.stg.iad2.fedoraproject.org -buildvm-x86-03.stg.iad2.fedoraproject.org -buildvm-x86-04.stg.iad2.fedoraproject.org -buildvm-x86-05.stg.iad2.fedoraproject.org +[buildvm-stg] +buildvm-01.stg.phx2.fedoraproject.org +buildvm-02.stg.phx2.fedoraproject.org +buildvm-03.stg.phx2.fedoraproject.org +buildvm-04.stg.phx2.fedoraproject.org +buildvm-05.stg.phx2.fedoraproject.org -[buildvm_aarch64_stg] -buildvm-a64-01.stg.iad2.fedoraproject.org -buildvm-a64-02.stg.iad2.fedoraproject.org +[buildvm-ppc64-stg] +buildvm-ppc64-01.stg.ppc.fedoraproject.org -[buildvm_s390x_stg] -buildvm-s390x-01.stg.s390.fedoraproject.org +[buildvm-ppc64le-stg] +buildvm-ppc64le-01.stg.ppc.fedoraproject.org -[buildvm_ppc64le_stg] -buildvm-ppc64le-01.stg.iad2.fedoraproject.org -buildvm-ppc64le-02.stg.iad2.fedoraproject.org -buildvm-ppc64le-03.stg.iad2.fedoraproject.org -buildvm-ppc64le-04.stg.iad2.fedoraproject.org -buildvm-ppc64le-05.stg.iad2.fedoraproject.org +[buildvm-aarch64-stg] +buildvm-aarch64-01.stg.arm.fedoraproject.org -[buildvm_aarch64] -buildvm-a64-01.iad2.fedoraproject.org -buildvm-a64-02.iad2.fedoraproject.org -buildvm-a64-03.iad2.fedoraproject.org -buildvm-a64-04.iad2.fedoraproject.org -buildvm-a64-05.iad2.fedoraproject.org -buildvm-a64-06.iad2.fedoraproject.org -buildvm-a64-07.iad2.fedoraproject.org -buildvm-a64-08.iad2.fedoraproject.org -buildvm-a64-09.iad2.fedoraproject.org -buildvm-a64-10.iad2.fedoraproject.org -buildvm-a64-11.iad2.fedoraproject.org -buildvm-a64-12.iad2.fedoraproject.org -buildvm-a64-13.iad2.fedoraproject.org -buildvm-a64-14.iad2.fedoraproject.org -buildvm-a64-15.iad2.fedoraproject.org -buildvm-a64-16.iad2.fedoraproject.org -buildvm-a64-17.iad2.fedoraproject.org -buildvm-a64-18.iad2.fedoraproject.org -buildvm-a64-19.iad2.fedoraproject.org -buildvm-a64-20.iad2.fedoraproject.org -buildvm-a64-21.iad2.fedoraproject.org -buildvm-a64-22.iad2.fedoraproject.org -buildvm-a64-23.iad2.fedoraproject.org -buildvm-a64-24.iad2.fedoraproject.org -buildvm-a64-25.iad2.fedoraproject.org -buildvm-a64-26.iad2.fedoraproject.org -buildvm-a64-27.iad2.fedoraproject.org -buildvm-a64-28.iad2.fedoraproject.org -buildvm-a64-29.iad2.fedoraproject.org -buildvm-a64-30.iad2.fedoraproject.org -buildvm-a64-31.iad2.fedoraproject.org -buildvm-a64-32.iad2.fedoraproject.org -buildvm-a64-33.iad2.fedoraproject.org -buildvm-a64-34.iad2.fedoraproject.org -buildvm-a64-35.iad2.fedoraproject.org -buildvm-a64-36.iad2.fedoraproject.org -buildvm-a64-37.iad2.fedoraproject.org -buildvm-a64-38.iad2.fedoraproject.org -buildvm-a64-39.iad2.fedoraproject.org -buildvm-a64-40.iad2.fedoraproject.org +[buildvm-armv7-stg] +buildvm-armv7-01.stg.arm.fedoraproject.org -[buildvm_s390x] +[buildvm-aarch64] +buildvm-aarch64-01.arm.fedoraproject.org +buildvm-aarch64-02.arm.fedoraproject.org +buildvm-aarch64-03.arm.fedoraproject.org +buildvm-aarch64-04.arm.fedoraproject.org +buildvm-aarch64-05.arm.fedoraproject.org +buildvm-aarch64-06.arm.fedoraproject.org +buildvm-aarch64-07.arm.fedoraproject.org +buildvm-aarch64-08.arm.fedoraproject.org +buildvm-aarch64-09.arm.fedoraproject.org +buildvm-aarch64-10.arm.fedoraproject.org +buildvm-aarch64-11.arm.fedoraproject.org +buildvm-aarch64-12.arm.fedoraproject.org +buildvm-aarch64-13.arm.fedoraproject.org +buildvm-aarch64-14.arm.fedoraproject.org +buildvm-aarch64-15.arm.fedoraproject.org +buildvm-aarch64-16.arm.fedoraproject.org +# these vm's are too slow to use, cause still under investigation +#buildvm-aarch64-17.arm.fedoraproject.org +buildvm-aarch64-18.arm.fedoraproject.org +buildvm-aarch64-19.arm.fedoraproject.org +buildvm-aarch64-20.arm.fedoraproject.org +buildvm-aarch64-21.arm.fedoraproject.org +buildvm-aarch64-22.arm.fedoraproject.org +buildvm-aarch64-23.arm.fedoraproject.org +buildvm-aarch64-24.arm.fedoraproject.org + +[buildvm-armv7] +buildvm-armv7-01.arm.fedoraproject.org +buildvm-armv7-02.arm.fedoraproject.org +buildvm-armv7-03.arm.fedoraproject.org +buildvm-armv7-04.arm.fedoraproject.org +buildvm-armv7-05.arm.fedoraproject.org +buildvm-armv7-06.arm.fedoraproject.org +buildvm-armv7-07.arm.fedoraproject.org +buildvm-armv7-08.arm.fedoraproject.org +buildvm-armv7-09.arm.fedoraproject.org +buildvm-armv7-10.arm.fedoraproject.org +buildvm-armv7-11.arm.fedoraproject.org +buildvm-armv7-12.arm.fedoraproject.org +buildvm-armv7-13.arm.fedoraproject.org +buildvm-armv7-14.arm.fedoraproject.org +buildvm-armv7-15.arm.fedoraproject.org +buildvm-armv7-16.arm.fedoraproject.org +# these vm's are too slow to use, cause still under investigation +#buildvm-armv7-17.arm.fedoraproject.org +buildvm-armv7-18.arm.fedoraproject.org +buildvm-armv7-19.arm.fedoraproject.org +buildvm-armv7-20.arm.fedoraproject.org +buildvm-armv7-21.arm.fedoraproject.org +buildvm-armv7-22.arm.fedoraproject.org +buildvm-armv7-23.arm.fedoraproject.org +buildvm-armv7-24.arm.fedoraproject.org + +[buildvm-s390] +buildvm-s390-01.s390.fedoraproject.org + +[buildvm-s390x] buildvm-s390x-01.s390.fedoraproject.org buildvm-s390x-02.s390.fedoraproject.org buildvm-s390x-03.s390.fedoraproject.org @@ -111,170 +124,196 @@ buildvm-s390x-12.s390.fedoraproject.org buildvm-s390x-13.s390.fedoraproject.org buildvm-s390x-14.s390.fedoraproject.org buildvm-s390x-15.s390.fedoraproject.org -buildvm-s390x-16.s390.fedoraproject.org -buildvm-s390x-17.s390.fedoraproject.org -buildvm-s390x-18.s390.fedoraproject.org -buildvm-s390x-19.s390.fedoraproject.org -buildvm-s390x-20.s390.fedoraproject.org - -[bvmhost_s390x] -bvmhost-s390x-01.stg.s390.fedoraproject.org -bvmhost-s390x-01.s390.fedoraproject.org [buildvmhost] -bvmhost-s390x-01.stg.s390.fedoraproject.org -bvmhost-s390x-01.s390.fedoraproject.org -# mt snow machines -bvmhost-a64-01.iad2.fedoraproject.org -bvmhost-a64-02.iad2.fedoraproject.org -bvmhost-a64-03.iad2.fedoraproject.org -bvmhost-a64-04.iad2.fedoraproject.org -# These are lenovo emags in IAD2 -bvmhost-a64-01.stg.iad2.fedoraproject.org -# ppc -bvmhost-p09-01.iad2.fedoraproject.org -bvmhost-p09-02.iad2.fedoraproject.org -bvmhost-p09-03.iad2.fedoraproject.org -bvmhost-p09-04.iad2.fedoraproject.org -bvmhost-p09-05.iad2.fedoraproject.org -bvmhost-p09-01.stg.iad2.fedoraproject.org +buildvmhost-01.phx2.fedoraproject.org +buildvmhost-02.phx2.fedoraproject.org +buildvmhost-03.phx2.fedoraproject.org +buildvmhost-04.phx2.fedoraproject.org +buildvmhost-12.phx2.fedoraproject.org +ppc8-01.ppc.fedoraproject.org +ppc8-02.ppc.fedoraproject.org +ppc8-03.ppc.fedoraproject.org +ppc8-04.ppc.fedoraproject.org +aarch64-c01n1.arm.fedoraproject.org +aarch64-c02n1.arm.fedoraproject.org +aarch64-c03n1.arm.fedoraproject.org +aarch64-c04n1.arm.fedoraproject.org +aarch64-c05n1.arm.fedoraproject.org +aarch64-c06n1.arm.fedoraproject.org +aarch64-c07n1.arm.fedoraproject.org +aarch64-c08n1.arm.fedoraproject.org +aarch64-c09n1.arm.fedoraproject.org +aarch64-c10n1.arm.fedoraproject.org +aarch64-c11n1.arm.fedoraproject.org +aarch64-c12n1.arm.fedoraproject.org +aarch64-c13n1.arm.fedoraproject.org +aarch64-c14n1.arm.fedoraproject.org +aarch64-c15n1.arm.fedoraproject.org +aarch64-c16n1.arm.fedoraproject.org +aarch64-c17n1.arm.fedoraproject.org +aarch64-c18n1.arm.fedoraproject.org +aarch64-c19n1.arm.fedoraproject.org +aarch64-c20n1.arm.fedoraproject.org +aarch64-c21n1.arm.fedoraproject.org +aarch64-c22n1.arm.fedoraproject.org +aarch64-c23n1.arm.fedoraproject.org +aarch64-c24n1.arm.fedoraproject.org +aarch64-c25n1.arm.fedoraproject.org [buildhw] -# mt snow -buildhw-a64-03.iad2.fedoraproject.org -buildhw-a64-04.iad2.fedoraproject.org -buildhw-a64-05.iad2.fedoraproject.org -buildhw-a64-06.iad2.fedoraproject.org -# emags -buildhw-x86-01.iad2.fedoraproject.org -buildhw-x86-02.iad2.fedoraproject.org -buildhw-x86-03.iad2.fedoraproject.org -buildhw-x86-04.iad2.fedoraproject.org -buildhw-x86-05.iad2.fedoraproject.org -buildhw-x86-06.iad2.fedoraproject.org -buildhw-x86-07.iad2.fedoraproject.org -buildhw-x86-08.iad2.fedoraproject.org -buildhw-x86-09.iad2.fedoraproject.org -buildhw-x86-10.iad2.fedoraproject.org -buildhw-x86-11.iad2.fedoraproject.org -buildhw-x86-12.iad2.fedoraproject.org -buildhw-x86-13.iad2.fedoraproject.org -buildhw-x86-14.iad2.fedoraproject.org -buildhw-x86-15.iad2.fedoraproject.org -buildhw-x86-16.iad2.fedoraproject.org +buildhw-01.phx2.fedoraproject.org +buildhw-02.phx2.fedoraproject.org +buildhw-03.phx2.fedoraproject.org +buildhw-04.phx2.fedoraproject.org +buildhw-05.phx2.fedoraproject.org +buildhw-06.phx2.fedoraproject.org +buildhw-07.phx2.fedoraproject.org +buildhw-08.phx2.fedoraproject.org +buildhw-09.phx2.fedoraproject.org +buildhw-10.phx2.fedoraproject.org +#buildhw-11.phx2.fedoraproject.org +#buildhw-12.phx2.fedoraproject.org +buildhw-aarch64-01.arm.fedoraproject.org +buildhw-aarch64-02.arm.fedoraproject.org +buildhw-aarch64-03.arm.fedoraproject.org # # These are primary koji builders. # -[buildvm_ppc64le] -buildvm-ppc64le-01.iad2.fedoraproject.org -buildvm-ppc64le-02.iad2.fedoraproject.org -buildvm-ppc64le-03.iad2.fedoraproject.org -buildvm-ppc64le-04.iad2.fedoraproject.org -buildvm-ppc64le-05.iad2.fedoraproject.org -buildvm-ppc64le-06.iad2.fedoraproject.org -buildvm-ppc64le-07.iad2.fedoraproject.org -buildvm-ppc64le-08.iad2.fedoraproject.org -buildvm-ppc64le-09.iad2.fedoraproject.org -buildvm-ppc64le-10.iad2.fedoraproject.org -buildvm-ppc64le-11.iad2.fedoraproject.org -buildvm-ppc64le-12.iad2.fedoraproject.org -buildvm-ppc64le-13.iad2.fedoraproject.org -buildvm-ppc64le-14.iad2.fedoraproject.org -buildvm-ppc64le-15.iad2.fedoraproject.org -buildvm-ppc64le-16.iad2.fedoraproject.org -buildvm-ppc64le-17.iad2.fedoraproject.org -buildvm-ppc64le-18.iad2.fedoraproject.org -buildvm-ppc64le-19.iad2.fedoraproject.org -buildvm-ppc64le-20.iad2.fedoraproject.org -buildvm-ppc64le-21.iad2.fedoraproject.org -buildvm-ppc64le-22.iad2.fedoraproject.org -buildvm-ppc64le-23.iad2.fedoraproject.org -buildvm-ppc64le-24.iad2.fedoraproject.org -buildvm-ppc64le-25.iad2.fedoraproject.org -buildvm-ppc64le-26.iad2.fedoraproject.org -buildvm-ppc64le-27.iad2.fedoraproject.org -buildvm-ppc64le-28.iad2.fedoraproject.org -buildvm-ppc64le-29.iad2.fedoraproject.org -buildvm-ppc64le-30.iad2.fedoraproject.org -buildvm-ppc64le-31.iad2.fedoraproject.org -buildvm-ppc64le-32.iad2.fedoraproject.org -buildvm-ppc64le-33.iad2.fedoraproject.org +[buildvm-ppc64] +buildvm-ppc64-01.ppc.fedoraproject.org +buildvm-ppc64-02.ppc.fedoraproject.org +buildvm-ppc64-03.ppc.fedoraproject.org +buildvm-ppc64-04.ppc.fedoraproject.org +buildvm-ppc64-05.ppc.fedoraproject.org +buildvm-ppc64-06.ppc.fedoraproject.org +buildvm-ppc64-07.ppc.fedoraproject.org +buildvm-ppc64-08.ppc.fedoraproject.org +buildvm-ppc64-09.ppc.fedoraproject.org +buildvm-ppc64-10.ppc.fedoraproject.org +buildvm-ppc64-11.ppc.fedoraproject.org +buildvm-ppc64-12.ppc.fedoraproject.org +buildvm-ppc64-13.ppc.fedoraproject.org + +# +# These are primary koji builders. +# +[buildvm-ppc64le] +buildvm-ppc64le-01.ppc.fedoraproject.org +buildvm-ppc64le-02.ppc.fedoraproject.org +buildvm-ppc64le-03.ppc.fedoraproject.org +buildvm-ppc64le-04.ppc.fedoraproject.org +buildvm-ppc64le-05.ppc.fedoraproject.org +buildvm-ppc64le-06.ppc.fedoraproject.org +buildvm-ppc64le-07.ppc.fedoraproject.org +buildvm-ppc64le-08.ppc.fedoraproject.org +buildvm-ppc64le-09.ppc.fedoraproject.org +buildvm-ppc64le-10.ppc.fedoraproject.org +buildvm-ppc64le-11.ppc.fedoraproject.org +buildvm-ppc64le-12.ppc.fedoraproject.org +buildvm-ppc64le-13.ppc.fedoraproject.org + +# +# These are secondary arch builders. +# +[buildppc] +buildppc-01.ppc.fedoraproject.org +buildppc-02.ppc.fedoraproject.org +buildppc-03.ppc.fedoraproject.org +buildppc-04.ppc.fedoraproject.org + +# +# These are secondary arch builders. +# +[buildppcle] +buildppcle-01.ppc.fedoraproject.org +buildppcle-02.ppc.fedoraproject.org +buildppcle-03.ppc.fedoraproject.org +buildppcle-04.ppc.fedoraproject.org + +[buildaarch64] +aarch64-02a.arm.fedoraproject.org +# Marked DEAD in pdu +#aarch64-03a.arm.fedoraproject.org +aarch64-04a.arm.fedoraproject.org +aarch64-05a.arm.fedoraproject.org +aarch64-06a.arm.fedoraproject.org +aarch64-07a.arm.fedoraproject.org [bkernel] -bkernel01.iad2.fedoraproject.org -bkernel02.iad2.fedoraproject.org +bkernel01.phx2.fedoraproject.org +bkernel02.phx2.fedoraproject.org + +# +# These are misc +# +[arm03] +#arm03-builder00.arm.fedoraproject.org +#arm03-builder01.arm.fedoraproject.org +#arm03-builder02.arm.fedoraproject.org +#arm03-builder03.arm.fedoraproject.org +# These are in use as arm03-qa00 - 03 +#arm03-builder04.arm.fedoraproject.org +#arm03-builder05.arm.fedoraproject.org +#arm03-builder06.arm.fedoraproject.org +#arm03-builder07.arm.fedoraproject.org +# These are in use as arm03-packager01-02 +#arm03-builder08.arm.fedoraproject.org +#arm03-builder09.arm.fedoraproject.org +# These are off currently +#arm03-builder10.arm.fedoraproject.org +#arm03-builder11.arm.fedoraproject.org +#arm03-builder12.arm.fedoraproject.org +#arm03-builder13.arm.fedoraproject.org +#arm03-builder14.arm.fedoraproject.org +#arm03-builder15.arm.fedoraproject.org +#arm03-builder16.arm.fedoraproject.org +#arm03-builder17.arm.fedoraproject.org +#arm03-builder18.arm.fedoraproject.org +#arm03-builder19.arm.fedoraproject.org +#arm03-builder20.arm.fedoraproject.org +#arm03-builder21.arm.fedoraproject.org +#arm03-builder22.arm.fedoraproject.org +#arm03-builder23.arm.fedoraproject.org # These hosts get the runroot plugin installed. # They should be added to their own 'compose' channel in the koji db # .. and they should not appear in the default channel for builds. [runroot] -buildvm-x86-01.iad2.fedoraproject.org -buildvm-x86-02.iad2.fedoraproject.org -buildvm-x86-03.iad2.fedoraproject.org -buildvm-a64-01.iad2.fedoraproject.org -buildvm-a64-02.iad2.fedoraproject.org -buildvm-a64-03.iad2.fedoraproject.org -buildvm-ppc64le-01.iad2.fedoraproject.org -buildvm-ppc64le-09.iad2.fedoraproject.org -buildvm-ppc64le-18.iad2.fedoraproject.org -buildvm-ppc64le-27.iad2.fedoraproject.org -buildvm-ppc64le-33.iad2.fedoraproject.org -buildvm-s390x-11.s390.fedoraproject.org -buildvm-s390x-12.s390.fedoraproject.org -buildvm-s390x-13.s390.fedoraproject.org -buildvm-a64-01.stg.iad2.fedoraproject.org -buildvm-ppc64le-01.stg.iad2.fedoraproject.org -buildvm-s390x-01.stg.s390.fedoraproject.org -buildvm-x86-01.stg.iad2.fedoraproject.org - -# These are builders in the osbuild channel. -# This means they are used for osbuild jobs and need -# a special ipset to allow them to talk to the osbuild -# API endpoint. -[osbuild] -buildhw-x86-01.iad2.fedoraproject.org -buildhw-x86-02.iad2.fedoraproject.org -buildhw-x86-03.iad2.fedoraproject.org -buildhw-x86-04.iad2.fedoraproject.org -buildhw-x86-05.iad2.fedoraproject.org -buildhw-x86-06.iad2.fedoraproject.org -buildhw-x86-07.iad2.fedoraproject.org -buildhw-x86-08.iad2.fedoraproject.org -buildhw-x86-09.iad2.fedoraproject.org -buildhw-x86-10.iad2.fedoraproject.org -buildhw-x86-11.iad2.fedoraproject.org -buildhw-x86-12.iad2.fedoraproject.org -buildhw-x86-13.iad2.fedoraproject.org -buildhw-x86-14.iad2.fedoraproject.org -buildhw-x86-15.iad2.fedoraproject.org -buildhw-x86-16.iad2.fedoraproject.org -buildvm-x86-01.stg.iad2.fedoraproject.org -buildvm-x86-02.stg.iad2.fedoraproject.org -buildvm-x86-03.stg.iad2.fedoraproject.org -buildvm-x86-04.stg.iad2.fedoraproject.org -buildvm-x86-05.stg.iad2.fedoraproject.org - -[buildvm_x86_riscv] -buildvm-x86-riscv01.iad2.fedoraproject.org -buildvm-x86-riscv02.iad2.fedoraproject.org +buildvm-01.stg.phx2.fedoraproject.org +buildvm-02.stg.phx2.fedoraproject.org +buildvm-01.phx2.fedoraproject.org +buildhw-01.phx2.fedoraproject.org +buildvm-aarch64-01.arm.fedoraproject.org +buildvm-aarch64-02.arm.fedoraproject.org +buildvm-armv7-01.arm.fedoraproject.org +buildvm-armv7-02.arm.fedoraproject.org +buildvm-armv7-03.arm.fedoraproject.org +aarch64-02a.arm.fedoraproject.org +buildvm-ppc64-01.ppc.fedoraproject.org +buildvm-ppc64-02.ppc.fedoraproject.org +buildvm-ppc64le-01.ppc.fedoraproject.org +buildvm-ppc64le-02.ppc.fedoraproject.org +buildvm-s390x-01.s390.fedoraproject.org [builders:children] buildhw buildvm -buildvm_aarch64 -buildvm_ppc64le -buildvm_s390x +buildvm-aarch64 +buildvm-armv7 +buildvm-ppc64 +buildvm-ppc64le +buildppc +buildppcle +buildaarch64 +buildvm-s390 +buildvm-s390x bkernel -[builders_stg:children] -buildvm_stg -buildvm_ppc64le_stg -buildvm_aarch64_stg -buildvm_s390x_stg - -[buildvm_osbuild_ppc64le] -buildvm-ppc64le-osbuild01.iad2.fedoraproject.org - -[buildvm_osbuild_ppc64le_staging] -buildvm-ppc64le-osbuild02.iad2.fedoraproject.org +[builders-stg:children] +buildvm-stg +buildvm-ppc64-stg +buildvm-ppc64le-stg +buildvm-aarch64-stg +buildvm-armv7-stg diff --git a/inventory/cloud b/inventory/cloud index a72e02d2d3..4ac3ba1990 100644 --- a/inventory/cloud +++ b/inventory/cloud @@ -1,53 +1,85 @@ -## -## New Community Hardware -## -#os-proxy01.fedorainfracloud.org -#os-proxy02.fedorainfracloud.org - -## COPR -#copr-vmhost01.fedorainfracloud.org - -[cloud_aws] -proxy09.fedoraproject.org -proxy30.fedoraproject.org -proxy31.fedoraproject.org -proxy32.fedoraproject.org -proxy33.fedoraproject.org -proxy34.fedoraproject.org -proxy35.fedoraproject.org -proxy36.fedoraproject.org -proxy37.fedoraproject.org -proxy38.fedoraproject.org -proxy39.fedoraproject.org -proxy40.fedoraproject.org -copr-be.aws.fedoraproject.org -#copr-be-temp.aws.fedoraproject.org -copr-be-dev.aws.fedoraproject.org -#copr-be-dev-temp.aws.fedoraproject.org -copr-dist-git.aws.fedoraproject.org -copr-dist-git-dev.aws.fedoraproject.org -copr-fe.aws.fedoraproject.org -copr-fe-dev.aws.fedoraproject.org -db.stg.aws.fedoraproject.org -copr-keygen.aws.fedoraproject.org -copr-keygen-dev.aws.fedoraproject.org -#copr-be-dev.cloud.fedoraproject.org +[cloud] +ansiblemagazine.fedorainfracloud.org +arm03-packager00.cloud.fedoraproject.org +arm03-packager01.cloud.fedoraproject.org +arm03-qa00.cloud.fedoraproject.org +arm03-qa01.cloud.fedoraproject.org +artboard.fedorainfracloud.org +cloud-noc01.cloud.fedoraproject.org +commops.fedorainfracloud.org +communityblog.fedorainfracloud.org +copr-be.cloud.fedoraproject.org +copr-be-dev.cloud.fedoraproject.org copr-dist-git-dev.fedorainfracloud.org -#copr-pulp.aws.fedoraproject.org -copr-pulp-dev.aws.fedoraproject.org -f40-test.fedorainfracloud.org -f41-test.fedorainfracloud.org -f42-test.fedorainfracloud.org -rawhide-test.fedorainfracloud.org -el9-test.fedorainfracloud.org -aarch64-test01.fedorainfracloud.org -aarch64-test02.fedorainfracloud.org -datanommer01.fedorainfracloud.org -# This is not in aws, but here is good enough for now +copr-dist-git.fedorainfracloud.org +copr-fe.cloud.fedoraproject.org +copr-fe-dev.cloud.fedoraproject.org +copr-keygen.cloud.fedoraproject.org +copr-keygen-dev.cloud.fedoraproject.org +darkserver-dev.fedorainfracloud.org +developer.fedorainfracloud.org +eclipse.fedorainfracloud.org +el6-test.fedorainfracloud.org +el7-test.fedorainfracloud.org +f25-test.fedorainfracloud.org +f26-test.fedorainfracloud.org +f27-test.fedorainfracloud.org +faitout.fedorainfracloud.org +fas2-dev.fedorainfracloud.org +fas3-dev.fedorainfracloud.org +#fed-cloud01.cloud.fedoraproject.org +#fed-cloud02.cloud.fedoraproject.org +fed-cloud03.cloud.fedoraproject.org +fed-cloud04.cloud.fedoraproject.org +fed-cloud05.cloud.fedoraproject.org +fed-cloud06.cloud.fedoraproject.org +fed-cloud07.cloud.fedoraproject.org +fed-cloud08.cloud.fedoraproject.org +fed-cloud09.cloud.fedoraproject.org +fed-cloud10.cloud.fedoraproject.org +fed-cloud11.cloud.fedoraproject.org +fed-cloud12.cloud.fedoraproject.org +fed-cloud13.cloud.fedoraproject.org +fed-cloud14.cloud.fedoraproject.org +fed-cloud15.cloud.fedoraproject.org +#fed-cloud16.cloud.fedoraproject.org +#fed-cloud-ppc01.cloud.fedoraproject.org +fed-cloud-ppc02.cloud.fedoraproject.org +fedimg-dev.fedorainfracloud.org +fedora-bootstrap.fedorainfracloud.org +glittergallery-dev.fedorainfracloud.org +grafana.cloud.fedoraproject.org +graphite.fedorainfracloud.org +hubs-dev.fedorainfracloud.org +iddev.fedorainfracloud.org +insim.fedorainfracloud.org +java-deptools.fedorainfracloud.org +jenkins.fedorainfracloud.org +jenkins-slave-el6.fedorainfracloud.org +jenkins-slave-el7.fedorainfracloud.org +jenkins-slave-f26.fedorainfracloud.org +jenkins-slave-f25.fedorainfracloud.org +jenkins-slave-f25-ppc64le.fedorainfracloud.org +lists-dev.fedorainfracloud.org +magazine2.fedorainfracloud.org +modernpaste.fedorainfracloud.org +modularity.fedorainfracloud.org +modularity2.fedorainfracloud.org ppc64le-test.fedorainfracloud.org -ppc64le-test02.fedorainfracloud.org -logdetective01.fedorainfracloud.org -logdetective02.fedorainfracloud.org - -[cloud:children] -cloud_aws +ppc64-test.fedorainfracloud.org +rawhide-test.fedorainfracloud.org +regcfp2.fedorainfracloud.org +respins.fedorainfracloud.org +shumgrepper-dev.fedorainfracloud.org +taiga.fedorainfracloud.org +taigastg.fedorainfracloud.org +testdays.fedorainfracloud.org +twisted-fedora24-1.fedorainfracloud.org +twisted-fedora24-2.fedorainfracloud.org +twisted-fedora25-1.fedorainfracloud.org +twisted-fedora25-2.fedorainfracloud.org +twisted-fedora26-1.fedorainfracloud.org +twisted-fedora26-2.fedorainfracloud.org +twisted-rhel7-1.fedorainfracloud.org +twisted-rhel7-2.fedorainfracloud.org +upstreamfirst.fedorainfracloud.org diff --git a/inventory/group_vars/OSv3 b/inventory/group_vars/OSv3 new file mode 100644 index 0000000000..9a8bacd348 --- /dev/null +++ b/inventory/group_vars/OSv3 @@ -0,0 +1,3 @@ +--- +ansible_ssh_user: root +deployment_type: origin diff --git a/inventory/group_vars/aarch64_test b/inventory/group_vars/aarch64_test deleted file mode 100644 index c97a4b4852..0000000000 --- a/inventory/group_vars/aarch64_test +++ /dev/null @@ -1,5 +0,0 @@ ---- -freezes: false -host_group: cloud -sudoers: "{{ private }}/files/sudo/arm-packager-sudoers" -sudoers_main: nopasswd diff --git a/inventory/group_vars/all b/inventory/group_vars/all index 3b80b261a1..47f177567c 100644 --- a/inventory/group_vars/all +++ b/inventory/group_vars/all @@ -5,240 +5,33 @@ # Background/reference about external repos pulled in: # https://pagure.io/fedora-infrastructure/issue/5476 # -# IPA settings -additional_host_keytabs: [] ansible_base: /srv/web/infra -# Default to managing the network, we want to not do this on select -# hosts (like cloud nodes) -# List of interfaces to explicitly disable -ansible_ifcfg_disabled: [] -# on MOST infra systems, the interface connected to the infra network -# is eth0. but not on quite ALL systems. e.g. on s390 boxes it's enc900, -# on openqa-ppc64le-01.qa it's eth2 for some reason, and on qa01.qa and -# qa02.qa it's em3. currently this only affects whether GATEWAY, DOMAIN -# and DNS1/DNS2 lines are put into ifcfg-(device). -ansible_ifcfg_infra_net_devices: ['eth0', 'enc900'] -# -# Autodetect python version -# -ansible_python_interpreter: auto -# Set variable if we want to use our global iptables defaults -# Some things need to set their own. -baseiptables: True -# by default set become to false here We can override it as needed. -# Note that if become is true, you need to unset requiretty for -# ssh controlpersist to work. -become: false -br0_nm: 255.255.255.0 -br1_nm: 255.255.255.0 -# assume collectd apache -collectd_apache: true -# communishift project resource overrides -communishift_projects: - communishift-admins: - do_not_delete: true # Marked do not delete 2024-11-25 - communishift-eventbot: - name: communishift-eventbot - communishift-fedora-review-service: - name: communishift-fedora-review-service - do_not_delete: true # Marked do not delete 2024-10-21 - communishift-lightspeed-build: - name: communishift-lightspeed-build - communishift-log-detective: - name: communishift-log-detective - do_not_delete: true # Marked do not delete 2024-10-21 - memory_requests: 4Gi - memory_limits: 6Gi - storage_requests: 10Gi - communishift-mattdm: - name: communishift-mattdm - communishift-metrics: - name: communishift-metrics - communishift-openscanhub: - name: communishift-openscanhub - cpu_requests: 2 - memory_requests: 2Gi - cpu_limits: 2 - memory_limits: 4Gi - pods: 16 - communishift-planet: - name: communishift-planet - communishift-forgejo: - name: communishift-forgejo - communishift-gitlabce: - name: communishift-gitlabce - communishift-ocm: - name: communishift-ocm - communishift-weekly-bootc: - name: communishift-weekly-bootc - do_not_delete: true # Marked do not delete 2024-11-26. Needed until end of bootc initative. - communishift-fossology: - name: communishift-fossology - communishift-commops-analytics: - name: communishift-commops-analytics - communishift-commops-datanom: - name: communishift-commops-datanom -# true or false if we are or are not a copr build virthost. -# Default to false -copr_build_virthost: false -# assume createrepo is true and this builder has the koji nfs mount to do that -createrepo: True -# This vars get shoved into /etc/system_identification by the base role. -# Groups and individual hosts should override them with specific info. -custom6_rules: [] -custom_rules: [] -# most of our systems are in IAD2 -datacenter: iad2 -# Datanommer -datanommer_db_hostname: db-datanommer02 -# By default, nodes don't backup any dbs on them unless they declare it. -dbs_to_backup: [] -# dnf-automatic-install.service mode default: security-only -dnf_automatic_type: security -dns: "10.3.163.33" -dns1: "10.3.163.33" -dns2: "10.3.163.34" -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -# env is staging or production, we default it to production here. -env: production -env_prefix: "" -env_short: prod -env_suffix: "" -# Default netmask. All of our iad2 nets are /24's. Almost all of our -# non-iad2 sites are less than a /24. -eth0_ipv4_nm: 24 -eth1_ip: 10.0.0.10 -eth1_nm: 255.255.255.0 -# END: Ansible roles_path variables -####### -freezes: true -# defaults for hw installs -install_noc: none -ipa_admin_password: "{{ ipa_prod_admin_password }}" -ipa_realm: FEDORAPROJECT.ORG -ipa_server: ipa01.iad2.fedoraproject.org -ipa_server_nodes: - - ipa01.iad2.fedoraproject.org - - ipa02.iad2.fedoraproject.org - - ipa03.iad2.fedoraproject.org -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -# defaults for virt installs -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# most of our systems are 64bit. -# Used to install various nagios scripts and the like. -libdir: /usr/lib64 -lvm_size: 20000 -mac_address: RANDOM -mac_address1: RANDOM -main_bridge: br0 -max_cpu: "{{ num_cpus * 5 }}" -max_mem_size: "{{ mem_size * 5 }}" -mem_size: 4096 -nagios_Can_Connect: true -# Nagios global variables -nagios_Check_Services: - dhcpd: false - httpd: false - mail: true - named: false - nrpe: true - ping: true - raid: false - sshd: true - swap: true -nat_rules: [] -# Do we want to use nftables instead of iptables -nftables: True -# nftables variants of custom*_rules -nft_custom6_rules: [] -nft_custom_rules: [] -nft_nat_rules: [] -# default network block device encryption settings for linux-system-roles/nbde_client -nbde: true -nbde_device: /dev/md2 -nbde_client_bindings: - - device: "{{ nbde_device }}" - encryption_password: "{{ nbde_password }}" - password_temporary: no - threshold: 1 - servers: - - http://tang01.iad2.fedoraproject.org - - http://tang02.iad2.fedoraproject.org -# usually we do not want to enable nested virt, only on some virthosts -nested: false -network_allow_restart: yes -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet - state: up -nfs_bridge: br1 -# nfs mount options, override at the group/host level -nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" -nm: 255.255.255.0 -# Most of our machines have manual resolv.conf files -# These settings are for machines where NM is supposed to control resolv.conf. -nrpe_check_postfix_queue_crit: 5 -# by default, the number of emails in queue before we whine -nrpe_check_postfix_queue_warn: 2 -nrpe_procs_crit: 300 -# by default the number of procs we allow before we whine -nrpe_procs_warn: 250 -num_cpus: 2 -# ocp4 is default now in some proxy roles -ocp4: true -# All the ocp production workers. -# This is used by the openvpn openshift app to make sure there's a vpn pod on each node. -ocp_nodes: - - worker01.ocp.iad2.fedoraproject.org - - worker02.ocp.iad2.fedoraproject.org - - worker03.ocp.iad2.fedoraproject.org - - worker04.ocp.iad2.fedoraproject.org - - worker05.ocp.iad2.fedoraproject.org - - worker06.ocp.iad2.fedoraproject.org -ocp_wildcard_cert_file: wildcard-2024.apps.ocp.fedoraproject.org.cert -# This is the openshift wildcard cert for ocp -ocp_wildcard_cert_name: wildcard-2024.apps.ocp.fedoraproject.org -ocp_wildcard_int_file: wildcard-2024.apps.ocp.fedoraproject.org.intermediate.cert -ocp_wildcard_key_file: wildcard-2024.apps.ocp.fedoraproject.org.key # Path to the openshift-ansible checkout as external git repo brought into # Fedora Infra openshift_ansible: /srv/web/infra/openshift-ansible/ + +# +# END: Ansible roles_path variables +####### + +freezes: true +# most of our systems are in phx2 +datacenter: phx2 postfix_group: "none" -# This is a list of services that need to wait for VPN to be up before getting started. -postvpnservices: [] -preferred_dc: iad2 -primary_auth_source: ipa -# -# Set a redirectmatch variable we can use to disable some redirectmatches -# like the prerelease to final ones. -# -redirectmatch_enabled: True -# default the root_auth_users to nothing. -# This should be set for cloud instances in their host or group vars. -root_auth_users: '' -# List of names under which the host is available -ssh_hostnames: [] -# This enables/disables the SSH "keyhelper" used by Pagure for verifying users' -# SSH keys from the Pagure database -sshd_keyhelper: false -# Normal default sshd port is 22 -sshd_port: 22 -tcp_ports: [] + +# usually we do not want to enable nested virt, only on some virthosts +nested: false + +# most of our systems are 64bit. +# Used to install various nagios scripts and the like. +libdir: /usr/lib64 + +# Most EL systems need default EPEL repos. +# Some systems (notably fed-cloud*) need to get their own +# EPEL files because EPEL overrides packages in their core repos. +use_default_epel: true + # example of ports for default iptables # tcp_ports: [ 22, 80, 443 ] # udp_ports: [ 110, 1024, 2049 ] @@ -247,52 +40,235 @@ tcp_ports: [] # '-A INPUT -p tcp -m tcp --dport 8889 -j ACCEPT' ] # We default these to empty udp_ports: [] -# Most EL systems need default EPEL repos. -# Some systems (notably fed-cloud*) need to get their own -# EPEL files because EPEL overrides packages in their core repos. -use_default_epel: true +tcp_ports: [] +custom_rules: [] +custom6_rules: [] + +# defaults for virt installs +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ +mem_size: 2048 +num_cpus: 2 +lvm_size: 20000 + +# Default netmask. Almost all our phx2 nets are /24's with the +# exception of 10.5.124.128/25. Almost all of our non phx2 sites are +# less than a /24. +eth0_nm: 255.255.255.0 +eth1_nm: 255.255.255.0 +br0_nm: 255.255.255.0 +br1_nm: 255.255.255.0 +# Default to managing the network, we want to not do this on select hosts (like cloud nodes) +ansible_ifcfg_blacklist: false # -# The default virt-install works for rhel9 or fedora with 1 nic +# The default virt-install works for rhel7 or fedora with 1 nic # virt_install_command: "{{ virt_install_command_one_nic }}" -virt_install_command_aarch64_one_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole -virt_install_command_aarch64_one_nic_unsafe: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads,discard=unmap --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole -virt_install_command_aarch64_two_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --network=bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address1 }} --autostart --noautoconsole --rng /dev/random -virt_install_command_one_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns }} nameserver=8.8.8.8 ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ eth0_ipv4_nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole --watchdog default --rng /dev/random --cpu host -virt_install_command_one_nic_unsafe: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads,discard=unmap --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns1 }} ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ eth0_ipv4_nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole --watchdog default --rng /dev/random --cpu host -virt_install_command_ppc64le_one_nic_unsafe: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads,discard=unmap --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ eth0_ipv4_nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole --watchdog default --rng /dev/random -virt_install_command_ppc64le_two_nic_unsafe: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads,discard=unmap --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --network=bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address1 }} --autostart --noautoconsole --watchdog default --rng /dev/random -virt_install_command_pxe_rhcos: virt-install -n {{ inventory_hostname }} --vcpus {{ num_cpus }},maxvcpus={{ num_cpus }} --cpu host --memory {{ mem_size }} --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --nographics --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --hvm --accelerate --autostart --wait=-1 --extra-args "ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ nm }}:{{ inventory_hostname }}:ens2:none hostname={{ inventory_hostname }} nameserver={{ dns }} console=ttyS0 nomodeset rd.neednet=1 coreos.inst=yes coreos.inst.install_dev=vda coreos.live.rootfs_url={{ rhcos_install_rootfs_url }} coreos.inst.ignition_url={{ rhcos_ignition_file_url }}" --os-variant rhel9 --location {{ rhcos_install_url }} -virt_install_command_s390x_one_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole --rng /dev/random --cpu host -virt_install_command_s390x_one_nic_unsafe: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads,discard=unmap --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole --rng /dev/random --cpu host -virt_install_command_two_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --network=bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address1 }} --autostart --noautoconsole --watchdog default --rng /dev/random -virt_install_command_two_nic_unsafe: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads,discard=unmap --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --network bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address1 }} --autostart --noautoconsole --watchdog default --rng /dev/random -# assume vpn is false -vpn: False + +main_bridge: br0 +nfs_bridge: br1 + +virt_install_command_one_nic: virt-install -n {{ inventory_hostname }} + --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio + --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} + --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x + 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0 + hostname={{ inventory_hostname }} nameserver={{ dns }} + ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' + --network bridge={{ main_bridge }},model=virtio + --autostart --noautoconsole --watchdog default + +virt_install_command_two_nic: virt-install -n {{ inventory_hostname }} + --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio + --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} + --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x + 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0 + hostname={{ inventory_hostname }} nameserver={{ dns }} + ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none + ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname }}-nfs:eth1:none' + --network bridge={{ main_bridge }},model=virtio --network=bridge={{ nfs_bridge }},model=virtio + --autostart --noautoconsole --watchdog default + +virt_install_command_aarch64_one_nic: virt-install -n {{ inventory_hostname }} + --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio + --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} + --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x + 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyAMA0 + hostname={{ inventory_hostname }} nameserver={{ dns }} + ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' + --network bridge={{ main_bridge }},model=virtio + --autostart --noautoconsole + +virt_install_command_aarch64_two_nic: virt-install -n {{ inventory_hostname }} + --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio + --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} + --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x + 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyAMA0 + hostname={{ inventory_hostname }} nameserver={{ dns }} + ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none + ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname }}-nfs:eth1:none' + --network bridge={{ main_bridge }},model=virtio --network=bridge={{ nfs_bridge }},model=virtio + --autostart --noautoconsole + +virt_install_command_armv7_one_nic: virt-install -n {{ inventory_hostname }} --arch armv7l + --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio + --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} + --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x + 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyAMA0 + hostname={{ inventory_hostname }} nameserver={{ dns }} + ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' + --network bridge={{ main_bridge }},model=virtio + --autostart --noautoconsole + +virt_install_command_rhel6: virt-install -n {{ inventory_hostname }} + --memory={{ mem_size }},maxmemory={{ max_mem_size }} + --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} + --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x + "ksdevice=eth0 ks={{ ks_url }} ip={{ eth0_ip }} netmask={{ nm }} + gateway={{ gw }} dns={{ dns }} console=tty0 console=ttyS0 + hostname={{ inventory_hostname }}" + --network=bridge=br0 --autostart --noautoconsole --watchdog default + +max_mem_size: "{{ mem_size * 5 }}" +max_cpu: "{{ num_cpus * 5 }}" + # This is the wildcard certname for our proxies. It has a different name for # the staging group and is used in the proxies.yml playbook. -wildcard_cert_name: wildcard-2024.fedoraproject.org -wildcard_crt_file: wildcard-2024.fedoraproject.org.cert -wildcard_int_file: wildcard-2024.fedoraproject.org.intermediate.cert -wildcard_key_file: wildcard-2024.fedoraproject.org.key +wildcard_cert_name: wildcard-2017.fedoraproject.org +wildcard_crt_file: wildcard-2017.fedoraproject.org.cert +wildcard_key_file: wildcard-2017.fedoraproject.org.key +wildcard_int_file: wildcard-2017.fedoraproject.org.intermediate.cert + +# This is the openshift wildcard cert. Until it exists set it equal to wildcard +os_wildcard_cert_name: wildcard-2017.app.os.fedoraproject.org +os_wildcard_crt_file: wildcard-2017.app.os.fedoraproject.org.cert +os_wildcard_key_file: wildcard-2017.app.os.fedoraproject.org.key +os_wildcard_int_file: wildcard-2017.app.os.fedoraproject.org.intermediate.cert + +# Everywhere, always, we should sign messages and validate signatures. +# However, we allow individual hosts and groups to override this. Use this very +# carefully.. and never in production (good for testing stuff in staging). +fedmsg_sign_messages: True +fedmsg_validate_signatures: True + +# By default, nodes get no fedmsg certs. They need to declare them explicitly. +fedmsg_certs: [] + +# By default, fedmsg should not log debug info. Groups can override this. +fedmsg_loglevel: INFO + +# By default, fedmsg sends error logs to sysadmin-datanommer-members@fp.o. +fedmsg_error_recipients: +- sysadmin-datanommer-members@fedoraproject.org + +# By default, fedmsg hosts are in passive mode. External hosts are typically +# active. +fedmsg_active: False + +# Other defaults for fedmsg environments +fedmsg_prefix: org.fedoraproject +fedmsg_env: prod + +# Amount of time to wait for connections after a socket is first established. +fedmsg_post_init_sleep: 1.0 + +# A special flag that, when set to true, will disconnect the host from the +# global fedmsg-relay instance and set it up with its own local one. You can +# temporarily set this to true for a specific host to do some debugging -- so +# you can *replay real messages from the datagrepper history without having +# those broadcast to the rest of the bus*. +fedmsg_debug_loopback: False + +# These are used to: +# 1) configure mod_wsgi +# 2) open iptables rules for fedmsg (per wsgi thread) +# 3) declare enough fedmsg endpoints for the service +#wsgi_fedmsg_service: bodhi +#wsgi_procs: 4 +#wsgi_threads: 4 + +# By default, nodes don't backup any dbs on them unless they declare it. +dbs_to_backup: [] + +# by default the number of procs we allow before we whine +nrpe_procs_warn: 250 +nrpe_procs_crit: 300 + +# by default, the number of emails in queue before we whine +nrpe_check_postfix_queue_warn: 2 +nrpe_check_postfix_queue_crit: 5 + +# env is staging or production, we default it to production here. +env: production +env_suffix: + +# nfs mount options, override at the group/host level +nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" + +# by default set become to false here We can override it as needed. +# Note that if become is true, you need to unset requiretty for +# ssh controlpersist to work. +become: false + +# default the root_auth_users to nothing. +# This should be set for cloud instances in their host or group vars. +root_auth_users: '' + +# This vars get shoved into /etc/system_identification by the base role. +# Groups and individual hosts should override them with specific info. +# See http://infrastructure.fedoraproject.org/csi/security-policy/ +csi_security_category: Unspecified +csi_primary_contact: Fedora Admins - admin@fedoraproject.org +csi_purpose: Unspecified +csi_relationship: | + Unspecified. + * What hosts/services does this rely on? + * What hosts/services rely on this? + + To update this text, add the csi_* vars to group_vars/ in ansible. + # # say if we want the apache role dependency for mod_wsgi or not # In some cases we want mod_wsgi and no apache (for python3 httpaio stuff) # wsgi_wants_apache: true -# set no x-forward header by default -x_forward: false -# -# Template defaults are defined in the template macros. If we need a specific -# host to have different values for a macro, define it here. Use the macro name -# as it is in Zabbix so we can search for it easily. If you remove a key, -# Zabbix is *not* updated - set the value to "absent" instead. +# IPA settings +additional_host_keytabs: [] +ipa_server: ipa01.phx2.fedoraproject.org +ipa_realm: FEDORAPROJECT.ORG +ipa_admin_password: "{{ ipa_prod_admin_password }}" -# This is overriden at the host_var level, this is empty just so the var exists -zabbix_macros: {} +# Normal default sshd port is 22 +sshd_port: 22 -notes: | - Unspecified. - * What hosts/services does this rely on? - * What hosts/services rely on this? +# List of names under which the host is available +ssh_hostnames: [] + +# assume collectd apache +collectd_apache: true + +# assume vpn is false +vpn: False + +# assume createrepo is true and this builder has the koji nfs mount to do that +createrepo: True + +# Nagios global variables +nagios_Check_Services: + nrpe: true + sshd: true + named: false + dhcpd: false + httpd: false + swap: true + +# Set variable if we want to use our global iptables defaults +# Some things need to set their own. +baseiptables: True + +# Most of our machines have manual resolv.conf files +# These settings are for machines where NM is supposed to control resolv.conf. +nm_controlled_resolv: False +dns1: "10.5.126.21" +dns2: "10.5.126.22" diff --git a/inventory/group_vars/anitya-backend b/inventory/group_vars/anitya-backend new file mode 100644 index 0000000000..851cb93727 --- /dev/null +++ b/inventory/group_vars/anitya-backend @@ -0,0 +1,61 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 8192 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +custom_rules: [ + # Need for rsync from log01 for logs. + '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', + ] + +# No other ports open. no web service running here. +#tcp_ports: [] + +fas_client_groups: sysadmin-noc,sysadmin-veteran + +freezes: false + +# Don't use testing repos in production +testing: False + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: anitya + owner: root + group: fedmsg + can_send: + - anitya.project.version.update + + +fedmsg_prefix: org.release-monitoring +fedmsg_env: prod + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Fedora admins - admin@fedoraproject.org +csi_purpose: Run the 'anitya' backend cronjobs and database server +csi_relationship: | + There are a few things running here: + + - A number of cronjobs that scrape upstreams for new releases + - A postgres database server to be used by those crons and by + anitya-frontend01 + + - This host relies on: + - The fedmsg-relay daemon running on anitya-frontend01. + - Lots of external third-party services. The cronjobs make all kinds of + requests out to the Internet that can fail in various ways. + + - Things that rely on this host: + - The webapps running on anitya-frontend01 relies on the postgres db + server running on this node. diff --git a/inventory/group_vars/anitya-frontend b/inventory/group_vars/anitya-frontend new file mode 100644 index 0000000000..644932f87a --- /dev/null +++ b/inventory/group_vars/anitya-frontend @@ -0,0 +1,81 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +# 9940 is for the anitya public relay +tcp_ports: [ 80, 443, 9940 ] + +custom_rules: [ + # Need for rsync from log01 for logs. + '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', + # Need so that anitya-backend can talk fedmsg to our relay + '-A INPUT -p tcp -m tcp -s 140.211.169.230 --dport 9941 -j ACCEPT', + ] + +fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-veteran + +# Don't use testing repos in production +testing: False + +freezes: false +vpn: true +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: anitya + owner: root + group: apache + can_send: + - anitya.distro.add + - anitya.distro.edit + - anitya.distro.remove + - anitya.project.add + - anitya.project.add.tried + - anitya.project.edit + - anitya.project.flag + - anitya.project.flag.set + - anitya.project.map.new + - anitya.project.map.remove + - anitya.project.map.update + - anitya.project.remove + - anitya.project.version.remove + - anitya.project.version.update + +fedmsg_prefix: org.release-monitoring +fedmsg_env: prod + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Fedora admins - admin@fedoraproject.org +csi_purpose: Run the 'anitya' mod_wsgi app for release-monitoring.org +csi_relationship: | + There are a few things running here: + + - The apache/mod_wsgi app for release-monitoring.org + - A fedmsg-relay instance for anitya's local fedmsg bus + + - This host relies on: + - A postgres db server running on anitya-backend01 + - Lots of external third-party services. The anitya webapp can scrape + pypi, rubygems.org, sourceforge and many others on command. + + - Things that rely on this host: + - The Fedora Infrastructure bus subscribes to the anitya bus published + here by the local fedmsg-relay daemon at + tcp://release-monitoring.org:9940 + - the-new-hotness is a fedmsg-hub plugin running in FI on hotness01. It + listens for anitya messages from here and performs actions on koji and + bugzilla. + - anitya-backend01 expects to publish fedmsg messages via + anitya-frontend01's fedmsg-relay daemon. Access should be restricted by + firewall. diff --git a/inventory/group_vars/arm-packager b/inventory/group_vars/arm-packager new file mode 100644 index 0000000000..592beeebc9 --- /dev/null +++ b/inventory/group_vars/arm-packager @@ -0,0 +1,7 @@ +--- +fas_client_groups: packager +freezes: false +sudoers: "{{ private }}/files/sudo/arm-packager-sudoers" +sudoers_main: nopasswd +host_group: cloud +ansible_ifcfg_blacklist: true diff --git a/inventory/group_vars/arm-qa b/inventory/group_vars/arm-qa new file mode 100644 index 0000000000..0b11f8386b --- /dev/null +++ b/inventory/group_vars/arm-qa @@ -0,0 +1,8 @@ +--- +fas_client_groups: sysadmin-qa,arm-qa,qa +freezes: false +sudoers: "{{ private }}/files/sudo/arm-qa-sudoers" +sudoers_main: nopasswd +libdir: /usr/lib +host_group: cloud +ansible_ifcfg_blacklist: true diff --git a/inventory/group_vars/ask b/inventory/group_vars/ask new file mode 100644 index 0000000000..ee0a6e3fff --- /dev/null +++ b/inventory/group_vars/ask @@ -0,0 +1,54 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +tcp_ports: [ 80, 443, + # This port is required by gluster + 6996, + # These 12 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008, 3009, 30010, 3011, 3012] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-ask,fi-apprentice,sysadmin-veteran + +freezes: false + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: askbot + owner: root + group: apache + can_send: + - askbot.post.delete + - askbot.post.edit + - askbot.post.flag_offensive.add + - askbot.post.flag_offensive.delete + - askbot.tag.update + +virt_install_command: "{{ virt_install_command_rhel6 }}" + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Fedora admins - admin@fedoraproject.org +csi_purpose: Run the django webapp for ask.fedoraproject.org +csi_relationship: | + This depends on: + + - The database server on db01. + - memcached (specifically memcached02), but only in production. In staging, + a local-memory backend is used instead. + + Gotchas: + + - The packages for celery are installed, but we do not actually run or + depend on the celery daemon. + - There are *lots* of hotfixes in effect on this machine. diff --git a/inventory/group_vars/ask-stg b/inventory/group_vars/ask-stg new file mode 100644 index 0000000000..4e6a5a4c7d --- /dev/null +++ b/inventory/group_vars/ask-stg @@ -0,0 +1,54 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +tcp_ports: [ 80, 443, + # This port is required by gluster + 6996, + # These 8 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-ask,fi-apprentice,sysadmin-veteran + +freezes: false + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: askbot + owner: root + group: apache + can_send: + - askbot.post.delete + - askbot.post.edit + - askbot.post.flag_offensive.add + - askbot.post.flag_offensive.delete + - askbot.tag.update + +virt_install_command: "{{ virt_install_command_rhel6 }}" + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Fedora admins - admin@fedoraproject.org +csi_purpose: Run the django webapp for ask.fedoraproject.org +csi_relationship: | + This depends on: + + - The database server on db01. + - memcached (specifically memcached02), but only in production. In staging, + a local-memory backend is used instead. + + Gotchas: + + - The packages for celery are installed, but we do not actually run or + depend on the celery daemon. + - There are *lots* of hotfixes in effect on this machine. diff --git a/inventory/group_vars/autocloud-backend b/inventory/group_vars/autocloud-backend new file mode 100644 index 0000000000..d06346ec08 --- /dev/null +++ b/inventory/group_vars/autocloud-backend @@ -0,0 +1,69 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 6144 +num_cpus: 4 + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ + # These four ports are for outbound fedmsg + 3000, 3001, 3002, 3003, +] + +fas_client_groups: sysadmin-noc,sysadmin-fedimg,sysadmin-releng,sysadmin-veteran +sudoers: "{{ private }}/files/sudo/autocloud-backend" + +# These are hw boxes and don't use the NM ifconfig setup +ansible_ifcfg_blacklist: true + +# These people get told when something goes wrong. +fedmsg_error_recipients: +- sysadmin-fedimg-members@fedoraproject.org + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: autocloud + owner: root + group: fedmsg + can_send: + - autocloud.image + - autocloud.image.running + - autocloud.image.success + - autocloud.image.failed + - autocloud.image.queued + - autocloud.compose + - autocloud.compose.queued + - autocloud.compose.running + - autocloud.compose.complete + +# For the MOTD +csi_security_category: Moderate +csi_primary_contact: Cloudmeisters - sysadmin-fedimg-members@fedoraproject.org +csi_purpose: Run the autocloud testing backend +csi_relationship: | + This runs one of the two autocloud testing backends + + This host relies on: + - A postgres db server running on db01. The db is called 'autocloud'. + The two autocloud-backend nodes populate that database with results. + - fedmsg messages produced by koji indicating that new images were built. + - queries to koji directly to download that content. + + Running locally we have: + - fedmsg-hub which receives the initial notification from koji via fedmsg. + - redis, which stores a work queue populated by fedmsg + - the autocloud daemon, which pulls work from the redis queue and uses tunir + to test images in vagrant. + + There's a cronjob that kills vagrant every 10 minutes if it got stuck on the + last test. diff --git a/inventory/group_vars/autocloud-backend-stg b/inventory/group_vars/autocloud-backend-stg new file mode 100644 index 0000000000..e7956eb0d9 --- /dev/null +++ b/inventory/group_vars/autocloud-backend-stg @@ -0,0 +1,58 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 6144 +num_cpus: 4 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ + # These four ports are for outbound fedmsg + 3000, 3001, 3002, 3003, +] + +fas_client_groups: sysadmin-noc,sysadmin-fedimg,sysadmin-releng,sysadmin-veteran + +# These people get told when something goes wrong. +fedmsg_error_recipients: +- sysadmin-fedimg-members@fedoraproject.org + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: autocloud + owner: root + group: fedmsg + can_send: + - autocloud.image + - autocloud.image.running + - autocloud.image.success + - autocloud.image.failed + - autocloud.image.queued + +# For the MOTD +csi_security_category: Moderate +csi_primary_contact: Cloudmeisters - sysadmin-fedimg-members@fedoraproject.org +csi_purpose: Run the autocloud testing backend +csi_relationship: | + This runs one of the two autocloud testing backends + + This host relies on: + - A postgres db server running on db01. The db is called 'autocloud'. + The two autocloud-backend nodes populate that database with results. + - fedmsg messages produced by koji indicating that new images were built. + - queries to koji directly to download that content. + + Running locally we have: + - fedmsg-hub which receives the initial notification from koji via fedmsg. + - redis, which stores a work queue populated by fedmsg + - the autocloud daemon, which pulls work from the redis queue and uses tunir + to test images in vagrant. + + There's a cronjob that kills vagrant every 10 minutes if it got stuck on the + last test. diff --git a/inventory/group_vars/autocloud-web b/inventory/group_vars/autocloud-web new file mode 100644 index 0000000000..61ca98ecd2 --- /dev/null +++ b/inventory/group_vars/autocloud-web @@ -0,0 +1,30 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +# This doesn't actually produce fedmsg messages, so no need for this var. +#wsgi_fedmsg_service: autocloud +wsgi_procs: 2 +wsgi_threads: 2 + +tcp_ports: [ 80 ] + +fas_client_groups: sysadmin-noc,sysadmin-fedimg,sysadmin-releng,sysadmin-veteran + +# For the MOTD +csi_security_category: Moderate +csi_primary_contact: Cloudmeisters - sysadmin-fedimg-members@fedoraproject.org +csi_purpose: Run the readonly dashboard for autocloud results +csi_relationship: | + This only runs the mod_wsgi app for autocloud results. + https://apps.fedoraproject.org/autocloud + + - This host relies on: + - A postgres db server running on db01. The db is called 'autocloud'. + - That db gets populated with results by daemons running on the + autocloud-backend nodes. diff --git a/inventory/group_vars/autocloud-web-stg b/inventory/group_vars/autocloud-web-stg new file mode 100644 index 0000000000..0bc65c4744 --- /dev/null +++ b/inventory/group_vars/autocloud-web-stg @@ -0,0 +1,30 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 1 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +# This doesn't actually produce fedmsg messages, so no need for this var. +#wsgi_fedmsg_service: autocloud +wsgi_procs: 2 +wsgi_threads: 2 + +tcp_ports: [ 80 ] + +fas_client_groups: sysadmin-noc,sysadmin-fedimg,sysadmin-releng,sysadmin-veteran + +# For the MOTD +csi_security_category: Moderate +csi_primary_contact: Cloudmeisters - sysadmin-fedimg-members@fedoraproject.org +csi_purpose: Run the readonly dashboard for autocloud results +csi_relationship: | + This only runs the mod_wsgi app for autocloud results. + https://apps.fedoraproject.org/autocloud + + - This host relies on: + - A postgres db server running on db01. The db is called 'autocloud'. + - That db gets populated with results by daemons running on the + autocloud-backend nodes. diff --git a/inventory/group_vars/autocloudreporter b/inventory/group_vars/autocloudreporter new file mode 100644 index 0000000000..18b6db1b2a --- /dev/null +++ b/inventory/group_vars/autocloudreporter @@ -0,0 +1,2 @@ +# This var should never be set for more than one machine +autocloudreporter_prod: true diff --git a/inventory/group_vars/autosign b/inventory/group_vars/autosign index 05d2675432..a85a0276e3 100644 --- a/inventory/group_vars/autosign +++ b/inventory/group_vars/autosign @@ -1,32 +1,38 @@ --- -# Define resources for this group of hosts here. -ansible_ifcfg_allowlist: - - eth0 - - eth1 -# For the MOTD +# Define resources for this group of hosts here. +lvm_size: 30000 +mem_size: 2048 +num_cpus: 2 + # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file # Make connections from signing bridges stateless, they break sigul connections # https://bugzilla.redhat.com/show_bug.cgi?id=1283364 -custom_rules: ['-A INPUT --proto tcp --sport 44334 --source 10.3.169.120 -j ACCEPT'] -nft_custom_rules: ['add rule ip filter INPUT ip saddr 10.3.169.120 tcp sport 44334 counter accept'] +custom_rules: ['-A INPUT --proto tcp --sport 44334 --source sign-bridge01.phx2.fedoraproject.org,secondary-bridge01.phx2.fedoraproject.org -j ACCEPT'] + +ansible_ifcfg_whitelist: +- eth0 +- eth1 + +fas_client_groups: sysadmin-releng host_group: autosign -ipa_client_shell_groups: - - sysadmin-releng -ipa_client_sudo_groups: - - sysadmin-releng -ipa_host_group: autosign -ipa_host_group_desc: Hosts signing content automatically -lvm_size: 30000 -mem_size: 2048 + +fedmsg_error_recipients: +- puiterwijk@fedoraproject.org + nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" -num_cpus: 2 -notes: | - Automatically sign Rawhide and Branched packages +# For the MOTD +csi_security_category: High +csi_primary_contact: Release Engineering - rel-eng@lists.fedoraproject.org +csi_purpose: Automatically sign Rawhide and Branched packages +csi_relationship: | + This host will run the autosigner.py script which should automatically sign + new rawhide and branched builds. It listens to koji over fedmsg for + notifications of new builds, and then asks sigul, the signing server, to + sign the rpms and store the new rpm header back in Koji. - This host will run the robosignatory application which should automatically sign - builds. It listens to koji over fedora-messaging for notifications of new builds, - and then asks sigul, the signing server, to sign the rpms and store the new rpm - header back in Koji. + The script[1] currently runs in the foreground from a git checkout. + + [1] https://pagure.io/releng/blob/master/f/scripts/autosigner.py diff --git a/inventory/group_vars/autosign-hardware b/inventory/group_vars/autosign-hardware new file mode 100644 index 0000000000..506511fe24 --- /dev/null +++ b/inventory/group_vars/autosign-hardware @@ -0,0 +1,6 @@ +--- +# Make connections from signing bridges stateless, they break sigul connections +# https://bugzilla.redhat.com/show_bug.cgi?id=1283364 +custom_rules: ['-A INPUT --proto tcp --sport 44334 --source sign-bridge01.phx2.fedoraproject.org,secondary-bridge01.phx2.fedoraproject.org -j ACCEPT'] + +host_group: autosign diff --git a/inventory/group_vars/autosign_hardware b/inventory/group_vars/autosign_hardware deleted file mode 100644 index e7d8154757..0000000000 --- a/inventory/group_vars/autosign_hardware +++ /dev/null @@ -1,6 +0,0 @@ ---- -# Make connections from signing bridges stateless, they break sigul connections -# https://bugzilla.redhat.com/show_bug.cgi?id=1283364 -custom_rules: ['-A INPUT --proto tcp --sport 44334 --source 10.3.169.120 -j ACCEPT'] -nft_custom_rules: ['add rule ip filter INPUT ip saddr 10.3.169.120 tcp sport 44334 counter accept'] -host_group: autosign diff --git a/inventory/group_vars/backup b/inventory/group_vars/backup deleted file mode 100644 index 9b19481128..0000000000 --- a/inventory/group_vars/backup +++ /dev/null @@ -1,2 +0,0 @@ ---- -primary_auth_source: ipa diff --git a/inventory/group_vars/badges-backend b/inventory/group_vars/badges-backend new file mode 100644 index 0000000000..60c591c335 --- /dev/null +++ b/inventory/group_vars/badges-backend @@ -0,0 +1,59 @@ +--- +lvm_size: 20000 +mem_size: 6144 +num_cpus: 2 +freezes: false + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 3000, 3001, 3002, 3003, + 3004, 3005, 3006, 3007 ] + +fas_client_groups: sysadmin-noc,sysadmin-badges,sysadmin-veteran + +# These people get told when something goes wrong. +fedmsg_error_recipients: +- sysadmin-badges-members@fedoraproject.org + + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: fedbadges + owner: root + group: fedmsg + can_send: + - fedbadges.badge.award + - fedbadges.person.rank.advance + + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Badges admins - sysadmin-badges-members@fedoraproject.org +csi_purpose: Run fedmsg-hub with the fedbadges plugin to award badges (+ some crons) +csi_relationship: | + fedbadges integrates many different services.. + + * The fedbadges fedmsg-hub plugin relies on: + * the fedmsg bus, to deliver messages + * pkgdb, for queries about who owns what packages + * fas, to lookup what irc nick corresponds to what fas user. + * db-datanommer for the fedmsg history + * db01, for storing badge awards + + * badges-web01 will be expecting to display badges entered into the tahrir + db on db01. So, if badges stop showing up there, the problem is likely + here. + + * Locally, of note there exists: + * a git repo of badge rules and images to be synced here by ansible + to /usr/share/badges/ + * a local file cache in /var/tmp/fedbadges-cache.dbm (not memcached, atm) + * Furthermore, there are a ton of cronjobs for awarding badges in + /usr/share/badges/cronjobs/ that depends on all sorts of third parties + (flickr, google+, libravatar, etc..). diff --git a/inventory/group_vars/badges-backend-stg b/inventory/group_vars/badges-backend-stg new file mode 100644 index 0000000000..0e4b7ae6e7 --- /dev/null +++ b/inventory/group_vars/badges-backend-stg @@ -0,0 +1,58 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 3000, 3001, 3002, 3003, + 3004, 3005, 3006, 3007 ] + +fas_client_groups: sysadmin-noc,sysadmin-badges,sysadmin-veteran + +# These people get told when something goes wrong. +fedmsg_error_recipients: +- sysadmin-badges-members@fedoraproject.org + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: fedbadges + owner: root + group: fedmsg + can_send: + - fedbadges.badge.award + - fedbadges.person.rank.advance + + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Badges admins - sysadmin-badges-members@fedoraproject.org +csi_purpose: Run fedmsg-hub with the fedbadges plugin to award badges (+ some crons) +csi_relationship: | + fedbadges integrates many different services.. + + * The fedbadges fedmsg-hub plugin relies on: + * the fedmsg bus, to deliver messages + * pkgdb, for queries about who owns what packages + * fas, to lookup what irc nick corresponds to what fas user. + * db-datanommer for the fedmsg history + * db01, for storing badge awards + + * badges-web01 will be expecting to display badges entered into the tahrir + db on db01. So, if badges stop showing up there, the problem is likely + here. + + * Locally, of note there exists: + * a git repo of badge rules and images to be synced here by ansible + to /usr/share/badges/ + * a local file cache in /var/tmp/fedbadges-cache.dbm (not memcached, atm) + * Furthermore, there are a ton of cronjobs for awarding badges in + /usr/share/badges/cronjobs/ that depends on all sorts of third parties + (flickr, google+, libravatar, etc..). diff --git a/inventory/group_vars/badges-web b/inventory/group_vars/badges-web new file mode 100644 index 0000000000..7489a003b5 --- /dev/null +++ b/inventory/group_vars/badges-web @@ -0,0 +1,60 @@ +--- +lvm_size: 20000 +mem_size: 4096 +num_cpus: 2 +freezes: false + +# Definining these vars has a number of effects +# 1) mod_wsgi is configured to use the vars for its own setup +# 2) iptables opens enough ports for all threads for fedmsg +# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads +wsgi_fedmsg_service: tahrir +wsgi_procs: 2 +wsgi_threads: 2 + +tcp_ports: [ 80 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-badges,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: tahrir + owner: root + group: tahrir + can_send: + - fedbadges.badge.award + - fedbadges.person.rank.advance + - fedbadges.person.login.first + + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Badges admins - sysadmin-badges-members@fedoraproject.org +csi_purpose: Run the 'tahrir' mod_wsgi app to display badges.fedoraproject.org +csi_relationship: | + The apache/mod_wsgi app is the only thing really running here + + * This host relies on: + * db01 for its database of badge awards (and users, etc..) + * a collection of .pngs in /usr/share/badges/pngs put there by ansible + * memcached! + + * Conversely, a few things rely on this site: + * We have a mediawiki plugin that hits a JSON endpoint to display badges. + It should be resilient, but issues in the badges app may cascade into + mediawiki issues in the event of faults. + * fedora-mobile (the android app) queries the JSON api here. + * zodbot has a .badges command that queries the JSON api here. + * openbadges.org may call back to this app to verify that badge assertions + are really certified by us (this will happen anytime someone exports + their fedora badges to the mozilla universe via the tahrir web + interface, but may also happen later in the future to ensure we did not + revoke such and such badge). diff --git a/inventory/group_vars/badges-web-stg b/inventory/group_vars/badges-web-stg new file mode 100644 index 0000000000..4e3c70f92f --- /dev/null +++ b/inventory/group_vars/badges-web-stg @@ -0,0 +1,60 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +# Definining these vars has a number of effects +# 1) mod_wsgi is configured to use the vars for its own setup +# 2) iptables opens enough ports for all threads for fedmsg +# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads +wsgi_fedmsg_service: tahrir +wsgi_procs: 2 +wsgi_threads: 2 + +tcp_ports: [ 80 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-badges,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: tahrir + owner: root + group: tahrir + can_send: + - fedbadges.badge.award + - fedbadges.person.rank.advance + - fedbadges.person.login.first + + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Badges admins - sysadmin-badges-members@fedoraproject.org +csi_purpose: Run the 'tahrir' mod_wsgi app to display badges.fedoraproject.org +csi_relationship: | + The apache/mod_wsgi app is the only thing really running here + + * This host relies on: + * db01 for its database of badge awards (and users, etc..) + * a collection of .pngs in /usr/share/badges/pngs put there by ansible + * memcached! + + * Conversely, a few things rely on this site: + * We have a mediawiki plugin that hits a JSON endpoint to display badges. + It should be resilient, but issues in the badges app may cascade into + mediawiki issues in the event of faults. + * fedora-mobile (the android app) queries the JSON api here. + * zodbot has a .badges command that queries the JSON api here. + * openbadges.org may call back to this app to verify that badge assertions + are really certified by us (this will happen anytime someone exports + their fedora badges to the mozilla universe via the tahrir web + interface, but may also happen later in the future to ensure we did not + revoke such and such badge). diff --git a/inventory/group_vars/basset b/inventory/group_vars/basset new file mode 100644 index 0000000000..380cc934d8 --- /dev/null +++ b/inventory/group_vars/basset @@ -0,0 +1,17 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 30000 +mem_size: 4096 +num_cpus: 2 + +custom_rules: [ + # fas01, fas02, and fas03 + '-A INPUT -p tcp -m tcp -s 10.5.126.25 --dport 80 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.126.26 --dport 80 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.126.30 --dport 80 -j ACCEPT', + # wiki01, wiki02 + '-A INPUT -p tcp -m tcp -s 10.5.126.63 --dport 80 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.126.73 --dport 80 -j ACCEPT', +] + +fas_client_groups: sysadmin-main diff --git a/inventory/group_vars/basset-stg b/inventory/group_vars/basset-stg new file mode 100644 index 0000000000..34b7f70419 --- /dev/null +++ b/inventory/group_vars/basset-stg @@ -0,0 +1,14 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 4096 +num_cpus: 2 + +custom_rules: [ + # fas01.stg + '-A INPUT -p tcp -m tcp -s 10.5.128.129 --dport 80 -j ACCEPT', + # wiki01.stg + '-A INPUT -p tcp -m tcp -s 10.5.128.188 --dport 80 -j ACCEPT', +] + +fas_client_groups: sysadmin-main diff --git a/inventory/group_vars/bastion b/inventory/group_vars/bastion index a8d9506bbf..757ebfe446 100644 --- a/inventory/group_vars/bastion +++ b/inventory/group_vars/bastion @@ -1,73 +1,57 @@ --- # Define resources for this group of hosts here. -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should override them with specific info. -# -# drop incoming traffic from less trusted vpn hosts -# allow ntp from internal RH 10 nets -# -custom_rules: ['-A INPUT -s 192.168.100/24 -j REJECT --reject-with icmp-host-prohibited', '-A INPUT -s 10.0.0.0/8 -p udp -m udp --dport 123 -j ACCEPT'] -nft_block_rules: - - 'add rule ip filter INPUT ip saddr 192.168.100.0/24 counter reject with icmp type host-prohibited' - - 'add rule ip filter INPUT ip saddr 10.0.0.0/8 udp dport 123 counter accept' -# -# This host is externally reachable -# -external: true -# -# Set this to get fasclient cron to make the aliases file -# -fas_aliases: true -# -# Set this to get fasjson-client cron to make the aliases file -# -fasjson_aliases: false -fasjson_url: https://fasjson.fedoraproject.org/ -host_group: bastion -ipa_client_shell_groups: - - pungi-devel - - sysadmin-analysis - - sysadmin-dba - - sysadmin-eln - - sysadmin-ppc - - sysadmin-secondary - - sysadmin-spin - - sysadmin-troubleshoot - - sysadmin-qa - - sysadmin-kernel - - sysadmin-riscv -ipa_client_shell_groups_inherit_from: - - batcave -# allow a bunch of sysadmin groups here so they can access internal stuff -ipa_host_group: bastion -ipa_host_group_desc: Bastion hosts lvm_size: 20000 mem_size: 8192 -nagios_Check_Services: - mail: false - nrpe: true -nrpe_procs_crit: 1200 -# -# Sometimes there are lots of postfix processes -# -nrpe_procs_warn: 1100 num_cpus: 4 + +# +# allow incoming openvpn and smtp +# +tcp_ports: [ 25, 1194 ] +udp_ports: [ 1194 ] + +# +# drop incoming traffic from less trusted vpn hosts +# allow ntp from internal phx2 10 nets +# +custom_rules: [ + '-A INPUT -s 192.168.100/24 -j REJECT --reject-with icmp-host-prohibited', + '-A INPUT -s 10.0.0.0/8 -p udp -m udp --dport 123 -j ACCEPT', +] +# +# allow a bunch of sysadmin groups here so they can access internal stuff + +# TODO - remove modularity-wg membership here once it is not longer needed: +# https://fedorahosted.org/fedora-infrastructure/ticket/5363 +fas_client_groups: sysadmin-ask,sysadmin-web,sysadmin-main,sysadmin-cvs,sysadmin-build,sysadmin-noc,sysadmin-releng,sysadmin-dba,sysadmin-hosted,sysadmin-tools,sysadmin-spin,sysadmin-cloud,fi-apprentice,sysadmin-darkserver,sysadmin-badges,sysadmin-troubleshoot,sysadmin-qa,sysadmin-centos,sysadmin-ppc,sysadmin-koschei,sysadmin-secondary,sysadmin-fedimg,sysadmin-veteran,sysadmin-mbs,modularity-wg,pungi-devel + # # This is a postfix gateway. This will pick up gateway postfix config in base # postfix_group: gateway postfix_transport_filename: transports.gateway -primary_auth_source: ipa -# -# allow incoming openvpn and smtp -# -tcp_ports: [22, 1194] -udp_ports: [1194] -notes: | - SSH proxy to access infrastructure not exposed to the web +# +# Set this to get fasclient cron to make the aliases file +# +fas_aliases: true + +# +# Sometimes there are lots of postfix processes +# +nrpe_procs_warn: 1100 +nrpe_procs_crit: 1200 + +# These variables are pushed into /etc/system_identification by the base role. +# Groups and individual hosts should override them with specific info. +# See http://infrastructure.fedoraproject.org/csi/security-policy/ + +csi_security_category: High +csi_primary_contact: sysadmin-main admin@fedoraproject.org +csi_purpose: SSH proxy to access infrastructure not exposed to the web +csi_relationship: | + - Provides ssh access to all phx2/vpn connected servers. + - Bastion is the hub for all infrastructure's VPN connections. + - All incoming SMTP from phx2 and VPN, as well as outgoing SMTP, pass or are filtered here. + - Bastion does not accept any mail outside phx2/vpn. - * Provides ssh access to all iad2/vpn connected servers. - * Bastion is the hub for all infrastructure's VPN connections. - * All incoming SMTP from iad2 and VPN, as well as outgoing SMTP, pass or are filtered here. - * Bastion does not accept any mail outside phx2/vpn. diff --git a/inventory/group_vars/bastion_stg b/inventory/group_vars/bastion_stg deleted file mode 100644 index 2338bb77c0..0000000000 --- a/inventory/group_vars/bastion_stg +++ /dev/null @@ -1,56 +0,0 @@ ---- -# Define resources for this group of hosts here. -bastion_ipa_client_shell_groups: - - pungi-devel - - sysadmin-analysis - - sysadmin-dba - - sysadmin-ppc - - sysadmin-secondary - - sysadmin-spin - - sysadmin-troubleshoot -# this only works if the `batcave_stg` group and at least one host in it is defined -# batcave_ipa_client_shell_groups: "{{ hostvars[groups['batcave_stg'][0]]['ipa_client_shell_groups'] | default([]) }}" -batcave_ipa_client_shell_groups: [] -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should override them with specific info. -# -# drop incoming traffic from less trusted vpn hosts -# allow ntp from internal RH 10 nets -# -custom_rules: ['-A INPUT -s 192.168.100/24 -j REJECT --reject-with icmp-host-prohibited', '-A INPUT -s 10.0.0.0/8 -p udp -m udp --dport 123 -j ACCEPT'] -nft_block_rules: - - 'add rule ip filter INPUT ip saddr 192.168.100.0/24 counter reject with icmp type host-prohibited' - - 'add rule ip filter INPUT ip saddr 10.0.0.0/8 udp dport 123 counter accept' -# -# Set this to get fasjson-client cron to make the aliases file -# -fasjson_aliases: true -ipa_client_shell_groups: "{{ (bastion_ipa_client_shell_groups + batcave_ipa_client_shell_groups) | sort | unique }}" -# -# allow a bunch of sysadmin groups here so they can access internal stuff -# -ipa_host_group: bastion -ipa_host_group_desc: Bastion hosts -lvm_size: 20000 -mem_size: 8192 -nagios_Check_Services: - mail: false - nrpe: true -nrpe_procs_crit: 1200 -# -# Sometimes there are lots of postfix processes -# -nrpe_procs_warn: 1100 -num_cpus: 4 -# -# allow incoming openvpn and smtp -# -tcp_ports: [22, 25, 1194] -udp_ports: [1194] - -notes: | - SSH proxy to access STAGING infrastructure not exposed to the web - * Provides ssh access to all iad2/vpn connected servers. - * Bastion is the hub for all infrastructure's VPN connections. - * All incoming SMTP from iad2 and VPN, as well as outgoing SMTP, pass or are filtered here. - * Bastion does not accept any mail outside phx2/vpn. diff --git a/inventory/group_vars/batcave b/inventory/group_vars/batcave index a80212a130..a32bcf9d17 100644 --- a/inventory/group_vars/batcave +++ b/inventory/group_vars/batcave @@ -1,69 +1,52 @@ --- -ansible_base: /srv/web/infra -# For the MOTD -# Neeed for rsync from log01 for logs. -custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'] -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept' -# -# This host is externally reachable -# -external: true -freezes: true -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-ask - - sysadmin-badges - - sysadmin-bot - - sysadmin-centos - - sysadmin-cloud - - sysadmin-copr - - sysadmin-coreos - - sysadmin-cvs - - sysadmin-datanommer - - sysadmin-debuginfod - - sysadmin-koschei - - sysadmin-libravatar - - sysadmin-messaging - - sysadmin-noc - - sysadmin-osbuild - - sysadmin-openscanhub - - sysadmin-qa - - sysadmin-retrace - - sysadmin-releasemonitoring - - sysadmin-releng - - sysadmin-tools - - sysadmin-upstreamfirst - - sysadmin-veteran - - sysadmin-web -ipa_host_group: batcave -ipa_host_group_desc: The Bat Cave -lvm_size: 750000 +lvm_size: 500000 mem_size: 24576 -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 num_cpus: 10 -primary_auth_source: ipa -tcp_ports: [80, 443, 8442, 8443] + +tcp_ports: [ 80, 443 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-ask,sysadmin-build,sysadmin-cvs,sysadmin-main,sysadmin-web,sysadmin-noc,sysadmin-hosted,sysadmin-releng,sysadmin-qa,sysadmin-tools,sysadmin-cloud,sysadmin-bot,sysadmin-centos,sysadmin-koschei,sysadmin-datanommer,sysadmin-fedimg,fi-apprentice,sysadmin-regcfp,sysadmin-badges,sysadmin-mbs,sysadmin-veteran + +ansible_base: /srv/web/infra +freezes: false +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" + +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - ansible.playbook.complete + - ansible.playbook.start + - logger.log +- service: scm + owner: root + group: sysadmin + can_send: + - infragit.receive + +# For the MOTD +csi_security_category: High +csi_primary_contact: admin@fedoraproject.org / sysadmin-main-members +csi_purpose: Central management host for ansible +csi_relationship: | + From the batcave batman ventures out to fight crime and protect gotham city! + + batcave is the central management host for ansible. + It also is the infrastructure.fedoraproject.org website with various content. + It houses a number of infrastructure git repos. + + * This host relies on: + The virthost it's hosted on (virthost22) + + * Things that rely on this host: + Things that access rhel/fedora/infra rpm repos, including builders and infra hosts. + If this host is down, ansible runs cannot be made to update other hosts. + If this host is down, crime may go up in gotham city. + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 vpn: true -nagios_Check_Services: - swap: false - -notes: | - Central management host for ansible - - From the batcave batman ventures out to fight crime and protect gotham city! - - batcave is the central management host for ansible. - It also is the infrastructure.fedoraproject.org website with various content. - It houses a number of infrastructure git repos. - - This host relies on: - * The virthost it's hosted on (virthost22) - - Things that rely on this host: - * Things that access rhel/fedora/infra rpm repos, including builders and infra hosts. - * If this host is down, ansible runs cannot be made to update other hosts. - * If this host is down, crime may go up in gotham city. diff --git a/inventory/group_vars/beaker b/inventory/group_vars/beaker new file mode 100644 index 0000000000..1f51c08b65 --- /dev/null +++ b/inventory/group_vars/beaker @@ -0,0 +1,51 @@ +--- +lvm_size: 50000 +mem_size: 4096 +num_cpus: 2 + +tcp_ports: [ 80, 443, 8000 ] +udp_ports: [ 69 ] +fas_client_groups: sysadmin-qa,sysadmin-main,fi-apprentice,sysadmin-noc,sysadmin-veteran +nrpe_procs_warn: 250 +nrpe_procs_crit: 300 + +freezes: false + +virt_install_command: "{{ virt_install_command_one_nic }}" + +# settings for the beaker db, server and lab controller +beaker_db_host: localhost +beaker_db_name: beaker +beaker_db_user: "{{ prod_beaker_db_user }}" +beaker_db_password: "{{ prod_beaker_db_password }}" +mariadb_root_password: "{{ prod_beaker_mariadb_root_password }}" + +beaker_server_url: "https://beaker.qa.fedoraproject.org" +beaker_server_cname: "beaker.qa.fedoraproject.org" +beaker_server_hostname: "beaker01.qa.fedoraproject.org" +beaker_server_admin_user: "{{ prod_beaker_server_admin_user }}" +beaker_server_admin_pass: "{{ prod_beaker_server_admin_pass }}" +beaker_server_email: "sysadmin-qa-members@fedoraproject.org" + +beaker_oidc_token_info_url: "https://id.fedoraproject.org/openidc/TokenInfo" +beaker_oidc_client_id: "beaker-prod" +beaker_oidc_client_secret: "{{ prod_beaker_oidc_client_secret }}" + +beaker_lab_controller_username: "host/beaker01.qa.fedoraproject.org" +beaker_lab_controller_password: "{{ prod_beaker_lab_controller_password }}" + +extra_enablerepos: '' + +# These variables are pushed into /etc/system_identification by the base role. +# Groups and individual hosts should ovveride them with specific info. +# See http://infrastructure.fedoraproject.org/csi/security-policy/ + +csi_security_category: Low +csi_primary_contact: Fedora Admins - admin@fedoraproject.org +csi_purpose: Manage and automate labs of test computers +csi_relationship: | + There are a couple of things running here. + - beaker lab controller which serves files for network booting, monitors + console logs, and executes fence commands to reboot systems. + - tftp server run by the lab controller for pxe booting provisioned systems + . libvirt for virtualization capabilities diff --git a/inventory/group_vars/beaker-stg b/inventory/group_vars/beaker-stg new file mode 100644 index 0000000000..2866daf988 --- /dev/null +++ b/inventory/group_vars/beaker-stg @@ -0,0 +1,37 @@ +--- +lvm_size: 50000 +mem_size: 4096 +num_cpus: 2 + +tcp_ports: [ 80, 443, 8000 ] +udp_ports: [ 69 ] +fas_client_groups: sysadmin-qa,sysadmin-main,fi-apprentice,sysadmin-noc,sysadmin-veteran +nrpe_procs_warn: 250 +nrpe_procs_crit: 300 + +freezes: false + +virt_install_command: "{{ virt_install_command_rhel6 }}" + +# settings for the beaker db, server and lab controller +beaker_db_host: localhost +beaker_db_name: beaker +beaker_db_user: "{{ stg_beaker_db_user }}" +beaker_db_password: "{{ stg_beaker_db_password }}" +mariadb_root_password: "{{ stg_beaker_mariadb_root_password }}" + +beaker_server_url: "https://beaker.stg.qa.fedoraproject.org" +beaker_server_cname: "beaker.stg.fedoraproject.org" +beaker_server_hostname: "beaker-stg01.qa.fedoraproject.org" +beaker_server_admin_user: "{{ stg_beaker_server_admin_user }}" +beaker_server_admin_pass: "{{ stg_beaker_server_admin_pass }}" +beaker_server_email: "sysadmin-qa-members@fedoraproject.org" + +beaker_oidc_token_info_url: "https://id.stg.fedoraproject.org/openidc/TokenInfo" +beaker_oidc_client_id: "beaker-stg" +beaker_oidc_client_secret: "{{ stg_beaker_oidc_client_secret }}" + +beaker_lab_controller_username: "host/beaker-stg01.qa.fedoraproject.org" +beaker_lab_controller_password: "{{ stg_beaker_lab_controller_password }}" + +extra_enablerepos: '' diff --git a/inventory/group_vars/beaker-virthosts b/inventory/group_vars/beaker-virthosts new file mode 100644 index 0000000000..783fa86669 --- /dev/null +++ b/inventory/group_vars/beaker-virthosts @@ -0,0 +1,10 @@ +--- +virthost: true +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +libvirt_remote_pubkey: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsxg20+vmLTt/U23x6yBtxU6N2Ool8ddlC5TFwr3FktCM7hcxkQ/funJ3VD5v9iN7Qg09g2YsPaPTfvmOPOP4bzX+/Fk8vJJb5nVg++XbS80Uw62eofr8g68ZPf6IWLEBiZ8/hmumK3TxTmsj/jn17bZBFTcQL7sB7Q4y7TxODt+5W9/0mJTLXbKoCvV+BCpxEfokx+50vVcX5CxXLHdgrdhPzKHcBHKtX6d2W8xzFj2dCThgAXl5tULYI1xP0BYTOtG+RaTNQWme4JxNlQZB8xbCxN2U+e1NpZl1Hn7Y9MbRL+nLfMIuWNJjYzUTGP3o9m2Tl9RCc2nhuS652rjfcQ== tflink@imagebuilder.qa.fedoraproject.org' +libvirt_user: "{{ beaker_libvirt_user }}" + +# beaker is not a production service, so the virthosts aren't frozen +freezes: false diff --git a/inventory/group_vars/bkernel b/inventory/group_vars/bkernel index 9b95778e18..5548753b22 100644 --- a/inventory/group_vars/bkernel +++ b/inventory/group_vars/bkernel @@ -1,12 +1,6 @@ --- host_group: kojibuilder -# Both of these default to sysadmin-main in the ipa/client role -ipa_client_shell_groups: [] -ipa_client_sudo_groups: [] -ipa_host_group: kojibuilder-kernel -ipa_host_group_desc: Koji Build hosts for kernel builds -koji_hub_nfs: "fedora_koji" -koji_instance: "primary" + koji_server_url: "https://koji.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.fedoraproject.org/" koji_weburl: "https://koji.fedoraproject.org/koji" +koji_topurl: "https://kojipkgs.fedoraproject.org/" diff --git a/inventory/group_vars/blockerbugs b/inventory/group_vars/blockerbugs new file mode 100644 index 0000000000..49c18a2908 --- /dev/null +++ b/inventory/group_vars/blockerbugs @@ -0,0 +1,38 @@ +--- +lvm_size: 30000 +mem_size: 4096 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, 8888 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-qa,sysadmin-veteran +sudoers: "{{ private }}/files/sudo/qadevel-sudoers" + +# This gets overridden by whichever node we want to run special cronjobs. +master_blockerbugs_node: False + +host_group: blockerbugs + +blockerbugs_secret_key: "{{ stg_blockerbugs_secret_key }}" +blockerbugs_bugzilla_url: 'https://bugzilla.redhat.com/' +blockerbugs_bodhi_url: 'https://bodhi.fedoraproject.org/' +blockerbugs_koji_url: "http://koji.fedoraproject.org/" + +############################################################ +# blockerbugs db details +############################################################ + +blockerbugs_db_host_machine: db01.phx2.fedoraproject.org +blockerbugs_db_host: "{{ blockerbugs_db_host_machine }}" +blockerbugs_db_port: 5432 +blockerbugs_db_name: blockerbugs +# these aren't right but they're just placeholders for now +blockerbugs_db_user: "{{ prod_blockerbugs_db_user }}" +blockerbugs_db_password: "{{ prod_blockerbugs_db_password }}" + diff --git a/inventory/group_vars/blockerbugs-stg b/inventory/group_vars/blockerbugs-stg new file mode 100644 index 0000000000..51bf6a047d --- /dev/null +++ b/inventory/group_vars/blockerbugs-stg @@ -0,0 +1,39 @@ +--- +lvm_size: 30000 +mem_size: 4096 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, 8888 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-qa,sysadmin-veteran +sudoers: "{{ private }}/files/sudo/qadevel-sudoers" + +# This gets overridden by whichever node we want to run special cronjobs. +master_blockerbugs_node: False + +blockerbugs_secret_key: "{{ stg_blockerbugs_secret_key }}" + +blockerbugs_bugzilla_url: 'https://bugzilla.redhat.com/' +blockerbugs_bodhi_url: 'https://bodhi.fedoraproject.org/' +blockerbugs_koji_url: "http://koji.fedoraproject.org/" +# these are to use stg stuff but that often doesn't work well +#blockerbugs_bugzilla_url: 'https://partner-bugzilla.redhat.com/' +#blockerbugs_bodhi_url: 'https://bodhi.stg.fedoraproject.org/' + +############################################################ +# blockerbugs db details +############################################################ + +blockerbugs_db_host_machine: db01.stg.phx2.fedoraproject.org +blockerbugs_db_host: "{{ blockerbugs_db_host_machine }}" +blockerbugs_db_port: 5432 +blockerbugs_db_name: blockerbugs +blockerbugs_db_user: "{{ stg_blockerbugs_db_user }}" +blockerbugs_db_password: "{{ stg_blockerbugs_db_password }}" + diff --git a/inventory/group_vars/bodhi-backend b/inventory/group_vars/bodhi-backend new file mode 100644 index 0000000000..728483058b --- /dev/null +++ b/inventory/group_vars/bodhi-backend @@ -0,0 +1,50 @@ +--- +# common items for the releng-* boxes +lvm_size: 100000 +mem_size: 16384 +num_cpus: 16 +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +virt_install_command: "{{ virt_install_command_two_nic }}" + +# Do not use testing repositories on production +testing: False + +# These are for fedmsg publication from the bodhi backend. +# If you change these iptables rules, you also need to changes the endpoints +# list in roles/fedmsg/base/templates/endpoints-bodhi.py +tcp_ports: [ + 3000, 3001, 3002, 3003, 3004, + 3005, 3006, 3007, 3008, 3009, + 3010, 3011, 3012, 3013, 3014, + 3015, 3016, 3017, 3018, 3019, +] +# Make connections from signing bridges stateless, they break sigul connections +# https://bugzilla.redhat.com/show_bug.cgi?id=1283364 +custom_rules: ['-A INPUT --proto tcp --sport 44334 --source 10.5.125.71 -j ACCEPT'] + +# With 16 cpus, theres a bunch more kernel threads +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +host_group: bodhi2 + +# These people get told when something goes wrong. +fedmsg_error_recipients: +- bodhiadmin-members@fedoraproject.org + +## XXX -- note that the fedmsg_certs declaration does not happen here, but +# happens instead at the inventory/host_vars/ level since bodhi-backend03 and +# bodhi-backend02 have different roles and responsibilities. + +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" + +fas_client_groups: sysadmin-releng,sysadmin-bodhi +sudoers: "{{ private }}/files/sudo/00releng-sudoers" + +## XXX - note that the csi_ stuff is kept at the host_vars/ level. diff --git a/inventory/group_vars/bodhi-backend-stg b/inventory/group_vars/bodhi-backend-stg new file mode 100644 index 0000000000..20937ad041 --- /dev/null +++ b/inventory/group_vars/bodhi-backend-stg @@ -0,0 +1,104 @@ +--- +# common items for the releng-* boxes +lvm_size: 100000 +mem_size: 4096 +num_cpus: 2 +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +# Use the infra-testing repo +testing: True + +# These are for fedmsg publication from the bodhi backend. +# If you change these iptables rules, you also need to changes the endpoints +# list in roles/fedmsg/base/templates/endpoints-bodhi.py +tcp_ports: [ + 3000, 3001, 3002, 3003, 3004, + 3005, 3006, 3007, 3008, 3009, + 3010, 3011, 3012, 3013, 3014, + 3015, 3016, 3017, 3018, 3019, +] + +# Make connections from signing bridges stateless, they break sigul connections +# https://bugzilla.redhat.com/show_bug.cgi?id=1283364 +custom_rules: ['-A INPUT --proto tcp --sport 44334 --source sign-bridge01.phx2.fedoraproject.org -j ACCEPT'] + +# With 16 cpus, theres a bunch more kernel threads +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +host_group: bodhi2 + +# These people get told when something goes wrong. +fedmsg_error_recipients: +- bodhiadmin-members@fedoraproject.org + +# These set a config value in /etc/fedmsg.d/, see roles/bodhi2/base/ +# They are both true for the single bodhi-backend node in stg. +bodhi_masher_enabled: True +bodhi_updates_handler_enabled: True +bodhi_signed_handler_enabled: True + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +# This first cert is used by the push-tool. releng members run it and it fires +# off a simple fedmsg message that the masher (running as fedmsg-hub) is +# listening for. It then does all the worker. +- service: shell + owner: root + group: masher + can_send: + - bodhi.masher.start + - logger.log +# These are certs for the masher to publish its own messages as it progresses. +- service: bodhi + owner: root + group: masher + can_send: + - bodhi.mashtask.complete + - bodhi.mashtask.mashing + - bodhi.mashtask.start + - bodhi.mashtask.sync.done + - bodhi.mashtask.sync.wait + - bodhi.errata.publish + - bodhi.update.eject + - bodhi.update.complete.testing + - bodhi.update.complete.stable + - bodhi.buildroot_override.untag +- service: ftpsync + owner: root + group: ftpsync + can_send: + - bodhi.updates.epel.sync + - bodhi.updates.fedora.sync + +fas_client_groups: sysadmin-releng,sysadmin-bodhi +sudoers: "{{ private }}/files/sudo/00releng-sudoers" + + +# For the MOTD +csi_security_category: Moderate +csi_primary_contact: Releng Admins sysadmin-releng-members@fedoraproject.org +csi_purpose: Run the Bodhi masher. +csi_relationship: | + The mashing of repos here happens as part of the 'fedmsg-hub' daemon. Check + logs with 'journalctl -u fedmsg-hub'. Check the bodhi masher docs/code for + more detail on what it does: + https://github.com/fedora-infra/bodhi/blob/develop/bodhi/consumers/masher.py + + * This host relies on: + * db01 for its database, which is shares with the bodhi2 frontend nodes. + * An NFS mount of koji data in /mnt/koji/ + * The fedmsg bus for triggering mashes. + * XMLRPC calls to koji for tagging and untagging updates. + * bugzilla for posting comments about status changes + * the wiki for getting information about QA "Test Cases" + * taksotron (resultsdb) for getting status-check results (gating updates). + + * No other systems rely directly on this host. Everything depends on it + indirectly for the creation of new updates repos (which get synced out to + the master mirror for distribution. diff --git a/inventory/group_vars/bodhi2 b/inventory/group_vars/bodhi2 new file mode 100644 index 0000000000..d58091de32 --- /dev/null +++ b/inventory/group_vars/bodhi2 @@ -0,0 +1,113 @@ +--- +# Define resources for this group of hosts here. +jobrunner: false +epelmasher: false + +lvm_size: 40000 +mem_size: 16384 +num_cpus: 4 + +# Do not use testing repositories on production +testing: False + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +host_group: bodhi2 + +# Definining these vars has a number of effects +# 1) mod_wsgi is configured to use the vars for its own setup +# 2) iptables opens enough ports for all threads for fedmsg +# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads +wsgi_fedmsg_service: bodhi +wsgi_procs: 4 +wsgi_threads: 15 + +tcp_ports: [ 80 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-bodhi,sysadmin-veteran +sudoers: "{{ private }}/files/sudo/00releng-sudoers" + +# These set a config value in /etc/fedmsg.d/, see roles/bodhi2/base/ +# frontend nodes won't run either of these +bodhi_masher_enabled: False +bodhi_updates_handler_enabled: False +bodhi_signed_handler_enabled: False + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: bodhi + owner: root + group: bodhi + can_send: + - bodhi.buildroot_override.tag + - bodhi.buildroot_override.untag + - bodhi.stack.delete + - bodhi.stack.save + - bodhi.update.comment + - bodhi.update.complete.testing + - bodhi.update.edit + - bodhi.update.karma.threshold.reach + - bodhi.update.request.obsolete + - bodhi.update.request.revoke + - bodhi.update.request.stable + - bodhi.update.request.testing + - bodhi.update.request.unpush + + # Things that only the mash does - not the web UI + #- bodhi.mashtask.complete + #- bodhi.mashtask.mashing + #- bodhi.mashtask.start + #- bodhi.mashtask.sync.done + #- bodhi.mashtask.sync.wait + #- bodhi.errata.publish + #- bodhi.update.eject + + # Rsync messages that get run from somewhere else entirely. + #- bodhi.updates.epel.sync + #- bodhi.updates.fedora.sync + + +# For the MOTD +csi_security_category: Moderate +csi_primary_contact: Bodhi Admins bodhiadmin-members@fedoraproject.org +csi_purpose: Run the Bodhi mod_wsgi app for bodhi.fedoraproject.org +csi_relationship: | + The apache/mod_wsgi app is the only thing really running here. + The mashing of repos is handled by the bodhi-backend node(s). + + * This host relies on: + * db01 for its database. + * it doesn't have a networked cache of its own.. but it keeps a local + cache in /var/cache/bodhi/ + * taksotron (resultsdb) for getting status-check results (gating updates). + + * It also depends on these things, but we're trying to move them exclusively + to bodhi-backend02. + * koji for tagging and untagging updates and listing candidate builds + * bugzilla, for getting bug title information and for posting comments + about status changes + * the wiki for getting information about QA "Test Cases" + + * It provides a website that, on the client side depends on: + * datagrepper queries to show the newfeed on the frontpage + * the websocket server for popup notifications of others' activity. + * the fedora-packages JSON api for suggesting package search results + + * Quite a few things rely on this webapp + * Taskotron historically would comment on updates about the status of + their checks. + * Blockerbugs checks bodhi for lists of updates. + * fedora-packages will try to query bodhi for the release status of + updates. + * fedora-hubs has some widgets that display bodhi update information. + * fedora-easy-karma, abrt, 'fedpkg update', an eclipse plugin and other + client tools make queries to the bodhi webapp here. diff --git a/inventory/group_vars/bodhi2-stg b/inventory/group_vars/bodhi2-stg new file mode 100644 index 0000000000..078f6acfa1 --- /dev/null +++ b/inventory/group_vars/bodhi2-stg @@ -0,0 +1,117 @@ +--- +# Define resources for this group of hosts here. +jobrunner: false +epelmasher: false + +lvm_size: 40000 +mem_size: 4096 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +# Use the infra-testing repo +testing: True + +# Definining these vars has a number of effects +# 1) mod_wsgi is configured to use the vars for its own setup +# 2) iptables opens enough ports for all threads for fedmsg +# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads +wsgi_fedmsg_service: bodhi +wsgi_procs: 2 +wsgi_threads: 2 + +tcp_ports: [ 80 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-bodhi,sysadmin-veteran +sudoers: "{{ private }}/files/sudo/00releng-sudoers" + +host_group: bodhi2 + +# Mount /mnt/fedora_koji as read-only in staging +nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid" +datacenter: staging + +# These set a config value in /etc/fedmsg.d/, see roles/bodhi2/base/ +# frontend nodes won't run either of these +bodhi_masher_enabled: False +bodhi_updates_handler_enabled: False +bodhi_signed_handler_enabled: False + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: bodhi + owner: root + group: bodhi + can_send: + - bodhi.buildroot_override.tag + - bodhi.buildroot_override.untag + - bodhi.stack.delete + - bodhi.stack.save + - bodhi.update.comment + - bodhi.update.complete.testing + - bodhi.update.edit + - bodhi.update.karma.threshold + - bodhi.update.request.obsolete + - bodhi.update.request.revoke + - bodhi.update.request.stable + - bodhi.update.request.testing + - bodhi.update.request.unpush + + # Things that only the mash does - not the web UI + #- bodhi.mashtask.complete + #- bodhi.mashtask.mashing + #- bodhi.mashtask.start + #- bodhi.mashtask.sync.done + #- bodhi.mashtask.sync.wait + #- bodhi.errata.publish + #- bodhi.update.eject + + # Rsync messages that get run from somewhere else entirely. + #- bodhi.updates.epel.sync + #- bodhi.updates.fedora.sync + + +# For the MOTD +csi_security_category: Moderate +csi_primary_contact: Bodhi Admins bodhiadmin-members@fedoraproject.org +csi_purpose: Run the Bodhi mod_wsgi app for bodhi.fedoraproject.org +csi_relationship: | + The apache/mod_wsgi app is the only thing really running here. + The mashing of repos is handled by the bodhi-backend node(s). + + * This host relies on: + * db01 for its database. + * it doesn't have a networked cache of its own.. but it keeps a local + cache in /var/cache/bodhi/ + * taksotron (resultsdb) for getting status-check results (gating updates). + + * It also depends on these things, but we're trying to move them exclusively + to the backend. + * koji for tagging and untagging updates and listing candidate builds + * bugzilla, for getting bug title information and for posting comments + about status changes + * the wiki for getting information about QA "Test Cases" + + * It provides a website that, on the client side depends on: + * datagrepper queries to show the newfeed on the frontpage + * the websocket server for popup notifications of others' activity. + * the fedora-packages JSON api for suggesting package search results + + * Quite a few things rely on this webapp + * Taskotron historically would comment on updates about the status of + their checks. + * Blockerbugs checks bodhi for lists of updates. + * fedora-packages will try to query bodhi for the release status of + updates. + * fedora-hubs has some widgets that display bodhi update information. + * fedora-easy-karma, abrt, 'fedpkg update', an eclipse plugin and other + client tools make queries to the bodhi webapp here. diff --git a/inventory/group_vars/bodhi_backend b/inventory/group_vars/bodhi_backend deleted file mode 100644 index 5e58673e3b..0000000000 --- a/inventory/group_vars/bodhi_backend +++ /dev/null @@ -1,30 +0,0 @@ ---- -# common items for the releng-* boxes -bodhi_message_queue_name: "bodhi{{ env_suffix }}_composer" -# Define the topics that our fedora-messaging queue should be subscribed to. -bodhi_message_routing_keys: - - "org.fedoraproject.*.bodhi.composer.start" -# Make connections from signing bridges stateless, they break sigul connections -# https://bugzilla.redhat.com/show_bug.cgi?id=1283364 -custom_rules: ['-A INPUT --proto tcp --sport 44334 --source 10.5.125.71 -j ACCEPT'] -nft_custom_rules: ['add rule ip filter INPUT ip saddr 10.5.125.71 tcp sport 44334 counter accept'] -host_group: bodhi2 -ipa_client_shell_groups: - - sysadmin-bodhi - - sysadmin-releng -ipa_client_sudo_groups: - - sysadmin-bodhi - - sysadmin-releng -ipa_host_group: bodhi -ipa_host_group_desc: Bodhi update service -lvm_size: 100000 -mem_size: 16384 -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" -nrpe_procs_crit: 1000 -# With 16 cpus, theres a bunch more kernel threads -nrpe_procs_warn: 900 -num_cpus: 16 -sudoers: "{{ private }}/files/sudo/00releng-sudoers" -# Do not use testing repositories on production -testing: False -virt_install_command: "{{ virt_install_command_two_nic }}" diff --git a/inventory/group_vars/bodhi_backend_stg b/inventory/group_vars/bodhi_backend_stg deleted file mode 100644 index c2d638f82c..0000000000 --- a/inventory/group_vars/bodhi_backend_stg +++ /dev/null @@ -1,48 +0,0 @@ ---- -# common items for the releng-* boxes -bodhi_message_queue_name: "bodhi{{ env_suffix }}_composer" -# Define the topics that our fedora-messaging queue should be subscribed to. -bodhi_message_routing_keys: - - "org.fedoraproject.*.bodhi.composer.start" -# For the MOTD -# Make connections from signing bridges stateless, they break sigul connections -# https://bugzilla.redhat.com/show_bug.cgi?id=1283364 -# this is sign-bridge01.iad2 ip 10.3.169.120 -custom_rules: ['-A INPUT --proto tcp --sport 44334 --source 10.3.169.120 -j ACCEPT'] -nft_custom_rules: ['add rule ip filter INPUT ip saddr 10.3.169.120 tcp sport 44334 counter accept'] -host_group: bodhi2 -ipa_client_shell_groups: - - sysadmin-bodhi - - sysadmin-releng -ipa_client_sudo_groups: - - sysadmin-bodhi - - sysadmin-releng -ipa_host_group: bodhi -ipa_host_group_desc: Bodhi update service -lvm_size: 100000 -mem_size: 4096 -nrpe_procs_crit: 1000 -# With 16 cpus, theres a bunch more kernel threads -nrpe_procs_warn: 900 -num_cpus: 2 -# Use the infra-testing repo -testing: True - -notes: | - Run the Bodhi masher. - - Check the bodhi masher docs/code for more detail on what it does: - https://github.com/fedora-infra/bodhi/blob/develop/bodhi/consumers/masher.py - - * This host relies on: - * db01 for its database, which is shares with the bodhi2 frontend nodes. - * An NFS mount of koji data in /mnt/koji/ - * The fedora messaging for triggering mashes. - * XMLRPC calls to koji for tagging and untagging updates. - * bugzilla for posting comments about status changes - * the wiki for getting information about QA "Test Cases" - * taksotron (resultsdb) for getting status-check results (gating updates). - - * No other systems rely directly on this host. Everything depends on it - indirectly for the creation of new updates repos (which get synced out to - the master mirror for distribution. diff --git a/inventory/group_vars/bugyou b/inventory/group_vars/bugyou new file mode 100644 index 0000000000..7d99eb5c67 --- /dev/null +++ b/inventory/group_vars/bugyou @@ -0,0 +1,25 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [] + +fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-fedimg,sysadmin-datanommer,sysadmin-veteran +sudoers: "{{ private }}/files/sudo/bugyou-sudoers" + +# For the MOTD +csi_security_category: Moderate +csi_primary_contact: Fedora admins - admin@fedoraproject.org +csi_purpose: Run the 'bugyou' fedmsg process that files automatic bugs in pagure +csi_relationship: | + This node runs 'bugyou', a fedmsg consumer that files pagure bugs in + response to fedmsg bus activity. + + It is primarily used to file bugs when automatic releng processes fail. + + See https://pagure.io/bugyou for more information. diff --git a/inventory/group_vars/bugyou-stg b/inventory/group_vars/bugyou-stg new file mode 100644 index 0000000000..1acd840180 --- /dev/null +++ b/inventory/group_vars/bugyou-stg @@ -0,0 +1,25 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 1 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [] + +fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-fedimg,sysadmin-datanommer,sysadmin-veteran +sudoers: "{{ private }}/files/sudo/bugyou-stg-sudoers" + +# For the MOTD +csi_security_category: Moderate +csi_primary_contact: Fedora admins - admin@fedoraproject.org +csi_purpose: Run the 'bugyou' fedmsg process that files automatic bugs in pagure +csi_relationship: | + This node runs 'bugyou', a fedmsg consumer that files pagure bugs in + response to fedmsg bus activity. + + It is primarily used to file bugs when automatic releng processes fail. + + See https://pagure.io/bugyou for more information. diff --git a/inventory/group_vars/bugzilla2fedmsg b/inventory/group_vars/bugzilla2fedmsg new file mode 100644 index 0000000000..bd1255f17b --- /dev/null +++ b/inventory/group_vars/bugzilla2fedmsg @@ -0,0 +1,51 @@ +--- +lvm_size: 20000 +mem_size: 6144 +num_cpus: 2 +freezes: false + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 3000, 3001, 3002, 3003 ] + +fas_client_groups: sysadmin-noc,sysadmin-datanommer,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: bugzilla2fedmsg + owner: root + group: fedmsg + can_send: + - bugzilla.bug.new + - bugzilla.bug.update + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Fedmsg admins - sysadmin-datanommer-members@fedoraproject.org +csi_purpose: Run the bugzilla2fedmsg bridge to forward RH messages onto fedmsg +csi_relationship: | + A 'moksha-hub' daemon is the only thing really running here. (Don't confuse + that with the 'fedmsg-hub' running on most of our other backend machines.) + + The bugzilla2fedmsg package provides a plugin to the moksha-hub that + connects out over the STOMP protocol to a 'fabric' of JBOSS FUSE brokers + living in the Red Hat DMZ. We authenticate with a cert/key pair that is + kept in /etc/pki/fedmsg/. Those brokers should push bugzilla events over + STOMP to our moksha-hub daemon. When a message arrives, we query bugzilla + about the change to get some 'more interesting' data to stuff in our + payload, then we sign the message using a fedmsg cert and fire it off to the + rest of our bus. + + This service has no database, no memcached usage. It depends on those STOMP + brokers and being able to query bugzilla.rh.com. + + STOMP config: /etc/moksha/production.ini + fedmsg config: /etc/fedmsg.d/ + certs: /etc/pki/fedmsg + code: /usr/lib/python2.7/site-packages/bugzilla2fedmsg.py diff --git a/inventory/group_vars/bugzilla2fedmsg-stg b/inventory/group_vars/bugzilla2fedmsg-stg new file mode 100644 index 0000000000..91f1f5bf88 --- /dev/null +++ b/inventory/group_vars/bugzilla2fedmsg-stg @@ -0,0 +1,51 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 1 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 3000, 3001 ] + +fas_client_groups: sysadmin-noc,sysadmin-datanommer,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: bugzilla2fedmsg + owner: root + group: fedmsg + can_send: + - bugzilla.bug.new + - bugzilla.bug.update + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Fedmsg admins - sysadmin-datanommer-members@fedoraproject.org +csi_purpose: Run the bugzilla2fedmsg bridge to forward RH messages onto fedmsg +csi_relationship: | + A 'moksha-hub' daemon is the only thing really running here. (Don't confuse + that with the 'fedmsg-hub' running on most of our other backend machines.) + + The bugzilla2fedmsg package provides a plugin to the moksha-hub that + connects out over the STOMP protocol to a 'fabric' of JBOSS FUSE brokers + living in the Red Hat DMZ. We authenticate with a cert/key pair that is + kept in /etc/pki/fedmsg/. Those brokers should push bugzilla events over + STOMP to our moksha-hub daemon. When a message arrives, we query bugzilla + about the change to get some 'more interesting' data to stuff in our + payload, then we sign the message using a fedmsg cert and fire it off to the + rest of our bus. + + This service has no database, no memcached usage. It depends on those STOMP + brokers and being able to query bugzilla.rh.com. + + STOMP config: /etc/moksha/production.ini + fedmsg config: /etc/fedmsg.d/ + certs: /etc/pki/fedmsg + code: /usr/lib/python2.7/site-packages/bugzilla2fedmsg.py diff --git a/inventory/group_vars/buildaarch64 b/inventory/group_vars/buildaarch64 new file mode 100644 index 0000000000..51d9715793 --- /dev/null +++ b/inventory/group_vars/buildaarch64 @@ -0,0 +1,7 @@ +--- +sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers" + +koji_hub_nfs: "fedora_arm" +koji_server_url: "https://arm.koji.fedoraproject.org/kojihub" +koji_weburl: "https://arm.koji.fedoraproject.org/koji" +koji_topurl: "https://armpkgs.fedoraproject.org/" diff --git a/inventory/group_vars/buildarm b/inventory/group_vars/buildarm new file mode 100644 index 0000000000..90cca8227c --- /dev/null +++ b/inventory/group_vars/buildarm @@ -0,0 +1,28 @@ +--- +host_group: kojibuilder +fas_client_groups: sysadmin-releng +sudoers: "{{ private }}/files/sudo/00releng-sudoers" +ansible_ifcfg_blacklist: true + +koji_server_url: "https://koji.fedoraproject.org/kojihub" +koji_weburl: "https:/koji.fedoraproject.org/koji" +koji_topurl: "https://kojipkgs.fedoraproject.org/" + +# These variables are pushed into /etc/system_identification by the base role. +# Groups and individual hosts should ovveride them with specific info. +# See http://infrastructure.fedoraproject.org/csi/security-policy/ + +csi_security_category: High +csi_primary_contact: Fedora Admins - admin@fedoraproject.org +csi_purpose: Koji service employs a set of machines to build packages for the Fedora project. This group builds packages for arm architecture. +csi_relationship: | + * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios + * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. + * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new + +# These variables are for koji-containerbuild/osbs +osbs_url: "osbs.fedoraproject.org" +docker_registry: "candidate-registry.fedoraproject.org" +source_registry: "registry.fedoraproject.org" +koji_root: "koji.fedoraproject.org/koji" +koji_hub: "koji.fedoraproject.org/kojihub" diff --git a/inventory/group_vars/buildarm-stg b/inventory/group_vars/buildarm-stg new file mode 100644 index 0000000000..cc6d1b36c3 --- /dev/null +++ b/inventory/group_vars/buildarm-stg @@ -0,0 +1,28 @@ +--- +host_group: kojibuilder +fas_client_groups: sysadmin-releng +sudoers: "{{ private }}/files/sudo/00releng-sudoers" +ansible_ifcfg_blacklist: true + +koji_server_url: "https://koji.stg.fedoraproject.org/kojihub" +koji_weburl: "https:/koji.stg.fedoraproject.org/koji" +koji_topurl: "https://kojipkgs.stg.fedoraproject.org/" + +# These variables are pushed into /etc/system_identification by the base role. +# Groups and individual hosts should ovveride them with specific info. +# See http://infrastructure.fedoraproject.org/csi/security-policy/ + +csi_security_category: High +csi_primary_contact: Fedora Admins - admin@fedoraproject.org +csi_purpose: Koji service employs a set of machines to build packages for the Fedora project. This group builds packages for arm architecture. +csi_relationship: | + * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios + * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. + * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new + +# These variables are for koji-containerbuild/osbs +osbs_url: "osbs.stg.fedoraproject.org" +docker_registry: "candidate-registry.stg.fedoraproject.org" +source_registry: "registry.stg.fedoraproject.org" +koji_root: "koji.stg.fedoraproject.org/koji" +koji_hub: "koji.stg.fedoraproject.org/kojihub" diff --git a/inventory/group_vars/builders b/inventory/group_vars/builders index ae614adfdb..c22c3870a9 100644 --- a/inventory/group_vars/builders +++ b/inventory/group_vars/builders @@ -1,16 +1,7 @@ --- -external: false # nagios items # We don't use nrpe to check any of the builders # Nor do we check swap there. -ipa_client_shell_groups: - - sysadmin-releng -ipa_client_sudo_groups: - - sysadmin-releng -ipa_host_group: kojibuilder -ipa_host_group_desc: Koji Build hosts nagios_Check_Services: - mail: false nrpe: false swap: false -primary_auth_source: ipa diff --git a/inventory/group_vars/builders-stg b/inventory/group_vars/builders-stg new file mode 100644 index 0000000000..c22c3870a9 --- /dev/null +++ b/inventory/group_vars/builders-stg @@ -0,0 +1,7 @@ +--- +# nagios items +# We don't use nrpe to check any of the builders +# Nor do we check swap there. +nagios_Check_Services: + nrpe: false + swap: false diff --git a/inventory/group_vars/builders_stg b/inventory/group_vars/builders_stg deleted file mode 100644 index ae614adfdb..0000000000 --- a/inventory/group_vars/builders_stg +++ /dev/null @@ -1,16 +0,0 @@ ---- -external: false -# nagios items -# We don't use nrpe to check any of the builders -# Nor do we check swap there. -ipa_client_shell_groups: - - sysadmin-releng -ipa_client_sudo_groups: - - sysadmin-releng -ipa_host_group: kojibuilder -ipa_host_group_desc: Koji Build hosts -nagios_Check_Services: - mail: false - nrpe: false - swap: false -primary_auth_source: ipa diff --git a/inventory/group_vars/buildhw b/inventory/group_vars/buildhw index 3d129dcc42..546089d05b 100644 --- a/inventory/group_vars/buildhw +++ b/inventory/group_vars/buildhw @@ -1,22 +1,29 @@ --- +host_group: kojibuilder +fas_client_groups: sysadmin-releng +sudoers: "{{ private }}/files/sudo/00releng-sudoers" +freezes: true + +koji_hub_nfs: "fedora_koji" +koji_server_url: "https://koji.fedoraproject.org/kojihub" +koji_weburl: "https://koji.fedoraproject.org/koji" +koji_topurl: "https://kojipkgs.fedoraproject.org/" + # These variables are pushed into /etc/system_identification by the base role. # Groups and individual hosts should ovveride them with specific info. +# See http://infrastructure.fedoraproject.org/csi/security-policy/ -docker_registry: "candidate-registry.fedoraproject.org" -freezes: true -host_group: kojibuilder -koji_hub: "koji.fedoraproject.org/kojihub" -koji_hub_nfs: "fedora_koji" -koji_instance: "primary" -koji_root: "koji.fedoraproject.org/koji" -koji_server_url: "https://koji.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.fedoraproject.org/" -koji_weburl: "https://koji.fedoraproject.org/koji" -source_registry: "registry.fedoraproject.org" - -notes: | - Koji service employs a set of machines to build packages for the Fedora project. - - * Relies on koji-hub, Packages, PkgDB, apache, fedora messaging, fas, virthost, and is monitored by nagios +csi_security_category: High +csi_primary_contact: Fedora Admins - admin@fedoraproject.org +csi_purpose: Koji service employs a set of machines to build packages for the Fedora project. +csi_relationship: | + * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new + +# These variables are for koji-containerbuild/osbs +osbs_url: "osbs.fedoraproject.org" +docker_registry: "candidate-registry.fedoraproject.org" +source_registry: "registry.fedoraproject.org" +koji_root: "koji.fedoraproject.org/koji" +koji_hub: "koji.fedoraproject.org/kojihub" diff --git a/inventory/group_vars/buildppc b/inventory/group_vars/buildppc new file mode 100644 index 0000000000..53dfc80057 --- /dev/null +++ b/inventory/group_vars/buildppc @@ -0,0 +1,34 @@ +--- +# common items for the buildvm-* koji builders +volgroup: /dev/vg_guests +lvm_size: 150000 +mem_size: 10240 +max_mem_size: "{{ mem_size }}" +num_cpus: 4 +ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-25-ppc64 +ks_repo: http://10.5.126.23/pub/fedora-secondary/releases/25/Everything/ppc64/os/ +nm: 255.255.255.0 +gw: 10.5.129.254 +dns: 10.5.126.21 +main_bridge: br1 +virt_install_command: "{{ virt_install_command_one_nic }} --graphics none" + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file +host_group: kojibuilder +fas_client_groups: sysadmin-releng,sysadmin-secondary +sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers" + +koji_hub_nfs: "fedora_ppc/data" +koji_server_url: "https://ppc.koji.fedoraproject.org/kojihub" +koji_weburl: "https://ppc.koji.fedoraproject.org/koji" +koji_topurl: "https://ppcpkgs.fedoraproject.org/" + +csi_security_category: High +csi_primary_contact: Fedora Admins - admin@fedoraproject.org +csi_purpose: Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders. +csi_relationship: | + * VMs built on top of buildvmhost + * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios + * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. + * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new diff --git a/inventory/group_vars/buildppcle b/inventory/group_vars/buildppcle new file mode 100644 index 0000000000..8ef031bc9a --- /dev/null +++ b/inventory/group_vars/buildppcle @@ -0,0 +1,34 @@ +--- +# common items for the buildvm-* koji builders +volgroup: /dev/vg_guests +lvm_size: 150000 +mem_size: 10240 +max_mem_size: "{{ mem_size }}" +num_cpus: 4 +ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-25-ppc64le +ks_repo: http://10.5.126.23/pub/fedora-secondary/releases/25/Everything/ppc64le/os/ +nm: 255.255.255.0 +gw: 10.5.129.254 +dns: 10.5.126.21 +main_bridge: br1 +virt_install_command: "{{ virt_install_command_one_nic }} --graphics none" + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file +host_group: kojibuilder +fas_client_groups: sysadmin-releng,sysadmin-secondary +sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers" + +koji_hub_nfs: "fedora_ppc/data" +koji_server_url: "https://ppc.koji.fedoraproject.org/kojihub" +koji_weburl: "https://ppc.koji.fedoraproject.org/koji" +koji_topurl: "https://ppcpkgs.fedoraproject.org/" + +csi_security_category: High +csi_primary_contact: Fedora Admins - admin@fedoraproject.org +csi_purpose: Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders. +csi_relationship: | + * VMs built on top of buildvmhost + * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios + * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. + * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new diff --git a/inventory/group_vars/buildvm b/inventory/group_vars/buildvm index e98179d82c..bd38ebd6e3 100644 --- a/inventory/group_vars/buildvm +++ b/inventory/group_vars/buildvm @@ -1,32 +1,41 @@ --- # common items for the buildvm-* koji builders -dns: 10.3.163.33 -docker_registry: "candidate-registry.fedoraproject.org" -eth0_ipv4_gw: 10.3.169.254 +volgroup: /dev/BuildGuests +lvm_size: 262144 +mem_size: 15360 +max_mem_size: "{{ mem_size }}" +num_cpus: 6 +ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-26 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/26/Server/x86_64/os/ +nm: 255.255.255.0 +gw: 10.5.125.254 +eth1_gw: 10.5.127.254 +dns: 10.5.126.21 +virt_install_command: "{{ virt_install_command_two_nic }}" + # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file host_group: kojibuilder -koji_hub: "koji.fedoraproject.org/kojihub" +fas_client_groups: sysadmin-releng +sudoers: "{{ private }}/files/sudo/00releng-sudoers" + koji_hub_nfs: "fedora_koji" -koji_instance: "primary" -koji_root: "koji.fedoraproject.org/koji" koji_server_url: "https://koji.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.fedoraproject.org/" koji_weburl: "https://koji.fedoraproject.org/koji" -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 262144 -max_mem_size: "{{ mem_size }}" -mem_size: 15360 -num_cpus: 6 -source_registry: "registry.fedoraproject.org" -virt_install_command: "{{ virt_install_command_one_nic_unsafe }}" -volgroup: /dev/BuildGuests - -notes: | - Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders. +koji_topurl: "https://kojipkgs.fedoraproject.org/" +csi_security_category: High +csi_primary_contact: Fedora Admins - admin@fedoraproject.org +csi_purpose: Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders. +csi_relationship: | * VMs built on top of buildvmhost - * Relies on koji-hub, Packages, PkgDB, apache, fedora messaging, fas, virthost, and is monitored by nagios + * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new + +# These variables are for koji-containerbuild/osbs +osbs_url: "osbs.fedoraproject.org" +docker_registry: "candidate-registry.fedoraproject.org" +source_registry: "registry.fedoraproject.org" +koji_root: "koji.fedoraproject.org/koji" +koji_hub: "koji.fedoraproject.org/kojihub" diff --git a/inventory/group_vars/buildvm-aarch64 b/inventory/group_vars/buildvm-aarch64 new file mode 100644 index 0000000000..86c1c34c61 --- /dev/null +++ b/inventory/group_vars/buildvm-aarch64 @@ -0,0 +1,46 @@ +--- +# common items for the buildvm-aarch64* koji builders +volgroup: /dev/vg_Server +lvm_size: 150000 +mem_size: 24576 +max_mem_size: "{{ mem_size }}" +num_cpus: 4 +max_cpu: "{{ num_cpus }}" +ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-26-aarch64 +ks_repo: http://10.5.126.23/pub/fedora-secondary/releases/26/Everything/aarch64/os/ +nm: 255.255.255.0 +gw: 10.5.129.254 +dns: 10.5.126.21 +# This is reverted so that eth1 gets br0 and eth0 gets br1 +# This seems some kind of bug where in the guest kernel the devices are swapped around +# when compared to the host. +main_bridge: br1 +nfs_bridge: br0 +virt_install_command: "{{ virt_install_command_aarch64_two_nic }}" + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file +host_group: kojibuilder +fas_client_groups: sysadmin-releng +sudoers: "{{ private }}/files/sudo/00releng-sudoers" + +koji_hub_nfs: "fedora_koji" +koji_server_url: "https://koji.fedoraproject.org/kojihub" +koji_weburl: "https://koji.fedoraproject.org/koji" +koji_topurl: "https://kojipkgs.fedoraproject.org/" + +csi_security_category: High +csi_primary_contact: Fedora Admins - admin@fedoraproject.org +csi_purpose: Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders. +csi_relationship: | + * VMs built on top of buildvmhost + * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios + * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. + * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new + +# These variables are for koji-containerbuild/osbs +osbs_url: "osbs.fedoraproject.org" +docker_registry: "candidate-registry.fedoraproject.org" +source_registry: "registry.fedoraproject.org" +koji_root: "koji.fedoraproject.org/koji" +koji_hub: "koji.fedoraproject.org/kojihub" diff --git a/inventory/group_vars/buildvm-aarch64-stg b/inventory/group_vars/buildvm-aarch64-stg new file mode 100644 index 0000000000..0951fdb0e9 --- /dev/null +++ b/inventory/group_vars/buildvm-aarch64-stg @@ -0,0 +1,49 @@ +--- +# common items for the buildvm-* koji builders +volgroup: /dev/vg_guests +lvm_size: 150000 +mem_size: 10240 +max_mem_size: "{{ mem_size }}" +num_cpus: 4 +ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file +host_group: kojibuilder +fas_client_groups: sysadmin-releng +sudoers: "{{ private }}/files/sudo/00releng-sudoers" +datacenter: staging +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" + +koji_hub_nfs: "fedora_koji" +koji_server_url: "https://koji.stg.fedoraproject.org/kojihub" +koji_weburl: "https://koji.stg.fedoraproject.org/koji" +koji_topurl: "https://kojipkgs.stg.fedoraproject.org/" +# These variables are pushed into /etc/system_identification by the base role. +# Groups and individual hosts should ovveride them with specific info. +# See http://infrastructure.fedoraproject.org/csi/security-policy/ + +csi_security_category: High +csi_primary_contact: Fedora Admins - admin@fedoraproject.org +csi_purpose: Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders (staging). +csi_relationship: | + * VMs built on top of buildvmhost + * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios + * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. + * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new + +# this is to enable nested virt, which we need for some builds +virt_install_command: "{{ virt_install_command_one_nic }} --cpu=host-passthrough,+vmx" + +# These variables are for koji-containerbuild/osbs +osbs_url: "osbs.stg.fedoraproject.org" +source_registry: "registry.stg.fedoraproject.org" +docker_registry: "candidate-registry.stg.fedoraproject.org" +koji_root: "koji.stg.fedoraproject.org/koji" +koji_hub: "koji.stg.fedoraproject.org/kojihub" + +createrepo: False diff --git a/inventory/group_vars/buildvm-armv7 b/inventory/group_vars/buildvm-armv7 new file mode 100644 index 0000000000..ad8bd8be0f --- /dev/null +++ b/inventory/group_vars/buildvm-armv7 @@ -0,0 +1,46 @@ +--- +# common items for the buildvm-aarmv7* koji builders +volgroup: /dev/vg_Server +lvm_size: 150000 +mem_size: 24576 +max_mem_size: "{{ mem_size }}" +num_cpus: 4 +max_cpu: "{{ num_cpus }}" +ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-26-armv7 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/26/Everything/armhfp/os/ +nm: 255.255.255.0 +gw: 10.5.129.254 +dns: 10.5.126.21 +# This is reverted so that eth1 gets br0 and eth0 gets br1 +# This seems some kind of bug where in the guest kernel the devices are swapped around +# when compared to the host. +main_bridge: br0 +# nfs_bridge: br0 +virt_install_command: "{{ virt_install_command_armv7_one_nic }}" + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file +host_group: kojibuilder +fas_client_groups: sysadmin-releng +sudoers: "{{ private }}/files/sudo/00releng-sudoers" + +koji_hub_nfs: "fedora_koji" +koji_server_url: "https://koji.fedoraproject.org/kojihub" +koji_weburl: "https://koji.fedoraproject.org/koji" +koji_topurl: "https://kojipkgs.fedoraproject.org/" + +csi_security_category: High +csi_primary_contact: Fedora Admins - admin@fedoraproject.org +csi_purpose: Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders. +csi_relationship: | + * VMs built on top of buildvmhost + * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios + * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. + * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new + +# These variables are for koji-containerbuild/osbs +osbs_url: "osbs.fedoraproject.org" +docker_registry: "candidate-registry.fedoraproject.org" +source_registry: "registry.fedoraproject.org" +koji_root: "koji.fedoraproject.org/koji" +koji_hub: "koji.fedoraproject.org/kojihub" diff --git a/inventory/group_vars/buildvm-armv7-stg b/inventory/group_vars/buildvm-armv7-stg new file mode 100644 index 0000000000..0951fdb0e9 --- /dev/null +++ b/inventory/group_vars/buildvm-armv7-stg @@ -0,0 +1,49 @@ +--- +# common items for the buildvm-* koji builders +volgroup: /dev/vg_guests +lvm_size: 150000 +mem_size: 10240 +max_mem_size: "{{ mem_size }}" +num_cpus: 4 +ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file +host_group: kojibuilder +fas_client_groups: sysadmin-releng +sudoers: "{{ private }}/files/sudo/00releng-sudoers" +datacenter: staging +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" + +koji_hub_nfs: "fedora_koji" +koji_server_url: "https://koji.stg.fedoraproject.org/kojihub" +koji_weburl: "https://koji.stg.fedoraproject.org/koji" +koji_topurl: "https://kojipkgs.stg.fedoraproject.org/" +# These variables are pushed into /etc/system_identification by the base role. +# Groups and individual hosts should ovveride them with specific info. +# See http://infrastructure.fedoraproject.org/csi/security-policy/ + +csi_security_category: High +csi_primary_contact: Fedora Admins - admin@fedoraproject.org +csi_purpose: Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders (staging). +csi_relationship: | + * VMs built on top of buildvmhost + * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios + * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. + * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new + +# this is to enable nested virt, which we need for some builds +virt_install_command: "{{ virt_install_command_one_nic }} --cpu=host-passthrough,+vmx" + +# These variables are for koji-containerbuild/osbs +osbs_url: "osbs.stg.fedoraproject.org" +source_registry: "registry.stg.fedoraproject.org" +docker_registry: "candidate-registry.stg.fedoraproject.org" +koji_root: "koji.stg.fedoraproject.org/koji" +koji_hub: "koji.stg.fedoraproject.org/kojihub" + +createrepo: False diff --git a/inventory/group_vars/buildvm-ppc64 b/inventory/group_vars/buildvm-ppc64 new file mode 100644 index 0000000000..0091a0c762 --- /dev/null +++ b/inventory/group_vars/buildvm-ppc64 @@ -0,0 +1,43 @@ +--- +# common items for the buildvm-* koji builders +volgroup: /dev/vg_guests +lvm_size: 150000 +mem_size: 10240 +max_mem_size: "{{ mem_size }}" +num_cpus: 4 +ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-26-ppc64 +ks_repo: http://10.5.126.23/pub/fedora-secondary/releases/26/Server/ppc64/os/ +nm: 255.255.255.0 +gw: 10.5.129.254 +dns: 10.5.126.21 + +# +# The ppc virthosts have different bridge names for the main and nfs bridges. +# +main_bridge: br1 +nfs_bridge: br3 +virt_install_command: "{{ virt_install_command_two_nic }} --graphics none" + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file +host_group: kojibuilder +fas_client_groups: sysadmin-releng +sudoers: "{{ private }}/files/sudo/00releng-sudoers" + +koji_hub_nfs: "fedora_koji" +koji_server_url: "https://koji.fedoraproject.org/kojihub" +koji_weburl: "https://koji.fedoraproject.org/koji" +koji_topurl: "https://kojipkgs.fedoraproject.org/" + +# These variables are pushed into /etc/system_identification by the base role. +# Groups and individual hosts should ovveride them with specific info. +# See http://infrastructure.fedoraproject.org/csi/security-policy/ + +csi_security_category: High +csi_primary_contact: Fedora Admins - admin@fedoraproject.org +csi_purpose: Koji service employs a set of virtual machines to build packages for the Fedora project. This group builds packages for ppcle architecture. +csi_relationship: | + * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios + * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. + * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new + * virtual instances diff --git a/inventory/group_vars/buildvm-ppc64-stg b/inventory/group_vars/buildvm-ppc64-stg new file mode 100644 index 0000000000..100b0c5170 --- /dev/null +++ b/inventory/group_vars/buildvm-ppc64-stg @@ -0,0 +1,49 @@ +--- +# common items for the buildvm-* koji builders +volgroup: /dev/vg_guests +lvm_size: 150000 +mem_size: 10240 +max_mem_size: "{{ mem_size }}" +num_cpus: 4 +ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-26-ppc64 +ks_repo: http://10.5.126.23/pub/fedora-secondary/releases/26/Server/ppc64/os/ +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file +host_group: kojibuilder +fas_client_groups: sysadmin-releng +sudoers: "{{ private }}/files/sudo/00releng-sudoers" +datacenter: staging +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" + +koji_hub_nfs: "fedora_koji" +koji_server_url: "https://koji.stg.fedoraproject.org/kojihub" +koji_weburl: "https://koji.stg.fedoraproject.org/koji" +koji_topurl: "https://kojipkgs.stg.fedoraproject.org/" +# These variables are pushed into /etc/system_identification by the base role. +# Groups and individual hosts should ovveride them with specific info. +# See http://infrastructure.fedoraproject.org/csi/security-policy/ + +csi_security_category: High +csi_primary_contact: Fedora Admins - admin@fedoraproject.org +csi_purpose: Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders (staging). +csi_relationship: | + * VMs built on top of buildvmhost + * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios + * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. + * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new + +# this is to enable nested virt, which we need for some builds +virt_install_command: "{{ virt_install_command_one_nic }} --cpu=host-passthrough,+vmx" + +# These variables are for koji-containerbuild/osbs +osbs_url: "osbs.stg.fedoraproject.org" +source_registry: "registry.stg.fedoraproject.org" +docker_registry: "candidate-registry.stg.fedoraproject.org" +koji_root: "koji.stg.fedoraproject.org/koji" +koji_hub: "koji.stg.fedoraproject.org/kojihub" + +createrepo: False diff --git a/inventory/group_vars/buildvm-ppc64le b/inventory/group_vars/buildvm-ppc64le new file mode 100644 index 0000000000..a7459bbbe7 --- /dev/null +++ b/inventory/group_vars/buildvm-ppc64le @@ -0,0 +1,42 @@ +--- +# common items for the buildvm-* koji builders +volgroup: /dev/vg_guests +lvm_size: 150000 +mem_size: 10240 +max_mem_size: "{{ mem_size }}" +num_cpus: 4 +ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-26-ppc64le +ks_repo: http://10.5.126.23/pub/fedora-secondary/releases/26/Server/ppc64le/os/ +nm: 255.255.255.0 +gw: 10.5.129.254 +dns: 10.5.126.21 +# +# The ppc virthosts have different bridge names for the main and nfs bridges. +# +main_bridge: br1 +nfs_bridge: br3 +virt_install_command: "{{ virt_install_command_two_nic }} --graphics none" + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file +host_group: kojibuilder +fas_client_groups: sysadmin-releng +sudoers: "{{ private }}/files/sudo/00releng-sudoers" + +koji_hub_nfs: "fedora_koji" +koji_server_url: "https://koji.fedoraproject.org/kojihub" +koji_weburl: "https://koji.fedoraproject.org/koji" +koji_topurl: "https://kojipkgs.fedoraproject.org/" + +# These variables are pushed into /etc/system_identification by the base role. +# Groups and individual hosts should ovveride them with specific info. +# See http://infrastructure.fedoraproject.org/csi/security-policy/ + +csi_security_category: High +csi_primary_contact: Fedora Admins - admin@fedoraproject.org +csi_purpose: Koji service employs a set of virtual machines to build packages for the Fedora project. This group builds packages for ppcle architecture. +csi_relationship: | + * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios + * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. + * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new + * virtual instances diff --git a/inventory/group_vars/buildvm-ppc64le-stg b/inventory/group_vars/buildvm-ppc64le-stg new file mode 100644 index 0000000000..95c7c4b8b2 --- /dev/null +++ b/inventory/group_vars/buildvm-ppc64le-stg @@ -0,0 +1,49 @@ +--- +# common items for the buildvm-* koji builders +volgroup: /dev/vg_guests +lvm_size: 150000 +mem_size: 10240 +max_mem_size: "{{ mem_size }}" +num_cpus: 4 +ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-26-ppc64le +ks_repo: http://10.5.126.23/pub/fedora-secondary/releases/26/Server/ppc64le/os/ +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file +host_group: kojibuilder +fas_client_groups: sysadmin-releng +sudoers: "{{ private }}/files/sudo/00releng-sudoers" +datacenter: staging +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" + +koji_hub_nfs: "fedora_koji" +koji_server_url: "https://koji.stg.fedoraproject.org/kojihub" +koji_weburl: "https://koji.stg.fedoraproject.org/koji" +koji_topurl: "https://kojipkgs.stg.fedoraproject.org/" +# These variables are pushed into /etc/system_identification by the base role. +# Groups and individual hosts should ovveride them with specific info. +# See http://infrastructure.fedoraproject.org/csi/security-policy/ + +csi_security_category: High +csi_primary_contact: Fedora Admins - admin@fedoraproject.org +csi_purpose: Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders (staging). +csi_relationship: | + * VMs built on top of buildvmhost + * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios + * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. + * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new + +# this is to enable nested virt, which we need for some builds +virt_install_command: "{{ virt_install_command_one_nic }} --cpu=host-passthrough,+vmx" + +# These variables are for koji-containerbuild/osbs +osbs_url: "osbs.stg.fedoraproject.org" +source_registry: "registry.stg.fedoraproject.org" +docker_registry: "candidate-registry.stg.fedoraproject.org" +koji_root: "koji.stg.fedoraproject.org/koji" +koji_hub: "koji.stg.fedoraproject.org/kojihub" + +createrepo: False diff --git a/inventory/group_vars/buildvm-s390 b/inventory/group_vars/buildvm-s390 new file mode 100644 index 0000000000..d567561ad9 --- /dev/null +++ b/inventory/group_vars/buildvm-s390 @@ -0,0 +1,17 @@ +--- +# common items for the buildvm-s390* koji builders +host_group: kojibuilder +fas_client_groups: sysadmin-releng,sysadmin-secondary +sudoers: "{{ private }}/files/sudo/00releng-sudoers" + +koji_hub_nfs: "fedora_s390/data" +koji_server_url: "https://s390.koji.fedoraproject.org/kojihub" +koji_weburl: "https://s390.koji.fedoraproject.org/koji" +koji_topurl: "https://s390pkgs.fedoraproject.org/" + +# These variables are for koji-containerbuild/osbs +osbs_url: "osbs.fedoraproject.org" +docker_registry: "candidate-registry.fedoraproject.org" +source_registry: "registry.fedoraproject.org" +koji_root: "koji.fedoraproject.org/koji" +koji_hub: "koji.fedoraproject.org/kojihub" diff --git a/inventory/group_vars/buildvm-s390x b/inventory/group_vars/buildvm-s390x new file mode 100644 index 0000000000..3fb8c78533 --- /dev/null +++ b/inventory/group_vars/buildvm-s390x @@ -0,0 +1,20 @@ +--- +ansible_ifcfg_blacklist: True +createrepo: False +host_group: kojibuilder +fas_client_groups: sysadmin-releng +sudoers: "{{ private }}/files/sudo/00releng-sudoers" + +koji_hub_nfs: "fedora_koji" +koji_server_url: "https://koji.fedoraproject.org/kojihub" +koji_weburl: "https://koji.fedoraproject.org/koji" +koji_topurl: "https://kojipkgs.fedoraproject.org/" + +csi_security_category: High +csi_primary_contact: Fedora Admins - admin@fedoraproject.org +csi_purpose: Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders. +csi_relationship: | + * VMs built on top of a s390x LPAR + * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios + * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. + * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new diff --git a/inventory/group_vars/buildvm-stg b/inventory/group_vars/buildvm-stg new file mode 100644 index 0000000000..4e6704f15c --- /dev/null +++ b/inventory/group_vars/buildvm-stg @@ -0,0 +1,47 @@ +--- +# common items for the buildvm-* koji builders +volgroup: /dev/vg_guests +lvm_size: 150000 +mem_size: 10240 +max_mem_size: "{{ mem_size }}" +num_cpus: 4 +ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-26 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/26/Server/x86_64/os/ +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file +host_group: kojibuilder +fas_client_groups: sysadmin-releng +sudoers: "{{ private }}/files/sudo/00releng-sudoers" +datacenter: staging +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4" + +koji_hub_nfs: "fedora_koji" +koji_server_url: "https://koji.stg.fedoraproject.org/kojihub" +koji_weburl: "https://koji.stg.fedoraproject.org/koji" +koji_topurl: "https://kojipkgs.stg.fedoraproject.org/" +# These variables are pushed into /etc/system_identification by the base role. +# Groups and individual hosts should ovveride them with specific info. +# See http://infrastructure.fedoraproject.org/csi/security-policy/ + +csi_security_category: High +csi_primary_contact: Fedora Admins - admin@fedoraproject.org +csi_purpose: Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders (staging). +csi_relationship: | + * VMs built on top of buildvmhost + * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios + * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. + * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new + +# this is to enable nested virt, which we need for some builds +virt_install_command: "{{ virt_install_command_one_nic }} --cpu=host-passthrough,+vmx" + +# These variables are for koji-containerbuild/osbs +osbs_url: "osbs.stg.fedoraproject.org" +source_registry: "registry.stg.fedoraproject.org" +docker_registry: "candidate-registry.stg.fedoraproject.org" +koji_root: "koji.stg.fedoraproject.org/koji" +koji_hub: "koji.stg.fedoraproject.org/kojihub" diff --git a/inventory/group_vars/buildvm_aarch64 b/inventory/group_vars/buildvm_aarch64 deleted file mode 100644 index 9bbfb04c3e..0000000000 --- a/inventory/group_vars/buildvm_aarch64 +++ /dev/null @@ -1,32 +0,0 @@ ---- -# common items for the buildvm-aarch64* koji builders -dns: 10.3.163.33 -docker_registry: "candidate-registry.fedoraproject.org" -eth0_ipv4_gw: 10.3.170.254 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -host_group: kojibuilder -koji_hub: "koji.fedoraproject.org/kojihub" -koji_hub_nfs: "fedora_koji" -koji_instance: "primary" -koji_root: "koji.fedoraproject.org/koji" -koji_server_url: "https://koji.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.fedoraproject.org/" -koji_weburl: "https://koji.fedoraproject.org/koji" -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/aarch64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 300000 -max_cpu: "{{ num_cpus }}" -max_mem_size: "{{ mem_size }}" -mem_size: 36864 -num_cpus: 12 -source_registry: "registry.fedoraproject.org" -virt_install_command: "{{ virt_install_command_aarch64_one_nic_unsafe }}" -volgroup: /dev/vg_guests - -notes: | - Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders. - * VMs built on top of buildvmhost - * Relies on koji-hub, Packages, PkgDB, apache, fedora messaging, fas, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new diff --git a/inventory/group_vars/buildvm_aarch64_stg b/inventory/group_vars/buildvm_aarch64_stg deleted file mode 100644 index 95a7af76fe..0000000000 --- a/inventory/group_vars/buildvm_aarch64_stg +++ /dev/null @@ -1,39 +0,0 @@ ---- -# common items for the buildvm-* koji builders -createrepo: True -datacenter: iad2 -dns: 10.3.163.33 -docker_registry: "candidate-registry.stg.fedoraproject.org" -eth0_ipv4_gw: 10.3.167.254 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -host_group: kojibuilder -koji_hub: "koji.stg.fedoraproject.org/kojihub" -koji_hub_nfs: "fedora_koji" -koji_instance: "primary" -koji_root: "koji.stg.fedoraproject.org/koji" -koji_server_url: "https://koji.stg.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.stg.fedoraproject.org/" -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should ovveride them with specific info. - -koji_weburl: "https://koji.stg.fedoraproject.org/koji" -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/aarch64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 140000 -max_cpu: "{{ num_cpus }}" -max_mem_size: "{{ mem_size }}" -mem_size: 40960 -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" -num_cpus: 5 -source_registry: "registry.stg.fedoraproject.org" -# this is to enable nested virt, which we need for some builds -virt_install_command: "{{ virt_install_command_aarch64_one_nic_unsafe }}" -volgroup: /dev/vg_guests - -notes: | - Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders (staging). - * VMs built on top of buildvmhost - * Relies on koji-hub, Packages, PkgDB, apache, fedora messaging, fas, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new diff --git a/inventory/group_vars/buildvm_osbuild_ppc64le b/inventory/group_vars/buildvm_osbuild_ppc64le deleted file mode 100644 index b6c847074e..0000000000 --- a/inventory/group_vars/buildvm_osbuild_ppc64le +++ /dev/null @@ -1,46 +0,0 @@ -# common variables for osbuild workers -datacenter: iad2 -dns: 10.3.163.33 -dns_search1: iad2.fedoraproject.org -dns_search2: fedoraproject.org -eth0_ipv4_gw: 10.3.171.254 -external: false -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/39/Server/ppc64le/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 102400 # 100 GB -main_bridge: br0 -max_mem_size: "{{ mem_size }}" -mem_size: 8192 # 8 GB -num_cpus: 2 -virt_install_command: "{{ virt_install_command_ppc64le_one_nic_unsafe }}" -volgroup: /dev/vg_guests - -# setup access to workers -ipa_server: ipa01.iad2.fedoraproject.org -ipa_host_group: osbuild -ipa_host_group_desc: osbuild Build vms -primary_auth_source: ipa -ipa_client_shell_groups: - - sysadmin-osbuild - - sysadmin-releng -ipa_client_sudo_groups: - - sysadmin-osbuild - - sysadmin-releng - -# osbuild worker variables -osbuild_worker_server_hostname: "api.openshift.com" -osbuild_worker_server_api_base_path: "/api/image-builder-worker/v1" -osbuild_worker_authentication_oauth_url: "https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token" -osbuild_worker_authentication_client_id: "ab28d581-164e-42ec-99d9-dff8e2020a51" -# the secret is turned into file in the playbook -osbuild_worker_authentication_client_secret: "{{ osbuild_worker_client_secret }}" -osbuild_worker_koji_instances: - - koji_host: "koji.fedoraproject.org" - krb_principal: "osbuild-automation-bot@FEDORAPROJECT.ORG" - krb_keytab_file: "{{ private }}/files/osbuild/worker_koji.keytab" - -notes: | - This group of VMs builds OS images via Koji using image builder for ppc64le architecture. - * Relies on koji-hub and image-builder-api (external). - * Produces automated builds of OS images for the architecture listed. Wokers can be scaled by adding new - virtual instances diff --git a/inventory/group_vars/buildvm_osbuild_ppc64le_staging b/inventory/group_vars/buildvm_osbuild_ppc64le_staging deleted file mode 100644 index 70d3791928..0000000000 --- a/inventory/group_vars/buildvm_osbuild_ppc64le_staging +++ /dev/null @@ -1,46 +0,0 @@ -# common variables for osbuild workers (staging) -datacenter: iad2 -dns: 10.3.163.33 -dns_search1: iad2.fedoraproject.org -dns_search2: fedoraproject.org -eth0_ipv4_gw: 10.3.171.254 -external: false -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/39/Server/ppc64le/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 102400 # 100 GB -main_bridge: br0 -max_mem_size: "{{ mem_size }}" -mem_size: 4096 # 4 GB -num_cpus: 2 -virt_install_command: "{{ virt_install_command_ppc64le_one_nic_unsafe }}" -volgroup: /dev/vg_guests - -# setup access to workers -ipa_server: ipa01.iad2.fedoraproject.org -ipa_host_group: osbuild -ipa_host_group_desc: osbuild Build vms -primary_auth_source: ipa -ipa_client_shell_groups: - - sysadmin-osbuild - - sysadmin-releng -ipa_client_sudo_groups: - - sysadmin-osbuild - - sysadmin-releng - -# osbuild worker variables -osbuild_worker_server_hostname: "api.stage.openshift.com" -osbuild_worker_server_api_base_path: "/api/image-builder-worker/v1" -osbuild_worker_authentication_oauth_url: "https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token" -osbuild_worker_authentication_client_id: "07120c6c-fd31-4735-bb2f-891439b0bf41" -# the secret is turned into file in the playbook -osbuild_worker_authentication_client_secret: "{{ osbuild_worker_stg_client_secret }}" -osbuild_worker_koji_instances: - - koji_host: "koji.stg.fedoraproject.org" - krb_principal: "osbuild-automation-bot@STG.FEDORAPROJECT.ORG" - krb_keytab_file: "{{ private }}/files/osbuild/worker_stg_koji.keytab" - -notes: | - This group of VMs builds OS images via Koji (staging) using image builder for ppc64le architecture. - * Relies on koji-hub and image-builder-api (external). - * Produces automated builds of OS images for the architecture listed. Wokers can be scaled by adding new - virtual instances diff --git a/inventory/group_vars/buildvm_ppc64le b/inventory/group_vars/buildvm_ppc64le deleted file mode 100644 index f15815b404..0000000000 --- a/inventory/group_vars/buildvm_ppc64le +++ /dev/null @@ -1,36 +0,0 @@ -# common items for the buildvm-* koji builders -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should ovveride them with specific info. -datacenter: iad2 -dns: 10.3.163.33 -eth0_ipv4_gw: 10.3.171.254 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -host_group: kojibuilder -ipa_server: ipa01.iad2.fedoraproject.org -koji_hub_nfs: "fedora_koji" -koji_instance: "primary" -koji_server_url: "https://koji.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.fedoraproject.org/" -koji_weburl: "https://koji.fedoraproject.org/koji" -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/41/Server/ppc64le/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 262144 -# -# The ppc virthosts have different bridge names for the main and nfs bridges. -# -main_bridge: br0 -max_mem_size: 20480 -mem_size: 20480 -num_cpus: 8 -virt_install_command: "{{ virt_install_command_ppc64le_one_nic_unsafe }}" - -volgroup: /dev/vg_virt_buildvm_ppc64le_iscsi - -notes: | - Koji service employs a set of virtual machines to build packages for the Fedora project. This group builds packages for ppcle architecture. - - * Relies on koji-hub, Packages, PkgDB, apache, fedora messaging, fas, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new - * virtual instances diff --git a/inventory/group_vars/buildvm_ppc64le_stg b/inventory/group_vars/buildvm_ppc64le_stg deleted file mode 100644 index 59609fbd35..0000000000 --- a/inventory/group_vars/buildvm_ppc64le_stg +++ /dev/null @@ -1,38 +0,0 @@ ---- -# common items for the buildvm-* koji builders -createrepo: True -datacenter: staging -dns: 10.3.163.33 -docker_registry: "candidate-registry.stg.fedoraproject.org" -eth0_ipv4_gw: 10.3.167.254 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -host_group: kojibuilder -koji_hub: "koji.stg.fedoraproject.org/kojihub" -koji_hub_nfs: "fedora_koji" -koji_instance: "primary" -koji_root: "koji.stg.fedoraproject.org/koji" -koji_server_url: "https://koji.stg.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.stg.fedoraproject.org/" -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should ovveride them with specific info. - -koji_weburl: "https://koji.stg.fedoraproject.org/koji" -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/41/Server/ppc64le/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 150000 -main_bridge: br0 -max_mem_size: "{{ mem_size }}" -mem_size: 10240 -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" -num_cpus: 4 -source_registry: "registry.stg.fedoraproject.org" -virt_install_command: "{{ virt_install_command_ppc64le_one_nic_unsafe }}" -volgroup: /dev/vg_guests - -notes: | - Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders (staging). - * VMs built on top of buildvmhost - * Relies on koji-hub, Packages, PkgDB, apache, fedora messaging, fas, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new diff --git a/inventory/group_vars/buildvm_s390x b/inventory/group_vars/buildvm_s390x deleted file mode 100644 index a233c7e63c..0000000000 --- a/inventory/group_vars/buildvm_s390x +++ /dev/null @@ -1,32 +0,0 @@ ---- -createrepo: False -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth0_ipv4_gw: 10.1.102.254 -external: false -has_ipv4: yes -host_group: kojibuilder -koji_hub_nfs: "fedora_koji" -koji_instance: "primary" -koji_server_url: "https://koji.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.fedoraproject.org/" -koji_weburl: "https://koji.fedoraproject.org/koji" -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/41/Server/s390x/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 128000 -main_bridge: br0 -mem_size: 25600 -num_cpus: 2 -varnish_group: s390kojipkgs -virt_install_command: "{{ virt_install_command_s390x_one_nic }}" -vmhost: bvmhost-s390x-01.s390.fedoraproject.org -volgroup: /dev/vg_guests - -notes: | - Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders. - * VMs built on top of a s390x LPAR - * Relies on koji-hub, Packages, PkgDB, apache, fedora messaging, fas, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new diff --git a/inventory/group_vars/buildvm_s390x_kvm b/inventory/group_vars/buildvm_s390x_kvm deleted file mode 100644 index f7e57a9d79..0000000000 --- a/inventory/group_vars/buildvm_s390x_kvm +++ /dev/null @@ -1,16 +0,0 @@ ---- -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth0_ipv4_gw: 10.16.0.254 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/41/Server/s390x/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 102400 -main_bridge: vmbr -max_mem_size: "{{ mem_size }}" -mem_size: 17408 -num_cpus: 3 -virt_install_command: "{{ virt_install_command_s390x_one_nic }}" -vmhost: buildvmhost-s390x-01.s390.fedoraproject.org -volgroup: /dev/fedora_linux_lpar_1 diff --git a/inventory/group_vars/buildvm_s390x_stg b/inventory/group_vars/buildvm_s390x_stg deleted file mode 100644 index cc82b54910..0000000000 --- a/inventory/group_vars/buildvm_s390x_stg +++ /dev/null @@ -1,18 +0,0 @@ ---- -createrepo: False -host_group: kojibuilder -koji_hub_nfs: "fedora_koji" -koji_server_url: "https://koji.stg.fedoraproject.org/kojihub" -koji_instance: "primary" -koji_topurl: "https://kojipkgs.stg.fedoraproject.org/" -koji_weburl: "https://koji.stg.fedoraproject.org/koji" -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/41/Server/s390x/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -virt_install_command: "{{ virt_install_command_s390x_one_nic_unsafe }}" - -notes: | - Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders. - * VMs built on top of a s390x LPAR - * Relies on koji-hub, Packages, PkgDB, apache, fedora messaging, fas, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new diff --git a/inventory/group_vars/buildvm_stg b/inventory/group_vars/buildvm_stg deleted file mode 100644 index ac766b92bc..0000000000 --- a/inventory/group_vars/buildvm_stg +++ /dev/null @@ -1,38 +0,0 @@ ---- -# common items for the buildvm-* koji builders -datacenter: iad2 -dns1: 10.3.163.33 -docker_registry: "candidate-registry.stg.fedoraproject.org" -eth0_ipv4_gw: 10.3.167.254 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -host_group: kojibuilder -ipa_server: ipa01.stg.iad2.fedoraproject.org -koji_hub: "koji.stg.fedoraproject.org/kojihub" -koji_hub_nfs: "fedora_koji" -koji_instance: "primary" -koji_root: "koji.stg.fedoraproject.org/koji" -koji_server_url: "https://koji.stg.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.stg.fedoraproject.org/" -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should ovveride them with specific info. - -koji_weburl: "https://koji.stg.fedoraproject.org/koji" -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 150000 -max_mem_size: "{{ mem_size }}" -mem_size: 10240 -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4" -num_cpus: 4 -resolvconf: "resolv.conf/iad2" -source_registry: "registry.fedoraproject.org" -virt_install_command: "{{ virt_install_command_one_nic_unsafe }}" -volgroup: /dev/vg_guests - -notes: | - Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders (staging). - * VMs built on top of buildvmhost - * Relies on koji-hub, Packages, PkgDB, apache, fedora messaging, fas, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new diff --git a/inventory/group_vars/buildvm_x86_riscv b/inventory/group_vars/buildvm_x86_riscv deleted file mode 100644 index 2620340822..0000000000 --- a/inventory/group_vars/buildvm_x86_riscv +++ /dev/null @@ -1,35 +0,0 @@ ---- -# common items for the buildvm-* koji builders -dns: 10.3.163.33 -eth0_ipv4_gw: 10.3.172.254 -external: false -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -host_group: kojibuilder -koji_hub: "riscv-koji.fedoraproject.org/kojihub" -koji_hub_nfs: "fedora_riscv_koji" -koji_instance: "secondary" -koji_root: "riscv-koji.fedoraproject.org/koji" -koji_server_url: "https://riscv-koji.fedoraproject.org/kojihub" -koji_topurl: "https://riscv-kojipkgs.fedoraproject.org/" -koji_weburl: "https://riscv-koji.fedoraproject.org/koji" -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 262144 -max_mem_size: "{{ mem_size }}" -mem_size: 15360 -nagios_Check_Services: - mail: false - nrpe: false - swap: false -num_cpus: 6 -virt_install_command: "{{ virt_install_command_one_nic_unsafe }}" -volgroup: /dev/vg_guests - -notes: | - Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders. - - * VMs built on top of buildvmhost - * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new diff --git a/inventory/group_vars/buildvmhost b/inventory/group_vars/buildvmhost index 5d4ef04aa5..aadaaaf7f4 100644 --- a/inventory/group_vars/buildvmhost +++ b/inventory/group_vars/buildvmhost @@ -1,15 +1,17 @@ --- +nrpe_procs_warn: 1400 +nrpe_procs_crit: 1500 +virthost: true +nested: True + # These variables are pushed into /etc/system_identification by the base role. # Groups and individual hosts should ovveride them with specific info. -nested: True -nrpe_procs_crit: 1800 -nrpe_procs_warn: 1700 -virthost: true -nagios_Check_Services: - swap: false +# See http://infrastructure.fedoraproject.org/csi/security-policy/ -notes: | - Koji service employs a set of virtual machines to build packages for the Fedora project. This playbook is for the provisioning of a physical host for buildvm's. - * Relies on ansible, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Builder vm's are hosted on hosts created with this playbook. +csi_security_category: High +csi_primary_contact: Fedora Admins - admin@fedoraproject.org +csi_purpose: Koji service employs a set of virtual machines to build packages for the Fedora project. This playbook is for the provisioning of a physical host for buildvm's. +csi_relationship: | + * Relies on ansible, virthost, and is monitored by nagios + * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. + * Builder vm's are hosted on hosts created with this playbook. diff --git a/inventory/group_vars/busgateway b/inventory/group_vars/busgateway new file mode 100644 index 0000000000..c327b488b1 --- /dev/null +++ b/inventory/group_vars/busgateway @@ -0,0 +1,26 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 8192 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ + 3999, # The fedmsg-relay republishes here. Listeners need to connect. + 9941, # The fedmsg-relay listens here. Ephemeral producers connect. + 3998, # The fedmsg-relay listens here. VPN producers connect. + 9940, # The fedmsg-gateway republishes here. Proxies need to connect. + 9919, # The websocket server publishes here. Proxies need to connect. +] + +fas_client_groups: sysadmin-noc,sysadmin-datanommer,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log diff --git a/inventory/group_vars/busgateway-stg b/inventory/group_vars/busgateway-stg new file mode 100644 index 0000000000..8a165594eb --- /dev/null +++ b/inventory/group_vars/busgateway-stg @@ -0,0 +1,25 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 1 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ + 3999, # The fedmsg-relay republishes here. Listeners need to connect. + 9941, # The fedmsg-relay listens here. Ephemeral producers connect. + 9940, # The fedmsg-gateway republishes here. Proxies need to connect. + 9919, # The websocket server publishes here. Proxies need to connect. +] + +fas_client_groups: sysadmin-noc,sysadmin-datanommer,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log diff --git a/inventory/group_vars/bvirthost b/inventory/group_vars/bvirthost index f2055e5cfe..fe045bedb1 100644 --- a/inventory/group_vars/bvirthost +++ b/inventory/group_vars/bvirthost @@ -1,7 +1,4 @@ --- -nagios_Check_Services: - swap: false -nested: true -nrpe_procs_crit: 1500 -nrpe_procs_warn: 1400 virthost: true +nrpe_procs_warn: 1000 +nrpe_procs_crit: 1100 diff --git a/inventory/group_vars/certgetter b/inventory/group_vars/certgetter index e07c67809f..5c1601a5bf 100644 --- a/inventory/group_vars/certgetter +++ b/inventory/group_vars/certgetter @@ -1,14 +1,15 @@ --- -# Define resources for this group of hosts here. -# Neeed for rsync from log01 for logs. -custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'] -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept' +# Define resources for this group of hosts here. lvm_size: 20000 mem_size: 2048 num_cpus: 2 -primary_auth_source: ipa + # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file -tcp_ports: [80, 443] + +tcp_ports: [ 80, 443 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-main diff --git a/inventory/group_vars/certgetter_stg b/inventory/group_vars/certgetter_stg deleted file mode 100644 index e573af21a8..0000000000 --- a/inventory/group_vars/certgetter_stg +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Define resources for this group of hosts here. -# Neeed for rsync from log01 for logs. -custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'] -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept' -lvm_size: 20000 -mem_size: 2048 -num_cpus: 2 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [80, 443] diff --git a/inventory/group_vars/checkcompose b/inventory/group_vars/checkcompose deleted file mode 100644 index 0371069342..0000000000 --- a/inventory/group_vars/checkcompose +++ /dev/null @@ -1,15 +0,0 @@ -# This var should never be set for more than one machine -checkcompose_prod: true - -# The checkcompose settings below cause system(s) in this group to -# send out check-compose reports. This could cause duplicate reports -# if additional systems were added to this group. -checkcompose_emailfrom: rawhide@fedoraproject.org -checkcompose_emailto: "test-reports@lists.fedoraproject.org" -checkcompose_smtp: bastion.iad2.fedoraproject.org -checkcompose_subvariant_emails: - AtomicHost: - error: ["dusty@dustymabe.com", "walters@verbum.org", "atomic@lists.fedoraproject.org"] - -checkcompose_greenwaveurl: https://greenwave.fedoraproject.org -checkcompose_url: "https://{{ external_hostname }}" diff --git a/inventory/group_vars/checkcompose_common b/inventory/group_vars/checkcompose_common deleted file mode 100644 index 788cbb3a0e..0000000000 --- a/inventory/group_vars/checkcompose_common +++ /dev/null @@ -1,24 +0,0 @@ -# we need this for our fedora-messaging consumer as it is not allowed -# to create queues on the infra AMQP broker, by broker config -checkcompose_amqp_passive: true - -# fedora-messaging email error reporting settings -checkcompose_amqp_mailto: ["adamwill@fedoraproject.org", "lruzicka@fedoraproject.org"] -checkcompose_amqp_smtp: bastion - -# fedora-messaging compose report sender settings -# we use the openQA rabbitmq account for this role as they run -# on the same server and it's convenient. this means it's also -# safe and appropriate to use variables defined in the openqa -# group_vars. if we ever split the roles up we will have to create -# a separate account with separate creds -checkcompose_amqp_username: "{{ openqa_amqp_this_username }}" -checkcompose_amqp_url: "{{ openqa_amqp_this_url }}" -checkcompose_amqp_cacert: "{{ openqa_amqp_this_cacertfile }}" -checkcompose_amqp_cert: "{{ openqa_amqp_this_certfile }}" -checkcompose_amqp_key: "{{ openqa_amqp_this_keyfile }}" -checkcompose_amqp_queue: "{{ checkcompose_amqp_username }}_checkcomp" -checkcompose_amqp_routing_keys: ["org.fedoraproject.{{ deployment_type }}.openqa.job.done"] - -checkcompose_env: "{{ openqa_env }}" -checkcompose_env_suffix: "{{ openqa_env_suffix }}" diff --git a/inventory/group_vars/checkcompose_stg b/inventory/group_vars/checkcompose_stg deleted file mode 100644 index 19a8f1a62c..0000000000 --- a/inventory/group_vars/checkcompose_stg +++ /dev/null @@ -1,3 +0,0 @@ -checkcompose_greenwaveurl: https://greenwave-web-greenwave.apps.ocp.stg.fedoraproject.org -checkcompose_prod: false -checkcompose_url: "https://{{ external_hostname }}" diff --git a/inventory/group_vars/ci b/inventory/group_vars/ci new file mode 100644 index 0000000000..6c96524214 --- /dev/null +++ b/inventory/group_vars/ci @@ -0,0 +1,100 @@ +--- +############################################################ +# general information +############################################################ +# common items for the releng-* boxes +lvm_size: 50000 +mem_size: 4096 +num_cpus: 4 +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, "{{ resultsdb_db_port }}" ] +fas_client_groups: sysadmin-qa,sysadmin-noc,sysadmin-web,sysadmin-veteran +nrpe_procs_warn: 250 +nrpe_procs_crit: 300 + +external_hostname: resultsdb.ci.centos.org +deployment_type: prod + +freezes: false + +# +# PostgreSQL configuration +# + +shared_buffers: "32MB" +effective_cache_size: "512MB" + + +############################################################ +# resultsdb details +############################################################ + +# the db_host_machine bits are so that delegation continues to work, even if +# that db is localhost relative to resultsdb + +resultsdb_db_host_machine: ci-cc-rdu01.fedoraproject.org +resultsdb_db_host: "{{ resultsdb_db_host_machine }}" +resultsdb_db_port: 5432 +resultsdb_endpoint: 'resultsdb_api' +resultsdb_db_name: resultsdb +resultsdb_db_user: "{{ ci_resultsdb_db_user }}" +resultsdb_db_password: "{{ ci_resultsdb_db_password }}" +resultsdb_secret_key: "{{ ci_resultsdb_secret_key }}" + +allowed_hosts: + - 10.5.124 + - 10.5.131 + + +############################################################ +# resultsdb-frontend details +############################################################ +resultsdb_fe_endpoint: "resultsdb" +resultsdb_frontend_secret_key: "{{ ci_resultsdb_frontend_secret_key }}" + + +########################################################### +# execdb details +########################################################### +execdb_db_host_machine: ci-cc-rdu01.fedoraproject.org +execdb_db_host: "{{ execdb_db_host_machine }}" +execdb_db_port: 5432 +execdb_endpoint: 'execdb' +execdb_db_name: execdb +execdb_db_user: "{{ ci_execdb_db_user }}" +execdb_db_password: "{{ ci_execdb_db_password }}" +execdb_secret_key: "{{ ci_execdb_secret_key }}" + + +########################################################### +# ccsdb details +########################################################### +ccsdb_db_host_machine: ci-cc-rdu01.fedoraproject.org +ccsdb_db_host: "{{ ccsdb_db_host_machine }}" +ccsdb_db_port: 5432 +ccsdb_endpoint: 'ccsdb' +ccsdb_db_name: ccsdb +ccsdb_db_user: "{{ ci_ccsdb_db_user }}" +ccsdb_db_password: "{{ ci_ccsdb_db_password }}" +ccsdb_secret_key: "{{ ci_ccsdb_secret_key }}" + + +############################################################ +# fedmsg details +############################################################ +fedmsg_active: False +fedmsg_cert_prefix: ci.resultsdb + +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: resultsdb + owner: root + group: apache + can_send: + - taskotron.result.new diff --git a/inventory/group_vars/cloud b/inventory/group_vars/cloud index 0caa1ef1f2..daa307cee8 100644 --- a/inventory/group_vars/cloud +++ b/inventory/group_vars/cloud @@ -1,6 +1,6 @@ --- -datacenter: cloud -nagios_Check_Services: - mail: false +nagios_Check_Services: nrpe: false swap: false +datacenter: cloud +ansible_ifcfg_blacklist: true diff --git a/inventory/group_vars/cloud-hardware b/inventory/group_vars/cloud-hardware new file mode 100644 index 0000000000..ca5576bd9f --- /dev/null +++ b/inventory/group_vars/cloud-hardware @@ -0,0 +1,10 @@ +--- +freezes: false + +use_default_epel: false + +collectd_apache: false + +nagios_Check_Services: + nrpe: true + swap: true diff --git a/inventory/group_vars/cloud_aws b/inventory/group_vars/cloud_aws deleted file mode 100644 index 260134bb25..0000000000 --- a/inventory/group_vars/cloud_aws +++ /dev/null @@ -1,18 +0,0 @@ -# For Fedora instances, we want to ssh as 'fedora', not as 'root' -#ansible_ssh_user: fedora -#ansible_become: true -#ansible_become_user: root -#ansible_become_method: sudo - -# Disable ethX ifcfg, let amazon handle these via DHCP. -datacenter: aws -nagios_Check_Services: - dhcpd: false - httpd: false - mail: false - named: false - nrpe: false - ping: false - raid: false - sshd: false - swap: false diff --git a/inventory/group_vars/cloud_hardware b/inventory/group_vars/cloud_hardware deleted file mode 100644 index f4b234ea16..0000000000 --- a/inventory/group_vars/cloud_hardware +++ /dev/null @@ -1,7 +0,0 @@ ---- -collectd_apache: false -freezes: false -nagios_Check_Services: - nrpe: true - swap: true -use_default_epel: false diff --git a/inventory/group_vars/colo-virt b/inventory/group_vars/colo-virt new file mode 100644 index 0000000000..d7aff060d9 --- /dev/null +++ b/inventory/group_vars/colo-virt @@ -0,0 +1,2 @@ +--- +virthost: true diff --git a/inventory/group_vars/colo_virt b/inventory/group_vars/colo_virt deleted file mode 100644 index 3e69a1fba4..0000000000 --- a/inventory/group_vars/colo_virt +++ /dev/null @@ -1,7 +0,0 @@ ---- -dns1: 8.8.8.8 -dns2: 8.8.4.4 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -virthost: true -vpn: true diff --git a/inventory/group_vars/copr b/inventory/group_vars/copr new file mode 100644 index 0000000000..bdf2f21c98 --- /dev/null +++ b/inventory/group_vars/copr @@ -0,0 +1,20 @@ +--- +devel: false +_forward_src: "forward" + +# don't forget to update ip in ./copr-keygen, due to custom firewall rules + +copr_backend_ips: ["172.25.32.155", "209.132.184.48"] +keygen_host: "172.25.32.157" + +resolvconf: "resolv.conf/cloud" + +backend_base_url: "https://copr-be.cloud.fedoraproject.org" +postfix_maincf: "postfix/main.cf/main.cf.copr" + +frontend_base_url: "https://copr.fedorainfracloud.org" +dist_git_base_url: "copr-dist-git.fedorainfracloud.org" + +ansible_ifcfg_blacklist: true + +datacenter: cloud diff --git a/inventory/group_vars/copr-back b/inventory/group_vars/copr-back new file mode 100644 index 0000000000..2ffc232eb4 --- /dev/null +++ b/inventory/group_vars/copr-back @@ -0,0 +1,34 @@ +--- +_lighttpd_conf_src: "lighttpd/lighttpd.conf" + +copr_nova_auth_url: "https://fedorainfracloud.org:5000/v2.0" +copr_nova_tenant_id: "5d99f099b7fe4b0387f0352f6301ba6a" +copr_nova_tenant_name: "copr" +copr_nova_username: "copr" + +# copr_builder_image_name: "Fedora-Cloud-Base-20141203-21" +copr_builder_flavor_name: "ms2.builder" +copr_builder_network_name: "copr-net" +copr_builder_key_name: "buildsys" +copr_builder_security_groups: "ssh-anywhere-copr,default,ssh-from-persistent-copr" + +nrpe_procs_warn: 2200 +nrpe_procs_crit: 2500 + +fedmsg_enabled: "true" + +do_sign: "true" + +spawn_in_advance: "true" +frontend_base_url: "https://copr.fedorainfracloud.org" + +# These variables are pushed into /etc/system_identification by the base role. +# Groups and individual hosts should override them with specific info. +# See http://infrastructure.fedoraproject.org/csi/security-policy/ + +csi_security_category: High +csi_primary_contact: "msuchy (mirek), clime, frostyx, dturecek IRC #fedora-admin, #fedora-buildsys" +csi_purpose: Provide the backend for copr (3rd party packages) +csi_relationship: | + - Backend: Management of copr cloud infrastructure (OpenStack). + - Small frontend with copr's public stats diff --git a/inventory/group_vars/copr-back-stg b/inventory/group_vars/copr-back-stg new file mode 100644 index 0000000000..e8946170e9 --- /dev/null +++ b/inventory/group_vars/copr-back-stg @@ -0,0 +1,29 @@ +--- +_lighttpd_conf_src: "lighttpd/lighttpd_dev.conf" + +copr_nova_auth_url: "https://fedorainfracloud.org:5000/v2.0" +copr_nova_tenant_id: "a6ff2158641c439a8426d7facab45437" +copr_nova_tenant_name: "coprdev" +copr_nova_username: "copr" + +copr_builder_image_name: "builder-f24" +copr_builder_flavor_name: "ms2.builder" +copr_builder_network_name: "coprdev-net" +copr_builder_key_name: "buildsys" +copr_builder_security_groups: "ssh-anywhere-coprdev,default,ssh-from-persistent-coprdev" + +fedmsg_enabled: "true" + +do_sign: "true" + +spawn_in_advance: "false" +frontend_base_url: "http://copr-fe-dev.cloud.fedoraproject.org" + +# These variables are pushed into /etc/system_identification by the base role. +# Groups and individual hosts should override them with specific info. +# See http://infrastructure.fedoraproject.org/csi/security-policy/ + +csi_security_category: Moderate +csi_primary_contact: "msuchy (mirek), clime, frostyx, dturecek IRC #fedora-admin, #fedora-buildsys" +csi_purpose: Provide the testing environment of copr's backend +csi_relationship: This host is the testing environment for the cloud infrastructure of copr's backend diff --git a/inventory/group_vars/copr-dist-git b/inventory/group_vars/copr-dist-git new file mode 100644 index 0000000000..4c68998422 --- /dev/null +++ b/inventory/group_vars/copr-dist-git @@ -0,0 +1,5 @@ +--- +tcp_ports: [22, 80] +datacenter: cloud +freezes: false + diff --git a/inventory/group_vars/copr-dist-git-stg b/inventory/group_vars/copr-dist-git-stg new file mode 100644 index 0000000000..950f623338 --- /dev/null +++ b/inventory/group_vars/copr-dist-git-stg @@ -0,0 +1,5 @@ +--- +tcp_ports: [22, 80] +datacenter: cloud +freezes: false +devel: true diff --git a/inventory/group_vars/copr-front b/inventory/group_vars/copr-front new file mode 100644 index 0000000000..d49a97457d --- /dev/null +++ b/inventory/group_vars/copr-front @@ -0,0 +1,16 @@ +--- +copr_hostname: "copr-fe.cloud.fedoraproject.org" +copr_frontend_public_hostname: "copr.fedorainfracloud.org" + +# These variables are pushed into /etc/system_identification by the base role. +# Groups and individual hosts should override them with specific info. +# See http://infrastructure.fedoraproject.org/csi/security-policy/ + +csi_security_category: Moderate +csi_primary_contact: "msuchy (mirek), clime, frostyx, dturecek IRC #fedora-admin, #fedora-buildsys" +csi_purpose: Provide a publicly accessible frontend for 3rd party packages (copr) +csi_relationship: | + - This host provides the frontend part of copr only. + - It's the point of contact between end users and the copr build system (backend, package singer) + +copr_mbs_cli_login: Y29wcg==##vtvvikhcjncwkfkdcssv diff --git a/inventory/group_vars/copr-front-stg b/inventory/group_vars/copr-front-stg new file mode 100644 index 0000000000..27a5e4194b --- /dev/null +++ b/inventory/group_vars/copr-front-stg @@ -0,0 +1,9 @@ +--- +copr_frontend_public_hostname: "copr-fe-dev.cloud.fedoraproject.org" + +csi_security_category: Low +csi_primary_contact: "msuchy (mirek), clime, frostyx, dturecek IRC #fedora-admin, #fedora-buildsys" +csi_purpose: Provide the testing environment of copr's frontend +csi_relationship: This host is the testing environment for copr's web interface + +copr_mbs_cli_login: Y29wcg==##vtvvikhcjncwkfkdcssv diff --git a/inventory/group_vars/copr-keygen b/inventory/group_vars/copr-keygen new file mode 100644 index 0000000000..0944c156a9 --- /dev/null +++ b/inventory/group_vars/copr-keygen @@ -0,0 +1,12 @@ +--- +tcp_ports: [22] + +# http + signd dest ports +custom_rules: [ '-A INPUT -p tcp -m tcp -s 172.25.32.155 --dport 80 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 209.132.184.48 --dport 80 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 172.25.32.155 --dport 5167 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 209.132.184.48 --dport 5167 -j ACCEPT'] + +datacenter: cloud + +freezes: false diff --git a/inventory/group_vars/copr-keygen-stg b/inventory/group_vars/copr-keygen-stg new file mode 100644 index 0000000000..1042ae84e3 --- /dev/null +++ b/inventory/group_vars/copr-keygen-stg @@ -0,0 +1,13 @@ +--- +copr_hostbase: copr-keygen-dev +tcp_ports: [] + +# http + signd dest ports +custom_rules: [ '-A INPUT -p tcp -m tcp -s 172.25.32.175 --dport 80 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 209.132.184.53 --dport 80 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 172.25.32.175 --dport 5167 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 209.132.184.53 --dport 5167 -j ACCEPT'] + +datacenter: cloud + +freezes: false diff --git a/inventory/group_vars/copr-stg b/inventory/group_vars/copr-stg new file mode 100644 index 0000000000..9fe352bcfb --- /dev/null +++ b/inventory/group_vars/copr-stg @@ -0,0 +1,19 @@ +--- +devel: true +#_forward-src: "{{ files }}/copr/forward-dev" +_forward_src: "forward_dev" + +# don't forget to update ip in ./copr-keygen-stg, due to custom firewall rules + +copr_backend_ips: ["172.25.32.175", "172.25.150.48"] +keygen_host: "172.25.32.154" + +resolvconf: "resolv.conf/cloud" + +backend_base_url: "http://copr-be-dev.cloud.fedoraproject.org" +postfix_maincf: "postfix/main.cf/main.cf.copr" + +frontend_base_url: "http://copr-fe-dev.cloud.fedoraproject.org" +dist_git_base_url: "copr-dist-git-dev.fedorainfracloud.org" + +ansible_ifcfg_blacklist: true diff --git a/inventory/group_vars/copr_all_instances_aws b/inventory/group_vars/copr_all_instances_aws deleted file mode 100644 index 1c3b1c3cf6..0000000000 --- a/inventory/group_vars/copr_all_instances_aws +++ /dev/null @@ -1,16 +0,0 @@ -# Put here configuration for all copr instances (production, devel, ...) ---- -postfix_group: copr -postfix_maincf: postfix/main.cf/main.cf.copr_smtp_auth_relay -#TODO: tamplatize main.cf -smtp_auth_relay_host: smtp-auth-cc-rdu01.fedoraproject.org -smtp_auth_relay_user: copr@fedoraproject.org -smtp_auth_relay_password: "{{ copr_smtp_password }}" - -additional_known_hosts_cleanup: - copr-be-dev.aws.fedoraproject.org: - - copr-be-dev-temp.aws.fedoraproject.org - copr-be.aws.fedoraproject.org: - - copr-be-temp.aws.fedoraproject.org - -aws_ipv6_con: "cloud-init ens5" diff --git a/inventory/group_vars/copr_aws b/inventory/group_vars/copr_aws deleted file mode 100644 index 53c6f08455..0000000000 --- a/inventory/group_vars/copr_aws +++ /dev/null @@ -1,206 +0,0 @@ ---- -_forward_src: "forward" -aws_arch_subnets: - # Your requested instance type (a1.xlarge) is not supported in your requested Availability Zone (us-east-1a). - # Your requested instance type (a1.xlarge) is not supported in your requested Availability Zone (us-east-1d). - # Your requested instance type (a1.xlarge) is not supported in your requested Availability Zone (us-east-1f). - aarch64: - - subnet-0995f6a466849f4c3 - - subnet-08cadf5a14b530ac4 - - subnet-07b0b3168a353e3ee - x86_64: - - subnet-0995f6a466849f4c3 - - subnet-08cadf5a14b530ac4 - - subnet-07b0b3168a353e3ee - - subnet-09c74a3e6420a206b - - subnet-01d4e967ab5e78005 - - subnet-05437ac82d63b6ef5 -backend_base_url: "https://download.copr.fedorainfracloud.org" -builders: - # max|spawn_concurrently|prealloc - aws: - aarch64: [8, 2, 2] - x86_64: [20, 4, 1] - aws_spot: - aarch64: [30, 4, 3] - x86_64: [70, 8, 8] - ppc64le_hypervisor_01: - ppc64le: [15, 4, 15] - # There's the ppc64le-test machine, so keep 2 builders less. - ppc64le_hypervisor_02: - ppc64le: [13, 4, 13] - p09_hypervisor_01: - ppc64le: [31, 5, 31] - x86_hypervisor_01: - x86_64: [20, 4, 20] - x86_hypervisor_02: - x86_64: [20, 4, 20] - x86_hypervisor_03: - x86_64: [20, 4, 20] - x86_hypervisor_04: - x86_64: [20, 4, 20] - - ibm_cloud_us_east_hp: - s390x: [2, 1, 0] - - ibm_cloud_br_sao_1: - s390x: [3, 1, 1] - ibm_cloud_br_sao_2: - s390x: [3, 1, 1] - ibm_cloud_br_sao_3: - s390x: [3, 1, 1] - - ibm_cloud_eu_es_1: - s390x: [3, 1, 1] - ibm_cloud_eu_es_2: - s390x: [3, 1, 1] - ibm_cloud_eu_es_3: - s390x: [3, 1, 1] - -cloud_instance_types: - ibm_cloud: - s390x: mz2-2x16 - s390x_hp: bz2-16x64 - -ibm_cloud_regions: - eu_es: - name: eu-es - name_humans: Madrid, Spain - ssh_key: r050-cbd10ece-a28f-45c8-bc3a-15ecb9ff66d5 - vpc: r050-190b8bac-3bae-47cf-9be7-ac70fc54ccb9 - security_group: r050-cfc3db07-8cde-4807-9756-db91b242092a - images: "{{ copr_builder_images.ibm_cloud.eu_es }}" - br_sao: - name: br-sao - name_humans: Sao Paulo, Brazil - ssh_key: r042-4fb65a23-e7bd-440f-8d71-ff57b83a4152 - vpc: r042-c902f12d-556f-4334-95cb-d181ebb3d8ba - security_group: r042-22ef3881-fa20-4caa-9873-c8dc41c5dcb7 - images: "{{ copr_builder_images.ibm_cloud.br_sao }}" - -resalloc_pools: - - ibm_us_east: - images: "{{ copr_builder_images.ibm_cloud.us_east }}" - subnets: - - us-east-1:0757-df8209fd-e4e4-4659-bcca-b60c9eddfb35 - - us-east-2:0767-4cb7e11d-14db-48a8-9d1d-c59679112cd5 - - us-east-3:0777-bc697f15-4f13-4843-b338-d8950e3d23c0 - ssh_key: r014-fc1c1b90-5a7f-4cc6-a6d4-b273bd19be99 - vpc: r014-e90f14b0-a9c0-4c0b-bc81-207904b2d19e - security_group: r014-941706bd-062c-4d4c-9512-9a31b8f257d7 - - ibm_eu_es_1: - zone: eu-es-1 - subnet: 02w7-84eded83-3077-44c3-a84c-90c7afb7ff4f - region_config: "{{ ibm_cloud_regions.eu_es }}" - floating_ips: - - r050-957fb229-4001-426c-b03b-9ec73fbcfc01 - - r050-b395c059-8407-4b7a-bc31-332f1de0a8c7 - - r050-2e71b2bd-66a5-4c76-a158-cce17471dadd - - ibm_eu_es_2: - zone: eu-es-2 - subnet: 02x7-05de0643-b257-4500-9a14-648421b16738 - region_config: "{{ ibm_cloud_regions.eu_es }}" - floating_ips: - - r050-f0791af4-128d-48bb-8a3d-fad718003062 - - r050-350e120d-b91f-41aa-b600-66c63182fc66 - - r050-633ebce4-4e3b-4367-8c15-2c014ff39869 - - ibm_eu_es_3: - zone: eu-es-3 - subnet: 02y7-e32873a0-ad98-44d5-b49d-da49f731a914 - region_config: "{{ ibm_cloud_regions.eu_es }}" - floating_ips: - - r050-6390c1bf-a057-4c9c-b0ae-ac2b0ed591a7 - - r050-dca6a5f9-6fe0-4d1c-9217-3fd4357bf55d - - r050-5d7d0f7e-5fc0-4a45-8efd-09cf819ee00a - - ibm_br_sao_1: - zone: br-sao-1 - subnet: 02t7-1c0b186a-ca5e-44ea-bf2c-ca2f3122a9ff - region_config: "{{ ibm_cloud_regions.br_sao }}" - floating_ips: - - r042-c409079e-f2a2-44ff-a993-b09f21148296 - - r042-4196a36b-5fb5-462f-8f98-46d1320fb1d1 - - r042-f2724485-478e-4059-bf57-cc485aade9f5 - - ibm_br_sao_2: - zone: br-sao-2 - subnet: 02u7-75fa6c55-b65a-4d38-a011-15559c7171ce - region_config: "{{ ibm_cloud_regions.br_sao }}" - floating_ips: - - r042-b66c2a71-71e0-4120-a05b-662b02ebb357 - - r042-9e75ba4e-8005-4f36-9e4f-462ab0c93f7c - - r042-54f648f6-a5f8-4535-8b16-ef76743e7937 - - ibm_br_sao_3: - zone: br-sao-3 - subnet: 02v7-439195e6-2df0-4720-9696-76d0a63c352d - region_config: "{{ ibm_cloud_regions.br_sao }}" - floating_ips: - - r042-03e04fbd-04f4-48ad-826e-48c0c41beeff - - r042-0ebc5298-857c-4832-9ece-016baf74cdd0 - - r042-082eba49-2952-43a3-be23-ac202ad847fc - -copr_aws_region: us-east-1 -# don't forget to update ip in ./copr-keygen, due to custom firewall rules - -# eth0, eth1 -copr_backend_ips: ["52.44.175.77", "172.30.2.145"] - -copr_builder_fedora_version: 39 - -copr_builder_images: - aws: - # WARNING: when changing, always remove images N-2 and older - # n-1: aarch64: ami-0f93da3f4f368afb4 - # n-1: x86_64: ami-062f0015f85924f2f - aarch64: ami-0c3217e2af416bf2d - x86_64: ami-0c430e4bc139d93ec - hypervisor: - # n-1: ppc64le: copr-builder-ppc64le-20240201_144151 - # n-1: x86_64: copr-builder-x86_64-20240201_144216 - ppc64le: copr-builder-ppc64le-20241119_171239 - x86_64: copr-builder-x86_64-20241119_172236 - ibm_cloud: - br_sao: # São Paulo - s390x: r042-5e105a96-4a84-4c07-950b-9fd12d58c8a2 - eu_es: # Madrid - s390x: r050-053cfdb8-52eb-486d-b8b3-bc9cba2fbe56 - us_east: # Washington - # n-1: us_east: r014-1469fafc-d906-44fa-b780-e4599ed56fde - s390x: r014-9ba4feec-ce45-4401-acea-f123114685b5 - osuosl: - # ppc64le: copr-builder-ppc64le-20240206_143009 - ppc64le: copr-builder-ppc64le-20241119_171239 - -copr_messaging: true -datacenter: aws -devel: false -dist_git_base_url: "copr-dist-git.fedorainfracloud.org" -frontend_base_url: "https://copr.fedorainfracloud.org" -keygen_host: "54.83.48.73" -rpm_vendor_copr_name: Fedora Copr -root_auth_users: msuchy frostyx praiskup nikromen - -aws_cloudfront_distribution: E2PUZIRCXCOXTG - -nrpe_client_uid: 500 - -rsnapshot_push: - server_host: storinator01.rdu-cc.fedoraproject.org - backup_dir: /srv/nfs/copr-be - cases: - copr-be-copr-user: - user: copr - rsync_args: -H --relative /var/lib/copr/public_html --info=progress2 - command: rsnapshot_copr_backend - timing_plan: copr_be - # copr-backend's copr/resalloc pubkey - ssh_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCeTO0ddXuhDZYM9HyM0a47aeV2yIVWhTpddrQ7/RAIs99XyrsicQLABzmdMBfiZnP0FnHBF/e+2xEkT8hHJpX6bX81jjvs2bb8KP18Nh8vaXI3QospWrRygpu1tjzqZT0Llh4ZVFscum8TrMw4VWXclzdDw6x7csCBjSttqq8F3iTJtQ9XM9/5tCAAOzGBKJrsGKV1CNIrfUo5CSzY+IUVIr8XJ93IB2ZQVASK34T/49egmrWlNB32fqAbDMC+XNmobgn6gO33Yq5Ly7Dk4kqTUx2TEaqDkZfhsVu0YcwV81bmqsltRvpj6bIXrEoMeav7nbuqKcPLTxWEY/2icePF" - -deployment_type: prod - -pulp_content_url: "https://console.redhat.com/api/pulp-content/public-copr/" diff --git a/inventory/group_vars/copr_back_aws b/inventory/group_vars/copr_back_aws deleted file mode 100644 index ade4ed605f..0000000000 --- a/inventory/group_vars/copr_back_aws +++ /dev/null @@ -1,59 +0,0 @@ ---- -copr_machine_type: backend - -# what is the main backend service name -copr_backend_target: copr-backend.target - -# Copr vars -copr_hostbase: copr-be -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should override them with specific info. -description: copr dispatcher and repo server -do_sign: "true" -host_backup_targets: ['/var/lib/copr/public_html/results'] - -# consumed by roles/copr/certbot -letsencrypt: - certificates: - copr-be.cloud.fedoraproject.org: - challenge_dir: /var/lib/copr/public_html - domains: - - copr-be.cloud.fedoraproject.org - mail: coprteam@fedoraproject.org - - predefined_deploy_script: lighttpd - -# consumed by roles/messaging/base -messaging: - certificates: - - app_name: Copr build system - key: copr - username: copr - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.copr\..* - -nrpe_procs_crit: 2500 -nrpe_procs_warn: 2200 - -tcp_ports: [ - 22, 80, 443, - # node_exporter/prometheus - 9100, -] -services_disabled: false - -aws_ipv6_addr: "2600:1f18:8ee:ae00:d553:8ed5:d8b6:9f83/128" - -copr_backend_data_raid10_volumes: - - nvme-Amazon_Elastic_Block_Store_vol017b9ff832cb0fd97-part1 - - nvme-Amazon_Elastic_Block_Store_vol0188cd4fedb1e7c78-part1 - - nvme-Amazon_Elastic_Block_Store_vol025a19c2330fca7cd-part1 - - nvme-Amazon_Elastic_Block_Store_vol0e809c6ef1c11f2c9-part1 - -copr_backend_data_2_raid1_volumes: - - nvme-Amazon_Elastic_Block_Store_vol0f226a7163d28d8fd-part1 - - nvme-Amazon_Elastic_Block_Store_vol07293869d85a750b8-part1 - -notes: | - Provide the backend for copr (3rd party packages) - * Backend: Management of copr cloud infrastructure (OpenStack). - * Small frontend with copr's public stats diff --git a/inventory/group_vars/copr_back_dev_aws b/inventory/group_vars/copr_back_dev_aws deleted file mode 100644 index e6b8d38f34..0000000000 --- a/inventory/group_vars/copr_back_dev_aws +++ /dev/null @@ -1,54 +0,0 @@ ---- -copr_machine_type: backend - -_copr_be_conf: copr-be.conf-dev -# what is the main backend service name -copr_backend_target: copr-backend.target - -# Copr vars -copr_hostbase: copr-be-dev -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should override them with specific info. -description: copr dispatcher and repo server - dev instance -do_sign: "true" -# consumed by roles/copr/certbot -letsencrypt: - certificates: - copr-be-dev.cloud.fedoraproject.org: - challenge_dir: /var/lib/copr/public_html - domains: - - copr-be-dev.cloud.fedoraproject.org - mail: coprteam@fedoraproject.org - - predefined_deploy_script: lighttpd - -# consumed by roles/messaging/base -messaging: - certificates: - - app_name: Copr build system - key: copr - username: copr - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.copr\..* - -tcp_ports: [ - 22, 80, 443, - # node_exporter/prometheus - 9100, -] -services_disabled: false - -aws_ipv6_addr: "2600:1f18:8ee:ae00:6c8c:e094:1c5b:c2f9/128" - -copr_backend_data_raid10_volumes: - - nvme-Amazon_Elastic_Block_Store_vol00ee3a18d4b88bd2d-part1 - - nvme-Amazon_Elastic_Block_Store_vol01d7d16e5e447b3c4-part1 - - nvme-Amazon_Elastic_Block_Store_vol0860700f1b82314b5-part1 - - nvme-Amazon_Elastic_Block_Store_vol0ea433a88aef9c644-part1 - -copr_backend_data_2_raid1_volumes: - - nvme-Amazon_Elastic_Block_Store_vol0ce8220e998e2e32a-part1 - - nvme-Amazon_Elastic_Block_Store_vol0038e042c49987b82-part1 - -notes: | - Provide the testing environment of copr's backend - This host is the testing environment for the cloud infrastructure of copr's backend diff --git a/inventory/group_vars/copr_db_all b/inventory/group_vars/copr_db_all deleted file mode 100644 index 99edb1b097..0000000000 --- a/inventory/group_vars/copr_db_all +++ /dev/null @@ -1,6 +0,0 @@ ---- -tcp_ports: [22, 5432] - -notes: | - Provide the testing environment of copr's db - This host is the testing environment for copr's database diff --git a/inventory/group_vars/copr_dev_aws b/inventory/group_vars/copr_dev_aws deleted file mode 100644 index e9cba4dc6d..0000000000 --- a/inventory/group_vars/copr_dev_aws +++ /dev/null @@ -1,185 +0,0 @@ ---- -env: staging - -_forward_src: "forward_dev" -aws_arch_subnets: - # Your requested instance type (a1.xlarge) is not supported in your requested Availability Zone (us-east-1a). - # Your requested instance type (a1.xlarge) is not supported in your requested Availability Zone (us-east-1d). - # Your requested instance type (a1.xlarge) is not supported in your requested Availability Zone (us-east-1f). - aarch64: - - subnet-0995f6a466849f4c3 - - subnet-08cadf5a14b530ac4 - - subnet-07b0b3168a353e3ee - x86_64: - - subnet-0995f6a466849f4c3 - - subnet-08cadf5a14b530ac4 - - subnet-07b0b3168a353e3ee - - subnet-09c74a3e6420a206b - - subnet-01d4e967ab5e78005 - - subnet-05437ac82d63b6ef5 -backend_base_url: "https://download.copr-dev.fedorainfracloud.org" - -builders: - # max|spawn_concurrently|prealloc - aws: - aarch64: [2, 0, 0] - x86_64: [4, 0, 0] - aws_spot: - aarch64: [5, 1, 1] - x86_64: [5, 1, 1] - ppc64le_hypervisor_01: - ppc64le: [2, 1, 1] - ppc64le_hypervisor_02: - ppc64le: [2, 1, 1] - p09_hypervisor_01: - ppc64le: [2, 1, 1] - x86_hypervisor_01: - x86_64: [2, 1, 1] - x86_hypervisor_02: - x86_64: [2, 1, 1] - x86_hypervisor_03: - x86_64: [2, 1, 1] - x86_hypervisor_04: - x86_64: [2, 1, 1] - - ibm_cloud_us_east_hp: - s390x: [1, 1, 0] - - ibm_cloud_br_sao_1: - s390x: [1, 1, 0] - ibm_cloud_br_sao_2: - s390x: [1, 1, 0] - ibm_cloud_br_sao_3: - s390x: [1, 1, 0] - - ibm_cloud_eu_es_1: - s390x: [1, 1, 0] - ibm_cloud_eu_es_2: - s390x: [1, 1, 0] - ibm_cloud_eu_es_3: - s390x: [1, 1, 0] - -cloud_instance_types: - ibm_cloud: - s390x: mz2-2x16 - s390x_hp: bz2-16x64 - -ibm_cloud_regions: - eu_es: - name: eu-es - name_humans: Madrid, Spain - ssh_key: r050-cbd10ece-a28f-45c8-bc3a-15ecb9ff66d5 - vpc: r050-190b8bac-3bae-47cf-9be7-ac70fc54ccb9 - security_group: r050-cfc3db07-8cde-4807-9756-db91b242092a - images: "{{ copr_builder_images.ibm_cloud.eu_es }}" - br_sao: - name: br-sao - name_humans: Sao Paulo, Brazil - ssh_key: r042-4fb65a23-e7bd-440f-8d71-ff57b83a4152 - vpc: r042-c902f12d-556f-4334-95cb-d181ebb3d8ba - security_group: r042-22ef3881-fa20-4caa-9873-c8dc41c5dcb7 - images: "{{ copr_builder_images.ibm_cloud.br_sao }}" - -resalloc_pools: - ibm_us_east: - images: "{{ copr_builder_images.ibm_cloud.us_east }}" - subnets: - - us-east-1:0757-df8209fd-e4e4-4659-bcca-b60c9eddfb35 - - us-east-2:0767-4cb7e11d-14db-48a8-9d1d-c59679112cd5 - - us-east-3:0777-bc697f15-4f13-4843-b338-d8950e3d23c0 - ssh_key: r014-fc1c1b90-5a7f-4cc6-a6d4-b273bd19be99 - vpc: r014-e90f14b0-a9c0-4c0b-bc81-207904b2d19e - security_group: r014-941706bd-062c-4d4c-9512-9a31b8f257d7 - - ibm_eu_es_1: - zone: eu-es-1 - subnet: 02w7-84eded83-3077-44c3-a84c-90c7afb7ff4f - region_config: "{{ ibm_cloud_regions.eu_es }}" - floating_ips: - - r050-c7f0c426-6842-4a68-91ca-72faf38d1fca - - ibm_eu_es_2: - zone: eu-es-2 - subnet: 02x7-05de0643-b257-4500-9a14-648421b16738 - region_config: "{{ ibm_cloud_regions.eu_es }}" - floating_ips: - - r050-97186457-f797-4d90-82bb-7f363453edb9 - - ibm_eu_es_3: - zone: eu-es-3 - subnet: 02y7-e32873a0-ad98-44d5-b49d-da49f731a914 - region_config: "{{ ibm_cloud_regions.eu_es }}" - floating_ips: - - r050-5c361f73-2663-406f-96c9-5274552e3206 - - ibm_br_sao_1: - zone: br-sao-1 - subnet: 02t7-1c0b186a-ca5e-44ea-bf2c-ca2f3122a9ff - region_config: "{{ ibm_cloud_regions.br_sao }}" - floating_ips: - - r042-ac2bf299-90e4-4804-91a1-f0a4168abdd0 - - ibm_br_sao_2: - zone: br-sao-2 - subnet: 02u7-75fa6c55-b65a-4d38-a011-15559c7171ce - region_config: "{{ ibm_cloud_regions.br_sao }}" - floating_ips: - - r042-b58c7ed2-8552-4310-bfcf-a5dbef36cdd5 - - ibm_br_sao_3: - zone: br-sao-3 - subnet: 02v7-439195e6-2df0-4720-9696-76d0a63c352d - region_config: "{{ ibm_cloud_regions.br_sao }}" - floating_ips: - - r042-e97d42a1-dede-4b4b-b663-c6fcef8a7a2b - -copr_aws_region: us-east-1 -# don't forget to update ip in ./copr-keygen-stg, due to custom firewall rules - -# eth0, eth1 -copr_backend_ips: ["18.208.10.131", "172.30.2.173"] - -copr_builder_fedora_version: 41 - -copr_builder_images: - aws: - # WARNING: when changing, always remove images N-2 and older - # n-1: aarch64: ami-0f93da3f4f368afb4 - # n-1: x86_64: ami-062f0015f85924f2f - # n-0: aarch64: ami-0a2abb60d2e09f6fa - # n-0: x86_64: ami-0460b8805bf9781cf - aarch64: ami-03e705da7e59daab9 - x86_64: ami-07da3d84b3a1ef500 - hypervisor: - # n-1: ppc64le: copr-builder-ppc64le-20240201_144151 - # n-1: x86_64: copr-builder-x86_64-20240201_144216 - # ppc64le: copr-builder-ppc64le-20241119_171239 # Production - ppc64le: copr-builder-ppc64le-20250522_195544 - x86_64: copr-builder-x86_64-20250522_185837 - ibm_cloud: - br_sao: # São Paulo - s390x: r042-5c9a1f2e-0ee8-4b72-b150-83b7e3504c8d - eu_es: # Madrid - s390x: r050-281ec260-86d7-4f15-ad0e-3dcee1be6fc1 - us_east: # Washington - # n-1: us_east: r014-1469fafc-d906-44fa-b780-e4599ed56fde - s390x: r014-18a4cb11-6d23-48c8-a591-61cd26afd20a - osuosl: - # ppc64le: copr-builder-ppc64le-20240206_143009 - # ppc64le: copr-builder-ppc64le-20241119_171239 # Production - ppc64le: copr-builder-ppc64le-20250522_195544 - -copr_messaging: true -datacenter: aws -devel: true -dist_git_base_url: "copr-dist-git-dev.fedorainfracloud.org" -frontend_base_url: "https://copr.stg.fedoraproject.org" -keygen_host: "54.225.23.248" -rpm_vendor_copr_name: Fedora Copr (devel) -root_auth_users: msuchy frostyx praiskup nikromen - -aws_cloudfront_distribution: EX55ITR8LVMOH - -nrpe_client_uid: 500 - -pulp_content_url: "https://console.redhat.com/api/pulp-content/public-copr-stage/" diff --git a/inventory/group_vars/copr_dist_git_aws b/inventory/group_vars/copr_dist_git_aws deleted file mode 100644 index 0a90ee2dba..0000000000 --- a/inventory/group_vars/copr_dist_git_aws +++ /dev/null @@ -1,20 +0,0 @@ ---- -copr_machine_type: distgit - -freezes: false -# consumed by roles/copr/certbot -letsencrypt: - certificates: - copr-dist-git.fedorainfracloud.org: - challenge_dir: /var/www/html - domains: - - copr-dist-git.fedorainfracloud.org - mail: copr-devel@lists.fedorahosted.org - predefined_deploy_script: httpd -tcp_ports: [22, 80, 443, - # node_exporter/prometheus - 9100, -] -services_disabled: false - -aws_ipv6_addr: "2600:1f18:8ee:ae00:41cc:53dc:b87b:2d8c/128" diff --git a/inventory/group_vars/copr_dist_git_dev_aws b/inventory/group_vars/copr_dist_git_dev_aws deleted file mode 100644 index ffc4e5437c..0000000000 --- a/inventory/group_vars/copr_dist_git_dev_aws +++ /dev/null @@ -1,21 +0,0 @@ ---- -copr_machine_type: distgit - -devel: true -freezes: false -# consumed by roles/copr/certbot -letsencrypt: - certificates: - copr-dist-git-dev.fedorainfracloud.org: - challenge_dir: /var/www/html - domains: - - copr-dist-git-dev.fedorainfracloud.org - mail: copr-devel@lists.fedorahosted.org - predefined_deploy_script: httpd -tcp_ports: [22, 80, 443, - # node_exporter/prometheus - 9100, -] -services_disabled: false - -aws_ipv6_addr: "2600:1f18:8ee:ae00:691b:4103:dbcd:a64a/128" diff --git a/inventory/group_vars/copr_front_aws b/inventory/group_vars/copr_front_aws deleted file mode 100644 index f9e29f5545..0000000000 --- a/inventory/group_vars/copr_front_aws +++ /dev/null @@ -1,33 +0,0 @@ ---- -copr_machine_type: frontend - -copr_fe_homedir: /usr/share/copr/coprs_frontend -copr_frontend_public_hostname: "copr.fedorainfracloud.org" -copr_kerberos_auth_enabled: true -copr_messaging_queue: "a9b74258-21c6-4e79-ba65-9e858dc84a2b" -copr_pagure_events: - io.pagure.prod.pagure: "https://pagure.io/" - org.fedoraproject.prod.pagure: "https://src.fedoraproject.org/" -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should override them with specific info. -# consumed by roles/copr/certbot -letsencrypt: - certificates: - copr.fedorainfracloud.org: - challenge_dir: /var/www/html - domains: - - copr.fedorainfracloud.org - mail: copr-devel@lists.fedorahosted.org - predefined_deploy_script: httpd -tcp_ports: [22, 80, 443, - # node_exporter/prometheus - 9100, -] -services_disabled: false - -aws_ipv6_addr: "2600:1f18:8ee:ae00:9d1f:4737:93ce:6db/128" - -notes: | - Provide a publicly accessible frontend for 3rd party packages (copr) - This host provides the frontend part of copr only. - It's the point of contact between end users and the copr build system (backend, package singer) diff --git a/inventory/group_vars/copr_front_dev_aws b/inventory/group_vars/copr_front_dev_aws deleted file mode 100644 index afdd836455..0000000000 --- a/inventory/group_vars/copr_front_dev_aws +++ /dev/null @@ -1,40 +0,0 @@ ---- -copr_machine_type: frontend - -allowlist_emails: - - msuchy@redhat.com - - praiskup@redhat.com - - jkadlcik@redhat.com -copr_fe_homedir: /usr/share/copr/coprs_frontend -copr_frontend_public_hostname: "copr.stg.fedoraproject.org" -copr_kerberos_auth_enabled: true -copr_mbs_cli_login: Y29wcg==##vtvvikhcjncwkfkdcssv -copr_messaging_queue: "c8e11df7-e863-4ca4-99b9-d37c6663c7f7" -copr_pagure_events: - io.pagure.prod.pagure: "https://pagure.io/" - io.pagure.stg.pagure: "https://stg.pagure.io" - org.fedoraproject.prod.pagure: "https://src.fedoraproject.org/" -# consumed by roles/copr/certbot -letsencrypt: - certificates: - copr.stg.fedoraproject.org: - challenge_dir: /var/www/html - domains: - - copr.stg.fedoraproject.org - - copr-fe-dev.cloud.fedoraproject.org - - copr-fe-dev.aws.fedoraproject.org - mail: copr-devel@lists.fedorahosted.org - predefined_deploy_script: httpd -tcp_ports: [22, 80, 443, - # node_exporter/prometheus - 9100, - # testing httpd server, `copr-frontend run` - 5000, -] -services_disabled: false - -aws_ipv6_addr: "2600:1f18:8ee:ae00:66a:fd15:3f16:4092/128" - -notes: | - Provide the testing environment of copr's frontend - This host is the testing environment for copr's web interface diff --git a/inventory/group_vars/copr_hypervisor b/inventory/group_vars/copr_hypervisor deleted file mode 100644 index 3be2c99826..0000000000 --- a/inventory/group_vars/copr_hypervisor +++ /dev/null @@ -1,15 +0,0 @@ ---- -vpn: true -ipa_client_shell_groups: - - sysadmin-noc - - sysadmin-copr - -ipa_client_sudo_groups: - - sysadmin-copr - -ipa_host_group: copr-vmhost -ipa_host_group_desc: Copr hypervisors - -primary_auth_source: ipa - -nftables: false diff --git a/inventory/group_vars/copr_keygen_aws b/inventory/group_vars/copr_keygen_aws deleted file mode 100644 index 550c45af60..0000000000 --- a/inventory/group_vars/copr_keygen_aws +++ /dev/null @@ -1,23 +0,0 @@ ---- -copr_machine_type: keygen - -copr_hostbase: copr-keygen -# http + signd dest ports -custom_rules: - - '-A INPUT -p tcp -m tcp -s 52.44.175.77 --dport 80 -j ACCEPT' - - '-A INPUT -p tcp -m tcp -s 52.44.175.77 --dport 5167 -j ACCEPT' - - '-A INPUT -p tcp -m tcp -s 172.30.2.145 --dport 80 -j ACCEPT' - - '-A INPUT -p tcp -m tcp -s 172.30.2.145 --dport 5167 -j ACCEPT' -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 52.44.175.77 tcp dport 80 counter accept' - - 'add rule ip filter INPUT ip saddr 52.44.175.77 tcp dport 5167 counter accept' - - 'add rule ip filter INPUT ip saddr 172.30.2.145 tcp dport 80 counter accept' - - 'add rule ip filter INPUT ip saddr 172.30.2.145 tcp dport 5167 counter accept' -freezes: false -tcp_ports: [22, - # node_exporter/prometheus - 9100, -] -services_disabled: false - -aws_ipv6_addr: "2600:1f18:8ee:ae00:acef:63f0:530a:cdff/128" diff --git a/inventory/group_vars/copr_keygen_dev_aws b/inventory/group_vars/copr_keygen_dev_aws deleted file mode 100644 index 568d57b38a..0000000000 --- a/inventory/group_vars/copr_keygen_dev_aws +++ /dev/null @@ -1,23 +0,0 @@ ---- -copr_machine_type: keygen - -copr_hostbase: copr-keygen-dev -# http + signd dest ports -custom_rules: - - '-A INPUT -p tcp -m tcp -s 172.30.2.173 --dport 80 -j ACCEPT' - - '-A INPUT -p tcp -m tcp -s 172.30.2.173 --dport 5167 -j ACCEPT' - - '-A INPUT -p tcp -m tcp -s 18.208.10.131 --dport 80 -j ACCEPT' - - '-A INPUT -p tcp -m tcp -s 18.208.10.131 --dport 5167 -j ACCEPT' -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 172.30.2.173 tcp dport 80 counter accept' - - 'add rule ip filter INPUT ip saddr 172.30.2.173 tcp dport 5167 counter accept' - - 'add rule ip filter INPUT ip saddr 18.208.10.131 tcp dport 80 counter accept' - - 'add rule ip filter INPUT ip saddr 18.208.10.131 tcp dport 5167 counter accept' -freezes: false -tcp_ports: [22, - # node_exporter/prometheus - 9100, -] -services_disabled: false - -aws_ipv6_addr: "2600:1f18:8ee:ae00:3cbb:7920:d83:e607/128" diff --git a/inventory/group_vars/copr_pulp_aws b/inventory/group_vars/copr_pulp_aws deleted file mode 100644 index c5fdf92af8..0000000000 --- a/inventory/group_vars/copr_pulp_aws +++ /dev/null @@ -1,5 +0,0 @@ ---- -copr_machine_type: pulp - -services_disabled: false -aws_ipv6_addr: "" diff --git a/inventory/group_vars/copr_pulp_dev_aws b/inventory/group_vars/copr_pulp_dev_aws deleted file mode 100644 index 20c5e4dcc5..0000000000 --- a/inventory/group_vars/copr_pulp_dev_aws +++ /dev/null @@ -1,5 +0,0 @@ ---- -copr_machine_type: pulp - -services_disabled: true -aws_ipv6_addr: "2600:1f18:8ee:ae00:c607:4520:249f:6cc8" diff --git a/inventory/group_vars/darkserver b/inventory/group_vars/darkserver new file mode 100644 index 0000000000..31765e9afc --- /dev/null +++ b/inventory/group_vars/darkserver @@ -0,0 +1,11 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 6144 +num_cpus: 8 + +tcp_ports: [ 80, 443 ] + +fas_client_groups: sysadmin-noc,sysadmin-darkserver,fi-apprentice,sysadmin-veteran + +freezes: false diff --git a/inventory/group_vars/darkserver-backend-stg b/inventory/group_vars/darkserver-backend-stg new file mode 100644 index 0000000000..929e841592 --- /dev/null +++ b/inventory/group_vars/darkserver-backend-stg @@ -0,0 +1,11 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 3144 +num_cpus: 2 + +tcp_ports: [] + +fas_client_groups: sysadmin-noc,sysadmin-darkserver,fi-apprentice,sysadmin-veteran + +freezes: false diff --git a/inventory/group_vars/darkserver-web-stg b/inventory/group_vars/darkserver-web-stg new file mode 100644 index 0000000000..92afc1a065 --- /dev/null +++ b/inventory/group_vars/darkserver-web-stg @@ -0,0 +1,11 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 3144 +num_cpus: 2 + +tcp_ports: [ 80, 443 ] + +fas_client_groups: sysadmin-noc,sysadmin-darkserver,fi-apprentice,sysadmin-veteran + +freezes: false diff --git a/inventory/group_vars/data_reports b/inventory/group_vars/data_reports deleted file mode 100644 index 4f609a2fc8..0000000000 --- a/inventory/group_vars/data_reports +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Define resources for this group of hosts here. -deployment_type: prod -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-veteran - - sysadmin-web -ipa_client_sudo_groups: - - sysadmin-web -ipa_host_group: datareports -ipa_host_group_desc: data reports -lvm_size: 30000 -max_mem_size: 8192 -mem_size: 8192 -num_cpus: 2 -primary_auth_source: ipa - -notes: | - for developing reports against datanommerdb - This vm is for creating reports whicl once automated will be moved elsewhere. diff --git a/inventory/group_vars/datagrepper b/inventory/group_vars/datagrepper new file mode 100644 index 0000000000..72a21caa96 --- /dev/null +++ b/inventory/group_vars/datagrepper @@ -0,0 +1,19 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 8192 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, 6996 ] +# Neeed for rsync from log01 for logs. +custom_rules: [ + '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', +] + +fas_client_groups: sysadmin-noc,sysadmin-datanommer,fi-apprentice,sysadmin-veteran + +freezes: false diff --git a/inventory/group_vars/datagrepper-stg b/inventory/group_vars/datagrepper-stg new file mode 100644 index 0000000000..4650831c99 --- /dev/null +++ b/inventory/group_vars/datagrepper-stg @@ -0,0 +1,16 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 1 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, 6996 ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-datanommer,fi-apprentice,sysadmin-veteran + +freezes: false diff --git a/inventory/group_vars/dbserver b/inventory/group_vars/dbserver deleted file mode 100644 index 42769283c2..0000000000 --- a/inventory/group_vars/dbserver +++ /dev/null @@ -1,9 +0,0 @@ ---- -ipa_client_shell_groups: - - sysadmin-dba - - sysadmin-noc - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-dba -ipa_host_group: dbserver -ipa_host_group_desc: Database server hosts diff --git a/inventory/group_vars/dbserver_stg b/inventory/group_vars/dbserver_stg deleted file mode 100644 index 42769283c2..0000000000 --- a/inventory/group_vars/dbserver_stg +++ /dev/null @@ -1,9 +0,0 @@ ---- -ipa_client_shell_groups: - - sysadmin-dba - - sysadmin-noc - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-dba -ipa_host_group: dbserver -ipa_host_group_desc: Database server hosts diff --git a/inventory/group_vars/debuginfod b/inventory/group_vars/debuginfod deleted file mode 100644 index 98b04a8187..0000000000 --- a/inventory/group_vars/debuginfod +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Define resources for this group of hosts here. - -deployment_type: prod -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-veteran - - sysadmin-debuginfod -ipa_client_sudo_groups: - - sysadmin-debuginfod -ipa_host_group: debuginfod -ipa_host_group_desc: debuginfod servers -lvm_size: 1000000 -max_mem_size: 131072 -mem_size: 24576 -num_cpus: 4 -primary_auth_source: ipa -tcp_ports: [8002] - -notes: | - Provides debuginfod services - This server provides a debuginfod server to allow downloading debuginfod diff --git a/inventory/group_vars/debuginfod_stg b/inventory/group_vars/debuginfod_stg deleted file mode 100644 index 9a5a968f49..0000000000 --- a/inventory/group_vars/debuginfod_stg +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Define resources for this group of hosts here. -deployment_type: stg -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-veteran - - sysadmin-debuginfod -ipa_client_sudo_groups: - - sysadmin-debuginfod -ipa_host_group: debuginfod -ipa_host_group_desc: debuginfod servers -lvm_size: 1000000 -max_mem_size: 32768 -mem_size: 24576 -num_cpus: 4 -primary_auth_source: ipa -tcp_ports: [8002] - -notes: | - Provides debuginfod services - This server provides a debuginfod server to allow downloading debuginfod diff --git a/inventory/group_vars/dell-fx-build b/inventory/group_vars/dell-fx-build new file mode 100644 index 0000000000..630e6beb14 --- /dev/null +++ b/inventory/group_vars/dell-fx-build @@ -0,0 +1,16 @@ +--- +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 +virthost: true + +# These variables are pushed into /etc/system_identification by the base role. +# Groups and individual hosts should ovveride them with specific info. +# See http://infrastructure.fedoraproject.org/csi/security-policy/ + +csi_security_category: High +csi_primary_contact: Fedora Admins - admin@fedoraproject.org +csi_purpose: Koji service employs a set of virtual machines to build packages for the Fedora project. This playbook is for the provisioning of a physical host for buildvm's. +csi_relationship: | + * Relies on ansible, virthost, and is monitored by nagios + * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. + * Builder vm's are hosted on hosts created with this playbook. diff --git a/inventory/group_vars/dell_fx_build b/inventory/group_vars/dell_fx_build deleted file mode 100644 index 778e23a15a..0000000000 --- a/inventory/group_vars/dell_fx_build +++ /dev/null @@ -1,14 +0,0 @@ ---- -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should ovveride them with specific info. - -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -virthost: true - -notes: | - Koji service employs a set of virtual machines to build packages for the Fedora project. This playbook is for the provisioning of a physical host for buildvm's. - - * Relies on ansible, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Builder vm's are hosted on hosts created with this playbook. diff --git a/inventory/group_vars/dhcp b/inventory/group_vars/dhcp new file mode 100644 index 0000000000..061b46bc43 --- /dev/null +++ b/inventory/group_vars/dhcp @@ -0,0 +1,13 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 10000 +mem_size: 1024 +num_cpus: 1 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 68 ] +udp_ports: [ 69 ] + +fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-veteran diff --git a/inventory/group_vars/dns b/inventory/group_vars/dns index e7f73c27af..efefd01fa1 100644 --- a/inventory/group_vars/dns +++ b/inventory/group_vars/dns @@ -1,23 +1,24 @@ --- -# Define resources for this group of hosts here. -external: true -ipa_client_shell_groups: - - sysadmin-dns -ipa_client_sudo_groups: - - sysadmin-dns -ipa_host_group: dns -ipa_host_group_desc: DNS servers +# Define resources for this group of hosts here. lvm_size: 30000 -mem_size: 4096 -nagios_has_named: true -nrpe_procs_crit: 500 -nrpe_procs_warn: 300 +mem_size: 2048 num_cpus: 2 -primary_auth_source: ipa -sudoers: "{{ private }}/files/sudo/sysadmin-dns" -tcp_ports: [53] + # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file -udp_ports: [53] -notes: Domain Name Service +udp_ports: [ 53 ] +tcp_ports: [ 53 ] + +fas_client_groups: sysadmin-main,sysadmin-dns + +nrpe_procs_warn: 300 +nrpe_procs_crit: 500 + +sudoers: "{{ private }}/files/sudo/sysadmin-dns" + +csi_security_category: High +csi_primary_contact: Fedora Admins - admin@fedoraproject.org +csi_purpose: Domain Name Service + +nagios_has_named: true diff --git a/inventory/group_vars/docker-registry b/inventory/group_vars/docker-registry new file mode 100644 index 0000000000..0bb0d792e4 --- /dev/null +++ b/inventory/group_vars/docker-registry @@ -0,0 +1,14 @@ +--- +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-docker-reg +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +fas_client_groups: sysadmin-releng + +sudoers: "{{ private }}/files/sudo/00releng-sudoers" + +tcp_ports: [ + 5000, + # This is for the gluster server + 6996] + +registry_gluster_username_prod: registry-prod diff --git a/inventory/group_vars/docker-registry-stg b/inventory/group_vars/docker-registry-stg new file mode 100644 index 0000000000..808dbd86b9 --- /dev/null +++ b/inventory/group_vars/docker-registry-stg @@ -0,0 +1,14 @@ +--- +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-docker-reg +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +fas_client_groups: sysadmin-releng,fi-apprentice,sysadmin-veteran + +sudoers: "{{ private }}/files/sudo/00releng-sudoers" + +tcp_ports: [ + 5000, + # This is for the gluster server + 6996] + +registry_gluster_username_stg: registry-stg diff --git a/inventory/group_vars/download b/inventory/group_vars/download index adac9c9b60..36b605e8d5 100644 --- a/inventory/group_vars/download +++ b/inventory/group_vars/download @@ -1,107 +1,68 @@ --- dl_tier1: - - 10.0.0.0/8 # Red Hat Internal - - 103.147.22.36 # mirror.twds.com.tw - - 106.178.112.231 # repo.jing.rocks - - 128.171.104.148 # mirror.ancl.hawaii.edu. - - 129.101.198.59 # University of Idaho - - 129.21.171.98 # kirby.main.ad.rit.edu. - - 129.7.128.189 # pubmirror1.math.uh.edu. - - 129.7.128.190 # pubmirror2.math.uh.edu. - - 129.7.128.191 # pubmirror3.math.uh.edu. - - 130.225.254.116 # dotsrc.org - - 130.239.17.3 # its-ehm.its.umu.se. - - 137.138.120.188 # cern - - 137.138.148.168 # cern - - 140.247.173.57 # pool-computing-servers.seas.harvard.edu. - - 147.75.101.1 # ams.edge.kernel.org - - 147.75.197.195 # ewr.edge.kernel.org - - 147.75.69.165 # sjc.edge.kernel.org - - 147.75.95.133 # kernel.org apac - - 149.11.118.8/29 # Red Hat CZ - - 152.19.134.145 # vm6.fedora.ibiblio.org. - - 152.19.134.195 # vm15.fedora.ibiblio.org. - - 154.45.192.0/29 # Red Hat CZ New - - 173.203.19.52 # rackspace new infra - - 182.255.111.7 # dksn-k4.cdn.aarnet.edu.au. - - 188.184.97.103 # cern - - 188.184.104.133 # cern - - 188.184.116.38 # cern - - 195.220.108.108 # mandril.creatis.insa-lyon.fr. - - 198.129.224.34 # linux-src.es.net. - - 199.6.1.170 # isc.org - - 200.17.202.1/28 # ufpr.br - - 202.158.214.12 # bne-a-vms1.retain.aarnet.edu.au. - - 204.152.191.36 # isc.org - - 192.206.9.160 # University of Southern Indiana - - 208.96.144.68 # University of Southern Indiana - - 208.89.84.55 # Mirror.dst.ca - - 213.175.37.8/29 # ?? - - 66.187.233.206 # Red Hat BOS - - 71.19.151.18 # prgmr.com / nb.zone - - 72.4.120.222 # rackspace old infra - - 91.209.10.253 # Red Hat CZ New Newer - - 125.16.200.50 # Red Hat PNQ - - 139.178.88.99 # kernel.org - - 2405:a640::36 # mirror.twds.com.tw - - 2604:1380:45e3:2400::1 # kernel.org + - 71.19.151.18 # prgmr.com / nb.zone + - 128.171.104.148 # mirror.ancl.hawaii.edu. + - 129.101.198.59 # University of Idaho + - 129.21.171.98 # kirby.main.ad.rit.edu. + - 129.7.128.189 # pubmirror1.math.uh.edu. + - 129.7.128.190 # pubmirror2.math.uh.edu. + - 129.7.128.191 # pubmirror3.math.uh.edu. + - 130.239.17.3 # its-ehm.its.umu.se. + - 140.247.173.57 # pool-computing-servers.seas.harvard.edu. + - 149.11.118.8/29 # Red Hat CZ + - 154.45.192.0/29 # Red Hat CZ New + - 91.209.10.253 # Red Hat CZ New Newer + - 66.187.233.206 # Red Hat BOS + - 152.19.134.145 # vm6.fedora.ibiblio.org. + - 152.19.134.195 # vm15.fedora.ibiblio.org. + - 182.255.111.7 # dksn-k4.cdn.aarnet.edu.au. + - 195.220.108.108 # mandril.creatis.insa-lyon.fr. + - 198.129.224.34 # linux-src.es.net. + - 199.6.1.170 # isc.org + - 200.17.202.1/28 # ufpr.br + - 202.158.214.12 # bne-a-vms1.retain.aarnet.edu.au. + - 204.152.191.36 # isc.org + - 208.96.144.68 # University of Southern Indiana + - 208.96.144.90 # University of Southern Indiana + - 213.175.37.8/29 # ?? - 2001:388:1:4066:225:90ff:fec7:777e # ?? - - 2001:4DE8:C0FD::/48 # ?? - - 2001:878:346::116 # dotsrc.org - - 2001:978:2:81::1:0/112 # ?? - - 240b:10:f00:1b00::226 # repo.jing.rocks - - 240b:10:f00:1b00::227 # repo.jing.rocks - - 2604:1380:3000:1500::1 # kernel.org apac - - 2620:52:3:1:dead:beef:cafe:fed1 # download-cc-rdu01's ipv6 address - - 2602:fc25:101:702::68 # University of Southern Indiana - - archive.linux.duke.edu # 152.3.102.53 - - 152.3.68.159 # new archive.linux.duke.edu - - auslistsdr01.us.dell.com # 143.166.224.62 - - auslistsprd01.us.dell.com # 143.166.82.43 - - download-ib01.fedoraproject.org # 152.19.134.145 - - download-cc-rdu01.fedoraproject.org # 8.43.85.72 - - fedora.c3sl.ufpr.br # 200.236.31.8 - - frisal.switch.ch # 130.59.113.36 - - ftp.heanet.ie # 193.1.193.64 - - ftp.linux.cz # 147.251.48.205 - - 2001:718:801:230::cd # ftp.linux.cz ipv6 address - - ftp.nrc.ca # 132.246.2.21 - - jobbot1.ibiblio.org # 152.19.134.30 - - elba.hrz.tu-chemnitz.de # 134.109.228.48 / 2001:638:911:b0e:134:109:228:48 - - korsika.hrz.tu-chemnitz.de # 134.109.228.166 / 2001:638:911:b0e:134:109:228:166 - - ftp.hrz.tu-chemnitz.de # 134.109.228.1 / 2001:638:911:b0e:134:109:228:1 - - lists.us.dell.com # 143.166.82.43 - - mirror.fcix.net # 23.152.160.16 / 2620:13b:0:1000::16 - - mirror.gtlib.gatech.edu # 128.61.111.11 - - mirror.hiwaay.net # 216.180.99.217 - - mirror.liquidtelecom.com # 197.155.77.1 - - mirror.twds.com.tw # 103.147.22.36 - - mirror.prgmr.com # 71.19.148.193 - - mirror.speedpartner.de # 91.184.32.5 - - mirrors.mit.edu # 18.7.29.125 - - mirrors.pdx.kernel.org # 198.145.21.9 / 2001:19d0:306:6:0:1994:3:14 - - mirrors.rit.edu # 129.21.171.72 - - mirrors.sfo.kernel.org # 149.20.37.36 / 2001:4f8:4:6f:0:1994:3:14 - - mirrors.xmission.com # 198.60.22.13 - - nrt.edge.kernel.org # 147.75.95.133 / 2604:1380:3000:1500::1 - - odysseus.fi.muni.cz # 147.251.48.205 - - odysseus.linux.cz # 147.251.48.205 - - rhlx01.hs-esslingen.de # 129.143.116.10 - - rsyncer.ftp.heanet.ie # 193.1.219.88 - - sagres.c3sl.ufpr.br # 200.236.31.1 - - scrye.com # 75.148.32.185 - - sfo-korg-mirror.kernel.org # 149.20.37.36 / 2001:4f8:4:6f:0:1994:3:14 - - sinclair.wpi.edu # 130.215.32.86 - - mirr-web-p-u01.wpi.edu # 130.215.32.92 / 2607:f5c0:8040:a081::80 - - solar-one.mit.edu # 18.7.29.123 - - speculum.rbc.ru # 80.68.250.217 - - torrent01.fedoraproject.org # 152.19.134.141 - - torrent02.fedoraproject.org # 152.19.134.148 - - ultra.linux.cz # 195.113.15.27 - - wpi.edu # 130.215.36.26 - - zaphod.gtlib.gatech.edu # 128.61.111.12 -ipa_host_group: download -ipa_host_group_desc: Download servers -nagios_Check_Services: - swap: false -primary_auth_source: ipa + - 2001:4DE8:C0FD::/48 # ?? + - 2001:978:2:81::1:0/112 # ?? + - archive.linux.duke.edu # 152.3.102.53 + - auslistsdr01.us.dell.com # 143.166.224.62 + - auslistsprd01.us.dell.com # 143.166.82.43 + - bonaparte.hrz.tu-chemnitz.de # 134.109.228.109 + - download-ib01.fedoraproject.org # 152.19.134.145 + - fedora.c3sl.ufpr.br # 200.236.31.8 + - frisal.switch.ch # 130.59.113.36 + - ftp.heanet.ie # 193.1.193.64 + - ftp.linux.cz # 147.251.48.205 + - ftp.nrc.ca # 132.246.2.21 + - jobbot1.ibiblio.org # 152.19.134.30 + - josephine.hrz.tu-chemnitz.de # 134.109.228.48 + - lists.us.dell.com # 143.166.82.43 + - mirror.gtlib.gatech.edu # 128.61.111.11 + - mirror.hiwaay.net # 216.180.99.217 + - mirror.liquidtelecom.com # 197.155.77.1 + - mirror.prgmr.com # 71.19.148.193 + - mirror.speedpartner.de # 91.184.32.5 + - mirrors.mit.edu # 18.7.29.125 + - mirrors.pdx.kernel.org # 198.145.21.9 / 2001:19d0:306:6:0:1994:3:14 + - mirrors.rit.edu # 129.21.171.72 + - mirrors.sfo.kernel.org # 149.20.37.36 / 2001:4f8:4:6f:0:1994:3:14 + - mirrors.xmission.com # 198.60.22.13 + - odysseus.fi.muni.cz # 147.251.48.205 + - odysseus.linux.cz # 147.251.48.205 + - rhlx01.hs-esslingen.de # 129.143.116.10 + - rsyncer.ftp.heanet.ie # 193.1.219.88 + - sagres.c3sl.ufpr.br # 200.236.31.1 + - scrye.com # 75.148.32.185 + - sfo-korg-mirror.kernel.org # 149.20.37.36 / 2001:4f8:4:6f:0:1994:3:14 + - sinclair.wpi.edu # 130.215.32.86 + - solar-one.mit.edu # 18.7.29.123 + - speculum.rbc.ru # 80.68.250.217 + - torrent01.fedoraproject.org # 152.19.134.141 + - torrent02.fedoraproject.org # 152.19.134.148 + - ultra.linux.cz # 195.113.15.27 + - wpi.edu # 130.215.36.26 + - zaphod.gtlib.gatech.edu # 128.61.111.12 diff --git a/inventory/group_vars/download-ib b/inventory/group_vars/download-ib new file mode 100644 index 0000000000..5e4b8d1ffb --- /dev/null +++ b/inventory/group_vars/download-ib @@ -0,0 +1,7 @@ +--- +datacenter: ibiblio +tcp_ports: [80, 443, 873] +rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}" +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + diff --git a/inventory/group_vars/download-phx2 b/inventory/group_vars/download-phx2 new file mode 100644 index 0000000000..8f5e1e5a79 --- /dev/null +++ b/inventory/group_vars/download-phx2 @@ -0,0 +1,13 @@ +--- +datacenter: phx2 +tcp_ports: [80, 443, 873] +rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}" +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +host_group: download-phx2 + +# nfs mount options, overrides the all/default +nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,actimeo=600,nfsvers=3" + +blocked_ips: [ '8.39.100.100', '46.29.92.6', '69.47.68.211', '83.110.159.237', '103.193.116.147', '130.193.57.106', '130.193.60.205', '158.39.4.2', '169.53.165.245', '193.52.32.69', '195.23.131.253', '198.11.167.9', '202.202.43.41' ] diff --git a/inventory/group_vars/download-rdu2 b/inventory/group_vars/download-rdu2 new file mode 100644 index 0000000000..81bf91b376 --- /dev/null +++ b/inventory/group_vars/download-rdu2 @@ -0,0 +1,11 @@ +--- +datacenter: rdu +tcp_ports: [80, 443, 873] +rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}" +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 +virt_install_command: "{{ virt_install_command_rhel6 }}" +ansible_ifcfg_blacklist: true + +# nfs mount options, overrides the all/default +nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,actimeo=600,nfsvers=3" diff --git a/inventory/group_vars/download_iad2 b/inventory/group_vars/download_iad2 deleted file mode 100644 index bb5683e4db..0000000000 --- a/inventory/group_vars/download_iad2 +++ /dev/null @@ -1,15 +0,0 @@ ---- -blocked_ips: [] -datacenter: iad2 -dns: 10.3.163.33 -# -# This host is externally reachable -# -external: true -host_group: download-iad2 -# nfs mount options, overrides the all/default -nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,actimeo=600,nfsvers=4" -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}" -tcp_ports: [80, 443, 873] diff --git a/inventory/group_vars/download_ib b/inventory/group_vars/download_ib deleted file mode 100644 index 8a4e911480..0000000000 --- a/inventory/group_vars/download_ib +++ /dev/null @@ -1,6 +0,0 @@ ---- -datacenter: ibiblio -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}" -tcp_ports: [80, 443, 873] diff --git a/inventory/group_vars/elections b/inventory/group_vars/elections new file mode 100644 index 0000000000..a11c4bc13d --- /dev/null +++ b/inventory/group_vars/elections @@ -0,0 +1,35 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +wsgi_fedmsg_service: fedora_elections +wsgi_procs: 2 +wsgi_threads: 2 + +tcp_ports: [ 80 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-web,fi-apprentice,sysadmin-veteran + +freezes: false + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: fedora_elections + owner: root + group: apache + can_send: + - fedora_elections.candidate.delete + - fedora_elections.candidate.edit + - fedora_elections.candidate.new + - fedora_elections.election.edit + - fedora_elections.election.new diff --git a/inventory/group_vars/elections-stg b/inventory/group_vars/elections-stg new file mode 100644 index 0000000000..307ffc2ed4 --- /dev/null +++ b/inventory/group_vars/elections-stg @@ -0,0 +1,35 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +wsgi_fedmsg_service: fedora_elections +wsgi_procs: 2 +wsgi_threads: 2 + +tcp_ports: [ 80 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-web,fi-apprentice,sysadmin-veteran + +freezes: false + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: fedora_elections + owner: root + group: apache + can_send: + - fedora_elections.candidate.delete + - fedora_elections.candidate.edit + - fedora_elections.candidate.new + - fedora_elections.election.edit + - fedora_elections.election.new diff --git a/inventory/group_vars/faf-stg b/inventory/group_vars/faf-stg new file mode 100644 index 0000000000..50147d2acd --- /dev/null +++ b/inventory/group_vars/faf-stg @@ -0,0 +1,10 @@ +--- +fas_client_groups: retrace + +tcp_ports: [ 80, 443 ] + +sudoers: "{{ private }}/files/sudo/arm-retrace-sudoers" + +nagios_Check_Services: + nrpe: false + swap: false diff --git a/inventory/group_vars/fas b/inventory/group_vars/fas new file mode 100644 index 0000000000..b2a6526708 --- /dev/null +++ b/inventory/group_vars/fas @@ -0,0 +1,47 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 30000 +mem_size: 8192 +num_cpus: 4 + +virt_install_command: "{{ virt_install_command_rhel6 }}" + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +wsgi_fedmsg_service: fas +wsgi_procs: 40 +wsgi_threads: 1 + +tcp_ports: [ 80, 873, 8443, 8444 ] + +fas_client_groups: sysadmin-main,sysadmin-accounts + +master_fas_node: False +gen_cert: False + +# A host group for rsync config +rsync_group: fas + +nrpe_procs_warn: 300 +nrpe_procs_crit: 500 + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: fas + owner: root + group: fas + can_send: + - fas.group.create + - fas.group.member.apply + - fas.group.member.remove + - fas.group.member.sponsor + - fas.group.update + - fas.role.update + - fas.user.create + - fas.user.update diff --git a/inventory/group_vars/fas-stg b/inventory/group_vars/fas-stg new file mode 100644 index 0000000000..d19eaed623 --- /dev/null +++ b/inventory/group_vars/fas-stg @@ -0,0 +1,47 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 30000 +mem_size: 6144 +num_cpus: 2 + +virt_install_command: "{{ virt_install_command_rhel6 }}" + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +wsgi_fedmsg_service: fas +wsgi_procs: 40 +wsgi_threads: 1 + +tcp_ports: [ 80, 873, 8443, 8444 ] + +fas_client_groups: sysadmin-main,sysadmin-accounts + +master_fas_node: False +gen_cert: False + +# A host group for rsync config +rsync_group: fas + +nrpe_procs_warn: 300 +nrpe_procs_crit: 500 + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: fas + owner: root + group: fas + can_send: + - fas.group.create + - fas.group.member.apply + - fas.group.member.remove + - fas.group.member.sponsor + - fas.group.update + - fas.role.update + - fas.user.create + - fas.user.update diff --git a/inventory/group_vars/fedimg b/inventory/group_vars/fedimg new file mode 100644 index 0000000000..08e55eab39 --- /dev/null +++ b/inventory/group_vars/fedimg @@ -0,0 +1,34 @@ +--- +lvm_size: 20000 +mem_size: 6144 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ + # These are all for outgoing fedmsg. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, + 3007, 3008, 3009, 3010, 3011, 3012, 3013, +] + +# TODO, restrict this down to just sysadmin-releng +fas_client_groups: sysadmin-datanommer,sysadmin-releng,sysadmin-fedimg + +# These people get told when something goes wrong. +fedmsg_error_recipients: +- sysadmin-fedimg-members@fedoraproject.org + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: fedimg + owner: root + group: fedmsg + can_send: + - fedimg.image.test + - fedimg.image.upload diff --git a/inventory/group_vars/fedimg-stg b/inventory/group_vars/fedimg-stg new file mode 100644 index 0000000000..c6e7339a61 --- /dev/null +++ b/inventory/group_vars/fedimg-stg @@ -0,0 +1,36 @@ +--- +lvm_size: 20000 +mem_size: 6144 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ + # These are all for outgoing fedmsg. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, + 3007, 3008, 3009, 3010, 3011, 3012, 3013, +] + +# TODO, restrict this down to just sysadmin-releng +fas_client_groups: sysadmin-datanommer,sysadmin-releng,sysadmin-fedimg,fi-apprentice,sysadmin-noc,sysadmin-veteran + +fedmsg_debug_loopback: True + +# These people get told when something goes wrong. +fedmsg_error_recipients: +- sysadmin-fedimg-members@fedoraproject.org + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: fedimg + owner: root + group: fedmsg + can_send: + - fedimg.image.test + - fedimg.image.upload diff --git a/inventory/group_vars/fedocal b/inventory/group_vars/fedocal new file mode 100644 index 0000000000..588c7ee1d6 --- /dev/null +++ b/inventory/group_vars/fedocal @@ -0,0 +1,41 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-veteran + +freezes: false + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: fedocal + owner: root + group: apache + can_send: + - fedocal.calendar.clear + - fedocal.calendar.delete + - fedocal.calendar.new + - fedocal.calendar.update + - fedocal.calendar.upload + - fedocal.meeting.delete + - fedocal.meeting.new + - fedocal.meeting.reminder + - fedocal.meeting.update diff --git a/inventory/group_vars/fedocal-stg b/inventory/group_vars/fedocal-stg new file mode 100644 index 0000000000..10fa734c4e --- /dev/null +++ b/inventory/group_vars/fedocal-stg @@ -0,0 +1,41 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-veteran + +freezes: false + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: fedocal + owner: root + group: apache + can_send: + - fedocal.calendar.clear + - fedocal.calendar.delete + - fedocal.calendar.new + - fedocal.calendar.update + - fedocal.calendar.upload + - fedocal.meeting.delete + - fedocal.meeting.new + - fedocal.meeting.reminder + - fedocal.meeting.update diff --git a/inventory/group_vars/fedora_nightlies b/inventory/group_vars/fedora_nightlies deleted file mode 100644 index 49a052b1cc..0000000000 --- a/inventory/group_vars/fedora_nightlies +++ /dev/null @@ -1,22 +0,0 @@ -# we need this for our fedora-messaging consumer as it is not allowed -# to create queues on the infra AMQP broker, by broker config -fedora_nightlies_amqp_passive: true - -# fedora-messaging email error reporting settings -fedora_nightlies_amqp_mailto: ["adamwill@fedoraproject.org"] -fedora_nightlies_amqp_smtp: bastion - -# fedora-messaging job scheduler settings -# we use the openQA rabbitmq account for this role as they run -# on the same server and it's convenient. this means it's also -# safe and appropriate to use variables defined in the openqa -# group_vars. if we ever split the roles up we will have to create -# a separate account with separate creds -fedora_nightlies_amqp_url: "{{ openqa_amqp_prod_url }}" -fedora_nightlies_amqp_cacert: "{{ openqa_amqp_prod_cacertfile }}" -fedora_nightlies_amqp_cert: "{{ openqa_amqp_prod_certfile }}" -fedora_nightlies_amqp_key: "{{ openqa_amqp_prod_keyfile }}" -fedora_nightlies_amqp_queue: "{{ openqa_amqp_prod_username }}_fedora_nightlies" -fedora_nightlies_amqp_routing_keys: ["org.fedoraproject.prod.openqa.job.done", "org.fedoraproject.prod.pungi.compose.status.change"] -fedora_nightlies_amqp_data_file: /usr/share/openqa/public/nightlies.json -fedora_nightlies_amqp_html_file: /usr/share/openqa/public/nightlies.html diff --git a/inventory/group_vars/flatpak_cache b/inventory/group_vars/flatpak_cache deleted file mode 100644 index 8c91ef0d30..0000000000 --- a/inventory/group_vars/flatpak_cache +++ /dev/null @@ -1,33 +0,0 @@ ---- -# For the MOTD -freezes: false -ipa_client_shell_groups: - - sysadmin-noc - - sysadmin-qa - - sysadmin-main -ipa_client_sudo_groups: - - sysadmin-noc - - sysadmin-qa - - sysadmin-main -ipa_host_group: flatpak_cache -lvm_size: 20000 -max_mem_size: 2048 -mem_size: 2048 -num_cpus: 2 -primary_auth_source: ipa -tcp_ports: [3128] - -notes: | - Centralized cache for any Flatpak requests from OpenQA - - This is to avoid slamming Flathub with requests during automated testing. - It hosts squid to cache anything under the flathub.org domain. - It is locked down to only allow requests from OpenQA. - - * This host relies on: - The virthost it's hosted on (qvmhost-x86-02) - - * Things that rely on this host: - Any requests using Flatpak from OpenQA. - - If this host is down, OpenQA hosts might fail. diff --git a/inventory/group_vars/freshmaker-backend b/inventory/group_vars/freshmaker-backend new file mode 100644 index 0000000000..fa0c4d5368 --- /dev/null +++ b/inventory/group_vars/freshmaker-backend @@ -0,0 +1,47 @@ +--- +lvm_size: 20000 +mem_size: 4096 +num_cpus: 2 + +# Set this to True for the F28 release and onwards. +freezes: false + +tcp_ports: [ 3000, 3001, 3002, 3003, + 3004, 3005, 3006, 3007 ] + +# These people get told when something goes wrong. +fedmsg_error_recipients: +- ralph@fedoraproject.org +- jkaluza@fedoraproject.org +- cqi@fedoraproject.org +- qwan@fedoraproject.org + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: freshmaker + owner: fedmsg + group: fedmsg + can_send: [] + +# For the MOTD +csi_security_category: High +csi_primary_contact: Factory 2 factory2-members@fedoraproject.org +csi_purpose: Run the on-demand-compose-service backend scheduler. +csi_relationship: | + The freshmaker backend runs as a fedmsg-hub process here. + + It listens to events from fedmsg and requests rebuilds of compound + artifacts, mediated by some policy in the config. + + This host: + + - relies on db01 for its database of activity (what has been rebuilt?) + - Will need access to commit to the modules namespace of dist-git. + - Will need token-based access to ODCS to request repos. + - Will need token-based access to MBS to request module builds. + - Will need a kerberos principle to request container builds from koji/osbs. diff --git a/inventory/group_vars/freshmaker-backend-stg b/inventory/group_vars/freshmaker-backend-stg new file mode 100644 index 0000000000..4749f7e6ca --- /dev/null +++ b/inventory/group_vars/freshmaker-backend-stg @@ -0,0 +1,47 @@ +--- +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +# Set this to True for the F28 release and onwards. +freezes: false + +tcp_ports: [ 3000, 3001, 3002, 3003, + 3004, 3005, 3006, 3007 ] + +# These people get told when something goes wrong. +fedmsg_error_recipients: +- ralph@fedoraproject.org +- jkaluza@fedoraproject.org +- cqi@fedoraproject.org +- qwan@fedoraproject.org + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: freshmaker + owner: fedmsg + group: fedmsg + can_send: [] + +# For the MOTD +csi_security_category: High +csi_primary_contact: Factory 2 factory2-members@fedoraproject.org +csi_purpose: Run the on-demand-compose-service backend scheduler. +csi_relationship: | + The freshmaker backend runs as a fedmsg-hub process here. + + It listens to events from fedmsg and requests rebuilds of compound + artifacts, mediated by some policy in the config. + + This host: + + - relies on db01 for its database of activity (what has been rebuilt?) + - Will need access to commit to the modules namespace of dist-git. + - Will need token-based access to ODCS to request repos. + - Will need token-based access to MBS to request module builds. + - Will need a kerberos principle to request container builds from koji/osbs. diff --git a/inventory/group_vars/freshmaker-frontend b/inventory/group_vars/freshmaker-frontend new file mode 100644 index 0000000000..4fe7cfe21c --- /dev/null +++ b/inventory/group_vars/freshmaker-frontend @@ -0,0 +1,45 @@ +--- +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +# Set this to True for the F28 release and onwards. +freezes: false + +# Definining these vars has a number of effects +# 1) mod_wsgi is configured to use the vars for its own setup +# 2) iptables opens enough ports for all threads for fedmsg +# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads +wsgi_fedmsg_service: freshmaker +wsgi_procs: 2 +wsgi_threads: 2 + +tcp_ports: [ 80 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: freshmaker + owner: fedmsg + group: fedmsg + can_send: [] + +# For the MOTD +csi_security_category: Moderate +csi_primary_contact: Factory 2 factory2-members@fedoraproject.org +csi_purpose: Run the freshmaker frontend API. +csi_relationship: | + The apache/mod_wsgi app is the only thing really running here + + It should only be used to report status on what's happening with the + freshmaker backend. The freshmaker frontend doesn't receive requests for + activity. + + This host: + + - relies on db01 for its database of activity (what rebuilds are in + progress, and why?) diff --git a/inventory/group_vars/freshmaker-frontend-stg b/inventory/group_vars/freshmaker-frontend-stg new file mode 100644 index 0000000000..d1547a1710 --- /dev/null +++ b/inventory/group_vars/freshmaker-frontend-stg @@ -0,0 +1,45 @@ +--- +lvm_size: 20000 +mem_size: 2048 +num_cpus: 1 + +# Set this to True for the F28 release and onwards. +freezes: false + +# Definining these vars has a number of effects +# 1) mod_wsgi is configured to use the vars for its own setup +# 2) iptables opens enough ports for all threads for fedmsg +# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads +wsgi_fedmsg_service: freshmaker +wsgi_procs: 2 +wsgi_threads: 2 + +tcp_ports: [ 80 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: freshmaker + owner: fedmsg + group: fedmsg + can_send: [] + +# For the MOTD +csi_security_category: Moderate +csi_primary_contact: Factory 2 factory2-members@fedoraproject.org +csi_purpose: Run the freshmaker frontend API. +csi_relationship: | + The apache/mod_wsgi app is the only thing really running here + + It should only be used to report status on what's happening with the + freshmaker backend. The freshmaker frontend doesn't receive requests for + activity. + + This host: + + - relies on db01 for its database of activity (what rebuilds are in + progress, and why?) diff --git a/inventory/group_vars/github2fedmsg b/inventory/group_vars/github2fedmsg new file mode 100644 index 0000000000..ebb943e7a0 --- /dev/null +++ b/inventory/group_vars/github2fedmsg @@ -0,0 +1,59 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +# Definining these vars has a number of effects +# 1) mod_wsgi is configured to use the vars for its own setup +# 2) iptables opens enough ports for all threads for fedmsg +# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads +wsgi_fedmsg_service: github2fedmsg +wsgi_procs: 2 +wsgi_threads: 2 + +tcp_ports: [ 80 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: github2fedmsg + owner: root + group: apache + can_send: + - github.commit_comment + - github.create + - github.delete + - github.fork + - github.issue.comment + - github.issue.opened + - github.issue.reopened + - github.issue.closed + - github.issue.assigned + - github.issue.labeled + - github.member + - github.page_build + - github.pull_request.opened + - github.pull_request.closed + - github.pull_request.synchronize + - github.pull_request_review_comment + - github.pull_request_review + - github.pull_request.assigned + - github.pull_request.labeled + - github.pull_request.unlabeled + - github.push + - github.release + - github.star + - github.status + - github.team_add + - github.webhook + - github.gollum diff --git a/inventory/group_vars/github2fedmsg-stg b/inventory/group_vars/github2fedmsg-stg new file mode 100644 index 0000000000..c1c34bfd91 --- /dev/null +++ b/inventory/group_vars/github2fedmsg-stg @@ -0,0 +1,59 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 1 + +# Definining these vars has a number of effects +# 1) mod_wsgi is configured to use the vars for its own setup +# 2) iptables opens enough ports for all threads for fedmsg +# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads +wsgi_fedmsg_service: github2fedmsg +wsgi_procs: 2 +wsgi_threads: 2 + +tcp_ports: [ 80 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: github2fedmsg + owner: root + group: apache + can_send: + - github.commit_comment + - github.create + - github.delete + - github.fork + - github.issue.comment + - github.issue.opened + - github.issue.reopened + - github.issue.closed + - github.issue.assigned + - github.issue.labeled + - github.member + - github.page_build + - github.pull_request.opened + - github.pull_request.closed + - github.pull_request.synchronize + - github.pull_request_review_comment + - github.pull_request_review + - github.pull_request.assigned + - github.pull_request.labeled + - github.pull_request.unlabeled + - github.push + - github.release + - github.star + - github.status + - github.team_add + - github.webhook + - github.gollum diff --git a/inventory/group_vars/gnome-backups b/inventory/group_vars/gnome-backups new file mode 100644 index 0000000000..5c4a8b59e0 --- /dev/null +++ b/inventory/group_vars/gnome-backups @@ -0,0 +1,6 @@ +csi_purpose: GNOME Infrastructure Backups facility +csi_relationship: | + Provides rdiff-backup based backups to all the GNOME Infrastructure + machines and services + - This machine mainly relies on the Red Hat sponsored NetApp assigned + to the GNOME Project where all the backups do reside diff --git a/inventory/group_vars/gnome_backups b/inventory/group_vars/gnome_backups deleted file mode 100644 index 9102eb87fe..0000000000 --- a/inventory/group_vars/gnome_backups +++ /dev/null @@ -1,6 +0,0 @@ -freezes: False -notes: | - GNOME Infrastructure Backups facility - Provides rdiff-backup based backups to all the GNOME Infrastructure machines and services - * This machine mainly relies on the Red Hat sponsored NetApp assigned - to the GNOME Project where all the backups do reside diff --git a/inventory/group_vars/greenwave b/inventory/group_vars/greenwave new file mode 100644 index 0000000000..8cffbe6cc8 --- /dev/null +++ b/inventory/group_vars/greenwave @@ -0,0 +1,10 @@ +--- +# XXX - this is not really a group of real hosts. +# Instead, it represents an application in openshift. +# See playbooks/openshift-apps/greenwave.yml + +fedmsg_certs: +- service: greenwave + can_send: + - logger.log + - greenwave.decision.update diff --git a/inventory/group_vars/greenwave-stg b/inventory/group_vars/greenwave-stg new file mode 100644 index 0000000000..110e51c1de --- /dev/null +++ b/inventory/group_vars/greenwave-stg @@ -0,0 +1,12 @@ +--- +# XXX - this is not really a group of real hosts. +# Instead, it represents an application in openshift. +# See playbooks/openshift-apps/greenwave.yml + +fedmsg_env: stg + +fedmsg_certs: +- service: greenwave + can_send: + - logger.log + - greenwave.decision.update diff --git a/inventory/group_vars/hardware b/inventory/group_vars/hardware deleted file mode 100644 index 7610d508b9..0000000000 --- a/inventory/group_vars/hardware +++ /dev/null @@ -1,6 +0,0 @@ ---- -# -# Do not check swap on hardware machines. Recent rhel8 kernels favor filling swap up which causes a bunch of alerts. -# -nagios_Check_Services: - swap: false diff --git a/inventory/group_vars/hotness b/inventory/group_vars/hotness new file mode 100644 index 0000000000..0d4bc8786e --- /dev/null +++ b/inventory/group_vars/hotness @@ -0,0 +1,37 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 3000, 3001, 3002, 3003 ] + +fas_client_groups: sysadmin-noc,sysadmin-veteran + +sudoers: "{{ private }}/files/sudo/hotness-sudoers" + +# These people get told when something goes wrong. +fedmsg_error_recipients: +- pingou@fedoraproject.org +- phracek@redhat.com +- thozza@redhat.com +- jeremy@jcline.org + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: hotness + owner: root + group: fedmsg + can_send: + - hotness.project.map + - hotness.update.bug.file + - hotness.update.bug.followup + - hotness.update.drop diff --git a/inventory/group_vars/hotness-stg b/inventory/group_vars/hotness-stg new file mode 100644 index 0000000000..59199b98bc --- /dev/null +++ b/inventory/group_vars/hotness-stg @@ -0,0 +1,37 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 1 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 3000, 3001, 3002, 3003 ] + +fas_client_groups: sysadmin-noc,sysadmin-veteran + +sudoers: "{{ private }}/files/sudo/hotness-sudoers" + +# These people get told when something goes wrong. +fedmsg_error_recipients: +- pingou@fedoraproject.org +- phracek@redhat.com +- thozza@redhat.com +- jeremy@jcline.org + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: hotness + owner: root + group: fedmsg + can_send: + - hotness.project.map + - hotness.update.bug.file + - hotness.update.bug.followup + - hotness.update.drop diff --git a/inventory/group_vars/iad2_production b/inventory/group_vars/iad2_production deleted file mode 100644 index 7817932469..0000000000 --- a/inventory/group_vars/iad2_production +++ /dev/null @@ -1,18 +0,0 @@ ---- -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet - mtu: 9000 diff --git a/inventory/group_vars/infinote b/inventory/group_vars/infinote new file mode 100644 index 0000000000..63adc7e9d9 --- /dev/null +++ b/inventory/group_vars/infinote @@ -0,0 +1,41 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 4096 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +custom_rules: [ + # Need for rsync from log01 for logs. + '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', + ] + +tcp_ports: [443, 6523, 9418] + +fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-veteran + +freezes: false + +git_port: 9418 +git_server: /usr/libexec/git-core/git-daemon +git_server_args: --export-all --syslog --inetd --verbose +git_basepath: /srv/web +git_daemon_user: nobody + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Fedora admins - admin@fedoraproject.org +csi_purpose: Run the 'infinote' backend for gobby +csi_relationship: | + There are a few things running here: + + - infinote server for gobby + - cgit server to serve gobby content + - web server + + - This host relies on: Nothing + + - Things that rely on this host: Nothing diff --git a/inventory/group_vars/ipa b/inventory/group_vars/ipa index b69dca6de9..03735b76fb 100644 --- a/inventory/group_vars/ipa +++ b/inventory/group_vars/ipa @@ -1,22 +1,19 @@ --- -# Define resources for this group of hosts here. -custom_rules: ['-A INPUT -p udp -m udp -s 10.3.0.0/16 --dport 53 -j ACCEPT'] -nft_custom_rules: ['add rule ip filter INPUT ip saddr 10.3.0.0/16 udp dport 53 counter accept'] -host_backup_targets: ['/var/lib/ipa/backup', '/var/log/dirsrv/slapd-FEDORAPROJECT-ORG'] -ipa_client_shell_groups: - - sysadmin-accounts -ipa_client_sudo_groups: - - sysadmin-accounts -ipa_dm_password: "{{ ipa_prod_dm_password }}" -ipa_host_group: ipa -ipa_host_group_desc: IPA service -ipa_initial: false -ipa_ldap_socket: ldapi://%2fvar%2frun%2fslapd-FEDORAPROJECT-ORG.socket -lvm_size: 50000 -mem_size: 8192 -nrpe_procs_crit: 500 +# Define resources for this group of hosts here. +lvm_size: 30000 +mem_size: 6144 +num_cpus: 2 + +tcp_ports: [ 80, 88, 389, 443, 464, 636 ] + +custom_rules: [ + '-A INPUT -p udp -m udp -s 10.5.0.0/16 --dport 53 -j ACCEPT' +] + +fas_client_groups: sysadmin-main,sysadmin-accounts + nrpe_procs_warn: 300 -num_cpus: 8 -primary_auth_source: ipa -tcp_ports: [80, 88, 389, 443, 464, 636] -udp_ports: [88, 464] +nrpe_procs_crit: 500 + +ipa_dm_password: "{{ ipa_prod_dm_password }}" +ipa_ldap_socket: ldapi://%2fvar%2frun%2fslapd-FEDORAPROJECT-ORG.socket diff --git a/inventory/group_vars/ipa-stg b/inventory/group_vars/ipa-stg new file mode 100644 index 0000000000..2a60b44bad --- /dev/null +++ b/inventory/group_vars/ipa-stg @@ -0,0 +1,15 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 30000 +mem_size: 6144 +num_cpus: 2 + +tcp_ports: [ 80, 88, 389, 443, 464, 636 ] + +fas_client_groups: sysadmin-main,sysadmin-accounts + +nrpe_procs_warn: 300 +nrpe_procs_crit: 500 + +ipa_dm_password: "{{ ipa_stg_dm_password }}" +ipa_ldap_socket: ldapi://%2fvar%2frun%2fslapd-STG-FEDORAPROJECT-ORG.socket diff --git a/inventory/group_vars/ipa_stg b/inventory/group_vars/ipa_stg deleted file mode 100644 index 26899b5aba..0000000000 --- a/inventory/group_vars/ipa_stg +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Define resources for this group of hosts here. -ipa_client_shell_groups: - - sysadmin-accounts -ipa_client_sudo_groups: - - sysadmin-accounts -ipa_dm_password: "{{ ipa_stg_dm_password }}" -ipa_host_group: ipa -ipa_host_group_desc: IPA service -ipa_ldap_socket: ldapi://%2fvar%2frun%2fslapd-STG-FEDORAPROJECT-ORG.socket -lvm_size: 30000 -mem_size: 8192 -nrpe_procs_crit: 500 -nrpe_procs_warn: 300 -num_cpus: 4 -tcp_ports: [80, 88, 389, 443, 464, 636] -udp_ports: [88, 464] diff --git a/inventory/group_vars/ipsilon b/inventory/group_vars/ipsilon index d32010d0ad..828c0859ff 100644 --- a/inventory/group_vars/ipsilon +++ b/inventory/group_vars/ipsilon @@ -1,15 +1,15 @@ --- -# Define resources for this group of hosts here. -# Neeed for rsync from log01 for logs. -custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'] -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept' -ipa_host_group: ipsilon -ipa_host_group_desc: Ipsilon SSO application -lvm_size: 50000 -mem_size: 32768 +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 num_cpus: 2 + # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file -tcp_ports: [80, 443] + +tcp_ports: [ 80, 443 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-main,sysadmin-accounts diff --git a/inventory/group_vars/ipsilon-stg b/inventory/group_vars/ipsilon-stg new file mode 100644 index 0000000000..828c0859ff --- /dev/null +++ b/inventory/group_vars/ipsilon-stg @@ -0,0 +1,15 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-main,sysadmin-accounts diff --git a/inventory/group_vars/ipsilon_stg b/inventory/group_vars/ipsilon_stg deleted file mode 100644 index c0b858465a..0000000000 --- a/inventory/group_vars/ipsilon_stg +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Define resources for this group of hosts here. -# Neeed for rsync from log01 for logs. -custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'] -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept' -ipa_host_group: ipsilon -ipa_host_group_desc: Ipsilon SSO application -ipa_client_shell_groups: - - sysadmin-noc -ipa_client_sudo_groups: - - sysadmin-noc -lvm_size: 20000 -mem_size: 4096 -num_cpus: 2 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -proxy_tcp_ports: [80, 443] diff --git a/inventory/group_vars/jenkins-master b/inventory/group_vars/jenkins-master new file mode 100644 index 0000000000..09012fe449 --- /dev/null +++ b/inventory/group_vars/jenkins-master @@ -0,0 +1,49 @@ +--- +datacenter: cloud +freezes: false +ansible_ifcfg_blacklist: true + +slaves: +- name: EL6 + host: jenkins-slave-el6.fedorainfracloud.org + description: CentOS 6.8 + labels: el EL el6 EL6 centos CentOS centos6 CentOS6 + capacity: 4 +- name: EL7 + host: jenkins-slave-el7.fedorainfracloud.org + description: Red Hat Enterprise Linux Server 7.3 + labels: el EL el7 EL7 rhel RHEL rhel7 RHEL7 + capacity: 4 +- name: F26 + host: jenkins-slave-f26.fedorainfracloud.org + description: Fedora 26 + labels: fedora Fedora fedora26 Fedora26 + capacity: 4 +- name: F25 + host: jenkins-slave-f25.fedorainfracloud.org + description: Fedora 25 + labels: fedora Fedora fedora25 Fedora25 + capacity: 4 +- name: F25-ppc64le + host: jenkins-slave-f25-ppc64le.fedorainfracloud.org + description: Fedora 25 ppc64le + labels: fedora Fedora fedora25 Fedora25 Fedora25ppc64le ppc64le + capacity: 4 + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: root + can_send: + - logger.log +- service: jenkins + owner: root + group: jenkins + can_send: + - jenkins.build.aborted + - jenkins.build.failed + - jenkins.build.notbuilt + - jenkins.build.passed + - jenkins.build.start + - jenkins.build.unstable diff --git a/inventory/group_vars/jenkins-slave b/inventory/group_vars/jenkins-slave new file mode 100644 index 0000000000..433acee9ca --- /dev/null +++ b/inventory/group_vars/jenkins-slave @@ -0,0 +1,287 @@ +--- +datacenter: cloud +freezes: false + +ansible_ifcfg_blacklist: true + +# Packages installed on all Jenkins slaves (Fedora, CentOS) +slave_packages_common: +- java-1.8.0-openjdk-devel +- vim +- subversion +- bzr +- git +- rpmlint +- rpmdevtools +- mercurial +- mock +- gcc +- gcc-c++ +- libjpeg-turbo-devel +- python-bugzilla +- python-pip +- python-virtualenv +- python-coverage +- pylint +- python-argparse +- python-nose +- python-BeautifulSoup +- python-fedora +- python-pep8 +- python-psycopg2 +- postgresql-devel # Required to install python-psycopg2 w/in a venv +- docbook-style-xsl # Required by gimp-help-2 +- make # Required by gimp-help-2 +- automake # Required by gimp-help-2 +- libcurl-devel # Required by blockerbugs +- python-formencode # Required by javapackages-tools +- asciidoc # Required by javapackages-tools +- xmlto # Required by javapackages-tools +- pycairo-devel # Required by dogtail +- packagedb-cli # Required by FedoraReview +- xorg-x11-server-Xvfb # Required by fedora-rube +- libffi-devel # Required by bodhi/cffi/cryptography +- openssl-devel # Required by bodhi/cffi/cryptography +- redis # Required by copr +- createrepo_c # Required by bodhi2 +- python-straight-plugin +- pyflakes # Requested by user rholy (ticket #4175) +- koji # Required by koschei (ticket #4852) and pyrpkg (ticket #4838) +- rpm-python # Required by koschei (ticket #4852) +- libgit2-devel # Required by pagure +- osbs-client # Required by pyrpkg (ticket #4838) +- intltool # Required by fedora-comps (ticket #5307) +- fedpkg # Required by fedora-kickstarts (ticket #5406) +- sqlite-devel # Required by fedora-hubs (ticket #5425) +- python-virtualenvwrapper # Required by fedora-hubs (ticket #5425) +- swig # Required by fm-orchestrator (ticket #5517) +- python-tox # Required by resultsdb_conventions (ticket #5785) +- gcc-c++ # Required by libabigail (ticket 5797) +- libtool # Required by libabigail (ticket 5797) +- elfutils-devel # Required by libabigail (ticket 5797) +- libxml2-devel # Required by libabigail (ticket 5797) +- doxygen # Required by libabigail (ticket 5797) +- python-sphinx # Required by libabigail (ticket 5797) +- texinfo # Required by libabigail (ticket 5797) +- dos2unix # Required by libabigail (ticket 5797) +- dpkg # Required by libabigail (ticket 5797) +- python2-devel # Required by libabigail (ticket 5797) +- rpm-python # Required by libabigail (ticket 5797) +- python2-mock # Required by libabigail (ticket 5797) +- koji # Required by libabigail (ticket 5797) +- pyxdg # Required by libabigail (ticket 5797) +- python-unittest2 # Required by libabigail (ticket 5797) +- wget # Required by libabigail (ticket 5797) +- mailcap # Required by libabigail (ticket 5797) + +# Packages installed only on Fedora Jenkins slaves +slave_packages_fedora: +- python3 +- python-nose-cover3 +- python3-nose-cover3 +- glibc +- glibc-devel +- libstdc++ +- zlib-devel +- ncurses-devel +- libX11-devel +- libXrender +- libXrandr +- nspr-devel ## Requested by 389-ds-base +- nss-devel +- svrcore-devel +- openldap-devel +- libdb-devel +- cyrus-sasl-devel +- icu +- libicu-devel +- gcc-c++ +- net-snmp-devel +- lm_sensors-devel +- bzip2-devel +- zlib-devel +- openssl-devel +- tcp_wrappers +- pam-devel +- systemd-units +- policycoreutils-python +- openldap-clients +- perl-Mozilla-LDAP +- nss-tools +- cyrus-sasl-gssapi +- cyrus-sasl-md5 +- libdb-utils +- perl-Socket +- perl-NetAddr-IP +- pcre-devel ## End of request list for 389-ds-base +- maven # Required by xmvn https://fedorahosted.org/fedora-infrastructure/ticket/4054 +- gtk3-devel # Required by dogtail +- glib2-devel # Required by Cockpit +- libgudev1-devel +- json-glib-devel +- gobject-introspection-devel +- libudisks2-devel +- NetworkManager-glib-devel +- systemd-devel +- accountsservice-devel +- pam-devel +- autoconf +- libtool +- intltool +- jsl +- python-scss +- gtk-doc +- krb5-devel +- sshpass +- perl-Locale-PO +- perl-JSON +- glib-networking +- realmd +- udisks2 +- mdadm +- lvm2 +- sshpass # End requires for Cockpit +- tito # Requested by msrb for javapackages-tools and xmvn (ticket#4113) +- pyflakes # Requested by user rholy (ticket #4175) +- firefox # Required for rube +- python-devel # Required for mpi4py +- python3-devel # Required for mpi4py +- pwgen # Required for mpi4py +- openmpi-devel # Required for mpi4py +- mpich2-devel # Required for mpi4py +- pylint # Required by Ipsilon +- python-pep8 +- nodejs-less +- python-openid +- python-openid-teams +- python-openid-cla +- python-cherrypy +- m2crypto +- lasso-python +- python-sqlalchemy +- python-ldap +- python-pam +- python-fedora +- freeipa-python +- httpd +- mod_auth_mellon +- postgresql-server +- openssl +- mod_wsgi +- python-psycopg2 +- sssd +- libsss_simpleifp +- openldap-servers +- mod_auth_gssapi +- krb5-server +- socket_wrapper +- nss_wrapper +- krb5-workstation +- python-sssdconfig +- mod_ssl +- python-jwcrypto +- python-lesscpy # End requires for Ipsilon +- libxml2-python # Required by gimp-docs +- createrepo # Required by dnf +- dia # Required by javapackages-tools ticket #4279 +- python-hawkey # Required by koschei (ticket #4852) +- python-librepo # Required by koschei (ticket #4852) +- python3-pygit2 # Required by pagure +- nosync # for use in mock +- liberasurecode-devel # Required by pyeclib (ticket #5015) - No EPEL7 build +- python2-mock +- python-lxml +- mongodb-server +- ruby # For modularity (ticket 5379) +- ruby-devel +- ruby-irb +- ruby-libs +- rubygem-bigdecimal +- rubygem-bundler +- rubygem-io-console +- rubygem-json +- rubygem-net-http-persistent +- rubygem-psych +- rubygem-rdoc +- rubygem-rmagick +- rubygem-thor # Required by Fedora Budget (ticket 5679) +- rubygems +- rubypick +- python2-unittest2 +- python2-createrepo_c # Required by bodhi2 +- python2-pygit2 # Required by pagure +- iptables +- ledger # Required by Fedora Budget (ticket 5679) +- rubygem-asciidoctor # Required by Fedora Budget (ticket 5679) +- rubygem-builder # Required by Fedora Budget (ticket 5679) +- rubygem-coderay # Required by Fedora Budget (ticket 5679) +- rubygem-eventmachine # Required by Fedora Budget (ticket 5679) +- rubygem-ffi # Required by Fedora Budget (ticket 5679) +- rubygem-formatador # Required by Fedora Budget (ticket 5679) +- rubygem-git # Required by Fedora Budget (ticket 5679) +- rubygem-haml # Required by Fedora Budget (ticket 5679) +- rubygem-listen # Required by Fedora Budget (ticket 5679) +- rubygem-method_source # Required by Fedora Budget (ticket 5679) +- rubygem-multi_json # Required by Fedora Budget (ticket 5679) +- rubygem-nenv # Required by Fedora Budget (ticket 5679) +- rubygem-pry # Required by Fedora Budget (ticket 5679) +- rubygem-rake # Required by Fedora Budget (ticket 5679) +- rubygem-rb-inotify # Required by Fedora Budget (ticket 5679) +- rubygem-shellany # Required by Fedora Budget (ticket 5679) +- rubygem-slop # Required by Fedora Budget (ticket 5679) +- rubygem-tilt # Required by Fedora Budget (ticket 5679) +- doxygen # Required by gssproxy (ticket 5703) +- findutils # Required by gssproxy (ticket 5703) +- gettext-devel # Required by gssproxy (ticket 5703) +- keyutils-libs-devel # Required by gssproxy (ticket 5703) +- libini_config-devel # Required by gssproxy (ticket 5703) +- libselinux-devel # Required by gssproxy (ticket 5703) +- libverto-devel # Required by gssproxy (ticket 5703) +- libxml2 # Required by gssproxy (ticket 5703) +- libxslt # Required by gssproxy (ticket 5703) +- m4 # Required by gssproxy (ticket 5703) +- pkgconfig # Required by gssproxy (ticket 5703) +- popt-devel # Required by gssproxy (ticket 5703) +- krb5-server-ldap # Required by gssproxy (ticket 5703) +- valgrind # Required by gssproxy (ticket 5703) Required by libabigail (Ticket 5797) +- perl-Fedora-VSP # needed by 389 +- perl-generators # needed by 389 +- libevent-devel # needed by 389 +- libcmocka-devel # needed by 389 +- gperftools-devel # needed by 389 + +# Packages installed only on CentOS Jenkins slaves +slave_packages_centos: +# "setup" is just a placeholder value +- setup + +# Packages only installed on el7 slave +el7_only: +- python-webob1.4 # Required by bodhi2 +- python-pillow # Required by bodhi2 +- python-hawkey # Required by koschei (ticket #4852) +- python-librepo # Required by koschei (ticket #4852) +- nosync # for use in mock +- python-unittest2 +- python-createrepo_c # Required by bodhi2 +- python-pygit2 # Required by pagure +- python-pygments-markdown-lexer # Required by fedora-hubs (ticket #5425) + +# Packages only available/needed in f24+ +f24_only: +- python2-systemd +- python2-requests-kerberos +- python2-jinja2 +- devscripts-minimal # Required by FedoraReview +- python26 +- python33 +- python34 +- python36 + +f25_only: +- python3-tox +- python26 +- python33 +- python34 +- python36 +- swig # required for coco diff --git a/inventory/group_vars/kernel-qa b/inventory/group_vars/kernel-qa new file mode 100644 index 0000000000..dcdac6276b --- /dev/null +++ b/inventory/group_vars/kernel-qa @@ -0,0 +1,6 @@ +--- +freezes: false +resolvconf: "{{ files }}/resolv.conf/phx2" +fas_client_groups: sysadmin-kernel +sudoers: "{{ private }}/files/sudo/kernel-qa" +custom_rules: [ '-A INPUT -p tcp -m tcp -s 192.168.122.0/24 --dport 2049 -j ACCEPT' ] diff --git a/inventory/group_vars/kernel_qa b/inventory/group_vars/kernel_qa deleted file mode 100644 index 0343a50700..0000000000 --- a/inventory/group_vars/kernel_qa +++ /dev/null @@ -1,11 +0,0 @@ ---- -custom_rules: ['-A INPUT -p tcp -m tcp -s 192.168.122.0/24 --dport 2049 -j ACCEPT'] -nft_custom_rules: ['add rule ip filter INPUT ip saddr 192.168.122.0/24 tcp dport 2049 counter accept'] -freezes: false -ipa_client_shell_groups: - - sysadmin-kernel -ipa_client_sudo_groups: - - sysadmin-kernel -ipa_host_group: kernel_qa -ipa_host_group_desc: kernel test machines -resolvconf: "{{ files }}/resolv.conf/iad2" diff --git a/inventory/group_vars/kerneltest b/inventory/group_vars/kerneltest new file mode 100644 index 0000000000..d8eb9eb5a3 --- /dev/null +++ b/inventory/group_vars/kerneltest @@ -0,0 +1,35 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 1 + +# Definining these vars has a number of effects +# 1) mod_wsgi is configured to use the vars for its own setup +# 2) iptables opens enough ports for all threads for fedmsg +# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads +wsgi_fedmsg_service: kerneltest +wsgi_procs: 2 +wsgi_threads: 1 + +tcp_ports: [ 80 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: kerneltest + owner: root + group: apache + can_send: + - kerneltest.release.edit + - kerneltest.release.new + - kerneltest.upload.new diff --git a/inventory/group_vars/kerneltest-stg b/inventory/group_vars/kerneltest-stg new file mode 100644 index 0000000000..d8eb9eb5a3 --- /dev/null +++ b/inventory/group_vars/kerneltest-stg @@ -0,0 +1,35 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 1 + +# Definining these vars has a number of effects +# 1) mod_wsgi is configured to use the vars for its own setup +# 2) iptables opens enough ports for all threads for fedmsg +# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads +wsgi_fedmsg_service: kerneltest +wsgi_procs: 2 +wsgi_threads: 1 + +tcp_ports: [ 80 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: kerneltest + owner: root + group: apache + can_send: + - kerneltest.release.edit + - kerneltest.release.new + - kerneltest.upload.new diff --git a/inventory/group_vars/keys b/inventory/group_vars/keys new file mode 100644 index 0000000000..3271620c7f --- /dev/null +++ b/inventory/group_vars/keys @@ -0,0 +1,10 @@ +--- +freezes: false +lvm_size: 40000 +mem_size: 4096 +num_cpus: 2 +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, 11370, 11371 ] +fas_client_groups: sysadmin-noc,sysadmin-keys,sysadmin-veteran diff --git a/inventory/group_vars/koji b/inventory/group_vars/koji index 9f9b351aee..91d7c1b3b4 100644 --- a/inventory/group_vars/koji +++ b/inventory/group_vars/koji @@ -1,30 +1,51 @@ --- # Define resources for this group of hosts here. -custom_rules: [ - # Needed for keepalived - '-A INPUT -d 224.0.0.0/8 -j ACCEPT', '-A INPUT -p vrrp -j ACCEPT'] -# Needed for keepalived -nft_custom_rules: - - 'add rule ip filter INPUT ip daddr 224.0.0.0/8 counter accept' - - 'add rule ip filter INPUT ip protocol vrrp counter accept' -docker_registry: "candidate-registry.fedoraproject.org" -ipa_client_shell_groups: - - sysadmin-releng -ipa_client_sudo_groups: - - sysadmin-releng -ipa_host_group: kojihub -ipa_host_group_desc: Koji Hub hosts -koji_hub: "koji.fedoraproject.org/kojihub" -koji_root: "koji.fedoraproject.org/koji" -lvm_size: 100000 -mem_size: 57344 -max_mem_size: 65536 -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4" +lvm_size: 30000 +mem_size: 16384 num_cpus: 16 -primary_auth_source: ipa -source_registry: "registry.fedoraproject.org" + # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file -tcp_ports: [80, 443, 111, 2049] -udp_ports: [111, 2049] +tcp_ports: [ 80, 443, 111, 2049, + # These 8 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007] + +udp_ports: [ 111, 2049 ] + +custom_rules: [ + # Needed for keepalived + '-A INPUT -d 224.0.0.0/8 -j ACCEPT', + '-A INPUT -p vrrp -j ACCEPT', +] + +fas_client_groups: sysadmin-releng +sudoers: "{{ private }}/files/sudo/00releng-sudoers" + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: koji + owner: root + group: apache + can_send: + - buildsys.build.state.change + - buildsys.package.list.change + - buildsys.repo.done + - buildsys.repo.init + - buildsys.rpm.sign + - buildsys.tag + - buildsys.task.state.change + - buildsys.untag + +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" virt_install_command: "{{ virt_install_command_two_nic }}" + +osbs_url: "osbs.fedoraproject.org" +docker_registry: "candidate-registry.fedoraproject.org" +source_registry: "registry.fedoraproject.org" +koji_root: "koji.fedoraproject.org/koji" +koji_hub: "koji.fedoraproject.org/kojihub" diff --git a/inventory/group_vars/koji-not-yet-ansibilized b/inventory/group_vars/koji-not-yet-ansibilized new file mode 100644 index 0000000000..dffe7d5fb2 --- /dev/null +++ b/inventory/group_vars/koji-not-yet-ansibilized @@ -0,0 +1,19 @@ +# See the comment with the explanation of this group in ``inventory/inventory`` +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: koji + owner: root + group: apache + can_send: + - buildsys.build.state.change + - buildsys.package.list.change + - buildsys.repo.done + - buildsys.repo.init + - buildsys.rpm.sign + - buildsys.tag + - buildsys.task.state.change + - buildsys.untag diff --git a/inventory/group_vars/koji-stg b/inventory/group_vars/koji-stg new file mode 100644 index 0000000000..a642a10c7d --- /dev/null +++ b/inventory/group_vars/koji-stg @@ -0,0 +1,58 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 250000 +mem_size: 8192 +num_cpus: 8 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file +tcp_ports: [ 80, 443, 111, 2049, + # These 8 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007] + +udp_ports: [ 111, 2049 ] + +fas_client_groups: sysadmin-releng,fi-apprentice,sysadmin-noc,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: koji + owner: root + group: apache + can_send: + - buildsys.build.state.change + - buildsys.package.list.change + - buildsys.repo.done + - buildsys.repo.init + - buildsys.rpm.sign + - buildsys.tag + - buildsys.task.state.change + - buildsys.untag + +# NOTE -- staging mounts read-only +nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" +# This is for mizdebsk only in stg. Put here by threebean. Cleared with nirik. +sudoers: "{{ private }}/files/sudo/koji01.stg.phx2.fedoraproject.org-sudoers" + +koji_server_url: "https://koji.stg.fedoraproject.org/kojihub" +koji_weburl: "https://koji.stg.fedoraproject.org/koji" +koji_topurl: "https://kojipkgs.fedoraproject.org/" + +osbs_url: "osbs.stg.fedoraproject.org" +source_registry: "registry.stg.fedoraproject.org" +docker_registry: "candidate-registry.stg.fedoraproject.org" +koji_root: "koji.stg.fedoraproject.org/koji" +koji_hub: "koji.stg.fedoraproject.org/kojihub" + + +# Add custom iptable rule to allow stage koji to talk to +# osbs-dev.fedorainfracloud.org (will move to stage osbs later, this is for the +# sake of testing). +custom_rules: [ + '-A OUTPUT -p tcp -m tcp -d 209.132.184.60 --dport 8443 -j ACCEPT' +] diff --git a/inventory/group_vars/koji_riscv b/inventory/group_vars/koji_riscv deleted file mode 100644 index 0f147d0c6e..0000000000 --- a/inventory/group_vars/koji_riscv +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Define resources for this group of hosts here. -docker_registry: "candidate-registry.fedoraproject.org" -external: true -ipa_client_shell_groups: - - sysadmin-riscv -ipa_client_sudo_groups: - - sysadmin-riscv -ipa_host_group: kojihub_riscv -ipa_host_group_desc: riscv Koji Hub hosts -koji_hub: "riscv-koji.fedoraproject.org/kojihub" -koji_root: "riscv-koji.fedoraproject.org/koji" -lvm_size: 100000 -mem_size: 32768 -max_mem_size: 65536 -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4" -num_cpus: 8 -primary_auth_source: ipa -source_registry: "registry.fedoraproject.org" -tcp_ports: [80, 443, 111, 2049] -udp_ports: [111, 2049] diff --git a/inventory/group_vars/koji_stg b/inventory/group_vars/koji_stg deleted file mode 100644 index eddc8f6d90..0000000000 --- a/inventory/group_vars/koji_stg +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Define resources for this group of hosts here. -docker_registry: "candidate-registry.stg.fedoraproject.org" -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-releng - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-releng -ipa_host_group: kojihub -ipa_host_group_desc: Koji Hub hosts -koji_hub: "koji.stg.fedoraproject.org/kojihub" -koji_root: "koji.stg.fedoraproject.org/koji" -koji_server_url: "https://koji.stg.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.fedoraproject.org/" -koji_weburl: "https://koji.stg.fedoraproject.org/koji" -lvm_size: 250000 -mem_size: 32768 -# NOTE -- staging mounts read-only -nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" -num_cpus: 8 -source_registry: "registry.stg.fedoraproject.org" -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [80, 443, 111, 2049] -udp_ports: [111, 2049] diff --git a/inventory/group_vars/kojipkgs b/inventory/group_vars/kojipkgs index 0b1c93f477..18c49449e2 100644 --- a/inventory/group_vars/kojipkgs +++ b/inventory/group_vars/kojipkgs @@ -1,42 +1,38 @@ --- # Define resources for this group of hosts here. -# For the MOTD -custom_rules: [ - # Need for rsync from log01 for logs. - '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'] -# Need for rsync from log01 for logs. -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept' -ipa_client_shell_groups: - - sysadmin-noc - - sysadmin-releng - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-releng -ipa_host_group: kojipkgs -ipa_host_group_desc: Koji Packages hosts lvm_size: 50000 -max_mem_size: 98304 mem_size: 98304 -nagios_Check_Services: - swap: false -nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,lookupcache=positive,nfsvers=4" +max_mem_size: 98304 num_cpus: 16 -primary_auth_source: ipa + +custom_rules: [ + # Need for rsync from log01 for logs. + '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', + ] + tcp_ports: [80, 8080] + +fas_client_groups: sysadmin-releng,sysadmin-noc,sysadmin-veteran + varnish_group: kojipkgs -notes: | - Cache packages from koji for builders and others +# For the MOTD +csi_security_category: Moderate +csi_primary_contact: Fedora admins - admin@fedoraproject.org +csi_purpose: Cache packages from koji for builders and others +csi_relationship: | + There are a few things running here: - There are a few things running here: - * apache web server and varnish caching. + - apache web server and varnish caching proxy. - This host relies on: - * koji nfs storage - * proxy01/10 to proxy requests to it. - Things that rely on this host: - * all koji builders/buildsystem - * koschei - * external users downloading packages from koji. + - This host relies on: + - koji nfs storage + - proxy01/10 to proxy requests to it. + + - Things that rely on this host: + - all koji builders/buildsystem + - koschei + - external users downloading packages from koji. + +virt_install_command: "{{ virt_install_command_two_nic }}" diff --git a/inventory/group_vars/koschei-backend b/inventory/group_vars/koschei-backend new file mode 100644 index 0000000000..914da089da --- /dev/null +++ b/inventory/group_vars/koschei-backend @@ -0,0 +1,66 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 4096 +num_cpus: 4 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +koschei_topurl: https://apps.fedoraproject.org/koschei +koschei_pgsql_hostname: db01.phx2.fedoraproject.org +koschei_koji_hub: koji.fedoraproject.org +koschei_kojipkgs: kojipkgs.fedoraproject.org +koschei_koji_web: koji.fedoraproject.org + +host_group: koschei-backend + + +tcp_ports: [ + # These 4 are for fedmsg. See also /etc/fedmsg.d/endpoints.py + 3000, 3001, 3002, 3003, +] + +custom_rules: [ + # Need for rsync from log01 for logs. + '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', + ] + +fas_client_groups: sysadmin-koschei,fi-apprentice,sysadmin-noc,sysadmin-veteran + +freezes: false + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: koschei + owner: root + group: koschei + can_send: + - koschei.collection.state.change + - koschei.package.state.change + - koschei.update + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Fedora admins - admin@fedoraproject.org +csi_purpose: Koschei continuous integration system +csi_relationship: | + This machine depends on: + - PostgreSQL DB server + - Koji hub and kojipkgs + - fedmsg hub + - bastion (for mail relay) + - memcached01 + +koschei_backend_services: + - koschei-polling + - koschei-build-resolver + - koschei-repo-resolver + - koschei-scheduler + - koschei-watcher diff --git a/inventory/group_vars/koschei-backend-stg b/inventory/group_vars/koschei-backend-stg new file mode 100644 index 0000000000..7afe9c30ef --- /dev/null +++ b/inventory/group_vars/koschei-backend-stg @@ -0,0 +1,66 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 4096 +num_cpus: 4 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +koschei_topurl: https://apps.stg.fedoraproject.org/koschei +koschei_pgsql_hostname: pgbdr.stg.phx2.fedoraproject.org +koschei_koji_hub: koji.stg.fedoraproject.org +koschei_kojipkgs: koji.stg.fedoraproject.org +koschei_koji_web: koji.stg.fedoraproject.org + + +tcp_ports: [ + # These 4 are for fedmsg. See also /etc/fedmsg.d/endpoints.py + 3000, 3001, 3002, 3003 +] + +custom_rules: [ + # Need for rsync from log01 for logs. + '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', + ] + +fas_client_groups: sysadmin-koschei,fi-apprentice,sysadmin-noc,sysadmin-veteran + +freezes: false + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: koschei + owner: root + group: koschei + can_send: + - koschei.collection.state.change + - koschei.package.state.change + - koschei.update + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Fedora admins - admin@fedoraproject.org +csi_purpose: Koschei continuous integration system +csi_relationship: | + This machine depends on: + - PostgreSQL DB server + - Koji hub and kojipkgs + - fedmsg hub + - bastion (for mail relay) + - memcached01 + +koschei_backend_services: + - koschei-polling + - koschei-build-resolver + - koschei-repo-resolver + - koschei-scheduler + - koschei-watcher + - koschei-copr-resolver + - koschei-copr-scheduler diff --git a/inventory/group_vars/koschei-web b/inventory/group_vars/koschei-web new file mode 100644 index 0000000000..9ddb030906 --- /dev/null +++ b/inventory/group_vars/koschei-web @@ -0,0 +1,39 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 6000 +mem_size: 1024 +num_cpus: 1 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +koschei_topurl: https://apps.fedoraproject.org/koschei +koschei_pgsql_hostname: db01.phx2.fedoraproject.org +koschei_koji_hub: koji02.phx2.fedoraproject.org +koschei_kojipkgs: kojipkgs.fedoraproject.org +koschei_koji_web: koji.fedoraproject.org +koschei_openid_provider: id.fedoraproject.org +koschei_bugzilla: bugzilla.redhat.com + + +tcp_ports: [ 80, 443 ] + +custom_rules: [ + # Need for rsync from log01 for logs. + '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', + ] + +fas_client_groups: sysadmin-koschei,fi-apprentice,sysadmin-noc,sysadmin-veteran + +freezes: false + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Fedora admins - admin@fedoraproject.org +csi_purpose: Koschei continuous integration system +csi_relationship: | + This machine depends on: + - PostgreSQL DB server + - bastion (for mail relay) + - memcached01 diff --git a/inventory/group_vars/koschei-web-stg b/inventory/group_vars/koschei-web-stg new file mode 100644 index 0000000000..61c762cfec --- /dev/null +++ b/inventory/group_vars/koschei-web-stg @@ -0,0 +1,38 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 6000 +mem_size: 1024 +num_cpus: 1 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +koschei_topurl: https://apps.stg.fedoraproject.org/koschei +koschei_pgsql_hostname: pgbdr.stg.phx2.fedoraproject.org +koschei_kojipkgs: koji.stg.fedoraproject.org +koschei_koji_web: koji.stg.fedoraproject.org +koschei_openid_provider: id.stg.fedoraproject.org +koschei_bugzilla: partner-bugzilla.redhat.com + +tcp_ports: [ 80, 443 ] + +custom_rules: [ + # Need for rsync from log01 for logs. + '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', + ] + +fas_client_groups: sysadmin-koschei,fi-apprentice,sysadmin-noc,sysadmin-veteran + +freezes: false + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Fedora admins - admin@fedoraproject.org +csi_purpose: Koschei continuous integration system +csi_relationship: | + This machine depends on: + - PostgreSQL DB server + - Pagure API on dist-git (src.stg.fedoraproject.org) + - bastion (for mail relay) + - memcached01 diff --git a/inventory/group_vars/lockbox b/inventory/group_vars/lockbox new file mode 100644 index 0000000000..338338af4a --- /dev/null +++ b/inventory/group_vars/lockbox @@ -0,0 +1,33 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +tcp_ports: [ 443 ] + +fas_client_groups: sysadmin-noc,sysadmin-qa,fi-apprentice,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +# We don't really use the announce cert.. but it was supposed to be a way for +# the FPL and other powers that be to broadcast announcements, like the FCC's +# emergency broadcast system. The cert are group are here.. but no tools on the +# client side are configured to do anything with this yet. +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - ansible.playbook.complete + - ansible.playbook.start + - logger.log +- service: announce + owner: root + group: fedmsg-announce + can_send: + - announce.announcement +- service: scm + owner: root + group: sysadmin + can_send: + - infragit.receive diff --git a/inventory/group_vars/logging b/inventory/group_vars/logging deleted file mode 100644 index bf5db51581..0000000000 --- a/inventory/group_vars/logging +++ /dev/null @@ -1,14 +0,0 @@ ---- -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-analysis - - sysadmin-logs - - sysadmin-noc - - sysadmin-osbuild - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-analysis - - sysadmin-logs -ipa_host_group: logging -ipa_host_group_desc: Logging hosts -primary_auth_source: ipa diff --git a/inventory/group_vars/loopabull-stg b/inventory/group_vars/loopabull-stg new file mode 100644 index 0000000000..3bb12ed517 --- /dev/null +++ b/inventory/group_vars/loopabull-stg @@ -0,0 +1,13 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 1 + +fas_client_groups: sysadmin-loopabull +sudoers: "{{ private }}/files/sudo/mm2-sudoers" + +# For the MOTD +csi_security_category: High +csi_primary_contact: admin@fedoraproject.org / sysadmin-main-members +csi_purpose: Release Engineering automation hosts diff --git a/inventory/group_vars/mailman b/inventory/group_vars/mailman index 1ae4c707c1..568d54f91d 100644 --- a/inventory/group_vars/mailman +++ b/inventory/group_vars/mailman @@ -1,67 +1,68 @@ --- # common items for the releng-* boxes -deployment_type: prod -ipa_client_shell_groups: - - sysadmin-tools -ipa_client_sudo_groups: - - sysadmin-tools -ipa_host_group: mailman -ipa_host_group_desc: Mailing list services -lvm_size: 950000 -# Used by the mailman role -mailman3_db_server: db01.iad2.fedoraproject.org -mailman3_domains: - - lists.fedoraproject.org - - lists.fedorahosted.org - - lists.pagure.io -mailman3_login: - facebook: - display_name: Facebook - provider: facebook - github: - display_name: GitHub - provider: github - gitlab: - display_name: GitLab - provider: gitlab - google: - display_name: Google - provider: google - stackexchange: - display_name: StackExchange - provider: stackexchange - twitter: - display_name: Twitter - provider: twitter - fedora: - display_name: Fedora - provider: fedora -max_mem_size: 32768 -mem_size: 32768 -nagios_Check_Services: - nrpe: true - swap: false -nrpe_check_postfix_queue_crit: 200 -# by default, the number of emails in queue before we whine -nrpe_check_postfix_queue_warn: 100 -nrpe_procs_crit: 500 -# Number of processes for nagios -nrpe_procs_warn: 300 +lvm_size: 250000 +mem_size: 16384 num_cpus: 4 # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file +tcp_ports: [ + 25, 80, 443, + # For outgoing fedmsg + 3000, 3001, 3002, 3003, +] + +fas_client_groups: sysadmin-tools,sysadmin-main + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: mailman + owner: mailman + group: mailman + can_send: + - mailman.receive + # Postfix main.cf postfix_group: mailman -primary_auth_source: ipa -tcp_ports: [25, 80, 443] -# mailman role variables -mailman3_rest_api_username: "{{ mailman_rest_api_user }}" -mailman3_rest_api_password: "{{ mailman_rest_api_pass }}" -mailman3_mailman_db_pass: "{{ mailman_mm_db_pass }}" -mailman3_hyperkitty_admin_db_pass: "{{ mailman_hk_admin_db_pass }}" -mailman3_hyperkitty_db_pass: "{{ mailman_hk_db_pass }}" -mailman3_hyperkitty_cookie_key: "{{ mailman_hk_cookie_key }}" -mailman3_hyperkitty_archiver_key: "{{ mailman_hk_archiver_key }}" -mailman3_smtp_port: 587 +# Used by the mailman role +mailman_db_server: db01.phx2.fedoraproject.org +mailman_domains: +- lists.fedoraproject.org +- lists.fedorahosted.org +mailman_login: + gitlab: + display_name: GitLab + provider: gitlab + github: + display_name: GitHub + provider: github + twitter: + display_name: Twitter + provider: twitter + google: + display_name: Google + provider: google + facebook: + display_name: Facebook + provider: facebook + stackexchange: + display_name: StackExchange + provider: stackexchange + +# by default, the number of emails in queue before we whine +nrpe_check_postfix_queue_warn: 100 +nrpe_check_postfix_queue_crit: 200 + +# Number of processes for nagios +nrpe_procs_warn: 300 +nrpe_procs_crit: 500 + +nagios_Check_Services: + nrpe: true + swap: false diff --git a/inventory/group_vars/mailman-stg b/inventory/group_vars/mailman-stg new file mode 100644 index 0000000000..6abfc9c861 --- /dev/null +++ b/inventory/group_vars/mailman-stg @@ -0,0 +1,59 @@ +--- +# common items for the releng-* boxes +lvm_size: 250000 +mem_size: 4096 +num_cpus: 2 +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ + 25, 80, 443, + # For outbound fedmsg + 3000, 3001, 3002, 3003, +] +fas_client_groups: sysadmin-tools,sysadmin-main + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: mailman + owner: mailman + group: mailman + can_send: + - mailman.receive + +# Postfix main.cf +postfix_group: mailman-stg + +# Used by the mailman role +mailman_db_server: db01.stg.phx2.fedoraproject.org +mailman_domains: +- lists.stg.fedoraproject.org +- lists.stg.fedorahosted.org +mailman_login: + gitlab: + display_name: GitLab + provider: gitlab + github: + display_name: GitHub + provider: github + twitter: + display_name: Twitter + provider: twitter + google: + display_name: Google + provider: google + facebook: + display_name: Facebook + provider: facebook + stackexchange: + display_name: StackExchange + provider: stackexchange + +# by default, the number of emails in queue before we whine +nrpe_check_postfix_queue_warn: 20 +nrpe_check_postfix_queue_crit: 50 diff --git a/inventory/group_vars/mailman_stg b/inventory/group_vars/mailman_stg deleted file mode 100644 index a34d9cd5f7..0000000000 --- a/inventory/group_vars/mailman_stg +++ /dev/null @@ -1,67 +0,0 @@ ---- -# common items for the releng-* boxes -deployment_type: prod -ipa_client_shell_groups: - - sysadmin-tools -ipa_client_sudo_groups: - - sysadmin-tools -ipa_host_group: mailman -ipa_host_group_desc: Mailing list services -lvm_size: 350000 -# Used by the mailman role -mailman3_db_server: db01.stg.iad2.fedoraproject.org -mailman3_domains: - - lists.stg.fedoraproject.org - - lists.stg.fedorahosted.org - - lists.stg.pagure.io -mailman3_login: - facebook: - display_name: Facebook - provider: facebook - github: - display_name: GitHub - provider: github - gitlab: - display_name: GitLab - provider: gitlab - google: - display_name: Google - provider: google - stackexchange: - display_name: StackExchange - provider: stackexchange - twitter: - display_name: Twitter - provider: twitter - fedora: - display_name: Fedora - provider: fedora -max_mem_size: 32768 -mem_size: 32768 -nrpe_check_postfix_queue_crit: 50 -# by default, the number of emails in queue before we whine -nrpe_check_postfix_queue_warn: 20 -num_cpus: 4 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file - -# Postfix main.cf -postfix_group: mailman-stg -tcp_ports: [25, 80, 443] - -# mailman role variables -mailman3_log_level: debug -mailman3_rest_api_username: "{{ mailman_stg_rest_api_user }}" -mailman3_rest_api_password: "{{ mailman_stg_rest_api_pass }}" -mailman3_mailman_db_pass: "{{ mailman_mm_db_pass }}" -mailman3_hyperkitty_admin_db_pass: "{{ mailman_hk_admin_db_pass }}" -mailman3_hyperkitty_db_pass: "{{ mailman_hk_db_pass }}" -mailman3_hyperkitty_cookie_key: "{{ mailman_hk_cookie_key }}" -mailman3_hyperkitty_archiver_key: "{{ mailman_hk_stg_archiver_key }}" -mailman3_openidc_server_url: "https://id.stg.fedoraproject.org/" -mailman3_httpd_hostname: lists.stg.fedoraproject.org - -# Setting debug variables to 'true' disables mail sending -# If you want to enable it just set it to 'false' -mailman3_debug: true -mailman3_hyperkitty_debug: true diff --git a/inventory/group_vars/maintainer-test b/inventory/group_vars/maintainer-test new file mode 100644 index 0000000000..592beeebc9 --- /dev/null +++ b/inventory/group_vars/maintainer-test @@ -0,0 +1,7 @@ +--- +fas_client_groups: packager +freezes: false +sudoers: "{{ private }}/files/sudo/arm-packager-sudoers" +sudoers_main: nopasswd +host_group: cloud +ansible_ifcfg_blacklist: true diff --git a/inventory/group_vars/maintainer_test b/inventory/group_vars/maintainer_test deleted file mode 100644 index 7af238e11f..0000000000 --- a/inventory/group_vars/maintainer_test +++ /dev/null @@ -1,14 +0,0 @@ ---- -datacenter: aws -freezes: false -ipa_client_shell_groups: - - packager -ipa_client_sudo_nopasswd_groups: - - sysadmin-main - - packager -ipa_host_group: maintainer_test -ipa_host_group_desc: Test hosts for package maintainers -primary_auth_source: ipa -sudoers: "{{ private }}/files/sudo/arm-packager-sudoers" -sudoers_main: nopasswd -vpn: true diff --git a/inventory/group_vars/mbs-backend b/inventory/group_vars/mbs-backend new file mode 100644 index 0000000000..05cdc85683 --- /dev/null +++ b/inventory/group_vars/mbs-backend @@ -0,0 +1,41 @@ +--- +lvm_size: 20000 +mem_size: 4096 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 3000, 3001, 3002, 3003, + 3004, 3005, 3006, 3007 ] + +fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs,sysadmin-veteran + +# These people get told when something goes wrong. +fedmsg_error_recipients: +- ralph@fedoraproject.org +- jkaluza@fedoraproject.org +- fivaldi@fedoraproject.org + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: mbs + owner: root + group: fedmsg + can_send: + - mbs.module.state.change + - mbs.component.state.change + +# Wait a little bit longer than usual.. I'm not seeing messages from mbs backend +fedmsg_post_init_sleep: 1.5 + +# For the MOTD +csi_security_category: High +csi_primary_contact: Modularity WG - modularity-wg-members@fedoraproject.org +csi_purpose: Run the module-build-service fedmsg-hub backend (the scheduler) +csi_relationship: | + The fedmsg-hub process running here is responsible for scheduling all rpm + builds in koji in response to requests submitted to the MBS API on the + mbs-frontend nodes. + + NOTE - this system has a KRB service principal with elevated koji privileges. diff --git a/inventory/group_vars/mbs-backend-stg b/inventory/group_vars/mbs-backend-stg new file mode 100644 index 0000000000..d279284251 --- /dev/null +++ b/inventory/group_vars/mbs-backend-stg @@ -0,0 +1,38 @@ +--- +lvm_size: 20000 +mem_size: 2048 +num_cpus: 1 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 3000, 3001, 3002, 3003, + 3004, 3005, 3006, 3007 ] + +fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs,sysadmin-veteran + +# These people get told when something goes wrong. +fedmsg_error_recipients: +- ralph@fedoraproject.org +- jkaluza@fedoraproject.org +- fivaldi@fedoraproject.org + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: mbs + owner: root + group: fedmsg + can_send: + - mbs.module.state.change + - mbs.component.state.change + +# For the MOTD +csi_security_category: High +csi_primary_contact: Modularity WG - modularity-wg-members@fedoraproject.org +csi_purpose: Run the module-build-service fedmsg-hub backend (the scheduler) +csi_relationship: | + The fedmsg-hub process running here is responsible for scheduling all rpm + builds in koji in response to requests submitted to the MBS API on the + mbs-frontend nodes. + + NOTE - this system has a KRB service principal with elevated koji privileges. diff --git a/inventory/group_vars/mbs-frontend b/inventory/group_vars/mbs-frontend new file mode 100644 index 0000000000..a4592299d8 --- /dev/null +++ b/inventory/group_vars/mbs-frontend @@ -0,0 +1,43 @@ +--- +lvm_size: 20000 +mem_size: 4096 +num_cpus: 2 + +# Definining these vars has a number of effects +# 1) mod_wsgi is configured to use the vars for its own setup +# 2) iptables opens enough ports for all threads for fedmsg +# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads +wsgi_fedmsg_service: mbs +wsgi_procs: 2 +wsgi_threads: 2 + +tcp_ports: [ 80 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: mbs + owner: fedmsg + group: fedmsg + can_send: + - mbs.module.state.change + # Only the backend sends this message.. + #- mbs.component.state.change + +# For the MOTD +csi_security_category: Moderate +csi_primary_contact: Modularity WG - modularity-wg-members@fedoraproject.org +csi_purpose: Run the module-build-service frontend API. +csi_relationship: | + The apache/mod_wsgi app is the only thing really running here + + This host relies on db01 for its database of activity (what module builds + are in flight?) + + It has no special credentials itself. When a module build it submitted, it + makes a note in the DB and publishes a fedmsg message. The mbs backend + nodes do all the work of talking to koji. diff --git a/inventory/group_vars/mbs-frontend-stg b/inventory/group_vars/mbs-frontend-stg new file mode 100644 index 0000000000..ff8dfd555f --- /dev/null +++ b/inventory/group_vars/mbs-frontend-stg @@ -0,0 +1,43 @@ +--- +lvm_size: 20000 +mem_size: 2048 +num_cpus: 1 + +# Definining these vars has a number of effects +# 1) mod_wsgi is configured to use the vars for its own setup +# 2) iptables opens enough ports for all threads for fedmsg +# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads +wsgi_fedmsg_service: mbs +wsgi_procs: 2 +wsgi_threads: 2 + +tcp_ports: [ 80 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: mbs + owner: fedmsg + group: fedmsg + can_send: + - mbs.module.state.change + # Only the backend sends this message.. + #- mbs.component.state.change + +# For the MOTD +csi_security_category: Moderate +csi_primary_contact: Modularity WG - modularity-wg-members@fedoraproject.org +csi_purpose: Run the module-build-service frontend API. +csi_relationship: | + The apache/mod_wsgi app is the only thing really running here + + This host relies on db01 for its database of activity (what module builds + are in flight?) + + It has no special credentials itself. When a module build it submitted, it + makes a note in the DB and publishes a fedmsg message. The mbs backend + nodes do all the work of talking to koji. diff --git a/inventory/group_vars/mdapi b/inventory/group_vars/mdapi new file mode 100644 index 0000000000..f2608f6743 --- /dev/null +++ b/inventory/group_vars/mdapi @@ -0,0 +1,26 @@ +--- +lvm_size: 20000 +mem_size: 2048 +num_cpus: 4 +freezes: false + +tcp_ports: [ 80, 8080 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: mdapi + owner: root + group: root + can_send: + - mdapi.repo.update + diff --git a/inventory/group_vars/mdapi-stg b/inventory/group_vars/mdapi-stg new file mode 100644 index 0000000000..9253e0af3e --- /dev/null +++ b/inventory/group_vars/mdapi-stg @@ -0,0 +1,33 @@ +--- +lvm_size: 20000 +mem_size: 2048 +num_cpus: 4 +freezes: false + +tcp_ports: [ 80, 8080 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +wsgi_procs: 2 +wsgi_threads: 2 + +fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: mdapi + owner: root + group: root + can_send: + - mdapi.repo.update + +# +# We do not want apache here, in this case we only want mod_wsgi +# +wsgi_wants_apache: false diff --git a/inventory/group_vars/memcached b/inventory/group_vars/memcached index 36de6ce023..7874afb098 100644 --- a/inventory/group_vars/memcached +++ b/inventory/group_vars/memcached @@ -1,18 +1,12 @@ --- -# Define resources for this group of hosts here. -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-veteran - - sysadmin-web -ipa_client_sudo_groups: - - sysadmin-web -ipa_host_group: memcached -ipa_host_group_desc: Distributed Memory Caching service -lvm_size: 20000 -mem_size: 8192 -num_cpus: 2 -primary_auth_source: ipa +# Define resources for this group of hosts here. +lvm_size: 10000 +mem_size: 4096 +num_cpus: 1 + # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file -tcp_ports: [11211] + +tcp_ports: [ 11211 ] + +fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-web,sysadmin-veteran diff --git a/inventory/group_vars/memcached-stg b/inventory/group_vars/memcached-stg new file mode 100644 index 0000000000..21f862ff0d --- /dev/null +++ b/inventory/group_vars/memcached-stg @@ -0,0 +1,12 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 10000 +mem_size: 3072 +num_cpus: 1 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 11211 ] + +fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-web,sysadmin-veteran diff --git a/inventory/group_vars/memcached_stg b/inventory/group_vars/memcached_stg deleted file mode 100644 index d23f6b5516..0000000000 --- a/inventory/group_vars/memcached_stg +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Define resources for this group of hosts here. -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-veteran - - sysadmin-web -ipa_client_sudo_groups: - - sysadmin-web -ipa_host_group: memcached -ipa_host_group_desc: Distributed Memory Caching service -lvm_size: 20000 -mem_size: 4096 -num_cpus: 1 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [11211] diff --git a/inventory/group_vars/mirrorlist2 b/inventory/group_vars/mirrorlist2 new file mode 100644 index 0000000000..4f86e8dad8 --- /dev/null +++ b/inventory/group_vars/mirrorlist2 @@ -0,0 +1,29 @@ +--- +lvm_size: 20000 +mem_size: 8192 +num_cpus: 4 +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +custom_rules: [ '-A INPUT -p tcp -m tcp -s 192.168.0.0/16 --dport 80 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 192.168.0.0/16 --dport 443 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.126.0/24 --dport 80 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.126.0/24 --dport 443 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 67.219.144.68/32 --dport 443 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 5.175.150.50/32 --dport 443 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 152.19.134.142/32 --dport 443 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 140.211.169.196/32 --dport 443 -j ACCEPT', ] + +custom6_rules: [ '-A INPUT -p tcp -m tcp -s 2610:28:3090:3001:dead:beef:cafe:fed3 --dport 443 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 2604:1580:fe00:0:dead:beef:cafe:fed1 --dport 443 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 2a00:d1a0:1::131 --dport 443 -j ACCEPT', ] + +collectd_apache: true +fas_client_groups: sysadmin-web,sysadmin-noc,fi-apprentice,sysadmin-veteran +nrpe_procs_warn: 1200 +nrpe_procs_crit: 1400 +# By default run 45 wsgi procs +mirrorlist_procs: 60 + +# Set this to get the vpn postfix setup +postfix_group: vpn diff --git a/inventory/group_vars/mirrorlist2-stg b/inventory/group_vars/mirrorlist2-stg new file mode 100644 index 0000000000..ba08339d3d --- /dev/null +++ b/inventory/group_vars/mirrorlist2-stg @@ -0,0 +1,20 @@ +--- +lvm_size: 20000 +mem_size: 8192 +num_cpus: 4 +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +custom_rules: [ '-A INPUT -p tcp -m tcp -s 192.168.0.0/16 --dport 80 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.126.0/24 --dport 80 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.126.0/24 --dport 443 -j ACCEPT' ] + +collectd_apache: true +fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-web,sysadmin-veteran +nrpe_procs_warn: 500 +nrpe_procs_crit: 600 +# By default run 45 wsgi procs +mirrorlist_procs: 60 + +# Set this to get the vpn postfix setup +postfix_group: vpn diff --git a/inventory/group_vars/mm b/inventory/group_vars/mm new file mode 100644 index 0000000000..fe5b14d7bf --- /dev/null +++ b/inventory/group_vars/mm @@ -0,0 +1,6 @@ +--- +# Define resources for this group of hosts here. +fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-veteran +sudoers: "{{ private }}/files/sudo/mm2-sudoers" + +mm2_checkin: false diff --git a/inventory/group_vars/mm-backend b/inventory/group_vars/mm-backend new file mode 100644 index 0000000000..d051a134af --- /dev/null +++ b/inventory/group_vars/mm-backend @@ -0,0 +1,22 @@ +--- +mem_size: 6144 + +fedmsg_certs: +- service: shell + alias: mirrormanager + owner: mirrormanager + group: sysadmin + can_send: + - mirrormanager.netblocks.get + - logger.log + +# For the MOTD +csi_security_category: Moderate +csi_primary_contact: Fedora admin - admin@fedoraproject.org +csi_purpose: Run mirrormanager backend cron tasks +csi_relationship: | + TODO - we should document: + + * what kinds of processes run here + * what other services they depend on + * what other services depend on it diff --git a/inventory/group_vars/mm-backend-stg b/inventory/group_vars/mm-backend-stg new file mode 100644 index 0000000000..f609d31c62 --- /dev/null +++ b/inventory/group_vars/mm-backend-stg @@ -0,0 +1,20 @@ +--- + +fedmsg_certs: +- service: shell + owner: mirrormanager + group: sysadmin + can_send: + - mirrormanager.netblocks.get + - logger.log + +# For the MOTD +csi_security_category: Moderate +csi_primary_contact: Fedora admin - admin@fedoraproject.org +csi_purpose: Run mirrormanager backend cron tasks +csi_relationship: | + TODO - we should document: + + * what kinds of processes run here + * what other services they depend on + * what other services depend on it diff --git a/inventory/group_vars/mm-crawler b/inventory/group_vars/mm-crawler new file mode 100644 index 0000000000..a8fe3a0790 --- /dev/null +++ b/inventory/group_vars/mm-crawler @@ -0,0 +1,24 @@ +--- + +fedmsg_certs: +- service: shell + owner: mirrormanager + group: sysadmin + can_send: + - mirrormanager.crawler.complete + - mirrormanager.crawler.start + - logger.log + +# For the MOTD +csi_security_category: Moderate +csi_primary_contact: Fedora admin - admin@fedoraproject.org +csi_purpose: Run mirrormanager crawlers +csi_relationship: | + TODO - we should document: + + * what kinds of processes run here + * what other services they depend on + * what other services depend on it + +rsyncd_conf: "rsyncd.conf.crawler" +tcp_ports: [ 873 ] diff --git a/inventory/group_vars/mm-crawler-stg b/inventory/group_vars/mm-crawler-stg new file mode 100644 index 0000000000..7a02078271 --- /dev/null +++ b/inventory/group_vars/mm-crawler-stg @@ -0,0 +1,21 @@ +--- + +fedmsg_certs: +- service: shell + owner: mirrormanager + group: sysadmin + can_send: + - mirrormanager.crawler.complete + - mirrormanager.crawler.start + - logger.log + +# For the MOTD +csi_security_category: Moderate +csi_primary_contact: Fedora admin - admin@fedoraproject.org +csi_purpose: Run mirrormanager crawlers +csi_relationship: | + TODO - we should document: + + * what kinds of processes run here + * what other services they depend on + * what other services depend on it diff --git a/inventory/group_vars/mm-frontend b/inventory/group_vars/mm-frontend new file mode 100644 index 0000000000..5d60b6ce39 --- /dev/null +++ b/inventory/group_vars/mm-frontend @@ -0,0 +1,30 @@ +--- +mem_size: 4096 + +tcp_ports: [ 80, + # These 2 ports are used by fedmsg. + # One for each wsgi thread. + 3000, 3001, + ] + +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: mirrormanager2 + owner: root + group: apache + + +# For the MOTD +csi_security_category: Moderate +csi_primary_contact: Fedora admin - admin@fedoraproject.org +csi_purpose: Run mirrormanager frontend WSGI app +csi_relationship: | + TODO - we should document: + + * what kinds of processes run here + * what other services they depend on + * what other services depend on it diff --git a/inventory/group_vars/mm-frontend-stg b/inventory/group_vars/mm-frontend-stg new file mode 100644 index 0000000000..965346ce07 --- /dev/null +++ b/inventory/group_vars/mm-frontend-stg @@ -0,0 +1,29 @@ +--- + +tcp_ports: [ 80, + # These 2 ports are used by fedmsg. + # One for each wsgi thread. + 3000, 3001, + ] + +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: mirrormanager2 + owner: root + group: apache + + +# For the MOTD +csi_security_category: Moderate +csi_primary_contact: Fedora admin - admin@fedoraproject.org +csi_purpose: Run mirrormanager frontend WSGI app +csi_relationship: | + TODO - we should document: + + * what kinds of processes run here + * what other services they depend on + * what other services depend on it diff --git a/inventory/group_vars/mm-stg b/inventory/group_vars/mm-stg new file mode 100644 index 0000000000..fe5b14d7bf --- /dev/null +++ b/inventory/group_vars/mm-stg @@ -0,0 +1,6 @@ +--- +# Define resources for this group of hosts here. +fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-veteran +sudoers: "{{ private }}/files/sudo/mm2-sudoers" + +mm2_checkin: false diff --git a/inventory/group_vars/modernpaste b/inventory/group_vars/modernpaste new file mode 100644 index 0000000000..caee69f777 --- /dev/null +++ b/inventory/group_vars/modernpaste @@ -0,0 +1,5 @@ +--- +freezes: false +mem_size: 4096 +num_cpus: 2 +tcp_ports: [22, 80, 443] diff --git a/inventory/group_vars/os_control b/inventory/group_vars/moonshot similarity index 100% rename from inventory/group_vars/os_control rename to inventory/group_vars/moonshot diff --git a/inventory/group_vars/nagios b/inventory/group_vars/nagios index 71ec95643e..21d83e3862 100644 --- a/inventory/group_vars/nagios +++ b/inventory/group_vars/nagios @@ -1,150 +1,193 @@ --- -deployment_type: prod -dns_external: - - ns-iad01.fedoraproject.org - - ns-iad02.fedoraproject.org - - ns02.fedoraproject.org - - ns05.fedoraproject.org -# When you have a group which comes up with empty members in all.cfg, it -# is because it contains all hosts which aren't pinganble. You may want -# to add that group to this list. Other items on this list are ones -# where it is an enormous group not needed. -# Exclude these ansible host groups in hostgroups/all.cfg -exclude_iad2_hostgroups: - - centos_ipa_client_stg - - zabbix_stg - - zabbix - - logdetective -#iad2_management_slowping: -# - ppc8-01-fsp.mgmt.fedoraproject.org -# - ppc8-02-fsp.mgmt.fedoraproject.org -# - ppc8-03-fsp.mgmt.fedoraproject.org -iad2_external: - - bastion01.fedoraproject.org - - bastion02.fedoraproject.org - - dl-iad01.fedoraproject.org - - dl-iad02.fedoraproject.org - - dl-iad03.fedoraproject.org - - dl-iad04.fedoraproject.org - - dl-iad05.fedoraproject.org - - infrastructure.fedoraproject.org - - koji.fedoraproject.org - - kojipkgs.fedoraproject.org - - ns-iad01.fedoraproject.org - - ns-iad02.fedoraproject.org - - pkgs.fedoraproject.org - - proxy01.fedoraproject.org - - proxy10.fedoraproject.org - - secondary01.fedoraproject.org + +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443 ] + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: nagios + owner: root + group: nagios + can_send: + - nagios.host.state.change + - nagios.service.state.change + +fas_client_groups: sysadmin-noc,sysadmin-veteran +csi_security_category: High +csi_primary_contact: Fedora Admins - admin@fedoraproject.org +csi_purpose: Monitoring system + # -# This is a list of hosts which are in the IAD2 160 mgmt network +# This is a list of hosts which are in the PHX2 130 mgmt network # we do not have them in ansible because it tries to connect # and they don't do ansible # -iad2_management_hosts: - - autosign02.mgmt.iad2.fedoraproject.org - - backup01.mgmt.iad2.fedoraproject.org - - bkernel01.mgmt.iad2.fedoraproject.org - - bkernel02.mgmt.iad2.fedoraproject.org - - bvmhost-a64-01.mgmt.iad2.fedoraproject.org. - - bvmhost-a64-02.mgmt.iad2.fedoraproject.org. - - bvmhost-a64-03.mgmt.iad2.fedoraproject.org. - - bvmhost-a64-04.mgmt.iad2.fedoraproject.org. - - bvmhost-p09-01.mgmt.iad2.fedoraproject.org. - - bvmhost-p09-02.mgmt.iad2.fedoraproject.org. - - bvmhost-p09-03.mgmt.iad2.fedoraproject.org. - - bvmhost-p09-04.mgmt.iad2.fedoraproject.org. - - bvmhost-x86-01.mgmt.iad2.fedoraproject.org - - bvmhost-x86-02.mgmt.iad2.fedoraproject.org - - bvmhost-x86-03.mgmt.iad2.fedoraproject.org - - bvmhost-x86-04.mgmt.iad2.fedoraproject.org - - bvmhost-x86-05.mgmt.iad2.fedoraproject.org - - bvmhost-x86-06.mgmt.iad2.fedoraproject.org - - bvmhost-x86-07.mgmt.iad2.fedoraproject.org - - dell-fx01-fc01.mgmt.iad2.fedoraproject.org - - dell-fx01-fc02.mgmt.iad2.fedoraproject.org - - dell-fx01-fc03.mgmt.iad2.fedoraproject.org - - dell-fx01-fc04.mgmt.iad2.fedoraproject.org - - dell-fx01-fc05.mgmt.iad2.fedoraproject.org - - dell-fx01-fc06.mgmt.iad2.fedoraproject.org - - dell-fx01-fc07.mgmt.iad2.fedoraproject.org - - dell-fx01-fc08.mgmt.iad2.fedoraproject.org - - dell-fx01.mgmt.iad2.fedoraproject.org - - dell-fx02-fc01.mgmt.iad2.fedoraproject.org - - dell-fx02-fc02.mgmt.iad2.fedoraproject.org - - dell-fx02-fc03.mgmt.iad2.fedoraproject.org - - dell-fx02-fc04.mgmt.iad2.fedoraproject.org - - dell-fx02-fc05.mgmt.iad2.fedoraproject.org - - dell-fx02-fc06.mgmt.iad2.fedoraproject.org - - dell-fx02-fc07.mgmt.iad2.fedoraproject.org - - dell-fx02-fc08.mgmt.iad2.fedoraproject.org - - dell-fx02.mgmt.iad2.fedoraproject.org - - openqa-a64-worker01.mgmt.iad2.fedoraproject.org - - openqa-a64-worker02.mgmt.iad2.fedoraproject.org - - openqa-a64-worker03.mgmt.iad2.fedoraproject.org - - openqa-p09-worker01.mgmt.iad2.fedoraproject.org - - openqa-p09-worker02.mgmt.iad2.fedoraproject.org - - openqa-x86-worker01.mgmt.iad2.fedoraproject.org - - openqa-x86-worker02.mgmt.iad2.fedoraproject.org - - openqa-x86-worker03.mgmt.iad2.fedoraproject.org - - openqa-x86-worker04.mgmt.iad2.fedoraproject.org - - openqa-x86-worker05.mgmt.iad2.fedoraproject.org - - openqa-x86-worker06.mgmt.iad2.fedoraproject.org - - qvmhost-x86-01.mgmt.iad2.fedoraproject.org - - qvmhost-x86-02.mgmt.iad2.fedoraproject.org - - sign-vault01.mgmt.iad2.fedoraproject.org - - sign-vault02.mgmt.iad2.fedoraproject.org - - vmhost-x86-01.mgmt.iad2.fedoraproject.org - - vmhost-x86-02.mgmt.iad2.fedoraproject.org - - vmhost-x86-03.mgmt.iad2.fedoraproject.org - - vmhost-x86-04.mgmt.iad2.fedoraproject.org - - vmhost-x86-05.mgmt.iad2.fedoraproject.org - - vmhost-x86-06.mgmt.iad2.fedoraproject.org - - vmhost-x86-08.mgmt.iad2.fedoraproject.org - - bvmhost-a64-01-stg.mgmt.iad2.fedoraproject.org - - bvmhost-x86-01-stg.mgmt.iad2.fedoraproject.org - - bvmhost-x86-02-stg.mgmt.iad2.fedoraproject.org - - bvmhost-x86-03-stg.mgmt.iad2.fedoraproject.org - - bvmhost-x86-05-stg.mgmt.iad2.fedoraproject.org - - vmhost-x86-01-stg.mgmt.iad2.fedoraproject.org - - vmhost-x86-02-stg.mgmt.iad2.fedoraproject.org - - vmhost-x86-05-stg.mgmt.iad2.fedoraproject.org - - vmhost-x86-06-stg.mgmt.iad2.fedoraproject.org - - vmhost-x86-07-stg.mgmt.iad2.fedoraproject.org - - vmhost-x86-08-stg.mgmt.iad2.fedoraproject.org - - vmhost-x86-09-stg.mgmt.iad2.fedoraproject.org - - vmhost-x86-11-stg.mgmt.iad2.fedoraproject.org - - vmhost-x86-12-stg.mgmt.iad2.fedoraproject.org - - worker01.mgmt.iad2.fedoraproject.org - - worker02.mgmt.iad2.fedoraproject.org - - worker03.mgmt.iad2.fedoraproject.org - - worker04.mgmt.iad2.fedoraproject.org - - worker05.mgmt.iad2.fedoraproject.org - - worker06.mgmt.iad2.fedoraproject.org - - worker01-stg.mgmt.iad2.fedoraproject.org - - worker02-stg.mgmt.iad2.fedoraproject.org - - worker03-stg.mgmt.iad2.fedoraproject.org - - worker04-stg.mgmt.iad2.fedoraproject.org - - worker05-stg.mgmt.iad2.fedoraproject.org +phx2_management_hosts: + - autocloud-backend-libvirt.mgmt.fedoraproject.org + - autocloud-backend-vbox.mgmt.fedoraproject.org + - backup01.mgmt.fedoraproject.org + - beaker-client01.mgmt.fedoraproject.org + - beaker-client02.mgmt.fedoraproject.org + - bvirthost01.mgmt.fedoraproject.org + - bvirthost04.mgmt.fedoraproject.org + - bvirthost05.mgmt.fedoraproject.org + - data-analysis01.mgmt.fedoraproject.org + - dell-fx01-01.mgmt.fedoraproject.org + - dell-fx01-02.mgmt.fedoraproject.org + - dell-fx01-03.mgmt.fedoraproject.org + - dell-fx01-04.mgmt.fedoraproject.org + - dell-fx01-05.mgmt.fedoraproject.org + - dell-fx01-06.mgmt.fedoraproject.org + - dell-fx01-07.mgmt.fedoraproject.org + - dell-fx01-08.mgmt.fedoraproject.org + - dell-fx01.mgmt.fedoraproject.org + - dell-fx02-01.mgmt.fedoraproject.org + - dell-fx02-02.mgmt.fedoraproject.org + - dell-fx02-03.mgmt.fedoraproject.org + - dell-fx02-04.mgmt.fedoraproject.org + - dell-fx02-05.mgmt.fedoraproject.org + - dell-fx02-06.mgmt.fedoraproject.org + - dell-fx02-07.mgmt.fedoraproject.org + - dell-fx02-08.mgmt.fedoraproject.org + - dell-fx02.mgmt.fedoraproject.org + - dell-fxqa01-01.mgmt.fedoraproject.org + - dell-fxqa01-02.mgmt.fedoraproject.org + - dell-fxqa01-03.mgmt.fedoraproject.org + - dell-fxqa01.mgmt.fedoraproject.org + - download01.mgmt.fedoraproject.org + - download02.mgmt.fedoraproject.org + - download03.mgmt.fedoraproject.org + - download04.mgmt.fedoraproject.org + - download05.mgmt.fedoraproject.org + - fed-cloud01.mgmt.fedoraproject.org + - fed-cloud02.mgmt.fedoraproject.org + - fed-cloud03.mgmt.fedoraproject.org + - fed-cloud04.mgmt.fedoraproject.org + - fed-cloud05.mgmt.fedoraproject.org + - fed-cloud06.mgmt.fedoraproject.org + - fed-cloud07.mgmt.fedoraproject.org + - fed-cloud08.mgmt.fedoraproject.org + - fed-cloud09.mgmt.fedoraproject.org + - fed-cloud10.mgmt.fedoraproject.org + - fed-cloud11.mgmt.fedoraproject.org + - fed-cloud12.mgmt.fedoraproject.org + - fed-cloud13.mgmt.fedoraproject.org + - fed-cloud14.mgmt.fedoraproject.org + - fed-cloud15.mgmt.fedoraproject.org + - kvm01.mgmt.fedoraproject.org + - oldbox01.mgmt.fedoraproject.org + - oldbox02.mgmt.fedoraproject.org + - oldbox03.mgmt.fedoraproject.org + - oldbox04.mgmt.fedoraproject.org + - oldbox05.mgmt.fedoraproject.org + - qa09.mgmt.fedoraproject.org + - qa10.mgmt.fedoraproject.org + - qa11.mgmt.fedoraproject.org + - qa12.mgmt.fedoraproject.org + - qa13.mgmt.fedoraproject.org + - qa14.mgmt.fedoraproject.org + - retrace01.mgmt.fedoraproject.org + - retrace02.mgmt.fedoraproject.org + - vhcloud01.mgmt.fedoraproject.org + - virthost-comm03.mgmt.fedoraproject.org + - virthost-comm04.mgmt.fedoraproject.org + - virthost-s390.mgmt.fedoraproject.org + - virthost01.mgmt.fedoraproject.org + - virthost02.mgmt.fedoraproject.org + - virthost03.mgmt.fedoraproject.org + - virthost04.mgmt.fedoraproject.org + - virthost05.mgmt.fedoraproject.org + - virthost06.mgmt.fedoraproject.org + - virthost11.mgmt.fedoraproject.org + - virthost15.mgmt.fedoraproject.org + - virthost16.mgmt.fedoraproject.org + - virthost17.mgmt.fedoraproject.org + - virthost18.mgmt.fedoraproject.org + - virthost19.mgmt.fedoraproject.org + - virthost20.mgmt.fedoraproject.org + - virthost21.mgmt.fedoraproject.org + - virthost22.mgmt.fedoraproject.org + # # These are management interfaces we only want # to test ping against. No http/https # -iad2_management_limited: - - opengear01.mgmt.iad2.fedoraproject.org -ipa_client_shell_groups: - - sysadmin-noc - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-noc -ipa_host_group: nagios -ipa_host_group_desc: Nagios Monitoring -lvm_size: 20000 -mem_size: 2048 -num_cpus: 2 -primary_auth_source: ipa -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [80, 443] +phx2_management_limited: + - bkernel01.mgmt.fedoraproject.org + - bkernel02.mgmt.fedoraproject.org + - fed-cloud-ppc01.mgmt.fedoraproject.org + - fed-cloud-ppc02.mgmt.fedoraproject.org + - moonshot01-ilo.mgmt.fedoraproject.org + - moonshot01-sw1.mgmt.fedoraproject.org + - moonshot01-sw2.mgmt.fedoraproject.org + - opengear01.mgmt.fedoraproject.org + - opengear02.mgmt.fedoraproject.org + - qa01.mgmt.fedoraproject.org + - qa02.mgmt.fedoraproject.org + - qa03.mgmt.fedoraproject.org + - qa04.mgmt.fedoraproject.org + - qa05.mgmt.fedoraproject.org + - qa07.mgmt.fedoraproject.org + - qa08.mgmt.fedoraproject.org + - rack16-pdu-a.mgmt.fedoraproject.org + - rack16-pdu-b.mgmt.fedoraproject.org + - rack17-pdu-a.mgmt.fedoraproject.org + - rack17-pdu-b.mgmt.fedoraproject.org + - rack47-pdu-a.mgmt.fedoraproject.org + - rack47-pdu-b.mgmt.fedoraproject.org + - rack47-serial.mgmt.fedoraproject.org + - rack48-pdu-a.mgmt.fedoraproject.org + - rack48-serial.mgmt.fedoraproject.org + - rack51-pdu-a.mgmt.fedoraproject.org + - rack51-pdu-b.mgmt.fedoraproject.org + - rack51-serial.mgmt.fedoraproject.org + - rack52-serial.mgmt.fedoraproject.org + - rack58-pdu-a.mgmt.fedoraproject.org + - rack58-pdu-b.mgmt.fedoraproject.org + - sign-vault03.mgmt.fedoraproject.org + - sign-vault04.mgmt.fedoraproject.org + - virthost-comm02.mgmt.fedoraproject.org + - virthost12.mgmt.fedoraproject.org + - virthost14.mgmt.fedoraproject.org -notes: Monitoring system +phx2_management_slowping: + - ppc8-01-fsp.mgmt.fedoraproject.org + - ppc8-02-fsp.mgmt.fedoraproject.org + - ppc8-03-fsp.mgmt.fedoraproject.org + +phx2_external: + - admin.stg.fedoraproject.org + - autoqa.fedoraproject.org + - bastion-comm01.fedoraproject.org + - bastion01.fedoraproject.org + - bastion02.fedoraproject.org + - dl01.fedoraproject.org + - dl02.fedoraproject.org + - dl03.fedoraproject.org + - dl04.fedoraproject.org + - dl05.fedoraproject.org + - koji.fedoraproject.org + - koji.stg.fedoraproject.org + - kojipkgs.fedoraproject.org + - ns04.fedoraproject.org + - pkgs.fedoraproject.org + - pkgs01.stg.fedoraproject.org + - proxy01.fedoraproject.org + - proxy10.fedoraproject.org + - puppet.fedoraproject.org + - retrace01.fedoraproject.org + - retrace02.fedoraproject.org + - secondary01.fedoraproject.org + - secondarykoji.fedoraproject.org + - stg.fedoraproject.org diff --git a/inventory/group_vars/nfs_servers b/inventory/group_vars/nfs_servers deleted file mode 100644 index f1aa44b169..0000000000 --- a/inventory/group_vars/nfs_servers +++ /dev/null @@ -1,8 +0,0 @@ ---- -ipa_client_shell_groups: - - sysadmin-copr - - sysadmin-noc -ipa_client_sudo_groups: - - sysadmin-copr - - sysadmin-noc -ipa_host_group: vmhost-copr diff --git a/inventory/group_vars/noc_rdu_cc b/inventory/group_vars/noc_rdu_cc deleted file mode 100644 index 2c4d7ed7bd..0000000000 --- a/inventory/group_vars/noc_rdu_cc +++ /dev/null @@ -1,11 +0,0 @@ ---- -deployment_type: prod -ipa_client_shell_groups: - - sysadmin-noc - - sysadmin-veteran - - sysadmin-copr -ipa_client_sudo_groups: - - sysadmin-noc -ipa_host_group: NocRduCC -ipa_host_group_desc: Rdu CC noc -notes: dhcp and pxe server for rdu-cc diff --git a/inventory/group_vars/notifs b/inventory/group_vars/notifs deleted file mode 100644 index 5e5d8b3e1d..0000000000 --- a/inventory/group_vars/notifs +++ /dev/null @@ -1,11 +0,0 @@ ---- -ipa_client_shell_groups: - - sysadmin-datanommer - - sysadmin-noc - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-datanommer - - sysadmin-noc -ipa_host_group: notifs -ipa_host_group_desc: Fedora Notifications -primary_auth_source: ipa diff --git a/inventory/group_vars/notifs-backend b/inventory/group_vars/notifs-backend new file mode 100644 index 0000000000..91edffe1f8 --- /dev/null +++ b/inventory/group_vars/notifs-backend @@ -0,0 +1,40 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 24576 +max_mem_size: "{{ mem_size }}" +num_cpus: 8 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 3000, 3001, 3002, 3003, 3004 ] + +fas_client_groups: sysadmin-noc,sysadmin-datanommer,sysadmin-veteran + +sudoers: "{{ private }}/files/sudo/notifs-sudoers" + +# For performance measurement.. for now. This can be removed whenever. +fedmsg_loglevel: DEBUG + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + # The shell cert needs to be allowed to send these too so it can do alembic + # upgrades that trigger messages. + can_send: + - fmn.filter.update + - fmn.preference.update + - fmn.rule.update + - fmn.confirmation.update + - logger.log +- service: fmn + owner: root + group: fedmsg + can_send: + - fmn.filter.update + - fmn.preference.update + - fmn.rule.update + - fmn.confirmation.update diff --git a/inventory/group_vars/notifs-backend-stg b/inventory/group_vars/notifs-backend-stg new file mode 100644 index 0000000000..e8af71b584 --- /dev/null +++ b/inventory/group_vars/notifs-backend-stg @@ -0,0 +1,37 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 16384 +max_mem_size: "{{ mem_size }}" +num_cpus: 4 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 3000, 3001, 3002, 3003, 3004 ] + +fas_client_groups: sysadmin-noc,sysadmin-datanommer,sysadmin-veteran + +sudoers: "{{ private }}/files/sudo/notifs-sudoers" + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + # The shell cert needs to be allowed to send these too so it can do alembic + # upgrades that trigger messages. + can_send: + - fmn.filter.update + - fmn.preference.update + - fmn.rule.update + - fmn.confirmation.update + - logger.log +- service: fmn + owner: root + group: fedmsg + can_send: + - fmn.filter.update + - fmn.preference.update + - fmn.rule.update + - fmn.confirmation.update diff --git a/inventory/group_vars/notifs-web b/inventory/group_vars/notifs-web new file mode 100644 index 0000000000..6ffee52a9f --- /dev/null +++ b/inventory/group_vars/notifs-web @@ -0,0 +1,34 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +wsgi_fedmsg_service: fmn +wsgi_procs: 2 +wsgi_threads: 2 + +tcp_ports: [ 80 ] + +fas_client_groups: sysadmin-noc,sysadmin-datanommer,sysadmin-veteran + +sudoers: "{{ private }}/files/sudo/notifs-sudoers" + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: fmn + owner: root + group: apache + can_send: + - fmn.filter.update + - fmn.preference.update + - fmn.rule.update + - fmn.confirmation.update diff --git a/inventory/group_vars/notifs-web-stg b/inventory/group_vars/notifs-web-stg new file mode 100644 index 0000000000..6ffee52a9f --- /dev/null +++ b/inventory/group_vars/notifs-web-stg @@ -0,0 +1,34 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +wsgi_fedmsg_service: fmn +wsgi_procs: 2 +wsgi_threads: 2 + +tcp_ports: [ 80 ] + +fas_client_groups: sysadmin-noc,sysadmin-datanommer,sysadmin-veteran + +sudoers: "{{ private }}/files/sudo/notifs-sudoers" + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: fmn + owner: root + group: apache + can_send: + - fmn.filter.update + - fmn.preference.update + - fmn.rule.update + - fmn.confirmation.update diff --git a/inventory/group_vars/notifs_backend b/inventory/group_vars/notifs_backend deleted file mode 100644 index 5c8742d48d..0000000000 --- a/inventory/group_vars/notifs_backend +++ /dev/null @@ -1,11 +0,0 @@ ---- -# Define resources for this group of hosts here. -deployment_type: prod -# For performance measurement.. for now. This can be removed whenever. -lvm_size: 65536 -max_mem_size: "{{ mem_size }}" -mem_size: 24576 -num_cpus: 8 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [3000, 3001, 3002, 3003, 3004, 3005] diff --git a/inventory/group_vars/notifs_backend_stg b/inventory/group_vars/notifs_backend_stg deleted file mode 100644 index 4878a9dc8b..0000000000 --- a/inventory/group_vars/notifs_backend_stg +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Define resources for this group of hosts here. -deployment_type: stg -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-veteran - - sysadmin-web -ipa_client_sudo_groups: - - sysadmin-web -lvm_size: 20000 -max_mem_size: "{{ mem_size }}" -mem_size: 16384 -num_cpus: 4 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [3000, 3001, 3002, 3003, 3004] diff --git a/inventory/group_vars/notifs_stg b/inventory/group_vars/notifs_stg deleted file mode 100644 index 5585ae79a5..0000000000 --- a/inventory/group_vars/notifs_stg +++ /dev/null @@ -1,11 +0,0 @@ ---- -ipa_client_shell_groups: - - sysadmin-datanommer - - sysadmin-noc - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-datanommer - - sysadmin-noc - - sysadmin-veteran -ipa_host_group: notifs -ipa_host_group_desc: Fedora Notifications diff --git a/inventory/group_vars/notifs_web b/inventory/group_vars/notifs_web deleted file mode 100644 index efd729a89a..0000000000 --- a/inventory/group_vars/notifs_web +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Define resources for this group of hosts here. -deployment_type: prod -lvm_size: 20000 -mem_size: 1024 -num_cpus: 2 -tcp_ports: [80] -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -wsgi_fedmsg_service: fmn -wsgi_procs: 2 -wsgi_threads: 2 diff --git a/inventory/group_vars/notifs_web_stg b/inventory/group_vars/notifs_web_stg deleted file mode 100644 index f508695e0e..0000000000 --- a/inventory/group_vars/notifs_web_stg +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Define resources for this group of hosts here. -deployment_type: stg -lvm_size: 20000 -mem_size: 1024 -num_cpus: 2 -tcp_ports: [80] -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -wsgi_fedmsg_service: fmn -wsgi_procs: 2 -wsgi_threads: 2 diff --git a/inventory/group_vars/nuancier b/inventory/group_vars/nuancier new file mode 100644 index 0000000000..f6dd1884a4 --- /dev/null +++ b/inventory/group_vars/nuancier @@ -0,0 +1,39 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +# Definining these vars has a number of effects +# 1) mod_wsgi is configured to use the vars for its own setup +# 2) iptables opens enough ports for all threads for fedmsg +# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads +wsgi_fedmsg_service: nuancier +wsgi_procs: 2 +wsgi_threads: 2 + +tcp_ports: [ 80, + # This port is required by gluster + 6996, + ] + +fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-veteran + +freezes: false + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: nuancier + owner: root + group: apache + can_send: + - nuancier.candidate.approved + - nuancier.candidate.denied + - nuancier.candidate.new + - nuancier.election.new + - nuancier.election.update diff --git a/inventory/group_vars/nuancier-stg b/inventory/group_vars/nuancier-stg new file mode 100644 index 0000000000..2ce5dda4ae --- /dev/null +++ b/inventory/group_vars/nuancier-stg @@ -0,0 +1,39 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +# Definining these vars has a number of effects +# 1) mod_wsgi is configured to use the vars for its own setup +# 2) iptables opens enough ports for all threads for fedmsg +# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads +wsgi_fedmsg_service: nuancier +wsgi_procs: 2 +wsgi_threads: 2 + +tcp_ports: [ 80, + # This port is required by gluster + 6996, + ] + +fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-veteran + +freezes: false + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: nuancier + owner: root + group: apache + can_send: + - nuancier.candidate.approved + - nuancier.candidate.denied + - nuancier.candidate.new + - nuancier.election.new + - nuancier.election.update diff --git a/inventory/group_vars/oci_registry b/inventory/group_vars/oci_registry deleted file mode 100644 index 78f30a0008..0000000000 --- a/inventory/group_vars/oci_registry +++ /dev/null @@ -1,10 +0,0 @@ ---- -ipa_client_shell_groups: - - sysadmin-releng -ipa_client_sudo_groups: - - sysadmin-releng -ipa_host_group: oci-registry -ipa_host_group_desc: OCI Registry service -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" -primary_auth_source: ipa -tcp_ports: [5000] diff --git a/inventory/group_vars/oci_registry_stg b/inventory/group_vars/oci_registry_stg deleted file mode 100644 index c572c30b13..0000000000 --- a/inventory/group_vars/oci_registry_stg +++ /dev/null @@ -1,9 +0,0 @@ ---- -ipa_client_shell_groups: - - sysadmin-releng -ipa_client_sudo_groups: - - sysadmin-releng -ipa_host_group: oci-registry -ipa_host_group_desc: OCI Registry service -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" -tcp_ports: [5000] diff --git a/inventory/group_vars/ocp b/inventory/group_vars/ocp deleted file mode 100644 index 8d5a086ae5..0000000000 --- a/inventory/group_vars/ocp +++ /dev/null @@ -1,8 +0,0 @@ ---- -nagios_Check_Services: - mail: false - nrpe: false - swap: false -ocp4: true -rhcos_version: 4.8.2 -vpn: false diff --git a/inventory/group_vars/ocp_stg b/inventory/group_vars/ocp_stg deleted file mode 100644 index 8d5a086ae5..0000000000 --- a/inventory/group_vars/ocp_stg +++ /dev/null @@ -1,8 +0,0 @@ ---- -nagios_Check_Services: - mail: false - nrpe: false - swap: false -ocp4: true -rhcos_version: 4.8.2 -vpn: false diff --git a/inventory/group_vars/odcs-backend b/inventory/group_vars/odcs-backend new file mode 100644 index 0000000000..90002fee33 --- /dev/null +++ b/inventory/group_vars/odcs-backend @@ -0,0 +1,60 @@ +--- +lvm_size: 200000 +mem_size: 4096 +num_cpus: 2 + +# Set this to True for the F28 release and onwards. +freezes: false + +tcp_ports: [ + 3000, 3001, 3002, 3003, + 3004, 3005, 3006, 3007, + # These ports all required for gluster + 111, 24007, 24008, 24009, 24010, 24011, + 49152, 49153, 49154, 49155, +] +# Also for gluster. +udp_ports: [ 111 ] + +# These people get told when something goes wrong. +fedmsg_error_recipients: +- ralph@fedoraproject.org +- jkaluza@fedoraproject.org +- cqi@fedoraproject.org +- qwan@fedoraproject.org + +virt_install_command: "{{ virt_install_command_two_nic }}" + +# NOTE -- read-only mount of /mnt/fedora_koji here. +nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: odcs + owner: odcs + group: odcs + can_send: + - odcs.compose.state-changed + +odcs_target_dir_url: https://odcs.fedoraproject.org/composes + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Factory 2 factory2-members@fedoraproject.org +csi_purpose: Run the on-demand-compose-service backend scheduler. +csi_relationship: | + There is an odcs backend process running here. + + The process is called `odcs-backend`. + + This host: + + - relies on db01 for its database of activity (what composes have been + requested and what state are they in?) + - Uses pungi to compose repos of content. + - It also *provides* an nfs share used by odcs-frontend01. diff --git a/inventory/group_vars/odcs-backend-stg b/inventory/group_vars/odcs-backend-stg new file mode 100644 index 0000000000..e60ab8a547 --- /dev/null +++ b/inventory/group_vars/odcs-backend-stg @@ -0,0 +1,58 @@ +--- +lvm_size: 40000 +mem_size: 2048 +num_cpus: 2 + +# Set this to True for the F28 release and onwards. +freezes: false + +tcp_ports: [ + 3000, 3001, 3002, 3003, + 3004, 3005, 3006, 3007, + # These ports all required for gluster + 111, 24007, 24008, 24009, 24010, 24011, + 49152, 49153, 49154, 49155, +] +# Also for gluster. +udp_ports: [ 111 ] + +# These people get told when something goes wrong. +fedmsg_error_recipients: +- ralph@fedoraproject.org +- jkaluza@fedoraproject.org +- cqi@fedoraproject.org +- qwan@fedoraproject.org + +datacenter: staging +virt_install_command: "{{ virt_install_command_two_nic }}" + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: odcs + owner: odcs + group: odcs + can_send: + - odcs.compose.state-changed + +odcs_target_dir_url: https://odcs.stg.fedoraproject.org/composes + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Factory 2 factory2-members@fedoraproject.org +csi_purpose: Run the on-demand-compose-service backend scheduler. +csi_relationship: | + There is an odcs backend process running here. + + The process is called `odcs-backend`. + + This host: + + - relies on db01 for its database of activity (what composes have been + requested and what state are they in?) + - Uses pungi to compose repos of content. + - It also *provides* an nfs share used by odcs-frontend01. diff --git a/inventory/group_vars/odcs-frontend b/inventory/group_vars/odcs-frontend new file mode 100644 index 0000000000..55413f4944 --- /dev/null +++ b/inventory/group_vars/odcs-frontend @@ -0,0 +1,54 @@ +--- +lvm_size: 30000 +mem_size: 2048 +num_cpus: 2 + +# Set this to True for the F28 release and onwards. +freezes: false + +# Definining these vars has a number of effects +# 1) mod_wsgi is configured to use the vars for its own setup +# 2) iptables opens enough ports for all threads for fedmsg +# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads +wsgi_fedmsg_service: odcs +wsgi_procs: 2 +wsgi_threads: 2 + +tcp_ports: [ + 80, + # These ports all required for gluster + 111, 24007, 24008, 24009, 24010, 24011, + 49152, 49153, 49154, 49155, +] +# Also for gluster. +udp_ports: [ 111 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: odcs + owner: apache + group: apache + can_send: + - odcs.compose.state-changed + +odcs_target_dir_url: https://odcs.fedoraproject.org/composes + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Factory 2 factory2-members@fedoraproject.org +csi_purpose: Run the on-demand-compose-service frontend API. +csi_relationship: | + The apache/mod_wsgi app is the only thing really running here + + This host: + + - relies on db01 for its database of activity (what composes have been + requested and what state are they in?) + - It also mounts an nfs shared provided by odcs-backend01. + - It provides http access to the compose contents on that nfs share. + diff --git a/inventory/group_vars/odcs-frontend-stg b/inventory/group_vars/odcs-frontend-stg new file mode 100644 index 0000000000..9ba52f0562 --- /dev/null +++ b/inventory/group_vars/odcs-frontend-stg @@ -0,0 +1,54 @@ +--- +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +# Set this to True for the F28 release and onwards. +freezes: false + +# Definining these vars has a number of effects +# 1) mod_wsgi is configured to use the vars for its own setup +# 2) iptables opens enough ports for all threads for fedmsg +# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads +wsgi_fedmsg_service: odcs +wsgi_procs: 2 +wsgi_threads: 2 + +tcp_ports: [ + 80, + # These ports all required for gluster + 111, 24007, 24008, 24009, 24010, 24011, + 49152, 49153, 49154, 49155, +] +# Also for gluster. +udp_ports: [ 111 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: odcs + owner: apache + group: apache + can_send: + - odcs.compose.state-changed + +odcs_target_dir_url: https://odcs.stg.fedoraproject.org/composes + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Factory 2 factory2-members@fedoraproject.org +csi_purpose: Run the on-demand-compose-service frontend API. +csi_relationship: | + The apache/mod_wsgi app is the only thing really running here + + This host: + + - relies on db01 for its database of activity (what composes have been + requested and what state are they in?) + - It also mounts an nfs shared provided by odcs-backend01. + - It provides http access to the compose contents on that nfs share. + diff --git a/inventory/group_vars/openqa b/inventory/group_vars/openqa index 1860fe506d..cc9e2bb807 100644 --- a/inventory/group_vars/openqa +++ b/inventory/group_vars/openqa @@ -1,34 +1,72 @@ # this is to enable nested virt, which we need for disk image creation -deployment_type: prod -external_hostname: openqa.fedoraproject.org -freezes: false -# AMQP publisher/listener-related stuff -openqa_amqp_this_cacertfile: "{{ openqa_amqp_prod_cacertfile }}" -openqa_amqp_this_certfile: "{{ openqa_amqp_prod_certfile }}" -openqa_amqp_this_keyfile: "{{ openqa_amqp_prod_keyfile }}" -openqa_amqp_this_url: "{{ openqa_amqp_prod_url }}" -openqa_amqp_this_username: "{{ openqa_amqp_prod_username }}" -openqa_amqp_scheduler_queue: "{{ openqa_amqp_prod_username }}_scheduler" - -# auth stuff -openqa_auth_method: OAuth2 -openqa_oauth2_secret: "{{ openqa_prod_oidc_secret }}" - -openqa_compose_arches: x86_64,aarch64 -openqa_dbname: openqa -openqa_dbpassword: "{{ prod_openqa_dbpassword }}" -openqa_dbuser: openqa -openqa_env: production -openqa_env_suffix: -openqa_key: "{{ prod_openqa_apikey }}" -# all our workers need NFS access -openqa_nfs_workers: "{{ groups['openqa_workers'] }}" -openqa_resultsdb_url: https://resultsdb.fedoraproject.org/api/v2.0/ -openqa_resultsdb_user: "{{ prod_resultsdb_httpd_user }}" -openqa_resultsdb_password: "{{ prod_resultsdb_httpd_password }}" -openqa_secret: "{{ prod_openqa_apisecret }}" -openqa_update_arches: ['aarch64', 'x86_64'] -openqa_webapi_plugins: FedoraMessaging -openqa_wikitcms_hostname: fedoraproject.org virt_install_command: "{{ virt_install_command_one_nic }} --cpu=host-passthrough,+vmx" -wikitcms_token: "{{ private }}/files/openidc/production/wikitcms.json" + +external_hostname: openqa.fedoraproject.org + +openqa_static_uid: 601 + +openqa_hostname: localhost +openqa_email: adamwill@fedoraproject.org +openqa_nickname: adamwill +openqa_fullname: Adam Williamson +openqa_userid: http://adamwill.id.fedoraproject.org/ + +openqa_dbname: openqa +openqa_dbhost: db-qa01.qa.fedoraproject.org +openqa_dbuser: openqa +openqa_dbpassword: "{{ prod_openqa_dbpassword }}" +openqa_assetsize: 300 + +openqa_key: "{{ prod_openqa_apikey }}" +openqa_secret: "{{ prod_openqa_apisecret }}" + +wikitcms_user: coconut +wikitcms_password: "{{ prod_wikitcms_password }}" + +# The checkcompose settings below cause system(s) in this group to +# send out check-compose reports. This could cause duplicate reports +# if additional systems were added to this group. +checkcompose_emailfrom: rawhide@fedoraproject.org +checkcompose_emailto: "test@lists.fedoraproject.org devel@lists.fedoraproject.org" +checkcompose_postrelease_emailto: "mmcgrath@fedoraproject.org atomic@lists.fedoraproject.org" +checkcompose_postrelease_emailerror: "true" +checkcompose_smtp: bastion.phx2.fedoraproject.org +checkcompose_url: "https://{{ external_hostname }}" + +deployment_type: prod +freezes: false + +# http and NFS +tcp_ports: [80, 2049] + +# These people get told when something goes wrong. +fedmsg_error_recipients: +- adamwill@fedoraproject.org +- tflink@fedoraproject.org +- pschindl@fedoraproject.org + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: openqa + owner: root + group: geekotest + can_send: + - openqa.comment.create + - openqa.comment.update + - openqa.comment.delete + - openqa.job.create + - openqa.job.delete + - openqa.job.cancel + - openqa.job.duplicate + - openqa.job.restart + - openqa.jobs.restart + - openqa.job.update.result + - openqa.job.done + +# we need this to log with fedmsg-logger +fedmsg_active: True diff --git a/inventory/group_vars/openqa-stg b/inventory/group_vars/openqa-stg new file mode 100644 index 0000000000..c02fa11351 --- /dev/null +++ b/inventory/group_vars/openqa-stg @@ -0,0 +1,77 @@ +# This setup is a bit out of the ordinary for a staging system. As the openqa +# scheduler needs up-to-date information from the wiki and koji, it doesn't +# work well as a proper staging host. +# +# We decided to keep it a pseudo-staging host that will get new versions of +# openqa first and will be a staging host for most intensive purposes but from +# a firewall rule POV, it will be a staging-friendly production host +# +# it should still be using the stg proxies and the external hostname will still +# be stg.fedoraproject.org + +# this is to enable nested virt, which we need for disk image creation +virt_install_command: "{{ virt_install_command_one_nic }} --cpu=host-passthrough,+vmx" + +external_hostname: openqa.stg.fedoraproject.org + +openqa_static_uid: 601 + +openqa_hostname: localhost +openqa_email: adamwill@fedoraproject.org +openqa_nickname: adamwill +openqa_fullname: Adam Williamson +openqa_userid: http://adamwill.id.fedoraproject.org/ + +openqa_dbname: openqa-stg +openqa_dbhost: db-qa01.qa.fedoraproject.org +openqa_dbuser: openqastg +openqa_dbpassword: "{{ stg_openqa_dbpassword }}" +openqa_assetsize: 400 + +openqa_key: "{{ stg_openqa_apikey }}" +openqa_secret: "{{ stg_openqa_apisecret }}" + +wikitcms_password: "{{ stg_wikitcms_password }}" + +checkcompose_url: "https://{{ external_hostname }}" + +deployment_type: stg +freezes: false + +# http and NFS +tcp_ports: [80, 2049] + +# These people get told when something goes wrong. +fedmsg_error_recipients: +- adamwill@fedoraproject.org +- tflink@fedoraproject.org +- pschindl@fedoraproject.org + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: openqa + owner: root + group: geekotest + can_send: + - openqa.comment.create + - openqa.comment.update + - openqa.comment.delete + - openqa.job.create + - openqa.job.delete + - openqa.job.cancel + - openqa.job.duplicate + - openqa.job.restart + - openqa.jobs.restart + - openqa.job.update.result + - openqa.job.done + +# we need this to log with fedmsg-logger +fedmsg_active: True + +# makes sure it sends stg not prod fedmsgs +fedmsg_env: stg diff --git a/inventory/group_vars/openqa-stg-workers b/inventory/group_vars/openqa-stg-workers new file mode 100644 index 0000000000..b08d62e60a --- /dev/null +++ b/inventory/group_vars/openqa-stg-workers @@ -0,0 +1,8 @@ +gw: 10.5.124.254 +openqa_workers: 4 +openqa_hostname: openqa-stg01.qa.fedoraproject.org +openqa_key: "{{ stg_openqa_apikey }}" +openqa_secret: "{{ stg_openqa_apisecret }}" + +deployment_type: stg +freezes: false diff --git a/inventory/group_vars/openqa-tap-workers b/inventory/group_vars/openqa-tap-workers new file mode 100644 index 0000000000..571b6a62c4 --- /dev/null +++ b/inventory/group_vars/openqa-tap-workers @@ -0,0 +1,20 @@ +openqa_tap: true + +# for iptables rules...maybe other stuff in future? both staging +# and prod workers are in this group +host_group: openqa-tap-workers + +# firewall rules to allow openQA openvswitch guests to communicate +# eth0 for x86_64 worker hosts, eth2 for ppc64 worker host +custom_rules: [ + '-A FORWARD -i br0 -j ACCEPT', + '-A FORWARD -m state -i eth0 -o br0 --state RELATED,ESTABLISHED -j ACCEPT', + '-A FORWARD -m state -i eth2 -o br0 --state RELATED,ESTABLISHED -j ACCEPT', + '-A INPUT -i br0 -j ACCEPT' +] + +# we do stuff with ifcfg that base doesn't understand. terrible, terrible +# stuff. seriously - it doesn't handle the openvswitch config well. so +# let's tell it to just configure eth0 (and eth2, for ppc64) for us and +# leave everything else alone. +ansible_ifcfg_whitelist: ['eth0', 'eth2'] diff --git a/inventory/group_vars/openqa-workers b/inventory/group_vars/openqa-workers new file mode 100644 index 0000000000..f9fc73ecf3 --- /dev/null +++ b/inventory/group_vars/openqa-workers @@ -0,0 +1,8 @@ +gw: 10.5.124.254 +openqa_workers: 4 +openqa_hostname: openqa01.qa.fedoraproject.org +openqa_key: "{{ prod_openqa_apikey }}" +openqa_secret: "{{ prod_openqa_apisecret }}" + +deployment_type: prod +freezes: false diff --git a/inventory/group_vars/openqa_all_common b/inventory/group_vars/openqa_all_common deleted file mode 100644 index 45a621e901..0000000000 --- a/inventory/group_vars/openqa_all_common +++ /dev/null @@ -1,9 +0,0 @@ -# here we keep variables that are used on all openQA boxes, servers -# and workers, prod and lab. - -# this is UID and GID of geekotest on the server (the user openQA -# runs as). The asset dirs are owned by this user and group. We also -# create geekotest on the workers with this GID and add _openqa-worker -# to that group, so os-autoinst can write to the asset dirs, which it -# needs to do when uncompressing compressed disk assets. -openqa_static_uid: 601 diff --git a/inventory/group_vars/openqa_hdds_workers b/inventory/group_vars/openqa_hdds_workers deleted file mode 100644 index f7aaf2b68e..0000000000 --- a/inventory/group_vars/openqa_hdds_workers +++ /dev/null @@ -1 +0,0 @@ -openqa_hdds_worker: true diff --git a/inventory/group_vars/openqa_lab b/inventory/group_vars/openqa_lab deleted file mode 100644 index f2344c7782..0000000000 --- a/inventory/group_vars/openqa_lab +++ /dev/null @@ -1,53 +0,0 @@ -# This setup is a bit out of the ordinary for a staging system. As the openqa -# scheduler needs up-to-date information from the wiki and koji, it doesn't -# work well as a proper staging host. -# -# We decided to keep it a pseudo-staging host that will get new versions of -# openqa first and will be a staging host for most intensive purposes but from -# a firewall rule POV, it will be a staging-friendly production host -# -# it should still be using the stg proxies and the external hostname will still -# be stg.fedoraproject.org - -# this is to enable nested virt, which we need for disk image creation -virt_install_command: "{{ virt_install_command_one_nic }} --cpu=host-passthrough,+vmx" - -deployment_type: stg -external_hostname: openqa.stg.fedoraproject.org -freezes: false - -# AMQP publisher/listener-related stuff -openqa_amqp_this_cacertfile: "{{ openqa_amqp_stg_cacertfile }}" -openqa_amqp_this_certfile: "{{ openqa_amqp_stg_certfile }}" -openqa_amqp_this_keyfile: "{{ openqa_amqp_stg_keyfile }}" -openqa_amqp_this_url: "{{ openqa_amqp_stg_url }}" -openqa_amqp_this_username: "{{ openqa_amqp_stg_username }}" -openqa_amqp_scheduler_queue: "{{ openqa_amqp_prod_username }}_scheduler_stg" - -# auth stuff -openqa_auth_method: OAuth2 -openqa_oauth2_secret: "{{ openqa_stg_oidc_secret }}" - -openqa_assetsize_updates_aarch64: 50 -openqa_assetsize_ppc: 300 -openqa_assetsize_updates_ppc: 100 -openqa_compose_arches: x86_64,aarch64,ppc64le -openqa_dbname: openqa-stg -openqa_dbpassword: "{{ stg_openqa_dbpassword }}" -openqa_dbuser: openqastg -openqa_env: staging -openqa_env_suffix: .stg -openqa_key: "{{ stg_openqa_apikey }}" -# all our workers need NFS access -openqa_nfs_workers: "{{ groups['openqa_lab_workers'] }}" -# install openQA from updates-testing - this is staging, we live -# ON THE EDGE (radical guitar riff) -openqa_repo: updates-testing -openqa_resultsdb_url: https://resultsdb.stg.fedoraproject.org/api/v2.0/ -openqa_resultsdb_user: "{{ stg_resultsdb_httpd_user }}" -openqa_resultsdb_password: "{{ stg_resultsdb_httpd_password }}" -openqa_secret: "{{ stg_openqa_apisecret }}" -openqa_update_arches: ['aarch64', 'x86_64', 'ppc64le'] -openqa_webapi_plugins: FedoraMessaging -openqa_wikitcms_hostname: stg.fedoraproject.org -wikitcms_token: "{{ private }}/files/openidc/staging/wikitcms.json" diff --git a/inventory/group_vars/openqa_lab_workers b/inventory/group_vars/openqa_lab_workers deleted file mode 100644 index b4dd1a7d6b..0000000000 --- a/inventory/group_vars/openqa_lab_workers +++ /dev/null @@ -1,29 +0,0 @@ -deployment_type: stg -freezes: false -gw: 10.3.174.254 -ipa_client_shell_groups: - - sysadmin-qa -ipa_client_sudo_groups: - - sysadmin-qa -ipa_host_group: openqa-lab-workers -ipa_host_group_desc: OpenQA Lab worker hosts -nftables: true -openqa_env: staging -openqa_env_prefix: stg- -# this is because openqa staging isn't really a staging host -# we don't want to set env_suffix to stg on it because that may -# break some other plays, but we do need the env suffix for the -# fedora-messaging bits, so let's make our own -openqa_env_suffix: .stg -openqa_hostname: openqa-lab01.iad2.fedoraproject.org -openqa_key: "{{ stg_openqa_apikey }}" -# we are all NFS workers for now at least -openqa_nfs_worker: true -# install openQA and os-autoinst from updates-testing - this is -# staging, we live ON THE EDGE (radical guitar riff) -openqa_repo: updates-testing -openqa_secret: "{{ stg_openqa_apisecret }}" -openqa_workers: 4 -primary_auth_source: ipa -# all worker hosts should be encrypted as of 2024-10 redeployment -openqa_nbde: true diff --git a/inventory/group_vars/openqa_onebox_test b/inventory/group_vars/openqa_onebox_test deleted file mode 100644 index 483d3611b0..0000000000 --- a/inventory/group_vars/openqa_onebox_test +++ /dev/null @@ -1,83 +0,0 @@ -# This setup is a bit out of the ordinary for a staging system. As the openqa -# scheduler needs up-to-date information from the wiki and koji, it doesn't -# work well as a proper staging host. -# -# We decided to keep it a pseudo-staging host that will get new versions of -# openqa first and will be a staging host for most intensive purposes but from -# a firewall rule POV, it will be a staging-friendly production host -# -# it should still be using the stg proxies and the external hostname will still -# be stg.fedoraproject.org - -# this is to enable nested virt, which we need for disk image creation -virt_install_command: "{{ virt_install_command_one_nic }} --cpu=host-passthrough,+vmx" - -deployment_type: stg -# this won't really work, there's not going to be any way to get at -# the webui from outside the box, but we gotta set it to something -external_hostname: openqa.oneboxtest.fedoraproject.org -freezes: false -gw: 10.3.174.254 - -# we need this bigger on stg to handle Rawhide updates, if we enable -# Rawhide update testing in prod we can just move this to servers_common -openqa_assetsize_updates: 260 -openqa_compose_arches: x86_64 -openqa_dbname: openqa-onebox -openqa_dbpassword: "{{ stg_openqa_dbpassword }}" -openqa_dbuser: openqastg -openqa_dbhost: localhost -openqa_dbhost_delegate: "{{ inventory_hostname }}" -openqa_env: staging -openqa_env_prefix: stg- -# this is because openqa staging isn't really a staging host -# we don't want to set env_suffix to stg on it because that may -# break some other plays, but we do need the env suffix for the -# fedora-messaging bits, so let's make our own -openqa_env_suffix: .stg -openqa_key: "{{ stg_openqa_apikey }}" -# install openQA from updates-testing - this is staging, we live -# ON THE EDGE (radical guitar riff) -openqa_repo: updates-testing -openqa_secret: "{{ stg_openqa_apisecret }}" -openqa_update_arches: ['x86_64'] - -# copied from openqa_servers_common, we don't want everything from there though -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-qa - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-qa -ipa_host_group: openqa-servers -ipa_host_group_desc: OpenQA servers -# we need this for all our fedora-messaging consumers as they are not -# allowed to create queues on the infra AMQP broker, by broker config -openqa_amqp_passive: true -openqa_amqp_publisher_exchange: "amq.topic" -openqa_amqp_publisher_cacertfile: "/etc/fedora-messaging/{{ openqa_env_prefix }}cacert.pem" -openqa_amqp_publisher_certfile: "/etc/pki/fedora-messaging/openqa{{ openqa_env_suffix }}-cert.pem" -openqa_amqp_publisher_keyfile: "/etc/pki/fedora-messaging/openqa{{ openqa_env_suffix }}-key.pem" -openqa_amqp_scheduler_cert: /etc/pki/fedora-messaging/openqa-cert.pem -openqa_amqp_scheduler_key: /etc/pki/fedora-messaging/openqa-key.pem -openqa_amqp_scheduler_queue: "openqa{{ openqa_env_suffix }}_scheduler" -openqa_amqp_scheduler_routing_keys: ["org.fedoraproject.prod.pungi.compose.status.change", "org.fedoraproject.prod.bodhi.update.status.testing.koji-build-group.build.complete", "org.fedoraproject.prod.coreos.build.state.change"] -openqa_amqp_scheduler_url: "amqps://openqa:@rabbitmq.fedoraproject.org/%2Fpubsub" -openqa_amqp_smtp: bastion -openqa_assetsize: 500 -openqa_email: adamwill@fedoraproject.org -openqa_fullname: Adam Williamson -openqa_hostname: localhost -openqa_nickname: adamwill -openqa_userid: http://adamwill.id.fedoraproject.org/ -primary_auth_source: ipa -# http and NFS -tcp_ports: [80, 2049] - -# from openqa_lab_workers -openqa_nfs_worker: false -openqa_workers: 4 - -# let's not do this -openqa_amqp_publisher_url: "" diff --git a/inventory/group_vars/openqa_servers_common b/inventory/group_vars/openqa_servers_common deleted file mode 100644 index d1820b5555..0000000000 --- a/inventory/group_vars/openqa_servers_common +++ /dev/null @@ -1,88 +0,0 @@ -## DO NOT SORT THIS FILE ALPHABETICALLY! IT IS ORGANIZED BY TOPIC AREA! - -# here we keep variables that are the same between prod and lab -# openQA servers. these are mostly things that are set as variables -# in the plays so we can change them over time and also so the plays -# can be used for non-infra deployments. -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-qa - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-qa -ipa_host_group: openqa-servers -ipa_host_group_desc: OpenQA servers - -# fedora-messaging email error reporting settings -openqa_amqp_mailto: ["adamwill@fedoraproject.org", "lruzicka@fedoraproject.org"] - -# fedora-messaging general settings -# we need this for all our fedora-messaging consumers as they are not -# allowed to create queues on the infra AMQP broker, by broker config -openqa_amqp_passive: true -openqa_amqp_publisher_exchange: "amq.topic" -openqa_amqp_smtp: bastion - -# fedora-messaging identity and certificate settings -openqa_amqp_prod_cacertfile: "/etc/fedora-messaging/cacert.pem" -openqa_amqp_prod_certfile: "/etc/pki/fedora-messaging/{{ openqa_amqp_prod_username }}-cert.pem" -openqa_amqp_prod_keyfile: "/etc/pki/fedora-messaging/{{ openqa_amqp_prod_username }}-key.pem" -openqa_amqp_prod_url: "amqps://{{ openqa_amqp_prod_username }}:@rabbitmq.fedoraproject.org/%2Fpubsub" -openqa_amqp_prod_username: "openqa" -openqa_amqp_stg_cacertfile: "/etc/fedora-messaging/stg-cacert.pem" -openqa_amqp_stg_certfile: "/etc/pki/fedora-messaging/{{ openqa_amqp_stg_username }}-cert.pem" -openqa_amqp_stg_keyfile: "/etc/pki/fedora-messaging/{{ openqa_amqp_stg_username }}-key.pem" -openqa_amqp_stg_url: "amqps://{{ openqa_amqp_stg_username }}:@rabbitmq.stg.fedoraproject.org/%2Fpubsub" -openqa_amqp_stg_username: "openqa.stg" - -# the "this" variables used hereafter are defined in the non-generic group_vars -# files as pointers back to the appropriate ones above. we have this setup -# because sometimes the stg deployment needs to listen on prod, -# so sometimes we use the "this" vars and sometimes we just use the prod ones. - -# fedora-messaging publisher settings (for openQA itself) -openqa_amqp_publisher_cacertfile: "{{ openqa_amqp_this_cacertfile }}" -openqa_amqp_publisher_certfile: "{{ openqa_amqp_this_certfile }}" -openqa_amqp_publisher_keyfile: "{{ openqa_amqp_this_keyfile }}" -openqa_amqp_publisher_prefix: org.fedoraproject.{{ deployment_type }} -openqa_amqp_publisher_url: "{{ openqa_amqp_this_url }}" - -# fedora-messaging job scheduler settings: most of these are the same -# for prod and stg as they use the same account to listen for prod -# messages on prod rabbitmq. Only the queue names differs. -openqa_amqp_scheduler_cert: "{{ openqa_amqp_prod_certfile }}" -openqa_amqp_scheduler_key: "{{ openqa_amqp_prod_keyfile }}" -openqa_amqp_scheduler_routing_keys: ["org.fedoraproject.prod.pungi.compose.status.change", "org.fedoraproject.prod.bodhi.update.status.testing.koji-build-group.build.complete", "org.fedoraproject.prod.coreos.build.state.change"] -openqa_amqp_scheduler_url: "{{ openqa_amqp_prod_url }}" - -# fedora-messaging reporter settings (for both wiki/resultsdb reporters) -openqa_amqp_reporter_cacert: "{{ openqa_amqp_this_cacertfile }}" -openqa_amqp_reporter_cert: "{{ openqa_amqp_this_certfile }}" -openqa_amqp_reporter_key: "{{ openqa_amqp_this_keyfile }}" -openqa_amqp_reporter_url: "{{ openqa_amqp_this_url }}" - -# fedora-messaging resultsdb reporter settings -openqa_amqp_resultsdb_reporter_queue: "{{ openqa_amqp_this_username }}_resultsdb_reporter" -openqa_amqp_resultsdb_reporter_routing_keys: - - "org.fedoraproject.{{ deployment_type }}.openqa.job.done" - - "org.fedoraproject.{{ deployment_type }}.openqa.job.create" - - "org.fedoraproject.{{ deployment_type }}.openqa.job.restart" - -# fedora-messaging wiki reporter settings -openqa_amqp_wiki_reporter_queue: "{{ openqa_amqp_this_username }}_wiki_reporter" -openqa_amqp_wiki_reporter_routing_keys: ["org.fedoraproject.{{ deployment_type }}.openqa.job.done"] - -openqa_assetsize: 500 -openqa_assetsize_aarch64: 350 -openqa_assetsize_updates: 250 -# stg and prod use the same database server -openqa_dbhost: db-openqa01.iad2.fedoraproject.org -openqa_email: adamwill@fedoraproject.org -openqa_fullname: Adam Williamson -openqa_hostname: localhost -openqa_nickname: adamwill -openqa_userid: http://adamwill.id.fedoraproject.org/ -primary_auth_source: ipa -# http and NFS -tcp_ports: [80, 2049] diff --git a/inventory/group_vars/openqa_tap12_workers b/inventory/group_vars/openqa_tap12_workers deleted file mode 100644 index c5a19cb7e5..0000000000 --- a/inventory/group_vars/openqa_tap12_workers +++ /dev/null @@ -1 +0,0 @@ -openqa_tap: tap,tap2 diff --git a/inventory/group_vars/openqa_tap1_workers b/inventory/group_vars/openqa_tap1_workers deleted file mode 100644 index 5ae0f2366f..0000000000 --- a/inventory/group_vars/openqa_tap1_workers +++ /dev/null @@ -1 +0,0 @@ -openqa_tap: tap diff --git a/inventory/group_vars/openqa_tap2_workers b/inventory/group_vars/openqa_tap2_workers deleted file mode 100644 index ce151e66c4..0000000000 --- a/inventory/group_vars/openqa_tap2_workers +++ /dev/null @@ -1 +0,0 @@ -openqa_tap: tap2 diff --git a/inventory/group_vars/openqa_tap_workers b/inventory/group_vars/openqa_tap_workers deleted file mode 100644 index ca322db3e0..0000000000 --- a/inventory/group_vars/openqa_tap_workers +++ /dev/null @@ -1,16 +0,0 @@ -# firewall rules to allow openQA openvswitch guests to communicate -# uses interface definition from host vars -custom_rules: ['-A FORWARD -i br0 -j ACCEPT', '-A FORWARD -m state -i {{ openqa_tap_iface }} -o br0 --state RELATED,ESTABLISHED -j ACCEPT', '-A INPUT -i br0 -j ACCEPT'] -nft_custom_rules: - - 'add rule ip filter FORWARD iifname "br0" counter accept' - - 'add rule ip filter FORWARD iifname "{{ openqa_tap_iface }}" oifname "br0" ct state related,established counter accept' - - 'add rule ip filter INPUT iifname "br0" counter accept' -# for iptables rules...maybe other stuff in future? both staging -# and prod workers are in this group -host_group: openqa-tap-workers -nat_rules: [ - # masquerade for openQA openvswitch workers to reach the outside - '-A POSTROUTING -o {{ openqa_tap_iface }} -j MASQUERADE'] -nft_nat_rules: [ - # masquerade for openQA openvswitch workers to reach the outside - 'add rule ip nat POSTROUTING oifname "{{ openqa_tap_iface }}" counter masquerade'] diff --git a/inventory/group_vars/openqa_workers b/inventory/group_vars/openqa_workers deleted file mode 100644 index 8543c80596..0000000000 --- a/inventory/group_vars/openqa_workers +++ /dev/null @@ -1,26 +0,0 @@ -deployment_type: prod -freezes: false -gw: 10.5.124.254 -ipa_client_shell_groups: - - sysadmin-qa -ipa_client_sudo_groups: - - sysadmin-qa -ipa_host_group: openqa-workers -ipa_host_group_desc: OpenQA worker hosts -nftables: true -openqa_env: production -openqa_env_prefix: -# this is because openqa staging isn't really a staging host -# we don't want to set env_suffix to stg on it because that may -# break some other plays, but we do need the env suffix for the -# fedora-messaging bits, so let's make our own -openqa_env_suffix: -openqa_hostname: openqa01.iad2.fedoraproject.org -openqa_key: "{{ prod_openqa_apikey }}" -# we are all NFS workers for now at least -openqa_nfs_worker: true -openqa_secret: "{{ prod_openqa_apisecret }}" -openqa_workers: 4 -primary_auth_source: ipa -# all worker hosts should be encrypted as of 2024-10 redeployment -openqa_nbde: true diff --git a/inventory/group_vars/openstack-compute b/inventory/group_vars/openstack-compute new file mode 100644 index 0000000000..0fed5183fd --- /dev/null +++ b/inventory/group_vars/openstack-compute @@ -0,0 +1,6 @@ +--- +host_group: openstack-compute +nrpe_procs_warn: 1100 +nrpe_procs_crit: 1200 +ansible_ifcfg_blacklist: true +baseiptables: False diff --git a/inventory/group_vars/openstack_compute b/inventory/group_vars/openstack_compute deleted file mode 100644 index be836c8918..0000000000 --- a/inventory/group_vars/openstack_compute +++ /dev/null @@ -1,5 +0,0 @@ ---- -baseiptables: False -host_group: openstack-compute -nrpe_procs_crit: 1200 -nrpe_procs_warn: 1100 diff --git a/inventory/group_vars/os b/inventory/group_vars/os new file mode 100644 index 0000000000..c2897f8658 --- /dev/null +++ b/inventory/group_vars/os @@ -0,0 +1,4 @@ +--- +host_group: os +baseiptables: False +no_http2: True diff --git a/inventory/group_vars/os-control b/inventory/group_vars/os-control new file mode 100644 index 0000000000..b63a1ba8c0 --- /dev/null +++ b/inventory/group_vars/os-control @@ -0,0 +1,4 @@ +--- + +os_url: os.fedoraproject.org +os_app_url: app.os.fedoraproject.org diff --git a/inventory/group_vars/os-control-stg b/inventory/group_vars/os-control-stg new file mode 100644 index 0000000000..63a4f230c3 --- /dev/null +++ b/inventory/group_vars/os-control-stg @@ -0,0 +1,4 @@ +--- + +os_url: os.stg.fedoraproject.org +os_app_url: app.os.stg.fedoraproject.org diff --git a/inventory/group_vars/os-masters b/inventory/group_vars/os-masters new file mode 100644 index 0000000000..b63a1ba8c0 --- /dev/null +++ b/inventory/group_vars/os-masters @@ -0,0 +1,4 @@ +--- + +os_url: os.fedoraproject.org +os_app_url: app.os.fedoraproject.org diff --git a/inventory/group_vars/os-masters-stg b/inventory/group_vars/os-masters-stg new file mode 100644 index 0000000000..3b850a08b4 --- /dev/null +++ b/inventory/group_vars/os-masters-stg @@ -0,0 +1,8 @@ +--- + +os_url: os.stg.fedoraproject.org +os_app_url: app.os.stg.fedoraproject.org + +nagios_Check_Services: + swap: false + nrpe: false diff --git a/inventory/group_vars/os-nodes b/inventory/group_vars/os-nodes new file mode 100644 index 0000000000..b63a1ba8c0 --- /dev/null +++ b/inventory/group_vars/os-nodes @@ -0,0 +1,4 @@ +--- + +os_url: os.fedoraproject.org +os_app_url: app.os.fedoraproject.org diff --git a/inventory/group_vars/os-nodes-stg b/inventory/group_vars/os-nodes-stg new file mode 100644 index 0000000000..3b850a08b4 --- /dev/null +++ b/inventory/group_vars/os-nodes-stg @@ -0,0 +1,8 @@ +--- + +os_url: os.stg.fedoraproject.org +os_app_url: app.os.stg.fedoraproject.org + +nagios_Check_Services: + swap: false + nrpe: false diff --git a/inventory/group_vars/os-stg b/inventory/group_vars/os-stg new file mode 100644 index 0000000000..c2897f8658 --- /dev/null +++ b/inventory/group_vars/os-stg @@ -0,0 +1,4 @@ +--- +host_group: os +baseiptables: False +no_http2: True diff --git a/inventory/group_vars/os_proxies b/inventory/group_vars/os_proxies deleted file mode 100644 index 97579daf6a..0000000000 --- a/inventory/group_vars/os_proxies +++ /dev/null @@ -1,24 +0,0 @@ ---- -custom_rules: [ - # Needed for keepalived - '-A INPUT -d 224.0.0.0/8 -j ACCEPT', '-A INPUT -p vrrp -j ACCEPT', - # machinectl api - '-A INPUT -p tcp --dport 22623 --src 38.145.48.0/27 -j ACCEPT'] -nft_custom_rules: - # Needed for keepalived - - 'add rule ip filter INPUT ip daddr 224.0.0.0/8 counter accept' - - 'add rule ip filter INPUT ip protocol vrrp counter accept' - # machinectl api - - 'add rule ip filter INPUT ip saddr 38.145.48.0/27 tcp dport 22623 counter accept' -datacenter: cloud -host_group: cloud -lvm_size: 20000 -mem_size: 8192 -num_cpus: 4 -tcp_ports: [ - # For os routers - 80, 443, - # For ks8 api - 6443, - # For haproxy status - 8080] diff --git a/inventory/group_vars/osbs b/inventory/group_vars/osbs new file mode 100644 index 0000000000..525fb26aa9 --- /dev/null +++ b/inventory/group_vars/osbs @@ -0,0 +1,33 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 60000 +mem_size: 8192 +num_cpus: 2 + +tcp_ports: [ 80, 443, 8443] + +fas_client_groups: sysadmin-releng,fi-apprentice,sysadmin-noc,sysadmin-veteran +sudoers: "{{ private }}/files/sudo/00releng-sudoers" + +docker_cert_dir: "/etc/docker/certs.d/candidate-registry.fedoraproject.org" +docker_registry: "candidate-registry.fedoraproject.org" +source_registry: "registry.fedoraproject.org" + +osbs_url: "osbs.fedoraproject.org" +osbs_koji_username: "kojibuilder" + +koji_url: "koji.fedoraproject.org" + +osbs_client_conf_path: /etc/osbs.conf + +baseiptables: False + +# docker images required by OpenShift Origin +openshift_required_images: + - "openshift/origin-pod" + +# fedora container images required by buildroot +fedora_required_images: + - "fedora:latest" + +nm_controlled_resolv: True diff --git a/inventory/group_vars/osbs-control b/inventory/group_vars/osbs-control new file mode 100644 index 0000000000..5777ead3da --- /dev/null +++ b/inventory/group_vars/osbs-control @@ -0,0 +1,6 @@ +--- +# Define resources for this group of hosts here. +fas_client_groups: sysadmin-releng,sysadmin-noc,sysadmin-veteran +sudoers: "{{ private }}/files/sudo/00releng-sudoers" + +osbs_url: "osbs.fedoraproject.org" diff --git a/inventory/group_vars/osbs-control-stg b/inventory/group_vars/osbs-control-stg new file mode 100644 index 0000000000..b6f29da32f --- /dev/null +++ b/inventory/group_vars/osbs-control-stg @@ -0,0 +1,6 @@ +--- +# Define resources for this group of hosts here. +fas_client_groups: sysadmin-releng,sysadmin-noc,sysadmin-veteran +sudoers: "{{ private }}/files/sudo/00releng-sudoers" + +osbs_url: "osbs.stg.fedoraproject.org" diff --git a/inventory/group_vars/osbs-masters b/inventory/group_vars/osbs-masters new file mode 100644 index 0000000000..127d511613 --- /dev/null +++ b/inventory/group_vars/osbs-masters @@ -0,0 +1,32 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 60000 +mem_size: 8192 +num_cpus: 2 + +tcp_ports: [ 80, 443, 8443] + +fas_client_groups: sysadmin-releng,fi-apprentice,sysadmin-noc,sysadmin-veteran +sudoers: "{{ private }}/files/sudo/00releng-sudoers" + +docker_cert_dir: "/etc/docker/certs.d/candidate-registry.fedoraproject.org" +source_registry: "registry.fedoraproject.org" +docker_registry: "candidate-registry.fedoraproject.org" + +osbs_url: "osbs.fedoraproject.org" +osbs_koji_username: "kojibuilder" + +koji_url: "koji.fedoraproject.org" + +osbs_client_conf_path: /etc/osbs.conf + +openshift_node_labels: {'region':'infra'} +openshift_schedulable: False + +nagios_Check_Services: + nrpe: true + sshd: true + named: false + dhcpd: false + httpd: false + swap: false diff --git a/inventory/group_vars/osbs-masters-stg b/inventory/group_vars/osbs-masters-stg new file mode 100644 index 0000000000..0ae00e72c1 --- /dev/null +++ b/inventory/group_vars/osbs-masters-stg @@ -0,0 +1,18 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 60000 +mem_size: 8192 +num_cpus: 2 + +tcp_ports: [ 80, 443, 8443] + +openshift_node_labels: {'region':'infra'} +openshift_schedulable: False + +nagios_Check_Services: + nrpe: true + sshd: true + named: false + dhcpd: false + httpd: false + swap: false diff --git a/inventory/group_vars/osbs-nodes b/inventory/group_vars/osbs-nodes new file mode 100644 index 0000000000..b05656f688 --- /dev/null +++ b/inventory/group_vars/osbs-nodes @@ -0,0 +1,29 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 60000 +mem_size: 8192 +num_cpus: 2 + +tcp_ports: [ 80, 443, 8443, 10250] + +fas_client_groups: sysadmin-releng,fi-apprentice,sysadmin-noc,sysadmin-veteran +sudoers: "{{ private }}/files/sudo/00releng-sudoers" + +docker_cert_dir: "/etc/docker/certs.d/candidate-registry.fedoraproject.org" +docker_registry: "candidate-registry.fedoraproject.org" +source_registry: "registry.fedoraproject.org" + +osbs_url: "osbs.fedoraproject.org" +osbs_koji_username: "kojibuilder" + +koji_url: "koji.fedoraproject.org" + +osbs_client_conf_path: /etc/osbs.conf + +nagios_Check_Services: + nrpe: true + sshd: true + named: false + dhcpd: false + httpd: false + swap: false diff --git a/inventory/group_vars/osbs-nodes-stg b/inventory/group_vars/osbs-nodes-stg new file mode 100644 index 0000000000..fd8002c4e8 --- /dev/null +++ b/inventory/group_vars/osbs-nodes-stg @@ -0,0 +1,17 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 60000 +mem_size: 8192 +num_cpus: 2 + +tcp_ports: [ 80, 443, 8443, 10250] + +openshift_node_labels: {'region': 'primary', 'zone': 'default'} + +nagios_Check_Services: + nrpe: true + sshd: true + named: false + dhcpd: false + httpd: false + swap: false diff --git a/inventory/group_vars/os_control_stg b/inventory/group_vars/osbs-orchestrators-stg similarity index 100% rename from inventory/group_vars/os_control_stg rename to inventory/group_vars/osbs-orchestrators-stg diff --git a/inventory/group_vars/osbs-stg b/inventory/group_vars/osbs-stg new file mode 100644 index 0000000000..e5650eed9a --- /dev/null +++ b/inventory/group_vars/osbs-stg @@ -0,0 +1,145 @@ +--- + +baseiptables: False + +fas_client_groups: sysadmin-releng,fi-apprentice,sysadmin-noc,sysadmin-veteran +sudoers: "{{ private }}/files/sudo/00releng-sudoers" + +docker_cert_dir: "/etc/docker/certs.d/candidate-registry.stg.fedoraproject.org" +stable_registry: "registry.stg.fedoraproject.org" +candidate_registry: "candidate-registry.stg.fedoraproject.org" + +osbs_url: "osbs.stg.fedoraproject.org" +osbsworker_x86_64_url: "osbsworker-x86-64.stg.fedoraproject.org" + +koji_url: "koji.stg.fedoraproject.org" + +osbs_builder_user: builder +koji_builder_user: dockerbuilder + +osbs_client_conf_path: /etc/osbs.conf + + +# openshift-ansible variables + +# Need to use this special branch on my fork for stage until these are merged +# upstream and backported to the release-3.6 branch +# +# https://github.com/openshift/openshift-ansible/pull/5101 +# https://github.com/openshift/openshift-ansible/pull/5129 +oa_version: 3.6-add-dnf-support + +oa_ssh_user: root +oa_install_examples: false +oa_containerized_deploy: false +oa_auth_profile: osbs +oa_debug_level: 2 +oa_htpasswd_file: /etc/origin/htpasswd +origin_release: v3.6.0 + +osbs_koji_username: "kojibuilder_stg" + +openshift_home: /var/lib/origin +generated_config_path: /tmp + +osbs_admin: true + +osbs_orchestrator_service_accounts: +- worker +- orchestrator +- metrics + +os_cpu_limitrange: '200m' + +# FIXME + +osbs_orchestrator: false + +osbs_worker_namespace: "worker" +osbs_orchestrator_namespace: "osbs" + +osbs_worker_service_accounts: +- worker +- orchestrator + +worker_clusters: + x86_64: + - name: osbsworker-x86-64 + max_concurrent_builds: 12 + openshift_url: "https://{{ osbsworker_x86_64_url }}" + verify_ssl: 'false' + artifacts_allowed_domains: + - "{{stable_registry}}" + - "{{candidate_registry}}" + +koji_hub: "https://{{koji_url}}/kojihub" +koji_root: "https://{{koji_url}}/koji" + +osbs_pulp_registry_name: brew-prod + +osbs_registry_uri: "https://{{candidate_registry}}/v2" + +osbs_source_registry_uri: http://brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888 + +koji_secret_name: kojisecret +distribution_scope: public +authoritative_registry: "{{ stable_registry }}" +registry_api_versions: +- v2 +registry_secret_name: v2-registry-dockercfg +build_json_dir: /usr/share/osbs +sources_command: fedpkg sources +vendor: Fedora Project + +osbs_manage_firewalld: false + +kubeconfig_path: /etc/origin/master/admin.kubeconfig +osbs_env: + HOME: "{{ lookup('env', 'HOME') }}" + KUBECONFIG: "{{ osbs_kubeconfig_path }}" + +osbs_orchestrator_readonly_users: +- "system:serviceaccount:{{ osbs_orchestrator_namespace }}:metrics" +osbs_orchestrator_readonly_groups: +- "system:authenticated" +osbs_orchestrator_readwrite_groups: [] +osbs_orchestrator_readwrite_users: +- "{{ ansible_hostname }}" +- "system:serviceaccount:{{ osbs_orchestrator_namespace }}:default" +- "system:serviceaccount:{{ osbs_orchestrator_namespace }}:builder" + +osbs_worker_readonly_users: +- "system:serviceaccount:{{ osbs_worker_namespace }}:metrics" +osbs_worker_readonly_groups: +- "system:authenticated" +osbs_worker_readwrite_groups: [] +osbs_worker_readwrite_users: +- "{{ ansible_hostname }}" +- "system:serviceaccount:{{ osbs_worker_namespace }}:default" +- "system:serviceaccount:{{ osbs_worker_namespace }}:builder" + +os_admin_users: +- kevin +- puiterwijk +- maxamillion +- dgilmore +- kojibuilder_stg + +os_admin_groups: [] +osbs_nodes: "{{ groups['osbs-orchestrator-' + env + '-nodes'] }}" + +#nodeselectors +osbs_orchestrator_default_nodeselector: "orchestrator=true" +osbs_orchestrator_nodeselector_labels: "'orchestrator': 'true'" +osbs_worker_default_nodeselector: "worker=true" +osbs_worker_nodeselector_labels: "'worker': 'true'" + +# fedora container images required by buildroot +fedora_required_images: + - "fedora:latest" + +# docker images required by OpenShift Origin +openshift_required_images: + - "openshift/origin-pod" + +nm_controlled_resolv: True diff --git a/inventory/group_vars/osbsworker-masters-stg b/inventory/group_vars/osbsworker-masters-stg new file mode 100644 index 0000000000..e43099e455 --- /dev/null +++ b/inventory/group_vars/osbsworker-masters-stg @@ -0,0 +1,32 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 60000 +mem_size: 8192 +num_cpus: 2 + +tcp_ports: [ 80, 443, 8443] + +fas_client_groups: sysadmin-releng,fi-apprentice,sysadmin-noc,sysadmin-veteran +sudoers: "{{ private }}/files/sudo/00releng-sudoers" + +docker_cert_dir: "/etc/docker/certs.d/candidate-registry.stg.fedoraproject.org" +source_registry: "registry.stg.fedoraproject.org" +docker_registry: "candidate-registry.stg.fedoraproject.org" + +osbs_url: "osbs.stg.fedoraproject.org" +osbs_koji_username: "kojibuilder_stg" + +koji_url: "koji.stg.fedoraproject.org" + +osbs_client_conf_path: /etc/osbs.conf + +openshift_node_labels: {'region':'infra'} +openshift_schedulable: False + +nagios_Check_Services: + nrpe: true + sshd: true + named: false + dhcpd: false + httpd: false + swap: false diff --git a/inventory/group_vars/osbsworker-nodes-stg b/inventory/group_vars/osbsworker-nodes-stg new file mode 100644 index 0000000000..18c7761c26 --- /dev/null +++ b/inventory/group_vars/osbsworker-nodes-stg @@ -0,0 +1,31 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 60000 +mem_size: 8192 +num_cpus: 2 + +tcp_ports: [ 80, 443, 8443, 10250] + +fas_client_groups: sysadmin-releng,fi-apprentice,sysadmin-noc,sysadmin-veteran +sudoers: "{{ private }}/files/sudo/00releng-sudoers" + +docker_cert_dir: "/etc/docker/certs.d/candidate-registry.stg.fedoraproject.org" +source_registry: "registry.stg.fedoraproject.org" +docker_registry: "candidate-registry.stg.fedoraproject.org" + +osbs_url: "osbs.stg.fedoraproject.org" +osbs_koji_username: "kojibuilder_stg" + +koji_url: "koji.stg.fedoraproject.org" + +osbs_client_conf_path: /etc/osbs.conf + +openshift_node_labels: {'region': 'primary', 'zone': 'default'} + +nagios_Check_Services: + nrpe: true + sshd: true + named: false + dhcpd: false + httpd: false + swap: false diff --git a/inventory/group_vars/osbsworker-x86-64-masters-stg b/inventory/group_vars/osbsworker-x86-64-masters-stg new file mode 100644 index 0000000000..629928e5ba --- /dev/null +++ b/inventory/group_vars/osbsworker-x86-64-masters-stg @@ -0,0 +1,10 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 60000 +mem_size: 8192 +num_cpus: 2 + +tcp_ports: [ 80, 443, 8443] + +openshift_node_labels: {'region':'infra'} +openshift_schedulable: False diff --git a/inventory/group_vars/osbsworker-x86-64-nodes-stg b/inventory/group_vars/osbsworker-x86-64-nodes-stg new file mode 100644 index 0000000000..54de320771 --- /dev/null +++ b/inventory/group_vars/osbsworker-x86-64-nodes-stg @@ -0,0 +1,9 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 60000 +mem_size: 8192 +num_cpus: 2 + +tcp_ports: [ 80, 443, 8443, 10250] + +openshift_node_labels: {'region': 'primary', 'zone': 'default'} diff --git a/inventory/group_vars/packages b/inventory/group_vars/packages new file mode 100644 index 0000000000..fe4575d711 --- /dev/null +++ b/inventory/group_vars/packages @@ -0,0 +1,32 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 100000 +mem_size: 8192 +num_cpus: 4 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file +virt_install_command: "{{ virt_install_command_rhel6 }}" + +tcp_ports: [ 80, 443, + # This is for glusterd + 6996, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log + +freezes: false +pythonsitelib: /usr/lib/python2.6/site-packages diff --git a/inventory/group_vars/packages-stg b/inventory/group_vars/packages-stg new file mode 100644 index 0000000000..4ace01856a --- /dev/null +++ b/inventory/group_vars/packages-stg @@ -0,0 +1,29 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 80000 +mem_size: 4096 +num_cpus: 4 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file +virt_install_command: "{{ virt_install_command_rhel6 }}" + +tcp_ports: [ 80, 443, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-web,fi-apprentice,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log + +pythonsitelib: /usr/lib/python2.7/site-packages diff --git a/inventory/group_vars/pagure b/inventory/group_vars/pagure index 057dbea606..a5271a26de 100644 --- a/inventory/group_vars/pagure +++ b/inventory/group_vars/pagure @@ -1,79 +1,90 @@ --- # Define resources for this group of hosts here. -# Block some ips that are using too mauch resources -custom_rules: [ - '-A INPUT -s 81.69.171.38/32 -j REJECT', - '-A INPUT -s 175.24.248.206/32 -j REJECT', - '-A INPUT -s 47.76.209.138/32 -j REJECT', - '-A INPUT -s 47.76.99.127/32 -j REJECT' -] -nft_block_rules: - - 'add rule ip filter INPUT ip saddr 81.69.171.38 counter reject' - - 'add rule ip filter INPUT ip saddr 175.24.248.206 counter reject' - - 'add rule ip filter INPUT ip saddr 47.76.0.0/14 counter reject' - - 'add rule ip filter INPUT ip saddr 47.80.0.0/13 counter reject' - - 'add rule ip filter INPUT ip saddr 47.74.0.0/15 counter reject' - - 'add rule ip filter INPUT ip saddr 66.249.64.0/24 counter reject' - - 'add rule ip filter INPUT ip saddr 43.134.64.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.134.0.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.134.224.0/19 counter reject' - - 'add rule ip filter INPUT ip saddr 43.159.41.0/24 counter reject' - - 'add rule ip filter INPUT ip saddr 43.163.8.0/24 counter reject' - - 'add rule ip filter INPUT ip saddr 43.128.64.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.156.0.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.128.64.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.133.32.0/19 counter reject' - - 'add rule ip filter INPUT ip saddr 43.134.128.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.159.37.0/24 counter reject' - - 'add rule ip filter INPUT ip saddr 43.153.192.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.159.32.0/24 counter reject' - - 'add rule ip filter INPUT ip saddr 43.156.64.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.163.0.0/24 counter reject' - - 'add rule ip filter INPUT ip saddr 14.153.15.174 counter reject' - - 'add rule ip filter INPUT ip saddr 47.246.0.0/16 counter reject' - - 'add rule ip filter INPUT ip saddr 47.236.0.0/14 counter reject' - - 'add rule ip filter INPUT ip saddr 47.235.0.0/16 counter reject' - - 'add rule ip filter INPUT ip saddr 47.240.0.0/14 counter reject' - - 'add rule ip filter INPUT ip saddr 47.244.0.0/15 counter reject' -# For the MOTD -db_backup_dir: ['/backups'] -dbs_to_backup: ['pagure'] -env: pagure -freezes: true -host_backup_targets: ['/srv/git', '/var/www/releases'] -ipa_client_shell_groups: - - sysadmin-noc - - sysadmin-web - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-web -ipa_host_group: pagure -ipa_host_group_desc: Pagure GIT Forge -lvm_size: 750000 -max_mem_size: 131072 -mem_size: 65536 -num_cpus: 48 -postfix_group: vpn.pagure -primary_auth_source: ipa -sshd_config: ssh/sshd_config.pagure -sshd_keyhelper: true -stunnel_destination_port: :::8080 -stunnel_service: "eventsource" -stunnel_source_port: 8088 +lvm_size: 250000 +mem_size: 16384 +num_cpus: 6 + # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file -tcp_ports: [22, 25, 80, 443, 8442, 8443, 8444, 8445, - # Used for the eventsource - 8088] -vpn: true -notes: | - Run the pagure instances for fedora +tcp_ports: [ 22, 25, 80, 443, 9418, + # Used for the eventsource + 8088, + # This is for the pagure public fedmsg relay + 9940] - There are a few things running here: - * The apache/mod_wsgi app for pagure - * This host relies on: - * A postgres db server running locally +stunnel_service: "eventsource" +stunnel_source_port: 8088 +stunnel_destination_port: 8080 - Things that rely on this host: - * nothing currently +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: pagure + owner: git + group: apache + can_send: + - pagure.issue.assigned.added + - pagure.issue.assigned.reset + - pagure.issue.comment.added + - pagure.issue.dependency.added + - pagure.issue.dependency.removed + - pagure.issue.edit + - pagure.issue.new + - pagure.issue.drop + - pagure.issue.tag.added + - pagure.issue.tag.removed + - pagure.project.edit + - pagure.project.forked + - pagure.project.group.added + - pagure.project.new + - pagure.project.tag.edited + - pagure.project.tag.removed + - pagure.project.user.added + - pagure.pull-request.closed + - pagure.pull-request.comment.added + - pagure.pull-request.flag.added + - pagure.pull-request.flag.updated + - pagure.pull-request.new + - pagure.request.assigned.added + - pagure.git.receive + + +fedmsg_prefix: io.pagure +fedmsg_env: prod + +fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-veteran + +freezes: true +postfix_group: vpn.pagure + +host_backup_targets: ['/srv/git', '/var/www/releases'] +db_backup_dir: ['/backups'] +dbs_to_backup: ['pagure'] + +# Configuration for the git-daemon/server +git_group: git +git_port: 9418 +git_server: /usr/libexec/git-core/git-daemon +git_server_args: --export-all --syslog --inetd --verbose +git_basepath: /srv/git/repositories +git_daemon_user: git + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Fedora admins - admin@fedoraproject.org +csi_purpose: Run the pagure instances for fedora +csi_relationship: | + There are a few things running here: + + - The apache/mod_wsgi app for pagure + + - This host relies on: + - A postgres db server running locally + + - Things that rely on this host: + - nothing currently diff --git a/inventory/group_vars/pagure-stg b/inventory/group_vars/pagure-stg new file mode 100644 index 0000000000..3c54e5b460 --- /dev/null +++ b/inventory/group_vars/pagure-stg @@ -0,0 +1,84 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 8192 +num_cpus: 4 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 22, 25, 80, 443, 9418, + # Used for the eventsource server + 8088, + # This is for the pagure public fedmsg relay + 9940] + +stunnel_service: "eventsource" +stunnel_source_port: 8088 +stunnel_destination_port: 8080 + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: pagure + owner: git + group: apache + can_send: + - pagure.issue.assigned.added + - pagure.issue.assigned.reset + - pagure.issue.comment.added + - pagure.issue.dependency.added + - pagure.issue.dependency.removed + - pagure.issue.edit + - pagure.issue.new + - pagure.issue.drop + - pagure.issue.tag.added + - pagure.issue.tag.removed + - pagure.project.edit + - pagure.project.forked + - pagure.project.new + - pagure.project.tag.edited + - pagure.project.tag.removed + - pagure.project.user.added + - pagure.pull-request.closed + - pagure.pull-request.comment.added + - pagure.pull-request.flag.added + - pagure.pull-request.flag.updated + - pagure.request.assigned.added + - pagure.pull-request.new + +fedmsg_prefix: io.pagure +fedmsg_env: stg + +fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-veteran + +freezes: false +env: pagure-staging +postfix_group: vpn.pagure-stg + +# Configuration for the git-daemon/server +git_group: git +git_port: 9418 +git_server: /usr/libexec/git-core/git-daemon +git_server_args: --export-all --syslog --inetd --verbose +git_basepath: /srv/git/repositories +git_daemon_user: git + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Fedora admins - admin@fedoraproject.org +csi_purpose: Run the pagure instances for fedora +csi_relationship: | + There are a few things running here: + + - The apache/mod_wsgi app for pagure + + - This host relies on: + - A postgres db server running locally + + - Things that rely on this host: + - nothing currently diff --git a/inventory/group_vars/pagure_stg b/inventory/group_vars/pagure_stg deleted file mode 100644 index efb93408a9..0000000000 --- a/inventory/group_vars/pagure_stg +++ /dev/null @@ -1,45 +0,0 @@ ---- -# Define resources for this group of hosts here. -# For the MOTD -env: pagure-staging -freezes: false -git_basepath: /srv/git/repositories -git_daemon_user: git -# Configuration for the git-daemon/server -git_group: git -git_port: 9418 -git_server: /usr/libexec/git-core/git-daemon -git_server_args: --export-all --syslog --inetd --verbose -ipa_client_shell_groups: - - sysadmin-noc - - sysadmin-web - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-web -ipa_host_group: pagure -ipa_host_group_desc: Pagure GIT Forge -lvm_size: 50000 -mem_size: 8192 -num_cpus: 4 -postfix_group: vpn.pagure-stg -sshd_config: ssh/sshd_config.pagure -sshd_keyhelper: true -stunnel_destination_port: 8080 -stunnel_service: "eventsource" -stunnel_source_port: :::8088 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [22, 25, 80, 443, 9418, - # Used for the eventsource server - 8088] -vpn: true - -notes: | - Run the pagure instances for fedora - - There are a few things running here: - * The apache/mod_wsgi app for pagure - * This host relies on: - * A postgres db server running locally - * Things that rely on this host: - * nothing currently diff --git a/inventory/group_vars/pdc-backend b/inventory/group_vars/pdc-backend new file mode 100644 index 0000000000..97720e7ac3 --- /dev/null +++ b/inventory/group_vars/pdc-backend @@ -0,0 +1,41 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +host_group: pdc-backend + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [] + +fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-datanommer,sysadmin-mbs,sysadmin-veteran + +# See the host_vars files for the value of fedmsg_error_recipients here + +csi_security_category: Moderate +csi_primary_contact: Ralph Bean +csi_purpose: fedmsg-hub daemon that ferries data from fedmsg to PDC. +csi_relationship: | + NOTICE - The three pdc-backend do *different* things. They all run a + fedmsg-hub daemon that loads the pdc-updater consumer plugin. However, the + pdc-updater plugin is configured to do different things in each place. + + On pdc-updater01, the compose handler is enabled which listens for new pungi + composes, and stores them in PDC. Fedora QE uses this data. The consumer + has only a single thread enabled to avoid OOMing itself with more than one + compose at a time. + + On pdc-updater02, the modularity handlers are enabled which listen for MBS + activity, and store that in PDC. pdc-updater02 also hosts the retirement + handler which listens to dist-git for new dead.package files, and propagates + the retirement to PDC (by prematurely EOLing the branch). Multiple threads are + enabled so that it can work more efficiently on these smaller tasks. + + On pdc-updater03, the dep chain handlers are enabled which listen for koji + messages and store dep chain information in PDC, like what rpms depend on what + other rpms at build time, and what containers depend on what rpms, etc.. + Multiple threads are enabled so that it can work more efficiently on these + smaller tasks. diff --git a/inventory/group_vars/pdc-backend-stg b/inventory/group_vars/pdc-backend-stg new file mode 100644 index 0000000000..425ca623ef --- /dev/null +++ b/inventory/group_vars/pdc-backend-stg @@ -0,0 +1,33 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 1 + +host_group: pdc-backend + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [] + +fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-datanommer,sysadmin-mbs,sysadmin-veteran + +# See the host_vars files for the value of fedmsg_error_recipients here + +csi_security_category: Moderate +csi_primary_contact: Ralph Bean +csi_purpose: fedmsg-hub daemon that ferries data from fedmsg to PDC. +csi_relationship: | + NOTICE - pdc-backend01 and pdc-backend02 do *different* things. They both run + a fedmsg-hub daemon that loads the pdc-updater consumer plugin. However, the + pdc-updater plugin is configured to do different things in each place. + + On pdc-updater01, the compose handler is enabled which listens for new pungi + composes, and stores them in PDC. Fedora QE uses this data. The consumer + has only a single thread enabled to avoid OOMing itself with more than one + compose at a time. + + On pdc-updater02, the dep chain and modularity handlers are enabled which + listen for koji and MBS activity, and store that in PDC. Multiple threads + are enabled so that it can work more efficiently on these smaller tasks. diff --git a/inventory/group_vars/pdc-web b/inventory/group_vars/pdc-web new file mode 100644 index 0000000000..478fcbffcb --- /dev/null +++ b/inventory/group_vars/pdc-web @@ -0,0 +1,35 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 8192 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +wsgi_fedmsg_service: pdc +wsgi_procs: 2 +wsgi_threads: 2 + +tcp_ports: [ 80 ] + +fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs,sysadmin-veteran + +# This just defines the CN of the saml2 cert we pull from the private repo +# Don't be confused. The app is actually served at apps.stg.fp.o/pdc +pdc_domain: pdc.fedoraproject.org + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: pdc + owner: root + group: apache + can_send: + - pdc.compose + - pdc.rpms + - pdc.images diff --git a/inventory/group_vars/pdc-web-stg b/inventory/group_vars/pdc-web-stg new file mode 100644 index 0000000000..9c74bf2167 --- /dev/null +++ b/inventory/group_vars/pdc-web-stg @@ -0,0 +1,35 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 4098 +num_cpus: 1 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +wsgi_fedmsg_service: pdc +wsgi_procs: 2 +wsgi_threads: 2 + +tcp_ports: [ 80 ] + +fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs,sysadmin-veteran + +# This just defines the CN of the saml2 cert we pull from the private repo +# Don't be confused. The app is actually served at apps.stg.fp.o/pdc +pdc_domain: pdc.stg.fedoraproject.org + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: pdc + owner: root + group: apache + can_send: + - pdc.compose + - pdc.rpms + - pdc.images diff --git a/inventory/group_vars/people b/inventory/group_vars/people index 0d8398988a..b4e993021d 100644 --- a/inventory/group_vars/people +++ b/inventory/group_vars/people @@ -1,32 +1,42 @@ --- -blocked_ips: [] clamscan_mailto: admin@fedoraproject.org clamscan_paths: - - /srv/ -# For the MOTD +- /srv/ + # Neeed for rsync from log01 for logs. -custom_rules: ['-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'] -nft_custom_rules: ['add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept'] -git_basepath: / -git_daemon_user: nobody +custom_rules: [ '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + git_port: 9418 git_server: /usr/libexec/git-core/git-daemon git_server_args: --export-all --syslog --inetd --verbose -# fedora-contributors is an umbrella group containing all others -ipa_client_shell_groups: - - fedora-contributor -ipa_client_sudo_groups: - - sysadmin-tools -ipa_host_group: people -ipa_host_group_desc: A place for people to host things -primary_auth_source: ipa -vpn: true +git_basepath: / +git_daemon_user: nobody -notes: | - * Provide hosting space for Fedora contributors and Fedora Planet - * shell accounts and web space for fedora contributors - * web space for personal yum repos - * shared space for small group/personal git repos +fas_client_groups: "@all" + +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: planet + owner: root + group: planet-user + can_send: + - planet.post.new + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Fedora admins - admin@fedoraproject.org +csi_purpose: Provide hosting space for Fedora contributors and Fedora Planet + +csi_relationship: | + - shell accounts and web space for fedora contributors + - web space for personal yum repos + - shared space for small group/personal git repos + + Please be aware that this is a shared server, and you should not upload + Private/Secret SSH or GPG keys onto this system. Any such keys found + will be deleted. - Please be aware that this is a shared server, and you should not upload Private/Secret SSH or GPG keys onto this system. - Any such keys found will be deleted. diff --git a/inventory/group_vars/persistent-cloud b/inventory/group_vars/persistent-cloud new file mode 100644 index 0000000000..954d613a97 --- /dev/null +++ b/inventory/group_vars/persistent-cloud @@ -0,0 +1,3 @@ +--- +freezes: false +datacenter: cloud diff --git a/inventory/group_vars/persistent_cloud b/inventory/group_vars/persistent_cloud deleted file mode 100644 index 8265770a2a..0000000000 --- a/inventory/group_vars/persistent_cloud +++ /dev/null @@ -1,3 +0,0 @@ ---- -datacenter: cloud -freezes: false diff --git a/inventory/group_vars/piwik-stg b/inventory/group_vars/piwik-stg new file mode 100644 index 0000000000..44d9280ef3 --- /dev/null +++ b/inventory/group_vars/piwik-stg @@ -0,0 +1,8 @@ +--- +lvm_size: 20000 +mem_size: 8192 +# probably 4 in prod: +num_cpus: 2 + +tcp_ports: [ 80 ] +fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-veteran diff --git a/inventory/group_vars/pkgdb b/inventory/group_vars/pkgdb new file mode 100644 index 0000000000..dc034f37de --- /dev/null +++ b/inventory/group_vars/pkgdb @@ -0,0 +1,49 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 4096 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +wsgi_fedmsg_service: pkgdb2 +wsgi_procs: 3 +wsgi_threads: 2 + +tcp_ports: [ 80 ] + +fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-releng,sysadmin-cvs,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: pkgdb + owner: root + group: apache + alias: pkgdb2 + can_send: + - pkgdb.acl.delete + - pkgdb.acl.update + - pkgdb.admin.action.status.update + - pkgdb.branch.complete + - pkgdb.branch.start + - pkgdb.collection.new + - pkgdb.collection.update + - pkgdb.owner.update + - pkgdb.package.branch.delete + - pkgdb.package.branch.new + - pkgdb.package.branch.request + - pkgdb.package.critpath.update + - pkgdb.package.delete + - pkgdb.package.monitor.update + - pkgdb.package.koschei.update + - pkgdb.package.new + - pkgdb.package.new.request + - pkgdb.package.unretire.request + - pkgdb.package.update + - pkgdb.package.update.status diff --git a/inventory/group_vars/pkgdb-stg b/inventory/group_vars/pkgdb-stg new file mode 100644 index 0000000000..a55e3bd892 --- /dev/null +++ b/inventory/group_vars/pkgdb-stg @@ -0,0 +1,49 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 4096 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +wsgi_fedmsg_service: pkgdb2 +wsgi_procs: 2 +wsgi_threads: 2 + +tcp_ports: [ 80 ] + +fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-releng,sysadmin-cvs,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: pkgdb + owner: root + group: apache + alias: pkgdb2 + can_send: + - pkgdb.acl.delete + - pkgdb.acl.update + - pkgdb.admin.action.status.update + - pkgdb.branch.complete + - pkgdb.branch.start + - pkgdb.collection.new + - pkgdb.collection.update + - pkgdb.owner.update + - pkgdb.package.branch.delete + - pkgdb.package.branch.new + - pkgdb.package.branch.request + - pkgdb.package.critpath.update + - pkgdb.package.delete + - pkgdb.package.monitor.update + - pkgdb.package.koschei.update + - pkgdb.package.new + - pkgdb.package.new.request + - pkgdb.package.unretire.request + - pkgdb.package.update + - pkgdb.package.update.status diff --git a/inventory/group_vars/pkgs b/inventory/group_vars/pkgs index 000f4a3edb..4263f90eec 100644 --- a/inventory/group_vars/pkgs +++ b/inventory/group_vars/pkgs @@ -1,47 +1,106 @@ --- -clamscan_excludes: - - clamav- - - amavisd-new-2.3.3.tar.gz - - bro-20080804.tgz - - mailman- - - sagator- - - nicotine - - fwsnort-1.0.6.tar.gz - - psad-2.1.7.tar.bz2 - - pymilter- - - linkchecker- - - julia-0.3.7.tar.gz - - jbossws-cxf-5.1.5.Final.zip - - wss4j-2.1.5-source-release.zip - - python-impacket-0.9.14-67fc19e.tar.gz - - gdk-pixbuf- -clamscan_mailto: admin@fedoraproject.org -clamscan_paths: - - /srv/cache/lookaside/pkgs +lvm_size: 100000 +mem_size: 4096 +num_cpus: 4 + +tcp_ports: [80, 443, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +custom_rules: [ '-A INPUT -p tcp -m tcp --dport 9418 -j ACCEPT'] + # We have both celery (pagure_worker) and web thread wanting to send out fedmsg's. # To make things easy on the listening side (so avoid contention of binding ports), let's set the pkgs boxes to active fedmsg. -# -# This host is externally reachable -# -external: true -ipa_client_shell_groups: - - packager - - sysadmin-cvs - - sysadmin-main - - sysadmin-noc - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-cvs - - sysadmin-main -ipa_host_group: pkgs -lvm_size: 500000 -max_mem_size: 32768 -mem_size: 32768 -num_cpus: 8 -pagure_static_uid: 600 -primary_auth_source: ipa -sshd_keyhelper: true -tcp_ports: [80, 443] -# There vars are used to configure mod_wsgi -wsgi_procs: 10 -wsgi_threads: 6 +fedmsg_active: True + +# Definining these vars has a number of effects +# 1) mod_wsgi is configured to use the vars for its own setup +# 2) iptables opens enough ports for all threads for fedmsg +# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads +wsgi_fedmsg_service: pagure +wsgi_procs: 4 +wsgi_threads: 4 + +fas_client_groups: sysadmin-main,sysadmin-cvs,sysadmin-build,sysadmin-noc,sysadmin-veteran +fas_client_restricted_app: PAGURE_CONFIG=/etc/pagure/pagure_hook.cfg HOME=/srv/git /usr/share/gitolite3/gitolite-shell %(username)s +fas_client_admin_app: PAGURE_CONFIG=/etc/pagure/pagure_hook.cfg HOME=/srv/git /usr/share/gitolite3/gitolite-shell -s %(username)s +fas_client_ssh_groups: "@cvs,sysadmin-main,sysadmin-cvs,sysadmin-releng,sysadmin-noc,sysadmin-veteran" +admin_groups: "@sysadmin-cvs @sysadmin-releng @sysadmin-noc @sysadmin-veteran" + +git_group: packager +git_port: 9418 +git_server: /usr/libexec/git-core/git-daemon +git_server_args: --export-all --syslog --inetd --verbose +git_basepath: /srv/git/repositories +git_daemon_user: nobody + +clamscan_mailto: admin@fedoraproject.org +clamscan_paths: +- /srv/cache/lookaside/pkgs +clamscan_excludes: +- clamav- +- amavisd-new-2.3.3.tar.gz +- bro-20080804.tgz +- mailman- +- sagator- +- nicotine +- fwsnort-1.0.6.tar.gz +- psad-2.1.7.tar.bz2 +- pymilter- +- linkchecker- +- julia-0.3.7.tar.gz +- jbossws-cxf-5.1.5.Final.zip +- wss4j-2.1.5-source-release.zip +- python-impacket-0.9.14-67fc19e.tar.gz + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - git.branch + - git.mass_branch.complete + - git.mass_branch.start + - git.pkgdb2branch.complete + - git.pkgdb2branch.start + - logger.log +- service: scm + owner: root + group: packager + can_send: + - git.receive +- service: lookaside + owner: root + group: apache + can_send: + - git.lookaside.new +- service: pagure + owner: pagure + group: apache + can_send: + - pagure.issue.assigned.added + - pagure.issue.assigned.reset + - pagure.issue.comment.added + - pagure.issue.dependency.added + - pagure.issue.dependency.removed + - pagure.issue.edit + - pagure.issue.new + - pagure.issue.tag.added + - pagure.issue.tag.removed + - pagure.project.edit + - pagure.project.forked + - pagure.project.group.added + - pagure.project.new + - pagure.project.tag.edited + - pagure.project.tag.removed + - pagure.project.user.added + - pagure.pull-request.closed + - pagure.pull-request.comment.added + - pagure.pull-request.flag.added + - pagure.pull-request.flag.updated + - pagure.pull-request.new + - pagure.request.assigned.added + - pagure.git.receive + diff --git a/inventory/group_vars/pkgs-stg b/inventory/group_vars/pkgs-stg new file mode 100644 index 0000000000..e4a18e47ae --- /dev/null +++ b/inventory/group_vars/pkgs-stg @@ -0,0 +1,106 @@ +--- +lvm_size: 100000 +mem_size: 4096 +num_cpus: 4 + +tcp_ports: [80, 443, 9418, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +# Definining these vars has a number of effects +# 1) mod_wsgi is configured to use the vars for its own setup +# 2) iptables opens enough ports for all threads for fedmsg +# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads +wsgi_fedmsg_service: pagure +wsgi_procs: 4 +wsgi_threads: 4 + +# We have both celery (pagure_worker) and web thread wanting to send out fedmsg's. +# To make things easy on the listening side (so avoid contention of binding ports), let's set the pkgs boxes to active fedmsg. +fedmsg_active: True + +fas_client_groups: sysadmin-main,sysadmin-cvs,sysadmin-releng,sysadmin-noc,sysadmin-veteran +fas_client_restricted_app: PAGURE_CONFIG=/etc/pagure/pagure_hook.cfg HOME=/srv/git /usr/share/gitolite3/gitolite-shell %(username)s +fas_client_admin_app: PAGURE_CONFIG=/etc/pagure/pagure_hook.cfg HOME=/srv/git /usr/share/gitolite3/gitolite-shell -s %(username)s +fas_client_ssh_groups: "@cvs,sysadmin-main,sysadmin-cvs,sysadmin-releng,sysadmin-noc,sysadmin-veteran" +admin_groups: "@sysadmin-cvs @sysadmin-releng @sysadmin-noc @sysadmin-veteran" + +git_group: packager +git_port: 9418 +git_server: /usr/libexec/git-core/git-daemon +git_server_args: --export-all --syslog --inetd --verbose +git_basepath: /srv/git/repositories +git_daemon_user: nobody + +clamscan_mailto: admin@fedoraproject.org +clamscan_paths: +- /srv/cache/lookaside/pkgs +clamscan_excludes: +- clamav- +- amavisd-new-2.3.3.tar.gz +- bro-20080804.tgz +- mailman- +- sagator- +- nicotine +- fwsnort-1.0.6.tar.gz +- psad-2.1.7.tar.bz2 +- pymilter- +- linkchecker- +- julia-0.3.7.tar.gz + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log + - git.branch + - git.mass_branch.complete + - git.mass_branch.start + - git.pkgdb2branch.complete + - git.pkgdb2branch.start +- service: scm + owner: root + group: packager + can_send: + - git.branch + - git.mass_branch.complete + - git.mass_branch.start + - git.pkgdb2branch.complete + - git.pkgdb2branch.start + - git.receive +- service: lookaside + owner: root + group: apache + can_send: + - git.lookaside.new +- service: pagure + owner: pagure + group: apache + can_send: + - pagure.issue.assigned.added + - pagure.issue.assigned.reset + - pagure.issue.comment.added + - pagure.issue.dependency.added + - pagure.issue.dependency.removed + - pagure.issue.edit + - pagure.issue.new + - pagure.issue.tag.added + - pagure.issue.tag.removed + - pagure.project.edit + - pagure.project.forked + - pagure.project.group.added + - pagure.project.new + - pagure.project.tag.edited + - pagure.project.tag.removed + - pagure.project.user.added + - pagure.pull-request.closed + - pagure.pull-request.comment.added + - pagure.pull-request.flag.added + - pagure.pull-request.flag.updated + - pagure.pull-request.new + - pagure.request.assigned.added + - pagure.git.receive + diff --git a/inventory/group_vars/pkgs_stg b/inventory/group_vars/pkgs_stg deleted file mode 100644 index cb6d74b002..0000000000 --- a/inventory/group_vars/pkgs_stg +++ /dev/null @@ -1,43 +0,0 @@ ---- -clamscan_excludes: - - clamav- - - amavisd-new-2.3.3.tar.gz - - bro-20080804.tgz - - mailman- - - sagator- - - nicotine - - fwsnort-1.0.6.tar.gz - - psad-2.1.7.tar.bz2 - - pymilter- - - linkchecker- - - julia-0.3.7.tar.gz -clamscan_mailto: admin@fedoraproject.org -clamscan_paths: - - /srv/cache/lookaside/pkgs -# We have both celery (pagure_worker) and web thread wanting to send out fedmsg's. -# To make things easy on the listening side (so avoid contention of binding ports), let's set the pkgs boxes to active fedmsg. -# -# This host is externally reachable -# -external: true -ipa_client_shell_groups: - - packager - - sysadmin-cvs - - sysadmin-main - - sysadmin-noc - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-cvs - - sysadmin-main -ipa_host_group: pkgs -lvm_size: 500000 -max_mem_size: 32768 -mem_size: 16384 -num_cpus: 8 -pagure_static_uid: 600 -# Configures ssh for git@ user -sshd_keyhelper: true -tcp_ports: [80, 443, 8444, 8443, 8445] -# There vars are used to configure mod_wsgi -wsgi_procs: 4 -wsgi_threads: 4 diff --git a/inventory/group_vars/postgresql-server b/inventory/group_vars/postgresql-server new file mode 100644 index 0000000000..8721496b04 --- /dev/null +++ b/inventory/group_vars/postgresql-server @@ -0,0 +1,9 @@ +--- +# common items for the releng-* boxes +lvm_size: 50000 +mem_size: 8192 +num_cpus: 4 +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +fas_client_groups: sysadmin-noc,sysadmin-veteran diff --git a/inventory/group_vars/proxies b/inventory/group_vars/proxies index 1d83e2c398..a39282ee67 100644 --- a/inventory/group_vars/proxies +++ b/inventory/group_vars/proxies @@ -1,127 +1,101 @@ --- # Define resources for this group of hosts here. -blocked_ip_v6: [] -blocked_ips: ['14.102.69.78', '104.219.54.236', '103.38.177.2', '110.172.140.98', '183.80.131.253', '113.190.178.137', '115.76.39.108', '116.109.31.204', '209.64.155.56'] -collectd_apache: true -# For the MOTD -custom_rules: [ - # Need for rsync from log01 for logs. - '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 209.132.181.102 --dport 873 -j ACCEPT', - # allow varnish from localhost - '-A INPUT -p tcp -m tcp -s 127.0.0.1 --dport 6081 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 127.0.0.1 --dport 6082 -j ACCEPT', - # also allow varnish from internal for purge requests - '-A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 6081 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.0/24 --dport 6081 -j ACCEPT', - '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.120 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.121 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.122 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.123 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.124 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.125 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.126 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.65 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.127 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.128 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.129 -j ACCEPT'] -nft_block_rules: - - 'add rule ip filter INPUT ip saddr 81.69.171.38 counter reject' - - 'add rule ip filter INPUT ip saddr 175.24.248.206 counter reject' - - 'add rule ip filter INPUT ip saddr 47.76.0.0/14 counter reject' - - 'add rule ip filter INPUT ip saddr 47.80.0.0/13 counter reject' - - 'add rule ip filter INPUT ip saddr 47.74.0.0/15 counter reject' - - 'add rule ip filter INPUT ip saddr 66.249.64.0/24 counter reject' - - 'add rule ip filter INPUT ip saddr 43.134.64.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.134.0.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.134.224.0/19 counter reject' - - 'add rule ip filter INPUT ip saddr 43.159.41.0/24 counter reject' - - 'add rule ip filter INPUT ip saddr 43.163.8.0/24 counter reject' - - 'add rule ip filter INPUT ip saddr 43.128.64.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.156.0.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.128.64.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.133.32.0/19 counter reject' - - 'add rule ip filter INPUT ip saddr 43.134.128.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.159.37.0/24 counter reject' - - 'add rule ip filter INPUT ip saddr 43.153.192.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.159.32.0/24 counter reject' - - 'add rule ip filter INPUT ip saddr 43.156.64.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.163.0.0/24 counter reject' - - 'add rule ip filter INPUT ip saddr 14.153.15.174 counter reject' - - 'add rule ip filter INPUT ip saddr 47.246.0.0/16 counter reject' - - 'add rule ip filter INPUT ip saddr 47.236.0.0/14 counter reject' - - 'add rule ip filter INPUT ip saddr 47.235.0.0/16 counter reject' - - 'add rule ip filter INPUT ip saddr 47.240.0.0/14 counter reject' - - 'add rule ip filter INPUT ip saddr 47.244.0.0/15 counter reject' -nft_custom_rules: - # Need for rsync from log01 for logs. - - 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 209.132.181.102 tcp dport 873 counter accept' - # allow varnish from localhost - - 'add rule ip filter INPUT ip saddr 127.0.0.1 tcp dport 6081 counter accept' - - 'add rule ip filter INPUT ip saddr 127.0.0.1 tcp dport 6082 counter accept' - # also allow varnish from internal for purge requests - - 'add rule ip filter INPUT ip saddr 192.168.1.0/24 tcp dport 6081 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.0/24 tcp dport 6081 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.120 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.121 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.122 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.123 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.124 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.125 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.126 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.65 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.127 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.128 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.129 tcp dport 22623 counter accept' -external: true -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-veteran - - sysadmin-web -ipa_client_sudo_groups: - - sysadmin-web -ipa_host_group: proxies -ipa_host_group_desc: Proxies between internal hosts and the Internet -lvm_size: 100000 -# This is used in the httpd.conf to determine the value for serverlimit and -# maxrequestworkers. On 8gb proxies, 900 seems fine. But on 4gb proxies, this -# should be lowered in the host vars for that proxy. -maxrequestworkers: 2500 +lvm_size: 30000 mem_size: 8192 -nagios_Check_Services: - swap: false -num_cpus: 6 -ocp_masters: - #- bootstrap.ocp.iad2.fedoraproject.org - - ocp01.ocp.iad2.fedoraproject.org - - ocp02.ocp.iad2.fedoraproject.org - - ocp03.ocp.iad2.fedoraproject.org -# we override this here to point to the vpn endpoints of the ocp_nodes instead of -# The real internal hostnames. This is because proxies access them via vpn. -ocp_nodes: - - worker01.vpn.fedoraproject.org - - worker02.vpn.fedoraproject.org - - worker03.vpn.fedoraproject.org - - worker04.vpn.fedoraproject.org - - worker05.vpn.fedoraproject.org - - worker06.vpn.fedoraproject.org -postvpnservices: - - haproxy - - varnish -primary_auth_source: ipa -tcp_ports: [ - # For apache, generally. - 80, 443, - # This is for TCP krb5 - 1088, - # This is for RabbitMQ public access - 5671, - # openshift 4 api - 6443, - # This is for RabbitMQ internal-public access - 15671, - # This is for TOTP - 8443, -] -varnish_group: proxies -zabbix_templates: - - group: "proxies" # Ansible group - template: "external_hosts_http.json" # Template name in roles/zabbix/zabbix_templates/files/templatename.json - custom_template: true # Is the template official template bundled with Zabbix or one of our custom templates - hostgroup: "fedora external hosts" # Zabbix hostgroup +num_cpus: 4 -notes: | - * Provides frontend (reverse) proxy for most web applications - * Using Apache -> haproxy, these hosts contact app servers and other various hosts to provide web applications at sites like - fedoraproject.org and admin.fedoraproject.org. - * The proxy servers are balanced via dns and geoIP and are spread all over the place. +# This is used in the httpd.conf to determine the value for serverlimit and +# maxrequestworkers. On 8gb proxies, 900 seems fine. But on 4gb proxies, this +# should be lowered in the host vars for that proxy. +maxrequestworkers: 900 + +tcp_ports: [ + # For apache, generally. + 80, + 443, + + # This is for TCP krb5 + 1088, + + # This is for the haproxy HTML stats page + # TODO -- there's no need for this to be wide open to the world. With this + # in place, you can visit https://apps.fedoraproject.org:8080 and get the + # haproxy stats page. We should close this and just have admins go through + # the apache reverseproxy at https://admin.fedoraproject.org/haproxy/proxy1 + 8080, + + # For fedmsg websocket server over stunnel + 9939, + # For fedmsg raw zeromq socket (outbound) + 9940, + # 9941 is closed generally, is for the inbound fedmsg and is covered in + # custom_rules + ] +custom_rules: [ + # Need for rsync from log01 for logs. + '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 209.132.181.102 --dport 873 -j ACCEPT', + + # allow varnish from localhost + '-A INPUT -p tcp -m tcp -s 127.0.0.1 --dport 6081 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 127.0.0.1 --dport 6082 -j ACCEPT', + + # also allow varnish from internal for purge requests + '-A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 6081 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.126.0/24 --dport 6081 -j ACCEPT', + + # Allow jenkins.fedorainfracloud to talk to the inbound fedmsg relay. + '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.184.57 -j ACCEPT', + # Allow copr-be.cloud to talk to the inbound fedmsg relay. + '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.184.48 -j ACCEPT', + # Also, ppc-hub.qa.fedoraproject.org (secondary arch koji) + '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.181.21 -j ACCEPT', + # Also, arm-koji01.qa.fedoraproject.org (secondary arch) + '-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.124.138 -j ACCEPT', + + # Allow retrace/faf to talk to the inbound fedmsg relay. + # retrace01.qa.fedoraproject.org + '-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.124.171 -j ACCEPT', + # retrace02.qa.fedoraproject.org + '-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.124.172 -j ACCEPT', + # Also, s390-hub01.s390.fedoraproject.org (secondary arch) + '-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.129.180 -j ACCEPT', + + # Allow resultsdb talk to the inbound fedmsg relay. + '-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.124.207 -j ACCEPT', + # Allow openqa01 to talk to the inbound fedmsg relay. + '-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.131.71 -j ACCEPT', + ] + +blocked_ips: [ + '14.102.69.78', + '104.219.54.236', + '103.38.177.2', + '110.172.140.98', + '183.80.131.253', + '113.190.178.137', + '115.76.39.108', + '116.109.31.204', + '209.64.155.56', +] + + +blocked_ip_v6: [ +] + +fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-web,sysadmin-veteran + +collectd_apache: true + +varnish_group: proxies + +# For the MOTD +csi_security_category: Moderate +csi_primary_contact: Fedora Admins - admin@fedoraproject.org +csi_purpose: Provides frontend (reverse) proxy for most web applications +csi_relationship: | + Using Apache -> haproxy, these hosts contact app servers and + other various hosts to provide web applications at sites like + fedoraproject.org and admin.fedoraproject.org. The proxy servers are + balanced via dns and geoIP and are spread all over the place. diff --git a/inventory/group_vars/proxies-stg b/inventory/group_vars/proxies-stg new file mode 100644 index 0000000000..04083b7d32 --- /dev/null +++ b/inventory/group_vars/proxies-stg @@ -0,0 +1,89 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 30000 +mem_size: 8192 +num_cpus: 2 + +# This is used in the httpd.conf to determine the value for serverlimit and +# maxrequestworkers. On 8gb proxies, 900 seems fine. But on 4gb proxies, this +# should be lowered in the host vars for that proxy. +maxrequestworkers: 900 + +tcp_ports: [ + # For apache, generally. + 80, + 443, + + # This is for TCP krb5 + 1088, + + # This is for the haproxy HTML stats page + # TODO -- there's no need for this to be wide open to the world. With this + # in place, you can visit https://apps.fedoraproject.org:8080 and get the + # haproxy stats page. We should close this and just have admins go through + # the apache reverseproxy at https://admin.fedoraproject.org/haproxy/proxy1 + 8080, + + # For fedmsg websocket server over stunnel + 9939, + # For fedmsg raw zeromq socket (outbound) + 9940, + # 9941 is closed generally, is for the inbound fedmsg and is covered in + # custom_rules + ] +custom_rules: [ + # Need for rsync from log01 for logs. + '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', + + # allow varnish from localhost + '-A INPUT -p tcp -m tcp -s 127.0.0.1 --dport 6081 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 127.0.0.1 --dport 6082 -j ACCEPT', + + # also allow varnish from internal for purge requests + '-A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 6081 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.126.0/24 --dport 6081 -j ACCEPT', + + # Allow jenkins.fedorainfracloud to talk to the inbound fedmsg relay. + '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.184.57 -j ACCEPT', + # Allow copr-be.cloud to talk to the inbound fedmsg relay. + '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.184.131 -j ACCEPT', + # Also, ppc-hub.qa.fedoraproject.org (secondary arch koji) + '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.181.21 -j ACCEPT', + # Also, s390-hub01.qa.fedoraproject.org (secondary arch) + '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.181.18 -j ACCEPT', + # Also, arm-hub01.qa.fedoraproject.org (secondary arch) + '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.181.31 -j ACCEPT', + + # Allow stg.fedoramagazine.org running at vultr.com to talk inbound fedmsg + # Contact cydrobolt about the status of this. It hasn't hit prod status + # yet as of 2015-04-27 (threebean). + '-A INPUT -p tcp -m tcp --dport 9941 -s 104.207.133.220 -j ACCEPT', + + # Allow retrace/faf to talk to the inbound fedmsg relay. + # retrace01.qa.fedoraproject.org + '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.181.28 -j ACCEPT', + # retrace02.qa.fedoraproject.org + '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.181.34 -j ACCEPT', + + # Allow resultsdb talk to the inbound fedmsg relay. + '-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.124.147 -j ACCEPT', + + # Allow openqa to talk to the inbound fedmsg relay. + '-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.131.72 -j ACCEPT', + ] + +fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-web,sysadmin-veteran + +collectd_apache: true +varnish_group: proxies + +# For the MOTD +csi_security_category: Moderate +csi_primary_contact: Fedora Admins - admin@fedoraproject.org +csi_purpose: Provides frontend (reverse) proxy for most web applications +csi_relationship: | + Using Apache -> haproxy, these hosts contact app servers and + other various hosts to provide web applications at sites like + fedoraproject.org and admin.fedoraproject.org. The proxy servers are + balanced via dns and geoIP and are spread all over the place. diff --git a/inventory/group_vars/proxies_stg b/inventory/group_vars/proxies_stg deleted file mode 100644 index 33b33571df..0000000000 --- a/inventory/group_vars/proxies_stg +++ /dev/null @@ -1,82 +0,0 @@ ---- -# Define resources for this group of hosts here. -collectd_apache: true -# For the MOTD -custom_rules: [ - # Need for rsync from log01 for logs. - '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', - # allow varnish from localhost - '-A INPUT -p tcp -m tcp -s 127.0.0.1 --dport 6081 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 127.0.0.1 --dport 6082 -j ACCEPT', - # also allow varnish from internal for purge requests - '-A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 6081 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.0/24 --dport 6081 -j ACCEPT', - '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.115 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.116 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.117 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.118 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.119 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.120 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.121 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.122 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.123 -j ACCEPT'] -nft_custom_rules: - # Need for rsync from log01 for logs. - - 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept' - # allow varnish from localhost - - 'add rule ip filter INPUT ip saddr 127.0.0.1 tcp dport 6081 counter accept' - - 'add rule ip filter INPUT ip saddr 127.0.0.1 tcp dport 6082 counter accept' - # also allow varnish from internal for purge requests - - 'add rule ip filter INPUT ip saddr 192.168.1.0/24 tcp dport 6081 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.0/24 tcp dport 6081 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.166.115 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.166.116 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.166.117 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.166.118 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.166.119 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.166.120 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.166.121 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.166.122 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.166.123 tcp dport 22623 counter accept' -external: true -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-veteran - - sysadmin-web -ipa_client_sudo_groups: - - sysadmin-web - - sysadmin-noc -ipa_host_group: proxies -ipa_host_group_desc: Proxies between internal hosts and the Internet -lvm_size: 100000 -# This is used in the httpd.conf to determine the value for serverlimit and -# maxrequestworkers. On 8gb proxies, 900 seems fine. But on 4gb proxies, this -# should be lowered in the host vars for that proxy. -maxrequestworkers: 900 -mem_size: 8192 -num_cpus: 2 -ocp_masters_stg: - # - bootstrap.ocp.stg.iad2.fedoraproject.org - - ocp01.ocp.stg.iad2.fedoraproject.org - - ocp02.ocp.stg.iad2.fedoraproject.org - - ocp03.ocp.stg.iad2.fedoraproject.org -ocp_nodes_stg: - - worker01.ocp.stg.iad2.fedoraproject.org - - worker02.ocp.stg.iad2.fedoraproject.org - - worker03.ocp.stg.iad2.fedoraproject.org - - worker04.ocp.stg.iad2.fedoraproject.org - - worker05.ocp.stg.iad2.fedoraproject.org -tcp_ports: [ - # For apache, generally. - 80, 443, - # This is for TCP krb5 - 1088, - # This is for RabbitMQ public access - 5671, - # openshift 4 api - 6443, - # This is for RabbitMQ internal-public access - 15671, - # This is for TOTP - 8443, -] -varnish_group: proxies -zabbix_templates: "{{ [] }}" # For the moment we have no proxies external to IAD2, if this changes, put in the changes in the production group. - -notes: | - * Provides frontend (reverse) proxy for most web applications - * Using Apache -> haproxy, these hosts contact app servers and other various hosts to provide web applications - at sites like fedoraproject.org and admin.fedoraproject.org. - * The proxy servers are balanced via dns and geoIP and are spread all over the place. diff --git a/inventory/group_vars/qa-prod b/inventory/group_vars/qa-prod new file mode 100644 index 0000000000..fb269bf61b --- /dev/null +++ b/inventory/group_vars/qa-prod @@ -0,0 +1,119 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 40000 +mem_size: 8196 +max_mem_size: 16384 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +fas_client_groups: sysadmin-qa,sysadmin-main,fi-apprentice,sysadmin-noc,sysadmin-veteran + + +freezes: true +sslonly: false + +# this needs firewall rules +#sshd_config: ssh/sshd_config.qa-prod +#sshd_port: 222 +sshd_port: 22 +external_hostname: qa.fedoraproject.org +vpn_hostname: qa-prod01.vpn.fedoraproject.org +deployment_type: qa-prod + +tcp_ports: [ 80, "{{ buildslave_port }}", 222] + +################################################################################ +# Buildbot Settings +################################################################################ +# +buildmaster_db_host: localhost +buildmaster_template: ci.master.cfg.j2 +buildmaster_endpoint: buildmaster +buildslave_ssh_pubkey: '' +buildslave_port: 9989 +buildmaster_dir: /srv/buildmaster/master +buildslave_dir: /srv/buildslave/slave +buildslave_poll_interval: 1800 +buildmaster_home: /srv/buildmaster +buildmaster_user: buildmaster + +# build details +repo_base: 'https://git.qa-prod01.qa.fedoraproject.org/diffusion' +docs_build_dir: /var/www/docs/ + +# for now, we're just doing a local slave so we need the slave vars in here +slave_home: /home/buildslave/ +slave_dir: /home/buildslave/slave +slave_user: buildslave +buildslave_name: 'qa-prod01-1' +buildslave_password: '{{ qa_prod_buildslave_password }}' + + +################################################################################ +# MariaDB Settings +################################################################################ + +mariadb_host: localhost +mariadb_config: my.cnf.phabricator +mariadb_user: '{{ qa_prod_mariadb_user }}' +mariadb_password: '{{ qa_prod_mariadb_password }}' + +################################################################################ +# Phabricator Settings +################################################################################ +phabricator_db_prefix: 'phabricator' +enable_phabricator_git: False +phabricator_vcs_user: git +phabricator_vcs_user_password: '{{ qa_prod_vcs_user_password }}' +phabricator_daemon_user: phabricator +phabroot: /usr/share/ +phabricator_filedir: /var/lib/phabricator/files +phabricator_repodir: /var/lib/phabricator/repos +phabricator_config_filename: qaconfig +phabricator_header_color: 'blue' +phabricator_mail_enabled: True +phabricator_mail_domain: fedoraproject.org +phabricator_mysqldump_filename: 'qa-prod_phabricator.sql' +ircnick: fedoraqabot + + +################################################################################ +# Backup Settings +################################################################################ + +backup_dir: /srv/backup +backup_username: root +backup_ssh_pubkey: ssh-dss AAAAB3NzaC1kc3MAAACBAJr3xqn/hHIXeth+NuXPu9P91FG9jozF3Q1JaGmg6szo770rrmhiSsxso/Ibm2mObqQLCyfm/qSOQRynv6tL3tQVHA6EEx0PNacnBcOV7UowR5kd4AYv82K1vQhof3YTxOMmNIOrdy6deDqIf4sLz1TDHvEDwjrxtFf8ugyZWNbTAAAAFQCS5puRZF4gpNbaWxe6gLzm3rBeewAAAIBcEd6pRatE2Qc/dW0YwwudTEaOCUnHmtYs2PHKbOPds0+Woe1aWH38NiE+CmklcUpyRsGEf3O0l5vm3VrVlnfuHpgt/a/pbzxm0U6DGm2AebtqEmaCX3CIuYzKhG5wmXqJ/z+Hc5MDj2mn2TchHqsk1O8VZM+1Ml6zX3Hl4vvBsQAAAIALDt5NFv6GLuid8eik/nn8NORd9FJPDBJxgVqHNIm08RMC6aI++fqwkBhVPFKBra5utrMKQmnKs/sOWycLYTqqcSMPdWSkdWYjBCSJ/QNpyN4laCmPWLgb3I+2zORgR0EjeV2e/46geS0MWLmeEsFwztpSj4Tv4e18L8Dsp2uB2Q== root@backup03-rdiff-backup +host_backup_targets: ['/var/lib/phabricator/files', '/var/lib/phabricator/repos', '/srv/backup'] + + +################################################################################ +# Static Site Settings +################################################################################ + +static_sites: + - name: "{{ vpn_hostname }}" + document_root: /srv/content + external_name: "{{ external_hostname }}" + + - name: "docs.{{ vpn_hostname }}" + document_root: /srv/content/docs + external_name: "docs.{{ external_hostname }}" + + - name: "images.{{ inventory_hostname }}" + document_root: /srv/content/images + external_name: "images.{{ external_hostname }}" + +############################################################ +# imagefactory config +############################################################ + +imagefactory_host: qa12.qa.fedoraproject.org +imagefactory_baseurl: 'http://{{imagefactory_host}}:8075/imagefactory' +imagefactory_tools_branch: develop + +imagesdir: /var/lib/diskimages +slaves_group: apache + diff --git a/inventory/group_vars/qa-stg b/inventory/group_vars/qa-stg new file mode 100644 index 0000000000..c2450705fd --- /dev/null +++ b/inventory/group_vars/qa-stg @@ -0,0 +1,96 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 40000 +mem_size: 4096 +num_cpus: 1 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +fas_client_groups: sysadmin-qa,sysadmin-main,fi-apprentice,sysadmin-noc,sysadmin-veteran + +sshd_config: ssh/sshd_config.qa-stg +sshd_port: 222 +external_hostname: qa.stg.fedoraproject.org + +mariadb_host: localhost +mariadb_user: '{{ qa_stg_mariadb_user }}' +mariadb_password: '{{ qa_stg_mariadb_password }}' + +# phabricator config +phabricator_db_prefix: 'phabricator' +# something changed in how the sshd daemons are set up, since this isn't critical, disabling for now +enable_phabricator_git: False +phabricator_vcs_user: git +phabricator_vcs_user_password: '{{ qa_stg_vcs_user_password }}' +phabricator_daemon_user: phabricator +phabroot: /usr/share/ +phabricator_filedir: /var/lib/phabricator/files +phabricator_repodir: /var/lib/phabricator/repos +phabricator_config_filename: qaconfig +phabricator_header_color: 'red' +phabricator_mail_enabled: False +phabricator_mail_domain: stg.fedoraproject.org +ircnick: fedoraqabot +phabricator_mysqldump_filename: 'qadevel-stg_phabricator.sql' + +# backup details (for parity with prod, not actually used) +backup_dir: /srv/backup +backup_username: root +backup_ssh_pubkey: ssh-dss AAAAB3NzaC1kc3MAAACBAJr3xqn/hHIXeth+NuXPu9P91FG9jozF3Q1JaGmg6szo770rrmhiSsxso/Ibm2mObqQLCyfm/qSOQRynv6tL3tQVHA6EEx0PNacnBcOV7UowR5kd4AYv82K1vQhof3YTxOMmNIOrdy6deDqIf4sLz1TDHvEDwjrxtFf8ugyZWNbTAAAAFQCS5puRZF4gpNbaWxe6gLzm3rBeewAAAIBcEd6pRatE2Qc/dW0YwwudTEaOCUnHmtYs2PHKbOPds0+Woe1aWH38NiE+CmklcUpyRsGEf3O0l5vm3VrVlnfuHpgt/a/pbzxm0U6DGm2AebtqEmaCX3CIuYzKhG5wmXqJ/z+Hc5MDj2mn2TchHqsk1O8VZM+1Ml6zX3Hl4vvBsQAAAIALDt5NFv6GLuid8eik/nn8NORd9FJPDBJxgVqHNIm08RMC6aI++fqwkBhVPFKBra5utrMKQmnKs/sOWycLYTqqcSMPdWSkdWYjBCSJ/QNpyN4laCmPWLgb3I+2zORgR0EjeV2e/46geS0MWLmeEsFwztpSj4Tv4e18L8Dsp2uB2Q== root@backup03-rdiff-backup + +# buildmaster details +buildmaster_db_host: localhost +buildmaster_template: ci.master.cfg.j2 +buildmaster_endpoint: builds +buildslave_ssh_pubkey: '' +buildslave_port: 9989 +buildmaster_dir: /home/buildmaster/master +buildslave_dir: /home/buildslave/slave +buildslave_poll_interval: 1800 +buildmaster_home: /home/buildmaster +buildmaster_user: buildmaster + +# build details +repo_base: 'https://git.qadevel-stg.cloud.fedoraproject.org/diffusion' +docs_build_dir: /var/www/docs/ + +# for now, we're just doing a local slave so we need the slave vars in here +slave_home: /home/buildslave/ +slave_dir: /home/buildslave/slave +slave_user: buildslave +buildslave_name: 'qa-stg01-1' +buildslave_password: '{{ qa_stg_buildslave_password }}' + +deployment_type: qa-stg +tcp_ports: [ 80, 222, 443, "{{ buildslave_port }}", 3306 ] + +############################################################ +# imagefactory config +############################################################ + +imagefactory_host: qa11.qa.fedoraproject.org +imagefactory_baseurl: 'http://{{imagefactory_host}}:8075/imagefactory' +imagefactory_tools_branch: develop + +imagesdir: /var/lib/diskimages +slaves_group: apache + +# static sites +static_sites: + - name: "{{ inventory_hostname }}" + document_root: /srv/content + external_name: "{{ external_hostname }}" + + - name: "docs.{{ inventory_hostname }}" + document_root: /srv/content/docs + external_name: "docs.{{ external_hostname }}" + + - name: "images.{{ inventory_hostname }}" + document_root: /srv/content/images + external_name: "images.{{ external_hostname }}" + + +sslonly: false + +freezes: false diff --git a/inventory/group_vars/qadevel b/inventory/group_vars/qadevel new file mode 100644 index 0000000000..5264bdd0b6 --- /dev/null +++ b/inventory/group_vars/qadevel @@ -0,0 +1,95 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 40000 +mem_size: 8192 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +deployment_type: qadevel-prod +fas_client_groups: sysadmin-qa +host_group: qadevel +freezes: false + +tcp_ports: [ 80, 222, 443, "{{ buildslave_port }}", 222] + +extra_enablerepos: '' + +sshd_port: 222 +sshd_config: ssh/sshd_config.qa-stg + +sslcertfile: wildcard-2016.qadevel.cloud.fedoraproject.org.cert +sslkeyfile: wildcard-2016.qadevel.cloud.fedoraproject.org.key +sslintermediatecertfile: wildcard-2016.qadevel.cloud.fedoraproject.org.intermediate.crt + +################################################################################ +# Buildbot Settings +################################################################################ +# +buildmaster_db_host: localhost +buildmaster_template: ci.master.cfg.j2 +buildmaster_endpoint: buildmaster +buildslave_ssh_pubkey: '' +buildslave_port: 9989 +buildmaster_dir: /home/buildmaster/master +buildslave_dir: /home/buildslave/slave +buildslave_poll_interval: 1800 +buildmaster_home: /home/buildmaster +buildmaster_user: buildmaster +external_hostname: qadevel.cloud.fedoraproject.org + +# for now, we're just doing a local slave so we need the slave vars in here +slave_home: /home/buildslave/ +slave_dir: /home/buildslave/slave +slave_user: buildslave + + +################################################################################ +# MariaDB Settings +################################################################################ + +mariadb_host: localhost +mariadb_config: my.cnf.phabricator +mariadb_user: '{{ qadevel_mariadb_user }}' +mariadb_password: '{{ qadevel_mariadb_password }}' + + +################################################################################ +# Phabricator Settings +################################################################################ +phabricator_db_prefix: 'phabricator' +enable_phabricator_git: True +phabricator_vcs_user: git +phabricator_vcs_user_password: '{{ qadevel_vcs_user_password }}' +phabricator_daemon_user: phabdaemon +phabroot: /usr/share/ +phabricator_filedir: /var/lib/phabricator/files +phabricator_repodir: /var/lib/phabricator/repos +phabricator_config_filename: qaconfig +phabricator_header_color: 'blue' +phabricator_mail_enabled: True +phabricator_mail_domain: fedoraproject.org +phabricator_mysqldump_filename: 'qadevel_phabricator.sql' +ircnick: fedoraqabot + + +################################################################################ +# Backup Settings +################################################################################ + +backup_dir: /srv/backup +backup_username: root +backup_ssh_pubkey: ssh-dss AAAAB3NzaC1kc3MAAACBAJr3xqn/hHIXeth+NuXPu9P91FG9jozF3Q1JaGmg6szo770rrmhiSsxso/Ibm2mObqQLCyfm/qSOQRynv6tL3tQVHA6EEx0PNacnBcOV7UowR5kd4AYv82K1vQhof3YTxOMmNIOrdy6deDqIf4sLz1TDHvEDwjrxtFf8ugyZWNbTAAAAFQCS5puRZF4gpNbaWxe6gLzm3rBeewAAAIBcEd6pRatE2Qc/dW0YwwudTEaOCUnHmtYs2PHKbOPds0+Woe1aWH38NiE+CmklcUpyRsGEf3O0l5vm3VrVlnfuHpgt/a/pbzxm0U6DGm2AebtqEmaCX3CIuYzKhG5wmXqJ/z+Hc5MDj2mn2TchHqsk1O8VZM+1Ml6zX3Hl4vvBsQAAAIALDt5NFv6GLuid8eik/nn8NORd9FJPDBJxgVqHNIm08RMC6aI++fqwkBhVPFKBra5utrMKQmnKs/sOWycLYTqqcSMPdWSkdWYjBCSJ/QNpyN4laCmPWLgb3I+2zORgR0EjeV2e/46geS0MWLmeEsFwztpSj4Tv4e18L8Dsp2uB2Q== root@backup03-rdiff-backup +host_backup_targets: ['/var/lib/phabricator/files', '/var/lib/phabricator/repos', '/srv/backup'] + + +################################################################################ +# Static Site Settings +################################################################################ + +static_sites: + - name: 'docs.{{ external_hostname }}' + document_root: /var/www/docs +sslonly: false + diff --git a/inventory/group_vars/rabbitmq b/inventory/group_vars/rabbitmq deleted file mode 100644 index 7ccaa88de4..0000000000 --- a/inventory/group_vars/rabbitmq +++ /dev/null @@ -1,38 +0,0 @@ ---- -custom_rules: [ - # Neeed for rsync from log01 for logs. - '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', - # Inter-node traffic - '-A INPUT -p tcp -m tcp -s 10.3.163.78 --dport 25672 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.79 --dport 25672 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.80 --dport 25672 -j ACCEPT'] -nft_custom_rules: - # Neeed for rsync from log01 for logs. - - 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept' - # Inter-node traffic - - 'add rule ip filter INPUT ip saddr 10.3.163.78 tcp dport 25672 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.79 tcp dport 25672 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.80 tcp dport 25672 counter accept' -ipa_host_group: rabbitmq -ipa_host_group_desc: RabbitMQ service -ipa_shell_groups: - - sysadmin-messaging -ipa_client_sudo_groups: - - sysadmin-messaging -mem_size: 8192 -primary_auth_source: ipa -tcp_ports: [ - # https://www.rabbitmq.com/clustering.html#selinux-ports - # EPMD - 4369, - # AMQP - 5672, 5671, - # CLI tools - 35672, 35673, 35674, 35675, 35676, 35677, 35678, 35679, 35680, 35681, 35682, - # HTTP API - #15672, -] -zabbix_templates: - - group: "rabbitmq" # Ansible group - template: "RabbitMQ node by Zabbix agent" # Template name in roles/zabbix/zabbix_templates/files/templatename.json - custom_template: false # Is the template official template bundled with Zabbix or one of our custom templates - hostgroup: "fedora rabbitmq" # Zabbix hostgroup diff --git a/inventory/group_vars/rabbitmq_stg b/inventory/group_vars/rabbitmq_stg deleted file mode 100644 index 8b6a116d77..0000000000 --- a/inventory/group_vars/rabbitmq_stg +++ /dev/null @@ -1,45 +0,0 @@ ---- -custom_rules: [ - # Neeed for rsync from log01 for logs. - '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', - # Inter-node traffic - '-A INPUT -p tcp -m tcp -s 10.3.166.78 --dport 25672 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.166.79 --dport 25672 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.166.80 --dport 25672 -j ACCEPT'] -nft_custom_rules: - # Neeed for rsync from log01 for logs. - - 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept' - # Inter-node traffic - - 'add rule ip filter INPUT ip saddr 10.3.166.78 tcp dport 25672 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.166.79 tcp dport 25672 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.166.80 tcp dport 25672 counter accept' -datacenter: iad2 -ipa_host_group: rabbitmq -ipa_host_group_desc: RabbitMQ service -ipa_shell_groups: - - sysadmin-messaging -ipa_client_sudo_groups: - - sysadmin-messaging -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL8-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-8-iad2 -# Define resources for this group of hosts here. -lvm_size: 20000 -mem_size: 8192 -num_cpus: 2 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [ - # https://www.rabbitmq.com/clustering.html#selinux-ports - # EPMD - 4369, - # AMQP - 5672, 5671, - # CLI tools - 35672, 35673, 35674, 35675, 35676, 35677, 35678, 35679, 35680, 35681, 35682, - # HTTP API - #15672, -] -zabbix_templates: - - group: "rabbitmq_stg" # Ansible group - template: "RabbitMQ node by Zabbix agent" # Template name in roles/zabbix/zabbix_templates/files/templatename.json - custom_template: false # Is the template official template bundled with Zabbix or one of our custom templates - hostgroup: "fedora rabbitmq" # Zabbix hostgroup diff --git a/inventory/group_vars/releng-compose b/inventory/group_vars/releng-compose new file mode 100644 index 0000000000..aa30e3fe4e --- /dev/null +++ b/inventory/group_vars/releng-compose @@ -0,0 +1,67 @@ +--- +# common items for the releng-* boxes +lvm_size: 100000 +mem_size: 32768 +max_mem_size: "{{ mem_size }}" +num_cpus: 16 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-26 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/26/Server/x86_64/os/ +virt_install_command: "{{ virt_install_command_two_nic }}" + +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 + +# With 16 cpus, theres a bunch more kernel threads +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +host_group: releng +fas_client_groups: sysadmin-releng +freezes: true +sudoers: "{{ private }}/files/sudo/00releng-sudoers" + +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" + +# For the mock config +kojipkgs_url: kojipkgs.fedoraproject.org +kojihub_url: koji.fedoraproject.org/kojihub +kojihub_scheme: https + +# for kojid config +koji_server_url: "https://koji.fedoraproject.org/kojihub" +koji_weburl: "https://koji.fedoraproject.org/koji" +koji_topurl: "https://kojipkgs.fedoraproject.org/" + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: root + can_send: + - logger.log +- service: releng + owner: root + group: masher + can_send: + - pungi.compose.phase.start + - pungi.compose.phase.stop + - pungi.compose.status.change + - pungi.compose.createiso.targets + - pungi.compose.createiso.imagefail + - pungi.compose.createiso.imagedone + - pungi.compose.ostree + # Then there are *all these* make-updates things from releng+cloudsig + - compose.23.make-updates.start + - compose.23.make-updates.done + - compose.23.cloudimg-build.start + - compose.23.cloudimg-build.done + - compose.23.mash-atomic.start + - compose.23.mash-atomic.stop + - compose.23.atomic-lorax.start + - compose.23.atomic-lorax.done + - compose.23.cloudimg-checksum.start + - compose.23.cloudimg-checksum.done + - compose.23.cloudimg-staging.start + - compose.23.cloudimg-staging.done + diff --git a/inventory/group_vars/releng-secondary b/inventory/group_vars/releng-secondary new file mode 100644 index 0000000000..251b93a40e --- /dev/null +++ b/inventory/group_vars/releng-secondary @@ -0,0 +1,33 @@ +--- +# common items for the releng-* boxes +lvm_size: 100000 +mem_size: 8196 +max_mem_size: "{{ mem_size }}" +num_cpus: 16 +nm: 255.255.255.0 +dns: 10.5.126.21 + +# With 16 cpus, theres a bunch more kernel threads +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" + +fas_client_groups: sysadmin-releng,sysadmin-secondary,sysadmin-noc,sysadmin-veteran +sudoers: "{{ private }}/files/sudo/00releng-sudoers" + +host_group: releng + +fedmsg_certs: +- service: releng + owner: root + group: sysadmin-releng + can_send: + # pungi-koji stuff (ask dgilmore) + - pungi.compose.phase.start + - pungi.compose.phase.stop + - pungi.compose.status.change + - pungi.compose.createiso.targets + - pungi.compose.createiso.imagefail + - pungi.compose.createiso.imagedone + diff --git a/inventory/group_vars/releng-stg b/inventory/group_vars/releng-stg new file mode 100644 index 0000000000..20745514e6 --- /dev/null +++ b/inventory/group_vars/releng-stg @@ -0,0 +1,9 @@ +--- +koji_server_url: "https://koji.stg.fedoraproject.org/kojihub" +koji_weburl: "https://koji.stg.fedoraproject.org/koji" +koji_topurl: "https://kojipkgs.fedoraproject.org/" + +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" + +mem_size: 8192 +num_cpus: 4 diff --git a/inventory/group_vars/releng_compose b/inventory/group_vars/releng_compose deleted file mode 100644 index 7294c75be0..0000000000 --- a/inventory/group_vars/releng_compose +++ /dev/null @@ -1,36 +0,0 @@ ---- -# common items for the releng-* boxes -dns: 10.3.163.33 -freezes: true -host_group: releng -ipa_client_shell_groups: - - sysadmin-releng - - sysadmin-troubleshoot -ipa_client_sudo_groups: - - sysadmin-releng -ipa_host_group: releng-compose -ipa_host_group_desc: Hosts running composes -# for kojid config -koji_instance: "primary" -koji_server_url: "https://koji.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.fedoraproject.org/" -koji_weburl: "https://koji.fedoraproject.org/koji" -kojihub_scheme: https -kojihub_url: koji.fedoraproject.org/kojihub -# For the mock config -kojipkgs_url: kojipkgs.fedoraproject.org -lvm_size: 100000 -max_mem_size: "{{ mem_size }}" -mem_size: 131072 -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4" -nrpe_procs_crit: 1000 -# With 16 cpus, theres a bunch more kernel threads -nrpe_procs_warn: 900 -num_cpus: 16 -primary_auth_source: ipa -virt_install_command: "{{ virt_install_command_two_nic_unsafe }}" -zabbix_templates: - - group: "releng_compose" - template: "releng_compose_cronjobs.json" - custom_template: true # Is the template official template bundled with Zabbix or one of our custom templates - hostgroup: "fedora releng compose" diff --git a/inventory/group_vars/releng_compose_eln b/inventory/group_vars/releng_compose_eln deleted file mode 100644 index 622a3a88b4..0000000000 --- a/inventory/group_vars/releng_compose_eln +++ /dev/null @@ -1,30 +0,0 @@ ---- -# common items for the releng-* boxes -dns: 10.3.163.33 -external: false -host_group: releng_eln -ipa_client_shell_groups: - - sysadmin-eln -ipa_client_sudo_groups: - - sysadmin-eln -ipa_host_group: releng-compose-eln -ipa_host_group_desc: Hosts running composes for eln -# for kojid config -koji_server_url: "https://koji.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.fedoraproject.org/" -koji_weburl: "https://koji.fedoraproject.org/koji" -kojihub_scheme: https -kojihub_url: koji.fedoraproject.org/kojihub -# For the mock config -kojipkgs_url: kojipkgs.fedoraproject.org -lvm_size: 100000 -max_mem_size: "{{ mem_size }}" -mem_size: 131072 -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4" -nrpe_procs_crit: 1000 -# With 16 cpus, theres a bunch more kernel threads -nrpe_procs_warn: 900 -num_cpus: 16 -primary_auth_source: ipa -virt_install_command: "{{ virt_install_command_one_nic_unsafe }}" -zabbix_templates: "{{ [] }}" # Need to do some research on what exactly we're doing on this host before enabling any templates. diff --git a/inventory/group_vars/releng_compose_riscv b/inventory/group_vars/releng_compose_riscv deleted file mode 100644 index 9c07c1fc03..0000000000 --- a/inventory/group_vars/releng_compose_riscv +++ /dev/null @@ -1,31 +0,0 @@ ---- -# common items for the releng-* boxes -dns: 10.3.163.33 -external: false -host_group: releng_riscv -ipa_client_shell_groups: - - sysadmin-riscv -ipa_client_sudo_groups: - - sysadmin-riscv -ipa_host_group: releng-compose-riscv -ipa_host_group_desc: Hosts running composes for riscv -# for kojid config -koji_instance: secondary -koji_server_url: "https://riscv-koji.fedoraproject.org/kojihub" -koji_topurl: "https://riscv-kojipkgs.fedoraproject.org/" -koji_weburl: "https://riscv-koji.fedoraproject.org/koji" -kojihub_scheme: https -kojihub_url: riscv-koji.fedoraproject.org/kojihub -# For the mock config -kojipkgs_url: riscv-kojipkgs.fedoraproject.org -lvm_size: 100000 -max_mem_size: "{{ mem_size }}" -mem_size: 131072 -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4" -nrpe_procs_crit: 1000 -# With 16 cpus, theres a bunch more kernel threads -nrpe_procs_warn: 900 -num_cpus: 16 -primary_auth_source: ipa -virt_install_command: "{{ virt_install_command_one_nic_unsafe }}" -zabbix_templates: "{{ [] }}" # Need to do some research on what exactly we're doing on this host before enabling any templates. diff --git a/inventory/group_vars/releng_compose_stg b/inventory/group_vars/releng_compose_stg deleted file mode 100644 index 4f8c478ffb..0000000000 --- a/inventory/group_vars/releng_compose_stg +++ /dev/null @@ -1,15 +0,0 @@ ---- -ipa_client_shell_groups: - - sysadmin-releng -ipa_client_sudo_groups: - - sysadmin-releng -ipa_host_group: releng-compose -ipa_host_group_desc: Hosts running composes -koji_instance: "primary" -koji_server_url: "https://koji.stg.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.fedoraproject.org/" -koji_weburl: "https://koji.stg.fedoraproject.org/koji" -mem_size: 8192 -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" -num_cpus: 4 -zabbix_templates: "{{ [] }}" # We don't run composes in staging, but if this changes, consider putting in the configuration in the production group. diff --git a/inventory/group_vars/relvalconsumer b/inventory/group_vars/relvalconsumer index 0d8d554893..579c4fcb41 100644 --- a/inventory/group_vars/relvalconsumer +++ b/inventory/group_vars/relvalconsumer @@ -1,12 +1,2 @@ -# we use the openQA rabbitmq account for this role as they run -# on the same server and it's convenient. this means it's also -# safe and appropriate to use variables defined in the openqa -# group_vars. if we ever split the roles up we will have to create -# a separate account with separate creds -relvalamiconsumer_amqp_queue: "{{ openqa_amqp_prod_username }}_relvalamiconsumer" -relvalconsumer_amqp_queue: "{{ openqa_amqp_prod_username }}_relvalconsumer" - # This var should never be set for more than one machine relvalconsumer_prod: true -# this one probably shouldn't either -relvalconsumer_bugzilla_api_key: "{{ prod_relvalconsumer_bugzilla_secret_api_key }}" diff --git a/inventory/group_vars/relvalconsumer-test b/inventory/group_vars/relvalconsumer-test new file mode 100644 index 0000000000..98027437f3 --- /dev/null +++ b/inventory/group_vars/relvalconsumer-test @@ -0,0 +1,2 @@ +relvalconsumer_prod: false + diff --git a/inventory/group_vars/relvalconsumer_common b/inventory/group_vars/relvalconsumer_common deleted file mode 100644 index 4b9fc2f7da..0000000000 --- a/inventory/group_vars/relvalconsumer_common +++ /dev/null @@ -1,27 +0,0 @@ -# we need this for our fedora-messaging consumer as it is not allowed -# to create queues on the infra AMQP broker, by broker config -relvalconsumer_amqp_passive: true - -# fedora-messaging email error reporting settings -relvalconsumer_amqp_mailto: ["adamwill@fedoraproject.org", "lruzicka@fedoraproject.org"] -relvalconsumer_amqp_smtp: bastion - -# fedora-messaging relvalconsumer settings: most of these are the same -# for prod and stg as they both must listen for prod messages. Only -# the queue names differs (so is set in the non-common files). -# -# we use the openQA rabbitmq account for this role as they run -# on the same server and it's convenient. this means it's also -# safe and appropriate to use variables defined in the openqa -# group_vars. if we ever split the roles up we will have to create -# a separate account with separate creds -relvalconsumer_amqp_url: "{{ openqa_amqp_prod_url }}" -relvalconsumer_amqp_cacert: "{{ openqa_amqp_prod_cacertfile }}" -relvalconsumer_amqp_cert: "{{ openqa_amqp_prod_certfile }}" -relvalconsumer_amqp_key: "{{ openqa_amqp_prod_keyfile }}" -relvalconsumer_amqp_routing_keys: ["org.fedoraproject.prod.pungi.compose.status.change"] - -relvalamiconsumer_amqp_routing_keys: [ - "org.fedoraproject.prod.fedora_image_uploader.published.v1.aws", - "org.fedoraproject.prod.fedora_image_uploader.published.v1.aws.#" -] diff --git a/inventory/group_vars/relvalconsumer_test b/inventory/group_vars/relvalconsumer_test deleted file mode 100644 index df4cf2252f..0000000000 --- a/inventory/group_vars/relvalconsumer_test +++ /dev/null @@ -1,8 +0,0 @@ -# we use the openQA rabbitmq account for this role as they run -# on the same server and it's convenient. this means it's also -# safe and appropriate to use variables defined in the openqa -# group_vars. if we ever split the roles up we will have to create -# a separate account with separate creds -relvalamiconsumer_amqp_queue: "{{ openqa_amqp_prod_username }}_relvalamiconsumer.test" -relvalconsumer_amqp_queue: "{{ openqa_amqp_prod_username }}_relvalconsumer.test" -relvalconsumer_prod: false diff --git a/inventory/group_vars/repospanner_temp b/inventory/group_vars/repospanner_temp deleted file mode 100644 index 6d89b18f09..0000000000 --- a/inventory/group_vars/repospanner_temp +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Define resources for this group of hosts here. -# For the MOTD -custom_rules: ['-A INPUT -p tcp -m tcp -s 8.43.84.211 --dport 8443:8445 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 8.43.84.212 --dport 8443:8445 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 8.43.85.76 --dport 8443:8445 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 152.19.134.149 --dport 8443:8445 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 209.132.181.20 --dport 8443:8445 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 8.43.85.78 --dport 8443:8445 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 152.19.134.191 --dport 8443:8445 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 140.211.169.199 --dport 8443:8445 -j ACCEPT'] -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 8.43.84.211 tcp dport 8443-8445 counter accept' - - 'add rule ip filter INPUT ip saddr 8.43.84.212 tcp dport 8443-8445 counter accept' - - 'add rule ip filter INPUT ip saddr 8.43.85.76 tcp dport 8443-8445 counter accept' - - 'add rule ip filter INPUT ip saddr 152.19.134.149 tcp dport 8443-8445 counter accept' - - 'add rule ip filter INPUT ip saddr 209.132.181.20 tcp dport 8443-8445 counter accept' - - 'add rule ip filter INPUT ip saddr 8.43.85.78 tcp dport 8443-8445 counter accept' - - 'add rule ip filter INPUT ip saddr 152.19.134.191 tcp dport 8443-8445 counter accept' - - 'add rule ip filter INPUT ip saddr 140.211.169.199 tcp dport 8443-8445 counter accept' -lvm_size: 50000 -max_mem_size: 16348 -mem_size: 8192 -nagios_Check_Services: - mail: false - nrpe: false - ping: false - sshd: false - swap: false -num_cpus: 8 - -notes: repospanner git syncing host diff --git a/inventory/group_vars/resultsdb-dev b/inventory/group_vars/resultsdb-dev new file mode 100644 index 0000000000..4662aff9e2 --- /dev/null +++ b/inventory/group_vars/resultsdb-dev @@ -0,0 +1,49 @@ +--- +############################################################ +# general information +############################################################ + +freezes: false +tcp_ports: [ 80, 443, "{{ resultsdb_db_port }}", "{{ execdb_db_port }}" ] + +external_hostname: taskotron-dev.fedoraproject.org +deployment_type: dev + +############################################################ +# resultsdb details +############################################################ + +# the db_host_machine bits are so that delegation continues to work, even if +# that db is localhost relative to resultsdb +# +resultsdb_db_host_machine: db-qa01.qa.fedoraproject.org +resultsdb_db_host: "{{ resultsdb_db_host_machine }}" +resultsdb_db_port: 5432 +resultsdb_endpoint: 'resultsdb_api' +resultsdb_db_name: resultsdb_dev +resultsdb_db_user: "{{ dev_resultsdb_db_user }}" +resultsdb_db_password: "{{ dev_resultsdb_db_password }}" +resultsdb_secret_key: "{{ dev_resultsdb_secret_key }}" + +allowed_hosts: + - 10.5.124 + +############################################################ +# resultsdb frontend details +############################################################ +resultsdb_fe_endpoint: "resultsdb" +resultsdb_frontend_secret_key: "{{ dev_resultsdb_frontend_secret_key }}" + + +############################################################ +# execdb details +############################################################ + +execdb_db_host_machine: db-qa01.qa.fedoraproject.org +execdb_db_host: "{{ execdb_db_host_machine }}" +execdb_db_port: 5432 +execdb_endpoint: 'execdb' +execdb_db_name: execdb_dev +execdb_db_user: "{{ dev_execdb_db_user }}" +execdb_db_password: "{{ dev_execdb_db_password }}" +execdb_secret_key: "{{ dev_execdb_secret_key }}" diff --git a/inventory/group_vars/resultsdb-prod b/inventory/group_vars/resultsdb-prod new file mode 100644 index 0000000000..1df269d999 --- /dev/null +++ b/inventory/group_vars/resultsdb-prod @@ -0,0 +1,78 @@ +--- +############################################################ +# general information +############################################################ +# common items for the releng-* boxes +lvm_size: 50000 +mem_size: 4096 +num_cpus: 4 +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, "{{ resultsdb_db_port }}" ] +fas_client_groups: sysadmin-qa +nrpe_procs_warn: 250 +nrpe_procs_crit: 300 + +external_hostname: taskotron.fedoraproject.org +deployment_type: prod + + +############################################################ +# resultsdb details +############################################################ + +# the db_host_machine bits are so that delegation continues to work, even if +# that db is localhost relative to resultsdb + +resultsdb_db_host_machine: db-qa02.qa.fedoraproject.org +resultsdb_db_host: "{{ resultsdb_db_host_machine }}" +resultsdb_db_port: 5432 +resultsdb_endpoint: 'resultsdb_api' +resultsdb_db_name: resultsdb +resultsdb_db_user: "{{ prod_resultsdb_db_user }}" +resultsdb_db_password: "{{ prod_resultsdb_db_password }}" +resultsdb_secret_key: "{{ prod_resultsdb_secret_key }}" + +allowed_hosts: + - 10.5.124 + - 10.5.131 + + +############################################################ +# resultsdb-frontend details +############################################################ +resultsdb_fe_endpoint: "resultsdb" +resultsdb_frontend_secret_key: "{{ prod_resultsdb_frontend_secret_key }}" + + +########################################################### +# execdb details +############################################################ +execdb_db_host_machine: db-qa01.qa.fedoraproject.org +execdb_db_host: "{{ execdb_db_host_machine }}" +execdb_db_port: 5432 +execdb_endpoint: 'execdb' +execdb_db_name: execdb +execdb_db_user: "{{ prod_execdb_db_user }}" +execdb_db_password: "{{ prod_execdb_db_password }}" +execdb_secret_key: "{{ prod_execdb_secret_key }}" + + +############################################################ +# fedmsg details +############################################################ +fedmsg_active: True +fedmsg_cert_prefix: resultsdb + +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: resultsdb + owner: root + group: apache + can_send: + - taskotron.result.new diff --git a/inventory/group_vars/resultsdb-stg b/inventory/group_vars/resultsdb-stg new file mode 100644 index 0000000000..d834f9c64a --- /dev/null +++ b/inventory/group_vars/resultsdb-stg @@ -0,0 +1,75 @@ +--- +############################################################ +# general information +############################################################ + +freezes: false +tcp_ports: [ 80, 443, "{{ resultsdb_db_port }}" ] + +external_hostname: taskotron.stg.fedoraproject.org +deployment_type: stg + +# make sure we're using the stg fedsmg bus +fedmsg_env: stg + + +############################################################ +# resultsdb details +############################################################ + +# the db_host_machine bits are so that delegation continues to work, even if +# that db is localhost relative to resultsdb + +resultsdb_db_host_machine: db-qa01.qa.fedoraproject.org +resultsdb_db_host: "{{ resultsdb_db_host_machine }}" +resultsdb_db_port: 5432 +resultsdb_endpoint: 'resultsdb_api' +resultsdb_db_name: resultsdb_stg +resultsdb_db_user: "{{ stg_resultsdb_db_user }}" +resultsdb_db_password: "{{ stg_resultsdb_db_password }}" +resultsdb_secret_key: "{{ stg_resultsdb_secret_key }}" + +allowed_hosts: + - 10.5.124 + - 10.5.131 + + +############################################################ +# resultsdb-frontend details +############################################################ +resultsdb_fe_endpoint: "resultsdb" +resultsdb_frontend_secret_key: "{{ stg_resultsdb_frontend_secret_key }}" + + +############################################################ +# execdb details +############################################################ + +execdb_db_host_machine: db-qa01.qa.fedoraproject.org +execdb_db_host: "{{ execdb_db_host_machine }}" +execdb_db_port: 5432 +execdb_endpoint: 'execdb' +execdb_db_name: execdb_stg +execdb_db_user: "{{ stg_execdb_db_user }}" +execdb_db_password: "{{ stg_execdb_db_password }}" +execdb_secret_key: "{{ stg_execdb_secret_key }}" + + +############################################################ +# fedmsg details +############################################################ + +fedmsg_active: True +fedmsg_cert_prefix: resultsdb + +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: resultsdb + owner: root + group: apache + can_send: + - taskotron.result.new diff --git a/inventory/group_vars/retrace b/inventory/group_vars/retrace index 40975a18a6..e0931528c2 100644 --- a/inventory/group_vars/retrace +++ b/inventory/group_vars/retrace @@ -1,29 +1,50 @@ --- -custom_rules: - - '-A INPUT -p tcp -m tcp -s 10.5.78.11 --dport 2049 -j ACCEPT' - - '-A INPUT -p tcp -m tcp -s 10.5.78.11 --dport 5432 -j ACCEPT' -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 10.5.78.11 tcp dport 2049 counter accept' - - 'add rule ip filter INPUT ip saddr 10.5.78.11 tcp dport 5432 counter accept' -env: production +fas_client_groups: retrace freezes: false -ipa_client_shell_groups: - - retrace -ipa_client_sudo_groups: - - retrace -ipa_host_group: retrace -ipa_host_group_desc: Retrace servers -nrpe_procs_crit: 2000 +sudoers: "{{ private }}/files/sudo/arm-retrace-sudoers" +ansible_ifcfg_blacklist: true + +tcp_ports: [ 80, 443 ] + +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.78.11 --dport 2049 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.78.11 --dport 5432 -j ACCEPT' ] + + nrpe_procs_warn: 1800 -primary_auth_source: ipa -tcp_ports: [80, 443] -vpn: true +nrpe_procs_crit: 2000 -notes: | - Provide a web interface and backend for ABRT Analytics and Retrace Server. - Three services run on this server: - * An Apache httpd serves the web interface and backed functionality for ABRT Analytics. - * The same server provides the HTTP endpoints for Retrace Server to allow remote retracing of crashes in Fedora. - * PostgreSQL server for ABRT Analytics. +devel: false - The retracing functionality relies on the debuginfod server (debuginfod.fedoraproject.org). +# Since retrace is on the qa network, it needs to actively connect to our +# inbound relay. +fedmsg_active: True +fedmsg_cert_prefix: faf + +# Declare fedmsg certs that should be put in /etc/pki/fedmsg/ +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: retrace + can_send: + - logger.log +- service: faf + owner: root + group: faf + can_send: + - faf.report.threshold1 + - faf.report.threshold10 + - faf.report.threshold100 + - faf.report.threshold1000 + - faf.report.threshold1000 + - faf.report.threshold10000 + - faf.report.threshold100000 + - faf.report.threshold1000000 + - faf.problem.threshold1 + - faf.problem.threshold10 + - faf.problem.threshold100 + - faf.problem.threshold1000 + - faf.problem.threshold1000 + - faf.problem.threshold10000 + - faf.problem.threshold100000 + - faf.problem.threshold1000000 diff --git a/inventory/group_vars/retrace-stg b/inventory/group_vars/retrace-stg new file mode 100644 index 0000000000..5701a48b07 --- /dev/null +++ b/inventory/group_vars/retrace-stg @@ -0,0 +1,11 @@ +--- +fas_client_groups: retrace + +tcp_ports: [ 80, 443 ] + +sudoers: "{{ private }}/files/sudo/arm-retrace-sudoers" +root_auth_users: msuchy + +nagios_Check_Services: + nrpe: false + swap: false diff --git a/inventory/group_vars/retrace_stg_aws b/inventory/group_vars/retrace_stg_aws deleted file mode 100644 index 312e147c94..0000000000 --- a/inventory/group_vars/retrace_stg_aws +++ /dev/null @@ -1,11 +0,0 @@ ---- -env: staging -nagios_Check_Services: - mail: false - nrpe: false - swap: false -root_auth_users: msuchy mfabik mzidek -sudoers: "{{ private }}/files/sudo/arm-retrace-sudoers" -tcp_ports: [22, 80, 443] -vpn: true -notes: Provide staging environment for ABRT Analytics and Retrace Server. diff --git a/inventory/group_vars/runroot b/inventory/group_vars/runroot index b4f070ea15..7f06ae26d1 100644 --- a/inventory/group_vars/runroot +++ b/inventory/group_vars/runroot @@ -1,6 +1,6 @@ --- -# We need to mount koji storage rw here so run_root can work. -# The rest of the group can be ro, it's only builders in the +# We need to mount koji storage rw here so run_root can work. +# The rest of the group can be ro, it's only builders in the # compose channel that need a rw mount nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" diff --git a/inventory/group_vars/secondary b/inventory/group_vars/secondary index ec8bd98cda..5c74534475 100644 --- a/inventory/group_vars/secondary +++ b/inventory/group_vars/secondary @@ -1,25 +1,13 @@ --- -datacenter: iad2 -host_group: secondary -ipa_client_shell_groups: - - alt-k12linux - - alt-sugar - - altvideos - - fi-apprentice - - hosted-content - - mips-content - - qa-deltaisos - - s390_content - - sysadmin-noc - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-noc -ipa_host_group: secondary -ipa_host_group_desc: Serve secondary arch and archived releases +datacenter: phx2 +tcp_ports: [80, 443, 873] +rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}" +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + # nfs mount options, overrides the all/default nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,actimeo=600,nfsvers=3" -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -primary_auth_source: ipa -rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}" -tcp_ports: [80, 443, 873] + +fas_client_groups: sysadmin-noc,alt-sugar,alt-k12linux,altvideos,hosted-content,mips-content,s390_content,fi-apprentice,qa-deltaisos,sysadmin-veteran + +host_group: secondary diff --git a/inventory/group_vars/sign-bridge b/inventory/group_vars/sign-bridge new file mode 100644 index 0000000000..c01cbcd6e6 --- /dev/null +++ b/inventory/group_vars/sign-bridge @@ -0,0 +1,13 @@ +--- +freezes: true +postfix_group: sign + +# Define resources for this group of hosts here. +lvm_size: 50000 +mem_size: 4096 +num_cpus: 4 + +tcp_ports: [ 44333, 44334 ] + +fas_client_groups: sysadmin-releng +sudoers: "{{ private }}/files/sudo/00releng-sudoers" diff --git a/inventory/group_vars/sign-vault b/inventory/group_vars/sign-vault new file mode 100644 index 0000000000..8b63ff97a2 --- /dev/null +++ b/inventory/group_vars/sign-vault @@ -0,0 +1,5 @@ +--- +freezes: true +postfix_group: sign +host_group: sign +ansible_ifcfg_blacklist: true diff --git a/inventory/group_vars/sign_bridge b/inventory/group_vars/sign_bridge deleted file mode 100644 index 415611410b..0000000000 --- a/inventory/group_vars/sign_bridge +++ /dev/null @@ -1,14 +0,0 @@ ---- -freezes: true -ipa_client_shell_groups: - - sysadmin-releng -ipa_client_sudo_groups: - - sysadmin-releng -ipa_host_group: sign-bridge -# Define resources for this group of hosts here. -lvm_size: 50000 -mem_size: 4096 -num_cpus: 4 -postfix_group: sign -primary_auth_source: ipa -tcp_ports: [44333, 44334] diff --git a/inventory/group_vars/sign_vault b/inventory/group_vars/sign_vault deleted file mode 100644 index 61d3daf2c6..0000000000 --- a/inventory/group_vars/sign_vault +++ /dev/null @@ -1,10 +0,0 @@ ---- -freezes: true -host_group: sign -nagios_Check_Services: - mail: false - nrpe: false - ping: true - sshd: false - swap: false -postfix_group: sign diff --git a/inventory/group_vars/smtp-mm b/inventory/group_vars/smtp-mm new file mode 100644 index 0000000000..5026f332f7 --- /dev/null +++ b/inventory/group_vars/smtp-mm @@ -0,0 +1,16 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 25 ] + +fas_client_groups: sysadmin-noc,sysadmin-tools,fi-apprentice,sysadmin-veteran + +postfix_transport_filename: transports.mm-smtp +postfix_group: smtp-mm +vpn: true diff --git a/inventory/group_vars/smtp_auth b/inventory/group_vars/smtp_auth deleted file mode 100644 index d7ebaa2adf..0000000000 --- a/inventory/group_vars/smtp_auth +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Define resources for this group of hosts here. -ipa_client_shell_access: - - sysadmin-noc - - sysadmin-tools - - sysadmin-veteran -ipa_client_sudo_access: - - sysadmin-noc - - sysadmin-tools - - sysadmin-veteran -ipa_host_group: smtp_auth -ipa_host_group_desc: SMTP auth servers -lvm_size: 20000 -mem_size: 4096 -nagios_Check_Services: - mail: false - nrpe: true -num_cpus: 2 -postfix_group: smtp-auth -postfix_transport_filename: transports.smtp-auth -primary_auth_source: ipa -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [25, 587] -vpn: true diff --git a/inventory/group_vars/smtp_mm b/inventory/group_vars/smtp_mm deleted file mode 100644 index cbb3b69add..0000000000 --- a/inventory/group_vars/smtp_mm +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Define resources for this group of hosts here. -ipa_client_shell_access: - - fi-apprentice - - sysadmin-noc - - sysadmin-tools - - sysadmin-veteran -ipa_client_sudo_access: - - sysadmin-noc - - sysadmin-tools - - sysadmin-veteran -ipa_host_group: smtp_mm -ipa_host_group_desc: SMTP servers -lvm_size: 20000 -mem_size: 2048 -nagios_Check_Services: - mail: false - nrpe: true -num_cpus: 2 -postfix_group: smtp-mm -postfix_transport_filename: transports.smtp-mm -primary_auth_source: ipa -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [25] -vpn: true diff --git a/inventory/group_vars/staging b/inventory/group_vars/staging index 3e20b7a21e..d298da88b5 100644 --- a/inventory/group_vars/staging +++ b/inventory/group_vars/staging @@ -1,58 +1,28 @@ --- -datanommer_db_hostname: db-datanommer01 -deployment_type: stg -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -env: staging -env_prefix: stg. -env_short: stg -env_suffix: .stg -external: false freezes: false +env: staging +env_suffix: .stg host_group: staging -ipa_admin_password: "{{ ipa_stg_admin_password }}" -ipa_realm: STG.FEDORAPROJECT.ORG -# IPA details -ipa_server: ipa01.stg.iad2.fedoraproject.org -ipa_server_nodes: - - ipa01.stg.iad2.fedoraproject.org - - ipa02.stg.iad2.fedoraproject.org - - ipa03.stg.iad2.fedoraproject.org -mirrors_centos_org_cert_file: mirrors.stg.centos.org.cert -# This is the mirrors.stg.centos.org certs -mirrors_centos_org_cert_name: mirrors.stg.centos.org -mirrors_centos_org_key_file: mirrors.stg.centos.org.key -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet - mtu: 9000 -# Do we want to use nftables instead of iptables -nftables: true -ocp_wildcard_cert_file: wildcard-2024.apps.ocp.stg.fedoraproject.org.cert -# This is the openshift wildcard cert for ocp stg -ocp_wildcard_cert_name: wildcard-2024.apps.ocp.stg.fedoraproject.org -ocp_wildcard_int_file: wildcard-2024.apps.ocp.stg.fedoraproject.org.intermediate.cert -ocp_wildcard_key_file: wildcard-2024.apps.ocp.stg.fedoraproject.org.key -# RIP, FAS -primary_auth_source: ipa -SSLCertificateChainFile: wildcard-2025.stg.fedoraproject.org.intermediate.cert -wildcard_cert_file: wildcard-2025.stg.fedoraproject.org.cert + # This is the wildcard certname for our stg proxies. -wildcard_cert_name: wildcard-2025.stg.fedoraproject.org -wildcard_int_file: wildcard-2025.stg.fedoraproject.org.intermediate.cert -wildcard_key_file: wildcard-2025.stg.fedoraproject.org.key +wildcard_cert_name: wildcard-2017.stg.fedoraproject.org +wildcard_cert_file: wildcard-2017.stg.fedoraproject.org.cert +wildcard_key_file: wildcard-2017.stg.fedoraproject.org.key +wildcard_int_file: wildcard-2017.stg.fedoraproject.org.intermediate.cert + +# This is the openshift wildcard cert for stg +os_wildcard_cert_name: wildcard-2017.app.os.stg.fedoraproject.org +os_wildcard_cert_file: wildcard-2017.app.os.stg.fedoraproject.org.cert +os_wildcard_key_file: wildcard-2017.app.os.stg.fedoraproject.org.key +os_wildcard_int_file: wildcard-2017.stg.fedoraproject.org.intermediate.cert + +# This only does anything if the host is not RHEL6 +collectd_graphite: True + +fedmsg_prefix: org.fedoraproject +fedmsg_env: stg + +# IPA details +ipa_server: ipa01.stg.phx2.fedoraproject.org +ipa_realm: STG.FEDORAPROJECT.ORG +ipa_admin_password: "{{ ipa_stg_admin_password }}" diff --git a/inventory/group_vars/statscache-backend b/inventory/group_vars/statscache-backend new file mode 100644 index 0000000000..5d681ce006 --- /dev/null +++ b/inventory/group_vars/statscache-backend @@ -0,0 +1,16 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 16384 +num_cpus: 4 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +# No fedmsg publication... no ports. +tcp_ports: [] + +fas_client_groups: sysadmin-noc,sysadmin-datanommer,sysadmin-veteran + +# For performance measurement.. for now. This can be removed whenever. +fedmsg_loglevel: DEBUG diff --git a/inventory/group_vars/statscache-backend-stg b/inventory/group_vars/statscache-backend-stg new file mode 100644 index 0000000000..9756c844de --- /dev/null +++ b/inventory/group_vars/statscache-backend-stg @@ -0,0 +1,13 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +# Nope +tcp_ports: [] + +fas_client_groups: sysadmin-noc,sysadmin-datanommer,sysadmin-veteran diff --git a/inventory/group_vars/statscache-web b/inventory/group_vars/statscache-web new file mode 100644 index 0000000000..d665d286b0 --- /dev/null +++ b/inventory/group_vars/statscache-web @@ -0,0 +1,12 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80 ] + +fas_client_groups: sysadmin-noc,sysadmin-datanommer,sysadmin-veteran diff --git a/inventory/group_vars/statscache-web-stg b/inventory/group_vars/statscache-web-stg new file mode 100644 index 0000000000..d665d286b0 --- /dev/null +++ b/inventory/group_vars/statscache-web-stg @@ -0,0 +1,12 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80 ] + +fas_client_groups: sysadmin-noc,sysadmin-datanommer,sysadmin-veteran diff --git a/inventory/group_vars/summershum b/inventory/group_vars/summershum new file mode 100644 index 0000000000..769dcb25dd --- /dev/null +++ b/inventory/group_vars/summershum @@ -0,0 +1,27 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 3000 ] + +fas_client_groups: sysadmin-noc,sysadmin-datanommer,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: summershum + owner: root + group: fedmsg + can_send: + - summershum.ingest.complete + - summershum.ingest.fail + - summershum.ingest.start diff --git a/inventory/group_vars/summershum-stg b/inventory/group_vars/summershum-stg new file mode 100644 index 0000000000..769dcb25dd --- /dev/null +++ b/inventory/group_vars/summershum-stg @@ -0,0 +1,27 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 3000 ] + +fas_client_groups: sysadmin-noc,sysadmin-datanommer,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: summershum + owner: root + group: fedmsg + can_send: + - summershum.ingest.complete + - summershum.ingest.fail + - summershum.ingest.start diff --git a/inventory/group_vars/sundries b/inventory/group_vars/sundries index 608bd7d5e7..60a0415c96 100644 --- a/inventory/group_vars/sundries +++ b/inventory/group_vars/sundries @@ -1,27 +1,22 @@ --- -# Define resources for this group of hosts here. -deployment_type: prod -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-releng - - sysadmin-veteran - - sysadmin-web -ipa_client_sudo_groups: - - sysadmin-releng - - sysadmin-web -ipa_host_group: sundries -ipa_host_group_desc: Odds and ends -lvm_size: 50000 -# This gets overridden by whichever node we want to run special cronjobs. -master_sundries_node: False +# Define resources for this group of hosts here. +lvm_size: 30000 mem_size: 2048 -nrpe_procs_crit: 500 -nrpe_procs_warn: 300 num_cpus: 2 -primary_auth_source: ipa -# A host group for rsync config -rsync_group: sundries + # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file -tcp_ports: [80, 873] + +tcp_ports: [ 80, 873 ] +fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-web,sysadmin-veteran,sysadmin-releng + +# This gets overridden by whichever node we want to run special cronjobs. +master_sundries_node: False + +# A host group for rsync config +rsync_group: sundries + +nrpe_procs_warn: 300 +nrpe_procs_crit: 500 + +sudoers: "{{ private }}/files/sudo/sundries-sudoers" diff --git a/inventory/group_vars/sundries-stg b/inventory/group_vars/sundries-stg new file mode 100644 index 0000000000..e64fe7513f --- /dev/null +++ b/inventory/group_vars/sundries-stg @@ -0,0 +1,22 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 30000 +mem_size: 2048 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 873 ] +fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-web,sysadmin-veteran,sysadmin-releng + +# This gets overridden by whichever node we want to run special cronjobs. +master_sundries_node: False + +# A host group for rsync config +rsync_group: sundries-stg + +nrpe_procs_warn: 300 +nrpe_procs_crit: 500 + +sudoers: "{{ private }}/files/sudo/sundries-sudoers" diff --git a/inventory/group_vars/sundries_stg b/inventory/group_vars/sundries_stg deleted file mode 100644 index 322b6493a2..0000000000 --- a/inventory/group_vars/sundries_stg +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Define resources for this group of hosts here. -deployment_type: stg -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-releng - - sysadmin-veteran - - sysadmin-web -ipa_client_sudo_groups: - - sysadmin-releng - - sysadmin-web -ipa_host_group: sundries -ipa_host_group_desc: Odds and ends -lvm_size: 50000 -# This gets overridden by whichever node we want to run special cronjobs. -master_sundries_node: False -mem_size: 2048 -nrpe_procs_crit: 500 -nrpe_procs_warn: 300 -num_cpus: 2 -# A host group for rsync config -rsync_group: sundries-stg -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [80, 873] diff --git a/inventory/group_vars/tagger b/inventory/group_vars/tagger new file mode 100644 index 0000000000..d74ed6a9eb --- /dev/null +++ b/inventory/group_vars/tagger @@ -0,0 +1,36 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 4096 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +wsgi_fedmsg_service: fedoratagger +wsgi_procs: 2 +wsgi_threads: 2 + +tcp_ports: [ 80 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: fedoratagger + owner: root + group: fedoratagger + can_send: + - fedoratagger.rating.update + - fedoratagger.tag.create + - fedoratagger.tag.update + - fedoratagger.usage.toggle + - fedoratagger.user.rank.update diff --git a/inventory/group_vars/tagger-stg b/inventory/group_vars/tagger-stg new file mode 100644 index 0000000000..f2ff4a2816 --- /dev/null +++ b/inventory/group_vars/tagger-stg @@ -0,0 +1,36 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +wsgi_fedmsg_service: fedoratagger +wsgi_procs: 2 +wsgi_threads: 2 + +tcp_ports: [ 80 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: fedoratagger + owner: root + group: fedoratagger + can_send: + - fedoratagger.rating.update + - fedoratagger.tag.create + - fedoratagger.tag.update + - fedoratagger.usage.toggle + - fedoratagger.user.rank.update diff --git a/inventory/group_vars/tang b/inventory/group_vars/tang deleted file mode 100644 index 2b5256557e..0000000000 --- a/inventory/group_vars/tang +++ /dev/null @@ -1,5 +0,0 @@ ---- -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -primary_auth_source: ipa -tcp_ports: [80] diff --git a/inventory/group_vars/taskotron-dev b/inventory/group_vars/taskotron-dev new file mode 100644 index 0000000000..637ca04085 --- /dev/null +++ b/inventory/group_vars/taskotron-dev @@ -0,0 +1,83 @@ +--- +############################################################ +# general information +############################################################ + +fas_client_groups: sysadmin-qa,sysadmin-main,fi-apprentice,sysadmin-noc,sysadmin-veteran +tcp_ports: [ 80, 443, "{{ buildslave_port }}" ] +freezes: false + +external_hostname: taskotron-dev.fedoraproject.org +deployment_type: dev +robots_path: /var/www/html + +############################################################ +# task repo details +############################################################ + +grokmirror_basedir: /var/lib/git/mirror +grokmirror_user: grokmirror +grokmirror_repos: + - { name: fedoraqa/rpmlint, url: 'https://pagure.io/taskotron/task-rpmlint.git'} + - { name: fedoraqa/upgradepath, url: 'https://pagure.io/taskotron/task-upgradepath.git'} + - { name: fedoraqa/dockerautotest, url: 'https://pagure.io/taskotron/task-dockerautotest.git'} + - { name: fedoraqa/abicheck, url: 'https://pagure.io/task-abicheck.git'} + - { name: fedoraqa/rpmgrill, url: 'https://pagure.io/taskotron/task-rpmgrill.git'} + - { name: fedoraqa/python-versions, url: 'https://github.com/fedora-python/taskotron-python-versions'} + - { name: fedoraqa/check_modulemd, url: 'https://github.com/fedora-modularity/check_modulemd'} + - { name: fedoraqa/rpmdeplint, url: 'https://pagure.io/taskotron/task-rpmdeplint.git'} + - { name: fedoraqa/upstream-atomic, url: 'https://pagure.io/taskotron/task-upstream-atomic.git'} + - { name: fedoraqa/fedora-cloud-tests, url: 'https://pagure.io/taskotron/task-fedora-cloud-tests.git'} + - { name: fedoraqa/modularity-testing-framework, url: 'https://pagure.io/taskotron/task-modularity-testing-framework.git'} +grokmirror_default_branch: develop + + +############################################################ +# urls and endpoints +############################################################ + +execdb_endpoint: execdb +execdb_statuspush: http://resultsdb-dev01.qa.fedoraproject.org/execdb/buildbottest +execdb_server: http://resultsdb-dev01.qa.fedoraproject.org/execdb +resultsdb_api_endpoint: resultsdb_api +resultsdb_host: http://resultsdb-dev01.qa.fedoraproject.org/resultsdb_api/ +resultsdb_external_url: https://taskotron-dev.fedoraproject.org/resultsdb/ +resultsdb_fe_endpoint: resultsdb +resultsdb_frontend_url: http://resultsdb-dev01.qa.fedoraproject.org/resultsdb/ +resultsdb_url: http://resultsdb-dev01.qa.fedoraproject.org/resultsdb_api/api/v2.0 +taskotron_docs_url: https://qa.fedoraproject.org/docs/libtaskotron/latest/ +# make sure this doesn't have a trailing slash +trigger_distgit_repo_url: git://pkgs02.phx2.fedoraproject.org +instances: + - { name: "Production", url: "https://taskotron.fedoraproject.org"} + - { name: "Staging", url: "https://taskotron.stg.fedoraproject.org"} + - { name: "Development", url: "http://taskotron-dev.fedoraproject.org"} + + +############################################################ +# taskotron details +############################################################ + +settings_dir: /etc/taskotron +landingpage_title: "Development" +landingpage_instance: "dev" +public_artifacts_dir: /srv/taskotron/artifacts +cgit_root_title: "Taskotron Dev Server Git Mirror" + +############################################################ +# buildbot details +############################################################ + +buildmaster_db_host: db-qa01.qa.fedoraproject.org +buildmaster_db_name: buildmaster_dev +buildmaster_db_user: "{{ dev_buildmaster_db_user }}" +buildmaster_db_password: "{{ dev_buildmaster_db_password }}" +buildmaster_dir: /srv/buildmaster/master +buildmaster_endpoint: taskmaster +buildmaster_home: /srv/buildmaster +buildmaster_template: taskotron.master.cfg.j2 +buildmaster_user: buildmaster + +buildslave_port: 9989 +buildslave_password: "{{ dev_buildslave_password }}" +buildslave_ssh_pubkey: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4EOTNfPIvIjCLNRYauVquS2LA8CZvCi6f87TASDZv4moFTv3mrCIdA3ycYLg+r+ODdPDjF9Cjpw1os/8L07XegTt9gAJVIpxzu3ZgQDkSQbx/hlDi+RG4EOIHL8nNJmu27dOVd1tb3k3aOkP5twO4uEq9RygrQBWMZTmOHdS/q8ZVUQG0d1sKv2J8EuBENgICjjIhhYvdvluu3G65jKxMgDbSXjkK6vZpbDbS2d6JI3VeLbVGlyFbHkTu7vH/vzTJZfOYgp0ZbvW9Wo3VSq/ia5qtrLKwRcBkpyCkP6uOQ14zqj4zJd/Hv7qhEcUhC8Jsb7d/Z6b3q5ID0s/9nuHdQ== tflink@lockbox01.phx2.fedoraproject.org' diff --git a/inventory/group_vars/taskotron-dev-client-hosts b/inventory/group_vars/taskotron-dev-client-hosts new file mode 100644 index 0000000000..b618fb4eb1 --- /dev/null +++ b/inventory/group_vars/taskotron-dev-client-hosts @@ -0,0 +1,81 @@ +--- +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + + +############################################################ +# general config +############################################################ + +deployment_type: dev +tcp_ports: [ "{{ buildslave_port }}", 8075 ] +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" +freezes: false + +# this enables extra repos during dnf install but that's broken right now, remember to re-enable +extra_enablerepos: '' + + +############################################################ +# buildslave config +############################################################ + +slaves_group: buildslaves +buildmaster: 10.5.124.181 +buildslave_port: 9989 +buildslave_password: "{{ dev_buildslave_password }}" +taskotron_admin_email: taskotron-admin-members@fedoraproject.org + + +############################################################ +# taskotron config +############################################################ + +taskotron_fas_user: taskotron +# stuff is kinda not working for stg bodhi right now. workaround by having empty fas password +#taskotron_fas_password: '{{ dev_taskotron_fas_password}}' +taskotron_fas_password: '' + +execdb_external_url: https://taskotron-dev.fedoraproject.org/execdb +resultsdb_server: http://resultsdb-dev01.qa.fedoraproject.org/resultsdb_api/api/v2.0 +bodhi_server: https://bodhi.fedoraproject.org/ +kojihub_url: https://koji.fedoraproject.org/kojihub +kojipkg_url: https://kojipkgs.fedoraproject.org/packages +taskotron_master: https://taskotron-dev.fedoraproject.org/taskmaster +resultsdb_external_url: https://taskotron-dev.fedoraproject.org/resultsdb +artifacts_base_url: https://taskotron-dev.fedoraproject.org/artifacts + +client_report_to_bodhi: 'False' + +imagesdir: /var/lib/diskimages + +grokmirror_user: grokmirror + + +############################################################ +# testcloud config +############################################################ + +buildslave_pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4EOTNfPIvIjCLNRYauVquS2LA8CZvCi6f87TASDZv4moFTv3mrCIdA3ycYLg+r+ODdPDjF9Cjpw1os/8L07XegTt9gAJVIpxzu3ZgQDkSQbx/hlDi+RG4EOIHL8nNJmu27dOVd1tb3k3aOkP5twO4uEq9RygrQBWMZTmOHdS/q8ZVUQG0d1sKv2J8EuBENgICjjIhhYvdvluu3G65jKxMgDbSXjkK6vZpbDbS2d6JI3VeLbVGlyFbHkTu7vH/vzTJZfOYgp0ZbvW9Wo3VSq/ia5qtrLKwRcBkpyCkP6uOQ14zqj4zJd/Hv7qhEcUhC8Jsb7d/Z6b3q5ID0s/9nuHdQ== tflink@lockbox01.phx2.fedoraproject.org" + + +############################################################ +# task git mirror config +############################################################ + +buildslave_private_sshkey_file: dev-buildslave-sshkey/dev_buildslave +buildslave_public_sshkey_file: dev-buildslave-sshkey/dev_buildslave.pub + +buildmaster_pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCpXXWKllUaHf8It2r4HC02mkxmJlX/gqYmAmgcOM850xcyEAx72taJgfW4vWgs1Y2HLw4jt16KeOIv9bF8U+aHV74ASqwmmsSq2U6gr/HXIQcY0vkzZtKq72pPZuow4vX6Q8Nw0Zmo7p9LXqKIkeI1ujYztyxAhgXkCtHmo1NjDAP7kFB1o9ouplQ449hK5sfXz6ALH6adFrbKI4zqZLcvEJsLjmLRu03J7SrzJb+f6HWNuQCs9f7ppSBlfdP6giNLzxWRETee9kEbQsKadfRIG9SAYgyduDCinxZhgJj0t2V83gq8vE1wwOB8c/+8R+0INS4DUn67IMicoqR1GUhF" + + +############################################################ +# imagefactory config +############################################################ + +imagefactory_host: qa11.qa.fedoraproject.org +imagefactory_baseurl: 'http://{{imagefactory_host}}:8075/imagefactory' +imagefactory_tools_branch: develop + +# enable nested virt +nested: true diff --git a/inventory/group_vars/taskotron-prod b/inventory/group_vars/taskotron-prod new file mode 100644 index 0000000000..5bb463bf80 --- /dev/null +++ b/inventory/group_vars/taskotron-prod @@ -0,0 +1,78 @@ +--- +############################################################ +# general information +############################################################ + +deployment_type: prod +external_hostname: taskotron.fedoraproject.org +robots_path: /var/www/html +tcp_ports: [ 80, 443, "{{ buildslave_port }}" ] + +# this enables extra repos during dnf operations +extra_enablerepos: '' + +############################################################ +# task repo details +############################################################ + +grokmirror_basedir: /var/lib/git/mirror +grokmirror_repos: + - { name: fedoraqa/rpmlint, url: 'https://pagure.io/taskotron/task-rpmlint.git'} + - { name: fedoraqa/upgradepath, url: 'https://pagure.io/taskotron/task-upgradepath.git'} + - { name: fedoraqa/dockerautotest, url: 'https://pagure.io/taskotron/task-dockerautotest.git'} + - { name: fedoraqa/abicheck, url: 'https://pagure.io/task-abicheck.git'} + - { name: fedoraqa/rpmgrill, url: 'https://pagure.io/taskotron/task-rpmgrill.git'} + - { name: fedoraqa/python-versions, url: 'https://github.com/fedora-python/taskotron-python-versions'} + - { name: fedoraqa/check_modulemd, url: 'https://github.com/fedora-modularity/check_modulemd'} + - { name: fedoraqa/rpmdeplint, url: 'https://pagure.io/taskotron/task-rpmdeplint.git'} + - { name: fedoraqa/upstream-atomic, url: 'https://pagure.io/taskotron/task-upstream-atomic.git'} + - { name: fedoraqa/fedora-cloud-tests, url: 'https://pagure.io/taskotron/task-fedora-cloud-tests.git'} + - { name: fedoraqa/modularity-testing-framework, url: 'https://pagure.io/taskotron/task-modularity-testing-framework.git'} +grokmirror_user: grokmirror +grokmirror_default_branch: master + + +############################################################ +# urls and endpoints +############################################################ + +execdb_server: http://resultsdb01.qa.fedoraproject.org/execdb +execdb_statuspush: http://resultsdb01.qa.fedoraproject.org/execdb/buildbottest +resultsdb_external_url: https://taskotron.fedoraproject.org/resultsdb/ +resultsdb_fe_endpoint: resultsdb +resultsdb_frontend_url: http://resultsdb01.qa.fedoraproject.org/resultsdb +resultsdb_url: http://resultsdb01.qa.fedoraproject.org/resultsdb_api/api/v2.0 +taskotron_docs_url: https://qa.fedoraproject.org/docs/libtaskotron/latest/ +trigger_distgit_repo_url: git://pkgs02.phx2.fedoraproject.org +instances: + - { name: "Production", url: "https://taskotron.fedoraproject.org"} + - { name: "Staging", url: "https://taskotron.stg.fedoraproject.org"} + - { name: "Development", url: "http://taskotron-dev.fedoraproject.org"} + +############################################################ +# taskotron details +############################################################ + +public_artifacts_dir: /srv/taskotron/artifacts +cgit_root_title: "Taskotron Git Mirror" +landingpage_title: "Production" +landingpage_instance: "prod" +settings_dir: /etc/taskotron + +############################################################ +# buildbot details +############################################################ + +buildmaster_db_host: db-qa01.qa.fedoraproject.org +buildmaster_db_name: buildmaster +buildmaster_db_user: "{{ prod_buildmaster_db_user }}" +buildmaster_db_password: "{{ prod_buildmaster_db_password }}" +buildmaster_dir: /srv/buildmaster/master +buildmaster_endpoint: taskmaster +buildmaster_home: /srv/buildmaster +buildmaster_user: buildmaster +buildmaster_template: taskotron.master.cfg.j2 + +buildslave_ssh_pubkey: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3Fhg7qUJ1+3N2YficTWQGEPm5JYmqDE7JbnpTTjQixd51r36YJ93sMQV63UOPkVaqPHkzIETUuvWLa/fnDhyYEnLT8mSgCqGViyd93MHYFD+nIzL1OIewKPiVbBdmlDOABD+ROSkC/wAfqJMgleqdDonWC8R0Qo+Y2r4sLMF7dxdPdRe3+WIcvC5YqDUZN/2gfsZ2tnAakZ1sGcX0yPvnpF9FmtRfkNp60OK7NXMLGV7Tayhkib05rGHl0q5dK4/vxKKk/aNgIK7gE3XFF7f+S2PDjvH3q/yby2Z3Wkp61JpVl+RTGz/XKpejUSDkJyQkbIC5+QQFeei58RLDJhzLQ== tflink@lockbox01.phx2.fedoraproject.org' +buildslave_port: 9989 +buildslave_password: "{{ prod_buildslave_password }}" diff --git a/inventory/group_vars/taskotron-prod-client-hosts b/inventory/group_vars/taskotron-prod-client-hosts new file mode 100644 index 0000000000..edc88c9383 --- /dev/null +++ b/inventory/group_vars/taskotron-prod-client-hosts @@ -0,0 +1,78 @@ +--- +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + + +############################################################ +# general config +############################################################ + +deployment_type: prod +tcp_ports: [ "{{ buildslave_port }}", 8075] +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" +freezes: false + +extra_enablerepos: '' + + +############################################################ +# buildslave config +############################################################ + +slaves_group: buildslaves +buildmaster: 10.5.124.206 +buildslave_port: 9989 +buildslave_password: "{{ prod_buildslave_password }}" +taskotron_admin_email: taskotron-admin-members@fedoraproject.org + + +############################################################ +# taskotron config +############################################################ + +taskotron_fas_user: taskotron +#taskotron_fas_password: '{{ prod_taskotron_fas_password}}' +taskotron_fas_password: '' + +execdb_external_url: https://taskotron.fedoraproject.org/execdb/ +resultsdb_server: http://resultsdb01.qa.fedoraproject.org/resultsdb_api/api/v2.0/ +# this should be proxy01.phx2 through /etc/hosts +bodhi_server: https://bodhi.fedoraproject.org/ +kojihub_url: https://koji.fedoraproject.org/kojihub +kojipkg_url: https://kojipkgs.fedoraproject.org/packages +taskotron_master: https://taskotron.fedoraproject.org/taskmaster/ +resultsdb_external_url: https://taskotron.fedoraproject.org/resultsdb +artifacts_base_url: https://taskotron.fedoraproject.org/artifacts + +client_report_to_bodhi: 'False' + +imagesdir: /var/lib/diskimages + +grokmirror_user: grokmirror + + +############################################################ +# testcloud config +############################################################ + +buildslave_pubkey: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3Fhg7qUJ1+3N2YficTWQGEPm5JYmqDE7JbnpTTjQixd51r36YJ93sMQV63UOPkVaqPHkzIETUuvWLa/fnDhyYEnLT8mSgCqGViyd93MHYFD+nIzL1OIewKPiVbBdmlDOABD+ROSkC/wAfqJMgleqdDonWC8R0Qo+Y2r4sLMF7dxdPdRe3+WIcvC5YqDUZN/2gfsZ2tnAakZ1sGcX0yPvnpF9FmtRfkNp60OK7NXMLGV7Tayhkib05rGHl0q5dK4/vxKKk/aNgIK7gE3XFF7f+S2PDjvH3q/yby2Z3Wkp61JpVl+RTGz/XKpejUSDkJyQkbIC5+QQFeei58RLDJhzLQ== tflink@lockbox01.phx2.fedoraproject.org' + + +############################################################ +# task git mirror config +############################################################ + +buildslave_private_sshkey_file: prod-buildslave-sshkey/prod_buildslave +buildslave_public_sshkey_file: prod-buildslave-sshkey/prod_buildslave.pub +buildmaster_pubkey: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9yMRz2GMoYSqlzVejI+SHR8CwTT9j3ecMwPrNQt6QHwNtrEvydU5coyP+ptIgRtlvcC14LA8usy/zmxSiI3H0GkCi7AanwuzoSh/PJfDBteDyhtvw5hoD+spFk1wZjhZ+p4zzLoCMsZg2XsASHaRlIwq1vAmMNSwZuQC/q4nHEEPnQbWYIms0Umwa+ztixmw7gSYJiHxByrEb3r1djRZoBubJsCOU48EyMBmNdCvHCGr1LLVtYdRun+qBm8kCLBUYRcpFstg/A4T9YBSH9svTL1tWnqodBN25NWtO3Fvk/Fv5MhU/SPgYSP9+KwWM/LdnbbN4oqHbBj+sIcJ8hjGj' + +############################################################ +# imagefactory config +############################################################ + +imagefactory_host: qa12.qa.fedoraproject.org +imagefactory_baseurl: 'http://{{imagefactory_host}}:8075/imagefactory' +imagefactory_tools_branch: master + +# enable nested virt +nested: true diff --git a/inventory/group_vars/taskotron-stg b/inventory/group_vars/taskotron-stg new file mode 100644 index 0000000000..a9d54989c1 --- /dev/null +++ b/inventory/group_vars/taskotron-stg @@ -0,0 +1,87 @@ +--- +############################################################ +# general information +############################################################ + +tcp_ports: [ 80, 443, "{{ buildslave_port }}" ] +freezes: false + +external_hostname: taskotron.stg.fedoraproject.org +deployment_type: stg +robots_path: /var/www/html + +# decide whether to use prod or stg fedsmg bus +fedmsg_env: prod + +############################################################ +# task repo details +############################################################ + +grokmirror_basedir: /var/lib/git/mirror +grokmirror_user: grokmirror +grokmirror_repos: + - { name: fedoraqa/rpmlint, url: 'https://pagure.io/taskotron/task-rpmlint.git'} + - { name: fedoraqa/upgradepath, url: 'https://pagure.io/taskotron/task-upgradepath.git'} + - { name: fedoraqa/dockerautotest, url: 'https://pagure.io/taskotron/task-dockerautotest.git'} + - { name: fedoraqa/abicheck, url: 'https://pagure.io/task-abicheck.git'} + - { name: fedoraqa/rpmgrill, url: 'https://pagure.io/taskotron/task-rpmgrill.git'} + - { name: fedoraqa/python-versions, url: 'https://github.com/fedora-python/taskotron-python-versions'} + - { name: fedoraqa/check_modulemd, url: 'https://github.com/fedora-modularity/check_modulemd'} + - { name: fedoraqa/rpmdeplint, url: 'https://pagure.io/taskotron/task-rpmdeplint.git'} + - { name: fedoraqa/upstream-atomic, url: 'https://pagure.io/taskotron/task-upstream-atomic.git'} + - { name: fedoraqa/fedora-cloud-tests, url: 'https://pagure.io/taskotron/task-fedora-cloud-tests.git'} + - { name: fedoraqa/modularity-testing-framework, url: 'https://pagure.io/taskotron/task-modularity-testing-framework.git'} +grokmirror_default_branch: develop + + +############################################################ +# urls and endpoints +############################################################ + +execdb_endpoint: execdb +execdb_statuspush: http://resultsdb-stg01.qa.fedoraproject.org/execdb/buildbottest +execdb_server: http://resultsdb-stg01.qa.fedoraproject.org/execdb +resultsdb_api_endpoint: resultsdb_api +resultsdb_host: http://resultsdb-stg01.qa.fedoraproject.org/resultsdb_api/ +resultsdb_external_url: https://taskotron.stg.fedoraproject.org/resultsdb/ +resultsdb_fe_endpoint: resultsdb +resultsdb_frontend_url: http://resultsdb-stg01.qa.fedoraproject.org/resultsdb/ +resultsdb_url: http://resultsdb-stg01.qa.fedoraproject.org/resultsdb_api/api/v2.0 +taskotron_docs_url: https://qa.fedoraproject.org/docs/libtaskotron/latest/ +# make sure this doesn't have a trailing slash +trigger_distgit_repo_url: https://src.stg.fedoraproject.org/ +trigger_critpath_url: https://admin.stg.fedoraproject.org/pkgdb/api/critpath?format=json + +instances: + - { name: "Production", url: "https://taskotron.fedoraproject.org"} + - { name: "Staging", url: "https://taskotron.stg.fedoraproject.org"} + - { name: "Development", url: "http://taskotron-dev.fedoraproject.org"} + + +############################################################ +# taskotron details +############################################################ + +settings_dir: /etc/taskotron +landingpage_title: "Staging" +landingpage_instance: "stg" +public_artifacts_dir: /srv/taskotron/artifacts +cgit_root_title: "Taskotron Stg Server Git Mirror" + +############################################################ +# buildbot details +############################################################ + +buildmaster_db_host: db-qa01.qa.fedoraproject.org +buildmaster_db_name: buildmaster_stg +buildmaster_db_user: "{{ stg_buildmaster_db_user }}" +buildmaster_db_password: "{{ stg_buildmaster_db_password }}" +buildmaster_dir: /srv/buildmaster/master +buildmaster_endpoint: taskmaster +buildmaster_home: /srv/buildmaster +buildmaster_template: taskotron.master.cfg.j2 +buildmaster_user: buildmaster + +buildslave_port: 9989 +buildslave_password: "{{ stg_buildslave_password }}" +buildslave_ssh_pubkey: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4EOTNfPIvIjCLNRYauVquS2LA8CZvCi6f87TASDZv4moFTv3mrCIdA3ycYLg+r+ODdPDjF9Cjpw1os/8L07XegTt9gAJVIpxzu3ZgQDkSQbx/hlDi+RG4EOIHL8nNJmu27dOVd1tb3k3aOkP5twO4uEq9RygrQBWMZTmOHdS/q8ZVUQG0d1sKv2J8EuBENgICjjIhhYvdvluu3G65jKxMgDbSXjkK6vZpbDbS2d6JI3VeLbVGlyFbHkTu7vH/vzTJZfOYgp0ZbvW9Wo3VSq/ia5qtrLKwRcBkpyCkP6uOQ14zqj4zJd/Hv7qhEcUhC8Jsb7d/Z6b3q5ID0s/9nuHdQ== tflink@lockbox01.phx2.fedoraproject.org' diff --git a/inventory/group_vars/taskotron-stg-client-hosts b/inventory/group_vars/taskotron-stg-client-hosts new file mode 100644 index 0000000000..be04261f7a --- /dev/null +++ b/inventory/group_vars/taskotron-stg-client-hosts @@ -0,0 +1,81 @@ +--- +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + + +############################################################ +# general config +############################################################ + +deployment_type: stg +tcp_ports: [ "{{ buildslave_port }}" ] +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" +freezes: false + +# this enables extra repos during dnf install but that's broken right now, remember to re-enable +extra_enablerepos: '' + + +############################################################ +# buildslave config +############################################################ + +slaves_group: buildslaves +buildmaster: 10.5.124.232 +buildslave_port: 9989 +buildslave_password: "{{ stg_buildslave_password }}" +taskotron_admin_email: taskotron-admin-members@fedoraproject.org + + +############################################################ +# taskotron config +############################################################ + +taskotron_fas_user: taskotron +# stuff is kinda not working for stg bodhi right now. workaround by having empty fas password +#taskotron_fas_password: '{{ stg_taskotron_fas_password}}' +taskotron_fas_password: '' + +execdb_external_url: https://taskotron.stg.fedoraproject.org/execdb/ +resultsdb_server: http://resultsdb-stg01.qa.fedoraproject.org/resultsdb_api/api/v2.0/ +# this should be proxy01.stg through /etc/hosts +bodhi_server: https://bodhi.fedoraproject.org/ +kojihub_url: https://koji.fedoraproject.org/kojihub +kojipkg_url: https://kojipkgs.fedoraproject.org/packages +taskotron_master: https://taskotron.stg.fedoraproject.org/taskmaster/ +resultsdb_external_url: https://taskotron.stg.fedoraproject.org/resultsdb +artifacts_base_url: https://taskotron.stg.fedoraproject.org/artifacts + +client_report_to_bodhi: 'False' + +imagesdir: /var/lib/diskimages + +grokmirror_user: grokmirror + + +############################################################ +# testcloud config +############################################################ + +buildslave_pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4EOTNfPIvIjCLNRYauVquS2LA8CZvCi6f87TASDZv4moFTv3mrCIdA3ycYLg+r+ODdPDjF9Cjpw1os/8L07XegTt9gAJVIpxzu3ZgQDkSQbx/hlDi+RG4EOIHL8nNJmu27dOVd1tb3k3aOkP5twO4uEq9RygrQBWMZTmOHdS/q8ZVUQG0d1sKv2J8EuBENgICjjIhhYvdvluu3G65jKxMgDbSXjkK6vZpbDbS2d6JI3VeLbVGlyFbHkTu7vH/vzTJZfOYgp0ZbvW9Wo3VSq/ia5qtrLKwRcBkpyCkP6uOQ14zqj4zJd/Hv7qhEcUhC8Jsb7d/Z6b3q5ID0s/9nuHdQ== tflink@lockbox01.phx2.fedoraproject.org" + + +############################################################ +# task git mirror config +############################################################ + +buildslave_private_sshkey_file: dev-buildslave-sshkey/dev_buildslave +buildslave_public_sshkey_file: dev-buildslave-sshkey/dev_buildslave.pub +buildmaster_pubkey: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDuEn17zELhxb4AcN2S+3j3zcdi0MO/kK+z9iZq63dTHq+SoHyQjiOrwnvWURQvod0Q9ro9fukSlJ0yJCYv+Y7MGxqvavVDrK4oW5VhzpJzr4UpInaxMleDSHHt13NxNOVBy+Dkb4xkQGdPD472WuBdzGG5OSisaFNX/jAkVO88a/klbvJTH4AmHX+KslAhnV+SSxKt5L+zVDYXXJOBCeVNoGRiVmq2ZJQiWlwT+TGreDXCsjW1anqnV/lLoThWAi+u919ur3uFg1JBKIDHM/JRZZjyfapbTSC/1YPNpBs+KdaSZhcCngqXDmOt1Ax3TR7FXQ344KwWk3VD6gV+065B' + + +############################################################ +# imagefactory config +############################################################ + +imagefactory_host: qa12.qa.fedoraproject.org +imagefactory_baseurl: 'http://{{imagefactory_host}}:8075/imagefactory' +imagefactory_tools_branch: master + +# enable nested virt +nested: true diff --git a/inventory/group_vars/testcase_stats b/inventory/group_vars/testcase_stats deleted file mode 100644 index 595f8a7214..0000000000 --- a/inventory/group_vars/testcase_stats +++ /dev/null @@ -1 +0,0 @@ -testcase_stats_output_dir: /usr/share/openqa/public/testcase_stats diff --git a/inventory/group_vars/torrent b/inventory/group_vars/torrent index 2cf2d0cf42..36efa42484 100644 --- a/inventory/group_vars/torrent +++ b/inventory/group_vars/torrent @@ -1,35 +1,27 @@ --- -# Define resources for this group of hosts here. -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-veteran - - sysadmin-web - - torrent-cc - - torrentadmin -ipa_client_sudo_groups: - - sysadmin-web - - torrentadmin -ipa_host_group: torrent -ipa_host_group_desc: BitTorrent trackers -lvm_size: 1500000 +# Define resources for this group of hosts here. +lvm_size: 750000 mem_size: 4096 -nrpe_procs_crit: 500 -nrpe_procs_warn: 300 num_cpus: 2 -primary_auth_source: ipa -tcp_ports: [53, 80, 443, 873, "6881-6999"] -udp_ports: [53] -notes: | - Torrent master server for Fedora distribution - torrent01 is the master torrent server for Fedora releases - This host relies on: - * The virthost it's hosted on (ibiblio05.fedoraproject.org) - * FAS to authenticate users - * VPN connectivity +tcp_ports: [ 53, 80, 443, 873, "6881:6999" ] +udp_ports: [ 53 ] - Things that rely on this host: - * If this host is down, Fedora will lose a release distribution channel - * The Apache that displays the torrent website - * This server also has opentracker+ running to gather statistics for our torrent +fas_client_groups: sysadmin-web,torrentadmin,sysadmin-noc,torrent-cc,fi-apprentice,sysadmin-veteran + +nrpe_procs_warn: 300 +nrpe_procs_crit: 500 +csi_security_category: Low +csi_primary_contact: Fedora Admins - admin@fedoraproject.org +csi_purpose: Torrent master server for Fedora distribution +csi_relationship: | + torrent01 is the master torrent server for Fedora releases + This host relies on: + - The virthost it's hosted on (ibiblio05.fedoraproject.org) + - FAS to authenticate users + - VPN connectivity + + Things that rely on this host: + - If this host is down, Fedora will lose a release distribution channel + - The Apache that displays the torrent website + - This server also has opentracker+ running to gather statistics for our torrent diff --git a/inventory/group_vars/twisted-buildbots b/inventory/group_vars/twisted-buildbots new file mode 100644 index 0000000000..954d613a97 --- /dev/null +++ b/inventory/group_vars/twisted-buildbots @@ -0,0 +1,3 @@ +--- +freezes: false +datacenter: cloud diff --git a/inventory/group_vars/unbound b/inventory/group_vars/unbound new file mode 100644 index 0000000000..7be065c033 --- /dev/null +++ b/inventory/group_vars/unbound @@ -0,0 +1,14 @@ +--- +lvm_size: 10000 +mem_size: 1024 +num_cpus: 2 + +tcp_ports: [ 80, 443 ] +custom_rules: [ '-A INPUT -p tcp -m tcp -s 209.132.184.0/24 --dport 53 -j ACCEPT', + '-A INPUT -p udp -m udp -s 209.132.184.0/24 --dport 53 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 209.132.181.0/24 --dport 53 -j ACCEPT', + '-A INPUT -p udp -m udp -s 209.132.181.0/24 --dport 53 -j ACCEPT' ] + +fas_client_groups: sysadmin-dns +freezes: false +postfix_group: vpn diff --git a/inventory/group_vars/value b/inventory/group_vars/value index 9210d77a6d..ddff304f08 100644 --- a/inventory/group_vars/value +++ b/inventory/group_vars/value @@ -1,44 +1,65 @@ --- -# Define resources for this group of hosts here. -# For the MOTD -custom_rules: [ - # Needed for rsync from log01 for logs. - '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', - # Needed to let nagios on noc01 and noc02 pipe alerts to zodbot here - '-A INPUT -p tcp -m tcp -s 10.3.163.10 --dport 5050 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.20 --dport 5050 -j ACCEPT', - # batcave01 also needs access to announce commits. - '-A INPUT -p tcp -m tcp -s 10.3.163.35 --dport 5050 -j ACCEPT'] -nft_custom_rules: - # Needed for rsync from log01 for logs. - - 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept' - # Needed to let nagios on noc01 and noc02 pipe alerts to zodbot here - - 'add rule ip filter INPUT ip saddr 10.3.163.10 tcp dport 5050 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.20 tcp dport 5050 counter accept' - # batcave01 also needs access to announce commits. - - 'add rule ip filter INPUT ip saddr 10.3.163.35 tcp dport 5050 counter accept' -deployment_type: prod -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-mote - - sysadmin-noc - - sysadmin-veteran - - sysadmin-web -ipa_client_sudo_groups: - - sysadmin-mote - - sysadmin-web -ipa_host_group: value -ipa_host_group_desc: "Value added: IRC bots, message logging, etc." +# Define resources for this group of hosts here. lvm_size: 30000 mem_size: 6144 num_cpus: 2 -primary_auth_source: ipa + # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file -tcp_ports: [80, 443] -notes: | - Hosts services which help facilitate communication over IRC and related mediums. - There are a couple things running here. +tcp_ports: [ 80, 443, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +custom_rules: [ + # Needed for rsync from log01 for logs. + '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', + # Needed to let nagios on noc01 and noc02 pipe alerts to zodbot here + '-A INPUT -p tcp -m tcp -s 10.5.126.41 --dport 5050 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.126.241 --dport 5050 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 192.168.1.20 --dport 5050 -j ACCEPT', + # batcave01 also needs access to announce commits. + '-A INPUT -p tcp -m tcp -s 10.5.126.23 --dport 5050 -j ACCEPT', +] + +fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-web,sysadmin-mote,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: supybot + owner: root + group: daemon + can_send: + # cookies! + - irc.karma + # standard meetbot stuff + - meetbot.meeting.complete + - meetbot.meeting.start + - meetbot.meeting.topic.update + # meetbot line items + - meetbot.meeting.item.agreed + - meetbot.meeting.item.accepted + - meetbot.meeting.item.rejected + - meetbot.meeting.item.action + - meetbot.meeting.item.info + - meetbot.meeting.item.idea + - meetbot.meeting.item.help + - meetbot.meeting.item.link + +# For the MOTD +csi_security_category: Moderate +csi_primary_contact: mote admins - sysadmin-mote-members@fedoraproject.org +csi_purpose: Hosts services which help facilitate communication over IRC and related mediums. +csi_relationship: | + There are a couple things running here. + * zodbot, a supybot instance. See the zodbot SOP for more info. + * fedmsg-irc, our fedmsg to IRC relay. 'journalctl -u fedmsg-irc' * mote, a webapp running behind httpd that serves meetbot log files. diff --git a/inventory/group_vars/value-stg b/inventory/group_vars/value-stg new file mode 100644 index 0000000000..e3a9419910 --- /dev/null +++ b/inventory/group_vars/value-stg @@ -0,0 +1,66 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 30000 +mem_size: 6144 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +custom_rules: [ + # Neeed for rsync from log01 for logs. + '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', + # Needed to let nagios on noc01 and noc02 (noc01.stg) pipe alerts to zodbot here + '-A INPUT -p tcp -m tcp -s 10.5.126.41 --dport 5050 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.128.38 --dport 5050 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 152.19.134.192 --dport 5050 -j ACCEPT', + # batcave01 also needs access to announce commits. + '-A INPUT -p tcp -m tcp -s 10.5.126.23 --dport 5050 -j ACCEPT', +] + +fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-web,sysadmin-mote,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: supybot + owner: root + group: daemon + can_send: + # cookies! + - irc.karma + # standard meetbot stuff + - meetbot.meeting.complete + - meetbot.meeting.start + - meetbot.meeting.topic.update + # meetbot line items + - meetbot.meeting.item.agreed + - meetbot.meeting.item.accepted + - meetbot.meeting.item.rejected + - meetbot.meeting.item.action + - meetbot.meeting.item.info + - meetbot.meeting.item.idea + - meetbot.meeting.item.help + - meetbot.meeting.item.link + + +# For the MOTD +csi_security_category: Moderate +csi_primary_contact: mote admins - sysadmin-mote-members@fedoraproject.org +csi_purpose: Hosts staging services which help facilitate communication over IRC and related mediums. +csi_relationship: | + There are a couple things running here. + + * ursabot, a supybot instance. See the zodbot SOP for more info. + * fedmsg-irc, our staging fedmsg to IRC relay. 'journalctl -u fedmsg-irc' + * mote, a webapp running behind httpd that serves meetbot log files. diff --git a/inventory/group_vars/value_stg b/inventory/group_vars/value_stg deleted file mode 100644 index 166b76c433..0000000000 --- a/inventory/group_vars/value_stg +++ /dev/null @@ -1,45 +0,0 @@ ---- -# Define resources for this group of hosts here. -# For the MOTD -custom_rules: [ - # Neeed for rsync from log01 for logs. - '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', - # Needed to let nagios on noc01 and noc02 (noc01.stg) pipe alerts to zodbot here - '-A INPUT -p tcp -m tcp -s 10.3.163.10 --dport 5050 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.10 --dport 5050 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 152.19.134.192 --dport 5050 -j ACCEPT', - # batcave01 also needs access to announce commits. - '-A INPUT -p tcp -m tcp -s 10.3.163.35 --dport 5050 -j ACCEPT'] -nft_custom_rules: - # Neeed for rsync from log01 for logs. - - 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept' - # Needed to let nagios on noc01 and noc02 (noc01.stg) pipe alerts to zodbot here - - 'add rule ip filter INPUT ip saddr 10.3.163.10 tcp dport 5050 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.10 tcp dport 5050 counter accept' - - 'add rule ip filter INPUT ip saddr 152.19.134.192 tcp dport 5050 counter accept' - # batcave01 also needs access to announce commits. - - 'add rule ip filter INPUT ip saddr 10.3.163.35 tcp dport 5050 counter accept' -deployment_type: stg -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-mote - - sysadmin-noc - - sysadmin-veteran - - sysadmin-web -ipa_client_sudo_groups: - - sysadmin-mote - - sysadmin-web -ipa_host_group: value -ipa_host_group_desc: "Value added: IRC bots, message logging, etc." -lvm_size: 30000 -mem_size: 6144 -num_cpus: 2 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [80, 443] - -notes: | - Hosts staging services which help facilitate communication over IRC and related mediums. - There are a couple things running here. - * ursabot, a supybot instance. See the zodbot SOP for more info. - * fedmsg-irc, our staging fedmsg to IRC relay. 'journalctl -u fedmsg-irc' - * mote, a webapp running behind httpd that serves meetbot log files. diff --git a/inventory/group_vars/virthost b/inventory/group_vars/virthost index d87a060e4f..b3008767e0 100644 --- a/inventory/group_vars/virthost +++ b/inventory/group_vars/virthost @@ -1,19 +1,20 @@ --- # iscsi initiator for netapp iscsi volume -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should override them with specific info. -nagios_Check_Services: - raid: true netapp_nfs01_iscsi_name: iqn.1992-08.com.netapp:sn.1573980325:vf.f88732f4-106e-11e2-bc86-00a098162a28 # iscsi portal for netapp iscsi volume netapp_nfs01_iscsi_portal: 10.5.88.36 -nrpe_procs_crit: 1500 -nrpe_procs_warn: 1400 -primary_auth_source: ipa + virthost: true +nrpe_procs_warn: 1000 +nrpe_procs_crit: 1100 -notes: | - Host guest virtual machines. +# These variables are pushed into /etc/system_identification by the base role. +# Groups and individual hosts should override them with specific info. +# See http://infrastructure.fedoraproject.org/csi/security-policy/ - Guests on this host will be inaccessible if the host is down. - This host will be required by any application with a virtual machine running on it, therefore, if this host is down those applications will be impacted. +csi_security_category: High +csi_primary_contact: Fedora Admins - admin@fedoraproject.org +csi_purpose: Host guest virtual machines. +csi_relationship: | + - Guests on this host will be inaccessible if the host is down. + - This host will be required by any application with a virtual machine running on it, therefore, if this host is down those applications will be impacted. diff --git a/inventory/group_vars/virthost-comm b/inventory/group_vars/virthost-comm new file mode 100644 index 0000000000..9def4dba8f --- /dev/null +++ b/inventory/group_vars/virthost-comm @@ -0,0 +1,5 @@ +--- +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +virthost: true diff --git a/inventory/group_vars/virthost_comm b/inventory/group_vars/virthost_comm deleted file mode 100644 index 62426783b6..0000000000 --- a/inventory/group_vars/virthost_comm +++ /dev/null @@ -1,4 +0,0 @@ ---- -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -virthost: true diff --git a/inventory/group_vars/virthost_communishift b/inventory/group_vars/virthost_communishift deleted file mode 100644 index ea2d1d771c..0000000000 --- a/inventory/group_vars/virthost_communishift +++ /dev/null @@ -1,3 +0,0 @@ ---- -datacenter: cloud -virthost: true diff --git a/inventory/group_vars/waiverdb b/inventory/group_vars/waiverdb new file mode 100644 index 0000000000..c7e0d6f0a8 --- /dev/null +++ b/inventory/group_vars/waiverdb @@ -0,0 +1,10 @@ +--- +# XXX - this is not really a group of real hosts. +# Instead, it represents an application in openshift. +# See playbooks/openshift-apps/waiverdb.yml + +fedmsg_certs: +- service: waiverdb + can_send: + - logger.log + - waiverdb.waiver.new diff --git a/inventory/group_vars/waiverdb-stg b/inventory/group_vars/waiverdb-stg new file mode 100644 index 0000000000..ad2305c2e1 --- /dev/null +++ b/inventory/group_vars/waiverdb-stg @@ -0,0 +1,12 @@ +--- +# XXX - this is not really a group of real hosts. +# Instead, it represents an application in openshift. +# See playbooks/openshift-apps/waiverdb.yml + +fedmsg_env: stg + +fedmsg_certs: +- service: waiverdb + can_send: + - logger.log + - waiverdb.waiver.new diff --git a/inventory/group_vars/wiki b/inventory/group_vars/wiki index 6e80764a73..707d990a8c 100644 --- a/inventory/group_vars/wiki +++ b/inventory/group_vars/wiki @@ -1,31 +1,43 @@ --- -# Define resources for this group of hosts here. -deployment_type: prod -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-veteran - - sysadmin-web -ipa_client_sudo_groups: - - sysadmin-web -ipa_host_group: wiki -ipa_host_group_desc: Fedora Wiki +# Define resources for this group of hosts here. lvm_size: 30000 -max_mem_size: 8192 mem_size: 8192 -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" num_cpus: 4 -primary_auth_source: ipa -tcp_ports: [80] + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file +virt_install_command: "{{ virt_install_command_rhel6 }}" + +tcp_ports: [ 80 ] +fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-web,sysadmin-veteran + # mediawiki variables wikiname: "fp" wikipath: "wiki" -wikiver: "mediawiki" wpath: "w" +wikiver: "mediawiki119" -notes: | - - Provides our wiki - - There are multiple servers that this service requires. All proxy servers and Wiki 1 and 2. - - Wiki requires the proxy servers in order for traffic to pass to them - - If the Apache processes stop on wiki01 and wiki02 the wiki will not display - - The wiki also requires fas for log in purposes +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: mediawiki + owner: root + group: apache + can_send: + - wiki.article.edit + - wiki.upload.complete + +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" + +csi_security_category: Moderate +csi_primary_contact: "#fedora-admin" +csi_purpose: Provides our wiki +csi_relationship: | + - There are multiple servers that this service requires. All proxy servers and Wiki 1 and 2. + - Wiki requires the proxy servers in order for traffic to pass to them + - If the Apache processes stop on wiki01 and wiki02 the wiki will not display + - The wiki also requires fas for log in purposes diff --git a/inventory/group_vars/wiki-stg b/inventory/group_vars/wiki-stg new file mode 100644 index 0000000000..aae067a709 --- /dev/null +++ b/inventory/group_vars/wiki-stg @@ -0,0 +1,32 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 30000 +mem_size: 2048 +num_cpus: 2 + +virt_install_command: "{{ virt_install_command_two_nic }}" + +tcp_ports: [ 80 ] +fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-web,sysadmin-veteran + +# mediawiki variables +wikiname: "fp" +wikipath: "wiki" +wpath: "w" +wikiver: "mediawiki" + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: mediawiki + owner: root + group: apache + can_send: + - wiki.article.edit + - wiki.upload.complete + +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" diff --git a/inventory/group_vars/wiki_stg b/inventory/group_vars/wiki_stg deleted file mode 100644 index f87b60e28a..0000000000 --- a/inventory/group_vars/wiki_stg +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Define resources for this group of hosts here. -deployment_type: stg -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-veteran - - sysadmin-web -ipa_client_sudo_groups: - - sysadmin-web -ipa_host_group: wiki -ipa_host_group_desc: Fedora Wiki -lvm_size: 30000 -mem_size: 4096 -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" -num_cpus: 2 -tcp_ports: [80] -# mediawiki variables -wikiname: "fp" -wikipath: "wiki" -wikiver: "mediawiki" -wpath: "w" diff --git a/inventory/group_vars/zabbix b/inventory/group_vars/zabbix deleted file mode 100644 index 8205951367..0000000000 --- a/inventory/group_vars/zabbix +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Define resources for this group of hosts here. -# For the MOTD -deployment_type: stg -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-veteran - - sysadmin-web -ipa_client_sudo_groups: - - sysadmin-noc -ipa_host_group: zabbix -ipa_host_group_desc: Zabbix Network Monitoring -lvm_size: 100000 -mem_size: 24576 -nagios_Can_Connect: false -nagios_Check_Services: - ping: false -num_cpus: 4 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [80, 443] -notes: Test instanec for zabbix server diff --git a/inventory/group_vars/zabbix_stg b/inventory/group_vars/zabbix_stg deleted file mode 100644 index 45e8e6b26f..0000000000 --- a/inventory/group_vars/zabbix_stg +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Define resources for this group of hosts here. -# For the MOTD -deployment_type: stg -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-veteran - - sysadmin-web -ipa_client_sudo_groups: - - sysadmin-noc -ipa_host_group: zabbix -ipa_host_group_desc: Zabbix Network Monitoring -lvm_size: 100000 -mem_size: 8192 -nagios_Can_Connect: false -nagios_Check_Services: - ping: false -num_cpus: 2 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [80, 443] -notes: Test instance for zabbix server -zabbix_stg_matrix_roomid: "!dODrizXNtqWjiylAyh:fedora.im" diff --git a/inventory/group_vars/zanata2fedmsg b/inventory/group_vars/zanata2fedmsg new file mode 100644 index 0000000000..0e3a2905ee --- /dev/null +++ b/inventory/group_vars/zanata2fedmsg @@ -0,0 +1,36 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +# Definining these vars has a number of effects +# 1) mod_wsgi is configured to use the vars for its own setup +# 2) iptables opens enough ports for all threads for fedmsg +# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads +wsgi_fedmsg_service: zanata2fedmsg +wsgi_procs: 2 +wsgi_threads: 2 + +tcp_ports: [ 80 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ + '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', +] + +fas_client_groups: sysadmin-noc,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: zanata2fedmsg + owner: root + group: apache + can_send: + - zanata.document.milestone.event diff --git a/inventory/group_vars/zanata2fedmsg-stg b/inventory/group_vars/zanata2fedmsg-stg new file mode 100644 index 0000000000..ef584031d7 --- /dev/null +++ b/inventory/group_vars/zanata2fedmsg-stg @@ -0,0 +1,36 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 1 + +# Definining these vars has a number of effects +# 1) mod_wsgi is configured to use the vars for its own setup +# 2) iptables opens enough ports for all threads for fedmsg +# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads +wsgi_fedmsg_service: zanata2fedmsg +wsgi_procs: 2 +wsgi_threads: 2 + +tcp_ports: [ 80 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ + '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', +] + +fas_client_groups: sysadmin-noc,sysadmin-veteran + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log +- service: zanata2fedmsg + owner: root + group: apache + can_send: + - zanata.document.milestone.event diff --git a/inventory/hardware b/inventory/hardware index c6fc9570eb..f65bf30c36 100644 --- a/inventory/hardware +++ b/inventory/hardware @@ -1,141 +1,118 @@ [dells] -osuosl02.fedoraproject.org -ibiblio02.fedoraproject.org +download01.phx2.fedoraproject.org +download02.phx2.fedoraproject.org +download03.phx2.fedoraproject.org +download04.phx2.fedoraproject.org +download05.phx2.fedoraproject.org +virthost01.phx2.fedoraproject.org +virthost02.phx2.fedoraproject.org +virthost03.phx2.fedoraproject.org +virthost04.phx2.fedoraproject.org +virthost05.phx2.fedoraproject.org +virthost11.phx2.fedoraproject.org +virthost15.phx2.fedoraproject.org +virthost16.phx2.fedoraproject.org +virthost17.phx2.fedoraproject.org +virthost18.phx2.fedoraproject.org +virthost19.phx2.fedoraproject.org +virthost20.phx2.fedoraproject.org +virthost21.phx2.fedoraproject.org +virthost22.phx2.fedoraproject.org +bvirthost01.phx2.fedoraproject.org +ibiblio01.fedoraproject.org +ibiblio04.fedoraproject.org ibiblio05.fedoraproject.org +virthost-comm03.qa.fedoraproject.org +virthost-comm04.qa.fedoraproject.org +fed-cloud09.cloud.fedoraproject.org +fed-cloud10.cloud.fedoraproject.org +fed-cloud11.cloud.fedoraproject.org +fed-cloud12.cloud.fedoraproject.org +fed-cloud13.cloud.fedoraproject.org +fed-cloud14.cloud.fedoraproject.org +fed-cloud15.cloud.fedoraproject.org +virthost-s390.s390.fedoraproject.org +osuosl03.fedoraproject.org # ssh often disabled -#autosign02.iad2.fedoraproject.org -vmhost-x86-cc01.rdu-cc.fedoraproject.org -vmhost-x86-cc02.rdu-cc.fedoraproject.org -vmhost-x86-cc03.rdu-cc.fedoraproject.org -vmhost-x86-cc05.rdu-cc.fedoraproject.org -vmhost-x86-cc06.rdu-cc.fedoraproject.org -vmhost-x86-copr01.rdu-cc.fedoraproject.org -vmhost-x86-copr02.rdu-cc.fedoraproject.org -vmhost-x86-copr03.rdu-cc.fedoraproject.org -vmhost-x86-copr04.rdu-cc.fedoraproject.org -## Builders IAD -buildhw-x86-01.iad2.fedoraproject.org -buildhw-x86-02.iad2.fedoraproject.org -buildhw-x86-03.iad2.fedoraproject.org -buildhw-x86-04.iad2.fedoraproject.org -buildhw-x86-05.iad2.fedoraproject.org -buildhw-x86-06.iad2.fedoraproject.org -buildhw-x86-07.iad2.fedoraproject.org -buildhw-x86-08.iad2.fedoraproject.org -buildhw-x86-09.iad2.fedoraproject.org -buildhw-x86-10.iad2.fedoraproject.org -buildhw-x86-11.iad2.fedoraproject.org -buildhw-x86-12.iad2.fedoraproject.org -buildhw-x86-13.iad2.fedoraproject.org -buildhw-x86-14.iad2.fedoraproject.org -buildhw-x86-15.iad2.fedoraproject.org -buildhw-x86-16.iad2.fedoraproject.org -bvmhost-x86-01.iad2.fedoraproject.org -bvmhost-x86-02.iad2.fedoraproject.org -bvmhost-x86-03.iad2.fedoraproject.org -bvmhost-x86-04.iad2.fedoraproject.org -bvmhost-x86-05.iad2.fedoraproject.org -bvmhost-x86-06.iad2.fedoraproject.org -bvmhost-x86-07.iad2.fedoraproject.org -bvmhost-x86-01.stg.iad2.fedoraproject.org -bvmhost-x86-02.stg.iad2.fedoraproject.org -bvmhost-x86-03.stg.iad2.fedoraproject.org -bvmhost-x86-05.stg.iad2.fedoraproject.org -## -bkernel01.iad2.fedoraproject.org -bkernel02.iad2.fedoraproject.org -## QA -qvmhost-x86-01.iad2.fedoraproject.org -qvmhost-x86-02.iad2.fedoraproject.org -openqa-x86-worker01.iad2.fedoraproject.org -openqa-x86-worker02.iad2.fedoraproject.org -openqa-x86-worker03.iad2.fedoraproject.org -openqa-x86-worker04.iad2.fedoraproject.org -openqa-x86-worker05.iad2.fedoraproject.org -openqa-x86-worker06.iad2.fedoraproject.org -kernel02.iad2.fedoraproject.org -## Virt -vmhost-x86-01.iad2.fedoraproject.org -vmhost-x86-01.stg.iad2.fedoraproject.org -vmhost-x86-02.iad2.fedoraproject.org -vmhost-x86-02.stg.iad2.fedoraproject.org -vmhost-x86-03.iad2.fedoraproject.org -vmhost-x86-04.iad2.fedoraproject.org -vmhost-x86-05.iad2.fedoraproject.org -vmhost-x86-05.stg.iad2.fedoraproject.org -vmhost-x86-06.iad2.fedoraproject.org -vmhost-x86-06.stg.iad2.fedoraproject.org -vmhost-x86-07.stg.iad2.fedoraproject.org -vmhost-x86-08.stg.iad2.fedoraproject.org -vmhost-x86-08.iad2.fedoraproject.org -vmhost-x86-09.stg.iad2.fedoraproject.org -vmhost-x86-11.stg.iad2.fedoraproject.org -vmhost-x86-12.stg.iad2.fedoraproject.org -worker01.ocp.iad2.fedoraproject.org -worker02.ocp.iad2.fedoraproject.org -worker03.ocp.iad2.fedoraproject.org -worker04.ocp.iad2.fedoraproject.org -worker05.ocp.iad2.fedoraproject.org -worker06.ocp.iad2.fedoraproject.org -worker01.ocp.stg.iad2.fedoraproject.org -worker02.ocp.stg.iad2.fedoraproject.org -worker03.ocp.stg.iad2.fedoraproject.org -worker04.ocp.stg.iad2.fedoraproject.org -worker05.ocp.stg.iad2.fedoraproject.org -vmhost-x86-01.rdu3.fedoraproject.org -vmhost-x86-02.rdu3.fedoraproject.org -vmhost-x86-01.stg.rdu3.fedoraproject.org +#autosign01.phx2.fedoraproject.org +virthost-rdu01.fedoraproject.org +virthost-cc-rdu01.fedoraproject.org +buildhw-01.phx2.fedoraproject.org +buildhw-02.phx2.fedoraproject.org +buildhw-03.phx2.fedoraproject.org +buildhw-04.phx2.fedoraproject.org +buildhw-05.phx2.fedoraproject.org +buildhw-06.phx2.fedoraproject.org +buildhw-07.phx2.fedoraproject.org +buildhw-08.phx2.fedoraproject.org +buildhw-09.phx2.fedoraproject.org +buildhw-10.phx2.fedoraproject.org +buildvmhost-01.phx2.fedoraproject.org +buildvmhost-02.phx2.fedoraproject.org +buildvmhost-03.phx2.fedoraproject.org +buildvmhost-04.phx2.fedoraproject.org +autocloud-backend-libvirt2.phx2.fedoraproject.org +autocloud-backend-vbox2.phx2.fedoraproject.org + +[ciscos] +virthost14.phx2.fedoraproject.org +virthost-comm02.qa.fedoraproject.org + +[cisco-ucs] +buildvmhost-12.phx2.fedoraproject.org +bvirthost02.phx2.fedoraproject.org +bvirthost03.phx2.fedoraproject.org +bvirthost06.phx2.fedoraproject.org +bvirthost08.phx2.fedoraproject.org +bvirthost09.phx2.fedoraproject.org +bvirthost10.phx2.fedoraproject.org +bvirthost11.phx2.fedoraproject.org + +[ibms] +virthost12.phx2.fedoraproject.org +osuosl01.fedoraproject.org +osuosl02.fedoraproject.org +#fed-cloud01.cloud.fedoraproject.org +#fed-cloud02.cloud.fedoraproject.org +fed-cloud03.cloud.fedoraproject.org +fed-cloud04.cloud.fedoraproject.org +fed-cloud05.cloud.fedoraproject.org +fed-cloud06.cloud.fedoraproject.org +fed-cloud07.cloud.fedoraproject.org +fed-cloud08.cloud.fedoraproject.org +cloud-noc01.cloud.fedoraproject.org +data-analysis01.phx2.fedoraproject.org +download-rdu01.fedoraproject.org [powerpc] -bvmhost-p09-01.iad2.fedoraproject.org -bvmhost-p09-01.stg.iad2.fedoraproject.org -bvmhost-p09-02.iad2.fedoraproject.org -bvmhost-p09-03.iad2.fedoraproject.org -bvmhost-p09-04.iad2.fedoraproject.org -bvmhost-p09-05.iad2.fedoraproject.org -openqa-p09-worker01.iad2.fedoraproject.org -openqa-p09-worker02.iad2.fedoraproject.org -vmhost-p08-copr01.rdu-cc.fedoraproject.org -vmhost-p08-copr02.rdu-cc.fedoraproject.org -vmhost-p09-copr01.rdu-cc.fedoraproject.org +ppc8-01.ppc.fedoraproject.org +ppc8-02.ppc.fedoraproject.org +ppc8-03.ppc.fedoraproject.org +ppc8-04.ppc.fedoraproject.org -[appliedmicro] -bvmhost-a64-01.stg.iad2.fedoraproject.org -openqa-a64-worker01.iad2.fedoraproject.org -openqa-a64-worker02.iad2.fedoraproject.org -openqa-a64-worker03.iad2.fedoraproject.org -openqa-a64-worker05.iad2.fedoraproject.org -openqa-a64-worker06.iad2.fedoraproject.org - -[storinator] -storinator01.rdu-cc.fedoraproject.org - -[aarch64] -buildhw-a64-03.iad2.fedoraproject.org -buildhw-a64-04.iad2.fedoraproject.org -buildhw-a64-05.iad2.fedoraproject.org -buildhw-a64-06.iad2.fedoraproject.org -openqa-a64-worker01.iad2.fedoraproject.org -openqa-a64-worker02.iad2.fedoraproject.org -openqa-a64-worker03.iad2.fedoraproject.org -openqa-a64-worker05.iad2.fedoraproject.org -openqa-a64-worker06.iad2.fedoraproject.org - -[mtsnow] -bvmhost-a64-01.iad2.fedoraproject.org -bvmhost-a64-02.iad2.fedoraproject.org -bvmhost-a64-03.iad2.fedoraproject.org -bvmhost-a64-04.iad2.fedoraproject.org -buildhw-a64-03.iad2.fedoraproject.org -buildhw-a64-04.iad2.fedoraproject.org -buildhw-a64-05.iad2.fedoraproject.org -buildhw-a64-06.iad2.fedoraproject.org -openqa-a64-worker04.iad2.fedoraproject.org - -[hardware:children] -powerpc -dells -appliedmicro -storinator -aarch64 -mtsnow +[moonshot] +aarch64-c01n1.arm.fedoraproject.org +aarch64-c02n1.arm.fedoraproject.org +aarch64-c03n1.arm.fedoraproject.org +aarch64-c04n1.arm.fedoraproject.org +aarch64-c05n1.arm.fedoraproject.org +aarch64-c06n1.arm.fedoraproject.org +aarch64-c07n1.arm.fedoraproject.org +aarch64-c08n1.arm.fedoraproject.org +aarch64-c09n1.arm.fedoraproject.org +aarch64-c10n1.arm.fedoraproject.org +aarch64-c11n1.arm.fedoraproject.org +aarch64-c12n1.arm.fedoraproject.org +aarch64-c13n1.arm.fedoraproject.org +aarch64-c14n1.arm.fedoraproject.org +aarch64-c15n1.arm.fedoraproject.org +aarch64-c16n1.arm.fedoraproject.org +aarch64-c17n1.arm.fedoraproject.org +aarch64-c18n1.arm.fedoraproject.org +aarch64-c19n1.arm.fedoraproject.org +aarch64-c20n1.arm.fedoraproject.org +aarch64-c21n1.arm.fedoraproject.org +aarch64-c22n1.arm.fedoraproject.org +aarch64-c23n1.arm.fedoraproject.org +aarch64-c24n1.arm.fedoraproject.org +aarch64-c25n1.arm.fedoraproject.org diff --git a/inventory/host_vars/aarch64-02a.arm.fedoraproject.org b/inventory/host_vars/aarch64-02a.arm.fedoraproject.org new file mode 100644 index 0000000000..d0e28de458 --- /dev/null +++ b/inventory/host_vars/aarch64-02a.arm.fedoraproject.org @@ -0,0 +1,16 @@ +eth0_ip: 10.5.78.75 +gw: 10.5.78.254 + +fedmsg_certs: +- service: releng + owner: root + group: sysadmin-releng + can_send: + # pungi-koji stuff (ask dgilmore) + - pungi.compose.phase.start + - pungi.compose.phase.stop + - pungi.compose.status.change + - pungi.compose.createiso.targets + - pungi.compose.createiso.imagefail + - pungi.compose.createiso.imagedone + diff --git a/inventory/host_vars/aarch64-03a.arm.fedoraproject.org b/inventory/host_vars/aarch64-03a.arm.fedoraproject.org new file mode 100644 index 0000000000..0d76140104 --- /dev/null +++ b/inventory/host_vars/aarch64-03a.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +eth0_ip: 10.5.78.80 +gw: 10.5.78.254 diff --git a/inventory/host_vars/aarch64-04a.arm.fedoraproject.org b/inventory/host_vars/aarch64-04a.arm.fedoraproject.org new file mode 100644 index 0000000000..e10e0466e5 --- /dev/null +++ b/inventory/host_vars/aarch64-04a.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +eth0_ip: 10.5.78.85 +gw: 10.5.78.254 diff --git a/inventory/host_vars/aarch64-05a.arm.fedoraproject.org b/inventory/host_vars/aarch64-05a.arm.fedoraproject.org new file mode 100644 index 0000000000..b5fd205c7f --- /dev/null +++ b/inventory/host_vars/aarch64-05a.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +eth0_ip: 10.5.78.150 +gw: 10.5.78.254 diff --git a/inventory/host_vars/aarch64-06a.arm.fedoraproject.org b/inventory/host_vars/aarch64-06a.arm.fedoraproject.org new file mode 100644 index 0000000000..59badadabc --- /dev/null +++ b/inventory/host_vars/aarch64-06a.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +eth0_ip: 10.5.78.155 +gw: 10.5.78.254 diff --git a/inventory/host_vars/aarch64-07a.arm.fedoraproject.org b/inventory/host_vars/aarch64-07a.arm.fedoraproject.org new file mode 100644 index 0000000000..f6d14331cc --- /dev/null +++ b/inventory/host_vars/aarch64-07a.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +eth0_ip: 10.5.78.160 +gw: 10.5.78.254 diff --git a/inventory/host_vars/aarch64-test01.fedorainfracloud.org b/inventory/host_vars/aarch64-test01.fedorainfracloud.org deleted file mode 100644 index 9c0bc32780..0000000000 --- a/inventory/host_vars/aarch64-test01.fedorainfracloud.org +++ /dev/null @@ -1,6 +0,0 @@ -datacenter: aws -inventory_hostname: "aarch64-test01.fedorainfracloud.org" -nagios_Check_Services: - swap: false -postfix_group: vpn -public_ip: 34.215.168.74 diff --git a/inventory/host_vars/aarch64-test02.fedorainfracloud.org b/inventory/host_vars/aarch64-test02.fedorainfracloud.org deleted file mode 100644 index fdae26c6e6..0000000000 --- a/inventory/host_vars/aarch64-test02.fedorainfracloud.org +++ /dev/null @@ -1,6 +0,0 @@ -datacenter: aws -inventory_hostname: "aarch64-test02.fedorainfracloud.org" -nagios_Check_Services: - swap: false -postfix_group: vpn -public_ip: 18.237.17.168 diff --git a/inventory/host_vars/anitya-backend01.fedoraproject.org b/inventory/host_vars/anitya-backend01.fedoraproject.org new file mode 100644 index 0000000000..07111ee6c6 --- /dev/null +++ b/inventory/host_vars/anitya-backend01.fedoraproject.org @@ -0,0 +1,22 @@ +--- +nm: 255.255.255.128 +gw: 140.211.169.193 +dns: 8.8.8.8 + +volgroup: /dev/vg_guests + +eth0_ip: 140.211.169.230 +eth0_nm: 255.255.255.128 +fedmsg_fqdn: anitya-backend01.vpn.fedoraproject.org + +postfix_group: vpn + +vmhost: osuosl03.fedoraproject.org +datacenter: osuosl + +# +# Only allow postgresql access from the frontend node. +# +custom_rules: [ '-A INPUT -p tcp -m tcp -s 140.211.169.229 --dport 5432 -j ACCEPT' ] + +sudoers: "{{ private }}/files/sudo/anitya-backend01-sudoers" diff --git a/inventory/host_vars/anitya-frontend01.fedoraproject.org b/inventory/host_vars/anitya-frontend01.fedoraproject.org new file mode 100644 index 0000000000..63edc17070 --- /dev/null +++ b/inventory/host_vars/anitya-frontend01.fedoraproject.org @@ -0,0 +1,23 @@ +--- +nm: 255.255.255.128 +gw: 140.211.169.193 +dns: 8.8.8.8 + +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests + +eth0_ip: 140.211.169.229 +eth0_nm: 255.255.255.128 +has_ipv6: yes +eth0_ipv6: "2605:bc80:3010:600:dead:beef:cafe:fed2" +eth0_ipv6_gw: "2605:bc80:3010:600::1" + +fedmsg_fqdn: anitya-frontend01.vpn.fedoraproject.org + +postfix_group: vpn + +vmhost: osuosl03.fedoraproject.org +datacenter: osuosl + +sudoers: "{{ private }}/files/sudo/anitya-frontend01-sudoers" diff --git a/inventory/host_vars/ansiblemagazine.fedorainfracloud.org b/inventory/host_vars/ansiblemagazine.fedorainfracloud.org new file mode 100644 index 0000000000..3b0b619674 --- /dev/null +++ b/inventory/host_vars/ansiblemagazine.fedorainfracloud.org @@ -0,0 +1,30 @@ +--- +image: rhel7-20141015 +instance_type: m1.large +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,web-443-anywhere-persistent,allow-nagios-persistent,default,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: ansiblemagazine +hostbase: ansiblemagazine +public_ip: 209.132.184.238 +root_auth_users: gdk rbergero pfrields +description: Ansible Magazine + +host_backup_targets: ['/var/www/html'] +db_backup_dir: ['/backups'] +dbs_to_backup: ['wp'] +mariadb_root_password: "{{ ansiblemagazine_db_password }}" +extra_enablerepos: '' + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + +nagios_Check_Services: + nrpe: true + sshd: true + httpd: true + swap: false diff --git a/inventory/host_vars/arm-hub01.qa.fedoraproject.org b/inventory/host_vars/arm-hub01.qa.fedoraproject.org new file mode 100644 index 0000000000..08dce7e658 --- /dev/null +++ b/inventory/host_vars/arm-hub01.qa.fedoraproject.org @@ -0,0 +1,39 @@ +# Even though this host has not yet been ansibilized, we need this definition +# here so that other hosts know that it is allowed to send the following fedmsg +# messages. +# Note that it can do both compose messages and koji messages +fedmsg_certs: +- service: shell + owner: root + group: root +- service: koji + owner: root + group: apache + can_send: + - buildsys.build.state.change + - buildsys.package.list.change + - buildsys.repo.done + - buildsys.repo.init + - buildsys.rpm.sign + - buildsys.tag + - buildsys.task.state.change + - buildsys.untag +- service: bodhi + owner: root + group: masher + can_send: + - compose.branched.complete + - compose.branched.mash.complete + - compose.branched.mash.start + - compose.branched.pungify.complete + - compose.branched.pungify.start + - compose.branched.rsync.complete + - compose.branched.rsync.start + - compose.branched.start + - compose.epelbeta.complete + - compose.rawhide.complete + - compose.rawhide.mash.complete + - compose.rawhide.mash.start + - compose.rawhide.rsync.complete + - compose.rawhide.rsync.start + - compose.rawhide.start diff --git a/inventory/host_vars/arm-koji01.qa.fedoraproject.org b/inventory/host_vars/arm-koji01.qa.fedoraproject.org new file mode 100644 index 0000000000..3eea5f7610 --- /dev/null +++ b/inventory/host_vars/arm-koji01.qa.fedoraproject.org @@ -0,0 +1,31 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.124.138 +vmhost: virthost-comm04.qa.fedoraproject.org +datacenter: phx2 +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +fas_client_groups: sysadmin-releng,sysadmin-secondary +sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers" + +fedmsg_fqdn: arm-koji01.qa.fedoraproject.org + +# +# define this here because arm koji only needs eth0, not eth1 also +# +virt_install_command: "{{ virt_install_command_one_nic }}" + +koji_topurl: "https://arm.fedoraproject.org/" +koji_server_url: "https://arm.koji.fedoraproject.org/kojihub" +koji_weburl: "https://arm.koji.fedoraproject.org/koji" + +fedmsg_koji_instance: arm + +# Set this to use the qa domain resolv.conf to make sure it can talk to it's db +resolvconf: resolv.conf/qa diff --git a/inventory/host_vars/arm01-builder22.arm.fedoraproject.org b/inventory/host_vars/arm01-builder22.arm.fedoraproject.org new file mode 100644 index 0000000000..a8c3f820ea --- /dev/null +++ b/inventory/host_vars/arm01-builder22.arm.fedoraproject.org @@ -0,0 +1,7 @@ +--- +koji_server_url: "https://koji.stg.fedoraproject.org/kojihub" +koji_weburl: "https://koji.stg.fedoraproject.org/koji" +koji_topurl: "https://kojipkgs.stg.fedoraproject.org/" +datacenter: staging +koji_hub_nfs: "fedora_koji" +freezes: false diff --git a/inventory/host_vars/arm01-builder23.arm.fedoraproject.org b/inventory/host_vars/arm01-builder23.arm.fedoraproject.org new file mode 100644 index 0000000000..a8c3f820ea --- /dev/null +++ b/inventory/host_vars/arm01-builder23.arm.fedoraproject.org @@ -0,0 +1,7 @@ +--- +koji_server_url: "https://koji.stg.fedoraproject.org/kojihub" +koji_weburl: "https://koji.stg.fedoraproject.org/koji" +koji_topurl: "https://kojipkgs.stg.fedoraproject.org/" +datacenter: staging +koji_hub_nfs: "fedora_koji" +freezes: false diff --git a/inventory/host_vars/arm01-retrace01.arm.fedoraproject.org b/inventory/host_vars/arm01-retrace01.arm.fedoraproject.org new file mode 100644 index 0000000000..897dd481a0 --- /dev/null +++ b/inventory/host_vars/arm01-retrace01.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +# This is a 32bit host +libdir: /usr/lib diff --git a/inventory/host_vars/arm02-builder21.arm.fedoraproject.org b/inventory/host_vars/arm02-builder21.arm.fedoraproject.org new file mode 100644 index 0000000000..2eeeeff96d --- /dev/null +++ b/inventory/host_vars/arm02-builder21.arm.fedoraproject.org @@ -0,0 +1,2 @@ +--- +koji_hub_nfs: "fedora_koji" diff --git a/inventory/host_vars/arm02-builder23.arm.fedoraproject.org b/inventory/host_vars/arm02-builder23.arm.fedoraproject.org new file mode 100644 index 0000000000..2eeeeff96d --- /dev/null +++ b/inventory/host_vars/arm02-builder23.arm.fedoraproject.org @@ -0,0 +1,2 @@ +--- +koji_hub_nfs: "fedora_koji" diff --git a/inventory/host_vars/arm04-builder00.arm.fedoraproject.org b/inventory/host_vars/arm04-builder00.arm.fedoraproject.org new file mode 100644 index 0000000000..2eeeeff96d --- /dev/null +++ b/inventory/host_vars/arm04-builder00.arm.fedoraproject.org @@ -0,0 +1,2 @@ +--- +koji_hub_nfs: "fedora_koji" diff --git a/inventory/host_vars/arm04-builder01.arm.fedoraproject.org b/inventory/host_vars/arm04-builder01.arm.fedoraproject.org new file mode 100644 index 0000000000..2eeeeff96d --- /dev/null +++ b/inventory/host_vars/arm04-builder01.arm.fedoraproject.org @@ -0,0 +1,2 @@ +--- +koji_hub_nfs: "fedora_koji" diff --git a/inventory/host_vars/artboard.fedorainfracloud.org b/inventory/host_vars/artboard.fedorainfracloud.org new file mode 100644 index 0000000000..8972746f0e --- /dev/null +++ b/inventory/host_vars/artboard.fedorainfracloud.org @@ -0,0 +1,24 @@ +--- +image: rhel7-20141015 +instance_type: m1.small +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,default,web-443-anywhere-persistent,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] +ansible_ifcfg_blacklist: true + +inventory_tenant: persistent +inventory_instance_name: artboard +hostbase: artboard +public_ip: 209.132.184.61 +root_auth_users: duffy +description: artboard server +datacenter: cloud + +volumes: + - volume_id: 44956766-0ecb-496d-8d3c-f43e89b7f268 + device: /dev/vdc + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" diff --git a/inventory/host_vars/ask01.phx2.fedoraproject.org b/inventory/host_vars/ask01.phx2.fedoraproject.org new file mode 100644 index 0000000000..f741185b56 --- /dev/null +++ b/inventory/host_vars/ask01.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.79 +vmhost: virthost19.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/ask01.stg.phx2.fedoraproject.org b/inventory/host_vars/ask01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..bf4945e59f --- /dev/null +++ b/inventory/host_vars/ask01.stg.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.60 +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/ask02.phx2.fedoraproject.org b/inventory/host_vars/ask02.phx2.fedoraproject.org new file mode 100644 index 0000000000..8ed13210c2 --- /dev/null +++ b/inventory/host_vars/ask02.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests00 +eth0_ip: 10.5.126.57 +vmhost: virthost14.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/autocloud-backend-libvirt.phx2.fedoraproject.org b/inventory/host_vars/autocloud-backend-libvirt.phx2.fedoraproject.org new file mode 100644 index 0000000000..a32531dd55 --- /dev/null +++ b/inventory/host_vars/autocloud-backend-libvirt.phx2.fedoraproject.org @@ -0,0 +1,22 @@ +--- +# this box is not mission critical +freezes: false + +# this box mounts a large share from the netapp to store combined http +# logs from the proxies. + +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" + +# general configs +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +eth0_ip: 10.5.126.123 +eth1_ip: 10.5.127.198 + +datacenter: phx2 + +autocloud_specialization: libvirt diff --git a/inventory/host_vars/autocloud-backend-libvirt2.phx2.fedoraproject.org b/inventory/host_vars/autocloud-backend-libvirt2.phx2.fedoraproject.org new file mode 100644 index 0000000000..a3ff050fa4 --- /dev/null +++ b/inventory/host_vars/autocloud-backend-libvirt2.phx2.fedoraproject.org @@ -0,0 +1,22 @@ +--- +# this box is not mission critical +freezes: false + +# this box mounts a large share from the netapp to store combined http +# logs from the proxies. + +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" + +# general configs +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 + +eth0_ip: 10.5.125.178 +eth1_ip: 10.5.127.179 + +datacenter: phx2 + +autocloud_specialization: libvirt diff --git a/inventory/host_vars/autocloud-backend-vbox.phx2.fedoraproject.org b/inventory/host_vars/autocloud-backend-vbox.phx2.fedoraproject.org new file mode 100644 index 0000000000..30f40cee39 --- /dev/null +++ b/inventory/host_vars/autocloud-backend-vbox.phx2.fedoraproject.org @@ -0,0 +1,22 @@ +--- +# this box is not mission critical +freezes: false + +# this box mounts a large share from the netapp to store combined http +# logs from the proxies. + +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" + +# general configs +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +eth0_ip: 10.5.126.122 +eth1_ip: 10.5.127.194 + +datacenter: phx2 + +autocloud_specialization: virtualbox diff --git a/inventory/host_vars/autocloud-backend-vbox2.phx2.fedoraproject.org b/inventory/host_vars/autocloud-backend-vbox2.phx2.fedoraproject.org new file mode 100644 index 0000000000..b64c918f68 --- /dev/null +++ b/inventory/host_vars/autocloud-backend-vbox2.phx2.fedoraproject.org @@ -0,0 +1,22 @@ +--- +# this box is not mission critical +freezes: false + +# this box mounts a large share from the netapp to store combined http +# logs from the proxies. + +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" + +# general configs +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 + +eth0_ip: 10.5.125.179 +eth1_ip: 10.5.127.178 + +datacenter: phx2 + +autocloud_specialization: virtualbox diff --git a/inventory/host_vars/autocloud-backend01.stg.phx2.fedoraproject.org b/inventory/host_vars/autocloud-backend01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..65970062e9 --- /dev/null +++ b/inventory/host_vars/autocloud-backend01.stg.phx2.fedoraproject.org @@ -0,0 +1,16 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ + +eth0_ip: 10.5.128.64 + +volgroup: /dev/vg_guests +vmhost: virthost20.phx2.fedoraproject.org + +datacenter: phx2 + +autocloud_specialization: libvirt diff --git a/inventory/host_vars/autocloud-backend02.stg.phx2.fedoraproject.org b/inventory/host_vars/autocloud-backend02.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..1a238fc31c --- /dev/null +++ b/inventory/host_vars/autocloud-backend02.stg.phx2.fedoraproject.org @@ -0,0 +1,16 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ + +eth0_ip: 10.5.128.65 + +volgroup: /dev/vg_virthost16 +vmhost: virthost16.phx2.fedoraproject.org + +datacenter: phx2 + +autocloud_specialization: virtualbox diff --git a/inventory/host_vars/autocloud-web01.phx2.fedoraproject.org b/inventory/host_vars/autocloud-web01.phx2.fedoraproject.org new file mode 100644 index 0000000000..b4e11a7eea --- /dev/null +++ b/inventory/host_vars/autocloud-web01.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ + +eth0_ip: 10.5.126.117 + +volgroup: /dev/vg_guests +vmhost: virthost22.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/autocloud-web01.stg.phx2.fedoraproject.org b/inventory/host_vars/autocloud-web01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..63d84058fc --- /dev/null +++ b/inventory/host_vars/autocloud-web01.stg.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ + +eth0_ip: 10.5.128.66 + +volgroup: /dev/vg_guests +vmhost: virthost20.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/autocloud-web02.phx2.fedoraproject.org b/inventory/host_vars/autocloud-web02.phx2.fedoraproject.org new file mode 100644 index 0000000000..fae8fb456a --- /dev/null +++ b/inventory/host_vars/autocloud-web02.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ + +eth0_ip: 10.5.126.118 + +volgroup: /dev/vg_guests +vmhost: virthost19.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/autocloud-web02.stg.phx2.fedoraproject.org b/inventory/host_vars/autocloud-web02.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..ddbd707000 --- /dev/null +++ b/inventory/host_vars/autocloud-web02.stg.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ + +eth0_ip: 10.5.128.67 + +volgroup: /dev/vg_guests +vmhost: virthost11.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/autosign01.iad2.fedoraproject.org b/inventory/host_vars/autosign01.iad2.fedoraproject.org deleted file mode 100644 index a43f2308cd..0000000000 --- a/inventory/host_vars/autosign01.iad2.fedoraproject.org +++ /dev/null @@ -1,33 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eno1_ipv4: 10.3.169.28 -eno1_ipv4_gw: 10.3.169.254 -eno1_ipv4_nm: 24 -eno1_mac: "{{ mac1 }}" -external: false -has_ipv4: yes -mac1: ec:f4:bb:d2:85:48 -mac2: ec:f4:bb:d2:85:4a -mac3: ec:f4:bb:d2:85:4c -mac4: ec:f4:bb:d2:85:4d -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eno1_ipv4 }}/{{ eno1_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eno1_ipv4_gw }}" - mac: "{{ eno1_mac }}" - name: eno1 - state: up - type: ethernet diff --git a/inventory/host_vars/autosign01.phx2.fedoraproject.org b/inventory/host_vars/autosign01.phx2.fedoraproject.org new file mode 100644 index 0000000000..001eeddd5e --- /dev/null +++ b/inventory/host_vars/autosign01.phx2.fedoraproject.org @@ -0,0 +1,7 @@ +--- +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 +eth0_ip: 10.5.125.22 +eth1_ip: 10.5.127.49 +datacenter: phx2 diff --git a/inventory/host_vars/autosign01.stg.iad2.fedoraproject.org b/inventory/host_vars/autosign01.stg.iad2.fedoraproject.org deleted file mode 100644 index bb8594c6b0..0000000000 --- a/inventory/host_vars/autosign01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,9 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.167.254 -eth0_ipv4_ip: 10.3.167.29 -external: false -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL8-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-8-iad2 -vmhost: bvmhost-x86-05.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/autosign01.stg.phx2.fedoraproject.org b/inventory/host_vars/autosign01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..a47ff40aac --- /dev/null +++ b/inventory/host_vars/autosign01.stg.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +vmhost: virthost20.phx2.fedoraproject.org +datacenter: phx2 + +eth0_ip: 10.5.128.68 diff --git a/inventory/host_vars/autosign02.iad2.fedoraproject.org b/inventory/host_vars/autosign02.iad2.fedoraproject.org deleted file mode 100644 index bafb339015..0000000000 --- a/inventory/host_vars/autosign02.iad2.fedoraproject.org +++ /dev/null @@ -1,33 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth1_ipv4: 10.3.169.47 -eth1_ipv4_gw: 10.3.169.254 -eth1_ipv4_nm: 24 -eth1_mac: "{{ mac3 }}" -external: false -has_ipv4: yes -mac1: C8:4B:D6:83:16:22 -mac2: C8:4B:D6:83:16:23 -mac3: 6C:FE:54:57:4D:80 -mac4: 6C:FE:54:57:4D:81 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth1_ipv4 }}/{{ eth1_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth1_ipv4_gw }}" - mac: "{{ eth1_mac }}" - name: eth1 - state: up - type: ethernet diff --git a/inventory/host_vars/backup01.iad2.fedoraproject.org b/inventory/host_vars/backup01.iad2.fedoraproject.org deleted file mode 100644 index e613d55ff2..0000000000 --- a/inventory/host_vars/backup01.iad2.fedoraproject.org +++ /dev/null @@ -1,34 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth0_ipv4: 10.3.163.40 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_nm: 24 -eth0_mac: "{{ mac0 }}" -grokmirror_topdir: /fedora_backups/grokmirror -has_ipv4: yes -mac0: 6c:fe:54:57:4d:00 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ eth0_mac }}" - name: eth0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -weblate_backup_topdir: /fedora_backups/misc/weblate diff --git a/inventory/host_vars/backup01.phx2.fedoraproject.org b/inventory/host_vars/backup01.phx2.fedoraproject.org new file mode 100644 index 0000000000..675881ac2d --- /dev/null +++ b/inventory/host_vars/backup01.phx2.fedoraproject.org @@ -0,0 +1,11 @@ +--- +nrpe_procs_warn: 1200 +nrpe_procs_crit: 1400 + +datacenter: phx2 + +eth0_ip: 10.5.126.161 +eth1_ip: 10.5.127.24 +gw: 10.5.126.254 + +grokmirror_topdir: /fedora_backups/grokmirror diff --git a/inventory/host_vars/badges-backend01.phx2.fedoraproject.org b/inventory/host_vars/badges-backend01.phx2.fedoraproject.org new file mode 100644 index 0000000000..924abd7746 --- /dev/null +++ b/inventory/host_vars/badges-backend01.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests00 +eth0_ip: 10.5.126.100 +vmhost: virthost14.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/badges-backend01.stg.phx2.fedoraproject.org b/inventory/host_vars/badges-backend01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..edb8ad5f6f --- /dev/null +++ b/inventory/host_vars/badges-backend01.stg.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.70 +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/badges-web01.phx2.fedoraproject.org b/inventory/host_vars/badges-web01.phx2.fedoraproject.org new file mode 100644 index 0000000000..506b2e85ec --- /dev/null +++ b/inventory/host_vars/badges-web01.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests00 +eth0_ip: 10.5.126.101 +vmhost: virthost14.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/badges-web01.stg.phx2.fedoraproject.org b/inventory/host_vars/badges-web01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..9c740ca401 --- /dev/null +++ b/inventory/host_vars/badges-web01.stg.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.72 +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/badges-web02.phx2.fedoraproject.org b/inventory/host_vars/badges-web02.phx2.fedoraproject.org new file mode 100644 index 0000000000..62578e47cd --- /dev/null +++ b/inventory/host_vars/badges-web02.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests00 +eth0_ip: 10.5.126.102 +vmhost: virthost15.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/basset01.phx2.fedoraproject.org b/inventory/host_vars/basset01.phx2.fedoraproject.org new file mode 100644 index 0000000000..e28ba087c5 --- /dev/null +++ b/inventory/host_vars/basset01.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.194 +vmhost: virthost19.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/basset01.stg.phx2.fedoraproject.org b/inventory/host_vars/basset01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..105e6315cb --- /dev/null +++ b/inventory/host_vars/basset01.stg.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.74 +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/bastion-comm01.qa.fedoraproject.org b/inventory/host_vars/bastion-comm01.qa.fedoraproject.org new file mode 100644 index 0000000000..6b478a2664 --- /dev/null +++ b/inventory/host_vars/bastion-comm01.qa.fedoraproject.org @@ -0,0 +1,15 @@ +--- +freezes: false +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 + +volgroup: /dev/VirtGuests + +eth0_ip: 10.5.124.132 +eth0_nm: 255.255.255.128 + +vmhost: virthost-comm03.qa.fedoraproject.org +datacenter: phx2 + +fas_client_groups: sysadmin-main,sysadmin-noc,sysadmin-qa,fi-apprentice,sysadmin-veteran,sysadmin-releng,sysadmin-kernel,arm-qa,sysadmin-centos,qa-automation-shell,sysadmin-troubleshoot,sysadmin-atomic,sysadmin-ppc,retrace diff --git a/inventory/host_vars/bastion01.iad2.fedoraproject.org b/inventory/host_vars/bastion01.iad2.fedoraproject.org deleted file mode 100644 index 2bb109bb22..0000000000 --- a/inventory/host_vars/bastion01.iad2.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.31 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -ssh_hostnames: - - bastion.fedoraproject.org - - bastion01.fedoraproject.org -vmhost: vmhost-x86-01.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/bastion01.phx2.fedoraproject.org b/inventory/host_vars/bastion01.phx2.fedoraproject.org new file mode 100644 index 0000000000..3bb995bcba --- /dev/null +++ b/inventory/host_vars/bastion01.phx2.fedoraproject.org @@ -0,0 +1,16 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +volgroup: /dev/vg_guests + +eth0_ip: 10.5.126.12 + +vmhost: virthost02.phx2.fedoraproject.org +datacenter: phx2 +vpn: true + +ssh_hostnames: +- bastion.fedoraproject.org +- bastion01.fedoraproject.org diff --git a/inventory/host_vars/bastion01.rdu3.fedoraproject.org b/inventory/host_vars/bastion01.rdu3.fedoraproject.org deleted file mode 100644 index 53a69916a7..0000000000 --- a/inventory/host_vars/bastion01.rdu3.fedoraproject.org +++ /dev/null @@ -1,18 +0,0 @@ ---- -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "fedoraproject.org" -dns_search3: "iad2.fedoraproject.org" -eth0_ipv4_gw: 10.16.163.254 -eth0_ipv4_ip: 10.16.163.31 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -ssh_hostnames: - - bastion.fedoraproject.org - - bastion01.fedoraproject.org - - bastion-rdu3.fedoraproject.org -vmhost: vmhost-x86-01.rdu3.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/bastion02.iad2.fedoraproject.org b/inventory/host_vars/bastion02.iad2.fedoraproject.org deleted file mode 100644 index 480c154abf..0000000000 --- a/inventory/host_vars/bastion02.iad2.fedoraproject.org +++ /dev/null @@ -1,12 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.32 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -ssh_hostnames: - - bastion.fedoraproject.org - - bastion02.fedoraproject.org -vmhost: vmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/bastion02.phx2.fedoraproject.org b/inventory/host_vars/bastion02.phx2.fedoraproject.org new file mode 100644 index 0000000000..84d1f969d8 --- /dev/null +++ b/inventory/host_vars/bastion02.phx2.fedoraproject.org @@ -0,0 +1,17 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +volgroup: /dev/vg_guests00 + +eth0_ip: 10.5.126.11 + +vmhost: virthost21.phx2.fedoraproject.org +datacenter: phx2 +vpn: true + +ssh_hostnames: +- bastion.fedoraproject.org +- bastion02.fedoraproject.org + diff --git a/inventory/host_vars/batcave01.iad2.fedoraproject.org b/inventory/host_vars/batcave01.iad2.fedoraproject.org deleted file mode 100644 index 12a5ee4313..0000000000 --- a/inventory/host_vars/batcave01.iad2.fedoraproject.org +++ /dev/null @@ -1,18 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.35 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -sar_output_file: koji.json -#host_backup_targets: ['/git', '/mnt/fedora/app/attachments'] - -# GDPR SAR variables - koji -sar_script: /usr/local/bin/koji_sar.py -sar_script_user: root -# Add VPN host name as alt name for SSH cert. Useful when you need to -# SSH into batcave through VPN, like from bastion in a different DC. -ssh_hostnames: - - batcave01.vpn.fedoraproject.org -vmhost: vmhost-x86-01.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/batcave01.phx2.fedoraproject.org b/inventory/host_vars/batcave01.phx2.fedoraproject.org new file mode 100644 index 0000000000..c79764b666 --- /dev/null +++ b/inventory/host_vars/batcave01.phx2.fedoraproject.org @@ -0,0 +1,24 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.23 +eth1_ip: 10.5.127.13 +vmhost: virthost22.phx2.fedoraproject.org +datacenter: phx2 + +# This normally wouldn't be necessary, but when we were setting it up, +# reverse-dns was pointing elsewhere so we had to hardcode this. +fedmsg_fqdn: batcave01.phx2.fedoraproject.org + +host_backup_targets: ['/git', '/mnt/fedora/app/attachments'] + +# +# We need this to install with 2 nics +# +virt_install_command: "{{ virt_install_command_two_nic }}" diff --git a/inventory/host_vars/beaker-stg01.qa.fedoraproject.org b/inventory/host_vars/beaker-stg01.qa.fedoraproject.org new file mode 100644 index 0000000000..e87345a23e --- /dev/null +++ b/inventory/host_vars/beaker-stg01.qa.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.124.141 +eth0_nm: 255.255.255.128 +vmhost: virthost-comm04.qa.fedoraproject.org +datacenter: phx2 +fas_client_groups: sysadmin-qa,sysadmin-main +collectd_apache: "" +collectd_graphite: "" + +# it'd be nice to have this done automagically but I don't know of a reasonable easy way to do that +beaker_virthost_signatures: + - hostname: 'qa04.qa.fedoraproject.org,10.5.124.154' + signature: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcv0X3KnCYYn5xowtKEYcnroNkihoyyfyVhRU8xt3nLmxSbmUHdjd1FWlhUuaOziKxLKe2NPQOS6ExDhgZKkqOTl73KJWIYPx8Uz3MITvGoYLIJ1EhFwEkVb2dlLsbsgKTVMnIht4Ri8HUZf4pHMmTUgWfS6Te32DJwF8dbpe7Xc45fjzWOYH3PcLxrKWR94Qaz228H+pWQuVBYwsk7evZA9NMmChiJG9rCXAynCbGCpEMyW46uDGAPSBDGdAGvSq9+9MrXmQQzWsLcGpWh9zomzkwhO4aOvN7lWI442JO594MCpp9OZfxT9D0JsTcCq6nGaQV/Sqj3hZwh0APb//x' diff --git a/inventory/host_vars/beaker01.qa.fedoraproject.org b/inventory/host_vars/beaker01.qa.fedoraproject.org new file mode 100644 index 0000000000..61196d23b2 --- /dev/null +++ b/inventory/host_vars/beaker01.qa.fedoraproject.org @@ -0,0 +1,18 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/VirtGuests +eth0_ip: 10.5.124.228 +eth0_nm: 255.255.255.128 +vmhost: virthost-comm03.qa.fedoraproject.org +datacenter: phx2 +collectd_apache: "" +collectd_graphite: "" + +# it'd be nice to have this done automagically but I don't know of a reasonable easy way to do that +beaker_virthost_signatures: + - hostname: 'qa02.qa.fedoraproject.org,10.5.124.152' + signature: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxNDurjmSzSyQcCAVLsWk1tgZWWl1TJ05k7j8ob7UqzefpeSrjqsagKsKzv5POrTIjHYv7+pmwbl47IBpkYV9jdJQ1nGPk2+ZAoy3KeTfNcApsYnnwXhoFJRkLymBdrigoqlWsJZdAHjEf5BVSEqb8aIfi4EuTlOQ1Kaoo0CiTs5XPJJAgbI3qv+DBxEdko8VFtmstgkf54u/wSFfI3SiuMW0TXn4cabYyhAwTJ2Es3K9kOtsfukGrvI7kzgxwiXwy8dUBDf1xp+01thfAJxmMx6AGV3WaTrrTPyvQbIVa3XQJfQXh+m6K6YZDoKuXmx4RpY6Q4XhogfvsJrDe1B+b' diff --git a/inventory/host_vars/bkernel01.iad2.fedoraproject.org b/inventory/host_vars/bkernel01.iad2.fedoraproject.org deleted file mode 100644 index da2d5146b1..0000000000 --- a/inventory/host_vars/bkernel01.iad2.fedoraproject.org +++ /dev/null @@ -1,29 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth0_ipv4_ip: 10.3.169.29 -eth0_ipv4_gw: 10.3.169.254 -eth0_mac: "{{ mac0 }}" -has_ipv4: yes -mac0: B4:45:06:FB:84:2E -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ eth0_mac }}" - name: eth0 - state: up - type: ethernet -resolvconf: "resolv.conf/iad2" diff --git a/inventory/host_vars/bkernel01.phx2.fedoraproject.org b/inventory/host_vars/bkernel01.phx2.fedoraproject.org new file mode 100644 index 0000000000..c07c1e5ed4 --- /dev/null +++ b/inventory/host_vars/bkernel01.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.51 +eth1_ip: 10.5.127.30 diff --git a/inventory/host_vars/bkernel02.iad2.fedoraproject.org b/inventory/host_vars/bkernel02.iad2.fedoraproject.org deleted file mode 100644 index 0e6d582a2f..0000000000 --- a/inventory/host_vars/bkernel02.iad2.fedoraproject.org +++ /dev/null @@ -1,30 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth0_ipv4_ip: 10.3.169.30 -eth0_ipv4_gw: 10.3.169.254 -eth0_mac: "{{ mac0 }}" -external: false -has_ipv4: yes -mac0: b4:45:06:fb:83:4e -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ eth0_mac }}" - name: eth0 - state: up - type: ethernet -resolvconf: "resolv.conf/iad2" diff --git a/inventory/host_vars/bkernel02.phx2.fedoraproject.org b/inventory/host_vars/bkernel02.phx2.fedoraproject.org new file mode 100644 index 0000000000..7d2eb61d02 --- /dev/null +++ b/inventory/host_vars/bkernel02.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.52 +eth1_ip: 10.5.127.31 diff --git a/inventory/host_vars/blockerbugs-dev.cloud.fedoraproject.org b/inventory/host_vars/blockerbugs-dev.cloud.fedoraproject.org new file mode 100644 index 0000000000..b62c5b16e3 --- /dev/null +++ b/inventory/host_vars/blockerbugs-dev.cloud.fedoraproject.org @@ -0,0 +1,13 @@ +--- +instance_type: m1.medium +image: "{{ el6_qcow_id }}" +keypair: fedora-admin +security_group: webserver,all-icmp-persistent,default +zone: nova +hostbase: blockerbugs-dev- +public_ip: 209.132.184.200 +root_auth_users: tflink mkrizek islamgulov +description: blockerbugs-dev +tcp_ports: ['22', '80', '443'] +volumes: ['-d /dev/vdb vol-00000021'] +datacenter: cloud diff --git a/inventory/host_vars/blockerbugs01.phx2.fedoraproject.org b/inventory/host_vars/blockerbugs01.phx2.fedoraproject.org new file mode 100644 index 0000000000..7f4494ac79 --- /dev/null +++ b/inventory/host_vars/blockerbugs01.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests00 +eth0_ip: 10.5.126.53 +vmhost: virthost15.phx2.fedoraproject.org +datacenter: phx2 + +# This is the master node in stg, so it runs the cron job +master_blockerbugs_node: True diff --git a/inventory/host_vars/blockerbugs01.stg.phx2.fedoraproject.org b/inventory/host_vars/blockerbugs01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..5df4b9b164 --- /dev/null +++ b/inventory/host_vars/blockerbugs01.stg.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.78 +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 + +# This is the master node in stg, so it runs the cron job +master_blockerbugs_node: True diff --git a/inventory/host_vars/blockerbugs02.phx2.fedoraproject.org b/inventory/host_vars/blockerbugs02.phx2.fedoraproject.org new file mode 100644 index 0000000000..b7be35b45e --- /dev/null +++ b/inventory/host_vars/blockerbugs02.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests00 +eth0_ip: 10.5.126.54 +vmhost: virthost14.phx2.fedoraproject.org +datacenter: phx2 + +# This is the secondary node +master_blockerbugs_node: False diff --git a/inventory/host_vars/bodhi-backend01.iad2.fedoraproject.org b/inventory/host_vars/bodhi-backend01.iad2.fedoraproject.org deleted file mode 100644 index f32f9490eb..0000000000 --- a/inventory/host_vars/bodhi-backend01.iad2.fedoraproject.org +++ /dev/null @@ -1,20 +0,0 @@ ---- -# These set a config value, see roles/bodhi2/base/ -bodhi_masher_enabled: True -bodhi_signed_handler_enabled: False -bodhi_updates_handler_enabled: False -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.101 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -max_mem_size: 98304 -mem_size: 98304 -num_cpus: 30 -sar_output_file: bodhi.json -# GDPR SAR variables -sar_script: /usr/bin/bodhi-sar -sar_script_user: apache -virt_install_command: "{{ virt_install_command_one_nic }}" -vmhost: bvmhost-x86-04.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/bodhi-backend01.phx2.fedoraproject.org b/inventory/host_vars/bodhi-backend01.phx2.fedoraproject.org new file mode 100644 index 0000000000..6940f162cc --- /dev/null +++ b/inventory/host_vars/bodhi-backend01.phx2.fedoraproject.org @@ -0,0 +1,94 @@ +--- +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ +volgroup: /dev/vg_host01 +eth0_ip: 10.5.125.135 +eth1_ip: 10.5.127.61 +vmhost: bvirthost03.phx2.fedoraproject.org +mem_size: 98304 +max_mem_size: 98304 +num_cpus: 30 + +# These set a config value in /etc/fedmsg.d/, see roles/bodhi2/base/ +bodhi_masher_enabled: True +bodhi_updates_handler_enabled: False +bodhi_signed_handler_enabled: False + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +# This first cert is used by the push-tool. releng members run it and it fires +# off a simple fedmsg message that the masher (running as fedmsg-hub) is +# listening for. It then does all the worker. +- service: shell + owner: root + group: masher + can_send: + - bodhi.masher.start +# These are certs for pungi +- service: releng + owner: root + group: masher + can_send: + # new school pungi-koji stuff (ask dgilmore) + - pungi.compose.phase.start + - pungi.compose.phase.stop + - pungi.compose.status.change +# These are certs for the masher to publish its own messages as it progresses. +- service: bodhi + owner: root + group: masher + can_send: + - bodhi.mashtask.complete + - bodhi.mashtask.mashing + - bodhi.mashtask.start + - bodhi.mashtask.sync.done + - bodhi.mashtask.sync.wait + - bodhi.ostree.compose.start + - bodhi.ostree.compose.fail + - bodhi.ostree.compose.finish + - bodhi.errata.publish + - bodhi.update.eject + - bodhi.update.complete.testing + - bodhi.update.complete.stable + - bodhi.update.request.stable + - bodhi.update.karma.threshold.reach + - bodhi.buildroot_override.untag +- service: ftpsync + owner: root + group: ftpsync + can_send: + - bodhi.updates.epel.sync + - bodhi.updates.fedora.sync +- service: releng + owner: root + group: sysadmin-releng + can_send: + - releng.atomic.twoweek.begin + - releng.atomic.twoweek.complete + + +# For the MOTD +csi_security_category: Medium +csi_primary_contact: Releng Admins sysadmin-releng-members@fedoraproject.org +csi_purpose: Run the Bodhi masher. +csi_relationship: | + The mashing of repos here happens as part of the 'fedmsg-hub' daemon. Check + logs with 'journalctl -u fedmsg-hub'. Check the bodhi masher docs/code for + more detail on what it does: + https://github.com/fedora-infra/bodhi/blob/develop/bodhi/consumers/masher.py + + * This host relies on: + * db01 for its database, which is shares with the bodhi2 frontend nodes. + * An NFS mount of koji data in /mnt/koji/ + * The fedmsg bus for triggering mashes. + * XMLRPC calls to koji for tagging and untagging updates. + * bugzilla for posting comments about status changes + * the wiki for getting information about QA "Test Cases" + * taksotron (resultsdb) for getting status-check results (gating updates). + + * No other systems rely directly on this host. Everything depends on it + indirectly for the creation of new updates repos (which get synced out to + the master mirror for distribution. diff --git a/inventory/host_vars/bodhi-backend01.stg.iad2.fedoraproject.org b/inventory/host_vars/bodhi-backend01.stg.iad2.fedoraproject.org deleted file mode 100644 index fb261806eb..0000000000 --- a/inventory/host_vars/bodhi-backend01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -# These are consumed by a task in roles/fedmsg/base/main.yml -eth0_ipv4_gw: 10.3.167.254 -eth0_ipv4_ip: 10.3.167.32 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -vmhost: bvmhost-x86-03.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/bodhi-backend01.stg.phx2.fedoraproject.org b/inventory/host_vars/bodhi-backend01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..323c222a28 --- /dev/null +++ b/inventory/host_vars/bodhi-backend01.stg.phx2.fedoraproject.org @@ -0,0 +1,11 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ +volgroup: /dev/vg_guests +virt_install_command: "{{ virt_install_command_two_nic }}" +eth0_ip: 10.5.128.79 +eth1_ip: 10.5.127.65 +vmhost: virthost12.phx2.fedoraproject.org diff --git a/inventory/host_vars/bodhi-backend02.phx2.fedoraproject.org b/inventory/host_vars/bodhi-backend02.phx2.fedoraproject.org new file mode 100644 index 0000000000..00d3eba86d --- /dev/null +++ b/inventory/host_vars/bodhi-backend02.phx2.fedoraproject.org @@ -0,0 +1,46 @@ +--- +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ +volgroup: /dev/vg_bvirthost06 +eth0_ip: 10.5.125.136 +eth1_ip: 10.5.127.62 +vmhost: bvirthost06.phx2.fedoraproject.org + +# These set a config value in /etc/fedmsg.d/, see roles/bodhi2/base/ +bodhi_masher_enabled: False +bodhi_updates_handler_enabled: True +bodhi_signed_handler_enabled: True + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: bodhi + owner: root + group: masher + can_send: + # From the cronjob? https://github.com/fedora-infra/bodhi/issues/616 + - bodhi.buildroot_override.untag + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Bodhi Admins bodhiadmin-members@fedoraproject.org +csi_purpose: Run the Bodhi UpdatesHandler and other backend processes +csi_relationship: | + This host handles all of the bodhi backend stuff **except** for mashing. + https://github.com/fedora-infra/bodhi/blob/develop/bodhi/consumers/ + + * This host relies on: + * db01 for its database, which is shares with the bodhi2 frontend nodes. + * The fedmsg bus for triggering work. + * XMLRPC calls to koji for tagging and untagging updates. + * bugzilla for posting comments about status changes + * the wiki for getting information about QA "Test Cases" + + * No other systems rely directly on this host. Everything depends on it + indirectly for the creation of new updates repos (which get synced out to + the master mirror for distribution. diff --git a/inventory/host_vars/bodhi01.stg.phx2.fedoraproject.org b/inventory/host_vars/bodhi01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..0d56201e00 --- /dev/null +++ b/inventory/host_vars/bodhi01.stg.phx2.fedoraproject.org @@ -0,0 +1,9 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.80 +vmhost: virthost20.phx2.fedoraproject.org diff --git a/inventory/host_vars/bodhi03.phx2.fedoraproject.org b/inventory/host_vars/bodhi03.phx2.fedoraproject.org new file mode 100644 index 0000000000..2c42fc6881 --- /dev/null +++ b/inventory/host_vars/bodhi03.phx2.fedoraproject.org @@ -0,0 +1,11 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ +volgroup: /dev/vg_virthost01 +eth0_ip: 10.5.126.115 +vmhost: virthost01.phx2.fedoraproject.org +datacenter: phx2 +max_mem_size: 16384 diff --git a/inventory/host_vars/bodhi04.phx2.fedoraproject.org b/inventory/host_vars/bodhi04.phx2.fedoraproject.org new file mode 100644 index 0000000000..7d0c2d8b80 --- /dev/null +++ b/inventory/host_vars/bodhi04.phx2.fedoraproject.org @@ -0,0 +1,11 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.116 +vmhost: virthost02.phx2.fedoraproject.org +datacenter: phx2 +max_mem_size: 16384 diff --git a/inventory/host_vars/bootstrap.ocp.iad2.fedoraproject.org b/inventory/host_vars/bootstrap.ocp.iad2.fedoraproject.org deleted file mode 100644 index 2b0f855aee..0000000000 --- a/inventory/host_vars/bootstrap.ocp.iad2.fedoraproject.org +++ /dev/null @@ -1,47 +0,0 @@ ---- -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.163.126 -eth0_ipv4_gw: 10.3.163.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -lvm_size: 120g -mac0: "{{ ansible_default_ipv4.macaddress }}" -max_mem_size: 24576 -mem_size: 24576 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 4 -rhcos_ignition_file_url: "http://10.3.163.65/rhcos/bootstrap.ign" -rhcos_install_img_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.163.65/rhcos/" -virt_install_command: "{{ virt_install_command_pxe_rhcos }}" -vmhost: vmhost-x86-04.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/bootstrap.ocp.stg.iad2.fedoraproject.org b/inventory/host_vars/bootstrap.ocp.stg.iad2.fedoraproject.org deleted file mode 100644 index ac29f65e74..0000000000 --- a/inventory/host_vars/bootstrap.ocp.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,24 +0,0 @@ ---- -datacenter: iad2 -dns: "{{ dns1 }}" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.166.121 -eth0_ipv4_gw: 10.3.166.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -lvm_size: 120g -max_mem_size: 24576 -mem_size: 24576 -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 4 -rhcos_ignition_file_url: "http://10.3.166.50/rhcos/bootstrap.ign" -rhcos_install_img_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.166.50/rhcos/" -virt_install_command: "{{ virt_install_command_pxe_rhcos }}" -vmhost: vmhost-x86-05.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/branched-composer.phx2.fedoraproject.org b/inventory/host_vars/branched-composer.phx2.fedoraproject.org new file mode 100644 index 0000000000..f4b8a51c2f --- /dev/null +++ b/inventory/host_vars/branched-composer.phx2.fedoraproject.org @@ -0,0 +1,33 @@ +--- +vmhost: bvirthost08.phx2.fedoraproject.org +eth0_ip: 10.5.125.66 +eth1_ip: 10.5.127.53 +volgroup: /dev/vg_bvirthost08 + +koji_hub_nfs: "fedora_koji" + +kojipkgs_url: kojipkgs.fedoraproject.org +kojihub_url: koji.fedoraproject.org/kojihub +kojihub_scheme: https + +fedmsg_certs: +- service: releng + owner: root + group: sysadmin-releng + can_send: + - pungi.compose.phase.start + - pungi.compose.phase.stop + - pungi.compose.status.change + - pungi.compose.createiso.targets + - pungi.compose.createiso.imagefail + - pungi.compose.createiso.imagedone + - compose.branched.complete + - compose.branched.mash.complete + - compose.branched.mash.start + - compose.branched.image.complete + - compose.branched.image.start + - compose.branched.pungify.complete + - compose.branched.pungify.start + - compose.branched.rsync.complete + - compose.branched.rsync.start + - compose.branched.start diff --git a/inventory/host_vars/bugyou01.phx2.fedoraproject.org b/inventory/host_vars/bugyou01.phx2.fedoraproject.org new file mode 100644 index 0000000000..3d42330c02 --- /dev/null +++ b/inventory/host_vars/bugyou01.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.126.129 + +volgroup: /dev/vg_guests +vmhost: virthost22.phx2.fedoraproject.org +datacenter: phx2 +freezes: true diff --git a/inventory/host_vars/bugyou01.stg.phx2.fedoraproject.org b/inventory/host_vars/bugyou01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..b7f7b18d92 --- /dev/null +++ b/inventory/host_vars/bugyou01.stg.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.128.82 + +volgroup: /dev/vg_virthost16 +vmhost: virthost16.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/bugzilla2fedmsg01.phx2.fedoraproject.org b/inventory/host_vars/bugzilla2fedmsg01.phx2.fedoraproject.org new file mode 100644 index 0000000000..f48a6a9625 --- /dev/null +++ b/inventory/host_vars/bugzilla2fedmsg01.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +volgroup: /dev/vg_virthost +vmhost: virthost17.phx2.fedoraproject.org +datacenter: phx2 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.126.249 diff --git a/inventory/host_vars/bugzilla2fedmsg01.stg.phx2.fedoraproject.org b/inventory/host_vars/bugzilla2fedmsg01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..be66ec23b0 --- /dev/null +++ b/inventory/host_vars/bugzilla2fedmsg01.stg.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +volgroup: /dev/vg_virthost16 +vmhost: virthost16.phx2.fedoraproject.org +datacenter: phx2 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.128.83 diff --git a/inventory/host_vars/buildhw-01.phx2.fedoraproject.org b/inventory/host_vars/buildhw-01.phx2.fedoraproject.org new file mode 100644 index 0000000000..2325c79e61 --- /dev/null +++ b/inventory/host_vars/buildhw-01.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.164 +eth1_ip: 10.5.127.71 diff --git a/inventory/host_vars/buildhw-02.phx2.fedoraproject.org b/inventory/host_vars/buildhw-02.phx2.fedoraproject.org new file mode 100644 index 0000000000..c1e249b5c0 --- /dev/null +++ b/inventory/host_vars/buildhw-02.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.165 +eth1_ip: 10.5.127.72 diff --git a/inventory/host_vars/buildhw-03.phx2.fedoraproject.org b/inventory/host_vars/buildhw-03.phx2.fedoraproject.org new file mode 100644 index 0000000000..f61c747610 --- /dev/null +++ b/inventory/host_vars/buildhw-03.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.166 +eth1_ip: 10.5.127.73 diff --git a/inventory/host_vars/buildhw-04.phx2.fedoraproject.org b/inventory/host_vars/buildhw-04.phx2.fedoraproject.org new file mode 100644 index 0000000000..146d166b9b --- /dev/null +++ b/inventory/host_vars/buildhw-04.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.167 +eth1_ip: 10.5.127.74 diff --git a/inventory/host_vars/buildhw-05.phx2.fedoraproject.org b/inventory/host_vars/buildhw-05.phx2.fedoraproject.org new file mode 100644 index 0000000000..6f220d353a --- /dev/null +++ b/inventory/host_vars/buildhw-05.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.168 +eth1_ip: 10.5.127.75 diff --git a/inventory/host_vars/buildhw-06.phx2.fedoraproject.org b/inventory/host_vars/buildhw-06.phx2.fedoraproject.org new file mode 100644 index 0000000000..2e82f6e024 --- /dev/null +++ b/inventory/host_vars/buildhw-06.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.169 +eth1_ip: 10.5.127.76 diff --git a/inventory/host_vars/buildhw-07.phx2.fedoraproject.org b/inventory/host_vars/buildhw-07.phx2.fedoraproject.org new file mode 100644 index 0000000000..3d0d502cb8 --- /dev/null +++ b/inventory/host_vars/buildhw-07.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.170 +eth1_ip: 10.5.127.77 diff --git a/inventory/host_vars/buildhw-08.phx2.fedoraproject.org b/inventory/host_vars/buildhw-08.phx2.fedoraproject.org new file mode 100644 index 0000000000..03a4821ea1 --- /dev/null +++ b/inventory/host_vars/buildhw-08.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.171 +eth1_ip: 10.5.127.78 diff --git a/inventory/host_vars/buildhw-09.phx2.fedoraproject.org b/inventory/host_vars/buildhw-09.phx2.fedoraproject.org new file mode 100644 index 0000000000..041061422d --- /dev/null +++ b/inventory/host_vars/buildhw-09.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.172 +eth1_ip: 10.5.127.145 diff --git a/inventory/host_vars/buildhw-10.phx2.fedoraproject.org b/inventory/host_vars/buildhw-10.phx2.fedoraproject.org new file mode 100644 index 0000000000..97877358cd --- /dev/null +++ b/inventory/host_vars/buildhw-10.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.173 +eth1_ip: 10.5.127.146 diff --git a/inventory/host_vars/buildhw-11.phx2.fedoraproject.org b/inventory/host_vars/buildhw-11.phx2.fedoraproject.org new file mode 100644 index 0000000000..7eeb6647c7 --- /dev/null +++ b/inventory/host_vars/buildhw-11.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.125 +eth1_ip: 10.5.127.212 diff --git a/inventory/host_vars/buildhw-12.phx2.fedoraproject.org b/inventory/host_vars/buildhw-12.phx2.fedoraproject.org new file mode 100644 index 0000000000..3b09117e4d --- /dev/null +++ b/inventory/host_vars/buildhw-12.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.126 +eth1_ip: 10.5.127.213 diff --git a/inventory/host_vars/buildhw-a64-03.iad2.fedoraproject.org b/inventory/host_vars/buildhw-a64-03.iad2.fedoraproject.org deleted file mode 100644 index 92d41fd551..0000000000 --- a/inventory/host_vars/buildhw-a64-03.iad2.fedoraproject.org +++ /dev/null @@ -1,33 +0,0 @@ ---- -datacenter: iad2 -eth1_ip: 10.3.170.123 -eth1_ipv4_gw: 10.3.170.254 -gw: 10.3.170.254 -network_connections: - - autoconnect: no - mac: d8:5e:d3:8b:5f:70 - name: eth0 - type: ethernet - - autoconnect: no - mac: d8:5e:d3:8b:5f:71 - name: eth1 - type: ethernet - - autoconnect: yes - ip: - address: 10.3.170.123/24 - dhcp4: no - dns: - - 10.3.163.33 - - 10.3.163.34 - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: 10.3.170.254 - mac: 0c:42:a1:4a:0b:f4 - name: eth2 - state: up - type: ethernet - - autoconnect: no - mac: 0c:42:a1:4a:0b:f5 - name: eth3 - type: ethernet diff --git a/inventory/host_vars/buildhw-a64-04.iad2.fedoraproject.org b/inventory/host_vars/buildhw-a64-04.iad2.fedoraproject.org deleted file mode 100644 index 41c3b37d7a..0000000000 --- a/inventory/host_vars/buildhw-a64-04.iad2.fedoraproject.org +++ /dev/null @@ -1,33 +0,0 @@ ---- -datacenter: iad2 -eth1_ip: 10.3.170.124 -eth1_ipv4_gw: 10.3.170.254 -gw: 10.3.170.254 -network_connections: - - autoconnect: no - mac: d8:5e:d3:8b:5d:d8 - name: eth0 - type: ethernet - - autoconnect: no - mac: d8:5e:d3:8b:5d:d9 - name: eth1 - type: ethernet - - autoconnect: yes - ip: - address: 10.3.170.124/24 - dhcp4: no - dns: - - 10.3.163.33 - - 10.3.163.34 - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: 10.3.170.254 - mac: 0c:42:a1:49:9b:d0 - name: eth2 - state: up - type: ethernet - - autoconnect: no - mac: 0c:42:a1:49:9b:d1 - name: eth3 - type: ethernet diff --git a/inventory/host_vars/buildhw-a64-05.iad2.fedoraproject.org b/inventory/host_vars/buildhw-a64-05.iad2.fedoraproject.org deleted file mode 100644 index 9f96a47840..0000000000 --- a/inventory/host_vars/buildhw-a64-05.iad2.fedoraproject.org +++ /dev/null @@ -1,33 +0,0 @@ ---- -datacenter: iad2 -eth1_ip: 10.3.170.125 -eth1_ipv4_gw: 10.3.170.254 -gw: 10.3.170.254 -network_connections: - - autoconnect: no - mac: d8:5e:d3:8b:89:6c - name: eth0 - type: ethernet - - autoconnect: no - mac: d8:5e:d3:8b:89:6d - name: eth1 - type: ethernet - - autoconnect: yes - ip: - address: 10.3.170.125/24 - dhcp4: no - dns: - - 10.3.163.33 - - 10.3.163.34 - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: 10.3.170.254 - mac: 0c:42:a1:5a:00:b8 - name: eth2 - state: up - type: ethernet - - autoconnect: no - mac: 0c:42:a1:5a:00:b9 - name: eth3 - type: ethernet diff --git a/inventory/host_vars/buildhw-a64-06.iad2.fedoraproject.org b/inventory/host_vars/buildhw-a64-06.iad2.fedoraproject.org deleted file mode 100644 index f30f067e47..0000000000 --- a/inventory/host_vars/buildhw-a64-06.iad2.fedoraproject.org +++ /dev/null @@ -1,33 +0,0 @@ ---- -datacenter: iad2 -eth1_ip: 10.3.170.126 -eth1_ipv4_gw: 10.3.170.254 -gw: 10.3.170.254 -network_connections: - - autoconnect: no - mac: d8:5e:d3:8b:5f:38 - name: eth0 - type: ethernet - - autoconnect: no - mac: d8:5e:d3:8b:5f:39 - name: eth1 - type: ethernet - - autoconnect: yes - ip: - address: 10.3.170.126/24 - dhcp4: no - dns: - - 10.3.163.33 - - 10.3.163.34 - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: 10.3.170.254 - mac: 0c:42:a1:45:6c:fc - name: eth2 - state: up - type: ethernet - - autoconnect: no - mac: 0c:42:a1:45:6c:fd - name: eth3 - type: ethernet diff --git a/inventory/host_vars/buildhw-aarch64-01.arm.fedoraproject.org b/inventory/host_vars/buildhw-aarch64-01.arm.fedoraproject.org new file mode 100644 index 0000000000..4d042a1d67 --- /dev/null +++ b/inventory/host_vars/buildhw-aarch64-01.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +eth0_ip: 10.5.78.165 +gw: 10.5.78.254 diff --git a/inventory/host_vars/buildhw-aarch64-02.arm.fedoraproject.org b/inventory/host_vars/buildhw-aarch64-02.arm.fedoraproject.org new file mode 100644 index 0000000000..4a0fda683f --- /dev/null +++ b/inventory/host_vars/buildhw-aarch64-02.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +eth0_ip: 10.5.78.170 +gw: 10.5.78.254 diff --git a/inventory/host_vars/buildhw-aarch64-03.arm.fedoraproject.org b/inventory/host_vars/buildhw-aarch64-03.arm.fedoraproject.org new file mode 100644 index 0000000000..2a479d78ed --- /dev/null +++ b/inventory/host_vars/buildhw-aarch64-03.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +eth0_ip: 10.5.78.175 +gw: 10.5.78.254 diff --git a/inventory/host_vars/buildhw-x86-01.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-01.iad2.fedoraproject.org deleted file mode 100644 index 93351897e2..0000000000 --- a/inventory/host_vars/buildhw-x86-01.iad2.fedoraproject.org +++ /dev/null @@ -1,30 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -eth0_ipv4: 10.3.169.31 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: 14:9e:cf:61:9e:61 -mac1: 14:9e:cf:61:9e:64 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet diff --git a/inventory/host_vars/buildhw-x86-02.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-02.iad2.fedoraproject.org deleted file mode 100644 index 15362138b1..0000000000 --- a/inventory/host_vars/buildhw-x86-02.iad2.fedoraproject.org +++ /dev/null @@ -1,34 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4: 10.3.169.32 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: 14:9e:cf:61:9f:4f -mac1: 14:9e:cf:61:9f:52 -network_connections: - - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - persistent_state: present - state: up - type: ethernet - - autoconnect: yes - mac: "{{ mac1 }}" - name: eth1 - persistent_state: present - state: down - type: ethernet diff --git a/inventory/host_vars/buildhw-x86-03.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-03.iad2.fedoraproject.org deleted file mode 100644 index 309250c182..0000000000 --- a/inventory/host_vars/buildhw-x86-03.iad2.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4: 10.3.169.33 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: 14:9e:cf:61:9e:c9 -mac1: 14:9e:cf:61:9e:cc -network_connections: - - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - autoconnect: yes - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet diff --git a/inventory/host_vars/buildhw-x86-04.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-04.iad2.fedoraproject.org deleted file mode 100644 index 80819a35c2..0000000000 --- a/inventory/host_vars/buildhw-x86-04.iad2.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4: 10.3.169.34 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: 14:9e:cf:61:a5:07 -mac1: 14:9e:cf:61:a5:0a -network_connections: - - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - autoconnect: yes - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet diff --git a/inventory/host_vars/buildhw-x86-05.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-05.iad2.fedoraproject.org deleted file mode 100644 index e65f5a0cc6..0000000000 --- a/inventory/host_vars/buildhw-x86-05.iad2.fedoraproject.org +++ /dev/null @@ -1,33 +0,0 @@ ---- -datacenter: iad2 -dns: 10.3.163.33 -dns1: 10.3.163.33 -eth0_ip: 10.3.169.35 -eth0_ipv4: 10.3.169.35 -eth0_ipv4_gw: 10.3.169.254 -eth1_off: true -gw: 10.3.169.254 -mac0: 14:9e:cf:61:9e:7b -mac1: 14:9e:cf:61:9e:7e -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet -nm: 255.255.255.0 diff --git a/inventory/host_vars/buildhw-x86-06.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-06.iad2.fedoraproject.org deleted file mode 100644 index 9cba3ef912..0000000000 --- a/inventory/host_vars/buildhw-x86-06.iad2.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4: 10.3.169.36 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: 14:9e:cf:61:a0:bd -mac1: 14:9e:cf:61:a0:c0 -network_connections: - - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - autoconnect: yes - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet diff --git a/inventory/host_vars/buildhw-x86-07.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-07.iad2.fedoraproject.org deleted file mode 100644 index 4b755380be..0000000000 --- a/inventory/host_vars/buildhw-x86-07.iad2.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4: 10.3.169.37 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: 14:9e:cf:61:9e:e3 -mac1: 14:9e:cf:61:9e:e6 -network_connections: - - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - autoconnect: yes - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet diff --git a/inventory/host_vars/buildhw-x86-08.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-08.iad2.fedoraproject.org deleted file mode 100644 index 51e17059e6..0000000000 --- a/inventory/host_vars/buildhw-x86-08.iad2.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4: 10.3.169.38 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: 14:9e:cf:61:a6:75 -mac1: 14:9e:cf:61:a6:78 -network_connections: - - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - autoconnect: yes - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet diff --git a/inventory/host_vars/buildhw-x86-09.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-09.iad2.fedoraproject.org deleted file mode 100644 index 415a2a7cf6..0000000000 --- a/inventory/host_vars/buildhw-x86-09.iad2.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4: 10.3.169.39 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: f8:ca:b8:f7:26:e1 -mac1: f8:ca:b8:f7:26:e4 -network_connections: - - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - autoconnect: yes - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet diff --git a/inventory/host_vars/buildhw-x86-10.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-10.iad2.fedoraproject.org deleted file mode 100644 index f8ddaf2826..0000000000 --- a/inventory/host_vars/buildhw-x86-10.iad2.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4: 10.3.169.40 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: f8:ca:b8:f7:27:cf -mac1: f8:ca:b8:f7:27:d2 -network_connections: - - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - autoconnect: yes - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet diff --git a/inventory/host_vars/buildhw-x86-11.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-11.iad2.fedoraproject.org deleted file mode 100644 index 41cf9f2dd6..0000000000 --- a/inventory/host_vars/buildhw-x86-11.iad2.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4: 10.3.169.41 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: f8:ca:b8:f7:27:63 -mac1: f8:ca:b8:f7:27:66 -network_connections: - - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - autoconnect: yes - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet diff --git a/inventory/host_vars/buildhw-x86-12.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-12.iad2.fedoraproject.org deleted file mode 100644 index ee35ca5168..0000000000 --- a/inventory/host_vars/buildhw-x86-12.iad2.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4: 10.3.169.42 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: f8:ca:b8:f7:2e:f5 -mac1: f8:ca:b8:f7:2e:f8 -network_connections: - - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - autoconnect: yes - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet diff --git a/inventory/host_vars/buildhw-x86-13.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-13.iad2.fedoraproject.org deleted file mode 100644 index 4efecb0a0f..0000000000 --- a/inventory/host_vars/buildhw-x86-13.iad2.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4: 10.3.169.43 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: f8:ca:b8:f7:27:49 -mac1: f8:ca:b8:f7:27:4c -network_connections: - - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - autoconnect: yes - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet diff --git a/inventory/host_vars/buildhw-x86-14.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-14.iad2.fedoraproject.org deleted file mode 100644 index 406210a081..0000000000 --- a/inventory/host_vars/buildhw-x86-14.iad2.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4: 10.3.169.44 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: f8:ca:b8:f7:2d:87 -mac1: f8:ca:b8:f7:2d:8a -network_connections: - - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - autoconnect: yes - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet diff --git a/inventory/host_vars/buildhw-x86-15.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-15.iad2.fedoraproject.org deleted file mode 100644 index b1eefdf863..0000000000 --- a/inventory/host_vars/buildhw-x86-15.iad2.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4: 10.3.169.45 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: f8:ca:b8:f7:26:fb -mac1: f8:ca:b8:f7:26:fe -network_connections: - - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - autoconnect: yes - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet diff --git a/inventory/host_vars/buildhw-x86-16.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-16.iad2.fedoraproject.org deleted file mode 100644 index 08cc65044a..0000000000 --- a/inventory/host_vars/buildhw-x86-16.iad2.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4: 10.3.169.46 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: f8:ca:b8:f7:29:3d -mac1: f8:ca:b8:f7:29:40 -network_connections: - - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - autoconnect: yes - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet diff --git a/inventory/host_vars/buildppc-01.ppc.fedoraproject.org b/inventory/host_vars/buildppc-01.ppc.fedoraproject.org new file mode 100644 index 0000000000..cfd338712f --- /dev/null +++ b/inventory/host_vars/buildppc-01.ppc.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: ppc8-02.ppc.fedoraproject.org +eth0_ip: 10.5.129.64 diff --git a/inventory/host_vars/buildppc-02.ppc.fedoraproject.org b/inventory/host_vars/buildppc-02.ppc.fedoraproject.org new file mode 100644 index 0000000000..492c67abdb --- /dev/null +++ b/inventory/host_vars/buildppc-02.ppc.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: ppc8-03.ppc.fedoraproject.org +eth0_ip: 10.5.129.66 diff --git a/inventory/host_vars/buildppc-03.ppc.fedoraproject.org b/inventory/host_vars/buildppc-03.ppc.fedoraproject.org new file mode 100644 index 0000000000..3d9e063ef1 --- /dev/null +++ b/inventory/host_vars/buildppc-03.ppc.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: ppc8-01.ppc.fedoraproject.org +eth0_ip: 10.5.129.67 diff --git a/inventory/host_vars/buildppc-04.ppc.fedoraproject.org b/inventory/host_vars/buildppc-04.ppc.fedoraproject.org new file mode 100644 index 0000000000..7aad71eae3 --- /dev/null +++ b/inventory/host_vars/buildppc-04.ppc.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: ppc8-03.ppc.fedoraproject.org +eth0_ip: 10.5.129.68 diff --git a/inventory/host_vars/buildppcle-01.ppc.fedoraproject.org b/inventory/host_vars/buildppcle-01.ppc.fedoraproject.org new file mode 100644 index 0000000000..63087cc2f1 --- /dev/null +++ b/inventory/host_vars/buildppcle-01.ppc.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: ppc8-02.ppc.fedoraproject.org +eth0_ip: 10.5.129.65 diff --git a/inventory/host_vars/buildppcle-02.ppc.fedoraproject.org b/inventory/host_vars/buildppcle-02.ppc.fedoraproject.org new file mode 100644 index 0000000000..5cd7816d10 --- /dev/null +++ b/inventory/host_vars/buildppcle-02.ppc.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: ppc8-03.ppc.fedoraproject.org +eth0_ip: 10.5.129.69 diff --git a/inventory/host_vars/buildppcle-03.ppc.fedoraproject.org b/inventory/host_vars/buildppcle-03.ppc.fedoraproject.org new file mode 100644 index 0000000000..17fc9f121a --- /dev/null +++ b/inventory/host_vars/buildppcle-03.ppc.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: ppc8-01.ppc.fedoraproject.org +eth0_ip: 10.5.129.70 diff --git a/inventory/host_vars/buildppcle-04.ppc.fedoraproject.org b/inventory/host_vars/buildppcle-04.ppc.fedoraproject.org new file mode 100644 index 0000000000..a69618af30 --- /dev/null +++ b/inventory/host_vars/buildppcle-04.ppc.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: ppc8-03.ppc.fedoraproject.org +eth0_ip: 10.5.129.71 diff --git a/inventory/host_vars/buildvm-01.phx2.fedoraproject.org b/inventory/host_vars/buildvm-01.phx2.fedoraproject.org new file mode 100644 index 0000000000..67ea35e3eb --- /dev/null +++ b/inventory/host_vars/buildvm-01.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-01.phx2.fedoraproject.org +eth0_ip: 10.5.125.98 +eth1_ip: 10.5.127.158 diff --git a/inventory/host_vars/buildvm-01.stg.phx2.fedoraproject.org b/inventory/host_vars/buildvm-01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..a458007591 --- /dev/null +++ b/inventory/host_vars/buildvm-01.stg.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: virthost04.phx2.fedoraproject.org +eth0_ip: 10.5.128.84 +gw: 10.5.128.254 diff --git a/inventory/host_vars/buildvm-02.phx2.fedoraproject.org b/inventory/host_vars/buildvm-02.phx2.fedoraproject.org new file mode 100644 index 0000000000..9a417545d2 --- /dev/null +++ b/inventory/host_vars/buildvm-02.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-01.phx2.fedoraproject.org +eth0_ip: 10.5.125.99 +eth1_ip: 10.5.127.159 diff --git a/inventory/host_vars/buildvm-02.stg.phx2.fedoraproject.org b/inventory/host_vars/buildvm-02.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..2712a4348d --- /dev/null +++ b/inventory/host_vars/buildvm-02.stg.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: virthost04.phx2.fedoraproject.org +eth0_ip: 10.5.128.85 +gw: 10.5.128.254 diff --git a/inventory/host_vars/buildvm-03.phx2.fedoraproject.org b/inventory/host_vars/buildvm-03.phx2.fedoraproject.org new file mode 100644 index 0000000000..82fd2da518 --- /dev/null +++ b/inventory/host_vars/buildvm-03.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-01.phx2.fedoraproject.org +eth0_ip: 10.5.125.100 +eth1_ip: 10.5.127.160 diff --git a/inventory/host_vars/buildvm-03.stg.phx2.fedoraproject.org b/inventory/host_vars/buildvm-03.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..a6865a5a67 --- /dev/null +++ b/inventory/host_vars/buildvm-03.stg.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: virthost04.phx2.fedoraproject.org +eth0_ip: 10.5.128.86 +gw: 10.5.128.254 diff --git a/inventory/host_vars/buildvm-04.phx2.fedoraproject.org b/inventory/host_vars/buildvm-04.phx2.fedoraproject.org new file mode 100644 index 0000000000..a99b652506 --- /dev/null +++ b/inventory/host_vars/buildvm-04.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-01.phx2.fedoraproject.org +eth0_ip: 10.5.125.101 +eth1_ip: 10.5.127.161 diff --git a/inventory/host_vars/buildvm-04.stg.phx2.fedoraproject.org b/inventory/host_vars/buildvm-04.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..5c0be89672 --- /dev/null +++ b/inventory/host_vars/buildvm-04.stg.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: virthost04.phx2.fedoraproject.org +eth0_ip: 10.5.128.87 +gw: 10.5.128.254 diff --git a/inventory/host_vars/buildvm-05.phx2.fedoraproject.org b/inventory/host_vars/buildvm-05.phx2.fedoraproject.org new file mode 100644 index 0000000000..42f1b6c872 --- /dev/null +++ b/inventory/host_vars/buildvm-05.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-01.phx2.fedoraproject.org +eth0_ip: 10.5.125.102 +eth1_ip: 10.5.127.162 diff --git a/inventory/host_vars/buildvm-05.stg.phx2.fedoraproject.org b/inventory/host_vars/buildvm-05.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..1e3e1247d2 --- /dev/null +++ b/inventory/host_vars/buildvm-05.stg.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: virthost04.phx2.fedoraproject.org +eth0_ip: 10.5.128.69 +gw: 10.5.128.254 diff --git a/inventory/host_vars/buildvm-06.phx2.fedoraproject.org b/inventory/host_vars/buildvm-06.phx2.fedoraproject.org new file mode 100644 index 0000000000..bf5155dd0b --- /dev/null +++ b/inventory/host_vars/buildvm-06.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-01.phx2.fedoraproject.org +eth0_ip: 10.5.125.103 +eth1_ip: 10.5.127.163 diff --git a/inventory/host_vars/buildvm-07.phx2.fedoraproject.org b/inventory/host_vars/buildvm-07.phx2.fedoraproject.org new file mode 100644 index 0000000000..77ae09fb9d --- /dev/null +++ b/inventory/host_vars/buildvm-07.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-01.phx2.fedoraproject.org +eth0_ip: 10.5.125.104 +eth1_ip: 10.5.127.164 diff --git a/inventory/host_vars/buildvm-08.phx2.fedoraproject.org b/inventory/host_vars/buildvm-08.phx2.fedoraproject.org new file mode 100644 index 0000000000..f82f31ea2f --- /dev/null +++ b/inventory/host_vars/buildvm-08.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-01.phx2.fedoraproject.org +eth0_ip: 10.5.125.105 +eth1_ip: 10.5.127.165 diff --git a/inventory/host_vars/buildvm-09.phx2.fedoraproject.org b/inventory/host_vars/buildvm-09.phx2.fedoraproject.org new file mode 100644 index 0000000000..64d6e08d7f --- /dev/null +++ b/inventory/host_vars/buildvm-09.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-02.phx2.fedoraproject.org +eth0_ip: 10.5.125.106 +eth1_ip: 10.5.127.166 diff --git a/inventory/host_vars/buildvm-10.phx2.fedoraproject.org b/inventory/host_vars/buildvm-10.phx2.fedoraproject.org new file mode 100644 index 0000000000..fde2b508fa --- /dev/null +++ b/inventory/host_vars/buildvm-10.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-02.phx2.fedoraproject.org +eth0_ip: 10.5.125.107 +eth1_ip: 10.5.127.167 diff --git a/inventory/host_vars/buildvm-11.phx2.fedoraproject.org b/inventory/host_vars/buildvm-11.phx2.fedoraproject.org new file mode 100644 index 0000000000..03955cc4c4 --- /dev/null +++ b/inventory/host_vars/buildvm-11.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-02.phx2.fedoraproject.org +eth0_ip: 10.5.125.108 +eth1_ip: 10.5.127.168 diff --git a/inventory/host_vars/buildvm-12.phx2.fedoraproject.org b/inventory/host_vars/buildvm-12.phx2.fedoraproject.org new file mode 100644 index 0000000000..98d8fd7b32 --- /dev/null +++ b/inventory/host_vars/buildvm-12.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-02.phx2.fedoraproject.org +eth0_ip: 10.5.125.109 +eth1_ip: 10.5.127.169 diff --git a/inventory/host_vars/buildvm-13.phx2.fedoraproject.org b/inventory/host_vars/buildvm-13.phx2.fedoraproject.org new file mode 100644 index 0000000000..180256bb0f --- /dev/null +++ b/inventory/host_vars/buildvm-13.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-02.phx2.fedoraproject.org +eth0_ip: 10.5.125.110 +eth1_ip: 10.5.127.170 diff --git a/inventory/host_vars/buildvm-14.phx2.fedoraproject.org b/inventory/host_vars/buildvm-14.phx2.fedoraproject.org new file mode 100644 index 0000000000..5636fb7628 --- /dev/null +++ b/inventory/host_vars/buildvm-14.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-02.phx2.fedoraproject.org +eth0_ip: 10.5.125.111 +eth1_ip: 10.5.127.171 diff --git a/inventory/host_vars/buildvm-15.phx2.fedoraproject.org b/inventory/host_vars/buildvm-15.phx2.fedoraproject.org new file mode 100644 index 0000000000..d67cd4b737 --- /dev/null +++ b/inventory/host_vars/buildvm-15.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-02.phx2.fedoraproject.org +eth0_ip: 10.5.125.112 +eth1_ip: 10.5.127.172 diff --git a/inventory/host_vars/buildvm-16.phx2.fedoraproject.org b/inventory/host_vars/buildvm-16.phx2.fedoraproject.org new file mode 100644 index 0000000000..0f2b7765a6 --- /dev/null +++ b/inventory/host_vars/buildvm-16.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-02.phx2.fedoraproject.org +eth0_ip: 10.5.125.113 +eth1_ip: 10.5.127.173 diff --git a/inventory/host_vars/buildvm-17.phx2.fedoraproject.org b/inventory/host_vars/buildvm-17.phx2.fedoraproject.org new file mode 100644 index 0000000000..aaee84a79a --- /dev/null +++ b/inventory/host_vars/buildvm-17.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-03.phx2.fedoraproject.org +eth0_ip: 10.5.125.140 +eth1_ip: 10.5.127.174 diff --git a/inventory/host_vars/buildvm-18.phx2.fedoraproject.org b/inventory/host_vars/buildvm-18.phx2.fedoraproject.org new file mode 100644 index 0000000000..6f30f80752 --- /dev/null +++ b/inventory/host_vars/buildvm-18.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-03.phx2.fedoraproject.org +eth0_ip: 10.5.125.141 +eth1_ip: 10.5.127.175 diff --git a/inventory/host_vars/buildvm-19.phx2.fedoraproject.org b/inventory/host_vars/buildvm-19.phx2.fedoraproject.org new file mode 100644 index 0000000000..2aee8e7a5e --- /dev/null +++ b/inventory/host_vars/buildvm-19.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-03.phx2.fedoraproject.org +eth0_ip: 10.5.125.142 +eth1_ip: 10.5.127.176 diff --git a/inventory/host_vars/buildvm-20.phx2.fedoraproject.org b/inventory/host_vars/buildvm-20.phx2.fedoraproject.org new file mode 100644 index 0000000000..0064a5a85c --- /dev/null +++ b/inventory/host_vars/buildvm-20.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-03.phx2.fedoraproject.org +eth0_ip: 10.5.125.143 +eth1_ip: 10.5.127.177 diff --git a/inventory/host_vars/buildvm-21.phx2.fedoraproject.org b/inventory/host_vars/buildvm-21.phx2.fedoraproject.org new file mode 100644 index 0000000000..91d00a7d62 --- /dev/null +++ b/inventory/host_vars/buildvm-21.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-03.phx2.fedoraproject.org +eth0_ip: 10.5.125.144 +eth1_ip: 10.5.127.178 diff --git a/inventory/host_vars/buildvm-22.phx2.fedoraproject.org b/inventory/host_vars/buildvm-22.phx2.fedoraproject.org new file mode 100644 index 0000000000..e4fd9a9c4c --- /dev/null +++ b/inventory/host_vars/buildvm-22.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-03.phx2.fedoraproject.org +eth0_ip: 10.5.125.145 +eth1_ip: 10.5.127.179 diff --git a/inventory/host_vars/buildvm-23.phx2.fedoraproject.org b/inventory/host_vars/buildvm-23.phx2.fedoraproject.org new file mode 100644 index 0000000000..af447b5c51 --- /dev/null +++ b/inventory/host_vars/buildvm-23.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-03.phx2.fedoraproject.org +eth0_ip: 10.5.125.146 +eth1_ip: 10.5.127.180 diff --git a/inventory/host_vars/buildvm-24.phx2.fedoraproject.org b/inventory/host_vars/buildvm-24.phx2.fedoraproject.org new file mode 100644 index 0000000000..d9fce2eb68 --- /dev/null +++ b/inventory/host_vars/buildvm-24.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-03.phx2.fedoraproject.org +eth0_ip: 10.5.125.147 +eth1_ip: 10.5.127.181 diff --git a/inventory/host_vars/buildvm-25.phx2.fedoraproject.org b/inventory/host_vars/buildvm-25.phx2.fedoraproject.org new file mode 100644 index 0000000000..a7a01f00d3 --- /dev/null +++ b/inventory/host_vars/buildvm-25.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-04.phx2.fedoraproject.org +eth0_ip: 10.5.125.148 +eth1_ip: 10.5.127.182 diff --git a/inventory/host_vars/buildvm-26.phx2.fedoraproject.org b/inventory/host_vars/buildvm-26.phx2.fedoraproject.org new file mode 100644 index 0000000000..f28b55699b --- /dev/null +++ b/inventory/host_vars/buildvm-26.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-04.phx2.fedoraproject.org +eth0_ip: 10.5.125.149 +eth1_ip: 10.5.127.183 diff --git a/inventory/host_vars/buildvm-27.phx2.fedoraproject.org b/inventory/host_vars/buildvm-27.phx2.fedoraproject.org new file mode 100644 index 0000000000..60ac870ac3 --- /dev/null +++ b/inventory/host_vars/buildvm-27.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-04.phx2.fedoraproject.org +eth0_ip: 10.5.125.150 +eth1_ip: 10.5.127.184 diff --git a/inventory/host_vars/buildvm-28.phx2.fedoraproject.org b/inventory/host_vars/buildvm-28.phx2.fedoraproject.org new file mode 100644 index 0000000000..52b6838de0 --- /dev/null +++ b/inventory/host_vars/buildvm-28.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-04.phx2.fedoraproject.org +eth0_ip: 10.5.125.151 +eth1_ip: 10.5.127.185 diff --git a/inventory/host_vars/buildvm-29.phx2.fedoraproject.org b/inventory/host_vars/buildvm-29.phx2.fedoraproject.org new file mode 100644 index 0000000000..c1415e457d --- /dev/null +++ b/inventory/host_vars/buildvm-29.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-04.phx2.fedoraproject.org +eth0_ip: 10.5.125.152 +eth1_ip: 10.5.127.186 diff --git a/inventory/host_vars/buildvm-30.phx2.fedoraproject.org b/inventory/host_vars/buildvm-30.phx2.fedoraproject.org new file mode 100644 index 0000000000..d155ca2012 --- /dev/null +++ b/inventory/host_vars/buildvm-30.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-04.phx2.fedoraproject.org +eth0_ip: 10.5.125.153 +eth1_ip: 10.5.127.187 diff --git a/inventory/host_vars/buildvm-31.phx2.fedoraproject.org b/inventory/host_vars/buildvm-31.phx2.fedoraproject.org new file mode 100644 index 0000000000..f601d56d9e --- /dev/null +++ b/inventory/host_vars/buildvm-31.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-04.phx2.fedoraproject.org +eth0_ip: 10.5.125.154 +eth1_ip: 10.5.127.188 diff --git a/inventory/host_vars/buildvm-32.phx2.fedoraproject.org b/inventory/host_vars/buildvm-32.phx2.fedoraproject.org new file mode 100644 index 0000000000..c02270c6c5 --- /dev/null +++ b/inventory/host_vars/buildvm-32.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-04.phx2.fedoraproject.org +eth0_ip: 10.5.125.155 +eth1_ip: 10.5.127.189 diff --git a/inventory/host_vars/buildvm-a64-01.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-01.iad2.fedoraproject.org deleted file mode 100644 index 547ed6fc44..0000000000 --- a/inventory/host_vars/buildvm-a64-01.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.91 -vmhost: bvmhost-a64-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-01.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-01.stg.iad2.fedoraproject.org deleted file mode 100644 index 5e0485156e..0000000000 --- a/inventory/host_vars/buildvm-a64-01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.167.45 -vmhost: bvmhost-a64-01.stg.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-02.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-02.iad2.fedoraproject.org deleted file mode 100644 index 35f51def37..0000000000 --- a/inventory/host_vars/buildvm-a64-02.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.92 -vmhost: bvmhost-a64-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-02.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-02.stg.iad2.fedoraproject.org deleted file mode 100644 index 29a616c73b..0000000000 --- a/inventory/host_vars/buildvm-a64-02.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.167.52 -vmhost: bvmhost-a64-01.stg.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-03.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-03.iad2.fedoraproject.org deleted file mode 100644 index 94f0a0ec55..0000000000 --- a/inventory/host_vars/buildvm-a64-03.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.93 -vmhost: bvmhost-a64-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-04.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-04.iad2.fedoraproject.org deleted file mode 100644 index 1ff276a6d0..0000000000 --- a/inventory/host_vars/buildvm-a64-04.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.94 -vmhost: bvmhost-a64-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-05.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-05.iad2.fedoraproject.org deleted file mode 100644 index 5addd8d6fe..0000000000 --- a/inventory/host_vars/buildvm-a64-05.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.95 -vmhost: bvmhost-a64-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-06.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-06.iad2.fedoraproject.org deleted file mode 100644 index 31227aef2a..0000000000 --- a/inventory/host_vars/buildvm-a64-06.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.96 -vmhost: bvmhost-a64-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-07.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-07.iad2.fedoraproject.org deleted file mode 100644 index c6f84c9704..0000000000 --- a/inventory/host_vars/buildvm-a64-07.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.97 -vmhost: bvmhost-a64-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-08.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-08.iad2.fedoraproject.org deleted file mode 100644 index 63c47ee6fd..0000000000 --- a/inventory/host_vars/buildvm-a64-08.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.98 -vmhost: bvmhost-a64-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-09.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-09.iad2.fedoraproject.org deleted file mode 100644 index 907dd05400..0000000000 --- a/inventory/host_vars/buildvm-a64-09.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.99 -vmhost: bvmhost-a64-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-10.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-10.iad2.fedoraproject.org deleted file mode 100644 index d1926fdcc5..0000000000 --- a/inventory/host_vars/buildvm-a64-10.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.100 -vmhost: bvmhost-a64-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-11.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-11.iad2.fedoraproject.org deleted file mode 100644 index dc50d580a4..0000000000 --- a/inventory/host_vars/buildvm-a64-11.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.101 -vmhost: bvmhost-a64-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-12.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-12.iad2.fedoraproject.org deleted file mode 100644 index 82f032360e..0000000000 --- a/inventory/host_vars/buildvm-a64-12.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.102 -vmhost: bvmhost-a64-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-13.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-13.iad2.fedoraproject.org deleted file mode 100644 index abcf11f03e..0000000000 --- a/inventory/host_vars/buildvm-a64-13.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.103 -vmhost: bvmhost-a64-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-14.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-14.iad2.fedoraproject.org deleted file mode 100644 index 5073edf903..0000000000 --- a/inventory/host_vars/buildvm-a64-14.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.104 -vmhost: bvmhost-a64-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-15.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-15.iad2.fedoraproject.org deleted file mode 100644 index 6077561350..0000000000 --- a/inventory/host_vars/buildvm-a64-15.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.105 -vmhost: bvmhost-a64-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-16.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-16.iad2.fedoraproject.org deleted file mode 100644 index 4399c954f0..0000000000 --- a/inventory/host_vars/buildvm-a64-16.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.106 -vmhost: bvmhost-a64-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-17.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-17.iad2.fedoraproject.org deleted file mode 100644 index ca795f79bb..0000000000 --- a/inventory/host_vars/buildvm-a64-17.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.107 -vmhost: bvmhost-a64-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-18.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-18.iad2.fedoraproject.org deleted file mode 100644 index 89509770d0..0000000000 --- a/inventory/host_vars/buildvm-a64-18.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.108 -vmhost: bvmhost-a64-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-19.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-19.iad2.fedoraproject.org deleted file mode 100644 index a64eeed244..0000000000 --- a/inventory/host_vars/buildvm-a64-19.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.109 -vmhost: bvmhost-a64-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-20.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-20.iad2.fedoraproject.org deleted file mode 100644 index c805ab185e..0000000000 --- a/inventory/host_vars/buildvm-a64-20.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.110 -vmhost: bvmhost-a64-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-21.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-21.iad2.fedoraproject.org deleted file mode 100644 index 0c22ef804a..0000000000 --- a/inventory/host_vars/buildvm-a64-21.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.111 -vmhost: bvmhost-a64-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-22.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-22.iad2.fedoraproject.org deleted file mode 100644 index c8703975fd..0000000000 --- a/inventory/host_vars/buildvm-a64-22.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.112 -vmhost: bvmhost-a64-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-23.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-23.iad2.fedoraproject.org deleted file mode 100644 index 4bead1814d..0000000000 --- a/inventory/host_vars/buildvm-a64-23.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.113 -vmhost: bvmhost-a64-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-24.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-24.iad2.fedoraproject.org deleted file mode 100644 index 6e1218afa3..0000000000 --- a/inventory/host_vars/buildvm-a64-24.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.114 -vmhost: bvmhost-a64-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-25.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-25.iad2.fedoraproject.org deleted file mode 100644 index c7fa5875a2..0000000000 --- a/inventory/host_vars/buildvm-a64-25.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.115 -vmhost: bvmhost-a64-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-26.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-26.iad2.fedoraproject.org deleted file mode 100644 index f3496508f9..0000000000 --- a/inventory/host_vars/buildvm-a64-26.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.116 -vmhost: bvmhost-a64-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-27.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-27.iad2.fedoraproject.org deleted file mode 100644 index 05fc6bc911..0000000000 --- a/inventory/host_vars/buildvm-a64-27.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.117 -vmhost: bvmhost-a64-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-28.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-28.iad2.fedoraproject.org deleted file mode 100644 index 9b83fd32d8..0000000000 --- a/inventory/host_vars/buildvm-a64-28.iad2.fedoraproject.org +++ /dev/null @@ -1,3 +0,0 @@ ---- -eth0_ipv4_ip: 10.3.170.118 -vmhost: bvmhost-a64-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-29.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-29.iad2.fedoraproject.org deleted file mode 100644 index 56df06665f..0000000000 --- a/inventory/host_vars/buildvm-a64-29.iad2.fedoraproject.org +++ /dev/null @@ -1,3 +0,0 @@ ---- -eth0_ipv4_ip: 10.3.170.119 -vmhost: bvmhost-a64-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-30.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-30.iad2.fedoraproject.org deleted file mode 100644 index 604935c460..0000000000 --- a/inventory/host_vars/buildvm-a64-30.iad2.fedoraproject.org +++ /dev/null @@ -1,3 +0,0 @@ ---- -eth0_ipv4_ip: 10.3.170.120 -vmhost: bvmhost-a64-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-31.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-31.iad2.fedoraproject.org deleted file mode 100644 index b105cb9a27..0000000000 --- a/inventory/host_vars/buildvm-a64-31.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.141 -vmhost: bvmhost-a64-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-32.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-32.iad2.fedoraproject.org deleted file mode 100644 index a4cfaeb00c..0000000000 --- a/inventory/host_vars/buildvm-a64-32.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.142 -vmhost: bvmhost-a64-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-33.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-33.iad2.fedoraproject.org deleted file mode 100644 index 092363da86..0000000000 --- a/inventory/host_vars/buildvm-a64-33.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.143 -vmhost: bvmhost-a64-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-34.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-34.iad2.fedoraproject.org deleted file mode 100644 index 0f9f6c243d..0000000000 --- a/inventory/host_vars/buildvm-a64-34.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.164 -vmhost: bvmhost-a64-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-35.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-35.iad2.fedoraproject.org deleted file mode 100644 index d00bb68df9..0000000000 --- a/inventory/host_vars/buildvm-a64-35.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.165 -vmhost: bvmhost-a64-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-36.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-36.iad2.fedoraproject.org deleted file mode 100644 index c2f51768d8..0000000000 --- a/inventory/host_vars/buildvm-a64-36.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.166 -vmhost: bvmhost-a64-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-37.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-37.iad2.fedoraproject.org deleted file mode 100644 index 090ba50298..0000000000 --- a/inventory/host_vars/buildvm-a64-37.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.167 -vmhost: bvmhost-a64-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-38.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-38.iad2.fedoraproject.org deleted file mode 100644 index ecaa4919d3..0000000000 --- a/inventory/host_vars/buildvm-a64-38.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.168 -vmhost: bvmhost-a64-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-39.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-39.iad2.fedoraproject.org deleted file mode 100644 index 31cbc4d03e..0000000000 --- a/inventory/host_vars/buildvm-a64-39.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.169 -vmhost: bvmhost-a64-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-40.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-40.iad2.fedoraproject.org deleted file mode 100644 index bf74adf3a7..0000000000 --- a/inventory/host_vars/buildvm-a64-40.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.170 -vmhost: bvmhost-a64-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-aarch64-01.arm.fedoraproject.org b/inventory/host_vars/buildvm-aarch64-01.arm.fedoraproject.org new file mode 100644 index 0000000000..cd38f867d4 --- /dev/null +++ b/inventory/host_vars/buildvm-aarch64-01.arm.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: aarch64-c01n1.arm.fedoraproject.org +eth0_ip: 10.5.129.151 +eth1_ip: 10.5.127.32 diff --git a/inventory/host_vars/buildvm-aarch64-01.stg.arm.fedoraproject.org b/inventory/host_vars/buildvm-aarch64-01.stg.arm.fedoraproject.org new file mode 100644 index 0000000000..8e82ac273e --- /dev/null +++ b/inventory/host_vars/buildvm-aarch64-01.stg.arm.fedoraproject.org @@ -0,0 +1,15 @@ +--- +vmhost: aarch64-c25n1.arm.fedoraproject.org +mem_size: 24576 +max_mem_size: "{{ mem_size }}" +num_cpus: 4 +max_cpu: "{{ num_cpus }}" +volgroup: /dev/vg_Server + +eth0_ip: 10.5.129.232 +gw: 10.5.129.254 +main_bridge: br0 +virt_install_command: "{{ virt_install_command_aarch64_one_nic }}" + +ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-25-aarch64 +ks_repo: http://10.5.126.23/pub/fedora-secondary/releases/25/Everything/aarch64/os/ diff --git a/inventory/host_vars/buildvm-aarch64-02.arm.fedoraproject.org b/inventory/host_vars/buildvm-aarch64-02.arm.fedoraproject.org new file mode 100644 index 0000000000..aec757e9df --- /dev/null +++ b/inventory/host_vars/buildvm-aarch64-02.arm.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: aarch64-c02n1.arm.fedoraproject.org +eth0_ip: 10.5.129.152 +eth1_ip: 10.5.127.33 diff --git a/inventory/host_vars/buildvm-aarch64-03.arm.fedoraproject.org b/inventory/host_vars/buildvm-aarch64-03.arm.fedoraproject.org new file mode 100644 index 0000000000..a66e1bfe8a --- /dev/null +++ b/inventory/host_vars/buildvm-aarch64-03.arm.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: aarch64-c03n1.arm.fedoraproject.org +eth0_ip: 10.5.129.153 +eth1_ip: 10.5.127.34 diff --git a/inventory/host_vars/buildvm-aarch64-04.arm.fedoraproject.org b/inventory/host_vars/buildvm-aarch64-04.arm.fedoraproject.org new file mode 100644 index 0000000000..5bc6fc4259 --- /dev/null +++ b/inventory/host_vars/buildvm-aarch64-04.arm.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: aarch64-c04n1.arm.fedoraproject.org +eth0_ip: 10.5.129.154 +eth1_ip: 10.5.127.35 diff --git a/inventory/host_vars/buildvm-aarch64-05.arm.fedoraproject.org b/inventory/host_vars/buildvm-aarch64-05.arm.fedoraproject.org new file mode 100644 index 0000000000..6ea7847c6f --- /dev/null +++ b/inventory/host_vars/buildvm-aarch64-05.arm.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: aarch64-c05n1.arm.fedoraproject.org +eth0_ip: 10.5.129.155 +eth1_ip: 10.5.127.36 diff --git a/inventory/host_vars/buildvm-aarch64-06.arm.fedoraproject.org b/inventory/host_vars/buildvm-aarch64-06.arm.fedoraproject.org new file mode 100644 index 0000000000..2835cac8ff --- /dev/null +++ b/inventory/host_vars/buildvm-aarch64-06.arm.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: aarch64-c06n1.arm.fedoraproject.org +eth0_ip: 10.5.129.156 +eth1_ip: 10.5.127.37 diff --git a/inventory/host_vars/buildvm-aarch64-07.arm.fedoraproject.org b/inventory/host_vars/buildvm-aarch64-07.arm.fedoraproject.org new file mode 100644 index 0000000000..20a752349f --- /dev/null +++ b/inventory/host_vars/buildvm-aarch64-07.arm.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: aarch64-c07n1.arm.fedoraproject.org +eth0_ip: 10.5.129.157 +eth1_ip: 10.5.127.82 diff --git a/inventory/host_vars/buildvm-aarch64-08.arm.fedoraproject.org b/inventory/host_vars/buildvm-aarch64-08.arm.fedoraproject.org new file mode 100644 index 0000000000..72c1a84dda --- /dev/null +++ b/inventory/host_vars/buildvm-aarch64-08.arm.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: aarch64-c08n1.arm.fedoraproject.org +eth0_ip: 10.5.129.158 +eth1_ip: 10.5.127.83 diff --git a/inventory/host_vars/buildvm-aarch64-09.arm.fedoraproject.org b/inventory/host_vars/buildvm-aarch64-09.arm.fedoraproject.org new file mode 100644 index 0000000000..6787a05e77 --- /dev/null +++ b/inventory/host_vars/buildvm-aarch64-09.arm.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: aarch64-c09n1.arm.fedoraproject.org +eth0_ip: 10.5.129.159 +eth1_ip: 10.5.127.84 diff --git a/inventory/host_vars/buildvm-aarch64-10.arm.fedoraproject.org b/inventory/host_vars/buildvm-aarch64-10.arm.fedoraproject.org new file mode 100644 index 0000000000..1b5db67d8c --- /dev/null +++ b/inventory/host_vars/buildvm-aarch64-10.arm.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: aarch64-c10n1.arm.fedoraproject.org +eth0_ip: 10.5.129.160 +eth1_ip: 10.5.127.85 diff --git a/inventory/host_vars/buildvm-aarch64-11.arm.fedoraproject.org b/inventory/host_vars/buildvm-aarch64-11.arm.fedoraproject.org new file mode 100644 index 0000000000..c2a3e77ca0 --- /dev/null +++ b/inventory/host_vars/buildvm-aarch64-11.arm.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: aarch64-c11n1.arm.fedoraproject.org +eth0_ip: 10.5.129.161 +eth1_ip: 10.5.127.86 diff --git a/inventory/host_vars/buildvm-aarch64-12.arm.fedoraproject.org b/inventory/host_vars/buildvm-aarch64-12.arm.fedoraproject.org new file mode 100644 index 0000000000..342be466c5 --- /dev/null +++ b/inventory/host_vars/buildvm-aarch64-12.arm.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: aarch64-c12n1.arm.fedoraproject.org +eth0_ip: 10.5.129.162 +eth1_ip: 10.5.127.87 diff --git a/inventory/host_vars/buildvm-aarch64-13.arm.fedoraproject.org b/inventory/host_vars/buildvm-aarch64-13.arm.fedoraproject.org new file mode 100644 index 0000000000..f20121f806 --- /dev/null +++ b/inventory/host_vars/buildvm-aarch64-13.arm.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: aarch64-c13n1.arm.fedoraproject.org +eth0_ip: 10.5.129.163 +eth1_ip: 10.5.127.88 diff --git a/inventory/host_vars/buildvm-aarch64-14.arm.fedoraproject.org b/inventory/host_vars/buildvm-aarch64-14.arm.fedoraproject.org new file mode 100644 index 0000000000..bf1b1f8ebb --- /dev/null +++ b/inventory/host_vars/buildvm-aarch64-14.arm.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: aarch64-c14n1.arm.fedoraproject.org +eth0_ip: 10.5.129.164 +eth1_ip: 10.5.127.89 diff --git a/inventory/host_vars/buildvm-aarch64-15.arm.fedoraproject.org b/inventory/host_vars/buildvm-aarch64-15.arm.fedoraproject.org new file mode 100644 index 0000000000..93a6b77c2d --- /dev/null +++ b/inventory/host_vars/buildvm-aarch64-15.arm.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: aarch64-c15n1.arm.fedoraproject.org +eth0_ip: 10.5.129.165 +eth1_ip: 10.5.127.90 diff --git a/inventory/host_vars/buildvm-aarch64-16.arm.fedoraproject.org b/inventory/host_vars/buildvm-aarch64-16.arm.fedoraproject.org new file mode 100644 index 0000000000..ba512d6c00 --- /dev/null +++ b/inventory/host_vars/buildvm-aarch64-16.arm.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: aarch64-c16n1.arm.fedoraproject.org +eth0_ip: 10.5.129.166 +eth1_ip: 10.5.127.91 diff --git a/inventory/host_vars/buildvm-aarch64-17.arm.fedoraproject.org b/inventory/host_vars/buildvm-aarch64-17.arm.fedoraproject.org new file mode 100644 index 0000000000..07a5872df2 --- /dev/null +++ b/inventory/host_vars/buildvm-aarch64-17.arm.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: aarch64-c17n1.arm.fedoraproject.org +eth0_ip: 10.5.129.167 +eth1_ip: 10.5.127.92 diff --git a/inventory/host_vars/buildvm-aarch64-18.arm.fedoraproject.org b/inventory/host_vars/buildvm-aarch64-18.arm.fedoraproject.org new file mode 100644 index 0000000000..9acfe54c8c --- /dev/null +++ b/inventory/host_vars/buildvm-aarch64-18.arm.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: aarch64-c18n1.arm.fedoraproject.org +eth0_ip: 10.5.129.168 +eth1_ip: 10.5.127.93 diff --git a/inventory/host_vars/buildvm-aarch64-19.arm.fedoraproject.org b/inventory/host_vars/buildvm-aarch64-19.arm.fedoraproject.org new file mode 100644 index 0000000000..26d60847bd --- /dev/null +++ b/inventory/host_vars/buildvm-aarch64-19.arm.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: aarch64-c19n1.arm.fedoraproject.org +eth0_ip: 10.5.129.169 +eth1_ip: 10.5.127.94 diff --git a/inventory/host_vars/buildvm-aarch64-20.arm.fedoraproject.org b/inventory/host_vars/buildvm-aarch64-20.arm.fedoraproject.org new file mode 100644 index 0000000000..4e6062dbb7 --- /dev/null +++ b/inventory/host_vars/buildvm-aarch64-20.arm.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: aarch64-c20n1.arm.fedoraproject.org +eth0_ip: 10.5.129.170 +eth1_ip: 10.5.127.95 diff --git a/inventory/host_vars/buildvm-aarch64-21.arm.fedoraproject.org b/inventory/host_vars/buildvm-aarch64-21.arm.fedoraproject.org new file mode 100644 index 0000000000..391f8f203a --- /dev/null +++ b/inventory/host_vars/buildvm-aarch64-21.arm.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: aarch64-c21n1.arm.fedoraproject.org +eth0_ip: 10.5.129.171 +eth1_ip: 10.5.127.96 diff --git a/inventory/host_vars/buildvm-aarch64-22.arm.fedoraproject.org b/inventory/host_vars/buildvm-aarch64-22.arm.fedoraproject.org new file mode 100644 index 0000000000..7584287071 --- /dev/null +++ b/inventory/host_vars/buildvm-aarch64-22.arm.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: aarch64-c22n1.arm.fedoraproject.org +eth0_ip: 10.5.129.172 +eth1_ip: 10.5.127.97 diff --git a/inventory/host_vars/buildvm-aarch64-23.arm.fedoraproject.org b/inventory/host_vars/buildvm-aarch64-23.arm.fedoraproject.org new file mode 100644 index 0000000000..30c78c7c01 --- /dev/null +++ b/inventory/host_vars/buildvm-aarch64-23.arm.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: aarch64-c23n1.arm.fedoraproject.org +eth0_ip: 10.5.129.173 +eth1_ip: 10.5.127.98 diff --git a/inventory/host_vars/buildvm-aarch64-24.arm.fedoraproject.org b/inventory/host_vars/buildvm-aarch64-24.arm.fedoraproject.org new file mode 100644 index 0000000000..de54d0c151 --- /dev/null +++ b/inventory/host_vars/buildvm-aarch64-24.arm.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: aarch64-c24n1.arm.fedoraproject.org +eth0_ip: 10.5.129.174 +eth1_ip: 10.5.127.99 diff --git a/inventory/host_vars/buildvm-armv7-01.arm.fedoraproject.org b/inventory/host_vars/buildvm-armv7-01.arm.fedoraproject.org new file mode 100644 index 0000000000..17115a2503 --- /dev/null +++ b/inventory/host_vars/buildvm-armv7-01.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: aarch64-c01n1.arm.fedoraproject.org +eth0_ip: 10.5.129.131 diff --git a/inventory/host_vars/buildvm-armv7-01.stg.arm.fedoraproject.org b/inventory/host_vars/buildvm-armv7-01.stg.arm.fedoraproject.org new file mode 100644 index 0000000000..775257c5a7 --- /dev/null +++ b/inventory/host_vars/buildvm-armv7-01.stg.arm.fedoraproject.org @@ -0,0 +1,15 @@ +--- +vmhost: aarch64-c25n1.arm.fedoraproject.org +mem_size: 24576 +max_mem_size: "{{ mem_size }}" +num_cpus: 4 +max_cpu: "{{ num_cpus }}" +volgroup: /dev/vg_Server + +eth0_ip: 10.5.129.233 +gw: 10.5.129.254 +main_bridge: br0 +virt_install_command: "{{ virt_install_command_armv7_one_nic }}" + +ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-25-armv7 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Everything/armhfp/os/ diff --git a/inventory/host_vars/buildvm-armv7-02.arm.fedoraproject.org b/inventory/host_vars/buildvm-armv7-02.arm.fedoraproject.org new file mode 100644 index 0000000000..b335b11893 --- /dev/null +++ b/inventory/host_vars/buildvm-armv7-02.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: aarch64-c02n1.arm.fedoraproject.org +eth0_ip: 10.5.129.132 diff --git a/inventory/host_vars/buildvm-armv7-03.arm.fedoraproject.org b/inventory/host_vars/buildvm-armv7-03.arm.fedoraproject.org new file mode 100644 index 0000000000..80bcf4283f --- /dev/null +++ b/inventory/host_vars/buildvm-armv7-03.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: aarch64-c03n1.arm.fedoraproject.org +eth0_ip: 10.5.129.133 diff --git a/inventory/host_vars/buildvm-armv7-04.arm.fedoraproject.org b/inventory/host_vars/buildvm-armv7-04.arm.fedoraproject.org new file mode 100644 index 0000000000..0622cd4172 --- /dev/null +++ b/inventory/host_vars/buildvm-armv7-04.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: aarch64-c04n1.arm.fedoraproject.org +eth0_ip: 10.5.129.134 diff --git a/inventory/host_vars/buildvm-armv7-05.arm.fedoraproject.org b/inventory/host_vars/buildvm-armv7-05.arm.fedoraproject.org new file mode 100644 index 0000000000..ef855c71bc --- /dev/null +++ b/inventory/host_vars/buildvm-armv7-05.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: aarch64-c05n1.arm.fedoraproject.org +eth0_ip: 10.5.129.135 diff --git a/inventory/host_vars/buildvm-armv7-06.arm.fedoraproject.org b/inventory/host_vars/buildvm-armv7-06.arm.fedoraproject.org new file mode 100644 index 0000000000..b2185e6234 --- /dev/null +++ b/inventory/host_vars/buildvm-armv7-06.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: aarch64-c06n1.arm.fedoraproject.org +eth0_ip: 10.5.129.136 diff --git a/inventory/host_vars/buildvm-armv7-07.arm.fedoraproject.org b/inventory/host_vars/buildvm-armv7-07.arm.fedoraproject.org new file mode 100644 index 0000000000..8e037bcfaf --- /dev/null +++ b/inventory/host_vars/buildvm-armv7-07.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: aarch64-c07n1.arm.fedoraproject.org +eth0_ip: 10.5.129.137 diff --git a/inventory/host_vars/buildvm-armv7-08.arm.fedoraproject.org b/inventory/host_vars/buildvm-armv7-08.arm.fedoraproject.org new file mode 100644 index 0000000000..e3dc611c4e --- /dev/null +++ b/inventory/host_vars/buildvm-armv7-08.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: aarch64-c08n1.arm.fedoraproject.org +eth0_ip: 10.5.129.138 diff --git a/inventory/host_vars/buildvm-armv7-09.arm.fedoraproject.org b/inventory/host_vars/buildvm-armv7-09.arm.fedoraproject.org new file mode 100644 index 0000000000..87a3abd25a --- /dev/null +++ b/inventory/host_vars/buildvm-armv7-09.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: aarch64-c09n1.arm.fedoraproject.org +eth0_ip: 10.5.129.139 diff --git a/inventory/host_vars/buildvm-armv7-10.arm.fedoraproject.org b/inventory/host_vars/buildvm-armv7-10.arm.fedoraproject.org new file mode 100644 index 0000000000..a5955960bc --- /dev/null +++ b/inventory/host_vars/buildvm-armv7-10.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: aarch64-c10n1.arm.fedoraproject.org +eth0_ip: 10.5.129.140 diff --git a/inventory/host_vars/buildvm-armv7-11.arm.fedoraproject.org b/inventory/host_vars/buildvm-armv7-11.arm.fedoraproject.org new file mode 100644 index 0000000000..1fffb79c6c --- /dev/null +++ b/inventory/host_vars/buildvm-armv7-11.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: aarch64-c11n1.arm.fedoraproject.org +eth0_ip: 10.5.129.141 diff --git a/inventory/host_vars/buildvm-armv7-12.arm.fedoraproject.org b/inventory/host_vars/buildvm-armv7-12.arm.fedoraproject.org new file mode 100644 index 0000000000..bb316c6b8f --- /dev/null +++ b/inventory/host_vars/buildvm-armv7-12.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: aarch64-c12n1.arm.fedoraproject.org +eth0_ip: 10.5.129.142 diff --git a/inventory/host_vars/buildvm-armv7-13.arm.fedoraproject.org b/inventory/host_vars/buildvm-armv7-13.arm.fedoraproject.org new file mode 100644 index 0000000000..45540ba6e2 --- /dev/null +++ b/inventory/host_vars/buildvm-armv7-13.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: aarch64-c13n1.arm.fedoraproject.org +eth0_ip: 10.5.129.143 diff --git a/inventory/host_vars/buildvm-armv7-14.arm.fedoraproject.org b/inventory/host_vars/buildvm-armv7-14.arm.fedoraproject.org new file mode 100644 index 0000000000..5c31ddb5b0 --- /dev/null +++ b/inventory/host_vars/buildvm-armv7-14.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: aarch64-c14n1.arm.fedoraproject.org +eth0_ip: 10.5.129.144 diff --git a/inventory/host_vars/buildvm-armv7-15.arm.fedoraproject.org b/inventory/host_vars/buildvm-armv7-15.arm.fedoraproject.org new file mode 100644 index 0000000000..6e61edf395 --- /dev/null +++ b/inventory/host_vars/buildvm-armv7-15.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: aarch64-c15n1.arm.fedoraproject.org +eth0_ip: 10.5.129.145 diff --git a/inventory/host_vars/buildvm-armv7-16.arm.fedoraproject.org b/inventory/host_vars/buildvm-armv7-16.arm.fedoraproject.org new file mode 100644 index 0000000000..b8517b96fc --- /dev/null +++ b/inventory/host_vars/buildvm-armv7-16.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: aarch64-c16n1.arm.fedoraproject.org +eth0_ip: 10.5.129.146 diff --git a/inventory/host_vars/buildvm-armv7-17.arm.fedoraproject.org b/inventory/host_vars/buildvm-armv7-17.arm.fedoraproject.org new file mode 100644 index 0000000000..8f5a79b3bd --- /dev/null +++ b/inventory/host_vars/buildvm-armv7-17.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: aarch64-c17n1.arm.fedoraproject.org +eth0_ip: 10.5.129.147 diff --git a/inventory/host_vars/buildvm-armv7-18.arm.fedoraproject.org b/inventory/host_vars/buildvm-armv7-18.arm.fedoraproject.org new file mode 100644 index 0000000000..6222fabc10 --- /dev/null +++ b/inventory/host_vars/buildvm-armv7-18.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: aarch64-c18n1.arm.fedoraproject.org +eth0_ip: 10.5.129.148 diff --git a/inventory/host_vars/buildvm-armv7-19.arm.fedoraproject.org b/inventory/host_vars/buildvm-armv7-19.arm.fedoraproject.org new file mode 100644 index 0000000000..5d2bde9c77 --- /dev/null +++ b/inventory/host_vars/buildvm-armv7-19.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: aarch64-c19n1.arm.fedoraproject.org +eth0_ip: 10.5.129.149 diff --git a/inventory/host_vars/buildvm-armv7-20.arm.fedoraproject.org b/inventory/host_vars/buildvm-armv7-20.arm.fedoraproject.org new file mode 100644 index 0000000000..b5d89e5e1d --- /dev/null +++ b/inventory/host_vars/buildvm-armv7-20.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: aarch64-c20n1.arm.fedoraproject.org +eth0_ip: 10.5.129.150 diff --git a/inventory/host_vars/buildvm-armv7-21.arm.fedoraproject.org b/inventory/host_vars/buildvm-armv7-21.arm.fedoraproject.org new file mode 100644 index 0000000000..4205b1faf2 --- /dev/null +++ b/inventory/host_vars/buildvm-armv7-21.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: aarch64-c21n1.arm.fedoraproject.org +eth0_ip: 10.5.129.175 diff --git a/inventory/host_vars/buildvm-armv7-22.arm.fedoraproject.org b/inventory/host_vars/buildvm-armv7-22.arm.fedoraproject.org new file mode 100644 index 0000000000..ce7c5ceb35 --- /dev/null +++ b/inventory/host_vars/buildvm-armv7-22.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: aarch64-c22n1.arm.fedoraproject.org +eth0_ip: 10.5.129.176 diff --git a/inventory/host_vars/buildvm-armv7-23.arm.fedoraproject.org b/inventory/host_vars/buildvm-armv7-23.arm.fedoraproject.org new file mode 100644 index 0000000000..ad8f634e6f --- /dev/null +++ b/inventory/host_vars/buildvm-armv7-23.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: aarch64-c23n1.arm.fedoraproject.org +eth0_ip: 10.5.129.177 diff --git a/inventory/host_vars/buildvm-armv7-24.arm.fedoraproject.org b/inventory/host_vars/buildvm-armv7-24.arm.fedoraproject.org new file mode 100644 index 0000000000..05798cbae6 --- /dev/null +++ b/inventory/host_vars/buildvm-armv7-24.arm.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: aarch64-c24n1.arm.fedoraproject.org +eth0_ip: 10.5.129.178 diff --git a/inventory/host_vars/buildvm-ppc64-01.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64-01.ppc.fedoraproject.org new file mode 100644 index 0000000000..55fcc01aac --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64-01.ppc.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: ppc8-01.ppc.fedoraproject.org +eth0_ip: 10.5.129.87 +eth1_ip: 10.5.127.12 diff --git a/inventory/host_vars/buildvm-ppc64-01.stg.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64-01.stg.ppc.fedoraproject.org new file mode 100644 index 0000000000..794c213c7e --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64-01.stg.ppc.fedoraproject.org @@ -0,0 +1,6 @@ +--- +vmhost: ppc8-02.ppc.fedoraproject.org +eth0_ip: 10.5.129.230 +gw: 10.5.129.254 +main_bridge: br1 +virt_install_command: "{{ virt_install_command_one_nic }} --graphics none" diff --git a/inventory/host_vars/buildvm-ppc64-02.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64-02.ppc.fedoraproject.org new file mode 100644 index 0000000000..a3d190605b --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64-02.ppc.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: ppc8-02.ppc.fedoraproject.org +eth0_ip: 10.5.129.88 +eth1_ip: 10.5.127.10 diff --git a/inventory/host_vars/buildvm-ppc64-03.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64-03.ppc.fedoraproject.org new file mode 100644 index 0000000000..5a53387eb1 --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64-03.ppc.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: ppc8-01.ppc.fedoraproject.org +eth0_ip: 10.5.129.89 +eth1_ip: 10.5.127.115 diff --git a/inventory/host_vars/buildvm-ppc64-04.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64-04.ppc.fedoraproject.org new file mode 100644 index 0000000000..025227696d --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64-04.ppc.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: ppc8-01.ppc.fedoraproject.org +eth0_ip: 10.5.129.90 +eth1_ip: 10.5.127.116 diff --git a/inventory/host_vars/buildvm-ppc64-05.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64-05.ppc.fedoraproject.org new file mode 100644 index 0000000000..d9159e8f1c --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64-05.ppc.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: ppc8-03.ppc.fedoraproject.org +eth0_ip: 10.5.129.91 +eth1_ip: 10.5.127.117 diff --git a/inventory/host_vars/buildvm-ppc64-06.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64-06.ppc.fedoraproject.org new file mode 100644 index 0000000000..7931584022 --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64-06.ppc.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: ppc8-02.ppc.fedoraproject.org +eth0_ip: 10.5.129.92 +eth1_ip: 10.5.127.139 diff --git a/inventory/host_vars/buildvm-ppc64-07.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64-07.ppc.fedoraproject.org new file mode 100644 index 0000000000..e79a0e5404 --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64-07.ppc.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: ppc8-03.ppc.fedoraproject.org +eth0_ip: 10.5.129.93 +eth1_ip: 10.5.127.140 diff --git a/inventory/host_vars/buildvm-ppc64-08.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64-08.ppc.fedoraproject.org new file mode 100644 index 0000000000..c22aa796e1 --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64-08.ppc.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: ppc8-01.ppc.fedoraproject.org +eth0_ip: 10.5.129.94 +eth1_ip: 10.5.127.141 diff --git a/inventory/host_vars/buildvm-ppc64-09.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64-09.ppc.fedoraproject.org new file mode 100644 index 0000000000..8de6289dde --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64-09.ppc.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: ppc8-03.ppc.fedoraproject.org +eth0_ip: 10.5.129.95 +eth1_ip: 10.5.127.142 diff --git a/inventory/host_vars/buildvm-ppc64-10.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64-10.ppc.fedoraproject.org new file mode 100644 index 0000000000..8d7e2c4007 --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64-10.ppc.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: ppc8-02.ppc.fedoraproject.org +eth0_ip: 10.5.129.96 +eth1_ip: 10.5.127.143 diff --git a/inventory/host_vars/buildvm-ppc64-11.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64-11.ppc.fedoraproject.org new file mode 100644 index 0000000000..70345434f7 --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64-11.ppc.fedoraproject.org @@ -0,0 +1,5 @@ +--- +vmhost: ppc8-04.ppc.fedoraproject.org +eth0_ip: 10.5.129.97 +eth1_ip: 10.5.127.118 +createrepo: False diff --git a/inventory/host_vars/buildvm-ppc64-12.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64-12.ppc.fedoraproject.org new file mode 100644 index 0000000000..358468995e --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64-12.ppc.fedoraproject.org @@ -0,0 +1,5 @@ +--- +vmhost: ppc8-04.ppc.fedoraproject.org +eth0_ip: 10.5.129.98 +eth1_ip: 10.5.127.119 +createrepo: False diff --git a/inventory/host_vars/buildvm-ppc64-13.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64-13.ppc.fedoraproject.org new file mode 100644 index 0000000000..ef39556995 --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64-13.ppc.fedoraproject.org @@ -0,0 +1,5 @@ +--- +vmhost: ppc8-04.ppc.fedoraproject.org +eth0_ip: 10.5.129.99 +eth1_ip: 10.5.127.120 +createrepo: False diff --git a/inventory/host_vars/buildvm-ppc64le-01.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-01.iad2.fedoraproject.org deleted file mode 100644 index fa37b91f97..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-01.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.41 -vmhost: bvmhost-p09-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-01.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-01.ppc.fedoraproject.org new file mode 100644 index 0000000000..09ab8c61dd --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64le-01.ppc.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: ppc8-01.ppc.fedoraproject.org +eth0_ip: 10.5.129.72 +eth1_ip: 10.5.127.58 diff --git a/inventory/host_vars/buildvm-ppc64le-01.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-01.stg.iad2.fedoraproject.org deleted file mode 100644 index 9b57e1837c..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.167.47 -vmhost: bvmhost-p09-01.stg.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-01.stg.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-01.stg.ppc.fedoraproject.org new file mode 100644 index 0000000000..d322b8def3 --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64le-01.stg.ppc.fedoraproject.org @@ -0,0 +1,6 @@ +--- +vmhost: ppc8-03.ppc.fedoraproject.org +eth0_ip: 10.5.129.231 +gw: 10.5.129.254 +main_bridge: br1 +virt_install_command: "{{ virt_install_command_one_nic }} --graphics none" diff --git a/inventory/host_vars/buildvm-ppc64le-02.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-02.iad2.fedoraproject.org deleted file mode 100644 index 32639b5acc..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-02.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.42 -vmhost: bvmhost-p09-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-02.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-02.ppc.fedoraproject.org new file mode 100644 index 0000000000..bac3b898fa --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64le-02.ppc.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: ppc8-02.ppc.fedoraproject.org +eth0_ip: 10.5.129.73 +eth1_ip: 10.5.127.52 diff --git a/inventory/host_vars/buildvm-ppc64le-02.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-02.stg.iad2.fedoraproject.org deleted file mode 100644 index 138df5dd92..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-02.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.167.48 -vmhost: bvmhost-p09-01.stg.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-03.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-03.iad2.fedoraproject.org deleted file mode 100644 index dab353088c..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-03.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.43 -vmhost: bvmhost-p09-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-03.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-03.ppc.fedoraproject.org new file mode 100644 index 0000000000..bd72e0a0ae --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64le-03.ppc.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: ppc8-02.ppc.fedoraproject.org +eth0_ip: 10.5.129.74 +eth1_ip: 10.5.127.121 diff --git a/inventory/host_vars/buildvm-ppc64le-03.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-03.stg.iad2.fedoraproject.org deleted file mode 100644 index d039b3ddc9..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-03.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.167.49 -vmhost: bvmhost-p09-01.stg.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-04.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-04.iad2.fedoraproject.org deleted file mode 100644 index 30b99e5466..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-04.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.44 -vmhost: bvmhost-p09-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-04.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-04.ppc.fedoraproject.org new file mode 100644 index 0000000000..bc1b39080d --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64le-04.ppc.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: ppc8-03.ppc.fedoraproject.org +eth0_ip: 10.5.129.75 +eth1_ip: 10.5.127.122 diff --git a/inventory/host_vars/buildvm-ppc64le-04.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-04.stg.iad2.fedoraproject.org deleted file mode 100644 index 522cda42a6..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-04.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.167.50 -vmhost: bvmhost-p09-01.stg.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-05.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-05.iad2.fedoraproject.org deleted file mode 100644 index 8b03aef715..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-05.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.45 -vmhost: bvmhost-p09-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-05.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-05.ppc.fedoraproject.org new file mode 100644 index 0000000000..d8aee6e901 --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64le-05.ppc.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: ppc8-03.ppc.fedoraproject.org +eth0_ip: 10.5.129.76 +eth1_ip: 10.5.127.135 diff --git a/inventory/host_vars/buildvm-ppc64le-05.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-05.stg.iad2.fedoraproject.org deleted file mode 100644 index 48b48f1203..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-05.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,5 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.167.51 -lvm_size: 135000 -vmhost: bvmhost-p09-01.stg.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-06.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-06.iad2.fedoraproject.org deleted file mode 100644 index 9a21cdee17..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-06.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.46 -vmhost: bvmhost-p09-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-06.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-06.ppc.fedoraproject.org new file mode 100644 index 0000000000..8d5ed29f7e --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64le-06.ppc.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: ppc8-02.ppc.fedoraproject.org +eth0_ip: 10.5.129.77 +eth1_ip: 10.5.127.106 diff --git a/inventory/host_vars/buildvm-ppc64le-07.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-07.iad2.fedoraproject.org deleted file mode 100644 index b93581d69a..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-07.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.47 -vmhost: bvmhost-p09-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-07.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-07.ppc.fedoraproject.org new file mode 100644 index 0000000000..3c13bc0d20 --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64le-07.ppc.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: ppc8-03.ppc.fedoraproject.org +eth0_ip: 10.5.129.78 +eth1_ip: 10.5.127.107 diff --git a/inventory/host_vars/buildvm-ppc64le-08.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-08.iad2.fedoraproject.org deleted file mode 100644 index 52e805b139..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-08.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.48 -vmhost: bvmhost-p09-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-08.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-08.ppc.fedoraproject.org new file mode 100644 index 0000000000..e1019fb43f --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64le-08.ppc.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: ppc8-01.ppc.fedoraproject.org +eth0_ip: 10.5.129.79 +eth1_ip: 10.5.127.108 diff --git a/inventory/host_vars/buildvm-ppc64le-09.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-09.iad2.fedoraproject.org deleted file mode 100644 index 004fecc12e..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-09.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.49 -vmhost: bvmhost-p09-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-09.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-09.ppc.fedoraproject.org new file mode 100644 index 0000000000..58083d26e8 --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64le-09.ppc.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: ppc8-03.ppc.fedoraproject.org +eth0_ip: 10.5.129.84 +eth1_ip: 10.5.127.109 diff --git a/inventory/host_vars/buildvm-ppc64le-10.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-10.iad2.fedoraproject.org deleted file mode 100644 index d8d5c06a2e..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-10.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.50 -vmhost: bvmhost-p09-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-10.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-10.ppc.fedoraproject.org new file mode 100644 index 0000000000..94a9c2b703 --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64le-10.ppc.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: ppc8-02.ppc.fedoraproject.org +eth0_ip: 10.5.129.85 +eth1_ip: 10.5.127.110 diff --git a/inventory/host_vars/buildvm-ppc64le-11.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-11.iad2.fedoraproject.org deleted file mode 100644 index 6c68ccc659..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-11.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.51 -vmhost: bvmhost-p09-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-11.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-11.ppc.fedoraproject.org new file mode 100644 index 0000000000..98c9e0d76e --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64le-11.ppc.fedoraproject.org @@ -0,0 +1,5 @@ +--- +vmhost: ppc8-04.ppc.fedoraproject.org +eth0_ip: 10.5.129.82 +eth1_ip: 10.5.127.136 +createrepo: False diff --git a/inventory/host_vars/buildvm-ppc64le-12.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-12.iad2.fedoraproject.org deleted file mode 100644 index 3e3bd99711..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-12.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.52 -vmhost: bvmhost-p09-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-12.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-12.ppc.fedoraproject.org new file mode 100644 index 0000000000..f83d23a617 --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64le-12.ppc.fedoraproject.org @@ -0,0 +1,5 @@ +--- +vmhost: ppc8-04.ppc.fedoraproject.org +eth0_ip: 10.5.129.83 +eth1_ip: 10.5.127.137 +createrepo: False diff --git a/inventory/host_vars/buildvm-ppc64le-13.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-13.iad2.fedoraproject.org deleted file mode 100644 index 81dbf95072..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-13.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.53 -vmhost: bvmhost-p09-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-13.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-13.ppc.fedoraproject.org new file mode 100644 index 0000000000..cc83b33974 --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64le-13.ppc.fedoraproject.org @@ -0,0 +1,5 @@ +--- +vmhost: ppc8-04.ppc.fedoraproject.org +eth0_ip: 10.5.129.86 +eth1_ip: 10.5.127.138 +createrepo: False diff --git a/inventory/host_vars/buildvm-ppc64le-14.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-14.iad2.fedoraproject.org deleted file mode 100644 index a73fea36ea..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-14.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.54 -vmhost: bvmhost-p09-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-15.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-15.iad2.fedoraproject.org deleted file mode 100644 index 9567400ff1..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-15.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.55 -vmhost: bvmhost-p09-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-16.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-16.iad2.fedoraproject.org deleted file mode 100644 index 8cbd4af77d..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-16.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.56 -vmhost: bvmhost-p09-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-17.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-17.iad2.fedoraproject.org deleted file mode 100644 index 2d3feddb8e..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-17.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.57 -vmhost: bvmhost-p09-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-18.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-18.iad2.fedoraproject.org deleted file mode 100644 index 2ba48dca3e..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-18.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.58 -vmhost: bvmhost-p09-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-19.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-19.iad2.fedoraproject.org deleted file mode 100644 index 2e6d6cc328..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-19.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.59 -vmhost: bvmhost-p09-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-20.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-20.iad2.fedoraproject.org deleted file mode 100644 index df852b3179..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-20.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.60 -vmhost: bvmhost-p09-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-21.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-21.iad2.fedoraproject.org deleted file mode 100644 index d96251767d..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-21.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.61 -vmhost: bvmhost-p09-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-22.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-22.iad2.fedoraproject.org deleted file mode 100644 index 9685b0b51b..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-22.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.62 -vmhost: bvmhost-p09-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-23.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-23.iad2.fedoraproject.org deleted file mode 100644 index 65c1843a6b..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-23.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.63 -vmhost: bvmhost-p09-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-24.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-24.iad2.fedoraproject.org deleted file mode 100644 index 349376f459..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-24.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.64 -vmhost: bvmhost-p09-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-25.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-25.iad2.fedoraproject.org deleted file mode 100644 index 7dfb729dd0..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-25.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.65 -vmhost: bvmhost-p09-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-26.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-26.iad2.fedoraproject.org deleted file mode 100644 index 2fcb366ec4..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-26.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.66 -vmhost: bvmhost-p09-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-27.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-27.iad2.fedoraproject.org deleted file mode 100644 index ee25d50be7..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-27.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.67 -vmhost: bvmhost-p09-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-28.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-28.iad2.fedoraproject.org deleted file mode 100644 index 08bdb1e2e8..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-28.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.68 -vmhost: bvmhost-p09-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-29.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-29.iad2.fedoraproject.org deleted file mode 100644 index 357a6c3f4f..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-29.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.69 -vmhost: bvmhost-p09-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-30.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-30.iad2.fedoraproject.org deleted file mode 100644 index 2ce21a944d..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-30.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.70 -vmhost: bvmhost-p09-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-31.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-31.iad2.fedoraproject.org deleted file mode 100644 index 5e57f49b6a..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-31.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.71 -vmhost: bvmhost-p09-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-32.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-32.iad2.fedoraproject.org deleted file mode 100644 index 136be89a51..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-32.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.72 -vmhost: bvmhost-p09-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-33.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-33.iad2.fedoraproject.org deleted file mode 100644 index 47c6833805..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-33.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.73 -vmhost: bvmhost-p09-05.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-osbuild01.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-osbuild01.iad2.fedoraproject.org deleted file mode 100644 index f3920137c2..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-osbuild01.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.38 -vmhost: bvmhost-p09-05.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-osbuild02.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-osbuild02.iad2.fedoraproject.org deleted file mode 100644 index 1891252f46..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-osbuild02.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.39 -vmhost: bvmhost-p09-05.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-s390-01.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390-01.s390.fedoraproject.org new file mode 100644 index 0000000000..cfca08f267 --- /dev/null +++ b/inventory/host_vars/buildvm-s390-01.s390.fedoraproject.org @@ -0,0 +1,19 @@ +--- +vmhost: virthost-s390.s390.fedoraproject.org +eth0_ip: 10.5.129.81 +nm: 255.255.255.0 +gw: 10.5.129.254 +dns: 10.5.126.21 +main_bridge: br0 + +# common items for the buildvm-* koji builders +volgroup: /dev/vg_guests +lvm_size: 150000 +mem_size: 10240 +max_mem_size: "{{ mem_size }}" +num_cpus: 4 +ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Everything/x86_64/os/ + +virt_install_command: "{{ virt_install_command_one_nic }}" +sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers" diff --git a/inventory/host_vars/buildvm-s390x-01.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-01.s390.fedoraproject.org deleted file mode 100644 index ffb859e1aa..0000000000 --- a/inventory/host_vars/buildvm-s390x-01.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.11 diff --git a/inventory/host_vars/buildvm-s390x-01.stg.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-01.stg.s390.fedoraproject.org deleted file mode 100644 index a50b4ef86c..0000000000 --- a/inventory/host_vars/buildvm-s390x-01.stg.s390.fedoraproject.org +++ /dev/null @@ -1,3 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.50 -varnish_group: s390kojipkgs diff --git a/inventory/host_vars/buildvm-s390x-02.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-02.s390.fedoraproject.org deleted file mode 100644 index e26ff17162..0000000000 --- a/inventory/host_vars/buildvm-s390x-02.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.12 diff --git a/inventory/host_vars/buildvm-s390x-03.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-03.s390.fedoraproject.org deleted file mode 100644 index 813f8ff27a..0000000000 --- a/inventory/host_vars/buildvm-s390x-03.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.13 diff --git a/inventory/host_vars/buildvm-s390x-04.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-04.s390.fedoraproject.org deleted file mode 100644 index d815d4cfbd..0000000000 --- a/inventory/host_vars/buildvm-s390x-04.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.14 diff --git a/inventory/host_vars/buildvm-s390x-05.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-05.s390.fedoraproject.org deleted file mode 100644 index 77f00e20c7..0000000000 --- a/inventory/host_vars/buildvm-s390x-05.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.15 diff --git a/inventory/host_vars/buildvm-s390x-06.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-06.s390.fedoraproject.org deleted file mode 100644 index 24793bfef0..0000000000 --- a/inventory/host_vars/buildvm-s390x-06.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.16 diff --git a/inventory/host_vars/buildvm-s390x-07.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-07.s390.fedoraproject.org index 37e7d88fd9..4b666b673d 100644 --- a/inventory/host_vars/buildvm-s390x-07.s390.fedoraproject.org +++ b/inventory/host_vars/buildvm-s390x-07.s390.fedoraproject.org @@ -1,2 +1,4 @@ --- -eth0_ipv4_ip: 10.1.102.17 +varnish_group: s390kojipkgs +# needed because this host has a varnish cache on it. +custom_rules: [ '-A INPUT -s 10.16.0.0/24 -p tcp -m tcp --dport 80 -j ACCEPT' ] diff --git a/inventory/host_vars/buildvm-s390x-08.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-08.s390.fedoraproject.org deleted file mode 100644 index 8b0268655a..0000000000 --- a/inventory/host_vars/buildvm-s390x-08.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.18 diff --git a/inventory/host_vars/buildvm-s390x-09.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-09.s390.fedoraproject.org deleted file mode 100644 index 3ba9f1b3ac..0000000000 --- a/inventory/host_vars/buildvm-s390x-09.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.19 diff --git a/inventory/host_vars/buildvm-s390x-10.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-10.s390.fedoraproject.org deleted file mode 100644 index ac505d3867..0000000000 --- a/inventory/host_vars/buildvm-s390x-10.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.20 diff --git a/inventory/host_vars/buildvm-s390x-11.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-11.s390.fedoraproject.org deleted file mode 100644 index 53393a4afc..0000000000 --- a/inventory/host_vars/buildvm-s390x-11.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.21 diff --git a/inventory/host_vars/buildvm-s390x-12.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-12.s390.fedoraproject.org deleted file mode 100644 index 75d67bf958..0000000000 --- a/inventory/host_vars/buildvm-s390x-12.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.22 diff --git a/inventory/host_vars/buildvm-s390x-13.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-13.s390.fedoraproject.org deleted file mode 100644 index 5206ee3c1d..0000000000 --- a/inventory/host_vars/buildvm-s390x-13.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.23 diff --git a/inventory/host_vars/buildvm-s390x-14.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-14.s390.fedoraproject.org deleted file mode 100644 index 223df04a1a..0000000000 --- a/inventory/host_vars/buildvm-s390x-14.s390.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.24 -tcp_ports: [ - # allow incoming varnish requests to varnish cache - 80 -] -varnish_group: s390kojipkgs diff --git a/inventory/host_vars/buildvm-s390x-15.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-15.s390.fedoraproject.org deleted file mode 100644 index a96fae3d9c..0000000000 --- a/inventory/host_vars/buildvm-s390x-15.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.25 diff --git a/inventory/host_vars/buildvm-s390x-16.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-16.s390.fedoraproject.org deleted file mode 100644 index 3448a0b6e4..0000000000 --- a/inventory/host_vars/buildvm-s390x-16.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.26 diff --git a/inventory/host_vars/buildvm-s390x-17.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-17.s390.fedoraproject.org deleted file mode 100644 index dc6ab7ac1b..0000000000 --- a/inventory/host_vars/buildvm-s390x-17.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.27 diff --git a/inventory/host_vars/buildvm-s390x-18.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-18.s390.fedoraproject.org deleted file mode 100644 index 221dda957f..0000000000 --- a/inventory/host_vars/buildvm-s390x-18.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.28 diff --git a/inventory/host_vars/buildvm-s390x-19.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-19.s390.fedoraproject.org deleted file mode 100644 index b4a4849ded..0000000000 --- a/inventory/host_vars/buildvm-s390x-19.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.29 diff --git a/inventory/host_vars/buildvm-s390x-20.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-20.s390.fedoraproject.org deleted file mode 100644 index 7aa4ef93c3..0000000000 --- a/inventory/host_vars/buildvm-s390x-20.s390.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.30 -mem_size: 51200 -num_cpus: 3 diff --git a/inventory/host_vars/buildvm-x86-01.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-01.iad2.fedoraproject.org deleted file mode 100644 index 69f785c3b9..0000000000 --- a/inventory/host_vars/buildvm-x86-01.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.51 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-01.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-01.stg.iad2.fedoraproject.org deleted file mode 100644 index aaafbbd0ea..0000000000 --- a/inventory/host_vars/buildvm-x86-01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,3 +0,0 @@ ---- -eth0_ipv4_ip: 10.3.167.21 -vmhost: bvmhost-x86-03.stg.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-02.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-02.iad2.fedoraproject.org deleted file mode 100644 index e9d5a23380..0000000000 --- a/inventory/host_vars/buildvm-x86-02.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.52 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-02.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-02.stg.iad2.fedoraproject.org deleted file mode 100644 index f617e239bd..0000000000 --- a/inventory/host_vars/buildvm-x86-02.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,3 +0,0 @@ ---- -eth0_ipv4_ip: 10.3.167.22 -vmhost: bvmhost-x86-03.stg.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-03.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-03.iad2.fedoraproject.org deleted file mode 100644 index e77ca2c96f..0000000000 --- a/inventory/host_vars/buildvm-x86-03.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.53 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-03.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-03.stg.iad2.fedoraproject.org deleted file mode 100644 index 18b07f6a9b..0000000000 --- a/inventory/host_vars/buildvm-x86-03.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,3 +0,0 @@ ---- -eth0_ipv4_ip: 10.3.167.23 -vmhost: bvmhost-x86-03.stg.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-04.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-04.iad2.fedoraproject.org deleted file mode 100644 index 3dfcc221a8..0000000000 --- a/inventory/host_vars/buildvm-x86-04.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.54 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-04.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-04.stg.iad2.fedoraproject.org deleted file mode 100644 index 4ced4f3ee0..0000000000 --- a/inventory/host_vars/buildvm-x86-04.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,3 +0,0 @@ ---- -eth0_ipv4_ip: 10.3.167.24 -vmhost: bvmhost-x86-03.stg.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-05.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-05.iad2.fedoraproject.org deleted file mode 100644 index 13c6fa6f7c..0000000000 --- a/inventory/host_vars/buildvm-x86-05.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.55 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-05.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-05.stg.iad2.fedoraproject.org deleted file mode 100644 index 125b32cf9b..0000000000 --- a/inventory/host_vars/buildvm-x86-05.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,3 +0,0 @@ ---- -eth0_ipv4_ip: 10.3.167.25 -vmhost: bvmhost-x86-03.stg.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-06.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-06.iad2.fedoraproject.org deleted file mode 100644 index a0c35f4622..0000000000 --- a/inventory/host_vars/buildvm-x86-06.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.56 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-07.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-07.iad2.fedoraproject.org deleted file mode 100644 index b7e552746e..0000000000 --- a/inventory/host_vars/buildvm-x86-07.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.57 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-08.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-08.iad2.fedoraproject.org deleted file mode 100644 index 51b7c85e61..0000000000 --- a/inventory/host_vars/buildvm-x86-08.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.58 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-09.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-09.iad2.fedoraproject.org deleted file mode 100644 index 4519bfbd2f..0000000000 --- a/inventory/host_vars/buildvm-x86-09.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.59 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-10.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-10.iad2.fedoraproject.org deleted file mode 100644 index fb176d570e..0000000000 --- a/inventory/host_vars/buildvm-x86-10.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.60 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-11.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-11.iad2.fedoraproject.org deleted file mode 100644 index e4affb1aca..0000000000 --- a/inventory/host_vars/buildvm-x86-11.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.61 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-12.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-12.iad2.fedoraproject.org deleted file mode 100644 index c221e15ab3..0000000000 --- a/inventory/host_vars/buildvm-x86-12.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.62 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-13.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-13.iad2.fedoraproject.org deleted file mode 100644 index 4cf885ea04..0000000000 --- a/inventory/host_vars/buildvm-x86-13.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.63 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-14.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-14.iad2.fedoraproject.org deleted file mode 100644 index 9240993850..0000000000 --- a/inventory/host_vars/buildvm-x86-14.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.64 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-15.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-15.iad2.fedoraproject.org deleted file mode 100644 index cb47a6e690..0000000000 --- a/inventory/host_vars/buildvm-x86-15.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.65 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-16.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-16.iad2.fedoraproject.org deleted file mode 100644 index 9f82fbd196..0000000000 --- a/inventory/host_vars/buildvm-x86-16.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.66 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-17.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-17.iad2.fedoraproject.org deleted file mode 100644 index 73451ed5b7..0000000000 --- a/inventory/host_vars/buildvm-x86-17.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.67 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-18.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-18.iad2.fedoraproject.org deleted file mode 100644 index e931375f5e..0000000000 --- a/inventory/host_vars/buildvm-x86-18.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.68 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-19.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-19.iad2.fedoraproject.org deleted file mode 100644 index dd4cde5231..0000000000 --- a/inventory/host_vars/buildvm-x86-19.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.69 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-20.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-20.iad2.fedoraproject.org deleted file mode 100644 index 5cb11f01ce..0000000000 --- a/inventory/host_vars/buildvm-x86-20.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.70 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-21.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-21.iad2.fedoraproject.org deleted file mode 100644 index f4a2e026e1..0000000000 --- a/inventory/host_vars/buildvm-x86-21.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.71 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-22.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-22.iad2.fedoraproject.org deleted file mode 100644 index b404245fb8..0000000000 --- a/inventory/host_vars/buildvm-x86-22.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.72 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-23.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-23.iad2.fedoraproject.org deleted file mode 100644 index c69be60f71..0000000000 --- a/inventory/host_vars/buildvm-x86-23.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.73 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-24.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-24.iad2.fedoraproject.org deleted file mode 100644 index f2e81ab200..0000000000 --- a/inventory/host_vars/buildvm-x86-24.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.74 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-25.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-25.iad2.fedoraproject.org deleted file mode 100644 index 482729dbc4..0000000000 --- a/inventory/host_vars/buildvm-x86-25.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.75 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-26.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-26.iad2.fedoraproject.org deleted file mode 100644 index 3437e2fa19..0000000000 --- a/inventory/host_vars/buildvm-x86-26.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.76 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-27.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-27.iad2.fedoraproject.org deleted file mode 100644 index e964ed86bf..0000000000 --- a/inventory/host_vars/buildvm-x86-27.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.77 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-28.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-28.iad2.fedoraproject.org deleted file mode 100644 index 47c5283bec..0000000000 --- a/inventory/host_vars/buildvm-x86-28.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.78 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-29.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-29.iad2.fedoraproject.org deleted file mode 100644 index 565d6b8b70..0000000000 --- a/inventory/host_vars/buildvm-x86-29.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.79 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-30.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-30.iad2.fedoraproject.org deleted file mode 100644 index d79b256497..0000000000 --- a/inventory/host_vars/buildvm-x86-30.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.80 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-31.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-31.iad2.fedoraproject.org deleted file mode 100644 index 23be3d6c36..0000000000 --- a/inventory/host_vars/buildvm-x86-31.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.81 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-32.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-32.iad2.fedoraproject.org deleted file mode 100644 index f730063097..0000000000 --- a/inventory/host_vars/buildvm-x86-32.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.82 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-riscv01.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-riscv01.iad2.fedoraproject.org deleted file mode 100644 index 329a37e638..0000000000 --- a/inventory/host_vars/buildvm-x86-riscv01.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.172.254 -eth0_ipv4_ip: 10.3.172.23 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-riscv01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-riscv02.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-riscv02.iad2.fedoraproject.org deleted file mode 100644 index 61297c1a6f..0000000000 --- a/inventory/host_vars/buildvm-x86-riscv02.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.172.254 -eth0_ipv4_ip: 10.3.172.24 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-riscv01.iad2.fedoraproject.org diff --git a/inventory/host_vars/busgateway01.iad2.fedoraproject.org b/inventory/host_vars/busgateway01.iad2.fedoraproject.org deleted file mode 100644 index 1e1a93f15b..0000000000 --- a/inventory/host_vars/busgateway01.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.46 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-iad2 -vmhost: vmhost-x86-05.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/busgateway01.phx2.fedoraproject.org b/inventory/host_vars/busgateway01.phx2.fedoraproject.org new file mode 100644 index 0000000000..00d90164d5 --- /dev/null +++ b/inventory/host_vars/busgateway01.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.126.64 + +volgroup: /dev/vg_guests +vmhost: virthost19.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/busgateway01.stg.iad2.fedoraproject.org b/inventory/host_vars/busgateway01.stg.iad2.fedoraproject.org deleted file mode 100644 index 02e982ba93..0000000000 --- a/inventory/host_vars/busgateway01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.38 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-iad2 -vmhost: vmhost-x86-09.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/busgateway01.stg.phx2.fedoraproject.org b/inventory/host_vars/busgateway01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..1c1715482f --- /dev/null +++ b/inventory/host_vars/busgateway01.stg.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.128.88 + +volgroup: /dev/vg_virthost16 +vmhost: virthost16.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/bvirthost04.phx2.fedoraproject.org b/inventory/host_vars/bvirthost04.phx2.fedoraproject.org new file mode 100644 index 0000000000..b9b1dd45a1 --- /dev/null +++ b/inventory/host_vars/bvirthost04.phx2.fedoraproject.org @@ -0,0 +1,9 @@ +--- +freezes: true +nested: true +dns: 10.5.126.21 +gw: 10.5.125.254 +br0_ip: 10.5.125.76 +br0_nm: 255.255.255.0 +br1_ip: 10.5.127.79 +br1_nm: 255.255.255.0 diff --git a/inventory/host_vars/bvirthost05.phx2.fedoraproject.org b/inventory/host_vars/bvirthost05.phx2.fedoraproject.org new file mode 100644 index 0000000000..5d94e451aa --- /dev/null +++ b/inventory/host_vars/bvirthost05.phx2.fedoraproject.org @@ -0,0 +1,9 @@ +--- +freezes: true +nested: true +dns: 10.5.126.21 +gw: 10.5.125.254 +br0_ip: 10.5.125.121 +br0_nm: 255.255.255.0 +br1_ip: 10.5.127.123 +br1_nm: 255.255.255.0 diff --git a/inventory/host_vars/bvmhost-a64-01.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-a64-01.iad2.fedoraproject.org deleted file mode 100644 index 048e64cc4d..0000000000 --- a/inventory/host_vars/bvmhost-a64-01.iad2.fedoraproject.org +++ /dev/null @@ -1,37 +0,0 @@ ---- -br0_ipv4: 10.3.170.11 -br0_ipv4_gw: 10.3.170.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: 0c:42:a1:52:1a:dc -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 4500 -nrpe_procs_warn: 4000 diff --git a/inventory/host_vars/bvmhost-a64-01.stg.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-a64-01.stg.iad2.fedoraproject.org deleted file mode 100644 index 1d9d85c1d5..0000000000 --- a/inventory/host_vars/bvmhost-a64-01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,39 +0,0 @@ ---- -br0_ipv4: 10.3.167.16 -br0_ipv4_gw: 10.3.167.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -has_ipv4: yes -mac1: 0c:42:a1:c2:5d:a6 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 3500 -nrpe_procs_warn: 3000 diff --git a/inventory/host_vars/bvmhost-a64-02.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-a64-02.iad2.fedoraproject.org deleted file mode 100644 index 19480c4033..0000000000 --- a/inventory/host_vars/bvmhost-a64-02.iad2.fedoraproject.org +++ /dev/null @@ -1,37 +0,0 @@ ---- -br0_ipv4: 10.3.170.12 -br0_ipv4_gw: 10.3.170.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: 04:3f:72:d7:7a:a6 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 4500 -nrpe_procs_warn: 4000 diff --git a/inventory/host_vars/bvmhost-a64-03.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-a64-03.iad2.fedoraproject.org deleted file mode 100644 index 89d8871520..0000000000 --- a/inventory/host_vars/bvmhost-a64-03.iad2.fedoraproject.org +++ /dev/null @@ -1,37 +0,0 @@ ---- -br0_ipv4: 10.3.170.13 -br0_ipv4_gw: 10.3.170.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: b8:ce:f6:04:74:d8 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 4500 -nrpe_procs_warn: 4000 diff --git a/inventory/host_vars/bvmhost-a64-04.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-a64-04.iad2.fedoraproject.org deleted file mode 100644 index 14ab92de1f..0000000000 --- a/inventory/host_vars/bvmhost-a64-04.iad2.fedoraproject.org +++ /dev/null @@ -1,37 +0,0 @@ ---- -br0_ipv4: 10.3.170.14 -br0_ipv4_gw: 10.3.170.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: 04:3f:72:d7:7f:f7 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 4500 -nrpe_procs_warn: 4000 diff --git a/inventory/host_vars/bvmhost-a64-osbs-01.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-a64-osbs-01.iad2.fedoraproject.org deleted file mode 100644 index a74ee86e21..0000000000 --- a/inventory/host_vars/bvmhost-a64-osbs-01.iad2.fedoraproject.org +++ /dev/null @@ -1,35 +0,0 @@ ---- -br0_ipv4: 10.3.170.21 -br0_ipv4_gw: 10.3.170.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: 50:6b:4b:6a:b7:f0 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-p09-01.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-p09-01.iad2.fedoraproject.org deleted file mode 100644 index 2d20c6a926..0000000000 --- a/inventory/host_vars/bvmhost-p09-01.iad2.fedoraproject.org +++ /dev/null @@ -1,37 +0,0 @@ ---- -br0_ipv4: 10.3.171.15 -br0_ipv4_gw: 10.3.171.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: 40:a6:b7:18:8a:38 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 13000 -nrpe_procs_warn: 12000 diff --git a/inventory/host_vars/bvmhost-p09-01.stg.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-p09-01.stg.iad2.fedoraproject.org deleted file mode 100644 index 1b077f2a14..0000000000 --- a/inventory/host_vars/bvmhost-p09-01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,39 +0,0 @@ ---- -br0_ipv4: 10.3.167.19 -br0_ipv4_gw: 10.3.167.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac3 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -has_ipv4: yes -mac3: b8:ce:f6:88:9a:de -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 13000 -nrpe_procs_warn: 12000 diff --git a/inventory/host_vars/bvmhost-p09-02.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-p09-02.iad2.fedoraproject.org deleted file mode 100644 index 97a84810f5..0000000000 --- a/inventory/host_vars/bvmhost-p09-02.iad2.fedoraproject.org +++ /dev/null @@ -1,38 +0,0 @@ ---- -br0_ipv4: 10.3.171.16 -br0_ipv4_gw: 10.3.171.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac2 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: ac:1f:6b:56:e9:11 -mac2: 40:a6:b7:18:86:b4 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 13000 -nrpe_procs_warn: 12000 diff --git a/inventory/host_vars/bvmhost-p09-03.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-p09-03.iad2.fedoraproject.org deleted file mode 100644 index 1736145892..0000000000 --- a/inventory/host_vars/bvmhost-p09-03.iad2.fedoraproject.org +++ /dev/null @@ -1,37 +0,0 @@ ---- -br0_ipv4: 10.3.171.17 -br0_ipv4_gw: 10.3.171.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: 40:a6:b7:18:85:74 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 13000 -nrpe_procs_warn: 12000 diff --git a/inventory/host_vars/bvmhost-p09-04.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-p09-04.iad2.fedoraproject.org deleted file mode 100644 index 24f37c00ef..0000000000 --- a/inventory/host_vars/bvmhost-p09-04.iad2.fedoraproject.org +++ /dev/null @@ -1,39 +0,0 @@ ---- -br0_ipv4_ip: 10.3.171.18 -br0_ipv4_gw: 10.3.171.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac2 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: 40:a6:b7:18:85:74 -mac2: 40:a6:b7:18:86:c8 -nbde: false -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4_ip }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 13000 -nrpe_procs_warn: 12000 diff --git a/inventory/host_vars/bvmhost-p09-05.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-p09-05.iad2.fedoraproject.org deleted file mode 100644 index 1bc5bc9f36..0000000000 --- a/inventory/host_vars/bvmhost-p09-05.iad2.fedoraproject.org +++ /dev/null @@ -1,38 +0,0 @@ ---- -br0_ipv4: 10.3.171.21 -br0_ipv4_gw: 10.3.171.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac2 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -has_ipv4: yes -mac2: b8:ce:f6:c5:ff:66 -nbde: false -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 13000 -nrpe_procs_warn: 12000 diff --git a/inventory/host_vars/bvmhost-s390x-01.s390.fedoraproject.org b/inventory/host_vars/bvmhost-s390x-01.s390.fedoraproject.org deleted file mode 100644 index 1333237e0d..0000000000 --- a/inventory/host_vars/bvmhost-s390x-01.s390.fedoraproject.org +++ /dev/null @@ -1,5 +0,0 @@ ---- -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: iad2.fedoraproject.org -nbde: false diff --git a/inventory/host_vars/bvmhost-s390x-01.stg.s390.fedoraproject.org b/inventory/host_vars/bvmhost-s390x-01.stg.s390.fedoraproject.org deleted file mode 100644 index 1333237e0d..0000000000 --- a/inventory/host_vars/bvmhost-s390x-01.stg.s390.fedoraproject.org +++ /dev/null @@ -1,5 +0,0 @@ ---- -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: iad2.fedoraproject.org -nbde: false diff --git a/inventory/host_vars/bvmhost-x86-01.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-x86-01.iad2.fedoraproject.org deleted file mode 100644 index d9c0a7ea8a..0000000000 --- a/inventory/host_vars/bvmhost-x86-01.iad2.fedoraproject.org +++ /dev/null @@ -1,35 +0,0 @@ ---- -br0_ipv4: 10.3.169.11 -br0_ipv4_gw: 10.3.169.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:b1:05:54 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-01.stg.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-x86-01.stg.iad2.fedoraproject.org deleted file mode 100644 index a362963f62..0000000000 --- a/inventory/host_vars/bvmhost-x86-01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,40 +0,0 @@ ---- -br0_ipv4: 10.3.167.11 -br0_ipv4_gw: 10.3.167.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac3 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -has_ipv4: yes -mac1: 24:6e:96:b1:56:24 -mac2: 24:6e:96:b1:56:25 -mac3: 24:6e:96:b1:56:20 -mac4: 24:6e:96:b1:56:22 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-02.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-x86-02.iad2.fedoraproject.org deleted file mode 100644 index 1072dbbc70..0000000000 --- a/inventory/host_vars/bvmhost-x86-02.iad2.fedoraproject.org +++ /dev/null @@ -1,38 +0,0 @@ ---- -br0_ipv4: 10.3.169.12 -br0_ipv4_gw: 10.3.169.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:b1:69:fe -mac2: e4:43:4b:b1:6a:00 -mac3: e4:43:4b:b1:6a:1e -mac4: e4:43:4b:b1:6a:1f -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-02.stg.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-x86-02.stg.iad2.fedoraproject.org deleted file mode 100644 index 21446110de..0000000000 --- a/inventory/host_vars/bvmhost-x86-02.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,40 +0,0 @@ ---- -br0_ipv4: 10.3.167.12 -br0_ipv4_gw: 10.3.167.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac3 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -has_ipv4: yes -mac1: C8:4B:D6:88:FB:C6 -mac2: C8:4B:D6:88:FB:C7 -mac3: 6C:FE:54:57:5F:48 -mac4: 6C:FE:54:57:5F:49 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-03.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-x86-03.iad2.fedoraproject.org deleted file mode 100644 index c7704ccf6b..0000000000 --- a/inventory/host_vars/bvmhost-x86-03.iad2.fedoraproject.org +++ /dev/null @@ -1,38 +0,0 @@ ---- -br0_ipv4: 10.3.169.13 -br0_ipv4_gw: 10.3.169.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:b1:62:64 -mac2: e4:43:4b:b1:62:66 -mac3: e4:43:4b:b1:62:84 -mac4: e4:43:4b:b1:62:85 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-03.stg.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-x86-03.stg.iad2.fedoraproject.org deleted file mode 100644 index f8d2ad4730..0000000000 --- a/inventory/host_vars/bvmhost-x86-03.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,40 +0,0 @@ ---- -br0_ipv4: 10.3.167.13 -br0_ipv4_gw: 10.3.167.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac3 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -has_ipv4: yes -mac1: 24:6e:96:b1:c7:f4 -mac2: 24:6e:96:b1:c7:f5 -mac3: 24:6e:96:b1:c7:f0 -mac4: 24:6e:96:b1:c7:f2 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-04.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-x86-04.iad2.fedoraproject.org deleted file mode 100644 index 25e9694583..0000000000 --- a/inventory/host_vars/bvmhost-x86-04.iad2.fedoraproject.org +++ /dev/null @@ -1,38 +0,0 @@ ---- -br0_ipv4: 10.3.169.14 -br0_ipv4_gw: 10.3.169.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:b1:03:30 -mac2: e4:43:4b:b1:03:32 -mac3: e4:43:4b:b1:03:50 -mac4: e4:43:4b:b1:03:51 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-05.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-x86-05.iad2.fedoraproject.org deleted file mode 100644 index 5d0729d65b..0000000000 --- a/inventory/host_vars/bvmhost-x86-05.iad2.fedoraproject.org +++ /dev/null @@ -1,38 +0,0 @@ ---- -br0_ipv4: 10.3.169.15 -br0_ipv4_gw: 10.3.169.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:ae:44:ee -mac2: e4:43:4b:ae:44:f0 -mac3: e4:43:4b:ae:45:0e -mac4: e4:43:4b:ae:45:0f -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-05.stg.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-x86-05.stg.iad2.fedoraproject.org deleted file mode 100644 index 45dc1d7fdd..0000000000 --- a/inventory/host_vars/bvmhost-x86-05.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,44 +0,0 @@ ---- -# This virthost only has stg instances, so it doesn't freeze -br0_ipv4: 10.3.167.17 -br0_ipv4_gw: 10.3.167.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -freezes: false -has_ipv4: yes -mac1: E4:43:4B:F7:AC:CC -mac2: E4:43:4B:F7:AC:CE -mac3: E4:43:4B:F7:AC:EC -mac4: E4:43:4B:F7:AC:ED -mgmt_ipv4: 10.3.160.157 -mgmt_mac: "2c:ea:7f:f3:58:4e" -nested: true -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-06.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-x86-06.iad2.fedoraproject.org deleted file mode 100644 index 34aac0271f..0000000000 --- a/inventory/host_vars/bvmhost-x86-06.iad2.fedoraproject.org +++ /dev/null @@ -1,38 +0,0 @@ ---- -br0_ipv4: 10.3.169.16 -br0_ipv4_gw: 10.3.169.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:ac:e1:54 -mac2: e4:43:4b:ac:e1:56 -mac3: e4:43:4b:ac:e1:74 -mac4: e4:43:4b:ac:e1:75 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-07.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-x86-07.iad2.fedoraproject.org deleted file mode 100644 index a6a23dc4ac..0000000000 --- a/inventory/host_vars/bvmhost-x86-07.iad2.fedoraproject.org +++ /dev/null @@ -1,38 +0,0 @@ ---- -br0_ipv4: 10.3.169.17 -br0_ipv4_gw: 10.3.169.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:b1:2b:52 -mac2: e4:43:4b:b1:2b:54 -mac3: e4:43:4b:b1:2b:72 -mac4: e4:43:4b:b1:2b:73 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-08.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-x86-08.iad2.fedoraproject.org deleted file mode 100644 index 7e921186f2..0000000000 --- a/inventory/host_vars/bvmhost-x86-08.iad2.fedoraproject.org +++ /dev/null @@ -1,46 +0,0 @@ ---- -br0_ipv4: 10.3.169.18 -br0_ipv4_gw: 10.3.169.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac2 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:24:19:96 -mac2: e4:43:4b:24:19:76 -mac3: e4:43:4b:24:19:97 -mac4: e4:43:4b:24:19:78 -nbde_client_bindings: - - device: /dev/md126 - encryption_password: "{{ nbde_password }}" - password_temporary: no - threshold: 1 - servers: - - http://tang01.iad2.fedoraproject.org - - http://tang02.iad2.fedoraproject.org -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-riscv01.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-x86-riscv01.iad2.fedoraproject.org deleted file mode 100644 index 6b4094e9ca..0000000000 --- a/inventory/host_vars/bvmhost-x86-riscv01.iad2.fedoraproject.org +++ /dev/null @@ -1,36 +0,0 @@ ---- -br0_ipv4: 10.3.172.11 -br0_ipv4_gw: 10.3.172.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac2 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: 20:3a:43:03:d0:4c -mac2: 20:3a:43:03:d0:4d -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/centos-ipa-client01.stg.iad2.fedoraproject.org b/inventory/host_vars/centos-ipa-client01.stg.iad2.fedoraproject.org deleted file mode 100644 index 33e6eb3aea..0000000000 --- a/inventory/host_vars/centos-ipa-client01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.42 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL8-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-8-iad2 -nagios_Can_Connect: false -nagios_Check_Services: - mail: false - nrpe: false - ping: false - sshd: false - swap: false -vmhost: vmhost-x86-11.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/centos-ipa-client02.stg.iad2.fedoraproject.org b/inventory/host_vars/centos-ipa-client02.stg.iad2.fedoraproject.org deleted file mode 100644 index b50694529c..0000000000 --- a/inventory/host_vars/centos-ipa-client02.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.43 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL8-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-8-iad2 -nagios_Can_Connect: false -nagios_Check_Services: - mail: false - nrpe: false - ping: false - sshd: false - swap: false -vmhost: vmhost-x86-12.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/centos-ipa-client03.stg.iad2.fedoraproject.org b/inventory/host_vars/centos-ipa-client03.stg.iad2.fedoraproject.org deleted file mode 100644 index a7aab9a507..0000000000 --- a/inventory/host_vars/centos-ipa-client03.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.81 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -nagios_Can_Connect: false -nagios_Check_Services: - mail: false - nrpe: false - ping: false - sshd: false - swap: false -vmhost: vmhost-x86-11.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/centos-ipa-client04.stg.iad2.fedoraproject.org b/inventory/host_vars/centos-ipa-client04.stg.iad2.fedoraproject.org deleted file mode 100644 index 64ca207a55..0000000000 --- a/inventory/host_vars/centos-ipa-client04.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.82 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -nagios_Can_Connect: false -nagios_Check_Services: - mail: false - nrpe: false - ping: false - sshd: false - swap: false -vmhost: vmhost-x86-11.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/certgetter01.iad2.fedoraproject.org b/inventory/host_vars/certgetter01.iad2.fedoraproject.org deleted file mode 100644 index 81cda7a0a4..0000000000 --- a/inventory/host_vars/certgetter01.iad2.fedoraproject.org +++ /dev/null @@ -1,9 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.47 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -mem_size: 4096 -vmhost: vmhost-x86-04.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/certgetter01.phx2.fedoraproject.org b/inventory/host_vars/certgetter01.phx2.fedoraproject.org new file mode 100644 index 0000000000..00bd41fde6 --- /dev/null +++ b/inventory/host_vars/certgetter01.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-26 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/26/Server/x86_64/os/ + +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.237 +vmhost: virthost21.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/ci-cc-rdu01.fedoraproject.org b/inventory/host_vars/ci-cc-rdu01.fedoraproject.org new file mode 100644 index 0000000000..0f1ee3ce57 --- /dev/null +++ b/inventory/host_vars/ci-cc-rdu01.fedoraproject.org @@ -0,0 +1,16 @@ +--- +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 +datacenter: rdu-cc +eth0_ip: 8.43.85.69 +eth0_nm: 255.255.255.0 +gw: 8.43.85.254 +nm: 255.255.255.0 +dns: 8.8.8.8 +postfix_group: vpn +vpn: true +volgroup: /dev/vg_guests +vmhost: virthost-cc-rdu01.fedoraproject.org +deployment_type: prod +ks_url: http://209.132.181.6/repo/rhel/ks/kvm-fedora-25-ext +ks_repo: http://209.132.181.6/pub/fedora/linux/releases/25/Server/x86_64/os/ diff --git a/inventory/host_vars/cloud-noc01.cloud.fedoraproject.org b/inventory/host_vars/cloud-noc01.cloud.fedoraproject.org new file mode 100644 index 0000000000..f2618ac845 --- /dev/null +++ b/inventory/host_vars/cloud-noc01.cloud.fedoraproject.org @@ -0,0 +1,15 @@ +--- +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 +datacenter: cloud +nm: 255.255.255.0 +gw: 209.132.184.254 +fas_client_groups: sysadmin-main +dns: 8.8.8.8 +eth0_ip: 209.132.184.17 +eth1_ip: 172.23.0.17 +freezes: false +resolvconf: "{{ files }}/resolv.conf/cloud-noc01.cloud.fedoraproject.org" + +tcp_ports: ['22'] +custom_rules: [ '-A INPUT -i eth0 -p tcp -m tcp -s 209.132.184.0/24 --dport 67 -j ACCEPT', '-A INPUT -i eth0 -p tcp -m tcp -s 209.132.184.0/24 --dport 68 -j ACCEPT', '-A INPUT -i eth0 -p tcp -m tcp -s 209.132.184.0/24 --dport 69 -j ACCEPT', '-A INPUT -i eth0 -p udp -m udp -s 209.132.184.0/24 --dport 67 -j ACCEPT', '-A INPUT -i eth0 -p udp -m udp -s 209.132.184.0/24 --dport 68 -j ACCEPT', '-A INPUT -i eth0 -p udp -m udp -s 209.132.184.0/24 --dport 69 -j ACCEPT' ] diff --git a/inventory/host_vars/coloamer01.fedoraproject.org b/inventory/host_vars/coloamer01.fedoraproject.org new file mode 100644 index 0000000000..598eda966d --- /dev/null +++ b/inventory/host_vars/coloamer01.fedoraproject.org @@ -0,0 +1,10 @@ +--- +datacenter: coloamer +virthost: true +postfix_group: vpn +vpn: true +br0_ip: 67.203.2.66 +br0_nm: 255.255.255.248 +has_ipv6: yes +br0_ipv6: "2607:f188::21e:c9ff:fe42:836d" +br0_ipv6_gw: "2607:f188::1" diff --git a/inventory/host_vars/commops.fedorainfracloud.org b/inventory/host_vars/commops.fedorainfracloud.org new file mode 100644 index 0000000000..97f72e0ded --- /dev/null +++ b/inventory/host_vars/commops.fedorainfracloud.org @@ -0,0 +1,18 @@ +--- +image: "{{ fedora25_x86_64 }}" +instance_type: m1.medium +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,all-icmp-persistent,default +zone: nova +tcp_ports: [22] + +inventory_tenant: persistent +inventory_instance_name: commops +hostbase: commops +public_ip: 209.132.184.152 +root_auth_users: skamath bee2502 jflory7 +description: commops stats gathering instance + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" diff --git a/inventory/host_vars/communityblog.fedorainfracloud.org b/inventory/host_vars/communityblog.fedorainfracloud.org new file mode 100644 index 0000000000..f431a1b7f3 --- /dev/null +++ b/inventory/host_vars/communityblog.fedorainfracloud.org @@ -0,0 +1,24 @@ +--- +image: rhel7-20141015 +instance_type: m1.medium +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,web-443-anywhere-persistent,default,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: communityblog +hostbase: communityblog +public_ip: 209.132.184.207 +root_auth_users: nb chrisroberts +description: fedora community blog + +host_backup_targets: ['/var/www/html'] +db_backup_dir: ['/backups'] +dbs_to_backup: ['wp'] +mariadb_root_password: "{{ communityblog_mariadb_password }}" +extra_enablerepos: '' + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" diff --git a/inventory/host_vars/compose-branched01.iad2.fedoraproject.org b/inventory/host_vars/compose-branched01.iad2.fedoraproject.org deleted file mode 100644 index 8628a5a0ee..0000000000 --- a/inventory/host_vars/compose-branched01.iad2.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.121 -freezes: true -koji_hub_nfs: "fedora_koji" -kojihub_scheme: https -kojihub_url: koji.fedoraproject.org/kojihub -kojipkgs_url: kojipkgs.fedoraproject.org -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -virt_install_command: "{{ virt_install_command_one_nic_unsafe }}" -vmhost: bvmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/compose-eln01.iad2.fedoraproject.org b/inventory/host_vars/compose-eln01.iad2.fedoraproject.org deleted file mode 100644 index f9be347dea..0000000000 --- a/inventory/host_vars/compose-eln01.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.125 -# eln is never frozen, the compose box should not be so we can make needed changes -freezes: false -koji_hub_nfs: "fedora_koji" -koji_instance: "primary" -kojihub_scheme: https -kojihub_url: koji.fedoraproject.org/kojihub -kojipkgs_url: kojipkgs.fedoraproject.org -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -virt_install_command: "{{ virt_install_command_one_nic_unsafe }}" -vmhost: bvmhost-x86-05.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/compose-iot01.iad2.fedoraproject.org b/inventory/host_vars/compose-iot01.iad2.fedoraproject.org deleted file mode 100644 index f1303923b1..0000000000 --- a/inventory/host_vars/compose-iot01.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.122 -# This VM is the compose host for IoT Edition -freezes: false -koji_hub_nfs: "fedora_koji" -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/38/Everything/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -main_bridge: br0 -mem_size: 32768 -sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers" -virt_install_command: "{{ virt_install_command_one_nic }}" -vmhost: bvmhost-x86-03.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/compose-ppc64-01.ppc.fedoraproject.org b/inventory/host_vars/compose-ppc64-01.ppc.fedoraproject.org new file mode 100644 index 0000000000..91899e723d --- /dev/null +++ b/inventory/host_vars/compose-ppc64-01.ppc.fedoraproject.org @@ -0,0 +1,22 @@ +--- +volgroup: /dev/vg_guests +ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-25-ppc64 +ks_repo: http://10.5.126.23/pub/fedora-secondary/releases/25/Everything/ppc64/os/ +virt_install_command: "{{ virt_install_command_one_nic }} --graphics none" + +vmhost: ppc8-02.ppc.fedoraproject.org +eth0_ip: 10.5.129.14 +gw: 10.5.129.254 +main_bridge: br1 + +koji_hub_nfs: "fedora_ppc/data" + +kojipkgs_url: ppcpkgs.fedoraproject.org +kojihub_url: ppc.koji.fedoraproject.org/kojihub +kojihub_scheme: https + +koji_server_url: "https://ppc.koji.fedoraproject.org/kojihub" +koji_weburl: "https://ppc.koji.fedoraproject.org/koji" +koji_topurl: "https://ppcpkgs.fedoraproject.org/" + +sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers" diff --git a/inventory/host_vars/compose-ppc64le-01.ppc.fedoraproject.org b/inventory/host_vars/compose-ppc64le-01.ppc.fedoraproject.org new file mode 100644 index 0000000000..2388b613ce --- /dev/null +++ b/inventory/host_vars/compose-ppc64le-01.ppc.fedoraproject.org @@ -0,0 +1,22 @@ +--- +volgroup: /dev/vg_guests +ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-24-ppc64le +ks_repo: http://10.5.126.23/pub/fedora-secondary/releases/24/Everything/ppc64le/os/ +virt_install_command: "{{ virt_install_command_one_nic }} --graphics none" + +vmhost: ppc8-03.ppc.fedoraproject.org +eth0_ip: 10.5.129.15 +gw: 10.5.129.254 +main_bridge: br1 + +koji_hub_nfs: "fedora_arm/data" + +kojipkgs_url: armpkgs.fedoraproject.org +kojihub_url: arm.koji.fedoraproject.org/kojihub +kojihub_scheme: https + +koji_server_url: "https://arm.koji.fedoraproject.org/kojihub" +koji_weburl: "https://arm.koji.fedoraproject.org/koji" +koji_topurl: "https://armpkgs.fedoraproject.org/" + +sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers" diff --git a/inventory/host_vars/compose-rawhide01.iad2.fedoraproject.org b/inventory/host_vars/compose-rawhide01.iad2.fedoraproject.org deleted file mode 100644 index 682d82b2d7..0000000000 --- a/inventory/host_vars/compose-rawhide01.iad2.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.123 -# rawhide is never frozen, the compose box should not be so we can make needed changes -freezes: false -koji_hub_nfs: "fedora_koji" -kojihub_scheme: https -kojihub_url: koji.fedoraproject.org/kojihub -kojipkgs_url: kojipkgs.fedoraproject.org -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -virt_install_command: "{{ virt_install_command_one_nic_unsafe }}" -vmhost: bvmhost-x86-03.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/compose-s390-01.s390.fedoraproject.org b/inventory/host_vars/compose-s390-01.s390.fedoraproject.org new file mode 100644 index 0000000000..75297acabf --- /dev/null +++ b/inventory/host_vars/compose-s390-01.s390.fedoraproject.org @@ -0,0 +1,24 @@ +--- +vmhost: virthost-s390.s390.fedoraproject.org +volgroup: /dev/vg_guests +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Everything/x86_64/os/ +virt_install_command: "{{ virt_install_command_one_nic }}" + +eth0_ip: 10.5.129.16 +nm: 255.255.255.0 +gw: 10.5.129.254 +dns: 10.5.126.21 +main_bridge: br0 + +koji_hub_nfs: "fedora_s390/data" + +kojipkgs_url: s390pkgs.fedoraproject.org +kojihub_url: s390.koji.fedoraproject.org/kojihub +kojihub_scheme: https + +koji_server_url: "https://s390.koji.fedoraproject.org/kojihub" +koji_weburl: "https://s390.koji.fedoraproject.org/koji" +koji_topurl: "https://s390pkgs.fedoraproject.org/" + +sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers" diff --git a/inventory/host_vars/compose-x86-01.iad2.fedoraproject.org b/inventory/host_vars/compose-x86-01.iad2.fedoraproject.org deleted file mode 100644 index fd4cdcf338..0000000000 --- a/inventory/host_vars/compose-x86-01.iad2.fedoraproject.org +++ /dev/null @@ -1,17 +0,0 @@ -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.124 -koji_hub_nfs: "fedora_koji" -kojihub_scheme: https -kojihub_url: koji.fedoraproject.org/kojihub -kojipkgs_url: kojipkgs.fedoraproject.org -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -# -# These are 64bit -# -libdir: /usr/lib64 -lvm_size: 250000 -virt_install_command: "{{ virt_install_command_one_nic_unsafe }}" -vmhost: bvmhost-x86-04.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/compose-x86-01.phx2.fedoraproject.org b/inventory/host_vars/compose-x86-01.phx2.fedoraproject.org new file mode 100644 index 0000000000..cef31310d7 --- /dev/null +++ b/inventory/host_vars/compose-x86-01.phx2.fedoraproject.org @@ -0,0 +1,69 @@ +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 + +# +# These are 64bit +# +libdir: /usr/lib64 + +ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ +virt_install_command: "{{ virt_install_command_two_nic }}" + +lvm_size: 30000 +mem_size: 8192 +num_cpus: 8 + +volgroup: /dev/xenGuests +eth0_ip: 10.5.125.41 +eth1_ip: 10.5.127.25 +eth1_gw: 10.5.127.254 +vmhost: bvirthost10.phx2.fedoraproject.org +datacenter: phx2 + +fas_client_groups: sysadmin-releng + +koji_hub_nfs: "fedora_koji" + +kojipkgs_url: kojipkgs.fedoraproject.org +kojihub_url: koji.fedoraproject.org/kojihub +kojihub_scheme: https + +fedmsg_certs: +- service: releng + owner: root + group: sysadmin-releng + can_send: + # two-week-atomic stuff (ask maxamillion) + - releng.atomic.twoweek.begin + - releng.atomic.twoweek.complete + # new school pungi-koji stuff (ask dgilmore) + - pungi.compose.phase.start + - pungi.compose.phase.stop + - pungi.compose.status.change + - pungi.compose.createiso.targets + - pungi.compose.createiso.imagefail + - pungi.compose.createiso.imagedone + # traditional old school compose stuff + - compose.branched.complete + - compose.branched.mash.complete + - compose.branched.mash.start + - compose.branched.image.complete + - compose.branched.image.start + - compose.branched.pungify.complete + - compose.branched.pungify.start + - compose.branched.rsync.complete + - compose.branched.rsync.start + - compose.branched.start + - compose.epelbeta.complete + - compose.rawhide.complete + - compose.rawhide.mash.complete + - compose.rawhide.mash.start + - compose.rawhide.image.complete + - compose.rawhide.image.start + - compose.rawhide.pungify.complete + - compose.rawhide.pungify.start + - compose.rawhide.rsync.complete + - compose.rawhide.rsync.start + - compose.rawhide.start diff --git a/inventory/host_vars/compose-x86-01.stg.iad2.fedoraproject.org b/inventory/host_vars/compose-x86-01.stg.iad2.fedoraproject.org deleted file mode 100644 index 23f2cdd6c0..0000000000 --- a/inventory/host_vars/compose-x86-01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,11 +0,0 @@ -datacenter: staging -eth0_ipv4_gw: 10.3.167.254 -eth0_ipv4_ip: 10.3.167.33 -koji_hub_nfs: "fedora_koji" -kojihub_scheme: http -kojihub_url: koji.stg.fedoraproject.org/kojihub -kojipkgs_url: kojipkgs.fedoraproject.org -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/development/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -vmhost: bvmhost-x86-03.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/compose-x86-02.phx2.fedoraproject.org b/inventory/host_vars/compose-x86-02.phx2.fedoraproject.org new file mode 100644 index 0000000000..ea60152f5e --- /dev/null +++ b/inventory/host_vars/compose-x86-02.phx2.fedoraproject.org @@ -0,0 +1,44 @@ +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 + +# +# These are 64bit +# +libdir: /usr/lib64 + +ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-26 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/26/Server/x86_64/os/ +virt_install_command: "{{ virt_install_command_two_nic }}" + +lvm_size: 262144 +mem_size: 8192 +num_cpus: 8 + +volgroup: /dev/vg_guests +eth0_ip: 10.5.125.42 +eth1_ip: 10.5.127.27 +eth1_gw: 10.5.127.254 +vmhost: bvirthost05.phx2.fedoraproject.org +datacenter: phx2 + +fas_client_groups: sysadmin-releng + +koji_hub_nfs: "fedora_koji" + +kojipkgs_url: kojipkgs.fedoraproject.org +kojihub_url: koji.fedoraproject.org/kojihub +kojihub_scheme: https + +fedmsg_certs: +- service: releng + owner: root + group: sysadmin-releng + can_send: + # new school pungi-koji stuff (ask dgilmore) + - pungi.compose.phase.start + - pungi.compose.phase.stop + - pungi.compose.status.change + - pungi.compose.createiso.targets + - pungi.compose.createiso.imagefail + - pungi.compose.createiso.imagedone diff --git a/inventory/host_vars/compose-x86-riscv01.iad2.fedoraproject.org b/inventory/host_vars/compose-x86-riscv01.iad2.fedoraproject.org deleted file mode 100644 index 54c1b21b46..0000000000 --- a/inventory/host_vars/compose-x86-riscv01.iad2.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ -datacenter: iad2 -eth0_ipv4_gw: 10.3.172.254 -eth0_ipv4_ip: 10.3.172.22 -# eln is never frozen, the compose box should not be so we can make needed changes -freezes: false -koji_hub_nfs: "fedora_riscv_koji" -kojihub_scheme: https -kojihub_url: riscv-koji.fedoraproject.org/kojihub -kojipkgs_url: riscv-kojipkgs.fedoraproject.org -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -virt_install_command: "{{ virt_install_command_one_nic_unsafe }}" -vmhost: bvmhost-x86-riscv01.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/composer.stg.phx2.fedoraproject.org b/inventory/host_vars/composer.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..9018d6bdd0 --- /dev/null +++ b/inventory/host_vars/composer.stg.phx2.fedoraproject.org @@ -0,0 +1,34 @@ +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ + +volgroup: /dev/vg_virthost16 +eth0_ip: 10.5.128.89 +eth1_ip: 10.5.127.29 +vmhost: virthost16.phx2.fedoraproject.org +datacenter: staging + +fas_client_groups: sysadmin-releng,sysadmin-fedimg,modularity-wg,pungi-devel + +koji_hub_nfs: "fedora_koji" + +kojipkgs_url: kojipkgs.fedoraproject.org +kojihub_url: koji.stg.fedoraproject.org/kojihub +kojihub_scheme: http + +virt_install_command: "{{ virt_install_command_two_nic }}" + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: root +- service: bodhi + owner: root + group: masher +- service: modularity + owner: root + group: modularity-wg diff --git a/inventory/host_vars/copr-be-dev-temp.aws.fedoraproject.org b/inventory/host_vars/copr-be-dev-temp.aws.fedoraproject.org deleted file mode 100644 index bbb1f5e14b..0000000000 --- a/inventory/host_vars/copr-be-dev-temp.aws.fedoraproject.org +++ /dev/null @@ -1,11 +0,0 @@ ---- -nagios_Check_Services: - dhcpd: false - httpd: false - mail: false - named: false - nrpe: false - ping: false - raid: false - sshd: false - swap: false diff --git a/inventory/host_vars/copr-be-dev.aws.fedoraproject.org b/inventory/host_vars/copr-be-dev.aws.fedoraproject.org deleted file mode 100644 index 70ce904b4a..0000000000 --- a/inventory/host_vars/copr-be-dev.aws.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ -hostbase: copr-be-dev- -nagios_Check_Services: - dhcpd: false - httpd: false - mail: false - named: false - nrpe: true - ping: false - raid: false - sshd: false - swap: false -public_ip: 18.208.10.131 -swap_file_path: /swap -swap_file_size_mb: 16000 diff --git a/inventory/host_vars/copr-be-dev.cloud.fedoraproject.org b/inventory/host_vars/copr-be-dev.cloud.fedoraproject.org new file mode 100644 index 0000000000..64abb6b3ed --- /dev/null +++ b/inventory/host_vars/copr-be-dev.cloud.fedoraproject.org @@ -0,0 +1,26 @@ +--- +instance_type: m1.xlarge +image: "{{ fedora25_x86_64 }}" +keypair: fedora-admin-20130801 +security_group: web-80-anywhere-persistent,web-443-anywhere-persistent,ssh-anywhere-persistent,default,allow-nagios-persistent,fedmsg-relay-persistent +zone: nova +hostbase: copr-be-dev- +public_ip: 209.132.184.53 +root_auth_users: msuchy pingou frostyx dturecek clime +description: copr dispatcher and repo server - dev instance +tcp_ports: ['22', '80', '443', '2003', '4001'] +# volumes: copr-be-dev-data +volumes: [ {volume_id: '98372b76-b82c-4a03-9708-17af7d01e1e2', device: '/dev/vdc'} ] + +inventory_tenant: persistent +# name of machine in OpenStack +inventory_instance_name: copr-be-dev +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + # coprdev-net + - net-id: "a440568f-b90a-46af-8ca6-d8fa743a7e7a" + +# Copr vars +copr_hostbase: copr-be-dev +_copr_be_conf: copr-be.conf-dev diff --git a/inventory/host_vars/copr-be.aws.fedoraproject.org b/inventory/host_vars/copr-be.aws.fedoraproject.org deleted file mode 100644 index 2e7a61631f..0000000000 --- a/inventory/host_vars/copr-be.aws.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ -hostbase: copr-be- -nagios_Check_Services: - dhcpd: false - httpd: true - mail: false - named: false - nrpe: true - ping: false - raid: false - sshd: false - swap: false -public_ip: 52.44.175.77 -swap_file_path: /swap -swap_file_size_mb: 16384 diff --git a/inventory/host_vars/copr-be.cloud.fedoraproject.org b/inventory/host_vars/copr-be.cloud.fedoraproject.org new file mode 100644 index 0000000000..d4520af1c3 --- /dev/null +++ b/inventory/host_vars/copr-be.cloud.fedoraproject.org @@ -0,0 +1,50 @@ +--- + +instance_type: ms1.xlarge +image: "{{ fedora25_x86_64 }}" +keypair: fedora-admin-20130801 +security_group: web-80-anywhere-persistent,web-443-anywhere-persistent,ssh-anywhere-persistent,default,allow-nagios-persistent +zone: nova +hostbase: copr-be- +public_ip: 209.132.184.48 +root_auth_users: msuchy clime frostyx +description: copr dispatcher and repo server +volumes: [ {volume_id: '63c3a40c-e228-417a-97a2-e2c34730bf3b', device: '/dev/vdc'} ] +inventory_tenant: persistent +inventory_instance_name: copr-be +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + # copr-net + - net-id: "24699649-0e05-4fd3-98a3-86a75ec49f6e" + +tcp_ports: [ 22, 80, 443, +# These 8 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007] + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: root +- service: copr + owner: root + group: copr + can_send: + - copr.build.start + - copr.build.end + - copr.chroot.start + - copr.worker.create + +# Copr vars + +copr_hostbase: copr-be + +host_backup_targets: ['/var/lib/copr/public_html/results'] +_copr_be_conf: copr-be.conf + +nagios_Check_Services: + nrpe: true + sshd: true + httpd: true + swap: false diff --git a/inventory/host_vars/copr-dist-git-dev.aws.fedoraproject.org b/inventory/host_vars/copr-dist-git-dev.aws.fedoraproject.org deleted file mode 100644 index 50238d1a56..0000000000 --- a/inventory/host_vars/copr-dist-git-dev.aws.fedoraproject.org +++ /dev/null @@ -1,26 +0,0 @@ ---- -ansible_become: yes -ansible_become_user: root -ansible_ssh_user: fedora -# Copr vars -copr_hostbase: copr-dist-git-dev -description: copr dist git - dev instance -#instance_type: t3a.medium -#image: "{{ fedora31_x86_64 }}" -#keypair: fedora-admin-20130801 -hostbase: copr-dist-git-dev- -inventory_hostname: "copr-dist-git-dev.aws.fedoraproject.org" -inventory_instance_name: copr-dist-git-dev -nagios_Check_Services: - dhcpd: false - httpd: false - mail: false - named: false - nrpe: true - ping: false - raid: false - sshd: false - swap: false -public_ip: 54.243.51.13 -swap_file_path: /swap -swap_file_size_mb: 2048 diff --git a/inventory/host_vars/copr-dist-git-dev.fedorainfracloud.org b/inventory/host_vars/copr-dist-git-dev.fedorainfracloud.org new file mode 100644 index 0000000000..4dada1356e --- /dev/null +++ b/inventory/host_vars/copr-dist-git-dev.fedorainfracloud.org @@ -0,0 +1,23 @@ +--- +instance_type: ms1.small +image: "{{ fedora25_x86_64 }}" +#image: rhel7-20141015 +keypair: fedora-admin-20130801 +security_group: web-80-anywhere-persistent,ssh-anywhere-persistent,default,all-icmp-persistent +zone: nova +hostbase: copr-dist-git-dev- +public_ip: 209.132.184.179 +root_auth_users: ryanlerch pingou msuchy dturecek frostyx clime +description: dist-git for copr service - dev instance +tcp_ports: [22, 80] +# volumes: copr-dist-git-dev +volumes: [ {volume_id: '64f21445-d758-4b19-8401-e497cd0ae012', device: '/dev/vdc'} ] +inventory_tenant: persistent +# name of machine in OpenStack +inventory_instance_name: copr-dist-git-dev +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + +# Copr vars +copr_hostbase: copr-dist-git-dev diff --git a/inventory/host_vars/copr-dist-git.aws.fedoraproject.org b/inventory/host_vars/copr-dist-git.aws.fedoraproject.org deleted file mode 100644 index 3f07e7b80a..0000000000 --- a/inventory/host_vars/copr-dist-git.aws.fedoraproject.org +++ /dev/null @@ -1,27 +0,0 @@ ---- -ansible_become: yes -ansible_become_user: root -ansible_ssh_user: fedora -# Copr vars -copr_hostbase: copr-dist-git -description: copr dist git - prod instance -swap_file_size_mb: 50000 -swap_file_path: /swap - -#instance_type: t3a.medium -#image: "{{ fedora31_x86_64 }}" -#keypair: fedora-admin-20130801 -hostbase: copr-dist-git -inventory_hostname: "copr-dist-git.aws.fedoraproject.org" -inventory_instance_name: copr-dist-git -nagios_Check_Services: - dhcpd: false - httpd: false - mail: false - named: false - nrpe: true - ping: false - raid: false - sshd: false - swap: false -public_ip: 3.89.184.181 diff --git a/inventory/host_vars/copr-dist-git.fedorainfracloud.org b/inventory/host_vars/copr-dist-git.fedorainfracloud.org new file mode 100644 index 0000000000..085f688573 --- /dev/null +++ b/inventory/host_vars/copr-dist-git.fedorainfracloud.org @@ -0,0 +1,24 @@ +--- +instance_type: ms1.medium.bigswap +image: "{{ fedora25_x86_64 }}" +keypair: fedora-admin-20130801 +security_group: web-80-anywhere-persistent,ssh-anywhere-persistent,default,all-icmp-persistent +zone: nova +hostbase: copr-dist-git- +public_ip: 209.132.184.163 +root_auth_users: msuchy asamalik clime frostyx +description: dist-git for copr service - prod instance +tcp_ports: [22, 80] +# volumes: copr-dist-git, copr-dist-git-log +volumes: [ {volume_id: '98b038a4-1695-432b-bb80-d5d9440c94df', device: '/dev/vdc'}, {volume_id: 'e712828f-998f-49aa-85a6-aeb42a7d1843', device: '/dev/vdd'} ] +inventory_tenant: persistent +# name of machine in OpenStack +inventory_instance_name: copr-dist-git +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + +# Copr vars +copr_hostbase: copr-dist-git + +host_backup_targets: ['/var/lib/dist-git/git', '/var/lib/dist-git/cache'] diff --git a/inventory/host_vars/copr-fe-dev.aws.fedoraproject.org b/inventory/host_vars/copr-fe-dev.aws.fedoraproject.org deleted file mode 100644 index d6abf754ce..0000000000 --- a/inventory/host_vars/copr-fe-dev.aws.fedoraproject.org +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copr vars -copr_hostbase: copr-fe-dev -description: copr frontend - dev instance -hostbase: copr-fe-dev- -inventory_hostname: "copr-fe-dev.aws.fedoraproject.org" -inventory_instance_name: copr-fe-dev -nagios_Check_Services: - dhcpd: false - httpd: false - mail: false - named: false - nrpe: true - ping: false - raid: false - sshd: false - swap: false -principal_alias: "HTTP/copr.stg.fedoraproject.org@STG.FEDORAPROJECT.ORG" -public_ip: 18.208.24.211 -swap_file_path: /swap -swap_file_size_mb: 4096 diff --git a/inventory/host_vars/copr-fe-dev.cloud.fedoraproject.org b/inventory/host_vars/copr-fe-dev.cloud.fedoraproject.org new file mode 100644 index 0000000000..55a973f7b9 --- /dev/null +++ b/inventory/host_vars/copr-fe-dev.cloud.fedoraproject.org @@ -0,0 +1,22 @@ +--- +instance_type: m1.medium +image: "{{ fedora25_x86_64 }}" +keypair: fedora-admin-20130801 +security_group: web-80-anywhere-persistent,web-443-anywhere-persistent,ssh-anywhere-persistent,default,all-icmp-persistent +zone: nova +hostbase: copr-fe-dev- +public_ip: 209.132.184.55 +root_auth_users: ryanlerch pingou msuchy dturecek frostyx clime +description: copr frontend server - dev instance +tcp_ports: [22, 80, 443] +# volumes: copr-fe-dev-db +volumes: [ {volume_id: 'c1f1db5f-1b71-4ee8-82f6-0665ff142933', device: '/dev/vdc'} ] +inventory_tenant: persistent +# name of machine in OpenStack +inventory_instance_name: copr-fe-dev +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + +# Copr vars +copr_hostbase: copr-fe-dev diff --git a/inventory/host_vars/copr-fe.aws.fedoraproject.org b/inventory/host_vars/copr-fe.aws.fedoraproject.org deleted file mode 100644 index 2fd0d981ec..0000000000 --- a/inventory/host_vars/copr-fe.aws.fedoraproject.org +++ /dev/null @@ -1,30 +0,0 @@ ---- -# this overrides vars/Fedora.yml -base_pkgs_erase: ['PackageKit*', 'sendmail', 'at'] -# Copr vars -copr_hostbase: copr-fe -db_backup_dir: ['/backups'] -# dbs to be backed up on this host -dbs_to_backup: - - coprdb -description: copr frontend server - prod instance -hostbase: copr-fe- -inventory_hostname: "copr-fe.aws.fedoraproject.org" -inventory_instance_name: copr-fe -nagios_Check_Services: - dhcpd: false - httpd: false - mail: false - named: false - nrpe: true - ping: false - raid: false - sshd: false - swap: false -public_ip: 3.225.109.36 -sar_output_file: copr.json -# GDPR SAR variables -sar_script: /usr/share/copr/coprs_frontend/run/copr-gdpr-sar.sh -sar_script_user: copr-fe -swap_file_path: /swap -swap_file_size_mb: 8192 diff --git a/inventory/host_vars/copr-fe.cloud.fedoraproject.org b/inventory/host_vars/copr-fe.cloud.fedoraproject.org new file mode 100644 index 0000000000..a4a4c02fb6 --- /dev/null +++ b/inventory/host_vars/copr-fe.cloud.fedoraproject.org @@ -0,0 +1,36 @@ +--- +# this overrides vars/Fedora.yml +base_pkgs_erase: ['PackageKit*', 'sendmail', 'at'] + +instance_type: ms1.medium +image: "{{ fedora25_x86_64 }}" +keypair: fedora-admin-20130801 +security_group: web-80-anywhere-persistent,web-443-anywhere-persistent,ssh-anywhere-persistent,default,allow-nagios-persistent +zone: nova +hostbase: copr-fe- +public_ip: 209.132.184.54 +root_auth_users: msuchy asamalik clime frostyx +description: copr frontend server - prod instance +tcp_ports: [22, 80, 443] +volumes: [ {volume_id: '8f790db7-8294-4d2b-8bae-7af5961ce0f8', device: '/dev/vdc'} ] +inventory_tenant: persistent +inventory_instance_name: copr-fe +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + +# Copr vars + +copr_hostbase: copr-fe + +# dbs to be backed up on this host +dbs_to_backup: +- coprdb + +db_backup_dir: ['/backups'] + +nagios_Check_Services: + nrpe: true + sshd: true + httpd: true + swap: false diff --git a/inventory/host_vars/copr-keygen-dev.aws.fedoraproject.org b/inventory/host_vars/copr-keygen-dev.aws.fedoraproject.org deleted file mode 100644 index 9ba3b08a03..0000000000 --- a/inventory/host_vars/copr-keygen-dev.aws.fedoraproject.org +++ /dev/null @@ -1,23 +0,0 @@ ---- -ansible_become: yes -ansible_become_user: root -ansible_ssh_user: fedora -#volumes: [ {volume_id: '9e2b4c55-9ec3-4508-af46-a40f3a5bd982', device: '/dev/vdc'} ] -description: copr key gen and sign host - dev instance -#instance_type: t3a.small -#image: "{{ fedora31_x86_64 }}" -#keypair: fedora-admin-20130801 -hostbase: copr-keygen-dev- -inventory_hostname: "copr-keygen-dev.aws.fedoraproject.org" -inventory_instance_name: copr-keygen-dev -nagios_Check_Services: - dhcpd: false - httpd: false - mail: false - named: false - nrpe: true - ping: false - raid: false - sshd: false - swap: false -public_ip: 54.225.23.248 diff --git a/inventory/host_vars/copr-keygen-dev.cloud.fedoraproject.org b/inventory/host_vars/copr-keygen-dev.cloud.fedoraproject.org new file mode 100644 index 0000000000..f22fc7d1ae --- /dev/null +++ b/inventory/host_vars/copr-keygen-dev.cloud.fedoraproject.org @@ -0,0 +1,22 @@ +--- +instance_type: ms1.small +image: "{{ fedora25_x86_64 }}" +keypair: fedora-admin-20130801 +# todo: remove some security groups ? +security_group: web-80-anywhere-persistent,web-443-anywhere-persistent,ssh-anywhere-persistent,default,all-icmp-persistent +zone: nova +hostbase: copr-keygen-dev- +public_ip: 209.132.184.46 +root_auth_users: msuchy clime frostyx dturecek +volumes: [ {volume_id: '9e2b4c55-9ec3-4508-af46-a40f3a5bd982', device: '/dev/vdc'} ] +description: copr key gen and sign host - dev instance + +inventory_tenant: persistent +# name of machine in OpenStack +inventory_instance_name: copr-keygen-dev +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + +# Copr vars +copr_hostbase: copr-keygen-dev diff --git a/inventory/host_vars/copr-keygen.aws.fedoraproject.org b/inventory/host_vars/copr-keygen.aws.fedoraproject.org deleted file mode 100644 index 4cbd3dfbd3..0000000000 --- a/inventory/host_vars/copr-keygen.aws.fedoraproject.org +++ /dev/null @@ -1,23 +0,0 @@ ---- -ansible_become: yes -ansible_become_user: root -ansible_ssh_user: fedora -db_backup_dir: ['/backup'] -description: copr key gen and sign host - prod instance -#instance_type: t3a.small -#image: "{{ fedora31_x86_64 }}" -#keypair: fedora-admin-20130801 -hostbase: copr-keygen-dev- -inventory_hostname: "copr-keygen.aws.fedoraproject.org" -inventory_instance_name: copr-keygen -nagios_Check_Services: - dhcpd: false - httpd: false - mail: false - named: false - nrpe: true - ping: false - raid: false - sshd: true - swap: false -public_ip: 54.83.48.73 diff --git a/inventory/host_vars/copr-keygen.cloud.fedoraproject.org b/inventory/host_vars/copr-keygen.cloud.fedoraproject.org new file mode 100644 index 0000000000..c660c8bac9 --- /dev/null +++ b/inventory/host_vars/copr-keygen.cloud.fedoraproject.org @@ -0,0 +1,31 @@ +--- +instance_type: ms1.small +image: "{{ fedora25_x86_64 }}" +keypair: fedora-admin-20130801 +zone: nova +hostbase: copr-keygen- +public_ip: 209.132.184.49 +root_auth_users: msuchy clime +description: copr key gen instance +volumes: [ {volume_id: '761175dc-daaf-48c0-be09-5799990f97a7', device: '/dev/vdc'} ] +# security_group: default +security_group: web-80-anywhere-persistent,ssh-anywhere-persistent,default,allow-nagios-persistent,keygen-persistent + +inventory_tenant: persistent +# name of machine in OpenStack +inventory_instance_name: copr-keygen +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + + +host_backup_targets: ['/backup/'] +datacenter: cloud + +# Copr vars +copr_hostbase: copr-keygen + +nagios_Check_Services: + nrpe: true + sshd: true + swap: false diff --git a/inventory/host_vars/copr-pulp-dev.aws.fedoraproject.org b/inventory/host_vars/copr-pulp-dev.aws.fedoraproject.org deleted file mode 100644 index 482c4394e6..0000000000 --- a/inventory/host_vars/copr-pulp-dev.aws.fedoraproject.org +++ /dev/null @@ -1,22 +0,0 @@ -hostbase: copr-pulp-dev- -nagios_Check_Services: - dhcpd: false - httpd: false - mail: false - named: false - nrpe: true - ping: false - raid: false - sshd: false - swap: true -public_ip: 44.206.10.188 -swap_file_path: /swap -swap_file_size_mb: 8096 - -tcp_ports: [ - 22, - # PULP API - 24817, -] - -aws_ipv6_con: "System eth0" diff --git a/inventory/host_vars/copr-pulp.aws.fedoraproject.org b/inventory/host_vars/copr-pulp.aws.fedoraproject.org deleted file mode 100644 index 16eba8df35..0000000000 --- a/inventory/host_vars/copr-pulp.aws.fedoraproject.org +++ /dev/null @@ -1,18 +0,0 @@ -hostbase: copr-pulp- -# This instance is not yet started -nagios_Can_Connect: false -# nagios_Check_Services: -# dhcpd: false -# httpd: true -# mail: false -# named: false -# nrpe: true -# ping: false -# raid: false -# sshd: false -# swap: false -public_ip: TODO -swap_file_path: /swap -swap_file_size_mb: 8096 - -aws_ipv6_con: "System eth0" diff --git a/inventory/host_vars/darkserver-backend01.stg.phx2.fedoraproject.org b/inventory/host_vars/darkserver-backend01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..7f4f08c5d4 --- /dev/null +++ b/inventory/host_vars/darkserver-backend01.stg.phx2.fedoraproject.org @@ -0,0 +1,15 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-26 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/26/Server/x86_64/os/ + +eth0_ip: 10.5.128.90 + +volgroup: /dev/vg_virthost16 +vmhost: virthost16.phx2.fedoraproject.org + +datacenter: phx2 +sudoers: "{{ private }}/files/sudo/sysadmin-darkserver-sudoers" diff --git a/inventory/host_vars/darkserver-dev.fedorainfracloud.org b/inventory/host_vars/darkserver-dev.fedorainfracloud.org new file mode 100644 index 0000000000..00a392f852 --- /dev/null +++ b/inventory/host_vars/darkserver-dev.fedorainfracloud.org @@ -0,0 +1,18 @@ +--- +image: rhel7-20141015 +instance_type: m1.large +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,default,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: darkserver-dev +hostbase: darkserver-dev +public_ip: 209.132.184.171 +root_auth_users: kushal +description: darkserver development instance + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" diff --git a/inventory/host_vars/darkserver-web01.stg.phx2.fedoraproject.org b/inventory/host_vars/darkserver-web01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..a159f9533a --- /dev/null +++ b/inventory/host_vars/darkserver-web01.stg.phx2.fedoraproject.org @@ -0,0 +1,15 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-26 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/26/Server/x86_64/os/ + +eth0_ip: 10.5.128.91 + +volgroup: /dev/vg_guests +vmhost: virthost20.phx2.fedoraproject.org + +datacenter: phx2 +sudoers: "{{ private }}/files/sudo/sysadmin-darkserver-sudoers" diff --git a/inventory/host_vars/darkserver-web02.stg.phx2.fedoraproject.org b/inventory/host_vars/darkserver-web02.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..99ee4999b2 --- /dev/null +++ b/inventory/host_vars/darkserver-web02.stg.phx2.fedoraproject.org @@ -0,0 +1,15 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-26 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/26/Server/x86_64/os/ + +eth0_ip: 10.5.128.92 + +volgroup: /dev/vg_virthost16 +vmhost: virthost16.phx2.fedoraproject.org + +datacenter: phx2 +sudoers: "{{ private }}/files/sudo/sysadmin-darkserver-sudoers" diff --git a/inventory/host_vars/darkserver02.phx2.fedoraproject.org b/inventory/host_vars/darkserver02.phx2.fedoraproject.org new file mode 100644 index 0000000000..5a5f263a85 --- /dev/null +++ b/inventory/host_vars/darkserver02.phx2.fedoraproject.org @@ -0,0 +1,11 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.7 +vmhost: virthost22.phx2.fedoraproject.org +datacenter: phx2 +sudoers: "{{ private }}/files/sudo/sysadmin-darkserver-sudoers" diff --git a/inventory/host_vars/data-analysis01.phx2.fedoraproject.org b/inventory/host_vars/data-analysis01.phx2.fedoraproject.org new file mode 100644 index 0000000000..981dbc8313 --- /dev/null +++ b/inventory/host_vars/data-analysis01.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +# this box is not mission critical +freezes: false + +# this box mounts a large share from the netapp to store combined http +# logs from the proxies. + +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" + +# general configs +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 +datacenter: phx2 +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +eth0_ip: 10.5.126.121 +eth1_ip: 10.5.127.214 +tcp_ports: [80, 443, 873] diff --git a/inventory/host_vars/data-reports01.iad2.fedoraproject.org b/inventory/host_vars/data-reports01.iad2.fedoraproject.org deleted file mode 100644 index decf5d8616..0000000000 --- a/inventory/host_vars/data-reports01.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.113 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/37/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -vmhost: vmhost-x86-05.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/datagrepper01.phx2.fedoraproject.org b/inventory/host_vars/datagrepper01.phx2.fedoraproject.org new file mode 100644 index 0000000000..6cbd8341f7 --- /dev/null +++ b/inventory/host_vars/datagrepper01.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +volgroup: /dev/vg_guests00 +vmhost: virthost14.phx2.fedoraproject.org +datacenter: phx2 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.126.18 diff --git a/inventory/host_vars/datagrepper01.stg.phx2.fedoraproject.org b/inventory/host_vars/datagrepper01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..e6467b44e2 --- /dev/null +++ b/inventory/host_vars/datagrepper01.stg.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +volgroup: /dev/vg_guests +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.128.93 diff --git a/inventory/host_vars/datagrepper02.phx2.fedoraproject.org b/inventory/host_vars/datagrepper02.phx2.fedoraproject.org new file mode 100644 index 0000000000..a8c8e63784 --- /dev/null +++ b/inventory/host_vars/datagrepper02.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +volgroup: /dev/vg_guests +vmhost: virthost19.phx2.fedoraproject.org +datacenter: phx2 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.126.19 diff --git a/inventory/host_vars/db-arm-koji01.qa.fedoraproject.org b/inventory/host_vars/db-arm-koji01.qa.fedoraproject.org new file mode 100644 index 0000000000..5732790bd5 --- /dev/null +++ b/inventory/host_vars/db-arm-koji01.qa.fedoraproject.org @@ -0,0 +1,44 @@ +--- +nm: 255.255.255.0 +gw: 10.5.131.254 +dns: 10.5.126.21 +volgroup: /dev/vg_guests +eth0_ip: 10.5.131.62 +vmhost: virthost-comm04.qa.fedoraproject.org +datacenter: phx2 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +# This is a generic list, monitored by collectd +databases: +- koji + +# This is a more strict list, to be made publicly available +dbs_to_backup: +- koji + +# These are normally group variables, but in this case db servers are often different +lvm_size: 500000 +mem_size: 8192 +num_cpus: 12 +fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-secondary,sysadmin-veteran +sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers" + +# kernel SHMMAX value +kernel_shmmax: 68719476736 + +# +# Only allow postgresql access from the frontend node. +# +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.124.138 --dport 5432 -j ACCEPT' ] + +# +# Large updates pushes cause lots of db threads doing the tag moves, so up this from default. +# +nrpe_procs_warn: 600 +nrpe_procs_crit: 700 + +db_backup_dir: ['/backups'] +shared_buffers: "2GB" +effective_cache_size: "6GB" diff --git a/inventory/host_vars/db-datanommer01.stg.iad2.fedoraproject.org b/inventory/host_vars/db-datanommer01.stg.iad2.fedoraproject.org deleted file mode 100644 index 4274421eb4..0000000000 --- a/inventory/host_vars/db-datanommer01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,26 +0,0 @@ ---- -# This is a generic list, monitored by collectd -databases: - - datanommer -datacenter: iad2 -effective_cache_size: "12GB" -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.59 -# kernel SHMMAX value -kernel_shmmax: 68719476736 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# These are normally group variables, but in this case db servers are often different -lvm_size: 1000000 -max_mem_size: 98304 -mem_size: 65536 -num_cpus: 8 -sar_huge: true -sar_output_file: datagrepper.csv -# GDPR SAR variables - datanommer/datagrepper -sar_script: /usr/local/bin/datagrepper_sar.py -sar_script_user: root -shared_buffers: "4GB" -tcp_ports: [5432, 443] -vmhost: vmhost-x86-01.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/db-datanommer02.iad2.fedoraproject.org b/inventory/host_vars/db-datanommer02.iad2.fedoraproject.org deleted file mode 100644 index cdc9fcfee7..0000000000 --- a/inventory/host_vars/db-datanommer02.iad2.fedoraproject.org +++ /dev/null @@ -1,37 +0,0 @@ ---- -# This is a generic list, monitored by collectd -databases: - - datanommer -datacenter: iad2 -db_backup_dir: ['/backups'] -# This is a more strict list, to be made publicly available -dbs_to_backup: - - datanommer2 -effective_cache_size: "12GB" -eth0_ipv4: "{{eth0_ip}}" -eth0_ipv4_gw: "10.3.163.254" -eth0_ipv4_ip: 10.3.163.111 -# kernel SHMMAX value -kernel_shmmax: 68719476736 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# These are normally group variables, but in this case db servers are often different -lvm_size: 2000g -max_cpu: "{{ num_cpus * 2 }}" -max_mem_size: "{{ mem_size * 2 }}" -max_parallel_workers: 6 -max_parallel_workers_per_gather: 4 -max_worker_processes: 8 -mem_size: 32768 -nagios_Check_Services: - swap: false -num_cpus: 16 -sar_huge: true -sar_output_file: datagrepper.csv -# GDPR SAR variables - datanommer/datagrepper -sar_script: /usr/local/bin/datagrepper_sar.py -sar_script_user: root -shared_buffers: "4GB" -tcp_ports: [5432, 443] -vmhost: vmhost-x86-08.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/db-datanommer02.phx2.fedoraproject.org b/inventory/host_vars/db-datanommer02.phx2.fedoraproject.org new file mode 100644 index 0000000000..31e3e6598f --- /dev/null +++ b/inventory/host_vars/db-datanommer02.phx2.fedoraproject.org @@ -0,0 +1,32 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost +eth0_ip: 10.5.126.111 +vmhost: virthost17.phx2.fedoraproject.org +datacenter: phx2 + +# This is a generic list, monitored by collectd +databases: +- datanommer + +# This is a more strict list, to be made publicly available +dbs_to_backup: +- datanommer + +# These are normally group variables, but in this case db servers are often different +lvm_size: 500000 +mem_size: 16384 +num_cpus: 8 +tcp_ports: [ 5432, 443 ] +fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-veteran + +# kernel SHMMAX value +kernel_shmmax: 68719476736 + +db_backup_dir: ['/backups'] +shared_buffers: "4GB" +effective_cache_size: "12GB" diff --git a/inventory/host_vars/db-fas01.iad2.fedoraproject.org b/inventory/host_vars/db-fas01.iad2.fedoraproject.org deleted file mode 100644 index 56b71d8c94..0000000000 --- a/inventory/host_vars/db-fas01.iad2.fedoraproject.org +++ /dev/null @@ -1,52 +0,0 @@ ---- -# -# Only allow postgresql access from the frontend nodes and hosted. -# -custom_rules: [ - # Openshift nodes (egress policy will block connection from non-authorized projects) - '-A INPUT -p tcp -m tcp -s 10.3.163.69 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.70 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.71 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.72 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.73 --dport 5432 -j ACCEPT', - # noc01 needs to connect to check the db - '-A INPUT -p tcp -m tcp -s 10.3.163.10 --dport 5432 -j ACCEPT', - # Ipsilon VMs - '-A INPUT -p tcp -m tcp -s 10.3.163.105 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.106 --dport 5432 -j ACCEPT'] -nft_custom_rules: - # Openshift nodes (egress policy will block connection from non-authorized projects) - - 'add rule ip filter INPUT ip saddr 10.3.163.69 tcp dport 5432 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.70 tcp dport 5432 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.71 tcp dport 5432 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.72 tcp dport 5432 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.73 tcp dport 5432 counter accept' - # noc01 needs to connect to check the db - - 'add rule ip filter INPUT ip saddr 10.3.163.10 tcp dport 5432 counter accept' - # Ipsilon VMs - - 'add rule ip filter INPUT ip saddr 10.3.163.105 tcp dport 5432 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.106 tcp dport 5432 counter accept' -# This is a generic list, monitored by collectd -databases: - - fas2 - - ipsilon -datacenter: iad2 -db_backup_dir: ['/backups'] -# This is a more strict list, to be made publicly available -dbs_to_backup: - - fas2 - - ipsilon -effective_cache_size: "6GB" -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.42 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# These are normally group variables, but in this case db servers are often different -lvm_size: 100000 -max_stack_depth: "4MB" -mem_size: 16384 -nrpe_procs_crit: 800 -# -# Large updates pushes cause lots of db threads doing the tag moves, so up this from default. -# -nrpe_procs_warn: 600 -num_cpus: 8 -shared_buffers: "2GB" -temp_buffers: "8MB" -vmhost: vmhost-x86-08.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/db-fas01.phx2.fedoraproject.org b/inventory/host_vars/db-fas01.phx2.fedoraproject.org new file mode 100644 index 0000000000..954225e8f4 --- /dev/null +++ b/inventory/host_vars/db-fas01.phx2.fedoraproject.org @@ -0,0 +1,55 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.99 +vmhost: virthost22.phx2.fedoraproject.org +datacenter: phx2 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +# This is a generic list, monitored by collectd +databases: +- fas2 + +# This is a more strict list, to be made publicly available +dbs_to_backup: +- fas2 + +# These are normally group variables, but in this case db servers are often different +lvm_size: 100000 +mem_size: 8192 +num_cpus: 4 +fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-veteran + +# +# Only allow postgresql access from the frontend nodes and hosted. +# +custom_rules: [ + # fas01, fas02, and fas03 + '-A INPUT -p tcp -m tcp -s 10.5.126.25 --dport 5432 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.126.26 --dport 5432 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.126.30 --dport 5432 -j ACCEPT', + + # ipsilon01 and ipsilon02 + '-A INPUT -p tcp -m tcp -s 10.5.126.46 --dport 5432 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.126.47 --dport 5432 -j ACCEPT' , + + # basset01 + '-A INPUT -p tcp -m tcp -s 10.5.126.194 --dport 5432 -j ACCEPT', + + # sundries ??? but this is noc01? + '-A INPUT -p tcp -m tcp -s 10.5.126.41 --dport 5432 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.126.241 --dport 5432 -j ACCEPT', +] +# +# Large updates pushes cause lots of db threads doing the tag moves, so up this from default. +# +nrpe_procs_warn: 600 +nrpe_procs_crit: 800 + +db_backup_dir: ['/backups'] +shared_buffers: "2GB" +effective_cache_size: "6GB" diff --git a/inventory/host_vars/db-fas01.stg.iad2.fedoraproject.org b/inventory/host_vars/db-fas01.stg.iad2.fedoraproject.org deleted file mode 100644 index fb4a35e62e..0000000000 --- a/inventory/host_vars/db-fas01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,42 +0,0 @@ ---- -# -# Only allow postgresql access from the frontend node and ipsilon01.stg and -# fas3-01.stg and openshift -# -custom_rules: - # - '-A INPUT -p tcp -m tcp -s 10.5.128.129 --dport 5432 -j ACCEPT' - # - '-A INPUT -p tcp -m tcp -s 10.5.128.137 --dport 5432 -j ACCEPT' - # - '-A INPUT -p tcp -m tcp -s 10.5.128.82 --dport 5432 -j ACCEPT' - # - '-A INPUT -p tcp -m tcp -s 10.5.128.104 --dport 5432 -j ACCEPT' - # - '-A INPUT -p tcp -m tcp -s 10.5.128.105 --dport 5432 -j ACCEPT' - # - '-A INPUT -p tcp -m tcp -s 10.5.128.106 --dport 5432 -j ACCEPT' - # - '-A INPUT -p tcp -m tcp -s 10.5.128.107 --dport 5432 -j ACCEPT' - # TODO: lock it down more - - '-A INPUT -p tcp -m tcp -s 10.3.166.0/24 --dport 5432 -j ACCEPT' -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 10.3.166.0/24 tcp dport 5432 counter accept' -# This is a generic list, monitored by collectd -databases: - - fas2 -datacenter: iad2 -db_backup_dir: ['/backups'] -# This is a more strict list, to be made publicly available -dbs_to_backup: - - fas2 -effective_cache_size: "3GB" -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.34 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# These are normally group variables, but in this case db servers are often different -lvm_size: 30000 -mem_size: 4096 -nrpe_procs_crit: 500 -# -# Large updates pushes cause lots of db threads doing the tag moves, so up this from default. -# -nrpe_procs_warn: 400 -num_cpus: 2 -shared_buffers: "1GB" -vmhost: vmhost-x86-01.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/db-fas01.stg.phx2.fedoraproject.org b/inventory/host_vars/db-fas01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..555fe3df3c --- /dev/null +++ b/inventory/host_vars/db-fas01.stg.phx2.fedoraproject.org @@ -0,0 +1,44 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +volgroup: /dev/vg_virthost16 +eth0_ip: 10.5.128.96 +vmhost: virthost16.phx2.fedoraproject.org +datacenter: phx2 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +# This is a generic list, monitored by collectd +databases: +- fas2 + +# This is a more strict list, to be made publicly available +dbs_to_backup: +- fas2 + +# These are normally group variables, but in this case db servers are often different +lvm_size: 30000 +mem_size: 4096 +num_cpus: 2 +fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-veteran + +# +# Only allow postgresql access from the frontend node and ipsilon01.stg and +# fas3-01.stg +# +custom_rules: +- '-A INPUT -p tcp -m tcp -s 10.5.128.129 --dport 5432 -j ACCEPT' +- '-A INPUT -p tcp -m tcp -s 10.5.128.137 --dport 5432 -j ACCEPT' +- '-A INPUT -p tcp -m tcp -s 10.5.128.82 --dport 5432 -j ACCEPT' + +# +# Large updates pushes cause lots of db threads doing the tag moves, so up this from default. +# +nrpe_procs_warn: 400 +nrpe_procs_crit: 500 + +db_backup_dir: ['/backups'] +shared_buffers: "1GB" +effective_cache_size: "3GB" diff --git a/inventory/host_vars/db-koji01.iad2.fedoraproject.org b/inventory/host_vars/db-koji01.iad2.fedoraproject.org deleted file mode 100644 index df0956741c..0000000000 --- a/inventory/host_vars/db-koji01.iad2.fedoraproject.org +++ /dev/null @@ -1,49 +0,0 @@ ---- -# -# Only allow postgresql access from the frontend node. -# -custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.169.104 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.169.105 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.169.10 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.10 --dport 5432 -j ACCEPT'] -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 10.3.169.104 tcp dport 5432 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.169.105 tcp dport 5432 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.169.10 tcp dport 5432 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.10 tcp dport 5432 counter accept' -# This is a generic list, monitored by collectd -databases: - - koji -datacenter: iad2 -db_backup_dir: ['/backups'] -# This is a more strict list, to be made publicly available -dbs_to_backup: - - koji -effective_cache_size: "100GB" -effective_io_concurrency: 20 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.103 -# kernel SHMMAX value -kernel_shmmax: 68719476736 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# These are normally group variables, but in this case db servers are often different -lvm_size: 1750000 -max_cpu: 96 -max_mem_size: 327680 -max_parallel_maintenance_workers: 4 -max_parallel_workers: 40 -max_parallel_workers_per_gather: 10 -max_stack_depth: "6MB" -max_worker_processes: 60 -mem_size: 262140 -nagios_Check_Services: - swap: false -nrpe_procs_crit: 700 -# -# Large updates pushes cause lots of db threads doing the tag moves, so up this from default. -# -nrpe_procs_warn: 600 -num_cpus: 64 -shared_buffers: "64GB" -swap: false -temp_buffers: "192MB" -vmhost: bvmhost-x86-01.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/db-koji01.phx2.fedoraproject.org b/inventory/host_vars/db-koji01.phx2.fedoraproject.org new file mode 100644 index 0000000000..d0a781cef2 --- /dev/null +++ b/inventory/host_vars/db-koji01.phx2.fedoraproject.org @@ -0,0 +1,49 @@ +--- +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 +volgroup: /dev/vg_guests +eth0_ip: 10.5.125.47 +vmhost: bvirthost05.phx2.fedoraproject.org +datacenter: phx2 + +ks_url: http://infrastructure.phx2.fedoraproject.org/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://infrastructure.phx2.fedoraproject.org/repo/rhel/RHEL7-x86_64/ + +# This is a generic list, monitored by collectd +databases: +- koji + +# This is a more strict list, to be made publicly available +dbs_to_backup: +- koji + +# These are normally group variables, but in this case db servers are often different +lvm_size: 300000 +mem_size: 32768 +num_cpus: 16 +fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-veteran + +# kernel SHMMAX value +kernel_shmmax: 68719476736 + +# +# Only allow postgresql access from the frontend node. +# +custom_rules: [ +'-A INPUT -p tcp -m tcp -s 10.5.125.59 --dport 5432 -j ACCEPT', +'-A INPUT -p tcp -m tcp -s 10.5.125.60 --dport 5432 -j ACCEPT', +'-A INPUT -p tcp -m tcp -s 10.5.125.61 --dport 5432 -j ACCEPT', +'-A INPUT -p tcp -m tcp -s 10.5.125.62 --dport 5432 -j ACCEPT', +'-A INPUT -p tcp -m tcp -s 10.5.126.41 --dport 5432 -j ACCEPT', +] + +# +# Large updates pushes cause lots of db threads doing the tag moves, so up this from default. +# +nrpe_procs_warn: 600 +nrpe_procs_crit: 700 + +db_backup_dir: ['/backups'] +shared_buffers: "8GB" +effective_cache_size: "24GB" diff --git a/inventory/host_vars/db-koji01.stg.iad2.fedoraproject.org b/inventory/host_vars/db-koji01.stg.iad2.fedoraproject.org deleted file mode 100644 index ce0b5904f4..0000000000 --- a/inventory/host_vars/db-koji01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,30 +0,0 @@ ---- -# -# Only allow postgresql access from the frontend node. -# -custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.167.64 --dport 5432 -j ACCEPT'] -nft_custom_rules: ['add rule ip filter INPUT ip saddr 10.3.167.64 tcp dport 5432 counter accept'] -# This is a generic list, monitored by collectd -databases: - - koji -datacenter: iad2 -effective_cache_size: "12GB" -eth0_ipv4_gw: 10.3.167.254 -eth0_ipv4_ip: 10.3.167.65 -# kernel SHMMAX value -kernel_shmmax: 68719476736 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# These are normally group variables, but in this case db servers are often different -lvm_size: 2000000 -max_mem_size: "{{ mem_size }}" -mem_size: 65536 -nrpe_procs_crit: 700 -# -# Large updates pushes cause lots of db threads doing the tag moves, so up this from default. -# -nrpe_procs_warn: 600 -num_cpus: 16 -shared_buffers: "4GB" -vmhost: bvmhost-x86-02.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/db-koji01.stg.phx2.fedoraproject.org b/inventory/host_vars/db-koji01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..554fc4fd2c --- /dev/null +++ b/inventory/host_vars/db-koji01.stg.phx2.fedoraproject.org @@ -0,0 +1,50 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.98 +vmhost: virthost04.phx2.fedoraproject.org +datacenter: phx2 + +ks_url: http://infrastructure.phx2.fedoraproject.org/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://infrastructure.phx2.fedoraproject.org/repo/rhel/RHEL7-x86_64/ + +# This is a generic list, monitored by collectd +databases: +- koji + +# These are normally group variables, but in this case db servers are often different +lvm_size: 500000 +mem_size: 16384 +max_mem_size: "{{ mem_size }}" +num_cpus: 8 +fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-veteran + +# kernel SHMMAX value +kernel_shmmax: 68719476736 + +# +# Only allow postgresql access from the frontend node and other db nodes +# +custom_rules: [ + '-A INPUT -p tcp -m tcp -s 10.5.128.139 --dport 5432 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.128.98 --dport 5432 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.128.99 --dport 5432 -j ACCEPT', + '-A INPUT -d 224.0.0.0/8 -j ACCEPT', + '-A INPUT -p vrrp -j ACCEPT', +] + +# +# Large updates pushes cause lots of db threads doing the tag moves, so up this from default. +# +nrpe_procs_warn: 600 +nrpe_procs_crit: 700 +shared_buffers: "8GB" +effective_cache_size: "24GB" + +# Keepalived variables +keepalived_interface: eth0 +keepalived_priority: 100 +keepalived_ipaddress: 10.5.128.97/24 +keepalived_routerid: 18 diff --git a/inventory/host_vars/db-koji02.stg.phx2.fedoraproject.org b/inventory/host_vars/db-koji02.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..9a5cd35549 --- /dev/null +++ b/inventory/host_vars/db-koji02.stg.phx2.fedoraproject.org @@ -0,0 +1,51 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.99 +vmhost: virthost11.phx2.fedoraproject.org +datacenter: phx2 + +ks_url: http://infrastructure.phx2.fedoraproject.org/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://infrastructure.phx2.fedoraproject.org/repo/rhel/RHEL7-x86_64/ + +# This is a generic list, monitored by collectd +databases: +- koji + +# These are normally group variables, but in this case db servers are often different +lvm_size: 500000 +mem_size: 16384 +max_mem_size: "{{ mem_size }}" +num_cpus: 8 +fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-veteran + +# kernel SHMMAX value +kernel_shmmax: 68719476736 + +# +# Only allow postgresql access from the frontend node. +# +custom_rules: [ + '-A INPUT -p tcp -m tcp -s 10.5.128.139 --dport 5432 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.128.98 --dport 5432 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.128.99 --dport 5432 -j ACCEPT', + '-A INPUT -d 224.0.0.0/8 -j ACCEPT', + '-A INPUT -p vrrp -j ACCEPT', +] + +# +# Large updates pushes cause lots of db threads doing the tag moves, so up this from default. +# +nrpe_procs_warn: 600 +nrpe_procs_crit: 700 +shared_buffers: "8GB" +effective_cache_size: "24GB" + +# Keepalived variables +keepalived_interface: eth0 +keepalived_priority: 50 +keepalived_ipaddress: 10.5.128.97/24 +keepalived_routerid: 18 + diff --git a/inventory/host_vars/db-openqa01.iad2.fedoraproject.org b/inventory/host_vars/db-openqa01.iad2.fedoraproject.org deleted file mode 100644 index f1c095ab64..0000000000 --- a/inventory/host_vars/db-openqa01.iad2.fedoraproject.org +++ /dev/null @@ -1,31 +0,0 @@ ---- -# This is a generic list, monitored by collectd -databases: - - postgres - - openqa -datacenter: iad2 -db_backup_dir: ['/backups'] -# This is a more strict list, to be made publicly available -dbs_to_backup: - - postgres - # these names are also stored as host vars 'openqa_dbname', - # make sure to keep in sync - - openqa - - openqa-stg -effective_cache_size: "6GB" -eth0_ipv4_gw: 10.3.174.254 -eth0_ipv4_ip: 10.3.174.51 -host_backup_targets: ['/backups'] -# kernel SHMMAX value -kernel_shmmax: 68719476736 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# These are normally group variables, but in this case db servers are often different -lvm_size: 300000 -mem_size: 16384 -num_cpus: 10 -shared_buffers: "2GB" -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -tcp_ports: [5432, 443, 3306] -vmhost: qvmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/db-ppc-koji01.ppc.fedoraproject.org b/inventory/host_vars/db-ppc-koji01.ppc.fedoraproject.org new file mode 100644 index 0000000000..13d39bbfe4 --- /dev/null +++ b/inventory/host_vars/db-ppc-koji01.ppc.fedoraproject.org @@ -0,0 +1,48 @@ +--- +nm: 255.255.255.0 +gw: 10.5.129.254 +dns: 10.5.126.21 +volgroup: /dev/vg_guests +eth0_ip: 10.5.129.241 +main_bridge: br1 +vmhost: ppc8-01.ppc.fedoraproject.org +datacenter: phx2 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-ppc64le +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-ppc64le/ + +virt_install_command: "{{ virt_install_command_one_nic }} --graphics none" + +# This is a generic list, monitored by collectd +databases: +- koji + +# This is a more strict list, to be made publicly available +dbs_to_backup: +- koji + +fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-releng,sysadmin-veteran +sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers" + +# These are normally group variables, but in this case db servers are often different +lvm_size: 500000 +mem_size: 8192 +num_cpus: 12 + +# kernel SHMMAX value +kernel_shmmax: 68719476736 + +# +# Only allow postgresql access from the frontend node. +# +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.129.240 --dport 5432 -j ACCEPT' ] + +# +# Large updates pushes cause lots of db threads doing the tag moves, so up this from default. +# +nrpe_procs_warn: 600 +nrpe_procs_crit: 700 + +db_backup_dir: ['/backups'] +shared_buffers: "2GB" +effective_cache_size: "6GB" diff --git a/inventory/host_vars/db-qa-stg01.qa.fedoraproject.org b/inventory/host_vars/db-qa-stg01.qa.fedoraproject.org new file mode 100644 index 0000000000..5efbd388ee --- /dev/null +++ b/inventory/host_vars/db-qa-stg01.qa.fedoraproject.org @@ -0,0 +1,75 @@ +--- +############################################################ +# general +############################################################ + +datacenter: phx2 +fas_client_groups: sysadmin-qa,sysadmin-noc,sysadmin-veteran + + +############################################################ +# networking +############################################################ + +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +eth0_ip: 10.5.124.145 +eth0_nm: 255.255.255.128 + + +############################################################ +# install +############################################################ + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-24 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/24/Server/x86_64/os/ +volgroup: /dev/vg_guests +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" +vmhost: virthost-comm04.qa.fedoraproject.org + + +############################################################ +# virtual machine +############################################################ + +# These are normally group variables, but in this case db servers are often different +lvm_size: 300000 +mem_size: 8192 +num_cpus: 2 +tcp_ports: [ 5432, 443 ] + + +############################################################ +# database details +############################################################ + +# This is a generic list, monitored by collectd +databases: +- postgres +#- resultsdb + +# This is a more strict list, to be made publicly available +#dbs_to_backup: +#- postgres +#- buildmaster +#- buildmaster_dev +#- buildmaster_stg +#- execdb +#- execdb_stg +#- execdb_dev +## these names are also stored as host vars 'openqa_dbname', +## make sure to keep in sync +#- openqa +#- openqa-stg +#- resultsdb +#- resultsdb_stg +#- resultsdb_dev + + +# kernel SHMMAX value +kernel_shmmax: 68719476736 + +db_backup_dir: ['/backups'] +shared_buffers: "2GB" +effective_cache_size: "6GB" diff --git a/inventory/host_vars/db-qa01.qa.fedoraproject.org b/inventory/host_vars/db-qa01.qa.fedoraproject.org new file mode 100644 index 0000000000..20891adf9d --- /dev/null +++ b/inventory/host_vars/db-qa01.qa.fedoraproject.org @@ -0,0 +1,52 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/VirtGuests +eth0_ip: 10.5.124.144 +eth0_nm: 255.255.255.128 +vmhost: virthost-comm03.qa.fedoraproject.org +datacenter: phx2 + +# This is a generic list, monitored by collectd +databases: +- postgres +- buildmaster +- execdb +- openqa +- resultsdb + +# This is a more strict list, to be made publicly available +dbs_to_backup: +- postgres +- buildmaster +- buildmaster_dev +- buildmaster_stg +- execdb +- execdb_stg +- execdb_dev +# these names are also stored as host vars 'openqa_dbname', +# make sure to keep in sync +- openqa +- openqa-stg +- resultsdb +- resultsdb_stg +- resultsdb_dev + +mariadb_root_password: "{{ dbqa01_mysql_root_password }}" + +# These are normally group variables, but in this case db servers are often different +lvm_size: 300000 +mem_size: 8192 +num_cpus: 2 +tcp_ports: [ 5432, 443, 3306 ] +fas_client_groups: sysadmin-qa,sysadmin-noc,sysadmin-veteran + +# kernel SHMMAX value +kernel_shmmax: 68719476736 + +db_backup_dir: ['/backups'] +shared_buffers: "2GB" +effective_cache_size: "6GB" diff --git a/inventory/host_vars/db-qa02.qa.fedoraproject.org b/inventory/host_vars/db-qa02.qa.fedoraproject.org new file mode 100644 index 0000000000..3ba7d57dd4 --- /dev/null +++ b/inventory/host_vars/db-qa02.qa.fedoraproject.org @@ -0,0 +1,35 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/VirtGuests +eth0_ip: 10.5.124.143 +eth0_nm: 255.255.255.128 +vmhost: virthost-comm03.qa.fedoraproject.org +datacenter: phx2 + +# This is a generic list, monitored by collectd +databases: +- resultsdb + +# This is a more strict list, to be made publicly available +dbs_to_backup: +- postgres +- resultsdb + +# These are normally group variables, but in this case db servers are often different +lvm_size: 300000 +mem_size: 16384 +max_mem_size: "{{ mem_size * 2 }}" +num_cpus: 6 +tcp_ports: [ 5432, 443, 3306 ] +fas_client_groups: sysadmin-qa,sysadmin-noc,sysadmin-veteran + +# kernel SHMMAX value +kernel_shmmax: 68719476736 + +db_backup_dir: ['/backups'] +shared_buffers: "2GB" +effective_cache_size: "6GB" diff --git a/inventory/host_vars/db-riscv-koji01.iad2.fedoraproject.org b/inventory/host_vars/db-riscv-koji01.iad2.fedoraproject.org deleted file mode 100644 index f03422a3ce..0000000000 --- a/inventory/host_vars/db-riscv-koji01.iad2.fedoraproject.org +++ /dev/null @@ -1,31 +0,0 @@ ---- -# This is a generic list, monitored by collectd -custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.172.21 --dport 5432 -j ACCEPT'] -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 10.3.172.21 tcp dport 5432 counter accept' -databases: - - koji -datacenter: iad2 -db_backup_dir: ['/backups'] -dbs_to_backup: - - koji -dns1: 10.3.163.33 -effective_cache_size: "6GB" -eth0_ipv4_gw: 10.3.172.254 -eth0_ipv4_ip: 10.3.172.20 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# These are normally group variables, but in this case db servers are often different -lvm_size: 100000 -max_stack_depth: "4MB" -mem_size: 16384 -nrpe_procs_crit: 800 -# -# Large updates pushes cause lots of db threads doing the tag moves, so up this from default. -# -nrpe_procs_warn: 600 -num_cpus: 8 -shared_buffers: "2GB" -temp_buffers: "8MB" -vmhost: bvmhost-x86-riscv01.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/db-s390-koji01.s390.fedoraproject.org b/inventory/host_vars/db-s390-koji01.s390.fedoraproject.org new file mode 100644 index 0000000000..13f425037f --- /dev/null +++ b/inventory/host_vars/db-s390-koji01.s390.fedoraproject.org @@ -0,0 +1,44 @@ +--- +nm: 255.255.255.0 +gw: 10.5.129.254 +dns: 10.5.126.21 +volgroup: /dev/vg_guests +eth0_ip: 10.5.129.181 +vmhost: virthost-s390.s390.fedoraproject.org +datacenter: phx2 + +ks_url: http://infrastructure.phx2.fedoraproject.org/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://infrastructure.phx2.fedoraproject.org/repo/rhel/RHEL7-x86_64/ + +# This is a generic list, monitored by collectd +databases: +- koji + +# This is a more strict list, to be made publicly available +dbs_to_backup: +- koji + +# These are normally group variables, but in this case db servers are often different +lvm_size: 500000 +mem_size: 25165 +num_cpus: 12 +fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-secondary,sysadmin-veteran +sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers" + +# kernel SHMMAX value +kernel_shmmax: 68719476736 + +# +# Only allow postgresql access from the frontend node. +# +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.129.180 --dport 5432 -j ACCEPT' ] + +# +# Large updates pushes cause lots of db threads doing the tag moves, so up this from default. +# +nrpe_procs_warn: 600 +nrpe_procs_crit: 700 + +db_backup_dir: ['/backups'] +shared_buffers: "6GB" +effective_cache_size: "18GB" diff --git a/inventory/host_vars/db.stg.aws.fedoraproject.org b/inventory/host_vars/db.stg.aws.fedoraproject.org deleted file mode 100644 index daaa7d354d..0000000000 --- a/inventory/host_vars/db.stg.aws.fedoraproject.org +++ /dev/null @@ -1,38 +0,0 @@ ---- -ansible_become: yes -ansible_become_user: root -ansible_user: ec2-user -root_auth_users: msuchy -# This is a generic list, monitored by collectd -databases: - - coprdb -db_backup_dir: ['/backups'] -# Should be 0.25 of memory -#shared_buffers: "16GB" -# Should be 0.80 of memory -#effective_cache_size: "50GB" -#max_stack_depth: "6MB" - -# This is a more strict list of databases to backup every day -dbs_to_backup: - - coprdb -description: copr database - staging instance -hostbase: db-stg-aws -inventory_hostname: "db.stg.aws.fedoraproject.org" -inventory_instance_name: db_stg_aws - -# This instance is stopped for now (not enough time to finish) -nagios_Can_Connect: false -nagios_Check_Services: - dhcpd: false - httpd: false - mail: false - named: false - nrpe: false - ping: false - raid: false - sshd: false - swap: false -public_ip: 184.73.23.234 -swap_file_path: /swap -swap_file_size_mb: 4096 diff --git a/inventory/host_vars/db01.iad2.fedoraproject.org b/inventory/host_vars/db01.iad2.fedoraproject.org deleted file mode 100644 index 9407754b08..0000000000 --- a/inventory/host_vars/db01.iad2.fedoraproject.org +++ /dev/null @@ -1,77 +0,0 @@ ---- -# -# We should narrow this down at some point -# -custom_rules: ['-A INPUT -p tcp -m tcp --dport 5432 -j ACCEPT'] -nft_custom_rules: ['add rule ip filter INPUT tcp dport 5432 counter accept'] -# This is a generic list, monitored by collectd -databases: - - anitya - - blockerbugs - - bodhi2 - - elections - - fedocal - - hyperkitty - - kerneltest - - koschei - - mailman - - mirrormanager2 - - notifications - - pagure - - resultsdb - - tahrir - - testdays - - testdays_resultsdb - - transtats - - waiverdb - - webhook2fedmsg - - zezere -datacenter: iad2 -db_backup_dir: ['/backups'] -# This is a more strict list of databases to backup every day -dbs_to_backup: - - anitya - - blockerbugs - - bodhi2 - - elections - - fedocal - - hyperkitty - - kerneltest - - koschei - - mailman - - mirrormanager2 - - notifications - - pagure - - resultsdb - - tahrir - - testdays - - testdays_resultsdb - - transtats - - waiverdb - - webhook2fedmsg - - zezere -# Should be 0.80 of memory -effective_cache_size: "50GB" -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.41 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# These are normally group variables, but in this case db servers are often different -lvm_size: 1500000 -max_cpu: "{{ num_cpus }}" -max_mem_size: "{{ mem_size * 2 }}" -max_stack_depth: "6MB" -max_worker_processes: 12 -mem_size: 65536 -nagios_Check_Services: - swap: false -nrpe_procs_crit: 900 -# -# db01 handles lots of apps, could have many procs if they are busy. -# -nrpe_procs_warn: 800 -num_cpus: 48 -# Should be 0.25 of memory -shared_buffers: "24GB" -vmhost: vmhost-x86-08.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/db01.phx2.fedoraproject.org b/inventory/host_vars/db01.phx2.fedoraproject.org new file mode 100644 index 0000000000..1213f16d75 --- /dev/null +++ b/inventory/host_vars/db01.phx2.fedoraproject.org @@ -0,0 +1,86 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.71 +vmhost: virthost02.phx2.fedoraproject.org +datacenter: phx2 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +# This is a generic list, monitored by collectd +databases: +- askfedora +- autocloud +- blockerbugs +- bodhi +- bodhi2 +- darkserver +- elections +- fedocal +- fedoratagger +- hyperkitty +- kerneltest +- koschei +- mailman +- mbs +- mirrormanager +- notifications +- nuancier_lite +- odcs +- pdc +- pkgdb2 +- statscache +- summershum +- tahrir +- waiverdb + +# This is a more strict list of databases to backup every day +dbs_to_backup: +- askfedora +- autocloud +- blockerbugs +- bodhi +- bodhi2 +- darkserver +- elections +- fedocal +- fedoratagger +- hyperkitty +- kerneltest +- koschei +- mailman +- mbs +- mirrormanager +- notifications +- nuancier_lite +- odcs +- pdc +- pkgdb2 +- statscache +- summershum +- tahrir +- waiverdb + +# These are normally group variables, but in this case db servers are often different +lvm_size: 500000 +mem_size: 16384 +num_cpus: 10 +fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-veteran + +# +# We should narrow this down at some point +# +custom_rules: [ '-A INPUT -p tcp -m tcp --dport 5432 -j ACCEPT' ] + +# +# db01 handles lots of apps, could have many procs if they are busy. +# +nrpe_procs_warn: 800 +nrpe_procs_crit: 900 + +db_backup_dir: ['/backups'] +shared_buffers: "4GB" +effective_cache_size: "12GB" diff --git a/inventory/host_vars/db01.stg.iad2.fedoraproject.org b/inventory/host_vars/db01.stg.iad2.fedoraproject.org deleted file mode 100644 index 305dc448db..0000000000 --- a/inventory/host_vars/db01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,36 +0,0 @@ ---- -# -# We should narrow this down at some point -# -custom_rules: ['-A INPUT -p tcp -m tcp --dport 5432 -j ACCEPT'] -nft_custom_rules: ['add rule ip filter INPUT tcp dport 5432 counter accept'] -# This is a generic list, monitored by collectd -databases: - - askfedora - - blockerbugs - - bodhi - - elections - - fedocal - - kerneltest - - mailman - - mirrormanager - - notifications - - tahrir -datacenter: iad2 -effective_cache_size: "12GB" -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.32 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# These are normally group variables, but in this case db servers are often different -lvm_size: 500000 -mem_size: 16384 -nrpe_procs_crit: 900 -# -# db01 handles lots of apps, could have many procs if they are busy. -# -nrpe_procs_warn: 800 -num_cpus: 4 -shared_buffers: "4GB" -vmhost: vmhost-x86-09.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/db01.stg.phx2.fedoraproject.org b/inventory/host_vars/db01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..98fd21ab19 --- /dev/null +++ b/inventory/host_vars/db01.stg.phx2.fedoraproject.org @@ -0,0 +1,47 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +eth0_ip: 10.5.128.120 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost16 +vmhost: virthost16.phx2.fedoraproject.org +datacenter: phx2 + +# This is a generic list, monitored by collectd +databases: +- askfedora +- blockerbugs +- bodhi +- elections +- fedocal +- fedoratagger +- fedoratagger +- kerneltest +- mailman +- mirrormanager +- notifications +- nuancier_lite +- pkgdb2 +- summershum +- tahrir + +# These are normally group variables, but in this case db servers are often different +lvm_size: 300000 +mem_size: 16384 +num_cpus: 4 +fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-veteran + +# +# We should narrow this down at some point +# +custom_rules: [ '-A INPUT -p tcp -m tcp --dport 5432 -j ACCEPT' ] + +# +# db01 handles lots of apps, could have many procs if they are busy. +# +nrpe_procs_warn: 800 +nrpe_procs_crit: 900 +shared_buffers: "4GB" +effective_cache_size: "12GB" diff --git a/inventory/host_vars/db03.iad2.fedoraproject.org b/inventory/host_vars/db03.iad2.fedoraproject.org deleted file mode 100644 index 701c8bfc26..0000000000 --- a/inventory/host_vars/db03.iad2.fedoraproject.org +++ /dev/null @@ -1,26 +0,0 @@ ---- -# This is a generic list, monitored by collectd -databases: - - mysql - - fpo-mediawiki -datacenter: iad2 -db_backup_dir: ['/backups'] -# This is a more strict list of db to backup to /backups -dbs_to_backup: - - fpo-mediawiki -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.44 -extra_enablerepos: '' -# kernel SHMMAX value -kernel_shmmax: 68719476736 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# These are normally group variables, but in this case db servers are often different -lvm_size: 500000 -mariadb_root_password: "{{ db03_mysql_root_password }}" -mem_size: 16384 -num_cpus: 8 -shared_buffers: "4GB" -tcp_ports: [5432, 443, 3306] -vmhost: vmhost-x86-08.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/db03.phx2.fedoraproject.org b/inventory/host_vars/db03.phx2.fedoraproject.org new file mode 100644 index 0000000000..faae72d44f --- /dev/null +++ b/inventory/host_vars/db03.phx2.fedoraproject.org @@ -0,0 +1,39 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.112 +vmhost: virthost02.phx2.fedoraproject.org +datacenter: phx2 + +# This is a generic list, monitored by collectd +databases: +- mysql +- darkserver +- fpo-mediawiki +- pastebin + +# This is a more strict list of db to backup to /backups +dbs_to_backup: +- darkserver +- fpo-mediawiki +- pastebin + +mariadb_root_password: "{{ db03_mysql_root_password }}" + +# These are normally group variables, but in this case db servers are often different +lvm_size: 300000 +mem_size: 8192 +num_cpus: 2 +tcp_ports: [ 5432, 443, 3306 ] +fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-veteran + +# kernel SHMMAX value +kernel_shmmax: 68719476736 + +db_backup_dir: ['/backups'] +shared_buffers: "4GB" +extra_enablerepos: '' diff --git a/inventory/host_vars/db03.stg.iad2.fedoraproject.org b/inventory/host_vars/db03.stg.iad2.fedoraproject.org deleted file mode 100644 index 620760f4fa..0000000000 --- a/inventory/host_vars/db03.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,24 +0,0 @@ ---- -# This is a generic list, monitored by collectd -databases: - - postgres -datacenter: iad2 -db_backup_dir: ['/backups'] -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.35 -extra_enablerepos: '' -# kernel SHMMAX value -kernel_shmmax: 68719476736 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# These are normally group variables, but in this case db servers are often different -lvm_size: 500000 -# This is a more strict list, to be made publicly available -#dbs_to_backup: -mariadb_root_password: "{{ db03_stg_mysql_root_password }}" -mem_size: 16384 -num_cpus: 4 -shared_buffers: "4GB" -tcp_ports: [5432, 443, 3306] -vmhost: vmhost-x86-01.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/db03.stg.phx2.fedoraproject.org b/inventory/host_vars/db03.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..30fde726bf --- /dev/null +++ b/inventory/host_vars/db03.stg.phx2.fedoraproject.org @@ -0,0 +1,33 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.95 +vmhost: virthost11.phx2.fedoraproject.org +datacenter: phx2 + +# This is a generic list, monitored by collectd +databases: +- postgres + +# This is a more strict list, to be made publicly available +#dbs_to_backup: + +mariadb_root_password: "{{ db03_stg_mysql_root_password }}" + +# These are normally group variables, but in this case db servers are often different +lvm_size: 300000 +mem_size: 8192 +num_cpus: 2 +tcp_ports: [ 5432, 443, 3306 ] +fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-veteran + +# kernel SHMMAX value +kernel_shmmax: 68719476736 + +db_backup_dir: ['/backups'] +shared_buffers: "4GB" +extra_enablerepos: '' diff --git a/inventory/host_vars/debuginfod01.iad2.fedoraproject.org b/inventory/host_vars/debuginfod01.iad2.fedoraproject.org deleted file mode 100644 index ae46af24f8..0000000000 --- a/inventory/host_vars/debuginfod01.iad2.fedoraproject.org +++ /dev/null @@ -1,11 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.109 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -sar_script_user: root -virt_install_command: "{{ virt_install_command_one_nic }}" -vmhost: vmhost-x86-06.iad2.fedoraproject.org -volgroup: /dev/vg_guests -dnf_automatic_type: default diff --git a/inventory/host_vars/debuginfod01.stg.iad2.fedoraproject.org b/inventory/host_vars/debuginfod01.stg.iad2.fedoraproject.org deleted file mode 100644 index 49dcd5e2ab..0000000000 --- a/inventory/host_vars/debuginfod01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,9 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.62 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -vmhost: vmhost-x86-08.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests -dnf_automatic_type: default diff --git a/inventory/host_vars/dedicatedsolutions01.fedoraproject.org b/inventory/host_vars/dedicatedsolutions01.fedoraproject.org index 8ff0ebd623..191e9929ed 100644 --- a/inventory/host_vars/dedicatedsolutions01.fedoraproject.org +++ b/inventory/host_vars/dedicatedsolutions01.fedoraproject.org @@ -1,44 +1,13 @@ --- -br0_ipv4: 67.219.144.66 -br0_ipv4_gw: 67.219.144.65 -br0_ipv4_nm: 29 +datacenter: dedicatedsolutions +virthost: true +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +postfix_group: vpn +vpn: true +br0_ip: 67.219.144.66 +br0_nm: 255.255.255.248 +has_ipv6: yes br0_ipv6: "2604:1580:fe00:0:dead:beef:cafe:fe01" br0_ipv6_gw: "2604:1580:fe00::1" -br0_ipv6_nm: 64 -br0_port0_mac: "{{ mac1 }}" -datacenter: dedicatedsolutions -dns1: 8.8.8.8 -dns2: 8.8.4.4 -dns_search1: "vpn.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -has_ipv6: yes -mac1: d8:d3:85:b8:d9:00 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - gateway6: "{{ br0_ipv6_gw }}" - name: br0 - state: up - type: bridge - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -postfix_group: vpn -virthost: true -vpn: true diff --git a/inventory/host_vars/dell-fx01-01.phx2.fedoraproject.org b/inventory/host_vars/dell-fx01-01.phx2.fedoraproject.org new file mode 100644 index 0000000000..2325c79e61 --- /dev/null +++ b/inventory/host_vars/dell-fx01-01.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.164 +eth1_ip: 10.5.127.71 diff --git a/inventory/host_vars/dell-fx01-02.phx2.fedoraproject.org b/inventory/host_vars/dell-fx01-02.phx2.fedoraproject.org new file mode 100644 index 0000000000..c1e249b5c0 --- /dev/null +++ b/inventory/host_vars/dell-fx01-02.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.165 +eth1_ip: 10.5.127.72 diff --git a/inventory/host_vars/dell-fx01-03.phx2.fedoraproject.org b/inventory/host_vars/dell-fx01-03.phx2.fedoraproject.org new file mode 100644 index 0000000000..f61c747610 --- /dev/null +++ b/inventory/host_vars/dell-fx01-03.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.166 +eth1_ip: 10.5.127.73 diff --git a/inventory/host_vars/dell-fx01-04.phx2.fedoraproject.org b/inventory/host_vars/dell-fx01-04.phx2.fedoraproject.org new file mode 100644 index 0000000000..146d166b9b --- /dev/null +++ b/inventory/host_vars/dell-fx01-04.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.167 +eth1_ip: 10.5.127.74 diff --git a/inventory/host_vars/dell-fx01-05.phx2.fedoraproject.org b/inventory/host_vars/dell-fx01-05.phx2.fedoraproject.org new file mode 100644 index 0000000000..6f220d353a --- /dev/null +++ b/inventory/host_vars/dell-fx01-05.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.168 +eth1_ip: 10.5.127.75 diff --git a/inventory/host_vars/dell-fx01-06.phx2.fedoraproject.org b/inventory/host_vars/dell-fx01-06.phx2.fedoraproject.org new file mode 100644 index 0000000000..2e82f6e024 --- /dev/null +++ b/inventory/host_vars/dell-fx01-06.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.169 +eth1_ip: 10.5.127.76 diff --git a/inventory/host_vars/dell-fx01-07.phx2.fedoraproject.org b/inventory/host_vars/dell-fx01-07.phx2.fedoraproject.org new file mode 100644 index 0000000000..3d0d502cb8 --- /dev/null +++ b/inventory/host_vars/dell-fx01-07.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.170 +eth1_ip: 10.5.127.77 diff --git a/inventory/host_vars/dell-fx01-08.phx2.fedoraproject.org b/inventory/host_vars/dell-fx01-08.phx2.fedoraproject.org new file mode 100644 index 0000000000..03a4821ea1 --- /dev/null +++ b/inventory/host_vars/dell-fx01-08.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.171 +eth1_ip: 10.5.127.78 diff --git a/inventory/host_vars/dell-fx02-01.phx2.fedoraproject.org b/inventory/host_vars/dell-fx02-01.phx2.fedoraproject.org new file mode 100644 index 0000000000..041061422d --- /dev/null +++ b/inventory/host_vars/dell-fx02-01.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.172 +eth1_ip: 10.5.127.145 diff --git a/inventory/host_vars/dell-fx02-02.phx2.fedoraproject.org b/inventory/host_vars/dell-fx02-02.phx2.fedoraproject.org new file mode 100644 index 0000000000..97877358cd --- /dev/null +++ b/inventory/host_vars/dell-fx02-02.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.173 +eth1_ip: 10.5.127.146 diff --git a/inventory/host_vars/dell-fx02-03.phx2.fedoraproject.org b/inventory/host_vars/dell-fx02-03.phx2.fedoraproject.org new file mode 100644 index 0000000000..1263d947f5 --- /dev/null +++ b/inventory/host_vars/dell-fx02-03.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.174 +eth1_ip: 10.5.127.147 diff --git a/inventory/host_vars/dell-fx02-04.phx2.fedoraproject.org b/inventory/host_vars/dell-fx02-04.phx2.fedoraproject.org new file mode 100644 index 0000000000..932d89bcc9 --- /dev/null +++ b/inventory/host_vars/dell-fx02-04.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.175 +eth1_ip: 10.5.127.148 diff --git a/inventory/host_vars/dell-fx02-05.phx2.fedoraproject.org b/inventory/host_vars/dell-fx02-05.phx2.fedoraproject.org new file mode 100644 index 0000000000..2764d07ae7 --- /dev/null +++ b/inventory/host_vars/dell-fx02-05.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.176 +eth1_ip: 10.5.127.149 diff --git a/inventory/host_vars/dell-fx02-06.phx2.fedoraproject.org b/inventory/host_vars/dell-fx02-06.phx2.fedoraproject.org new file mode 100644 index 0000000000..68263cbd16 --- /dev/null +++ b/inventory/host_vars/dell-fx02-06.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.177 +eth1_ip: 10.5.127.150 diff --git a/inventory/host_vars/dell-fx02-07.phx2.fedoraproject.org b/inventory/host_vars/dell-fx02-07.phx2.fedoraproject.org new file mode 100644 index 0000000000..38ad6f6720 --- /dev/null +++ b/inventory/host_vars/dell-fx02-07.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.178 +eth1_ip: 10.5.127.151 diff --git a/inventory/host_vars/dell-fx02-08.phx2.fedoraproject.org b/inventory/host_vars/dell-fx02-08.phx2.fedoraproject.org new file mode 100644 index 0000000000..ba63a8aae6 --- /dev/null +++ b/inventory/host_vars/dell-fx02-08.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.125.254 +eth0_ip: 10.5.125.179 +eth1_ip: 10.5.127.152 diff --git a/inventory/host_vars/developer.fedorainfracloud.org b/inventory/host_vars/developer.fedorainfracloud.org new file mode 100644 index 0000000000..aeac2e7ed0 --- /dev/null +++ b/inventory/host_vars/developer.fedorainfracloud.org @@ -0,0 +1,18 @@ +--- +image: "{{ fedora25_x86_64 }}" +instance_type: m1.large +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,web-443-anywhere-persistent,default,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: developer +hostbase: developer +public_ip: 209.132.184.102 +root_auth_users: asamalik jstribny phracek pvalena +description: Fedora Developer web site. + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" diff --git a/inventory/host_vars/dhcp01.phx2.fedoraproject.org b/inventory/host_vars/dhcp01.phx2.fedoraproject.org new file mode 100644 index 0000000000..f5a239b677 --- /dev/null +++ b/inventory/host_vars/dhcp01.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_bvirthost09 +vmhost: bvirthost09.phx2.fedoraproject.org +datacenter: phx2 + +eth0_ip: 10.5.125.43 diff --git a/inventory/host_vars/dl01.iad2.fedoraproject.org b/inventory/host_vars/dl01.iad2.fedoraproject.org deleted file mode 100644 index e5e163448e..0000000000 --- a/inventory/host_vars/dl01.iad2.fedoraproject.org +++ /dev/null @@ -1,18 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.49 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -lvm_size: 20000 -max_mem_size: 20480 -mem_size: 16384 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -public_hostname: dl-iad01.fedoraproject.org -tcp_ports: [80, 443, 873] -virt_install_command: "{{ virt_install_command_one_nic }}" -vmhost: vmhost-x86-03.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/dl02.iad2.fedoraproject.org b/inventory/host_vars/dl02.iad2.fedoraproject.org deleted file mode 100644 index 9cc1f327b5..0000000000 --- a/inventory/host_vars/dl02.iad2.fedoraproject.org +++ /dev/null @@ -1,19 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.50 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -lvm_size: 20000 -main_bridge: br0 -max_mem_size: 20480 -mem_size: 16384 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -public_hostname: dl-iad01.fedoraproject.org -tcp_ports: [80, 443, 873] -virt_install_command: "{{ virt_install_command_one_nic }}" -vmhost: vmhost-x86-04.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/dl03.iad2.fedoraproject.org b/inventory/host_vars/dl03.iad2.fedoraproject.org deleted file mode 100644 index fc8e647225..0000000000 --- a/inventory/host_vars/dl03.iad2.fedoraproject.org +++ /dev/null @@ -1,19 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.51 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -lvm_size: 20000 -main_bridge: br0 -max_mem_size: 20480 -mem_size: 16384 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -public_hostname: dl-iad01.fedoraproject.org -tcp_ports: [80, 443, 873] -virt_install_command: "{{ virt_install_command_one_nic }}" -vmhost: vmhost-x86-05.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/dl04.iad2.fedoraproject.org b/inventory/host_vars/dl04.iad2.fedoraproject.org deleted file mode 100644 index 70195402a3..0000000000 --- a/inventory/host_vars/dl04.iad2.fedoraproject.org +++ /dev/null @@ -1,19 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.85 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -lvm_size: 20000 -main_bridge: br0 -max_mem_size: 20480 -mem_size: 16384 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -public_hostname: dl-iad01.fedoraproject.org -tcp_ports: [80, 443, 873] -virt_install_command: "{{ virt_install_command_one_nic }}" -vmhost: vmhost-x86-06.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/dl05.iad2.fedoraproject.org b/inventory/host_vars/dl05.iad2.fedoraproject.org deleted file mode 100644 index eb7e51a6e8..0000000000 --- a/inventory/host_vars/dl05.iad2.fedoraproject.org +++ /dev/null @@ -1,17 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.84 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -lvm_size: 20000 -main_bridge: br0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -public_hostname: dl-iad01.fedoraproject.org -tcp_ports: [80, 443, 873] -virt_install_command: "{{ virt_install_command_one_nic }}" -vmhost: vmhost-x86-01.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/docker-candidate-registry01.phx2.fedoraproject.org b/inventory/host_vars/docker-candidate-registry01.phx2.fedoraproject.org new file mode 100644 index 0000000000..bd87883da8 --- /dev/null +++ b/inventory/host_vars/docker-candidate-registry01.phx2.fedoraproject.org @@ -0,0 +1,18 @@ +--- +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-docker-reg +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.125.57 +vmhost: bvirthost01.phx2.fedoraproject.org +datacenter: phx2 + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 16384 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/docker-candidate-registry01.stg.phx2.fedoraproject.org b/inventory/host_vars/docker-candidate-registry01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..c2fbf40d09 --- /dev/null +++ b/inventory/host_vars/docker-candidate-registry01.stg.phx2.fedoraproject.org @@ -0,0 +1,18 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-docker-reg +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.122 +vmhost: virthost20.phx2.fedoraproject.org +datacenter: phx2 + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 8192 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/docker-registry01.stg.phx2.fedoraproject.org b/inventory/host_vars/docker-registry01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..cca485a17a --- /dev/null +++ b/inventory/host_vars/docker-registry01.stg.phx2.fedoraproject.org @@ -0,0 +1,18 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-docker-reg +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.123 +vmhost: virthost20.phx2.fedoraproject.org +datacenter: phx2 + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 8192 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/docker-registry02.phx2.fedoraproject.org b/inventory/host_vars/docker-registry02.phx2.fedoraproject.org new file mode 100644 index 0000000000..0f13c692d8 --- /dev/null +++ b/inventory/host_vars/docker-registry02.phx2.fedoraproject.org @@ -0,0 +1,18 @@ +--- +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-docker-reg +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.125.77 +vmhost: bvirthost01.phx2.fedoraproject.org +datacenter: phx2 + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 8192 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/docker-registry02.stg.phx2.fedoraproject.org b/inventory/host_vars/docker-registry02.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..815bfde1cc --- /dev/null +++ b/inventory/host_vars/docker-registry02.stg.phx2.fedoraproject.org @@ -0,0 +1,18 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-docker-reg +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.124 +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 8192 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/docker-registry03.phx2.fedoraproject.org b/inventory/host_vars/docker-registry03.phx2.fedoraproject.org new file mode 100644 index 0000000000..db421414ba --- /dev/null +++ b/inventory/host_vars/docker-registry03.phx2.fedoraproject.org @@ -0,0 +1,18 @@ +--- +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-docker-reg +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.125.78 +vmhost: bvirthost04.phx2.fedoraproject.org +datacenter: phx2 + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 8192 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/docs-dev-builder01.fedorainfracloud.org b/inventory/host_vars/docs-dev-builder01.fedorainfracloud.org new file mode 100644 index 0000000000..cdd4d0c9f3 --- /dev/null +++ b/inventory/host_vars/docs-dev-builder01.fedorainfracloud.org @@ -0,0 +1,20 @@ +--- +image: Fedora-Cloud-Base-22-20150521.x86_64 +instance_type: m1.medium +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,default,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: docs-dev-builder01 +hostbase: docs-dev-builder01 +public_ip: 209.132.184.56 +root_auth_users: immanetize +description: docs-dev buildbot builder + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + +freezes: false diff --git a/inventory/host_vars/docs-dev-frontend.fedorainfracloud.org b/inventory/host_vars/docs-dev-frontend.fedorainfracloud.org new file mode 100644 index 0000000000..d8481e34ef --- /dev/null +++ b/inventory/host_vars/docs-dev-frontend.fedorainfracloud.org @@ -0,0 +1,20 @@ +--- +image: Fedora-Cloud-Base-22-20150521.x86_64 +instance_type: m1.medium +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,default,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: docs-dev-frontend +hostbase: docs-dev-frontend +public_ip: 209.132.184.52 +root_auth_users: immanetize +description: docs-dev frontend server + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + +freezes: false diff --git a/inventory/host_vars/docs-dev-master.fedorainfracloud.org b/inventory/host_vars/docs-dev-master.fedorainfracloud.org new file mode 100644 index 0000000000..3f2a86ba5a --- /dev/null +++ b/inventory/host_vars/docs-dev-master.fedorainfracloud.org @@ -0,0 +1,24 @@ +--- +image: Fedora-Cloud-Base-22-20150521.x86_64 +instance_type: m1.medium +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,default,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: docs-dev-master +hostbase: docs-dev-master +public_ip: 209.132.184.51 +root_auth_users: immanetize +description: taiga frontend server + +volumes: + - volume_id: c37e1833-5ac4-4eac-97c1-24b6d8671dce + device: /dev/vdc + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + +freezes: false diff --git a/inventory/host_vars/download-cc-rdu01.fedoraproject.org b/inventory/host_vars/download-cc-rdu01.fedoraproject.org deleted file mode 100644 index 0364c37ca1..0000000000 --- a/inventory/host_vars/download-cc-rdu01.fedoraproject.org +++ /dev/null @@ -1,47 +0,0 @@ ---- -datacenter: rdu-cc -dns1: 8.8.8.8 -dns2: 8.8.4.4 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -eth0_ipv4_gw: 8.43.85.254 -eth0_ipv4_ip: 8.43.85.72 -eth0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -eth0_ipv6_ip: "2620:52:3:1:dead:beef:cafe:fed1" -eth0_ipv6_nm: 64 -eth0_nm: 255.255.255.0 -has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -lvm_size: 50000 -mac_address: "52:54:00:30:a6:43" -max_mem_size: 49152 -mem_size: 32768 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ mac_address }}" - name: eth0 - type: ethernet -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -postfix_group: vpn -public_hostname: download-cc-rdu01.fedoraproject.org -rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}" -tcp_ports: [80, 443, 873] -vmhost: vmhost-x86-cc03.rdu-cc.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/download-ib01.fedoraproject.org b/inventory/host_vars/download-ib01.fedoraproject.org index 2295d9cb1e..d556cd591c 100644 --- a/inventory/host_vars/download-ib01.fedoraproject.org +++ b/inventory/host_vars/download-ib01.fedoraproject.org @@ -1,47 +1,31 @@ --- -datacenter: ibiblio -dns1: 152.2.21.1 -dns2: 152.2.253.100 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -eth0_ipv4_ip: 152.19.134.145 -eth0_ipv4_gw: 152.19.134.129 -eth0_ipv4_nm: 25 -eth0_ipv6_ip: "2600:2701:4000:5211:dead:beef:00fe:fed6" -eth0_ipv6_gw: "2600:2701:4000:5211::1" -eth0_ipv6_nm: 104 -has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -lvm_size: 150000 -max_mem_size: 49152 -mem_size: 32768 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - - 2001:4860:4860::8888 - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -postfix_group: vpn -public_hostname: download-ib01.fedoraproject.org -rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}" -tcp_ports: [80, 443, 873] -vmhost: ibiblio02.fedoraproject.org +nm: 255.255.255.128 +gw: 152.19.134.129 +dns: 8.8.8.8 + +ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext +ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/ + +vmhost: ibiblio01.fedoraproject.org volgroup: /dev/vg_guests + +eth0_ip: 152.19.134.145 +eth0_nm: 255.255.255.128 +has_ipv6: yes +eth0_ipv6: "2610:28:3090:3001:dead:beef:cafe:fed6" +eth0_ipv6_gw: "2610:28:3090:3001::1" + +datacenter: ibiblio +postfix_group: vpn vpn: true + +tcp_ports: [80, 443, 873] +rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}" + +nrpe_procs_warn: 1200 +nrpe_procs_crit: 1400 + +mem_size: 4096 +max_mem_size: 20480 +lvm_size: 20000 +num_cpus: 8 diff --git a/inventory/host_vars/download-ib02.fedoraproject.org b/inventory/host_vars/download-ib02.fedoraproject.org new file mode 100644 index 0000000000..943f001b14 --- /dev/null +++ b/inventory/host_vars/download-ib02.fedoraproject.org @@ -0,0 +1,31 @@ +--- +nm: 255.255.255.128 +gw: 152.19.134.129 +dns: 8.8.8.8 + +ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext +ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/ + +vmhost: ibiblio01.fedoraproject.org +volgroup: /dev/vg_guests + +eth0_ip: 152.19.134.195 +eth0_nm: 255.255.255.128 +has_ipv6: yes +eth0_ipv6: "2610:28:3090:3001:dead:beef:cafe:feda" +eth0_ipv6_gw: "2610:28:3090:3001::1" + +datacenter: ibiblio +postfix_group: vpn +vpn: true + +tcp_ports: [80, 443, 873] +rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}" + +nrpe_procs_warn: 1200 +nrpe_procs_crit: 1400 + +mem_size: 16384 +max_mem_size: 32768 +lvm_size: 131072 +num_cpus: 8 diff --git a/inventory/host_vars/download-rdu01.fedoraproject.org b/inventory/host_vars/download-rdu01.fedoraproject.org new file mode 100644 index 0000000000..9cb0cbe8a4 --- /dev/null +++ b/inventory/host_vars/download-rdu01.fedoraproject.org @@ -0,0 +1,15 @@ +--- +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 +datacenter: rdu +nm: 255.255.255.0 +gw: 172.31.2.254 +dns: 8.8.8.8 +postfix_group: vpn +vpn: true +eth0_ip: 172.31.2.31 +eth0_nm: 255.255.255.0 +eth1_ip: 172.31.1.1 +eth1_nm: 255.255.255.0 + +public_ip: 209.132.190.4 diff --git a/inventory/host_vars/download01.phx2.fedoraproject.org b/inventory/host_vars/download01.phx2.fedoraproject.org new file mode 100644 index 0000000000..0b4585f104 --- /dev/null +++ b/inventory/host_vars/download01.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.126.254 +eth0_ip: 10.5.126.93 +eth1_ip: 10.5.127.101 diff --git a/inventory/host_vars/download02.phx2.fedoraproject.org b/inventory/host_vars/download02.phx2.fedoraproject.org new file mode 100644 index 0000000000..03ff674206 --- /dev/null +++ b/inventory/host_vars/download02.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.126.254 +eth0_ip: 10.5.126.94 +eth1_ip: 10.5.127.102 diff --git a/inventory/host_vars/download03.phx2.fedoraproject.org b/inventory/host_vars/download03.phx2.fedoraproject.org new file mode 100644 index 0000000000..f8a694b0b4 --- /dev/null +++ b/inventory/host_vars/download03.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.126.254 +eth0_ip: 10.5.126.95 +eth1_ip: 10.5.127.103 diff --git a/inventory/host_vars/download04.phx2.fedoraproject.org b/inventory/host_vars/download04.phx2.fedoraproject.org new file mode 100644 index 0000000000..6bec9b4c0b --- /dev/null +++ b/inventory/host_vars/download04.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +gw: 10.5.126.254 +eth0_ip: 10.5.126.96 +eth1_ip: 10.5.127.104 diff --git a/inventory/host_vars/download05.phx2.fedoraproject.org b/inventory/host_vars/download05.phx2.fedoraproject.org new file mode 100644 index 0000000000..e018bc6c1d --- /dev/null +++ b/inventory/host_vars/download05.phx2.fedoraproject.org @@ -0,0 +1,6 @@ +--- +gw: 10.5.126.254 +eth0_ip: 10.5.126.97 +eth1_ip: 10.5.127.105 +# This is a tier1 only host +rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}-tier1" diff --git a/inventory/host_vars/eclipse.fedorainfracloud.org b/inventory/host_vars/eclipse.fedorainfracloud.org new file mode 100644 index 0000000000..7ffc7ff6ca --- /dev/null +++ b/inventory/host_vars/eclipse.fedorainfracloud.org @@ -0,0 +1,18 @@ +--- +image: "{{ fedora23_x86_64 }}" +instance_type: m1.small +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,web-443-anywhere-persistent,default,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: eclipse +hostbase: eclipse +public_ip: 209.132.184.121 +root_auth_users: mbooth sopotc akurtakov +description: eclipse help for fedora eclipse addons + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" diff --git a/inventory/host_vars/el6-test.fedorainfracloud.org b/inventory/host_vars/el6-test.fedorainfracloud.org new file mode 100644 index 0000000000..5c04b8fc81 --- /dev/null +++ b/inventory/host_vars/el6-test.fedorainfracloud.org @@ -0,0 +1,17 @@ +--- +image: CentOS-6-x86_64-GenericCloud-20141129_01 +instance_type: ms1.medium +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-maintainertest,web-80-anywhere-maintainertest,default,web-443-anywhere-maintainertest,all-icmp-maintainertest +zone: nova +tcp_ports: [22] + +inventory_tenant: maintainertest +inventory_instance_name: el6-test +hostbase: el6-test +public_ip: 209.132.184.220 +description: el6-test instance + +cloud_networks: + # maintainertest-net + - net-id: "a512d096-3fa2-49cc-b989-d43ca687f91d" diff --git a/inventory/host_vars/el7-test.fedorainfracloud.org b/inventory/host_vars/el7-test.fedorainfracloud.org new file mode 100644 index 0000000000..7922987c9a --- /dev/null +++ b/inventory/host_vars/el7-test.fedorainfracloud.org @@ -0,0 +1,17 @@ +--- +image: CentOS-7-x86_64-GenericCloud-1503 +instance_type: ms1.medium +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-maintainertest,web-80-anywhere-maintainertest,default,web-443-anywhere-maintainertest,all-icmp-maintainertest +zone: nova +tcp_ports: [22] + +inventory_tenant: maintainertest +inventory_instance_name: el7-test +hostbase: el7-test +public_ip: 209.132.184.221 +description: el7-test instance + +cloud_networks: + # maintainertest-net + - net-id: "a512d096-3fa2-49cc-b989-d43ca687f91d" diff --git a/inventory/host_vars/el9-test.fedorainfracloud.org b/inventory/host_vars/el9-test.fedorainfracloud.org deleted file mode 100644 index 27f27e21d5..0000000000 --- a/inventory/host_vars/el9-test.fedorainfracloud.org +++ /dev/null @@ -1,3 +0,0 @@ -datacenter: aws -inventory_hostname: "el9-test.fedorainfracloud.org" -baseiptables: False diff --git a/inventory/host_vars/elections01.phx2.fedoraproject.org b/inventory/host_vars/elections01.phx2.fedoraproject.org new file mode 100644 index 0000000000..d226074601 --- /dev/null +++ b/inventory/host_vars/elections01.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.107 +vmhost: virthost19.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/elections01.stg.phx2.fedoraproject.org b/inventory/host_vars/elections01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..f0ca4b7ee2 --- /dev/null +++ b/inventory/host_vars/elections01.stg.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.125 +vmhost: virthost11.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/elections02.phx2.fedoraproject.org b/inventory/host_vars/elections02.phx2.fedoraproject.org new file mode 100644 index 0000000000..a24efe88ff --- /dev/null +++ b/inventory/host_vars/elections02.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests00 +eth0_ip: 10.5.126.108 +vmhost: virthost14.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/f25-test.fedorainfracloud.org b/inventory/host_vars/f25-test.fedorainfracloud.org new file mode 100644 index 0000000000..c9197333f3 --- /dev/null +++ b/inventory/host_vars/f25-test.fedorainfracloud.org @@ -0,0 +1,17 @@ +--- +image: "{{ fedora25_x86_64 }}" +instance_type: ms1.medium +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-maintainertest,web-80-anywhere-maintainertest,default,web-443-anywhere-maintainertest,all-icmp-maintainertest +zone: nova +tcp_ports: [22] + +inventory_tenant: maintainertest +inventory_instance_name: f25-test +hostbase: f25-test +public_ip: 209.132.184.211 +description: f25-test instance + +cloud_networks: + # maintainertest-net + - net-id: "a512d096-3fa2-49cc-b989-d43ca687f91d" diff --git a/inventory/host_vars/f26-test.fedorainfracloud.org b/inventory/host_vars/f26-test.fedorainfracloud.org new file mode 100644 index 0000000000..c9a17a1382 --- /dev/null +++ b/inventory/host_vars/f26-test.fedorainfracloud.org @@ -0,0 +1,17 @@ +--- +image: Fedora-Cloud-Base-26_Alpha-1.1.x86_64 +instance_type: ms1.medium +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-maintainertest,web-80-anywhere-maintainertest,default,web-443-anywhere-maintainertest,all-icmp-maintainertest +zone: nova +tcp_ports: [22] + +inventory_tenant: maintainertest +inventory_instance_name: f26-test +hostbase: f26-test +public_ip: 209.132.184.143 +description: f26-test instance + +cloud_networks: + # maintainertest-net + - net-id: "a512d096-3fa2-49cc-b989-d43ca687f91d" diff --git a/inventory/host_vars/f27-test.fedorainfracloud.org b/inventory/host_vars/f27-test.fedorainfracloud.org new file mode 100644 index 0000000000..388f7cb745 --- /dev/null +++ b/inventory/host_vars/f27-test.fedorainfracloud.org @@ -0,0 +1,17 @@ +--- +image: Fedora-Cloud-Base-27-20170910.n.0.x86_64 +instance_type: ms1.medium +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-maintainertest,web-80-anywhere-maintainertest,default,web-443-anywhere-maintainertest,all-icmp-maintainertest +zone: nova +tcp_ports: [22] + +inventory_tenant: maintainertest +inventory_instance_name: f27-test +hostbase: f27-test +public_ip: 209.132.184.210 +description: f27-test instance + +cloud_networks: + # maintainertest-net + - net-id: "a512d096-3fa2-49cc-b989-d43ca687f91d" diff --git a/inventory/host_vars/f40-test.fedorainfracloud.org b/inventory/host_vars/f40-test.fedorainfracloud.org deleted file mode 100644 index 017148ac49..0000000000 --- a/inventory/host_vars/f40-test.fedorainfracloud.org +++ /dev/null @@ -1,2 +0,0 @@ -datacenter: aws -inventory_hostname: "f40-test.fedorainfracloud.org" diff --git a/inventory/host_vars/f41-test.fedorainfracloud.org b/inventory/host_vars/f41-test.fedorainfracloud.org deleted file mode 100644 index cafa287d01..0000000000 --- a/inventory/host_vars/f41-test.fedorainfracloud.org +++ /dev/null @@ -1,2 +0,0 @@ -datacenter: aws -inventory_hostname: "f41-test.fedorainfracloud.org" diff --git a/inventory/host_vars/f42-test.fedorainfracloud.org b/inventory/host_vars/f42-test.fedorainfracloud.org deleted file mode 100644 index 4bf302a411..0000000000 --- a/inventory/host_vars/f42-test.fedorainfracloud.org +++ /dev/null @@ -1,2 +0,0 @@ -datacenter: aws -inventory_hostname: "f42-test.fedorainfracloud.org" diff --git a/inventory/host_vars/faf01.stg.phx2.fedoraproject.org b/inventory/host_vars/faf01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..398fd6ca4c --- /dev/null +++ b/inventory/host_vars/faf01.stg.phx2.fedoraproject.org @@ -0,0 +1,16 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.127 +vmhost: virthost20.phx2.fedoraproject.org +datacenter: phx2 + +mem_size: 4096 +max_mem_size: 16384 +num_cpus: 2 + +devel: true diff --git a/inventory/host_vars/faitout.fedorainfracloud.org b/inventory/host_vars/faitout.fedorainfracloud.org new file mode 100644 index 0000000000..1f4e273b41 --- /dev/null +++ b/inventory/host_vars/faitout.fedorainfracloud.org @@ -0,0 +1,18 @@ +--- +image: rhel7-20141015 +instance_type: m1.small +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,pg-5432-anywhere,default,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443, 5432] + +inventory_tenant: persistent +inventory_instance_name: faitout +hostbase: faitout +public_ip: 209.132.184.65 +root_auth_users: pingou +description: faitout development instance + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" diff --git a/inventory/host_vars/fas01.phx2.fedoraproject.org b/inventory/host_vars/fas01.phx2.fedoraproject.org new file mode 100644 index 0000000000..2bd4d88ad5 --- /dev/null +++ b/inventory/host_vars/fas01.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests00 +eth0_ip: 10.5.126.25 +vmhost: virthost15.phx2.fedoraproject.org +datacenter: phx2 + +# This is not the master production fas node, it doesn't do certs +master_fas_node: True +gen_cert: False diff --git a/inventory/host_vars/fas01.stg.phx2.fedoraproject.org b/inventory/host_vars/fas01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..e1f8875930 --- /dev/null +++ b/inventory/host_vars/fas01.stg.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.129 +vmhost: virthost20.phx2.fedoraproject.org +datacenter: phx2 + +# There's only this server in stg, so it does certs. +master_fas_node: True +gen_cert: True diff --git a/inventory/host_vars/fas02.phx2.fedoraproject.org b/inventory/host_vars/fas02.phx2.fedoraproject.org new file mode 100644 index 0000000000..ad4bdb26ee --- /dev/null +++ b/inventory/host_vars/fas02.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_virthost01 +eth0_ip: 10.5.126.26 +vmhost: virthost01.phx2.fedoraproject.org +datacenter: phx2 + +# This is not the master production fas node, it doesn't do certs +master_fas_node: False +gen_cert: False diff --git a/inventory/host_vars/fas03.phx2.fedoraproject.org b/inventory/host_vars/fas03.phx2.fedoraproject.org new file mode 100644 index 0000000000..13851ee9ea --- /dev/null +++ b/inventory/host_vars/fas03.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests00 +eth0_ip: 10.5.126.30 +vmhost: virthost14.phx2.fedoraproject.org +datacenter: phx2 + +# This is not the master production fas node, it doesn't do certs +master_fas_node: False +gen_cert: False diff --git a/inventory/host_vars/fas2-dev.fedorainfracloud.org b/inventory/host_vars/fas2-dev.fedorainfracloud.org new file mode 100644 index 0000000000..f3be911bc3 --- /dev/null +++ b/inventory/host_vars/fas2-dev.fedorainfracloud.org @@ -0,0 +1,18 @@ +--- +image: "{{ centos66_x86_64 }}" +instance_type: m1.small +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,default,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: fas2-dev +hostbase: fas2-dev +public_ip: 209.132.184.63 +root_auth_users: laxathom +description: fas2 development instance + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" diff --git a/inventory/host_vars/fas3-01.stg.phx2.fedoraproject.org b/inventory/host_vars/fas3-01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..76792904dd --- /dev/null +++ b/inventory/host_vars/fas3-01.stg.phx2.fedoraproject.org @@ -0,0 +1,20 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.130 +vmhost: virthost20.phx2.fedoraproject.org +datacenter: phx2 + +nagios_Check_Services: + nrpe: false + swap: false + +tcp_ports: +- 22 +- 80 diff --git a/inventory/host_vars/fas3-dev.fedorainfracloud.org b/inventory/host_vars/fas3-dev.fedorainfracloud.org new file mode 100644 index 0000000000..b15a4a2657 --- /dev/null +++ b/inventory/host_vars/fas3-dev.fedorainfracloud.org @@ -0,0 +1,18 @@ +--- +image: rhel7-20141015 +instance_type: m1.small +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,default,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: fas3-dev +hostbase: fas3-dev +public_ip: 209.132.184.64 +root_auth_users: laxathom +description: fas3 development instance + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" diff --git a/inventory/host_vars/fed-cloud-ppc02.cloud.fedoraproject.org b/inventory/host_vars/fed-cloud-ppc02.cloud.fedoraproject.org new file mode 100644 index 0000000000..a1d322db2c --- /dev/null +++ b/inventory/host_vars/fed-cloud-ppc02.cloud.fedoraproject.org @@ -0,0 +1,11 @@ +--- +freezes: false +fas_client_groups: sysadmin-cloud,sysadmin-main +sudoers: "{{ private }}/files/sudo/sysadmin-cloud" +datacenter: cloud +eth0_ip: 209.132.184.18 +eth1_ip: 172.24.0.18 +nm: 255.255.255.0 +gw: 209.132.184.254 + +compute_private_ip: 172.24.0.18 diff --git a/inventory/host_vars/fed-cloud01.cloud.fedoraproject.org b/inventory/host_vars/fed-cloud01.cloud.fedoraproject.org new file mode 100644 index 0000000000..3589a63061 --- /dev/null +++ b/inventory/host_vars/fed-cloud01.cloud.fedoraproject.org @@ -0,0 +1,4 @@ +--- +nagios_Check_Services: + nrpe: false + swap: false diff --git a/inventory/host_vars/fed-cloud02.cloud.fedoraproject.org b/inventory/host_vars/fed-cloud02.cloud.fedoraproject.org new file mode 100644 index 0000000000..3589a63061 --- /dev/null +++ b/inventory/host_vars/fed-cloud02.cloud.fedoraproject.org @@ -0,0 +1,4 @@ +--- +nagios_Check_Services: + nrpe: false + swap: false diff --git a/inventory/host_vars/fed-cloud03.cloud.fedoraproject.org b/inventory/host_vars/fed-cloud03.cloud.fedoraproject.org new file mode 100644 index 0000000000..bd5e6bebe3 --- /dev/null +++ b/inventory/host_vars/fed-cloud03.cloud.fedoraproject.org @@ -0,0 +1,11 @@ +--- +freezes: false +fas_client_groups: sysadmin-cloud,sysadmin-main +sudoers: "{{ private }}/files/sudo/sysadmin-cloud" +datacenter: cloud +eth0_ip: 209.132.184.3 +eth1_ip: 172.24.0.3 +nm: 255.255.255.0 +gw: 209.132.184.254 + +compute_private_ip: 172.24.0.3 diff --git a/inventory/host_vars/fed-cloud04.cloud.fedoraproject.org b/inventory/host_vars/fed-cloud04.cloud.fedoraproject.org new file mode 100644 index 0000000000..63759f76dd --- /dev/null +++ b/inventory/host_vars/fed-cloud04.cloud.fedoraproject.org @@ -0,0 +1,11 @@ +--- +freezes: false +fas_client_groups: sysadmin-cloud,sysadmin-main +sudoers: "{{ private }}/files/sudo/sysadmin-cloud" +datacenter: cloud +eth0_ip: 209.132.184.4 +eth1_ip: 172.24.0.4 +nm: 255.255.255.0 +gw: 209.132.184.254 + +compute_private_ip: 172.24.0.4 diff --git a/inventory/host_vars/fed-cloud05.cloud.fedoraproject.org b/inventory/host_vars/fed-cloud05.cloud.fedoraproject.org new file mode 100644 index 0000000000..c287474763 --- /dev/null +++ b/inventory/host_vars/fed-cloud05.cloud.fedoraproject.org @@ -0,0 +1,11 @@ +--- +freezes: false +fas_client_groups: sysadmin-cloud,sysadmin-main +sudoers: "{{ private }}/files/sudo/sysadmin-cloud" +datacenter: cloud +eth0_ip: 209.132.184.5 +eth1_ip: 172.24.0.5 +nm: 255.255.255.0 +gw: 209.132.184.254 + +compute_private_ip: 172.24.0.5 diff --git a/inventory/host_vars/fed-cloud06.cloud.fedoraproject.org b/inventory/host_vars/fed-cloud06.cloud.fedoraproject.org new file mode 100644 index 0000000000..83a0d45ad9 --- /dev/null +++ b/inventory/host_vars/fed-cloud06.cloud.fedoraproject.org @@ -0,0 +1,11 @@ +--- +freezes: false +fas_client_groups: sysadmin-cloud,sysadmin-main +sudoers: "{{ private }}/files/sudo/sysadmin-cloud" +datacenter: cloud +eth0_ip: 209.132.184.6 +eth1_ip: 172.24.0.6 +nm: 255.255.255.0 +gw: 209.132.184.254 + +compute_private_ip: 172.24.0.6 diff --git a/inventory/host_vars/fed-cloud07.cloud.fedoraproject.org b/inventory/host_vars/fed-cloud07.cloud.fedoraproject.org new file mode 100644 index 0000000000..fb951b6834 --- /dev/null +++ b/inventory/host_vars/fed-cloud07.cloud.fedoraproject.org @@ -0,0 +1,11 @@ +--- +freezes: false +fas_client_groups: sysadmin-cloud,sysadmin-main +sudoers: "{{ private }}/files/sudo/sysadmin-cloud" +datacenter: cloud +eth0_ip: 209.132.184.7 +eth1_ip: 172.24.0.7 +nm: 255.255.255.0 +gw: 209.132.184.254 + +compute_private_ip: 172.24.0.7 diff --git a/inventory/host_vars/fed-cloud08.cloud.fedoraproject.org b/inventory/host_vars/fed-cloud08.cloud.fedoraproject.org new file mode 100644 index 0000000000..a7e8b7237b --- /dev/null +++ b/inventory/host_vars/fed-cloud08.cloud.fedoraproject.org @@ -0,0 +1,11 @@ +--- +freezes: false +fas_client_groups: sysadmin-cloud,sysadmin-main +sudoers: "{{ private }}/files/sudo/sysadmin-cloud" +datacenter: cloud +eth0_ip: 209.132.184.8 +eth1_ip: 172.24.0.8 +nm: 255.255.255.0 +gw: 209.132.184.254 + +compute_private_ip: 172.24.0.8 diff --git a/inventory/host_vars/fed-cloud09.cloud.fedoraproject.org b/inventory/host_vars/fed-cloud09.cloud.fedoraproject.org new file mode 100644 index 0000000000..b3ce15a03a --- /dev/null +++ b/inventory/host_vars/fed-cloud09.cloud.fedoraproject.org @@ -0,0 +1,13 @@ +--- +root_auth_users: msuchy +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 +host_group: openstack-compute +ansible_ifcfg_blacklist: true + +nagios_Check_Services: + nrpe: true + sshd: true + swap: true + +baseiptables: False diff --git a/inventory/host_vars/fed-cloud10.cloud.fedoraproject.org b/inventory/host_vars/fed-cloud10.cloud.fedoraproject.org new file mode 100644 index 0000000000..6586259153 --- /dev/null +++ b/inventory/host_vars/fed-cloud10.cloud.fedoraproject.org @@ -0,0 +1,11 @@ +--- +freezes: false +fas_client_groups: sysadmin-cloud,sysadmin-main +sudoers: "{{ private }}/files/sudo/sysadmin-cloud" +datacenter: cloud +eth0_ip: 209.132.184.10 +eth1_ip: 172.24.0.10 +nm: 255.255.255.0 +gw: 209.132.184.254 + +compute_private_ip: 172.24.0.10 diff --git a/inventory/host_vars/fed-cloud11.cloud.fedoraproject.org b/inventory/host_vars/fed-cloud11.cloud.fedoraproject.org new file mode 100644 index 0000000000..81e45d2b25 --- /dev/null +++ b/inventory/host_vars/fed-cloud11.cloud.fedoraproject.org @@ -0,0 +1,11 @@ +--- +freezes: false +fas_client_groups: sysadmin-cloud,sysadmin-main +sudoers: "{{ private }}/files/sudo/sysadmin-cloud" +datacenter: cloud +eth0_ip: 209.132.184.11 +eth1_ip: 172.24.0.11 +nm: 255.255.255.0 +gw: 209.132.184.254 + +compute_private_ip: 172.24.0.11 diff --git a/inventory/host_vars/fed-cloud12.cloud.fedoraproject.org b/inventory/host_vars/fed-cloud12.cloud.fedoraproject.org new file mode 100644 index 0000000000..d772fc7133 --- /dev/null +++ b/inventory/host_vars/fed-cloud12.cloud.fedoraproject.org @@ -0,0 +1,11 @@ +--- +freezes: false +fas_client_groups: sysadmin-cloud,sysadmin-main +sudoers: "{{ private }}/files/sudo/sysadmin-cloud" +datacenter: cloud +eth0_ip: 209.132.184.12 +eth1_ip: 172.24.0.12 +nm: 255.255.255.0 +gw: 209.132.184.254 + +compute_private_ip: 172.24.0.12 diff --git a/inventory/host_vars/fed-cloud13.cloud.fedoraproject.org b/inventory/host_vars/fed-cloud13.cloud.fedoraproject.org new file mode 100644 index 0000000000..3516f84ab8 --- /dev/null +++ b/inventory/host_vars/fed-cloud13.cloud.fedoraproject.org @@ -0,0 +1,11 @@ +--- +freezes: false +fas_client_groups: sysadmin-cloud,sysadmin-main +sudoers: "{{ private }}/files/sudo/sysadmin-cloud" +datacenter: cloud +eth0_ip: 209.132.184.13 +eth1_ip: 172.24.0.13 +nm: 255.255.255.0 +gw: 209.132.184.254 + +compute_private_ip: 172.24.0.13 diff --git a/inventory/host_vars/fed-cloud14.cloud.fedoraproject.org b/inventory/host_vars/fed-cloud14.cloud.fedoraproject.org new file mode 100644 index 0000000000..23edd8eff3 --- /dev/null +++ b/inventory/host_vars/fed-cloud14.cloud.fedoraproject.org @@ -0,0 +1,11 @@ +--- +freezes: false +fas_client_groups: sysadmin-cloud,sysadmin-main +sudoers: "{{ private }}/files/sudo/sysadmin-cloud" +datacenter: cloud +eth0_ip: 209.132.184.14 +eth1_ip: 172.24.0.14 +nm: 255.255.255.0 +gw: 209.132.184.254 + +compute_private_ip: 172.24.0.14 diff --git a/inventory/host_vars/fed-cloud15.cloud.fedoraproject.org b/inventory/host_vars/fed-cloud15.cloud.fedoraproject.org new file mode 100644 index 0000000000..1baa38d7a5 --- /dev/null +++ b/inventory/host_vars/fed-cloud15.cloud.fedoraproject.org @@ -0,0 +1,11 @@ +--- +freezes: false +fas_client_groups: sysadmin-cloud,sysadmin-main +sudoers: "{{ private }}/files/sudo/sysadmin-cloud" +datacenter: cloud +eth0_ip: 209.132.184.15 +eth1_ip: 172.24.0.15 +nm: 255.255.255.0 +gw: 209.132.184.254 + +compute_private_ip: 172.24.0.15 diff --git a/inventory/host_vars/fedimg-dev.fedorainfracloud.org b/inventory/host_vars/fedimg-dev.fedorainfracloud.org new file mode 100644 index 0000000000..a3597d0b5c --- /dev/null +++ b/inventory/host_vars/fedimg-dev.fedorainfracloud.org @@ -0,0 +1,17 @@ +instance_type: m1.medium +image: rhel7-20141015 +keypair: fedora-admin-20130801 +security_group: default,ssh-anywhere-persistent,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: fedimg-dev +hostbase: fedimg-dev +public_ip: 209.132.184.106 +root_auth_users: sayanchowdhury +description: fedimg development instance + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" diff --git a/inventory/host_vars/fedimg01.phx2.fedoraproject.org b/inventory/host_vars/fedimg01.phx2.fedoraproject.org new file mode 100644 index 0000000000..0f81807a18 --- /dev/null +++ b/inventory/host_vars/fedimg01.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +datacenter: phx2 + +vmhost: virthost14.phx2.fedoraproject.org +volgroup: /dev/vg_guests00 + +eth0_ip: 10.5.126.10 diff --git a/inventory/host_vars/fedimg01.stg.phx2.fedoraproject.org b/inventory/host_vars/fedimg01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..ff7ee0ffda --- /dev/null +++ b/inventory/host_vars/fedimg01.stg.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +datacenter: phx2 + +volgroup: /dev/vg_guests +vmhost: virthost11.phx2.fedoraproject.org + +eth0_ip: 10.5.128.131 diff --git a/inventory/host_vars/fedocal01.phx2.fedoraproject.org b/inventory/host_vars/fedocal01.phx2.fedoraproject.org new file mode 100644 index 0000000000..ac58c75418 --- /dev/null +++ b/inventory/host_vars/fedocal01.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.55 +vmhost: virthost22.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/fedocal01.stg.phx2.fedoraproject.org b/inventory/host_vars/fedocal01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..a5acba5002 --- /dev/null +++ b/inventory/host_vars/fedocal01.stg.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.132 +vmhost: virthost11.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/fedocal02.phx2.fedoraproject.org b/inventory/host_vars/fedocal02.phx2.fedoraproject.org new file mode 100644 index 0000000000..dd849f52d4 --- /dev/null +++ b/inventory/host_vars/fedocal02.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests00 +eth0_ip: 10.5.126.56 +vmhost: virthost14.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/fedora-bootstrap.fedorainfracloud.org b/inventory/host_vars/fedora-bootstrap.fedorainfracloud.org new file mode 100644 index 0000000000..bfc50935e0 --- /dev/null +++ b/inventory/host_vars/fedora-bootstrap.fedorainfracloud.org @@ -0,0 +1,18 @@ +--- +image: "{{ fedora25_x86_64 }}" +instance_type: m1.large +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,web-443-anywhere-persistent,default,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: fedora-bootstrap +hostbase: fedora-bootstrap +public_ip: 209.132.184.216 +root_auth_users: jcapik +description: Fedora Bootstrap project web + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" diff --git a/inventory/host_vars/flatpak-cache01.iad2.fedoraproject.org b/inventory/host_vars/flatpak-cache01.iad2.fedoraproject.org deleted file mode 100644 index 5216bddb57..0000000000 --- a/inventory/host_vars/flatpak-cache01.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.174.70 -eth0_ipv4_gw: 10.3.174.254 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: qvmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests \ No newline at end of file diff --git a/inventory/host_vars/freshmaker-backend01.phx2.fedoraproject.org b/inventory/host_vars/freshmaker-backend01.phx2.fedoraproject.org new file mode 100644 index 0000000000..a960a4d80c --- /dev/null +++ b/inventory/host_vars/freshmaker-backend01.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.126.130 + +volgroup: /dev/vg_guests +vmhost: virthost19.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/freshmaker-backend01.stg.phx2.fedoraproject.org b/inventory/host_vars/freshmaker-backend01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..128c25088d --- /dev/null +++ b/inventory/host_vars/freshmaker-backend01.stg.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.128.63 + +volgroup: /dev/vg_guests +vmhost: virthost20.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/freshmaker-frontend01.phx2.fedoraproject.org b/inventory/host_vars/freshmaker-frontend01.phx2.fedoraproject.org new file mode 100644 index 0000000000..a0f89fabf7 --- /dev/null +++ b/inventory/host_vars/freshmaker-frontend01.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.126.68 + +volgroup: /dev/vg_guests +vmhost: virthost22.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/freshmaker-frontend01.stg.phx2.fedoraproject.org b/inventory/host_vars/freshmaker-frontend01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..79c2e63955 --- /dev/null +++ b/inventory/host_vars/freshmaker-frontend01.stg.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.128.62 + +volgroup: /dev/vg_guests +vmhost: virthost20.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/github2fedmsg01.iad2.fedoraproject.org b/inventory/host_vars/github2fedmsg01.iad2.fedoraproject.org deleted file mode 100644 index 91c4e7d61c..0000000000 --- a/inventory/host_vars/github2fedmsg01.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.53 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-iad2 -vmhost: vmhost-x86-03.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/github2fedmsg01.phx2.fedoraproject.org b/inventory/host_vars/github2fedmsg01.phx2.fedoraproject.org new file mode 100644 index 0000000000..6dcd014ec6 --- /dev/null +++ b/inventory/host_vars/github2fedmsg01.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests00 +vmhost: virthost14.phx2.fedoraproject.org +datacenter: phx2 + +eth0_ip: 10.5.126.195 diff --git a/inventory/host_vars/github2fedmsg01.stg.phx2.fedoraproject.org b/inventory/host_vars/github2fedmsg01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..f33c37e579 --- /dev/null +++ b/inventory/host_vars/github2fedmsg01.stg.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost16 +vmhost: virthost16.phx2.fedoraproject.org +datacenter: phx2 + +eth0_ip: 10.5.128.134 diff --git a/inventory/host_vars/glittergallery-dev.fedorainfracloud.org b/inventory/host_vars/glittergallery-dev.fedorainfracloud.org new file mode 100644 index 0000000000..17a52264e5 --- /dev/null +++ b/inventory/host_vars/glittergallery-dev.fedorainfracloud.org @@ -0,0 +1,18 @@ +--- +image: "{{ fedora23_x86_64 }}" +instance_type: m1.medium +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,default,web-443-anywhere-persistent,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: glittergallery-dev +hostbase: glittergallery-dev +public_ip: 209.132.184.234 +root_auth_users: sonalkr132 sarupbanskota +description: glittergallery GSoC work + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" diff --git a/inventory/host_vars/gnome-backups01.phx2.fedoraproject.org b/inventory/host_vars/gnome-backups01.phx2.fedoraproject.org new file mode 100644 index 0000000000..119a599d8a --- /dev/null +++ b/inventory/host_vars/gnome-backups01.phx2.fedoraproject.org @@ -0,0 +1,23 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.39 +eth1_ip: 10.5.127.28 +vmhost: virthost21.phx2.fedoraproject.org +datacenter: phx2 + +ks_url: http://infrastructure.phx2.fedoraproject.org/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://infrastructure.phx2.fedoraproject.org/repo/rhel/RHEL7-x86_64/ + +# +# Need a virt-install command with eth1 also +# +virt_install_command: "{{ virt_install_command_two_nic }}" + +lvm_size: 30000 +mem_size: 8192 +num_cpus: 4 +# todo: make a gnome sysadmin group +fas_client_groups: sysadmin-gnome diff --git a/inventory/host_vars/grafana.cloud.fedoraproject.org b/inventory/host_vars/grafana.cloud.fedoraproject.org new file mode 100644 index 0000000000..c762999030 --- /dev/null +++ b/inventory/host_vars/grafana.cloud.fedoraproject.org @@ -0,0 +1,24 @@ +ansible_ifcfg_blacklist: true +instance_type: m1.medium +image: "{{ fedora23_x86_64 }}" +keypair: fedora-admin-20130801 +security_group: default,wide-open-persistent +zone: nova +tcp_ports: [22, 80, 443] +custom_rules: + - "-A INPUT -p tcp -m tcp --dport 2003 -s 209.132.176.0/20 -j ACCEPT" + +inventory_tenant: persistent +inventory_instance_name: grafana +hostbase: grafana +public_ip: 209.132.184.44 +root_auth_users: codeblock ralph +description: graphite/statsd/grafana/etc experimentation + +volumes: + - volume_id: 818172fb-c278-4569-978f-f2822ab2d021 + device: /dev/vdc + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" diff --git a/inventory/host_vars/graphite.fedorainfracloud.org b/inventory/host_vars/graphite.fedorainfracloud.org new file mode 100644 index 0000000000..68d349a3a9 --- /dev/null +++ b/inventory/host_vars/graphite.fedorainfracloud.org @@ -0,0 +1,24 @@ +ansible_ifcfg_blacklist: true +instance_type: m1.large +image: "{{ fedora23_x86_64 }}" +keypair: fedora-admin-20130801 +security_group: default,wide-open-persistent,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] +custom_rules: + - "-A INPUT -p tcp -m tcp --dport 2003 -s 209.132.176.0/20 -j ACCEPT" + +inventory_tenant: persistent +inventory_instance_name: graphite +hostbase: graphite +public_ip: 209.132.184.151 +root_auth_users: codeblock ralph +description: graphite/statsd experimentation (backend) + +volumes: + - volume_id: 818172fb-c278-4569-978f-f2822ab2d021 + device: /dev/vdc + +# persistent-net +cloud_networks: + - net-id: 67b77354-39a4-43de-b007-bb813ac5c35f diff --git a/inventory/host_vars/host1plus01.fedoraproject.org b/inventory/host_vars/host1plus01.fedoraproject.org new file mode 100644 index 0000000000..f6b0614d40 --- /dev/null +++ b/inventory/host_vars/host1plus01.fedoraproject.org @@ -0,0 +1,10 @@ +--- +datacenter: host1plus +virthost: true +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 +br0_ip: 5.175.150.48 +br0_nm: 255.255.255.240 +has_ipv6: yes +br0_ipv6: "2a00:d1a0:1::130" +br0_ipv6_gw: "2a00:d1a0:1::1" diff --git a/inventory/host_vars/hotness01.phx2.fedoraproject.org b/inventory/host_vars/hotness01.phx2.fedoraproject.org new file mode 100644 index 0000000000..4520eb3f95 --- /dev/null +++ b/inventory/host_vars/hotness01.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.126.5 + +volgroup: /dev/vg_guests +vmhost: virthost22.phx2.fedoraproject.org +datacenter: phx2 +freezes: false diff --git a/inventory/host_vars/hotness01.stg.phx2.fedoraproject.org b/inventory/host_vars/hotness01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..7d79967ea4 --- /dev/null +++ b/inventory/host_vars/hotness01.stg.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.128.135 + +volgroup: /dev/vg_virthost16 +vmhost: virthost16.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/hubs-dev.fedorainfracloud.org b/inventory/host_vars/hubs-dev.fedorainfracloud.org new file mode 100644 index 0000000000..9045d2b43c --- /dev/null +++ b/inventory/host_vars/hubs-dev.fedorainfracloud.org @@ -0,0 +1,18 @@ +--- +image: "{{ fedora25_x86_64 }}" +instance_type: m1.medium +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,all-icmp-persistent,default,web-80-anywhere-persistent,web-443-anywhere-persistent,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: hubs-dev +hostbase: hubs-dev +public_ip: 209.132.184.47 +root_auth_users: sayanchowdhury abompard +description: hubs development instance + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" diff --git a/inventory/host_vars/ibiblio01.fedoraproject.org b/inventory/host_vars/ibiblio01.fedoraproject.org new file mode 100644 index 0000000000..9935aacb4d --- /dev/null +++ b/inventory/host_vars/ibiblio01.fedoraproject.org @@ -0,0 +1,15 @@ +--- +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 +datacenter: ibiblio +nm: 255.255.255.128 +gw: 152.19.134.129 +dns: 8.8.8.8 +br0_ip: 152.19.134.138 +br0_nm: 255.255.255.128 +has_ipv6: yes +br0_ipv6: "2610:28:3090:3001:dead:beef:cafe:fe01" +br0_ipv6_gw: "2610:28:3090:3001::1" + +postfix_group: vpn +vpn: true diff --git a/inventory/host_vars/ibiblio02.fedoraproject.org b/inventory/host_vars/ibiblio02.fedoraproject.org index 6c61b6e9af..81490b0194 100644 --- a/inventory/host_vars/ibiblio02.fedoraproject.org +++ b/inventory/host_vars/ibiblio02.fedoraproject.org @@ -1,46 +1,18 @@ --- -br0_ipv4: 152.19.134.169 -br0_ipv4_gw: 152.19.134.129 -br0_ipv4_nm: 25 -br0_ipv6: 2610:28:3090:3001:dead:beef:cafe:fe02 -br0_ipv6_gw: 2600:2701:4000:5211::1 -br0_ipv6_nm: 104 -br0_port0_mac: '{{ mac0 }}' +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 datacenter: ibiblio -dns1: 152.2.21.1 -dns2: 8.8.8.8 -dns_search1: fedoraproject.org -dns_search2: vpn.fedoraproject.org -has_ipv4: true -has_ipv6: true -mac0: 6c:fe:54:5d:ff:7c -network_connections: - - autoconnect: true - name: br0 - state: up - type: bridge - mtu: 9000 - ip: - address: - - '{{ br0_ipv4 }}/{{ br0_ipv4_nm }}' - - '{{ br0_ipv6 }}/{{ br0_ipv6_nm }}' - dhcp4: false - dns: - - '{{ dns1 }}' - dns_search: - - '{{ dns_search1 }}' - - '{{ dns_search2 }}' - gateway4: '{{ br0_ipv4_gw }}' - gateway6: '{{ br0_ipv6_gw }}' - - name: br0-port0 - autoconnect: true - mac: "{{ br0_port0_mac }}" - master: br0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 1300 -nrpe_procs_warn: 1250 +nm: 255.255.255.0 +gw: 152.19.134.129 +fas_client_groups: sysadmin-main +dns: 8.8.8.8 +br0_ip: 152.19.134.138 +br0_nm: 255.255.255.128 +has_ipv6: yes +br0_ipv6: "2610:28:3090:3001:dead:beef:cafe:fe02" +br0_ipv6_gw: "2610:28:3090:3001::1" + postfix_group: vpn vpn: true -notes: "vhost at ibiblio" + +freezes: true diff --git a/inventory/host_vars/ibiblio04.fedoraproject.org b/inventory/host_vars/ibiblio04.fedoraproject.org new file mode 100644 index 0000000000..55ba9fb3b2 --- /dev/null +++ b/inventory/host_vars/ibiblio04.fedoraproject.org @@ -0,0 +1,15 @@ +--- +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 +datacenter: ibiblio +nm: 255.255.255.128 +gw: 152.19.134.129 +dns: 152.2.21.1 +br0_ip: 152.19.134.136 +br0_nm: 255.255.255.128 +has_ipv6: yes +br0_ipv6: "2610:28:3090:3001:dead:beef:cafe:fe04" +br0_ipv6_gw: "2610:28:3090:3001::1" + +postfix_group: vpn +vpn: true diff --git a/inventory/host_vars/ibiblio05.fedoraproject.org b/inventory/host_vars/ibiblio05.fedoraproject.org index d5970b0e7f..5c3fba9a5b 100644 --- a/inventory/host_vars/ibiblio05.fedoraproject.org +++ b/inventory/host_vars/ibiblio05.fedoraproject.org @@ -1,41 +1,15 @@ --- -br0_ipv4: 152.19.134.137 -br0_ipv4_gw: 152.19.134.129 -br0_ipv4_nm: 25 -br0_ipv6: 2600:2701:4000:5211:dead:beef:00fe:fe05 -br0_ipv6_gw: 2600:2701:4000:5211::1 -br0_ipv6_nm: 104 -br0_port0_mac: '{{ mac0 }}' -datacenter: ibiblio -dns1: 152.2.21.1 -dns_search1: fedoraproject.org -dns_search2: vpn.fedoraproject.org -has_ipv4: true -has_ipv6: true -mac0: ec:f4:bb:e1:58:22 -network_connections: - - autoconnect: true - ip: - address: - - '{{ br0_ipv4 }}/{{ br0_ipv4_nm }}' - - '{{ br0_ipv6 }}/{{ br0_ipv6_nm }}' - dhcp4: false - dns: - - '{{ dns1 }}' - dns_search: - - '{{ dns_search1 }}' - - '{{ dns_search2 }}' - gateway4: '{{ br0_ipv4_gw }}' - gateway6: '{{ br0_ipv6_gw }}' - name: br0 - state: up - type: bridge - - mac: '{{ br0_port0_mac }}' - master: br0 - name: br0-port0 - state: up - type: ethernet -nrpe_procs_crit: 1000 nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 +datacenter: ibiblio +nm: 255.255.255.128 +gw: 152.19.134.129 +dns: 152.2.21.1 +br0_ip: 152.19.134.137 +br0_nm: 255.255.255.128 +has_ipv6: yes +br0_ipv6: "2610:28:3090:3001:dead:beef:cafe:fe05" +br0_ipv6_gw: "2610:28:3090:3001::1" + postfix_group: vpn vpn: true diff --git a/inventory/host_vars/iddev.fedorainfracloud.org b/inventory/host_vars/iddev.fedorainfracloud.org new file mode 100644 index 0000000000..e729e61afd --- /dev/null +++ b/inventory/host_vars/iddev.fedorainfracloud.org @@ -0,0 +1,19 @@ +--- +image: rhel7-20141015 +instance_type: m1.small +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,web-443-anywhere-persistent,default,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] +ansible_ifcfg_blacklist: true + +inventory_tenant: persistent +inventory_instance_name: iddev +hostbase: iddev +public_ip: 209.132.184.120 +root_auth_users: puiterwijk pingou +description: Instance for OIDC/OAuth development + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" diff --git a/inventory/host_vars/infinote.fedoraproject.org b/inventory/host_vars/infinote.fedoraproject.org new file mode 100644 index 0000000000..38bd1dab18 --- /dev/null +++ b/inventory/host_vars/infinote.fedoraproject.org @@ -0,0 +1,23 @@ +--- +nm: 255.255.255.128 +gw: 140.211.169.193 +dns: 8.8.8.8 + +volgroup: /dev/vg_guests + +eth0_ip: 140.211.169.231 +eth0_nm: 255.255.255.128 +has_ipv6: yes +eth0_ipv6: "2605:bc80:3010:600:dead:beef:cafe:fed4" +eth0_ipv6_gw: "2605:bc80:3010:600::1" + +postfix_group: vpn +vpn: true + +vmhost: osuosl03.fedoraproject.org +datacenter: osuosl + +ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext +ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/ + +host_backup_targets: ['/srv'] diff --git a/inventory/host_vars/insim.fedorainfracloud.org b/inventory/host_vars/insim.fedorainfracloud.org new file mode 100644 index 0000000000..5720910268 --- /dev/null +++ b/inventory/host_vars/insim.fedorainfracloud.org @@ -0,0 +1,20 @@ +--- +image: "{{ fedora25_x86_64 }}" +instance_type: m1.small +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,web-443-anywhere-persistent,default,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: insim +hostbase: insim +public_ip: 209.132.184.233 +root_auth_users: mizdebsk msimacek +description: fedora insim instance + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + +freezes: false diff --git a/inventory/host_vars/internetx01.fedoraproject.org b/inventory/host_vars/internetx01.fedoraproject.org new file mode 100644 index 0000000000..a704c2c1c5 --- /dev/null +++ b/inventory/host_vars/internetx01.fedoraproject.org @@ -0,0 +1,13 @@ +--- +datacenter: internetx +virthost: true +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +postfix_group: vpn +vpn: true +br0_ip: 85.236.55.4 +br0_nm: 255.255.255.240 +has_ipv6: yes +br0_ipv6: "2001:4178:2:1269::10" +br0_ipv6_gw: "2001:4178:2:1269::1" diff --git a/inventory/host_vars/internetx02.fedoraproject.org b/inventory/host_vars/internetx02.fedoraproject.org deleted file mode 100644 index 5200348f61..0000000000 --- a/inventory/host_vars/internetx02.fedoraproject.org +++ /dev/null @@ -1,42 +0,0 @@ ---- -br0_ipv4: 85.236.55.5 -br0_ipv4_gw: 85.236.55.1 -br0_ipv4_nm: 28 -br0_ipv6: 2001:4178:2:1269::15 -br0_ipv6_gw: 2001:4178:2:1269::1 -br0_ipv6_nm: 64 -br0_port0_mac: '{{ mac0 }}' -datacenter: internetx -dns1: 8.8.8.8 -dns_search1: fedoraproject.org -dns_search2: vpn.fedoraproject.org -has_ipv4: true -has_ipv6: true -mac0: 50:9a:4c:6d:b0:9a -network_connections: - - autoconnect: true - ip: - address: - - '{{ br0_ipv4 }}/{{ br0_ipv4_nm }}' - - '{{ br0_ipv6 }}/{{ br0_ipv6_nm }}' - dhcp4: false - dns: - - '{{ dns1 }}' - dns_search: - - '{{ dns_search1 }}' - - '{{ dns_search2 }}' - gateway4: '{{ br0_ipv4_gw }}' - gateway6: '{{ br0_ipv6_gw }}' - name: br0 - state: up - type: bridge - - mac: '{{ br0_port0_mac }}' - master: br0 - name: br0-port0 - state: up - type: ethernet -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -postfix_group: vpn -virthost: true -vpn: true diff --git a/inventory/host_vars/ipa01.iad2.fedoraproject.org b/inventory/host_vars/ipa01.iad2.fedoraproject.org deleted file mode 100644 index dbd6f4aa1f..0000000000 --- a/inventory/host_vars/ipa01.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.54 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/ipa01.phx2.fedoraproject.org b/inventory/host_vars/ipa01.phx2.fedoraproject.org new file mode 100644 index 0000000000..249e8708e3 --- /dev/null +++ b/inventory/host_vars/ipa01.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests00 +eth0_ip: 10.5.126.162 +vmhost: virthost15.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/ipa01.stg.iad2.fedoraproject.org b/inventory/host_vars/ipa01.stg.iad2.fedoraproject.org deleted file mode 100644 index d63b8f7af6..0000000000 --- a/inventory/host_vars/ipa01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,10 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.21 -## REMEMBER ONLY SET THIS TO TRUE WHEN WIPING SYSTEM TO MINIMUM -ipa_initial: false -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-11.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/ipa01.stg.phx2.fedoraproject.org b/inventory/host_vars/ipa01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..41af685013 --- /dev/null +++ b/inventory/host_vars/ipa01.stg.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.136 +vmhost: virthost20.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/ipa02.iad2.fedoraproject.org b/inventory/host_vars/ipa02.iad2.fedoraproject.org deleted file mode 100644 index 5ce367ec13..0000000000 --- a/inventory/host_vars/ipa02.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.55 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-03.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/ipa02.phx2.fedoraproject.org b/inventory/host_vars/ipa02.phx2.fedoraproject.org new file mode 100644 index 0000000000..fe0e853a8a --- /dev/null +++ b/inventory/host_vars/ipa02.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost01 +eth0_ip: 10.5.126.163 +vmhost: virthost01.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/ipa02.stg.iad2.fedoraproject.org b/inventory/host_vars/ipa02.stg.iad2.fedoraproject.org deleted file mode 100644 index 5b678b0c89..0000000000 --- a/inventory/host_vars/ipa02.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.63 -## REMEMBER ONLY SET THIS TO TRUE WHEN WIPING SYSTEM TO MINIMUM -ipa_initial: false -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-02.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests - -# see group_vars/zabbix_stg for details -zabbix_macros: - VFS.DEV.READ.AWAIT.WARN: 30 - VFS.DEV.WRITE.AWAIT.WARN: 30 diff --git a/inventory/host_vars/ipa03.iad2.fedoraproject.org b/inventory/host_vars/ipa03.iad2.fedoraproject.org deleted file mode 100644 index c5beb6b8aa..0000000000 --- a/inventory/host_vars/ipa03.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.104 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-06.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/ipa03.stg.iad2.fedoraproject.org b/inventory/host_vars/ipa03.stg.iad2.fedoraproject.org deleted file mode 100644 index ad4e0ac293..0000000000 --- a/inventory/host_vars/ipa03.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.68 -## REMEMBER ONLY SET THIS TO TRUE WHEN WIPING SYSTEM TO MINIMUM -ipa_initial: false -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-02.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests - -# see group_vars/zabbix_stg for details -zabbix_macros: - VFS.DEV.READ.AWAIT.WARN: 30 - VFS.DEV.WRITE.AWAIT.WARN: 30 diff --git a/inventory/host_vars/ipsilon01.iad2.fedoraproject.org b/inventory/host_vars/ipsilon01.iad2.fedoraproject.org deleted file mode 100644 index 07217d66e4..0000000000 --- a/inventory/host_vars/ipsilon01.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.105 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -vmhost: vmhost-x86-04.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/ipsilon01.phx2.fedoraproject.org b/inventory/host_vars/ipsilon01.phx2.fedoraproject.org new file mode 100644 index 0000000000..f7efabeab0 --- /dev/null +++ b/inventory/host_vars/ipsilon01.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests00 +eth0_ip: 10.5.126.46 +vmhost: virthost15.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/ipsilon01.stg.iad2.fedoraproject.org b/inventory/host_vars/ipsilon01.stg.iad2.fedoraproject.org deleted file mode 100644 index b262291b0c..0000000000 --- a/inventory/host_vars/ipsilon01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.30 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -vmhost: vmhost-x86-11.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/ipsilon01.stg.phx2.fedoraproject.org b/inventory/host_vars/ipsilon01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..d94dbffaed --- /dev/null +++ b/inventory/host_vars/ipsilon01.stg.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.137 +vmhost: virthost11.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/ipsilon02.iad2.fedoraproject.org b/inventory/host_vars/ipsilon02.iad2.fedoraproject.org deleted file mode 100644 index 632e7fae2c..0000000000 --- a/inventory/host_vars/ipsilon02.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.106 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -vmhost: vmhost-x86-06.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/ipsilon02.phx2.fedoraproject.org b/inventory/host_vars/ipsilon02.phx2.fedoraproject.org new file mode 100644 index 0000000000..be12d1a2ff --- /dev/null +++ b/inventory/host_vars/ipsilon02.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_virthost +eth0_ip: 10.5.126.47 +vmhost: virthost17.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/java-deptools.fedorainfracloud.org b/inventory/host_vars/java-deptools.fedorainfracloud.org new file mode 100644 index 0000000000..bf23a087a0 --- /dev/null +++ b/inventory/host_vars/java-deptools.fedorainfracloud.org @@ -0,0 +1,22 @@ +--- +image: "{{ fedora26_x86_64 }}" +instance_type: m1.medium +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,default,web-443-anywhere-persistent,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: java-deptools +hostbase: java-deptools +public_ip: 209.132.184.191 +root_auth_users: msimacek mizdebsk msrb +description: java-deptools application + +volumes: + - volume_id: dbe99b89-b93b-4c55-97ee-2c5e4ad3a714 + device: /dev/vdc + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" diff --git a/inventory/host_vars/jenkins-slave-el6.fedorainfracloud.org b/inventory/host_vars/jenkins-slave-el6.fedorainfracloud.org new file mode 100644 index 0000000000..24a429b3e4 --- /dev/null +++ b/inventory/host_vars/jenkins-slave-el6.fedorainfracloud.org @@ -0,0 +1,19 @@ +--- +image: "{{ centos66_x86_64 }}" +instance_type: m1.xlarge +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,all-icmp-persistent,default +zone: nova +tcp_ports: [22] + +inventory_tenant: persistent +inventory_instance_name: jenkins-el6 +hostbase: jenkins-el6 +public_ip: 209.132.184.58 +root_auth_users: mizdebsk msrb +description: jenkins el6 builder in new cloud + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + diff --git a/inventory/host_vars/jenkins-slave-el7.fedorainfracloud.org b/inventory/host_vars/jenkins-slave-el7.fedorainfracloud.org new file mode 100644 index 0000000000..afbe512b9e --- /dev/null +++ b/inventory/host_vars/jenkins-slave-el7.fedorainfracloud.org @@ -0,0 +1,19 @@ +--- +image: rhel7-20141015 +instance_type: m1.xlarge +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,all-icmp-persistent,default +zone: nova +tcp_ports: [22] + +inventory_tenant: persistent +inventory_instance_name: jenkins-el7 +hostbase: jenkins-el7 +public_ip: 209.132.184.189 +root_auth_users: mizdebsk msrb +description: jenkins el7 builder in new cloud + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + diff --git a/inventory/host_vars/jenkins-slave-f25-ppc64le.fedorainfracloud.org b/inventory/host_vars/jenkins-slave-f25-ppc64le.fedorainfracloud.org new file mode 100644 index 0000000000..6c6da05b7b --- /dev/null +++ b/inventory/host_vars/jenkins-slave-f25-ppc64le.fedorainfracloud.org @@ -0,0 +1,19 @@ +--- +image: Fedora-Cloud-Base-25-1.2.ppc64le.qcow2 +instance_type: m1.xlarge +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,all-icmp-persistent,default +zone: nova +tcp_ports: [22] + +inventory_tenant: persistent +inventory_instance_name: jenkins-slave-f25-ppc64le +hostbase: jenkins-slave-f25-ppc64le +public_ip: 209.132.184.56 +root_auth_users: mizdebsk msrb +description: jenkins f25 builder in new cloud, ppc64le version + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + diff --git a/inventory/host_vars/jenkins-slave-f25.fedorainfracloud.org b/inventory/host_vars/jenkins-slave-f25.fedorainfracloud.org new file mode 100644 index 0000000000..9a2a0f4484 --- /dev/null +++ b/inventory/host_vars/jenkins-slave-f25.fedorainfracloud.org @@ -0,0 +1,19 @@ +--- +image: "{{ fedora25_x86_64 }}" +instance_type: m1.xlarge +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,all-icmp-persistent,default +zone: nova +tcp_ports: [22] + +inventory_tenant: persistent +inventory_instance_name: jenkins-slave-f25 +hostbase: jenkins-slave-f25 +public_ip: 209.132.184.248 +root_auth_users: mizdebsk msrb +description: jenkins f25 builder in new cloud + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + diff --git a/inventory/host_vars/jenkins-slave-f26.fedorainfracloud.org b/inventory/host_vars/jenkins-slave-f26.fedorainfracloud.org new file mode 100644 index 0000000000..49a125ed42 --- /dev/null +++ b/inventory/host_vars/jenkins-slave-f26.fedorainfracloud.org @@ -0,0 +1,19 @@ +--- +image: "{{ fedora26_x86_64 }}" +instance_type: m1.xlarge +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,all-icmp-persistent,default +zone: nova +tcp_ports: [22] + +inventory_tenant: persistent +inventory_instance_name: jenkins-slave-f26 +hostbase: jenkins-slave-f26 +public_ip: 209.132.184.237 +root_auth_users: mizdebsk msrb +description: jenkins f26 builder in new cloud + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + diff --git a/inventory/host_vars/jenkins.fedorainfracloud.org b/inventory/host_vars/jenkins.fedorainfracloud.org new file mode 100644 index 0000000000..612580679f --- /dev/null +++ b/inventory/host_vars/jenkins.fedorainfracloud.org @@ -0,0 +1,29 @@ +--- +image: "{{ fedora26_x86_64 }}" +instance_type: m1.medium +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,default,web-443-anywhere-persistent,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443, 8080] + +inventory_tenant: persistent +inventory_instance_name: jenkins +hostbase: jenkins +public_ip: 209.132.184.57 +root_auth_users: mizdebsk msrb +description: jenkins master in new cloud + +volumes: + - volume_id: 7d09e0a3-1f2b-4c9d-ad64-372315199f07 + device: /dev/vdb + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + +# +# These are letsencrypt certs. +# They are linked from these normal places to the place they are renewed +# +cert_name: jenkins.fedorainfracloud.org +sSLCertificateChainFile: jenkins.fedorainfracloud.org.chain diff --git a/inventory/host_vars/kernel01.iad2.fedoraproject.org b/inventory/host_vars/kernel01.iad2.fedoraproject.org deleted file mode 100644 index c4bac059f5..0000000000 --- a/inventory/host_vars/kernel01.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -dns: 10.3.163.33 -eth0_ip: 10.3.174.129 -gw: 10.3.174.254 -nm: 255.255.255.0 -resolvconf: "resolv.conf/iad2" diff --git a/inventory/host_vars/kernel01.qa.fedoraproject.org b/inventory/host_vars/kernel01.qa.fedoraproject.org new file mode 100644 index 0000000000..18e138bc93 --- /dev/null +++ b/inventory/host_vars/kernel01.qa.fedoraproject.org @@ -0,0 +1,5 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +eth0_ip: 10.5.124.173 diff --git a/inventory/host_vars/kernel02.iad2.fedoraproject.org b/inventory/host_vars/kernel02.iad2.fedoraproject.org deleted file mode 100644 index 655277e39c..0000000000 --- a/inventory/host_vars/kernel02.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -dns: 10.3.163.33 -eth0_ipv4_ip: 10.3.174.130 -eth0_ipv4_gw: 10.3.174.254 -eth0_ipv4_nm: 24 -resolvconf: "resolv.conf/iad2" diff --git a/inventory/host_vars/kernel02.qa.fedoraproject.org b/inventory/host_vars/kernel02.qa.fedoraproject.org new file mode 100644 index 0000000000..03d296832c --- /dev/null +++ b/inventory/host_vars/kernel02.qa.fedoraproject.org @@ -0,0 +1,5 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +eth0_ip: 10.5.124.175 diff --git a/inventory/host_vars/kerneltest01.phx2.fedoraproject.org b/inventory/host_vars/kerneltest01.phx2.fedoraproject.org new file mode 100644 index 0000000000..cc2a215967 --- /dev/null +++ b/inventory/host_vars/kerneltest01.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost +vmhost: virthost17.phx2.fedoraproject.org +datacenter: phx2 + +eth0_ip: 10.5.126.136 diff --git a/inventory/host_vars/kerneltest01.stg.phx2.fedoraproject.org b/inventory/host_vars/kerneltest01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..1db460b364 --- /dev/null +++ b/inventory/host_vars/kerneltest01.stg.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost16 +vmhost: virthost16.phx2.fedoraproject.org +datacenter: phx2 + +eth0_ip: 10.5.128.138 diff --git a/inventory/host_vars/keys02.fedoraproject.org b/inventory/host_vars/keys02.fedoraproject.org new file mode 100644 index 0000000000..995c54e809 --- /dev/null +++ b/inventory/host_vars/keys02.fedoraproject.org @@ -0,0 +1,15 @@ +--- +nm: 255.255.255.128 +gw: 140.211.169.193 +dns: 8.8.8.8 +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 140.211.169.202 +eth0_nm: 255.255.255.128 +has_ipv6: yes +eth0_ipv6: "2605:bc80:3010:600:dead:beef:cafe:fed5" +eth0_ipv6_gw: "2605:bc80:3010:600::1" + +vmhost: osuosl03.fedoraproject.org +datacenter: osuosl diff --git a/inventory/host_vars/koji01.iad2.fedoraproject.org b/inventory/host_vars/koji01.iad2.fedoraproject.org deleted file mode 100644 index 72a8ed2fbd..0000000000 --- a/inventory/host_vars/koji01.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.104 -koji_instance: primary -koji_server_url: "https://koji.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.fedoraproject.org/" -koji_weburl: "https://koji.fedoraproject.org/koji" -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -virt_install_command: "{{ virt_install_command_one_nic }}" -vmhost: bvmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/koji01.phx2.fedoraproject.org b/inventory/host_vars/koji01.phx2.fedoraproject.org new file mode 100644 index 0000000000..b7eff89aec --- /dev/null +++ b/inventory/host_vars/koji01.phx2.fedoraproject.org @@ -0,0 +1,26 @@ +--- +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/xenGuests +eth0_ip: 10.5.125.61 +eth1_ip: 10.5.127.38 +vmhost: bvirthost08.phx2.fedoraproject.org +datacenter: phx2 + +# Keepalived variables +keepalived_interface: eth0 +keepalived_priority: 100 +keepalived_ipaddress: 10.5.125.63/24 +keepalived_routerid: 17 + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +fedmsg_koji_instance: primary + +koji_topurl: "https://kojipkgs.fedoraproject.org/" +koji_server_url: "https://koji.fedoraproject.org/kojihub" +koji_weburl: "https://koji.fedoraproject.org/koji" diff --git a/inventory/host_vars/koji01.stg.iad2.fedoraproject.org b/inventory/host_vars/koji01.stg.iad2.fedoraproject.org deleted file mode 100644 index 8ea341b38e..0000000000 --- a/inventory/host_vars/koji01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.167.254 -eth0_ipv4_ip: 10.3.167.64 -koji_instance: primary -koji_server_url: "https://koji.stg.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.stg.fedoraproject.org/" -koji_weburl: "https://koji.stg.fedoraproject.org/koji" -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 1.5t -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -vmhost: bvmhost-x86-01.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/koji01.stg.phx2.fedoraproject.org b/inventory/host_vars/koji01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..b731962dec --- /dev/null +++ b/inventory/host_vars/koji01.stg.phx2.fedoraproject.org @@ -0,0 +1,21 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.139 +vmhost: virthost04.phx2.fedoraproject.org +datacenter: phx2 + +fedmsg_koji_instance: primary + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 1.5t + +koji_topurl: "https://kojipkgs.stg.fedoraproject.org/" +koji_server_url: "https://koji.stg.fedoraproject.org/kojihub" +koji_weburl: "https://koji.stg.fedoraproject.org/koji" diff --git a/inventory/host_vars/koji02.iad2.fedoraproject.org b/inventory/host_vars/koji02.iad2.fedoraproject.org deleted file mode 100644 index a0f572b4a5..0000000000 --- a/inventory/host_vars/koji02.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.105 -koji_instance: primary -koji_server_url: "https://koji.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.fedoraproject.org/" -koji_weburl: "https://koji.fedoraproject.org/koji" -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -virt_install_command: "{{ virt_install_command_one_nic }}" -vmhost: bvmhost-x86-03.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/koji02.phx2.fedoraproject.org b/inventory/host_vars/koji02.phx2.fedoraproject.org new file mode 100644 index 0000000000..a0c1726232 --- /dev/null +++ b/inventory/host_vars/koji02.phx2.fedoraproject.org @@ -0,0 +1,26 @@ +--- +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/xenGuests +eth0_ip: 10.5.125.62 +eth1_ip: 10.5.127.39 +vmhost: bvirthost10.phx2.fedoraproject.org +datacenter: phx2 + +# Keepalived variables +keepalived_interface: eth0 +keepalived_priority: 50 +keepalived_ipaddress: 10.5.125.63/24 +keepalived_routerid: 17 + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +fedmsg_koji_instance: primary + +koji_topurl: "https://kojipkgs.fedoraproject.org/" +koji_server_url: "https://koji.fedoraproject.org/kojihub" +koji_weburl: "https://koji.fedoraproject.org/koji" diff --git a/inventory/host_vars/kojipkgs01.iad2.fedoraproject.org b/inventory/host_vars/kojipkgs01.iad2.fedoraproject.org deleted file mode 100644 index d647cf2feb..0000000000 --- a/inventory/host_vars/kojipkgs01.iad2.fedoraproject.org +++ /dev/null @@ -1,11 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.106 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -virt_install_command: "{{ virt_install_command_one_nic }}" -vmhost: bvmhost-x86-04.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/kojipkgs01.phx2.fedoraproject.org b/inventory/host_vars/kojipkgs01.phx2.fedoraproject.org new file mode 100644 index 0000000000..1b50d77f95 --- /dev/null +++ b/inventory/host_vars/kojipkgs01.phx2.fedoraproject.org @@ -0,0 +1,18 @@ +--- +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 + +volgroup: /dev/vg_Server + +eth0_ip: 10.5.125.36 +eth1_ip: 10.5.127.50 + +vmhost: bvirthost11.phx2.fedoraproject.org +datacenter: phx2 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 diff --git a/inventory/host_vars/kojipkgs02.iad2.fedoraproject.org b/inventory/host_vars/kojipkgs02.iad2.fedoraproject.org deleted file mode 100644 index 1db6b1751e..0000000000 --- a/inventory/host_vars/kojipkgs02.iad2.fedoraproject.org +++ /dev/null @@ -1,11 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.107 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -virt_install_command: "{{ virt_install_command_one_nic }}" -vmhost: bvmhost-x86-05.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/kojipkgs02.phx2.fedoraproject.org b/inventory/host_vars/kojipkgs02.phx2.fedoraproject.org new file mode 100644 index 0000000000..a81fd823da --- /dev/null +++ b/inventory/host_vars/kojipkgs02.phx2.fedoraproject.org @@ -0,0 +1,18 @@ +--- +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 + +volgroup: /dev/vg_host01 + +eth0_ip: 10.5.125.35 +eth1_ip: 10.5.127.40 + +vmhost: bvirthost02.phx2.fedoraproject.org +datacenter: phx2 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 diff --git a/inventory/host_vars/koschei-backend01.phx2.fedoraproject.org b/inventory/host_vars/koschei-backend01.phx2.fedoraproject.org new file mode 100644 index 0000000000..c0edacdcc3 --- /dev/null +++ b/inventory/host_vars/koschei-backend01.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-26 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/26/Server/x86_64/os/ + +volgroup: /dev/xenGuests +eth0_ip: 10.5.125.49 +vmhost: bvirthost09.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/koschei-backend01.stg.phx2.fedoraproject.org b/inventory/host_vars/koschei-backend01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..9e2c97f323 --- /dev/null +++ b/inventory/host_vars/koschei-backend01.stg.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-26 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/26/Server/x86_64/os/ + +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.140 +vmhost: virthost11.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/koschei-web01.phx2.fedoraproject.org b/inventory/host_vars/koschei-web01.phx2.fedoraproject.org new file mode 100644 index 0000000000..59f61fbf25 --- /dev/null +++ b/inventory/host_vars/koschei-web01.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.140 +vmhost: virthost19.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/koschei-web01.stg.phx2.fedoraproject.org b/inventory/host_vars/koschei-web01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..4cdb2885fc --- /dev/null +++ b/inventory/host_vars/koschei-web01.stg.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + + +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.141 +vmhost: virthost11.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/lists-dev.fedorainfracloud.org b/inventory/host_vars/lists-dev.fedorainfracloud.org new file mode 100644 index 0000000000..2ea58b3430 --- /dev/null +++ b/inventory/host_vars/lists-dev.fedorainfracloud.org @@ -0,0 +1,43 @@ +--- +image: rhel7-20141015 +instance_type: m1.large +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,default,web-443-anywhere-persistent,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: lists-dev +hostbase: lists-dev +public_ip: 209.132.184.180 +root_auth_users: abompard +description: lists development work +ansible_ifcfg_blacklist: true + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + +# Used by the mailman role +mailman_db_server: localhost +mailman_domains: +- lists-dev.fedorainfracloud.org +mailman_login: + gitlab: + display_name: GitLab + provider: gitlab + github: + display_name: GitHub + provider: github + twitter: + display_name: Twitter + provider: twitter + google: + display_name: Google + provider: google + facebook: + display_name: Facebook + provider: facebook + stackexchange: + display_name: StackExchange + provider: stackexchange diff --git a/inventory/host_vars/lockbox01.phx2.fedoraproject.org b/inventory/host_vars/lockbox01.phx2.fedoraproject.org new file mode 100644 index 0000000000..7a27ef001a --- /dev/null +++ b/inventory/host_vars/lockbox01.phx2.fedoraproject.org @@ -0,0 +1,2 @@ +--- +host_backup_targets: ['/git', '/mnt/fedora/app/attachments'] diff --git a/inventory/host_vars/log01.iad2.fedoraproject.org b/inventory/host_vars/log01.iad2.fedoraproject.org deleted file mode 100644 index d9fce8e2b0..0000000000 --- a/inventory/host_vars/log01.iad2.fedoraproject.org +++ /dev/null @@ -1,18 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.39 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL8-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-8-ext -lvm_size: 1048576 -mem_size: 16384 -#host_backup_targets: ['/var/log'] -nagios_Check_Services: - swap: false -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 16 -tcp_ports: [80, 443, 514, 6514] -udp_ports: [514, 25826] -vmhost: vmhost-x86-03.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/log01.phx2.fedoraproject.org b/inventory/host_vars/log01.phx2.fedoraproject.org new file mode 100644 index 0000000000..15de10cd6e --- /dev/null +++ b/inventory/host_vars/log01.phx2.fedoraproject.org @@ -0,0 +1,25 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost +eth0_ip: 10.5.126.13 +eth1_ip: 10.5.127.22 +vmhost: virthost18.phx2.fedoraproject.org +datacenter: phx2 + +tcp_ports: [ 80, 443, 514, 6514 ] +udp_ports: [ 514, 25826 ] +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 32768 +mem_size: 16384 +num_cpus: 16 + +fas_client_groups: fi-apprentice,sysadmin-veteran,sysadmin-logs,sysadmin-noc + +host_backup_targets: ['/var/log'] diff --git a/inventory/host_vars/logdetective01.fedorainfracloud.org b/inventory/host_vars/logdetective01.fedorainfracloud.org deleted file mode 100644 index 423d8d3b64..0000000000 --- a/inventory/host_vars/logdetective01.fedorainfracloud.org +++ /dev/null @@ -1,24 +0,0 @@ ---- -ansible_ssh_user: fedora -ansible_python_interpreter: /usr/bin/python3 -csi_primary_contact: "msuchy (mirek), ttomecek" -csi_purpose: Development machine for Logdetective -csi_relationship: | - - Training of models for Logdetective -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should override them with specific info. -# See http://infrastructure.fedoraproject.org/csi/security-policy/ -csi_security_category: Low -description: Machine for developers of Logdetective - -drive_device: 38e6c8c2-5747-47bf-b3d2-9f0dea371edc - -datacenter: aws -devel: false -root_auth_users: msuchy frostyx praiskup nikromen ttomecek jpodivin sgallagh mmassari - -nrpe_client_uid: 500 - -tcp_ports: [ - 22, 80, 443, -] diff --git a/inventory/host_vars/logdetective02.fedorainfracloud.org b/inventory/host_vars/logdetective02.fedorainfracloud.org deleted file mode 100644 index a699f66c63..0000000000 --- a/inventory/host_vars/logdetective02.fedorainfracloud.org +++ /dev/null @@ -1,29 +0,0 @@ ---- -ansible_ssh_user: fedora -ansible_python_interpreter: /usr/bin/python3 -csi_primary_contact: "msuchy (mirek), ttomecek" -csi_purpose: Development machine for Logdetective 02 - training -csi_relationship: | - - Training of models for Logdetective -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should override them with specific info. -# See http://infrastructure.fedoraproject.org/csi/security-policy/ -csi_security_category: Low -description: Machine for developers of Logdetective - -drive_device: c62e20b2-3388-459f-87ff-aa937d6a9318 - -datacenter: aws -devel: false -root_auth_users: msuchy frostyx praiskup nikromen ttomecek jpodivin sgallagh mmassari - -nagios_Can_Connect: false -nagios_Check_Services: - ping: false - nrpe: false - -nrpe_client_uid: 500 - -tcp_ports: [ - 22, 80, 443, -] diff --git a/inventory/host_vars/loopabull01.stg.phx2.fedoraproject.org b/inventory/host_vars/loopabull01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..172328d37f --- /dev/null +++ b/inventory/host_vars/loopabull01.stg.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +eth0_ip: 10.5.128.142 +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +vmhost: virthost11.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/magazine2.fedorainfracloud.org b/inventory/host_vars/magazine2.fedorainfracloud.org new file mode 100644 index 0000000000..4dac064cd1 --- /dev/null +++ b/inventory/host_vars/magazine2.fedorainfracloud.org @@ -0,0 +1,30 @@ +--- +image: rhel7-20141015 +instance_type: m1.large +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,web-443-anywhere-persistent,allow-nagios-persistent,default,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: magazine2 +hostbase: magazine2 +public_ip: 209.132.184.52 +root_auth_users: nb chrisroberts pfrields +description: Fedora Magazine + +host_backup_targets: ['/var/www/html'] +db_backup_dir: ['/backups'] +dbs_to_backup: ['wp'] +mariadb_root_password: "{{ magazine_mariadb_password }}" +extra_enablerepos: '' + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + +nagios_Check_Services: + nrpe: true + sshd: true + httpd: true + swap: false diff --git a/inventory/host_vars/mailman01.iad2.fedoraproject.org b/inventory/host_vars/mailman01.iad2.fedoraproject.org deleted file mode 100644 index dd8b6b44de..0000000000 --- a/inventory/host_vars/mailman01.iad2.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.57 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -lvm_size: 1500000 -sar_output_file: mailinglists.json -# GDPR SAR variables -sar_script: /srv/webui/bin/mailman-sar.py -sar_script_user: mailman -vmhost: vmhost-x86-08.iad2.fedoraproject.org -volgroup: /dev/vg_guests -num_cpus: 8 diff --git a/inventory/host_vars/mailman01.phx2.fedoraproject.org b/inventory/host_vars/mailman01.phx2.fedoraproject.org new file mode 100644 index 0000000000..1e45bac384 --- /dev/null +++ b/inventory/host_vars/mailman01.phx2.fedoraproject.org @@ -0,0 +1,11 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost +eth0_ip: 10.5.126.36 +vmhost: virthost17.phx2.fedoraproject.org +datacenter: phx2 +lvm_size: 750000 diff --git a/inventory/host_vars/mailman01.stg.iad2.fedoraproject.org b/inventory/host_vars/mailman01.stg.iad2.fedoraproject.org deleted file mode 100644 index d0878cf2f5..0000000000 --- a/inventory/host_vars/mailman01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.40 -external: false -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-09.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests -sar_output_file: mailinglists.json -# GDPR SAR variables -sar_script: /srv/webui/bin/mailman-sar.py -sar_script_user: mailman diff --git a/inventory/host_vars/mailman01.stg.phx2.fedoraproject.org b/inventory/host_vars/mailman01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..066c46e387 --- /dev/null +++ b/inventory/host_vars/mailman01.stg.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.143 +vmhost: virthost11.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/mailman02.phx2.fedoraproject.org b/inventory/host_vars/mailman02.phx2.fedoraproject.org new file mode 100644 index 0000000000..ac825731b1 --- /dev/null +++ b/inventory/host_vars/mailman02.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost +eth0_ip: 10.5.126.37 +vmhost: virthost18.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/mbs-backend01.phx2.fedoraproject.org b/inventory/host_vars/mbs-backend01.phx2.fedoraproject.org new file mode 100644 index 0000000000..78f607c412 --- /dev/null +++ b/inventory/host_vars/mbs-backend01.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.126.236 + +volgroup: /dev/vg_guests +vmhost: virthost19.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/mbs-backend01.stg.phx2.fedoraproject.org b/inventory/host_vars/mbs-backend01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..cfa7211dbe --- /dev/null +++ b/inventory/host_vars/mbs-backend01.stg.phx2.fedoraproject.org @@ -0,0 +1,11 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.144 +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/mbs-frontend01.phx2.fedoraproject.org b/inventory/host_vars/mbs-frontend01.phx2.fedoraproject.org new file mode 100644 index 0000000000..9f459aacc6 --- /dev/null +++ b/inventory/host_vars/mbs-frontend01.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.126.234 + +volgroup: /dev/vg_guests +vmhost: virthost22.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/mbs-frontend01.stg.phx2.fedoraproject.org b/inventory/host_vars/mbs-frontend01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..51ebd7ede7 --- /dev/null +++ b/inventory/host_vars/mbs-frontend01.stg.phx2.fedoraproject.org @@ -0,0 +1,11 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.145 +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/mbs-frontend02.phx2.fedoraproject.org b/inventory/host_vars/mbs-frontend02.phx2.fedoraproject.org new file mode 100644 index 0000000000..224266ba1b --- /dev/null +++ b/inventory/host_vars/mbs-frontend02.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.126.235 + +volgroup: /dev/vg_guests +vmhost: virthost21.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/mbs-frontend02.stg.phx2.fedoraproject.org b/inventory/host_vars/mbs-frontend02.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..c526778678 --- /dev/null +++ b/inventory/host_vars/mbs-frontend02.stg.phx2.fedoraproject.org @@ -0,0 +1,11 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.146 +vmhost: virthost11.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/mdapi01.phx2.fedoraproject.org b/inventory/host_vars/mdapi01.phx2.fedoraproject.org new file mode 100644 index 0000000000..5cb06c43c0 --- /dev/null +++ b/inventory/host_vars/mdapi01.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ + +volgroup: /dev/vg_bvirthost09 +eth0_ip: 10.5.125.50 +vmhost: bvirthost09.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/mdapi01.stg.phx2.fedoraproject.org b/inventory/host_vars/mdapi01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..df88ed1900 --- /dev/null +++ b/inventory/host_vars/mdapi01.stg.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ + +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.147 +vmhost: virthost11.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/memcached01.phx2.fedoraproject.org b/inventory/host_vars/memcached01.phx2.fedoraproject.org new file mode 100644 index 0000000000..501bbcfe60 --- /dev/null +++ b/inventory/host_vars/memcached01.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost +vmhost: virthost17.phx2.fedoraproject.org +datacenter: phx2 + +eth0_ip: 10.5.126.176 diff --git a/inventory/host_vars/memcached01.stg.phx2.fedoraproject.org b/inventory/host_vars/memcached01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..1249f7071c --- /dev/null +++ b/inventory/host_vars/memcached01.stg.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +vmhost: virthost11.phx2.fedoraproject.org +datacenter: phx2 + +eth0_ip: 10.5.128.148 diff --git a/inventory/host_vars/memcached02.iad2.fedoraproject.org b/inventory/host_vars/memcached02.iad2.fedoraproject.org deleted file mode 100644 index 73573360e2..0000000000 --- a/inventory/host_vars/memcached02.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.130 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-03.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/memcached02.phx2.fedoraproject.org b/inventory/host_vars/memcached02.phx2.fedoraproject.org new file mode 100644 index 0000000000..060e381997 --- /dev/null +++ b/inventory/host_vars/memcached02.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost +vmhost: virthost18.phx2.fedoraproject.org +datacenter: phx2 + +eth0_ip: 10.5.126.177 diff --git a/inventory/host_vars/memcached02.stg.iad2.fedoraproject.org b/inventory/host_vars/memcached02.stg.iad2.fedoraproject.org deleted file mode 100644 index 23f10011af..0000000000 --- a/inventory/host_vars/memcached02.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.77 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-05.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/mirrorlist-host1plus.fedoraproject.org b/inventory/host_vars/mirrorlist-host1plus.fedoraproject.org new file mode 100644 index 0000000000..c2e45320e5 --- /dev/null +++ b/inventory/host_vars/mirrorlist-host1plus.fedoraproject.org @@ -0,0 +1,12 @@ +--- +# This is now a cloud instance provided by host1plus +# vmhost: none +datacenter: host1plus + +nagios_Check_Services: + nrpe: true + sshd: true + named: false + dhcpd: false + httpd: true + swap: false diff --git a/inventory/host_vars/mirrorlist-ibiblio02.fedoraproject.org b/inventory/host_vars/mirrorlist-ibiblio02.fedoraproject.org new file mode 100644 index 0000000000..5d362acae1 --- /dev/null +++ b/inventory/host_vars/mirrorlist-ibiblio02.fedoraproject.org @@ -0,0 +1,15 @@ +--- +nm: 255.255.255.128 +gw: 152.19.134.129 +dns: 152.2.21.1 +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 152.19.134.197 +eth0_nm: 255.255.255.128 +has_ipv6: yes +eth0_ipv6: "2610:28:3090:3001:5054:ff:feb5:5472" +eth0_ipv6_gw: "2610:28:3090:3001::1" + +vmhost: ibiblio05.fedoraproject.org +datacenter: ibiblio diff --git a/inventory/host_vars/mirrorlist-phx2.phx2.fedoraproject.org b/inventory/host_vars/mirrorlist-phx2.phx2.fedoraproject.org new file mode 100644 index 0000000000..55807ae464 --- /dev/null +++ b/inventory/host_vars/mirrorlist-phx2.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests00 +eth0_ip: 10.5.126.50 +vmhost: virthost14.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/mirrorlist-phx2.stg.phx2.fedoraproject.org b/inventory/host_vars/mirrorlist-phx2.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..9a870563dc --- /dev/null +++ b/inventory/host_vars/mirrorlist-phx2.stg.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost16 +eth0_ip: 10.5.128.149 +vmhost: virthost16.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/mm-backend01.phx2.fedoraproject.org b/inventory/host_vars/mm-backend01.phx2.fedoraproject.org new file mode 100644 index 0000000000..d89d399f11 --- /dev/null +++ b/inventory/host_vars/mm-backend01.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +lvm_size: 20000 +num_cpus: 2 +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost03 +eth0_ip: 10.5.126.183 +eth1_ip: 10.5.127.23 +vmhost: virthost03.phx2.fedoraproject.org +datacenter: phx2 + +# nfs mount options, overrides the all/default +nfs_mount_opts: "ro,hard,bg,intr,nodev,nosuid,nfsvers=3" + +# We define this here to override the global one because we need eth1 +virt_install_command: "{{ virt_install_command_two_nic }}" diff --git a/inventory/host_vars/mm-backend01.stg.phx2.fedoraproject.org b/inventory/host_vars/mm-backend01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..fe45b3c88f --- /dev/null +++ b/inventory/host_vars/mm-backend01.stg.phx2.fedoraproject.org @@ -0,0 +1,20 @@ +--- +lvm_size: 20000 +mem_size: 4096 +num_cpus: 4 +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost16 +eth0_ip: 10.5.128.150 +eth1_ip: 10.5.127.26 +vmhost: virthost16.phx2.fedoraproject.org +datacenter: phx2 + +# nfs mount options, overrides the all/default +nfs_mount_opts: "ro,hard,bg,intr,nodev,nosuid,nfsvers=3" + +# We define this here to override the global one because we need eth1 +virt_install_command: "{{ virt_install_command_two_nic }}" diff --git a/inventory/host_vars/mm-crawler01.phx2.fedoraproject.org b/inventory/host_vars/mm-crawler01.phx2.fedoraproject.org new file mode 100644 index 0000000000..6547fa7c89 --- /dev/null +++ b/inventory/host_vars/mm-crawler01.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +lvm_size: 20000 +mem_size: 40960 +num_cpus: 4 +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.184 +vmhost: virthost02.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/mm-crawler01.stg.phx2.fedoraproject.org b/inventory/host_vars/mm-crawler01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..8ffc8d1850 --- /dev/null +++ b/inventory/host_vars/mm-crawler01.stg.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +lvm_size: 20000 +mem_size: 32768 +max_mem_size: 32768 +num_cpus: 4 +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.151 +vmhost: virthost11.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/mm-crawler02.phx2.fedoraproject.org b/inventory/host_vars/mm-crawler02.phx2.fedoraproject.org new file mode 100644 index 0000000000..804afa116c --- /dev/null +++ b/inventory/host_vars/mm-crawler02.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +lvm_size: 20000 +mem_size: 40960 +num_cpus: 4 +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost03 +eth0_ip: 10.5.126.185 +vmhost: virthost03.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/mm-frontend-checkin01.phx2.fedoraproject.org b/inventory/host_vars/mm-frontend-checkin01.phx2.fedoraproject.org new file mode 100644 index 0000000000..71485e081e --- /dev/null +++ b/inventory/host_vars/mm-frontend-checkin01.phx2.fedoraproject.org @@ -0,0 +1,18 @@ +--- +lvm_size: 20000 +mem_size: 8192 +num_cpus: 2 +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests00 +eth0_ip: 10.5.126.187 +vmhost: virthost15.phx2.fedoraproject.org +datacenter: phx2 + +tcp_ports: [ 80, 443 ] +fedmsg_certs: [] + +mm2_checkin: true diff --git a/inventory/host_vars/mm-frontend01.phx2.fedoraproject.org b/inventory/host_vars/mm-frontend01.phx2.fedoraproject.org new file mode 100644 index 0000000000..f28d13b51d --- /dev/null +++ b/inventory/host_vars/mm-frontend01.phx2.fedoraproject.org @@ -0,0 +1,15 @@ +--- +lvm_size: 20000 +mem_size: 8192 +num_cpus: 2 +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.182 +vmhost: virthost21.phx2.fedoraproject.org +datacenter: phx2 + +tcp_ports: [ 80, 443 ] diff --git a/inventory/host_vars/mm-frontend01.stg.phx2.fedoraproject.org b/inventory/host_vars/mm-frontend01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..0e9b23b23a --- /dev/null +++ b/inventory/host_vars/mm-frontend01.stg.phx2.fedoraproject.org @@ -0,0 +1,17 @@ +--- +lvm_size: 20000 +mem_size: 2048 +num_cpus: 1 +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost16 +eth0_ip: 10.5.128.152 +vmhost: virthost16.phx2.fedoraproject.org +datacenter: phx2 + +tcp_ports: [ 80, 443 ] + +mm2_checkin: true diff --git a/inventory/host_vars/mm-frontend02.phx2.fedoraproject.org b/inventory/host_vars/mm-frontend02.phx2.fedoraproject.org new file mode 100644 index 0000000000..868668a891 --- /dev/null +++ b/inventory/host_vars/mm-frontend02.phx2.fedoraproject.org @@ -0,0 +1,15 @@ +--- +lvm_size: 20000 +mem_size: 8192 +num_cpus: 2 +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.186 +vmhost: virthost19.phx2.fedoraproject.org +datacenter: phx2 + +tcp_ports: [ 80, 443 ] diff --git a/inventory/host_vars/modernpaste.fedorainfracloud.org b/inventory/host_vars/modernpaste.fedorainfracloud.org new file mode 100644 index 0000000000..bcddcaf05b --- /dev/null +++ b/inventory/host_vars/modernpaste.fedorainfracloud.org @@ -0,0 +1,18 @@ +--- +image: "{{ fedora23_x86_64 }}" +instance_type: m1.small +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,web-443-anywhere-persistent,default,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: modernpaste +hostbase: modernpaste +public_ip: 209.132.184.103 +root_auth_users: codeblock ryanlerch +description: modernpaste testing + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" diff --git a/inventory/host_vars/modernpaste01.phx2.fedoraproject.org b/inventory/host_vars/modernpaste01.phx2.fedoraproject.org new file mode 100644 index 0000000000..e56aee0a40 --- /dev/null +++ b/inventory/host_vars/modernpaste01.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ + +volgroup: /dev/vg_virthost03 +eth0_ip: 10.5.126.230 +vmhost: virthost03.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/modernpaste01.stg.phx2.fedoraproject.org b/inventory/host_vars/modernpaste01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..00314a8fa3 --- /dev/null +++ b/inventory/host_vars/modernpaste01.stg.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ + +mem_size: 2048 +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.153 +vmhost: virthost11.phx2.fedoraproject.org +datacenter: phx2 +tcp_ports: [22, 80, 443] diff --git a/inventory/host_vars/modernpaste02.phx2.fedoraproject.org b/inventory/host_vars/modernpaste02.phx2.fedoraproject.org new file mode 100644 index 0000000000..46cfadf301 --- /dev/null +++ b/inventory/host_vars/modernpaste02.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ + +volgroup: /dev/vg_virthost01 +eth0_ip: 10.5.126.238 +vmhost: virthost01.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/modularity.fedorainfracloud.org b/inventory/host_vars/modularity.fedorainfracloud.org new file mode 100644 index 0000000000..6f8d3a3c30 --- /dev/null +++ b/inventory/host_vars/modularity.fedorainfracloud.org @@ -0,0 +1,21 @@ +--- +image: "Fedora-Cloud-Base-24 (Final)" +instance_type: m1.medium +keypair: fedora-admin-20130801 +security_group: modularity,ssh-anywhere-persistent,web-80-anywhere-persistent,web-443-anywhere-persistent,default,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: modularity +hostbase: modularity +public_ip: 209.132.184.168 +root_auth_users: langdon ralph +description: Modularity + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + +shared_buffers: "1GB" +effective_cache_size: "2GB" diff --git a/inventory/host_vars/modularity2.fedorainfracloud.org b/inventory/host_vars/modularity2.fedorainfracloud.org new file mode 100644 index 0000000000..65d2e1089f --- /dev/null +++ b/inventory/host_vars/modularity2.fedorainfracloud.org @@ -0,0 +1,21 @@ +--- +image: "{{ fedora26_x86_64 }}" +instance_type: m1.medium +keypair: fedora-admin-20130801 +security_group: modularity,ssh-anywhere-persistent,web-80-anywhere-persistent,web-443-anywhere-persistent,default,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: modularity2 +hostbase: modularity2 +public_ip: 209.132.184.59 +root_auth_users: langdon ralph +description: Modularity + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + +shared_buffers: "1GB" +effective_cache_size: "2GB" diff --git a/inventory/host_vars/nagios01.phx2.fedoraproject.org b/inventory/host_vars/nagios01.phx2.fedoraproject.org new file mode 100644 index 0000000000..65c31d5a4e --- /dev/null +++ b/inventory/host_vars/nagios01.phx2.fedoraproject.org @@ -0,0 +1,32 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +eth0_ip: 10.5.126.241 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost +vmhost: virthost18.phx2.fedoraproject.org +datacenter: phx2 + +tcp_ports: ['22', '80', '443', '67', '68'] +udp_ports: ['67','68','69'] +custom_rules: [ + '-A INPUT -p tcp -m tcp -s 192.168.1.20 --dport 5666 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', +] + +csi_relationship: | + nagios01 is a test mode for monitoring nagios instance to the phx datacenter. + + * This host relies on: + - the virthost it's hosted on (virthost17.phx2.fedoraproject.org) + - FAS to authenticate users + - VPN connectivity + + * Things that rely on this host: + - Infrastructure team to be awair of the infra status. operations control process will fail + - if this host is down, it will be difficult to know the status of infra and provide reactive/proactive support + - if this host is down, dhcp/bootp leases/renew will fail. pxe booting will fail as well diff --git a/inventory/host_vars/noc-cc01.rdu-cc.fedoraproject.org b/inventory/host_vars/noc-cc01.rdu-cc.fedoraproject.org deleted file mode 100644 index d88ea5d23b..0000000000 --- a/inventory/host_vars/noc-cc01.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,49 +0,0 @@ ---- -datacenter: rdu-cc -dns1: 8.8.8.8 -dns2: 8.8.4.4 -eth0_ipv4: 8.43.85.50 -eth0_ipv4_gw: 8.43.85.254 -eth0_ipv4_nm: 23 -eth1_ipv4: 172.23.1.3 -eth1_ipv4_nm: 24 -freezes: false -has_ipv4: yes -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -lvm_size: 20000 -mac0: 52:54:00:83:bf:28 -mac1: 52:54:00:1c:14:e6 -mem_size: 8192 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - vpn.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - type: ethernet - - autoconnect: yes - ip: - address: - - "{{ eth1_ipv4 }}/{{ eth1_ipv4_nm }}" - dhcp4: no - mac: "{{ mac1 }}" - name: eth1 - type: ethernet -num_cpus: 4 -public_hostname: noc-cc01.rdu-cc.fedoraproject.org -tcp_ports: ['67', '68'] -udp_ports: ['67', '68', '69'] -virt_install_command: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns1 }} ip={{ eth0_ipv4 }}::{{ eth0_ipv4_gw }}:{{ eth0_ipv4_nm }}:{{ inventory_hostname }}:eth0:none ip={{ eth1_ipv4 }}:::{{ eth1_ipv4_nm }}:{{ inventory_hostname_short }}-mgmt:eth1:none' --network bridge=br0,model=virtio,mac={{ mac_address }} --network=bridge=br1,model=virtio,mac={{ mac_address }} --autostart --noautoconsole --watchdog default --rng /dev/random -vmhost: vmhost-x86-cc03.rdu-cc.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/noc01.iad2.fedoraproject.org b/inventory/host_vars/noc01.iad2.fedoraproject.org deleted file mode 100644 index 93a7b5194e..0000000000 --- a/inventory/host_vars/noc01.iad2.fedoraproject.org +++ /dev/null @@ -1,27 +0,0 @@ ---- -custom_rules: [ - '-A INPUT -p tcp -m tcp -s 192.168.1.20 --dport 5666 -j ACCEPT', - # needed to allow rsync from log01 - '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' - ] -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 192.168.1.20 tcp dport 5666 counter accept' - # needed to allow rsync from log01 - - 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept' -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.10 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# Define resources for this group of hosts here. -lvm_size: 20000 -mem_size: 8192 -nagios_location: 'iad2_internal' -nagios_srcdir: 'nagios' -num_cpus: 4 -tcp_ports: ['22', '80', '443', '67', '68'] -udp_ports: ['67', '68', '69'] -vmhost: vmhost-x86-04.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/noc01.phx2.fedoraproject.org b/inventory/host_vars/noc01.phx2.fedoraproject.org new file mode 100644 index 0000000000..ac009d063b --- /dev/null +++ b/inventory/host_vars/noc01.phx2.fedoraproject.org @@ -0,0 +1,36 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +eth0_ip: 10.5.126.41 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost +vmhost: virthost18.phx2.fedoraproject.org +datacenter: phx2 + +tcp_ports: ['22', '80', '443', '67', '68'] +udp_ports: ['67','68','69'] +custom_rules: [ + '-A INPUT -p tcp -m tcp -s 192.168.1.20 --dport 5666 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', +] + +csi_relationship: | + noc01 is the internal monitoring nagios instance to the phx datacenter. + it is also the dhcp server serving all computing nodes + + * This host relies on: + - the virthost it's hosted on (virthost17.phx2.fedoraproject.org) + - FAS to authenticate users + - VPN connectivity + + * Things that rely on this host: + - Infrastructure team to be awair of the infra status. operations control process will fail + - if this host is down, it will be difficult to know the status of infra and provide reactive/proactive support + - if this host is down, dhcp/bootp leases/renew will fail. pxe booting will fail as well + +nagios_srcdir: 'nagios' +nagios_location: 'internal' diff --git a/inventory/host_vars/noc01.rdu3.fedoraproject.org b/inventory/host_vars/noc01.rdu3.fedoraproject.org deleted file mode 100644 index 4ec5ee8fa3..0000000000 --- a/inventory/host_vars/noc01.rdu3.fedoraproject.org +++ /dev/null @@ -1,27 +0,0 @@ ---- -custom_rules: [ - '-A INPUT -p tcp -m tcp -s 192.168.1.20 --dport 5666 -j ACCEPT', - # needed to allow rsync from log01 - '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' - ] -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 192.168.1.20 tcp dport 5666 counter accept' - # needed to allow rsync from log01 - - 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept' -datacenter: rdu3 -eth0_ipv4_gw: 10.16.163.254 -eth0_ipv4_ip: 10.16.163.10 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# Define resources for this group of hosts here. -lvm_size: 20000 -mem_size: 8192 -nagios_location: 'rdu3_internal' -nagios_srcdir: 'nagios' -num_cpus: 4 -tcp_ports: ['22', '80', '443', '67', '68'] -udp_ports: ['67', '68', '69'] -vmhost: vmhost-x86-01.rdu3.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/noc01.stg.phx2.fedoraproject.org b/inventory/host_vars/noc01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..85de88c7f0 --- /dev/null +++ b/inventory/host_vars/noc01.stg.phx2.fedoraproject.org @@ -0,0 +1,33 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost16 +vmhost: virthost16.phx2.fedoraproject.org +datacenter: phx2 + +tcp_ports: ['22', '80', '443', '67', '68'] +udp_ports: ['67','68','69'] +custom_rules: [ + '-A INPUT -p tcp -m tcp -s 192.168.1.20 --dport 5666 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', +] + +eth0_ip: 10.5.128.38 +csi_relationship: | + noc01.stg is the internal monitoring nagios instance to the phx datacenter. + + * This host relies on: + - the virthost it's hosted on (virthost17.phx2.fedoraproject.org) + - FAS to authenticate users + - VPN connectivity + + * Things that rely on this host: + - Infrastructure team to be awair of the infra status. operations control process will fail + - if this host is down, it will be difficult to know the status of infra and provide reactive/proactive support + - if this host is down, dhcp/bootp leases/renew will fail. pxe booting will fail as well + diff --git a/inventory/host_vars/noc02.fedoraproject.org b/inventory/host_vars/noc02.fedoraproject.org index 57cfb5f145..8a24a900e0 100644 --- a/inventory/host_vars/noc02.fedoraproject.org +++ b/inventory/host_vars/noc02.fedoraproject.org @@ -1,55 +1,36 @@ --- -csi_relationship: | - noc02 is the external monitoring nagios instance. - - * This host relies on: - - the virthost it's hosted on (ibiblio04.fedoraproject.org) - - FAS to authenticate users - - VPN connectivity - - * Things that rely on this host: - - Infrastructure team to be awair of the infra status. operations control process will be affected - - if this host is down, it will be difficult to know the status of infra and provide reactive/proactive support -datacenter: ibiblio -dns1: 152.2.21.1 -dns2: 152.2.253.100 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -eth0_ipv4_ip: 152.19.134.192 -eth0_ipv4_gw: 152.19.134.129 -eth0_ipv4_nm: 25 -eth0_ipv6_ip: "2600:2701:4000:5211:dead:beef:00fe:fed9" -eth0_ipv6_gw: "2600:2701:4000:5211::1" -eth0_ipv6_nm: 104 +nm: 255.255.255.128 +gw: 152.19.134.129 +dns: 152.2.21.1 +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 152.19.134.192 +eth0_nm: 255.255.255.128 has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -nagios_location: 'external' -nagios_srcdir: 'nagios' -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - - 2001:4860:4860::8888 - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet -postfix_group: vpn +eth0_ipv6: "2610:28:3090:3001:dead:beef:cafe:fed9" +eth0_ipv6_gw: "2610:28:3090:3001::1" postfix_maincf: "postfix/main.cf/main.cf.noc02.fedoraproject.org" postfix_mastercf: "postfix/master.cf/master.cf.noc02.fedoraproject.org" postfix_transport_filename: transports.noc02.fedoraproject.org -vmhost: ibiblio02.fedoraproject.org -volgroup: /dev/vg_guests + + +vmhost: ibiblio04.fedoraproject.org +datacenter: ibiblio +postfix_group: vpn vpn: true -notes: "This is an external nagios server located outside of PHX. It monitors our user websites/applications (fedoraproject.org, FAS, PackageDB, Bodhi/Updates)." +csi_relationship: | + noc02 is the external monitoring nagios instance. + + * This host relies on: + - the virthost it's hosted on (ibiblio04.fedoraproject.org) + - FAS to authenticate users + - VPN connectivity + + * Things that rely on this host: + - Infrastructure team to be awair of the infra status. operations control process will be affected + - if this host is down, it will be difficult to know the status of infra and provide reactive/proactive support + +nagios_srcdir: 'nagios' +nagios_location: 'external' + diff --git a/inventory/host_vars/notifs-backend01.phx2.fedoraproject.org b/inventory/host_vars/notifs-backend01.phx2.fedoraproject.org new file mode 100644 index 0000000000..a5fb5ea32a --- /dev/null +++ b/inventory/host_vars/notifs-backend01.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.126.168 + +volgroup: /dev/vg_guests +vmhost: virthost21.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/notifs-backend01.stg.phx2.fedoraproject.org b/inventory/host_vars/notifs-backend01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..8a966a42a9 --- /dev/null +++ b/inventory/host_vars/notifs-backend01.stg.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.128.155 + +volgroup: /dev/vg_virthost16 +vmhost: virthost16.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/notifs-web01.phx2.fedoraproject.org b/inventory/host_vars/notifs-web01.phx2.fedoraproject.org new file mode 100644 index 0000000000..c10d223bfd --- /dev/null +++ b/inventory/host_vars/notifs-web01.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.126.103 + +volgroup: /dev/vg_guests +vmhost: virthost02.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/notifs-web01.stg.phx2.fedoraproject.org b/inventory/host_vars/notifs-web01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..4055bc8842 --- /dev/null +++ b/inventory/host_vars/notifs-web01.stg.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.128.156 + +volgroup: /dev/vg_virthost16 +vmhost: virthost16.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/notifs-web02.phx2.fedoraproject.org b/inventory/host_vars/notifs-web02.phx2.fedoraproject.org new file mode 100644 index 0000000000..126a17f227 --- /dev/null +++ b/inventory/host_vars/notifs-web02.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.126.119 + +volgroup: /dev/vg_guests +vmhost: virthost19.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/notifs-web02.stg.phx2.fedoraproject.org b/inventory/host_vars/notifs-web02.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..94e0a7a920 --- /dev/null +++ b/inventory/host_vars/notifs-web02.stg.phx2.fedoraproject.org @@ -0,0 +1,16 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.128.157 + +volgroup: /dev/vg_guests +vmhost: virthost20.phx2.fedoraproject.org + +datacenter: phx2 + +fedmsg_fqdn: notifs-web02.stg.phx2.fedoraproject.org diff --git a/inventory/host_vars/ns01.iad2.fedoraproject.org b/inventory/host_vars/ns01.iad2.fedoraproject.org deleted file mode 100644 index 11f2829a68..0000000000 --- a/inventory/host_vars/ns01.iad2.fedoraproject.org +++ /dev/null @@ -1,12 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.33 -# -# This host is externally reachable -# -external: true -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-01.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/ns01.rdu3.fedoraproject.org b/inventory/host_vars/ns01.rdu3.fedoraproject.org deleted file mode 100644 index 1d469f4a4a..0000000000 --- a/inventory/host_vars/ns01.rdu3.fedoraproject.org +++ /dev/null @@ -1,17 +0,0 @@ ---- -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "fedoraproject.org" -dns_search3: "iad2.fedoraproject.org" -eth0_ipv4_gw: 10.16.163.254 -eth0_ipv4_ip: 10.16.163.33 -# -# This host is externally reachable -# -external: true -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-01.rdu3.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/ns02.fedoraproject.org b/inventory/host_vars/ns02.fedoraproject.org index b561bf8741..38d47290dc 100644 --- a/inventory/host_vars/ns02.fedoraproject.org +++ b/inventory/host_vars/ns02.fedoraproject.org @@ -1,51 +1,37 @@ --- -csi_relationship: |2 - ns02 is a master dns server. - It serves about every domain under fedoraproject, fedo*, as well as others, both forward and reverse. +nm: 255.255.255.128 +gw: 152.19.134.129 +dns: 8.8.8.8 - * This host relies on: - - The virthost it's hosted on (ibiblio05.fedoraproject.org) - - batcave for dns git and keys - - connectivity to maxmind to create geoIP dns acl - - * Things that rely on this host: - - The Internet/Community to resolve everything related to fedora and reverse-IP for allocated subnets - - If this host is down, dns queries will slow down by the portion of this host to the total name servers responsible for the same domain set. - - secodary/slave dns servers -datacenter: ibiblio -dns1: 152.2.21.1 -dns2: 152.2.253.100 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -eth0_ipv4_ip: 152.19.134.139 -eth0_ipv4_gw: 152.19.134.129 -eth0_ipv4_nm: 25 -eth0_ipv6_ip: "2600:2701:4000:5211:dead:beef:00fe:fed7" -eth0_ipv6_gw: "2600:2701:4000:5211::1" -eth0_ipv6_nm: 104 -has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - - 2001:4860:4860::8888 - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet -postfix_group: vpn -vmhost: ibiblio05.fedoraproject.org volgroup: /dev/vg_guests + +eth0_ip: 152.19.134.139 +eth0_nm: 255.255.255.128 +has_ipv6: yes +eth0_ipv6: "2610:28:3090:3001:dead:beef:cafe:fed5" +eth0_ipv6_gw: "2610:28:3090:3001::1" + +postfix_group: vpn vpn: true + +vmhost: ibiblio05.fedoraproject.org +datacenter: ibiblio + +ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext +ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/ + + +csi_relationship: | + + ns02 is a master dns server. + It serves about every domain under fedoraproject, fedo*, as well as others, both forward and reverse. + + * This host relies on: + - The virthost it's hosted on (ibiblio05.fedoraproject.org) + - batcave for dns git and keys + - connectivity to maxmind to create geoIP dns acl + + * Things that rely on this host: + - The Internet/Community to resolve everything related to fedora and reverse-IP for allocated subnets + - If this host is down, dns queries will slow down by the portion of this host to the total name servers responsible for the same domain set. + - secodary/slave dns servers diff --git a/inventory/host_vars/ns02.iad2.fedoraproject.org b/inventory/host_vars/ns02.iad2.fedoraproject.org deleted file mode 100644 index 0d399c5448..0000000000 --- a/inventory/host_vars/ns02.iad2.fedoraproject.org +++ /dev/null @@ -1,12 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.34 -# -# This host is externally reachable -# -external: true -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/ns03.phx2.fedoraproject.org b/inventory/host_vars/ns03.phx2.fedoraproject.org new file mode 100644 index 0000000000..8712621ef5 --- /dev/null +++ b/inventory/host_vars/ns03.phx2.fedoraproject.org @@ -0,0 +1,28 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.22 + +volgroup: /dev/vg_guests + +eth0_ip: 10.5.126.21 + +vmhost: virthost21.phx2.fedoraproject.org +datacenter: phx2 + +collectd_graphite: True + +csi_relationship: | + + ns03 is a master dns server. + It serves about every domain under fedoraproject, fedo*, as well as others, both forward and reverse. + + * This host relies on: + - The virthost it's hosted on (virthost21.phx2.fedoraproject.org) + - batcave for dns git and keys + - connectivity to maxmind to create geoIP dns acl + + * Things that rely on this host: + - The Internet/Community to resolve everything related to fedora and reverse-IP for allocated subnets + - If this host is down, dns queries will slow down by the portion of this host to the total name servers responsible for the same domain set. + - secodary/slave dns servers diff --git a/inventory/host_vars/ns04.phx2.fedoraproject.org b/inventory/host_vars/ns04.phx2.fedoraproject.org new file mode 100644 index 0000000000..034131cf44 --- /dev/null +++ b/inventory/host_vars/ns04.phx2.fedoraproject.org @@ -0,0 +1,28 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +volgroup: /dev/vg_guests00 + +eth0_ip: 10.5.126.22 + +vmhost: virthost15.phx2.fedoraproject.org +datacenter: phx2 + +collectd_graphite: True + +csi_relationship: | + + ns04 is a master dns server. + It serves about every domain under fedoraproject, fedo*, as well as others, both forward and reverse. + + * This host relies on: + - The virthost it's hosted on (virthost15.phx2.fedoraproject.org) + - batcave for dns git and keys + - connectivity to maxmind to create geoIP dns acl + + * Things that rely on this host: + - The Internet/Community to resolve everything related to fedora and reverse-IP for allocated subnets + - If this host is down, dns queries will slow down by the portion of this host to the total name servers responsible for the same domain set. + - secodary/slave dns servers diff --git a/inventory/host_vars/ns05.fedoraproject.org b/inventory/host_vars/ns05.fedoraproject.org index bfd991cfde..604551e995 100644 --- a/inventory/host_vars/ns05.fedoraproject.org +++ b/inventory/host_vars/ns05.fedoraproject.org @@ -1,51 +1,36 @@ --- -csi_relationship: | - ns05 is a master dns server. - It serves about every domain under fedoraproject, fedo*, as well as others, both forward and reverse. +nm: 255.255.255.240 +gw: 85.236.55.1 +dns: 62.116.130.3 - * This host relies on: - - The virthost it's hosted on (internetx02.fedoraproject.org) - - batcave for dns git and keys - - connectivity to maxmind to create geoIP dns acl +volgroup: /dev/vg_Server - * Things that rely on this host: - - The Internet/Community to resolve everything related to fedora and reverse-IP for allocated subnets - - If this host is down, dns queries will slow down by the portion of this host to the total name servers responsible for the same domain set. - - secodary/slave dns servers -datacenter: internetx -dns1: 62.116.130.3 -dns2: 8.8.8.8 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -eth0_ipv4_gw: 85.236.55.1 -eth0_ipv4_ip: 85.236.55.10 -eth0_ipv4_nm: 28 -eth0_ipv6_gw: "2001:4178:2:1269::1" -eth0_ipv6_ip: "2001:4178:2:1269:dead:beef:cafe:fed5" -eth0_ipv6_nm: 64 +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 85.236.55.10 eth0_nm: 255.255.255.240 has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet +eth0_ipv6: "2001:4178:2:1269:dead:beef:cafe:fed5" +eth0_ipv6_gw: "2001:4178:2:1269::1" + postfix_group: vpn -vmhost: internetx02.fedoraproject.org -volgroup: /dev/vg_guests vpn: true + +vmhost: internetx01.fedoraproject.org +datacenter: internetx + +csi_relationship: | + + ns05 is a master dns server. + It serves about every domain under fedoraproject, fedo*, as well as others, both forward and reverse. + + * This host relies on: + - The virthost it's hosted on (internetx01.fedoraproject.org) + - batcave for dns git and keys + - connectivity to maxmind to create geoIP dns acl + + * Things that rely on this host: + - The Internet/Community to resolve everything related to fedora and reverse-IP for allocated subnets + - If this host is down, dns queries will slow down by the portion of this host to the total name servers responsible for the same domain set. + - secodary/slave dns servers diff --git a/inventory/host_vars/nuancier01.phx2.fedoraproject.org b/inventory/host_vars/nuancier01.phx2.fedoraproject.org new file mode 100644 index 0000000000..ef353663b2 --- /dev/null +++ b/inventory/host_vars/nuancier01.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.231 +vmhost: virthost22.phx2.fedoraproject.org +datacenter: phx2 + +host_backup_targets: ['/var/cache/nuancier'] diff --git a/inventory/host_vars/nuancier01.stg.phx2.fedoraproject.org b/inventory/host_vars/nuancier01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..783b9eec4f --- /dev/null +++ b/inventory/host_vars/nuancier01.stg.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.158 +vmhost: virthost11.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/nuancier02.phx2.fedoraproject.org b/inventory/host_vars/nuancier02.phx2.fedoraproject.org new file mode 100644 index 0000000000..9ab480394f --- /dev/null +++ b/inventory/host_vars/nuancier02.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.232 +vmhost: virthost21.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/nuancier02.stg.phx2.fedoraproject.org b/inventory/host_vars/nuancier02.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..2ac83a48d2 --- /dev/null +++ b/inventory/host_vars/nuancier02.stg.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.159 +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/oci-candidate-registry01.iad2.fedoraproject.org b/inventory/host_vars/oci-candidate-registry01.iad2.fedoraproject.org deleted file mode 100644 index fae8211a60..0000000000 --- a/inventory/host_vars/oci-candidate-registry01.iad2.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.102 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 50g -max_mem_size: 16384 -mem_size: 16384 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 4 -vmhost: bvmhost-x86-01.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/oci-candidate-registry01.stg.iad2.fedoraproject.org b/inventory/host_vars/oci-candidate-registry01.stg.iad2.fedoraproject.org deleted file mode 100644 index 2cf1972518..0000000000 --- a/inventory/host_vars/oci-candidate-registry01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.167.254 -eth0_ipv4_ip: 10.3.167.34 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 120g -max_mem_size: 16384 -mem_size: 8192 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 4 -vmhost: bvmhost-x86-01.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/oci-registry01.iad2.fedoraproject.org b/inventory/host_vars/oci-registry01.iad2.fedoraproject.org deleted file mode 100644 index fda6d6f7da..0000000000 --- a/inventory/host_vars/oci-registry01.iad2.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.119 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 120g -max_mem_size: 16384 -mem_size: 16384 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 4 -vmhost: bvmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/oci-registry01.stg.iad2.fedoraproject.org b/inventory/host_vars/oci-registry01.stg.iad2.fedoraproject.org deleted file mode 100644 index 88bcb9328b..0000000000 --- a/inventory/host_vars/oci-registry01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.167.254 -eth0_ipv4_ip: 10.3.167.35 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 120g -max_mem_size: 16384 -mem_size: 8192 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 4 -vmhost: bvmhost-x86-03.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/oci-registry02.iad2.fedoraproject.org b/inventory/host_vars/oci-registry02.iad2.fedoraproject.org deleted file mode 100644 index e563327d0a..0000000000 --- a/inventory/host_vars/oci-registry02.iad2.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.127 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 120g -max_mem_size: 16384 -mem_size: 16384 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 4 -vmhost: bvmhost-x86-03.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/ocp01.ocp.iad2.fedoraproject.org b/inventory/host_vars/ocp01.ocp.iad2.fedoraproject.org deleted file mode 100644 index 39031f30cb..0000000000 --- a/inventory/host_vars/ocp01.ocp.iad2.fedoraproject.org +++ /dev/null @@ -1,47 +0,0 @@ ---- -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.163.120 -eth0_ipv4_gw: 10.3.163.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -lvm_size: 120g -mac0: "{{ ansible_default_ipv4.macaddress }}" -max_mem_size: 24576 -mem_size: 24576 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 4 -rhcos_ignition_file_url: "http://10.3.163.65/rhcos/controlplane.ign" -rhcos_install_img_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.163.65/rhcos/" -virt_install_command: "{{ virt_install_command_pxe_rhcos }}" -vmhost: vmhost-x86-04.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/ocp01.ocp.stg.iad2.fedoraproject.org b/inventory/host_vars/ocp01.ocp.stg.iad2.fedoraproject.org deleted file mode 100644 index 61d3594e80..0000000000 --- a/inventory/host_vars/ocp01.ocp.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,48 +0,0 @@ ---- -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.166.115 -eth0_ipv4_gw: 10.3.166.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -lvm_size: 120g -mac0: "{{ ansible_default_ipv4.macaddress }}" -max_mem_size: 24576 -mem_size: 24576 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 4 -rhcos_ignition_file_url: "http://10.3.166.50/rhcos/controlplane.ign" -rhcos_install_img_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.166.50/rhcos/" -virt_install_command: "{{ virt_install_command_pxe_rhcos }}" -vmhost: vmhost-x86-05.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/ocp02.ocp.iad2.fedoraproject.org b/inventory/host_vars/ocp02.ocp.iad2.fedoraproject.org deleted file mode 100644 index b3fce22cde..0000000000 --- a/inventory/host_vars/ocp02.ocp.iad2.fedoraproject.org +++ /dev/null @@ -1,47 +0,0 @@ ---- -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.163.121 -eth0_ipv4_gw: 10.3.163.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -lvm_size: 120g -mac0: "{{ ansible_default_ipv4.macaddress }}" -max_mem_size: 24576 -mem_size: 24576 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 4 -rhcos_ignition_file_url: "http://10.3.163.65/rhcos/controlplane.ign" -rhcos_install_img_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.163.65/rhcos/" -virt_install_command: "{{ virt_install_command_pxe_rhcos }}" -vmhost: vmhost-x86-05.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/ocp02.ocp.stg.iad2.fedoraproject.org b/inventory/host_vars/ocp02.ocp.stg.iad2.fedoraproject.org deleted file mode 100644 index 85aa73a633..0000000000 --- a/inventory/host_vars/ocp02.ocp.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,48 +0,0 @@ ---- -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.166.116 -eth0_ipv4_gw: 10.3.166.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -lvm_size: 120g -mac0: "{{ ansible_default_ipv4.macaddress }}" -max_mem_size: 24576 -mem_size: 24576 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 4 -rhcos_ignition_file_url: "http://10.3.166.50/rhcos/controlplane.ign" -rhcos_install_img_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.166.50/rhcos/" -virt_install_command: "{{ virt_install_command_pxe_rhcos }}" -vmhost: vmhost-x86-06.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/ocp03.ocp.iad2.fedoraproject.org b/inventory/host_vars/ocp03.ocp.iad2.fedoraproject.org deleted file mode 100644 index 7c4ffa9ea9..0000000000 --- a/inventory/host_vars/ocp03.ocp.iad2.fedoraproject.org +++ /dev/null @@ -1,47 +0,0 @@ ---- -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.163.122 -eth0_ipv4_gw: 10.3.163.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -lvm_size: 120g -mac0: "{{ ansible_default_ipv4.macaddress }}" -max_mem_size: 24576 -mem_size: 24576 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 4 -rhcos_ignition_file_url: "http://10.3.163.65/rhcos/controlplane.ign" -rhcos_install_img_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.163.65/rhcos/" -virt_install_command: "{{ virt_install_command_pxe_rhcos }}" -vmhost: vmhost-x86-06.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/ocp03.ocp.stg.iad2.fedoraproject.org b/inventory/host_vars/ocp03.ocp.stg.iad2.fedoraproject.org deleted file mode 100644 index 0cbeb435cd..0000000000 --- a/inventory/host_vars/ocp03.ocp.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,48 +0,0 @@ ---- -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.166.117 -eth0_ipv4_gw: 10.3.166.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -lvm_size: 120g -mac0: "{{ ansible_default_ipv4.macaddress }}" -max_mem_size: 24576 -mem_size: 24576 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 4 -rhcos_ignition_file_url: "http://10.3.166.50/rhcos/controlplane.ign" -rhcos_install_img_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.166.50/rhcos/" -virt_install_command: "{{ virt_install_command_pxe_rhcos }}" -vmhost: vmhost-x86-07.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/odcs-backend01.phx2.fedoraproject.org b/inventory/host_vars/odcs-backend01.phx2.fedoraproject.org new file mode 100644 index 0000000000..097be7b958 --- /dev/null +++ b/inventory/host_vars/odcs-backend01.phx2.fedoraproject.org @@ -0,0 +1,15 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-26 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/26/Server/x86_64/os/ + +eth0_ip: 10.5.126.65 +eth1_ip: 10.5.127.114 + +volgroup: /dev/vg_guests +vmhost: virthost19.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/odcs-backend01.stg.phx2.fedoraproject.org b/inventory/host_vars/odcs-backend01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..c5e00e389e --- /dev/null +++ b/inventory/host_vars/odcs-backend01.stg.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-26 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/26/Server/x86_64/os/ + +eth0_ip: 10.5.128.77 +eth1_ip: 10.5.127.113 + +volgroup: /dev/vg_guests +vmhost: virthost20.phx2.fedoraproject.org diff --git a/inventory/host_vars/odcs-frontend01.phx2.fedoraproject.org b/inventory/host_vars/odcs-frontend01.phx2.fedoraproject.org new file mode 100644 index 0000000000..b09f85cb19 --- /dev/null +++ b/inventory/host_vars/odcs-frontend01.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-26 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/26/Server/x86_64/os/ + +eth0_ip: 10.5.126.29 + +volgroup: /dev/vg_guests +vmhost: virthost22.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/odcs-frontend01.stg.phx2.fedoraproject.org b/inventory/host_vars/odcs-frontend01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..2dd15b6e71 --- /dev/null +++ b/inventory/host_vars/odcs-frontend01.stg.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-26 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/26/Server/x86_64/os/ + +eth0_ip: 10.5.128.76 + +volgroup: /dev/vg_guests +vmhost: virthost20.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/openqa-a64-worker01.iad2.fedoraproject.org b/inventory/host_vars/openqa-a64-worker01.iad2.fedoraproject.org deleted file mode 100644 index 766e84d4c4..0000000000 --- a/inventory/host_vars/openqa-a64-worker01.iad2.fedoraproject.org +++ /dev/null @@ -1,64 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -enP2p1s0_mac: "{{ mac1 }}" -enp1s0_ipv4: 10.3.174.61 -enp1s0_ipv4_gw: 10.3.174.254 -enp1s0_ipv4_nm: 24 -enp1s0_mac: "{{ mac2 }}" -enp1s0d1_mac: "{{ mac3 }}" -freezes: false -# enP2p1s0 is disabled/nothing -# enp1s0 is active network -# enp1s0d1 is disabled/nothing -# NOTE network configuration beyond the scope of linux-system-roles on -# this host is performed by the openqa/worker role - -has_ipv4: yes -mac1: 68:05:ca:8e:9b:86 -mac2: 50:6b:4b:6a:b6:20 -mac3: 50:6b:4b:6a:b6:21 -network_connections: - - autoconnect: no - mac: "{{ enP2p1s0_mac }}" - name: enP2p1s0 - state: down - type: ethernet - - autoconnect: yes - ip: - address: - - "{{ enp1s0_ipv4 }}/{{ enp1s0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ enp1s0_ipv4_gw }}" - mac: "{{ enp1s0_mac }}" - name: enp1s0 - state: up - type: ethernet - - autoconnect: no - mac: "{{ enp1s0d1_mac }}" - name: enp1s0d1 - state: down - type: ethernet -nrpe_procs_crit: 300 -nrpe_procs_warn: 250 -openqa_rngd: false -openqa_tap_iface: enp1s0 -# this is a powerful machine, can handle more openQA workers -openqa_workers: 15 -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -# firewall ports for server->worker websockets connections -# this port is 'QEMUPORT plus 1' -# QEMUPORT is: -# $ENV{QEMUPORT} = ($options{instance}) * 10 + 20002; -# so for worker 1 it's 20012, for worker 2 it's 20022, etc etc -tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153'] -nbde_device: /dev/sda3 diff --git a/inventory/host_vars/openqa-a64-worker02.iad2.fedoraproject.org b/inventory/host_vars/openqa-a64-worker02.iad2.fedoraproject.org deleted file mode 100644 index 0a773e7529..0000000000 --- a/inventory/host_vars/openqa-a64-worker02.iad2.fedoraproject.org +++ /dev/null @@ -1,64 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -enP2p1s0_mac: "{{ mac1 }}" -enp1s0_ipv4: 10.3.174.62 -enp1s0_ipv4_gw: 10.3.174.254 -enp1s0_ipv4_nm: 24 -enp1s0_mac: "{{ mac2 }}" -enp1s0d1_mac: "{{ mac3 }}" -freezes: false -# enP2p1s0 is disabled/nothing -# enp1s0 is active network -# enp1s0d1 is disabled/nothing -# NOTE network configuration beyond the scope of linux-system-roles on -# this host is performed by the openqa/worker role - -has_ipv4: yes -mac1: 00:1b:21:e0:6a:72 -mac2: 50:6b:4b:7f:a8:b0 -mac3: 50:6b:4b:7f:a8:b1 -network_connections: - - autoconnect: no - mac: "{{ enP2p1s0_mac }}" - name: enP2p1s0 - state: down - type: ethernet - - autoconnect: yes - ip: - address: - - "{{ enp1s0_ipv4 }}/{{ enp1s0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ enp1s0_ipv4_gw }}" - mac: "{{ enp1s0_mac }}" - name: enp1s0 - state: up - type: ethernet - - autoconnect: no - mac: "{{ enp1s0d1_mac }}" - name: enp1s0d1 - state: down - type: ethernet -nrpe_procs_crit: 300 -nrpe_procs_warn: 250 -openqa_rngd: false -openqa_tap_iface: enp1s0 -# this is a powerful machine, can handle more openQA workers -openqa_workers: 15 -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -# firewall ports for server->worker websockets connections -# this port is 'QEMUPORT plus 1' -# QEMUPORT is: -# $ENV{QEMUPORT} = ($options{instance}) * 10 + 20002; -# so for worker 1 it's 20012, for worker 2 it's 20022, etc etc -tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153'] -nbde_device: /dev/sda3 diff --git a/inventory/host_vars/openqa-a64-worker03.iad2.fedoraproject.org b/inventory/host_vars/openqa-a64-worker03.iad2.fedoraproject.org deleted file mode 100644 index 6f5ef6b6a5..0000000000 --- a/inventory/host_vars/openqa-a64-worker03.iad2.fedoraproject.org +++ /dev/null @@ -1,64 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -enP2p1s0_mac: "{{ mac1 }}" -enp1s0_ipv4: 10.3.174.63 -enp1s0_ipv4_gw: 10.3.174.254 -enp1s0_ipv4_nm: 24 -enp1s0_mac: "{{ mac2 }}" -enp1s0d1_mac: "{{ mac3 }}" -freezes: false -# enP2p1s0 is disabled/nothing -# enp1s0 is active network -# enp1s0d1 is disabled/nothing -# NOTE network configuration beyond the scope of linux-system-roles on -# this host is performed by the openqa/worker role - -has_ipv4: yes -mac1: 00:1b:21:e0:6e:5b -mac2: 50:6b:4b:7f:98:30 -mac3: 50:6b:4b:7f:98:31 -network_connections: - - autoconnect: no - mac: "{{ enP2p1s0_mac }}" - name: enP2p1s0 - state: down - type: ethernet - - autoconnect: yes - ip: - address: - - "{{ enp1s0_ipv4 }}/{{ enp1s0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ enp1s0_ipv4_gw }}" - mac: "{{ enp1s0_mac }}" - name: enp1s0 - state: up - type: ethernet - - autoconnect: no - mac: "{{ enp1s0d1_mac }}" - name: enp1s0d1 - state: down - type: ethernet -nrpe_procs_crit: 300 -nrpe_procs_warn: 250 -openqa_rngd: false -openqa_tap_iface: enp1s0 -# this is a powerful machine, can handle more openQA workers -openqa_workers: 15 -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -# firewall ports for server->worker websockets connections -# this port is 'QEMUPORT plus 1' -# QEMUPORT is: -# $ENV{QEMUPORT} = ($options{instance}) * 10 + 20002; -# so for worker 1 it's 20012, for worker 2 it's 20022, etc etc -tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153'] -nbde_device: /dev/sda3 diff --git a/inventory/host_vars/openqa-a64-worker04.iad2.fedoraproject.org b/inventory/host_vars/openqa-a64-worker04.iad2.fedoraproject.org deleted file mode 100644 index d06fb6876f..0000000000 --- a/inventory/host_vars/openqa-a64-worker04.iad2.fedoraproject.org +++ /dev/null @@ -1,74 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eno1_mac: "{{ mac1 }}" -eno2_mac: "{{ mac2 }}" -enP1p1s0f0np0_mac: "{{ mac3 }}" -enP1p1s0f1np1_mac: "{{ mac4 }}" -enP1p1s0f0np0_ipv4: 10.3.174.64 -enP1p1s0f0np0_ipv4_gw: 10.3.174.254 -enP1p1s0f0np0_ipv4_nm: 24 -freezes: false -# eno1 is disabled/nothing -# eno2 is disabled/nothing -# enP1p1s0f0np0 is active network -# enP1p1s0f1np1 is disabled/nothing -# NOTE network configuration beyond the scope of linux-system-roles on -# this host is performed by the openqa/worker role - -has_ipv4: yes -mac1: d8:5e:d3:8b:73:d6 -mac2: d8:5e:d3:8b:73:d7 -mac3: 0c:42:a1:5a:08:b0 -mac4: 0c:42:a1:5a:08:b1 -network_connections: - - autoconnect: no - mac: "{{ eno1_mac }}" - name: eno1 - state: down - type: ethernet - - autoconnect: no - mac: "{{ eno2_mac }}" - name: eno2 - state: down - type: ethernet - - autoconnect: yes - ip: - address: - - "{{ enP1p1s0f0np0_ipv4 }}/{{ enP1p1s0f0np0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ enP1p1s0f0np0_ipv4_gw }}" - mac: "{{ enP1p1s0f0np0_mac }}" - name: enP1p1s0f0np0 - state: up - type: ethernet - - autoconnect: no - mac: "{{ enP1p1s0f1np1_mac }}" - name: enP1p1s0f1np1 - state: down - type: ethernet -nrpe_procs_crit: 300 -nrpe_procs_warn: 250 -openqa_rngd: false -openqa_tap_iface: enP1p1s0f0np0 -# this is a powerful machine, but storage kinda limits how many workers -# we can safely run at once -openqa_workers: 25 -# also means we need to bump the load average threshold -openqa_critical_threshold: 100 -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -# firewall ports for server->worker websockets connections -# this port is 'QEMUPORT plus 1' -# QEMUPORT is: -# $ENV{QEMUPORT} = ($options{instance}) * 10 + 20002; -# so for worker 1 it's 20012, for worker 2 it's 20022, etc etc -tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153', '20163', '20173', '20183', '20193', '20203', '20213', '20223', '20233', '20243', '20253', '20263', '20273', '20283', '20293', '20303', '20313', '20323', '20333', '20343', '20353'] diff --git a/inventory/host_vars/openqa-a64-worker05.iad2.fedoraproject.org b/inventory/host_vars/openqa-a64-worker05.iad2.fedoraproject.org deleted file mode 100644 index 2fe486dab8..0000000000 --- a/inventory/host_vars/openqa-a64-worker05.iad2.fedoraproject.org +++ /dev/null @@ -1,64 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -enP2p1s0_mac: "{{ mac1 }}" -enp1s0_ipv4: 10.3.174.65 -enp1s0_ipv4_gw: 10.3.174.254 -enp1s0_ipv4_nm: 24 -enp1s0_mac: "{{ mac2 }}" -enp1s0d1_mac: "{{ mac3 }}" -freezes: false -# enP2p1s0 is disabled/nothing -# enp1s0 is active network -# enp1s0d1 is disabled/nothing -# NOTE network configuration beyond the scope of linux-system-roles on -# this host is performed by the openqa/worker role - -has_ipv4: yes -mac1: 68:05:ca:8a:f0:29 -mac2: 50:6b:4b:6a:eb:b0 -mac3: 50:6b:4b:6a:eb:b1 -network_connections: - - autoconnect: no - mac: "{{ enP2p1s0_mac }}" - name: enP2p1s0 - state: down - type: ethernet - - autoconnect: yes - ip: - address: - - "{{ enp1s0_ipv4 }}/{{ enp1s0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ enp1s0_ipv4_gw }}" - mac: "{{ enp1s0_mac }}" - name: enp1s0 - state: up - type: ethernet - - autoconnect: no - mac: "{{ enp1s0d1_mac }}" - name: enp1s0d1 - state: down - type: ethernet -nrpe_procs_crit: 300 -nrpe_procs_warn: 250 -openqa_rngd: false -openqa_tap_iface: enp1s0 -# this is a moderately powerful machine (16c/32t, I think) -openqa_workers: 15 -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -# firewall ports for server->worker websockets connections -# this port is 'QEMUPORT plus 1' -# QEMUPORT is: -# $ENV{QEMUPORT} = ($options{instance}) * 10 + 20002; -# so for worker 1 it's 20012, for worker 2 it's 20022, etc etc -tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153'] -nbde_device: /dev/sda3 diff --git a/inventory/host_vars/openqa-a64-worker06.iad2.fedoraproject.org b/inventory/host_vars/openqa-a64-worker06.iad2.fedoraproject.org deleted file mode 100644 index 460286f9dc..0000000000 --- a/inventory/host_vars/openqa-a64-worker06.iad2.fedoraproject.org +++ /dev/null @@ -1,64 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -enP2p1s0_mac: "{{ mac1 }}" -enp1s0_ipv4: 10.3.174.66 -enp1s0_ipv4_gw: 10.3.174.254 -enp1s0_ipv4_nm: 24 -enp1s0_mac: "{{ mac2 }}" -enp1s0d1_mac: "{{ mac3 }}" -freezes: false -# enP2p1s0 is disabled/nothing -# enp1s0 is active network -# enp1s0d1 is disabled/nothing -# NOTE network configuration beyond the scope of linux-system-roles on -# this host is performed by the openqa/worker role - -has_ipv4: yes -mac1: 68:05:ca:8e:98:c7 -mac2: 50:6b:4b:6a:c4:90 -mac3: 50:6b:4b:6a:c4:91 -network_connections: - - autoconnect: no - mac: "{{ enP2p1s0_mac }}" - name: enP2p1s0 - state: down - type: ethernet - - autoconnect: yes - ip: - address: - - "{{ enp1s0_ipv4 }}/{{ enp1s0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ enp1s0_ipv4_gw }}" - mac: "{{ enp1s0_mac }}" - name: enp1s0 - state: up - type: ethernet - - autoconnect: no - mac: "{{ enp1s0d1_mac }}" - name: enp1s0d1 - state: down - type: ethernet -nrpe_procs_crit: 300 -nrpe_procs_warn: 250 -openqa_rngd: false -openqa_tap_iface: enp1s0 -# this is a moderately powerful machine (16c/32t, I think) -openqa_workers: 15 -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -# firewall ports for server->worker websockets connections -# this port is 'QEMUPORT plus 1' -# QEMUPORT is: -# $ENV{QEMUPORT} = ($options{instance}) * 10 + 20002; -# so for worker 1 it's 20012, for worker 2 it's 20022, etc etc -tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153'] -nbde_device: /dev/sda3 diff --git a/inventory/host_vars/openqa-lab01.iad2.fedoraproject.org b/inventory/host_vars/openqa-lab01.iad2.fedoraproject.org deleted file mode 100644 index e4cf0ca4e3..0000000000 --- a/inventory/host_vars/openqa-lab01.iad2.fedoraproject.org +++ /dev/null @@ -1,24 +0,0 @@ ---- -############################################################ -# networking -############################################################ -datacenter: iad2 -eth0_ipv4_gw: 10.3.174.254 -eth0_ipv4_ip: 10.3.174.57 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/32/Server/x86_64/os/ -############################################################ -# install -############################################################ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora-32-iad2 -############################################################ -# virtual machine -############################################################ -lvm_size: 1750000 -max_cpu: 60 -max_mem_size: 383216 -mem_size: 262144 -nrpe_procs_crit: 1200 -nrpe_procs_warn: 1000 -num_cpus: 60 -vmhost: qvmhost-x86-01.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/openqa-p09-worker01.iad2.fedoraproject.org b/inventory/host_vars/openqa-p09-worker01.iad2.fedoraproject.org deleted file mode 100644 index b211a5dc04..0000000000 --- a/inventory/host_vars/openqa-p09-worker01.iad2.fedoraproject.org +++ /dev/null @@ -1,59 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -enp1s0f0np0_ipv4: 10.3.174.42 -enp1s0f0np0_ipv4_gw: 10.3.174.254 -enp1s0f0np0_ipv4_nm: 24 -enp1s0f0np0_mac: "{{ mac1 }}" -enp1s0f1np1_mac: "{{ mac2 }}" -freezes: false -# enp1s0f0np0 is default network -# enp1s0f1np1 is disabled/nothing -# NOTE network configuration beyond the scope of linux-system-roles on -# this host is performed by the openqa/worker role - -has_ipv4: yes -mac1: 40:a6:b7:18:87:24 -mac2: 40:a6:b7:18:87:25 -mac3: ac:1f:6b:56:e5:90 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ enp1s0f0np0_ipv4 }}/{{ enp1s0f0np0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ enp1s0f0np0_ipv4_gw }}" - mac: "{{ enp1s0f0np0_mac }}" - name: enp1s0f0np0 - state: up - type: ethernet - - autoconnect: no - mac: "{{ enp1s0f1np1_mac }}" - name: enp1s0f1np1 - state: down - type: ethernet -nrpe_procs_crit: 300 -nrpe_procs_warn: 250 -# has an HW RNG, so let's have rngd -openqa_rngd: true -openqa_tap_iface: enp1s0f0np0 -# this is a powerful machine, can handle more openQA workers -openqa_workers: 15 -# also means we need to bump the load average threshold -openqa_critical_threshold: 70 -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -# firewall ports for server->worker websockets connections -# this port is 'QEMUPORT plus 1' -# QEMUPORT is: -# $ENV{QEMUPORT} = ($options{instance}) * 10 + 20002; -# so for worker 1 it's 20012, for worker 2 it's 20022, etc etc -tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153'] diff --git a/inventory/host_vars/openqa-p09-worker02.iad2.fedoraproject.org b/inventory/host_vars/openqa-p09-worker02.iad2.fedoraproject.org deleted file mode 100644 index 7cdde21001..0000000000 --- a/inventory/host_vars/openqa-p09-worker02.iad2.fedoraproject.org +++ /dev/null @@ -1,64 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -enp1s0f0np0_ipv4: 10.3.174.43 -enp1s0f0np0_ipv4_gw: 10.3.174.254 -enp1s0f0np0_ipv4_nm: 24 -enp1s0f0np0_mac: "{{ mac1 }}" -enp1s0f1np1_mac: "{{ mac2 }}" -enP2p1s0f0np0_mac: "{{ mac3 }}" -freezes: false -# enp1s0f0np0 is default network -# enp1s0f1np1 is disabled/nothing -# enP2p1s0f0np0 is disabled/nothing - -has_ipv4: yes -mac1: 40:a6:b7:18:86:b8 -mac2: 40:a6:b7:18:86:b9 -mac3: ac:1f:6b:59:70:6e -network_connections: - - autoconnect: yes - ip: - address: - - "{{ enp1s0f0np0_ipv4 }}/{{ enp1s0f0np0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ enp1s0f0np0_ipv4_gw }}" - mac: "{{ enp1s0f0np0_mac }}" - name: enp1s0f0np0 - state: up - type: ethernet - - autoconnect: no - mac: "{{ enp1s0f1np1_mac }}" - name: enp1s0f1np1 - state: down - type: ethernet - - autoconnect: no - mac: "{{ enP2p1s0f0np0_mac }}" - name: enP2p1s0f0np0 - state: down - type: ethernet -nrpe_procs_crit: 300 -nrpe_procs_warn: 250 -# has an HW RNG, so let's have rngd -openqa_rngd: true -openqa_tap_iface: enp1s0f0np0 -# this is a powerful machine, can handle more openQA workers -openqa_workers: 15 -# also means we need to bump the load average threshold -openqa_critical_threshold: 70 -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -# firewall ports for server->worker websockets connections -# this port is 'QEMUPORT plus 1' -# QEMUPORT is: -# $ENV{QEMUPORT} = ($options{instance}) * 10 + 20002; -# so for worker 1 it's 20012, for worker 2 it's 20022, etc etc -tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153'] diff --git a/inventory/host_vars/openqa-ppc64le-01.qa.fedoraproject.org b/inventory/host_vars/openqa-ppc64le-01.qa.fedoraproject.org new file mode 100644 index 0000000000..e0ee268a04 --- /dev/null +++ b/inventory/host_vars/openqa-ppc64le-01.qa.fedoraproject.org @@ -0,0 +1,19 @@ +--- +freezes: false +eth2_nm: 255.255.255.0 +gw: 10.5.131.254 +dns: 10.5.126.21 +eth2_ip: 10.5.131.73 +datacenter: phx2 +fas_client_groups: sysadmin-qa,sysadmin-main,sysadmin-noc,fi-apprentice,sysadmin-veteran +nrpe_procs_warn: 250 +nrpe_procs_crit: 300 + +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" + +# Given that the only interface here is eth2, we can't really make ansible do its magic +ansible_ifcfg_whitelist: +- nonexistent + +# this is a powerful machine, can handle more openQA workers +openqa_workers: 8 diff --git a/inventory/host_vars/openqa-stg01.qa.fedoraproject.org b/inventory/host_vars/openqa-stg01.qa.fedoraproject.org new file mode 100644 index 0000000000..3c1120db8c --- /dev/null +++ b/inventory/host_vars/openqa-stg01.qa.fedoraproject.org @@ -0,0 +1,32 @@ +--- +############################################################ +# networking +############################################################ + +nm: 255.255.255.0 +gw: 10.5.131.254 +dns: 10.5.126.21 +eth0_ip: 10.5.131.72 + +############################################################ +# install +############################################################ + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-24-openqa +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/24/Server/x86_64/os/ +volgroup: /dev/vg_guests +vmhost: virthost-comm04.qa.fedoraproject.org +datacenter: phx2 + +############################################################ +# virtual machine +############################################################ + +fas_client_groups: sysadmin-qa,sysadmin-main,sysadmin-noc,fi-apprentice,sysadmin-veteran + +lvm_size: 768000 +mem_size: 4096 +num_cpus: 4 + +nrpe_procs_warn: 250 +nrpe_procs_crit: 300 diff --git a/inventory/host_vars/openqa-x86-worker01.iad2.fedoraproject.org b/inventory/host_vars/openqa-x86-worker01.iad2.fedoraproject.org deleted file mode 100644 index 127db7d315..0000000000 --- a/inventory/host_vars/openqa-x86-worker01.iad2.fedoraproject.org +++ /dev/null @@ -1,74 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eno1np0_ipv4: 10.3.174.21 -eno1np0_ipv4_gw: 10.3.174.254 -eno1np0_ipv4_nm: 24 -eno1np0_mac: "{{ mac1 }}" -eno2np1_mac: "{{ mac2 }}" -eno3_mac: "{{ mac3 }}" -eno4_mac: "{{ mac4 }}" -freezes: false -# eno1np0 is default network -# eno2np1 is disabled/nothing -# eno3 is disabled/nothing -# eno4 is disabled/nothing -# NOTE network configuration beyond the scope of linux-system-roles on -# this host is performed by the openqa/worker role - -has_ipv4: yes -mac1: e4:43:4b:a7:98:66 -mac2: e4:43:4b:a7:98:68 -mac3: e4:43:4b:a7:98:86 -mac4: e4:43:4b:a7:98:87 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eno1np0_ipv4 }}/{{ eno1np0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eno1np0_ipv4_gw }}" - mac: "{{ eno1np0_mac }}" - name: eno1np0 - state: up - type: ethernet - - autoconnect: no - mac: "{{ eno2np1_mac }}" - name: eno2np1 - state: down - type: ethernet - - autoconnect: no - mac: "{{ eno3_mac }}" - name: eno3 - state: down - type: ethernet - - autoconnect: no - mac: "{{ eno4_mac }}" - name: eno4 - state: down - type: ethernet -nrpe_procs_crit: 1600 -nrpe_procs_warn: 1400 -# Has a hardware RNG -openqa_rngd: true -openqa_tap_iface: eno1np0 -# this is a powerful machine, can handle more openQA workers -openqa_workers: 30 -# also means we need to bump the load average threshold -openqa_critical_threshold: 60 -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -# firewall ports for server->worker websockets connections -# this port is 'QEMUPORT plus 1' -# QEMUPORT is: -# $ENV{QEMUPORT} = ($options{instance}) * 10 + 20002; -# so for worker 1 it's 20012, for worker 2 it's 20022, etc etc -tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153', '20163', '20173', '20183', '20193', '20203', '20213', '20223', '20233', '20243', '20253', '20263', '20273', '20283', '20293', '20303'] diff --git a/inventory/host_vars/openqa-x86-worker02.iad2.fedoraproject.org b/inventory/host_vars/openqa-x86-worker02.iad2.fedoraproject.org deleted file mode 100644 index 2e88656587..0000000000 --- a/inventory/host_vars/openqa-x86-worker02.iad2.fedoraproject.org +++ /dev/null @@ -1,74 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eno1np0_ipv4: 10.3.174.22 -eno1np0_ipv4_gw: 10.3.174.254 -eno1np0_ipv4_nm: 24 -eno1np0_mac: "{{ mac1 }}" -eno2np1_mac: "{{ mac2 }}" -eno3_mac: "{{ mac3 }}" -eno4_mac: "{{ mac4 }}" -freezes: false -# eno1np0 is default network -# eno2np1 is disabled/nothing -# eno3 is disabled/nothing -# eno4 is disabled/nothing -# NOTE network configuration beyond the scope of linux-system-roles on -# this host is performed by the openqa/worker role - -has_ipv4: yes -mac1: e4:43:4b:23:e8:cc -mac2: e4:43:4b:23:e8:ce -mac3: e4:43:4b:23:e8:ec -mac4: e4:43:4b:23:e8:ed -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eno1np0_ipv4 }}/{{ eno1np0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eno1np0_ipv4_gw }}" - mac: "{{ eno1np0_mac }}" - name: eno1np0 - state: up - type: ethernet - - autoconnect: no - mac: "{{ eno2np1_mac }}" - name: eno2np1 - state: down - type: ethernet - - autoconnect: no - mac: "{{ eno3_mac }}" - name: eno3 - state: down - type: ethernet - - autoconnect: no - mac: "{{ eno4_mac }}" - name: eno4 - state: down - type: ethernet -nrpe_procs_crit: 1600 -nrpe_procs_warn: 1400 -# Has a hardware RNG -openqa_rngd: true -openqa_tap_iface: eno1np0 -# this is a powerful machine, can handle more openQA workers -openqa_workers: 30 -# also means we need to bump the load average threshold -openqa_critical_threshold: 60 -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -# firewall ports for server->worker websockets connections -# this port is 'QEMUPORT plus 1' -# QEMUPORT is: -# $ENV{QEMUPORT} = ($options{instance}) * 10 + 20002; -# so for worker 1 it's 20012, for worker 2 it's 20022, etc etc -tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153', '20163', '20173', '20183', '20193', '20203', '20213', '20223', '20233', '20243', '20253', '20263', '20273', '20283', '20293', '20303'] diff --git a/inventory/host_vars/openqa-x86-worker03.iad2.fedoraproject.org b/inventory/host_vars/openqa-x86-worker03.iad2.fedoraproject.org deleted file mode 100644 index d363cd825d..0000000000 --- a/inventory/host_vars/openqa-x86-worker03.iad2.fedoraproject.org +++ /dev/null @@ -1,71 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eno1_ipv4: 10.3.174.23 -eno1_ipv4_gw: 10.3.174.254 -eno1_ipv4_nm: 24 -eno1_mac: "{{ mac1 }}" -eno2_mac: "{{ mac2 }}" -eno3_mac: "{{ mac3 }}" -eno4_mac: "{{ mac4 }}" -freezes: false -# eno1 is default network -# eno2 is disabled/nothing -# eno3 is disabled/nothing -# eno4 is disabled/nothing - -has_ipv4: yes -mac1: 24:6e:96:b0:e0:78 -mac2: 24:6e:96:b0:e0:7a -mac3: 24:6e:96:b0:e0:7c -mac4: 24:6e:96:b0:e0:7d -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eno1_ipv4 }}/{{ eno1_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eno1_ipv4_gw }}" - mac: "{{ eno1_mac }}" - name: eno1 - state: up - type: ethernet - - autoconnect: no - mac: "{{ eno2_mac }}" - name: eno2 - state: down - type: ethernet - - autoconnect: no - mac: "{{ eno3_mac }}" - name: eno3 - state: down - type: ethernet - - autoconnect: no - mac: "{{ eno4_mac }}" - name: eno4 - state: down - type: ethernet -nrpe_procs_crit: 1600 -nrpe_procs_warn: 1400 -# Has a hardware RNG -openqa_rngd: true -# this machines has 24 CPUs, 22 is our "just under one worker per -# CPU" rule-of-thumb, but it seems to be running out of memory so -# cut to 20 -openqa_workers: 20 -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -# firewall ports for server->worker websockets connections -# this port is 'QEMUPORT plus 1' -# QEMUPORT is: -# $ENV{QEMUPORT} = ($options{instance}) * 10 + 20002; -# so for worker 1 it's 20012, for worker 2 it's 20022, etc etc -tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153', '20163', '20173', '20183', '20193', '20203', '20213', '20223'] diff --git a/inventory/host_vars/openqa-x86-worker04.iad2.fedoraproject.org b/inventory/host_vars/openqa-x86-worker04.iad2.fedoraproject.org deleted file mode 100644 index 818d66516e..0000000000 --- a/inventory/host_vars/openqa-x86-worker04.iad2.fedoraproject.org +++ /dev/null @@ -1,74 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eno1np0_ipv4: 10.3.174.24 -eno1np0_ipv4_gw: 10.3.174.254 -eno1np0_ipv4_nm: 24 -eno1np0_mac: "{{ mac1 }}" -eno2np1_mac: "{{ mac2 }}" -eno3_mac: "{{ mac3 }}" -eno4_mac: "{{ mac4 }}" -freezes: false -# eno1np0 is default network -# eno2np1 is disabled/nothing -# eno3 is disabled/nothing -# eno4 is disabled/nothing -# NOTE network configuration beyond the scope of linux-system-roles on -# this host is performed by the openqa/worker role - -has_ipv4: yes -mac1: e4:43:4b:24:10:aa -mac2: e4:43:4b:24:10:ca -mac3: e4:43:4b:24:10:ac -mac4: e4:43:4b:24:10:cb -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eno1np0_ipv4 }}/{{ eno1np0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eno1np0_ipv4_gw }}" - mac: "{{ eno1np0_mac }}" - name: eno1np0 - state: up - type: ethernet - - autoconnect: no - mac: "{{ eno2np1_mac }}" - name: eno2np1 - state: down - type: ethernet - - autoconnect: no - mac: "{{ eno3_mac }}" - name: eno3 - state: down - type: ethernet - - autoconnect: no - mac: "{{ eno4_mac }}" - name: eno4 - state: down - type: ethernet -nrpe_procs_crit: 1600 -nrpe_procs_warn: 1400 -# Has a hardware RNG -openqa_rngd: true -openqa_tap_iface: eno1np0 -# this is a powerful machine, can handle more openQA workers -openqa_workers: 30 -# also means we need to bump the load average threshold -openqa_critical_threshold: 60 -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -# firewall ports for server->worker websockets connections -# this port is 'QEMUPORT plus 1' -# QEMUPORT is: -# $ENV{QEMUPORT} = ($options{instance}) * 10 + 20002; -# so for worker 1 it's 20012, for worker 2 it's 20022, etc etc -tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153', '20163', '20173', '20183', '20193', '20203', '20213', '20223', '20233', '20243', '20253', '20263', '20273', '20283', '20293', '20303'] diff --git a/inventory/host_vars/openqa-x86-worker05.iad2.fedoraproject.org b/inventory/host_vars/openqa-x86-worker05.iad2.fedoraproject.org deleted file mode 100644 index c5275759e4..0000000000 --- a/inventory/host_vars/openqa-x86-worker05.iad2.fedoraproject.org +++ /dev/null @@ -1,71 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eno1_ipv4: 10.3.174.25 -eno1_ipv4_gw: 10.3.174.254 -eno1_ipv4_nm: 24 -eno1_mac: "{{ mac1 }}" -eno2_mac: "{{ mac2 }}" -eno3_mac: "{{ mac3 }}" -eno4_mac: "{{ mac4 }}" -freezes: false -# eno1 is default network -# een2 is disabled/nothing -# eno3 is disabled/nothing -# eno4 is disabled/nothing - -has_ipv4: yes -mac1: 24:6e:96:b1:4c:70 -mac2: 24:6e:96:b1:4c:72 -mac3: 24:6e:96:b1:4c:74 -mac4: 24:6e:96:b1:4c:75 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eno1_ipv4 }}/{{ eno1_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eno1_ipv4_gw }}" - mac: "{{ eno1_mac }}" - name: eno1 - state: up - type: ethernet - - autoconnect: no - mac: "{{ eno2_mac }}" - name: eno2 - state: down - type: ethernet - - autoconnect: no - mac: "{{ eno3_mac }}" - name: eno3 - state: down - type: ethernet - - autoconnect: no - mac: "{{ eno4_mac }}" - name: eno4 - state: down - type: ethernet -nrpe_procs_crit: 1600 -nrpe_procs_warn: 1400 -# Has a hardware RNG -openqa_rngd: true -openqa_tap_iface: eno1 -# xeon e5-2683v4, 32 physical CPUs -openqa_workers: 30 -openqa_critical_threshold: 60 -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -# firewall ports for server->worker websockets connections -# this port is 'QEMUPORT plus 1' -# QEMUPORT is: -# $ENV{QEMUPORT} = ($options{instance}) * 10 + 20002; -# so for worker 1 it's 20012, for worker 2 it's 20022, etc etc -tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153', '20163', '20173', '20183', '20193', '20203', '20213', '20223', '20233', '20243', '20253', '20263', '20273', '20283', '20293', '20303'] diff --git a/inventory/host_vars/openqa-x86-worker06.iad2.fedoraproject.org b/inventory/host_vars/openqa-x86-worker06.iad2.fedoraproject.org deleted file mode 100644 index af3b7937c9..0000000000 --- a/inventory/host_vars/openqa-x86-worker06.iad2.fedoraproject.org +++ /dev/null @@ -1,71 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eno1_ipv4: 10.3.174.26 -eno1_ipv4_gw: 10.3.174.254 -eno1_ipv4_nm: 24 -eno1_mac: "{{ mac1 }}" -eno2_mac: "{{ mac2 }}" -eno3_mac: "{{ mac3 }}" -eno4_mac: "{{ mac4 }}" -freezes: false -# eno1 is default network -# eno2 is disabled/nothing -# eno3 is disabled/nothing -# eno4 is disabled/nothing - -has_ipv4: yes -mac1: 24:6e:96:b1:c8:00 -mac2: 24:6e:96:b1:c8:02 -mac3: 24:6e:96:b1:c8:04 -mac4: 24:6e:96:b1:c8:05 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eno1_ipv4 }}/{{ eno1_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eno1_ipv4_gw }}" - mac: "{{ eno1_mac }}" - name: eno1 - state: up - type: ethernet - - autoconnect: no - mac: "{{ eno2_mac }}" - name: eno2 - state: down - type: ethernet - - autoconnect: no - mac: "{{ eno3_mac }}" - name: eno3 - state: down - type: ethernet - - autoconnect: no - mac: "{{ eno4_mac }}" - name: eno4 - state: down - type: ethernet -nrpe_procs_crit: 1600 -nrpe_procs_warn: 1400 -# Has a hardware RNG -openqa_rngd: true -# this is a powerful machine, can handle more openQA workers -openqa_workers: 30 -# also means we need to bump the load average threshold -openqa_critical_threshold: 60 -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -# firewall ports for server->worker websockets connections -# this port is 'QEMUPORT plus 1' -# QEMUPORT is: -# $ENV{QEMUPORT} = ($options{instance}) * 10 + 20002; -# so for worker 1 it's 20012, for worker 2 it's 20022, etc etc -tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153', '20163', '20173', '20183', '20193', '20203', '20213', '20223', '20233', '20243', '20253', '20263', '20273', '20283', '20293', '20303'] diff --git a/inventory/host_vars/openqa01.iad2.fedoraproject.org b/inventory/host_vars/openqa01.iad2.fedoraproject.org deleted file mode 100644 index f78cca432e..0000000000 --- a/inventory/host_vars/openqa01.iad2.fedoraproject.org +++ /dev/null @@ -1,22 +0,0 @@ ---- -############################################################ -# networking -############################################################ -datacenter: iad2 -eth0_ipv4_gw: 10.3.174.254 -eth0_ipv4_ip: 10.3.174.52 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/32/Server/x86_64/os/ -############################################################ -# install -############################################################ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora-32-iad2 -############################################################ -# virtual machine -############################################################ -lvm_size: 800000 -mem_size: 16384 -nrpe_procs_crit: 300 -nrpe_procs_warn: 250 -num_cpus: 8 -vmhost: qvmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/openqa01.qa.fedoraproject.org b/inventory/host_vars/openqa01.qa.fedoraproject.org new file mode 100644 index 0000000000..0bafc445ed --- /dev/null +++ b/inventory/host_vars/openqa01.qa.fedoraproject.org @@ -0,0 +1,32 @@ +--- +############################################################ +# networking +############################################################ + +nm: 255.255.255.0 +gw: 10.5.131.254 +dns: 10.5.126.21 +eth0_ip: 10.5.131.71 + +############################################################ +# install +############################################################ + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-24-openqa +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/24/Server/x86_64/os/ +volgroup: /dev/VirtGuests +vmhost: virthost-comm03.qa.fedoraproject.org +datacenter: phx2 + +############################################################ +# virtual machine +############################################################ + +fas_client_groups: sysadmin-qa,sysadmin-main,sysadmin-noc,fi-apprentice,sysadmin-veteran + +lvm_size: 768000 +mem_size: 4096 +num_cpus: 4 + +nrpe_procs_warn: 250 +nrpe_procs_crit: 300 diff --git a/inventory/host_vars/os-control01.iad2.fedoraproject.org b/inventory/host_vars/os-control01.iad2.fedoraproject.org deleted file mode 100644 index f8ef0617dc..0000000000 --- a/inventory/host_vars/os-control01.iad2.fedoraproject.org +++ /dev/null @@ -1,18 +0,0 @@ ---- -baseiptables: true -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.65 -external: false -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -lvm_size: 120g -max_mem_size: 16384 -mem_size: 16384 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 4 -resolvconf: "resolv.conf/iad2" -vmhost: vmhost-x86-01.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/os-control01.phx2.fedoraproject.org b/inventory/host_vars/os-control01.phx2.fedoraproject.org new file mode 100644 index 0000000000..33a636d004 --- /dev/null +++ b/inventory/host_vars/os-control01.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.244 +vmhost: virthost06.phx2.fedoraproject.org +datacenter: phx2 + +baseiptables: true diff --git a/inventory/host_vars/os-control01.rdu3.fedoraproject.org b/inventory/host_vars/os-control01.rdu3.fedoraproject.org deleted file mode 100644 index 1143cb3c39..0000000000 --- a/inventory/host_vars/os-control01.rdu3.fedoraproject.org +++ /dev/null @@ -1,19 +0,0 @@ ---- -datacenter: rdu3 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "vpn.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ipv4_gw: 10.16.163.254 -eth0_ipv4_ip: 10.16.163.65 -external: false -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -lvm_size: 120g -max_mem_size: 16384 -mem_size: 16384 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 4 -vmhost: vmhost-x86-01.rdu3.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/os-control01.stg.iad2.fedoraproject.org b/inventory/host_vars/os-control01.stg.iad2.fedoraproject.org deleted file mode 100644 index ecde750846..0000000000 --- a/inventory/host_vars/os-control01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,11 +0,0 @@ ---- -baseiptables: true -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.50 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -lvm_size: 100g -mem_size: 4096 -vmhost: vmhost-x86-11.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/os-control01.stg.phx2.fedoraproject.org b/inventory/host_vars/os-control01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..89859187fb --- /dev/null +++ b/inventory/host_vars/os-control01.stg.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.100 +vmhost: virthost05.phx2.fedoraproject.org +datacenter: phx2 + +baseiptables: true diff --git a/inventory/host_vars/os-control01.stg.rdu3.fedoraproject.org b/inventory/host_vars/os-control01.stg.rdu3.fedoraproject.org deleted file mode 100644 index d5e7c020d2..0000000000 --- a/inventory/host_vars/os-control01.stg.rdu3.fedoraproject.org +++ /dev/null @@ -1,16 +0,0 @@ ---- -datacenter: rdu3 -dns: 10.16.163.33 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "vpn.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ipv4_gw: 10.16.166.254 -eth0_ipv4_ip: 10.16.166.50 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -lvm_size: 100g -mem_size: 4096 -vmhost: vmhost-x86-01.stg.rdu3.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/os-master01.phx2.fedoraproject.org b/inventory/host_vars/os-master01.phx2.fedoraproject.org new file mode 100644 index 0000000000..1f422df527 --- /dev/null +++ b/inventory/host_vars/os-master01.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-osbs +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.245 +vmhost: virthost06.phx2.fedoraproject.org +datacenter: phx2 +host_group: os + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 16384 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/os-master01.stg.phx2.fedoraproject.org b/inventory/host_vars/os-master01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..d250844074 --- /dev/null +++ b/inventory/host_vars/os-master01.stg.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-osbs +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.101 +vmhost: virthost05.phx2.fedoraproject.org +datacenter: phx2 +host_group: os-stg + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 8192 +max_mem_size: 8192 +num_cpus: 4 diff --git a/inventory/host_vars/os-master02.phx2.fedoraproject.org b/inventory/host_vars/os-master02.phx2.fedoraproject.org new file mode 100644 index 0000000000..ab1a1b0746 --- /dev/null +++ b/inventory/host_vars/os-master02.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-osbs +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.247 +vmhost: virthost19.phx2.fedoraproject.org +datacenter: phx2 +host_group: os + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 16384 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/os-master02.stg.phx2.fedoraproject.org b/inventory/host_vars/os-master02.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..9e2953a79f --- /dev/null +++ b/inventory/host_vars/os-master02.stg.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-osbs +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.102 +vmhost: virthost05.phx2.fedoraproject.org +datacenter: phx2 +host_group: os-stg + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 8192 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/os-master03.phx2.fedoraproject.org b/inventory/host_vars/os-master03.phx2.fedoraproject.org new file mode 100644 index 0000000000..d7670e2917 --- /dev/null +++ b/inventory/host_vars/os-master03.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-osbs +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost15 +eth0_ip: 10.5.126.164 +vmhost: virthost15.phx2.fedoraproject.org +datacenter: phx2 +host_group: os + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 16384 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/os-master03.stg.phx2.fedoraproject.org b/inventory/host_vars/os-master03.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..8012c49047 --- /dev/null +++ b/inventory/host_vars/os-master03.stg.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-osbs +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.103 +vmhost: virthost05.phx2.fedoraproject.org +datacenter: phx2 +host_group: os-stg + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 8192 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/os-node01.phx2.fedoraproject.org b/inventory/host_vars/os-node01.phx2.fedoraproject.org new file mode 100644 index 0000000000..77b7a58e25 --- /dev/null +++ b/inventory/host_vars/os-node01.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-osbs +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.246 +vmhost: virthost06.phx2.fedoraproject.org +datacenter: phx2 +host_group: os-nodes + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 16384 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/os-node01.stg.phx2.fedoraproject.org b/inventory/host_vars/os-node01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..4e1ab1b9be --- /dev/null +++ b/inventory/host_vars/os-node01.stg.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-osbs +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.104 +vmhost: virthost05.phx2.fedoraproject.org +datacenter: phx2 +host_group: os-nodes-stg + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 8192 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/os-node02.phx2.fedoraproject.org b/inventory/host_vars/os-node02.phx2.fedoraproject.org new file mode 100644 index 0000000000..bcce8e0343 --- /dev/null +++ b/inventory/host_vars/os-node02.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-osbs +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.248 +vmhost: virthost19.phx2.fedoraproject.org +datacenter: phx2 +host_group: os-nodes + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 16384 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/os-node02.stg.phx2.fedoraproject.org b/inventory/host_vars/os-node02.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..4d114ce2e0 --- /dev/null +++ b/inventory/host_vars/os-node02.stg.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-osbs +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.105 +vmhost: virthost05.phx2.fedoraproject.org +datacenter: phx2 +host_group: os-nodes-stg + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 8192 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/os-proxy01.fedorainfracloud.org b/inventory/host_vars/os-proxy01.fedorainfracloud.org deleted file mode 100644 index 61a5f41d3c..0000000000 --- a/inventory/host_vars/os-proxy01.fedorainfracloud.org +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Keepalived variables for app.os -dns1: 8.8.8.8 -eth0_ipv4_gw: 38.145.49.254 -eth0_ipv4_ip: 38.145.48.42 -eth0_ipv4_nm: 23 -keepalived2_interface: eth0 -keepalived2_ipaddress: 38.145.48.41 -keepalived2_priority: 50 -keepalived2_routerid: 25 -# Keepalived variables for os -keepalived_interface: eth0 -keepalived_ipaddress: 38.145.48.40 -keepalived_priority: 100 -keepalived_routerid: 20 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/29/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora-29-ext -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 4 -vmhost: virthost-os01.fedorainfracloud.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/os-proxy02.fedorainfracloud.org b/inventory/host_vars/os-proxy02.fedorainfracloud.org deleted file mode 100644 index f6c5f425ad..0000000000 --- a/inventory/host_vars/os-proxy02.fedorainfracloud.org +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Keepalived variables for app.os -dns1: 8.8.8.8 -eth0_ipv4_gw: 38.145.49.254 -eth0_ipv4_ip: 38.145.48.43 -eth0_ipv4_nm: 23 -keepalived2_interface: eth0 -keepalived2_ipaddress: 38.145.48.41 -keepalived2_priority: 100 -keepalived2_routerid: 25 -# Keepalived variables for os -keepalived_interface: eth0 -keepalived_ipaddress: 38.145.48.40 -keepalived_priority: 50 -keepalived_routerid: 20 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/31/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora-31-ext -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 4 -vmhost: virthost-os03.fedorainfracloud.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/osbs-control01.phx2.fedoraproject.org b/inventory/host_vars/osbs-control01.phx2.fedoraproject.org new file mode 100644 index 0000000000..fc6bf0d99c --- /dev/null +++ b/inventory/host_vars/osbs-control01.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.125.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests +eth0_ip: 10.5.125.58 +vmhost: bvirthost01.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/osbs-control01.stg.phx2.fedoraproject.org b/inventory/host_vars/osbs-control01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..57092d8298 --- /dev/null +++ b/inventory/host_vars/osbs-control01.stg.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +eth0_ip: 10.5.128.160 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests +vmhost: virthost04.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/osbs-master01.phx2.fedoraproject.org b/inventory/host_vars/osbs-master01.phx2.fedoraproject.org new file mode 100644 index 0000000000..47d90cae97 --- /dev/null +++ b/inventory/host_vars/osbs-master01.phx2.fedoraproject.org @@ -0,0 +1,18 @@ +--- +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-26-osbs +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/26/Server/x86_64/os/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.125.55 +vmhost: bvirthost01.phx2.fedoraproject.org +datacenter: phx2 + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 16384 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/osbs-master01.stg.phx2.fedoraproject.org b/inventory/host_vars/osbs-master01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..61a1be5850 --- /dev/null +++ b/inventory/host_vars/osbs-master01.stg.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-26 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/26/Server/x86_64/os/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.161 +vmhost: virthost20.phx2.fedoraproject.org +datacenter: phx2 +host_group: osbs-stg + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 16384 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/osbs-node01.phx2.fedoraproject.org b/inventory/host_vars/osbs-node01.phx2.fedoraproject.org new file mode 100644 index 0000000000..894d2e90a0 --- /dev/null +++ b/inventory/host_vars/osbs-node01.phx2.fedoraproject.org @@ -0,0 +1,18 @@ +--- +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-26-osbs +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/26/Server/x86_64/os/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.125.53 +vmhost: bvirthost01.phx2.fedoraproject.org +datacenter: phx2 + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 16384 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/osbs-node01.stg.phx2.fedoraproject.org b/inventory/host_vars/osbs-node01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..3d3e6d1ea7 --- /dev/null +++ b/inventory/host_vars/osbs-node01.stg.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-26 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/26/Server/x86_64/os/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.162 +vmhost: virthost20.phx2.fedoraproject.org +datacenter: phx2 +host_group: osbs-nodes-stg + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 16384 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/osbs-node02.phx2.fedoraproject.org b/inventory/host_vars/osbs-node02.phx2.fedoraproject.org new file mode 100644 index 0000000000..88c8936c5f --- /dev/null +++ b/inventory/host_vars/osbs-node02.phx2.fedoraproject.org @@ -0,0 +1,18 @@ +--- +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-26-osbs +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/26/Server/x86_64/os/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.125.54 +vmhost: bvirthost01.phx2.fedoraproject.org +datacenter: phx2 + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 16384 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/osbs-node02.stg.phx2.fedoraproject.org b/inventory/host_vars/osbs-node02.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..9c4c9f8a2b --- /dev/null +++ b/inventory/host_vars/osbs-node02.stg.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-26 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/26/Server/x86_64/os/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.163 +vmhost: virthost20.phx2.fedoraproject.org +datacenter: phx2 +host_group: osbs-nodes-stg + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 16384 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/osbsworker-x86-64-master01.stg.phx2.fedoraproject.org b/inventory/host_vars/osbsworker-x86-64-master01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..ddfbba4a22 --- /dev/null +++ b/inventory/host_vars/osbsworker-x86-64-master01.stg.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-26 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/26/Server/x86_64/os/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.110 +vmhost: virthost05.phx2.fedoraproject.org +datacenter: phx2 +host_group: osbs-stg + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 16384 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/osbsworker-x86-64-node01.stg.phx2.fedoraproject.org b/inventory/host_vars/osbsworker-x86-64-node01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..56de138bae --- /dev/null +++ b/inventory/host_vars/osbsworker-x86-64-node01.stg.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-26 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/26/Server/x86_64/os/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.111 +vmhost: virthost05.phx2.fedoraproject.org +datacenter: phx2 +host_group: osbs-nodes-stg + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 16384 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/osbsworker-x86-64-node02.stg.phx2.fedoraproject.org b/inventory/host_vars/osbsworker-x86-64-node02.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..b6f3831bbc --- /dev/null +++ b/inventory/host_vars/osbsworker-x86-64-node02.stg.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-26 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/26/Server/x86_64/os/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.112 +vmhost: virthost05.phx2.fedoraproject.org +datacenter: phx2 +host_group: osbs-nodes-stg + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 16384 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/osuosl01.fedoraproject.org b/inventory/host_vars/osuosl01.fedoraproject.org new file mode 100644 index 0000000000..28a2944986 --- /dev/null +++ b/inventory/host_vars/osuosl01.fedoraproject.org @@ -0,0 +1,7 @@ +--- +datacenter: osuosl +virthost: true +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 +br0_ip: 140.211.169.194 +br0_nm: 255.255.255.128 diff --git a/inventory/host_vars/osuosl02.fedoraproject.org b/inventory/host_vars/osuosl02.fedoraproject.org index f6b26e058c..00b2185a42 100644 --- a/inventory/host_vars/osuosl02.fedoraproject.org +++ b/inventory/host_vars/osuosl02.fedoraproject.org @@ -1,33 +1,7 @@ --- -br0_ipv4_ip: 140.211.169.195 -br0_ipv4_gw: 140.211.169.193 -br0_ipv4_nm: 26 -br0_port0_mac: '{{ mac0 }}' datacenter: osuosl -dns1: 8.8.8.8 -dns_search1: vpn.fedoraproject.org -dns_search2: vpn.fedoraproject.org -has_ipv4: true -mac0: "C8:4B:D6:AF:2A:3B" -network_connections: - - autoconnect: true - ip: - address: - - '{{ br0_ipv4_ip }}/{{ br0_ipv4_nm }}' - dhcp4: false - dns: - - '{{ dns1 }}' - dns_search: - - '{{ dns_search1 }}' - gateway4: '{{ br0_ipv4_gw }}' - name: br0 - state: up - type: bridge - - mac: '{{ br0_port0_mac }}' - master: br0 - name: br0-port0 - state: up - type: ethernet -nrpe_procs_crit: 2500 -nrpe_procs_warn: 2000 virthost: true +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 +br0_ip: 140.211.169.195 +br0_nm: 140.211.169.194 diff --git a/inventory/host_vars/osuosl03.fedoraproject.org b/inventory/host_vars/osuosl03.fedoraproject.org new file mode 100644 index 0000000000..bd2106abc3 --- /dev/null +++ b/inventory/host_vars/osuosl03.fedoraproject.org @@ -0,0 +1,7 @@ +--- +datacenter: osuosl +virthost: true +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 +br0_ip: 140.211.169.200 +br0_nm: 140.211.169.195 diff --git a/inventory/host_vars/packages03.phx2.fedoraproject.org b/inventory/host_vars/packages03.phx2.fedoraproject.org new file mode 100644 index 0000000000..fb8b137ca2 --- /dev/null +++ b/inventory/host_vars/packages03.phx2.fedoraproject.org @@ -0,0 +1,15 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +eth0_ip: 10.5.126.43 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ + +volgroup: /dev/vg_virthost01 +vmhost: virthost01.phx2.fedoraproject.org +datacenter: phx2 + +install_packages_indexer: True diff --git a/inventory/host_vars/packages03.stg.phx2.fedoraproject.org b/inventory/host_vars/packages03.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..45c89c658f --- /dev/null +++ b/inventory/host_vars/packages03.stg.phx2.fedoraproject.org @@ -0,0 +1,15 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +eth0_ip: 10.5.128.165 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 + +install_packages_indexer: True diff --git a/inventory/host_vars/packages04.phx2.fedoraproject.org b/inventory/host_vars/packages04.phx2.fedoraproject.org new file mode 100644 index 0000000000..5c95597859 --- /dev/null +++ b/inventory/host_vars/packages04.phx2.fedoraproject.org @@ -0,0 +1,15 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +eth0_ip: 10.5.126.44 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ + +volgroup: /dev/vg_virthost03 +vmhost: virthost03.phx2.fedoraproject.org +datacenter: phx2 + +install_packages_indexer: False diff --git a/inventory/host_vars/pagure-stg01.fedoraproject.org b/inventory/host_vars/pagure-stg01.fedoraproject.org index c7711b9e01..946a492c9b 100644 --- a/inventory/host_vars/pagure-stg01.fedoraproject.org +++ b/inventory/host_vars/pagure-stg01.fedoraproject.org @@ -1,46 +1,28 @@ --- -datacenter: rdu-cc -dns1: 8.8.8.8 -dns2: 8.8.4.4 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -effective_cache_size: "6GB" -eth0_ipv4_gw: 8.43.85.254 -eth0_ipv4_ip: 8.43.85.77 -eth0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -eth0_ipv6_ip: "2620:52:3:1:dead:beef:cafe:fed3" -eth0_ipv6_nm: 64 -eth0_nm: 255.255.255.0 +nm: 255.255.255.128 +gw: 140.211.169.193 +dns: 8.8.8.8 + +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_server + +eth0_ip: 140.211.169.203 +eth0_nm: 255.255.255.128 has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL8-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-8-ext -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet -# DB host: -pagure_db_host: 127.0.0.1 +eth0_ipv6: "2605:bc80:3010:600:dead:beef:cafe:fed7" +eth0_ipv6_gw: "2605:bc80:3010:600::1" + +vmhost: osuosl02.fedoraproject.org +datacenter: osuosl + # # PostgreSQL configuration # + shared_buffers: "2GB" +effective_cache_size: "6GB" + ssh_hostnames: - - stg.pagure.io -vmhost: vmhost-x86-cc01.rdu-cc.fedoraproject.org -volgroup: /dev/vg_guests +- stg.pagure.io diff --git a/inventory/host_vars/pagure01.fedoraproject.org b/inventory/host_vars/pagure01.fedoraproject.org new file mode 100644 index 0000000000..fb350db512 --- /dev/null +++ b/inventory/host_vars/pagure01.fedoraproject.org @@ -0,0 +1,28 @@ +--- +nm: 255.255.255.128 +gw: 140.211.169.193 +dns: 8.8.8.8 + +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests + +eth0_ip: 140.211.169.204 +eth0_nm: 255.255.255.128 +has_ipv6: yes +eth0_ipv6: "2605:bc80:3010:600:dead:beef:cafe:fed8" +eth0_ipv6_gw: "2605:bc80:3010:600::1" + +vmhost: osuosl02.fedoraproject.org +datacenter: osuosl + +# +# PostgreSQL configuration +# + +shared_buffers: "32MB" +effective_cache_size: "512MB" + +ssh_hostnames: +- pagure.io diff --git a/inventory/host_vars/pagure02.fedoraproject.org b/inventory/host_vars/pagure02.fedoraproject.org deleted file mode 100644 index 99288bb0cd..0000000000 --- a/inventory/host_vars/pagure02.fedoraproject.org +++ /dev/null @@ -1,52 +0,0 @@ ---- -datacenter: rdu-cc -dns1: 8.8.8.8 -dns2: 1.0.0.1 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -effective_cache_size: 1 -eth0_ipv4_gw: 8.43.85.254 -eth0_ipv4_ip: 8.43.85.76 -eth0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -eth0_ipv6_ip: "2620:52:3:1:dead:beef:cafe:fed8" -eth0_ipv6_nm: 64 -eth0_nm: 255.255.255.0 -has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL8-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-8-ext -max_stack_depth: "4MB" -nagios_Check_Services: - swap: false -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet -# DB used: -pagure_db_host: 127.0.0.1 -sar_output_file: pagure.json -# GDPR SAR variables - datanommer/datagrepper -sar_script: /usr/local/bin/pagure_sar.py -sar_script_user: git -# -# PostgreSQL configuration -# -shared_buffers: "512MB" -ssh_hostnames: - - pagure.io -temp_buffers: "8MB" -vmhost: vmhost-x86-cc01.rdu-cc.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/pdc-backend01.phx2.fedoraproject.org b/inventory/host_vars/pdc-backend01.phx2.fedoraproject.org new file mode 100644 index 0000000000..ac25ab577e --- /dev/null +++ b/inventory/host_vars/pdc-backend01.phx2.fedoraproject.org @@ -0,0 +1,18 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.126.134 + +volgroup: /dev/vg_virthost03 +vmhost: virthost03.phx2.fedoraproject.org +datacenter: phx2 + +# These people get told when something goes wrong. +fedmsg_error_recipients: +- ralph@fedoraproject.org +- ausil@fedoraproject.org diff --git a/inventory/host_vars/pdc-backend01.stg.phx2.fedoraproject.org b/inventory/host_vars/pdc-backend01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..1d3ea5c55f --- /dev/null +++ b/inventory/host_vars/pdc-backend01.stg.phx2.fedoraproject.org @@ -0,0 +1,18 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.128.167 + +volgroup: /dev/vg_guests +vmhost: virthost20.phx2.fedoraproject.org +datacenter: phx2 + +# These people get told when something goes wrong. +fedmsg_error_recipients: +- ralph@fedoraproject.org +- ausil@fedoraproject.org diff --git a/inventory/host_vars/pdc-backend02.phx2.fedoraproject.org b/inventory/host_vars/pdc-backend02.phx2.fedoraproject.org new file mode 100644 index 0000000000..3adbb0cd9c --- /dev/null +++ b/inventory/host_vars/pdc-backend02.phx2.fedoraproject.org @@ -0,0 +1,20 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.126.239 + +volgroup: /dev/vg_guests +vmhost: virthost22.phx2.fedoraproject.org +datacenter: phx2 + +# These people get told when something goes wrong. +fedmsg_error_recipients: +- ralph@fedoraproject.org +- mprahl@redhat.com +- jkaluza@redhat.com +- fvalder@redhat.com diff --git a/inventory/host_vars/pdc-backend02.stg.phx2.fedoraproject.org b/inventory/host_vars/pdc-backend02.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..fb8154bb67 --- /dev/null +++ b/inventory/host_vars/pdc-backend02.stg.phx2.fedoraproject.org @@ -0,0 +1,20 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.128.168 + +volgroup: /dev/vg_guests +vmhost: virthost20.phx2.fedoraproject.org +datacenter: phx2 + +# These people get told when something goes wrong. +fedmsg_error_recipients: +- ralph@fedoraproject.org +- mprahl@redhat.com +- jkaluza@redhat.com +- fvalder@redhat.com diff --git a/inventory/host_vars/pdc-backend03.phx2.fedoraproject.org b/inventory/host_vars/pdc-backend03.phx2.fedoraproject.org new file mode 100644 index 0000000000..5f69d64486 --- /dev/null +++ b/inventory/host_vars/pdc-backend03.phx2.fedoraproject.org @@ -0,0 +1,20 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.126.242 + +volgroup: /dev/vg_guests +vmhost: virthost22.phx2.fedoraproject.org +datacenter: phx2 + +# These people get told when something goes wrong. +fedmsg_error_recipients: +- ralph@fedoraproject.org +- mprahl@redhat.com +- jkaluza@redhat.com +- fvalder@redhat.com diff --git a/inventory/host_vars/pdc-backend03.stg.phx2.fedoraproject.org b/inventory/host_vars/pdc-backend03.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..0c3a2d1b4a --- /dev/null +++ b/inventory/host_vars/pdc-backend03.stg.phx2.fedoraproject.org @@ -0,0 +1,20 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.128.169 + +volgroup: /dev/vg_guests +vmhost: virthost11.phx2.fedoraproject.org +datacenter: phx2 + +# These people get told when something goes wrong. +fedmsg_error_recipients: +- ralph@fedoraproject.org +- mprahl@redhat.com +- jkaluza@redhat.com +- fvalder@redhat.com diff --git a/inventory/host_vars/pdc-web01.phx2.fedoraproject.org b/inventory/host_vars/pdc-web01.phx2.fedoraproject.org new file mode 100644 index 0000000000..462a6d05aa --- /dev/null +++ b/inventory/host_vars/pdc-web01.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ + +eth0_ip: 10.5.126.131 + +volgroup: /dev/vg_guests +vmhost: virthost22.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/pdc-web01.stg.phx2.fedoraproject.org b/inventory/host_vars/pdc-web01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..f8467ae22b --- /dev/null +++ b/inventory/host_vars/pdc-web01.stg.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ + +eth0_ip: 10.5.128.170 + +volgroup: /dev/vg_guests +vmhost: virthost20.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/pdc-web02.phx2.fedoraproject.org b/inventory/host_vars/pdc-web02.phx2.fedoraproject.org new file mode 100644 index 0000000000..5e52830019 --- /dev/null +++ b/inventory/host_vars/pdc-web02.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ + +eth0_ip: 10.5.126.132 + +volgroup: /dev/vg_guests +vmhost: virthost21.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/people01.fedoraproject.org b/inventory/host_vars/people01.fedoraproject.org deleted file mode 100644 index d00f8b358c..0000000000 --- a/inventory/host_vars/people01.fedoraproject.org +++ /dev/null @@ -1,54 +0,0 @@ ---- -datacenter: ibiblio -dns1: 152.2.21.1 -dns2: 152.2.253.100 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -eth0_ipv4_ip: 152.19.134.196 -eth0_ipv4_gw: 152.19.134.129 -eth0_ipv4_nm: 25 -eth0_ipv6_ip: "2600:2701:4000:5211:dead:beef:00a7:9475" -eth0_ipv6_gw: "2600:2701:4000:5211::1" -eth0_ipv6_nm: 104 -freezes: false -#host_backup_targets: ['/srv/web'] - -has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-people -lvm_size: 2t -mem_size: 8192 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - - 2001:4860:4860::8888 - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 4 -postfix_group: vpn -rsyncd_conf: "rsyncd.conf.people01.fedoraproject.org" -sar_output_file: "fedora_people.xml" -# GDPR SAR vars -sar_script: "/usr/bin/tree /home/fedora/$SAR_USERNAME -DFgXfpsu --timefmt %Y-%m-%dT%H:%M:%SZ" -sar_script_user: "root" -ssh_hostnames: - - fedorapeople.org -tcp_ports: [80, 443, 9418, 873] -vmhost: ibiblio02.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/people02.fedoraproject.org b/inventory/host_vars/people02.fedoraproject.org new file mode 100644 index 0000000000..184335f05d --- /dev/null +++ b/inventory/host_vars/people02.fedoraproject.org @@ -0,0 +1,36 @@ +--- +freezes: false +#host_backup_targets: ['/srv/web'] + +nm: 255.255.255.128 +gw: 152.19.134.129 +dns: 8.8.8.8 +volgroup: /dev/vg_guests +eth0_ip: 152.19.134.199 +eth0_nm: 255.255.255.128 +#has_ipv6: yes +#eth0_ipv6: "2610:28:3090:3001:5054:ff:feff:683f" +#eth0_ipv6_gw: "2610:28:3090:3001::1" + +ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-people +ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/ +postfix_group: vpn +vpn: true +vmhost: ibiblio05.fedoraproject.org +datacenter: ibiblio + +fedmsg_fqdn: people01.vpn.fedoraproject.org + +tcp_ports: [80, 443, 9418, 873] + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 1t +mem_size: 8192 +num_cpus: 4 + +rsyncd_conf: "rsyncd.conf.people01.fedoraproject.org" + +ssh_hostnames: +- fedorapeople.org diff --git a/inventory/host_vars/pgbdr01.stg.phx2.fedoraproject.org b/inventory/host_vars/pgbdr01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..1a25996d9e --- /dev/null +++ b/inventory/host_vars/pgbdr01.stg.phx2.fedoraproject.org @@ -0,0 +1,49 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +volgroup: /dev/vg_server +eth0_ip: 10.5.128.172 +vmhost: virthost04.phx2.fedoraproject.org + +ks_url: http://infrastructure.phx2.fedoraproject.org/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://infrastructure.phx2.fedoraproject.org/repo/rhel/RHEL7-x86_64/ + +# This is a generic list, monitored by collectd +databases: +- postgres + +# These are normally group variables, but in this case db servers are often different +lvm_size: 300000 +mem_size: 16384 +max_mem_size: "{{ mem_size }}" +num_cpus: 4 +fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-veteran + +# kernel SHMMAX value +kernel_shmmax: 68719476736 + +# +# Only allow postgresql access from the frontend node and other db nodes +# +custom_rules: [ + '-A INPUT -p tcp -m tcp -s 10.5.128.171 --dport 5432 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.128.172 --dport 5432 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.128.173 --dport 5432 -j ACCEPT', + '-A INPUT -d 224.0.0.0/8 -j ACCEPT', + '-A INPUT -p vrrp -j ACCEPT', +] + +# +# Large updates pushes cause lots of db threads doing the tag moves, so up this from default. +# +nrpe_procs_warn: 600 +nrpe_procs_crit: 700 +shared_buffers: "8GB" +effective_cache_size: "24GB" + +# Keepalived variables +keepalived_interface: eth0 +keepalived_priority: 100 +keepalived_ipaddress: 10.5.128.171/24 +keepalived_routerid: 19 diff --git a/inventory/host_vars/pgbdr02.stg.phx2.fedoraproject.org b/inventory/host_vars/pgbdr02.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..c1888e1028 --- /dev/null +++ b/inventory/host_vars/pgbdr02.stg.phx2.fedoraproject.org @@ -0,0 +1,50 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.173 +vmhost: virthost11.phx2.fedoraproject.org + +ks_url: http://infrastructure.phx2.fedoraproject.org/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://infrastructure.phx2.fedoraproject.org/repo/rhel/RHEL7-x86_64/ + +# This is a generic list, monitored by collectd +databases: +- postgres + +# These are normally group variables, but in this case db servers are often different +lvm_size: 300000 +mem_size: 16384 +max_mem_size: "{{ mem_size }}" +num_cpus: 4 +fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-veteran + +# kernel SHMMAX value +kernel_shmmax: 68719476736 + +# +# Only allow postgresql access from the frontend node and other db nodes +# +custom_rules: [ + '-A INPUT -p tcp -m tcp -s 10.5.128.171 --dport 5432 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.128.172 --dport 5432 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.128.173 --dport 5432 -j ACCEPT', + '-A INPUT -d 224.0.0.0/8 -j ACCEPT', + '-A INPUT -p vrrp -j ACCEPT', +] + +# +# Large updates pushes cause lots of db threads doing the tag moves, so up this from default. +# +nrpe_procs_warn: 600 +nrpe_procs_crit: 700 +shared_buffers: "8GB" +effective_cache_size: "24GB" + +# Keepalived variables +keepalived_interface: eth0 +keepalived_priority: 50 +keepalived_ipaddress: 10.5.128.171/24 +keepalived_routerid: 19 + diff --git a/inventory/host_vars/pkgdb01.phx2.fedoraproject.org b/inventory/host_vars/pkgdb01.phx2.fedoraproject.org new file mode 100644 index 0000000000..f563ccfb11 --- /dev/null +++ b/inventory/host_vars/pkgdb01.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_virthost01 +eth0_ip: 10.5.126.15 +vmhost: virthost01.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/pkgdb01.stg.phx2.fedoraproject.org b/inventory/host_vars/pkgdb01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..4e37d17c1d --- /dev/null +++ b/inventory/host_vars/pkgdb01.stg.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.174 +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/pkgdb02.phx2.fedoraproject.org b/inventory/host_vars/pkgdb02.phx2.fedoraproject.org new file mode 100644 index 0000000000..b244bfc948 --- /dev/null +++ b/inventory/host_vars/pkgdb02.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_virthost03 +eth0_ip: 10.5.126.16 +vmhost: virthost03.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/pkgs01.iad2.fedoraproject.org b/inventory/host_vars/pkgs01.iad2.fedoraproject.org deleted file mode 100644 index 60c67ccd7d..0000000000 --- a/inventory/host_vars/pkgs01.iad2.fedoraproject.org +++ /dev/null @@ -1,27 +0,0 @@ ---- -additional_host_keytabs: - - pkgs.fedoraproject.org -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.116 -host_backup_targets: ['/srv/cache/lookaside'] -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL8-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-8-iad2 -mem_size: 32768 -nagios_Check_Services: - swap: false -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" -nrpe_procs_crit: 600 -nrpe_procs_warn: 500 -num_cpus: 16 -# DB used by pagure -pagure_db_host: db01.iad2.fedoraproject.org -sar_output_file: dist_git.json -# GDPR SAR variables - dist_dit -sar_script: /usr/local/bin/pagure_sar.py -sar_script_user: root -ssh_hostnames: - - pkgs.fedoraproject.org -swap: false -vmhost: bvmhost-x86-05.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/pkgs01.stg.iad2.fedoraproject.org b/inventory/host_vars/pkgs01.stg.iad2.fedoraproject.org deleted file mode 100644 index 01532ce763..0000000000 --- a/inventory/host_vars/pkgs01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ ---- -# temp fix to get htis box working -baseiptables: False -datacenter: iad2 -eth0_ipv4_gw: 10.3.167.254 -eth0_ipv4_ip: 10.3.167.74 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL8-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-8-iad2 -# DB used by pagure -pagure_db_host: db01.stg.iad2.fedoraproject.org -ssh_hostnames: - - pkgs.stg.fedoraproject.org -vmhost: bvmhost-x86-03.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/pkgs01.stg.phx2.fedoraproject.org b/inventory/host_vars/pkgs01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..6eb683f6cf --- /dev/null +++ b/inventory/host_vars/pkgs01.stg.phx2.fedoraproject.org @@ -0,0 +1,17 @@ +--- +eth0_ip: 10.5.128.175 +eth1_ip: 10.5.127.124 +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost16 +vmhost: virthost16.phx2.fedoraproject.org +datacenter: phx2 + +ssh_hostnames: +- pkgs.stg.fedoraproject.org + +# Need a eth0/eth1 install here. +virt_install_command: "{{ virt_install_command_two_nic }}" diff --git a/inventory/host_vars/pkgs02.phx2.fedoraproject.org b/inventory/host_vars/pkgs02.phx2.fedoraproject.org new file mode 100644 index 0000000000..68f14ce85e --- /dev/null +++ b/inventory/host_vars/pkgs02.phx2.fedoraproject.org @@ -0,0 +1,29 @@ +--- +eth0_ip: 10.5.125.44 +eth1_ip: 10.5.127.69 +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/xenGuests +vmhost: bvirthost11.phx2.fedoraproject.org +datacenter: phx2 + +mem_size: 16384 +num_cpus: 8 + +# Need a eth0/eth1 install here. +virt_install_command: "{{ virt_install_command_two_nic }}" + +host_backup_targets: ['/srv/cache/lookaside'] +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" + +ssh_hostnames: +- pkgs.fedoraproject.org + +additional_host_keytabs: +- pkgs.fedoraproject.org + +nrpe_procs_warn: 500 +nrpe_procs_crit: 600 diff --git a/inventory/host_vars/ppc-koji01.ppc.fedoraproject.org b/inventory/host_vars/ppc-koji01.ppc.fedoraproject.org new file mode 100644 index 0000000000..5706236632 --- /dev/null +++ b/inventory/host_vars/ppc-koji01.ppc.fedoraproject.org @@ -0,0 +1,32 @@ +--- +nm: 255.255.255.0 +gw: 10.5.129.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-ppc64le +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-ppc64le/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.129.240 +main_bridge: br1 +vmhost: ppc8-01.ppc.fedoraproject.org +datacenter: phx2 +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +fas_client_groups: sysadmin-releng,sysadmin-secondary +sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers" + +fedmsg_fqdn: ppc-koji01.qa.fedoraproject.org + +# +# define this here because ppc koji only needs eth0, not eth1 also +# +virt_install_command: "{{ virt_install_command_one_nic }} --graphics none" + +koji_topurl: "https://ppc.fedoraproject.org/" +koji_server_url: "https://ppc.koji.fedoraproject.org/kojihub" +koji_weburl: "https://ppc.koji.fedoraproject.org/koji" + +fedmsg_koji_instance: ppc + +# Set this to use the qa domain resolv.conf to make sure it can talk to it's db +resolvconf: resolv.conf/ppc diff --git a/inventory/host_vars/ppc64-test.fedorainfracloud.org b/inventory/host_vars/ppc64-test.fedorainfracloud.org new file mode 100644 index 0000000000..3469ea5291 --- /dev/null +++ b/inventory/host_vars/ppc64-test.fedorainfracloud.org @@ -0,0 +1,17 @@ +--- +image: Fedora-Cloud-Base-25-1.2.ppc64.qcow2 +instance_type: ms1.medium +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-maintainertest,web-80-anywhere-maintainertest,default,web-443-anywhere-maintainertest,all-icmp-maintainertest +zone: nova +tcp_ports: [22] + +inventory_tenant: maintainertest +inventory_instance_name: ppc64-test +hostbase: ppc64-test +public_ip: 209.132.184.214 +description: ppc64-test instance + +cloud_networks: + # maintainertest-net + - net-id: "a512d096-3fa2-49cc-b989-d43ca687f91d" diff --git a/inventory/host_vars/ppc64le-test.fedorainfracloud.org b/inventory/host_vars/ppc64le-test.fedorainfracloud.org index 191cc20db8..9bb4be61b2 100644 --- a/inventory/host_vars/ppc64le-test.fedorainfracloud.org +++ b/inventory/host_vars/ppc64le-test.fedorainfracloud.org @@ -1,4 +1,17 @@ --- -nagios_Can_Connect: false -nagios_Check_Services: - nrpe: false +image: Fedora-Cloud-Base-25-1.2.ppc64le.qcow2 +instance_type: ms1.medium +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-maintainertest,web-80-anywhere-maintainertest,default,web-443-anywhere-maintainertest,all-icmp-maintainertest +zone: nova +tcp_ports: [22] + +inventory_tenant: maintainertest +inventory_instance_name: ppc64le-test +hostbase: ppc64le-test +public_ip: 209.132.184.213 +description: ppc64le-test instance + +cloud_networks: + # maintainertest-net + - net-id: "a512d096-3fa2-49cc-b989-d43ca687f91d" diff --git a/inventory/host_vars/ppc64le-test02.fedorainfracloud.org b/inventory/host_vars/ppc64le-test02.fedorainfracloud.org deleted file mode 100644 index 522544f4c6..0000000000 --- a/inventory/host_vars/ppc64le-test02.fedorainfracloud.org +++ /dev/null @@ -1,29 +0,0 @@ ---- -dns1: 140.211.166.130 -dns2: 140.211.166.131 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -eth0_ipv4_gw: 140.211.11.1 -eth0_ipv4_ip: 140.211.11.244 -eth0_ipv4_nm: 24 -mac0: fa:16:3e:3e:db:69 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - type: ethernet - state: up -nagios_Can_Connect: false -nagios_Check_Services: - nrpe: false diff --git a/inventory/host_vars/ppc8-04.ppc.fedoraproject.org b/inventory/host_vars/ppc8-04.ppc.fedoraproject.org new file mode 100644 index 0000000000..1e869a0297 --- /dev/null +++ b/inventory/host_vars/ppc8-04.ppc.fedoraproject.org @@ -0,0 +1,2 @@ +--- +eth7_ip: 10.5.129.23 diff --git a/inventory/host_vars/proxy01.iad2.fedoraproject.org b/inventory/host_vars/proxy01.iad2.fedoraproject.org deleted file mode 100644 index 281651d542..0000000000 --- a/inventory/host_vars/proxy01.iad2.fedoraproject.org +++ /dev/null @@ -1,47 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "vpn.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ipv4: 10.3.163.74 -eth0_ipv4_gw: 10.3.163.254 -# -# This host is externally reachable -# -external: true -freezes: true -has_ipv4: yes -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 100000 -mac0: 52:54:00:76:9f:85 -mem_size: 32768 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -# This is consumed by the roles/fedora-web/main role -sponsor: redhat -vmhost: vmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/proxy01.phx2.fedoraproject.org b/inventory/host_vars/proxy01.phx2.fedoraproject.org new file mode 100644 index 0000000000..2871bedb0c --- /dev/null +++ b/inventory/host_vars/proxy01.phx2.fedoraproject.org @@ -0,0 +1,21 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +vmhost: virthost21.phx2.fedoraproject.org +volgroup: /dev/vg_guests00 + +eth0_ip: 10.5.126.52 + +# This is consumed by the roles/fedora-web/main role +sponsor: redhat + +nrpe_procs_warn: 1200 +nrpe_procs_crit: 1400 + +collectd_graphite: True +vpn: true diff --git a/inventory/host_vars/proxy01.rdu3.fedoraproject.org b/inventory/host_vars/proxy01.rdu3.fedoraproject.org deleted file mode 100644 index 7d2d374872..0000000000 --- a/inventory/host_vars/proxy01.rdu3.fedoraproject.org +++ /dev/null @@ -1,46 +0,0 @@ ---- -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "vpn.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ipv4_ip: 10.16.163.74 -eth0_ipv4_gw: 10.16.163.254 -# -# This host is externally reachable -# -external: true -freezes: true -has_ipv4: yes -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 100000 -mem_size: 32768 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -# This is consumed by the roles/fedora-web/main role -sponsor: redhat -vmhost: vmhost-x86-01.rdu3.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/proxy01.stg.iad2.fedoraproject.org b/inventory/host_vars/proxy01.stg.iad2.fedoraproject.org deleted file mode 100644 index 0d6ed8a61c..0000000000 --- a/inventory/host_vars/proxy01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.74 -external: true -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -# This is consumed by the roles/fedora-web/main role -sponsor: redhat -vmhost: vmhost-x86-02.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/proxy01.stg.phx2.fedoraproject.org b/inventory/host_vars/proxy01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..5b8d3667ab --- /dev/null +++ b/inventory/host_vars/proxy01.stg.phx2.fedoraproject.org @@ -0,0 +1,18 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-26 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/26/Server/x86_64/os/ + +vmhost: virthost12.phx2.fedoraproject.org +volgroup: /dev/vg_guests + +eth0_ip: 10.5.128.177 + +# This is consumed by the roles/fedora-web/main role +sponsor: redhat + +nrpe_procs_warn: 1200 +nrpe_procs_crit: 1400 diff --git a/inventory/host_vars/proxy02.fedoraproject.org b/inventory/host_vars/proxy02.fedoraproject.org index e0dda7ec12..fc59dcb626 100644 --- a/inventory/host_vars/proxy02.fedoraproject.org +++ b/inventory/host_vars/proxy02.fedoraproject.org @@ -1,48 +1,28 @@ --- -datacenter: internetx -dns1: 8.8.8.8 -dns2: 8.8.4.4 -dns_search1: "vpn.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth0_ipv4_ip: 85.236.55.6 -eth0_ipv4_gw: 85.236.55.1 -eth0_ipv4_nm: 28 -eth0_ipv6_ip: "2001:4178:2:1269::fed2" -eth0_ipv6_gw: "2001:4178:2:1269::1" -eth0_ipv6_nm: 64 -freezes: true -has_ipv4: yes +nm: 255.255.255.240 +gw: 85.236.55.1 +dns: 62.116.130.3 +num_cpus: 6 + +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ + +vmhost: internetx01.fedoraproject.org +volgroup: /dev/vg_Server + +eth0_ip: 85.236.55.6 +eth0_nm: 255.255.255.240 has_ipv6: true -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -max_mem_size: 65536 -mem_size: 24576 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - - 2001:4860:4860::8888 - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 4 -postfix_group: vpn -public_hostname: proxy02.fedoraproject.org +eth0_ipv6: "2001:4178:2:1269::fed2" +eth0_ipv6_gw: "2001:4178:2:1269::1" + # This is consumed by the roles/fedora-web/main role sponsor: internetx -vmhost: internetx02.fedoraproject.org -volgroup: /dev/vg_guests +datacenter: internetx +postfix_group: vpn vpn: true + +nrpe_procs_warn: 1200 +nrpe_procs_crit: 1400 + +max_mem_size: 8192 diff --git a/inventory/host_vars/proxy02.stg.iad2.fedoraproject.org b/inventory/host_vars/proxy02.stg.iad2.fedoraproject.org deleted file mode 100644 index f5827aea4b..0000000000 --- a/inventory/host_vars/proxy02.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.75 -external: true -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -# This is consumed by the roles/fedora-web/main role -sponsor: redhat -vmhost: vmhost-x86-09.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/proxy02.stg.phx2.fedoraproject.org b/inventory/host_vars/proxy02.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..88aa2230a1 --- /dev/null +++ b/inventory/host_vars/proxy02.stg.phx2.fedoraproject.org @@ -0,0 +1,18 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +vmhost: virthost11.phx2.fedoraproject.org +volgroup: /dev/vg_guests + +eth0_ip: 10.5.128.154 + +# This is consumed by the roles/fedora-web/main role +sponsor: redhat + +nrpe_procs_warn: 1200 +nrpe_procs_crit: 1400 diff --git a/inventory/host_vars/proxy03.fedoraproject.org b/inventory/host_vars/proxy03.fedoraproject.org index f7922daa49..1e18354301 100644 --- a/inventory/host_vars/proxy03.fedoraproject.org +++ b/inventory/host_vars/proxy03.fedoraproject.org @@ -1,48 +1,27 @@ --- -datacenter: rdu-cc -dns1: 8.8.8.8 -dns2: 8.8.4.4 -dns_search1: "vpn.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth0_ipv4: 8.43.85.73 -eth0_ipv4_gw: 8.43.85.254 -eth0_ipv6: "2620:52:3:1:dead:beef:cafe:fed6" -eth0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -eth0_ipv6_nm: 64 -freezes: true -has_ipv4: yes -has_ipv6: true -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -mac0: "52:54:00:c1:18:c6" -max_mem_size: 32768 -mem_size: 16384 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6 }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - - 2001:4860:4860::8888 - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ mac0 }}" - name: eth0 - type: ethernet -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -postfix_group: vpn -public_hostname: proxy03.fedoraproject.org +nm: 255.255.255.240 +gw: 66.35.62.174 +dns: 198.49.126.1 + +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ + +vmhost: tummy01.fedoraproject.org +volgroup: /dev/vg_host + +eth0_ip: 66.35.62.162 +eth0_nm: 255.255.255.240 + # This is consumed by the roles/fedora-web/main role -sponsor: redhat -vmhost: vmhost-x86-cc01.rdu-cc.fedoraproject.org -volgroup: /dev/vg_guests +sponsor: tummy +datacenter: tummy +postfix_group: vpn vpn: true + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +# This is used in the httpd.conf to determine the value for serverlimit and +# maxrequestworkers. On 8gb proxies, 900 seems fine. But on 4gb proxies, this +# should be lowered in the host vars for that proxy. +maxrequestworkers: 400 diff --git a/inventory/host_vars/proxy04.fedoraproject.org b/inventory/host_vars/proxy04.fedoraproject.org index c104df18bb..7dea85d5d6 100644 --- a/inventory/host_vars/proxy04.fedoraproject.org +++ b/inventory/host_vars/proxy04.fedoraproject.org @@ -1,48 +1,29 @@ --- -datacenter: ibiblio -dns1: 152.2.21.1 -dns2: 152.2.153.100 -dns_search1: "vpn.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth0_ipv4_ip: 152.19.134.142 -eth0_ipv4_gw: 152.19.134.129 -eth0_ipv4_nm: 25 -eth0_ipv6_ip: "2600:2701:4000:5211:dead:beef:00fe:fed3" -eth0_ipv6_gw: "2600:2701:4000:5211::1" -eth0_ipv6_nm: 104 -freezes: true -has_ipv4: yes +nm: 255.255.255.128 +gw: 152.19.134.129 +dns: 8.8.8.8 + +ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext +ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/ + +vmhost: ibiblio01.fedoraproject.org +volgroup: /dev/vg_guests + +eth0_ip: 152.19.134.142 +eth0_nm: 255.255.255.128 has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -max_mem_size: 20000 -mem_size: 16384 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - - 2001:4860:4860::8888 - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - name: eth0 - mac: "{{ ansible_default_ipv4.macaddress }}" - type: ethernet -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -postfix_group: vpn -public_hostname: proxy04.fedoraproject.org +eth0_ipv6: "2610:28:3090:3001:dead:beef:cafe:fed3" +eth0_ipv6_gw: "2610:28:3090:3001::1" + # This is consumed by the roles/fedora-web/main role sponsor: ibiblio -vmhost: ibiblio02.fedoraproject.org -volgroup: /dev/vg_guests +datacenter: ibiblio +postfix_group: vpn + +nrpe_procs_warn: 1200 +nrpe_procs_crit: 1400 + +mem_size: 16384 +max_mem_size: 20000 +num_cpus: 8 vpn: true diff --git a/inventory/host_vars/proxy05.fedoraproject.org b/inventory/host_vars/proxy05.fedoraproject.org index 5466c48f99..fae19fd7a4 100644 --- a/inventory/host_vars/proxy05.fedoraproject.org +++ b/inventory/host_vars/proxy05.fedoraproject.org @@ -1,45 +1,26 @@ --- -datacenter: host1plus -dns1: 8.8.8.8 -dns2: 8.8.4.4 -dns_search1: "vpn.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth0_ipv4: 185.141.165.254 -eth0_ipv4_gw: 185.141.164.1 -eth0_ipv4_nm: 23 -freezes: true -has_ipv4: yes -mac0: "06:5b:86:00:06:60" -nagios_Check_Services: - dhcpd: false - httpd: true - named: false - nrpe: true - sshd: true - swap: false -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - type: ethernet -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -postfix_group: vpn -public_hostname: proxy05.fedoraproject.org # This is now a cloud instance provided by host1plus # vmhost: none # This is consumed by the roles/fedora-web/main role sponsor: host1plus +datacenter: host1plus +postfix_group: vpn + +nrpe_procs_warn: 1200 +nrpe_procs_crit: 1400 + +nm: 255.255.254.0 +gw: 185.141.164.1 +dns: 8.8.8.8 +eth0_ip: 185.141.165.254 +eth0_nm: 255.255.254.0 vpn: true + +nagios_Check_Services: + nrpe: true + sshd: true + named: false + dhcpd: false + httpd: true + swap: false diff --git a/inventory/host_vars/proxy06.fedoraproject.org b/inventory/host_vars/proxy06.fedoraproject.org index 1f6a3cfc3a..df22166536 100644 --- a/inventory/host_vars/proxy06.fedoraproject.org +++ b/inventory/host_vars/proxy06.fedoraproject.org @@ -1,48 +1,25 @@ --- -datacenter: osuosl -dns1: 8.8.8.8 -dns2: 8.8.4.4 -dns_search1: "vpn.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth0_ipv4_ip: 140.211.169.196 -eth0_ipv4_gw: 140.211.169.193 -eth0_ipv4_nm: 26 -eth0_ipv6_ip: "2605:bc80:3010:600:dead:beef:cafe:fed9" -eth0_ipv6_gw: "2605:bc80:3010:600::1" -eth0_ipv6_nm: 64 -freezes: true -has_ipv4: yes +nm: 255.255.255.192 +gw: 140.211.169.193 +dns: 8.8.8.8 + +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ + +vmhost: osuosl01.fedoraproject.org +volgroup: /dev/vg_Server + +eth0_ip: 140.211.169.196 +eth0_nm: 255.255.255.128 has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -max_mem_size: 40000 -mem_size: 32768 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - - 2001:4860:4860::8888 - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -postfix_group: vpn -public_hostname: proxy06.fedoraproject.org +eth0_ipv6: "2605:bc80:3010:600:dead:beef:cafe:fed9" +eth0_ipv6_gw: "2605:bc80:3010:600::1" + # This is consumed by the roles/fedora-web/main role sponsor: osuosl -vmhost: osuosl02.fedoraproject.org -volgroup: /dev/vg_guests +datacenter: osuosl +postfix_group: vpn + +nrpe_procs_warn: 1200 +nrpe_procs_crit: 1400 vpn: true diff --git a/inventory/host_vars/proxy07.fedoraproject.org b/inventory/host_vars/proxy07.fedoraproject.org index 854d879276..04db993832 100644 --- a/inventory/host_vars/proxy07.fedoraproject.org +++ b/inventory/host_vars/proxy07.fedoraproject.org @@ -1,15 +1,16 @@ --- -datacenter: bodhost +nm: 255.255.255.0 +gw: 174.141.234.1 dns: 8.8.8.8 -dns1: 8.8.8.8 -dns2: 8.8.4.4 + eth0_ip: 174.141.234.172 eth0_nm: 255.255.255.0 -gw: 174.141.234.1 -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -postfix_group: vpn + # This is consumed by the roles/fedora-web/main role sponsor: bodhost +datacenter: bodhost +postfix_group: vpn + +nrpe_procs_warn: 1200 +nrpe_procs_crit: 1400 vpn: true diff --git a/inventory/host_vars/proxy08.fedoraproject.org b/inventory/host_vars/proxy08.fedoraproject.org new file mode 100644 index 0000000000..f97df0ed29 --- /dev/null +++ b/inventory/host_vars/proxy08.fedoraproject.org @@ -0,0 +1,28 @@ +--- +nm: 255.255.255.248 +gw: 67.203.2.65 +dns: 66.152.162.14 +ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext +ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_Server +eth0_ip: 67.203.2.67 +eth0_nm: 255.255.255.248 +has_ipv6: yes +eth0_ipv6: "2607:f188::dead:beef:cafe:fed1" +eth0_ipv6_gw: "2607:f188::1" +vmhost: coloamer01.fedoraproject.org +datacenter: coloamer +vpn: true + +# This is consumed by the roles/fedora-web/main role +sponsor: colamer +postfix_group: vpn + +mem_size: 24576 +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +# This is used in the httpd.conf to determine the value for serverlimit and +# maxrequestworkers. On 8gb proxies, 900 seems fine. But on 4gb proxies, this +# should be lowered in the host vars for that proxy. +maxrequestworkers: 400 diff --git a/inventory/host_vars/proxy09.fedoraproject.org b/inventory/host_vars/proxy09.fedoraproject.org index ddd3fc56af..0612e3742e 100644 --- a/inventory/host_vars/proxy09.fedoraproject.org +++ b/inventory/host_vars/proxy09.fedoraproject.org @@ -1,13 +1,28 @@ --- -# Skipping all the network stuff. Amazon does that all via DHCP. +nm: 255.255.255.192 +gw: 140.211.169.193 +dns: 8.8.8.8 + +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ + +vmhost: osuosl02.fedoraproject.org +volgroup: /dev/vg_guests + +eth0_ip: 140.211.169.206 +eth0_nm: 255.255.255.128 +has_ipv6: yes +eth0_ipv6: "2605:bc80:3010:600:dead:beef:cafe:feda" +eth0_ipv6_gw: "2605:bc80:3010:600::1" # This is consumed by the roles/fedora-web/main role -datacenter: aws -nagios_Check_Services: - swap: false -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 +sponsor: osuosl +datacenter: osuosl postfix_group: vpn -public_ip: 35.81.0.97 -sponsor: amazon vpn: true + +nrpe_procs_warn: 1200 +nrpe_procs_crit: 1400 + +mem_size: 16384 +num_cpus: 8 diff --git a/inventory/host_vars/proxy10.iad2.fedoraproject.org b/inventory/host_vars/proxy10.iad2.fedoraproject.org deleted file mode 100644 index 3298242f7e..0000000000 --- a/inventory/host_vars/proxy10.iad2.fedoraproject.org +++ /dev/null @@ -1,47 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "vpn.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ipv4: 10.3.163.75 -eth0_ipv4_gw: 10.3.163.254 -# -# This host is externally reachable -# -external: true -freezes: true -has_ipv4: yes -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 100000 -mac0: 52:54:00:55:8d:ca -mem_size: 32768 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -# This is consumed by the roles/fedora-web/main role -sponsor: redhat -vmhost: vmhost-x86-05.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/proxy10.phx2.fedoraproject.org b/inventory/host_vars/proxy10.phx2.fedoraproject.org new file mode 100644 index 0000000000..90ae5d6f7a --- /dev/null +++ b/inventory/host_vars/proxy10.phx2.fedoraproject.org @@ -0,0 +1,21 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +vmhost: virthost17.phx2.fedoraproject.org +volgroup: /dev/vg_virthost + +eth0_ip: 10.5.126.51 + +# This is consumed by the roles/fedora-web/main role +sponsor: redhat + +nrpe_procs_warn: 1200 +nrpe_procs_crit: 1400 + +collectd_graphite: True +vpn: true diff --git a/inventory/host_vars/proxy101.iad2.fedoraproject.org b/inventory/host_vars/proxy101.iad2.fedoraproject.org deleted file mode 100644 index c5c28c169c..0000000000 --- a/inventory/host_vars/proxy101.iad2.fedoraproject.org +++ /dev/null @@ -1,41 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "vpn.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ipv4: 10.3.163.76 -eth0_ipv4_gw: 10.3.163.254 -freezes: true -has_ipv4: yes -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -mac0: 52:54:00:1F:48:0A -mem_size: 16384 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -# This is consumed by the roles/fedora-web/main role -sponsor: redhat -vmhost: vmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/proxy11.fedoraproject.org b/inventory/host_vars/proxy11.fedoraproject.org index 225c7a211b..4fafbed6d8 100644 --- a/inventory/host_vars/proxy11.fedoraproject.org +++ b/inventory/host_vars/proxy11.fedoraproject.org @@ -1,48 +1,26 @@ --- -datacenter: dedicatedsolutions -dns1: 8.8.8.8 -dns2: 8.8.4.4 -dns_search1: "vpn.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth0_ipv4_ip: 67.219.144.68 -eth0_ipv4_gw: 67.219.144.65 -eth0_ipv4_nm: 28 -eth0_ipv6_ip: "2604:1580:fe00:0:dead:beef:cafe:fed1" -eth0_ipv6_gw: "2604:1580:fe00::1" -eth0_ipv6_nm: 64 -freezes: true -has_ipv4: yes +nm: 255.255.255.248 +gw: 67.219.144.65 +dns: 8.8.8.8 +num_cpus: 10 + +ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext +ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/ + +vmhost: dedicatedsolutions01.fedoraproject.org +volgroup: /dev/vg_virthost + +eth0_ip: 67.219.144.68 +eth0_nm: 255.255.255.240 has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -max_mem_size: 32768 -mem_size: 32768 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - - 2001:4860:4860::8888 - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 16 -postfix_group: vpn -public_hostname: proxy11.fedoraproject.org +eth0_ipv6: "2604:1580:fe00:0:dead:beef:cafe:fed1" +eth0_ipv6_gw: "2604:1580:fe00::1" + # This is consumed by the roles/fedora-web/main role sponsor: dedicatedsolutions -vmhost: dedicatedsolutions01.fedoraproject.org -volgroup: /dev/vg_guests +datacenter: dedicatedsolutions +postfix_group: vpn vpn: true + +nrpe_procs_warn: 1200 +nrpe_procs_crit: 1400 diff --git a/inventory/host_vars/proxy110.iad2.fedoraproject.org b/inventory/host_vars/proxy110.iad2.fedoraproject.org deleted file mode 100644 index 5923b78435..0000000000 --- a/inventory/host_vars/proxy110.iad2.fedoraproject.org +++ /dev/null @@ -1,41 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "vpn.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ipv4: 10.3.163.77 -eth0_ipv4_gw: 10.3.163.254 -freezes: true -has_ipv4: yes -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -mac0: 52:54:00:04:49:7a -mem_size: 16384 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -# This is consumed by the roles/fedora-web/main role -sponsor: redhat -vmhost: vmhost-x86-06.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/proxy12.fedoraproject.org b/inventory/host_vars/proxy12.fedoraproject.org index 43eaab4a31..b6fcb608bb 100644 --- a/inventory/host_vars/proxy12.fedoraproject.org +++ b/inventory/host_vars/proxy12.fedoraproject.org @@ -1,49 +1,28 @@ --- -datacenter: ibiblio -dns1: 152.2.21.1 -dns2: 152.2.153.100 -dns_search1: "vpn.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth0_ipv4: 152.19.134.198 -eth0_ipv4_gw: 152.19.134.129 -eth0_ipv4_nm: 25 -eth0_ipv6: "2600:2701:4000:5211:dead:beef:00da:bbd8" -eth0_ipv6_gw: "2600:2701:4000:5211::1" -eth0_ipv6_nm: 104 -freezes: true -has_ipv4: yes -has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -mac0: "52:54:00:84:5d:9f" -max_mem_size: 20000 -mem_size: 16384 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6 }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - - 2001:4860:4860::8888 - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ mac0 }}" - name: eth0 - type: ethernet -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -postfix_group: vpn -public_hostname: proxy12.fedoraproject.org -# This is consumed by the roles/fedora-web/main role -sponsor: ibiblio +nm: 255.255.255.128 +gw: 152.19.134.129 +dns: 8.8.8.8 + +ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext +ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/ + vmhost: ibiblio05.fedoraproject.org volgroup: /dev/vg_guests + +eth0_ip: 152.19.134.198 +eth0_nm: 255.255.255.128 +has_ipv6: yes +eth0_ipv6: "2610:28:3090:3001:5054:ff:feda:bbd8" +eth0_ipv6_gw: "2610:28:3090:3001::1" + +# This is consumed by the roles/fedora-web/main role +sponsor: ibiblio +datacenter: ibiblio +postfix_group: vpn vpn: true + +nrpe_procs_warn: 1200 +nrpe_procs_crit: 1400 + +mem_size: 16384 +num_cpus: 8 diff --git a/inventory/host_vars/proxy13.fedoraproject.org b/inventory/host_vars/proxy13.fedoraproject.org new file mode 100644 index 0000000000..56c266c0b6 --- /dev/null +++ b/inventory/host_vars/proxy13.fedoraproject.org @@ -0,0 +1,32 @@ +--- +nm: 255.255.255.0 +gw: 172.31.2.254 +dns: 8.8.8.8 +dns1: 8.8.8.8 +dns2: 8.8.4.4 + +ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext +ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/ + +vmhost: virthost-rdu01.fedoraproject.org +volgroup: /dev/vg_guests + +eth0_ip: 172.31.2.22 +eth0_nm: 255.255.255.0 + +public_ip: 209.132.190.2 + +# This is consumed by the roles/fedora-web/main role +sponsor: redhat +datacenter: rdu +postfix_group: vpn +vpn: true + +nrpe_procs_warn: 1200 +nrpe_procs_crit: 1400 + +mem_size: 16384 +max_mem_size: 32768 +num_cpus: 8 + +collectd_graphite: True diff --git a/inventory/host_vars/proxy14.fedoraproject.org b/inventory/host_vars/proxy14.fedoraproject.org index 2316da9c9e..35aa2bdd89 100644 --- a/inventory/host_vars/proxy14.fedoraproject.org +++ b/inventory/host_vars/proxy14.fedoraproject.org @@ -1,48 +1,28 @@ --- -datacenter: rdu-cc +nm: 255.255.255.0 +gw: 8.43.85.254 dns: 8.8.8.8 -dns1: 8.8.8.8 -dns2: 8.8.4.4 -dns_search1: "vpn.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth0_ipv4_ip: 8.43.85.67 -eth0_ipv4_gw: 8.43.85.254 -eth0_ipv6_ip: "2620:52:3:1:dead:beef:cafe:fed7" -eth0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -eth0_ipv6_nm: 64 -freezes: true -has_ipv4: yes -has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -max_mem_size: 32768 -mem_size: 32768 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - - 2001:4860:4860::8888 - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -postfix_group: vpn -public_hostname: proxy14.fedoraproject.org + +ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext +ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/ + +vmhost: virthost-cc-rdu01.fedoraproject.org +volgroup: /dev/vg_guests + +eth0_ip: 8.43.85.67 +eth0_nm: 255.255.255.0 + # This is consumed by the roles/fedora-web/main role sponsor: redhat -vmhost: vmhost-x86-cc03.rdu-cc.fedoraproject.org -volgroup: /dev/vg_guests +datacenter: rdu-cc +postfix_group: vpn vpn: true + +nrpe_procs_warn: 1200 +nrpe_procs_crit: 1400 + +mem_size: 16384 +max_mem_size: 32768 +num_cpus: 8 + +collectd_graphite: True diff --git a/inventory/host_vars/proxy30.fedoraproject.org b/inventory/host_vars/proxy30.fedoraproject.org deleted file mode 100644 index 1772e256de..0000000000 --- a/inventory/host_vars/proxy30.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Skipping all the network stuff. Amazon does that all via DHCP. - -# This is consumed by the roles/fedora-web/main role -datacenter: aws -nagios_Check_Services: - swap: false -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -postfix_group: vpn -public_ip: 13.250.126.156 -sponsor: amazon -vpn: true diff --git a/inventory/host_vars/proxy31.fedoraproject.org b/inventory/host_vars/proxy31.fedoraproject.org deleted file mode 100644 index d458ac3722..0000000000 --- a/inventory/host_vars/proxy31.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Skipping all the network stuff. Amazon does that all via DHCP. - -# This is consumed by the roles/fedora-web/main role -datacenter: aws -nagios_Check_Services: - swap: false -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -postfix_group: vpn -public_ip: 13.125.120.8 -sponsor: amazon -vpn: true diff --git a/inventory/host_vars/proxy32.fedoraproject.org b/inventory/host_vars/proxy32.fedoraproject.org deleted file mode 100644 index 41a584539e..0000000000 --- a/inventory/host_vars/proxy32.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Skipping all the network stuff. Amazon does that all via DHCP. - -# This is consumed by the roles/fedora-web/main role -datacenter: aws -nagios_Check_Services: - swap: false -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -postfix_group: vpn -public_ip: 18.185.136.17 -sponsor: amazon -vpn: true diff --git a/inventory/host_vars/proxy33.fedoraproject.org b/inventory/host_vars/proxy33.fedoraproject.org deleted file mode 100644 index 250eab4ee1..0000000000 --- a/inventory/host_vars/proxy33.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Skipping all the network stuff. Amazon does that all via DHCP. - -# This is consumed by the roles/fedora-web/main role -datacenter: aws -nagios_Check_Services: - swap: false -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -postfix_group: vpn -public_ip: 13.246.137.48 -sponsor: amazon -vpn: true diff --git a/inventory/host_vars/proxy34.fedoraproject.org b/inventory/host_vars/proxy34.fedoraproject.org deleted file mode 100644 index b0fe3ef6ba..0000000000 --- a/inventory/host_vars/proxy34.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Skipping all the network stuff. Amazon does that all via DHCP. - -# This is consumed by the roles/fedora-web/main role -datacenter: aws -nagios_Check_Services: - swap: false -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -postfix_group: vpn -public_ip: 18.230.149.104 -sponsor: amazon -vpn: true diff --git a/inventory/host_vars/proxy35.fedoraproject.org b/inventory/host_vars/proxy35.fedoraproject.org deleted file mode 100644 index 03dbe02f51..0000000000 --- a/inventory/host_vars/proxy35.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Skipping all the network stuff. Amazon does that all via DHCP. - -# This is consumed by the roles/fedora-web/main role -datacenter: aws -nagios_Check_Services: - swap: false -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -postfix_group: vpn -public_ip: 18.133.140.134 -sponsor: amazon -vpn: true diff --git a/inventory/host_vars/proxy36.fedoraproject.org b/inventory/host_vars/proxy36.fedoraproject.org deleted file mode 100644 index 7590bbc701..0000000000 --- a/inventory/host_vars/proxy36.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Skipping all the network stuff. Amazon does that all via DHCP. - -# This is consumed by the roles/fedora-web/main role -datacenter: aws -nagios_Check_Services: - swap: false -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -postfix_group: vpn -public_ip: 18.159.254.57 -sponsor: amazon -vpn: true diff --git a/inventory/host_vars/proxy37.fedoraproject.org b/inventory/host_vars/proxy37.fedoraproject.org deleted file mode 100644 index 7d2bd7393b..0000000000 --- a/inventory/host_vars/proxy37.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Skipping all the network stuff. Amazon does that all via DHCP. - -# This is consumed by the roles/fedora-web/main role -datacenter: aws -nagios_Check_Services: - swap: false -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -postfix_group: vpn -public_ip: 13.233.183.170 -sponsor: amazon -vpn: true diff --git a/inventory/host_vars/proxy38.fedoraproject.org b/inventory/host_vars/proxy38.fedoraproject.org deleted file mode 100644 index 8f12c87b23..0000000000 --- a/inventory/host_vars/proxy38.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Skipping all the network stuff. Amazon does that all via DHCP. - -# This is consumed by the roles/fedora-web/main role -datacenter: aws -nagios_Check_Services: - swap: false -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -postfix_group: vpn -public_ip: 13.212.21.54 -sponsor: amazon -vpn: true diff --git a/inventory/host_vars/proxy39.fedoraproject.org b/inventory/host_vars/proxy39.fedoraproject.org deleted file mode 100644 index e270857cf7..0000000000 --- a/inventory/host_vars/proxy39.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Skipping all the network stuff. Amazon does that all via DHCP. - -# This is consumed by the roles/fedora-web/main role -datacenter: aws -nagios_Check_Services: - swap: false -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -postfix_group: vpn -public_ip: 13.245.77.95 -sponsor: amazon -vpn: true diff --git a/inventory/host_vars/proxy40.fedoraproject.org b/inventory/host_vars/proxy40.fedoraproject.org deleted file mode 100644 index 5948d517b1..0000000000 --- a/inventory/host_vars/proxy40.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Skipping all the network stuff. Amazon does that all via DHCP. - -# This is consumed by the roles/fedora-web/main role -datacenter: aws -nagios_Check_Services: - swap: false -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -postfix_group: vpn -public_ip: 15.228.51.95 -sponsor: amazon -vpn: true diff --git a/inventory/host_vars/qa-prod01.qa.fedoraproject.org b/inventory/host_vars/qa-prod01.qa.fedoraproject.org new file mode 100644 index 0000000000..175bc7cbd7 --- /dev/null +++ b/inventory/host_vars/qa-prod01.qa.fedoraproject.org @@ -0,0 +1,29 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-24 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/24/Server/x86_64/os/ +volgroup: /dev/VirtGuests + +eth0_ip: 10.5.124.231 +eth0_nm: 255.255.255.128 +vmhost: virthost-comm03.qa.fedoraproject.org +datacenter: phx2 +fas_client_groups: sysadmin-qa,sysadmin-main +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" + +mariadb_root_password: "{{ qadevel_mariadb_root_password }}" + +public_hostname: qa.fedoraproject.org +short_hostname: qa-prod01.qa +buildmaster: 127.0.0.1 + +buildslaves: + - qa-prod01-1 + +slaves: + - { user: "{{ short_hostname }}-1", home: "/home/{{ short_hostname }}-1", dir: "/home/{{ short_hostname }}-1/slave" } + +extra_enablerepos: '' diff --git a/inventory/host_vars/qa-stg01.qa.fedoraproject.org b/inventory/host_vars/qa-stg01.qa.fedoraproject.org new file mode 100644 index 0000000000..fa3c8eff43 --- /dev/null +++ b/inventory/host_vars/qa-stg01.qa.fedoraproject.org @@ -0,0 +1,30 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-24 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/24/Server/x86_64/os/ +volgroup: /dev/vg_guests + +eth0_ip: 10.5.124.230 +eth0_nm: 255.255.255.128 +vmhost: virthost-comm04.qa.fedoraproject.org +datacenter: phx2 +fas_client_groups: sysadmin-qa,sysadmin-main +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" + +mariadb_root_password: "{{ qa_stg_mariadb_root_password }}" + +public_hostname: qa.stg.fedoraproject.org +short_hostname: qa-stg01.qa +#buildmaster: 10.5.124.230 +buildmaster: 127.0.0.1 + +buildslaves: + - qa-stg01-1 + +slaves: + - { user: "{{ short_hostname }}-1", home: "/home/{{ short_hostname }}-1", dir: "/home/{{ short_hostname }}-1/slave" } + +extra_enablerepos: '' diff --git a/inventory/host_vars/qa01.qa.fedoraproject.org b/inventory/host_vars/qa01.qa.fedoraproject.org new file mode 100644 index 0000000000..a9fee97a67 --- /dev/null +++ b/inventory/host_vars/qa01.qa.fedoraproject.org @@ -0,0 +1,5 @@ +--- +freezes: false +fas_client_groups: sysadmin-qa,sysadmin-main +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" + diff --git a/inventory/host_vars/qa02.qa.fedoraproject.org b/inventory/host_vars/qa02.qa.fedoraproject.org new file mode 100644 index 0000000000..1b1fedf96b --- /dev/null +++ b/inventory/host_vars/qa02.qa.fedoraproject.org @@ -0,0 +1,36 @@ +--- +freezes: false +fas_client_groups: sysadmin-qa,sysadmin-main +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" +datacenter: phx2 + +# hardware and setup information +eth0_ip: 10.5.124.152 +eth0_nm: 255.255.255.128 +eth0_mac: 00:21:5e:c6:cc:9c +eth_interface: eth0 +volgroup: vmstore + +# beaker clients hosted on this machine +clients: + - hostname: beaker-client10.qa.fedoraproject.org + macaddress: "52:54:00:a2:de:30" + memsize: 4096 + num_cpus: 2 + lvm_size: 20G + - hostname: beaker-client11.qa.fedoraproject.org + macaddress: "52:54:00:fe:22:ff" + memsize: 4096 + num_cpus: 2 + lvm_size: 20G + - hostname: beaker-client12.qa.fedoraproject.org + macaddress: "52:54:00:c5:04:14" + memsize: 4096 + num_cpus: 2 + lvm_size: 20G + - hostname: beaker-client13.qa.fedoraproject.org + macaddress: "52:54:00:b5:97:30" + memsize: 4096 + num_cpus: 2 + lvm_size: 20G + diff --git a/inventory/host_vars/qa04.qa.fedoraproject.org b/inventory/host_vars/qa04.qa.fedoraproject.org new file mode 100644 index 0000000000..50785cad5a --- /dev/null +++ b/inventory/host_vars/qa04.qa.fedoraproject.org @@ -0,0 +1,35 @@ +--- +freezes: false +fas_client_groups: sysadmin-qa,sysadmin-main +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" + +# hardware and setup information +eth0_ip: 10.5.124.154 +eth0_nm: 255.255.255.128 +eth0_mac: 00:21:5e:c7:2a:1c +eth_interface: eth0 +volgroup: vmstore + +# beaker clients hosted on this machine +clients: + - hostname: beaker-client06.qa.fedoraproject.org + macaddress: "52:54:00:5a:77:2a" + memsize: 4096 + num_cpus: 2 + lvm_size: 20G + - hostname: beaker-client07.qa.fedoraproject.org + macaddress: "52:54:00:33:9a:ea" + memsize: 4096 + num_cpus: 2 + lvm_size: 20G + - hostname: beaker-client08.qa.fedoraproject.org + macaddress: "52:54:00:2a:98:9e" + memsize: 4096 + num_cpus: 2 + lvm_size: 20G + - hostname: beaker-client09.qa.fedoraproject.org + macaddress: "52:54:00:48:d7:cd" + memsize: 4096 + num_cpus: 2 + lvm_size: 20G + diff --git a/inventory/host_vars/qa05.qa.fedoraproject.org b/inventory/host_vars/qa05.qa.fedoraproject.org new file mode 100644 index 0000000000..5b414a03cf --- /dev/null +++ b/inventory/host_vars/qa05.qa.fedoraproject.org @@ -0,0 +1,5 @@ +--- +fas_client_groups: sysadmin-qa,sysadmin-main +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" +eth0_ip: 10.5.124.155 +gw: 10.5.124.254 diff --git a/inventory/host_vars/qa06.qa.fedoraproject.org b/inventory/host_vars/qa06.qa.fedoraproject.org new file mode 100644 index 0000000000..4cf2798810 --- /dev/null +++ b/inventory/host_vars/qa06.qa.fedoraproject.org @@ -0,0 +1,5 @@ +--- +fas_client_groups: sysadmin-qa,sysadmin-main +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" +eth0_ip: 10.5.124.156 +gw: 10.5.124.254 diff --git a/inventory/host_vars/qa07.qa.fedoraproject.org b/inventory/host_vars/qa07.qa.fedoraproject.org new file mode 100644 index 0000000000..502827d88f --- /dev/null +++ b/inventory/host_vars/qa07.qa.fedoraproject.org @@ -0,0 +1,5 @@ +--- +fas_client_groups: sysadmin-qa,sysadmin-main +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" +eth0_ip: 10.5.124.157 +gw: 10.5.124.254 diff --git a/inventory/host_vars/qa08.qa.fedoraproject.org b/inventory/host_vars/qa08.qa.fedoraproject.org new file mode 100644 index 0000000000..97ffae04ec --- /dev/null +++ b/inventory/host_vars/qa08.qa.fedoraproject.org @@ -0,0 +1,37 @@ +--- +freezes: false +fas_client_groups: sysadmin-qa,sysadmin-main +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" +datacenter: phx2 +gw: 10.5.124.254 + +# hardware and setup information +eth0_ip: 10.5.124.158 +eth0_nm: 255.255.255.128 +eth0_mac: e4:1f:13:e5:46:80 +eth_interface: eth0 +volgroup: vmstore + +# beaker clients hosted on this machine +clients: + - hostname: virt15.qa.fedoraproject.org + macaddress: "52:54:00:1d:15:85" + memsize: 4096 + num_cpus: 2 + lvm_size: 20G + - hostname: virt16.qa.fedoraproject.org + macaddress: "52:54:00:f2:cc:2a" + memsize: 4096 + num_cpus: 2 + lvm_size: 20G + - hostname: virt17.qa.fedoraproject.org + macaddress: "52:54:00:58:9b:0e" + memsize: 4096 + num_cpus: 2 + lvm_size: 20G + - hostname: virt18.qa.fedoraproject.org + macaddress: "52:54:00:22:3b:07" + memsize: 4096 + num_cpus: 2 + lvm_size: 20G + diff --git a/inventory/host_vars/qa09.qa.fedoraproject.org b/inventory/host_vars/qa09.qa.fedoraproject.org new file mode 100644 index 0000000000..446ee71886 --- /dev/null +++ b/inventory/host_vars/qa09.qa.fedoraproject.org @@ -0,0 +1,10 @@ +--- +freezes: false +fas_client_groups: sysadmin-qa,sysadmin-main +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" +nrpe_procs_warn: 1400 +nrpe_procs_crit: 1600 +eth0_ip: 10.5.124.239 +gw: 10.5.124.254 +# this is a powerful machine, can handle more openQA workers +openqa_workers: 10 diff --git a/inventory/host_vars/qa10.qa.fedoraproject.org b/inventory/host_vars/qa10.qa.fedoraproject.org new file mode 100644 index 0000000000..297f614e30 --- /dev/null +++ b/inventory/host_vars/qa10.qa.fedoraproject.org @@ -0,0 +1,26 @@ +--- +freezes: false +fas_client_groups: sysadmin-qa,sysadmin-main +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 +eth0_ip: 10.5.124.208 +gw: 10.5.124.254 + +short_hostname: qa10.qa +slaves: + - { user: "{{ short_hostname }}-1", home: "/home/{{ short_hostname }}-1", dir: "/home/{{ short_hostname }}-1/slave" } + - { user: "{{ short_hostname }}-2", home: "/home/{{ short_hostname }}-2", dir: "/home/{{ short_hostname }}-2/slave" } + - { user: "{{ short_hostname }}-3", home: "/home/{{ short_hostname }}-3", dir: "/home/{{ short_hostname }}-3/slave" } + - { user: "{{ short_hostname }}-4", home: "/home/{{ short_hostname }}-4", dir: "/home/{{ short_hostname }}-4/slave" } + - { user: "{{ short_hostname }}-5", home: "/home/{{ short_hostname }}-5", dir: "/home/{{ short_hostname }}-5/slave" } + - { user: "{{ short_hostname }}-6", home: "/home/{{ short_hostname }}-6", dir: "/home/{{ short_hostname }}-6/slave" } + - { user: "{{ short_hostname }}-7", home: "/home/{{ short_hostname }}-7", dir: "/home/{{ short_hostname }}-7/slave" } + - { user: "{{ short_hostname }}-8", home: "/home/{{ short_hostname }}-8", dir: "/home/{{ short_hostname }}-8/slave" } + - { user: "{{ short_hostname }}-9", home: "/home/{{ short_hostname }}-9", dir: "/home/{{ short_hostname }}-9/slave" } + - { user: "{{ short_hostname }}-10", home: "/home/{{ short_hostname }}-10", dir: "/home/{{ short_hostname }}-10/slave" } + - { user: "{{ short_hostname }}-11", home: "/home/{{ short_hostname }}-11", dir: "/home/{{ short_hostname }}-11/slave" } + - { user: "{{ short_hostname }}-12", home: "/home/{{ short_hostname }}-12", dir: "/home/{{ short_hostname }}-12/slave" } + - { user: "{{ short_hostname }}-13", home: "/home/{{ short_hostname }}-13", dir: "/home/{{ short_hostname }}-13/slave" } + - { user: "{{ short_hostname }}-14", home: "/home/{{ short_hostname }}-14", dir: "/home/{{ short_hostname }}-14/slave" } + - { user: "{{ short_hostname }}-15", home: "/home/{{ short_hostname }}-15", dir: "/home/{{ short_hostname }}-15/slave" } diff --git a/inventory/host_vars/qa11.qa.fedoraproject.org b/inventory/host_vars/qa11.qa.fedoraproject.org new file mode 100644 index 0000000000..de99d2ba17 --- /dev/null +++ b/inventory/host_vars/qa11.qa.fedoraproject.org @@ -0,0 +1,26 @@ +--- +freezes: false +fas_client_groups: sysadmin-qa,sysadmin-main +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 +eth0_ip: 10.5.124.209 +gw: 10.5.124.254 + +short_hostname: qa11 +slaves: + - { user: "{{ short_hostname }}-1", home: "/home/{{ short_hostname }}-1", dir: "/home/{{ short_hostname }}-1/slave" } + - { user: "{{ short_hostname }}-2", home: "/home/{{ short_hostname }}-2", dir: "/home/{{ short_hostname }}-2/slave" } + - { user: "{{ short_hostname }}-3", home: "/home/{{ short_hostname }}-3", dir: "/home/{{ short_hostname }}-3/slave" } + - { user: "{{ short_hostname }}-4", home: "/home/{{ short_hostname }}-4", dir: "/home/{{ short_hostname }}-4/slave" } + - { user: "{{ short_hostname }}-5", home: "/home/{{ short_hostname }}-5", dir: "/home/{{ short_hostname }}-5/slave" } + - { user: "{{ short_hostname }}-6", home: "/home/{{ short_hostname }}-6", dir: "/home/{{ short_hostname }}-6/slave" } + - { user: "{{ short_hostname }}-7", home: "/home/{{ short_hostname }}-7", dir: "/home/{{ short_hostname }}-7/slave" } + - { user: "{{ short_hostname }}-8", home: "/home/{{ short_hostname }}-8", dir: "/home/{{ short_hostname }}-8/slave" } + - { user: "{{ short_hostname }}-9", home: "/home/{{ short_hostname }}-9", dir: "/home/{{ short_hostname }}-9/slave" } + - { user: "{{ short_hostname }}-10", home: "/home/{{ short_hostname }}-10", dir: "/home/{{ short_hostname }}-10/slave" } + - { user: "{{ short_hostname }}-11", home: "/home/{{ short_hostname }}-11", dir: "/home/{{ short_hostname }}-11/slave" } + - { user: "{{ short_hostname }}-12", home: "/home/{{ short_hostname }}-12", dir: "/home/{{ short_hostname }}-12/slave" } + - { user: "{{ short_hostname }}-13", home: "/home/{{ short_hostname }}-13", dir: "/home/{{ short_hostname }}-13/slave" } + - { user: "{{ short_hostname }}-14", home: "/home/{{ short_hostname }}-14", dir: "/home/{{ short_hostname }}-14/slave" } + - { user: "{{ short_hostname }}-15", home: "/home/{{ short_hostname }}-15", dir: "/home/{{ short_hostname }}-15/slave" } diff --git a/inventory/host_vars/qa12.qa.fedoraproject.org b/inventory/host_vars/qa12.qa.fedoraproject.org new file mode 100644 index 0000000000..3856ad1349 --- /dev/null +++ b/inventory/host_vars/qa12.qa.fedoraproject.org @@ -0,0 +1,26 @@ +--- +freezes: false +fas_client_groups: sysadmin-qa,sysadmin-main +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 +eth0_ip: 10.5.131.20 +gw: 10.5.131.254 + +short_hostname: qa12.qa +slaves: + - { user: "{{ short_hostname }}-1", home: "/home/{{ short_hostname }}-1", dir: "/home/{{ short_hostname }}-1/slave" } + - { user: "{{ short_hostname }}-2", home: "/home/{{ short_hostname }}-2", dir: "/home/{{ short_hostname }}-2/slave" } + - { user: "{{ short_hostname }}-3", home: "/home/{{ short_hostname }}-3", dir: "/home/{{ short_hostname }}-3/slave" } + - { user: "{{ short_hostname }}-4", home: "/home/{{ short_hostname }}-4", dir: "/home/{{ short_hostname }}-4/slave" } + - { user: "{{ short_hostname }}-5", home: "/home/{{ short_hostname }}-5", dir: "/home/{{ short_hostname }}-5/slave" } + - { user: "{{ short_hostname }}-6", home: "/home/{{ short_hostname }}-6", dir: "/home/{{ short_hostname }}-6/slave" } + - { user: "{{ short_hostname }}-7", home: "/home/{{ short_hostname }}-7", dir: "/home/{{ short_hostname }}-7/slave" } + - { user: "{{ short_hostname }}-8", home: "/home/{{ short_hostname }}-8", dir: "/home/{{ short_hostname }}-8/slave" } + - { user: "{{ short_hostname }}-9", home: "/home/{{ short_hostname }}-9", dir: "/home/{{ short_hostname }}-9/slave" } + - { user: "{{ short_hostname }}-10", home: "/home/{{ short_hostname }}-10", dir: "/home/{{ short_hostname }}-10/slave" } + - { user: "{{ short_hostname }}-11", home: "/home/{{ short_hostname }}-11", dir: "/home/{{ short_hostname }}-11/slave" } + - { user: "{{ short_hostname }}-12", home: "/home/{{ short_hostname }}-12", dir: "/home/{{ short_hostname }}-12/slave" } + - { user: "{{ short_hostname }}-13", home: "/home/{{ short_hostname }}-13", dir: "/home/{{ short_hostname }}-13/slave" } + - { user: "{{ short_hostname }}-14", home: "/home/{{ short_hostname }}-14", dir: "/home/{{ short_hostname }}-14/slave" } + - { user: "{{ short_hostname }}-15", home: "/home/{{ short_hostname }}-15", dir: "/home/{{ short_hostname }}-15/slave" } diff --git a/inventory/host_vars/qa13.qa.fedoraproject.org b/inventory/host_vars/qa13.qa.fedoraproject.org new file mode 100644 index 0000000000..0ae3319483 --- /dev/null +++ b/inventory/host_vars/qa13.qa.fedoraproject.org @@ -0,0 +1,26 @@ +--- +freezes: false +fas_client_groups: sysadmin-qa,sysadmin-main +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 +eth0_ip: 10.5.131.21 +gw: 10.5.131.254 + +short_hostname: qa13.qa +slaves: + - { user: "{{ short_hostname }}-1", home: "/home/{{ short_hostname }}-1", dir: "/home/{{ short_hostname }}-1/slave" } + - { user: "{{ short_hostname }}-2", home: "/home/{{ short_hostname }}-2", dir: "/home/{{ short_hostname }}-2/slave" } + - { user: "{{ short_hostname }}-3", home: "/home/{{ short_hostname }}-3", dir: "/home/{{ short_hostname }}-3/slave" } + - { user: "{{ short_hostname }}-4", home: "/home/{{ short_hostname }}-4", dir: "/home/{{ short_hostname }}-4/slave" } + - { user: "{{ short_hostname }}-5", home: "/home/{{ short_hostname }}-5", dir: "/home/{{ short_hostname }}-5/slave" } + - { user: "{{ short_hostname }}-6", home: "/home/{{ short_hostname }}-6", dir: "/home/{{ short_hostname }}-6/slave" } + - { user: "{{ short_hostname }}-7", home: "/home/{{ short_hostname }}-7", dir: "/home/{{ short_hostname }}-7/slave" } + - { user: "{{ short_hostname }}-8", home: "/home/{{ short_hostname }}-8", dir: "/home/{{ short_hostname }}-8/slave" } + - { user: "{{ short_hostname }}-9", home: "/home/{{ short_hostname }}-9", dir: "/home/{{ short_hostname }}-9/slave" } + - { user: "{{ short_hostname }}-10", home: "/home/{{ short_hostname }}-10", dir: "/home/{{ short_hostname }}-10/slave" } + - { user: "{{ short_hostname }}-11", home: "/home/{{ short_hostname }}-11", dir: "/home/{{ short_hostname }}-11/slave" } + - { user: "{{ short_hostname }}-12", home: "/home/{{ short_hostname }}-12", dir: "/home/{{ short_hostname }}-12/slave" } + - { user: "{{ short_hostname }}-13", home: "/home/{{ short_hostname }}-13", dir: "/home/{{ short_hostname }}-13/slave" } + - { user: "{{ short_hostname }}-14", home: "/home/{{ short_hostname }}-14", dir: "/home/{{ short_hostname }}-14/slave" } + - { user: "{{ short_hostname }}-15", home: "/home/{{ short_hostname }}-15", dir: "/home/{{ short_hostname }}-15/slave" } diff --git a/inventory/host_vars/qa14.qa.fedoraproject.org b/inventory/host_vars/qa14.qa.fedoraproject.org new file mode 100644 index 0000000000..d1439a7768 --- /dev/null +++ b/inventory/host_vars/qa14.qa.fedoraproject.org @@ -0,0 +1,10 @@ +--- +freezes: false +fas_client_groups: sysadmin-qa,sysadmin-main +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 +eth0_ip: 10.5.131.22 +gw: 10.5.131.254 +# this is a powerful machine, can handle more openQA workers +openqa_workers: 10 diff --git a/inventory/host_vars/qadevel.qa.fedoraproject.org b/inventory/host_vars/qadevel.qa.fedoraproject.org new file mode 100644 index 0000000000..5f672e504b --- /dev/null +++ b/inventory/host_vars/qadevel.qa.fedoraproject.org @@ -0,0 +1,24 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-23 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/23/Server/x86_64/os/ +volgroup: /dev/VirtGuests +eth0_ip: 10.5.124.180 +eth0_nm: 255.255.255.128 +vmhost: virthost-comm03.qa.fedoraproject.org +datacenter: phx2 + +fas_client_groups: sysadmin-qa,sysadmin-main + +mariadb_root_password: "{{ qadevel_mariadb_root_password }}" + +public_hostname: qadevel.qa.fedoraproject.org +buildmaster: 10.5.124.180 + +buildslaves: + - qadevel + +# needed for local buildslave +buildslave_name: 'qadevel' diff --git a/inventory/host_vars/qvmhost-x86-01.iad2.fedoraproject.org b/inventory/host_vars/qvmhost-x86-01.iad2.fedoraproject.org deleted file mode 100644 index 7e287dfa2d..0000000000 --- a/inventory/host_vars/qvmhost-x86-01.iad2.fedoraproject.org +++ /dev/null @@ -1,35 +0,0 @@ ---- -br0_dev: eno1 -br0_gw: 10.3.174.254 -br0_ip: 10.3.174.11 -br0_nm: 255.255.255.0 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns: 10.3.163.33 -mac1: e4:43:4b:a8:c1:fe -mac2: e4:43:4b:a8:c2:00 -mac3: e4:43:4b:a8:c2:1e -mac4: e4:43:4b:a8:c2:1f -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ip }}/24" - dhcp4: no - dns: - - 10.3.163.33 - - 10.3.163.34 - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ br0_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/qvmhost-x86-02.iad2.fedoraproject.org b/inventory/host_vars/qvmhost-x86-02.iad2.fedoraproject.org deleted file mode 100644 index 8180ab7e52..0000000000 --- a/inventory/host_vars/qvmhost-x86-02.iad2.fedoraproject.org +++ /dev/null @@ -1,38 +0,0 @@ ---- -br0_dev: eno1 -br0_gw: 10.3.174.254 -br0_ip: 10.3.174.12 -br0_nm: 255.255.255.0 -br0_port0_mac: '{{ mac1 }}' -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.33 -dns_search1: iad2.fedoraproject.org -dns_search2: fedoraproject.org -mac1: e4:43:4b:a8:b3:0e -mac2: e4:43:4b:a8:b3:10 -mac3: e4:43:4b:a8:b3:2e -mac4: e4:43:4b:a8:b3:2f -network_connections: - - autoconnect: true - ip: - address: - - '{{ br0_ip }}/24' - dhcp4: false - dns: - - '{{ dns1 }}' - - '{{ dns2 }}' - dns_search: - - '{{ dns_search1 }}' - - '{{ dns_search2 }}' - gateway4: '{{ br0_gw }}' - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: '{{ br0_port0_mac }}' - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/rabbitmq01.iad2.fedoraproject.org b/inventory/host_vars/rabbitmq01.iad2.fedoraproject.org deleted file mode 100644 index 347e4abdf3..0000000000 --- a/inventory/host_vars/rabbitmq01.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.78 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL8-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-8-iad2 -vmhost: vmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/rabbitmq01.stg.iad2.fedoraproject.org b/inventory/host_vars/rabbitmq01.stg.iad2.fedoraproject.org deleted file mode 100644 index 7199ef871c..0000000000 --- a/inventory/host_vars/rabbitmq01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,5 +0,0 @@ ---- -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.78 -vmhost: vmhost-x86-09.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/rabbitmq02.iad2.fedoraproject.org b/inventory/host_vars/rabbitmq02.iad2.fedoraproject.org deleted file mode 100644 index a5b55e2106..0000000000 --- a/inventory/host_vars/rabbitmq02.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.79 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL8-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-8-iad2 -vmhost: vmhost-x86-03.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/rabbitmq02.stg.iad2.fedoraproject.org b/inventory/host_vars/rabbitmq02.stg.iad2.fedoraproject.org deleted file mode 100644 index 689a996c6d..0000000000 --- a/inventory/host_vars/rabbitmq02.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,5 +0,0 @@ ---- -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.79 -vmhost: vmhost-x86-12.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/rabbitmq03.iad2.fedoraproject.org b/inventory/host_vars/rabbitmq03.iad2.fedoraproject.org deleted file mode 100644 index 26ba89cd6f..0000000000 --- a/inventory/host_vars/rabbitmq03.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.80 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL8-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-8-iad2 -vmhost: vmhost-x86-04.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/rabbitmq03.stg.iad2.fedoraproject.org b/inventory/host_vars/rabbitmq03.stg.iad2.fedoraproject.org deleted file mode 100644 index dc4b792be2..0000000000 --- a/inventory/host_vars/rabbitmq03.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,5 +0,0 @@ ---- -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.80 -vmhost: vmhost-x86-05.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/rawhide-composer.phx2.fedoraproject.org b/inventory/host_vars/rawhide-composer.phx2.fedoraproject.org new file mode 100644 index 0000000000..f5a49eee72 --- /dev/null +++ b/inventory/host_vars/rawhide-composer.phx2.fedoraproject.org @@ -0,0 +1,35 @@ +vmhost: bvirthost06.phx2.fedoraproject.org +eth0_ip: 10.5.125.69 +eth1_ip: 10.5.127.54 +volgroup: /dev/vg_bvirthost06 + +koji_hub_nfs: "fedora_koji" + +kojipkgs_url: kojipkgs.fedoraproject.org +kojihub_url: koji.fedoraproject.org/kojihub +kojihub_scheme: https + +# rawhide is never frozen, the compose box should not be so we can make needed changes +freezes: false + +fedmsg_certs: +- service: releng + owner: root + group: sysadmin-releng + can_send: + - pungi.compose.phase.start + - pungi.compose.phase.stop + - pungi.compose.status.change + - pungi.compose.createiso.targets + - pungi.compose.createiso.imagefail + - pungi.compose.createiso.imagedone + - compose.rawhide.complete + - compose.rawhide.mash.complete + - compose.rawhide.mash.start + - compose.rawhide.image.complete + - compose.rawhide.image.start + - compose.rawhide.pungify.complete + - compose.rawhide.pungify.start + - compose.rawhide.rsync.complete + - compose.rawhide.rsync.start + - compose.rawhide.start diff --git a/inventory/host_vars/rawhide-test.fedorainfracloud.org b/inventory/host_vars/rawhide-test.fedorainfracloud.org index 150458175a..f185a52272 100644 --- a/inventory/host_vars/rawhide-test.fedorainfracloud.org +++ b/inventory/host_vars/rawhide-test.fedorainfracloud.org @@ -1,2 +1,17 @@ -datacenter: aws -inventory_hostname: "rawhide-test.fedorainfracloud.org" +--- +image: "{{ fedora25_x86_64 }}" +instance_type: ms1.medium +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-maintainertest,web-80-anywhere-maintainertest,default,web-443-anywhere-maintainertest,all-icmp-maintainertest +zone: nova +tcp_ports: [22] + +inventory_tenant: maintainertest +inventory_instance_name: rawhide-test +hostbase: rawhide-test +public_ip: 209.132.184.212 +description: rawhide-test instance + +cloud_networks: + # maintainertest-net + - net-id: "a512d096-3fa2-49cc-b989-d43ca687f91d" diff --git a/inventory/host_vars/regcfp2.fedorainfracloud.org b/inventory/host_vars/regcfp2.fedorainfracloud.org new file mode 100644 index 0000000000..f519eaaef7 --- /dev/null +++ b/inventory/host_vars/regcfp2.fedorainfracloud.org @@ -0,0 +1,22 @@ +--- +image: rhel7-20141015 +instance_type: m1.medium +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,web-443-anywhere-persistent,default,all-icmp-persistent,allow-nagios-persistent +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: regcfp2 +hostbase: regcfp2 +public_ip: 209.132.184.127 +root_auth_users: puiterwijk pfrields duffy +description: Flock registration software + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + +custom_rules: [ '-A INPUT -p tcp -m tcp --dport 5432 -j ACCEPT' ] +shared_buffers: "1GB" +effective_cache_size: "2GB" diff --git a/inventory/host_vars/respins.fedorainfracloud.org b/inventory/host_vars/respins.fedorainfracloud.org new file mode 100644 index 0000000000..18cd44304d --- /dev/null +++ b/inventory/host_vars/respins.fedorainfracloud.org @@ -0,0 +1,18 @@ +--- +image: rhel7-20141015 +instance_type: m1.medium +keypair: fedora-admin-20130801 +security_group: wide-open-persistent,default,all-icmp-persistent +zone: nova +tcp_ports: [22, 6969] + +inventory_tenant: persistent +inventory_instance_name: respins +hostbase: respins +public_ip: 209.132.184.60 +root_auth_users: dmossor linuxmodder jbwillia nb +description: respins instance + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" diff --git a/inventory/host_vars/resultsdb-dev01.qa.fedoraproject.org b/inventory/host_vars/resultsdb-dev01.qa.fedoraproject.org new file mode 100644 index 0000000000..8f232ffa14 --- /dev/null +++ b/inventory/host_vars/resultsdb-dev01.qa.fedoraproject.org @@ -0,0 +1,35 @@ +--- +############################################################ +# networking +############################################################ + +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +eth0_ip: 10.5.124.205 +eth0_nm: 255.255.255.128 + +############################################################ +# install +############################################################ + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ + +volgroup: /dev/vg_guests +vmhost: virthost-comm04.qa.fedoraproject.org +datacenter: phx2 + +############################################################ +# virtual machine +############################################################ + +fas_client_groups: sysadmin-qa,sysadmin-main,sysadmin-noc,fi-apprentice,sysadmin-veteran +lvm_size: 50000 +mem_size: 4096 +num_cpus: 4 + +nrpe_procs_warn: 250 +nrpe_procs_crit: 300 + + diff --git a/inventory/host_vars/resultsdb-stg01.qa.fedoraproject.org b/inventory/host_vars/resultsdb-stg01.qa.fedoraproject.org new file mode 100644 index 0000000000..88abe027cc --- /dev/null +++ b/inventory/host_vars/resultsdb-stg01.qa.fedoraproject.org @@ -0,0 +1,34 @@ +--- +############################################################ +# networking +############################################################ + +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +eth0_ip: 10.5.124.147 +eth0_nm: 255.255.255.128 + +############################################################ +# install +############################################################ + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ + +volgroup: /dev/vg_guests +vmhost: virthost-comm04.qa.fedoraproject.org +datacenter: phx2 + +############################################################ +# virtual machine +############################################################ + +fas_client_groups: sysadmin-qa,sysadmin-main,sysadmin-noc,fi-apprentice,sysadmin-veteran + +lvm_size: 50000 +mem_size: 4096 +num_cpus: 4 + +nrpe_procs_warn: 250 +nrpe_procs_crit: 300 diff --git a/inventory/host_vars/resultsdb01.qa.fedoraproject.org b/inventory/host_vars/resultsdb01.qa.fedoraproject.org new file mode 100644 index 0000000000..7bc6206260 --- /dev/null +++ b/inventory/host_vars/resultsdb01.qa.fedoraproject.org @@ -0,0 +1,33 @@ +--- +############################################################ +# networking +############################################################ + +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +eth0_ip: 10.5.124.207 +eth0_nm: 255.255.255.128 + +############################################################ +# install +############################################################ + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ + +volgroup: /dev/VirtGuests +datacenter: phx2 +vmhost: virthost-comm03.qa.fedoraproject.org + +############################################################ +# virtual machine +############################################################ + +fas_client_groups: sysadmin-qa,sysadmin-main,sysadmin-noc,fi-apprentice,sysadmin-veteran +lvm_size: 50000 +mem_size: 4096 +num_cpus: 4 +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" + + diff --git a/inventory/host_vars/retrace01.qa.fedoraproject.org b/inventory/host_vars/retrace01.qa.fedoraproject.org new file mode 100644 index 0000000000..b9cb203684 --- /dev/null +++ b/inventory/host_vars/retrace01.qa.fedoraproject.org @@ -0,0 +1,123 @@ +--- +faf_server_name: retrace.fedoraproject.org/faf +rs_use_faf_packages: true + +# we do not have enough storage on stg +rs_internal_fedora_vers: [25, 26, 27, rawhide] +rs_internal_fedora_vers_removed: [24] +rs_internal_arch_list: [source, x86_64, i386] + +nagios_Check_Services: + nrpe: true + sshd: true + named: false + dhcpd: false + httpd: false + swap: false + +faf_repos: + - { name: 'fedora-27-updates-testing-source', + url: 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/testing/27/SRPMS/', + arch: 'src', + opsys: 'Fedora 27' + } + - { name: 'fedora-27-updates-source', + url: 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/27/SRPMS/', + arch: 'src', + opsys: 'Fedora 27' + } + - { name: 'fedora-27-armhfp-debug', + url: 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/development/27/Everything/armhfp/debug/tree/', + arch: 'armv7hl', + opsys: 'Fedora 27', + } + - { name: 'fedora-27-armhfp-testing-debug', + url: 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/testing/27/armhfp/debug/', + arch: 'armv7hl', + opsys: 'Fedora 27', + } + - { name: 'fedora-27-armhfp-testing', + url: 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/testing/27/armhfp/', + arch: 'armv7hl', + opsys: 'Fedora 27', + } + - { name: 'fedora-27-armhfp-updates-debug', + url: 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/27/armhfp/debug/', + arch: 'armv7hl', + opsys: 'Fedora 27', + } + - { name: 'fedora-27-armhfp-updates', + url: 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/27/armhfp/', + arch: 'armv7hl', + opsys: 'Fedora 27', + } + - { name: 'fedora-27-armhfp', + url: 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/development/27/Everything/armhfp/os/', + arch: 'armv7hl', + opsys: 'Fedora 27', + } + - { name: 'fedora-27-i386-debug', + url: 'http://download01.phx2.fedoraproject.org/pub/fedora-secondary/development/27/Everything/i386/debug/tree/', + arch: 'i386', + opsys: 'Fedora 27', + } + - { name: 'fedora-27-i386-testing-debug', + url: 'http://download01.phx2.fedoraproject.org/pub/fedora-secondary/updates/testing/27/i386/debug/', + arch: 'i386', + opsys: 'Fedora 27', + } + - { name: 'fedora-27-i386-testing', + url: 'http://download01.phx2.fedoraproject.org/pub/fedora-secondary/updates/testing/27/i386/', + arch: 'i386', + opsys: 'Fedora 27', + } + - { name: 'fedora-27-i386-updates-debug', + url: 'http://download01.phx2.fedoraproject.org/pub/fedora-secondary/updates/27/i386/debug/', + arch: 'i386', + opsys: 'Fedora 27', + } + - { name: 'fedora-27-i386-updates', + url: 'http://download01.phx2.fedoraproject.org/pub/fedora-secondary/updates/27/i386/', + arch: 'i386', + opsys: 'Fedora 27', + } + - { name: 'fedora-27-i386', + url: 'http://download01.phx2.fedoraproject.org/pub/fedora-secondary/development/27/Everything/i386/os/', + arch: 'i386', + opsys: 'Fedora 27', + } + - { name: 'fedora-27-source', + url: 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/development/27/Everything/source/tree/', + arch: 'src', + opsys: 'Fedora 27', + } + - { name: 'fedora-27-x86_64', + url: 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/development/27/Everything/x86_64/os/', + arch: 'x86_64', + opsys: 'Fedora 27', + } + - { name: 'fedora-27-x86_64-debug', + url: 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/development/27/Everything/x86_64/debug/tree/', + arch: 'x86_64', + opsys: 'Fedora 27', + } + - { name: 'fedora-27-x86_64-testing-debug', + url: 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/testing/27/x86_64/debug/', + arch: 'x86_64', + opsys: 'Fedora 27', + } + - { name: 'fedora-27-x86_64-testing', + url: 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/testing/27/x86_64/', + arch: 'x86_64', + opsys: 'Fedora 27', + } + - { name: 'fedora-27-x86_64-updates-debug', + url: 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/27/x86_64/debug/', + arch: 'x86_64', + opsys: 'Fedora 27', + } + - { name: 'fedora-27-x86_64-updates', + url: 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/27/x86_64/', + arch: 'x86_64', + opsys: 'Fedora 27', + } diff --git a/inventory/host_vars/retrace01.stg.phx2.fedoraproject.org b/inventory/host_vars/retrace01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..aceaf40c5e --- /dev/null +++ b/inventory/host_vars/retrace01.stg.phx2.fedoraproject.org @@ -0,0 +1,23 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.178 +vmhost: virthost20.phx2.fedoraproject.org +datacenter: phx2 + +mem_size: 4096 +max_mem_size: 16384 +num_cpus: 2 + +faf_server_name: retrace01.stg.phx2.fedoraproject.org/faf +rs_use_faf_packages: false + +# we do not have enough storage on stg +rs_internal_fedora_vers: [rawhide] +rs_internal_arch_list: [x86_64] + +devel: true diff --git a/inventory/host_vars/retrace03.rdu-cc.fedoraproject.org b/inventory/host_vars/retrace03.rdu-cc.fedoraproject.org deleted file mode 100644 index 81ada2bfcd..0000000000 --- a/inventory/host_vars/retrace03.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,150 +0,0 @@ ---- -datacenter: rdu-cc -# Clean-up packages of following EOLed operating systems -dns1: 8.8.8.8 -dns2: 8.8.4.4 -dns_search1: fedoraproject.org -eol_opsys: - - { opsys: Fedora, release: '38' } -# When not empty, the array should have the following form: -# - { opsys: "Fedora", release: "36" } -eth2_ipv4_ip: 8.43.85.61 -eth2_ipv4_gw: 8.43.85.254 -eth2_ipv4_nm: 23 -eth2_ipv6_ip: "2620:52:3:1:dead:beef:cafe:c005" -eth2_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -eth2_ipv6_nm: 64 -has_ipv6: yes - -# List of supported operating systems -faf_opsys_list: - - fedora - - centos -faf_repos: - # Fedora 42 repositories ------------------------------------------------ - - arch: src - name: fedora-42-source - opsys: Fedora 42 - url: - - http://dl01.fedoraproject.org/pub/fedora/linux/releases/42/Everything/source/tree/ - - http://dl01.fedoraproject.org/pub/fedora/linux/development/42/Everything/source/tree/ - - arch: x86_64 - name: fedora-42-x86_64 - opsys: Fedora 42 - url: - - http://dl01.fedoraproject.org/pub/fedora/linux/releases/42/Everything/x86_64/os/ - - http://dl01.fedoraproject.org/pub/fedora/linux/development/42/Everything/x86_64/os/ - - arch: x86_64 - name: fedora-42-x86_64-debug - opsys: Fedora 42 - url: - - http://dl01.fedoraproject.org/pub/fedora/linux/releases/42/Everything/x86_64/debug/tree/ - - http://dl01.fedoraproject.org/pub/fedora/linux/development/42/Everything/x86_64/debug/tree/ - - arch: x86_64 - name: fedora-42-x86_64-updates - opsys: Fedora 42 - url: - - http://dl01.fedoraproject.org/pub/fedora/linux/updates/42/Everything/x86_64/ - - arch: x86_64 - name: fedora-42-x86_64-updates-debug - opsys: Fedora 42 - url: - - http://dl01.fedoraproject.org/pub/fedora/linux/updates/42/Everything/x86_64/debug/ - - arch: x86_64 - name: fedora-42-x86_64-testing - opsys: Fedora 42 - url: - - http://dl01.fedoraproject.org/pub/fedora/linux/updates/testing/42/Everything/x86_64/ - - arch: x86_64 - name: fedora-42-x86_64-testing-debug - opsys: Fedora 42 - url: - - http://dl01.fedoraproject.org/pub/fedora/linux/updates/testing/42/Everything/x86_64/debug/ - # Fedora 41 repositories ------------------------------------------------ - - arch: src - name: fedora-41-source - opsys: Fedora 41 - url: - - http://dl01.fedoraproject.org/pub/fedora/linux/releases/41/Everything/source/tree/ - - http://dl01.fedoraproject.org/pub/fedora/linux/development/41/Everything/source/tree/ - - arch: x86_64 - name: fedora-41-x86_64 - opsys: Fedora 41 - url: - - http://dl01.fedoraproject.org/pub/fedora/linux/releases/41/Everything/x86_64/os/ - - http://dl01.fedoraproject.org/pub/fedora/linux/development/41/Everything/x86_64/os/ - - arch: x86_64 - name: fedora-41-x86_64-debug - opsys: Fedora 41 - url: - - http://dl01.fedoraproject.org/pub/fedora/linux/releases/41/Everything/x86_64/debug/tree/ - - http://dl01.fedoraproject.org/pub/fedora/linux/development/41/Everything/x86_64/debug/tree/ - - arch: x86_64 - name: fedora-41-x86_64-updates - opsys: Fedora 41 - url: - - http://dl01.fedoraproject.org/pub/fedora/linux/updates/41/Everything/x86_64/ - - arch: x86_64 - name: fedora-41-x86_64-updates-debug - opsys: Fedora 41 - url: - - http://dl01.fedoraproject.org/pub/fedora/linux/updates/41/Everything/x86_64/debug/ - - arch: x86_64 - name: fedora-41-x86_64-testing - opsys: Fedora 41 - url: - - http://dl01.fedoraproject.org/pub/fedora/linux/updates/testing/41/Everything/x86_64/ - - arch: x86_64 - name: fedora-41-x86_64-testing-debug - opsys: Fedora 41 - url: - - http://dl01.fedoraproject.org/pub/fedora/linux/updates/testing/41/Everything/x86_64/debug/ -faf_server_name: retrace.fedoraproject.org/faf -# consumed by roles/copr/certbot -has_ipv4: true -letsencrypt: - certificates: - retrace03.rdu-cc.fedoraproject.org: - challenge_dir: /var/www/html - domains: - - retrace03.rdu-cc.fedoraproject.org - - retrace.fedoraproject.org - mail: msuchy@redhat.com - predefined_deploy_script: httpd -mac0: f4:02:70:fa:79:84 -nagios_Check_Services: - dhcpd: false - httpd: false - named: false - nrpe: true - sshd: true - swap: false -network_connections: - - autoconnect: true - ip: - address: - - '{{ eth2_ipv4_ip }}/{{ eth2_ipv4_nm }}' - - '{{ eth2_ipv6_ip }}/{{ eth2_ipv6_nm }}' - dhcp4: false - dns: - - '{{ dns1 }}' - - '{{ dns2 }}' - dns_search: - - '{{ dns_search1 }}' - gateway4: '{{ eth2_ipv4_gw }}' - gateway6: '{{ eth2_ipv6_gw }}' - mac: '{{ mac0 }}' - name: eth2 - state: up - type: ethernet -public_hostname: retrace03.rdu-cc.fedoraproject.org -rs_internal_arch_list: -- source -- x86_64 -rs_internal_centos_vers: [7, 8] -rs_internal_fedora_vers: [41, 42, rawhide] -rs_internal_fedora_vers_removed: [30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40] -rs_use_faf_packages: true -sar_output_file: faf.json -sar_script: /usr/bin/faf sar -sar_script_user: faf diff --git a/inventory/host_vars/riscv-koji01.iad2.fedoraproject.org b/inventory/host_vars/riscv-koji01.iad2.fedoraproject.org deleted file mode 100644 index de61355f9b..0000000000 --- a/inventory/host_vars/riscv-koji01.iad2.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.172.254 -eth0_ipv4_ip: 10.3.172.21 -koji_instance: secondary -koji_server_url: "https://riscv-koji.fedoraproject.org/kojihub" -koji_topurl: "https://riscv-koji.fedoraproject.org/" -koji_weburl: "https://riscv-koji.fedoraproject.org/koji" -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -vmhost: bvmhost-x86-riscv01.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/s390-koji01.s390.fedoraproject.org b/inventory/host_vars/s390-koji01.s390.fedoraproject.org new file mode 100644 index 0000000000..628121476e --- /dev/null +++ b/inventory/host_vars/s390-koji01.s390.fedoraproject.org @@ -0,0 +1,32 @@ +--- +nm: 255.255.255.0 +gw: 10.5.129.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.129.180 +eth0_nm: 255.255.255.0 +vmhost: virthost-s390.s390.fedoraproject.org +datacenter: phx2 +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +fas_client_groups: sysadmin-releng,sysadmin-secondary +sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers" + +fedmsg_fqdn: s390-koji01.qa.fedoraproject.org + +# +# define this here because s390 koji only needs eth0, not eth1 also +# +virt_install_command: "{{ virt_install_command_one_nic }}" + +koji_topurl: "https://s390pkgs.fedoraproject.org/" +koji_server_url: "https://s390.koji.fedoraproject.org/kojihub" +koji_weburl: "https://s390.koji.fedoraproject.org/koji" + +fedmsg_koji_instance: s390 + +# Set this to use the qa domain resolv.conf to make sure it can talk to it's db +resolvconf: resolv.conf/qa diff --git a/inventory/host_vars/secondary-bridge01.phx2.fedoraproject.org b/inventory/host_vars/secondary-bridge01.phx2.fedoraproject.org new file mode 100644 index 0000000000..647916c807 --- /dev/null +++ b/inventory/host_vars/secondary-bridge01.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nm: 255.255.255.0 +gw: 10.5.129.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/VirtGuests +vmhost: virthost-comm03.qa.fedoraproject.org +datacenter: phx2 + +eth0_ip: 10.5.129.248 +eth0_nm: 255.255.255.0 diff --git a/inventory/host_vars/secondary-vault01.phx2.fedoraproject.org b/inventory/host_vars/secondary-vault01.phx2.fedoraproject.org new file mode 100644 index 0000000000..801d99e7a4 --- /dev/null +++ b/inventory/host_vars/secondary-vault01.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nm: 255.255.255.0 +gw: 10.5.129.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +vmhost: virthost-comm04.qa.fedoraproject.org +datacenter: phx2 + +eth0_ip: 10.5.129.249 +eth0_nm: 255.255.255.0 diff --git a/inventory/host_vars/secondary01.iad2.fedoraproject.org b/inventory/host_vars/secondary01.iad2.fedoraproject.org deleted file mode 100644 index e16ab6b445..0000000000 --- a/inventory/host_vars/secondary01.iad2.fedoraproject.org +++ /dev/null @@ -1,16 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.86 -# -# This host is externally reachable -# -external: true -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -lvm_size: 40000 -mem_size: 10240 -num_cpus: 4 -public_hostname: secondary01.fedoraproject.org -vmhost: vmhost-x86-03.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/secondary01.phx2.fedoraproject.org b/inventory/host_vars/secondary01.phx2.fedoraproject.org new file mode 100644 index 0000000000..16a7a56051 --- /dev/null +++ b/inventory/host_vars/secondary01.phx2.fedoraproject.org @@ -0,0 +1,21 @@ +--- +lvm_size: 40000 +mem_size: 10240 +num_cpus: 4 + +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.27 +eth1_ip: 10.5.127.66 + +vmhost: virthost02.phx2.fedoraproject.org +datacenter: phx2 + +# We define this here to override the global one because we need eth1 +virt_install_command: "{{ virt_install_command_two_nic }}" diff --git a/inventory/host_vars/shumgrepper-dev.fedorainfracloud.org b/inventory/host_vars/shumgrepper-dev.fedorainfracloud.org new file mode 100644 index 0000000000..c9cfeb281d --- /dev/null +++ b/inventory/host_vars/shumgrepper-dev.fedorainfracloud.org @@ -0,0 +1,18 @@ +--- +image: rhel7-20141015 +instance_type: m1.medium +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,default,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: shumgrepper-dev +hostbase: shumgrepper-dev +public_ip: 209.132.184.66 +root_auth_users: pingou +description: shumgrepper development instance + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" diff --git a/inventory/host_vars/sign-bridge01.iad2.fedoraproject.org b/inventory/host_vars/sign-bridge01.iad2.fedoraproject.org deleted file mode 100644 index 43cb311dc7..0000000000 --- a/inventory/host_vars/sign-bridge01.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.120 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: bvmhost-x86-03.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/sign-bridge01.phx2.fedoraproject.org b/inventory/host_vars/sign-bridge01.phx2.fedoraproject.org new file mode 100644 index 0000000000..a43311f567 --- /dev/null +++ b/inventory/host_vars/sign-bridge01.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_bvirthost06 +vmhost: bvirthost06.phx2.fedoraproject.org +datacenter: phx2 + +eth0_ip: 10.5.125.71 diff --git a/inventory/host_vars/sign-bridge01.stg.iad2.fedoraproject.org b/inventory/host_vars/sign-bridge01.stg.iad2.fedoraproject.org deleted file mode 100644 index 8c102826fb..0000000000 --- a/inventory/host_vars/sign-bridge01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.167.254 -eth0_ipv4_ip: 10.3.167.27 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: bvmhost-x86-05.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/sign-bridge01.stg.phx2.fedoraproject.org b/inventory/host_vars/sign-bridge01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..31921bc805 --- /dev/null +++ b/inventory/host_vars/sign-bridge01.stg.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +vmhost: virthost20.phx2.fedoraproject.org +datacenter: phx2 + +eth0_ip: 10.5.128.179 diff --git a/inventory/host_vars/sign-vault01.iad2.fedoraproject.org b/inventory/host_vars/sign-vault01.iad2.fedoraproject.org deleted file mode 100644 index 8550e75b53..0000000000 --- a/inventory/host_vars/sign-vault01.iad2.fedoraproject.org +++ /dev/null @@ -1,6 +0,0 @@ ---- -br0_dev: eno1 -br0_gw: 10.3.169.254 -br0_ip: 10.3.169.26 -br0_nm: 255.255.255.0 -dns: 10.3.163.33 diff --git a/inventory/host_vars/sign-vault01.stg.iad2.fedoraproject.org b/inventory/host_vars/sign-vault01.stg.iad2.fedoraproject.org deleted file mode 100644 index b5b11aac60..0000000000 --- a/inventory/host_vars/sign-vault01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,9 +0,0 @@ ---- -datacenter: staging -eth0_ipv4_gw: 10.3.167.254 -eth0_ipv4_ip: 10.3.167.28 -external: false -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: bvmhost-x86-05.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/sign-vault01.stg.phx2.fedoraproject.org b/inventory/host_vars/sign-vault01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..e729f68486 --- /dev/null +++ b/inventory/host_vars/sign-vault01.stg.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +vmhost: virthost20.phx2.fedoraproject.org +datacenter: phx2 + +eth0_ip: 10.5.128.180 diff --git a/inventory/host_vars/sign-vault02.iad2.fedoraproject.org b/inventory/host_vars/sign-vault02.iad2.fedoraproject.org deleted file mode 100644 index cbd43666a4..0000000000 --- a/inventory/host_vars/sign-vault02.iad2.fedoraproject.org +++ /dev/null @@ -1,31 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth1_ipv4_ip: 10.3.169.27 -eth1_ipv4_gw: 10.3.169.254 -eth1_ipv4_nm: 24 -eth1_mac: "{{ mac0 }}" -external: false -has_ipv4: yes -mac0: B4:45:06:FB:8B:3E -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth1_ipv4_ip }}/{{ eth1_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth1_ipv4_gw }}" - mac: "{{ eth1_mac }}" - name: eth1 - state: up - type: ethernet -resolvconf: "resolv.conf/iad2" diff --git a/inventory/host_vars/smtp-auth-cc-rdu01.fedoraproject.org b/inventory/host_vars/smtp-auth-cc-rdu01.fedoraproject.org deleted file mode 100644 index 4212e5ca02..0000000000 --- a/inventory/host_vars/smtp-auth-cc-rdu01.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ ---- -datacenter: rdu-cc -dns1: 1.1.1.1 -dns2: 1.0.0.1 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -eth0_ipv4_gw: 8.43.85.254 -eth0_ipv4_ip: 8.43.85.71 -eth0_nm: 255.255.255.0 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -vmhost: vmhost-x86-cc01.rdu-cc.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/smtp-mm-cc-rdu01.fedoraproject.org b/inventory/host_vars/smtp-mm-cc-rdu01.fedoraproject.org deleted file mode 100644 index 42e1cdeee9..0000000000 --- a/inventory/host_vars/smtp-mm-cc-rdu01.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ ---- -datacenter: rdu-cc -dns1: 8.8.8.8 -dns2: 8.8.4.4 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -eth0_ipv4_gw: 8.43.85.254 -eth0_ipv4_ip: 8.43.85.70 -eth0_nm: 255.255.255.0 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-cc03.rdu-cc.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/smtp-mm-coloamer01.fedoraproject.org b/inventory/host_vars/smtp-mm-coloamer01.fedoraproject.org new file mode 100644 index 0000000000..19471583b1 --- /dev/null +++ b/inventory/host_vars/smtp-mm-coloamer01.fedoraproject.org @@ -0,0 +1,11 @@ +--- +nm: 255.255.255.248 +gw: 67.203.2.65 +dns: 66.152.162.14 +ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext +ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_coloamer01 +eth0_ip: 67.203.2.69 +eth0_nm: 255.255.255.240 +vmhost: coloamer01.fedoraproject.org +datacenter: coloamer diff --git a/inventory/host_vars/smtp-mm-ib01.fedoraproject.org b/inventory/host_vars/smtp-mm-ib01.fedoraproject.org index 26b5ed4c3a..145a9ab6ef 100644 --- a/inventory/host_vars/smtp-mm-ib01.fedoraproject.org +++ b/inventory/host_vars/smtp-mm-ib01.fedoraproject.org @@ -1,36 +1,15 @@ --- -datacenter: ibiblio -dns1: 152.2.21.1 -dns2: 152.2.253.100 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -eth0_ipv4_ip: 152.19.134.143 -eth0_ipv4_gw: 152.19.134.129 -eth0_ipv4_nm: 25 -eth0_ipv6_ip: "2600:2701:4000:5211:dead:beef:0058:5c17" -eth0_ipv6_gw: "2600:2701:4000:5211::1" -eth0_ipv6_nm: 104 -has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - - 2001:4860:4860::8888 - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet -vmhost: ibiblio02.fedoraproject.org +nm: 255.255.255.128 +gw: 152.19.134.129 +dns: 152.2.21.1 152.2.253.100 volgroup: /dev/vg_guests +eth0_ip: 152.19.134.143 +eth0_nm: 255.255.255.128 +has_ipv6: yes +eth0_ipv6: "2610:28:3090:3001:5054:ff:fe58:5c17" +eth0_ipv6_gw: "2610:28:3090:3001::1" + +vmhost: ibiblio05.fedoraproject.org +datacenter: ibiblio +ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext +ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/ diff --git a/inventory/host_vars/smtp-mm-osuosl01.fedoraproject.org b/inventory/host_vars/smtp-mm-osuosl01.fedoraproject.org index d80cbb639d..67067e4d3b 100644 --- a/inventory/host_vars/smtp-mm-osuosl01.fedoraproject.org +++ b/inventory/host_vars/smtp-mm-osuosl01.fedoraproject.org @@ -1,37 +1,16 @@ --- -datacenter: osuosl -dns1: 8.8.8.8 -dns: "{{ dns1 }}" -dns2: 8.8.4.4 -eth0_ipv4_gw: 140.211.169.193 -eth0_ipv4_ip: 140.211.169.205 -eth0_ipv4_nm: 25 -eth0_ipv6_ip: "2605:bc80:3010:600:dead:beef:cafe:fedb" -eth0_ipv6_gw: "2605:bc80:3010:600::1" -eth0_ipv6_nm: 64 -has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -mem_size: 4096 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - - 2001:4860:4860::8888 - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet -vmhost: osuosl02.fedoraproject.org +nm: 255.255.255.192 +gw: 140.211.169.193 +dns: 8.8.8.8 +ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext +ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/ volgroup: /dev/vg_guests +eth0_ip: 140.211.169.205 +eth0_nm: 255.255.255.128 +has_ipv6: yes +eth0_ipv6: "2605:bc80:3010:600:dead:beef:cafe:fedb" +eth0_ipv6_gw: "2605:bc80:3010:600::1" + +vmhost: osuosl02.fedoraproject.org +datacenter: osuosl vpn: true diff --git a/inventory/host_vars/smtp-mm-tummy01.fedoraproject.org b/inventory/host_vars/smtp-mm-tummy01.fedoraproject.org new file mode 100644 index 0000000000..2d3ab452ac --- /dev/null +++ b/inventory/host_vars/smtp-mm-tummy01.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.240 +gw: 66.35.62.174 +dns: 198.49.126.1 66.35.36.133 +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_host +eth0_ip: 66.35.62.164 +eth0_nm: 255.255.255.248 +vmhost: tummy01.fedoraproject.org +datacenter: tummy +vpn: true diff --git a/inventory/host_vars/statscache-backend01.phx2.fedoraproject.org b/inventory/host_vars/statscache-backend01.phx2.fedoraproject.org new file mode 100644 index 0000000000..59e97fb614 --- /dev/null +++ b/inventory/host_vars/statscache-backend01.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.126.81 + +volgroup: /dev/vg_guests +vmhost: virthost21.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/statscache-backend01.stg.phx2.fedoraproject.org b/inventory/host_vars/statscache-backend01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..040362555f --- /dev/null +++ b/inventory/host_vars/statscache-backend01.stg.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.128.181 + +volgroup: /dev/vg_virthost16 +vmhost: virthost16.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/statscache-web01.phx2.fedoraproject.org b/inventory/host_vars/statscache-web01.phx2.fedoraproject.org new file mode 100644 index 0000000000..0e44cce8a9 --- /dev/null +++ b/inventory/host_vars/statscache-web01.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.126.31 + +volgroup: /dev/vg_guests +vmhost: virthost02.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/statscache-web01.stg.phx2.fedoraproject.org b/inventory/host_vars/statscache-web01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..aaca2fa1ec --- /dev/null +++ b/inventory/host_vars/statscache-web01.stg.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.128.182 + +volgroup: /dev/vg_virthost16 +vmhost: virthost16.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/statscache-web02.phx2.fedoraproject.org b/inventory/host_vars/statscache-web02.phx2.fedoraproject.org new file mode 100644 index 0000000000..a936331e51 --- /dev/null +++ b/inventory/host_vars/statscache-web02.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.126.32 + +volgroup: /dev/vg_guests +vmhost: virthost19.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/statscache-web02.stg.phx2.fedoraproject.org b/inventory/host_vars/statscache-web02.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..0cf5b35d86 --- /dev/null +++ b/inventory/host_vars/statscache-web02.stg.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.128.183 + +volgroup: /dev/vg_guests +vmhost: virthost20.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/storinator01.rdu-cc.fedoraproject.org b/inventory/host_vars/storinator01.rdu-cc.fedoraproject.org deleted file mode 100644 index 670814005c..0000000000 --- a/inventory/host_vars/storinator01.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,44 +0,0 @@ ---- -# this box is not currently mission critical -datacenter: rdu-cc -dns1: 8.8.8.8 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -eth0_ipv4: 8.43.85.62 -eth0_ipv4_gw: 8.43.85.254 -eth0_ipv4_nm: 23 -eth2_ipv4: 172.23.5.25 -eth2_ipv4_nm: 24 -freezes: false -has_ipv4: true -has_ipv6: false -mac0: ac:1f:6b:b0:6a:12 -mac1: ac:1f:6b:ac:67:ec -network_connections: - - autoconnect: true - ip: - address: - - '{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}' - dhcp4: false - dns: - - '{{ dns1 }}' - dns_search: - - '{{ dns_search1 }}' - - '{{ dns_search2 }}' - gateway4: '{{ eth0_ipv4_gw }}' - mac: '{{ mac0 }}' - name: eth0 - state: up - type: ethernet - - autoconnect: false - mac: '{{ mac1 }}' - name: eth2 - type: ethernet -# this box mounts a large share from the netapp to store combined http -# logs from the proxies. -nfs_mount_opts: rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -tcp_ports_eth2: [111, 2049] -udp_ports_eth2: [111, 2049] -vpn: true diff --git a/inventory/host_vars/summershum01.phx2.fedoraproject.org b/inventory/host_vars/summershum01.phx2.fedoraproject.org new file mode 100644 index 0000000000..b416dc8fc8 --- /dev/null +++ b/inventory/host_vars/summershum01.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.126.205 + +volgroup: /dev/vg_virthost01 +vmhost: virthost01.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/summershum01.stg.phx2.fedoraproject.org b/inventory/host_vars/summershum01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..379171bf5e --- /dev/null +++ b/inventory/host_vars/summershum01.stg.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.128.184 + +volgroup: /dev/vg_guests +vmhost: virthost20.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/sundries01.iad2.fedoraproject.org b/inventory/host_vars/sundries01.iad2.fedoraproject.org deleted file mode 100644 index 9b5bb47261..0000000000 --- a/inventory/host_vars/sundries01.iad2.fedoraproject.org +++ /dev/null @@ -1,12 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.81 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# This overrides a group var and lets the playbook know that we should -# install special cron jobs here. -master_sundries_node: True -virt_install_command: "{{ virt_install_command_one_nic }}" -vmhost: vmhost-x86-03.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/sundries01.phx2.fedoraproject.org b/inventory/host_vars/sundries01.phx2.fedoraproject.org new file mode 100644 index 0000000000..73726007ae --- /dev/null +++ b/inventory/host_vars/sundries01.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost03 +eth0_ip: 10.5.126.38 +vmhost: virthost03.phx2.fedoraproject.org +datacenter: phx2 + +# This overrides a group var and lets the playbook know that we should +# install special cron jobs here. +master_sundries_node: True diff --git a/inventory/host_vars/sundries01.stg.iad2.fedoraproject.org b/inventory/host_vars/sundries01.stg.iad2.fedoraproject.org deleted file mode 100644 index ba52bead66..0000000000 --- a/inventory/host_vars/sundries01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,12 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.33 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# This overrides a group var and lets the playbook know that we should -# install special cron jobs here. -master_sundries_node: True -mirrorlist_procs: 45 -vmhost: vmhost-x86-02.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/sundries01.stg.phx2.fedoraproject.org b/inventory/host_vars/sundries01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..50f8f331b8 --- /dev/null +++ b/inventory/host_vars/sundries01.stg.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.185 +vmhost: virthost11.phx2.fedoraproject.org +datacenter: phx2 +# This overrides a group var and lets the playbook know that we should +# install special cron jobs here. +master_sundries_node: True +mirrorlist_procs: 45 diff --git a/inventory/host_vars/sundries02.iad2.fedoraproject.org b/inventory/host_vars/sundries02.iad2.fedoraproject.org deleted file mode 100644 index eee3d68034..0000000000 --- a/inventory/host_vars/sundries02.iad2.fedoraproject.org +++ /dev/null @@ -1,12 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.101 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# This overrides a group var and lets the playbook know that we should -# install special cron jobs here. -master_sundries_node: True -virt_install_command: "{{ virt_install_command_one_nic }}" -vmhost: vmhost-x86-05.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/sundries02.phx2.fedoraproject.org b/inventory/host_vars/sundries02.phx2.fedoraproject.org new file mode 100644 index 0000000000..cffba3fcc9 --- /dev/null +++ b/inventory/host_vars/sundries02.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost01 +eth0_ip: 10.5.126.40 +vmhost: virthost01.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/sundries02.stg.iad2.fedoraproject.org b/inventory/host_vars/sundries02.stg.iad2.fedoraproject.org deleted file mode 100644 index cff4d799ac..0000000000 --- a/inventory/host_vars/sundries02.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,12 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.71 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# This overrides a group var and lets the playbook know that we should -# install special cron jobs here. -master_sundries_node: True -mirrorlist_procs: 45 -vmhost: vmhost-x86-02.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/tagger01.phx2.fedoraproject.org b/inventory/host_vars/tagger01.phx2.fedoraproject.org new file mode 100644 index 0000000000..ec76ad1d38 --- /dev/null +++ b/inventory/host_vars/tagger01.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +install_tagger_cron: true + +volgroup: /dev/vg_virthost01 +vmhost: virthost01.phx2.fedoraproject.org +eth0_ip: 10.5.126.212 +datacenter: phx2 diff --git a/inventory/host_vars/tagger01.stg.phx2.fedoraproject.org b/inventory/host_vars/tagger01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..b5b0d311be --- /dev/null +++ b/inventory/host_vars/tagger01.stg.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +install_tagger_cron: true + +volgroup: /dev/vg_virthost16 +eth0_ip: 10.5.128.186 +vmhost: virthost16.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/tagger02.phx2.fedoraproject.org b/inventory/host_vars/tagger02.phx2.fedoraproject.org new file mode 100644 index 0000000000..7b39324bd0 --- /dev/null +++ b/inventory/host_vars/tagger02.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +install_tagger_cron: false + +volgroup: /dev/vg_virthost03 +vmhost: virthost03.phx2.fedoraproject.org +eth0_ip: 10.5.126.214 +datacenter: phx2 diff --git a/inventory/host_vars/taiga.fedorainfracloud.org b/inventory/host_vars/taiga.fedorainfracloud.org new file mode 100644 index 0000000000..9f44522138 --- /dev/null +++ b/inventory/host_vars/taiga.fedorainfracloud.org @@ -0,0 +1,26 @@ +--- +image: "{{ fedora25_x86_64 }}" +instance_type: m1.medium +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,web-443-anywhere-persistent,web-80-anywhere-persistent,default,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: taiga +hostbase: taiga +public_ip: 209.132.184.50 +root_auth_users: ralph maxamillion kellin +description: taiga frontend server + +db_backup_dir: ['/backups'] +dbs_to_backup: ['taiga'] + +volumes: + - volume_id: 8878d26e-a296-4c81-b636-3eb4dca15ed0 + device: /dev/vdc + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + diff --git a/inventory/host_vars/taigastg.fedorainfracloud.org b/inventory/host_vars/taigastg.fedorainfracloud.org new file mode 100644 index 0000000000..c47a923d12 --- /dev/null +++ b/inventory/host_vars/taigastg.fedorainfracloud.org @@ -0,0 +1,23 @@ +--- +image: "{{ fedora23_x86_64 }}" +instance_type: m1.small +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,web-443-anywhere-persistent,web-80-anywhere-persistent,default,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: taigastg +hostbase: taigastg +public_ip: 209.132.184.232 +root_auth_users: ralph maxamillion doteast kellin +description: stg instance of the taiga frontend server + +volumes: + - volume_id: 5babf722-0046-4535-a6e5-398f9c67b844 + device: /dev/vdc + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + diff --git a/inventory/host_vars/tang01.iad2.fedoraproject.org b/inventory/host_vars/tang01.iad2.fedoraproject.org deleted file mode 100644 index 01423a5caa..0000000000 --- a/inventory/host_vars/tang01.iad2.fedoraproject.org +++ /dev/null @@ -1,12 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.37 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# Define resources for this group of hosts here. -lvm_size: 20000 -mem_size: 4096 -num_cpus: 2 -vmhost: vmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/tang01.rdu3.fedoraproject.org b/inventory/host_vars/tang01.rdu3.fedoraproject.org deleted file mode 100644 index d340773f8c..0000000000 --- a/inventory/host_vars/tang01.rdu3.fedoraproject.org +++ /dev/null @@ -1,17 +0,0 @@ ---- -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "fedoraproject.org" -dns_search3: "iad2.fedoraproject.org" -eth0_ipv4_gw: 10.16.163.254 -eth0_ipv4_ip: 10.16.163.37 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# Define resources for this group of hosts here. -lvm_size: 20000 -mem_size: 4096 -num_cpus: 2 -vmhost: vmhost-x86-01.rdu3.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/tang02.iad2.fedoraproject.org b/inventory/host_vars/tang02.iad2.fedoraproject.org deleted file mode 100644 index 6d1d7a431d..0000000000 --- a/inventory/host_vars/tang02.iad2.fedoraproject.org +++ /dev/null @@ -1,12 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.38 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# Define resources for this group of hosts here. -lvm_size: 20000 -mem_size: 4096 -num_cpus: 2 -vmhost: vmhost-x86-03.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/taskotron-dev01.qa.fedoraproject.org b/inventory/host_vars/taskotron-dev01.qa.fedoraproject.org new file mode 100644 index 0000000000..5634344030 --- /dev/null +++ b/inventory/host_vars/taskotron-dev01.qa.fedoraproject.org @@ -0,0 +1,73 @@ +--- +############################################################ +# networking +############################################################ + +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +eth0_ip: 10.5.124.181 + +############################################################ +# install +############################################################ + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25-taskotron-master +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ +volgroup: /dev/vg_guests +vmhost: virthost-comm04.qa.fedoraproject.org +datacenter: phx2 + +fas_client_groups: sysadmin-qa,sysadmin-main,sysadmin-noc,fi-apprentice,sysadmin-veteran + +############################################################ +# virtual machine +############################################################ + +lvm_size: 60000 +mem_size: 4096 +num_cpus: 4 + +nrpe_procs_warn: 250 +nrpe_procs_crit: 300 + +############################################################ +# taskotron master +############################################################ + +public_hostname: taskotron-dev.fedoraproject.org +buildmaster: 10.5.124.181 + +buildslaves: + - qa11-1 + - qa11-2 + - qa11-3 + - qa11-4 + - qa11-5 + - qa11-6 + - qa11-7 + - qa11-8 + - qa11-9 + - qa11-10 + - qa11-11 + - qa11-12 + - qa11-13 + - qa11-14 + - qa11-15 +i386_buildslaves: + - qa11-4 +x86_64_buildslaves: + - qa11-1 + - qa11-2 + - qa11-3 + - qa11-5 + - qa11-6 + - qa11-7 + - qa11-8 + - qa11-9 + - qa11-10 + - qa11-11 + - qa11-12 + - qa11-13 + - qa11-14 + - qa11-15 diff --git a/inventory/host_vars/taskotron-stg01.qa.fedoraproject.org b/inventory/host_vars/taskotron-stg01.qa.fedoraproject.org new file mode 100644 index 0000000000..21806ce67a --- /dev/null +++ b/inventory/host_vars/taskotron-stg01.qa.fedoraproject.org @@ -0,0 +1,74 @@ +--- +############################################################ +# networking +############################################################ + +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +eth0_ip: 10.5.124.232 + +############################################################ +# install +############################################################ + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25-taskotron-master +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ +volgroup: /dev/vg_guests +vmhost: virthost-comm04.qa.fedoraproject.org +datacenter: phx2 + +fas_client_groups: sysadmin-qa,sysadmin-main + + +############################################################ +# virtual machine +############################################################ + +lvm_size: 40000 +mem_size: 4096 +num_cpus: 4 + +nrpe_procs_warn: 250 +nrpe_procs_crit: 300 + +############################################################ +# taskotron master +############################################################ + +public_hostname: taskotron.stg.fedoraproject.org +buildmaster: 10.5.124.232 + +buildslaves: + - qa10.qa-1 + - qa10.qa-2 + - qa10.qa-3 + - qa10.qa-4 + - qa10.qa-5 + - qa10.qa-6 + - qa10.qa-7 + - qa10.qa-8 + - qa10.qa-9 + - qa10.qa-10 + - qa10.qa-11 + - qa10.qa-12 + - qa10.qa-13 + - qa10.qa-14 + - qa10.qa-15 +i386_buildslaves: + - qa10.qa-10 +x86_64_buildslaves: + - qa10.qa-1 + - qa10.qa-2 + - qa10.qa-3 + - qa10.qa-4 + - qa10.qa-5 + - qa10.qa-6 + - qa10.qa-7 + - qa10.qa-8 + - qa10.qa-9 + - qa10.qa-11 + - qa10.qa-12 + - qa10.qa-13 + - qa10.qa-14 + - qa10.qa-15 diff --git a/inventory/host_vars/taskotron01.qa.fedoraproject.org b/inventory/host_vars/taskotron01.qa.fedoraproject.org new file mode 100644 index 0000000000..433bcd8dac --- /dev/null +++ b/inventory/host_vars/taskotron01.qa.fedoraproject.org @@ -0,0 +1,108 @@ +--- +############################################################ +# general +############################################################ + +datacenter: phx2 +fas_client_groups: sysadmin-qa,sysadmin-main + +############################################################ +# networking +############################################################ + +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +eth0_ip: 10.5.124.206 + +############################################################ +# install +############################################################ + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25-taskotron-master +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" +vmhost: virthost-comm03.qa.fedoraproject.org +volgroup: /dev/VirtGuests + +############################################################ +# virtual machine +############################################################ + +lvm_size: 60000 +mem_size: 4096 +num_cpus: 4 + +nrpe_procs_warn: 250 +nrpe_procs_crit: 300 + +############################################################ +# taskotron master +############################################################ + +public_hostname: taskotron.fedoraproject.org +buildmaster: 10.5.124.206 + +buildslaves: + - qa12.qa-1 + - qa12.qa-2 + - qa12.qa-3 + - qa12.qa-4 + - qa12.qa-5 + - qa12.qa-6 + - qa12.qa-7 + - qa12.qa-8 + - qa12.qa-9 + - qa12.qa-10 + - qa12.qa-11 + - qa12.qa-12 + - qa12.qa-13 + - qa12.qa-14 + - qa12.qa-15 + - qa13.qa-1 + - qa13.qa-2 + - qa13.qa-3 + - qa13.qa-4 + - qa13.qa-5 + - qa13.qa-6 + - qa13.qa-7 + - qa13.qa-8 + - qa13.qa-9 + - qa13.qa-10 + - qa13.qa-11 + - qa13.qa-12 + - qa13.qa-13 + - qa13.qa-14 + - qa13.qa-15 +i386_buildslaves: + - qa13.qa-10 +x86_64_buildslaves: + - qa12.qa-1 + - qa12.qa-2 + - qa12.qa-3 + - qa12.qa-4 + - qa12.qa-5 + - qa12.qa-6 + - qa12.qa-7 + - qa12.qa-8 + - qa12.qa-9 + - qa12.qa-10 + - qa12.qa-11 + - qa12.qa-12 + - qa12.qa-13 + - qa12.qa-14 + - qa12.qa-15 + - qa13.qa-1 + - qa13.qa-2 + - qa13.qa-3 + - qa13.qa-4 + - qa13.qa-5 + - qa13.qa-6 + - qa13.qa-7 + - qa13.qa-8 + - qa13.qa-9 + - qa13.qa-11 + - qa13.qa-12 + - qa13.qa-13 + - qa13.qa-14 + - qa13.qa-15 diff --git a/inventory/host_vars/testdays.fedorainfracloud.org b/inventory/host_vars/testdays.fedorainfracloud.org new file mode 100644 index 0000000000..e9bb3d548b --- /dev/null +++ b/inventory/host_vars/testdays.fedorainfracloud.org @@ -0,0 +1,78 @@ +--- +image: 'rhel7-20141015' +instance_type: m1.small +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,web-443-anywhere-persistent,default,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: testdays +hostbase: testdays +public_ip: 209.132.184.107 +root_auth_users: tflink jskladan +description: fedora testdays instance + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + +freezes: false + +############################################################ +# postgresql_server +############################################################ + +shared_buffers: "32MB" +effective_cache_size: "256MB" + +db_backup_dir: ['/backups'] +dbs_to_backup: +- testdays +- resultsdb + + +############################################################ +# standard qa-app-style settings +############################################################ + +external_hostname: testdays.fedorainfracloud.org +deployment_type: 'local' + + +############################################################ +# resultsdb +############################################################ + +resultsdb_db_host_machine: "{{ public_ip }}" +resultsdb_db_host: 127.0.0.1 +resultsdb_db_port: 5432 +resultsdb_endpoint: 'resultsdb_api' +resultsdb_db_name: resultsdb_testdays + +resultsdb_db_user: "{{ testdays_testdays_db_user }}" +resultsdb_db_password: "{{ testdays_testdays_db_password }}" +resultsdb_secret_key: "{{ testdays_resultsdb_secretkey }}" + +allowed_hosts: + - 127.0.0.1 + +############################################################ +# resultsdb_frontend +############################################################ + +resultsdb_frontend_secret_key: "{{ testdays_resultsdb_frontend_secretkey }}" +resultsdb_fe_endpoint: "resultsdb" + +############################################################ +# testdays +############################################################ + +testdays_db_host: "{{ public_ip }}" +testdays_db_port: 5432 +testdays_endpoint: '' +testdays_db_name: testdays + +testdays_db_user: "{{ testdays_testdays_db_user }}" +testdays_db_password: "{{ testdays_testdays_db_password }}" +testdays_secret_key: "{{ testdays_testdays_secretkey }}" diff --git a/inventory/host_vars/torrent01.fedoraproject.org b/inventory/host_vars/torrent01.fedoraproject.org deleted file mode 100644 index a595bdf0d8..0000000000 --- a/inventory/host_vars/torrent01.fedoraproject.org +++ /dev/null @@ -1,50 +0,0 @@ ---- -csi_relationship: | - torrent01 is the master torrent server for Fedora releases - - * This host relies on: - - the virthost it's hosted on (ibiblio02.fedoraproject.org) - - FAS to authenticate users - - VPN connectivity - - * Things that rely on this host: - - if this host is down, Fedora will lose a release distribution channel -datacenter: ibiblio -dns1: 152.2.21.1 -dns2: 152.2.253.100 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -eth0_ipv4_ip: 152.19.134.141 -eth0_ipv4_gw: 152.19.134.129 -eth0_ipv4_nm: 25 -eth0_ipv6_ip: "2600:2701:4000:5211:dead:beef:00fe:fed5" -eth0_ipv6_gw: "2600:2701:4000:5211::1" -eth0_ipv6_nm: 104 -has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - - 2001:4860:4860::8888 - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet -postfix_group: vpn -ssh_hostnames: - - torrent.fedoraproject.org -vmhost: ibiblio02.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/torrent02.fedoraproject.org b/inventory/host_vars/torrent02.fedoraproject.org new file mode 100644 index 0000000000..c8d8bd28d7 --- /dev/null +++ b/inventory/host_vars/torrent02.fedoraproject.org @@ -0,0 +1,31 @@ +--- +nm: 255.255.255.128 +gw: 152.19.134.129 +dns: 8.8.8.8 + +volgroup: /dev/vg_guests + +eth0_ip: 152.19.134.148 +eth0_nm: 255.255.255.128 +has_ipv6: yes +eth0_ipv6: "2610:28:3090:3001:dead:beef:cafe:fed7" +eth0_ipv6_gw: "2610:28:3090:3001::1" + +ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext +ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/ + +postfix_group: vpn +vpn: true + +vmhost: ibiblio05.fedoraproject.org +datacenter: ibiblio +csi_relationship: | + torrent02 is the master torrent server for Fedora releases + + * This host relies on: + - the virthost it's hosted on (ibiblio05.fedoraproject.org) + - FAS to authenticate users + - VPN connectivity + + * Things that rely on this host: + - if this host is down, Fedora will lose a release distribution channel diff --git a/inventory/host_vars/tummy01.fedoraproject.org b/inventory/host_vars/tummy01.fedoraproject.org new file mode 100644 index 0000000000..9e1d116ea6 --- /dev/null +++ b/inventory/host_vars/tummy01.fedoraproject.org @@ -0,0 +1,11 @@ +--- +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 +datacenter: tummy +nm: 255.255.255.240 +gw: 66.35.62.174 +dns: 198.49.126.1 +postfix_group: vpn +br0_ip: 66.35.62.161 +br0_nm: 255.255.255.248 +vpn: true diff --git a/inventory/host_vars/twisted-fedora24-1.fedorainfracloud.org b/inventory/host_vars/twisted-fedora24-1.fedorainfracloud.org new file mode 100644 index 0000000000..18ea1b8c44 --- /dev/null +++ b/inventory/host_vars/twisted-fedora24-1.fedorainfracloud.org @@ -0,0 +1,17 @@ +--- +image: "{{ fedora24_x86_64 }}" +instance_type: m1.medium +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-pythonbots,all-icmp-pythonbots,default +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: pythonbots +inventory_instance_name: twisted-fedora24-1 +hostbase: twisted-fedora24-1 +public_ip: 209.132.184.135 +description: twisted buildbot for fedora 24 + +cloud_networks: + # pythonbots-net + - net-id: "36ca66de-001d-4807-a688-58c363d84d68" diff --git a/inventory/host_vars/twisted-fedora24-2.fedorainfracloud.org b/inventory/host_vars/twisted-fedora24-2.fedorainfracloud.org new file mode 100644 index 0000000000..4f90920958 --- /dev/null +++ b/inventory/host_vars/twisted-fedora24-2.fedorainfracloud.org @@ -0,0 +1,17 @@ +--- +image: "{{ fedora24_x86_64 }}" +instance_type: m1.medium +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-pythonbots,all-icmp-pythonbots,default +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: pythonbots +inventory_instance_name: twisted-fedora24-2 +hostbase: twisted-fedora24-2 +public_ip: 209.132.184.136 +description: twisted buildbot for fedora 24 + +cloud_networks: + # pythonbots-net + - net-id: "36ca66de-001d-4807-a688-58c363d84d68" diff --git a/inventory/host_vars/twisted-fedora25-1.fedorainfracloud.org b/inventory/host_vars/twisted-fedora25-1.fedorainfracloud.org new file mode 100644 index 0000000000..aa1c3e702f --- /dev/null +++ b/inventory/host_vars/twisted-fedora25-1.fedorainfracloud.org @@ -0,0 +1,17 @@ +--- +image: "{{ fedora25_x86_64 }}" +instance_type: m1.medium +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-pythonbots,all-icmp-pythonbots,default +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: pythonbots +inventory_instance_name: twisted-fedora25-1 +hostbase: twisted-fedora25-1 +public_ip: 209.132.184.183 +description: twisted buildbot for fedora 25 + +cloud_networks: + # pythonbots-net + - net-id: "36ca66de-001d-4807-a688-58c363d84d68" diff --git a/inventory/host_vars/twisted-fedora25-2.fedorainfracloud.org b/inventory/host_vars/twisted-fedora25-2.fedorainfracloud.org new file mode 100644 index 0000000000..0ed8b38324 --- /dev/null +++ b/inventory/host_vars/twisted-fedora25-2.fedorainfracloud.org @@ -0,0 +1,17 @@ +--- +image: "{{ fedora25_x86_64 }}" +instance_type: m1.medium +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-pythonbots,all-icmp-pythonbots,default +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: pythonbots +inventory_instance_name: twisted-fedora25-2 +hostbase: twisted-fedora25-2 +public_ip: 209.132.184.184 +description: twisted buildbot for fedora 25 + +cloud_networks: + # pythonbots-net + - net-id: "36ca66de-001d-4807-a688-58c363d84d68" diff --git a/inventory/host_vars/twisted-fedora26-1.fedorainfracloud.org b/inventory/host_vars/twisted-fedora26-1.fedorainfracloud.org new file mode 100644 index 0000000000..bf494caca8 --- /dev/null +++ b/inventory/host_vars/twisted-fedora26-1.fedorainfracloud.org @@ -0,0 +1,17 @@ +--- +image: "{{ fedora26_x86_64 }}" +instance_type: m1.medium +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-pythonbots,all-icmp-pythonbots,default +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: pythonbots +inventory_instance_name: twisted-fedora26-1 +hostbase: twisted-fedora26-1 +public_ip: 209.132.184.185 +description: twisted buildbot for fedora 26 + +cloud_networks: + # pythonbots-net + - net-id: "36ca66de-001d-4807-a688-58c363d84d68" diff --git a/inventory/host_vars/twisted-fedora26-2.fedorainfracloud.org b/inventory/host_vars/twisted-fedora26-2.fedorainfracloud.org new file mode 100644 index 0000000000..02fe970255 --- /dev/null +++ b/inventory/host_vars/twisted-fedora26-2.fedorainfracloud.org @@ -0,0 +1,17 @@ +--- +image: "{{ fedora26_x86_64 }}" +instance_type: m1.medium +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-pythonbots,all-icmp-pythonbots,default +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: pythonbots +inventory_instance_name: twisted-fedora26-2 +hostbase: twisted-fedora26-2 +public_ip: 209.132.184.186 +description: twisted buildbot for fedora 26 + +cloud_networks: + # pythonbots-net + - net-id: "36ca66de-001d-4807-a688-58c363d84d68" diff --git a/inventory/host_vars/twisted-rhel7-1.fedorainfracloud.org b/inventory/host_vars/twisted-rhel7-1.fedorainfracloud.org new file mode 100644 index 0000000000..bfac09bb35 --- /dev/null +++ b/inventory/host_vars/twisted-rhel7-1.fedorainfracloud.org @@ -0,0 +1,17 @@ +--- +image: rhel7-20141015 +instance_type: m1.medium +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-pythonbots,all-icmp-pythonbots,default +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: pythonbots +inventory_instance_name: twisted-rhel7-1 +hostbase: twisted-rhel7-1 +public_ip: 209.132.184.187 +description: twisted buildbot for rhel7 1 + +cloud_networks: + # pythonbots-net + - net-id: "36ca66de-001d-4807-a688-58c363d84d68" diff --git a/inventory/host_vars/twisted-rhel7-2.fedorainfracloud.org b/inventory/host_vars/twisted-rhel7-2.fedorainfracloud.org new file mode 100644 index 0000000000..a3bc4a42c4 --- /dev/null +++ b/inventory/host_vars/twisted-rhel7-2.fedorainfracloud.org @@ -0,0 +1,17 @@ +--- +image: rhel7-20141015 +instance_type: m1.medium +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-pythonbots,all-icmp-pythonbots,default +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: pythonbots +inventory_instance_name: twisted-rhel7-2 +hostbase: twisted-rhel7-2 +public_ip: 209.132.184.188 +description: twisted buildbot for rhel7 2 + +cloud_networks: + # pythonbots-net + - net-id: "36ca66de-001d-4807-a688-58c363d84d68" diff --git a/inventory/host_vars/unbound-ib01.fedoraproject.org b/inventory/host_vars/unbound-ib01.fedoraproject.org new file mode 100644 index 0000000000..e4bee61dd7 --- /dev/null +++ b/inventory/host_vars/unbound-ib01.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nm: 255.255.255.128 +gw: 152.19.134.129 +dns: 152.2.21.1 +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 152.19.134.150 +eth0_nm: 255.255.255.128 +vmhost: ibiblio04.fedoraproject.org +datacenter: ibiblio +postfix_group: vpn +vpn: true diff --git a/inventory/host_vars/unbound-osuosl01.fedoraproject.org b/inventory/host_vars/unbound-osuosl01.fedoraproject.org new file mode 100644 index 0000000000..b6655f6fad --- /dev/null +++ b/inventory/host_vars/unbound-osuosl01.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nm: 255.255.255.128 +gw: 140.211.169.193 +dns: 8.8.8.8 +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 140.211.169.201 +eth0_nm: 255.255.255.128 +vmhost: osuosl03.fedoraproject.org +datacenter: osuosl +postfix_group: vpn +vpn: true diff --git a/inventory/host_vars/unbound-tummy01.fedoraproject.org b/inventory/host_vars/unbound-tummy01.fedoraproject.org new file mode 100644 index 0000000000..1f3554e389 --- /dev/null +++ b/inventory/host_vars/unbound-tummy01.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.240 +gw: 66.35.62.174 +dns: 198.49.126.1 66.35.36.133 +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_host +eth0_ip: 66.35.62.163 +eth0_nm: 255.255.255.248 +vmhost: tummy01.fedoraproject.org +datacenter: tummy +vpn: true diff --git a/inventory/host_vars/upstreamfirst.fedorainfracloud.org b/inventory/host_vars/upstreamfirst.fedorainfracloud.org new file mode 100644 index 0000000000..e5d172557d --- /dev/null +++ b/inventory/host_vars/upstreamfirst.fedorainfracloud.org @@ -0,0 +1,179 @@ +--- + +############################################################ +# Persistent Cloud +############################################################ + +instance_type: m1.medium +image: CentOS-7-x86_64-GenericCloud-1503 +keypair: fedora-admin-20130801 +zone: nova + +inventory_tenant: persistent +inventory_instance_name: upstreamfirst +hostbase: upstreamfirst +public_ip: 209.132.184.153 +root_auth_users: tflink roshi +description: upstream-first pagure server +security_group: ssh-anywhere-persistent,web-443-anywhere-persistent,web-80-anywhere-persistent,default,all-icmp-persistent,mail-25-anywhere-persistent,allow-nagios-persistent,fedmsg-relay-persistent,pagure-ports + +volumes: + - volume_id: 81c1cb3e-5fb0-4abd-a252-b0102f1378de + device: /dev/vdc + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + +############################################################ +# General configuration +############################################################ + +tcp_ports: [ 22, 25, 80, 443, 9418, + # this is used for postgres access from docker + 5432, + # Used for the eventsource server + 8088, + # This is for the pagure public fedmsg relay + 9940] + +baseiptables: false + +external_hostname: 'upstreamfirst.fedorainfracloud.org' + +############################################################ +# Backup +############################################################ + +dbs_to_backup: +- postgres +- pagure + +host_backup_targets: + - '/backups' + - '/srv/git' + +############################################################ +# PostgreSQL configuration +############################################################ + +shared_buffers: "2GB" +effective_cache_size: "6GB" + +############################################################ +# ufmonitor config +############################################################ +# +ufmonitor_db_host: "172.17.0.1" +ufmonitor_db_name: "ufmonitor" +ufmonitor_db_user: "ufmonitor" +ufmonitor_db_password: "{{ upstreamfirst_ufmonitor_db_pass }}" +ufmonitor_config_path: "/etc/sysconfig/ufmonitor" +ufmonitor_home: "/var/www/ufmonitor" + +############################################################ +# Pagure Config +############################################################ + + +new_pagure_db_admin_user: "{{ upstreamfirst_pagure_db_admin_user }}" +new_pagure_db_admin_pass: "{{ upstreamfirst_pagure_db_admin_pass }}" +new_pagure_db_user: "{{ upstreamfirst_pagure_db_user }}" +new_pagure_db_pass: "{{ upstreamfirst_pagure_db_pass }}" + +# there are two db hosts here to work around the pg_hba that's in postgres_server +# we need to delegate postgres admin commands to a host that is remote from where +# this playbook is run but have to use localhost for the application to run in the +# case where we're using a local postgres instance +new_pagure_db_host: "127.0.0.1" +new_pagure_db_command_host: "{{ inventory_hostname }}" + +new_pagure_db_name: "{{ upstreamfirst_pagure_db_name }}" +new_pagure_secret_key: "{{ upstreamfirst_pagure_db_admin_user }}" +new_pagure_secret_salt_email: "{{ upstreamfirst_pagure_secret_salt_email }}" + +pagure_admin_email: 'tflink@fedoraproject.org' + +pagure_ssh_host_pubkey: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/bYFmX8pthJHcM2J85+mmN8pGJ/EJMcsdwoazihcooIBONcUazYF/BVV5/3nK7H3shq2nLR7vmdd2NuFHOPNsaAMK6nlADEg2tsKMC3UHHnwo1/iIO21pvf7+w2KIKCNIhiYA70W1aIxFBMZ7oo0VXjZ19PBwg6huAh0CBrLBP+XU4QN6LgLd87T5qMN/7g/QVqDforeoL8NUSQXMfzYNbxXPdRvMc5vbEMS/QNu5I8Ycu6FDqChnWc5Qd2orVCNreEMKwkgW27+FTpxzAnq3avotb0Cv1WuZjd8q402ldvp+ELcS8WHc+Mx41KaR//QTlSIYeX4OlcX/pl6C+Sdz' + +# ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub +pagure_ssh_host_fingerprint: '2048 6b:d8:48:27:5a:11:d1:14:e0:c1:91:23:45:c7:fb:6d (RSA)' + +# awk '{print $2}' /etc/ssh/ssh_host_rsa_key.pub | base64 -d | sha256sum -b | awk '{print $1}' | xxd -r -p | base64_ +pagure_ssh_host_sha256: 'SHA256:ggRdzg+ugyR6WIzeiuyASAdEHf+HG5yZqJJIu/YTtHI=' + +new_pagure_admin_groups: ['sysadmin-main', 'sysadmin-qa'] + +pagure_instance_name: "Upstream First Pagure" +pagure_theme_static_dir: "/var/www/upstreamfirst-paguretheme/static" +pagure_theme_template_dir: "/var/www/upstreamfirst-paguretheme/templates" + +stunnel_service: "eventsource" +stunnel_source_port: 8088 +stunnel_destination_port: 8080 + +# not doing anything with fedmsg right now +## These are consumed by a task in roles/fedmsg/base/main.yml +#fedmsg_certs: +#- service: shell +# owner: root +# group: sysadmin +# can_send: +# - logger.log +#- service: pagure +# owner: git +# group: apache +# can_send: +# - pagure.issue.assigned.added +# - pagure.issue.assigned.reset +# - pagure.issue.comment.added +# - pagure.issue.dependency.added +# - pagure.issue.dependency.removed +# - pagure.issue.edit +# - pagure.issue.new +# - pagure.issue.tag.added +# - pagure.issue.tag.removed +# - pagure.project.edit +# - pagure.project.forked +# - pagure.project.new +# - pagure.project.tag.edited +# - pagure.project.tag.removed +# - pagure.project.user.added +# - pagure.pull-request.closed +# - pagure.pull-request.comment.added +# - pagure.pull-request.flag.added +# - pagure.pull-request.flag.updated +# - pagure.request.assigned.added +# - pagure.pull-request.new +# +#fedmsg_prefix: io.pagure +#fedmsg_env: stg + +fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-qa,sysadmin-veteran + +freezes: false +#env: pagure-staging +#postfix_group: vpn.pagure-stg + +# Configuration for the git-daemon/server +git_group: git +git_port: 9418 +git_server: /usr/libexec/git-core/git-daemon +git_server_args: --export-all --syslog --inetd --verbose +git_basepath: /srv/git/repositories +git_daemon_user: git + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Fedora admins - admin@fedoraproject.org +csi_purpose: Stage testcases being submitted upstream to Fedora +csi_relationship: | + There are a few things running here: + + - The apache/mod_wsgi app for pagure + + - This host relies on: + - A postgres db server running locally + + - Things that rely on this host: + - nothing currently diff --git a/inventory/host_vars/value01.phx2.fedoraproject.org b/inventory/host_vars/value01.phx2.fedoraproject.org new file mode 100644 index 0000000000..cbead328ab --- /dev/null +++ b/inventory/host_vars/value01.phx2.fedoraproject.org @@ -0,0 +1,11 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost03 +eth0_ip: 10.5.126.49 +vmhost: virthost03.phx2.fedoraproject.org +datacenter: phx2 +host_backup_targets: ['/srv', '/var/lib/zodbot'] diff --git a/inventory/host_vars/value01.stg.phx2.fedoraproject.org b/inventory/host_vars/value01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..5bf490f017 --- /dev/null +++ b/inventory/host_vars/value01.stg.phx2.fedoraproject.org @@ -0,0 +1,11 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.187 +eth0_nm: 255.255.255.0 +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/value02.iad2.fedoraproject.org b/inventory/host_vars/value02.iad2.fedoraproject.org deleted file mode 100644 index 5320c23267..0000000000 --- a/inventory/host_vars/value02.iad2.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.110 -host_backup_targets: ['/srv', '/var/lib/zodbot'] -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL8-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-8-iad2 -sar_output_file: meetbot.json -# GDPR SAR variables - meetbot -sar_script: /usr/local/bin/meetbot_sar.py -sar_script_user: root -vmhost: vmhost-x86-04.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/value02.stg.iad2.fedoraproject.org b/inventory/host_vars/value02.stg.iad2.fedoraproject.org deleted file mode 100644 index 6ba7340c8d..0000000000 --- a/inventory/host_vars/value02.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,9 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.64 -eth0_nm: 255.255.255.0 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL8-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-8-iad2 -vmhost: vmhost-x86-06.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/virthost-cc-rdu01.fedoraproject.org b/inventory/host_vars/virthost-cc-rdu01.fedoraproject.org new file mode 100644 index 0000000000..b886e4aae2 --- /dev/null +++ b/inventory/host_vars/virthost-cc-rdu01.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 +datacenter: rdu-cc +br0_ip: 8.43.85.65 +br0_nm: 255.255.255.0 +gw: 8.43.85.254 +dns: 8.8.8.8 +postfix_group: vpn +vpn: true diff --git a/inventory/host_vars/virthost-comm02.qa.fedoraproject.org b/inventory/host_vars/virthost-comm02.qa.fedoraproject.org new file mode 100644 index 0000000000..400f2863b6 --- /dev/null +++ b/inventory/host_vars/virthost-comm02.qa.fedoraproject.org @@ -0,0 +1,11 @@ +--- +# This virthost only has non release critical instances, so it doesn't freeze +freezes: false +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +nm: 255.255.255.128 +gw: 10.5.124.254 +dns: 10.5.126.21 +br0_ip: 10.5.124.137 +br0_nm: 255.255.255.128 diff --git a/inventory/host_vars/virthost-comm03.qa.fedoraproject.org b/inventory/host_vars/virthost-comm03.qa.fedoraproject.org new file mode 100644 index 0000000000..0d48fc83ec --- /dev/null +++ b/inventory/host_vars/virthost-comm03.qa.fedoraproject.org @@ -0,0 +1,4 @@ +--- +# This virthost only has non release critical instances, so it doesn't freeze +freezes: false +nested: true diff --git a/inventory/host_vars/virthost-comm04.qa.fedoraproject.org b/inventory/host_vars/virthost-comm04.qa.fedoraproject.org new file mode 100644 index 0000000000..0d48fc83ec --- /dev/null +++ b/inventory/host_vars/virthost-comm04.qa.fedoraproject.org @@ -0,0 +1,4 @@ +--- +# This virthost only has non release critical instances, so it doesn't freeze +freezes: false +nested: true diff --git a/inventory/host_vars/virthost-rdu01.fedoraproject.org b/inventory/host_vars/virthost-rdu01.fedoraproject.org new file mode 100644 index 0000000000..ed21db1cbc --- /dev/null +++ b/inventory/host_vars/virthost-rdu01.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 +datacenter: rdu +nm: 255.255.255.0 +gw: 172.31.2.254 +dns: 8.8.8.8 +postfix_group: vpn +br0_ip: 172.31.2.11 +br0_nm: 255.255.255.0 +vpn: true + +public_ip: 209.132.190.11 diff --git a/inventory/host_vars/virthost-s390.qa.fedoraproject.org b/inventory/host_vars/virthost-s390.qa.fedoraproject.org new file mode 100644 index 0000000000..9342178f79 --- /dev/null +++ b/inventory/host_vars/virthost-s390.qa.fedoraproject.org @@ -0,0 +1,3 @@ +--- +# This virthost only has non release critical instances, so it doesn't freeze +freezes: false diff --git a/inventory/host_vars/virthost04.phx2.fedoraproject.org b/inventory/host_vars/virthost04.phx2.fedoraproject.org new file mode 100644 index 0000000000..086394546b --- /dev/null +++ b/inventory/host_vars/virthost04.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +# This virthost only has stg instances, so it doesn't freeze +freezes: false +nested: true diff --git a/inventory/host_vars/virthost05.phx2.fedoraproject.org b/inventory/host_vars/virthost05.phx2.fedoraproject.org new file mode 100644 index 0000000000..b9d1825c00 --- /dev/null +++ b/inventory/host_vars/virthost05.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +# This virthost only has stg instances, so it doesn't freeze +freezes: true +nested: true +dns: 10.5.126.21 +gw: 10.5.126.254 +br0_ip: 10.5.126.145 +br0_nm: 255.255.255.0 +br1_ip: 10.5.127.195 +br1_nm: 255.255.255.0 diff --git a/inventory/host_vars/virthost06.phx2.fedoraproject.org b/inventory/host_vars/virthost06.phx2.fedoraproject.org new file mode 100644 index 0000000000..916924f447 --- /dev/null +++ b/inventory/host_vars/virthost06.phx2.fedoraproject.org @@ -0,0 +1,9 @@ +--- +freezes: true +nested: true +dns: 10.5.126.21 +gw: 10.5.126.254 +br0_ip: 10.5.126.146 +br0_nm: 255.255.255.0 +br1_ip: 10.5.127.196 +br1_nm: 255.255.255.0 diff --git a/inventory/host_vars/virthost10.phx2.fedoraproject.org b/inventory/host_vars/virthost10.phx2.fedoraproject.org new file mode 100644 index 0000000000..92cc5c0e3a --- /dev/null +++ b/inventory/host_vars/virthost10.phx2.fedoraproject.org @@ -0,0 +1,3 @@ +--- +# This virthost only has stg instances, so it doesn't freeze +freezes: false diff --git a/inventory/host_vars/virthost11.phx2.fedoraproject.org b/inventory/host_vars/virthost11.phx2.fedoraproject.org new file mode 100644 index 0000000000..2c698bfa20 --- /dev/null +++ b/inventory/host_vars/virthost11.phx2.fedoraproject.org @@ -0,0 +1,9 @@ +--- +# This virthost only has stg instances, so it doesn't freeze +freezes: false +dns: 10.5.126.21 +gw: 10.5.126.254 +br0_ip: 10.5.126.104 +br0_nm: 255.255.255.0 +br1_ip: 10.5.127.201 +br1_nm: 255.255.255.0 diff --git a/inventory/host_vars/virthost12.phx2.fedoraproject.org b/inventory/host_vars/virthost12.phx2.fedoraproject.org new file mode 100644 index 0000000000..6d838147d6 --- /dev/null +++ b/inventory/host_vars/virthost12.phx2.fedoraproject.org @@ -0,0 +1,9 @@ +--- +# This virthost only has stg instances, so it doesn't freeze +freezes: false +dns: 10.5.126.21 +gw: 10.5.126.254 +br0_ip: 10.5.126.152 +br0_nm: 255.255.255.0 +br1_ip: 10.5.127.202 +br1_nm: 255.255.255.0 diff --git a/inventory/host_vars/virthost16.phx2.fedoraproject.org b/inventory/host_vars/virthost16.phx2.fedoraproject.org new file mode 100644 index 0000000000..92cc5c0e3a --- /dev/null +++ b/inventory/host_vars/virthost16.phx2.fedoraproject.org @@ -0,0 +1,3 @@ +--- +# This virthost only has stg instances, so it doesn't freeze +freezes: false diff --git a/inventory/host_vars/virthost20.phx2.fedoraproject.org b/inventory/host_vars/virthost20.phx2.fedoraproject.org new file mode 100644 index 0000000000..92cc5c0e3a --- /dev/null +++ b/inventory/host_vars/virthost20.phx2.fedoraproject.org @@ -0,0 +1,3 @@ +--- +# This virthost only has stg instances, so it doesn't freeze +freezes: false diff --git a/inventory/host_vars/vmhost-p08-copr01.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-p08-copr01.rdu-cc.fedoraproject.org deleted file mode 100644 index c205d16f82..0000000000 --- a/inventory/host_vars/vmhost-p08-copr01.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,62 +0,0 @@ ---- -br0_ipv4: 8.43.85.55 -br0_ipv4_gw: "{{ gw }}" -br0_ipv4_nm: 24 -br0_ipv6: "2620:52:3:1:dead:beef:cafe:c007" -br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -br0_ipv6_nm: 64 -br0_port0_mac: "{{ mac4 }}" -br1_ipv4: 172.23.5.101 -br1_ipv4_nm: 24 -br1_port0_mac: "{{ mac0 }}" -datacenter: rdu-cc -dns: 8.8.8.8 -gw: 8.43.85.254 -has_ipv4: yes -has_ipv6: yes -mac0: "40:f2:e9:5d:52:70" -mac1: "40:f2:e9:5d:52:71" -mac2: "40:f2:e9:5d:52:72" -mac3: "40:f2:e9:5d:52:73" -mac4: "40:f2:e9:5d:50:f8" -mac5: "40:f2:e9:5d:50:f9" -mac6: "40:f2:e9:5d:50:fa" -mac7: "40:f2:e9:5d:50:fb" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}" - dhcp4: no - dns: - - 8.8.8.8 - - 8.8.4.4 - - 2001:4860:4860::8888 - dns_search: - - fedoraproject.org - - vpn.fedoraproject.org - - rdu-cc.fedoraproject.org - gateway4: "{{ br0_ipv4_gw }}" - gateway6: "{{ br0_ipv6_gw }}" - name: br0 - state: up - type: bridge - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - - autoconnect: yes - ip: - address: - - "{{ br1_ipv4 }}/{{ br1_ipv4_nm }}" - dhcp4: no - name: br1 - state: up - type: bridge - - mac: "{{ br1_port0_mac }}" - master: br1 - name: br1-port0 - state: up - type: ethernet diff --git a/inventory/host_vars/vmhost-p08-copr02.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-p08-copr02.rdu-cc.fedoraproject.org deleted file mode 100644 index 3d40861df0..0000000000 --- a/inventory/host_vars/vmhost-p08-copr02.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,62 +0,0 @@ ---- -br0_ipv4: 8.43.85.54 -br0_ipv4_gw: "{{ gw }}" -br0_ipv4_nm: 24 -br0_ipv6: "2620:52:3:1:dead:beef:cafe:c008" -br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -br0_ipv6_nm: 64 -br0_port0_mac: "{{ mac4 }}" -br1_ipv4: 172.23.5.117 -br1_ipv4_nm: 24 -br1_port0_mac: "{{ mac0 }}" -datacenter: rdu-cc -dns: 8.8.8.8 -gw: 8.43.85.254 -has_ipv4: yes -has_ipv6: yes -mac0: "40:f2:e9:5d:53:64" -mac1: "40:f2:e9:5d:53:65" -mac2: "40:f2:e9:5d:53:66" -mac3: "40:f2:e9:5d:53:67" -mac4: "40:f2:e9:5d:53:5c" -mac5: "40:f2:e9:5d:53:5d" -mac6: "40:f2:e9:5d:53:5e" -mac7: "40:f2:e9:5d:53:5f" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}" - dhcp4: no - dns: - - 8.8.8.8 - - 8.8.4.4 - - 2001:4860:4860::8888 - dns_search: - - fedoraproject.org - - vpn.fedoraproject.org - - rdu-cc.fedoraproject.org - gateway4: "{{ br0_ipv4_gw }}" - gateway6: "{{ br0_ipv6_gw }}" - name: br0 - state: up - type: bridge - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - - autoconnect: yes - ip: - address: - - "{{ br1_ipv4 }}/{{ br1_ipv4_nm }}" - dhcp4: no - name: br1 - state: up - type: bridge - - mac: "{{ br1_port0_mac }}" - master: br1 - name: br1-port0 - state: up - type: ethernet diff --git a/inventory/host_vars/vmhost-p09-copr01.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-p09-copr01.rdu-cc.fedoraproject.org deleted file mode 100644 index dc09d03d34..0000000000 --- a/inventory/host_vars/vmhost-p09-copr01.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,60 +0,0 @@ ---- -br0_ipv4: 8.43.85.78 -br0_ipv4_gw: "{{ gw }}" -br0_ipv4_nm: 24 -br0_ipv6: "2620:52:3:1:dead:beef:cafe:c009" -br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -br0_ipv6_nm: 64 -br0_port0_mac: "{{ mac2 }}" -br1_ipv4: 172.23.5.185 -br1_ipv4_nm: 24 -br1_port0_mac: "{{ mac0 }}" -datacenter: rdu-cc -dns: 8.8.8.8 -gw: 8.43.85.254 -has_ipv4: yes -has_ipv6: yes -mac0: "08:94:ef:81:d0:aa" -mac1: "08:94:ef:81:d0:ab" -mac2: "b8:ce:f6:c6:00:c6" -mac3: "b8:ce:f6:c6:00:c7" -mac4: "b8:ce:f6:c6:00:d0" -mac5: "b8:ce:f6:c6:00:d1" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}" - dhcp4: no - dns: - - 8.8.8.8 - - 8.8.4.4 - - 2001:4860:4860::8888 - dns_search: - - fedoraproject.org - - vpn.fedoraproject.org - - rdu-cc.fedoraproject.org - gateway4: "{{ br0_ipv4_gw }}" - gateway6: "{{ br0_ipv6_gw }}" - name: br0 - state: up - type: bridge - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - - autoconnect: yes - ip: - address: - - "{{ br1_ipv4 }}/{{ br1_ipv4_nm }}" - dhcp4: no - name: br1 - state: up - type: bridge - - mac: "{{ br1_port0_mac }}" - master: br1 - name: br1-port0 - state: up - type: ethernet diff --git a/inventory/host_vars/vmhost-x86-01.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-01.iad2.fedoraproject.org deleted file mode 100644 index a6ba5958b2..0000000000 --- a/inventory/host_vars/vmhost-x86-01.iad2.fedoraproject.org +++ /dev/null @@ -1,35 +0,0 @@ ---- -br0_ipv4: 10.3.163.11 -br0_ipv4_gw: 10.3.163.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:b1:70:88 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-01.rdu3.fedoraproject.org b/inventory/host_vars/vmhost-x86-01.rdu3.fedoraproject.org deleted file mode 100644 index fb11de59d8..0000000000 --- a/inventory/host_vars/vmhost-x86-01.rdu3.fedoraproject.org +++ /dev/null @@ -1,56 +0,0 @@ ---- -br0_ipv4: 10.16.163.11 -br0_ipv4_gw: 10.16.163.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "fedoraproject.org" -dns_search3: "iad2.fedoraproject.org" -has_ipv4: yes -mac0: c4:cb:e1:e1:57:0e -mac1: c4:cb:e1:e1:57:0f -mac2: c4:70:bd:c8:cc:60 -mac3: c4:70:bd:c8:cc:61 -network_connections: - # Bridge profile - - name: br0 - state: up - type: bridge - mtu: 9000 - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - # Bond profile - - name: bond0 - type: bond - interface_name: bond0 - mtu: 9000 - controller: br0 - bond: - mode: 802.3ad - # Port profile for the 1st Ethernet device - - name: bond0-port1 - mac: "{{ mac2 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 - # Port profile for the 2nd Ethernet device - - name: bond0-port2 - mac: "{{ mac3 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-01.stg.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-01.stg.iad2.fedoraproject.org deleted file mode 100644 index e3496bd8b8..0000000000 --- a/inventory/host_vars/vmhost-x86-01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,42 +0,0 @@ ---- -# This virthost only has stg instances, so it doesn't freeze -br0_ipv4_ip: 10.3.166.11 -br0_ipv4_gw: 10.3.166.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac3 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -freezes: false -has_ipv4: yes -mac1: a8:3c:a5:36:2c:2c -mac2: a8:3c:a5:36:2c:2d -mac3: 6c:fe:54:88:f0:d4 -mac4: 6c:fe:54:88:f0:d5 -nested: true -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4_ip }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-01.stg.rdu3.fedoraproject.org b/inventory/host_vars/vmhost-x86-01.stg.rdu3.fedoraproject.org deleted file mode 100644 index a8f924fb30..0000000000 --- a/inventory/host_vars/vmhost-x86-01.stg.rdu3.fedoraproject.org +++ /dev/null @@ -1,56 +0,0 @@ ---- -br0_ipv4: 10.16.166.11 -br0_ipv4_gw: 10.16.166.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "fedoraproject.org" -dns_search3: "iad2.fedoraproject.org" -has_ipv4: yes -mac0: c4:cb:e1:e1:71:5a -mac1: c4:cb:e1:e1:71:5b -mac2: c4:70:bd:aa:71:14 -mac3: c4:70:bd:aa:71:15 -network_connections: - # Bridge profile - - name: br0 - state: up - type: bridge - mtu: 9000 - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - # Bond profile - - name: bond0 - type: bond - interface_name: bond0 - mtu: 9000 - controller: br0 - bond: - mode: 802.3ad - # Port profile for the 1st Ethernet device - - name: bond0-port1 - mac: "{{ mac2 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 - # Port profile for the 2nd Ethernet device - - name: bond0-port2 - mac: "{{ mac3 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-02.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-02.iad2.fedoraproject.org deleted file mode 100644 index 66d34ac874..0000000000 --- a/inventory/host_vars/vmhost-x86-02.iad2.fedoraproject.org +++ /dev/null @@ -1,35 +0,0 @@ ---- -br0_ipv4: 10.3.163.12 -br0_ipv4_gw: 10.3.163.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:ba:e8:44 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-02.rdu3.fedoraproject.org b/inventory/host_vars/vmhost-x86-02.rdu3.fedoraproject.org deleted file mode 100644 index 977d355c78..0000000000 --- a/inventory/host_vars/vmhost-x86-02.rdu3.fedoraproject.org +++ /dev/null @@ -1,56 +0,0 @@ ---- -br0_ipv4: 10.16.163.12 -br0_ipv4_gw: 10.16.163.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "fedoraproject.org" -dns_search3: "iad2.fedoraproject.org" -has_ipv4: yes -mac0: c4:cb:e1:e1:60:2a -mac1: c4:cb:e1:e1:60:2b -mac2: c4:70:bd:b7:7b:fe -mac3: c4:70:bd:b7:7b:ff -network_connections: - # Bridge profile - - name: br0 - state: up - type: bridge - mtu: 9000 - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - # Bond profile - - name: bond0 - type: bond - interface_name: bond0 - mtu: 9000 - controller: br0 - bond: - mode: 802.3ad - # Port profile for the 1st Ethernet device - - name: bond0-port1 - mac: "{{ mac2 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 - # Port profile for the 2nd Ethernet device - - name: bond0-port2 - mac: "{{ mac3 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-02.stg.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-02.stg.iad2.fedoraproject.org deleted file mode 100644 index 7b16f1e58e..0000000000 --- a/inventory/host_vars/vmhost-x86-02.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,42 +0,0 @@ ---- -# This virthost only has stg instances, so it doesn't freeze -br0_ipv4: 10.3.166.12 -br0_ipv4_gw: 10.3.166.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac3 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -freezes: false -has_ipv4: yes -mac1: 24:6e:96:13:ed:dc -mac2: 24:6e:96:13:ed:dd -mac3: 24:6e:96:13:ed:d8 -mac4: 24:6e:96:13:ed:da -nested: true -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-03.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-03.iad2.fedoraproject.org deleted file mode 100644 index f9cd50b608..0000000000 --- a/inventory/host_vars/vmhost-x86-03.iad2.fedoraproject.org +++ /dev/null @@ -1,35 +0,0 @@ ---- -br0_ipv4: 10.3.163.13 -br0_ipv4_gw: 10.3.163.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:b1:28:cc -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-03.stg.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-03.stg.iad2.fedoraproject.org deleted file mode 100644 index 1f80e84d95..0000000000 --- a/inventory/host_vars/vmhost-x86-03.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,42 +0,0 @@ ---- -# This virthost only has stg instances, so it doesn't freeze -br0_ipv4: 10.3.166.13 -br0_ipv4_gw: 10.3.166.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac3 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -freezes: false -has_ipv4: yes -mac1: 24:6e:96:05:d9:fc -mac2: 24:6e:96:05:d9:fd -mac3: 24:6e:96:05:d9:f8 -mac4: 24:6e:96:05:d9:fa -nested: true -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-04.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-04.iad2.fedoraproject.org deleted file mode 100644 index c97fda30e4..0000000000 --- a/inventory/host_vars/vmhost-x86-04.iad2.fedoraproject.org +++ /dev/null @@ -1,35 +0,0 @@ ---- -br0_ipv4: 10.3.163.14 -br0_ipv4_gw: 10.3.163.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:b1:62:a8 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-04.stg.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-04.stg.iad2.fedoraproject.org deleted file mode 100644 index f15bde066b..0000000000 --- a/inventory/host_vars/vmhost-x86-04.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,42 +0,0 @@ ---- -# This virthost only has stg instances, so it doesn't freeze -br0_ipv4: 10.3.166.14 -br0_ipv4_gw: 10.3.166.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac3 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -freezes: false -has_ipv4: yes -mac1: 24:6e:96:05:d7:84 -mac2: 24:6e:96:05:d7:85 -mac3: 24:6e:96:05:d7:80 -mac4: 24:6e:96:05:d7:82 -nested: true -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-05.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-05.iad2.fedoraproject.org deleted file mode 100644 index 485f9392a4..0000000000 --- a/inventory/host_vars/vmhost-x86-05.iad2.fedoraproject.org +++ /dev/null @@ -1,35 +0,0 @@ ---- -br0_ipv4: 10.3.163.15 -br0_ipv4_gw: 10.3.163.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:ae:4b:b8 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-05.stg.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-05.stg.iad2.fedoraproject.org deleted file mode 100644 index f06fde022b..0000000000 --- a/inventory/host_vars/vmhost-x86-05.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,44 +0,0 @@ ---- -# This virthost only has stg instances, so it doesn't freeze -br0_ipv4: 10.3.166.15 -br0_ipv4_gw: 10.3.166.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac5 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -freezes: false -has_ipv4: yes -mac1: 18:66:da:f7:7a:58 -mac2: 18:66:da:f7:7a:59 -mac3: 18:66:da:f7:7a:5a -mac4: 18:66:da:f7:7a:5b -mac5: a0:36:9f:de:88:28 -mac6: a0:36:9f:de:88:2a -nested: true -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-06.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-06.iad2.fedoraproject.org deleted file mode 100644 index 4393a75ca3..0000000000 --- a/inventory/host_vars/vmhost-x86-06.iad2.fedoraproject.org +++ /dev/null @@ -1,35 +0,0 @@ ---- -br0_ipv4: 10.3.163.16 -br0_ipv4_gw: 10.3.163.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:b1:28:ee -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-06.stg.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-06.stg.iad2.fedoraproject.org deleted file mode 100644 index 545cbd85e9..0000000000 --- a/inventory/host_vars/vmhost-x86-06.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,44 +0,0 @@ ---- -# This virthost only has stg instances, so it doesn't freeze -br0_ipv4: 10.3.166.16 -br0_ipv4_gw: 10.3.166.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac5 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -freezes: false -has_ipv4: yes -mac1: 18:66:da:f7:61:58 -mac2: 18:66:da:f7:61:59 -mac3: 18:66:da:f7:61:5a -mac4: 18:66:da:f7:61:5b -mac5: a0:36:9f:de:85:bc -mac6: a0:36:9f:de:85:be -nested: true -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-07.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-07.iad2.fedoraproject.org deleted file mode 100644 index 7f99f772c5..0000000000 --- a/inventory/host_vars/vmhost-x86-07.iad2.fedoraproject.org +++ /dev/null @@ -1,35 +0,0 @@ ---- -br0_ipv4: 10.3.163.17 -br0_ipv4_gw: 10.3.163.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:22:ce:ca -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-07.stg.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-07.stg.iad2.fedoraproject.org deleted file mode 100644 index aec491cc93..0000000000 --- a/inventory/host_vars/vmhost-x86-07.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,44 +0,0 @@ ---- -# This virthost only has stg instances, so it doesn't freeze -br0_ipv4: 10.3.166.17 -br0_ipv4_gw: 10.3.166.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac4 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -freezes: false -has_ipv4: yes -mac1: 80:18:44:de:4d:fc -mac2: 80:18:44:de:4d:fd -mac3: 80:18:44:de:4d:fe -mac4: a0:36:9f:f1:83:e0 -mac5: 80:18:44:de:4d:ff -mac6: a0:36:9f:f1:83:e2 -nested: true -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-08.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-08.iad2.fedoraproject.org deleted file mode 100644 index 52f59c0f79..0000000000 --- a/inventory/host_vars/vmhost-x86-08.iad2.fedoraproject.org +++ /dev/null @@ -1,36 +0,0 @@ ---- -br0_ipv4_ip: 10.3.163.28 -br0_ipv4_gw: 10.3.163.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: 6c:fe:54:88:ec:34 -nbde: false -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4_ip }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-08.stg.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-08.stg.iad2.fedoraproject.org deleted file mode 100644 index 7327947715..0000000000 --- a/inventory/host_vars/vmhost-x86-08.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,42 +0,0 @@ ---- -# This virthost only has stg instances, so it doesn't freeze -br0_ipv4: 10.3.166.18 -br0_ipv4_gw: 10.3.166.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac3 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -freezes: false -has_ipv4: yes -mac1: 24:6e:96:c1:6e:bc -mac2: 24:6e:96:c1:6e:bd -mac3: 24:6e:96:c1:6e:b8 -mac4: 24:6e:96:c1:6e:ba -nested: true -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-09.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-09.iad2.fedoraproject.org deleted file mode 100644 index 3efaac7822..0000000000 --- a/inventory/host_vars/vmhost-x86-09.iad2.fedoraproject.org +++ /dev/null @@ -1,36 +0,0 @@ ---- -br0_ipv4: 10.3.163.29 -br0_ipv4_gw: 10.3.163.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac2 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac2: 24:6e:96:b1:61:c0 -nbde: false -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-09.stg.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-09.stg.iad2.fedoraproject.org deleted file mode 100644 index f10eb9cfca..0000000000 --- a/inventory/host_vars/vmhost-x86-09.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,42 +0,0 @@ ---- -# This virthost only has stg instances, so it doesn't freeze -br0_ipv4: 10.3.166.19 -br0_ipv4_gw: 10.3.166.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac4 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -freezes: false -has_ipv4: yes -mac1: C8:4B:D6:89:F7:5C -mac2: C8:4B:D6:89:F7:5D -mac3: 6C:FE:54:57:80:2C -mac4: 6C:FE:54:57:80:2D -nested: true -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-11.stg.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-11.stg.iad2.fedoraproject.org deleted file mode 100644 index 2323ea4706..0000000000 --- a/inventory/host_vars/vmhost-x86-11.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,44 +0,0 @@ ---- -# This virthost only has stg instances, so it doesn't freeze -br0_ipv4: 10.3.166.28 -br0_ipv4_gw: 10.3.166.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -freezes: false -has_ipv4: yes -mac1: E4:43:4B:F7:B7:B8 -mac2: E4:43:4B:F7:B7:BA -mac3: E4:43:4B:F7:B7:D8 -mac4: E4:43:4B:F7:B7:D9 -mgmt_ipv4: 10.3.160.46 -mgmt_mac: 2c:ea:7f:f3:6c:be -nested: true -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-12.stg.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-12.stg.iad2.fedoraproject.org deleted file mode 100644 index 4ee1b00ee6..0000000000 --- a/inventory/host_vars/vmhost-x86-12.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,44 +0,0 @@ ---- -# This virthost only has stg instances, so it doesn't freeze -br0_ipv4: 10.3.166.29 -br0_ipv4_gw: 10.3.166.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -freezes: false -has_ipv4: yes -mac1: E4:43:4B:F7:AD:10 -mac2: E4:43:4B:F7:AD:12 -mac3: E4:43:4B:F7:AD:30 -mac4: E4:43:4B:F7:AD:31 -mgmt_ipv4: 10.3.160.47 -mgmt_mac: 2c:ea:7f:f3:82:fc -nested: true -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-cc01.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-x86-cc01.rdu-cc.fedoraproject.org deleted file mode 100644 index 073c5a2d03..0000000000 --- a/inventory/host_vars/vmhost-x86-cc01.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,60 +0,0 @@ ---- -br0_dev: eth0 -br0_ipv4_ip: 8.43.85.65 -br0_ipv4_gw: 8.43.85.254 -br0_ipv4_nm: 24 -br0_port0_mac: '{{ mac0 }}' -br1_ipv4: 172.23.1.14 -br1_ipv4_gw: 172.23.1.254 -br1_ipv4_nm: 24 -br1_port0_mac: '{{ mac2 }}' -datacenter: rdu-cc -dns1: 8.8.8.8 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -mac0: c8:4b:d6:af:2f:ef -mac2: c8:4b:d6:af:2f:f0 -network_connections: - - autoconnect: true - ip: - address: - - '{{ br0_ipv4_ip }}/{{ br0_ipv4_nm }}' - dhcp4: false - dns: - - '{{ dns1 }}' - dns_search: - - '{{ dns_search1 }}' - - '{{ dns_search2 }}' - gateway4: '{{ br0_ipv4_gw }}' - name: br0 - state: up - type: bridge - - mac: '{{ br0_port0_mac }}' - master: br0 - name: br0-port0 - state: up - type: ethernet - - autoconnect: true - ip: - address: - - '{{ br1_ipv4 }}/{{ br1_ipv4_nm }}' - dhcp4: false - dns: - - '{{ dns1 }}' - - '{{ dns2 }}' - dns_search: - - '{{ dns_search1 }}' - gateway4: '{{ br1_ipv4_gw }}' - auto_gateway: false - name: br1 - state: up - type: bridge - - mac: '{{ br1_port0_mac }}' - master: br1 - name: br1-port0 - state: up - type: ethernet -nrpe_procs_crit: 1700 -nrpe_procs_warn: 1500 -postfix_group: vpn -vpn: true diff --git a/inventory/host_vars/vmhost-x86-cc02.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-x86-cc02.rdu-cc.fedoraproject.org deleted file mode 100644 index 0de807cbb1..0000000000 --- a/inventory/host_vars/vmhost-x86-cc02.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -br0_ipv4: 8.43.85.66 -br0_ipv4_gw: 8.43.85.254 -br0_ipv4_nm: 24 -br0_port0_mac: '{{ mac0 }}' -datacenter: rdu-cc -dns1: 8.8.8.8 -dns_search1: fedoraproject.org -mac0: 24:6e:96:d5:a4:0a -network_connections: - - autoconnect: true - ip: - address: - - '{{ br0_ipv4 }}/{{ br0_ipv4_nm }}' - dhcp4: false - dns: - - '{{ dns1 }}' - dns_search: - - '{{ dns_search1 }}' - gateway4: '{{ br0_ipv4_gw }}' - name: br0 - state: up - type: bridge - - mac: '{{ br0_port0_mac }}' - master: br0 - name: br0-port0 - state: up - type: ethernet -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -postfix_group: vpn -vpn: true diff --git a/inventory/host_vars/vmhost-x86-cc03.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-x86-cc03.rdu-cc.fedoraproject.org deleted file mode 100644 index 5d263b41ef..0000000000 --- a/inventory/host_vars/vmhost-x86-cc03.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,61 +0,0 @@ ---- -br0_ipv4: 8.43.85.64 -br0_ipv4_gw: 8.43.85.254 -br0_ipv4_nm: 24 -br0_port0_mac: '{{ mac0 }}' -br1_ipv4: 172.23.1.13 -br1_ipv4_gw: 172.23.1.254 -br1_ipv4_nm: 24 -br1_port0_mac: '{{ mac2 }}' -datacenter: rdu-cc -dns1: 8.8.8.8 -dns2: 8.8.4.4 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -mac0: C8:4B:D6:98:5D:74 -mac2: c8:4b:d6:98:5d:75 -network_connections: - - autoconnect: true - ip: - address: - - '{{ br0_ipv4 }}/{{ br0_ipv4_nm }}' - dhcp4: false - dns: - - '{{ dns1 }}' - - '{{ dns2 }}' - dns_search: - - '{{ dns_search1 }}' - - '{{ dns_search2 }}' - gateway4: '{{ br0_ipv4_gw }}' - name: br0 - state: up - type: bridge - - mac: '{{ br0_port0_mac }}' - master: br0 - name: br0-port0 - state: up - type: ethernet - - autoconnect: true - ip: - address: - - '{{ br1_ipv4 }}/{{ br1_ipv4_nm }}' - dhcp4: false - dns: - - '{{ dns1 }}' - - '{{ dns2 }}' - dns_search: - - '{{ dns_search1 }}' - gateway4: '{{ br1_ipv4_gw }}' - auto_gateway: false - name: br1 - state: up - type: bridge - - mac: '{{ br1_port0_mac }}' - master: br1 - name: br1-port0 - state: up - type: ethernet -nrpe_procs_crit: 2000 -nrpe_procs_warn: 1500 -postfix_group: vpn -vpn: true diff --git a/inventory/host_vars/vmhost-x86-cc05.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-x86-cc05.rdu-cc.fedoraproject.org deleted file mode 100644 index 480f2247d5..0000000000 --- a/inventory/host_vars/vmhost-x86-cc05.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,63 +0,0 @@ ---- -br0_ipv4: 8.43.85.84 -br0_ipv4_gw: "{{ gw }}" -br0_ipv4_nm: 24 -br0_ipv6: "2620:52:3:1:dead:beef:cafe:f005" -br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -br0_ipv6_nm: 64 -br0_port0_mac: "{{ mac0 }}" -br1_ipv4: 172.23.1.1 -br1_ipv4_nm: 24 -br1_port0_mac: "{{ mac1 }}" -datacenter: rdu-cc -dns: 8.8.8.8 -freezes: false -gw: 8.43.85.254 -has_ipv4: yes -has_ipv6: yes -mac0: "ec:f4:bb:d2:97:7c" -mac1: "ec:f4:bb:d2:97:7d" -mac2: "ec:f4:bb:d2:97:78" -mac3: "ec:f4:bb:d2:97:7a" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}" - dhcp4: no - dns: - - 8.8.8.8 - - 8.8.4.4 - - 2001:4860:4860::8888 - dns_search: - - vpn.fedoraproject.org - - fedoraproject.org - - rdu-cc.fedoraproject.org - gateway4: "{{ br0_ipv4_gw }}" - gateway6: "{{ br0_ipv6_gw }}" - name: br0 - state: up - type: bridge - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - - autoconnect: yes - ip: - address: - - "{{ br1_ipv4 }}/{{ br1_ipv4_nm }}" - dhcp4: no - name: br1 - state: up - type: bridge - - mac: "{{ br1_port0_mac }}" - master: br1 - name: br1-port0 - state: up - type: ethernet -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -postfix_group: cloud -vpn: true diff --git a/inventory/host_vars/vmhost-x86-cc06.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-x86-cc06.rdu-cc.fedoraproject.org deleted file mode 100644 index 412668c19c..0000000000 --- a/inventory/host_vars/vmhost-x86-cc06.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,79 +0,0 @@ ---- -br0_ipv4: 8.43.85.85 -br0_ipv4_gw: "{{ gw }}" -br0_ipv4_nm: 24 -br0_ipv6: "2620:52:3:1:dead:beef:cafe:f006" -br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -br0_ipv6_nm: 64 -br0_port0_mac: "{{ mac0 }}" -br1_ipv4: 172.23.1.2 -br1_ipv4_nm: 24 -br1_port0_mac: "{{ mac1 }}" -br2_ipv4: 172.23.5.2 -br2_ipv4_nm: 24 -br2_port0_mac: "{{ mac2 }}" -datacenter: rdu-cc -dns: 8.8.8.8 -freezes: false -gw: 8.43.85.254 -has_ipv4: yes -has_ipv6: yes -mac0: "ec:f4:bb:cd:aa:a4" -mac1: "ec:f4:bb:cd:aa:a5" -mac2: "ec:f4:bb:cd:aa:a0" -mac3: "ec:f4:bb:cd:aa:a2" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}" - dhcp4: no - dns: - - 8.8.8.8 - - 8.8.4.4 - - 2001:4860:4860::8888 - dns_search: - - vpn.fedoraproject.org - - fedoraproject.org - - rdu-cc.fedoraproject.org - gateway4: "{{ br0_ipv4_gw }}" - gateway6: "{{ br0_ipv6_gw }}" - name: br0 - state: up - type: bridge - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - - autoconnect: yes - ip: - address: - - "{{ br1_ipv4 }}/{{ br1_ipv4_nm }}" - dhcp4: no - name: br1 - state: up - type: bridge - - mac: "{{ br1_port0_mac }}" - master: br1 - name: br1-port0 - state: up - type: ethernet - - autoconnect: yes - ip: - address: - - "{{ br2_ipv4 }}/{{ br2_ipv4_nm }}" - dhcp4: no - name: br2 - state: up - type: bridge - - mac: "{{ br2_port0_mac }}" - master: br2 - name: br2-port0 - state: up - type: ethernet -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -postfix_group: cloud -vpn: true diff --git a/inventory/host_vars/vmhost-x86-copr01.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-x86-copr01.rdu-cc.fedoraproject.org deleted file mode 100644 index 3df7e11aae..0000000000 --- a/inventory/host_vars/vmhost-x86-copr01.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,46 +0,0 @@ ---- -br0_ipv4: 8.43.85.57 -br0_ipv4_gw: "{{ gw }}" -br0_ipv4_nm: 24 -br0_ipv6: "2620:52:3:1:dead:beef:cafe:c001" -br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -br0_ipv6_nm: 64 -br0_port0_mac: "{{ mac0 }}" -datacenter: rdu-cc -dns: 8.8.8.8 -gw: 8.43.85.254 -has_ipv4: yes -has_ipv6: yes -mac0: "f4:02:70:d0:05:00" -mac1: "f4:02:70:d0:05:01" -mac2: "00:62:0b:c5:82:60" -mac3: "00:62:0b:c5:82:61" -mac4: "b4:96:91:63:3b:e8" -mac5: "b4:96:91:63:3b:e9" -mac6: "b4:96:91:63:3b:ea" -mac7: "b4:96:91:63:3b:eb" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}" - dhcp4: no - dns: - - 8.8.8.8 - - 8.8.4.4 - - 2001:4860:4860::8888 - dns_search: - - fedoraproject.org - - vpn.fedoraproject.org - - rdu-cc.fedoraproject.org - gateway4: "{{ br0_ipv4_gw }}" - gateway6: "{{ br0_ipv6_gw }}" - name: br0 - state: up - type: bridge - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet diff --git a/inventory/host_vars/vmhost-x86-copr02.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-x86-copr02.rdu-cc.fedoraproject.org deleted file mode 100644 index 0f52f8b92f..0000000000 --- a/inventory/host_vars/vmhost-x86-copr02.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,44 +0,0 @@ ---- -br0_ipv4: 8.43.85.58 -br0_ipv4_gw: "{{ gw }}" -br0_ipv4_nm: 24 -br0_ipv6: "2620:52:3:1:dead:beef:cafe:c002" -br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -br0_ipv6_nm: 64 -br0_port0_mac: "{{ mac0 }}" -datacenter: rdu-cc -dns: 8.8.8.8 -gw: 8.43.85.254 -has_ipv4: yes -has_ipv6: yes -mac0: "c4:cb:e1:b3:5c:78" -mac1: "c4:cb:e1:b3:5c:79" -mac2: "b4:96:91:63:3b:9c" -mac3: "b4:96:91:63:3b:9d" -mac4: "b4:96:91:63:3b:9e" -mac5: "b4:96:91:63:3b:9f" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}" - dhcp4: no - dns: - - 8.8.8.8 - - 8.8.4.4 - - 2001:4860:4860::8888 - dns_search: - - fedoraproject.org - - vpn.fedoraproject.org - - rdu-cc.fedoraproject.org - gateway4: "{{ br0_ipv4_gw }}" - gateway6: "{{ br0_ipv6_gw }}" - name: br0 - state: up - type: bridge - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet diff --git a/inventory/host_vars/vmhost-x86-copr03.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-x86-copr03.rdu-cc.fedoraproject.org deleted file mode 100644 index 7722445067..0000000000 --- a/inventory/host_vars/vmhost-x86-copr03.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,46 +0,0 @@ ---- -br0_ipv4: 8.43.85.59 -br0_ipv4_gw: "{{ gw }}" -br0_ipv4_nm: 24 -br0_ipv6: "2620:52:3:1:dead:beef:cafe:c003" -br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -br0_ipv6_nm: 64 -br0_port0_mac: "{{ mac0 }}" -datacenter: rdu-cc -dns: 8.8.8.8 -gw: 8.43.85.254 -has_ipv4: yes -has_ipv6: yes -mac0: "f4:02:70:d3:42:48" -mac1: "f4:02:70:d3:42:49" -mac2: "b0:26:28:d1:dd:c0" -mac3: "b0:26:28:d1:dd:c1" -mac4: "b4:96:91:63:3b:50" -mac5: "b4:96:91:63:3b:51" -mac6: "b4:96:91:63:3b:52" -mac7: "b4:96:91:63:3b:53" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}" - dhcp4: no - dns: - - 8.8.8.8 - - 8.8.4.4 - - 2001:4860:4860::8888 - dns_search: - - fedoraproject.org - - vpn.fedoraproject.org - - rdu-cc.fedoraproject.org - gateway4: "{{ br0_ipv4_gw }}" - gateway6: "{{ br0_ipv6_gw }}" - name: br0 - state: up - type: bridge - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet diff --git a/inventory/host_vars/vmhost-x86-copr04.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-x86-copr04.rdu-cc.fedoraproject.org deleted file mode 100644 index 2b0d24b6bd..0000000000 --- a/inventory/host_vars/vmhost-x86-copr04.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,46 +0,0 @@ ---- -br0_ipv4: 8.43.85.60 -br0_ipv4_gw: "{{ gw }}" -br0_ipv4_nm: 24 -br0_ipv6: "2620:52:3:1:dead:beef:cafe:c004" -br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -br0_ipv6_nm: 64 -br0_port0_mac: "{{ mac0 }}" -datacenter: rdu-cc -dns: 8.8.8.8 -gw: 8.43.85.254 -has_ipv4: yes -has_ipv6: yes -mac0: "70:b5:e8:d0:a4:06" -mac1: "70:b5:e8:d0:a4:07" -mac2: "b0:26:28:d1:e0:f0" -mac3: "b0:26:28:d1:e0:f1" -mac4: "b4:96:91:63:3a:a0" -mac5: "b4:96:91:63:3a:a1" -mac6: "b4:96:91:63:3a:a2" -mac7: "b4:96:91:63:3a:a3" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}" - dhcp4: no - dns: - - 8.8.8.8 - - 8.8.4.4 - - 2001:4860:4860::8888 - dns_search: - - fedoraproject.org - - vpn.fedoraproject.org - - rdu-cc.fedoraproject.org - gateway4: "{{ br0_ipv4_gw }}" - gateway6: "{{ br0_ipv6_gw }}" - name: br0 - state: up - type: bridge - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet diff --git a/inventory/host_vars/waiverdb-dev.fedorainfracloud.org b/inventory/host_vars/waiverdb-dev.fedorainfracloud.org new file mode 100644 index 0000000000..aad3add4fc --- /dev/null +++ b/inventory/host_vars/waiverdb-dev.fedorainfracloud.org @@ -0,0 +1,19 @@ +--- +image: "{{ fedora25_x86_64 }}" +instance_type: m1.medium +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,all-icmp-persistent,default,web-80-anywhere-persistent,web-443-anywhere-persistent +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: waverdb-dev +hostbase: waverdb-dev +public_ip: 209.132.184.51 +root_auth_users: mjia +description: waverdb development instance +deployment_type: dev + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" diff --git a/inventory/host_vars/wiki01.iad2.fedoraproject.org b/inventory/host_vars/wiki01.iad2.fedoraproject.org deleted file mode 100644 index 9167a6af62..0000000000 --- a/inventory/host_vars/wiki01.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.83 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -vmhost: vmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/wiki01.phx2.fedoraproject.org b/inventory/host_vars/wiki01.phx2.fedoraproject.org new file mode 100644 index 0000000000..901d71bb6b --- /dev/null +++ b/inventory/host_vars/wiki01.phx2.fedoraproject.org @@ -0,0 +1,11 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_virthost03 +eth0_ip: 10.5.126.63 +eth1_ip: 10.5.127.43 +vmhost: virthost03.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/wiki01.stg.iad2.fedoraproject.org b/inventory/host_vars/wiki01.stg.iad2.fedoraproject.org deleted file mode 100644 index ad1c395801..0000000000 --- a/inventory/host_vars/wiki01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.24 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -vmhost: vmhost-x86-07.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/wiki01.stg.phx2.fedoraproject.org b/inventory/host_vars/wiki01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..b8ce930bf2 --- /dev/null +++ b/inventory/host_vars/wiki01.stg.phx2.fedoraproject.org @@ -0,0 +1,11 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.188 +eth1_ip: 10.5.127.42 +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/wiki02.iad2.fedoraproject.org b/inventory/host_vars/wiki02.iad2.fedoraproject.org deleted file mode 100644 index 30fac28220..0000000000 --- a/inventory/host_vars/wiki02.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.102 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -vmhost: vmhost-x86-06.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/wiki02.phx2.fedoraproject.org b/inventory/host_vars/wiki02.phx2.fedoraproject.org new file mode 100644 index 0000000000..a1d626e2d9 --- /dev/null +++ b/inventory/host_vars/wiki02.phx2.fedoraproject.org @@ -0,0 +1,11 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_virthost01 +eth0_ip: 10.5.126.73 +eth1_ip: 10.5.127.44 +vmhost: virthost01.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/worker01.ocp.iad2.fedoraproject.org b/inventory/host_vars/worker01.ocp.iad2.fedoraproject.org deleted file mode 100644 index c4c1ae4720..0000000000 --- a/inventory/host_vars/worker01.ocp.iad2.fedoraproject.org +++ /dev/null @@ -1,45 +0,0 @@ ---- -arch: x86_64 -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.163.123 -eth0_ipv4_gw: 10.3.163.254 -freezes: true -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -install_dev: /dev/sda -mac0: "68:05:CA:CE:A3:C9" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -pxe_bootdev: eno34 -rhcos_ignition_file_url: "http://10.3.163.65/rhcos/worker.ign" -rhcos_initrd_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-initramfs.x86_64.img" -rhcos_install_img_url: "http://10.3.163.165/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.163.65/rhcos/" -rhcos_kernel_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-kernel.x86_64" -vpn: true diff --git a/inventory/host_vars/worker01.ocp.stg.iad2.fedoraproject.org b/inventory/host_vars/worker01.ocp.stg.iad2.fedoraproject.org deleted file mode 100644 index 86824e03f8..0000000000 --- a/inventory/host_vars/worker01.ocp.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,46 +0,0 @@ ---- -arch: x86_64 -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.166.118 -eth0_ipv4_gw: 10.3.166.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -install_dev: /dev/sda -mac0: "68:05:CA:CE:A2:AC" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -pxe_bootdev: eno1 -rhcos_ignition_file_url: "http://10.3.166.50/rhcos/worker.ign" -rhcos_initrd_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-initramfs.x86_64.img" -rhcos_install_img_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.166.50/rhcos/" -rhcos_kernel_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-kernel.x86_64" -vpn: true diff --git a/inventory/host_vars/worker02.ocp.iad2.fedoraproject.org b/inventory/host_vars/worker02.ocp.iad2.fedoraproject.org deleted file mode 100644 index 4dc18fd9e6..0000000000 --- a/inventory/host_vars/worker02.ocp.iad2.fedoraproject.org +++ /dev/null @@ -1,45 +0,0 @@ ---- -arch: x86_64 -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.163.124 -eth0_ipv4_gw: 10.3.163.254 -freezes: true -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -install_dev: /dev/sda -mac0: "68:05:CA:CE:A2:90" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -pxe_bootdev: eno33 -rhcos_ignition_file_url: "http://10.3.163.65/rhcos/worker.ign" -rhcos_initrd_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-initramfs.x86_64.img" -rhcos_install_img_url: "http://10.3.163.165/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.163.65/rhcos/" -rhcos_kernel_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-kernel.x86_64" -vpn: true diff --git a/inventory/host_vars/worker02.ocp.stg.iad2.fedoraproject.org b/inventory/host_vars/worker02.ocp.stg.iad2.fedoraproject.org deleted file mode 100644 index 7eaa05016b..0000000000 --- a/inventory/host_vars/worker02.ocp.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,46 +0,0 @@ ---- -arch: x86_64 -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.166.119 -eth0_ipv4_gw: 10.3.166.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -install_dev: /dev/sda -mac0: "68:05:CA:CE:A3:24" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -pxe_bootdev: eno1 -rhcos_ignition_file_url: "http://10.3.166.50/rhcos/worker.ign" -rhcos_initrd_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-initramfs.x86_64.img" -rhcos_install_img_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.166.50/rhcos/" -rhcos_kernel_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-kernel.x86_64" -vpn: true diff --git a/inventory/host_vars/worker03.ocp.iad2.fedoraproject.org b/inventory/host_vars/worker03.ocp.iad2.fedoraproject.org deleted file mode 100644 index 3d3c053440..0000000000 --- a/inventory/host_vars/worker03.ocp.iad2.fedoraproject.org +++ /dev/null @@ -1,45 +0,0 @@ ---- -arch: x86_64 -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.163.125 -eth0_ipv4_gw: 10.3.163.254 -freezes: true -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -install_dev: /dev/sda -mac0: "68:05:CA:CE:A7:4C" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -pxe_bootdev: eno33 -rhcos_ignition_file_url: "http://10.3.163.65/rhcos/worker.ign" -rhcos_initrd_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-initramfs.x86_64.img" -rhcos_install_img_url: "http://10.3.163.165/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.163.65/rhcos/" -rhcos_kernel_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-kernel.x86_64" -vpn: true diff --git a/inventory/host_vars/worker03.ocp.stg.iad2.fedoraproject.org b/inventory/host_vars/worker03.ocp.stg.iad2.fedoraproject.org deleted file mode 100644 index 70910cf34e..0000000000 --- a/inventory/host_vars/worker03.ocp.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,46 +0,0 @@ ---- -arch: x86_64 -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.166.120 -eth0_ipv4_gw: 10.3.166.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -install_dev: /dev/sda -mac0: "68:05:CA:CE:A5:10" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -pxe_bootdev: eno1 -rhcos_ignition_file_url: "http://10.3.166.50/rhcos/worker.ign" -rhcos_initrd_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-initramfs.x86_64.img" -rhcos_install_img_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.166.50/rhcos/" -rhcos_kernel_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-kernel.x86_64" -vpn: true diff --git a/inventory/host_vars/worker04.ocp.iad2.fedoraproject.org b/inventory/host_vars/worker04.ocp.iad2.fedoraproject.org deleted file mode 100644 index b92f7107f7..0000000000 --- a/inventory/host_vars/worker04.ocp.iad2.fedoraproject.org +++ /dev/null @@ -1,45 +0,0 @@ ---- -arch: x86_64 -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.163.127 -eth0_ipv4_gw: 10.3.163.254 -freezes: true -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -install_dev: /dev/sda -mac0: "24:6E:96:B0:E0:78" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -pxe_bootdev: eno34 -rhcos_ignition_file_url: "http://10.3.163.65/rhcos/worker.ign" -rhcos_initrd_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-initramfs.x86_64.img" -rhcos_install_img_url: "http://10.3.163.165/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.163.65/rhcos/" -rhcos_kernel_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-kernel.x86_64" -vpn: true diff --git a/inventory/host_vars/worker04.ocp.stg.iad2.fedoraproject.org b/inventory/host_vars/worker04.ocp.stg.iad2.fedoraproject.org deleted file mode 100644 index 798b054772..0000000000 --- a/inventory/host_vars/worker04.ocp.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,48 +0,0 @@ ---- -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.166.122 -eth0_ipv4_gw: 10.3.166.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -lvm_size: 120g -mac0: "{{ ansible_default_ipv4.macaddress }}" -max_mem_size: 16384 -mem_size: 16384 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 4 -rhcos_ignition_file_url: "http://10.3.166.50/rhcos/worker.ign" -rhcos_install_img_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.166.50/rhcos/" -virt_install_command: "{{ virt_install_command_pxe_rhcos }}" -vmhost: vmhost-x86-06.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/worker05.ocp.iad2.fedoraproject.org b/inventory/host_vars/worker05.ocp.iad2.fedoraproject.org deleted file mode 100644 index 941abed8b9..0000000000 --- a/inventory/host_vars/worker05.ocp.iad2.fedoraproject.org +++ /dev/null @@ -1,45 +0,0 @@ ---- -arch: x86_64 -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.163.128 -eth0_ipv4_gw: 10.3.163.254 -freezes: true -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -install_dev: /dev/sda -mac0: "24:6E:96:B1:4C:70" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -pxe_bootdev: eno34 -rhcos_ignition_file_url: "http://10.3.163.65/rhcos/worker.ign" -rhcos_initrd_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-initramfs.x86_64.img" -rhcos_install_img_url: "http://10.3.163.165/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.163.65/rhcos/" -rhcos_kernel_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-kernel.x86_64" -vpn: true diff --git a/inventory/host_vars/worker05.ocp.stg.iad2.fedoraproject.org b/inventory/host_vars/worker05.ocp.stg.iad2.fedoraproject.org deleted file mode 100644 index 0f76eb6f63..0000000000 --- a/inventory/host_vars/worker05.ocp.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,48 +0,0 @@ ---- -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.166.123 -eth0_ipv4_gw: 10.3.166.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -lvm_size: 120g -mac0: "{{ ansible_default_ipv4.macaddress }}" -max_mem_size: 16384 -mem_size: 16384 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 4 -rhcos_ignition_file_url: "http://10.3.166.50/rhcos/worker.ign" -rhcos_install_img_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.166.50/rhcos/" -virt_install_command: "{{ virt_install_command_pxe_rhcos }}" -vmhost: vmhost-x86-07.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/worker06.ocp.iad2.fedoraproject.org b/inventory/host_vars/worker06.ocp.iad2.fedoraproject.org deleted file mode 100644 index 82ebf86618..0000000000 --- a/inventory/host_vars/worker06.ocp.iad2.fedoraproject.org +++ /dev/null @@ -1,45 +0,0 @@ ---- -arch: x86_64 -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.163.129 -eth0_ipv4_gw: 10.3.163.254 -freezes: true -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -install_dev: /dev/sda -mac0: "24:6E:96:B1:5E:B0" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -pxe_bootdev: eno34 -rhcos_ignition_file_url: "http://10.3.163.65/rhcos/worker.ign" -rhcos_initrd_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-initramfs.x86_64.img" -rhcos_install_img_url: "http://10.3.163.165/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.163.65/rhcos/" -rhcos_kernel_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-kernel.x86_64" -vpn: true diff --git a/inventory/host_vars/zabbix01.iad2.fedoraproject.org b/inventory/host_vars/zabbix01.iad2.fedoraproject.org deleted file mode 100644 index 9b0d4dda5c..0000000000 --- a/inventory/host_vars/zabbix01.iad2.fedoraproject.org +++ /dev/null @@ -1,9 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.198 -eth0_nm: 255.255.255.0 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-05.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/zabbix01.stg.iad2.fedoraproject.org b/inventory/host_vars/zabbix01.stg.iad2.fedoraproject.org deleted file mode 100644 index 15be434116..0000000000 --- a/inventory/host_vars/zabbix01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,9 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.61 -eth0_nm: 255.255.255.0 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-07.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/zanata2fedmsg01.phx2.fedoraproject.org b/inventory/host_vars/zanata2fedmsg01.phx2.fedoraproject.org new file mode 100644 index 0000000000..5b67978206 --- /dev/null +++ b/inventory/host_vars/zanata2fedmsg01.phx2.fedoraproject.org @@ -0,0 +1,21 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +vmhost: virthost22.phx2.fedoraproject.org +datacenter: phx2 + +tcp_ports: ['80'] + +eth0_ip: 10.5.126.196 +csi_relationship: | + zanata2fedmsg is a tiny webapp that receives a webhook POST from + fedora.zanata.org and then republishes that data to our fedmsg bus. + + It also has a cronjob that periodically wakes up, logs into + fedora.zanata.org and adds our webhook URL to all projects where it is + absent. diff --git a/inventory/host_vars/zanata2fedmsg01.stg.phx2.fedoraproject.org b/inventory/host_vars/zanata2fedmsg01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..ef5220a531 --- /dev/null +++ b/inventory/host_vars/zanata2fedmsg01.stg.phx2.fedoraproject.org @@ -0,0 +1,21 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost16 +vmhost: virthost16.phx2.fedoraproject.org +datacenter: phx2 + +tcp_ports: ['80'] + +eth0_ip: 10.5.128.189 +csi_relationship: | + zanata2fedmsg is a tiny webapp that receives a webhook POST from + fedora.zanata.org and then republishes that data to our fedmsg bus. + + It also has a cronjob that periodically wakes up, logs into + fedora.zanata.org and adds our webhook URL to all projects where it is + absent. diff --git a/inventory/inventory b/inventory/inventory index 3cc8eab2c1..358196a7af 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -1,700 +1,1241 @@ -[rabbitmq] -rabbitmq01.iad2.fedoraproject.org -rabbitmq02.iad2.fedoraproject.org -rabbitmq03.iad2.fedoraproject.org +[beaker] +beaker01.qa.fedoraproject.org -[rabbitmq_stg] -rabbitmq01.stg.iad2.fedoraproject.org -rabbitmq02.stg.iad2.fedoraproject.org -rabbitmq03.stg.iad2.fedoraproject.org +[beaker-stg] +beaker-stg01.qa.fedoraproject.org -[releng_compose] -compose-branched01.iad2.fedoraproject.org -compose-iot01.iad2.fedoraproject.org -compose-rawhide01.iad2.fedoraproject.org -compose-x86-01.iad2.fedoraproject.org +[beaker-virthosts] +qa02.qa.fedoraproject.org +qa08.qa.fedoraproject.org +qa04.qa.fedoraproject.org -[releng_compose_eln] -compose-eln01.iad2.fedoraproject.org +[qa-prod] +qa-prod01.qa.fedoraproject.org -[releng_compose_riscv] -compose-x86-riscv01.iad2.fedoraproject.org +[qa-stg] +qa-stg01.qa.fedoraproject.org:222 -[releng_compose_stg] -compose-x86-01.stg.iad2.fedoraproject.org +[arm-packager] +arm03-packager00.cloud.fedoraproject.org +arm03-packager01.cloud.fedoraproject.org + +[arm-qa] +arm03-qa00.cloud.fedoraproject.org +arm03-qa01.cloud.fedoraproject.org + +[releng-compose] +compose-x86-01.phx2.fedoraproject.org +compose-x86-02.phx2.fedoraproject.org +branched-composer.phx2.fedoraproject.org +rawhide-composer.phx2.fedoraproject.org + +[releng-secondary] +compose-ppc64-01.ppc.fedoraproject.org +compose-ppc64le-01.ppc.fedoraproject.org +compose-s390-01.s390.fedoraproject.org + +[releng-stg] +composer.stg.phx2.fedoraproject.org [retrace] -retrace03.rdu-cc.fedoraproject.org +retrace01.qa.fedoraproject.org +retrace02.qa.fedoraproject.org -[gdpr_delete] +[retrace-stg] +retrace01.stg.phx2.fedoraproject.org [certgetter] -certgetter01.iad2.fedoraproject.org +certgetter01.phx2.fedoraproject.org + +[faf-stg] +faf01.stg.phx2.fedoraproject.org + +[freshmaker-frontend] +# not prod yet, until patrick finishes his audit. +# https://pagure.io/fedora-infrastructure/issue/6183 +#freshmaker-frontend01.phx2.fedoraproject.org + +[freshmaker-frontend-stg] +freshmaker-frontend01.stg.phx2.fedoraproject.org + +[freshmaker-backend] +# not prod yet, until patrick finishes his audit. +# https://pagure.io/fedora-infrastructure/issue/6183 +#freshmaker-backend01.phx2.fedoraproject.org + +[freshmaker-backend-stg] +freshmaker-backend01.stg.phx2.fedoraproject.org + +[freshmaker-stg:children] +freshmaker-frontend-stg +freshmaker-backend-stg + +[freshmaker:children] +# not prod yet, until patrick finishes his audit. +# https://pagure.io/fedora-infrastructure/issue/6183 +#freshmaker-frontend +#freshmaker-backend + +[ask] +ask01.phx2.fedoraproject.org +ask02.phx2.fedoraproject.org + +[ask-stg] +ask01.stg.phx2.fedoraproject.org [backup] -backup01.iad2.fedoraproject.org +backup01.phx2.fedoraproject.org + +[badges-backend] +badges-backend01.phx2.fedoraproject.org + +[badges-backend-stg] +badges-backend01.stg.phx2.fedoraproject.org + +[badges-web] +badges-web01.phx2.fedoraproject.org +badges-web02.phx2.fedoraproject.org + +[badges-web-stg] +badges-web01.stg.phx2.fedoraproject.org [basset] +basset01.phx2.fedoraproject.org -[basset_stg] -# basset01.stg.iad2.fedoraproject.org +[basset-stg] +basset01.stg.phx2.fedoraproject.org [bastion] -bastion01.iad2.fedoraproject.org -bastion02.iad2.fedoraproject.org -bastion01.rdu3.fedoraproject.org +bastion01.phx2.fedoraproject.org +bastion02.phx2.fedoraproject.org +bastion-comm01.qa.fedoraproject.org -[bastion_stg] -# bastion01.stg.iad2.fedoraproject.org +[blockerbugs] +blockerbugs01.phx2.fedoraproject.org +blockerbugs02.phx2.fedoraproject.org -[bastion_iad2] -bastion01.iad2.fedoraproject.org -bastion02.iad2.fedoraproject.org +[blockerbugs-stg] +blockerbugs01.stg.phx2.fedoraproject.org -[bastion_rdu3] -bastion01.rdu3.fedoraproject.org +[bodhi2] +bodhi03.phx2.fedoraproject.org +bodhi04.phx2.fedoraproject.org -[centos_ipa_client_stg] -centos-ipa-client01.stg.iad2.fedoraproject.org -centos-ipa-client02.stg.iad2.fedoraproject.org -centos-ipa-client03.stg.iad2.fedoraproject.org -centos-ipa-client04.stg.iad2.fedoraproject.org +[bodhi2-stg] +bodhi01.stg.phx2.fedoraproject.org -#[data_reports] -#data-reports01.iad2.fedoraproject.org +[bugyou] +bugyou01.phx2.fedoraproject.org + +[bugyou-stg] +bugyou01.stg.phx2.fedoraproject.org + +[bugzilla2fedmsg] +bugzilla2fedmsg01.phx2.fedoraproject.org + +[bugzilla2fedmsg-stg] +bugzilla2fedmsg01.stg.phx2.fedoraproject.org [bvirthost] -# bvirthost01.stg.iad2.fedoraproject.org -bvmhost-x86-01.iad2.fedoraproject.org -bvmhost-x86-02.iad2.fedoraproject.org -bvmhost-x86-03.iad2.fedoraproject.org -bvmhost-x86-04.iad2.fedoraproject.org -bvmhost-x86-05.iad2.fedoraproject.org -bvmhost-x86-06.iad2.fedoraproject.org -bvmhost-x86-07.iad2.fedoraproject.org -bvmhost-x86-01.stg.iad2.fedoraproject.org -bvmhost-x86-02.stg.iad2.fedoraproject.org -bvmhost-x86-03.stg.iad2.fedoraproject.org -bvmhost-x86-05.stg.iad2.fedoraproject.org -bvmhost-x86-riscv01.iad2.fedoraproject.org +bvirthost01.phx2.fedoraproject.org +bvirthost02.phx2.fedoraproject.org +bvirthost03.phx2.fedoraproject.org +bvirthost04.phx2.fedoraproject.org +bvirthost05.phx2.fedoraproject.org +bvirthost06.phx2.fedoraproject.org +bvirthost08.phx2.fedoraproject.org +bvirthost09.phx2.fedoraproject.org +bvirthost10.phx2.fedoraproject.org +bvirthost11.phx2.fedoraproject.org -[colo_virt] +[colo-virt] +coloamer01.fedoraproject.org dedicatedsolutions01.fedoraproject.org -ibiblio02.fedoraproject.org +ibiblio01.fedoraproject.org +ibiblio04.fedoraproject.org ibiblio05.fedoraproject.org -internetx02.fedoraproject.org +internetx01.fedoraproject.org +osuosl01.fedoraproject.org osuosl02.fedoraproject.org -vmhost-x86-cc01.rdu-cc.fedoraproject.org -vmhost-x86-cc02.rdu-cc.fedoraproject.org -vmhost-x86-cc03.rdu-cc.fedoraproject.org -vmhost-x86-cc06.rdu-cc.fedoraproject.org -vmhost-x86-cc05.rdu-cc.fedoraproject.org +osuosl03.fedoraproject.org +tummy01.fedoraproject.org +virthost-rdu01.fedoraproject.org +virthost-cc-rdu01.fedoraproject.org -[ibiblio_virt] -ibiblio02.fedoraproject.org -ibiblio05.fedoraproject.org +[datagrepper] +datagrepper01.phx2.fedoraproject.org +datagrepper02.phx2.fedoraproject.org -[flatpak_cache] -flatpak-cache01.iad2.fedoraproject.org +[datagrepper-stg] +datagrepper01.stg.phx2.fedoraproject.org + +[fedimg] +fedimg01.phx2.fedoraproject.org + +[fedimg-stg] +fedimg01.stg.phx2.fedoraproject.org + +[busgateway] +busgateway01.phx2.fedoraproject.org + +[busgateway-stg] +busgateway01.stg.phx2.fedoraproject.org + +[fedocal] +fedocal01.phx2.fedoraproject.org +fedocal02.phx2.fedoraproject.org + +[fedocal-stg] +fedocal01.stg.phx2.fedoraproject.org + +[github2fedmsg] +github2fedmsg01.phx2.fedoraproject.org + +[github2fedmsg-stg] +github2fedmsg01.stg.phx2.fedoraproject.org [mailman] -mailman01.iad2.fedoraproject.org +mailman01.phx2.fedoraproject.org +mailman02.phx2.fedoraproject.org -[mailman_stg] -mailman01.stg.iad2.fedoraproject.org +[mailman-stg] +mailman01.stg.phx2.fedoraproject.org -[bodhi_backend] +[mbs-frontend] +mbs-frontend01.phx2.fedoraproject.org +mbs-frontend02.phx2.fedoraproject.org + +[mbs-frontend-stg] +mbs-frontend01.stg.phx2.fedoraproject.org +mbs-frontend02.stg.phx2.fedoraproject.org + +[mbs-backend] +mbs-backend01.phx2.fedoraproject.org + +[mbs-backend-stg] +mbs-backend01.stg.phx2.fedoraproject.org + +[mbs:children] +mbs-frontend +mbs-backend + +[mbs-stg:children] +mbs-frontend-stg +mbs-backend-stg + +[mdapi] +mdapi01.phx2.fedoraproject.org + +[mdapi-stg] +mdapi01.stg.phx2.fedoraproject.org + +[modernpaste] +modernpaste01.phx2.fedoraproject.org +modernpaste02.phx2.fedoraproject.org + +[modernpaste-stg] +modernpaste01.stg.phx2.fedoraproject.org + +[bodhi-backend] # This one handles the mashing/releng stuff -bodhi-backend01.iad2.fedoraproject.org +bodhi-backend01.phx2.fedoraproject.org +# This one handles the offline updates work like checking bugs, wiki test cases, +# tagging stuff in koji, etc. A worker for the frontend to try and make things +# faster. +bodhi-backend02.phx2.fedoraproject.org -[bodhi_backend_stg] -bodhi-backend01.stg.iad2.fedoraproject.org +[bodhi-backend-stg] +bodhi-backend01.stg.phx2.fedoraproject.org -[sign_bridge] -sign-bridge01.iad2.fedoraproject.org -sign-bridge01.stg.iad2.fedoraproject.org +[sign-bridge] +sign-bridge01.phx2.fedoraproject.org +sign-bridge01.stg.phx2.fedoraproject.org +secondary-bridge01.phx2.fedoraproject.org # # sign vault servers don't listen to ssh by default. # -[sign_vault] -sign-vault01.stg.iad2.fedoraproject.org -sign-vault01.iad2.fedoraproject.org -sign-vault02.iad2.fedoraproject.org +[sign-vault] +#sign-vault03.phx2.fedoraproject.org +#sign-vault04.phx2.fedoraproject.org +#secondary-vault01.phx2.fedoraproject.org +#sign-vault01.stg.phx2.fedoraproject.org + +[autocloud-web] +autocloud-web01.phx2.fedoraproject.org +autocloud-web02.phx2.fedoraproject.org + +[autocloud-web-stg] +autocloud-web01.stg.phx2.fedoraproject.org +autocloud-web02.stg.phx2.fedoraproject.org + +[autocloud-backend:children] +autocloud-backend-libvirt +autocloud-backend-vbox + +[autocloud-backend-libvirt] +autocloud-backend-libvirt2.phx2.fedoraproject.org + +[autocloud-backend-vbox] +autocloud-backend-vbox2.phx2.fedoraproject.org + +[autocloud-backend-stg:children] +autocloud-backend-libvirt-stg +autocloud-backend-vbox-stg + +[autocloud-backend-libvirt-stg] +autocloud-backend01.stg.phx2.fedoraproject.org + +[autocloud-backend-vbox-stg] +autocloud-backend02.stg.phx2.fedoraproject.org [autosign] -autosign02.iad2.fedoraproject.org +autosign01.phx2.fedoraproject.org -[autosign_stg] -autosign01.stg.iad2.fedoraproject.org +[autosign-stg] +autosign01.stg.phx2.fedoraproject.org + +[darkserver] +darkserver02.phx2.fedoraproject.org + +[darkserver-web-stg] +darkserver-web01.stg.phx2.fedoraproject.org +darkserver-web02.stg.phx2.fedoraproject.org + +[darkserver-backend-stg] +darkserver-backend01.stg.phx2.fedoraproject.org [dbserver] -db01.iad2.fedoraproject.org -db03.iad2.fedoraproject.org -db-fas01.iad2.fedoraproject.org -db-datanommer02.iad2.fedoraproject.org -db-koji01.iad2.fedoraproject.org -db-openqa01.iad2.fedoraproject.org -db-riscv-koji01.iad2.fedoraproject.org +db01.phx2.fedoraproject.org +db03.phx2.fedoraproject.org +db-fas01.phx2.fedoraproject.org +db-datanommer02.phx2.fedoraproject.org +db-koji01.phx2.fedoraproject.org +db-s390-koji01.s390.fedoraproject.org +db-arm-koji01.qa.fedoraproject.org +db-ppc-koji01.ppc.fedoraproject.org +db-qa01.qa.fedoraproject.org +db-qa02.qa.fedoraproject.org +db-qa-stg01.qa.fedoraproject.org -[dbserver_stg] -db-fas01.stg.iad2.fedoraproject.org -db01.stg.iad2.fedoraproject.org -db03.stg.iad2.fedoraproject.org -db-datanommer01.stg.iad2.fedoraproject.org -db-koji01.stg.iad2.fedoraproject.org -db.stg.aws.fedoraproject.org +[dbserver-stg] +db-fas01.stg.phx2.fedoraproject.org +db01.stg.phx2.fedoraproject.org +db03.stg.phx2.fedoraproject.org -[datanommer_dbserver] -db-datanommer02.iad2.fedoraproject.org +# postgresql bidirectional replication servers +[pgbdr] -[datanommer_dbserver_stg] -db-datanommer01.stg.iad2.fedoraproject.org +# postgresql bidirectional replication servers (stg) +[pgbdr-stg] +db-koji01.stg.phx2.fedoraproject.org +db-koji02.stg.phx2.fedoraproject.org +pgbdr01.stg.phx2.fedoraproject.org +pgbdr02.stg.phx2.fedoraproject.org # clients that talk to the main postgres servers -[postgres_clients] +[postgres-clients] # clients that talk to the main postgres stg servers -[postgres_clients_stg] -bodhi-backend01.stg.iad2.fedoraproject.org -koji01.stg.iad2.fedoraproject.org +[postgres-clients-stg] +badges-backend01.stg.phx2.fedoraproject.org +badges-web01.stg.phx2.fedoraproject.org +blockerbugs01.stg.phx2.fedoraproject.org +bodhi01.stg.phx2.fedoraproject.org +bodhi-backend01.stg.phx2.fedoraproject.org +busgateway01.stg.phx2.fedoraproject.org +datagrepper01.stg.phx2.fedoraproject.org +elections01.stg.phx2.fedoraproject.org +fedocal01.stg.phx2.fedoraproject.org +koji01.stg.phx2.fedoraproject.org +koschei-backend01.stg.phx2.fedoraproject.org +koschei-web01.stg.phx2.fedoraproject.org -[download_iad2] -dl01.iad2.fedoraproject.org -dl02.iad2.fedoraproject.org -dl03.iad2.fedoraproject.org -dl04.iad2.fedoraproject.org -dl05.iad2.fedoraproject.org +[download-phx2] +download01.phx2.fedoraproject.org +download02.phx2.fedoraproject.org +download03.phx2.fedoraproject.org +download04.phx2.fedoraproject.org +download05.phx2.fedoraproject.org -[download_ibiblio] +[download-ibiblio] download-ib01.fedoraproject.org -[download_cc_rdu] -download-cc-rdu01.fedoraproject.org +#[download-rdu2] +#download-rdu01.fedoraproject.org [download_tier1] -dl04.iad2.fedoraproject.org -dl05.iad2.fedoraproject.org +download04.phx2.fedoraproject.org +download05.phx2.fedoraproject.org +#download-rdu01.fedoraproject.org [download:children] -download_ibiblio -download_cc_rdu -download_iad2 +download-phx2 +download-ibiblio +#download-rdu2 + +[elections] +elections01.phx2.fedoraproject.org +elections02.phx2.fedoraproject.org + +[elections-stg] +elections01.stg.phx2.fedoraproject.org [fas] -# fas01.phx2.fedoraproject.org +fas01.phx2.fedoraproject.org +fas02.phx2.fedoraproject.org +fas03.phx2.fedoraproject.org -[fas_stg] -# fas01.stg.iad2.fedoraproject.org +[fas-stg] +fas01.stg.phx2.fedoraproject.org -[kernel_qa] -kernel02.iad2.fedoraproject.org +[fas3-stg] +fas3-01.stg.phx2.fedoraproject.org + +[hotness] +hotness01.phx2.fedoraproject.org + +[hotness-stg] +hotness01.stg.phx2.fedoraproject.org + +[kerneltest] +kerneltest01.phx2.fedoraproject.org + +[kerneltest-stg] +kerneltest01.stg.phx2.fedoraproject.org + +[kernel-qa] +kernel01.qa.fedoraproject.org +kernel02.qa.fedoraproject.org + +[keys] +keys02.fedoraproject.org [koji] -koji01.iad2.fedoraproject.org -koji02.iad2.fedoraproject.org +koji01.phx2.fedoraproject.org +koji02.phx2.fedoraproject.org +s390-koji01.s390.fedoraproject.org +arm-koji01.qa.fedoraproject.org +ppc-koji01.ppc.fedoraproject.org -[koji_riscv] -riscv-koji01.iad2.fedoraproject.org - -[koji_stg] -koji01.stg.iad2.fedoraproject.org +[koji-stg] +koji01.stg.phx2.fedoraproject.org [kojipkgs] -kojipkgs01.iad2.fedoraproject.org -kojipkgs02.iad2.fedoraproject.org +kojipkgs01.phx2.fedoraproject.org +kojipkgs02.phx2.fedoraproject.org + +[koschei-backend] +koschei-backend01.phx2.fedoraproject.org + +[koschei-backend-stg] +koschei-backend01.stg.phx2.fedoraproject.org + +[koschei-web] +koschei-web01.phx2.fedoraproject.org + +[koschei-web-stg] +koschei-web01.stg.phx2.fedoraproject.org [infracore] -batcave01.iad2.fedoraproject.org -log01.iad2.fedoraproject.org -noc01.iad2.fedoraproject.org +batcave01.phx2.fedoraproject.org +log01.phx2.fedoraproject.org +noc01.phx2.fedoraproject.org noc02.fedoraproject.org -noc-cc01.rdu-cc.fedoraproject.org +data-analysis01.phx2.fedoraproject.org [logging] -log01.iad2.fedoraproject.org +log01.phx2.fedoraproject.org [batcave] -batcave01.iad2.fedoraproject.org -#batcave13.rdu2.fedoraproject.org - -[batcave_iad2] -batcave01.iad2.fedoraproject.org +batcave01.phx2.fedoraproject.org [ipa] -ipa01.iad2.fedoraproject.org -ipa02.iad2.fedoraproject.org -ipa03.iad2.fedoraproject.org +ipa01.phx2.fedoraproject.org +ipa02.phx2.fedoraproject.org -[ipa_stg] -ipa01.stg.iad2.fedoraproject.org -ipa02.stg.iad2.fedoraproject.org -ipa03.stg.iad2.fedoraproject.org - -[ipsilon_stg] -ipsilon01.stg.iad2.fedoraproject.org +[ipa-stg] +ipa01.stg.phx2.fedoraproject.org [ipsilon] -ipsilon01.iad2.fedoraproject.org -ipsilon02.iad2.fedoraproject.org +ipsilon01.phx2.fedoraproject.org +ipsilon02.phx2.fedoraproject.org + +[ipsilon-stg] +ipsilon01.stg.phx2.fedoraproject.org + +[ipsilon-dev] +iddev.fedorainfracloud.org + +[dhcp] +dhcp01.phx2.fedoraproject.org [nagios] -noc01.iad2.fedoraproject.org +noc01.phx2.fedoraproject.org noc02.fedoraproject.org -noc01.rdu3.fedoraproject.org -[nagios_iad2] -noc01.iad2.fedoraproject.org +[notifs-backend] +notifs-backend01.phx2.fedoraproject.org -[nagios_rdu3] -noc01.rdu3.fedoraproject.org +[notifs-backend-stg] +notifs-backend01.stg.phx2.fedoraproject.org -[noc_rdu_cc] -noc-cc01.rdu-cc.fedoraproject.org +[notifs-web] +notifs-web01.phx2.fedoraproject.org +notifs-web02.phx2.fedoraproject.org + +[notifs-web-stg] +notifs-web01.stg.phx2.fedoraproject.org +notifs-web02.stg.phx2.fedoraproject.org + +[nuancier] +nuancier01.phx2.fedoraproject.org +nuancier02.phx2.fedoraproject.org + +[nuancier-stg] +nuancier01.stg.phx2.fedoraproject.org +nuancier02.stg.phx2.fedoraproject.org [memcached] -memcached02.iad2.fedoraproject.org +memcached01.phx2.fedoraproject.org +memcached02.phx2.fedoraproject.org -[memcached_stg] -memcached02.stg.iad2.fedoraproject.org +[memcached-stg] +memcached01.stg.phx2.fedoraproject.org -[mirrorlist_proxies] -proxy01.iad2.fedoraproject.org +[mirrorlist2] +mirrorlist-host1plus.fedoraproject.org +mirrorlist-ibiblio02.fedoraproject.org +mirrorlist-phx2.phx2.fedoraproject.org + +[mirrorlist2-stg] +mirrorlist-phx2.stg.phx2.fedoraproject.org + +[mirrorlist-proxies] +proxy01.phx2.fedoraproject.org proxy02.fedoraproject.org proxy03.fedoraproject.org proxy04.fedoraproject.org proxy05.fedoraproject.org proxy06.fedoraproject.org -#proxy07.fedoraproject.org -#proxy08.fedoraproject.org +proxy07.fedoraproject.org +proxy08.fedoraproject.org proxy09.fedoraproject.org -proxy10.iad2.fedoraproject.org +proxy10.phx2.fedoraproject.org proxy11.fedoraproject.org proxy12.fedoraproject.org -#proxy13.fedoraproject.org +proxy13.fedoraproject.org proxy14.fedoraproject.org -proxy30.fedoraproject.org -proxy31.fedoraproject.org -proxy32.fedoraproject.org -proxy33.fedoraproject.org -proxy34.fedoraproject.org -proxy35.fedoraproject.org -proxy36.fedoraproject.org -proxy37.fedoraproject.org -proxy38.fedoraproject.org -proxy39.fedoraproject.org -proxy40.fedoraproject.org -proxy101.iad2.fedoraproject.org -proxy110.iad2.fedoraproject.org + +[mm-frontend] +mm-frontend01.phx2.fedoraproject.org +mm-frontend02.phx2.fedoraproject.org +mm-frontend-checkin01.phx2.fedoraproject.org + +[mm-backend] +mm-backend01.phx2.fedoraproject.org + +[mm-crawler] +mm-crawler01.phx2.fedoraproject.org +mm-crawler02.phx2.fedoraproject.org + +[mm-frontend-stg] +mm-frontend01.stg.phx2.fedoraproject.org + +[mm-backend-stg] +mm-backend01.stg.phx2.fedoraproject.org + +[mm-crawler-stg] +mm-crawler01.stg.phx2.fedoraproject.org + +[mm:children] +mm-frontend +mm-backend +mm-crawler + +[mm-stg:children] +mm-frontend-stg +mm-backend-stg +mm-crawler-stg [people] -people01.fedoraproject.org +people02.fedoraproject.org [qahardware] - -[tang] -tang01.iad2.fedoraproject.org -tang02.iad2.fedoraproject.org -tang01.rdu3.fedoraproject.org +qa02.qa.fedoraproject.org +qa04.qa.fedoraproject.org +qa05.qa.fedoraproject.org +qa08.qa.fedoraproject.org +qa10.qa.fedoraproject.org +qa11.qa.fedoraproject.org +qa12.qa.fedoraproject.org +qa13.qa.fedoraproject.org +qa14.qa.fedoraproject.org [torrent] -torrent01.fedoraproject.org +torrent02.fedoraproject.org [secondary] -secondary01.iad2.fedoraproject.org +secondary01.phx2.fedoraproject.org [dns] -ns01.iad2.fedoraproject.org -ns02.iad2.fedoraproject.org ns02.fedoraproject.org +ns03.phx2.fedoraproject.org +ns04.phx2.fedoraproject.org ns05.fedoraproject.org -#ns13.rdu2.fedoraproject.org -ns01.rdu3.fedoraproject.org -[dns_iad2] -ns01.iad2.fedoraproject.org -ns02.iad2.fedoraproject.org +[dns-external] +ns02.fedoraproject.org +ns04.phx2.fedoraproject.org +ns05.fedoraproject.org -[dns_rdu3] -ns01.rdu3.fedoraproject.org +[odcs-frontend] +odcs-frontend01.phx2.fedoraproject.org + +[odcs-frontend-stg] +odcs-frontend01.stg.phx2.fedoraproject.org + +[odcs-backend] +odcs-backend01.phx2.fedoraproject.org + +[odcs-backend-stg] +odcs-backend01.stg.phx2.fedoraproject.org + +[odcs-stg:children] +odcs-frontend-stg +odcs-backend-stg + +[odcs:children] +odcs-frontend +odcs-backend [openqa] -openqa01.iad2.fedoraproject.org +openqa01.qa.fedoraproject.org -[openqa_workers] -# xeon gold 5218 (best) -openqa-x86-worker01.iad2.fedoraproject.org -# xeon gold 6130 (second best) -openqa-x86-worker02.iad2.fedoraproject.org -# swapped from lab as 03 is kinda poorly -# xeon e5-2683v4 (third best) -openqa-x86-worker06.iad2.fedoraproject.org -# 2023 newer, more powerful box -openqa-a64-worker04.iad2.fedoraproject.org -# older emags. they're helping! they're helping! -openqa-a64-worker05.iad2.fedoraproject.org -openqa-a64-worker06.iad2.fedoraproject.org +[openqa-workers] +qa05.qa.fedoraproject.org +qa14.qa.fedoraproject.org -# openqa-lab and openqa-lab-workers are pseudo-stg, see group_vars/openqa-stg for more details -[openqa_lab] -openqa-lab01.iad2.fedoraproject.org +# openqa-stg and openqa-stg-workers are pseudo-stg, see group_vars/openqa-stg for more details +[openqa-stg] +openqa-stg01.qa.fedoraproject.org -[openqa_lab_workers] -# old, busted emags -# this seems to have some broken RAM so it's powered off -openqa-a64-worker01.iad2.fedoraproject.org -openqa-a64-worker02.iad2.fedoraproject.org -openqa-a64-worker03.iad2.fedoraproject.org -openqa-p09-worker01.iad2.fedoraproject.org -openqa-p09-worker02.iad2.fedoraproject.org -# xeon gold 6130 (second best) -openqa-x86-worker04.iad2.fedoraproject.org -# xeon e5-2683v4 (third best) -openqa-x86-worker05.iad2.fedoraproject.org -# prod used to have 01, 02, 03 and lab had 04, 05, 06 which was nice -# and clean, but 03 is weaker hardware and seems to be struggling -# lately, so we swapped 03 and 06 to give prod the best hw -# xeon e5-2680 (worst) -openqa-x86-worker03.iad2.fedoraproject.org +[openqa-stg-workers] +qa07.qa.fedoraproject.org +qa09.qa.fedoraproject.org +openqa-ppc64le-01.qa.fedoraproject.org # the workers that can run networked jobs. each server should have *one* of these per arch -# per tap worker class defined in os-autoinst-distri-fedora (currently there are two -# classes; the purpose of multiple classes is to split the load of tap jobs across -# multiple workers) -[openqa_tap1_workers] -# prod -openqa-x86-worker01.iad2.fedoraproject.org -openqa-a64-worker04.iad2.fedoraproject.org -# lab -openqa-x86-worker04.iad2.fedoraproject.org -openqa-a64-worker03.iad2.fedoraproject.org -openqa-p09-worker01.iad2.fedoraproject.org -[openqa_tap2_workers] -# prod -openqa-x86-worker02.iad2.fedoraproject.org -openqa-a64-worker05.iad2.fedoraproject.org -# lab -openqa-x86-worker05.iad2.fedoraproject.org -openqa-a64-worker02.iad2.fedoraproject.org -openqa-p09-worker02.iad2.fedoraproject.org +[openqa-tap-workers] +qa14.qa.fedoraproject.org +qa09.qa.fedoraproject.org +openqa-ppc64le-01.qa.fedoraproject.org -# the workers that run createhdds to create the base disk images. Again, -# only one per arch per instance should be present. -[openqa_hdds_workers] -# prod -openqa-x86-worker01.iad2.fedoraproject.org -openqa-a64-worker04.iad2.fedoraproject.org -# lab -openqa-x86-worker04.iad2.fedoraproject.org -openqa-a64-worker03.iad2.fedoraproject.org -openqa-p09-worker01.iad2.fedoraproject.org - -# common group for variables shared between all openQA boxes -[openqa_all_common:children] -openqa -openqa_lab -openqa_workers -openqa_lab_workers - -# common group for variables shared between prod and stg servers -[openqa_servers_common:children] -openqa -openqa_lab - -# common group for all tap workers -[openqa_tap_workers:children] -openqa_tap1_workers -openqa_tap2_workers +# the workers that need rw access to the factory share to run createhdds +[openqa-hdds-workers] +openqa-ppc64le-01.qa.fedoraproject.org [packages] +packages03.phx2.fedoraproject.org +packages04.phx2.fedoraproject.org -[packages_stg] -# packages03.stg.iad2.fedoraproject.org +[packages-stg] +packages03.stg.phx2.fedoraproject.org + +[pkgdb] +pkgdb01.phx2.fedoraproject.org +pkgdb02.phx2.fedoraproject.org + +[pkgdb-stg] +pkgdb01.stg.phx2.fedoraproject.org [pkgs] -pkgs01.iad2.fedoraproject.org +pkgs02.phx2.fedoraproject.org -[pkgs_stg] -pkgs01.stg.iad2.fedoraproject.org +[pkgs-stg] +pkgs01.stg.phx2.fedoraproject.org -[proxies_external] -proxy01.iad2.fedoraproject.org -proxy01.rdu3.fedoraproject.org +[anitya-backend] +anitya-backend01.fedoraproject.org + +[anitya-frontend] +anitya-frontend01.fedoraproject.org + +[anitya:children] +anitya-backend +anitya-frontend + +[loopabull-stg] +loopabull01.stg.phx2.fedoraproject.org + +[proxies] +proxy01.phx2.fedoraproject.org proxy02.fedoraproject.org proxy03.fedoraproject.org proxy04.fedoraproject.org proxy05.fedoraproject.org proxy06.fedoraproject.org -#proxy07.fedoraproject.org -#proxy08.fedoraproject.org +proxy07.fedoraproject.org +proxy08.fedoraproject.org proxy09.fedoraproject.org -proxy10.iad2.fedoraproject.org +proxy10.phx2.fedoraproject.org proxy11.fedoraproject.org proxy12.fedoraproject.org -#proxy13.fedoraproject.org +proxy13.fedoraproject.org proxy14.fedoraproject.org -proxy30.fedoraproject.org -proxy31.fedoraproject.org -proxy32.fedoraproject.org -proxy33.fedoraproject.org -proxy34.fedoraproject.org -proxy35.fedoraproject.org -proxy36.fedoraproject.org -proxy37.fedoraproject.org -proxy38.fedoraproject.org -proxy39.fedoraproject.org -proxy40.fedoraproject.org -[proxies_internal] -proxy101.iad2.fedoraproject.org -proxy110.iad2.fedoraproject.org - -[proxies_ocp4] -proxy01.iad2.fedoraproject.org -proxy10.iad2.fedoraproject.org - -[proxies_iad2] -proxy01.iad2.fedoraproject.org -proxy10.iad2.fedoraproject.org -proxy101.iad2.fedoraproject.org -proxy110.iad2.fedoraproject.org - -[proxies_rdu3] -proxy01.rdu3.fedoraproject.org - -[proxies:children] -proxies_external -proxies_internal - -[proxies_stg] -proxy01.stg.iad2.fedoraproject.org -proxy02.stg.iad2.fedoraproject.org - -[relvalconsumer_common] -openqa01.iad2.fedoraproject.org -openqa-lab01.iad2.fedoraproject.org +[proxies-stg] +proxy01.stg.phx2.fedoraproject.org # This group should only ever contain *ONE* system [relvalconsumer] -openqa01.iad2.fedoraproject.org +openqa01.qa.fedoraproject.org -[relvalconsumer_test] -openqa-lab01.iad2.fedoraproject.org - -[checkcompose_common] -openqa01.iad2.fedoraproject.org -#openqa-lab01.iad2.fedoraproject.org +[relvalconsumer-test] +openqa-stg01.qa.fedoraproject.org # This group should only ever contain *ONE* system -[checkcompose] -openqa01.iad2.fedoraproject.org +# It should probably be autocloud itself, but I dunno if that box +# is authorized for ResultsDB currently +[autocloudreporter] +openqa01.qa.fedoraproject.org -[checkcompose_stg] -#openqa-lab01.iad2.fedoraproject.org +[resultsdb:children] +resultsdb-dev +resultsdb-stg +resultsdb-prod -[fedora_nightlies] -openqa01.iad2.fedoraproject.org +[resultsdb-stg] +resultsdb-stg01.qa.fedoraproject.org -[testcase_stats] -openqa01.iad2.fedoraproject.org +[resultsdb-dev] +resultsdb-dev01.qa.fedoraproject.org -[smtp_mm] +[resultsdb-prod] +resultsdb01.qa.fedoraproject.org + +[smtp-mm] smtp-mm-ib01.fedoraproject.org smtp-mm-osuosl01.fedoraproject.org -smtp-mm-cc-rdu01.fedoraproject.org - -[smtp_auth] -smtp-auth-cc-rdu01.fedoraproject.org - -[zabbix] -zabbix01.iad2.fedoraproject.org - -[zabbix_stg] -zabbix01.stg.iad2.fedoraproject.org +smtp-mm-tummy01.fedoraproject.org [spare] # # All staging hosts should be in this group too. # [staging] -autosign01.stg.iad2.fedoraproject.org -# basset01.stg.iad2.fedoraproject.org -bodhi-backend01.stg.iad2.fedoraproject.org -bvmhost-x86-01.stg.iad2.fedoraproject.org -bvmhost-x86-02.stg.iad2.fedoraproject.org -bvmhost-x86-03.stg.iad2.fedoraproject.org -bvmhost-x86-05.stg.iad2.fedoraproject.org -bvmhost-p09-01.stg.iad2.fedoraproject.org -bvmhost-s390x-01.stg.s390.fedoraproject.org -bvmhost-a64-01.stg.iad2.fedoraproject.org -buildvm-a64-01.stg.iad2.fedoraproject.org -buildvm-a64-02.stg.iad2.fedoraproject.org -buildvm-ppc64le-01.stg.iad2.fedoraproject.org -buildvm-ppc64le-02.stg.iad2.fedoraproject.org -buildvm-ppc64le-03.stg.iad2.fedoraproject.org -buildvm-ppc64le-04.stg.iad2.fedoraproject.org -buildvm-ppc64le-05.stg.iad2.fedoraproject.org -buildvm-s390x-01.stg.s390.fedoraproject.org -buildvm-x86-01.stg.iad2.fedoraproject.org -buildvm-x86-02.stg.iad2.fedoraproject.org -buildvm-x86-03.stg.iad2.fedoraproject.org -buildvm-x86-04.stg.iad2.fedoraproject.org -buildvm-x86-05.stg.iad2.fedoraproject.org -compose-x86-01.stg.iad2.fedoraproject.org -copr-be-dev.aws.fedoraproject.org -#copr-be-dev-temp.aws.fedoraproject.org -copr-dist-git-dev.aws.fedoraproject.org -copr-fe-dev.aws.fedoraproject.org -copr-keygen-dev.aws.fedoraproject.org -copr-pulp-dev.aws.fedoraproject.org -db-datanommer01.stg.iad2.fedoraproject.org -db-fas01.stg.iad2.fedoraproject.org -db-koji01.stg.iad2.fedoraproject.org -db01.stg.iad2.fedoraproject.org -db03.stg.iad2.fedoraproject.org -db.stg.aws.fedoraproject.org -debuginfod01.stg.iad2.fedoraproject.org -oci-candidate-registry01.stg.iad2.fedoraproject.org -oci-registry01.stg.iad2.fedoraproject.org -ipa01.stg.iad2.fedoraproject.org -ipa02.stg.iad2.fedoraproject.org -ipa03.stg.iad2.fedoraproject.org -ipsilon01.stg.iad2.fedoraproject.org -koji01.stg.iad2.fedoraproject.org -mailman01.stg.iad2.fedoraproject.org -memcached02.stg.iad2.fedoraproject.org -os-control01.stg.iad2.fedoraproject.org -pkgs01.stg.iad2.fedoraproject.org -proxy01.stg.iad2.fedoraproject.org -proxy02.stg.iad2.fedoraproject.org -rabbitmq01.stg.iad2.fedoraproject.org -rabbitmq02.stg.iad2.fedoraproject.org -rabbitmq03.stg.iad2.fedoraproject.org -sign-bridge01.stg.iad2.fedoraproject.org -sign-vault01.stg.iad2.fedoraproject.org -sundries01.stg.iad2.fedoraproject.org -sundries02.stg.iad2.fedoraproject.org -value02.stg.iad2.fedoraproject.org -vmhost-x86-01.stg.iad2.fedoraproject.org -vmhost-x86-02.stg.iad2.fedoraproject.org -vmhost-x86-05.stg.iad2.fedoraproject.org -vmhost-x86-06.stg.iad2.fedoraproject.org -vmhost-x86-07.stg.iad2.fedoraproject.org -vmhost-x86-08.stg.iad2.fedoraproject.org -vmhost-x86-09.stg.iad2.fedoraproject.org -vmhost-x86-11.stg.iad2.fedoraproject.org -vmhost-x86-12.stg.iad2.fedoraproject.org -vmhost-x86-01.stg.rdu3.fedoraproject.org -wiki01.stg.iad2.fedoraproject.org -zabbix01.stg.iad2.fedoraproject.org +ask01.stg.phx2.fedoraproject.org +autocloud-web01.stg.phx2.fedoraproject.org +autocloud-web02.stg.phx2.fedoraproject.org +autocloud-backend01.stg.phx2.fedoraproject.org +autocloud-backend02.stg.phx2.fedoraproject.org +autosign01.stg.phx2.fedoraproject.org +badges-backend01.stg.phx2.fedoraproject.org +badges-web01.stg.phx2.fedoraproject.org +basset01.stg.phx2.fedoraproject.org +blockerbugs01.stg.phx2.fedoraproject.org +bodhi01.stg.phx2.fedoraproject.org +bodhi-backend01.stg.phx2.fedoraproject.org +bugyou01.stg.phx2.fedoraproject.org +bugzilla2fedmsg01.stg.phx2.fedoraproject.org +buildvm-01.stg.phx2.fedoraproject.org +buildvm-02.stg.phx2.fedoraproject.org +buildvm-03.stg.phx2.fedoraproject.org +buildvm-04.stg.phx2.fedoraproject.org +buildvm-05.stg.phx2.fedoraproject.org +buildvm-ppc64-01.stg.ppc.fedoraproject.org +buildvm-ppc64le-01.stg.ppc.fedoraproject.org +buildvm-aarch64-01.stg.arm.fedoraproject.org +buildvm-armv7-01.stg.arm.fedoraproject.org +busgateway01.stg.phx2.fedoraproject.org +composer.stg.phx2.fedoraproject.org +copr-be-dev.cloud.fedoraproject.org +copr-dist-git-dev.fedorainfracloud.org +copr-fe-dev.cloud.fedoraproject.org +copr-keygen-dev.cloud.fedoraproject.org +darkserver-web01.stg.phx2.fedoraproject.org +darkserver-web02.stg.phx2.fedoraproject.org +darkserver-backend01.stg.phx2.fedoraproject.org +datagrepper01.stg.phx2.fedoraproject.org +db01.stg.phx2.fedoraproject.org +db03.stg.phx2.fedoraproject.org +db-fas01.stg.phx2.fedoraproject.org +db-koji01.stg.phx2.fedoraproject.org +db-koji02.stg.phx2.fedoraproject.org +elections01.stg.phx2.fedoraproject.org +faf01.stg.phx2.fedoraproject.org +fas01.stg.phx2.fedoraproject.org +fas3-01.stg.phx2.fedoraproject.org +fedimg01.stg.phx2.fedoraproject.org +fedocal01.stg.phx2.fedoraproject.org +freshmaker-frontend01.stg.phx2.fedoraproject.org +freshmaker-backend01.stg.phx2.fedoraproject.org +github2fedmsg01.stg.phx2.fedoraproject.org +hotness01.stg.phx2.fedoraproject.org +kerneltest01.stg.phx2.fedoraproject.org +koji01.stg.phx2.fedoraproject.org +koschei-backend01.stg.phx2.fedoraproject.org +koschei-web01.stg.phx2.fedoraproject.org +mailman01.stg.phx2.fedoraproject.org +mbs-frontend01.stg.phx2.fedoraproject.org +mbs-frontend02.stg.phx2.fedoraproject.org +mbs-backend01.stg.phx2.fedoraproject.org +mdapi01.stg.phx2.fedoraproject.org +ipa01.stg.phx2.fedoraproject.org +ipsilon01.stg.phx2.fedoraproject.org +loopabull01.stg.phx2.fedoraproject.org +memcached01.stg.phx2.fedoraproject.org +modernpaste01.stg.phx2.fedoraproject.org +notifs-backend01.stg.phx2.fedoraproject.org +notifs-web01.stg.phx2.fedoraproject.org +notifs-web02.stg.phx2.fedoraproject.org +nuancier01.stg.phx2.fedoraproject.org +nuancier02.stg.phx2.fedoraproject.org +packages03.stg.phx2.fedoraproject.org +pdc-backend01.stg.phx2.fedoraproject.org +pdc-backend02.stg.phx2.fedoraproject.org +pdc-backend03.stg.phx2.fedoraproject.org +pdc-web01.stg.phx2.fedoraproject.org +pgbdr01.stg.phx2.fedoraproject.org +pgbdr02.stg.phx2.fedoraproject.org +pkgdb01.stg.phx2.fedoraproject.org +pkgs01.stg.phx2.fedoraproject.org +proxy01.stg.phx2.fedoraproject.org +qa-stg01.qa.fedoraproject.org ansible_port=222 +resultsdb-stg01.qa.fedoraproject.org +retrace01.stg.phx2.fedoraproject.org +sign-bridge01.stg.phx2.fedoraproject.org +statscache-web01.stg.phx2.fedoraproject.org +statscache-web02.stg.phx2.fedoraproject.org +statscache-backend01.stg.phx2.fedoraproject.org +summershum01.stg.phx2.fedoraproject.org +sundries01.stg.phx2.fedoraproject.org +tagger01.stg.phx2.fedoraproject.org +taskotron-stg01.qa.fedoraproject.org +value01.stg.phx2.fedoraproject.org +wiki01.stg.phx2.fedoraproject.org +mirrorlist-phx2.stg.phx2.fedoraproject.org +mm-frontend01.stg.phx2.fedoraproject.org +mm-backend01.stg.phx2.fedoraproject.org +mm-crawler01.stg.phx2.fedoraproject.org +beaker-stg01.qa.fedoraproject.org +zanata2fedmsg01.stg.phx2.fedoraproject.org +odcs-frontend01.stg.phx2.fedoraproject.org +odcs-backend01.stg.phx2.fedoraproject.org +osbs-control01.stg.phx2.fedoraproject.org +osbs-master01.stg.phx2.fedoraproject.org +osbs-node01.stg.phx2.fedoraproject.org +osbs-node02.stg.phx2.fedoraproject.org +osbsworker-x86-64-master01.stg.phx2.fedoraproject.org +osbsworker-x86-64-node01.stg.phx2.fedoraproject.org +osbsworker-x86-64-node02.stg.phx2.fedoraproject.org +docker-registry01.stg.phx2.fedoraproject.org +docker-registry02.stg.phx2.fedoraproject.org +docker-candidate-registry01.stg.phx2.fedoraproject.org +os-control01.stg.phx2.fedoraproject.org +os-master01.stg.phx2.fedoraproject.org +os-master02.stg.phx2.fedoraproject.org +os-master03.stg.phx2.fedoraproject.org +os-node01.stg.phx2.fedoraproject.org +os-node02.stg.phx2.fedoraproject.org # This is a list of hosts that are a little "friendly" with staging. # They are exempted from the iptables wall between staging and prod. # For instance, staging needs to send collectd logs to log01 and smtp mail data # to bastion (both of which are prod boxen). -[staging_friendly] -noc01.iad2.fedoraproject.org -bastion01.iad2.fedoraproject.org -bastion01.rdu3.fedoraproject.org -bastion02.iad2.fedoraproject.org -batcave01.iad2.fedoraproject.org -certgetter01.iad2.fedoraproject.org -db-openqa01.iad2.fedoraproject.org -dl01.iad2.fedoraproject.org -dl02.iad2.fedoraproject.org -dl03.iad2.fedoraproject.org -dl04.iad2.fedoraproject.org -dl05.iad2.fedoraproject.org -log01.iad2.fedoraproject.org -ns01.iad2.fedoraproject.org -ns02.iad2.fedoraproject.org -#openqa-lab01.iad2.fedoraproject.org -openqa-lab01.iad2.fedoraproject.org -proxy01.iad2.fedoraproject.org -proxy01.rdu3.fedoraproject.org -proxy101.iad2.fedoraproject.org -proxy10.iad2.fedoraproject.org -proxy110.iad2.fedoraproject.org -tang01.iad2.fedoraproject.org -tang02.iad2.fedoraproject.org -tang01.rdu3.fedoraproject.org -ns01.rdu3.fedoraproject.org +[staging-friendly] +batcave01.phx2.fedoraproject.org +bastion01.phx2.fedoraproject.org +bastion02.phx2.fedoraproject.org +download01.phx2.fedoraproject.org +log01.phx2.fedoraproject.org +kojipkgs01.phx2.fedoraproject.org +kojipkgs02.phx2.fedoraproject.org +ns03.phx2.fedoraproject.org +ns04.phx2.fedoraproject.org +db-qa01.qa.fedoraproject.org +db-qa-stg01.qa.fedoraproject.org +proxy01.phx2.fedoraproject.org +proxy10.phx2.fedoraproject.org +openqa-stg01.qa.fedoraproject.org + +[statscache:children] +statscache-web +statscache-backend + +[statscache-stg:children] +statscache-web-stg +statscache-backend-stg + +[statscache-web] +statscache-web01.phx2.fedoraproject.org +statscache-web02.phx2.fedoraproject.org + +[statscache-web-stg] +statscache-web01.stg.phx2.fedoraproject.org +statscache-web02.stg.phx2.fedoraproject.org + +[statscache-backend] +statscache-backend01.phx2.fedoraproject.org + +[statscache-backend-stg] +statscache-backend01.stg.phx2.fedoraproject.org + +[summershum] +summershum01.phx2.fedoraproject.org + +[summershum-stg] +summershum01.stg.phx2.fedoraproject.org [sundries] -sundries01.iad2.fedoraproject.org -sundries02.iad2.fedoraproject.org +sundries01.phx2.fedoraproject.org +sundries02.phx2.fedoraproject.org -[sundries_stg] -sundries01.stg.iad2.fedoraproject.org -sundries02.stg.iad2.fedoraproject.org +[sundries-stg] +sundries01.stg.phx2.fedoraproject.org + +[tagger] +tagger01.phx2.fedoraproject.org +tagger02.phx2.fedoraproject.org + +[tagger-stg] +tagger01.stg.phx2.fedoraproject.org + +[taskotron:children] +taskotron-dev +taskotron-stg +taskotron-prod + +[taskotron-dev] +taskotron-dev01.qa.fedoraproject.org + +[taskotron-dev-client-hosts] +qa11.qa.fedoraproject.org + +[taskotron-stg] +taskotron-stg01.qa.fedoraproject.org + +[taskotron-stg-client-hosts] +qa10.qa.fedoraproject.org + +[taskotron-prod] +taskotron01.qa.fedoraproject.org + +[taskotron-prod-client-hosts] +qa12.qa.fedoraproject.org +qa13.qa.fedoraproject.org + +[unbound] +unbound-ib01.fedoraproject.org +unbound-tummy01.fedoraproject.org +unbound-osuosl01.fedoraproject.org [value] -value02.iad2.fedoraproject.org +value01.phx2.fedoraproject.org -[value_stg] -value02.stg.iad2.fedoraproject.org +[value-stg] +value01.stg.phx2.fedoraproject.org [virthost] -vmhost-x86-01.stg.iad2.fedoraproject.org -vmhost-x86-02.stg.iad2.fedoraproject.org -vmhost-x86-05.stg.iad2.fedoraproject.org -vmhost-x86-06.stg.iad2.fedoraproject.org -vmhost-x86-07.stg.iad2.fedoraproject.org -vmhost-x86-08.stg.iad2.fedoraproject.org -vmhost-x86-09.stg.iad2.fedoraproject.org -vmhost-x86-11.stg.iad2.fedoraproject.org -vmhost-x86-12.stg.iad2.fedoraproject.org -vmhost-x86-01.iad2.fedoraproject.org -vmhost-x86-02.iad2.fedoraproject.org -vmhost-x86-03.iad2.fedoraproject.org -vmhost-x86-04.iad2.fedoraproject.org -vmhost-x86-05.iad2.fedoraproject.org -vmhost-x86-06.iad2.fedoraproject.org -vmhost-x86-08.iad2.fedoraproject.org -qvmhost-x86-01.iad2.fedoraproject.org -qvmhost-x86-02.iad2.fedoraproject.org -vmhost-x86-01.rdu3.fedoraproject.org -vmhost-x86-02.rdu3.fedoraproject.org -vmhost-x86-01.stg.rdu3.fedoraproject.org +virthost01.phx2.fedoraproject.org +virthost02.phx2.fedoraproject.org +virthost03.phx2.fedoraproject.org +virthost04.phx2.fedoraproject.org +virthost05.phx2.fedoraproject.org +virthost06.phx2.fedoraproject.org +virthost11.phx2.fedoraproject.org +virthost12.phx2.fedoraproject.org +virthost14.phx2.fedoraproject.org +virthost15.phx2.fedoraproject.org +virthost16.phx2.fedoraproject.org +virthost17.phx2.fedoraproject.org +virthost18.phx2.fedoraproject.org +virthost19.phx2.fedoraproject.org +virthost20.phx2.fedoraproject.org +virthost21.phx2.fedoraproject.org +virthost22.phx2.fedoraproject.org +qa09.qa.fedoraproject.org +[virthost-comm] +virthost-comm02.qa.fedoraproject.org +virthost-comm03.qa.fedoraproject.org +virthost-comm04.qa.fedoraproject.org +virthost-s390.s390.fedoraproject.org -#[virthost_cloud] -#virthost-aarch64-os01.fedorainfracloud.org -#virthost-aarch64-os02.fedorainfracloud.org -#virthost-cloud01.fedorainfracloud.org -#virthost-os01.fedorainfracloud.org -#virthost-os02.fedorainfracloud.org -#virthost-os03.fedorainfracloud.org -#storinator01.fedorainfracloud.org -#cloudvmhost-aarch64-01.fedorainfracloud.org - - -[wiki_stg] -wiki01.stg.iad2.fedoraproject.org +[wiki-stg] +wiki01.stg.phx2.fedoraproject.org [wiki] -wiki01.iad2.fedoraproject.org -wiki02.iad2.fedoraproject.org +wiki01.phx2.fedoraproject.org +wiki02.phx2.fedoraproject.org -#[cloud_hardware] -#virthost-aarch64-os01.fedorainfracloud.org -#virthost-aarch64-os02.fedorainfracloud.org -#virthost-cloud01.fedorainfracloud.org -#copr-vmhost01.fedorainfracloud.org +[zanata2fedmsg-stg] +zanata2fedmsg01.stg.phx2.fedoraproject.org -[maintainer_test] -f40-test.fedorainfracloud.org -f41-test.fedorainfracloud.org -f42-test.fedorainfracloud.org +#[zanata2fedmsg] +#zanata2fedmsg01.phx2.fedoraproject.org + +# This is a convenience group listing the hosts that live on the QA network that +# are allowed to send inbound fedmsg messages to our production fedmsg bus. +# See also: +# - inventory/group_vars/proxies for the iptables custom_rules list +# - roles/fedmsg/base/templates/relay.py.j2 +# - filter_plugins/fedmsg.py +[fedmsg-qa-network] +retrace01.qa.fedoraproject.org +retrace02.qa.fedoraproject.org +s390-koji01.s390.fedoraproject.org +arm-koji01.qa.fedoraproject.org +resultsdb01.qa.fedoraproject.org +openqa01.qa.fedoraproject.org +openqa-ppc64le-01.qa.fedoraproject.org + +[fedmsg-qa-network-stg] +resultsdb-stg01.qa.fedoraproject.org +openqa-stg01.qa.fedoraproject.org + +# assorted categories of fedmsg services, for convenience +[fedmsg-hubs:children] +autocloud-backend +badges-backend +busgateway +bugyou +fedimg +freshmaker-backend +hotness +mbs-backend +notifs-backend +pdc-backend +pkgs +statscache-backend +summershum + +[fedmsg-hubs-stg:children] +autocloud-backend-stg +badges-backend-stg +busgateway-stg +bugyou-stg +fedimg-stg +freshmaker-backend-stg +hotness-stg +mbs-backend-stg +notifs-backend-stg +pdc-backend-stg +pkgs-stg +statscache-backend-stg +summershum-stg + +[fedmsg-ircs:children] +value + +[fedmsg-ircs-stg:children] +value-stg + +[fedmsg-relays:children] +busgateway +anitya-frontend + +[fedmsg-relays-stg:children] +busgateway-stg + +[fedmsg-gateways:children] +busgateway +proxies + +[fedmsg-gateways-stg:children] +busgateway-stg +proxies-stg + +[moksha-hubs:children] +bugzilla2fedmsg + +[moksha-hubs-stg:children] +bugzilla2fedmsg-stg + +[fedmsg-services:children] +fedmsg-hubs +fedmsg-ircs +fedmsg-relays +fedmsg-gateways +moksha-hubs + +[fedmsg-services-stg:children] +fedmsg-hubs-stg +fedmsg-ircs-stg +fedmsg-relays-stg +fedmsg-gateways-stg +moksha-hubs-stg + +# These are groups that are using the python34 fedmsg stack. +[python34-fedmsg:children] +mailman +mailman-stg +mdapi +mdapi-stg + +## END fedmsg services + +[cloud-hardware] +#fed-cloud01.cloud.fedoraproject.org +#fed-cloud02.cloud.fedoraproject.org +fed-cloud03.cloud.fedoraproject.org +fed-cloud04.cloud.fedoraproject.org +fed-cloud05.cloud.fedoraproject.org +fed-cloud06.cloud.fedoraproject.org +fed-cloud07.cloud.fedoraproject.org +fed-cloud08.cloud.fedoraproject.org +fed-cloud09.cloud.fedoraproject.org +fed-cloud10.cloud.fedoraproject.org +fed-cloud11.cloud.fedoraproject.org +fed-cloud12.cloud.fedoraproject.org +fed-cloud13.cloud.fedoraproject.org +fed-cloud14.cloud.fedoraproject.org +fed-cloud15.cloud.fedoraproject.org +#fed-cloud16.cloud.fedoraproject.org +#fed-cloud-ppc01.cloud.fedoraproject.org +fed-cloud-ppc02.cloud.fedoraproject.org +cloud-noc01.cloud.fedoraproject.org + +[new-cloud-hardware] +fed-cloud03.cloud.fedoraproject.org +fed-cloud04.cloud.fedoraproject.org +fed-cloud05.cloud.fedoraproject.org +fed-cloud06.cloud.fedoraproject.org +fed-cloud07.cloud.fedoraproject.org +fed-cloud08.cloud.fedoraproject.org +fed-cloud09.cloud.fedoraproject.org +fed-cloud10.cloud.fedoraproject.org +fed-cloud11.cloud.fedoraproject.org +fed-cloud12.cloud.fedoraproject.org +fed-cloud13.cloud.fedoraproject.org +fed-cloud14.cloud.fedoraproject.org +fed-cloud15.cloud.fedoraproject.org +#fed-cloud-ppc01.cloud.fedoraproject.org +fed-cloud-ppc02.cloud.fedoraproject.org + +[openstack-compute] +fed-cloud03.cloud.fedoraproject.org +fed-cloud04.cloud.fedoraproject.org +fed-cloud05.cloud.fedoraproject.org +fed-cloud06.cloud.fedoraproject.org +fed-cloud07.cloud.fedoraproject.org +fed-cloud08.cloud.fedoraproject.org +fed-cloud10.cloud.fedoraproject.org +fed-cloud11.cloud.fedoraproject.org +fed-cloud12.cloud.fedoraproject.org +fed-cloud13.cloud.fedoraproject.org +fed-cloud14.cloud.fedoraproject.org +fed-cloud15.cloud.fedoraproject.org +#fed-cloud-ppc01.cloud.fedoraproject.org +fed-cloud-ppc02.cloud.fedoraproject.org + +[pdc-web] +pdc-web01.phx2.fedoraproject.org +pdc-web02.phx2.fedoraproject.org + +[pdc-web-stg] +pdc-web01.stg.phx2.fedoraproject.org + +[pdc-backend] +pdc-backend01.phx2.fedoraproject.org +pdc-backend02.phx2.fedoraproject.org +pdc-backend03.phx2.fedoraproject.org + +[pdc-backend-stg] +pdc-backend01.stg.phx2.fedoraproject.org +pdc-backend02.stg.phx2.fedoraproject.org +pdc-backend03.stg.phx2.fedoraproject.org + +[persistent-cloud] +# artboard instance +artboard.fedorainfracloud.org +# copr production instances +copr-be.cloud.fedoraproject.org +copr-fe.cloud.fedoraproject.org +copr-keygen.cloud.fedoraproject.org +# copr dev instances +copr-be-dev.cloud.fedoraproject.org +copr-fe-dev.cloud.fedoraproject.org +# taiga for kanban-style project planning +taiga.fedorainfracloud.org +taigastg.fedorainfracloud.org +# graphite/statsd/grafana exploration +grafana.cloud.fedoraproject.org +graphite.fedorainfracloud.org +# glittergallery GSoC dev work +glittergallery-dev.fedorainfracloud.org +# shumgrepper-dev +shumgrepper-dev.fedorainfracloud.org +# fas2-dev +fas2-dev.fedorainfracloud.org +# fas3-dev +fas3-dev.fedorainfracloud.org +# faitout +faitout.fedorainfracloud.org +# Community Blog +communityblog.fedorainfracloud.org +# Fedora Magazine +#magazine.fedorainfracloud.org +magazine2.fedorainfracloud.org +# Ansible Magazine +ansiblemagazine.fedorainfracloud.org +# Flock RegCfp instance +regcfp2.fedorainfracloud.org +# Modularity (ticket 5390) +modularity.fedorainfracloud.org +modularity2.fedorainfracloud.org +# Fedora Bootstrap VM +fedora-bootstrap.fedorainfracloud.org +# darkserver development instance +darkserver-dev.fedorainfracloud.org +# lists development instance +lists-dev.fedorainfracloud.org +# java-deptools ticket 4846 +java-deptools.fedorainfracloud.org +# developer ticket 4876 +developer.fedorainfracloud.org +# insim +insim.fedorainfracloud.org +# fedimg-dev development instance +fedimg-dev.fedorainfracloud.org +# modernpaste testing +modernpaste.fedorainfracloud.org +# eclipse help center - ticket 5293 +eclipse.fedorainfracloud.org +# iddev +iddev.fedorainfracloud.org +# commops - ticket 5380 +commops.fedorainfracloud.org +# respins +respins.fedorainfracloud.org +# hubs-dev +hubs-dev.fedorainfracloud.org +# upstreamfirst - ticket 6066 +upstreamfirst.fedorainfracloud.org + +# +# These are in the new cloud +# +testdays.fedorainfracloud.org + +[maintainer-test] +f25-test.fedorainfracloud.org +f26-test.fedorainfracloud.org +f27-test.fedorainfracloud.org rawhide-test.fedorainfracloud.org -el9-test.fedorainfracloud.org +ppc64-test.fedorainfracloud.org ppc64le-test.fedorainfracloud.org -ppc64le-test02.fedorainfracloud.org -aarch64-test01.fedorainfracloud.org -aarch64-test02.fedorainfracloud.org +el6-test.fedorainfracloud.org +el7-test.fedorainfracloud.org -#[aarch64_test] -#aarch64-test01.fedorainfracloud.org -#aarch64-test02.fedorainfracloud.org +[jenkins-master] +jenkins.fedorainfracloud.org + +[jenkins-slave] +jenkins-slave-el6.fedorainfracloud.org +jenkins-slave-el7.fedorainfracloud.org +jenkins-slave-f25.fedorainfracloud.org +jenkins-slave-f26.fedorainfracloud.org +jenkins-slave-f25-ppc64le.fedorainfracloud.org [osuosl] proxy06.fedoraproject.org @@ -704,11 +1245,12 @@ download bvirthost packages # not yet created +#pkgdb koji dbserver [groupa] -secondary01.iad2.fedoraproject.org +secondary01.phx2.fedoraproject.org [groupb:children] @@ -718,187 +1260,220 @@ dns bastion backup infracore -smtp_mm +smtp-mm memcached virthost -colo_virt +colo-virt [groupc:children] value +unbound staging builders bkernel buildvmhost [groupc] -people01.fedoraproject.org +people02.fedoraproject.org [virtservers:children] -colo_virt +colo-virt virthost bvirthost buildvmhost -#virthost_cloud +virthost-comm -[logdetective] -logdetective01.fedorainfracloud.org -logdetective02.fedorainfracloud.org +[copr-front-stg] +copr-fe-dev.cloud.fedoraproject.org -[copr_front_aws] -copr-fe.aws.fedoraproject.org +[copr-back-stg] +copr-be-dev.cloud.fedoraproject.org -[copr_back_aws] -copr-be.aws.fedoraproject.org -#copr-be-temp.aws.fedoraproject.org birthday=yes +[copr-keygen-stg] +copr-keygen-dev.cloud.fedoraproject.org -[copr_dist_git_aws] -copr-dist-git.aws.fedoraproject.org +[copr-keygen] +copr-keygen.cloud.fedoraproject.org -[copr_front_dev_aws] -# stg machine in AWS -copr-fe-dev.aws.fedoraproject.org +[copr-front] +copr-fe.cloud.fedoraproject.org -[copr_back_dev_aws] -copr-be-dev.aws.fedoraproject.org -#copr-be-dev-temp.aws.fedoraproject.org birthday=true +[copr-back] +copr-be.cloud.fedoraproject.org -[copr_keygen_aws] -copr-keygen.aws.fedoraproject.org +[copr-dist-git] +copr-dist-git.fedorainfracloud.org -[copr_keygen_dev_aws] -copr-keygen-dev.aws.fedoraproject.org +[copr-dist-git-stg] +copr-dist-git-dev.fedorainfracloud.org -[copr_dist_git_dev_aws] -copr-dist-git-dev.aws.fedoraproject.org +[copr:children] +copr-front +copr-back +copr-keygen +copr-dist-git -[copr_pulp_aws] -#copr-pulp.aws.fedoraproject.org birthday=yes - -[copr_pulp_dev_aws] -copr-pulp-dev.aws.fedoraproject.org - -[copr_aws:children] -copr_front_aws -copr_back_aws -copr_dist_git_aws -copr_keygen_aws -copr_pulp_aws - -[copr_dev_aws:children] -copr_front_dev_aws -copr_back_dev_aws -copr_dist_git_dev_aws -copr_keygen_dev_aws -db_stg_aws -copr_pulp_dev_aws - -[copr_all_instances_aws:children] -copr_aws -copr_dev_aws - -[copr_hypervisor] -vmhost-x86-copr01.rdu-cc.fedoraproject.org -vmhost-x86-copr02.rdu-cc.fedoraproject.org -vmhost-x86-copr03.rdu-cc.fedoraproject.org -vmhost-x86-copr04.rdu-cc.fedoraproject.org -vmhost-p08-copr01.rdu-cc.fedoraproject.org -vmhost-p08-copr02.rdu-cc.fedoraproject.org -vmhost-p09-copr01.rdu-cc.fedoraproject.org - -[db_stg_aws] -db.stg.aws.fedoraproject.org - -[debuginfod] -debuginfod01.iad2.fedoraproject.org - -[debuginfod_stg] -debuginfod01.stg.iad2.fedoraproject.org +[copr-stg:children] +copr-front-stg +copr-back-stg +copr-keygen-stg +copr-dist-git-stg [pagure] -pagure02.fedoraproject.org +pagure01.fedoraproject.org -[pagure_stg] +[pagure-stg] pagure-stg01.fedoraproject.org -[ocp:children] -os_control -ocp_controlplane -ocp_workers -#ocp_boostrap +[twisted-buildbots] +twisted-fedora24-1.fedorainfracloud.org +twisted-fedora24-2.fedorainfracloud.org +twisted-fedora25-1.fedorainfracloud.org +twisted-fedora25-2.fedorainfracloud.org +twisted-fedora26-1.fedorainfracloud.org +twisted-fedora26-2.fedorainfracloud.org +twisted-rhel7-1.fedorainfracloud.org +twisted-rhel7-2.fedorainfracloud.org -[ocp_vms:children] -#ocp_boostrap -ocp_controlplane +[infinote] +infinote.fedoraproject.org -[ocp_controlplane] -ocp01.ocp.iad2.fedoraproject.org -ocp02.ocp.iad2.fedoraproject.org -ocp03.ocp.iad2.fedoraproject.org +[gnome-backups] +gnome-backups01.phx2.fedoraproject.org -[ocp_workers] -worker01.ocp.iad2.fedoraproject.org -worker02.ocp.iad2.fedoraproject.org -worker03.ocp.iad2.fedoraproject.org -worker04.ocp.iad2.fedoraproject.org -worker05.ocp.iad2.fedoraproject.org -worker06.ocp.iad2.fedoraproject.org +[qa-isolated] +beaker01.qa.fedoraproject.org +beaker-stg01.qa.fedoraproject.org +qa02.qa.fedoraproject.org +qa08.qa.fedoraproject.org +qa04.qa.fedoraproject.org +openqa01.qa.fedoraproject.org +qa05.qa.fedoraproject.org +openqa-stg01.qa.fedoraproject.org +qa07.qa.fedoraproject.org +db-qa01.qa.fedoraproject.org +db-qa02.qa.fedoraproject.org +resultsdb01.qa.fedoraproject.org +resultsdb-stg01.qa.fedoraproject.org +resultsdb-dev01.qa.fedoraproject.org +taskotron-dev01.qa.fedoraproject.org +qa11.qa.fedoraproject.org +qa12.qa.fedoraproject.org +qa13.qa.fedoraproject.org +qa14.qa.fedoraproject.org +taskotron-stg01.qa.fedoraproject.org +taskotron01.qa.fedoraproject.org -#[ocp_boostrap] -#bootstrap.ocp.iad2.fedoraproject.org +[osbs-control] +osbs-control01.phx2.fedoraproject.org -[ocp_stg:children] -os_control_stg -ocp_controlplane_stg -ocp_workers_stg -#ocp_boostrap_stg +[osbs-control-stg] +osbs-control01.stg.phx2.fedoraproject.org -[ocp_vms_stg:children] -#ocp_boostrap_stg -ocp_controlplane_stg +[osbs-nodes] +osbs-node01.phx2.fedoraproject.org +osbs-node02.phx2.fedoraproject.org -[ocp_controlplane_stg] -ocp01.ocp.stg.iad2.fedoraproject.org -ocp02.ocp.stg.iad2.fedoraproject.org -ocp03.ocp.stg.iad2.fedoraproject.org +[osbs-masters] +osbs-master01.phx2.fedoraproject.org -[ocp_workers_stg] -worker01.ocp.stg.iad2.fedoraproject.org -worker02.ocp.stg.iad2.fedoraproject.org -worker03.ocp.stg.iad2.fedoraproject.org -worker04.ocp.stg.iad2.fedoraproject.org -worker05.ocp.stg.iad2.fedoraproject.org +[osbs:children] +osbs-control +osbs-nodes +osbs-masters -#[ocp_boostrap_stg] -#bootstrap.ocp.stg.iad2.fedoraproject.org +[osbs-masters-stg] +osbs-master01.stg.phx2.fedoraproject.org -[os_control_stg] -os-control01.stg.iad2.fedoraproject.org -os-control01.stg.rdu3.fedoraproject.org +[osbs-nodes-stg] +osbs-node01.stg.phx2.fedoraproject.org +osbs-node02.stg.phx2.fedoraproject.org -[os_control] -os-control01.iad2.fedoraproject.org -os-control01.rdu3.fedoraproject.org +[osbsworker-x86-64-masters-stg] +osbsworker-x86-64-master01.stg.phx2.fedoraproject.org -# registries -[oci_registry] -oci-registry01.iad2.fedoraproject.org -oci-registry02.iad2.fedoraproject.org -oci-candidate-registry01.iad2.fedoraproject.org +[osbsworker-x86-64-nodes-stg] +osbsworker-x86-64-node01.stg.phx2.fedoraproject.org +osbsworker-x86-64-node02.stg.phx2.fedoraproject.org -[oci_registry_stg] -oci-registry01.stg.iad2.fedoraproject.org -oci-candidate-registry01.stg.iad2.fedoraproject.org +[osbsworker-masters-stg:children] +osbsworker-x86-64-masters-stg + +[osbsworker-nodes-stg:children] +osbsworker-x86-64-nodes-stg + +[osbs-orchestrators-stg:children] +osbs-nodes-stg +osbs-masters-stg + +[osbs-workers-stg:children] +osbsworker-x86-64-nodes-stg +osbsworker-x86-64-masters-stg + +[osbs-stg:children] +osbs-control-stg +osbs-orchestrators-stg +osbs-workers-stg + +[os-control-stg] +os-control01.stg.phx2.fedoraproject.org + +[os-masters-stg] +os-master01.stg.phx2.fedoraproject.org +os-master02.stg.phx2.fedoraproject.org +os-master03.stg.phx2.fedoraproject.org + +[os-nodes-stg] +os-node01.stg.phx2.fedoraproject.org +os-node02.stg.phx2.fedoraproject.org + +[os-stg:children] +os-nodes-stg +os-masters-stg +os-control-stg + +[os-control] +os-control01.phx2.fedoraproject.org + +[os-masters] +os-master01.phx2.fedoraproject.org +os-master02.phx2.fedoraproject.org +os-master03.phx2.fedoraproject.org + +[os-nodes] +os-node01.phx2.fedoraproject.org +os-node02.phx2.fedoraproject.org + +[os:children] +os-nodes +os-masters +os-control + +[ci] +ci-cc-rdu01.fedoraproject.org + +# Docker (docker-distribution) registries +[docker-registry] +docker-registry02.phx2.fedoraproject.org +docker-registry03.phx2.fedoraproject.org +docker-candidate-registry01.phx2.fedoraproject.org + +[docker-registry-stg] +docker-registry01.stg.phx2.fedoraproject.org +docker-registry02.stg.phx2.fedoraproject.org +docker-candidate-registry01.stg.phx2.fedoraproject.org ## Not the candidate just the top registry -[moby_registry] -oci-registry01.iad2.fedoraproject.org +[moby-registry] +docker-registry02.phx2.fedoraproject.org ## Not the candidate just the top registry -[moby_registry_stg] -oci-registry01.stg.iad2.fedoraproject.org +[moby-registry-stg] +docker-registry01.stg.phx2.fedoraproject.org [webservers:children] proxies +ipsilon ipa fas @@ -907,115 +1482,37 @@ fas # and we want to not alert on those, so to the client nrpe.conf uses # this group to denote those. # -[zombie_infested] +[zombie-infested] # anon git via systemd socket seems to get zombies from time to time +pkgs02.phx2.fedoraproject.org +# the openstack 5.0 vnc console viewer causes bunches of Zombies +fed-cloud09.cloud.fedoraproject.org # Ansible from time to time in large runs has zombie threads -pkgs01.iad2.fedoraproject.org -batcave01.iad2.fedoraproject.org +batcave01.phx2.fedoraproject.org +# Copr backend gets zombies +copr-be.cloud.fedoraproject.org # bodhi-backend01 gets zombies right at the end of pushes -bodhi-backend01.iad2.fedoraproject.org +bodhi-backend01.phx2.fedoraproject.org -[sar] -bodhi-backend01.iad2.fedoraproject.org -mailman01.iad2.fedoraproject.org -people01.fedoraproject.org -pagure02.fedoraproject.org -pkgs01.iad2.fedoraproject.org -#wiki01.iad2.fedoraproject.org +# These are groups of "hosts" that are not real hosts, but represent +# applications in openshift. They exists here so that they can declare vars for +# other "global" roles like the fedmsg config. +#[openshift-pseudohosts:children] +#greenwave +#waiverdb -[nfs_servers] -storinator01.rdu-cc.fedoraproject.org +[openshift-pseudohosts-stg:children] +greenwave-stg +waiverdb-stg -# communishift -- community openshift -# [virthost_communishift] -# virthost-os01.fedorainfracloud.org -# virthost-os02.fedorainfracloud.org -# virthost-os03.fedorainfracloud.org -# os-storage-node12.fedorainfracloud.org -# os-storage-node13.fedorainfracloud.org -# os-storage-node14.fedorainfracloud.org -# virthost-ppc64le-os01.fedorainfracloud.org -# virthost-aarch64-os01.fedorainfracloud.org -# virthost-aarch64-os02.fedorainfracloud.org +#[greenwave] +#greenwave-web-greenwave.app.os.fedoraproject.org -# [os_proxies] -# os-proxy01.fedorainfracloud.org -# os-proxy02.fedorainfracloud.org +[greenwave-stg] +greenwave-web-greenwave.app.os.stg.fedoraproject.org -# -# These are hosts and groups that do not use linux-system-roles/network for configuring network -# The cloud_aws hosts have network all setup by cloud-init and/or provider. -# The ibiblio hosts are using port bonding. Someday we need to configure it via linux-sys-roles. -# -[no_linux_system_roles:children] -cloud_aws -buildvm_s390x_stg -bvmhost_s390x +#[waiverdb] +#waiverdb-web-waiverdb.app.os.fedoraproject.org -[iad2:children] -iad2_production -iad2_staging - -[iad2_production:children] -backup -bastion_iad2 -batcave_iad2 -bodhi_backend -buildhw -buildvm -buildvm_aarch64 -buildvm_ppc64le -bkernel -bvirthost -certgetter -dbserver -debuginfod -dns_iad2 -download_iad2 -flatpak_cache -ipa -ipsilon -koji -kojipkgs -logging -mailman -memcached -nagios_iad2 -oci_registry -openqa -openqa_lab -openqa_lab_workers -openqa_workers -pkgs -proxies_iad2 -qahardware -rabbitmq -releng_compose -secondary -sundries -tang -value -virthost -wiki - -[iad2_staging:children] -bastion_stg -bodhi_backend_stg -buildvm_stg -buildvm_ppc64le_stg -buildvm_aarch64_stg -dbserver_stg -debuginfod_stg -ipa_stg -ipsilon_stg -koji_stg -memcached_stg -oci_registry_stg -pkgs_stg -proxies_stg -rabbitmq_stg -releng_compose_stg -sundries_stg -value_stg -wiki_stg -zabbix_stg +[waiverdb-stg] +waiverdb-web-waiverdb.app.os.stg.fedoraproject.org diff --git a/inventory/zzz-inventory.config b/inventory/zzz-inventory.config deleted file mode 100644 index bc661631da..0000000000 --- a/inventory/zzz-inventory.config +++ /dev/null @@ -1,19 +0,0 @@ -plugin: constructed -strict: False -compose: -groups: - iad2: ('iad2.fedoraproject.org' in ansible_domain) - iad2_guests: ('iad2.fedoraproject.org' in ansible_domain and 'guest' in ansible_virtualization_role) - iad2_hosts: ('iad2.fedoraproject.org' in ansible_domain and 'host' in ansible_virtualization_role) -keyed_groups: - - prefix: distro - key: ansible_distribution - - - prefix: vmhost - key: vmhost - - - prefix: datacenter - key: datacenter - - - prefix: virt - key: ansible_virtualization_role diff --git a/library/delete_old_oci_images.py b/library/delete_old_oci_images.py deleted file mode 100644 index 981c5da8cd..0000000000 --- a/library/delete_old_oci_images.py +++ /dev/null @@ -1,171 +0,0 @@ -#!/usr/bin/python3 -# -*- coding: utf-8 -*- -# -# delete_old_oci_images.py - Ansible module that returns old images from a container registry -# -# Copyright (C) 2019 Red Hat, Inc. -# SPDX-License-Identifier: GPL-2.0+ -# -DOCUMENTATION = """ ---- -author: - - "Clément Verna " -module: delete_old_oci_images -short_description: Check for old OCI images in a registry and delete them. -description: - - Look for OCI images tag in a registry that are older than "days". - - Delete the OCI images tag from these old images. -options: - registry: - description: - - URL of the registry to use. - required: False - default: "https://candidate-registry.fedoraproject.org" - days: - description: - - Number of days used to check if we want to delete or keep and image tag. - required: True - username: - description: - - Username uses to login against the registry. - required: True - password: - description: - - Password used to login against the registry. - required: True -""" - -EXAMPLES = """ -- delete_old_oci_images: - days: 30 - username: "{{ secret_username }}" - password: "{{ secret_password }}" - -- delete_old_oci_images: - registry: "https://candidate-registry.stg.fedoraproject.org" - days: 10 - username: "{{ secret_stg_username }}" - password: "{{ secret_stg_password }}" -""" - -from ansible.module_utils.basic import * -from datetime import datetime, timedelta - - -def main(): - """ - Ensure that images that are at least 'days' old are deleted - from the registry. - """ - module_args = dict( - registry=dict( - type="str", required=False, default="https://candidate-registry.fedoraproject.org" - ), - days=dict(type="int", required=True), - username=dict(type="str", required=True), - password=dict(type="str", required=True, no_log=True), - ) - - module = AnsibleModule(argument_spec=module_args, supports_check_mode=True) - - try: - import requests - - headers = { - "Accept": "application/vnd.docker.distribution.manifest.v2+json,"\ - "application/vnd.oci.image.index.v1+json,"\ - "application/vnd.oci.image.manifest.v1+json,"\ - "application/vnd.docker.distribution.manifest.list.v2+json"\ - } - except ImportError: - module.fail_json(msg="the requests python module not found on the target system") - - result = {"failed": False, "stdout_lines": []} - check_mode = module.check_mode - registry = module.params["registry"] - days = module.params["days"] - username = module.params["username"] - password = module.params["password"] - - # Prepare the requests session - s = requests.Session() - - # Retry in case of failed connection - adapter = requests.adapters.HTTPAdapter(max_retries=5) - s.mount("http://", adapter) - s.mount("https://", adapter) - - # Set the correct headers - s.headers.update(headers) - # Set the authentication - s.auth = (username, password) - - # Get the list of repositories in the registry (Assume we have less than 500) - resp = s.get("{}/v2/_catalog?n=500".format(registry)) - if not resp.ok: - module.fail_json( - msg="Failed to get the list of images on the {}".format(registry), failed=True - ) - - repositories = resp.json().get("repositories") - - # For each repository found get all the tags - for repo in repositories: - resp = s.get("{}/v2/{}/tags/list".format(registry, repo)) - if not resp.ok: - result["stdout_lines"].append("Failed to get the list of tags for {}".format(repo)) - - image = resp.json() - # Log the repositories that don't have any tags - if image["tags"] is None: - result["stdout_lines"].append("{} does not have any tags".format(repo)) - continue - # For each tag get the maninfest - for tag in image["tags"]: - resp = s.get("{}/v2/{}/manifests/{}".format(registry, repo, tag)) - if not resp.ok: - result["stdout_lines"].append( - "Failed to get the manifest for {}:{}".format(repo, tag) - ) - - # For each tag get the blobs - config = resp.json().get("config") - if config is not None: - digest = config.get("digest") - resp = s.get("{}/v2/{}/blobs/{}".format(registry, repo, digest)) - if not resp.ok: - result["stdout_lines"].append( - "Failed to get the blob for {}:{}".format(repo, digest) - ) - - # Find when a blob was created - age = resp.json().get("created") - if age is None: - result["stdout_lines"].append( - "Could not get date for {}:{} -- skipping".format(repo, digest) - ) - continue - # Check if the blob is older than "days" - if datetime.strptime(age[:10], "%Y-%m-%d") <= datetime.now() - timedelta(days=days): - if not check_mode: - # Delete the tag - resp = s.get("{}/v2/{}/manifests/{}".format(registry, repo, tag)) - digest = resp.headers["Docker-Content-Digest"] - resp = s.delete("{}/v2/{}/manifests/{}".format(registry, repo, digest)) - if resp.ok: - result["changed"] = True - else: - module.fail_json( - msg="Failed to delete {}:{} with the error : {}".format( - repo, tag, resp.text - ), - failed=True, - ) - else: - result["stdout_lines"].append("would delete {}:{}".format(repo, tag)) - result["changed"] = True - - module.exit_json(**result) - - -main() diff --git a/library/lvol.py b/library/lvol.py new file mode 100644 index 0000000000..75d8c56ac9 --- /dev/null +++ b/library/lvol.py @@ -0,0 +1,401 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# (c) 2013, Jeroen Hoekx , Alexander Bulimov +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + +DOCUMENTATION = ''' +--- +author: + - "Jeroen Hoekx (@jhoekx)" + - "Alexander Bulimov (@abulimov)" +module: lvol +short_description: Configure LVM logical volumes +description: + - This module creates, removes or resizes logical volumes. +version_added: "1.1" +options: + vg: + description: + - The volume group this logical volume is part of. + required: true + lv: + description: + - The name of the logical volume. + required: true + size: + description: + - The size of the logical volume, according to lvcreate(8) --size, by + default in megabytes or optionally with one of [bBsSkKmMgGtTpPeE] units; or + according to lvcreate(8) --extents as a percentage of [VG|PVS|FREE]; + Float values must begin with a digit. + Resizing using percentage values was not supported prior to 2.1. + state: + choices: [ "present", "absent" ] + default: present + description: + - Control if the logical volume exists. If C(present) the C(size) option + is required. + required: false + force: + version_added: "1.5" + choices: [ "yes", "no" ] + default: "no" + description: + - Shrink or remove operations of volumes requires this switch. Ensures that + that filesystems get never corrupted/destroyed by mistake. + required: false + opts: + version_added: "2.0" + description: + - Free-form options to be passed to the lvcreate command + snapshot: + version_added: "2.1" + description: + - The name of the snapshot volume + required: false + pvs: + version_added: "2.2" + description: + - Comma separated list of physical volumes e.g. /dev/sda,/dev/sdb + required: false + shrink: + version_added: "2.2" + description: + - shrink if current size is higher than size requested + required: false + default: yes +notes: + - Filesystems on top of the volume are not resized. +''' + +EXAMPLES = ''' +# Create a logical volume of 512m. +- lvol: vg=firefly lv=test size=512 + +# Create a logical volume of 512m with disks /dev/sda and /dev/sdb +- lvol: vg=firefly lv=test size=512 pvs=/dev/sda,/dev/sdb + +# Create cache pool logical volume +- lvol: vg=firefly lv=lvcache size=512m opts='--type cache-pool' + +# Create a logical volume of 512g. +- lvol: vg=firefly lv=test size=512g + +# Create a logical volume the size of all remaining space in the volume group +- lvol: vg=firefly lv=test size=100%FREE + +# Create a logical volume with special options +- lvol: vg=firefly lv=test size=512g opts="-r 16" + +# Extend the logical volume to 1024m. +- lvol: vg=firefly lv=test size=1024 + +# Extend the logical volume to consume all remaining space in the volume group +- lvol: vg=firefly lv=test size=+100%FREE + +# Extend the logical volume to take all remaining space of the PVs +- lvol: vg=firefly lv=test size=100%PVS + +# Resize the logical volume to % of VG +- lvol: vg-firefly lv=test size=80%VG force=yes + +# Reduce the logical volume to 512m +- lvol: vg=firefly lv=test size=512 force=yes + +# Set the logical volume to 512m and do not try to shrink if size is lower than current one +- lvol: vg=firefly lv=test size=512 shrink=no + +# Remove the logical volume. +- lvol: vg=firefly lv=test state=absent force=yes + +# Create a snapshot volume of the test logical volume. +- lvol: vg=firefly lv=test snapshot=snap1 size=100m +''' + +import re + +decimal_point = re.compile(r"(\d+)") + +def mkversion(major, minor, patch): + return (1000 * 1000 * int(major)) + (1000 * int(minor)) + int(patch) + +def parse_lvs(data): + lvs = [] + for line in data.splitlines(): + parts = line.strip().split(';') + lvs.append({ + 'name': parts[0].replace('[','').replace(']',''), + 'size': int(decimal_point.match(parts[1]).group(1)) + }) + return lvs + +def parse_vgs(data): + vgs = [] + for line in data.splitlines(): + parts = line.strip().split(';') + vgs.append({ + 'name': parts[0], + 'size': int(decimal_point.match(parts[1]).group(1)), + 'free': int(decimal_point.match(parts[2]).group(1)), + 'ext_size': int(decimal_point.match(parts[3]).group(1)) + }) + return vgs + + +def get_lvm_version(module): + ver_cmd = module.get_bin_path("lvm", required=True) + rc, out, err = module.run_command("%s version" % (ver_cmd)) + if rc != 0: + return None + m = re.search("LVM version:\s+(\d+)\.(\d+)\.(\d+).*(\d{4}-\d{2}-\d{2})", out) + if not m: + return None + return mkversion(m.group(1), m.group(2), m.group(3)) + + +def main(): + module = AnsibleModule( + argument_spec=dict( + vg=dict(required=True), + lv=dict(required=True), + size=dict(type='str'), + opts=dict(type='str'), + state=dict(choices=["absent", "present"], default='present'), + force=dict(type='bool', default='no'), + shrink=dict(type='bool', default='yes'), + snapshot=dict(type='str', default=None), + pvs=dict(type='str') + ), + supports_check_mode=True, + ) + + # Determine if the "--yes" option should be used + version_found = get_lvm_version(module) + if version_found == None: + module.fail_json(msg="Failed to get LVM version number") + version_yesopt = mkversion(2, 2, 99) # First LVM with the "--yes" option + if version_found >= version_yesopt: + yesopt = "--yes" + else: + yesopt = "" + + vg = module.params['vg'] + lv = module.params['lv'] + size = module.params['size'] + opts = module.params['opts'] + state = module.params['state'] + force = module.boolean(module.params['force']) + shrink = module.boolean(module.params['shrink']) + size_opt = 'L' + size_unit = 'm' + snapshot = module.params['snapshot'] + pvs = module.params['pvs'] + + if pvs is None: + pvs = "" + else: + pvs = pvs.replace(",", " ") + + if opts is None: + opts = "" + + # Add --test option when running in check-mode + if module.check_mode: + test_opt = ' --test' + else: + test_opt = '' + + if size: + # LVCREATE(8) -l --extents option with percentage + if '%' in size: + size_parts = size.split('%', 1) + size_percent = int(size_parts[0]) + if size_percent > 100: + module.fail_json(msg="Size percentage cannot be larger than 100%") + size_whole = size_parts[1] + if size_whole == 'ORIGIN': + module.fail_json(msg="Snapshot Volumes are not supported") + elif size_whole not in ['VG', 'PVS', 'FREE']: + module.fail_json(msg="Specify extents as a percentage of VG|PVS|FREE") + size_opt = 'l' + size_unit = '' + + if not '%' in size: + # LVCREATE(8) -L --size option unit + if size[-1].lower() in 'bskmgtpe': + size_unit = size[-1].lower() + size = size[0:-1] + + try: + float(size) + if not size[0].isdigit(): raise ValueError() + except ValueError: + module.fail_json(msg="Bad size specification of '%s'" % size) + + # when no unit, megabytes by default + if size_opt == 'l': + unit = 'm' + else: + unit = size_unit + + # Get information on volume group requested + vgs_cmd = module.get_bin_path("vgs", required=True) + rc, current_vgs, err = module.run_command( + "%s --noheadings -o vg_name,size,free,vg_extent_size --units %s --separator ';' %s" % (vgs_cmd, unit, vg)) + + if rc != 0: + if state == 'absent': + module.exit_json(changed=False, stdout="Volume group %s does not exist." % vg, stderr=False) + else: + module.fail_json(msg="Volume group %s does not exist." % vg, rc=rc, err=err) + + vgs = parse_vgs(current_vgs) + this_vg = vgs[0] + + # Get information on logical volume requested + lvs_cmd = module.get_bin_path("lvs", required=True) + rc, current_lvs, err = module.run_command( + "%s -a --noheadings --nosuffix -o lv_name,size --units %s --separator ';' %s" % (lvs_cmd, unit, vg)) + + if rc != 0: + if state == 'absent': + module.exit_json(changed=False, stdout="Volume group %s does not exist." % vg, stderr=False) + else: + module.fail_json(msg="Volume group %s does not exist." % vg, rc=rc, err=err) + + changed = False + + lvs = parse_lvs(current_lvs) + + if snapshot is None: + check_lv = lv + else: + check_lv = snapshot + for test_lv in lvs: + if test_lv['name'] == check_lv: + this_lv = test_lv + break + else: + this_lv = None + + if state == 'present' and not size: + if this_lv is None: + module.fail_json(msg="No size given.") + else: + module.exit_json(changed=False, vg=vg, lv=this_lv['name'], size=this_lv['size']) + + msg = '' + if this_lv is None: + if state == 'present': + ### create LV + lvcreate_cmd = module.get_bin_path("lvcreate", required=True) + if snapshot is not None: + cmd = "%s %s %s -%s %s%s -s -n %s %s %s/%s" % (lvcreate_cmd, test_opt, yesopt, size_opt, size, size_unit, snapshot, opts, vg, lv) + else: + cmd = "%s %s %s -n %s -%s %s%s %s %s %s" % (lvcreate_cmd, test_opt, yesopt, lv, size_opt, size, size_unit, opts, vg, pvs) + rc, _, err = module.run_command(cmd) + if rc == 0: + changed = True + else: + module.fail_json(msg="Creating logical volume '%s' failed" % lv, rc=rc, err=err) + else: + if state == 'absent': + ### remove LV + if not force: + module.fail_json(msg="Sorry, no removal of logical volume %s without force=yes." % (this_lv['name'])) + lvremove_cmd = module.get_bin_path("lvremove", required=True) + rc, _, err = module.run_command("%s %s --force %s/%s" % (lvremove_cmd, test_opt, vg, this_lv['name'])) + if rc == 0: + module.exit_json(changed=True) + else: + module.fail_json(msg="Failed to remove logical volume %s" % (lv), rc=rc, err=err) + + elif size_opt == 'l': + ### Resize LV based on % value + tool = None + size_free = this_vg['free'] + if size_whole == 'VG' or size_whole == 'PVS': + size_requested = size_percent * this_vg['size'] / 100 + else: # size_whole == 'FREE': + size_requested = size_percent * this_vg['free'] / 100 + if '+' in size: + size_requested += this_lv['size'] + if this_lv['size'] < size_requested: + if (size_free > 0) and (('+' not in size) or (size_free >= (size_requested - this_lv['size']))): + tool = module.get_bin_path("lvextend", required=True) + else: + module.fail_json(msg="Logical Volume %s could not be extended. Not enough free space left (%s%s required / %s%s available)" % (this_lv['name'], (size_requested - this_lv['size']), unit, size_free, unit)) + elif shrink and this_lv['size'] > size_requested + this_vg['ext_size']: # more than an extent too large + if size_requested == 0: + module.fail_json(msg="Sorry, no shrinking of %s to 0 permitted." % (this_lv['name'])) + elif not force: + module.fail_json(msg="Sorry, no shrinking of %s without force=yes" % (this_lv['name'])) + else: + tool = module.get_bin_path("lvreduce", required=True) + tool = '%s %s' % (tool, '--force') + + if tool: + cmd = "%s %s -%s %s%s %s/%s %s" % (tool, test_opt, size_opt, size, size_unit, vg, this_lv['name'], pvs) + rc, out, err = module.run_command(cmd) + if "Reached maximum COW size" in out: + module.fail_json(msg="Unable to resize %s to %s%s" % (lv, size, size_unit), rc=rc, err=err, out=out) + elif rc == 0: + changed = True + msg="Volume %s resized to %s%s" % (this_lv['name'], size_requested, unit) + elif "matches existing size" in err: + module.exit_json(changed=False, vg=vg, lv=this_lv['name'], size=this_lv['size']) + elif "not larger than existing size" in err: + module.exit_json(changed=False, vg=vg, lv=this_lv['name'], size=this_lv['size'], msg="Original size is larger than requested size", err=err) + else: + module.fail_json(msg="Unable to resize %s to %s%s" % (lv, size, size_unit), rc=rc, err=err) + + else: + ### resize LV based on absolute values + tool = None + if int(size) > this_lv['size']: + tool = module.get_bin_path("lvextend", required=True) + elif shrink and int(size) < this_lv['size']: + if int(size) == 0: + module.fail_json(msg="Sorry, no shrinking of %s to 0 permitted." % (this_lv['name'])) + if not force: + module.fail_json(msg="Sorry, no shrinking of %s without force=yes." % (this_lv['name'])) + else: + tool = module.get_bin_path("lvreduce", required=True) + tool = '%s %s' % (tool, '--force') + + if tool: + cmd = "%s %s -%s %s%s %s/%s %s" % (tool, test_opt, size_opt, size, size_unit, vg, this_lv['name'], pvs) + rc, out, err = module.run_command(cmd) + if "Reached maximum COW size" in out: + module.fail_json(msg="Unable to resize %s to %s%s" % (lv, size, size_unit), rc=rc, err=err, out=out) + elif rc == 0: + changed = True + elif "matches existing size" in err: + module.exit_json(changed=False, vg=vg, lv=this_lv['name'], size=this_lv['size']) + elif "not larger than existing size" in err: + module.exit_json(changed=False, vg=vg, lv=this_lv['name'], size=this_lv['size'], msg="Original size is larger than requested size", err=err) + else: + module.fail_json(msg="Unable to resize %s to %s%s" % (lv, size, size_unit), rc=rc, err=err) + + module.exit_json(changed=changed, msg=msg) + +# import module snippets +from ansible.module_utils.basic import * + +if __name__ == '__main__': + main() diff --git a/library/python3_fact.py b/library/python3_fact.py deleted file mode 100644 index 0d9c569a1b..0000000000 --- a/library/python3_fact.py +++ /dev/null @@ -1,85 +0,0 @@ -#!/usr/bin/env python - -import json -from subprocess import check_output - -from ansible.module_utils.basic import AnsibleModule - - -DOCUMENTATION = r''' ---- -module: python3_fact - -short_description: Add Ansible facts about the Python3 installation - -# If this is part of a collection, you need to use semantic versioning, -# i.e. the version is of the form "2.5.0" and not "2.4". -version_added: "1.0.0" - -description: Ansible facts will be added about the following Python3 - -author: - - Aurelien Bompard (@abompard) -''' - -EXAMPLES = r''' -# In ansible.cfg - -facts_modules = smart, python3_fact - -# Ansible facts dump: - -$ ansible -m debug -a var=ansible_facts hostname -"ansible_facts": { - ... - "python3": { - "sitelib": "/usr/lib/python3.11/site-packages" - }, - ... -} -''' - -RETURN = r''' -sitelib: - description: The full path to the site-packages directory. - type: str - returned: always - sample: '/usr/lib/python3.11/site-packages' -''' - -PYCODE = """ -from json import dumps -from sysconfig import get_path, get_scheme_names -from sys import version_info -scheme = "rpm_prefix" if "rpm_prefix" in get_scheme_names() else "posix_prefix" -print(dumps({ - "sitelib": get_path("purelib", scheme), - "sitearch": get_path("platlib", scheme), - "version": f"{version_info.major}.{version_info.minor}", -})) -""" - - - -def run_module(): - module = AnsibleModule( - argument_spec={}, - supports_check_mode=True - ) - try: - output = check_output([ - "python3", "-c", - PYCODE, - ]) - except OSError: - module.exit_json(changed=False, ansible_facts=dict()) - else: - module.exit_json(changed=False, ansible_facts=dict(python3=json.loads(output.strip()))) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/library/virt_boot b/library/virt_boot index 6280297e14..6591e5602d 100755 --- a/library/virt_boot +++ b/library/virt_boot @@ -1,4 +1,4 @@ -#!/usr/bin/python3 +#!/usr/bin/python # -*- coding: utf-8 -*- # (c) 2012, Jeroen Hoekx @@ -100,12 +100,12 @@ except ImportError: import elementtree.ElementTree as ET from elementtree.ElementTree import SubElement except ImportError: - print("failed=True msg='ElementTree python module unavailable'") + print "failed=True msg='ElementTree python module unavailable'" try: import libvirt except ImportError: - print("failed=True msg='libvirt python module unavailable'") + print "failed=True msg='libvirt python module unavailable'" sys.exit(1) from ansible.module_utils.basic import AnsibleModule @@ -138,7 +138,7 @@ def detach_disk(domain, doc, device): source = disk.find('source') if source is not None and 'file' in source.attrib: del source.attrib['file'] - domain.updateDeviceFlags(ET.tostring(disk).decode('utf-8'), libvirt.VIR_DOMAIN_AFFECT_CONFIG) + domain.updateDeviceFlags(ET.tostring(disk), libvirt.VIR_DOMAIN_AFFECT_CONFIG) return True return False @@ -287,7 +287,7 @@ def main(): changed = True ### save back - conn.defineXML( ET.tostring(doc).decode('utf-8') ) + conn.defineXML( ET.tostring(doc) ) if start and not domain.isActive(): changed = True diff --git a/main.yml b/main.yml deleted file mode 100644 index fd069e6685..0000000000 --- a/main.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -## -## This is the master playbook. It includes all the other playbooks. -## Usually you would call it with a -t tagname to only run a specific tag -## over all machines. -## -## some common ones: -## -t apache -> run when tasks/apache.yml changes. -## -## -## -## group playbooks -## -- import_playbook: /srv/web/infra/ansible/playbooks/groups/backup-server.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/bastion.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/batcave.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/bodhi-backend.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/buildhw.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/buildvm.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/certgetter.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/copr-backend.yml -# - import_playbook: /srv/web/infra/ansible/playbooks/groups/copr-db.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/copr-dist-git.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/copr-frontend.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/copr-hypervisor.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/copr-keygen.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/debuginfod.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/dns.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/download.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/flatpak-cache.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/ipa.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/ipsilon.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/koji-hub.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/kojipkgs.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/logserver.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/mailman.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/maintainer-test.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/mariadb-server.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/memcached.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/nfs-servers.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/noc.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/os-control.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/oci-registry.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/openqa-workers.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/openqa.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/pagure.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/people.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/pkgs.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/postgresql-server.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/proxies.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/rabbitmq.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/releng-compose.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/retrace.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/secondary.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/sign-bridge.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/smtp-mm.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/smtp-auth.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/sundries.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/tang.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/torrent.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/value.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/virthost.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/wiki.yml - -# -# host playbooks -# - -- import_playbook: /srv/web/infra/ansible/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml diff --git a/master.yml b/master.yml new file mode 100644 index 0000000000..6196707f8b --- /dev/null +++ b/master.yml @@ -0,0 +1,155 @@ +--- +# +# This is the master playbook. It includes all the other playbooks. +# Usually you would call it with a -t tagname to only run a specific tag +# over all machines. +# +# some common ones: +# -t fedmsgconfig -> runs fedmsg/base config over all playbooks +# -t apache -> run when tasks/apache.yml changes. +# + +# +# group playbooks + +- import_playbook: /srv/web/infra/ansible/playbooks/groups/anitya.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/arm-qa.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/ask.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/autocloud-backend.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/autocloud-web.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/backup-server.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/badges-backend.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/badges-web.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/basset.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/bastion.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/batcave.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/beaker.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/beaker-virthosts.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/blockerbugs.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/bodhi2.yml +#- import_playbook: /srv/web/infra/ansible/playbooks/groups/bodhi-backend.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/bugzilla2fedmsg.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/buildhw.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/buildvm.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/bugyou.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/busgateway.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/ci.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/copr-backend.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/copr-dist-git.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/copr-frontend.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/copr-keygen.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/darkserver.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/darkserver-backend.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/darkserver-web.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/datagrepper.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/docker-registry.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/dhcp.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/dns.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/download.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/elections.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/fas.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/fas3.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/fedimg.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/fedocal.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/github2fedmsg.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/gnome-backups.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/hotness.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/infinote.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/ipa.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/ipsilon.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/jenkins-master.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/jenkins-slave.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/kerneltest.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/keyserver.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/koji-hub.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/kojipkgs.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/koschei-backend.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/koschei-web.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/logserver.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/loopabull.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/mbs.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/mailman.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/maintainer-test.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/mariadb-server.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/mdapi.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/mirrorlist2.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/mirrormanager.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/memcached.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/modernpaste.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/noc.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/notifs-backend.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/notifs-web.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/nuancier.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/openqa.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/openqa-workers.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/openstack-compute-nodes.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/osbs-cluster.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/os-cluster.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/packages.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/pagure.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/pdc.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/people.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/pkgdb.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/pkgs.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/postgresql-server.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/postgresql-server-bdr.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/proxies.yml +#- import_playbook: /srv/web/infra/ansible/playbooks/groups/qa.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/resultsdb-prod.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/resultsdb-dev.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/resultsdb-stg.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/retrace.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/releng-compose.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/secondary.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/smtp-mm.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/sign-bridge.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/statscache.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/summershum.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/sundries.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/tagger.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/taskotron.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/taskotron-client-hosts.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/torrent.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/twisted-buildbots.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/unbound.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/value.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/virthost.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/wiki.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/zanata2fedmsg.yml + +# +# host playbooks +# + +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/artboard.fedorainfracloud.org.yml +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/cloud-noc01.cloud.fedoraproject.org.yml +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/communityblog.fedorainfracloud.org.yml +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/commops.fedorainfracloud.org.yml +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/darkserver-dev.fedorainfracloud.org.yml +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/developer.fedorainfracloud.org.yml +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/eclipse.fedorainfracloud.org.yml +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/fas2-dev.fedorainfracloud.org.yml +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/fas3-dev.fedorainfracloud.org.yml +#- import_playbook: /srv/web/infra/ansible/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/faitout.fedorainfracloud.org.yml +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/fedora-bootstrap.fedorainfracloud.org.yml +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/fedimg-dev.fedorainfracloud.org.yml +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/glittergallery-dev.fedorainfracloud.org.yml +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/grafana.cloud.fedoraproject.org.yml +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/graphite.fedorainfracloud.org.yml +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/hubs-dev.fedorainfracloud.org.yml +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/iddev.fedorainfracloud.org.yml +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/insim.fedorainfracloud.org.yml +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/lists-dev.fedorainfracloud.org.yml +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/magazine2.fedorainfracloud.org.yml +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/ansiblemagazine.fedorainfracloud.org.yml +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/modernpaste.fedorainfracloud.org.yml +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/modularity.fedorainfracloud.org.yml +#- import_playbook: /srv/web/infra/ansible/playbooks/hosts/regcfp2.fedorainfracloud.org.yml +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/respins.fedorainfracloud.org.yml +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/shumgrepper-dev.fedorainfracloud.org.yml +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/taiga.fedorainfracloud.org.yml +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/taigastg.fedorainfracloud.org.yml +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/testdays.fedorainfracloud.org.yml +- import_playbook: /srv/web/infra/ansible/playbooks/hosts/upstreamfirst.fedorainfracloud.org.yml diff --git a/playbooks/check-for-nonvirt-updates.yml b/playbooks/check-for-nonvirt-updates.yml index 1195bbc0f3..bf59009b4f 100644 --- a/playbooks/check-for-nonvirt-updates.yml +++ b/playbooks/check-for-nonvirt-updates.yml @@ -8,55 +8,25 @@ # time ansible-playbook check-for-updates.yml | grep msg\": | awk -F: '{print $2}' | sort # ---- -- name: Check for updates (EL) - hosts: virt_host:&distro_RedHat - gather_facts: false +- name: check for updates + hosts: all + gather_facts: true + user: root tasks: - - name: Check for updates (yum) + - name: check for updates (yum) yum: list=updates update_cache=true register: yumoutput + when: ansible_distribution_major_version|int < 22 and ansible_virtualization_role == 'host' - - debug: msg="{{ inventory_hostname}} {{ yumoutput.results|length }}" - -- name: Check for updates (Fedora) - hosts: virt_host:&distro_Fedora - gather_facts: false - - tasks: - - - name: Check for updates (dnf) + - name: check for updates (dnf) dnf: list=updates register: dnfoutput - - - debug: msg="{{ inventory_hostname}} {{ dnfoutput.results|length }}" - -# -# For some reason ansible detects aarch64/armv7 hosts as virt type "NA" -# - -- name: Check for updates (aarch64/armv7) EL - hosts: virt_NA:&distro_RedHat - gather_facts: false - - tasks: - - - name: Check for updates (yum) - yum: list=updates update_cache=true - register: yumoutput + when: ansible_distribution_major_version|int > 21 and ansible_virtualization_role == 'host' - debug: msg="{{ inventory_hostname}} {{ yumoutput.results|length }}" - -- name: Check for updates (aarch64/armv7) Fedora - hosts: virt_NA:&distro_Fedora - gather_facts: false - - tasks: - - - name: Check for updates (dnf) - dnf: list=updates - register: dnfoutput + when: yumoutput is defined and yumoutput.results|length > 0 - debug: msg="{{ inventory_hostname}} {{ dnfoutput.results|length }}" + when: dnfoutput is defined and dnfoutput.results|length > 0 diff --git a/playbooks/check-for-updates.yml b/playbooks/check-for-updates.yml index f1f554d39c..ec828497de 100644 --- a/playbooks/check-for-updates.yml +++ b/playbooks/check-for-updates.yml @@ -8,36 +8,25 @@ # time ansible-playbook check-for-updates.yml | grep msg\": | awk -F: '{print $2}' | sort # ---- -- name: Check for updates - hosts: distro_RedHat:distro_CentOS:!ocp*:!worker* - gather_facts: false +- name: check for updates + hosts: all + gather_facts: true + user: root tasks: - - name: Check for updates (yum) + - name: check for updates (yum) yum: list=updates update_cache=true register: yumoutput + when: ansible_distribution_major_version|int < 22 - - debug: msg="{{ inventory_hostname}} {{ yumoutput.results|length }}" - when: yumoutput.results|length > 0 - -- name: Check for updates - hosts: distro_Fedora:!ocp*:!worker* - gather_facts: false - - tasks: - -# -# We use the command module here because the real module can't expire -# - - - name: Make dnf recheck for new metadata from repos - ansible.builtin.command: dnf clean expire-cache - - - name: Check for updates (dnf) + - name: check for updates (dnf) dnf: list=updates register: dnfoutput + when: ansible_distribution_major_version|int > 21 + + - debug: msg="{{ inventory_hostname}} {{ yumoutput.results|length }}" + when: yumoutput is defined and yumoutput.results|length > 0 - debug: msg="{{ inventory_hostname}} {{ dnfoutput.results|length }}" - when: dnfoutput.results|length > 0 + when: dnfoutput is defined and dnfoutput.results|length > 0 diff --git a/playbooks/check-host.yml b/playbooks/check-host.yml index b09d1337ba..33bff7b99e 100644 --- a/playbooks/check-host.yml +++ b/playbooks/check-host.yml @@ -1,6 +1,6 @@ # tags defined: [check], services, updates, restart, fileverify, iptables, selinux # for the fix part, I guess its better to include the role(s) for particular host that brings the system -# to the desired state in terms of: services, updates, file verification, iptables, nftables, and selinux +# to the desired state in terms of: services, updates, file verification, iptables, and selinux --- - hosts: "{{ target }}" user: root @@ -9,42 +9,24 @@ tasks: - - name: Create temp dir for collecting info - ansible.builtin.shell: mktemp -d + - name: create temp dir for collecting info + shell: mktemp -d register: temp_dir - changed_when: false + changed_when: False - name: Get list of active loaded services with systemctl - ansible.builtin.shell: '/bin/systemctl -t service --no-legend | egrep "loaded active" | tr -s " " | cut -d " " -f1' - changed_when: false - when: ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora' - register: loaded_active_services_systemctl - tags: - - check - - services - - - name: Get list of active loaded services with systemctl - ansible.builtin.shell: '/bin/systemctl -t service --no-legend | egrep "loaded active" | tr -s " " | cut -d " " -f1' - changed_when: false - when: ansible_distribution_major_version|int > 6 and ansible_distribution == 'RedHat' + shell: '/bin/systemctl -t service --no-legend | egrep "loaded active" | tr -s " " | cut -d " " -f1' + changed_when: False + when: ansible_distribution_major_version|int > 6 register: loaded_active_services_systemctl tags: - check - services - name: Get list of inactive loaded services with systemctl - ansible.builtin.shell: '/bin/systemctl -t service --no-legend | egrep -v "loaded active" | tr -s " " | cut -d " " -f1' - changed_when: false - when: ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora' - register: loaded_inactive_services_systemctl - tags: - - check - - services - - - name: Get list of inactive loaded services with systemctl - ansible.builtin.shell: '/bin/systemctl -t service --no-legend | egrep -v "loaded active" | tr -s " " | cut -d " " -f1' - changed_when: false - when: ansible_distribution_major_version|int > 6 and ansible_distribution == 'RedHat' + shell: '/bin/systemctl -t service --no-legend | egrep -v "loaded active" | tr -s " " | cut -d " " -f1' + changed_when: False + when: ansible_distribution_major_version|int > 6 register: loaded_inactive_services_systemctl tags: - check @@ -52,53 +34,53 @@ - name: Get list of enabled services with chkconfig at current runlevel - ansible.builtin.shell: "chkconfig | grep \"`runlevel | cut -d ' ' -f 2`:on\" | awk '{print $1}'" - changed_when: false - when: ansible_distribution_major_version|int <= 6 and ansible_distribution == 'RedHat' + shell: "chkconfig | grep \"`runlevel | cut -d ' ' -f 2`:on\" | awk '{print $1}'" + changed_when: False + when: ansible_distribution_major_version|int <= 6 register: enabled_services_chkconfig tags: - check - services - name: Get list of disabled services with chkconfig at current runlevel - ansible.builtin.shell: "chkconfig | grep \"`runlevel | cut -d ' ' -f 2`:off\" | awk '{print $1}'" - changed_when: false - when: ansible_distribution_major_version|int <= 6 and ansible_distribution == 'RedHat' + shell: "chkconfig | grep \"`runlevel | cut -d ' ' -f 2`:off\" | awk '{print $1}'" + changed_when: False + when: ansible_distribution_major_version|int <= 6 register: disabled_services_chkconfig tags: - check - services - - name: Output enabled service list chkconfig - ansible.builtin.shell: echo {{enabled_services_chkconfig.stdout_lines}} >> {{temp_dir.stdout}}/eservices + - name: output enabled service list chkconfig + shell: echo {{enabled_services_chkconfig.stdout_lines}} >> {{temp_dir.stdout}}/eservices when: enabled_services_chkconfig is defined and enabled_services_chkconfig.rc == 0 - changed_when: false + changed_when: False tags: - check - services - - name: Output disabled loaded service list chkconfig - ansible.builtin.shell: echo {{disabled_services_chkconfig.stdout_lines}} >> {{temp_dir.stdout}}/dservices + - name: output disabled loaded service list chkconfig + shell: echo {{disabled_services_chkconfig.stdout_lines}} >> {{temp_dir.stdout}}/dservices when: disabled_services_chkconfig is defined and disabled_services_chkconfig.rc == 0 - changed_when: false + changed_when: False tags: - check - services - - name: Output loaded active service list systemctl - ansible.builtin.shell: echo {{loaded_active_services_systemctl.stdout_lines}} >> {{temp_dir.stdout}}/laservices + - name: output loaded active service list systemctl + shell: echo {{loaded_active_services_systemctl.stdout_lines}} >> {{temp_dir.stdout}}/laservices when: loaded_active_services_systemctl is defined and loaded_active_services_systemctl.rc == 0 - changed_when: false + changed_when: False tags: - check - services - - name: Output loaded inactive service list systemctl - ansible.builtin.shell: echo {{loaded_inactive_services_systemctl.stdout_lines}} >> {{temp_dir.stdout}}/liservices + - name: output loaded inactive service list systemctl + shell: echo {{loaded_inactive_services_systemctl.stdout_lines}} >> {{temp_dir.stdout}}/liservices when: loaded_inactive_services_systemctl is defined and loaded_inactive_services_systemctl.rc == 0 - changed_when: false + changed_when: False tags: - check - services @@ -108,193 +90,178 @@ script: needs-updates --host {{ inventory_hostname }} register: list_update delegate_to: 127.0.0.1 - changed_when: false + changed_when: False tags: - check - updates - name: Show pending updates - ansible.builtin.shell: echo {{list_update.stdout_lines}} >> {{temp_dir.stdout}}/pending_updates - changed_when: false + shell: echo {{list_update.stdout_lines}} >> {{temp_dir.stdout}}/pending_updates + changed_when: False tags: - check - updates - name: Get processes that need restarting - ansible.builtin.shell: needs-restarting + shell: needs-restarting register: needs_restarting - changed_when: false + changed_when: False tags: - check - restart - name: Show processes that need restarting - ansible.builtin.shell: echo {{needs_restarting.stdout_lines}} >> {{temp_dir.stdout}}/needing_restart - changed_when: false + shell: echo {{needs_restarting.stdout_lines}} >> {{temp_dir.stdout}}/needing_restart + changed_when: False tags: - check - restart - name: Get locally changed files from the rpm package - ansible.builtin.shell: rpm_tmp_var=`mktemp` && ! rpm -Va 2>/dev/null > $rpm_tmp_var && [[ -s $rpm_tmp_var ]] && echo $rpm_tmp_var warn=no + shell: rpm_tmp_var=`mktemp` && ! rpm -Va 2>/dev/null > $rpm_tmp_var && [[ -s $rpm_tmp_var ]] && echo $rpm_tmp_var warn=no register: localchanges - changed_when: false + changed_when: False tags: - check - fileverify - name: Get locally changed files (excluding config files) - ansible.builtin.command: "egrep -v ' c /' {{ localchanges.stdout }}" + command: "egrep -v ' c /' {{ localchanges.stdout }}" register: rpm_va_nc - changed_when: false + changed_when: False when: localchanges is defined and localchanges.stdout != "" tags: - check - fileverify - name: Show locally changed files (excluding config files) - ansible.builtin.shell: echo {{rpm_va_nc.stdout_lines}} >> {{temp_dir.stdout}}/local_changed + shell: echo {{rpm_va_nc.stdout_lines}} >> {{temp_dir.stdout}}/local_changed when: rpm_va_nc.stdout != "" - changed_when: false + changed_when: False tags: - check - fileverify - name: 'Whitelist - Get locally changed files (config files)' - ansible.builtin.command: "egrep ' c /' {{ localchanges.stdout }}" + command: "egrep ' c /' {{ localchanges.stdout }}" register: rpm_va_c when: localchanges is defined and localchanges.stdout != "" - changed_when: false + changed_when: False tags: - check - fileverify - name: 'Whitelist - Show locally changed files (config files)' - ansible.builtin.shell: echo {{rpm_va_c.stdout_lines}} >> {{temp_dir.stdout}}/local_config_changed - changed_when: false + shell: echo {{rpm_va_c.stdout_lines}} >> {{temp_dir.stdout}}/local_config_changed + changed_when: False when: rpm_va_c.stdout != "" tags: - check - fileverify - name: Check if using iptables - ansible.builtin.shell: /sbin/iptables -S + shell: /sbin/iptables -S register: iptablesn - changed_when: false - tags: - - check - - iptables - - - name: Check if using nftables - ansible.builtin.shell: /sbin/nft list ruleset - register: nftablesn - changed_when: false + changed_when: False tags: - check - iptables - name: Show iptables rules - ansible.builtin.shell: echo "{{iptablesn.stdout_lines}}" >> {{ temp_dir.stdout }}/iptables - changed_when: false - tags: - - check - - iptables - - - name: Show nftables rules - ansible.builtin.shell: echo "{{nftablesn.stdout_lines}}" >> {{ temp_dir.stdout }}/nftables - changed_when: false + shell: echo "{{iptablesn.stdout_lines}}" >> {{ temp_dir.stdout }}/iptables + changed_when: False tags: - check - iptables - name: Show current SELinux status - ansible.builtin.shell: echo "SELinux is {{ ansible_selinux.status }} for this System" >> {{temp_dir.stdout}}/selinux - changed_when: false + shell: echo "SELinux is {{ ansible_selinux.status }} for this System" >> {{temp_dir.stdout}}/selinux + changed_when: False tags: - check - selinux - name: Show Boot SELinux mode - ansible.builtin.shell: echo "SELinux boots to {{ ansible_selinux.config_mode }} mode " >> {{temp_dir.stdout}}/selinux + shell: echo "SELinux boots to {{ ansible_selinux.config_mode }} mode " >> {{temp_dir.stdout}}/selinux when: ansible_selinux.status != "disabled" - changed_when: false + changed_when: False tags: - check - selinux - name: Show Current SELinux mode - ansible.builtin.shell: echo "SELinux currently is in {{ ansible_selinux.mode }} mode" >> {{temp_dir.stdout}}/selinux + shell: echo "SELinux currently is in {{ ansible_selinux.mode }} mode" >> {{temp_dir.stdout}}/selinux when: ansible_selinux.status != "disabled" - changed_when: false + changed_when: False tags: - check - selinux - name: Match current SELinux status with boot status - ansible.builtin.shell: echo "SElinux Current and Boot modes are in sync" >> {{temp_dir.stdout}}/selinux + shell: echo "SElinux Current and Boot modes are in sync" >> {{temp_dir.stdout}}/selinux when: ansible_selinux.status != "disabled" and ansible_selinux.config_mode == ansible_selinux.mode - changed_when: false + changed_when: False tags: - check - selinux - - name: MisMatch current SELinux status with boot status - ansible.builtin.shell: echo "SElinux Current and Boot modes are NOT in sync" >> {{temp_dir.stdout}}/selinux + - name: misMatch current SELinux status with boot status + shell: echo "SElinux Current and Boot modes are NOT in sync" >> {{temp_dir.stdout}}/selinux when: ansible_selinux.status != "disabled" and ansible_selinux.config_mode != ansible_selinux.mode - changed_when: false + changed_when: False tags: - check - selinux - - name: Resolve last persisted dir - if one is present + - name: resolve last persisted dir - if one is present local_action: shell ls -d -1 {{datadir_prfx_path}}/{{inventory_hostname}}-* 2>/dev/null | sort -r | head -1 register: last_dir - changed_when: false - ignore_errors: true + changed_when: False + ignore_errors: True - - name: Get file list - ansible.builtin.shell: ls -1 {{temp_dir.stdout}}/* + - name: get file list + shell: ls -1 {{temp_dir.stdout}}/* register: file_list - changed_when: false + changed_when: False - - name: Get timestamp - ansible.builtin.shell: "date +%Y-%m-%d-%H-%M-%S" + - name: get timestamp + shell: "date +%Y-%m-%d-%H-%M-%S" register: timestamp - changed_when: false + changed_when: False - - name: Create persisting-state directory + - name: create persisting-state directory local_action: file path=/{{datadir_prfx_path}}/{{inventory_hostname}}-{{timestamp.stdout}} state=directory - changed_when: false + changed_when: False - - name: Fetch file list + - name: fetch file list fetch: src={{item}} dest=/{{datadir_prfx_path}}/{{inventory_hostname}}-{{timestamp.stdout}}/ flat=true with_items: "{{file_list.stdout_lines}}" - changed_when: false + changed_when: False - - name: Diff the new files with last ones presisted + - name: diff the new files with last ones presisted local_action: shell for file in {{datadir_prfx_path}}/{{inventory_hostname}}-{{timestamp.stdout}}/*; do filename=$(basename $file); diff {{datadir_prfx_path}}/{{inventory_hostname}}-{{timestamp.stdout}}/$filename {{last_dir.stdout.strip(':')}}/$filename; done - ignore_errors: true - changed_when: false + ignore_errors: True + changed_when: False register: file_diff when: last_dir is defined and last_dir.stdout != "" - - name: Display diff + - name: display diff debug: var=file_diff.stdout_lines - ignore_errors: true - changed_when: false + ignore_errors: True + changed_when: False when: file_diff is defined -# clean up: can also be put as handlers +#clean up: can also be put as handlers - - name: Clean remote temp dir - ansible.builtin.file: path={{temp_dir.stdout}} state=absent - changed_when: false + - name: clean remote temp dir + file: path={{temp_dir.stdout}} state=absent + changed_when: False - - name: Clean rpm temp file - ansible.builtin.file: path={{localchanges.stdout}} state=absent - changed_when: false + - name: clean rpm temp file + file: path={{localchanges.stdout}} state=absent + changed_when: False # handlers: diff --git a/playbooks/checks_log_failed_services.yml b/playbooks/checks_log_failed_services.yml deleted file mode 100644 index fc3726d4cb..0000000000 --- a/playbooks/checks_log_failed_services.yml +++ /dev/null @@ -1,23 +0,0 @@ -# -# This playbook lets you safely display systemd logs for failed services - ---- -- hosts: mirrorlist_proxies - gather_facts: false - - tasks: - - name: Listing failed units - ansible.builtin.shell: systemctl list-units --state failed --no-legend | awk '{ print $1 }' - register: listing_failed - - - name: Check log with journalctl - ansible.builtin.shell: journalctl -lru {{ item }} -n 50 - register: display_log - with_items: "{{ listing_failed.stdout_lines[0:] }}" - - - debug: var=listing_failed.stdout_lines[0:] - - - name: Display log - debug: var=display_log.stdout_lines - ignore_errors: true - when: display_log is defined diff --git a/playbooks/clear_memcached.yml b/playbooks/clear_memcached.yml index 7ca2061284..eaae858dad 100644 --- a/playbooks/clear_memcached.yml +++ b/playbooks/clear_memcached.yml @@ -1,8 +1,7 @@ ---- -- name: Clear memcache +- name: clear memcache hosts: memcached:memcached-stg serial: 1 tasks: - - name: Clear memcache - ansible.builtin.command: echo flush_all | nc localhost 11211 + - name: clear memcache + command: echo flush_all | nc localhost 11211 diff --git a/playbooks/clear_varnish.yml b/playbooks/clear_varnish.yml index a05601734d..3f833c46f2 100644 --- a/playbooks/clear_varnish.yml +++ b/playbooks/clear_varnish.yml @@ -1,9 +1,8 @@ ---- -- name: Clear varnish cache +- name: clear varnish cache hosts: proxies user: root serial: 1 tasks: - - name: Clear varnish - ansible.builtin.command: varnishadm -S /etc/varnish/secret -T 127.0.0.1:6082 ban req.url == . + - name: clear varnish + command: varnishadm -S /etc/varnish/secret -T 127.0.0.1:6082 ban req.url == . diff --git a/playbooks/cloud_prep.yml b/playbooks/cloud_prep.yml new file mode 100644 index 0000000000..3cb6f6c08e --- /dev/null +++ b/playbooks/cloud_prep.yml @@ -0,0 +1,14 @@ +# restricted to run on cloud instances only +- hosts: 209.132.184.* + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/deactivate_modernpaste_paste.yml b/playbooks/deactivate_modernpaste_paste.yml new file mode 100644 index 0000000000..df1d59a871 --- /dev/null +++ b/playbooks/deactivate_modernpaste_paste.yml @@ -0,0 +1,11 @@ +# requires --extra-vars="target='modernpaste01.phx2.fedoraproject.org' paste='WMk4~kSfeW1OUNsLjF8hlMnRi-rYnlYzizqToCmG3BY='" +# where target is the box to run it on (usually modernpaste01.phx2 or modernpaste01.stg.phx2) +# and where paste is the encrypted paste ID of the paste. + +- name: Deactivates a modern-paste paste + hosts: "{{ target }}" + user: root + + tasks: + - name: Run deactivate-paste.py + command: "python /usr/local/bin/deactivate-paste.py {{paste}}" diff --git a/playbooks/death_to_postfix.yml b/playbooks/death_to_postfix.yml index e380b78c29..bdf3579303 100644 --- a/playbooks/death_to_postfix.yml +++ b/playbooks/death_to_postfix.yml @@ -1,22 +1,21 @@ # requires --extra-vars="target='host1:host2:group'" # thanks threebean on this. ---- -- name: Kills postfix which has been left around alive after update. +- name: kills postfix which has been left around alive after update. hosts: "{{ target }}" user: root tasks: - - name: Try to stop postfix cleanly. - service: name=postfix state=stopped + - name: Try to stop postfix cleanly. + service: name=postfix state=stopped - # This doesn't really remove the pid file.. but we say it does so ansible only runs it if the pid file is there.. - - name: Really kill postfix master process - ansible.builtin.command: pkill -u root master removes=/var/spool/postfix/pid/master.pid + # This doesn't really remove the pid file.. but we say it does so ansible only runs it if the pid file is there.. + - name: Really kill postfix master process + command: pkill -u root master removes=/var/spool/postfix/pid/master.pid - - name: Clean up old pid lock file. - ansible.builtin.command: rm /var/spool/postfix/pid/master.pid removes=/var/spool/postfix/pid/master.pid + - name: Clean up old pid lock file. + command: rm /var/spool/postfix/pid/master.pid removes=/var/spool/postfix/pid/master.pid - - name: Try to start postfix cleanly - service: name=postfix state=started + - name: Try to start postfix cleanly + service: name=postfix state=started diff --git a/playbooks/destroy_cloud_inst.yml b/playbooks/destroy_cloud_inst.yml new file mode 100644 index 0000000000..fc1cec723a --- /dev/null +++ b/playbooks/destroy_cloud_inst.yml @@ -0,0 +1,25 @@ +#DIE DIE DIE +# there is no way this could work so fail +# +# only works with -e target= +# requires --extra-vars="target=hostspec" + +- name: destroy the cloud instance + hosts: "{{ target }}" + user: root + gather_facts: false + + tasks: + - name: fail if the host/ip is not up + local_action: wait_for host={{ inventory_hostname }} port=22 delay=0 timeout=10 + when: inventory_hostname not in result.list_vms + + - name: pause for 30s before doing it + pause: seconds=30 prompt="Destroying vm now {{ target }}, abort if this is wrong" + + - name: find the instance id from the builder + command: curl -s http://169.254.169.254/latest/meta-data/instance-id + register: instanceid + + - name: destroy the vm + command: /usr/sbin/halt -p diff --git a/playbooks/destroy_virt_inst.yml b/playbooks/destroy_virt_inst.yml index 0cd6de5dc2..432bc6ad6b 100644 --- a/playbooks/destroy_virt_inst.yml +++ b/playbooks/destroy_virt_inst.yml @@ -9,38 +9,32 @@ # requires --extra-vars="target=hostspec" ---- -- name: Destroy and undefine vm +- name: destroy and undefine vm hosts: "{{ target }}" user: root gather_facts: false tasks: - - name: Get vm list on the vmhost + - name: get vm list on the vmhost delegate_to: "{{ vmhost }}" virt: command=list_vms register: result - - name: Fail if the host is not already defined/existent + - name: fail if the host is not already defined/existent local_action: fail msg="host does not exist on {{ vmhost }}" when: inventory_hostname not in result.list_vms - - name: Schedule 30m host downtime in nagios - nagios: action=downtime minutes=60 service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org - ignore_errors: true - - - name: Pause for 30s before doing it + - name: pause for 30s before doing it pause: seconds=30 prompt="Destroying (and lvremove for) vm now {{ target }}, abort if this is wrong" - - name: Destroy the vm + - name: destroy the vm virt: name={{ inventory_hostname }} command=destroy delegate_to: "{{ vmhost }}" - - name: Undefine the vm + - name: undefine the vm virt: name={{ inventory_hostname }} command=undefine delegate_to: "{{ vmhost }}" - - name: Destroy the lv - ansible.builtin.command: /sbin/lvremove -f {{volgroup}}/{{inventory_hostname}} + - name: destroy the lv + command: /sbin/lvremove -f {{volgroup}}/{{inventory_hostname}} delegate_to: "{{ vmhost }}" diff --git a/playbooks/fedmsgupdate.yml b/playbooks/fedmsgupdate.yml new file mode 100644 index 0000000000..f08c356721 --- /dev/null +++ b/playbooks/fedmsgupdate.yml @@ -0,0 +1,28 @@ +--- +# +# Use this playbook to run over all the playbooks that have fedmsg.d in them. +# +# Call it with -t fedmsgdupdate to only run that one play. +# +- include_playbook: /srv/web/infra/ansible/playbooks/hosts/copr-be.cloud.fedoraproject.org.yml +- include_playbook: /srv/web/infra/ansible/playbooks/groups/ask.yml +- include_playbook: /srv/web/infra/ansible/playbooks/groups/bodhi.yml +- include_playbook: /srv/web/infra/ansible/playbooks/groups/badges-backend.yml +- include_playbook: /srv/web/infra/ansible/playbooks/groups/badges-web.yml +- include_playbook: /srv/web/infra/ansible/playbooks/groups/busgateway.yml +- include_playbook: /srv/web/infra/ansible/playbooks/groups/elections.yml +- include_playbook: /srv/web/infra/ansible/playbooks/groups/fedocal.yml +- include_playbook: /srv/web/infra/ansible/playbooks/groups/gallery.yml +- include_playbook: /srv/web/infra/ansible/playbooks/groups/keyserver.yml +- include_playbook: /srv/web/infra/ansible/playbooks/groups/koji-hub.yml +- include_playbook: /srv/web/infra/ansible/playbooks/groups/mailman.yml +- include_playbook: /srv/web/infra/ansible/playbooks/groups/notifs-backend.yml +- include_playbook: /srv/web/infra/ansible/playbooks/groups/notifs-web.yml +- include_playbook: /srv/web/infra/ansible/playbooks/groups/nuancier.yml +- include_playbook: /srv/web/infra/ansible/playbooks/groups/packages.yml +- include_playbook: /srv/web/infra/ansible/playbooks/groups/pkgdb.yml +- include_playbook: /srv/web/infra/ansible/playbooks/groups/releng.yml +- include_playbook: /srv/web/infra/ansible/playbooks/groups/summershum.yml +- include_playbook: /srv/web/infra/ansible/playbooks/groups/tagger.yml +- include_playbook: /srv/web/infra/ansible/playbooks/groups/wiki.yml +- include_playbook: /srv/web/infra/ansible/playbooks/groups/value.yml diff --git a/playbooks/fix_arm_soc.yml b/playbooks/fix_arm_soc.yml new file mode 100644 index 0000000000..23140ba4a5 --- /dev/null +++ b/playbooks/fix_arm_soc.yml @@ -0,0 +1,33 @@ +# +# This playbook power cycles an arm soc, sets time and runs playbook on it. +# +# requires -e "target=arm0N-builderXX.arm.fedoraproject.org" -l arm0N-builderXX.arm.fedoraproject.org + +- name: power cycle instance + hosts: "{{ target }}" + gather_facts: False + user: root + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + + tasks: + - name: power off + delegate_to: noc01.phx2.fedoraproject.org + command: /opt/calxeda/bin/ipmitool -U admin -P "{{ armsocipmipass }}" -H "{{inventory_hostname_short}}-mgmt.arm.fedoraproject.org" power off +# no_log: True + + - name: power on + delegate_to: noc01.phx2.fedoraproject.org + command: /opt/calxeda/bin/ipmitool -U admin -P "{{ armsocipmipass }}" -H "{{inventory_hostname_short}}-mgmt.arm.fedoraproject.org" power on +# no_log: True + + - name: wait for soc ssh to come back up + local_action: wait_for delay=10 host={{ target }} port=22 state=started timeout=1200 + + - name: make sure time is set + delegate_to: "{{target}}" + command: ntpdate -u bastion01.phx2.fedoraproject.org + +- include_playbook: groups/buildhw.yml hosts="{{target}}" diff --git a/playbooks/groups/anitya.yml b/playbooks/groups/anitya.yml new file mode 100644 index 0000000000..d30a2f33d4 --- /dev/null +++ b/playbooks/groups/anitya.yml @@ -0,0 +1,79 @@ +# create a new sks keyserver +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=anitya" + +- name: make the boxen be real for real + hosts: anitya + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - sudo + - collectd/base + - openvpn/client + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: set up the frontend bits + hosts: anitya-frontend + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - apache + - anitya/fedmsg + - anitya/frontend + - role: collectd/fedmsg-service + process: fedmsg-relay + + tasks: + - name: install fedmsg-relay + package: name=fedmsg-relay state=present + - name: and start it + service: name=fedmsg-relay state=started + + tags: + - anitya + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: set up the backend bits + hosts: anitya-backend + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - anitya/fedmsg + - anitya/backend + + tags: + - anitya + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/arm-qa.yml b/playbooks/groups/arm-qa.yml new file mode 100644 index 0000000000..9d69482de5 --- /dev/null +++ b/playbooks/groups/arm-qa.yml @@ -0,0 +1,29 @@ + +- name: Setup arm-qa hosts + hosts: arm-qa + user: root + gather_facts: True + tags: + - arm-qa + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + + roles: + - base + - rkhunter + - hosts + - fas_client + - sudo + + tasks: + # this is how you include other task lists + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/ask.yml b/playbooks/groups/ask.yml new file mode 100644 index 0000000000..d5cdd3c5e1 --- /dev/null +++ b/playbooks/groups/ask.yml @@ -0,0 +1,93 @@ +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=ask-stg:ask" + +- name: make the box be real + hosts: ask-stg:ask + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - mod_wsgi + - ask + - fedmsg/base + - rsyncd + - sudo + - { role: openvpn/client, + when: env != "staging" } + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: set up gluster on stg + hosts: ask-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - role: gluster/server + name: gluster + username: "{{ ask_gluster_username }}" + password: "{{ ask_gluster_password }}" + owner: root + group: root + datadir: /srv/glusterfs/ask-stg + + - role: gluster/client + name: gluster + servers: + - ask01.stg.phx2.fedoraproject.org + username: "{{ ask_gluster_username }}" + password: "{{ ask_gluster_password }}" + owner: apache + group: root + mountdir: /srv/askbot-uploaded + +- name: set up gluster on prod + hosts: ask + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - role: gluster/server + name: gluster + username: "{{ ask_gluster_username }}" + password: "{{ ask_gluster_password }}" + owner: root + group: root + datadir: /srv/glusterfs/ask + + - role: gluster/client + name: gluster + servers: + - ask01.phx2.fedoraproject.org + - ask02.phx2.fedoraproject.org + username: "{{ ask_gluster_username }}" + password: "{{ ask_gluster_password }}" + owner: apache + group: root + mountdir: /srv/askbot-uploaded diff --git a/playbooks/groups/autocloud-backend.yml b/playbooks/groups/autocloud-backend.yml new file mode 100644 index 0000000000..669ab215d6 --- /dev/null +++ b/playbooks/groups/autocloud-backend.yml @@ -0,0 +1,49 @@ +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=autocloud-backend-stg" + +- name: dole out the generic configuration + hosts: autocloud-backend:autocloud-backend-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + + roles: + - base + - rkhunter + - hosts + - fas_client + - nagios_client + - collectd/base + - fedmsg/base + - sudo + + tasks: + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: dole out the service-specific config + hosts: autocloud-backend:autocloud-backend-stg + user: root + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + roles: + - redis + - fedmsg/hub + - autocloud/backend + - role: collectd/fedmsg-service + process: fedmsg-hub diff --git a/playbooks/groups/autocloud-web.yml b/playbooks/groups/autocloud-web.yml new file mode 100644 index 0000000000..a4a2bf18c8 --- /dev/null +++ b/playbooks/groups/autocloud-web.yml @@ -0,0 +1,49 @@ +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=autocloud-web:autocloud-web-stg" + +- name: make the box be real + hosts: autocloud-web:autocloud-web-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - mod_wsgi + - fedmsg/base + - sudo + - role: openvpn/client + when: env != "staging" + + tasks: + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: dole out the app-specific configuration + hosts: autocloud-web:autocloud-web-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + roles: + - autocloud/frontend diff --git a/playbooks/groups/backup-server.yml b/playbooks/groups/backup-server.yml index 26d3f8433e..43927f54dc 100644 --- a/playbooks/groups/backup-server.yml +++ b/playbooks/groups/backup-server.yml @@ -3,39 +3,35 @@ # NOTE: make sure there is room/space for this instance on the buildvmhost # NOTE: most of these vars_path come from group_vars/backup_server or from hostvars ---- -- name: Make backup server system - hosts: backup +- name: make backup server system + hosts: backup01.phx2.fedoraproject.org user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - rkhunter - nagios_client - hosts - - openvpn/client - - ipa/client + - fas_client - sudo - collectd/base - { role: nfs/client, mnt_dir: '/fedora_backups', nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3", nfs_src_dir: 'fedora_backups' } + - openvpn/client - grokmirror_mirror - - weblate-backup - - {role: linux-system-roles.nbde_client, tags: ['nbde_client']} - - serial-console - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" - import_tasks: "{{ tasks_path }}/rdiff_backup_server.yml" handlers: diff --git a/playbooks/groups/badges-backend.yml b/playbooks/groups/badges-backend.yml new file mode 100644 index 0000000000..466c056e78 --- /dev/null +++ b/playbooks/groups/badges-backend.yml @@ -0,0 +1,55 @@ +# create a new badges-backend server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=badges-backend:badges-backend-stg" + +- name: dole out the generic configuration + hosts: badges-backend:badges-backend-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - fedmsg/base + - sudo + - { role: openvpn/client, + when: env != "staging" } + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: dole out the service-specific config + hosts: badges-backend:badges-backend-stg + user: root + gather_facts: True + + roles: + - fedmsg/hub + - badges/backend + - role: collectd/fedmsg-service + process: fedmsg-hub + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/badges-web.yml b/playbooks/groups/badges-web.yml new file mode 100644 index 0000000000..211a768d59 --- /dev/null +++ b/playbooks/groups/badges-web.yml @@ -0,0 +1,47 @@ +# create a new badges-web server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/badges-web* or from hostvars + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=badges-web:badges-web-stg" + +- name: make the box be real + hosts: badges-web:badges-web-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - badges/frontend + - fedmsg/base + - rsyncd + - sudo + - { role: openvpn/client, + when: env != "staging" } + - mod_wsgi + - role: collectd/web-service + site: frontpage + url: "http://localhost/" + interval: 10 + - role: collectd/web-service + site: leaderboard + url: "http://localhost/leaderboard" + interval: 10 + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/basset.yml b/playbooks/groups/basset.yml new file mode 100644 index 0000000000..fc3d701bcf --- /dev/null +++ b/playbooks/groups/basset.yml @@ -0,0 +1,38 @@ +# create a new basset server + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=basset:basset-stg" + +- name: make the box be real + hosts: basset:basset-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - rsyncd + - sudo + - { role: openvpn/client, + when: env != "staging" } + - mongodb + - rabbitmq + - mod_wsgi + - basset/frontend + - basset/worker + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/bastion.yml b/playbooks/groups/bastion.yml index 8b591cee41..41a4054c35 100644 --- a/playbooks/groups/bastion.yml +++ b/playbooks/groups/bastion.yml @@ -1,33 +1,42 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "bastion" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=bastion" -- name: Make the boxen be real for real +- name: make the boxen be real for real hosts: bastion user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - rkhunter - - { role: openvpn/server, when: datacenter == 'iad2' } - - ipa/client - nagios_client - hosts + - fas_client - sudo - collectd/base - - packager_alias + - { role: openvpn/server, when: not inventory_hostname.startswith('bastion-comm01') } + - { role: packager_alias, when: not inventory_hostname.startswith('bastion-comm01') } - opendkim - - fasjson - pre_tasks: + tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: configure bastion-qa + hosts: bastion-comm01.qa.fedoraproject.org + user: root + gather_facts: True + + tasks: + - name: install needed packages + package: name={{ item }} state=present + with_items: + - ipmitool diff --git a/playbooks/groups/batcave.yml b/playbooks/groups/batcave.yml index 383b126603..cc8a912956 100644 --- a/playbooks/groups/batcave.yml +++ b/playbooks/groups/batcave.yml @@ -1,67 +1,42 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "batcave" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=batcave" -- name: Make the box be real +- name: make the box be real hosts: batcave user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - rkhunter - nagios_client - hosts - - openvpn/client - - ipa/client + - fas_client - ansible-server - sudo - collectd/base - - role: git/hooks + - git/hooks + - cgit/base + - cgit/clean_lock_cron + - cgit/make_pkgs_list - rsyncd - apache - httpd/mod_ssl - - role: httpd/certificate - certname: "{{wildcard_cert_name}}" - SSLCertificateChainFile: "{{wildcard_int_file}}" - - role: rabbit/user - user_name: "batcave{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(ansible|git|infragit|logger)\..* - - role: rabbit/queue - queue_username: "mirror_pagure_ansible{{ env_suffix }}" - queue_name: "mirror_pagure_ansible{{ env_suffix }}" - queue_routing_keys: - - "io.pagure.*.pagure.git.receive" - queue_thresholds: - warning: 10 - critical: 100 - user_sent_topics: ^$ - - role: rabbit/queue - queue_username: "mirror_pagure_ansible{{ env_suffix }}" - queue_name: "mirror_pagure_ansible{{ env_suffix }}_13" - queue_routing_keys: - - "io.pagure.*.pagure.git.receive" - queue_thresholds: - warning: 10 - critical: 100 - user_sent_topics: ^$ - when: datacenter != 'iad2' + - { role: httpd/certificate, name: "{{wildcard_cert_name}}", SSLCertificateChainFile: "{{wildcard_int_file}}" } + - openvpn/client - batcave - - role: grobisplitter - when: datacenter == 'iad2' - - { role: nfs/client, when: inventory_hostname.startswith('batcave'), mnt_dir: '/srv/web/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' } - - { role: nfs/client, when: inventory_hostname.startswith('batcave01'), mnt_dir: '/mnt/fedora/app', nfs_src_dir: 'fedora_app/app' } - - { role: mirror_pagure_ansible, tags: ['mirror_pagure_ansible'] } - - kickstarts - pre_tasks: + - { role: nfs/client, mnt_dir: '/srv/web/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' } + - { role: nfs/client, mnt_dir: '/mnt/fedora/app', nfs_src_dir: 'fedora_app/app' } + + tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/beaker-virthosts.yml b/playbooks/groups/beaker-virthosts.yml new file mode 100644 index 0000000000..084c7b368d --- /dev/null +++ b/playbooks/groups/beaker-virthosts.yml @@ -0,0 +1,35 @@ +# create a new beaker virthost server system +# NOTE: should be used with --limit most of the time +# NOTE: most of these vars_path come from group_vars/backup_server or from hostvars +# This has an extra role that configures the virthost to be used with beaker for +# virtual machine clients + +- name: make virthost server system + hosts: beaker-virthosts + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - { role: iscsi_client, when: datacenter == "phx2" } + - sudo + - { role: openvpn/client, when: datacenter != "phx2" } + - { role: beaker/virthost, tags: ['beakervirthost'] } + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/beaker.yml b/playbooks/groups/beaker.yml new file mode 100644 index 0000000000..81e011ed49 --- /dev/null +++ b/playbooks/groups/beaker.yml @@ -0,0 +1,56 @@ +# create a new beaker server +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=beaker:beaker-stg" + +- name: make the box be real + hosts: beaker:beaker-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - sudo + - apache + - { role: openvpn/client, + when: env != "staging", tags: ['openvpn_client'] } + + tasks: + # this is how you include other task lists + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: configure beaker and required services + hosts: beaker:beaker-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: mariadb_server, tags: ['mariadb'] } + - { role: beaker/base, tags: ['beakerbase'] } + - { role: beaker/server, tags: ['beakerserver'] } + - { role: beaker/labcontroller, tags: ['beakerlabcontroller'] } + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + diff --git a/playbooks/groups/blockerbugs.yml b/playbooks/groups/blockerbugs.yml new file mode 100644 index 0000000000..a8a44d1d59 --- /dev/null +++ b/playbooks/groups/blockerbugs.yml @@ -0,0 +1,34 @@ +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=blockerbugs:blockerbugs-stg" + +- name: make the box be real + hosts: blockerbugs:blockerbugs-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - hosts + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - sudo + - rsyncd + - { role: openvpn/client, + when: env != "staging" } + - mod_wsgi + - blockerbugs + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/bodhi-backend.yml b/playbooks/groups/bodhi-backend.yml index f888a07e4d..4d9ad786e3 100644 --- a/playbooks/groups/bodhi-backend.yml +++ b/playbooks/groups/bodhi-backend.yml @@ -5,123 +5,81 @@ # They also run some misc releng scripts. # ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "bodhi_backend:bodhi_backend_stg" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=bodhi-backend:bodhi-backend-stg" # Once the instance exists, configure it. -- name: Make bodhi-backend server system - hosts: bodhi_backend:bodhi_backend_stg +- name: make bodhi-backend server system + hosts: bodhi-backend:bodhi-backend-stg user: root - gather_facts: true + gather_facts: True vars_files: - /srv/web/infra/ansible/vars/global.yml - - "/srv/web/infra/ansible/vars/all/00-FedoraCycleNumber.yaml" - - "/srv/web/infra/ansible/vars/all/FedoraBranched.yaml" - - "/srv/web/infra/ansible/vars/all/FedoraBranchedNumber.yaml" - - "/srv/web/infra/ansible/vars/all/FedoraRawhideNumber.yaml" - "/srv/private/ansible/vars.yml" - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - include_vars: /srv/web/infra/ansible/vars/apps/bodhi.yml - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - roles: - base - nagios_client - - zabbix/zabbix_agent - collectd/base - hosts - - ipa/client + - builder_repo + - fas_client - sudo - rkhunter + - role: nfs/client + mnt_dir: '/pub/' + nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub/' + - role: nfs/client mnt_dir: '/mnt/fedora_koji' nfs_src_dir: 'fedora_koji' - - - bodhi2/backend - - - role: nfs/client - mnt_dir: '/mnt/koji/ostree' - nfs_src_dir: 'fedora_ostree_content/ostree' when: env != 'staging' - - role: nfs/client - mnt_dir: '/mnt/koji/compose/ostree' - nfs_src_dir: 'fedora_ostree_content/compose/ostree' - when: env != 'staging' - - - role: nfs/client - mnt_dir: '/mnt/koji/ostree' - nfs_src_dir: 'fedora_ostree_content_stg/ostree' - when: env == 'staging' - - - role: nfs/client - mnt_dir: '/mnt/koji/compose/ostree' - nfs_src_dir: 'fedora_ostree_content_stg/compose/ostree' - when: env == 'staging' - # In staging, we mount fedora_koji as read only (see nfs_mount_opts) - role: nfs/client mnt_dir: '/mnt/fedora_koji_prod' nfs_src_dir: 'fedora_koji' when: env == 'staging' - - role: nfs/client - mnt_dir: '/pub/' - nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub/' - - - role: nfs/client - mnt_dir: '/pub/archive' - nfs_src_dir: 'fedora_ftp_archive' + - bodhi2/backend + - fedmsg/base + - role: collectd/fedmsg-service + process: fedmsg-hub + user: masher + - role: keytab/service + service: pkgdb + owner_user: fedmsg + owner_group: fedmsg - role: keytab/service owner_user: apache owner_group: apache service: bodhi - host: "bodhi{{ env_suffix }}.fedoraproject.org" + host: "bodhi.fedoraproject.org" + when: env == "production" + - role: keytab/service + owner_user: apache + owner_group: apache + service: bodhi + host: "bodhi.stg.fedoraproject.org" + when: env == "staging" - - role: push-container-registry - cert_dest_dir: "/etc/docker/certs.d/registry{{ env_suffix }}.fedoraproject.org" - cert_src: "{{private}}/files/docker-registry/{{env}}/pki/issued/containerstable.crt" - key_src: "{{private}}/files/docker-registry/{{env}}/pki/private/containerstable.key" - certs_group: apache - - - role: rabbit/queue - queue_username: "bodhi{{ env_suffix }}" - queue_name: "bodhi{{ env_suffix }}_composer" - queue_routing_keys: "{{ bodhi_message_routing_keys }}" - queue_thresholds: - warning: 10 - critical: 100 - user_sent_topics: "{{ bodhi_sent_topics }}" - - - role: rabbit/queue - queue_username: "bodhi{{ env_suffix }}" - queue_name: "bodhi{{ env_suffix }}_koji_sync_listener{{ env_suffix }}" - queue_routing_keys: - - "io.pagure.*.pagure.issue.edit" - queue_thresholds: - warning: 10 - critical: 100 - # We have to repeat this line for now (only the last one counts) - user_sent_topics: "{{ bodhi_sent_topics }}" tasks: - - name: Create secondary volume dir for stg bodhi - ansible.builtin.file: dest=/mnt/koji/vol state=directory owner=apache group=apache mode=0755 + - name: create secondary volume dir for stg bodhi + file: dest=/mnt/koji/vol state=directory owner=apache group=apache mode=0755 tags: bodhi when: env == 'staging' - - name: Create symlink for stg/prod secondary volume - ansible.builtin.file: src=/mnt/fedora_koji_prod/koji dest=/mnt/koji/vol/prod state=link + - name: create symlink for stg/prod secondary volume + file: src=/mnt/fedora_koji_prod/koji dest=/mnt/koji/vol/prod state=link tags: bodhi when: env == 'staging' + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/bodhi2.yml b/playbooks/groups/bodhi2.yml new file mode 100644 index 0000000000..74d66f99d6 --- /dev/null +++ b/playbooks/groups/bodhi2.yml @@ -0,0 +1,49 @@ +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=bodhi2:bodhi2-stg" + +- name: make the box be real + hosts: bodhi2:bodhi2-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - sudo + - collectd/base + - rsyncd + - { role: openvpn/client, + when: env != "staging" } + - apache + - mod_wsgi + + - { role: bodhi2/base, when: "inventory_hostname.startswith('bodhi0')" } + - { role: fedmsg/base, when: "inventory_hostname.startswith('bodhi0')" } + + - role: keytab/service + owner_user: bodhi + owner_group: bodhi + service: bodhi + host: "bodhi.fedoraproject.org" + when: env == "production" + - role: keytab/service + owner_user: bodhi + owner_group: bodhi + service: bodhi + host: "bodhi.stg.fedoraproject.org" + when: env == "staging" + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/bugyou.yml b/playbooks/groups/bugyou.yml new file mode 100644 index 0000000000..a542afb151 --- /dev/null +++ b/playbooks/groups/bugyou.yml @@ -0,0 +1,69 @@ +# create a new bugyou server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=bugyou:bugyou-stg" + +- name: dole out the generic configuration + hosts: bugyou:bugyou-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - collectd/base + - hosts + - fas_client + - sudo + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: set up fedmsg basics + hosts: bugyou:bugyou-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - fedmsg/base + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: dole out the service-specific config + hosts: bugyou:bugyou-stg + user: root + gather_facts: True + + roles: + - fedmsg/hub + - bugyou/bugyou-master + - bugyou/bugyou-plugins + - role: collectd/fedmsg-service + process: fedmsg-hub + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/bugzilla2fedmsg.yml b/playbooks/groups/bugzilla2fedmsg.yml new file mode 100644 index 0000000000..5e9a9bd20f --- /dev/null +++ b/playbooks/groups/bugzilla2fedmsg.yml @@ -0,0 +1,52 @@ +# create a new bugzilla2fedmsg server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=bugzilla2fedmsg:bugzilla2fedmsg-stg" + +- name: dole out the generic configuration + hosts: bugzilla2fedmsg:bugzilla2fedmsg-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - sudo + - collectd/base + - fedmsg/base + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: dole out the service-specific config + hosts: bugzilla2fedmsg:bugzilla2fedmsg-stg + user: root + gather_facts: True + + roles: + - bugzilla2fedmsg + - role: collectd/fedmsg-service + process: moksha-hub + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/build-kcs.yml b/playbooks/groups/build-kcs.yml deleted file mode 100644 index d34b108087..0000000000 --- a/playbooks/groups/build-kcs.yml +++ /dev/null @@ -1,29 +0,0 @@ -# This playbook is meant to call out the roles for any configuration -# issues to get a Kojid cloud scheduled builder in place. -# Creation of the system is done by a different process so is not -# covered by this playbook. - ---- -- name: Enable an ephemeral builder - hosts: build_x86_kcs:build_x86_kcs_stg - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - tasks: - - name: Make a keytab dir - ansible.builtin.file: dest="/etc/kojid-cloud-scheduler/" state=directory - - roles: - - role: keytab/service - kt_location: /etc/kojid-cloud-scheduler/kojid-cloud-scheduler.keytab - hostname: "{{ inventory_hostname }}" - service: compile diff --git a/playbooks/groups/buildhw.yml b/playbooks/groups/buildhw.yml index e2f73f4c39..6c5dd2fd58 100644 --- a/playbooks/groups/buildhw.yml +++ b/playbooks/groups/buildhw.yml @@ -1,93 +1,39 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/happy_birthday.yml" - vars: - myhosts: "buildhw:bkernel" +# create a new koji builder on raw hw +# NOTE: should be used with --limit most of the time +# NOTE: most of these vars_path come from group_vars/buildhw or from hostvars - name: make koji builder(s) on raw hw - hosts: buildhw:bkernel + hosts: buildhw:buildaarch64:bkernel remote_user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - - name: override nbde_client-network-flush to work around bug - ansible.builtin.copy: - src: "{{ files }}/common/nbde_client-network-flush" - dest: /usr/bin/nbde_client-network-flush - owner: root - group: root - mode: 755 - - - name: tell NetworkManager we don't want any auto connections - ansible.builtin.copy: - src: "{{ files }}/common/noautodefault.conf" - dest: /etc/NetworkManager/conf.d/noautodefault.conf - owner: root - group: root - mode: 644 + - import_tasks: "{{ tasks_path }}/osbs_certs.yml" roles: - base - - { role: nfs/client, mnt_dir: '/mnt/fedora_koji', nfs_src_dir: "{{ koji_hub_nfs }}", when: koji_hub_nfs is defined } - - role: nfs/client - mnt_dir: '/mnt/koji/ostree' - nfs_src_dir: 'fedora_ostree_content/ostree' - when: env != 'staging' and 'runroot' in group_names - - - role: nfs/client - mnt_dir: '/mnt/koji/compose/ostree' - nfs_src_dir: 'fedora_ostree_content/compose/ostree' - when: env != 'staging' and 'runroot' in group_names - - - role: nfs/client - mnt_dir: '/mnt/koji/ostree' - nfs_src_dir: 'fedora_ostree_content/ostree' - when: env != 'staging' and 'runroot' in group_names - - - role: nfs/client - mnt_dir: '/mnt/koji/compose/ostree' - nfs_src_dir: 'fedora_ostree_content/compose/ostree' - when: env != 'staging' and 'runroot' in group_names - - - role: nfs/client - mnt_dir: '/mnt/koji/ostree' - nfs_src_dir: 'fedora_ostree_content_stg/ostree' - when: env == 'staging' and 'runroot' in group_names - - - role: nfs/client - mnt_dir: '/mnt/koji/compose/ostree' - nfs_src_dir: 'fedora_ostree_content_stg/compose/ostree' - when: env == 'staging' and 'runroot' in group_names - + - { role: nfs/client, mnt_dir: '/mnt/fedora_koji', nfs_src_dir: "{{ koji_hub_nfs }}", when: koji_hub_nfs is defined } - koji_builder - { role: bkernel, when: inventory_hostname.startswith('bkernel') } - - { role: linux-system-roles.nbde_client, when: "inventory_hostname.startswith(('bkernel', 'buildhw'))" } - - { role: serial-console, when: "inventory_hostname.startswith(('bkernel', 'buildhw-x86'))" } - hosts - - ipa/client + - { role: fas_client, when: not inventory_hostname.startswith('bkernel') } - { role: sudo, when: not inventory_hostname.startswith('bkernel') } - role: keytab/service kt_location: /etc/kojid/kojid.keytab service: compile - # push built Flatpaks to candidate registry - - role: login-registry - candidate_registry: "candidate-registry.fedoraproject.org" - candidate_registry_osbs_username: "{{candidate_registry_osbs_prod_username}}" - candidate_registry_osbs_password: "{{candidate_registry_osbs_prod_password}}" - when: env == "production" - - role: login-registry - candidate_registry: "candidate-registry.stg.fedoraproject.org" - candidate_registry_osbs_username: "{{candidate_registry_osbs_stg_username}}" - candidate_registry_osbs_password: "{{candidate_registry_osbs_stg_password}}" - when: env == "staging" tasks: + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + when: not inventory_hostname.startswith('bkernel') + - import_tasks: "{{ tasks_path }}/motd.yml" + when: not inventory_hostname.startswith('bkernel') + - name: make sure kojid is running service: name=kojid state=started enabled=yes diff --git a/playbooks/groups/buildvm-osbuild.yml b/playbooks/groups/buildvm-osbuild.yml deleted file mode 100644 index 82178c1800..0000000000 --- a/playbooks/groups/buildvm-osbuild.yml +++ /dev/null @@ -1,61 +0,0 @@ -# create a new osbuild worker - ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "buildvm_osbuild_ppc64le:buildvm_osbuild_ppc64le_staging" - -- name: Make osbuild-worker - hosts: buildvm_osbuild_ppc64le:buildvm_osbuild_ppc64le_staging - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "{{ private }}/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - base - - hosts - - ipa/client - - sudo - - nagios_client - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - name: Set up osbuild worker - block: - - name: Create temporary file for client secret - local_action: ansible.builtin.tempfile state="file" prefix="osbuild_" - # never report this as changed to make the playbook idempotent - changed_when: false - register: client_secret_tempfile - - - name: Put secret into the temporary file - local_action: ansible.builtin.copy - content="{{ osbuild_worker_authentication_client_secret }}" - dest="{{ client_secret_tempfile.path }}" - mode="440" - # never report this as changed to make the playbook idempotent - changed_when: false - - - name: Import role to configure osbuild-worker - ansible.builtin.import_role: - name: ansible-osbuild-worker - vars: - # rest of the vars are set in the appropriate group_vars - osbuild_worker_authentication_client_secret_file: "{{ client_secret_tempfile.path }}" - - always: - - name: Remove temporary file with client secret - local_action: ansible.builtin.file path="{{ client_secret_tempfile.path }}" state=absent - # never report this as changed to make the playbook idempotent - changed_when: false - when: client_secret_tempfile is defined and client_secret_tempfile.path is defined diff --git a/playbooks/groups/buildvm.yml b/playbooks/groups/buildvm.yml index a0f4b629de..127e8bffea 100644 --- a/playbooks/groups/buildvm.yml +++ b/playbooks/groups/buildvm.yml @@ -3,136 +3,219 @@ # NOTE: make sure there is room/space for this builder on the buildvmhost # NOTE: most of these vars_path come from group_vars/buildvm or from hostvars ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "buildvm:buildvm_stg:buildvm_aarch64:buildvm_ppc64le:buildvm_ppc64le_stg:buildvm_aarch64_stg:buildvm_s390x:buildvm_x86_riscv" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=buildvm:buildvm-stg:buildvm-aarch64:buildvm-armv7:buildvm-ppc64:buildvm-ppc64le:buildppcle:buildppc:buildvm-s390:buildvm-ppc64-stg:buildvm-ppc64le-stg:buildvm-aarch64-stg:buildvm-armv7-stg" -- name: Make koji builder(s) - hosts: buildvm:buildvm_stg:buildvm_aarch64:buildvm_ppc64le:buildvm_ppc64le_stg:buildvm_aarch64_stg:buildvm_s390x:buildvm_s390x_stg:buildvm_x86_riscv +- name: make koji builder(s) + hosts: buildvm:buildvm-stg:buildvm-aarch64:buildvm-armv7:buildvm-ppc64:buildvm-ppc64le:buildppcle:buildppc:buildvm-s390:buildvm-ppc64-stg:buildvm-ppc64le-stg:buildvm-aarch64-stg:buildvm-armv7-stg:buildvm-s390x user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/yumrepos.yml" roles: - - base - - hosts - - { - role: nfs/client, - mnt_dir: "/mnt/fedora_koji", - nfs_src_dir: "{{ koji_hub_nfs }}", - when: "env == 'staging' or createrepo or 'runroot' in group_names and not inventory_hostname.startswith('buildvm-s390x')", - } - - ipa/client - - role: sudo - when: not inventory_hostname.startswith('bkernel') and env == 'production' - - koji_builder - - role: nfs/client - mnt_dir: '/mnt/koji/ostree' - nfs_src_dir: 'fedora_ostree_content/ostree' - when: env != 'staging' and 'runroot' in group_names and not inventory_hostname.startswith('buildvm-s390x') + - base + - hosts + - { role: nfs/client, mnt_dir: '/mnt/fedora_koji', nfs_src_dir: "{{ koji_hub_nfs }}", when: createrepo } + - { role: fas_client, when: not inventory_hostname.startswith('bkernel') } + - { role: sudo, when: not inventory_hostname.startswith('bkernel') } + - koji_builder + - role: keytab/service + kt_location: /etc/kojid/kojid.keytab + service: compile + - role: keytab/service + owner_user: root + owner_group: root + service: osbs + host: "osbs.fedoraproject.org" + when: env == "production" + - role: keytab/service + owner_user: root + owner_group: root + service: osbs + host: "osbs.stg.fedoraproject.org" + when: env == "staging" - - role: nfs/client - mnt_dir: '/mnt/koji/compose/ostree' - nfs_src_dir: 'fedora_ostree_content/compose/ostree' - when: env != 'staging' and 'runroot' in group_names and not inventory_hostname.startswith('buildvm-s390x') + tasks: + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + when: not inventory_hostname.startswith('bkernel') + - import_tasks: "{{ tasks_path }}/motd.yml" + when: not inventory_hostname.startswith('bkernel') - - role: nfs/client - mnt_dir: '/mnt/koji/ostree' - nfs_src_dir: 'fedora_ostree_content_stg/ostree' - when: env == 'staging' and 'runroot' in group_names and not inventory_hostname.startswith('buildvm-s390x') - - - role: nfs/client - mnt_dir: '/mnt/koji/compose/ostree' - nfs_src_dir: 'fedora_ostree_content_stg/compose/ostree' - when: env == 'staging' and 'runroot' in group_names and not inventory_hostname.startswith('buildvm-s390x') - - - role: keytab/service - kt_location: /etc/kojid/kojid.keytab - service: compile - when: koji_instance != 'secondary' - - role: keytab/service - kt_location: /etc/kojid/kojid.keytab - service: compile-riscv - when: koji_instance == 'secondary' - - role: btrfs - btrfs_balance_period: weekly - # push built Flatpaks to candidate registry - - role: login-registry - candidate_registry: "candidate-registry.fedoraproject.org" - candidate_registry_osbs_username: "{{candidate_registry_osbs_prod_username}}" - candidate_registry_osbs_password: "{{candidate_registry_osbs_prod_password}}" - when: env == "production" and koji_instance != 'secondary' - - role: login-registry - candidate_registry: "candidate-registry.stg.fedoraproject.org" - candidate_registry_osbs_username: "{{candidate_registry_osbs_stg_username}}" - candidate_registry_osbs_password: "{{candidate_registry_osbs_stg_password}}" - when: env == "staging" and koji_instance != 'secondary' + - name: make sure kojid is running + service: name=kojid state=started enabled=yes handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" + - import_tasks: "{{ handlers_path }}/restart_services.yml" -- name: Configure varnish cache - hosts: buildvm-s390x-01.stg.s390.fedoraproject.org:buildvm-s390x-14.s390.fedoraproject.org +- name: configure osbs on koji builders + hosts: buildvm:buildvm-stg + tags: + - osbs + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/osbs_certs.yml" + - import_tasks: "{{ tasks_path }}/osbs_repos.yml" + + roles: + - { + role: osbs-client, + when: env == 'staging' and ansible_architecture == 'x86_64', + general: { + verbose: 0, + build_json_dir: '/etc/osbs/input/', + openshift_required_version: 1.1.0, + }, + default: { + username: "{{ osbs_koji_stg_username }}", + password: "{{ osbs_koji_stg_password }}", + koji_use_kerberos: True, + koji_kerberos_keytab: "FILE:/etc/krb5.osbs_{{osbs_url}}.keytab", + koji_kerberos_principal: "osbs/{{osbs_url}}@{{ipa_realm}}", + openshift_url: 'https://{{ osbs_url }}/', + registry_uri: 'https://{{ docker_registry }}/v2', + source_registry_uri: 'https://{{ source_registry }}/v2', + build_host: '{{ osbs_url }}', + koji_root: 'http://{{ koji_root }}', + koji_hub: 'https://koji.stg.fedoraproject.org/kojihub', + sources_command: 'fedpkg sources', + build_type: 'prod', + authoritative_registry: 'registry.example.com', + vendor: 'Fedora Project', + verify_ssl: true, + use_auth: true, + builder_use_auth: true, + distribution_scope: 'private', + registry_api_versions: 'v2', + builder_openshift_url: 'https://{{osbs_url}}', + namespace: 'osbs', + can_orchestrate: true + } + } + - { + role: osbs-client, + when: env == 'production' and ansible_architecture == 'x86_64', + general: { + verbose: 0, + build_json_dir: '/etc/osbs/input/', + openshift_required_version: 1.1.0, + }, + default: { + username: "{{ osbs_koji_prod_username }}", + password: "{{ osbs_koji_prod_password }}", + koji_use_kerberos: True, + koji_kerberos_keytab: "FILE:/etc/krb5.osbs_{{osbs_url}}.keytab", + koji_kerberos_principal: "osbs/{{osbs_url}}@{{ipa_realm}}", + openshift_url: 'https://{{ osbs_url }}/', + registry_uri: 'https://{{ docker_registry }}/v2', + source_registry_uri: 'https://{{ source_registry }}/v2', + build_host: '{{ osbs_url }}', + koji_root: 'http://{{ koji_root }}', + koji_hub: 'https://koji.fedoraproject.org/kojihub', + sources_command: 'fedpkg sources', + build_type: 'prod', + authoritative_registry: 'registry.example.com', + vendor: 'Fedora Project', + verify_ssl: true, + use_auth: true, + builder_use_auth: true, + distribution_scope: 'private', + registry_api_versions: 'v2', + builder_openshift_url: 'https://{{osbs_url}}' + } + } + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + +- name: configure varnish cache on buildvm-s390x-07.s390.fedoraproject.org + hosts: buildvm-s390x-07.s390.fedoraproject.org tags: - varnish user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - - varnish + - varnish handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" + - import_tasks: "{{ handlers_path }}/restart_services.yml" -- name: Configure sshfs on buildvm-s390x - hosts: buildvm-s390x-11.s390.fedoraproject.org:buildvm-s390x-12.s390.fedoraproject.org:buildvm-s390x-13.s390.fedoraproject.org +- name: configure sshfs on buildvm-s390x-01.s390.fedoraproject.org + hosts: buildvm-s390x-01.s390.fedoraproject.org tags: - sshfs user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - - name: Put sshfs key in place - ansible.builtin.copy: - src="{{ private }}/files/releng/sshkeys/primary-s390x-sshfs{{ '-staging' if env == 'staging' else '' }}" - dest="/etc/primary-s390x-sshfs" - owner=root group=root mode=0600 - tags: - - sshfs + - name: Put sshfs key in place + copy: src="{{ private }}/files/releng/sshkeys/primary-s390x-sshfs" + dest="/etc/primary-s390x-sshfs" + owner=root group=root mode=0600 + tags: + - sshfs - - name: Install sshfs - ansible.builtin.package: name=sshfs - state=present - tags: - - sshfs + - name: Install sshfs + package: name=sshfs + state=present + tags: + - sshfs - - name: Add /mnt/fedora_koji sshfs - mount: path="/mnt/fedora_koji" - state=present - fstype=fuse.sshfs - src="root@koji01{{ env_suffix }}.iad2.fedoraproject.org:/mnt/fedora_koji" - opts="noauto,_netdev,ServerAliveInterval=20,IdentityFile=/etc/primary-s390x-sshfs" - tags: - - sshfs + - name: Add /mnt/fedora_koji sshfs + mount: path="/mnt/fedora_koji" + state=present + fstype=fuse.sshfs + src="root@koji01.phx2.fedoraproject.org:/mnt/fedora_koji" + opts="noauto,_netdev,ServerAliveInterval=20,IdentityFile=/etc/primary-s390x-sshfs" + tags: + - sshfs handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: configure sshfs target on koji01 + hosts: koji01.phx2.fedoraproject.org + tags: + - sshfs + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: Put public sshfs key in place + authorized_key: user="root" + key="{{ lookup('file', '{{ private }}/files/releng/sshkeys/primary-s390x-sshfs.pub') }}" + state=present + key_options='command="internal-sftp",from="10.16.0.11",restrict' + tags: + - sshfs + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/busgateway.yml b/playbooks/groups/busgateway.yml new file mode 100644 index 0000000000..5b74416abe --- /dev/null +++ b/playbooks/groups/busgateway.yml @@ -0,0 +1,58 @@ +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=busgateway:busgateway-stg" + +- name: dole out the generic configuration + hosts: busgateway:busgateway-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - fedmsg/base + - sudo + - { role: openvpn/client, + when: env != "staging" } + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: dole out the service-specific config + hosts: busgateway:busgateway-stg + user: root + gather_facts: True + + roles: + - role: fedmsg/hub + enable_websocket_server: True + - role: fedmsg/datanommer + - role: fedmsg/relay + - role: fedmsg/gateway + - role: collectd/fedmsg-service + process: fedmsg-hub + - role: collectd/fedmsg-service + process: fedmsg-relay + - role: collectd/fedmsg-service + process: fedmsg-gateway + - role: collectd/fedmsg-activation + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/centos-ipa-client.yml b/playbooks/groups/centos-ipa-client.yml deleted file mode 100644 index db9794228c..0000000000 --- a/playbooks/groups/centos-ipa-client.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "centos_ipa_client_stg" - -- name: Make the boxes be realen - hosts: centos_ipa_client_stg - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - hosts - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/certgetter.yml b/playbooks/groups/certgetter.yml index df1452195e..65c2e97a70 100644 --- a/playbooks/groups/certgetter.yml +++ b/playbooks/groups/certgetter.yml @@ -1,36 +1,30 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "certgetter" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=certgetter" -- name: Make the box be real +- name: make the box be real hosts: certgetter user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - rkhunter - nagios_client - hosts - - { role: openvpn/client, - when: env != "staging" } - - ipa/client + - fas_client - rsyncd - sudo - - apache - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - { role: openvpn/client, + when: env != "staging" } tasks: - - name: make sure certbot is installed - ansible.builtin.package: name=certbot state=installed + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/ci.yml b/playbooks/groups/ci.yml new file mode 100644 index 0000000000..a97fd02847 --- /dev/null +++ b/playbooks/groups/ci.yml @@ -0,0 +1,60 @@ +--- +# create a new taskotron dev server +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=ci-cc-rdu01.fedoraproject.org" + +- name: make the box be real + hosts: ci + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: base, tags: ['base'] } + - { role: rkhunter, tags: ['rkhunter'] } + - { role: nagios_client, tags: ['nagios_client'] } + - { role: hosts, tags: ['hosts']} + - { role: fas_client, tags: ['fas_client'] } + - { role: collectd/base, tags: ['collectd_base'] } + - { role: dnf-automatic, tags: ['dnfautomatic'] } + - { role: sudo, tags: ['sudo'] } + - { role: openvpn/client, + when: deployment_type == "prod", tags: ['openvpn_client'] } + - postgresql_server + - apache +# - { role: fedmsg/base } + + tasks: + # this is how you include other task lists + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: configure resultsdb production + hosts: ci + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: +# - { role: taskotron/resultsdb-fedmsg, tags: ['resultsdb-fedmsg']} + - { role: taskotron/resultsdb-backend, tags: ['resultsdb-be'] } + - { role: taskotron/resultsdb-frontend, tags: ['resultsdb-fe'] } + - { role: taskotron/execdb, tags: ['execdb'] } + - { role: ccsdb, tags: ['ccsdb'] } + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/copr-backend.yml b/playbooks/groups/copr-backend.yml index c3cddcded1..67fe7d8772 100644 --- a/playbooks/groups/copr-backend.yml +++ b/playbooks/groups/copr-backend.yml @@ -1,67 +1,46 @@ ---- -- name: Check/create instance - hosts: copr_back_dev_aws:copr_back_aws +- name: check/create instance + #hosts: copr-back + hosts: copr-back:copr-back-stg user: root - gather_facts: false + gather_facts: False vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml tasks: - # - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" - # when: datacenter != 'aws' + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" - - import_tasks: "{{ tasks_path }}/aws_cloud.yml" - when: datacenter == 'aws' - - - import_tasks: "{{ tasks_path }}/swap.yml" - when: - - datacenter == 'aws' - - swap_file_size_mb is defined - -- name: Cloud basic setup - hosts: copr_back_dev_aws:copr_back_aws +- name: cloud basic setup + hosts: copr-back:copr-back-stg user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml tasks: - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - import_tasks: "{{ tasks_path }}/yumrepos.yml" -# this should be set to ansible_hostname -# - name: "set hostname (required by some services, at least postfix need it)" -# hostname: name="{{copr_hostbase}}.cloud.fedoraproject.org" -# when: env != 'production' + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{copr_hostbase}}.cloud.fedoraproject.org" -- name: Provision instance - hosts: copr_back_dev_aws:copr_back_aws +- name: provision instance + hosts: copr-back:copr-back-stg user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml # Roles are run first, before tasks, regardless of where you place them here. roles: - - copr/pre - - base - - nagios_client - - copr/backend - - role: messaging/base - when: copr_messaging - - role: rsnapshot-push - when: env == "production" - - role: log-detective-backup - when: env == "production" + - base + - fedmsg/base + - copr/backend + - nagios_client diff --git a/playbooks/groups/copr-dist-git.yml b/playbooks/groups/copr-dist-git.yml index 4e64344d76..48a8fe844c 100644 --- a/playbooks/groups/copr-dist-git.yml +++ b/playbooks/groups/copr-dist-git.yml @@ -1,59 +1,44 @@ ---- -- name: Check/create instance - hosts: copr_dist_git_dev_aws:copr_dist_git_aws +- name: check/create instance + hosts: copr-dist-git-stg:copr-dist-git user: root - gather_facts: false + gather_facts: False vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml tasks: - # - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" - # when: datacenter != 'aws' + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" - - import_tasks: "{{ tasks_path }}/aws_cloud.yml" - when: datacenter == 'aws' - -- name: Cloud basic setup - hosts: copr_dist_git_dev_aws:copr_dist_git_aws +- name: cloud basic setup + hosts: copr-dist-git-stg:copr-dist-git user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" tasks: - - import_tasks: "{{ tasks_path }}/swap.yml" - when: - - datacenter == 'aws' - - swap_file_size_mb is defined - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" - - name: Set hostname (required by some services, at least postfix need it) - hostname: name="{{copr_hostbase}}.fedorainfracloud.org" - when: datacenter != "aws" + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{copr_hostbase}}.cloud.fedoraproject.org" -- name: Provision instance - hosts: copr_dist_git_dev_aws:copr_dist_git_aws +- name: provision instance + hosts: copr-dist-git-stg:copr-dist-git user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - - copr/pre - - base - - nagios_client - - copr/dist_git + - base + - copr/dist_git handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" + - import_tasks: "../../handlers/restart_services.yml" diff --git a/playbooks/groups/copr-frontend.yml b/playbooks/groups/copr-frontend.yml index 2c9714d09e..42c951c1f5 100644 --- a/playbooks/groups/copr-frontend.yml +++ b/playbooks/groups/copr-frontend.yml @@ -1,56 +1,43 @@ ---- -- name: Check/create instance - hosts: copr_front_dev_aws:copr_front_aws - user: root - gather_facts: false +- name: check/create instance + hosts: copr-front-stg:copr-front + # hosts: copr-front + gather_facts: False vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml tasks: - # - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" - # when: datacenter != "aws" + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" - - import_tasks: "{{ tasks_path }}/aws_cloud.yml" - when: datacenter == "aws" - tags: always - - - import_tasks: "{{ tasks_path }}/swap.yml" - when: - - datacenter == 'aws' - - swap_file_size_mb is defined - -- name: Cloud basic setup - hosts: copr_front_dev_aws:copr_front_aws - gather_facts: true +- name: cloud basic setup + hosts: copr-front-stg:copr-front + # hosts: copr-front + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" tasks: - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" - - name: Set hostname (required by some services, at least postfix need it) + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - name: set hostname (required by some services, at least postfix need it) hostname: name="{{copr_hostbase}}.cloud.fedoraproject.org" - when: datacenter != "aws" -- name: Provision instance - hosts: copr_front_dev_aws:copr_front_aws - gather_facts: true +- name: provision instance + hosts: copr-front:copr-front-stg + # hosts: copr-front + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - - copr/pre - - base - - nagios_client - - copr/frontend + - base + - copr/frontend + - copr/mbs + - nagios_client diff --git a/playbooks/groups/copr-hypervisor.yml b/playbooks/groups/copr-hypervisor.yml deleted file mode 100644 index c4470938dc..0000000000 --- a/playbooks/groups/copr-hypervisor.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- name: Setup copr hypervisor hosts - hosts: copr_hypervisor - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "{{ private }}/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - include_role: name=copr/reboot - tags: always - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - tasks: - - import_role: name=base - - import_role: name=hosts - - import_role: name=rkhunter - - import_role: name=nagios_client - - import_role: name=openvpn/client - - import_role: name=ipa/client - - import_role: name=copr/hypervisor - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/copr-keygen.yml b/playbooks/groups/copr-keygen.yml index c68fb80a2f..f2e870bf42 100644 --- a/playbooks/groups/copr-keygen.yml +++ b/playbooks/groups/copr-keygen.yml @@ -1,59 +1,50 @@ ---- -- name: Check/create instance - hosts: copr_keygen_dev_aws:copr_keygen_aws - gather_facts: false +- name: check/create instance + hosts: copr-keygen-stg:copr-keygen + #hosts: copr-keygen + gather_facts: False vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml tasks: - # - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" - # when: datacenter != 'aws' - - - import_tasks: "{{ tasks_path }}/aws_cloud.yml" - when: datacenter == 'aws' - - - - name: Gather facts + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + - name: gather facts setup: check_mode: no - ignore_errors: true + ignore_errors: True register: facts - - name: Install python2 and dnf stuff + - name: install python2 and dnf stuff raw: dnf -y install python-dnf libselinux-python yum - when: facts is failed + when: facts|failed -- name: Cloud basic setup - hosts: copr_keygen_dev_aws:copr_keygen_aws - gather_facts: true +- name: cloud basic setup + hosts: copr-keygen-stg:copr-keygen + # hosts: copr-keygen + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" tasks: - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" - - name: Set hostname (required by some services, at least postfix need it) + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - name: set hostname (required by some services, at least postfix need it) hostname: name="{{copr_hostbase}}.cloud.fedoraproject.org" - when: datacenter != "aws" -- name: Provision instance - hosts: copr_keygen_dev_aws:copr_keygen_aws - gather_facts: true +- name: provision instance + hosts: copr-keygen:copr-keygen-stg + #hosts: copr-keygen + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - - copr/pre - - base - - nagios_client - - copr/keygen + - base + - copr/keygen + - nagios_client diff --git a/playbooks/groups/darkserver-backend.yml b/playbooks/groups/darkserver-backend.yml new file mode 100644 index 0000000000..8b29d86d58 --- /dev/null +++ b/playbooks/groups/darkserver-backend.yml @@ -0,0 +1,76 @@ +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=darkserver-backend:darkserver-backend-stg" + +- name: make the box be real + hosts: darkserver-backend:darkserver-backend-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + + - dnf: name=libsemanage-python state=present + - name: "Set SElinux booleans" + seboolean: name=httpd_can_network_connect_db state=yes persistent=yes + + roles: + - base + - collectd/base + - fas_client + - hosts + - nagios_client + - rsyncd + - sudo + - rkhunter + - redis + - { role: openvpn/client, when: env != "staging" } + + - role: apache + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: set up fedmsg basics + hosts: darkserver-backend:darkserver-backend-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - fedmsg/base + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: dole out the service-specific config + hosts: darkserver-backend:darkserver-backend-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - fedmsg/base + - fedmsg/hub + - rabbitmq + - darkserver/backend + - role: collectd/fedmsg-service + process: fedmsg-hub + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/darkserver-web.yml b/playbooks/groups/darkserver-web.yml new file mode 100644 index 0000000000..42d491014c --- /dev/null +++ b/playbooks/groups/darkserver-web.yml @@ -0,0 +1,40 @@ +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=darkserver-web:darkserver-web-stg" + +- name: make the box be real + hosts: darkserver-web:darkserver-web-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + + - dnf: name=libsemanage-python state=present + - name: "Set SElinux booleans" + seboolean: name=httpd_can_network_connect_db state=yes persistent=yes + + roles: + - base + - collectd/base + - fas_client + - hosts + - nagios_client + - rkhunter + - rsyncd + - sudo + - { role: openvpn/client, when: env != "staging" } + + - role: apache + - darkserver/web + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + diff --git a/playbooks/groups/darkserver.yml b/playbooks/groups/darkserver.yml new file mode 100644 index 0000000000..9a6b6161d4 --- /dev/null +++ b/playbooks/groups/darkserver.yml @@ -0,0 +1,40 @@ +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=darkserver:darkserver-stg" + +- name: make the box be real + hosts: darkserver + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + + - package: name=libsemanage-python state=present + - name: "Set SElinux booleans" + seboolean: name=httpd_can_network_connect_db state=yes persistent=yes + + roles: + - base + - collectd/base + - fas_client + - rkhunter + - hosts + - nagios_client + - rsyncd + - sudo + - { role: openvpn/client, when: env != "staging" } + + - role: apache + + - darkserver + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/data-reports.yml b/playbooks/groups/data-reports.yml deleted file mode 100644 index 012f7b9f8d..0000000000 --- a/playbooks/groups/data-reports.yml +++ /dev/null @@ -1,32 +0,0 @@ -# create a data-reports vm -# - ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "data_reports" - -- name: Make the box be real - hosts: data_reports - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - base - - rkhunter - - nagios_client - - hosts - - ipa/client - - collectd/base - - sudo - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/datagrepper.yml b/playbooks/groups/datagrepper.yml new file mode 100644 index 0000000000..182382819f --- /dev/null +++ b/playbooks/groups/datagrepper.yml @@ -0,0 +1,105 @@ +# create a new datagrepper server + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=datagrepper:datagrepper-stg" + +- name: make the box be real + hosts: datagrepper:datagrepper-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - fedmsg/base + - rsyncd + - sudo + - { role: openvpn/client, + when: env != "staging" } + - mod_wsgi + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: dole out the service-specific config + hosts: datagrepper:datagrepper-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - datagrepper + - role: collectd/web-service + site: datagrepper + url: "http://localhost/datagrepper/raw?delta=86400" + interval: 15 + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +# The gluster work here can be omitted for now. It is used by a feature of +# datagrepper that is partially in place, but not yet functional. +# +#- name: set up gluster server on prod +# hosts: datagrepper:datagrepper-stg +# user: root +# gather_facts: True +# +# vars_files: +# - /srv/web/infra/ansible/vars/global.yml +# - "/srv/private/ansible/vars.yml" +# - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml +# +# roles: +# - role: gluster/server +# name: gluster +# username: "{{ datagrepperglusterusername }}" +# password: "{{ datagrepperglusterpassword }}" +# owner: root +# group: root +# datadir: /srv/glusterfs/datagrepper +# +# handlers: +# - import_tasks: "{{ handlers_path }}/restart_services.yml" +# +#- name: set up gluster client on prod +# hosts: datagrepper:datagrepper-stg +# user: root +# gather_facts: True +# +# vars_files: +# - /srv/web/infra/ansible/vars/global.yml +# - "/srv/private/ansible/vars.yml" +# - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml +# +# roles: +# - role: gluster/client +# name: gluster +# servers: +# - datagrepper01.phx2.fedoraproject.org +# - datagrepper02.phx2.fedoraproject.org +# username: "{{ datagrepperglusterusername }}" +# password: "{{ datagrepperglusterpassword }}" +# owner: apache +# group: apache +# mountdir: /var/cache/datagrepper +# +# handlers: +# - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/db.aws.yml b/playbooks/groups/db.aws.yml deleted file mode 100644 index 94de62a16f..0000000000 --- a/playbooks/groups/db.aws.yml +++ /dev/null @@ -1,76 +0,0 @@ -# database server system in AWS for machines hosted in AWS -# NOTE: most of these vars_path come from group_vars/backup_server or from hostvars - -# Once the instance exists, configure it. - ---- -- name: Check/create instance - hosts: db.stg.aws.fedoraproject.org - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - import_tasks: "{{ tasks_path }}/aws_cloud.yml" - when: datacenter == 'aws' - - - import_tasks: "{{ tasks_path }}/swap.yml" - when: - - datacenter == 'aws' - - swap_file_size_mb is defined - -- name: Cloud basic setup - hosts: db.stg.aws.fedoraproject.org - user: root - gather_facts: true - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - tasks: - - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" - -- name: Configure server - hosts: db.stg.aws.fedoraproject.org - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - dnf: - name: - - langpacks-en - - glibc-all-langpacks - state: latest - - ansible.builtin.systemd_service: - daemon_reload: true - - roles: - - base - - rkhunter - # - {role: ipa/client, when: env == "staging"} - # - nagios_client - # - zabbix/zabbix_agent - - hosts - - postgresql_server - # - collectd/base - # - collectd/postgres # This requires a 'databases' var to be set in host_vars - - sudo - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/debuginfod.yml b/playbooks/groups/debuginfod.yml deleted file mode 100644 index 1d997367b0..0000000000 --- a/playbooks/groups/debuginfod.yml +++ /dev/null @@ -1,80 +0,0 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "debuginfod:debuginfod_stg" - -- name: Make the box be real - hosts: debuginfod:debuginfod_stg - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - base - - rkhunter - - nagios_client - - zabbix/zabbix_agent - - hosts - - ipa/client - - collectd/base - - - role: nfs/client - mount_stg: true - mnt_dir: '/mnt/fedora_koji_prod' - nfs_src_dir: "fedora_koji" - - tasks: - - name: install debuginfod - ansible.builtin.package: name=elfutils-debuginfod state=present - tags: debuginfod - - - name: Install sqlite for diagnostics - ansible.builtin.package: name=sqlite state=present - tags: debuginfod - - - name: Install sqlite-analyzer for diagnostics - ansible.builtin.package: name=sqlite-analyzer state=present - tags: debuginfod - - - name: Install sqlite for diagnostics - ansible.builtin.package: name=sqlite state=present - tags: debuginfod - - - name: Install rsync for data backups - ansible.builtin.package: name=rsync state=present - tags: debuginfod - - - name: Install debuginfod configuration - ansible.builtin.copy: src="{{ files }}/debuginfod/sysconfig.debuginfod" dest=/etc/sysconfig/debuginfod owner=root group=root mode=644 - tags: debuginfod - notify: - - Restart debuginfod - - - name: Ensure systemd drop-in directory exists - ansible.builtin.file: > - dest=/etc/systemd/system/debuginfod.service.d - state=directory - tags: debuginfod - - - name: Install debuginfod systemd drop-in - tags: debuginfod - ansible.builtin.copy: src="{{ files }}/debuginfod/debuginfod.service.d" dest=/etc/systemd/system/debuginfod.service.d/override.conf owner=root group=root mode=644 - notify: - - Restart debuginfod - - - name: Ensure debuginfod is enabled and started - service: - name: debuginfod - state: started - enabled: yes - tags: debuginfod - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/dhcp.yml b/playbooks/groups/dhcp.yml new file mode 100644 index 0000000000..becc4545ea --- /dev/null +++ b/playbooks/groups/dhcp.yml @@ -0,0 +1,30 @@ +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=dhcp" + +- name: make the box be real + hosts: dhcp + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - sudo + - dhcp_server + - tftp_server + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/dns.yml b/playbooks/groups/dns.yml index f086fdea8b..0ef01aa9e9 100644 --- a/playbooks/groups/dns.yml +++ b/playbooks/groups/dns.yml @@ -1,36 +1,34 @@ # create a new dns server ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "dns" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=dns" -- name: Make the box be real +- name: make the box be real hosts: dns user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - hosts - rkhunter - nagios_client - - { role: openvpn/client, - when: datacenter != 'iad2' and datacenter != 'rdu3' } - - ipa/client + - fas_client - collectd/base - collectd/bind - rsyncd - sudo + - { role: openvpn/client, when: datacenter != "phx2" } - dns - pre_tasks: + tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/docker-registry.yml b/playbooks/groups/docker-registry.yml new file mode 100644 index 0000000000..342a3f212c --- /dev/null +++ b/playbooks/groups/docker-registry.yml @@ -0,0 +1,160 @@ +# create an osbs server +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=docker-registry:docker-registry-stg" + +- name: make the box be real + hosts: docker-registry:docker-registry-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - rsyncd + - sudo + - { role: openvpn/client, + when: env != "staging" } + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: set up gluster on stg + hosts: + - docker-registry01.stg.phx2.fedoraproject.org + - docker-registry02.stg.phx2.fedoraproject.org + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - role: gluster/server + name: gluster + username: "{{ registry_gluster_username_stg }}" + password: "{{ registry_gluster_password_stg }}" + owner: root + group: root + datadir: /srv/glusterfs/registry-stg + + - role: gluster/client + name: gluster + servers: + - docker-registry01.stg.phx2.fedoraproject.org + - docker-registry02.stg.phx2.fedoraproject.org + username: "{{ registry_gluster_username_stg }}" + password: "{{ registry_gluster_password_stg }}" + owner: root + group: root + mountdir: "/srv/docker" + +- name: set up gluster on prod + hosts: + - docker-registry02.phx2.fedoraproject.org + - docker-registry03.phx2.fedoraproject.org + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - role: gluster/server + name: gluster + username: "{{ registry_gluster_username_prod }}" + password: "{{ registry_gluster_password_prod }}" + owner: root + group: root + datadir: /srv/glusterfs/registry + + - role: gluster/client + name: gluster + servers: + - docker-registry02.phx2.fedoraproject.org + - docker-registry03.phx2.fedoraproject.org + username: "{{ registry_gluster_username_prod }}" + password: "{{ registry_gluster_password_prod }}" + owner: root + group: root + mountdir: "/srv/docker" + + +- name: setup docker distribution registry + hosts: docker-registry:docker-registry-stg + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + + # NOTE: tls is disabled for docker-distribution because we are listening only + # on localhost and all external connections will be through httpd which + # will be SSL enalbed. + roles: + - { + role: docker-distribution, + conf_path: "/etc/docker-distribution/registry/config.yml", + tls: { + enabled: False, + }, + log: { + fields: { + service: "registry" + } + }, + storage: { + filesystem: { + rootdirectory: "/srv/" + } + }, + http: { + addr: ":5000" + } + } + + # Setup compose-x86-01 push docker images to registry + - { + role: push-docker, + docker_cert_name: "containerstable", + docker_cert_dir: "/etc/docker/certs.d/registry.stg.fedoraproject.org", + when: env == "staging", + delegate_to: compose-x86-01.phx2.fedoraproject.org + } + - { + role: push-docker, + docker_cert_name: "containerbuild", + docker_cert_dir: "/etc/docker/certs.d/candidate-registry.stg.fedoraproject.org", + when: env == "staging", + delegate_to: compose-x86-01.phx2.fedoraproject.org + } + - { + role: push-docker, + docker_cert_name: "containerstable", + docker_cert_dir: "/etc/docker/certs.d/registry.fedoraproject.org", + when: env == "production", + delegate_to: compose-x86-01.phx2.fedoraproject.org + } + - { + role: push-docker, + docker_cert_name: "containerbuild", + docker_cert_dir: "/etc/docker/certs.d/candidate-registry.fedoraproject.org", + when: env == "production", + delegate_to: compose-x86-01.phx2.fedoraproject.org + } diff --git a/playbooks/groups/download.yml b/playbooks/groups/download.yml index e3b957a9a3..c194b6c265 100644 --- a/playbooks/groups/download.yml +++ b/playbooks/groups/download.yml @@ -1,17 +1,14 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "download_ibiblio:download_cc_rdu:download_iad2" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=download-ibiblio" - name: Download servers hosts: download user: root - gather_facts: false + gather_facts: False vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: @@ -19,72 +16,57 @@ - import_tasks: "{{ handlers_path }}/restart_services.yml" -- name: Post-initial-steps +- name: post-initial-steps hosts: download user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" roles: - base - rkhunter - nagios_client - hosts - - { role: openvpn/client, when: vpn == True } - - ipa/client + - fas_client - collectd/base - apache - download + - { role: mod_limitipconn, when: ansible_distribution_major_version|int != '7'} - rsyncd - - { role: nfs/client, when: datacenter == "iad2" or datacenter == "rdu", mnt_dir: '/srv/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' } - - { role: nfs/client, when: datacenter == "iad2" or datacenter == "rdu", mnt_dir: '/srv/pub/archive', nfs_src_dir: 'fedora_ftp_archive' } - - { role: nfs/client, when: datacenter == "iad2", mnt_dir: '/mnt/fedora_koji', nfs_src_dir: 'fedora_koji' } # needed for internal sync + - { role: nfs/client, when: datacenter == "phx2", mnt_dir: '/srv/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' } + - { role: nfs/client, when: datacenter == "phx2", mnt_dir: '/mnt/koji/compose', nfs_src_dir: 'fedora_koji/koji/compose' } + - { role: nfs/client, when: datacenter == "rdu", mnt_dir: '/srv/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' } - sudo - - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - { role: openvpn/client, when: datacenter != "phx2" } tasks: - - name: put in script for syncing fedora on download-ib01 - ansible.builtin.copy: src="{{ files }}/download/sync-up-downloads.sh.ib01" dest=/usr/local/bin/sync-up-downloads owner=root group=root mode=755 + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + - name: put in script for syncing on download-ib01 + copy: src="{{ files }}/download/sync-up-downloads.sh.ib01" dest=/usr/local/bin/sync-up-downloads owner=root group=root mode=755 when: inventory_hostname == 'download-ib01.fedoraproject.org' - - name: Put in script for syncing fedora-alt on download-ib01 - ansible.builtin.copy: src="{{ files }}/download/sync-up-other.sh.ib01" dest=/usr/local/bin/sync-up-other owner=root group=root mode=755 + - name: put in script for syncing on download-ib01 + copy: src="{{ files }}/download/sync-up-other.sh.ib01" dest=/usr/local/bin/sync-up-other owner=root group=root mode=755 when: inventory_hostname == 'download-ib01.fedoraproject.org' - - name: Put in script for syncing centos on download-ib01 - ansible.builtin.copy: src="{{ files }}/download/sync-up-centos.sh.ib01" dest=/usr/local/bin/sync-up-centos owner=root group=root mode=755 + - name: put in cron job for syncing + copy: src="{{ files }}/download/download-sync.cron.ib01" dest=/etc/cron.d/download-sync owner=root group=root mode=644 when: inventory_hostname == 'download-ib01.fedoraproject.org' - - name: Put in cron job for syncing - ansible.builtin.copy: src="{{ files }}/download/download-sync.cron.ib01" dest=/etc/cron.d/download-sync owner=root group=root mode=644 + - name: put in last sync scrypt for download-ib01 + copy: src="{{ files}}/download/last-sync" dest=/usr/local/bin/last-sync mode=0755 when: inventory_hostname == 'download-ib01.fedoraproject.org' - - name: Put in last sync scrypt for download-ib01 - ansible.builtin.copy: src="{{ files}}/download/last-sync" dest=/usr/local/bin/last-sync mode=0755 - when: inventory_hostname == 'download-ib01.fedoraproject.org' - - name: Install bc so last-sync works. - ansible.builtin.package: name=bc state=present + - name: install bc so last-sync works. + package: name=bc state=present when: inventory_hostname == 'download-ib01.fedoraproject.org' - - name: Put in script for syncing on download-cc-rdu01 - ansible.builtin.copy: src="{{ files }}/download/sync-up-downloads.sh.cc-rdu01" dest=/usr/local/bin/sync-up-downloads owner=root group=root mode=755 - when: inventory_hostname == 'download-cc-rdu01.fedoraproject.org' - - name: Put in script for syncing centos on download-cc-rdu01 - ansible.builtin.copy: src="{{ files }}/download/sync-up-centos.sh.cc-rdu01" dest=/usr/local/bin/sync-up-centos owner=root group=root mode=755 - when: inventory_hostname == 'download-cc-rdu01.fedoraproject.org' - - name: Put in cron job for syncing on download-cc-rdu01 - ansible.builtin.copy: src="{{ files }}/download/download-sync.cron.cc-rdu01" dest=/etc/cron.d/download-sync owner=root group=root mode=644 - when: inventory_hostname == 'download-cc-rdu01.fedoraproject.org' - - name: Put in last sync scrypt for download-cc-rdu01 - ansible.builtin.copy: src="{{ files}}/download/last-sync" dest=/usr/local/bin/last-sync mode=0755 - when: inventory_hostname == 'download-cc-rdu01.fedoraproject.org' - - name: Make a mnt/koji link - ansible.builtin.file: state=link src=/mnt/fedora_koji/koji dest=/mnt/koji - when: datacenter == "iad2" + handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" + diff --git a/playbooks/groups/elections.yml b/playbooks/groups/elections.yml new file mode 100644 index 0000000000..83a91dc671 --- /dev/null +++ b/playbooks/groups/elections.yml @@ -0,0 +1,65 @@ +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=elections:elections-stg" + +- name: make the box be real + hosts: elections:elections-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - rsyncd + - sudo + - { role: openvpn/client, + when: env != "staging" } + - mod_wsgi + - collectd/base + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: set up fedmsg on elections + hosts: elections:elections-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - fedmsg/base + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: deploy elections itself + hosts: elections:elections-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - elections + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + diff --git a/playbooks/groups/fas.yml b/playbooks/groups/fas.yml new file mode 100644 index 0000000000..99d63f0d30 --- /dev/null +++ b/playbooks/groups/fas.yml @@ -0,0 +1,38 @@ +# create a new fas server + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=fas:fas-stg" + +- name: make the box be real + hosts: fas-stg:fas + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - hosts + - rkhunter + - nagios_client + - fas_client + - collectd/base + - rsyncd + - memcached + - mod_wsgi + - fas_server + - fedmsg/base + - sudo + - yubikey + - totpcgi + - { role: openvpn/client, when: env != "staging" } + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/fas3.yml b/playbooks/groups/fas3.yml new file mode 100644 index 0000000000..f8604e25a3 --- /dev/null +++ b/playbooks/groups/fas3.yml @@ -0,0 +1,38 @@ +# create a new fas server + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=fas3-stg" + +- name: make the box be real + hosts: fas3-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - hosts + - rkhunter + #- nagios_client + - fas_client + - collectd/base + - rsyncd + - memcached + - mod_wsgi + - fas3_server + - fedmsg/base + - sudo + #- yubikey + #- totpcgi + #- { role: openvpn/client, when: env != "staging" } + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/fedimg.yml b/playbooks/groups/fedimg.yml new file mode 100644 index 0000000000..d42910fe7f --- /dev/null +++ b/playbooks/groups/fedimg.yml @@ -0,0 +1,64 @@ +# create a new fedimg server +# NOTE: make sure there is room/space for this server on the vmhost + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=fedimg:fedimg-stg" + +- name: dole out the generic configuration + hosts: fedimg:fedimg-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - fas_client + - nagios_client + - hosts + - collectd/base + - fedmsg/base + - sudo + # The proxies don't actually need to talk to these hosts so we won't bother + # putting them on the vpn. + #- { role: openvpn/client, + # when: env != "staging" } + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: dole out the service-specific config + hosts: fedimg:fedimg-stg + user: root + gather_facts: True + + roles: + - fedmsg/hub + - role: fedimg + aws_keyname: fedimg-dev + aws_keypath: /etc/pki/fedimg/fedimg-dev + aws_pubkeypath: /etc/pki/fedimg/fedimg-dev.pub + when: env == 'staging' + - role: fedimg + aws_keyname: releng-ap-northeast-1 + aws_keypath: /etc/pki/fedimg/fedimg-prod + aws_pubkeypath: /etc/pki/fedimg/fedimg-prod.pub + when: env != 'staging' + - role: collectd/fedmsg-service + process: fedmsg-hub + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/fedocal.yml b/playbooks/groups/fedocal.yml new file mode 100644 index 0000000000..aa863fd74b --- /dev/null +++ b/playbooks/groups/fedocal.yml @@ -0,0 +1,64 @@ +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=fedocal-stg:fedocal" + +- name: make the box be real + hosts: fedocal-stg:fedocal + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - rsyncd + - sudo + - { role: openvpn/client, + when: env != "staging" } + - mod_wsgi + - collectd/base + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: set up fedmsg + hosts: fedocal-stg:fedocal + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - fedmsg/base + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: deploy fedocal itself + hosts: fedocal-stg:fedocal + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - fedocal + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/flatpak-cache.yml b/playbooks/groups/flatpak-cache.yml deleted file mode 100644 index 9a4745391a..0000000000 --- a/playbooks/groups/flatpak-cache.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "flatpak_cache" - -- name: Make the box be real - hosts: flatpak_cache - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - rkhunter - - nagios_client - - zabbix/zabbix_agent - - ipa/client - - collectd/base - - sudo - - flatpak-cache - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/freshmaker.yml b/playbooks/groups/freshmaker.yml new file mode 100644 index 0000000000..37677c14f8 --- /dev/null +++ b/playbooks/groups/freshmaker.yml @@ -0,0 +1,79 @@ +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=freshmaker:freshmaker-stg" + +- name: make the box be real + hosts: freshmaker:freshmaker-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - rsyncd + - sudo + - collectd/base + + tasks: + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: openvpn on the prod frontend nodes + hosts: freshmaker-frontend + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - openvpn/client + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: Set up apache on the frontend MBS API app + hosts: freshmaker-frontend:freshmaker-frontend-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - mod_wsgi + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: set up fedmsg configuration and common freshmaker files + hosts: freshmaker:freshmaker-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - fedmsg/base + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/github2fedmsg.yml b/playbooks/groups/github2fedmsg.yml new file mode 100644 index 0000000000..26b8d49244 --- /dev/null +++ b/playbooks/groups/github2fedmsg.yml @@ -0,0 +1,54 @@ +# create a new github2fedmsg server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/github2fedmsg* or from hostvars + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=github2fedmsg:github2fedmsg-stg" + +- name: make the box be real + hosts: github2fedmsg:github2fedmsg-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - rsyncd + - sudo + - { role: openvpn/client, + when: env != "staging" } + - mod_wsgi + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: deploy service-specific config + hosts: github2fedmsg:github2fedmsg-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + roles: + - github2fedmsg + - fedmsg/base diff --git a/playbooks/groups/gnome-backups.yml b/playbooks/groups/gnome-backups.yml new file mode 100644 index 0000000000..3c456ccb9b --- /dev/null +++ b/playbooks/groups/gnome-backups.yml @@ -0,0 +1,33 @@ +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=gnome-backups" + +- name: make the boxen be real for real + hosts: gnome-backups + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - sudo + - collectd/base + - gnome_backups + - { role: nfs/client, + mnt_dir: '/gnome_backups', + nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3", + nfs_src_dir: 'gnome_backups' } + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/hotness.yml b/playbooks/groups/hotness.yml new file mode 100644 index 0000000000..5920d46a1b --- /dev/null +++ b/playbooks/groups/hotness.yml @@ -0,0 +1,75 @@ +# create a new hotness server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=hotness:hotness-stg" + +- name: dole out the generic configuration + hosts: hotness:hotness-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - collectd/base + - hosts + - fas_client + - sudo + - role: keytab/service + service: hotness + owner_user: fedmsg + # The proxies don't actually need to talk to these hosts so we won't bother + # putting them on the vpn. + #- { role: openvpn/client, + # when: env != "staging" } + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: set up fedmsg basics + hosts: hotness:hotness-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - fedmsg/base + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: dole out the service-specific config + hosts: hotness:hotness-stg + user: root + gather_facts: True + + roles: + - fedmsg/hub + - hotness + - role: collectd/fedmsg-service + process: fedmsg-hub + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/infinote.yml b/playbooks/groups/infinote.yml new file mode 100644 index 0000000000..72928a8f28 --- /dev/null +++ b/playbooks/groups/infinote.yml @@ -0,0 +1,37 @@ +# create a new infinote server +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=infinote" + +- name: make the boxen be real for real + hosts: infinote + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - sudo + - collectd/base + - openvpn/client + - cgit/base + - cgit/clean_lock_cron + - cgit/make_pkgs_list + - git/server + - role: apache + - role: httpd/mod_ssl + - infinote + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/ipa.yml b/playbooks/groups/ipa.yml index e8598c441d..32daf27f52 100644 --- a/playbooks/groups/ipa.yml +++ b/playbooks/groups/ipa.yml @@ -1,51 +1,44 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "ipa:ipa_stg" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=ipa:ipa-stg" -- name: Make the box be real - hosts: ipa:ipa_stg +- name: make the box be real + hosts: ipa:ipa-stg user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - rkhunter - nagios_client - - zabbix/zabbix_agent - - collectd/base - hosts - - {role: openvpn/client, - when: env != "staging"} - - ipa/client + - fas_client - rsyncd - sudo - # Set up for fedora-messaging - - role: rabbit/user - user_name: "ipa{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.ipa\..* - when: inventory_hostname.startswith('ipa01') + - { role: openvpn/client, + when: env != "staging" } + - mod_wsgi - pre_tasks: + tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" -- name: Deploy ipa itself - hosts: ipa:ipa_stg +- name: deploy ipa itself + hosts: ipa:ipa-stg user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - "{{ vars_path }}/{{ ansible_distribution }}.yml" + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" roles: - ipa/server @@ -55,20 +48,20 @@ service: HTTP host: "id{{env_suffix}}.fedoraproject.org" notify: - - Combine IPA http keytabs + - combine IPA http keytabs handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - name: Combine IPA keytabs - ansible.builtin.shell: printf "%b" "read_kt /etc/httpd/conf/ipa.keytab\nread_kt /etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab\nwrite_kt /etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab.combined" | ktutil + shell: printf "%b" "read_kt /etc/httpd/conf/ipa.keytab\nread_kt /etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab\nwrite_kt /etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab.combined" | ktutil changed_when: false tags: - krb5 - ipa/server - name: Set owner and permissions on combined keytab - ansible.builtin.file: path="/etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab.combined" + file: path="/etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab.combined" owner=apache group=apache mode=0600 @@ -76,7 +69,7 @@ - krb5 - ipa/server # original: /etc/httpd/conf/ipa.keytab - # - name: Make IPA HTTP use the combined keytab + #- name: Make IPA HTTP use the combined keytab # lineinfile: dest=/etc/httpd/conf.d/ipa.conf # regexp='GssapiCredStore keytab:' # line=' GssapiCredStore keytab:/etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab.combined' @@ -84,7 +77,7 @@ # - krb5 # - ipa/server # - config - # - name: Make IPA HTTP use the id.fp.o client keytab + #- name: Make IPA HTTP use the id.fp.o client keytab # lineinfile: dest=/etc/httpd/conf.d/ipa.conf # regexp='GssapiCredStore client_keytab:' # line=' GssapiCredStore client_keytab:/etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab' @@ -93,15 +86,15 @@ # - ipa/server # - config -- name: Do base role once more to revert any resolvconf changes - hosts: ipa:ipa_stg +- name: do base role once more to revert any resolvconf changes + hosts: ipa:ipa-stg user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - "{{ vars_path }}/{{ ansible_distribution }}.yml" + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" roles: - base diff --git a/playbooks/groups/ipsilon.yml b/playbooks/groups/ipsilon.yml index 8c95c4344a..5f83f66d91 100644 --- a/playbooks/groups/ipsilon.yml +++ b/playbooks/groups/ipsilon.yml @@ -1,104 +1,64 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "ipsilon:ipsilon_stg" +# create a new FedOAuth server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/ipsilon* or from hostvars +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=ipsilon:ipsilon-stg" -- name: Make the box be real - hosts: ipsilon:ipsilon_stg +- name: make the box be real + hosts: ipsilon:ipsilon-stg user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - vars: - ipsilon_db_host: "db-fas01{{ env_suffix }}.iad2.fedoraproject.org" + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - rkhunter - nagios_client - - zabbix/zabbix_agent - hosts + - fas_client - rsyncd - sudo - - collectd/base - - {role: openvpn/client, - when: env != "staging"} + - { role: openvpn/client, + when: env != "staging" } - mod_wsgi - role: keytab/service owner_user: apache owner_group: apache service: HTTP - host: "id{{ env_suffix }}.fedoraproject.org" + host: "id.stg.fedoraproject.org" + when: env == "staging" + - role: keytab/service + owner_user: apache + owner_group: apache + service: HTTP + host: "id.fedoraproject.org" + when: env == "production" - pre_tasks: + tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" -- name: Deploy ipsilon itself - hosts: ipsilon:ipsilon_stg +- name: deploy ipsilon itself + hosts: ipsilon:ipsilon-stg user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - "{{ vars_path }}/{{ ansible_distribution }}.yml" - - vars: - ipsilon_db_host: "db-fas01{{ env_suffix }}.iad2.fedoraproject.org" + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" roles: - ipsilon handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" - - -# This next block configures IPA, it only needs to be run on one member of the cluster. -# Run it after setting up Ipsilon because the host need to be declared in IPA already. -- name: Setup IPA - hosts: ipa[0]:ipa_stg[0] - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Add the ipsilon HBAC service in IPA - ipahbacsvc: - name: ipsilon - description: Ipsilon authentication service - ipaadmin_password: "{{ ipa_admin_password }}" - tags: - - ipsilon - - - name: Allow login through ipsilon - ipahbacrule: - name: ipsilon - description: Login through ipsilon - hbacsvc: - - ipsilon - usercategory: all - host: "{{ (env == 'production')|ternary(groups['ipsilon'], groups['ipsilon_stg']) }}" - ipaadmin_password: "{{ ipa_admin_password }}" - tags: - - ipsilon - - - name: Allow login through ipsilon for the CentOS instance - ipahbacrule: - name: ipsilon - action: member - host: "{{ (env == 'production')|ternary('ipsilon.iad2.centos.org', 'ipsilon.stg.iad2.centos.org') }}" - ipaadmin_password: "{{ ipa_admin_password }}" - tags: - - ipsilon diff --git a/playbooks/groups/jenkins-master.yml b/playbooks/groups/jenkins-master.yml new file mode 100644 index 0000000000..7683577250 --- /dev/null +++ b/playbooks/groups/jenkins-master.yml @@ -0,0 +1,49 @@ +- name: check/create instance + hosts: jenkins-master + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + +- name: setup all the things + hosts: jenkins-master + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + +- name: provision instance + hosts: jenkins-master + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - jenkins/master + - fedmsg/base + - apache + - certbot + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/jenkins-slave.yml b/playbooks/groups/jenkins-slave.yml new file mode 100644 index 0000000000..79585a7976 --- /dev/null +++ b/playbooks/groups/jenkins-slave.yml @@ -0,0 +1,47 @@ +- name: check/create instance + hosts: jenkins-slave + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + +- name: setup all the things + hosts: jenkins-slave + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + +- name: provision instance + hosts: jenkins-slave + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - jenkins/slave + + tasks: +# - import_tasks: "{{ tasks_path }}/growroot_cloud.yml" + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/kerneltest.yml b/playbooks/groups/kerneltest.yml new file mode 100644 index 0000000000..40872cf4c7 --- /dev/null +++ b/playbooks/groups/kerneltest.yml @@ -0,0 +1,54 @@ +# create a new kerneltest server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/kerneltest* or from hostvars + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=kerneltest:kerneltest-stg" + +- name: make the box be real + hosts: kerneltest-stg:kerneltest + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - rsyncd + - sudo + - { role: openvpn/client, + when: env != "staging" } + - mod_wsgi + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: deploy service-specific config + hosts: kerneltest-stg:kerneltest + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + roles: + - kerneltest + - fedmsg/base diff --git a/playbooks/groups/keyserver.yml b/playbooks/groups/keyserver.yml new file mode 100644 index 0000000000..2f5ccb4b48 --- /dev/null +++ b/playbooks/groups/keyserver.yml @@ -0,0 +1,38 @@ +# create a new sks keyserver +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/gallery-web* or from hostvars + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=keys" + +- name: make the box be real + hosts: keys + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - sudo + - collectd/base + - { role: openvpn/client, + when: env != "staging" } + - apache + - certbot + - keyserver + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/koji-hub.yml b/playbooks/groups/koji-hub.yml index df75a2bfda..a0929cc64c 100644 --- a/playbooks/groups/koji-hub.yml +++ b/playbooks/groups/koji-hub.yml @@ -2,180 +2,107 @@ # NOTE: should be used with --limit most of the time # NOTE: most of these vars_path come from group_vars/koji-hub or from hostvars ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "koji_stg:koji:koji_riscv" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=koji-stg:koji" # Once the instance exists, configure it. -- name: Make koji_hub server system - hosts: koji_stg:koji:koji_riscv +- name: make koji_hub server system + hosts: koji-stg:koji user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - tags: always - - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/osbs_certs.yml" + - import_tasks: "{{ tasks_path }}/osbs_repos.yml" roles: - base - rkhunter - nagios_client - - zabbix/zabbix_agent - hosts - - ipa/client + - fas_client + - builder_repo - collectd/base - apache - - mod_wsgi + - fedmsg/base - role: keytab/service service: kojira host: "koji{{env_suffix}}.fedoraproject.org" - when: koji_instance != 'secondary' - - role: keytab/service - service: kojira - host: "riscv-koji{{env_suffix}}.fedoraproject.org" - when: koji_instance == 'secondary' - role: keytab/service service: koji-gc owner_user: apache host: "koji{{env_suffix}}.fedoraproject.org" - when: koji_instance != 'secondary' - - role: keytab/service - service: koji-gc - owner_user: apache - host: "riscv-koji{{env_suffix}}.fedoraproject.org" - when: koji_instance == 'secondary' - koji_hub - role: keytab/service service: HTTP owner_user: apache host: "koji{{env_suffix}}.fedoraproject.org" - when: koji_instance != 'secondary' + when: "fedmsg_koji_instance == 'primary'" - role: keytab/service - service: HTTP - owner_user: apache - host: "riscv-koji{{env_suffix}}.fedoraproject.org" - when: koji_instance == 'secondary' - - {role: nfs/server, when: env == "staging"} - - # production nfs mounts from netapp + service: shadow + owner_user: koji_shadow + host: "koji{{env_suffix}}.fedoraproject.org" + when: "fedmsg_koji_instance != 'primary'" + - { role: nfs/server, when: env == "staging" } + - { role: keepalived, when: env == "production" and inventory_hostname.startswith('koji') } - role: nfs/client mnt_dir: '/mnt/fedora_koji' nfs_src_dir: 'fedora_koji' when: env == 'production' and inventory_hostname.startswith('koji') - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive00' - nfs_src_dir: 'fedora_koji_archive00' - when: env == 'production' and inventory_hostname.startswith('koji') - + mnt_dir: '/mnt/koji' + nfs_src_dir: 'fedora_s390/data' + when: env == 'production' and inventory_hostname.startswith('s390') - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive01' - nfs_src_dir: 'fedora_koji_archive01' - when: env == 'production' and inventory_hostname.startswith('koji') - + mnt_dir: '/mnt/koji' + nfs_src_dir: 'fedora_ppc/data' + when: env == 'production' and inventory_hostname.startswith('ppc') - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive02' - nfs_src_dir: 'fedora_koji_archive02' - when: env == 'production' and inventory_hostname.startswith('koji') - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive03' - nfs_src_dir: 'fedora_koji_archive03' - when: env == 'production' and inventory_hostname.startswith('koji') - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive04' - nfs_src_dir: 'fedora_koji_archive04' - when: env == 'production' and inventory_hostname.startswith('koji') - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive05' - nfs_src_dir: 'fedora_koji_archive05' - when: env == 'production' and inventory_hostname.startswith('koji') - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive06' - nfs_src_dir: 'fedora_koji_archive06' - when: env == 'production' and inventory_hostname.startswith('koji') - - - role: nfs/client - mnt_dir: '/mnt/koji/ostree' - nfs_src_dir: 'fedora_ostree_content/ostree' - mount_stg: true - when: env == 'production' and inventory_hostname.startswith('koji') - - - role: nfs/client - mnt_dir: '/mnt/koji/compose/ostree' - mount_stg: true - nfs_src_dir: 'fedora_ostree_content/compose/ostree' - when: env == 'production' and inventory_hostname.startswith('koji') - + mnt_dir: '/mnt/koji' + nfs_src_dir: 'fedora_arm/data' + when: env == 'production' and inventory_hostname.startswith('arm') # In staging, we mount fedora_koji as read only (see nfs_mount_opts) - role: nfs/client mnt_dir: '/mnt/fedora_koji_prod' nfs_src_dir: 'fedora_koji' when: env == 'staging' and inventory_hostname.startswith('koji') - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/' - mount_stg: true - nfs_src_dir: 'fedora_riscv_koji' - when: inventory_hostname.startswith('riscv') - - - role: nfs/client - mnt_dir: '/mnt/koji/ostree' - nfs_src_dir: 'fedora_ostree_content/ostree' - mount_stg: true - when: env == 'staging' - - - role: nfs/client - mnt_dir: '/mnt/koji/compose/ostree' - mount_stg: true - nfs_src_dir: 'fedora_ostree_content/compose/ostree' - when: env == 'staging' - - sudo - - role: rabbit/user - user_name: "koji{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.buildsys\..* - when: koji_instance != 'secondary' - - - role: rabbit/user - user_name: "riscv-koji{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.buildsys\..* - when: koji_instance == 'secondary' - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: Configure sshfs target on koji01 - hosts: koji01.iad2.fedoraproject.org:koji01.stg.iad2.fedoraproject.org - tags: - - sshfs - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - - name: Put public sshfs key in place - authorized_key: user="root" - key="{{ lookup('file', '{{ private }}/files/releng/sshkeys/primary-s390x-sshfs' + '-staging.pub' if env == 'staging' else '{{ private }}/files/releng/sshkeys/primary-s390x-sshfs.pub') }}" - state=present - key_options='command="internal-sftp",from="{{ '10.16.0.28,10.16.0.26,10.16.0.27,10.1.102.21,10.1.102.22,10.1.102.23' }}",restrict' - tags: - - sshfs + - name: create secondary volume dir for stg koji + file: dest=/mnt/koji/vol state=directory owner=apache group=apache mode=0755 + tags: koji_hub + when: env == 'staging' + - name: create symlink for stg/prod secondary volume + file: src=/mnt/fedora_koji_prod/koji dest=/mnt/koji/vol/prod state=link + tags: koji_hub + when: env == 'staging' + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" + + +#- name: Start the kojid builder daemon, but only on staging. +# # Really -- this should never be set for prod. +# hosts: koji-stg:s390-koji01.qa.fedoraproject.org +# user: root +# gather_facts: True +# +# # XXX - should these just be included in koji_builder and koji_hub roles? +# tasks: +# - name: make sure kojid is running +# service: name=kojid state=started +# tags: +# - kojid +# - name: make sure kojira is running +# service: name=kojira state=started +# tags: +# - kojira diff --git a/playbooks/groups/kojipkgs.yml b/playbooks/groups/kojipkgs.yml index 7e149ed905..4d68cc494f 100644 --- a/playbooks/groups/kojipkgs.yml +++ b/playbooks/groups/kojipkgs.yml @@ -1,72 +1,40 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "kojipkgs" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=kojipkgs" -- name: Make the boxen be real for real +- name: make the boxen be real for real hosts: kojipkgs user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - rkhunter - nagios_client - hosts - - ipa/client + - fas_client - sudo - collectd/base - apache - - role: nfs/client - mnt_dir: '/mnt/fedora_koji' - nfs_src_dir: 'fedora_koji' - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive00' - nfs_src_dir: 'fedora_koji_archive00' - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive01' - nfs_src_dir: 'fedora_koji_archive01' - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive02' - nfs_src_dir: 'fedora_koji_archive02' - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive03' - nfs_src_dir: 'fedora_koji_archive03' - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive04' - nfs_src_dir: 'fedora_koji_archive04' - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive05' - nfs_src_dir: 'fedora_koji_archive05' - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive06' - nfs_src_dir: 'fedora_koji_archive06' - role: nfs/client mnt_dir: '/mnt/fedora_app/app' nfs_src_dir: 'fedora_app/app' + - role: nfs/client + mnt_dir: '/mnt/fedora_koji' + nfs_src_dir: 'fedora_koji' - role: nfs/client mnt_dir: '/pub' nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' - - role: nfs/client - mnt_dir: '/mnt/koji/ostree' - nfs_src_dir: 'fedora_ostree_content/ostree' - mount_stg: true - when: datacenter == 'iad2' - - role: nfs/client - mnt_dir: '/mnt/koji/compose/ostree' - mount_stg: true - nfs_src_dir: 'fedora_ostree_content/compose/ostree' - when: datacenter == 'iad2' - role: kojipkgs - role: varnish + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/koschei-backend.yml b/playbooks/groups/koschei-backend.yml new file mode 100644 index 0000000000..73c27f85b3 --- /dev/null +++ b/playbooks/groups/koschei-backend.yml @@ -0,0 +1,38 @@ +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=koschei-backend:koschei-backend-stg" + +- name: install koschei + hosts: koschei-backend:koschei-backend-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - builder_repo + - collectd/base + - { role: sudo, sudoers: "{{ private }}/files/sudo/koschei01-sudoers" } + - koschei/backend + - role: keytab/service + owner_user: koschei + owner_group: koschei + service: koschei + host: "{{inventory_hostname}}" + - fedmsg/base + + tasks: + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/koschei-web.yml b/playbooks/groups/koschei-web.yml new file mode 100644 index 0000000000..1ede9ab3b3 --- /dev/null +++ b/playbooks/groups/koschei-web.yml @@ -0,0 +1,32 @@ +--- +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=koschei-web:koschei-web-stg" + +- name: install koschei-frontend + hosts: koschei-web:koschei-web-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - { role: sudo, sudoers: "{{ private }}/files/sudo/koschei01-sudoers" } + - { role: openvpn/client, when: env != "staging" } + - mod_wsgi + - koschei/frontend + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/logdetective.yml b/playbooks/groups/logdetective.yml deleted file mode 100644 index 30245f8d0c..0000000000 --- a/playbooks/groups/logdetective.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -- name: Check/create instance - hosts: logdetective - user: root - gather_facts: false - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - import_tasks: "{{ tasks_path }}/aws_cloud.yml" - when: datacenter == 'aws' - - - import_tasks: "{{ tasks_path }}/swap.yml" - when: - - datacenter == 'aws' - - swap_file_size_mb is defined - -- name: Provision instance - hosts: logdetective - become: true - become_user: root - gather_facts: true - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - # Roles are run first, before tasks, regardless of where you place them here. - roles: - - base - - logdetective - - nagios_client diff --git a/playbooks/groups/logserver.yml b/playbooks/groups/logserver.yml index 33f66fc451..16026b527f 100644 --- a/playbooks/groups/logserver.yml +++ b/playbooks/groups/logserver.yml @@ -1,106 +1,66 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "logging" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=log01.phx2.fedoraproject.org" -- name: Make the box be real - hosts: logging +- name: make the box be real + hosts: log01.phx2.fedoraproject.org user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - rkhunter - nagios_client - - zabbix/zabbix_agent - hosts - - openvpn/client - - ipa/client + - fas_client - apache - collectd/base - collectd/server - sudo - - web-data-analysis + - epylog + - openvpn/client + - awstats - role: keytab/service owner_user: apache owner_group: apache service: HTTP host: "admin.fedoraproject.org" when: env == "production" - # Set up for fedora-messaging - - role: rabbit/user - user_name: "logging{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.logging\.stats\..* - - logging - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" # # We exclude some dirs from restorecon on updates on logservers as they are very large # and it takes a long long time to run restorecon over them. # - - name: Exclude some directories from selinux relabeling on updates - ansible.builtin.copy: src="{{ files }}/logserver/fixfiles_exclude_dirs" dest=/etc/selinux/fixfiles_exclude_dirs owner=root mode=0644 + - name: exclude some directories from selinux relabeling on updates + copy: src="{{ files }}/logserver/fixfiles_exclude_dirs" dest=/etc/selinux/fixfiles_exclude_dirs owner=root mode=0644 handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" - name: Cloud Image stats - hosts: log01.iad2.fedoraproject.org + hosts: log01.phx2.fedoraproject.org user: root - gather_facts: false + gather_facts: False vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - cloudstats + - role: nfs/client + mnt_dir: '/mnt/fedora_stats' + nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" + nfs_src_dir: 'fedora_stats' handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: Dole out the service-specific config - hosts: log01.iad2.fedoraproject.org - user: root - gather_facts: true - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - roles: - - role: nfs/client - mnt_dir: '/mnt/fedora_stats' - nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" - nfs_src_dir: 'fedora_stats' - - geoip - - tasks: - - name: Install needed packages - ansible.builtin.package: name={{ item }} state=present - with_items: - - httpd - - httpd-tools - - mod_ssl - - rsync - - emacs-nox - - git - - bc - - gnuplot - - mod_auth_gssapi - - - name: Set domain_can_mmap_files so collectd works - seboolean: name=domain_can_mmap_files state=yes persistent=yes diff --git a/playbooks/groups/loopabull.yml b/playbooks/groups/loopabull.yml new file mode 100644 index 0000000000..a90efcab56 --- /dev/null +++ b/playbooks/groups/loopabull.yml @@ -0,0 +1,100 @@ +# create a new loopabull server +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=loopabull-stg" + +- name: make the box be real + hosts: loopabull-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" + + pre_tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - sudo + + tasks: + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: Deploy and configure loopabull + hosts: loopabull-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - name: git clone the releng-automation playbook repo + git: + repo: "https://pagure.io/releng-automation.git" + dest: "/usr/local/loopabull-playbooks" + - name: ensure ~/.ssh dir exists + file: + path: "/home/root/.ssh/" + state: directory + - name: place loopabull_ociimage user private keys + copy: + src: "{{ private }}/files/loopabull/keys/{{ env }}_ociimage" + dest: "/home/root/.ssh/id_rsa.loopabull_ociimage" + mode: 0600 + - name: Install required packages + package: + name: python-fedmsg-rabbitmq-serializer + state: latest + + roles: + - rabbitmq + - fedmsg/base + - fedmsg/hub + - { + role: loopabull, + loglevel: info, + plugin: fedmsgrabbitmq, + routing_keys: [ + "org.fedoraproject.prod.buildsys.build.state.change" + ], + playbooks_dir: /usr/local/loopabull-playbooks/, + ansible_cfg_path: /etc/ansible/ansible.cfg, + playbook_cmd: /usr/bin/ansible-playbook + } + + +- name: Post Loopabull install configuration + hosts: loopabull-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - name: Enable fedmsg-rabbitmq-serializer + copy: + src: "{{files}}/loopabull/serializer.py" + dest: "/etc/fedmsg.d/serializer.py" + notify: restart fedmsg-hub diff --git a/playbooks/groups/mailman.yml b/playbooks/groups/mailman.yml index bd8398d8c2..f3a56c2121 100644 --- a/playbooks/groups/mailman.yml +++ b/playbooks/groups/mailman.yml @@ -1,16 +1,13 @@ ---- # create a new mailman server # NOTE: make sure there is room/space for this server on the vmhost # NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "mailman:mailman_stg" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=mailman:mailman-stg" -- name: Make the box be real - hosts: mailman_stg:mailman +- name: make the box be real + hosts: mailman-stg:mailman user: root - gather_facts: true + gather_facts: True vars_files: - /srv/web/infra/ansible/vars/global.yml @@ -22,16 +19,19 @@ - rkhunter - nagios_client - hosts - - {role: openvpn/client, - when: env != "staging"} - - ipa/client + - fas_client - collectd/base - sudo + - { role: openvpn/client, + when: env != "staging" } - spamassassin - mod_wsgi - pre_tasks: + tasks: + # this is how you include other task lists - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" @@ -41,19 +41,19 @@ # Database setup # -- name: Prepare setting up the database - hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org +- name: prepare setting up the database + hosts: db01.stg.phx2.fedoraproject.org:db01.phx2.fedoraproject.org gather_facts: no user: root tasks: - - name: Install psycopg2 for the postgresql ansible modules - ansible.builtin.package: name=python3-psycopg2 state=present + - name: install psycopg2 for the postgresql ansible modules + package: name=python-psycopg2 state=present tags: - packages -- name: Setup the database - hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org +- name: setup the database + hosts: db01.stg.phx2.fedoraproject.org:db01.phx2.fedoraproject.org gather_facts: no become: yes become_user: postgres @@ -64,26 +64,26 @@ tasks: # mailman auto-updates its schema, there can only be one admin user - - name: Mailman DB user + - name: mailman DB user postgresql_user: name=mailmanadmin password={{ mailman_mm_db_pass }} - - name: Hyperkitty DB admin user + - name: hyperkitty DB admin user postgresql_user: name=hyperkittyadmin password={{ mailman_hk_admin_db_pass }} - - name: Hyperkitty DB user + - name: hyperkitty DB user postgresql_user: name=hyperkittyapp password={{ mailman_hk_db_pass }} - - name: Databases creation + - name: databases creation postgresql_db: name={{ item }} owner="{{ item }}admin" encoding=UTF-8 with_items: - mailman - hyperkitty - - name: Test database creation + - name: test database creation postgresql_db: name=test_hyperkitty owner=hyperkittyadmin encoding=UTF-8 # Real MM/HK-specific work -- name: Setup mailman and hyperkitty - hosts: mailman_stg:mailman +- name: setup mailman and hyperkitty + hosts: mailman-stg:mailman user: root - gather_facts: true + gather_facts: True vars_files: - /srv/web/infra/ansible/vars/global.yml @@ -91,32 +91,32 @@ - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" roles: - - role: mailman3 - # Set up for fedora-messaging - - role: rabbit/user - user_name: "mailman{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.mailman\..* + - role: mailman + mailman_mailman_db_pass: "{{ mailman_mm_db_pass }}" + mailman_hyperkitty_admin_db_pass: "{{ mailman_hk_admin_db_pass }}" + mailman_hyperkitty_db_pass: "{{ mailman_hk_db_pass }}" + mailman_hyperkitty_cookie_key: "{{ mailman_hk_cookie_key }}" + - fedmsg/base tasks: - - name: Install more needed packages - ansible.builtin.package: - state: present - name: - - tar + - name: install more needed packages + package: name={{ item }} state=present + with_items: + - tar tags: - packages -# - name: Easy access to the postgresql databases -# ansible.builtin.template: src=$files/mailman/pgpass.j2 dest=/root/.pgpass -# owner=root group=root mode=0600 + #- name: easy access to the postgresql databases + # template: src=$files/mailman/pgpass.j2 dest=/root/.pgpass + # owner=root group=root mode=0600 - - name: Start services + - name: start services service: state=started enabled=yes name={{ item }} with_items: - httpd - mailman3 - postfix - when: inventory_hostname.startswith('mailman01.iad2') + when: inventory_hostname.startswith('mailman01.phx2') or inventory_hostname.startswith('lists-dev') handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/maintainer-test.yml b/playbooks/groups/maintainer-test.yml index b5afd50123..bb5b0cf64f 100644 --- a/playbooks/groups/maintainer-test.yml +++ b/playbooks/groups/maintainer-test.yml @@ -1,39 +1,69 @@ ---- -- name: Setup maintainer test hosts - hosts: maintainer_test - gather_facts: true - tags: - - maintainer-test +- name: Spin up maintainertest cloud instances + hosts: maintainer-test + gather_facts: False vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + +- name: Do some basic cloud setup on them + hosts: maintainer-test + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + +- name: Setup maintainer test hosts + hosts: arm-packager:maintainer-test + gather_facts: True + tags: + - maintainer-test + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - import_tasks: "{{ tasks_path }}/yumrepos.yml" roles: - base - rkhunter - hosts - - nagios_client - - openvpn/client - - ipa/client + - fas_client + - sudo tasks: # this is how you include other task lists - - name: Install packager tools (dnf) + - import_tasks: "{{ tasks_path }}/motd.yml" + + - name: install packager tools (dnf) dnf: state=present pkg={{ item }} with_items: - fedora-packager - when: ansible_distribution == 'Fedora' + when: ansible_distribution_major_version|int > 21 tags: - packages - - name: Allow packagers to use mock - ansible.builtin.copy: dest=/etc/pam.d/mock src="{{ files }}/common/mock" + - name: allow packagers to use mock + lineinfile: dest=/etc/pam.d/mock line="{{ item }} sufficient pam_succeed_if.so user ingroup packager use_uid quiet" insertbefore=BOF + when: ansible_distribution_major_version|int > 23 + with_items: + - account + - auth tags: - config diff --git a/playbooks/groups/mariadb-server.yml b/playbooks/groups/mariadb-server.yml index ef821e4b20..33112d5c21 100644 --- a/playbooks/groups/mariadb-server.yml +++ b/playbooks/groups/mariadb-server.yml @@ -2,35 +2,35 @@ # NOTE: should be used with --limit most of the time # NOTE: most of these vars_path come from group_vars/backup_server or from hostvars ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "db03.stg.iad2.fedoraproject.org:db03.iad2.fedoraproject.org" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=db03.phx2.fedoraproject.org:db03.stg.phx2.fedoraproject.org" # Once the instance exists, configure it. -- name: Configure mariadb server system - hosts: db03.stg.iad2.fedoraproject.org:db03.iad2.fedoraproject.org +- name: configure mariadb server system + hosts: db03.phx2.fedoraproject.org:db03.stg.phx2.fedoraproject.org user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - rkhunter - - ipa/client + - fas_client - nagios_client - hosts - mariadb_server - collectd/base - sudo - pre_tasks: + tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + # TODO: add iscsi task handlers: diff --git a/playbooks/groups/mbs.yml b/playbooks/groups/mbs.yml new file mode 100644 index 0000000000..87f0c97b2a --- /dev/null +++ b/playbooks/groups/mbs.yml @@ -0,0 +1,122 @@ +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=mbs:mbs-stg" + +- name: make the box be real + hosts: mbs:mbs-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - rsyncd + - sudo + - collectd/base + + tasks: + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: openvpn on the prod frontend nodes + hosts: mbs-frontend + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - openvpn/client + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: Set up apache on the frontend MBS API app + hosts: mbs-frontend:mbs-frontend-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - mod_wsgi + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: set up fedmsg configuration and common mbs files + hosts: mbs:mbs-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - fedmsg/base + - mbs/common + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: deploy the frontend MBS API app + hosts: mbs-frontend:mbs-frontend-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - mbs/frontend + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: deploy the backend MBS scheduler daemon + hosts: mbs-backend:mbs-backend-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - role: keytab/service + service: mbs + owner_user: fedmsg + host: "mbs{{env_suffix}}.fedoraproject.org" + - role: fedmsg/hub + tags: fedmsg/hub + - role: collectd/fedmsg-service + process: fedmsg-hub + # Amazingly, there isn't need for a mbs/backend role. The fedmsg/hub role + # along with mbs/common is enough. + #- mbs/backend + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/mdapi.yml b/playbooks/groups/mdapi.yml new file mode 100644 index 0000000000..7075c0a214 --- /dev/null +++ b/playbooks/groups/mdapi.yml @@ -0,0 +1,67 @@ +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=mdapi:mdapi-stg" + +- name: make the box be real + hosts: mdapi-stg:mdapi + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - rsyncd + - sudo + - { role: openvpn/client, + when: env != "staging" } + - collectd/base + - { role: mod_wsgi, when: env == "staging" } + + tasks: + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: deploy mdapi itself + hosts: mdapi-stg:mdapi + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - mdapi + - { role: plus-plus-service, when: env == "staging" } + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: set up fedmsg + hosts: mdapi-stg:mdapi + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - fedmsg/base + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/memcached.yml b/playbooks/groups/memcached.yml index 2e95877949..131467107f 100644 --- a/playbooks/groups/memcached.yml +++ b/playbooks/groups/memcached.yml @@ -1,32 +1,30 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "memcached:memcached_stg" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=memcached:memcached-stg" -- name: Make the box be real - hosts: memcached:memcached_stg +- name: make the box be real + hosts: memcached:memcached-stg user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - rkhunter - nagios_client - - zabbix/zabbix_agent - hosts - - ipa/client + - fas_client - collectd/base - collectd/memcached - sudo - memcached - pre_tasks: + tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/mirrorlist2.yml b/playbooks/groups/mirrorlist2.yml new file mode 100644 index 0000000000..6ed5a182e8 --- /dev/null +++ b/playbooks/groups/mirrorlist2.yml @@ -0,0 +1,73 @@ +# create a new mirrorlist server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=mirrorlist2:mirrorlist2-stg:!mirrorlist-host1plus.fedoraproject.org" + +- name: make the box be real + hosts: mirrorlist2:mirrorlist2-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - name: Install policycoreutils-python + package: name=policycoreutils-python state=present + + - name: Create /srv/web/ for all the goodies. + file: > + dest=/srv/web state=directory + owner=root group=root mode=0755 + tags: + - httpd + - httpd/website + + - name: check the selinux context of webdir + command: matchpathcon /srv/web + register: webdir + check_mode: no + changed_when: "1 != 1" + tags: + - config + - selinux + - httpd + - httpd/website + + - name: /srv/web file contexts + command: semanage fcontext -a -t httpd_sys_content_t "/srv/web(/.*)?" + when: webdir.stdout.find('httpd_sys_content_t') == -1 + tags: + - config + - selinux + - httpd + - httpd/website + + roles: + - base + - rkhunter + - nagios_client + - geoip + - hosts + - fas_client + - collectd/base + - mod_wsgi + - httpd/mod_ssl + - mirrormanager/mirrorlist2 + - sudo + - { role: openvpn/client, + when: env != "staging" } + + tasks: + # this is how you include other task lists + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/mirrormanager.yml b/playbooks/groups/mirrormanager.yml new file mode 100644 index 0000000000..8f51459d31 --- /dev/null +++ b/playbooks/groups/mirrormanager.yml @@ -0,0 +1,101 @@ +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=mm:mm-stg" + +- name: make the boxe be real for real + hosts: mm:mm-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - sudo + - collectd/base + - { role: openvpn/client, when: env != "staging" and inventory_hostname.startswith('mm-frontend') } + - { role: nfs/client, when: inventory_hostname.startswith('mm-backend01'), mnt_dir: '/srv/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' } + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: Deploy the backend + hosts: mm-backend:mm-backend-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - mirrormanager/backend + - s3-mirror + - geoip + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: Deploy the crawler + hosts: mm-crawler:mm-crawler-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - mirrormanager/crawler + - { role: rsyncd, + when: env != "staging" } + - { role: openvpn/client, when: datacenter != "phx2" } + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: Deploy the frontend (web-app) + hosts: mm-frontend:mm-frontend-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - mirrormanager/frontend2 + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +# Do this one last, since the mirrormanager user needs to exist so that it can +# own the fedmsg certs we put in place here. +- name: Put fedmsg stuff in place + hosts: mm:mm-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - fedmsg/base + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/modernpaste.yml b/playbooks/groups/modernpaste.yml new file mode 100644 index 0000000000..cdfbee64f1 --- /dev/null +++ b/playbooks/groups/modernpaste.yml @@ -0,0 +1,51 @@ +# create a new modernpaste server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=modernpaste-stg:modernpaste" + +- name: dole out the generic configuration + hosts: modernpaste-stg:modernpaste + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - sudo + - collectd/base + - fedmsg/base + - { role: openvpn/client, when: env != "staging" } + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: dole out the service-specific config + hosts: modernpaste-stg:modernpaste + user: root + gather_facts: True + + roles: + - modernpaste + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/nfs-servers.yml b/playbooks/groups/nfs-servers.yml deleted file mode 100644 index 7579a85234..0000000000 --- a/playbooks/groups/nfs-servers.yml +++ /dev/null @@ -1,84 +0,0 @@ -# This is a basic playbook - ---- -- name: Dole out the basic configuration - hosts: nfs_servers - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - base - - rkhunter - - hosts - - ipa/client - - nagios_client - - collectd/base - - sudo - - openvpn/client - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -## This should be in a different playbook. -- name: Deal with drive items on storinator01 - hosts: storinator01.rdu-cc.fedoraproject.org - user: root - gather_facts: true - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - name: Create top level directory - ansible.builtin.file: path=/srv/nfs state=directory owner=root group=root - tags: - - drives - - copr - - - name: Create copr-be storage - lvol: vg=VG_nfs lv=copr-be size=30t shrink=no - tags: - - drives - - copr - - - name: Create FS for copr-be - filesystem: fstype=xfs dev=/dev/VG_nfs/copr-be - tags: - - drives - - copr - - - name: Create copr-be tree directory - ansible.builtin.file: path=/srv/nfs/copr-be state=directory owner=root group=root - tags: - - drives - - copr - - - name: Mount copr-be tree directory - mount: name=/srv/nfs/copr-be src=/dev/mapper/VG_nfs-copr--be fstype=xfs state=mounted - tags: - - drives - - copr - -- name: Deal with NFS - hosts: storinator01.rdu-cc.fedoraproject.org - user: root - gather_facts: true - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - roles: - - nfs/server diff --git a/playbooks/groups/noc.yml b/playbooks/groups/noc.yml index b71fd268bc..d41f7c4a9d 100644 --- a/playbooks/groups/noc.yml +++ b/playbooks/groups/noc.yml @@ -1,18 +1,15 @@ # This is a basic playbook ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "nagios" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=nagios" -- name: Make the box be real +- name: make the box be real hosts: nagios user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" @@ -22,53 +19,56 @@ - rkhunter - nagios_client - hosts - - { role: openvpn/client, when: env != "staging" and datacenter != 'rdu3' } - - ipa/client + - fas_client - collectd/base - - { role: rsyncd, when: datacenter == 'iad2' or datacenter == 'rdu3' } + - { role: rsyncd, when: datacenter == 'phx2' } - sudo - - apache - # - mod_wsgi + - { role: openvpn/client, + when: env != "staging" } + - mod_wsgi - role: keytab/service owner_user: apache owner_group: apache service: HTTP host: "nagios{{env_suffix}}.fedoraproject.org" - when: datacenter == 'iad2' + when: datacenter == 'phx2' - role: keytab/service owner_user: apache owner_group: apache service: HTTP host: "nagios-external{{env_suffix}}.fedoraproject.org" - when: datacenter == 'ibiblio' - - { role: letsencrypt, site_name: 'nagios-external.fedoraproject.org', when: inventory_hostname.startswith('noc02') } + when: datacenter != 'phx2' + + + tasks: + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" -- name: Deploy service-specific config (just for production) +- name: deploy service-specific config (just for production) hosts: nagios user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" roles: - - { role: dhcp_server, when: datacenter == 'iad2' or datacenter == 'rdu3' } - - { role: tftp_server, when: datacenter == 'iad2' or datacenter == 'rdu3' } - - { role: nagios_server, when: datacenter == 'iad2' or datacenter == 'ibiblio' } + - { role: dhcp_server, when: datacenter == 'phx2' } + - { role: tftp_server, when: datacenter == 'phx2' } + - nagios_server + - fedmsg/base tasks: - - name: Install some packages which arent in playbooks - ansible.builtin.package: - state: present - name: - - nmap - - tcpdump - - ipmitool + - name: install some packages which arent in playbooks + package: name={{ item }} state=present + with_items: + - nmap + - tcpdump diff --git a/playbooks/groups/notifs-backend.yml b/playbooks/groups/notifs-backend.yml new file mode 100644 index 0000000000..46e514a38b --- /dev/null +++ b/playbooks/groups/notifs-backend.yml @@ -0,0 +1,69 @@ +# create a new notifs-backend server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=notifs-backend:notifs-backend-stg" + +- name: dole out the generic configuration + hosts: notifs-backend:notifs-backend-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - hosts + - fas_client + - nagios_client + - collectd/base + - fedmsg/base + - sudo + # The proxies don't actually need to talk to these hosts so we won't bother + # putting them on the vpn. + #- { role: openvpn/client, + # when: env != "staging" } + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: dole out the service-specific config + hosts: notifs-backend:notifs-backend-stg + user: root + gather_facts: True + + pre_tasks: + - name: tell nagios to shush w.r.t. the backend since it usually complains + nagios: action=downtime minutes=25 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + tags: + - fedmsgdconfig + - notifs/backend + + roles: + - fedmsg/hub + - redis + - rabbitmq + - memcached + - notifs/backend + - role: collectd/fedmsg-service + process: fedmsg-hub + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/notifs-web.yml b/playbooks/groups/notifs-web.yml new file mode 100644 index 0000000000..50bc5f6d78 --- /dev/null +++ b/playbooks/groups/notifs-web.yml @@ -0,0 +1,38 @@ +# create a new notifs-web server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/notifs-web* or from hostvars + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=notifs-web:notifs-web-stg" + +- name: make the box be real + hosts: notifs-web:notifs-web-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - mod_wsgi + - fedmsg/base + - notifs/frontend + - sudo + - { role: openvpn/client, + when: env != "staging" } + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/nuancier.yml b/playbooks/groups/nuancier.yml new file mode 100644 index 0000000000..acf8c66a0a --- /dev/null +++ b/playbooks/groups/nuancier.yml @@ -0,0 +1,128 @@ +# create a new nuancier server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/nuancier* or from hostvars + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=nuancier:nuancier-stg" + +- name: make the box be real + hosts: nuancier:nuancier-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - sudo + - { role: openvpn/client, + when: env != "staging" } + - mod_wsgi + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: set up fedmsg + hosts: nuancier:nuancier-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - fedmsg/base + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: set up gluster on stg + hosts: nuancier-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - role: gluster/server + name: gluster + username: "{{ nuancier_gluster_username }}" + password: "{{ nuancier_gluster_password }}" + owner: root + group: root + datadir: /srv/glusterfs/nuancier-stg + + - role: gluster/client + name: gluster + servers: + - nuancier01.stg.phx2.fedoraproject.org + - nuancier02.stg.phx2.fedoraproject.org + username: "{{ nuancier_gluster_username }}" + password: "{{ nuancier_gluster_password }}" + owner: apache + group: root + mountdir: /var/cache/nuancier + +- name: set up gluster on prod + hosts: nuancier + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - role: gluster/server + name: gluster + username: "{{ nuancier_gluster_username }}" + password: "{{ nuancier_gluster_password }}" + owner: root + group: root + datadir: /srv/glusterfs/nuancier + + - role: gluster/client + name: gluster + servers: + - nuancier01.phx2.fedoraproject.org + - nuancier02.phx2.fedoraproject.org + username: "{{ nuancier_gluster_username }}" + password: "{{ nuancier_gluster_password }}" + owner: apache + group: root + mountdir: /var/cache/nuancier + +- name: deploy nuancier itself + hosts: nuancier:nuancier-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - nuancier + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/oci-registry.yml b/playbooks/groups/oci-registry.yml deleted file mode 100644 index 3907a80149..0000000000 --- a/playbooks/groups/oci-registry.yml +++ /dev/null @@ -1,102 +0,0 @@ -# create an osbs server ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "oci_registry:oci_registry_stg" - -- name: Make the box be real - hosts: oci_registry:oci_registry_stg - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - rkhunter - - nagios_client - - zabbix/zabbix_agent - - hosts - - { role: openvpn/client, - when: env != "staging" } - - ipa/client - - collectd/base - - rsyncd - - sudo - - role: nfs/client - mnt_dir: '/srv/registry' - nfs_src_dir: "oci_registry" - when: inventory_hostname.startswith(('oci-registry01.iad2', 'oci-registry02.iad2')) - - - role: nfs/client - mnt_dir: '/srv/registry' - nfs_src_dir: "oci_candidate_registry" - when: inventory_hostname.startswith(('oci-candidate-registry01.iad2')) - - pre_tasks: - - name: Create /srv/registry on staging since it does not use NFS - ansible.builtin.file: - path: /srv/registry - state: directory - owner: root - group: root - mode: "0755" - when: "env == 'staging'" - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: Setup docker distribution registry - hosts: oci_registry:oci_registry_stg - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - - # NOTE: tls is disabled for docker-distribution because we are listening only - # on localhost and all external connections will be through httpd which - # will be SSL enabled. - roles: - - { - role: docker-distribution, - conf_path: "/etc/docker-distribution/registry/config.yml", - tls: { - enabled: false, - }, - log: { - fields: { - service: "registry" - } - }, - storage: { - filesystem: { - rootdirectory: "/srv/registry" - } - }, - http: { - addr: ":5000" - } - } - - # Setup compose-x86-01 push docker images to registry - - { - role: login-registry, - candidate_registry: "candidate-registry.stg.fedoraproject.org", - candidate_registry_osbs_username: "{{candidate_registry_osbs_stg_username}}", - candidate_registry_osbs_password: "{{candidate_registry_osbs_stg_password}}", - when: env == "staging", - delegate_to: "compose-x86-01.{{ datacenter }}.fedoraproject.org" - } - - { - role: login-registry, - candidate_registry: "candidate-registry.fedoraproject.org", - candidate_registry_osbs_username: "{{candidate_registry_osbs_prod_username}}", - candidate_registry_osbs_password: "{{candidate_registry_osbs_prod_password}}", - when: env == "production", - delegate_to: "compose-x86-01.{{ datacenter }}.fedoraproject.org" - } diff --git a/playbooks/groups/odcs.yml b/playbooks/groups/odcs.yml new file mode 100644 index 0000000000..89b518a233 --- /dev/null +++ b/playbooks/groups/odcs.yml @@ -0,0 +1,123 @@ +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=odcs:odcs-stg" + +- name: make the box be real + hosts: odcs:odcs-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - rsyncd + - sudo + - collectd/base + + tasks: + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: openvpn on the prod frontend nodes + hosts: odcs-frontend + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - openvpn/client + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: Set up a gluster share on the backend for the frontend + hosts: odcs:odcs-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - role: gluster/consolidated + gluster_brick_dir: /srv/glusterfs/ + gluster_mount_dir: /srv/odcs + gluster_brick_name: odcs + gluster_server_group: odcs-backend-stg + tags: gluster + when: env == 'staging' + - role: gluster/consolidated + gluster_brick_dir: /srv/glusterfs/ + gluster_mount_dir: /srv/odcs + gluster_brick_name: odcs + gluster_server_group: odcs-backend + tags: gluster + when: env != 'staging' + +- name: Set up odcs frontend service + hosts: odcs-frontend:odcs-frontend-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - mod_wsgi + - fedmsg/base + - odcs/frontend + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: Set up odcs backend service + hosts: odcs-backend:odcs-backend-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - odcs/backend + - fedmsg/base + + - role: nfs/client + mnt_dir: '/mnt/fedora_koji' + nfs_src_dir: 'fedora_koji' + when: env != 'staging' + + # In staging, we mount fedora_koji as read only (see nfs_mount_opts) + - role: nfs/client + mnt_dir: '/mnt/fedora_koji_prod' + nfs_src_dir: 'fedora_koji' + when: env == 'staging' + + post_tasks: + - file: src=/mnt/fedora_koji/koji dest=/mnt/koji state=link + tags: nfs/client + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/openqa-onebox-test.yml b/playbooks/groups/openqa-onebox-test.yml deleted file mode 100644 index 21a41f19c2..0000000000 --- a/playbooks/groups/openqa-onebox-test.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -- name: Setup base openQA host - hosts: openqa_onebox_test - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - { role: base, tags: ['base'] } - - { role: rkhunter, tags: ['rkhunter'] } - - { role: nagios_client, tags: ['nagios_client'] } - - { role: hosts, tags: ['hosts']} - - ipa/client - - { role: collectd/base, tags: ['collectd_base'] } - - { role: sudo, tags: ['sudo'] } - - apache - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: Configure openQA - hosts: openqa_onebox_test - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - -# we need this box to be its own pgsql server... - roles: - - { role: postgresql_server, tags: ['postgresql_server'] } - - { role: openqa/server, tags: ['openqa_server'] } - - { role: openqa/dispatcher, tags: ['openqa_dispatcher'] } - - { role: openqa/worker, tags: ['openqa_worker'] } - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/openqa-workers.yml b/playbooks/groups/openqa-workers.yml index d0a38af163..dddb4f6c29 100644 --- a/playbooks/groups/openqa-workers.yml +++ b/playbooks/groups/openqa-workers.yml @@ -1,29 +1,28 @@ ---- - name: configure openQA workers - hosts: openqa_workers:openqa_lab_workers + hosts: openqa-workers:openqa-stg-workers user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - - { role: base, tags: ['base'] } - - { role: rkhunter, tags: ['rkhunter'] } - - { role: nagios_client, tags: ['nagios_client'] } - - { role: hosts, tags: ['hosts']} - - { role: ipa/client, tags: ['ipa_client']} - - { role: collectd/base, tags: ['collectd_base'] } - - { role: sudo, tags: ['sudo'] } - - { role: openqa/worker, tags: ['openqa_worker'] } - - { role: linux-system-roles.nbde_client, tags: ['nbde_client'], when: openqa_nbde|bool } - - apache + - { role: base, tags: ['base'] } + - { role: rkhunter, tags: ['rkhunter'] } + - { role: nagios_client, tags: ['nagios_client'] } + - { role: hosts, tags: ['hosts']} + - { role: fas_client, tags: ['fas_client'] } + - { role: collectd/base, tags: ['collectd_base'] } + - { role: sudo, tags: ['sudo'] } + - { role: openqa/worker, tags: ['openqa_worker'] } + - apache + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/openqa.yml b/playbooks/groups/openqa.yml index 1acd63aad4..3fabd5e2e5 100644 --- a/playbooks/groups/openqa.yml +++ b/playbooks/groups/openqa.yml @@ -1,178 +1,91 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "openqa:openqa_lab" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=openqa:openqa-stg" -- name: Setup base openQA host - hosts: openqa:openqa_lab +- name: setup base openqa host + hosts: openqa:openqa-stg user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - - { role: base, tags: ['base'] } - - { role: rkhunter, tags: ['rkhunter'] } - - { role: nagios_client, tags: ['nagios_client'] } - - { role: hosts, tags: ['hosts']} - - ipa/client - - { role: collectd/base, tags: ['collectd_base'] } - - { role: sudo, tags: ['sudo'] } - - apache + - { role: base, tags: ['base'] } + - { role: rkhunter, tags: ['rkhunter'] } + - { role: nagios_client, tags: ['nagios_client'] } + - { role: hosts, tags: ['hosts']} + - { role: fas_client, tags: ['fas_client'] } + - { role: collectd/base, tags: ['collectd_base'] } + - { role: sudo, tags: ['sudo'] } + - { role: openvpn/client, + when: deployment_type == "prod", tags: ['openvpn_client'] } + - apache + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" + - import_tasks: "{{ handlers_path }}/restart_services.yml" -- name: Configure fedora-messaging queues on openQA servers - hosts: openqa:openqa_lab +- name: configure openQA + hosts: openqa:openqa-stg user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml +# relvalconsumer and autocloudreporter aren't particularly related +# to openQA in any way, we just put those role on these boxes. There's +# nowhere more obviously correct for rvc and acr should be on an +# Autocloud box but I don't know if they're authed for RDB. roles: - # we must always make sure the prod user exists, as stg uses the - # prod account to listen to things on prod. **NOTE**: this is lazy - # and bad practice, but we've evaluated it and it doesn't really - # cause any significant security risk, it just means someone with - # root on openqa.stg could access the rabbitmq creds for the prod - # user and impersonate prod openqa on the message bus, which is - # not a huge deal. fixing it would be kinda tedious. - - role: rabbit/user - user_name: "{{ openqa_amqp_prod_username }}" - user_publish_only: false - user_sent_topics: ^org\.fedoraproject\.prod\.(openqa|ci)\..* - vars: - env: "production" - env_suffix: "" - tags: ['rabbit'] + - { role: openqa/server, tags: ['openqa_server'] } + - { role: openqa/dispatcher, tags: ['openqa_dispatcher'] } + - { role: check-compose, tags: ['check-compose'] } + - { role: fedmsg/base, tags: ['fedmsg_base', 'fedmsg'] } + - { role: fedmsg/hub, tags: ['fedmsg_hub', 'fedmsg'] } + - { role: relvalconsumer, tags: ['relvalconsumer'] } + - { role: autocloudreporter, tags: ['autocloudreporter'] } - - role: rabbit/user - user_name: "{{ openqa_amqp_stg_username }}" - user_publish_only: false - user_sent_topics: ^org\.fedoraproject\.stg\.(openqa|ci)\..* - vars: - env: "staging" - env_suffix: ".stg" - tags: ['rabbit'] - when: "deployment_type == 'stg'" + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" - - role: rabbit/queue - queue_name: "{{ openqa_amqp_scheduler_queue }}" - queue_routing_keys: "{{ openqa_amqp_scheduler_routing_keys }}" - vars: - # yes, even the staging scheduler listens to production, it - # has to or else it wouldn't schedule any jobs - env: "production" - env_suffix: "" - tags: ['rabbit'] - - - role: rabbit/queue - queue_name: "{{ openqa_amqp_resultsdb_reporter_queue }}" - queue_routing_keys: "{{ openqa_amqp_resultsdb_reporter_routing_keys }}" - vars: - # this role does listen on stg, as it listens out for jobs - # from openqa stg - env: "{{ openqa_env }}" - env_suffix: "{{ openqa_env_suffix }}" - tags: ['rabbit'] - - - role: rabbit/queue - queue_name: "{{ openqa_amqp_wiki_reporter_queue }}" - queue_routing_keys: "{{ openqa_amqp_wiki_reporter_routing_keys }}" - vars: - # this role does listen on stg, as it listens out for jobs - # from openqa stg - env: "{{ openqa_env }}" - env_suffix: "{{ openqa_env_suffix }}" - tags: ['rabbit'] - - # relvalconsumer queue - - role: rabbit/queue - queue_name: "{{ relvalconsumer_amqp_queue }}" - vars: - # yes, even the staging relvalconsumer listens to production, - # it has to because composes don't happen in stg - env: "production" - env_suffix: "" - tags: ['rabbit'] - when: "relvalconsumer_amqp_queue is defined" - - # relvalamiconsumer queue - - role: rabbit/queue - queue_name: "{{ relvalamiconsumer_amqp_queue }}" - queue_routing_keys: "{{ relvalamiconsumer_amqp_routing_keys }}" - vars: - # yes, even the staging updater listens to production, it - # has to as we never publish fedimg.image.publish on stg - env: "production" - env_suffix: "" - tags: ['rabbit'] - when: "relvalamiconsumer_amqp_queue is defined" - - # check-compose queue - - role: rabbit/queue - queue_name: "{{ checkcompose_amqp_queue }}" - queue_routing_keys: "{{ checkcompose_amqp_routing_keys }}" - vars: - # this role does listen on stg, as it listens out for jobs - # from openqa stg - env: "{{ checkcompose_env }}" - env_suffix: "{{ checkcompose_env_suffix }}" - tags: ['rabbit'] - when: "checkcompose_amqp_queue is defined" - - # fedora_nightlies queue - - role: rabbit/queue - queue_name: "{{ fedora_nightlies_amqp_queue }}" - queue_routing_keys: "{{ fedora_nightlies_amqp_routing_keys }}" - vars: - # this role listens on prod as it listens for composes - env: "production" - env_suffix: "" - tags: ['rabbit'] - when: "fedora_nightlies_amqp_queue is defined" - -- name: Set up openQA server data NFS mounts (staging) - hosts: openqa_lab +- name: set up openQA server data NFS mounts (staging) + hosts: openqa-stg vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - role: nfs/client mnt_dir: '/var/lib/openqa/testresults' - nfs_src_dir: 'fedora_openqa_lab/testresults' + nfs_src_dir: 'fedora_openqa_stg/testresults' nfs_mount_opts: 'rw,bg,nfsvers=3' tags: ['nfs_client'] - role: nfs/client mnt_dir: '/var/lib/openqa/images' - nfs_src_dir: 'fedora_openqa_lab/images' + nfs_src_dir: 'fedora_openqa_stg/images' nfs_mount_opts: 'rw,bg,nfsvers=3' tags: ['nfs_client'] handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" + - import_tasks: "{{ handlers_path }}/restart_services.yml" -- name: Set up openQA server data NFS mounts (prod) +- name: set up openQA server data NFS mounts (prod) hosts: openqa vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - role: nfs/client @@ -187,28 +100,4 @@ tags: ['nfs_client'] handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: Configure openQA - hosts: openqa:openqa_lab - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - -# relvalconsumer isn't particularly related to openQA in any way, we -# just put that role on these boxes. There's nowhere more obviously -# correct for it, really. Ditto fedora_nightlies and testcase_stats - roles: - - { role: openqa/server, tags: ['openqa_server'] } - - { role: openqa/dispatcher, tags: ['openqa_dispatcher'] } - - { role: check-compose, tags: ['check-compose'], when: "checkcompose_amqp_queue is defined" } - - { role: relvalconsumer, tags: ['relvalconsumer'], when: "relvalconsumer_amqp_queue is defined" } - - { role: fedora_nightlies, tags: ['fedora_nightlies'], when: "fedora_nightlies_amqp_queue is defined" } - - { role: testcase_stats, tags: ['testcase_stats'], when: "testcase_stats_output_dir is defined" } - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/openstack-compute-nodes.yml b/playbooks/groups/openstack-compute-nodes.yml new file mode 100644 index 0000000000..6fc1cec972 --- /dev/null +++ b/playbooks/groups/openstack-compute-nodes.yml @@ -0,0 +1,29 @@ +--- + +- name: deploy Open Stack compute nodes + hosts: openstack-compute + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/RedHat.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - "/srv/private/ansible/files/openstack/passwords.yml" + + roles: + - base + - rkhunter + - nagios_client + - fas_client + - collectd/base + - sudo + - cloud_compute + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/os-cluster.yml b/playbooks/groups/os-cluster.yml new file mode 100644 index 0000000000..be9aba664e --- /dev/null +++ b/playbooks/groups/os-cluster.yml @@ -0,0 +1,187 @@ +# create an os server +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=os-control-stg:os-control:os-nodes-stg:os-masters-stg:os-nodes:os-masters" + +- name: make the box be real + hosts: os-control:os-control-stg:os-masters-stg:os-nodes-stg:os-masters:os-nodes + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - rsyncd + - sudo + - { role: openvpn/client, + when: env != "staging" and 'os-control' not in group_names } + + tasks: + - name: put openshift repo on os- systems + template: src="{{ files }}/openshift/openshift.repo" dest="/etc/yum.repos.d/openshift.repo" + tags: + - config + - packages + - yumrepos + + - name: Deploy controller public ssh keys to osbs cluster hosts + authorized_key: + user: root + key: "{{ lookup('file', '{{private}}/files/os/{{env}}/control_key.pub') }}" + + - name: copy docker-storage-setup config + copy: + src: "{{files}}/osbs/docker-storage-setup" + dest: "/etc/sysconfig/docker-storage-setup" + + + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: OSBS control hosts pre-req setup + hosts: os-control:os-control-stg + tags: + - os-cluster-prereq + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: fix hosts file + copy: + src: "{{roles_path}}/hosts/files/os-hosts" + dest: "/etc/hosts" + owner: root + mode: 0644 + + - name: deploy private key to control hosts + copy: + src: "{{private}}/files/os/{{env}}/control_key" + dest: "/root/.ssh/id_rsa" + owner: root + mode: 0600 + + - name: set ansible to use pipelining + ini_file: + dest: /etc/ansible/ansible.cfg + section: ssh_connection + option: pipelining + value: "True" + +- name: Deploy OpenShift cluster + hosts: os-control:os-control-stg + tags: + - os-cluster-deploy + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { + role: ansible-ansible-openshift-ansible, + cluster_inventory_filename: "cluster-inventory-stg", + openshift_release: "v3.6", + openshift_ansible_path: "/root/openshift-ansible", + openshift_ansible_playbook: "playbooks/byo/config.yml", + openshift_ansible_version: "openshift-ansible-3.5.70-1", + openshift_ansible_ssh_user: root, + openshift_ansible_install_examples: true, + openshift_ansible_containerized_deploy: false, + openshift_cluster_masters_group: "os-masters-stg", + openshift_cluster_nodes_group: "os-nodes-stg", + openshift_cluster_infra_group: "os-nodes-stg", + openshift_auth_profile: "fedoraidp-stg", + openshift_master_ha: true, + openshift_debug_level: 2, + openshift_deployment_type: "openshift-enterprise", + openshift_cluster_url: "{{ os_url}}", + openshift_app_subdomain: "{{ os_app_url }}", + openshift_internal_cluster_url: "os-masters{{ env_suffix }}.phx2.fedoraproject.org", + openshift_api_port: 443, + openshift_console_port: 443, + openshift_shared_infra: true, + when: env == 'staging', + tags: ['openshift-cluster','ansible-ansible-openshift-ansible'] + } + - { + role: ansible-ansible-openshift-ansible, + cluster_inventory_filename: "cluster-inventory", + openshift_release: "v3.5", + openshift_ansible_path: "/root/openshift-ansible", + openshift_ansible_playbook: "playbooks/byo/config.yml", + openshift_ansible_version: "openshift-ansible-3.5.70-1", + openshift_ansible_ssh_user: root, + openshift_ansible_install_examples: true, + openshift_ansible_containerized_deploy: false, + openshift_cluster_masters_group: "os-masters", + openshift_cluster_nodes_group: "os-nodes", + openshift_cluster_infra_group: "os-nodes", + openshift_auth_profile: "fedoraidp", + openshift_master_ha: true, + openshift_debug_level: 2, + openshift_deployment_type: "openshift-enterprise", + openshift_cluster_url: "{{ os_url}}", + openshift_app_subdomain: "{{ os_app_url }}", + openshift_internal_cluster_url: "os-masters{{ env_suffix }}.phx2.fedoraproject.org", + openshift_api_port: 443, + openshift_console_port: 443, + openshift_shared_infra: true, + when: env != 'staging', + tags: ['openshift-cluster','ansible-ansible-openshift-ansible'] + } + +- name: Post-Install setup + hosts: os-stg:os + tags: + - os-post-install + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: enable nrpe for monitoring (noc01) + iptables: action=insert chain=INPUT destination_port=5666 protocol=tcp source=10.5.126.41 state=present jump=ACCEPT + +- name: Post-Install master setup + hosts: os-masters-stg:os-masters + tags: + - os-post-install + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: Disallow users from provisioning + command: oadm policy remove-cluster-role-from-group self-provisioner system:authenticated system:authenticated:oauth + changed_when: false + - name: Allow some users cluster admin + command: oadm policy add-cluster-role-to-user cluster-admin {{item}} + with_items: + - puiterwijk + - kevin + - codeblock + - smooge + changed_when: false diff --git a/playbooks/groups/os-control.yml b/playbooks/groups/os-control.yml deleted file mode 100644 index 392ff21c52..0000000000 --- a/playbooks/groups/os-control.yml +++ /dev/null @@ -1,77 +0,0 @@ -# This is a basic playbook ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "os_control:os_control_stg" - -- name: Make the box be real - hosts: os_control:os_control_stg - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - rkhunter - - nagios_client - - hosts - - ipa/client - - rsyncd - - sudo - - tasks: - - - name: Install unzip - ansible.builtin.package: - name: unzip - state: present - - - name: Install tar - ansible.builtin.package: - name: tar - state: present - - - name: Create the directories to hold the templates - ansible.builtin.file: - path: "/etc/openshift_apps" - state: directory - owner: root - group: root - mode: "0770" - - - name: Install helm if not exists - unarchive: - src: https://get.helm.sh/helm-v3.17.0-linux-amd64.tar.gz - dest: /usr/local/bin - extra_opts: "--strip-components=1" - owner: root - group: root - mode: 0755 - remote_src: true - args: - creates: /usr/local/bin/helm - - - name: Copy oc rpm - ansible.builtin.copy: - src: /srv/web/infra/bigfiles/openshiftboot/oc-client/oc-client.rpm - dest: /root/oc-client.rpm - - - name: Make sure oc-client is installed - dnf: - name: /root/oc-client.rpm - state: installed - - - name: Copy the jobs-summary script - ansible.builtin.copy: - src: "{{ files }}/scripts/jobs-summary" - dest: /usr/local/bin/jobs-summary - mode: "0755" - - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/os-proxies.yml b/playbooks/groups/os-proxies.yml deleted file mode 100644 index 7f081a5d84..0000000000 --- a/playbooks/groups/os-proxies.yml +++ /dev/null @@ -1,41 +0,0 @@ -# create a new proxy server - ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "os_proxies" - -- name: Make the box be real - hosts: os_proxies - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - base - - ipa/client - - rkhunter - - nagios_client - - sudo - - keepalived - - tasks: - - name: install haproxy - ansible.builtin.package: name=haproxy state=present - - - name: Install haproxy config - ansible.builtin.copy: src="{{ files }}/communishift/haproxy.cfg" dest=/etc/haproxy/haproxy.cfg - - - name: Turn on certain selinux booleans so haproxy can bind to ports - seboolean: name=haproxy_connect_any state=true persistent=true - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/osbs-cluster.yml b/playbooks/groups/osbs-cluster.yml new file mode 100644 index 0000000000..4b0507b915 --- /dev/null +++ b/playbooks/groups/osbs-cluster.yml @@ -0,0 +1,669 @@ +# create an osbs server +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs-control" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs-nodes:osbs-masters" + +- name: make the box be real + hosts: osbs-control:osbs-masters:osbs-nodes + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - rsyncd + - sudo + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: OSBS control hosts pre-req setup + hosts: osbs-control + tags: + - osbs-cluster-prereq + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: deploy private key to control hosts + copy: + src: "{{private}}/files/osbs/{{env}}/control_key" + dest: "/root/.ssh/id_rsa" + owner: root + mode: 0600 + + - name: set ansible to use pipelining + ini_file: + dest: /etc/ansible/ansible.cfg + section: ssh_connection + option: pipelining + value: "True" + +- name: Setup cluster masters pre-reqs + hosts: osbs-masters + tags: + - osbs-cluster-prereq + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: ensure origin conf dir exists + file: + path: "/etc/origin" + state: "directory" + + - name: create cert dir for openshift public facing REST API SSL + file: + path: "/etc/origin/master/named_certificates" + state: "directory" + + - name: install cert for openshift public facing REST API SSL + copy: + src: "{{private}}/files/osbs/{{env}}/osbs-internal.pem" + dest: "/etc/origin/master/named_certificates/{{osbs_url}}.pem" + + - name: install key for openshift public facing REST API SSL + copy: + src: "{{private}}/files/osbs/{{env}}/osbs-internal.key" + dest: "/etc/origin/master/named_certificates/{{osbs_url}}.key" + + - name: place htpasswd file + copy: + src: "{{private}}/files/httpd/osbs-{{env}}.htpasswd" + dest: /etc/origin/htpasswd + + +- name: Setup cluster hosts pre-reqs + hosts: osbs-masters:osbs-nodes + tags: + - osbs-cluster-prereq + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + handlers: + - name: restart NetworkManager + service: + name: NetworkManager + state: restarted + + tasks: + - name: Install necessary packages that openshift-ansible needs + package: name="{{ item }}" state=installed + with_items: + - tar + - rsync + - dbus-python + - NetworkManager + - libselinux-python + - origin + - python3-PyYAML + + - name: Deploy controller public ssh keys to osbs cluster hosts + authorized_key: + user: root + key: "{{ lookup('file', '{{private}}/files/osbs/{{env}}/control_key.pub') }}" + + # This is required for OpenShift built-in SkyDNS inside the overlay network + # of the cluster + - name: ensure NM_CONTROLLED is set to "yes" for osbs cluster + lineinfile: + dest: "/etc/sysconfig/network-scripts/ifcfg-eth0" + line: "NM_CONTROLLED=yes" + notify: + - restart NetworkManager + + # This is required for OpenShift built-in SkyDNS inside the overlay network + # of the cluster + - name: ensure NetworkManager is enabled and started + service: + name: NetworkManager + state: started + enabled: yes + + - name: cron entry to clean up docker storage + copy: + src: "{{files}}/osbs/cleanup-docker-storage" + dest: "/etc/cron.d/cleanup-docker-storage" + + - name: copy docker-storage-setup config + copy: + src: "{{files}}/osbs/docker-storage-setup" + dest: "/etc/sysconfig/docker-storage-setup" + +- name: Deploy kerberose keytab to cluster hosts + hosts: osbs-masters:osbs-nodes + tags: + - osbs-cluster-prereq + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - role: keytab/service + owner_user: root + owner_group: root + service: osbs + host: "osbs.fedoraproject.org" + when: env == "production" + +#- name: Deploy OpenShift Cluster +# hosts: osbs-control +# tags: +# - osbs-deploy-openshift +# user: root +# gather_facts: True +# +# vars_files: +# - /srv/web/infra/ansible/vars/global.yml +# - "/srv/private/ansible/vars.yml" +# - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml +# +# roles: +# - { +# role: ansible-ansible-openshift-ansible, +# cluster_inventory_filename: "cluster-inventory", +# openshift_htpasswd_file: "/etc/origin/htpasswd", +# openshift_master_public_api_url: "https://{{ osbs_url }}:8443", +# openshift_release: "v3.6.0", +# openshift_ansible_path: "/root/openshift-ansible", +# openshift_ansible_playbook: "playbooks/byo/config.yml", +# openshift_ansible_version: "release-3.6-fedora-compat", +# openshift_ansible_ssh_user: root, +# openshift_ansible_install_examples: false, +# openshift_ansible_containerized_deploy: false, +# openshift_cluster_masters_group: "osbs-masters", +# openshift_cluster_nodes_group: "osbs-nodes", +# openshift_cluster_infra_group: "osbs-masters", +# openshift_auth_profile: "osbs", +# openshift_cluster_url: "{{osbs_url}}", +# openshift_master_ha: false, +# openshift_debug_level: 2, +# openshift_shared_infra: true, +# openshift_deployment_type: "origin", +# openshift_ansible_python_interpreter: "/usr/bin/python3", +# when: env == 'production', +# tags: ['openshift-cluster','ansible-ansible-openshift-ansible'] +# } +# + +- name: Setup OSBS requirements for OpenShift cluster hosts + hosts: osbs-masters:osbs-nodes + tags: + - osbs-cluster-req + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { + role: osbs-common, + osbs_manage_firewalld: false, + } + - osbs-atomic-reactor + - { + role: push-docker, + docker_cert_name: "containerbuild", + docker_cert_dir: "/etc/docker/certs.d/candidate-registry.fedoraproject.org", + when: env == "production" + } + + + handlers: + - name: restart dnsmasq + service: + name: dnsmasq + state: restarted + + tasks: + + - name: install fedora dnsmasq specific config + copy: + src: "{{files}}/osbs/fedora-dnsmasq.conf.{{env}}" + dest: "/etc/dnsmasq.d/fedora-dns.conf" + +- name: Setup requirements for OpenShift master + hosts: osbs-masters + tags: + - osbs-master-req + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: set policy for koji builder in openshift for osbs + shell: "oadm policy add-role-to-user -n default edit htpasswd_provider: {{ osbs_koji_prod_username }} && touch /etc/origin/koji-builder-policy-added" + args: + creates: "/etc/origin/koji-builder-policy-added" + when: env == "production" + + - name: set policy for koji builder in openshift for atomic-reactor + shell: "oadm policy add-role-to-user -n default edit system:serviceaccount:default:builder && touch /etc/origin/atomic-reactor-policy-added" + args: + creates: "/etc/origin/atomic-reactor-policy-added" + +- name: Deploy OSBS on top of OpenShift + hosts: osbs-masters[0] + tags: + - osbs-deploy-on-openshift + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + vars: + osbs_kubeconfig_path: /etc/origin/master/admin.kubeconfig + osbs_environment: + KUBECONFIG: "{{ osbs_kubeconfig_path }}" + + roles: + - { + role: osbs-on-openshift, + osbs_openshift_home: "/var/lib/origin", + osbs_namespace: "default", + osbs_namespace_create: "false", + osbs_kubeconf_path: "/etc/origin/master/admin.kubeconfig", + osbs_environment: { + KUBECONFIG: "{{ osbs_kubeconfig_path }}" + }, + osbs_service_accounts: [], + osbs_readonly_users: [], + osbs_readonly_groups: [], + osbs_readwrite_users: ["{{ osbs_koji_prod_username }}"], + osbs_readwrite_groups: [ "system:authenticated"], + osbs_admin_users: [], + osbs_admin_groups: [], + osbs_docker_registry: false, + osbs_docker_registry_storage: "/opt/openshift-registry", + when: env == "production" + } + + tasks: + - name: set custom build policy for koji builder in openshift for osbs + shell: "oc adm policy add-role-to-user -n default osbs-custom-build {{ osbs_koji_prod_username }} --role-namespace=default && touch /etc/origin/koji-custom-build-policy-added" + args: + creates: "/etc/origin/koji-builder-policy-added" + when: env == "production" + environment: "{{ osbs_environment }}" + - name: set custom build policy for builder service account in openshift for osbs + shell: "oc adm policy add-role-to-user -n default osbs-custom-build system:serviceaccount:default:builder --role-namespace=default && touch /etc/origin/koji-custom-build-policy-added" + args: + creates: "/etc/origin/koji-builder-policy-added" + when: env == "production" + environment: "{{ osbs_environment }}" + +- name: Manage docker images and image stream + hosts: osbs-masters[0] + tags: + - osbs-post-install + - manage-docker-images + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + osbs_kubeconfig_path: /etc/origin/master/admin.kubeconfig + osbs_environment: + KUBECONFIG: "{{ osbs_kubeconfig_path }}" + koji_pki_dir: /etc/pki/koji + koji_ca_cert_path: "{{koji_pki_dir}}/fedora-server-ca.cert" + koji_cert_path: "{{koji_pki_dir}}/fedora-builder.pem" + koji_builder_user: dockerbuilder + osbs_builder_user: builder + + tasks: + - name: pull fedora required docker images + shell: "docker pull {{item}}" + with_items: "{{fedora_required_images}}" + delegate_to: compose-x86-01.phx2.fedoraproject.org + register: docker_pull_fedora_delegated + changed_when: "'Downloaded newer image' in docker_pull_fedora_delegated.stdout" + + - name: tag fedora required docker images for our registry + shell: "docker tag {{item}} {{docker_registry}}/{{item}}" + with_items: "{{fedora_required_images}}" + delegate_to: compose-x86-01.phx2.fedoraproject.org + when: docker_pull_fedora_delegated|changed + + - name: push fedora required docker images to our registry + shell: "docker push {{docker_registry}}/{{item}}" + with_items: "{{fedora_required_images}}" + delegate_to: compose-x86-01.phx2.fedoraproject.org + when: docker_pull_fedora_delegated|changed + + - name: register origin_version_out rpm query + shell: "rpm -q origin --qf '%{Version}'" + register: origin_version_out + always_run: true + changed_when: False + + - set_fact: + origin_version: "{{origin_version_out.stdout}}" + + - name: pull openshift required docker images + shell: "docker pull {{item}}:v{{origin_version}}" + with_items: "{{openshift_required_images}}" + delegate_to: compose-x86-01.phx2.fedoraproject.org + register: docker_pull_openshift_delegated + changed_when: "'Downloaded newer image' in docker_pull_openshift_delegated.stdout" + + - name: tag openshift required docker images for our registry + shell: "docker tag {{item}}:v{{origin_version}} {{docker_registry}}/{{item}}:v{{origin_version}}" + with_items: "{{openshift_required_images}}" + delegate_to: compose-x86-01.phx2.fedoraproject.org + when: docker_pull_openshift_delegated|changed + + - name: push openshift required docker images to our registry + shell: "docker push {{docker_registry}}/{{item}}:v{{origin_version}}" + with_items: "{{openshift_required_images}}" + delegate_to: compose-x86-01.phx2.fedoraproject.org + when: docker_pull_openshift_delegated|changed + + - name: create fedora image stream for OpenShift + shell: "echo '{ \"apiVersion\": \"v1\", \"kind\": \"ImageStream\", \"metadata\": { \"name\": \"fedora\" }, \"spec\": { \"dockerImageRepository\": \"{{docker_registry}}/fedora\" } }' | oc create -f - && touch /etc/origin/fedoraimagestreamcreated" + environment: "{{ osbs_environment }}" + args: + creates: /etc/origin/fedoraimagestreamcreated + +- name: post-install master host osbs tasks + hosts: osbs-masters + tags: + - osbs-post-install + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + osbs_kubeconfig_path: /etc/origin/master/admin.kubeconfig + osbs_environment: + KUBECONFIG: "{{ osbs_kubeconfig_path }}" + koji_pki_dir: /etc/pki/koji + koji_ca_cert_path: "{{koji_pki_dir}}/fedora-server-ca.cert" + koji_cert_path: "{{koji_pki_dir}}/fedora-builder.pem" + koji_builder_user: dockerbuilder + osbs_builder_user: builder + + + handlers: + - name: oc secrets new + shell: "oc secrets new koji cert={{ koji_cert_path }} ca={{ koji_ca_cert_path }} serverca={{ koji_ca_cert_path }}" + environment: "{{ osbs_environment }}" + notify: oc secrets add + + - name: oc secrets add + shell: "oc secrets add serviceaccount/{{ osbs_builder_user }} secrets/koji --for=mount" + environment: "{{ osbs_environment }}" + + tasks: + - name: Ensure koji dockerbuilder cert path exists + file: + path: "{{ koji_pki_dir }}" + state: "directory" + mode: 0400 + + - name: Add koji dockerbuilder cert for Content Generator import + copy: + src: "{{private}}/files/koji/containerbuild.pem" + dest: "{{ koji_cert_path }}" + notify: oc secrets new + + - name: Add koji dockerbuilder ca cert for Content Generator import + copy: + src: "{{private}}/files/koji/buildercerts/fedora-ca.cert" + dest: "{{ koji_ca_cert_path }}" + notify: oc secrets new + + - name: cron entry to clean up old builds + copy: + src: "{{files}}/osbs/cleanup-old-osbs-builds" + dest: "/etc/cron.d/cleanup-old-osbs-builds" + + +- name: post-install osbs tasks + hosts: osbs-masters:osbs-nodes + tags: + - osbs-post-install + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + osbs_kubeconfig_path: /etc/origin/master/admin.kubeconfig + osbs_environment: + KUBECONFIG: "{{ osbs_kubeconfig_path }}" + koji_pki_dir: /etc/pki/koji + koji_ca_cert_path: "{{koji_pki_dir}}/fedora-server-ca.cert" + koji_cert_path: "{{koji_pki_dir}}/fedora-builder.pem" + koji_builder_user: dockerbuilder + osbs_builder_user: builder + + + handlers: + - name: buildroot container + shell: 'docker rmi buildroot; docker build --no-cache --rm -t buildroot /etc/osbs/buildroot/' + + - name: restart docker + service: + name: docker + state: restarted + + - name: systemctl daemon-reload + shell: 'systemctl daemon-reload' + + roles: + - { + role: osbs-client, + general: { + verbose: 0, + build_json_dir: '/etc/osbs/input/', + openshift_required_version: 1.1.0, + }, + default: { + username: "{{ osbs_koji_prod_username }}", + password: "{{ osbs_koji_prod_password }}", + koji_use_kerberos: True, + koji_kerberos_keytab: "FILE:/etc/krb5.osbs_{{osbs_url}}.keytab", + koji_kerberos_principal: "osbs/{{osbs_url}}@{{ipa_realm}}", + openshift_url: 'https://{{osbs_url}}/', + registry_uri: 'https://{{docker_registry}}/v2', + source_registry_uri: 'https://{{source_registry}}/v2', + build_host: '{{osbs_url}}', + koji_root: 'https://{{koji_url}}/koji', + koji_hub: 'https://{{koji_url}}/kojihub', + sources_command: 'fedpkg sources', + build_type: 'prod', + authoritative_registry: 'registry.example.com', + vendor: 'Fedora Project', + verify_ssl: true, + use_auth: true, + builder_use_auth: true, + distribution_scope: 'private', + registry_api_versions: 'v2', + builder_openshift_url: 'https://{{osbs_url}}' + }, + when: env == "production" + } + + tasks: + - name: copy docker iptables script + copy: + src: "{{files}}/osbs/fix-docker-iptables.{{ env }}" + dest: /usr/local/bin/fix-docker-iptables + mode: 0755 + notify: + - restart docker + + - name: copy docker service config + copy: + src: "{{files}}/osbs/docker.service" + dest: /etc/systemd/system/docker.service + notify: + - systemctl daemon-reload + - restart docker + + - name: set nrpe read access for osbs.conf for nagios monitoring + acl: name={{ osbs_client_conf_path }} entity=nrpe etype=user permissions=r state=present + + - name: Create buildroot container conf directory + file: + path: "/etc/osbs/buildroot/" + state: directory + + - name: Upload Dockerfile for buildroot container + template: + src: "{{ files }}/osbs/buildroot-Dockerfile-{{env}}.j2" + dest: "/etc/osbs/buildroot/Dockerfile" + mode: 0400 + notify: + - buildroot container + + - name: Upload internal CA for buildroot + copy: + src: "{{private}}/files/osbs/{{env}}/osbs-internal.pem" + dest: "/etc/osbs/buildroot/ca.crt" + mode: 0400 + notify: + - buildroot container + + - name: stat infra repofile + stat: + path: "/etc/yum.repos.d/infra-tags.repo" + register: infra_repo_stat + + - name: stat /etc/osbs/buildroot/ infra repofile + stat: + path: "/etc/osbs/buildroot/infra-tags.repo" + register: etcosbs_infra_repo_stat + + - name: remove old /etc/osbs/buildroot/ infra repofile + file: + path: "/etc/osbs/buildroot/infra-tags.repo" + state: absent + when: etcosbs_infra_repo_stat.stat.exists and infra_repo_stat.stat.checksum != etcosbs_infra_repo_stat.stat.checksum + + - name: Copy repofile for buildroot container (because Docker) + copy: + src: "/etc/yum.repos.d/infra-tags.repo" + dest: "/etc/osbs/buildroot/infra-tags.repo" + remote_src: true + notify: + - buildroot container + when: etcosbs_infra_repo_stat.stat.exists == false + + - name: stat /etc/ keytab + stat: + path: "/etc/krb5.osbs_{{osbs_url}}.keytab" + register: etc_kt_stat + + - name: stat /etc/osbs/buildroot/ keytab + stat: + path: "/etc/osbs/buildroot/krb5.osbs_{{osbs_url}}.keytab" + register: etcosbs_kt_stat + + - name: remove old hardlink to /etc/osbs/buildroot/ keytab + file: + path: "/etc/osbs/buildroot/krb5.osbs_{{osbs_url}}.keytab" + state: absent + when: etcosbs_kt_stat.stat.exists and etc_kt_stat.stat.checksum != etcosbs_kt_stat.stat.checksum + + - name: Hardlink keytab for buildroot container (because Docker) + file: + src: "/etc/krb5.osbs_{{osbs_url}}.keytab" + dest: "/etc/osbs/buildroot/krb5.osbs_{{osbs_url}}.keytab" + state: hard + notify: + - buildroot container + when: etcosbs_kt_stat.stat.exists == false + + - name: pull fedora required docker images + shell: "docker pull {{docker_registry}}/{{item}}" + with_items: "{{fedora_required_images}}" + register: docker_pull_fedora + changed_when: "'Downloaded newer image' in docker_pull_fedora.stdout" + + - name: register origin_version_out rpm query + shell: "rpm -q origin --qf '%{Version}'" + register: origin_version_out + always_run: true + changed_when: False + + - set_fact: + origin_version: "{{origin_version_out.stdout}}" + + - name: pull openshift required docker images + shell: "docker pull {{docker_registry}}/{{item}}:v{{origin_version}}" + with_items: "{{openshift_required_images}}" + register: docker_pull_openshift + changed_when: "'Downloaded newer image' in docker_pull_openshift.stdout" + + - name: tag openshift required docker images locally + shell: "docker tag {{docker_registry}}/{{item}}:v{{origin_version}} {{item}}:v{{origin_version}}" + with_items: "{{openshift_required_images}}" + when: docker_pull_openshift|changed + + - set_fact: + docker_pull_openshift: "{{ docker_pull_openshift }}" + + +- name: Post-Install image stream refresh + hosts: osbs-masters[0] + tags: + - osbs-post-install + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: refresh fedora image streams + shell: "oc import-image fedora --all" + when: env == "production" and hostvars[groups["osbs-masters"][0]]["docker_pull_fedora"]|changed + + - name: enable nrpe for monitoring (noc01) + iptables: action=insert chain=INPUT destination_port=5666 protocol=tcp source=10.5.126.41 state=present jump=ACCEPT diff --git a/playbooks/groups/osbs-orchestrator-cluster.yml b/playbooks/groups/osbs-orchestrator-cluster.yml new file mode 100644 index 0000000000..95ec027921 --- /dev/null +++ b/playbooks/groups/osbs-orchestrator-cluster.yml @@ -0,0 +1,839 @@ +# create an osbs server +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs-stg" + tags: + - make_boxes + +- name: make the box be real + hosts: osbs-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - rsyncd + - sudo + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +# Prepare the Control host to be able to run ansible-ansible-openshift-ansible +# against the Orchestration and Worker cluster machines +- name: OSBS control hosts pre-req setup + hosts: osbs-control-stg + tags: + - osbs-orchestrator-prereq + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: deploy private key to control hosts + copy: + src: "{{private}}/files/osbs/{{env}}/control_key" + dest: "/root/.ssh/id_rsa" + owner: root + mode: 0600 + + - name: set ansible to use pipelining + ini_file: + dest: /etc/ansible/ansible.cfg + section: ssh_connection + option: pipelining + value: "True" + + - name: Install necessary packages that openshift-ansible control host needs + package: name="{{ item }}" state=installed + with_items: + - ansible + - git + - python-passlib + - java-1.8.0-openjdk-headless + - httpd-tools + +# This section sets up the SSL Certs for "public facing" which is how Koji will +# interact with the OSBS Orchestration cluster. This is not needed on the worker +# clusters. +- name: Setup orchestrator cluster masters pre-reqs + hosts: osbs-masters-stg + tags: + - osbs-orchestrator-prereq + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: ensure origin conf dir exists + file: + path: "/etc/origin" + state: "directory" + + - name: create cert dir for openshift public facing REST API SSL + file: + path: "/etc/origin/master/named_certificates" + state: "directory" + + - name: install cert for openshift public facing REST API SSL + copy: + src: "{{private}}/files/osbs/{{env}}/osbs-internal.pem" + dest: "/etc/origin/master/named_certificates/{{osbs_url}}.pem" + + - name: install key for openshift public facing REST API SSL + copy: + src: "{{private}}/files/osbs/{{env}}/osbs-internal.key" + dest: "/etc/origin/master/named_certificates/{{osbs_url}}.key" + + - name: place htpasswd file + copy: + src: "{{private}}/files/httpd/osbs-{{env}}.htpasswd" + dest: "{{ oa_htpasswd_file }}" + + +# This installs required pre-reqs and deploys the Controler's public key to all +# machines in both the Orchestrator and Worker clusters in order to allow +# ansible-ansible-openshift-ansible to be run against them +- name: Setup cluster hosts pre-reqs + hosts: osbs-orchestrators-stg:osbs-workers-stg + tags: + - osbs-orchestrator-prereq + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + handlers: + - name: restart NetworkManager + service: + name: NetworkManager + state: restarted + + roles: + - role: openshift-prerequisites + + tasks: + - name: Install necessary packages that openshift-ansible needs + package: name="{{ item }}" state=installed + with_items: + - tar + - rsync + - python3-dbus + - NetworkManager + - libselinux-python3 + - python3-PyYAML + - java-1.8.0-openjdk-headless + + - name: Deploy controller public ssh keys to osbs cluster hosts + authorized_key: + user: root + key: "{{ lookup('file', '{{private}}/files/osbs/{{env}}/control_key.pub') }}" + + # This is required for OpenShift built-in SkyDNS inside the overlay network + # of the cluster + - name: ensure NM_CONTROLLED is set to "yes" for osbs cluster + lineinfile: + dest: "/etc/sysconfig/network-scripts/ifcfg-eth0" + line: "NM_CONTROLLED=yes" + notify: + - restart NetworkManager + + # This is required for OpenShift built-in SkyDNS inside the overlay network + # of the cluster + - name: ensure NetworkManager is enabled and started + service: + name: NetworkManager + state: started + enabled: yes + + - name: cron entry to clean up docker storage + copy: + src: "{{files}}/osbs/cleanup-docker-storage" + dest: "/etc/cron.d/cleanup-docker-storage" + + - name: copy docker-storage-setup config + copy: + src: "{{files}}/osbs/docker-storage-setup" + dest: "/etc/sysconfig/docker-storage-setup" + when: env == "production" + + - name: copy docker-storage-setup config + copy: + src: "{{files}}/osbs/docker-storage-setup.staging" + dest: "/etc/sysconfig/docker-storage-setup" + when: env == "staging" + + +# This keytab needs to be on any system that is going to talk to koji and +# unfortunately, that's all of them. +- name: Deploy kerberose keytab to cluster hosts + hosts: osbs-masters-stg:osbs-nodes-stg:osbsworker-masters-stg:osbsworker-nodes-stg + tags: + - osbs-cluster-prereq + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - role: keytab/service + owner_user: root + owner_group: root + service: osbs + host: "osbs.stg.fedoraproject.org" + when: env == "staging" + +- name: Deploy OpenShift Clusters + hosts: osbs-control-stg + tags: + - osbs-deploy-openshift + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - role: ansible-ansible-openshift-ansible + cluster_inventory_filename: "orchestrator-cluster-inventory-stg" + openshift_htpasswd_file: "{{ oa_htpasswd_file }}" + openshift_master_public_api_url: "https://{{ osbs_url }}:8443" + openshift_release: "{{ origin_release }}" + openshift_ansible_path: "/root/openshift-ansible" + openshift_ansible_playbook: "playbooks/byo/config.yml" + openshift_ansible_version: "{{ oa_version }}" + openshift_ansible_ssh_user: "{{ oa_ssh_user }}" + openshift_ansible_install_examples: "{{ oa_install_examples }}" + openshift_ansible_containerized_deploy: "{{ oa_containerized_deploy }}" + openshift_cluster_masters_group: "osbs-masters-stg" + openshift_cluster_nodes_group: "osbs-nodes-stg" + openshift_cluster_infra_group: "osbs-masters-stg" + openshift_auth_profile: "{{ oa_auth_profile }}" + openshift_cluster_url: "{{ osbs_url }}" + openshift_master_ha: false + openshift_debug_level: "{{ oa_debug_level }}" + openshift_shared_infra: true + openshift_deployment_type: "origin" + openshift_metrics_deploy: true + openshift_ansible_python_interpreter: "/usr/bin/python3" + openshift_nodeselectors: "{{ osbs_orchestrator_nodeselector_labels }}" + when: env == 'staging' + tags: ['openshift-cluster','ansible-ansible-openshift-ansible'] + + - role: ansible-ansible-openshift-ansible + cluster_inventory_filename: "x86-64-worker-cluster-inventory-stg" + openshift_htpasswd_file: "{{ oa_htpasswd_file }}" + openshift_master_public_api_url: "https://{{ osbsworker_x86_64_url }}:8443" + openshift_release: "{{ origin_release }}" + openshift_ansible_path: "/root/openshift-ansible" + openshift_ansible_playbook: "playbooks/byo/config.yml" + openshift_ansible_version: "{{ oa_version }}" + openshift_ansible_ssh_user: "{{ oa_ssh_user }}" + openshift_ansible_install_examples: "{{ oa_install_examples }}" + openshift_ansible_containerized_deploy: "{{ oa_containerized_deploy }}" + openshift_cluster_masters_group: "osbsworker-x86-64-masters-stg" + openshift_cluster_nodes_group: "osbsworker-x86-64-nodes-stg" + openshift_cluster_infra_group: "osbsworker-x86-64-masters-stg" + openshift_auth_profile: "{{ oa_auth_profile }}" + openshift_cluster_url: "{{ osbsworker_x86_64_url }}" + openshift_master_ha: false + openshift_debug_level: "{{ oa_debug_level }}" + openshift_shared_infra: true + openshift_deployment_type: "origin" + openshift_metrics_deploy: true + openshift_ansible_python_interpreter: "/usr/bin/python3" + openshift_nodeselectors: "{{ osbs_worker_nodeselector_labels }}" + when: env == 'staging' + tags: ['openshift-cluster','ansible-ansible-openshift-ansible'] + +- name: Setup OSBS requirements for OpenShift cluster hosts + hosts: osbs-orchestrators-stg:osbs-workers-stg + tags: + - osbs-cluster-req + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - role: osbs-common + osbs_manage_firewalld: false + + - role: osbs-atomic-reactor + + - role: push-docker + docker_cert_name: "containerbuild" + docker_cert_dir: "/etc/docker/certs.d/{{ candidate_registry }}" + when: env == "staging" + + # The images that come out of the builds need to be pushed somwhere + - role: "manage-container-images" + cert_dest_dir: "/etc/docker/certs.d/{{ candidate_registry }}" + cert_src: "{{private}}/files/docker-registry/{{env}}/docker-registry-internal.pem" + key_src: "{{private}}/files/docker-registry/{{env}}/docker-registry-internal.key" + when: env == "staging" + + handlers: + - name: restart dnsmasq + service: + name: dnsmasq + state: restarted + + tasks: + + - name: ensure dnsmasq is installed + package: + name: dnsmasq + state: latest + + - name: install fedora dnsmasq specific config + copy: + src: "{{files}}/osbs/fedora-dnsmasq.conf.{{env}}" + dest: "/etc/dnsmasq.d/fedora-dns.conf" + notify: + - restart dnsmasq + +- name: setup orchestrator namespace + hosts: osbs-masters-stg[0] + tags: + - osbs-cluster-req + - orchestrator-namespace + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + vars: + osbs_kubeconfig_path: /etc/origin/master/admin.kubeconfig + osbs_environment: + KUBECONFIG: "{{ osbs_kubeconfig_path }}" + koji_pki_dir: /etc/pki/koji + koji_ca_cert_path: "{{koji_pki_dir}}/fedora-server-ca.cert" + koji_cert_path: "{{koji_pki_dir}}/fedora-builder.pem" + koji_builder_user: dockerbuilder + osbs_secret_name: kojisecret + osbs_secret_service_account: "{{ osbs_builder_user }}" + osbs_secret_remote_dir: /var/lib/origin + osbs_secret_can_fail: false + + roles: + - role: osbs-namespace + osbs_namespace: "{{ osbs_orchestrator_namespace }}" + osbs_openshift_home: "{{ openshift_home}}" + osbs_kubeconfig_path: "{{ kubeconfig_path }}" + osbs_generated_config_path: "{{ generated_config_path }}" + osbs_environmnet: "{{ osbs_env }}" + osbs_is_admin: "{{ osbs_admin }}" + osbs_service_accounts: "{{ osbs_orchestrator_service_accounts }}" + osbs_cpu_limitrange: "{{ os_cpu_limitrange }}" + osbs_admin_groups: "{{ os_admin_groups }}" + osbs_admin_users: "{{ os_admin_users }}" + osbs_readonly_groups: "{{ osbs_orchestrator_readonly_groups }}" + osbs_readonly_users: "{{ osbs_orchestrator_readonly_groups }}" + osbs_readwrite_groups: "{{ osbs_orchestrator_readwrite_groups }}" + osbs_readwrite_users: "{{ osbs_orchestrator_readwrite_users }}" + osbs_orchestrator: true + osbs_worker_clusters: "{{ worker_clusters }}" + osbs_koji_secret_name: "{{ koji_secret_name }}" + osbs_distribution_scope: "{{ distribution_scope }}" + osbs_authoritative_registry: "{{ authoritative_registry }}" + osbs_koji_hub: "{{ koji_hub }}" + osbs_koji_root: "{{ koji_root }}" + osbs_registry_api_versions: "{{ registry_api_versions }}" + osbs_registry_uri: "{{ candidate_registry }}" + osbs_source_registry_uri: "{{ stable_registry }}" + osbs_build_json_dir: "{{ build_json_dir }}" + osbs_sources_command: "fedpkg sources" + osbs_nodeselector: "{{ osbs_orchestrator_default_nodeselector|default('') }}" + +- name: setup worker namespace + hosts: osbsworker-x86-64-masters-stg[0] + tags: + - osbs-cluster-req + - worker-namespace + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + vars: + osbs_kubeconfig_path: /etc/origin/master/admin.kubeconfig + osbs_environment: + KUBECONFIG: "{{ osbs_kubeconfig_path }}" + koji_pki_dir: /etc/pki/koji + koji_ca_cert_path: "{{koji_pki_dir}}/fedora-server-ca.cert" + koji_cert_path: "{{koji_pki_dir}}/fedora-builder.pem" + koji_builder_user: dockerbuilder + osbs_builder_user: builder + osbs_secret_name: kojisecret + osbs_secret_service_account: "{{ osbs_builder_user }}" + osbs_secret_remote_dir: /var/lib/origin + osbs_secret_can_fail: false + + roles: + - role: osbs-namespace + osbs_namespace: "{{ osbs_worker_namespace }}" + osbs_openshift_home: "{{ openshift_home}}" + osbs_kubeconfig_path: "{{ kubeconfig_path }}" + osbs_generated_config_path: "{{ generated_config_path }}" + osbs_environmnet: "{{ osbs_env }}" + osbs_is_admin: "{{ osbs_admin }}" + osbs_service_accounts: "{{ osbs_worker_service_accounts }}" + osbs_admin_groups: "{{ os_admin_groups }}" + osbs_admin_users: "{{ os_admin_users }}" + osbs_readonly_groups: "{{ osbs_worker_readonly_groups }}" + osbs_readonly_users: "{{ osbs_worker_readonly_groups }}" + osbs_readwrite_groups: "{{ osbs_worker_readwrite_groups }}" + osbs_readwrite_users: "{{ osbs_worker_readwrite_users }}" + osbs_orchestrator: false + osbs_worker_clusters: "{{ worker_clusters }}" + osbs_koji_secret_name: "{{ koji_secret_name }}" + osbs_distribution_scope: "{{ distribution_scope }}" + osbs_authoritative_registry: "{{ authoritative_registry }}" + osbs_koji_hub: "{{ koji_hub }}" + osbs_koji_root: "{{ koji_root }}" + osbs_registry_api_versions: "{{ registry_api_versions }}" + osbs_registry_uri: "{{ candidate_registry }}" + osbs_source_registry_uri: "{{ stable_registry }}" + osbs_build_json_dir: "{{ build_json_dir }}" + osbs_sources_command: "fedpkg sources" + osbs_cpu_limitrange: "{{ os_cpu_limitrange }}" + osbs_nodeselector: "{{ osbs_orchestrator_default_nodeselector|default('') }}" + +- name: Setup Koji auth for OSBS Orchestrator Cluster + hosts: osbs-masters-stg[0] + tags: + - osbs-master-req + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + + tasks: + - name: set policy for koji builder in openshift for osbs + shell: "oadm policy add-role-to-user -n {{ osbs_orchestrator_namespace }} edit htpasswd_provider: {{ osbs_koji_stg_username }} && touch /etc/origin/koji-builder-policy-added" + args: + creates: "/etc/origin/koji-builder-policy-added" + when: env == "staging" + + - name: set policy for koji builder in openshift for atomic-reactor + shell: "oadm policy add-role-to-user -n {{ osbs_orchestrator_namespace }} edit system:serviceaccount:{{osbs_orchestrator_namespace}}:{{osbs_builder_user}} && touch /etc/origin/atomic-reactor-policy-added" + args: + creates: "/etc/origin/atomic-reactor-policy-added" + +- name: Setup Koji auth for OSBS Worker Cluster + hosts: osbsworker-x86-64-masters-stg[0] + tags: + - osbs-master-req + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + + tasks: + - name: set policy for koji builder in openshift for osbs + shell: "oadm policy add-role-to-user -n {{ osbs_worker_namespace }} edit htpasswd_provider: {{ osbs_koji_stg_username }} && touch /etc/origin/koji-builder-policy-added" + args: + creates: "/etc/origin/koji-builder-policy-added" + when: env == "staging" + + - name: set policy for koji builder in openshift for atomic-reactor + shell: "oadm policy add-role-to-user -n {{ osbs_worker_namespace }} edit system:serviceaccount:{{osbs_orchestrator_namespace}}:{{osbs_builder_user}} && touch /etc/origin/atomic-reactor-policy-added" + args: + creates: "/etc/origin/atomic-reactor-policy-added" + +- name: post-install orchestrator master host osbs tasks + hosts: osbs-masters-stg[0] + tags: + - osbs-post-install + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + osbs_kubeconfig_path: /etc/origin/master/admin.kubeconfig + osbs_environment: + KUBECONFIG: "{{ osbs_kubeconfig_path }}" + koji_pki_dir: /etc/pki/koji + koji_ca_cert_path: "{{koji_pki_dir}}/fedora-server-ca.cert" + koji_cert_path: "{{koji_pki_dir}}/fedora-builder.pem" + koji_builder_user: dockerbuilder + osbs_builder_user: builder + + + handlers: + - name: oc secrets new + shell: "oc secrets new koji cert={{ koji_cert_path }} ca={{ koji_ca_cert_path }} serverca={{ koji_ca_cert_path }} --namespace={{ osbs_orchestrator_namespace }}" + environment: "{{ osbs_environment }}" + notify: oc secrets add + + - name: oc secrets add + shell: "oc secrets add serviceaccount/{{ osbs_builder_user }} secrets/koji --for=mount --namespace={{osbs_orchestrator_namespace}}" + environment: "{{ osbs_environment }}" + + tasks: + - name: Ensure koji dockerbuilder cert path exists + file: + path: "{{ koji_pki_dir }}" + state: "directory" + mode: 0400 + + - name: Add koji dockerbuilder cert for Content Generator import + copy: + src: "{{private}}/files/koji/containerbuild.pem" + dest: "{{ koji_cert_path }}" + notify: oc secrets new + + - name: Add koji dockerbuilder ca cert for Content Generator import + copy: + src: "{{private}}/files/koji/buildercerts/fedora-ca.cert" + dest: "{{ koji_ca_cert_path }}" + notify: oc secrets new + + - name: cron entry to clean up old builds + copy: + src: "{{files}}/osbs/cleanup-old-osbs-builds" + dest: "/etc/cron.d/cleanup-old-osbs-builds" + +- name: post-install worker master host osbs tasks + hosts: osbsworker-x86-64-masters-stg[0] + tags: + - osbs-post-install + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + osbs_kubeconfig_path: /etc/origin/master/admin.kubeconfig + osbs_environment: + KUBECONFIG: "{{ osbs_kubeconfig_path }}" + koji_pki_dir: /etc/pki/koji + koji_ca_cert_path: "{{koji_pki_dir}}/fedora-server-ca.cert" + koji_cert_path: "{{koji_pki_dir}}/fedora-builder.pem" + koji_builder_user: dockerbuilder + osbs_builder_user: builder + + + handlers: + - name: oc secrets new + shell: "oc secrets new koji cert={{ koji_cert_path }} ca={{ koji_ca_cert_path }} serverca={{ koji_ca_cert_path }} --namespace={{osbs_worker_namespace}}" + environment: "{{ osbs_environment }}" + notify: oc secrets add + + - name: oc secrets add + shell: "oc secrets add serviceaccount/{{ osbs_builder_user }} secrets/koji --for=mount --namespace={{osbs_worker_namespace}}" + environment: "{{ osbs_environment }}" + + tasks: + - name: Ensure koji dockerbuilder cert path exists + file: + path: "{{ koji_pki_dir }}" + state: "directory" + mode: 0400 + + - name: Add koji dockerbuilder cert for Content Generator import + copy: + src: "{{private}}/files/koji/containerbuild.pem" + dest: "{{ koji_cert_path }}" + notify: oc secrets new + + - name: Add koji dockerbuilder ca cert for Content Generator import + copy: + src: "{{private}}/files/koji/buildercerts/fedora-ca.cert" + dest: "{{ koji_ca_cert_path }}" + notify: oc secrets new + + - name: cron entry to clean up old builds + copy: + src: "{{files}}/osbs/cleanup-old-osbs-builds" + dest: "/etc/cron.d/cleanup-old-osbs-builds" + +- name: Manage docker images and image stream + hosts: osbs-masters-stg[0]:osbsworker-x86-64-masters-stg[0] + tags: + - osbs-post-install + - manage-docker-images + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + osbs_kubeconfig_path: /etc/origin/master/admin.kubeconfig + osbs_environment: + KUBECONFIG: "{{ osbs_kubeconfig_path }}" + koji_pki_dir: /etc/pki/koji + koji_ca_cert_path: "{{koji_pki_dir}}/fedora-server-ca.cert" + koji_cert_path: "{{koji_pki_dir}}/fedora-builder.pem" + koji_builder_user: dockerbuilder + + tasks: + # NOTE: Need to delegate to compose-x86-01.phx2.fedoraproject.org for prod + # because the push keys are split for each env + - name: skopeo sync openshift required docker images + shell: "skopeo copy docker://docker.io/{{item}}:{{origin_release}} docker://{{candidate_registry}}/{{item}}:{{origin_release}}" + with_items: "{{openshift_required_images}}" + delegate_to: composer.stg.phx2.fedoraproject.org + register: docker_pull_openshift_delegated + changed_when: "'Skipping fetch of repeat blob' not in docker_pull_openshift_delegated.stdout" + when: env == "staging" + + - name: create fedora image stream for OpenShift + shell: "echo '{ \"apiVersion\": \"v1\", \"kind\": \"ImageStream\", \"metadata\": { \"name\": \"fedora\" }, \"spec\": { \"dockerImageRepository\": \"{{candidate_registry}}/fedora\" } }' | oc create -f - && touch /etc/origin/fedoraimagestreamcreated" + environment: "{{ osbs_environment }}" + args: + creates: /etc/origin/fedoraimagestreamcreated + +- name: post-install osbs tasks + hosts: osbs-orchestrators-stg:osbs-workers-stg + tags: + - osbs-post-install + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + osbs_kubeconfig_path: /etc/origin/master/admin.kubeconfig + osbs_environment: + KUBECONFIG: "{{ osbs_kubeconfig_path }}" + koji_pki_dir: /etc/pki/koji + koji_ca_cert_path: "{{koji_pki_dir}}/fedora-server-ca.cert" + koji_cert_path: "{{koji_pki_dir}}/fedora-builder.pem" + koji_builder_user: dockerbuilder + osbs_builder_user: builder + + + handlers: + - name: buildroot container + shell: 'docker rmi buildroot; docker build --no-cache --rm -t buildroot /etc/osbs/buildroot/' + + - name: restart docker + service: + name: docker + state: restarted + + - name: systemctl daemon-reload + shell: 'systemctl daemon-reload' + + roles: + - { + role: osbs-client, + general: { + verbose: 0, + build_json_dir: '/etc/osbs/input/', + openshift_required_version: 1.1.0, + }, + default: { + username: "{{ osbs_koji_stg_username }}", + password: "{{ osbs_koji_stg_password }}", + koji_use_kerberos: True, + koji_kerberos_keytab: "FILE:/etc/krb5.osbs_{{osbs_url}}.keytab", + koji_kerberos_principal: "osbs/{{osbs_url}}@{{ipa_realm}}", + openshift_url: 'https://{{osbs_url}}/', + registry_uri: 'https://{{candidate_registry}}/v2', + source_registry_uri: 'https://{{stable_registry}}/v2', + build_host: '{{osbs_url}}', + koji_root: '{{koji_root}}', + koji_hub: '{{koji_hub}}', + sources_command: 'fedpkg sources', + build_type: 'prod', + authoritative_registry: '{{stable_registry}}', + vendor: 'Fedora Project', + verify_ssl: true, + use_auth: true, + builder_use_auth: true, + distribution_scope: 'private', + registry_api_versions: 'v2', + builder_openshift_url: 'https://{{osbs_url}}', + namespace: 'osbs', + can_orchestrate: true + }, + when: env == "staging" + } + + tasks: + - name: copy docker iptables script + copy: + src: "{{files}}/osbs/fix-docker-iptables.{{ env }}" + dest: /usr/local/bin/fix-docker-iptables + mode: 0755 + notify: + - restart docker + + - name: copy docker service config + copy: + src: "{{files}}/osbs/docker.custom.service" + dest: /etc/systemd/system/docker.service.d/custom.conf + notify: + - systemctl daemon-reload + - restart docker + + - name: ensure docker is running + service: + name: docker + state: started + enabled: yes + + - name: set nrpe read access for osbs.conf for nagios monitoring + acl: name={{ osbs_client_conf_path }} entity=nrpe etype=user permissions=r state=present + + - name: Create buildroot container conf directory + file: + path: "/etc/osbs/buildroot/" + state: directory + + - name: Upload Dockerfile for buildroot container + template: + src: "{{ files }}/osbs/buildroot-Dockerfile-{{env}}.j2" + dest: "/etc/osbs/buildroot/Dockerfile" + mode: 0400 + notify: + - buildroot container + + - name: Upload internal CA for buildroot + copy: + src: "{{private}}/files/osbs/{{env}}/osbs-internal.pem" + dest: "/etc/osbs/buildroot/ca.crt" + mode: 0400 + notify: + - buildroot container + + - name: stat infra repofile + stat: + path: "/etc/yum.repos.d/infra-tags.repo" + register: infra_repo_stat + + - name: stat /etc/osbs/buildroot/ infra repofile + stat: + path: "/etc/osbs/buildroot/infra-tags.repo" + register: etcosbs_infra_repo_stat + + - name: remove old /etc/osbs/buildroot/ infra repofile + file: + path: "/etc/osbs/buildroot/infra-tags.repo" + state: absent + when: etcosbs_infra_repo_stat.stat.exists and infra_repo_stat.stat.checksum != etcosbs_infra_repo_stat.stat.checksum + + - name: Copy repofile for buildroot container (because Docker) + copy: + src: "/etc/yum.repos.d/infra-tags.repo" + dest: "/etc/osbs/buildroot/infra-tags.repo" + remote_src: true + notify: + - buildroot container + when: etcosbs_infra_repo_stat.stat.exists == false + + - name: stat /etc/ keytab + stat: + path: "/etc/krb5.osbs_{{osbs_url}}.keytab" + register: etc_kt_stat + + - name: stat /etc/osbs/buildroot/ keytab + stat: + path: "/etc/osbs/buildroot/krb5.osbs_{{osbs_url}}.keytab" + register: etcosbs_kt_stat + + - name: remove old hardlink to /etc/osbs/buildroot/ keytab + file: + path: "/etc/osbs/buildroot/krb5.osbs_{{osbs_url}}.keytab" + state: absent + when: etcosbs_kt_stat.stat.exists and etc_kt_stat.stat.checksum != etcosbs_kt_stat.stat.checksum + + - name: Hardlink keytab for buildroot container (because Docker) + file: + src: "/etc/krb5.osbs_{{osbs_url}}.keytab" + dest: "/etc/osbs/buildroot/krb5.osbs_{{osbs_url}}.keytab" + state: hard + notify: + - buildroot container + when: etcosbs_kt_stat.stat.exists == false + + - name: pull openshift required docker images + shell: "docker pull {{candidate_registry}}/{{item}}:{{origin_release}}" + with_items: "{{openshift_required_images}}" + register: docker_pull_openshift + changed_when: "'Downloaded newer image' in docker_pull_openshift.stdout" + + - name: pull fedora required docker images + shell: "docker pull {{stable_registry}}/{{item}}" + with_items: "{{fedora_required_images}}" + register: docker_pull_fedora + changed_when: "'Downloaded newer image' in docker_pull_fedora.stdout" + + - name: tag openshift required docker images locally + shell: "docker tag {{candidate_registry}}/{{item}}:{{origin_release}} {{item}}:{{origin_release}}" + with_items: "{{openshift_required_images}}" + when: docker_pull_openshift|changed + + - set_fact: + docker_pull_openshift: "{{ docker_pull_openshift }}" + + +- name: Post-Install image stream refresh + hosts: osbs-masters-stg[0] + tags: + - osbs-post-install + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: refresh fedora image streams + shell: "oc import-image fedora --all" + when: env == "staging" and hostvars[groups["osbs-masters-stg"][0]]["docker_pull_fedora"]|changed + + - name: enable nrpe for monitoring (noc01) + iptables: action=insert chain=INPUT destination_port=5666 protocol=tcp source=10.5.126.41 state=present jump=ACCEPT + + - name: enable nrpe for monitoring (noc01.stg) + iptables: action=insert chain=INPUT destination_port=5666 protocol=tcp source=10.5.128.38 state=present jump=ACCEPT diff --git a/playbooks/groups/packages.yml b/playbooks/groups/packages.yml new file mode 100644 index 0000000000..c073bece69 --- /dev/null +++ b/playbooks/groups/packages.yml @@ -0,0 +1,106 @@ +# create a new packages server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/packages* or from hostvars + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=packages:packages-stg" + +- name: make the box be real + hosts: packages:packages-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - rsyncd + - sudo + - { role: openvpn/client, + when: env != "staging" } + - mod_wsgi + + tasks: + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: set up gluster server on prod + hosts: packages + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - role: gluster/server + name: gluster + username: "{{ packagesglusterusername }}" + password: "{{ packagesglusterpassword }}" + owner: root + group: root + datadir: /srv/glusterfs/packages + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: set up gluster client on prod + hosts: packages + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - fedmsg/base + - role: gluster/client + name: gluster + servers: + - packages03.phx2.fedoraproject.org + - packages04.phx2.fedoraproject.org + username: "{{ packagesglusterusername }}" + password: "{{ packagesglusterpassword }}" + owner: apache + group: fedmsg + mountdir: /var/cache/fedoracommunity + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: dole out the new service specific config + hosts: packages:packages-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - fedmsg/hub + - packages3/web + - role: collectd/fedmsg-service + process: fedmsg-hub + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/pagure.yml b/playbooks/groups/pagure.yml index 6a6549b4bc..767af658d6 100644 --- a/playbooks/groups/pagure.yml +++ b/playbooks/groups/pagure.yml @@ -1,77 +1,59 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "pagure:pagure_stg" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=pagure:pagure-stg" -- name: Make the boxen be real for real - hosts: pagure:pagure_stg +- name: make the boxen be real for real + hosts: pagure:pagure-stg user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - rkhunter - nagios_client - - zabbix/zabbix_agent - hosts - - openvpn/client - - ipa/client + - fas_client - sudo - collectd/base + - openvpn/client - postgresql_server - pre_tasks: + tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" -- name: Deploy pagure itself - hosts: pagure:pagure_stg +- name: deploy pagure itself + hosts: pagure:pagure-stg user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - "{{ vars_path }}/{{ ansible_distribution }}.yml" + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + pre_tasks: + - name: install fedmsg-relay + package: name=fedmsg-relay state=present + tags: + - pagure + - pagure/fedmsg + - name: and start it + service: name=fedmsg-relay state=started + tags: + - pagure + - pagure/fedmsg roles: - - # - # use letsencrypt to get ssl certs - # - - role: letsencrypt - site_name: "stg.pagure.io" - certbot_bundlehost: pagure-stg01.fedoraproject.org - server_aliases: - - stg.pagure.io - - docs.stg.pagure.org - - releases.stg.pagure.org - - stg.pagure.org - tags: - - pagure.io - when: env == "staging" - - - role: letsencrypt - site_name: "pagure.io" - certbot_bundlehost: pagure02.fedoraproject.org - server_aliases: - - docs.pagure.org - - lists.pagure.io - - pagure.org - - releases.pagure.org - - www.pagure.io - tags: - - pagure.io - when: env != "staging" - - - pagure + - pagure/frontend + - pagure/fedmsg handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/pdc.yml b/playbooks/groups/pdc.yml new file mode 100644 index 0000000000..6978449f14 --- /dev/null +++ b/playbooks/groups/pdc.yml @@ -0,0 +1,64 @@ +# PDC servers (both frontend and backend) + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=pdc-web:pdc-web-stg:pdc-backend:pdc-backend-stg" + +- name: dole out the generic configuration + hosts: pdc-web:pdc-web-stg:pdc-backend:pdc-backend-stg + user: root + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + roles: + - base + - rkhunter + - nagios_client + - collectd/base + - hosts + - fas_client + - sudo + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + +- name: stuff for the web nodes + hosts: pdc-web:pdc-web-stg + user: root + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + roles: + - role: openvpn/client + when: env != "staging" + - mod_wsgi + - fedmsg/base + - pdc/frontend + +- name: stuff just for the backend nodes + hosts: pdc-backend:pdc-backend-stg + user: root + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + roles: + - fedmsg/base + - fedmsg/hub + - pdc/backend + - role: collectd/fedmsg-service + process: fedmsg-hub diff --git a/playbooks/groups/people.yml b/playbooks/groups/people.yml index 0eba7ebe94..8dbaa957b6 100644 --- a/playbooks/groups/people.yml +++ b/playbooks/groups/people.yml @@ -1,29 +1,24 @@ ---- # Create a people server # # -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "people" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=people" -- name: Make the box be real +- name: make the box be real hosts: people user: root - gather_facts: yes + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - - name: Mount project volume + - name: mount project volume mount: > name=/project - src=/dev/mapper/vg_vm-project + src=/dev/mapper/GuestVolGroup00-project fstype=xfs opts="noatime,noexec,nosuid,nodev" passno=0 @@ -32,10 +27,10 @@ tags: - mount - - name: Mount srv volume + - name: mount srv volume mount: > name=/srv - src=/dev/mapper/vg_vm-srv + src=/dev/mapper/GuestVolGroup00-srv fstype=xfs opts="usrquota,gqnoenforce,noatime,noexec,nosuid,nodev" passno=0 @@ -44,10 +39,10 @@ tags: - mount - - name: Create /srv/home directory - ansible.builtin.file: path=/srv/home state=directory owner=root group=root + - name: create /srv/home directory + file: path=/srv/home state=directory owner=root group=root - - name: Bind mount home volume + - name: bind mount home volume mount: > name=/home src=/srv/home @@ -62,27 +57,33 @@ roles: - base - collectd/base - - role: openvpn/client - when: env != "staging" - - ipa/client + - fas_client - hosts - nagios_client - rkhunter - rsyncd - sudo + - { role: openvpn/client, when: env != "staging" } - cgit/base - cgit/clean_lock_cron - cgit/make_pkgs_list - clamav + - planet + - fedmsg/base - git/server - role: apache - role: httpd/certificate - certname: wildcard-2024.fedorapeople.org - SSLCertificateChainFile: wildcard-2024.fedorapeople.org.intermediate.cert + name: wildcard-2017.fedorapeople.org + SSLCertificateChainFile: wildcard-2017.fedorapeople.org.intermediate.cert - people + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/piwik.yml b/playbooks/groups/piwik.yml new file mode 100644 index 0000000000..9b740037d6 --- /dev/null +++ b/playbooks/groups/piwik.yml @@ -0,0 +1,33 @@ +# These servers run piwik + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=piwik-stg" + +- name: make the box be real + hosts: piwik-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - apache + - fedmsg/base + - piwik + - sudo + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/pkgdb.yml b/playbooks/groups/pkgdb.yml new file mode 100644 index 0000000000..02562b4a19 --- /dev/null +++ b/playbooks/groups/pkgdb.yml @@ -0,0 +1,67 @@ +# create a new pkgdb server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/pkgdb* or from hostvars +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=pkgdb:pkgdb-stg" + +- name: make the box be real + hosts: pkgdb-stg:pkgdb + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - sudo + - { role: openvpn/client, + when: env != "staging" } + - mod_wsgi + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: set up fedmsg on pkgdb + hosts: pkgdb-stg:pkgdb + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - fedmsg/base + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: deploy pkgdb itself + hosts: pkgdb-stg:pkgdb + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - pkgdb2 + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/pkgs.yml b/playbooks/groups/pkgs.yml index e457dce7ab..ea1419c994 100644 --- a/playbooks/groups/pkgs.yml +++ b/playbooks/groups/pkgs.yml @@ -1,12 +1,9 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "pkgs_stg:pkgs" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=pkgs-stg:pkgs02.phx2.fedoraproject.org" -- name: Make the box be real - hosts: pkgs_stg:pkgs +- name: make the box be real + hosts: pkgs-stg:pkgs02.phx2.fedoraproject.org user: root - gather_facts: true + gather_facts: True vars_files: - /srv/web/infra/ansible/vars/global.yml @@ -18,45 +15,52 @@ - hosts - rkhunter - nagios_client - - zabbix/zabbix_agent - - ipa/client + - fas_client - collectd/base - sudo - apache + - gitolite/base + - cgit/base + - cgit/clean_lock_cron + - cgit/make_pkgs_list + - gitolite/check_fedmsg_hooks + - { role: git/make_checkout_seed, when: env != "staging" } + - git/server + - git/hooks + - git/checks + - clamav + - { role: nfs/client, + when: env != "staging", + mnt_dir: '/srv/cache/lookaside', + nfs_src_dir: 'fedora_sourcecache', nfs_mount_opts='rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3' } + - { role: nfs/client, + when: env == "staging" and inventory_hostname.startswith('pkgs02'), + mnt_dir: '/srv/cache/lookaside_prod', + nfs_src_dir: 'fedora_sourcecache', nfs_mount_opts='ro,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3' } + - role: distgit/pagure + - role: distgit + tags: distgit + - { role: hosts, when: env == "staging" } tasks: - name: Copy keytab - ansible.builtin.copy: src={{private}}/files/keytabs/{{env}}/pkgs + copy: src={{private}}/files/keytabs/{{env}}/pkgs dest=/etc/httpd.keytab owner=apache group=apache mode=0600 tags: - krb5 - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" -- name: Setup users on pkgs - hosts: pkgs_stg:pkgs +- name: setup fedmsg on pkgs + hosts: pkgs-stg:pkgs02.phx2.fedoraproject.org user: root - gather_facts: true - - tasks: - - name: Setup pagure user - tags: pagure-user - user: - name: pagure - uid: "{{ pagure_static_uid }}" - shell: /sbin/nologin - comment: "Pagure User" - when: env == "staging" - ## The above should be deleted when we rebuild pkgs02 in future. - -- name: Setup dist-git on the box - hosts: pkgs_stg:pkgs - user: root - gather_facts: true + gather_facts: True vars_files: - /srv/web/infra/ansible/vars/global.yml @@ -64,36 +68,9 @@ - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - - {role: git/make_checkout_seed, when: env != "staging"} - - git/hooks - - git/checks - - clamav - - { - role: nfs/client, - when: env != "staging", - mnt_dir: '/srv/cache/lookaside', - nfs_src_dir: - 'fedora_sourcecache', - nfs_mount_opts='rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3' # yamllint disable-line rule:commas rule:indentation - } - - { - role: nfs/client, - when: env == "staging" and inventory_hostname.startswith('pkgs01'), - mount_stg: true, - mnt_dir: '/srv/cache/lookaside_prod', - nfs_src_dir: - 'fedora_sourcecache', - nfs_mount_opts='ro,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3' # yamllint disable-line rule:commas rule:indentation - } - - role: distgit/pagure - - role: distgit - tags: distgit - - {role: hosts, when: env == "staging"} - # Set up for fedora-messaging - - role: rabbit/user - user_name: "pagure{{ env_suffix }}" - user_sent_topics: - ^(io\.pagure\.{{ env_short }}|org\.fedoraproject\.{{ env_short }}\.(pagure|git|logger))\..* + - { role: collectd/fedmsg-service, process: fedmsg-hub } + - fedmsg/base + - fedmsg/hub handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/postgresql-server-bdr.yml b/playbooks/groups/postgresql-server-bdr.yml new file mode 100644 index 0000000000..ec3fe497c7 --- /dev/null +++ b/playbooks/groups/postgresql-server-bdr.yml @@ -0,0 +1,39 @@ +# create a new database server system +# NOTE: should be used with --limit most of the time +# NOTE: most of these vars_path come from group_vars/backup_server or from hostvars + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=db-koji01.stg.phx2.fedoraproject.org:db-koji02.stg.phx2.fedoraproject.org:pgbdr01.stg.phx2.fedoraproject.org:pgbdr02.stg.phx2.fedoraproject.org" + +# Once the instance exists, configure it. + +- name: configure postgresql server system + hosts: db-koji01.stg.phx2.fedoraproject.org:db-koji02.stg.phx2.fedoraproject.org:pgbdr01.stg.phx2.fedoraproject.org:pgbdr02.stg.phx2.fedoraproject.org + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - fas_client + - nagios_client + - hosts + - collectd/base + - collectd/postgres # This requires a 'databases' var to be set in host_vars + - sudo + - keepalived + - postgresql_server_bdr + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + +# TODO: add iscsi task + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/postgresql-server.yml b/playbooks/groups/postgresql-server.yml index ae9edd8a65..2557fe7c58 100644 --- a/playbooks/groups/postgresql-server.yml +++ b/playbooks/groups/postgresql-server.yml @@ -2,38 +2,38 @@ # NOTE: should be used with --limit most of the time # NOTE: most of these vars_path come from group_vars/backup_server or from hostvars ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "db-fas01.stg.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org:db-koji01.stg.iad2.fedoraproject.org:db-fas01.iad2.fedoraproject.org:db01.iad2.fedoraproject.org:db-koji01.iad2.fedoraproject.org:db-openqa01.iad2.fedoraproject.org:db-datanommer01.stg.iad2.fedoraproject.org:db-datanommer02.iad2.fedoraproject.org:db-riscv-koji01.iad2.fedoraproject.org" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=db-datanommer01.phx2.fedoraproject.org:db-datanommer02.phx2.fedoraproject.org:db-qa01.qa.fedoraproject.org:db-koji01.phx2.fedoraproject.org:db-fas01.stg.phx2.fedoraproject.org:db-fas01.phx2.fedoraproject.org:db01.phx2.fedoraproject.org:db01.stg.phx2.fedoraproject.org:db-s390-koji01.s390.fedoraproject.org:db-arm-koji01.qa.fedoraproject.org:db-ppc-koji01.ppc.fedoraproject.org:db-qa-stg01.qa.fedoraproject.org:db-qa02.qa.fedoraproject.org" # Once the instance exists, configure it. -- name: Configure postgresql server system - hosts: db-fas01.stg.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org:db-koji01.stg.iad2.fedoraproject.org:db-fas01.iad2.fedoraproject.org:db01.iad2.fedoraproject.org:db-koji01.iad2.fedoraproject.org:db-openqa01.iad2.fedoraproject.org:db-datanommer01.stg.iad2.fedoraproject.org:db-datanommer02.iad2.fedoraproject.org:db-riscv-koji01.iad2.fedoraproject.org +- name: configure postgresql server system + hosts: db-datanommer01.phx2.fedoraproject.org:db-datanommer02.phx2.fedoraproject.org:db-qa01.qa.fedoraproject.org:db-koji01.phx2.fedoraproject.org:db-fas01.stg.phx2.fedoraproject.org:db-fas01.phx2.fedoraproject.org:db01.phx2.fedoraproject.org:db01.stg.phx2.fedoraproject.org:db-s390-koji01.s390.fedoraproject.org:db-arm-koji01.qa.fedoraproject.org:db-ppc-koji01.ppc.fedoraproject.org:db-qa-stg01.qa.fedoraproject.org:db-qa02.qa.fedoraproject.org user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - import_tasks: "{{ tasks_path }}/yumrepos.yml" roles: - base - rkhunter - - ipa/client + - fas_client - nagios_client - - zabbix/zabbix_agent - hosts - postgresql_server - collectd/base - collectd/postgres # This requires a 'databases' var to be set in host_vars - sudo + - { role: openvpn/client, when: inventory_hostname == "db-fas01.phx2.fedoraproject.org" or inventory_hostname == "db01.phx2.fedoraproject.org" } + + tasks: + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" # TODO: add iscsi task diff --git a/playbooks/groups/proxies.yml b/playbooks/groups/proxies.yml index 986ab686d6..83c7d91b1b 100644 --- a/playbooks/groups/proxies.yml +++ b/playbooks/groups/proxies.yml @@ -1,60 +1,61 @@ # create a new proxy server ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "proxies:proxies_stg:!proxy05.fedoraproject.org:!cloud_aws" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=proxies:proxies-stg:!proxy07.fedoraproject.org:!proxy05.fedoraproject.org" -- name: Make the box be real - hosts: proxies_stg:proxies +- name: make the box be real + hosts: proxies-stg:proxies user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - - {role: openvpn/client, - when: env != "staging"} - - ipa/client + - fas_client - rkhunter - nagios_client - - zabbix/zabbix_agent - - zabbix/zabbix_templates - collectd/base - sudo - rsyncd - - {role: mirrormanager/mirrorlist_proxy, - when: env == "staging" or "'mirrorlist_proxy' in group_names"} + - { role: mirrormanager/mirrorlist_proxy, + when: env == "staging" or "'mirrorlist-proxy' in group_names" } + - { role: openvpn/client, + when: env != "staging" } + - { role: certbot, + when: inventory_hostname == 'proxy01.phx2.fedoraproject.org' } - apache -# when: env == "staging" tasks: + - name: install special fpaste.conf with letsencrypt info + copy: src={{ files }}/httpd/fpaste.org.conf dest=/etc/httpd/conf.d/fpaste.org/fpaste.org.conf + when: inventory_hostname == 'proxy01.phx2.fedoraproject.org' + + - name: setup link to letsencrypt certs on proxy01 + file: > + path=/etc/pki/tls/certs/fpaste.org.intermediate.cert + src=/etc/letsencrypt/live/fpaste.org/fullchain.pem + state=link + when: inventory_hostname == 'proxy01.phx2.fedoraproject.org' + + - name: setup link to letsencrypt certs on proxy01 + file: > + path=/etc/pki/tls/certs/fpaste.org.cert + src=/etc/letsencrypt/live/fpaste.org/cert.pem + state=link + when: inventory_hostname == 'proxy01.phx2.fedoraproject.org' + + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" # You might think we would want these tasks_path on the proxy nodes, but they # actually deliver a configuration that our proxy-specific roles below then go # and overwrite... so, let's just leave them out. - # - import_tasks: "{{ tasks_path }}/apache.yml" - # - import_tasks: "{{ tasks_path }}/mod_wsgi.yml" - - - name: Ensure nf_conntrack module is loaded before tuning ip_conntrack_max - ansible.builtin.copy: - content: | - nf_conntrack - dest: /etc/modules-load.d/nf_conntrack.conf - owner: root - group: root - mode: "0644" - - - name: Set ip_conntrack_max to a high value as the proxies deal with lots of connections - sysctl: name=net.nf_conntrack_max value=26214400 state=present sysctl_set=yes reload=yes + #- import_tasks: "{{ tasks_path }}/apache.yml" + #- import_tasks: "{{ tasks_path }}/mod_wsgi.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" @@ -65,9 +66,10 @@ # - fedora-web::build (bapp0*) # - fedora-docs::build (bapp0*) # - review-stats::build (bapp0*) + # - membership-map::build (bapp0*) # ## TBD - # - sysctl ip_conntrack_max bits - do we still need this on rhel9 or fedora? + # - sysctl ip_conntrack_max bits - do we still need this on rhel7? # - semanage ports.. we're likely going to need one for every app. # - sebooleans.. let's try running first, see what gets blocked, and then # selectively enable where semanage port fails @@ -78,19 +80,81 @@ - name: Set up the proxy basics - hosts: proxies_stg:proxies + hosts: proxies-stg:proxies user: root - gather_facts: false + gather_facts: False vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" pre_tasks: + # + # When we have a prerelease we also need to drop the config files. + + - name: Remove prerelease-to-final-spins-1 + file: path=/etc/httpd/conf.d/spins.fedoraproject.org/prerelease-to-final-spins-1-redirectmatch.conf state=absent + tags: + - httpd/redirect +# when: env == 'staging' + + - name: Remove prerelease-to-final-spins-2 + file: path=/etc/httpd/conf.d/spins.fedoraproject.org/prerelease-to-final-spins-2-redirectmatch.conf state=absent + tags: + - httpd/redirect +# when: env == 'staging' + + - name: Remove prerelease-to-final-labs-1 + file: path=/etc/httpd/conf.d/labs.fedoraproject.org/prerelease-to-final-labs-1-redirectmatch.conf state=absent + tags: + - httpd/redirect +# when: env == 'staging' + + - name: Remove prerelease-to-final-labs-2 + file: path=/etc/httpd/conf.d/labs.fedoraproject.org/prerelease-to-final-labs-2-redirectmatch.conf state=absent + tags: + - httpd/redirect +# when: env == 'staging' + + - name: Remove prerelease-to-final-arm-1 + file: path=/etc/httpd/conf.d/arm.fedoraproject.org/prerelease-to-final-arm-1-redirectmatch.conf state=absent + tags: + - httpd/redirect +# when: env == 'staging' + + - name: Remove prerelease-to-final-arm-2 + file: path=/etc/httpd/conf.d/arm.fedoraproject.org/prerelease-to-final-arm-2-redirectmatch.conf state=absent + tags: + - httpd/redirect +# when: env == 'staging' + + - name: Remove prerelease-to-final-gfo + file: path=/etc/httpd/conf.d/getfedora.org/prerelease-to-final-gfo-redirectmatch.conf state=absent + tags: + - httpd/redirect +# when: env == 'staging' + + - name: Remove prerelease-to-final-spins + file: path=/etc/httpd/conf.d/spins.fedoraproject.org/prerelease-to-final-spins-redirectmatch.conf state=absent + tags: + - httpd/redirect +# when: env == 'staging' + + - name: Remove prerelease-to-final-labs + file: path=/etc/httpd/conf.d/labs.fedoraproject.org/prerelease-to-final-labs-redirectmatch.conf state=absent + tags: + - httpd/redirect +# when: env == 'staging' + + - name: Remove prerelease-to-final-arm + file: path=/etc/httpd/conf.d/arm.fedoraproject.org/prerelease-to-final-arm-redirectmatch.conf state=absent + tags: + - httpd/redirect +# when: env == 'staging' roles: - httpd/mod_ssl @@ -101,8 +165,6 @@ # - hosts - tasks: - # After setting up the "basics" of the proxy hosts above, here below we break # out the proxy-specific configuration into a couple different sub-playbooks. # Othewise, this file would be unbearably long. @@ -111,22 +173,21 @@ - import_playbook: /srv/web/infra/ansible/playbooks/include/proxies-websites.yml - import_playbook: /srv/web/infra/ansible/playbooks/include/proxies-fedorahosted.yml - import_playbook: /srv/web/infra/ansible/playbooks/include/proxies-fedora-web.yml -- import_playbook: /srv/web/infra/ansible/playbooks/include/proxies-haproxy.yml - import_playbook: /srv/web/infra/ansible/playbooks/include/proxies-reverseproxy.yml - import_playbook: /srv/web/infra/ansible/playbooks/include/proxies-rewrites.yml - import_playbook: /srv/web/infra/ansible/playbooks/include/proxies-redirects.yml +- import_playbook: /srv/web/infra/ansible/playbooks/include/proxies-haproxy.yml - import_playbook: /srv/web/infra/ansible/playbooks/include/proxies-miscellaneous.yml - name: Make sure we are deployed fully - hosts: proxies_stg:proxies - strategy: free + hosts: proxies-stg:proxies user: root - gather_facts: false + gather_facts: False vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" @@ -136,21 +197,21 @@ # If this is an initial deployment, we need the initial ticketkey # If it's not, doesn't hurt to copy it over again # - - name: Deploy ticket key - ansible.builtin.copy: src=/root/ticketkey_{{env}}.tkey dest=/etc/httpd/ticketkey_{{env}}.tkey + - name: deploy ticket key + copy: src=/root/ticketkey_{{env}}.tkey dest=/etc/httpd/ticketkey_{{env}}.tkey owner=root group=root mode=0600 notify: - - Reload proxyhttpd + - reload proxyhttpd # # If this is an initial deployment, make sure docs are synced over. # Do not count these as changed ever # - - name: Make sure docs are synced. This could take a very very very logtime to finish - ansible.builtin.shell: /usr/local/bin/lock-wrapper docs-sync "/usr/local/bin/docs-rsync" >& /dev/null + - name: make sure docs are synced. This could take a very very very logtime to finish + shell: /usr/local/bin/lock-wrapper docs-sync "/usr/local/bin/docs-rsync" >& /dev/null changed_when: false ignore_errors: true - - name: Make sure selinux contexts are right on srv - ansible.builtin.command: restorecon -R /srv + - name: make sure selinux contexts are right on srv + command: restorecon -R /srv changed_when: false diff --git a/playbooks/groups/qa.yml b/playbooks/groups/qa.yml new file mode 100644 index 0000000000..3134f1f850 --- /dev/null +++ b/playbooks/groups/qa.yml @@ -0,0 +1,119 @@ +--- +# create a new taskotron CI stg server +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=qa-prod:qa-stg" + +- name: make the box be real + hosts: qa-prod:qa-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: base, tags: ['base'] } + - { role: rkhunter, tags: ['rkhunter'] } + - { role: nagios_client, tags: ['nagios_client'] } + - hosts + - { role: fas_client, tags: ['fas_client'] } + - { role: collectd/base, tags: ['collectd_base'] } + - { role: sudo, tags: ['sudo'] } + - { role: openvpn/client, + when: deployment_type != "qa-stg", tags: ['openvpn_client'] } + - apache + + pre_tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + + tasks: + # this is how you include other task lists + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: configure phabricator + hosts: qa-prod:qa-stg + user: root + + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: mariadb_server, tags: ['mariadb'] } + - { role: phabricator, tags: ['phabricator'] } + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + +- name: configure qa buildbot CI + hosts: qa-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: taskotron/buildmaster, tags: ['buildmaster'] } + - { role: taskotron/buildmaster-configure, tags: ['buildmasterconfig'] } + - { role: taskotron/buildslave, tags: ['buildslave'] } + - { role: taskotron/buildslave-configure, tags: ['buildslaveconfig'] } + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: configure static sites for qa-stg + hosts: qa-prod:qa-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: ensure ServerName is set in httpd.conf + replace: dest=/etc/httpd/conf/httpd.conf regexp='^#ServerName .*$' replace='ServerName {{ external_hostname }}:443' + notify: + - reload httpd + tags: + - qastaticsites + + - name: create dirs for static sites + file: path={{ item.document_root }} state=directory owner=apache group=apache mode=1755 setype=httpd_sys_content_t + with_items: "{{ static_sites }}" + tags: + - qastaticsites + + - name: generate virtualhosts for static sites + template: src={{ files }}/httpd/qadevel-virtualhost.conf.j2 dest=/etc/httpd/conf.d/{{ item.name }}.conf owner=root group=root mode=0644 + with_items: "{{ static_sites }}" + notify: + - reload httpd + tags: + - qastaticsites + +# don't need this if buildbot is not enabled +# roles: +# - { role: taskotron/imagefactory-client, +# when: deployment_type != "qa-stg", tags: ['imagefactoryclient'] } +# + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + diff --git a/playbooks/groups/rabbitmq.yml b/playbooks/groups/rabbitmq.yml deleted file mode 100644 index 3c15690b9e..0000000000 --- a/playbooks/groups/rabbitmq.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "rabbitmq:rabbitmq_stg" - -- name: Make the box be real - hosts: rabbitmq:rabbitmq_stg - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - base - - rkhunter - - nagios_client - - zabbix/zabbix_agent - - zabbix/zabbix_templates - - hosts - - ipa/client - - collectd/base - # RabbitMQ statistics are cluster-wide, only collect them on one member - - role: collectd/rabbitmq - when: inventory_hostname.startswith('rabbitmq03.iad2') - - rsyncd - - sudo - - rabbitmq_cluster - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/releng-compose.yml b/playbooks/groups/releng-compose.yml index 9a0042c4aa..d561686c81 100644 --- a/playbooks/groups/releng-compose.yml +++ b/playbooks/groups/releng-compose.yml @@ -3,29 +3,19 @@ # NOTE: make sure there is room/space for this instance on the buildvmhost # NOTE: most of these vars_path come from group_vars/releng or from hostvars ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "releng_compose:releng_compose_stg:releng_compose_eln:releng_compose_riscv" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=releng-compose:releng-stg:compose-ppc64-01.ppc.fedoraproject.org:compose-ppc64le-01.ppc.fedoraproject.org:compose-s390-01.s390.fedoraproject.org" - name: Setup releng compose hosts - hosts: releng_compose:releng_compose_stg:releng_compose_eln:releng_compose_riscv + hosts: releng-compose:releng-secondary:releng-stg user: root - gather_facts: true + gather_facts: True tags: - - releng-compose + - releng-compose vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/web/infra/ansible/vars/all/00-FedoraCycleNumber.yaml" - - "/srv/web/infra/ansible/vars/all/FedoraBranched.yaml" - - "/srv/web/infra/ansible/vars/all/FedoraBranchedNumber.yaml" - - "/srv/web/infra/ansible/vars/all/FedoraPreviousCycleNumber.yaml" - - "/srv/web/infra/ansible/vars/all/FedoraPreviousPrevious.yaml" - - "/srv/web/infra/ansible/vars/all/FedoraPreviousPreviousCycleNumber.yaml" - - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" @@ -33,229 +23,62 @@ roles: - base - hosts - - ipa/client + - builder_repo + - fas_client - rkhunter - nagios_client - - zabbix/zabbix_agent - - zabbix/zabbix_templates - collectd/base - sudo - role: keytab/service service: compose - host: "compose-x86-01.stg.iad2.fedoraproject.org" + host: "composer.stg.phx2.fedoraproject.org" when: env == "staging" - role: keytab/service service: compose host: "koji{{env_suffix}}.fedoraproject.org" - owner_group: releng-team - when: env == "staging" or koji_instance == "primary" - - role: keytab/service - service: compose - host: "riscv-koji.fedoraproject.org" - owner_group: sysadmin-riscv - when: koji_instance == "secondary" - role: keytab/service service: mash host: "koji{{env_suffix}}.fedoraproject.org" - when: env == "staging" or koji_instance == "primary" + - role: loopabull/target + loopabull_role: koji + when: inventory_hostname == 'composer.stg.phx2.fedoraproject.org' + - role: loopabull/target + loopabull_role: ociimage + when: inventory_hostname == 'composer.stg.phx2.fedoraproject.org' + - { role: nfs/client, when: "'releng-stg' not in group_names", mnt_dir: '/mnt/fedora_koji', nfs_src_dir: "{{ koji_hub_nfs }}" } + - { role: nfs/client, when: "'releng-compose' in group_names", mnt_dir: '/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' } + - { role: nfs/client, when: "'releng-secondary' in group_names", mnt_dir: '/pub/fedora-secondary', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub/fedora-secondary' } + - { role: nfs/client, when: "'releng-stg' in group_names", mnt_dir: '/mnt/fedora_koji_prod', nfs_src_dir: "{{ koji_hub_nfs }}" } + - fedmsg/base - role: releng tags: - releng - -# production composer nfs mounts - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji' - nfs_src_dir: "{{ koji_hub_nfs }}" - when: "'releng_compose' or 'releng_compose_eln' in group_names" - - role: nfs/client - mnt_dir: '/mnt/koji/ostree' - nfs_src_dir: 'fedora_ostree_content/ostree' - when: "'releng_compose' in group_names" - - role: nfs/client - mnt_dir: '/mnt/koji/compose/ostree' - nfs_src_dir: 'fedora_ostree_content/compose/ostree' - when: "'releng_compose' in group_names" - - role: nfs/client - mnt_dir: '/mnt/koji/ostree' - nfs_src_dir: 'fedora_ostree_content/ostree' - when: "'releng_compose' in group_names" - - role: nfs/client - mnt_dir: '/mnt/koji/compose/ostree' - nfs_src_dir: 'fedora_ostree_content/compose/ostree' - when: "'releng_compose' in group_names" - - role: nfs/client - mnt_dir: '/pub' - nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' - when: "'releng_compose' in group_names and koji_instance != 'secondary'" - - role: nfs/client - mnt_dir: '/mnt/fedora_riscv_koji' - nfs_src_dir: "{{ koji_hub_nfs }}" - when: "'releng_compose_riscv' in group_names" - -# staging composer nfs mounts - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji_prod' - nfs_src_dir: "{{ koji_hub_nfs }}" - mount_stg: true - nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" - when: "'releng_compose_stg' in group_names" - - role: nfs/client - mnt_dir: '/mnt/fedora_koji_prod/koji/ostree' - nfs_src_dir: 'fedora_ostree_content/ostree' - mount_stg: true - nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" - when: "'releng_compose_stg' in group_names" - - role: nfs/client - mnt_dir: '/mnt/fedora_koji_prod/koji/compose/ostree' - nfs_src_dir: 'fedora_ostree_content/compose/ostree' - mount_stg: true - nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" - when: "'releng_compose_stg' in group_names" - - - role: nfs/client - mnt_dir: '/srv/fedora_ftp_archive' - nfs_src_dir: 'fedora_ftp_archive' - when: inventory_hostname.startswith('compose-rawhide') -# -# mount archive volumes on composer so we can run the archiving script there. -# - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive00' - nfs_src_dir: '/fedora_koji_archive00' - when: "'releng_compose' in group_names" - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive01' - nfs_src_dir: '/fedora_koji_archive01' - when: "'releng_compose' in group_names" - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive02' - nfs_src_dir: '/fedora_koji_archive02' - when: "'releng_compose' in group_names" - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive03' - nfs_src_dir: '/fedora_koji_archive03' - when: "'releng_compose' in group_names" - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive04' - nfs_src_dir: '/fedora_koji_archive04' - when: "'releng_compose' in group_names" - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive05' - nfs_src_dir: '/fedora_koji_archive05' - when: "'releng_compose' in group_names" - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive06' - nfs_src_dir: '/fedora_koji_archive06' - when: "'releng_compose' in group_names" - - - role: rabbit/user - user_name: "pungi{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(pungi|compose|logger)\..* - when: koji_instance == "production" or env == "staging" - - { - role: "push-container-registry", - cert_dest_dir: "/etc/docker/certs.d/registry.stg.fedoraproject.org", - cert_src: "{{private}}/files/docker-registry/staging/pki/issued/containerstable.crt", - key_src: "{{private}}/files/docker-registry/staging/pki/private/containerstable.key", + role: "manage-container-images", + cert_dest_dir: "/etc/docker/certs.d/registry.stg.fedoraproject.org", + cert_src: "{{private}}/files/docker-registry/{{env}}/docker-registry-internal.pem", + key_src: "{{private}}/files/docker-registry/{{env}}/docker-registry-internal.key", when: env == "staging" } - { - role: "push-container-registry", - cert_dest_dir: "/etc/docker/certs.d/registry.fedoraproject.org", - cert_src: "{{private}}/files/docker-registry/{{env}}/pki/issued/containerstable.crt", - key_src: "{{private}}/files/docker-registry/{{env}}/pki/private/containerstable.key", - when: env == "production" - } - - { - role: login-registry, - candidate_registry: "candidate-registry.stg.fedoraproject.org", - candidate_registry_osbs_username: "{{candidate_registry_osbs_stg_username}}", - candidate_registry_osbs_password: "{{candidate_registry_osbs_stg_password}}", + role: "manage-container-images", + cert_dest_dir: "/etc/docker/certs.d/candidate-registry.stg.fedoraproject.org", + cert_src: "{{private}}/files/docker-registry/{{env}}/docker-registry-internal.pem", + key_src: "{{private}}/files/docker-registry/{{env}}/docker-registry-internal.key", when: env == "staging" } - - { - role: login-registry, - candidate_registry: "candidate-registry.fedoraproject.org", - candidate_registry_osbs_username: "{{candidate_registry_osbs_prod_username}}", - candidate_registry_osbs_password: "{{candidate_registry_osbs_prod_password}}", - when: env == "production" - } - - { - role: login-registry, - candidate_registry: "quay.io", - candidate_registry_osbs_username: "{{quay_io_username}}", - candidate_registry_osbs_password: "{{quay_io_password}}", - when: env == "production" - } tasks: # this is how you include other task lists - - name: install skopeo and buildah for container management - ansible.builtin.package: - name: - - skopeo - - buildah - tags: - - containerrebuild - - - name: Install ansible for container automated rebuilds - ansible.builtin.package: - name: - - ansible - - python3-dockerfile-parse - tags: - - containerrebuild - - - name: Set releng user keytab - ansible.builtin.copy: - src: "{{private}}/files/keytabs/{{env}}/releng" - dest: /etc/krb5.releng.keytab - owner: root - group: "releng-team" - mode: "0640" - tags: - - containerrebuild - - - name: Copy releng ssh key for rebuild fedpkg/distgit pushes - ansible.builtin.copy: - src: "{{private}}/files/releng/sshkeys/container-rebuild-{{env}}" - dest: /etc/pki/releng - owner: root - group: "releng-team" - mode: "0600" - tags: - - containerrebuild - - - name: Place relengpush script for automatic rebuilds - ansible.builtin.copy: - src: "{{files}}/releng/relengpush" - dest: "/usr/local/bin/relengpush" - owner: root - group: "releng-team" - mode: "0750" - tags: - - containerrebuild - - - name: Place relengpush int script for automatic rebuilds - ansible.builtin.copy: - src: "{{files}}/releng/relengpush-int" - dest: "/usr/local/bin/relengpush-int" - owner: root - group: "releng-team" - mode: "0750" - tags: - - containerrebuild + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + - name: install skopeo for container management + package: + name: skopeo + state: latest + when: ansible_architecture != "ppc64" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/resultsdb-dev.yml b/playbooks/groups/resultsdb-dev.yml new file mode 100644 index 0000000000..324b9377dd --- /dev/null +++ b/playbooks/groups/resultsdb-dev.yml @@ -0,0 +1,55 @@ +--- +# create a new resultsdb dev server +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=resultsdb-dev" + +- name: make the box be real + hosts: resultsdb-dev + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: base, tags: ['base'] } + - { role: rkhunter, tags: ['rkhunter'] } + - { role: nagios_client, tags: ['nagios_client'] } + - { role: hosts, tags: ['hosts']} + - { role: fas_client, tags: ['fas_client'] } + - { role: collectd/base, tags: ['collectd_base'] } + - { role: dnf-automatic, tags: ['dnfautomatic'] } + - { role: sudo, tags: ['sudo'] } + - apache + + tasks: + # this is how you include other task lists + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: configure resultsdb and execdb + hosts: resultsdb-dev + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: taskotron/resultsdb-backend, tags: ['resultsdb-be'] } + - { role: taskotron/resultsdb-frontend, tags: ['resultsdb-fe'] } + - { role: taskotron/execdb, tags: ['execdb'] } + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + diff --git a/playbooks/groups/resultsdb-prod.yml b/playbooks/groups/resultsdb-prod.yml new file mode 100644 index 0000000000..85af1f3972 --- /dev/null +++ b/playbooks/groups/resultsdb-prod.yml @@ -0,0 +1,72 @@ +--- +# create a new resultsdb production server +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=resultsdb-prod" + +- name: make the box be real + hosts: resultsdb-prod + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: base, tags: ['base'] } + - { role: rkhunter, tags: ['rkhunter'] } + - { role: nagios_client, tags: ['nagios_client'] } + - { role: hosts, tags: ['hosts']} + - { role: fas_client, tags: ['fas_client'] } + - { role: collectd/base, tags: ['collectd_base'] } + - { role: sudo, tags: ['sudo'] } + - role: openvpn/client + - apache + - fedmsg/base + + tasks: + # this is how you include other task lists + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: configure resultsdb production + hosts: resultsdb-prod + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: taskotron/resultsdb-fedmsg, tags: ['resultsdb-fedmsg']} + - { role: taskotron/resultsdb-backend, tags: ['resultsdb-be'] } + - { role: taskotron/resultsdb-frontend, tags: ['resultsdb-fe'] } + - { role: taskotron/execdb, tags: ['execdb'] } + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: Install rdbsync + hosts: resultsdb-prod + user: root + gather_facts: True + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: rdbsync, tags: ['rdbsync']} diff --git a/playbooks/groups/resultsdb-stg.yml b/playbooks/groups/resultsdb-stg.yml new file mode 100644 index 0000000000..50044f12fc --- /dev/null +++ b/playbooks/groups/resultsdb-stg.yml @@ -0,0 +1,72 @@ +--- +# create a new resultsdb staging server +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=resultsdb-stg" + +- name: make the box be real + hosts: resultsdb-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: base, tags: ['base'] } + - { role: rkhunter, tags: ['rkhunter'] } + - { role: nagios_client, tags: ['nagios_client'] } + - { role: hosts, tags: ['hosts']} + - { role: fas_client, tags: ['fas_client'] } + - { role: collectd/base, tags: ['collectd_base'] } + - { role: sudo, tags: ['sudo'] } + - apache + - fedmsg/base + + tasks: + # this is how you include other task lists + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: configure resultsdb + hosts: resultsdb-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: taskotron/resultsdb-fedmsg, tags: ['resultsdb-fedmsg']} + - { role: taskotron/resultsdb-backend, tags: ['resultsdb-be'] } + - { role: taskotron/resultsdb-frontend, tags: ['resultsdb-fe'] } + - { role: taskotron/execdb, tags: ['execdb'] } + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: Install rdbsync + hosts: resultsdb-stg + user: root + gather_facts: True + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: rdbsync, tags: ['rdbsync']} + diff --git a/playbooks/groups/retrace.yml b/playbooks/groups/retrace.yml index 95e0ea5493..ec789e67c2 100644 --- a/playbooks/groups/retrace.yml +++ b/playbooks/groups/retrace.yml @@ -1,127 +1,55 @@ ---- -- name: AWS setup - hosts: retrace_stg_aws - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "{{ private }}/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - import_tasks: "{{ tasks_path }}/aws_cloud.yml" - - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" - - -# fedora-messaging setup -- name: Setup RabbitMQ - hosts: rabbitmq[0]:rabbitmq_stg[0] - user: root - gather_facts: false - tags: rabbitmq - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: rabbit/queue - queue_username: "faf{{ env_suffix }}" - queue_name: faf - queue_routing_keys: - - "org.fedoraproject.*.faf.report.threshold1" - - "org.fedoraproject.*.faf.report.threshold10" - - "org.fedoraproject.*.faf.report.threshold100" - - "org.fedoraproject.*.faf.report.threshold1000" - - "org.fedoraproject.*.faf.report.threshold1000" - - "org.fedoraproject.*.faf.report.threshold10000" - - "org.fedoraproject.*.faf.report.threshold100000" - - "org.fedoraproject.*.faf.report.threshold1000000" - - "org.fedoraproject.*.faf.problem.threshold1" - - "org.fedoraproject.*.faf.problem.threshold10" - - "org.fedoraproject.*.faf.problem.threshold100" - - "org.fedoraproject.*.faf.problem.threshold1000" - - "org.fedoraproject.*.faf.problem.threshold1000" - - "org.fedoraproject.*.faf.problem.threshold10000" - - "org.fedoraproject.*.faf.problem.threshold100000" - - "org.fedoraproject.*.faf.problem.threshold1000000" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.faf\..* +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=faf-stg:retrace-stg" - name: Setup retrace hosts - hosts: retrace,retrace_stg + hosts: retrace:faf-stg:retrace-stg user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "{{ private }}/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - when: datacenter != 'aws' + roles: + - base + - hosts + - fas_client + - rkhunter + - nagios_client + - sudo + - fedmsg/base tasks: - - import_role: name=base - - import_role: name=hosts - - import_role: name=openvpn/client - - import_role: name=ipa/client - when: env != 'staging' - - import_role: name=rkhunter - - import_role: name=nagios_client - - import_role: name=sudo + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" -- name: Setup FAF server - hosts: retrace,retrace_stg - gather_facts: true +- name: setup FAF server + hosts: retrace:faf-stg + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "{{ private }}/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - tasks: - - import_role: name=abrt/faf-pre - - import_role: name=abrt/faf - vars: - faf_web_on_root: false - faf_admin_mail: msuchy@redhat.com - faf_web_openid_privileged_teams: "provenpackager,proventesters" - faf_web_secret_key: "{{fedora_faf_web_secret_key}}" - faf_spool_dir: /srv/faf/ - - import_role: name=abrt/faf-post + roles: + - abrt/faf-local + - { role: abrt/faf, faf_web_on_root: false, faf_admin_mail: msuchy@redhat.com, faf_web_openid_privileged_teams: "provenpackager,proventesters", faf_web_secret_key: "{{fedora_faf_web_secret_key}}", faf_spool_dir: /srv/faf/ } -- name: Setup retrace server - hosts: retrace,retrace_stg - gather_facts: true +- name: setup retrace server + hosts: retrace:retrace-stg + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "{{ private }}/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - tasks: - - import_role: name=abrt/retrace-pre - - import_role: name=abrt/retrace - vars: - rs_require_gpg_check: false - rs_max_parallel_tasks: 12 - rs_max_packed_size: 1024 - rs_max_unpacked_size: 1280 - rs_min_storage_left: 1280 - rs_delete_task_after: 8 - rs_delete_failed_task_after: 1 - rs_repo_dir: /srv/retrace/repos - rs_save_dir: /srv/retrace/tasks - rs_faf_link_dir: /srv/retrace/hardlink-local - hostname: "{{ public_hostname }}" - faf_spool_dir: /srv/faf - faf_fedmsg_ca_cert: /etc/fedora-messaging/faf/ca.crt - faf_fedmsg_keyfile: /etc/fedora-messaging/faf/faf.key - faf_fedmsg_certfile: /etc/fedora-messaging/faf/faf.crt - - import_role: name=abrt/retrace-post + roles: + - abrt/retrace-local-pre + - { role: abrt/retrace, rs_require_gpg_check: false, rs_max_parallel_tasks: 12, rs_max_packed_size: 1024, rs_max_unpacked_size: 1280, rs_min_storage_left: 1280, rs_delete_task_after: 8, rs_delete_failed_task_after: 1, rs_repo_dir: /srv/retrace/repos, rs_save_dir: /srv/retrace/tasks, rs_faf_link_dir: /srv/retrace/hardlink-local, hostname: retrace.fedoraproject.org, faf_spool_dir: /srv/faf } + - abrt/retrace-local diff --git a/playbooks/groups/secondary.yml b/playbooks/groups/secondary.yml index d12b8ab02c..d01b35d9f4 100644 --- a/playbooks/groups/secondary.yml +++ b/playbooks/groups/secondary.yml @@ -1,31 +1,28 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "secondary" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=secondary" -- name: Setup secondary arch download server +- name: setup secondary arch download server hosts: secondary user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" roles: - base - rkhunter - nagios_client - hosts - - ipa/client + - fas_client - collectd/base - download - rsyncd - sudo - { role: nfs/client, mnt_dir: '/srv/pub/archive', - nfs_src_dir: 'fedora_ftp_archive' } + nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub/archive' } - { role: nfs/client, mnt_dir: '/srv/pub/alt', nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3", @@ -40,52 +37,38 @@ - role: httpd/mod_ssl - role: httpd/certificate - certname: "{{wildcard_cert_name}}" + name: "{{wildcard_cert_name}}" SSLCertificateChainFile: "{{wildcard_int_file}}" - role: httpd/website - vars: - - site_name: secondary.fedoraproject.org - - cert_name: "{{wildcard_cert_name}}" + name: secondary.fedoraproject.org + cert_name: "{{wildcard_cert_name}}" server_aliases: - archive.fedoraproject.org - archives.fedoraproject.org - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + - name: Install some misc packages needed for various tasks - ansible.builtin.package: - state: present - name: - - createrepo - - koji - - python3-productmd - - isomd5sum + package: name={{ item }} state=present + with_items: + - createrepo + - koji + - python-scandir + - python2-productmd - - name: Add create-filelist script from quick-fedora-mirror - ansible.builtin.copy: src="{{ files }}/scripts/create-filelist.py2" dest=/usr/local/bin/create-filelist mode=0755 + - name: add create-filelist script from quick-fedora-mirror + copy: src="{{ files }}/scripts/create-filelist" dest=/usr/local/bin/create-filelist mode=0755 - - name: Add cron script to update fullfiletimelist - ansible.builtin.copy: src="{{ files }}/scripts/update-fullfiletimelist" dest=/usr/local/bin/update-fullfiletimelist mode=0755 - - - name: Add cron script to prune old logs at /srv/pub/alt/linuxsystemroles/logs - ansible.builtin.copy: src="{{ files }}/scripts/linuxsystemroles-logs-clean" dest=/usr/local/bin/linuxsystemroles-logs-clean mode=0755 + - name: add cron script to update fullfiletimelist + copy: src="{{ files }}/scripts/update-fullfiletimelist" dest=/usr/local/bin/update-fullfiletimelist mode=0755 - name: Update fullfiletimelist job - cron: name="update-fullfiletimelist" hour="*/2" minute="55" user="root" + cron: name="update-fullfiletimelist" hour="*" minute="55" user="root" job="/usr/local/bin/lock-wrapper update-fullfiletimelist '/usr/local/bin/update-fullfiletimelist -l /tmp/update-fullfiletimelist.lock -t /srv/pub alt'" cron_file=update-fullfiletimelist - - name: Prune old logs at /srv/pub/alt/linuxsystemroles/logs - cron: name="linuxsystemroles-logs-clean" hour="0" minute="15" user="root" - job="/usr/local/bin/linuxsystemroles-logs-clean /srv/pub/alt/linuxsystemroles/logs >/dev/null" - cron_file=linuxsystemroles-logs-clean - - - name: Set MAILTO for the previous cron job - cron: env=true name=MAILTO value="systemroles-owner@lists.fedorahosted.org" - cron_file=linuxsystemroles-logs-clean user=root - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/sign-bridge.yml b/playbooks/groups/sign-bridge.yml index dd955b3a1e..f9a9a563cc 100644 --- a/playbooks/groups/sign-bridge.yml +++ b/playbooks/groups/sign-bridge.yml @@ -6,26 +6,23 @@ # Access is via management interface only. This playbook does initial setup. # Please check with rel-eng before doing anything here. ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "sign_bridge" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=sign-bridge" -- name: Configure sign bridge server - hosts: sign_bridge +- name: configure sign bridge server + hosts: sign-bridge user: root gather_facts: true vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - rkhunter - hosts - - ipa/client + - fas_client - sudo - nagios_client - sigul/bridge @@ -34,8 +31,10 @@ owner_user: sigul owner_group: sigul - pre_tasks: + tasks: + - import_tasks: "{{ tasks_path }}/motd.yml" - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/smtp-auth.yml b/playbooks/groups/smtp-auth.yml deleted file mode 100644 index 8a4b9fb566..0000000000 --- a/playbooks/groups/smtp-auth.yml +++ /dev/null @@ -1,33 +0,0 @@ -# create smtp auth servers - ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "smtp_auth" - -- name: Make the box be real - hosts: smtp_auth - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - rkhunter - - nagios_client - - hosts - - { role: openvpn/client, - when: env != "staging" } - - ipa/client - - collectd/base - - sudo - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/smtp-mm.yml b/playbooks/groups/smtp-mm.yml index c1fb394985..a76e192b11 100644 --- a/playbooks/groups/smtp-mm.yml +++ b/playbooks/groups/smtp-mm.yml @@ -1,33 +1,32 @@ # create smtp servers ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "smtp_mm" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=smtp-mm" -- name: Make the box be real - hosts: smtp_mm +- name: make the box be real + hosts: smtp-mm user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - rkhunter - nagios_client - hosts - - { role: openvpn/client, - when: env != "staging" } - - ipa/client + - fas_client - collectd/base - sudo + - { role: openvpn/client, + when: env != "staging" } - pre_tasks: + tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/statscache.yml b/playbooks/groups/statscache.yml new file mode 100644 index 0000000000..7c5948f43c --- /dev/null +++ b/playbooks/groups/statscache.yml @@ -0,0 +1,66 @@ +# create a new notifs-web server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/notifs-web* or from hostvars + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=statscache:statscache-stg" + +- name: make the box be real + hosts: statscache:statscache-stg + user: root + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - fedmsg/base + - sudo + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + +- name: Stuff just for the web frontend + hosts: statscache-web:statscache-web-stg + user: root + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + roles: + - mod_wsgi + - role: openvpn/client + when: env != "staging" + - statscache/frontend + +- name: Stuff just for the fedmsg backend + hosts: statscache-backend:statscache-backend-stg + user: root + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + roles: + - fedmsg/hub + - statscache/backend + - role: collectd/fedmsg-service + process: fedmsg-hub diff --git a/playbooks/groups/summershum.yml b/playbooks/groups/summershum.yml new file mode 100644 index 0000000000..199fb02613 --- /dev/null +++ b/playbooks/groups/summershum.yml @@ -0,0 +1,72 @@ +# create a new summershum server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=summershum:summershum-stg" + +- name: dole out the generic configuration + hosts: summershum:summershum-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - collectd/base + - hosts + - fas_client + - sudo + # The proxies don't actually need to talk to these hosts so we won't bother + # putting them on the vpn. + #- { role: openvpn/client, + # when: env != "staging" } + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: set up fedmsg basics + hosts: summershum:summershum-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - fedmsg/base + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: dole out the service-specific config + hosts: summershum:summershum-stg + user: root + gather_facts: True + + roles: + - fedmsg/hub + - summershum + - role: collectd/fedmsg-service + process: fedmsg-hub + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/sundries.yml b/playbooks/groups/sundries.yml index 8a9ece9937..d000218b2b 100644 --- a/playbooks/groups/sundries.yml +++ b/playbooks/groups/sundries.yml @@ -1,93 +1,65 @@ # create a new sundries server # # These servers run a number of smaller apps that don't merit their own instances. ---- +# -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "sundries:sundries_stg" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=sundries:sundries-stg" -- name: Make the box be real - hosts: sundries:sundries_stg +- name: make the box be real + hosts: sundries:sundries-stg user: root - gather_facts: true + gather_facts: True vars_files: - - "/srv/web/infra/ansible/vars/global.yml" - - "/srv/private/ansible/vars.yml" - - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - rkhunter - nagios_client - hosts - - { - role: openvpn/client, - when: env != "staging" - } - - ipa/client + - fas_client - collectd/base - mod_wsgi - geoip - geoip-city-wsgi/app - role: easyfix/gather - when: master_sundries_node|bool + when: master_sundries_node + - role: fedora_owner_change + when: master_sundries_node and env != "staging" - role: bz_review_report - when: master_sundries_node|bool and env != "staging" + when: master_sundries_node and env != "staging" - rsyncd - freemedia - sudo - pager_server + - { role: openvpn/client, + when: env != "staging" } + - role: review-stats/build + when: master_sundries_node + - role: zanata + when: master_sundries_node - role: fedora-web/build - when: master_sundries_node|bool - - role: fedora-web/translation - when: master_sundries_node|bool + when: master_sundries_node - role: fedora-budget/build - when: master_sundries_node|bool + when: master_sundries_node - role: fedora-docs/build - when: master_sundries_node|bool - - role: fedora-docs/translation - when: master_sundries_node|bool + when: master_sundries_node + - role: membership-map/build + when: master_sundries_node - role: developer/build - when: master_sundries_node|bool - - role: fedoraloveskde/build - when: master_sundries_node|bool - - role: rabbit/user - user_name: "sundries{{ env_suffix }}" - user_sent_topics: ^$ - when: master_sundries_node|bool and deployment_type == "stg" - - role: nfs/client - mnt_dir: '/srv/docs' - nfs_src_dir: 'openshift_{{ env_short }}_docs' - mount_stg: true - - role: nfs/client - mnt_dir: '/srv/websites' - nfs_src_dir: 'openshift_{{ env_short }}_websites' - mount_stg: true - - role: nfs/client - mnt_dir: '/srv/web/review-stats' - nfs_src_dir: 'openshift_{{ env_short }}_reviewstats' - mount_stg: true - - role: nfs/client - mnt_dir: '/srv/web/registry-index' - nfs_src_dir: 'flatpak-indexer-storage-stg' - mount_stg: true - when: master_sundries_node|bool and env == "staging" - - role: nfs/client - mnt_dir: '/srv/web/registry-index' - nfs_src_dir: 'flatpak-indexer-storage' - mount_stg: true - when: master_sundries_node|bool and env != "staging" - - role: nfs/client - mnt_dir: '/srv/web/codecs.fedoraproject.org' - nfs_src_dir: 'openshift_prod_codecs' - mount_stg: false - nfs_mount_opts: 'rw,bg,nfsvers=4' - when: master_sundries_node|bool and env != "staging" + when: master_sundries_node + - role: whatcanidoforfedora/build + when: master_sundries_node - pre_tasks: + tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + - import_tasks: "{{ tasks_path }}/reg-server.yml" + when: master_sundries_node and env == "staging" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/tagger.yml b/playbooks/groups/tagger.yml new file mode 100644 index 0000000000..ff22642269 --- /dev/null +++ b/playbooks/groups/tagger.yml @@ -0,0 +1,70 @@ +# create a new tagger server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/tagger* or from hostvars + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=tagger:tagger-stg" + +- name: make the box be real + hosts: tagger:tagger-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - rsyncd + - sudo + - { role: openvpn/client, + when: env != "staging" } + - mod_wsgi + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: dole out the service specific config + hosts: tagger:tagger-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - tagger + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +# This comes last because it relies on a group created by the tagger role. +- name: setup fedmsg + hosts: tagger:tagger-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - fedmsg/base + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/tang.yml b/playbooks/groups/tang.yml deleted file mode 100644 index e7e086f112..0000000000 --- a/playbooks/groups/tang.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "tang" - -- name: Make the box be real - hosts: tang - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - base - - rkhunter - - nagios_client - - hosts - - ipa/client - - rsyncd - - sudo - - tang - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/taskotron-client-hosts.yml b/playbooks/groups/taskotron-client-hosts.yml new file mode 100644 index 0000000000..45136937a2 --- /dev/null +++ b/playbooks/groups/taskotron-client-hosts.yml @@ -0,0 +1,72 @@ +# create a new taskotron client host server system +# NOTE: should be used with --limit most of the time +# NOTE: most of these vars_path come from group_vars/backup_server or from hostvars +# This has an extra role that configures the virthost to be used with beaker for +# virtual machine clients + +- name: basic configuration + hosts: taskotron-dev-client-hosts:taskotron-stg-client-hosts:taskotron-prod-client-hosts + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - sudo + - { role: openvpn/client, when: datacenter != "phx2" } + + tasks: + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: configure taskotron imagefactory + hosts: qa11.qa.fedoraproject.org:qa12.qa.fedoraproject.org + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: taskotron/imagefactory, tags: ['taskotronimagefactory'] } + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: configure taskotron client host + hosts: taskotron-dev-client-hosts:taskotron-stg-client-hosts:taskotron-prod-client-hosts + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: taskotron/taskotron-client, tags: ['taskotronclient'] } + - { role: taskotron/imagefactory-client, tags: ['imagefactoryclient']} + - { role: taskotron/buildslave, tags: ['buildslave'] } + - { role: taskotron/buildslave-configure, tags: ['buildslaveconfigure'] } + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + diff --git a/playbooks/groups/taskotron.yml b/playbooks/groups/taskotron.yml new file mode 100644 index 0000000000..a36f55f08e --- /dev/null +++ b/playbooks/groups/taskotron.yml @@ -0,0 +1,81 @@ +--- +# create a new taskotron dev server +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=taskotron-dev:taskotron-stg:taskotron-prod" + +- name: make the box be real + hosts: taskotron-dev:taskotron-stg:taskotron-prod + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: base, tags: ['base'] } + - { role: rkhunter, tags: ['rkhunter'] } + - { role: nagios_client, tags: ['nagios_client'] } + - { role: hosts, tags: ['hosts']} + - { role: fas_client, tags: ['fas_client'] } + - { role: collectd/base, tags: ['collectd_base'] } + - { role: dnf-automatic, tags: ['dnfautomatic'] } + - { role: sudo, tags: ['sudo'] } + - { role: openvpn/client, + when: deployment_type == "prod", tags: ['openvpn_client'] } + - apache + - { role: fedmsg/base } + + tasks: + # this is how you include other task lists + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: configure taskotron master + hosts: taskotron-dev:taskotron-stg:taskotron-prod + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: nfs/client, mnt_dir: '/srv/taskotron/', nfs_src_dir: 'fedora_taskotron_dev', nfs_mount_opts: 'rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3,sec=sys', when: deployment_type == 'dev' } + - { role: nfs/client, mnt_dir: '/srv/taskotron/', nfs_src_dir: 'fedora_taskotron_stg', nfs_mount_opts: 'rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3,sec=sys', when: deployment_type == 'stg' } + - { role: nfs/client, mnt_dir: '/srv/taskotron/', nfs_src_dir: 'fedora_taskotron_prod', nfs_mount_opts: 'rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3,sec=sys', when: deployment_type == 'prod' } + - { role: taskotron/grokmirror, tags: ['grokmirror'] } +# - { role: taskotron/cgit, tags: ['cgit'] } + - { role: taskotron/buildmaster, tags: ['buildmaster'] } + - { role: taskotron/buildmaster-configure, tags: ['buildmasterconfig'] } + - { role: taskotron/taskotron-trigger, tags: ['trigger'] } + - { role: taskotron/taskotron-frontend, tags: ['frontend'] } + - { role: taskotron/taskotron-master, tags: ['taskotronmaster'] } + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: configure standalone taskotron host + hosts: taskotron-dev + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: taskotron/taskotron-proxy, tags: ['taskotronproxy'] } + - { role: taskotron/ssl-taskotron, tags: ['ssltaskotron'] } + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/torrent.yml b/playbooks/groups/torrent.yml index 83d9aabf96..f80e989edb 100644 --- a/playbooks/groups/torrent.yml +++ b/playbooks/groups/torrent.yml @@ -1,41 +1,43 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "torrent" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=torrent" -- name: Make the box be real +- name: make the box be real hosts: torrent user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - hosts - rkhunter - nagios_client - - openvpn/client - - ipa/client + - fas_client - collectd/base - rsyncd - sudo + - openvpn/client - torrent - apache - role: httpd/mod_ssl - role: httpd/certificate - certname: "{{wildcard_cert_name}}" + name: "{{wildcard_cert_name}}" SSLCertificateChainFile: "{{wildcard_int_file}}" - - {role: httpd/website, vars: {site_name: torrent.fedoraproject.org, cert_name: "{{wildcard_cert_name}}", sslonly: true}} + - role: httpd/website + name: torrent.fedoraproject.org + cert_name: "{{wildcard_cert_name}}" + sslonly: true - pre_tasks: + tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/twisted-buildbots.yml b/playbooks/groups/twisted-buildbots.yml new file mode 100644 index 0000000000..2a5c853029 --- /dev/null +++ b/playbooks/groups/twisted-buildbots.yml @@ -0,0 +1,36 @@ +- name: check/create instances + hosts: twisted-buildbots + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + +- name: setup all the things + hosts: twisted-buildbots + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + + tasks: + + - name: add twisted key + authorized_key: user=root key="{{ item }}" + with_file: + - /srv/web/infra/ansible/files/twisted/ssh-pub-key + tags: + - config + - sshkeys diff --git a/playbooks/groups/unbound.yml b/playbooks/groups/unbound.yml new file mode 100644 index 0000000000..eb6cc900ed --- /dev/null +++ b/playbooks/groups/unbound.yml @@ -0,0 +1,31 @@ +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=unbound" + +- name: make the box be real + hosts: unbound + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - unbound + - sudo + - { role: openvpn/client, + when: env != "staging" } + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/value.yml b/playbooks/groups/value.yml index f05ac1c033..ef8819b4f9 100644 --- a/playbooks/groups/value.yml +++ b/playbooks/groups/value.yml @@ -1,50 +1,38 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "value:value_stg" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=value:value-stg" -- name: Make the box be real - hosts: value:value_stg +- name: make the box be real + hosts: value:value-stg user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - rkhunter - nagios_client - - zabbix/zabbix_agent - hosts - - {role: openvpn/client, - when: env != "staging"} - - ipa/client - - {role: keytab/service, - owner_user: daemon, - owner_group: daemon, - service: ursabot, - when: inventory_hostname.startswith('value02.stg')} - - {role: keytab/service, - owner_user: daemon, - owner_group: daemon, - service: zodbot, - when: inventory_hostname.startswith('value02.iad2')} + - fas_client - collectd/base - apache + - fedmsg/base + - fedmsg/irc - supybot - sudo - rsyncd - - {role: nfs/client, - nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3", - mnt_dir: '/srv/', - nfs_src_dir: 'fedora_value_{{env_short}}', - mount_stg: true } + - { role: openvpn/client, + when: env != "staging" } + - role: collectd/fedmsg-service + process: fedmsg-irc + - mote - pre_tasks: + tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/virthost.yml b/playbooks/groups/virthost.yml index a7997f339c..ee20c955bd 100644 --- a/playbooks/groups/virthost.yml +++ b/playbooks/groups/virthost.yml @@ -2,55 +2,34 @@ # NOTE: should be used with --limit most of the time # NOTE: most of these vars_path come from group_vars/backup_server or from hostvars ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/happy_birthday.yml" - vars: - myhosts: "virthost:bvirthost:buildvmhost:colo_virt" - - name: make virthost server system - hosts: virthost:bvirthost:buildvmhost:colo_virt + hosts: virthost:bvirthost:buildvmhost:virthost-comm:colo-virt user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - name: override nbde_client-network-flush to work around bug - ansible.builtin.copy: - src: "{{ files }}/common/nbde_client-network-flush" - dest: /usr/bin/nbde_client-network-flush - owner: root - group: root - mode: 755 - - - name: tell NetworkManager we don't want any auto connections - ansible.builtin.copy: - src: "{{ files }}/common/noautodefault.conf" - dest: /etc/NetworkManager/conf.d/noautodefault.conf - owner: root - group: root - mode: 644 - roles: - base - - {role: rkhunter, when: ansible_distribution_major_version|int < 10} - - {role: nagios_client, when: ansible_distribution_major_version|int < 10} - - {role: zabbix/zabbix_agent, when: ansible_distribution_major_version|int < 10} + - rkhunter + - nagios_client - hosts - - {role: openvpn/client, when: vpn|bool} - - ipa/client - - {role: collectd/base, when: ansible_distribution_major_version|int < 10} - - {role: iscsi_client, when: "inventory_hostname.startswith(('bvmhost-x86-06', 'bvmhost-x86-07', 'bvmhost-p09')) and datacenter == 'iad2'"} + - fas_client + - collectd/base + - { role: iscsi_client, when: "inventory_hostname.startswith(('bvirthost', 'buildvmhost'))" } - sudo + - { role: openvpn/client, when: datacenter != "phx2" } - virthost - - {role: linux-system-roles.nbde_client, tags: ['nbde_client'], when: datacenter == 'iad2' and nbde|bool} - - {role: serial-console, when: datacenter == 'iad2' and ansible_architecture != 's390x'} + + tasks: + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/wiki.yml b/playbooks/groups/wiki.yml index f40ee25648..4bab8ef09f 100644 --- a/playbooks/groups/wiki.yml +++ b/playbooks/groups/wiki.yml @@ -3,20 +3,17 @@ # These servers run mediawiki for the main fedora wiki instance. # ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "wiki:wiki_stg" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=wiki:wiki-stg" -- name: Make the box be real - hosts: wiki:wiki_stg +- name: make the box be real + hosts: wiki:wiki-stg user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" @@ -25,22 +22,22 @@ - base - rkhunter - nagios_client - - zabbix/zabbix_agent - hosts - - { role: openvpn/client, - when: env != "staging" } - - ipa/client + - fas_client - collectd/base - apache - # Set up for fedora-messaging - - role: rabbit/user - user_name: "mediawiki{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(wiki|logger)\..* - when: inventory_hostname.startswith('wiki01') - - { role: nfs/client, when: env == "staging", mnt_dir: '/mnt/web/attachments', nfs_src_dir: 'fedora_app_staging/app/attachments', mount_stg: true } - - { role: nfs/client, when: env != "staging", mnt_dir: '/mnt/web/attachments', nfs_src_dir: 'fedora_app/app/attachments' } - - mediawiki + - fedmsg/base + - { role: nfs/client, when: env == "staging", mnt_dir: '/mnt/web/attachments', nfs_src_dir: 'fedora_app_staging/app/attachments' } + - { role: nfs/client, when: env != "staging", mnt_dir: '/mnt/web/attachments', nfs_src_dir: 'fedora_app/app/attachments' } + - { role: mediawiki, when: env != "staging" } + - { role: mediawiki, when: env == "staging" } - sudo + - { role: openvpn/client, + when: env != "staging" } + + tasks: + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/zabbix.yml b/playbooks/groups/zabbix.yml deleted file mode 100644 index 0b17c0a020..0000000000 --- a/playbooks/groups/zabbix.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "zabbix_stg:zabbix" - -- name: Make the box be real - hosts: zabbix_stg:zabbix - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - rkhunter - - hosts - - ipa/client - - collectd/base - - sudo - - zabbix/zabbix_server - - { role: openvpn/client, when: env != "staging" } - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - tasks: - - name: Sync sysadmin-noc membership to the zabbix server - include_role: - name: zabbix/zabbix_server - tasks_from: sync_sysadmin_noc - apply: - tags: - - sync_users - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/zanata2fedmsg.yml b/playbooks/groups/zanata2fedmsg.yml new file mode 100644 index 0000000000..2acc1c3252 --- /dev/null +++ b/playbooks/groups/zanata2fedmsg.yml @@ -0,0 +1,54 @@ +# create a new zanata2fedmsg server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/zanata2fedmsg* or from hostvars + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=zanata2fedmsg:zanata2fedmsg-stg" + +- name: make the box be real + hosts: zanata2fedmsg:zanata2fedmsg-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - rsyncd + - sudo + - { role: openvpn/client, + when: env != "staging" } + - mod_wsgi + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: deploy service-specific config + hosts: zanata2fedmsg:zanata2fedmsg-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + roles: + - zanata2fedmsg + - fedmsg/base diff --git a/playbooks/host_reboot.yml b/playbooks/host_reboot.yml index c51a81a899..554b284a02 100644 --- a/playbooks/host_reboot.yml +++ b/playbooks/host_reboot.yml @@ -1,22 +1,27 @@ # requires --extra-vars="target=hostspec" ---- -- name: Reboot hosts +- name: reboot hosts hosts: "{{ target }}" - gather_facts: false + gather_facts: False user: root serial: 1 tasks: - - name: Tell nagios to shush + - name: tell nagios to shush nagios: action=downtime minutes=60 service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org + delegate_to: noc01.phx2.fedoraproject.org ignore_errors: true - - name: Reboot the host - reboot: reboot_timeout=1800 + - name: reboot the host + command: /sbin/shutdown -r 1 - - name: Tell nagios to unshush + - name: wait for host to come back - up to 15 minutes + local_action: wait_for host={{ target }} port=22 delay=120 timeout=900 search_regex=OpenSSH + + - name: sync time + command: ntpdate -u 1.rhel.pool.ntp.org + + - name: tell nagios to unshush nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org + delegate_to: noc01.phx2.fedoraproject.org ignore_errors: true diff --git a/playbooks/host_update.yml b/playbooks/host_update.yml index 6a6cb9905a..05d14df90b 100644 --- a/playbooks/host_update.yml +++ b/playbooks/host_update.yml @@ -3,51 +3,30 @@ # requires --extra-vars="target=somehostname yumcommand=update" ---- - -- name: Update the system +- name: update the system hosts: "{{ target }}" - gather_facts: true + gather_facts: false user: root tasks: + - name: expire-caches + command: yum clean expire-cache - - name: Apply updates - ansible.builtin.package: - state: latest - name: "*" - update_cache: true + - name: yum -y {{ yumcommand }} + command: yum -y {{ yumcommand }} async: 7200 poll: 30 - when: package_excludes is not defined - - debug: - msg: - - '!!!!!!!!!!!!!!!!!!! host {{ inventory_hostname }} has EXCLUDES OF {{ package_excludes }} !!!!!!!!!!!!!' - - '!!!!!!!!!!!!!!!!!!! DANGER DANGER DANGER ^ CHECK THAT EXCLUDES ARE STILL NEEDED ^ !!!!!!!!!!!!!!!!!!!!' - when: package_excludes is defined - changed_when: true - - - name: Apply updates with excludes - ansible.builtin.package: - state: latest - name: "*" - update_cache: true - exclude: "{{ package_excludes }}" - async: 7200 - poll: 30 - when: package_excludes is defined - -- name: Run rkhunter if installed - hosts: "{{ target }}" +- name: run rkhunter if installed + hosts: "{{ target }}" user: root tasks: - - name: Check for rkhunter - ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter + - name: check for rkhunter + command: /usr/bin/test -f /usr/bin/rkhunter register: rkhunter ignore_errors: true - - name: Run rkhunter --propupd - ansible.builtin.command: /usr/bin/rkhunter --propupd - when: rkhunter is success + - name: run rkhunter --propupd + command: /usr/bin/rkhunter --propupd + when: rkhunter|success diff --git a/playbooks/hosts/ansiblemagazine.fedorainfracloud.org.yml b/playbooks/hosts/ansiblemagazine.fedorainfracloud.org.yml new file mode 100644 index 0000000000..17d0514d00 --- /dev/null +++ b/playbooks/hosts/ansiblemagazine.fedorainfracloud.org.yml @@ -0,0 +1,73 @@ +- name: check/create instance + hosts: ansiblemagazine.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: setup all the things + hosts: ansiblemagazine.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + + tasks: + - name: add packages + package: state=present name={{ item }} + with_items: + - httpd + - php + - php-mysql + - mariadb-server + - mariadb + - mod_ssl + - php-mcrypt + - php-mbstring + - wget + - unzip + - postfix + - wordpress + + - name: enable httpd service + service: name=httpd enabled=yes state=started + + - name: configure postfix for ipv4 only + raw: postconf -e inet_protocols=ipv4 + + - name: enable local postfix service + service: name=postfix enabled=yes state=started + + roles: + - basessh + - nagios_client + - mariadb_server + + post_tasks: + - name: create databaseuser + mysql_user: name=ansiblemagazine + host=localhost + state=present + password="{{ ansiblemagazine_db_password }}" + priv="ansiblemagazine.*:ALL" + + - name: Wordpress cron + cron: name="Wordpress cron" + minute="*/10" + job="curl -s http://localhost:80/wp-cron.php >/dev/null" diff --git a/playbooks/hosts/artboard.fedorainfracloud.org.yml b/playbooks/hosts/artboard.fedorainfracloud.org.yml new file mode 100644 index 0000000000..fa3dae7058 --- /dev/null +++ b/playbooks/hosts/artboard.fedorainfracloud.org.yml @@ -0,0 +1,128 @@ +- name: check/create instance + hosts: artboard.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: setup all the things + hosts: artboard.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + + roles: + - basessh + + tasks: + + - name: Install common scripts + copy: src={{ item }} dest=/usr/local/bin/ owner=root group=root mode=0755 + with_fileglob: + - "{{ roles_path }}/base/files/common-scripts/*" + tags: + - config + - base + - artboard + + - name: set sebooleans so artboard can talk to the db + seboolean: name=httpd_can_network_connect_db state=true persistent=true + tags: + - selinux + - artboard + + - name: mount up disk of persistent storage + mount: name=/srv/persist src='LABEL=artboard' fstype=ext4 state=mounted + tags: + - artboard + + - name: check the selinux context of the artboard dirs + command: matchpathcon "/srv/persist/artboard/(.*)" + register: webcontext + check_mode: no + changed_when: false + tags: + - config + - selinux + - artboard + + - name: set the SELinux policy for the artboard web dir + command: semanage fcontext -a -t httpd_sys_content_t "/srv/persist/artboard/(.*)" + when: webcontext.stdout.find('httpd_sys_content_t') == -1 + tags: + - config + - selinux + - artboard + + # packages needed + - name: add packages + package: state=present name={{ item }} + with_items: + - rsync + - openssh-clients + - httpd + - httpd-tools + - php + - php-gd + - php-mysql + - cronie-noanacron + - mod_ssl + tags: + - artboard + + # packages needed to be gone + - name: erase packages + package: state=absent name={{ item }} + with_items: + - cronie-anacron + tags: + - artboard + + - name: artboard backup thing + copy: src="{{ files }}/artboard/artboard-backup" dest=/etc/cron.daily/artboard-backup mode=0755 + tags: + - artboard + + - name: make artboard subdir + file: path=/srv/persist/artboard mode=0755 state=directory + tags: + - artboard + + - name: link artboard into /var/www/html + file: state=link src=/srv/persist/artboard path=/var/www/html/artboard + tags: + - artboard + + - name: add apache confs + copy: src="{{ files }}/artboard/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}" backup=true + with_items: + - artboard.conf + - redirect.conf + notify: reload httpd + tags: + - artboard + + - name: startup apache + service: name=httpd state=started + tags: + - artboard + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/hosts/blockerbugs-dev.cloud.fedoraproject.org.yml b/playbooks/hosts/blockerbugs-dev.cloud.fedoraproject.org.yml new file mode 100644 index 0000000000..a5d0b48d41 --- /dev/null +++ b/playbooks/hosts/blockerbugs-dev.cloud.fedoraproject.org.yml @@ -0,0 +1,39 @@ +- name: check/create instance + hosts: blockerbugs-dev.cloud.fedoraproject.org + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + - import_tasks: "{{ tasks_path }}/growroot_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: provision instance + hosts: blockerbugs-dev.cloud.fedoraproject.org + user: root + gather_facts: True + vars: + - tcp_ports: [22, 80, 443] + - udp_ports: [] + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - basessh + + tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: mount up blockerbugs-dev to /srv/persistent + mount: name=/srv/persistent src='LABEL=blockerbugs-dev' fstype=ext4 state=mounted + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/hosts/cloud-noc01.cloud.fedoraproject.org.yml b/playbooks/hosts/cloud-noc01.cloud.fedoraproject.org.yml new file mode 100644 index 0000000000..94c9fbb8af --- /dev/null +++ b/playbooks/hosts/cloud-noc01.cloud.fedoraproject.org.yml @@ -0,0 +1,31 @@ +# This is a basic playbook + +- name: make cloud noc hardware + hosts: cloud-noc01.cloud.fedoraproject.org + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - sudo + - dhcp_server + - tftp_server + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + diff --git a/playbooks/hosts/cloud-noc01.fedorainfracloud.org.yml b/playbooks/hosts/cloud-noc01.fedorainfracloud.org.yml deleted file mode 100644 index 303c2a2d65..0000000000 --- a/playbooks/hosts/cloud-noc01.fedorainfracloud.org.yml +++ /dev/null @@ -1,60 +0,0 @@ -# This is a basic playbook - ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "cloud-noc01.fedorainfracloud.org" - -- name: Make cloud noc hardware - hosts: cloud-noc01.fedorainfracloud.org - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - rkhunter - - nagios_client - - hosts - - collectd/base - - sudo - - dhcp_server - - tftp_server - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - tasks: - - - name: Check if ntpd port is already known by selinux - ansible.builtin.shell: semanage port -l | grep ntp - register: ntp_selinux_port - check_mode: no - changed_when: false - failed_when: false - tags: - - config - - selinux - - - name: Allow alternate ntpd port - ansible.builtin.command: semanage port -a -t ntp_port_t -p tcp 124 - when: '"124" not in ntp_selinux_port' - failed_when: false - tags: - - config - - selinux - - - name: Allow alternate ntpd port - ansible.builtin.command: semanage port -a -t ntp_port_t -p udp 124 - when: '"124" not in ntp_selinux_port' - failed_when: false - tags: - - config - - selinux - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/hosts/commops.fedorainfracloud.org.yml b/playbooks/hosts/commops.fedorainfracloud.org.yml new file mode 100644 index 0000000000..bea8320622 --- /dev/null +++ b/playbooks/hosts/commops.fedorainfracloud.org.yml @@ -0,0 +1,32 @@ +- name: check/create instance + hosts: commops.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: setup all the things + hosts: commops.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + + roles: + - basessh diff --git a/playbooks/hosts/communityblog.fedorainfracloud.org.yml b/playbooks/hosts/communityblog.fedorainfracloud.org.yml new file mode 100644 index 0000000000..e0e00d10e3 --- /dev/null +++ b/playbooks/hosts/communityblog.fedorainfracloud.org.yml @@ -0,0 +1,73 @@ +- name: check/create instance + hosts: communityblog.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: setup all the things + hosts: communityblog.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + + tasks: + - name: add packages + package: state=present name={{ item }} + with_items: + - httpd + - php + - php-mysql + - mariadb-server + - mariadb + - mod_ssl + - php-mcrypt + - php-mbstring + - wget + - unzip + - postfix + - wordpress + + - name: enable httpd service + service: name=httpd enabled=yes state=started + + - name: configure postfix for ipv4 only + raw: postconf -e inet_protocols=ipv4 + + - name: enable local postfix service + service: name=postfix enabled=yes state=started + + roles: + - basessh + - nagios_client + - mariadb_server + + post_tasks: + - name: create databaseuser + mysql_user: name=commbloguser + host=localhost + state=present + password="{{ communityblog_db_password }}" + priv="wp.*:ALL" + + - name: Wordpress cron + cron: name="Wordpress cron" + minute="*/10" + job="curl http://localhost:8008/wp-cron.php >/dev/null" diff --git a/playbooks/hosts/darkserver-dev.fedorainfracloud.org.yml b/playbooks/hosts/darkserver-dev.fedorainfracloud.org.yml new file mode 100644 index 0000000000..281a3fb72a --- /dev/null +++ b/playbooks/hosts/darkserver-dev.fedorainfracloud.org.yml @@ -0,0 +1,33 @@ +- name: check/create instance + hosts: darkserver-dev.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + - import_tasks: "{{ tasks_path }}/growroot_cloud_el7.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: setup all the things + hosts: darkserver-dev.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + + roles: + - basessh diff --git a/playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml b/playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml new file mode 100644 index 0000000000..344deded63 --- /dev/null +++ b/playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml @@ -0,0 +1,83 @@ +# This is a basic playbook + +- name: dole out the generic configuration + hosts: data-analysis01.phx2.fedoraproject.org + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + + roles: + - base + - rkhunter + - hosts + - fas_client + - nagios_client + - collectd/base + - sudo + - role: keytab/service + owner_user: apache + owner_group: apache + service: HTTP + host: "data-analysis.fedoraproject.org" + when: env == "production" + - awstats + - web-data-analysis + + tasks: + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: dole out the service-specific config + hosts: data-analysis01.phx2.fedoraproject.org + user: root + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + roles: + - role: nfs/client + mnt_dir: '/mnt/fedora_stats' + nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" + nfs_src_dir: 'fedora_stats' + - geoip + + tasks: + - name: install needed packages + package: name={{ item }} state=present + with_items: + - httpd + - httpd-tools + - mod_ssl + - rsync + - openssh-clients + - emacs-nox + - emacs-git + - git + - bc + - python-geoip-geolite2 + - php-pdo + - php-gd + - php-xml + - php-mbstring + - php + - php-pecl-geoip + - gnuplot + - htmldoc + - mod_auth_gssapi + + +## diff --git a/playbooks/hosts/developer.fedorainfracloud.org.yml b/playbooks/hosts/developer.fedorainfracloud.org.yml new file mode 100644 index 0000000000..ccaadfbde2 --- /dev/null +++ b/playbooks/hosts/developer.fedorainfracloud.org.yml @@ -0,0 +1,32 @@ +- name: check/create instance + hosts: developer.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: setup all the things + hosts: developer.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + + roles: + - basessh diff --git a/playbooks/hosts/eclipse.fedorainfracloud.org.yml b/playbooks/hosts/eclipse.fedorainfracloud.org.yml new file mode 100644 index 0000000000..a6213b3bcd --- /dev/null +++ b/playbooks/hosts/eclipse.fedorainfracloud.org.yml @@ -0,0 +1,35 @@ +- name: check/create instance + hosts: eclipse.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: setup all the things + hosts: eclipse.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + + roles: + - basessh + + tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" diff --git a/playbooks/hosts/faitout.fedorainfracloud.org.yml b/playbooks/hosts/faitout.fedorainfracloud.org.yml new file mode 100644 index 0000000000..c30969f383 --- /dev/null +++ b/playbooks/hosts/faitout.fedorainfracloud.org.yml @@ -0,0 +1,32 @@ +- name: check/create instance + hosts: faitout.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: setup all the things + hosts: faitout.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + + roles: + - basessh diff --git a/playbooks/hosts/fas2-dev.fedorainfracloud.org.yml b/playbooks/hosts/fas2-dev.fedorainfracloud.org.yml new file mode 100644 index 0000000000..a55e0e20ba --- /dev/null +++ b/playbooks/hosts/fas2-dev.fedorainfracloud.org.yml @@ -0,0 +1,32 @@ +- name: check/create instance + hosts: fas2-dev.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: setup all the things + hosts: fas2-dev.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + + roles: + - basessh diff --git a/playbooks/hosts/fas3-dev.fedorainfracloud.org.yml b/playbooks/hosts/fas3-dev.fedorainfracloud.org.yml new file mode 100644 index 0000000000..fea251f09c --- /dev/null +++ b/playbooks/hosts/fas3-dev.fedorainfracloud.org.yml @@ -0,0 +1,32 @@ +- name: check/create instance + hosts: fas3-dev.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: setup all the things + hosts: fas3-dev.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + + roles: + - basessh diff --git a/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml b/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml new file mode 100644 index 0000000000..3542083dfa --- /dev/null +++ b/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml @@ -0,0 +1,1289 @@ +--- +- name: Prepare storage on compute nodes + hosts: openstack-compute + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + # This is in fact duplicate from compute nodes, just be sure in case we did not run + # compute nodes playbook yet. + - name: Create logical volume for Swift + lvol: vg=vg_server lv=swift_store size=100g shrink=no + - name: Create FS on Swift storage + filesystem: fstype=ext4 dev=/dev/vg_server/swift_store + - name: SSH authorized key for root user + authorized_key: user=root key="{{ lookup('file', files + '/fedora-cloud/fed09-ssh-key.pub') }}" + +- name: deploy Open Stack controler + hosts: fed-cloud09.cloud.fedoraproject.org + gather_facts: True + + vars: + # this is actually without admin tenant + all_tenants: ['cloudintern', 'cloudsig', 'copr', 'coprdev', 'infrastructure', + 'persistent', 'pythonbots', 'qa', 'scratch', 'transient', 'openshift', 'maintainertest', 'aos-ci-cd'] + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + roles: + - base + - rkhunter + - nagios_client + - fas_client + - sudo + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + vars: + root_auth_users: msuchy + - import_tasks: "{{ tasks_path }}/motd.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + + - name: set root passwd + user: name=root password={{ cloud_rootpw }} state=present + tags: + - rootpw + - name: Set the hostname + hostname: name={{ controller_hostname }} + + - name: Deploy root private SSH key + copy: src={{ private }}/files/openstack/fed-cloud09-root.key dest=/root/.ssh/id_rsa mode=600 owner=root group=root + - name: Deploy root public SSH key + copy: src={{ files }}/fedora-cloud/fed09-ssh-key.pub dest=/root/.ssh/id_rsa.pub mode=600 owner=root group=root + - authorized_key: user=root key="{{ lookup('file', files + '/fedora-cloud/fed09-ssh-key.pub') }}" + + - name: install core pkgs + package: state=present pkg={{ item }} + with_items: + - libselinux-python + - ntp + - wget + - scsi-target-utils + - lvm2 + - iptables-services + + - name: disable selinux + selinux: policy=targeted state=permissive + + - service: name=tgtd state=started enabled=yes + + - name: Create logical volume for Swift + lvol: vg=vg_server lv=swift_store size=100g shrink=no + - name: Create FS on Swift storage + filesystem: fstype=ext4 dev=/dev/vg_server/swift_store + + - template: src={{ files }}/fedora-cloud/hosts dest=/etc/hosts owner=root mode=0644 + + - stat: path=/etc/packstack_sucessfully_finished + register: packstack_sucessfully_finished + + # http://docs.openstack.org/trunk/install-guide/install/yum/content/basics-networking.html + - service: name=NetworkManager state=stopped enabled=no + - service: name=network enabled=yes + - service: name=firewalld state=stopped enabled=no + ignore_errors: yes + - service: name=iptables state=started enabled=yes + + - name: ensure iptables is configured to allow rabbitmq traffic (port 5672/tcp) + lineinfile: + dest=/etc/sysconfig/iptables + state=present + regexp="^.*INPUT.*172\.24\.0\.10/24.*tcp.*{{ item }}.*ACCEPT" + insertbefore="^.*INPUT.*RELATED,ESTABLISHED.*ACCEPT" + line="-A INPUT -s 172.24.0.10/24 -p tcp -m multiport --dports {{ item }} -m comment --comment \"added by fedora-infra ansible\" -j ACCEPT" + backup=yes + with_items: + - 80,443 + - 3260 + - 3306 + - 5671 + - 5672 + - 6000,6001,6002,873 + - 8777 + - 27017 + - 5900:5999,16509 + - 16509,49152:49215 + notify: restart iptables + + # http://docs.openstack.org/trunk/install-guide/install/yum/content/basics-neutron-networking-controller-node.html + - command: ifdown br-tun + when: packstack_sucessfully_finished.stat.exists == False + ignore_errors: yes + - lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="^ONBOOT=" line="ONBOOT=yes" + notify: + - restart network + # only for first run + - lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="^NETMASK=" line="NETMASK=255.255.255.0" + when: packstack_sucessfully_finished.stat.exists == False + notify: + - restart network + - lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="^IPADDR=" line="IPADDR={{controller_private_ip}}" + when: packstack_sucessfully_finished.stat.exists == False + notify: + - restart network + - lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="BOOTPROTO=" line="BOOTPROTO=none" + notify: + - restart network + - template: src={{files}}/fedora-cloud/ifcfg-br-ex dest=/etc/sysconfig/network-scripts/ifcfg-br-ex owner=root mode=0644 + when: packstack_sucessfully_finished.stat.exists == False + notify: + - restart network + - template: src={{files}}/fedora-cloud/ifcfg-eth0 dest=/etc/sysconfig/network-scripts/ifcfg-eth0 owner=root mode=0644 + when: packstack_sucessfully_finished.stat.exists == False + notify: + - restart network + - command: ifup eth1 + when: packstack_sucessfully_finished.stat.exists == False + - meta: flush_handlers + + # http://docs.openstack.org/trunk/install-guide/install/yum/content/basics-ntp.html + - service: name=ntpd state=started enabled=yes + + # this two step can be done in one, but Ansible will then always show the action as changed + #- name: make sure epel-release is installed + # get_url: url=http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm dest=/root/ + #- package: state=present name=/root/epel-release-latest-7.noarch.rpm + + #- name: make sure latest openvswitch is installed + # get_url: url=http://people.redhat.com/~lkellogg/rpms/openvswitch-2.3.1-2.git20150113.el7.x86_64.rpm dest=/root/ + #- package: state=present name=/root/openvswitch-2.3.1-2.git20150113.el7.x86_64.rpm + + #- name: make sure latest openstack-utils is installed + # get_url: url=https://repos.fedorapeople.org/repos/openstack/openstack-juno/epel-7/openstack-utils-2014.2-1.el7.centos.noarch.rpm dest=/root/ + #- package: state=present name=/root/openstack-utils-2014.2-1.el7.centos.noarch.rpm + + - name: install basic openstack packages + package: state=present name={{ item }} + with_items: + - openstack-utils + - openstack-selinux + - openstack-packstack + - python-glanceclient + - rabbitmq-server + - ansible-openstack-modules + - openstack-keystone + - openstack-neutron + - openstack-nova-common + - haproxy + + - name: install etckeeper + package: state=present name=etckeeper + - name: init etckeeper + shell: cd /etc && etckeeper init + + + - name: add ssl cert files + copy: src={{ private }}/files/openstack/fedorainfracloud.org.{{item}} dest=/etc/pki/tls/certs/fedorainfracloud.org.{{item}} mode=0644 owner=root group=root + with_items: + - pem + - digicert.pem + - name: add ssl key file + copy: src={{ private }}/files/openstack/fedorainfracloud.org.key dest=/etc/pki/tls/private/fedorainfracloud.org.key mode=0600 owner=root group=root + changed_when: False + + - name: allow services key access + acl: name=/etc/pki/tls/private/fedorainfracloud.org.key entity={{item}} etype=user permissions="r" state=present + with_items: + - keystone + - neutron + - nova + - rabbitmq + - cinder + - ceilometer + - swift + + - file: state=directory path=/var/www/pub mode=0755 + - copy: src={{ private }}/files/openstack/fedorainfracloud.org.pem dest=/var/www/pub/ mode=644 + + # http://docs.openstack.org/trunk/install-guide/install/yum/content/basics-database-controller.html + - name: install mysql packages + package: state=present pkg={{ item }} + with_items: + - mariadb-galera-server + - MySQL-python + - ini_file: dest=/etc/my.cnf section="mysqld" option="bind-address" value="{{ controller_public_ip }}" + - ini_file: dest=/etc/my.cnf section="mysqld" option="default-storage-engine" value="innodb" + - ini_file: dest=/etc/my.cnf section="mysqld" option="collation-server" value="utf8_general_ci" + - ini_file: dest=/etc/my.cnf section="mysqld" option="init-connect" value="'SET NAMES utf8'" + - ini_file: dest=/etc/my.cnf section="mysqld" option="character-set-server" value="utf8" + - service: name=mariadb state=started enabled=yes + # 'localhost' needs to be the last item for idempotency, see + # http://ansible.cc/docs/modules.html#mysql-user + - name: update mysql root password for localhost before setting .my.cnf + mysql_user: name=root host=localhost password={{ DBPASSWORD }} + - name: copy .my.cnf file with root password credentials + template: src={{ files }}/fedora-cloud/my.cnf dest=/root/.my.cnf owner=root mode=0600 + - name: update mysql root password for all root accounts + mysql_user: name=root host={{ item }} password={{ DBPASSWORD }} + with_items: + - "{{ controller_public_ip }}" + - 127.0.0.1 + - ::1 + - name: copy .my.cnf file with root password credentials + template: src={{ files }}/fedora-cloud/my.cnf dest=/root/.my.cnf owner=root mode=0600 + - name: delete anonymous MySQL server user for $server_hostname + mysql_user: user="" host="{{ controller_public_ip }}" state="absent" + - name: delete anonymous MySQL server user for localhost + mysql_user: user="" state="absent" + - name: remove the MySQL test database + mysql_db: db=test state=absent + + # WORKAROUNDS - already reported to OpenStack team + - lineinfile: + dest=/usr/lib/python2.7/site-packages/packstack/plugins/dashboard_500.py + regexp=" host_resources\.append\(*ssl_key, 'ssl_ps_server.key'\)*" + line=" host_resources.append((ssl_key, 'ssl_ps_server.key'))" + backup=yes + - lineinfile: + dest=/usr/share/openstack-puppet/modules/rabbitmq/manifests/config.pp + regexp="RABBITMQ_NODE_PORT" + line=" 'RABBITMQ_NODE_PORTTTTT' => $port," + backup=yes + - package: state=present pkg=mongodb-server + - ini_file: dest=/usr/lib/systemd/system/mongod.service section=Service option=PIDFile value=/var/run/mongodb/mongod.pid + - lineinfile: + dest=/usr/lib/python2.7/site-packages/packstack/puppet/templates/mongodb.pp + regexp="pidfilepath" + line=" pidfilepath => '/var/run/mongodb/mongod.pid'" + insertbefore="^}" + - meta: flush_handlers + # http://openstack.redhat.com/Quickstart + - template: src={{ files }}/fedora-cloud/packstack-controller-answers.txt dest=/root/ owner=root mode=0600 + - command: packstack --answer-file=/root/packstack-controller-answers.txt + when: packstack_sucessfully_finished.stat.exists == False + - file: path=/etc/packstack_sucessfully_finished state=touch + when: packstack_sucessfully_finished.stat.exists == False + # FIXME we should really reboot here + + - name: Set shell to nova user to allow cold migrations + user: name=nova shell=/bin/bash + - name: SSH authorized key for nova user + authorized_key: user=nova key="{{fed_cloud09_nova_public_key}}" + - name: SSH public key for nova user + template: src={{ files }}/fedora-cloud/fed_cloud09_nova_public_key dest=/var/lib/nova/.ssh/id_rsa.pub owner=nova group=nova + - name: Deploy private SSH key + copy: src={{ private }}/files/openstack/fed-cloud09-nova.key dest=/var/lib/nova/.ssh/id_rsa mode=600 owner=nova group=nova + - copy: src={{files}}/fedora-cloud/nova-ssh-config dest=/var/lib/nova/.ssh/config owner=nova group=nova mode=640 + + # http://docs.openstack.org/icehouse/install-guide/install/yum/content/basics-queue.html + # https://openstack.redhat.com/Securing_services#qpid + #### FIXME + - lineinfile: dest=/etc/rabbitmq/rabbitmq-env.conf regexp="^RABBITMQ_NODE_PORT=" state="absent" + - service: name=rabbitmq-server state=started + + # flip endpoints internalurl to internal IP + # ceilometer + - shell: source /root/keystonerc_admin && keystone service-list | grep ceilometer | awk '{print $2}' + register: SERVICE_ID + check_mode: no + changed_when: false + - shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}' + register: ENDPOINT_ID + check_mode: no + changed_when: false + - shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v {{ controller_publicname }} && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'https://{{ controller_publicname }}:8777' --adminurl 'https://{{ controller_publicname }}:8777' --internalurl 'https://{{ controller_publicname }}:8777' ) || true + # cinder + - shell: source /root/keystonerc_admin && keystone service-list | grep 'cinder ' | awk '{print $2}' + register: SERVICE_ID + check_mode: no + changed_when: false + - shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}' + register: ENDPOINT_ID + check_mode: no + changed_when: false + - shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v {{ controller_publicname }} && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'https://{{ controller_publicname }}:8776/v1/%(tenant_id)s' --adminurl 'https://{{ controller_publicname }}:8776/v1/%(tenant_id)s' --internalurl 'https://{{ controller_publicname }}:8776/v1/%(tenant_id)s' ) || true + # cinderv2 + - shell: source /root/keystonerc_admin && keystone service-list | grep 'cinderv2' | awk '{print $2}' + register: SERVICE_ID + check_mode: no + changed_when: false + - shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}' + register: ENDPOINT_ID + check_mode: no + changed_when: false + - shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v {{ controller_publicname }} && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'https://{{ controller_publicname }}:8776/v2/%(tenant_id)s' --adminurl 'https://{{ controller_publicname }}:8776/v2/%(tenant_id)s' --internalurl 'https://{{ controller_publicname }}:8776/v2/%(tenant_id)s' ) || true + # glance + - shell: source /root/keystonerc_admin && keystone service-list | grep 'glance' | awk '{print $2}' + register: SERVICE_ID + check_mode: no + changed_when: false + - shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}' + register: ENDPOINT_ID + check_mode: no + changed_when: false + - shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v {{ controller_publicname }} && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'https://{{ controller_publicname }}:9292' --adminurl 'https://{{ controller_publicname }}:9292' --internalurl 'https://{{ controller_publicname }}:9292' ) || true + # neutron + - shell: source /root/keystonerc_admin && keystone service-list | grep 'neutron' | awk '{print $2}' + check_mode: no + changed_when: false + register: SERVICE_ID + - shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}' + check_mode: no + changed_when: false + register: ENDPOINT_ID + - shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v {{ controller_publicname }} && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'https://{{ controller_publicname }}:9696/' --adminurl 'https://{{ controller_publicname }}:9696/' --internalurl 'https://{{ controller_publicname }}:9696/' ) || true + # nova + - shell: source /root/keystonerc_admin && keystone service-list | grep 'nova ' | awk '{print $2}' + check_mode: no + changed_when: false + register: SERVICE_ID + - shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}' + check_mode: no + changed_when: false + register: ENDPOINT_ID + - shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v {{ controller_publicname }} && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'https://{{ controller_publicname }}:8774/v2/%(tenant_id)s' --adminurl 'https://{{ controller_publicname }}:8774/v2/%(tenant_id)s' --internalurl 'https://{{ controller_publicname }}:8774/v2/%(tenant_id)s' ) || true + # nova_ec2 + - shell: source /root/keystonerc_admin && keystone service-list | grep 'nova_ec2' | awk '{print $2}' + check_mode: no + changed_when: false + register: SERVICE_ID + - shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}' + check_mode: no + changed_when: false + register: ENDPOINT_ID + - shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v {{ controller_publicname }} && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'https://{{ controller_publicname }}:8773/services/Cloud' --adminurl 'https://{{ controller_publicname }}:8773/services/Admin' --internalurl 'https://{{ controller_publicname }}:8773/services/Cloud' ) || true + # novav3 + - shell: source /root/keystonerc_admin && keystone service-list | grep 'novav3' | awk '{print $2}' + check_mode: no + changed_when: false + register: SERVICE_ID + - shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}' + check_mode: no + changed_when: false + register: ENDPOINT_ID + - shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v {{ controller_publicname }} && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'https://{{ controller_publicname }}:8774/v3' --adminurl 'https://{{ controller_publicname }}:8774/v3' --internalurl 'https://{{ controller_publicname }}:8774/v3' ) || true + # swift + - shell: source /root/keystonerc_admin && keystone service-list | grep 'swift ' | awk '{print $2}' + check_mode: no + changed_when: false + register: SERVICE_ID + - shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}' + check_mode: no + changed_when: false + register: ENDPOINT_ID + - shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v {{ controller_publicname }} && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'https://{{controller_publicname}}:8080/v1/AUTH_%(tenant_id)s' --adminurl 'https://{{controller_publicname}}:8080' --internalurl 'https://{{controller_publicname}}:8080/v1/AUTH_%(tenant_id)s' ) || true + # swift_s3 + - shell: source /root/keystonerc_admin && keystone service-list | grep 'swift_s3' | awk '{print $2}' + check_mode: no + changed_when: false + register: SERVICE_ID + - shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}' + check_mode: no + changed_when: false + register: ENDPOINT_ID + - shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v {{ controller_publicname }} && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'https://{{ controller_publicname }}:8080' --adminurl 'https://{{ controller_publicname }}:8080' --internalurl 'https://{{ controller_publicname }}:8080' ) || true + # keystone --- !!!!! we need to use ADMIN_TOKEN here - this MUST be last before we restart OS and set up haproxy + - shell: source /root/keystonerc_admin && keystone service-list | grep 'keystone' | awk '{print $2}' + check_mode: no + changed_when: false + register: SERVICE_ID + - shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}' + check_mode: no + changed_when: false + register: ENDPOINT_ID + - ini_file: dest=/etc/keystone/keystone.conf section=ssl option=certfile value=/etc/haproxy/fedorainfracloud.org.combined + - ini_file: dest=/etc/keystone/keystone.conf section=ssl option=keyfile value=/etc/pki/tls/private/fedorainfracloud.org.key + - ini_file: dest=/etc/keystone/keystone.conf section=ssl option=ca_certs value=/etc/pki/tls/certs/fedorainfracloud.org.digicert.pem + - shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v {{ controller_publicname }} && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone --os-token '{{ADMIN_TOKEN}}' --os-endpoint 'http://{{ controller_publicname }}:35357/v2.0' endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'https://{{ controller_publicname }}:5000/v2.0' --adminurl 'https://{{ controller_publicname }}:35357/v2.0' --internalurl 'https://{{ controller_publicname }}:5000/v2.0' ) || true + - ini_file: dest=/etc/keystone/keystone.conf section=ssl option=enable value=True + - lineinfile: dest=/root/keystonerc_admin regexp="^export OS_AUTH_URL" line="export OS_AUTH_URL=https://{{ controller_publicname }}:5000/v2.0/" + + # Setup sysconfig file for novncproxy + - copy: src={{ files }}/fedora-cloud/openstack-nova-novncproxy dest=/etc/sysconfig/openstack-nova-novncproxy mode=644 owner=root group=root + + - ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=novncproxy_base_url value=https://{{ controller_publicname }}:6080/vnc_auto.html + + # set SSL for services + - ini_file: dest=/etc/nova/nova.conf section=keystone_authtoken option=auth_uri value=https://{{ controller_publicname }}:5000 + - ini_file: dest=/etc/nova/nova.conf section=keystone_authtoken option=auth_protocol value=https + - ini_file: dest=/etc/nova/nova.conf section=keystone_authtoken option=auth_host value={{ controller_publicname }} + - ini_file: dest=/etc/nova/nova.conf section=keystone_authtoken option=cafile value=/etc/pki/tls/certs/fedorainfracloud.org.digicert.pem + - ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=neutron_admin_auth_url value=https://{{ controller_publicname }}:35357/v2.0 + - ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=neutron_url value=https://{{ controller_publicname }}:9696 + - ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=osapi_compute_listen_port value=6774 + - ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=ec2_listen_port value=6773 + - ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=glance_api_servers value=https://{{ controller_publicname }}:9292 + - ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=cert value=/etc/pki/tls/certs/fedorainfracloud.org.pem + - ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=key value=/etc/pki/tls/private/fedorainfracloud.org.key + - ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=ca value=/etc/pki/tls/certs/fedorainfracloud.org.digicert.pem + - ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=novncproxy_host value={{ controller_publicname }} + - ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=ssl_only value=False + - ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=scheduler_default_filters value=RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,CoreFilter,DiskFilter + - ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=default_floating_pool value=external + + - ini_file: dest=/etc/glance/glance-api.conf section=keystone_authtoken option=auth_uri value=https://{{ controller_publicname }}:5000 + - ini_file: dest=/etc/glance/glance-api.conf section=keystone_authtoken option=auth_protocol value=https + - ini_file: dest=/etc/glance/glance-api.conf section=keystone_authtoken option=auth_host value={{ controller_publicname }} + - ini_file: dest=/etc/glance/glance-api.conf section=keystone_authtoken option=cafile value=/etc/pki/tls/certs/fedorainfracloud.org.digicert.pem + - ini_file: dest=/etc/glance/glance-api.conf section=DEFAULT option=bind_port value=7292 + # configure Glance to use Swift as backend + - ini_file: dest=/etc/glance/glance-api.conf section=DEFAULT option=default_store value=swift + - ini_file: dest=/etc/glance/glance-api.conf section=DEFAULT option=stores value=glance.store.swift.Store + - ini_file: dest=/etc/glance/glance-api.conf section=DEFAULT option=swift_store_auth_address value=https://{{ controller_publicname }}:5000/v2.0 + - ini_file: dest=/etc/glance/glance-api.conf section=DEFAULT option=swift_store_user value="services:swift" + - ini_file: dest=/etc/glance/glance-api.conf section=DEFAULT option=swift_store_key value="{{ SWIFT_PASS }}" + - ini_file: dest=/etc/glance/glance-api.conf section=DEFAULT option=swift_store_create_container_on_put value="True" + - shell: rsync /usr/share/glance/glance-api-dist-paste.ini /etc/glance/glance-api-paste.ini + - shell: rsync /usr/share/glance/glance-registry-dist-paste.ini /etc/glance/glance-registry-paste.ini + + - ini_file: dest=/etc/glance/glance-registry.conf section=keystone_authtoken option=auth_uri value=https://{{ controller_publicname }}:5000 + - ini_file: dest=/etc/glance/glance-registry.conf section=keystone_authtoken option=auth_host value={{ controller_publicname }} + - ini_file: dest=/etc/glance/glance-registry.conf section=keystone_authtoken option=auth_protocol value=https + - ini_file: dest=/etc/glance/glance-registry.conf section=keystone_authtoken option=cafile value=/etc/pki/tls/certs/fedorainfracloud.org.digicert.pem + + - ini_file: dest=/etc/glance/glance-cache.conf section=DEFAULT option=auth_url value=https://{{ controller_publicname }}:5000/v2.0 + + - ini_file: dest=/etc/glance/glance-scrubber.conf section=DEFAULT option=auth_url value=https://{{ controller_publicname }}:5000/v2.0 + + - ini_file: dest=/etc/cinder/cinder.conf section=keystone_authtoken option=auth_uri value=https://{{ controller_publicname }}:5000 + - ini_file: dest=/etc/cinder/cinder.conf section=keystone_authtoken option=auth_protocol value=https + - ini_file: dest=/etc/cinder/cinder.conf section=keystone_authtoken option=cafile value=/etc/pki/tls/certs/fedorainfracloud.org.digicert.pem + - ini_file: dest=/etc/cinder/cinder.conf section=DEFAULT option=backup_swift_url value=https://{{ controller_publicname }}:8080/v1/AUTH_ + - ini_file: dest=/etc/cinder/cinder.conf section=DEFAULT option=osapi_volume_listen_port value=6776 + - ini_file: dest=/etc/cinder/api-paste.conf section="filter:authtoken" option=auth_uri value=https://{{ controller_publicname }}:5000 + - ini_file: dest=/etc/cinder/api-paste.conf section="filter:authtoken" option=auth_host value={{ controller_publicname }} + - ini_file: dest=/etc/cinder/api-paste.conf section="filter:authtoken" option=auth_protocol value=https + - ini_file: dest=/etc/cinder/api-paste.conf section="filter:authtoken" option=service_protocol value=https + - ini_file: dest=/etc/cinder/api-paste.conf section="filter:authtoken" option=cafile value=/etc/pki/tls/certs/fedorainfracloud.org.digicert.pem + - ini_file: dest=/etc/cinder/api-paste.ini section="filter:authtoken" option=auth_uri value=https://{{ controller_publicname }}:5000 + - ini_file: dest=/etc/cinder/api-paste.ini section="filter:authtoken" option=auth_host value={{ controller_publicname }} + - ini_file: dest=/etc/cinder/api-paste.ini section="filter:authtoken" option=auth_protocol value=https + - ini_file: dest=/etc/cinder/api-paste.ini section="filter:authtoken" option=service_host value={{ controller_publicname }} + - ini_file: dest=/etc/cinder/api-paste.ini section="filter:authtoken" option=cafile value=/etc/pki/tls/certs/fedorainfracloud.org.digicert.pem + + - ini_file: dest=/etc/neutron/neutron.conf section=keystone_authtoken option=auth_uri value=https://{{ controller_publicname }}:5000 + - ini_file: dest=/etc/neutron/neutron.conf section=keystone_authtoken option=auth_protocol value=https + - ini_file: dest=/etc/neutron/neutron.conf section=keystone_authtoken option=auth_host value={{ controller_publicname }} + - ini_file: dest=/etc/neutron/neutron.conf section=keystone_authtoken option=cafile value=/etc/pki/tls/certs/fedorainfracloud.org.digicert.pem + - ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=nova_url value=https://{{ controller_publicname }}:8774/v2 + - ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=nova_admin_auth_url value=https://{{ controller_publicname }}:35357/v2.0 + - ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=use_ssl value=False + - ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=ssl_cert_file value=/etc/pki/tls/certs/fedorainfracloud.org.pem + - ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=ssl_key_file value=/etc/pki/tls/private/fedorainfracloud.org.key + - ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=ssl_ca_file value=/etc/pki/tls/certs/fedorainfracloud.org.digicert.pem + - ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=bind_port value=8696 + - lineinfile: dest=/etc/neutron/neutron.conf regexp="^service_provider = LOADBALANCER" line="service_provider = LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default" insertafter="\[service_providers]" + - lineinfile: dest=/etc/neutron/neutron.conf regexp="^service_provider = FIREWALL" line="service_provider = FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default" insertafter="\[service_providers]" + + - ini_file: dest=/etc/neutron/api-paste.conf section="filter:authtoken" option=auth_uri value=https://{{ controller_publicname }}:5000 + - ini_file: dest=/etc/neutron/api-paste.conf section="filter:authtoken" option=auth_host value={{ controller_publicname }} + - ini_file: dest=/etc/neutron/api-paste.conf section="filter:authtoken" option=auth_protocol value=https + - ini_file: dest=/etc/neutron/api-paste.conf section="filter:authtoken" option=cafile value=/etc/pki/tls/certs/fedorainfracloud.org.digicert.pem + + - ini_file: dest=/etc/neutron/metadata_agent.ini section="filter:authtoken" option=auth_url value=https://{{ controller_publicname }}:35357/v2.0 + - ini_file: dest=/etc/neutron/metadata_agent.ini section=DEFAULT option=auth_url value=https://{{ controller_publicname }}:35357/v2.0 + + - ini_file: dest=/etc/swift/proxy-server.conf section="filter:authtoken" option=auth_uri value=https://{{ controller_publicname }}:5000 + - ini_file: dest=/etc/swift/proxy-server.conf section="filter:authtoken" option=auth_protocol value=https + - ini_file: dest=/etc/swift/proxy-server.conf section="filter:authtoken" option=auth_host value={{ controller_publicname }} + - ini_file: dest=/etc/swift/proxy-server.conf section="filter:authtoken" option=cafile value=/etc/pki/tls/certs/fedorainfracloud.org.digicert.pem + - ini_file: dest=/etc/swift/proxy-server.conf section=DEFAULT option=bind_port value=7080 + - ini_file: dest=/etc/swift/proxy-server.conf section=DEFAULT option=bind_ip value=127.0.0.1 + + - ini_file: dest=/etc/ceilometer/ceilometer.conf section=keystone_authtoken option=auth_uri value=https://{{ controller_publicname }}:5000 + - ini_file: dest=/etc/ceilometer/ceilometer.conf section=keystone_authtoken option=auth_protocol value=https + - ini_file: dest=/etc/ceilometer/ceilometer.conf section=keystone_authtoken option=auth_host value={{ controller_publicname }} + - ini_file: dest=/etc/ceilometer/ceilometer.conf section=keystone_authtoken option=cafile value=/etc/pki/tls/certs/fedorainfracloud.org.digicert.pem + - ini_file: dest=/etc/ceilometer/ceilometer.conf section=service_credentials option=os_auth_url value=https://{{ controller_publicname }}:35357/v2.0 + - ini_file: dest=/etc/ceilometer/ceilometer.conf section=api option=port value=6777 + + # enable stunell to neutron + - shell: cat /etc/pki/tls/certs/fedorainfracloud.org.pem /etc/pki/tls/certs/fedorainfracloud.org.digicert.pem /etc/pki/tls/private/fedorainfracloud.org.key > /etc/haproxy/fedorainfracloud.org.combined + - file: path=/etc/haproxy/fedorainfracloud.org.combined owner=haproxy mode=644 + - copy: src={{ files }}/fedora-cloud/haproxy.cfg dest=/etc/haproxy/haproxy.cfg mode=644 owner=root group=root + # first OS have to free ports so haproxy can bind it, then we start OS on modified ports + #- shell: openstack-service stop + #- service: name=haproxy state=started enabled=yes + #- shell: openstack-service start + + - lineinfile: dest=/etc/openstack-dashboard/local_settings regexp="^OPENSTACK_KEYSTONE_URL " line="OPENSTACK_KEYSTONE_URL = 'https://{{controller_publicname}}:5000/v2.0'" + notify: + - reload httpd + - lineinfile: dest=/etc/openstack-dashboard/local_settings regexp="OPENSTACK_SSL_CACERT " line="OPENSTACK_SSL_CACERT = '/etc/pki/tls/certs/fedorainfracloud.org.digicert.pem'" + notify: + - reload httpd + + # configure cider with multi back-end + # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Cloud_Administrator_Guide/section_manage-volumes.html + - ini_file: dest=/etc/cinder/cinder.conf section=DEFAULT option="enabled_backends" value="equallogic-1,lvmdriver-1" + notify: + - restart cinder api + - restart cinder scheduler + - restart cinder volume + # LVM + - ini_file: dest=/etc/cinder/cinder.conf section="lvmdriver-1" option="volume_group" value="cinder-volumes" + notify: + - restart cinder api + - restart cinder scheduler + - restart cinder volume + - ini_file: dest=/etc/cinder/cinder.conf section="lvmdriver-1" option="volume_driver" value="cinder.volume.drivers.lvm.LVMISCSIDriver" + notify: + - restart cinder api + - restart cinder scheduler + - restart cinder volume + - ini_file: dest=/etc/cinder/cinder.conf section="lvmdriver-1" option="volume_backend_name" value="LVM_iSCSI" + notify: + - restart cinder api + - restart cinder scheduler + - restart cinder volume + # Dell EqualLogic - http://docs.openstack.org/trunk/config-reference/content/dell-equallogic-driver.html + - ini_file: dest=/etc/cinder/cinder.conf section="equallogic-1" option="volume_driver" value="cinder.volume.drivers.eqlx.DellEQLSanISCSIDriver" + notify: + - restart cinder api + - restart cinder scheduler + - restart cinder volume + - ini_file: dest=/etc/cinder/cinder.conf section="equallogic-1" option="san_ip" value="{{ IP_EQLX }}" + notify: + - restart cinder api + - restart cinder scheduler + - restart cinder volume + - ini_file: dest=/etc/cinder/cinder.conf section="equallogic-1" option="san_login" value="{{ SAN_UNAME }}" + notify: + - restart cinder api + - restart cinder scheduler + - restart cinder volume + - name: set password for equallogic-1 + ini_file: dest=/etc/cinder/cinder.conf section="equallogic-1" option="san_password" value="{{ SAN_PW }}" + notify: + - restart cinder api + - restart cinder scheduler + - restart cinder volume + - ini_file: dest=/etc/cinder/cinder.conf section="equallogic-1" option="eqlx_group_name" value="{{ EQLX_GROUP }}" + notify: + - restart cinder api + - restart cinder scheduler + - restart cinder volume + - ini_file: dest=/etc/cinder/cinder.conf section="equallogic-1" option="eqlx_pool" value="{{ EQLX_POOL }}" + notify: + - restart cinder api + - restart cinder scheduler + - restart cinder volume + - ini_file: dest=/etc/cinder/cinder.conf section="equallogic-1" option="volume_backend_name" value="equallogic" + notify: + - restart cinder api + - restart cinder scheduler + - restart cinder volume + + # flush handlers_path here in case cinder changes and we need to restart it. + - meta: flush_handlers + + # create storage types + # note that existing keys can be retrieved using: cinder extra-specs-list + - shell: source /root/keystonerc_admin && cinder type-create lvm + ignore_errors: yes + - shell: source /root/keystonerc_admin && cinder type-key lvm set volume_backend_name=lvm + - shell: source /root/keystonerc_admin && cinder type-create equallogic + ignore_errors: yes + - shell: source /root/keystonerc_admin && cinder type-key equallogic set volume_backend_name=equallogic + + # http://docs.openstack.org/icehouse/install-guide/install/yum/content/glance-verify.html + - file: path=/root/images state=directory + - get_url: url=http://cdn.download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img dest=/root/images/cirros-0.3.2-x86_64-disk.img mode=0440 + - name: Add the cirros-0.3.2-x86_64 image + glance_image: + login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin" + auth_url="https://{{controller_publicname}}:35357/v2.0" + name=cirros-0.3.2-x86_64 + disk_format=qcow2 + is_public=True + file=/root/images/cirros-0.3.2-x86_64-disk.img + + - name: create non-standard flavor + nova_flavor: + login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin" + auth_url="https://{{controller_publicname}}:35357/v2.0" + name="{{item.name}}" ram="{{item.ram}}" root="{{item.disk}}" vcpus="{{item.vcpus}}" swap="{{item.swap}}" + ephemeral=0 + with_items: + - { name: m1.builder, ram: 5120, disk: 50, vcpus: 2, swap: 5120 } + - { name: ms2.builder, ram: 5120, disk: 20, vcpus: 2, swap: 100000 } + - { name: m2.prepare_builder, ram: 5000, disk: 16, vcpus: 2, swap: 0 } + # same as m.* but with swap + - { name: ms1.tiny, ram: 512, disk: 1, vcpus: 1, swap: 512 } + - { name: ms1.small, ram: 2048, disk: 20, vcpus: 1, swap: 2048 } + - { name: ms1.medium, ram: 4096, disk: 40, vcpus: 2, swap: 4096 } + - { name: ms1.medium.bigswap, ram: 4096, disk: 40, vcpus: 2, swap: 40000 } + - { name: ms1.large, ram: 8192, disk: 50, vcpus: 4, swap: 4096 } + - { name: ms1.xlarge, ram: 16384, disk: 160, vcpus: 8, swap: 16384 } + # inspired by http://aws.amazon.com/ec2/instance-types/ + - { name: c4.large, ram: 3072, disk: 0, vcpus: 2, swap: 0 } + - { name: c4.xlarge, ram: 7168, disk: 0, vcpus: 4, swap: 0 } + - { name: c4.2xlarge, ram: 14336, disk: 0, vcpus: 8, swap: 0 } + - { name: r3.large, ram: 16384, disk: 32, vcpus: 2, swap: 16384 } + + + ##### download common Images ##### + # restricted images (RHEL) are handled two steps below + - name: Add the images + glance_image: + login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin" + auth_url="https://{{controller_publicname}}:35357/v2.0" + name="{{ item.name }}" + disk_format=qcow2 + is_public=True + copy_from="{{ item.copy_from }}" + with_items: + - name: Fedora-x86_64-20-20131211.1 + copy_from: https://dl.fedoraproject.org/pub/fedora/linux/releases/20/Images/x86_64/Fedora-x86_64-20-20131211.1-sda.qcow2 + - name: Fedora-x86_64-20-20140407 + copy_from: https://dl.fedoraproject.org/pub/fedora/linux/updates/20/Images/x86_64/Fedora-x86_64-20-20140407-sda.qcow2 + - name: Fedora-Cloud-Base-20141203-21.x86_64 + copy_from: https://dl.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/x86_64/Fedora-Cloud-Base-20141203-21.x86_64.qcow2 + - name: Fedora-Cloud-Base-20141203-21.i386 + copy_from: https://dl.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/i386/Fedora-Cloud-Base-20141203-21.i386.qcow2 + - name: Fedora-Cloud-Atomic-22_Alpha-20150305.x86_64 + copy_from: https://dl.fedoraproject.org/pub/fedora/linux/releases/test/22_Alpha/Cloud/x86_64/Images/Fedora-Cloud-Atomic-22_Alpha-20150305.x86_64.qcow2 + - name: Fedora-Cloud-Base-22_Alpha-20150305.x86_64 + copy_from: https://dl.fedoraproject.org/pub/fedora/linux/releases/test/22_Alpha/Cloud/x86_64/Images/Fedora-Cloud-Base-22_Alpha-20150305.x86_64.qcow2 + - name: Fedora-Cloud-Atomic-22_Beta-20150415.x86_64 + copy_from: https://dl.fedoraproject.org/pub/fedora/linux/releases/test/22_Beta/Cloud/x86_64/Images/Fedora-Cloud-Atomic-22_Beta-20150415.x86_64.qcow2 + - name: Fedora-Cloud-Base-22_Beta-20150415.x86_64 + copy_from: https://dl.fedoraproject.org/pub/fedora/linux/releases/test/22_Beta/Cloud/x86_64/Images/Fedora-Cloud-Base-22_Beta-20150415.x86_64.qcow2 + - name: Fedora-Cloud-Atomic-22-20150521.x86_64 + copy_from: http://dl.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/Images/Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2 + - name: Fedora-Cloud-Base-22-20150521.x86_64 + copy_from: http://dl.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/Images/Fedora-Cloud-Base-22-20150521.x86_64.qcow2 + - name: Fedora-Cloud-Base-23-20151030.x86_64 + copy_from: http://dl.fedoraproject.org/pub/fedora/linux/releases/23/Cloud/x86_64/Images/Fedora-Cloud-Base-23-20151030.x86_64.qcow2 + - name: CentOS-7-x86_64-GenericCloud-1503 + copy_from: http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud-1503.qcow2 + - name: CentOS-6-x86_64-GenericCloud-20141129_01 + copy_from: http://cloud.centos.org/centos/6/images/CentOS-6-x86_64-GenericCloud-20141129_01.qcow2 + - name: Fedora-Cloud-Base-24_Alpha-7.x86_64.qcow2 + copy_from: http://dl.fedoraproject.org/pub/fedora/linux/releases/test/24_Alpha/CloudImages/x86_64/images/Fedora-Cloud-Base-24_Alpha-7.x86_64.qcow2 + - name: Fedora-Cloud-Base-24-1.2.x86_64.qcow2 + copy_from: https://dl.fedoraproject.org/pub/fedora/linux/releases/24/CloudImages/x86_64/images/Fedora-Cloud-Base-24-1.2.x86_64.qcow2 + # RHEL6 can be downloaded from https://rhn.redhat.com/rhn/software/channel/downloads/Download.do?cid=16952 + - stat: path=/root/images/rhel-guest-image-6.6-20141222.0.x86_64.qcow2 + register: rhel6_image + - name: Add the RHEL6 image + glance_image: + login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin" + auth_url="https://{{controller_publicname}}:35357/v2.0" + name="rhel-guest-image-6.6-20141222.0.x86_64" + disk_format=qcow2 + is_public=True + file="/root/images/rhel-guest-image-6.6-20141222.0.x86_64.qcow2" + when: rhel6_image.stat.exists == True + + # RHEL7 can be download from https://access.redhat.com/downloads/content/69/ver=/rhel---7/7.0/x86_64/product-downloads + - stat: path=/root/images/rhel-guest-image-7.0-20140930.0.x86_64.qcow2 + register: rhel7_image + - name: Add the RHEL7 image + glance_image: + login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin" + auth_url="https://{{controller_publicname}}:35357/v2.0" + name="rhel-guest-image-7.0-20140930.0.x86_64" + disk_format=qcow2 + is_public=True + file="/root/images/rhel-guest-image-7.0-20140930.0.x86_64.qcow2" + when: rhel7_image.stat.exists == True + + + ##### PROJECTS ###### + - name: Create tenants + keystone_user: + login_user="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin" + endpoint="https://{{controller_publicname}}:35357/v2.0" + tenant="{{ item.name }}" + tenant_description="{{ item.desc }}" + state=present + with_items: + - { name: persistent, desc: "persistent instances" } + - { name: qa, desc: "developmnet and test-day applications of QA" } + - { name: transient, desc: 'transient instances' } + - { name: infrastructure, desc: "one off instances for infrastructure folks to test or check something (proof-of-concept)" } + - { name: cloudintern, desc: 'project for the cloudintern under mattdm' } + - { name: cloudsig, desc: 'Fedora cloud sig folks.' } + - { name: copr, desc: 'Space for Copr builders' } + - { name: coprdev, desc: 'Development version of Copr' } + - { name: pythonbots, desc: 'project for python build bot users - twisted, etc' } + - { name: scratch, desc: 'scratch and short term instances' } + - { name: openshift, desc: 'Tenant for openshift deployment' } + - { name: maintainertest, desc: 'Tenant for maintainer test machines' } + - { name: aos-ci-cd, desc: 'Tenant for aos-ci-cd' } + + + ##### USERS ##### + - name: Create users + keystone_user: + login_user="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin" + endpoint="https://{{controller_publicname}}:35357/v2.0" + user="{{ item.name }}" + email="{{ item.email }}" + tenant="{{ item.tenant }}" + password="{{ item.password }}" + state=present + no_log: True + with_items: + - { name: anthomas, email: 'anthomas@redhat.com', tenant: cloudintern, password: "{{anthomas_password}}" } + - { name: ausil, email: 'dennis@ausil.us', tenant: infrastructure, password: "{{ausil_password}}" } + - { name: atomic, email: 'walters@redhat.com', tenant: scratch, password: "{{cockpit_password}}" } + - { name: codeblock, email: 'codeblock@elrod.me', tenant: infrastructure, password: "{{codeblock_password}}" } + - { name: copr, email: 'admin@fedoraproject.org', tenant: copr, password: "{{copr_password}}" } + - { name: gholms, email: 'gholms@fedoraproject.org', tenant: cloudintern, password: "{{gholms_password}}" } + - { name: jskladan, email: 'jskladan@redhat.com', tenant: qa, password: "{{jskladan_password}}" } + - { name: kevin, email: 'kevin@fedoraproject.org', tenant: infrastructure, password: "{{kevin_password}}" } + - { name: laxathom, email: 'laxathom@fedoraproject.org', tenant: infrastructure, password: "{{laxathom_password}}" } + - { name: mattdm, email: 'mattdm@fedoraproject.org', tenant: infrastructure, password: "{{mattdm_password}}" } + - { name: msuchy, email: 'msuchy@redhat.com', tenant: copr, password: "{{msuchy_password}}" } + - { name: nb, email: 'nb@fedoraproject.org', tenant: infrastructure, password: "{{nb_password}}" } + - { name: pingou, email: 'pingou@pingoured.fr', tenant: infrastructure, password: "{{pingou_password}}" } + - { name: puiterwijk, email: 'puiterwijk@fedoraproject.org', tenant: infrastructure, password: "{{puiterwijk_password}}" } + - { name: stefw, email: 'stefw@fedoraproject.org', tenant: scratch, password: "{{stefw_password}}" } + - { name: mizdebsk, email: 'mizdebsk@fedoraproject.org', tenant: infrastructure, password: "{{mizdebsk_password}}" } + - { name: kushal, email: 'kushal@fedoraproject.org', tenant: infrastructure, password: "{{kushal_password}}" } + - { name: red, email: 'red@fedoraproject.org', tenant: infrastructure, password: "{{red_password}}" } + - { name: samkottler, email: 'samkottler@fedoraproject.org', tenant: infrastructure, password: "{{samkottler_password}}" } + - { name: tflink, email: 'tflink@fedoraproject.org', tenant: qa, password: "{{tflink_password}}" } + - { name: twisted, email: 'buildbot@twistedmatrix.com', tenant: pythonbots, password: "{{twisted_password}}" } + - { name: roshi, email: 'roshi@fedoraproject.org', tenant: qa, password: "{{roshi_password}}" } + - { name: maxamillion, email: 'maxamillion@fedoraproject.org', tenant: infrastructure, password: "{{maxamillion_password}}" } + - { name: clime, email: 'clime@redhat.com', tenant: copr, password: "{{clime_password}}" } + - { name: misc, email: 'misc@redhat.com', tenant: openshift, password: "{{misc_password}}" } + - { name: bowlofeggs, email: 'bowlofeggs@fedoraproject.org', tenant: transient, password: "{{bowlofeggs_password}}" } + - { name: alivigni, email: 'alivigni@redhat.com', tenant: aos-ci-cd, password: "{{alivigni_password}}" } + - { name: jbieren, email: 'jbieren@redhat.com', tenant: aos-ci-cd, password: "{{jbieren_password}}" } + - { name: bpeck, email: 'bpeck@redhat.com', tenant: aos-ci-cd, password: "{{bpeck_password}}" } + - { name: srallaba, email: 'srallaba@redhat.com', tenant: aos-ci-cd, password: "{{srallaba_password}}" } + - { name: jburke, email: 'jburke@redhat.com', tenant: aos-ci-cd, password: "{{jburke_password}}" } + tags: + - openstack_users + + - name: upload SSH keys for users + nova_keypair: + auth_url="https://{{controller_publicname}}:35357/v2.0" + login_username="{{ item.username }}" + login_password="{{ item.password }}" login_tenant_name="{{item.tenant}}" name="{{ item.name }}" + public_key="{{ item.public_key }}" + ignore_errors: yes + no_log: True + with_items: + - { username: anthomas, name: anthomas, tenant: cloudintern, password: "{{anthomas_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas anthomas') }}" } + - { username: ausil, name: ausil, tenant: infrastructure, password: "{{ausil_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas ausil') }}" } + - { username: codeblock, name: codeblock, tenant: infrastructure, password: "{{codeblock_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas codeblock') }}" } + - { username: buildsys, name: buildsys, tenant: copr, password: "{{copr_password}}", public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCeTO0ddXuhDZYM9HyM0a47aeV2yIVWhTpddrQ7/RAIs99XyrsicQLABzmdMBfiZnP0FnHBF/e+2xEkT8hHJpX6bX81jjvs2bb8KP18Nh8vaXI3QospWrRygpu1tjzqZT0Llh4ZVFscum8TrMw4VWXclzdDw6x7csCBjSttqq8F3iTJtQ9XM9/5tCAAOzGBKJrsGKV1CNIrfUo5CSzY+IUVIr8XJ93IB2ZQVASK34T/49egmrWlNB32fqAbDMC+XNmobgn6gO33Yq5Ly7Dk4kqTUx2TEaqDkZfhsVu0YcwV81bmqsltRvpj6bIXrEoMeav7nbuqKcPLTxWEY/2icePF" } + - { username: gholms, name: gholms, tenant: cloudintern, password: "{{gholms_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas gholms') }}" } + - { username: jskladan, name: jskladan, tenant: qa, password: "{{jskladan_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas jskladan') }}" } + - { username: kevin, name: kevin, tenant: infrastructure, password: "{{kevin_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas kevin') }}" } + - { username: maxamillion, name: maxamillion, tenant: infrastructure, password: "{{maxamillion_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas maxamillion') }}" } + - { username: laxathom, name: laxathom, tenant: infrastructure, password: "{{laxathom_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas laxathom') }}" } + - { username: mattdm, name: mattdm, tenant: infrastructure, password: "{{mattdm_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas mattdm') }}" } + - { username: msuchy, name: msuchy, tenant: copr, password: "{{msuchy_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas msuchy') }}" } + - { username: nb, name: nb, tenant: infrastructure, password: "{{nb_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas nb') }}" } + - { username: pingou, name: pingou, tenant: infrastructure, password: "{{pingou_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas pingou') }}" } + - { username: puiterwijk, name: puiterwijk, tenant: infrastructure, password: "{{puiterwijk_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas puiterwijk') }}" } + - { username: stefw, name: stefw, tenant: scratch, password: "{{stefw_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas stefw') }}" } + - { username: mizdebsk, name: mizdebsk, tenant: infrastructure, password: "{{mizdebsk_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas mizdebsk') }}" } + - { username: kushal, name: kushal, tenant: infrastructure, password: "{{kushal_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas kushal') }}" } + - { username: red, name: red, tenant: infrastructure, password: "{{red_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas red') }}" } + - { username: roshi, name: roshi, tenant: qa, password: "{{roshi_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas roshi') }}" } + - { username: samkottler, name: samkottler, tenant: infrastructure, password: "{{samkottler_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas skottler') }}" } + - { username: tflink, name: tflink, tenant: qa, password: "{{tflink_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas tflink') }}" } + - { username: atomic, name: atomic, tenant: scratch, password: "{{cockpit_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas walters') }}" } +# - { name: twisted, tenant: pythonbots, password: "{{twisted_password}}", public_key: "" } + - { username: admin, name: fedora-admin-20130801, tenant: admin, password: "{{ADMIN_PASS}}", public_key: "{{ lookup('file', files + '/fedora-cloud/fedora-admin-20130801.pub') }}" } + - { username: asamalik, name: asamalik, tenant: scratch, password: "{{asamalik_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas asamalik') }}" } + - { username: clime, name: clime, tenant: copr, password: "{{clime_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas clime') }}" } + - { username: misc, name: misc, tenant: openshift, password: "{{misc_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas misc') }}" } + - { username: alivigni, name: alivigni, tenant: aos-ci-cd, password: "{{alivigni_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas alivigni') }}" } + - { username: jbieren, name: jbieren, tenant: aos-ci-cd, password: "{{jbieren_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas jbieren') }}" } + - { username: bpeck, name: bpeck, tenant: aos-ci-cd, password: "{{bpeck_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas bpeck') }}" } + - { username: srallaba, name: srallaba, tenant: aos-ci-cd, password: "{{srallaba_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas srallaba') }}" } + - { username: jburke, name: jburke, tenant: aos-ci-cd, password: "{{jburke_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas jburke') }}" } + tags: + - openstack_users + + - name: Create roles for additional tenants + shell: source /root/keystonerc_admin && keystone role-list |grep ' {{item}} ' || keystone role-create --name {{ item }} + with_items: "{{all_tenants}}" + - name: Assign users to secondary tentants + shell: source /root/keystonerc_admin && keystone user-role-list --user "{{item.user}}" --tenant "{{item.tenant}}" | grep ' {{item.tenant }} ' || keystone user-role-add --user {{item.user}} --role {{item.tenant}} --tenant {{item.tenant}} || true + #keystone_user: + # endpoint="https://{{controller_publicname}}:35357/v2.0" + # login_user="admin" login_password="{{ ADMIN_PASS }}" + # role=coprdev user={{ item }} tenant=coprdev + with_items: + - { user: admin, tenant: cloudintern } + - { user: admin, tenant: cloudsig } + - { user: admin, tenant: copr } + - { user: admin, tenant: coprdev } + - { user: admin, tenant: persistent } + - { user: admin, tenant: pythonbots } + - { user: admin, tenant: qa } + - { user: admin, tenant: infrastructure } + - { user: admin, tenant: scratch } + - { user: admin, tenant: transient } + - { user: admin, tenant: maintainertest } + - { user: admin, tenant: aos-ci-cd } + - { user: copr, tenant: coprdev } + - { user: kevin, tenant: cloudintern } + - { user: kevin, tenant: cloudsig } + - { user: kevin, tenant: copr } + - { user: kevin, tenant: coprdev } + - { user: kevin, tenant: persistent } + - { user: kevin, tenant: pythonbots } + - { user: kevin, tenant: qa } + - { user: kevin, tenant: scratch } + - { user: kevin, tenant: transient } + - { user: kevin, tenant: maintainertest } + - { user: kevin, tenant: aos-ci-cd } + - { user: msuchy, tenant: cloudintern } + - { user: msuchy, tenant: cloudsig } + - { user: msuchy, tenant: coprdev } + - { user: msuchy, tenant: infrastructure } + - { user: msuchy, tenant: persistent } + - { user: msuchy, tenant: pythonbots } + - { user: msuchy, tenant: qa } + - { user: msuchy, tenant: scratch } + - { user: msuchy, tenant: transient } + - { user: pingou, tenant: persistent } + - { user: puiterwijk, tenant: cloudintern } + - { user: puiterwijk, tenant: cloudsig } + - { user: puiterwijk, tenant: copr } + - { user: puiterwijk, tenant: coprdev } + - { user: puiterwijk, tenant: persistent } + - { user: puiterwijk, tenant: pythonbots } + - { user: puiterwijk, tenant: qa } + - { user: puiterwijk, tenant: scratch } + - { user: puiterwijk, tenant: transient } + - { user: puiterwijk, tenant: maintainertest } + - { user: puiterwijk, tenant: aos-ci-cd } + - { user: mizdebsk, tenant: infrastructure } + - { user: mizdebsk, tenant: transient } + - { user: clime, tenant: coprdev } + - { user: clime, tenant: persistent } + tags: + - openstack_users + + ##### NETWORK #### + # http://docs.openstack.org/havana/install-guide/install/apt/content/install-neutron.configure-networks.html + # + # external network is a class C: 209.132.184.0/24 + # 209.132.184.1 to .25 - reserved for hardware. + # 209.132.184.26 to .30 - reserver for test cloud external ips + # 209.132.184.31 to .69 - icehouse cloud + # 209.132.184.70 to .89 - reserved for arm03 SOCs + # 209.132.184.90 to .251 - folsom cloud + # + - name: Create en external network + neutron_network: + login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin" + auth_url="https://{{controller_publicname}}:35357/v2.0" + name=external + router_external=True + provider_network_type=flat + provider_physical_network=floatnet + register: EXTERNAL_ID + - name: Create an external subnet + neutron_subnet: + login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin" + auth_url="https://{{controller_publicname}}:35357/v2.0" + name=external-subnet + network_name=external + cidr="{{ public_interface_cidr }}" + allocation_pool_start="{{ public_floating_start }}" + allocation_pool_end="{{ public_floating_end }}" + gateway_ip="{{ public_gateway_ip }}" + enable_dhcp=false + register: EXTERNAL_SUBNET_ID + #- shell: source /root/keystonerc_admin && nova floating-ip-create external + # when: packstack_sucessfully_finished.stat.exists == False + + # 172.16.0.1/16 -- 172.22.0.1/16 - free (can be split to /20) + # 172.23.0.1/16 - free (but used by old cloud) + # 172.24.0.1/24 - RESERVED it is used internally for OS + # 172.24.1.0/24 -- 172.24.255.0/24 - likely free (?) + # 172.25.0.1/20 - Cloudintern (172.25.0.1 - 172.25.15.254) + # 172.25.16.1/20 - infrastructure (172.25.16.1 - 172.25.31.254) + # 172.25.32.1/20 - persistent (172.25.32.1 - 172.25.47.254) + # 172.25.48.1/20 - transient (172.25.48.1 - 172.25.63.254) + # 172.25.64.1/20 - scratch (172.25.64.1 - 172.25.79.254) + # 172.25.80.1/20 - copr (172.25.80.1 - 172.25.95.254) + # 172.25.96.1/20 - cloudsig (172.25.96.1 - 172.25.111.254) + # 172.25.112.1/20 - qa (172.25.112.1 - 172.25.127.254) + # 172.25.128.1/20 - pythonbots (172.25.128.1 - 172.25.143.254) + # 172.25.144.1/20 - coprdev (172.25.144.1 - 172.25.159.254) + # 172.25.160.1/20 -- 172.25.240.1/20 - free + # 172.26.0.1/16 -- 172.31.0.1/16 - free (can be split to /20) + + - name: Create a router for all tenants + neutron_router: + login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin" + auth_url="https://{{controller_publicname}}:35357/v2.0" + tenant_name="{{ item }}" + name="ext-to-{{ item }}" + with_items: "{{all_tenants}}" + - name: "Connect router's gateway to the external network" + neutron_router_gateway: + login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin" + auth_url="https://{{controller_publicname}}:35357/v2.0" + router_name="ext-to-{{ item }}" + network_name="external" + with_items: "{{all_tenants}}" + - name: Create a private network for all tenants + neutron_network: + login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin" + auth_url="https://{{controller_publicname}}:35357/v2.0" + tenant_name="{{ item.name }}" + name="{{ item.name }}-net" + shared="{{ item.shared }}" + with_items: + - { name: cloudintern, shared: false } + - { name: cloudsig, shared: false } + - { name: copr, shared: true } + - { name: coprdev, shared: true } + - { name: infrastructure, shared: false } + - { name: persistent, shared: false } + - { name: pythonbots, shared: false } + - { name: qa, shared: false } + - { name: scratch, shared: false } + - { name: transient, shared: false } + - { name: openshift, shared: false } + - { name: maintainertest, shared: false } + - { name: aos-ci-cd, shared: false } + - name: Create a subnet for all tenants + neutron_subnet: + login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin" + auth_url="https://{{controller_publicname}}:35357/v2.0" + tenant_name="{{ item.name }}" + network_name="{{ item.name }}-net" + name="{{ item.name }}-subnet" + cidr="{{ item.cidr }}" + gateway_ip="{{ item.gateway }}" + dns_nameservers="66.35.62.163,140.211.169.201" + with_items: + - { name: cloudintern, cidr: '172.25.0.1/20', gateway: '172.25.0.1' } + - { name: cloudsig, cidr: '172.25.96.1/20', gateway: '172.25.96.1' } + - { name: copr, cidr: '172.25.80.1/20', gateway: '172.25.80.1' } + - { name: coprdev, cidr: '172.25.144.1/20', gateway: '172.25.144.1' } + - { name: infrastructure, cidr: '172.25.16.1/20', gateway: '172.25.16.1' } + - { name: persistent, cidr: '172.25.32.1/20', gateway: '172.25.32.1' } + - { name: pythonbots, cidr: '172.25.128.1/20', gateway: '172.25.128.1' } + - { name: qa, cidr: '172.25.112.1/20', gateway: '172.25.112.1' } + - { name: scratch, cidr: '172.25.64.1/20', gateway: '172.25.64.1' } + - { name: transient, cidr: '172.25.48.1/20', gateway: '172.25.48.1' } + - { name: openshift, cidr: '172.25.160.1/20', gateway: '172.25.160.1' } + - { name: maintainertest, cidr: '172.25.176.1/20', gateway: '172.25.176.1' } + - { name: aos-ci-cd, cidr: '172.25.180.1/20', gateway: '172.25.180.1' } + - name: "Connect router's interface to the TENANT-subnet" + neutron_router_interface: + login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin" + auth_url="https://{{controller_publicname}}:35357/v2.0" + tenant_name="{{ item }}" + router_name="ext-to-{{ item }}" + subnet_name="{{ item }}-subnet" + with_items: "{{all_tenants}}" + + ################# + # Security Groups + ################ + - name: "Create 'ssh-anywhere' security group" + neutron_sec_group: + login_username: "admin" + login_password: "{{ ADMIN_PASS }}" + login_tenant_name: "admin" + auth_url: "https://{{controller_publicname}}:35357/v2.0" + state: "present" + name: 'ssh-anywhere-{{item}}' + description: "allow ssh from anywhere" + tenant_name: "{{item}}" + rules: + - direction: "ingress" + port_range_min: "22" + port_range_max: "22" + ethertype: "IPv4" + protocol: "tcp" + remote_ip_prefix: "0.0.0.0/0" + with_items: "{{all_tenants}}" + + - name: "Allow nagios checks" + neutron_sec_group: + login_username: "admin" + login_password: "{{ ADMIN_PASS }}" + login_tenant_name: "admin" + auth_url: "https://{{controller_publicname}}:35357/v2.0" + state: "present" + name: 'allow-nagios-{{item}}' + description: "allow nagios checks" + tenant_name: "{{item}}" + rules: + - direction: "ingress" + port_range_min: "5666" + port_range_max: "5666" + ethertype: "IPv4" + protocol: "tcp" + remote_ip_prefix: "209.132.181.35/32" + - direction: "ingress" + ethertype: "IPv4" + protocol: "icmp" + remote_ip_prefix: "209.132.181.35/32" + with_items: + - persistent + + - name: "Create 'ssh-from-persistent' security group" + neutron_sec_group: + login_username: "admin" + login_password: "{{ ADMIN_PASS }}" + login_tenant_name: "admin" + auth_url: "https://{{controller_publicname}}:35357/v2.0" + state: "present" + name: 'ssh-from-persistent-{{item}}' + description: "allow ssh from persistent" + tenant_name: "{{item}}" + rules: + - direction: "ingress" + port_range_min: "22" + port_range_max: "22" + ethertype: "IPv4" + protocol: "tcp" + remote_ip_prefix: "172.25.32.1/20" + with_items: + - copr + - coprdev + + + - name: "Create 'ssh-internal' security group" + neutron_sec_group: + login_username: "admin" + login_password: "{{ ADMIN_PASS }}" + login_tenant_name: "admin" + auth_url: "https://{{controller_publicname}}:35357/v2.0" + state: "present" + name: 'ssh-internal-{{item.name}}' + description: "allow ssh from {{item.name}}-network" + tenant_name: "{{ item.name }}" + rules: + - direction: "ingress" + port_range_min: "22" + port_range_max: "22" + ethertype: "IPv4" + protocol: "tcp" + remote_ip_prefix: "{{ item.prefix }}" + with_items: + - { name: cloudintern, prefix: '172.25.0.1/20' } + - { name: cloudsig, prefix: '172.25.96.1/20' } + - { name: copr, prefix: '172.25.80.1/20' } + - { name: coprdev, prefix: '172.25.80.1/20' } + - { name: infrastructure, prefix: "172.25.16.1/20" } + - { name: persistent, prefix: "172.25.32.1/20" } + - { name: pythonbots, prefix: '172.25.128.1/20' } + - { name: qa, prefix: "172.25.112.1/20" } + - { name: scratch, prefix: '172.25.64.1/20' } + - { name: transient, prefix: '172.25.48.1/20' } + - { name: openshift, prefix: '172.25.160.1/20' } + - { name: maintainertest, prefix: '172.25.180.1/20' } + - { name: aos-ci-cd, prefix: '172.25.200.1/20' } + + - name: "Create 'web-80-anywhere' security group" + neutron_sec_group: + login_username: "admin" + login_password: "{{ ADMIN_PASS }}" + login_tenant_name: "admin" + auth_url: "https://{{controller_publicname}}:35357/v2.0" + state: "present" + name: 'web-80-anywhere-{{item}}' + description: "allow web-80 from anywhere" + tenant_name: "{{item}}" + rules: + - direction: "ingress" + port_range_min: "80" + port_range_max: "80" + ethertype: "IPv4" + protocol: "tcp" + remote_ip_prefix: "0.0.0.0/0" + with_items: "{{all_tenants}}" + + - name: "Create 'web-443-anywhere' security group" + neutron_sec_group: + login_username: "admin" + login_password: "{{ ADMIN_PASS }}" + login_tenant_name: "admin" + auth_url: "https://{{controller_publicname}}:35357/v2.0" + state: "present" + name: 'web-443-anywhere-{{item}}' + description: "allow web-443 from anywhere" + tenant_name: "{{item}}" + rules: + - direction: "ingress" + port_range_min: "443" + port_range_max: "443" + ethertype: "IPv4" + protocol: "tcp" + remote_ip_prefix: "0.0.0.0/0" + with_items: "{{all_tenants}}" + + - name: "Create 'docker-registry-5000-anywhere' security group" + neutron_sec_group: + login_username: "admin" + login_password: "{{ ADMIN_PASS }}" + login_tenant_name: "admin" + auth_url: "https://{{controller_publicname}}:35357/v2.0" + state: "present" + name: 'docker-registry-5000-anywhere-{{item}}' + description: "allow docker-registry-5000 from anywhere" + tenant_name: "{{item}}" + rules: + - direction: "ingress" + port_range_min: "5000" + port_range_max: "5000" + ethertype: "IPv4" + protocol: "tcp" + remote_ip_prefix: "0.0.0.0/0" + with_items: "{{all_tenants}}" + + - name: "Create 'wide-open' security group" + neutron_sec_group: + login_username: "admin" + login_password: "{{ ADMIN_PASS }}" + login_tenant_name: "admin" + auth_url: "https://{{controller_publicname}}:35357/v2.0" + state: "present" + name: 'wide-open-{{item}}' + description: "allow anything from anywhere" + tenant_name: "{{item}}" + rules: + - direction: "ingress" + port_range_min: "0" + port_range_max: "65535" + ethertype: "IPv4" + protocol: "tcp" + remote_ip_prefix: "0.0.0.0/0" + - direction: "ingress" + port_range_min: "0" + port_range_max: "65535" + ethertype: "IPv4" + protocol: "udp" + remote_ip_prefix: "0.0.0.0/0" + with_items: "{{all_tenants}}" + + - name: "Create 'ALL ICMP' security group" + neutron_sec_group: + login_username: "admin" + login_password: "{{ ADMIN_PASS }}" + login_tenant_name: "admin" + auth_url: "https://{{controller_publicname}}:35357/v2.0" + state: "present" + name: 'all-icmp-{{item}}' + description: "allow all ICMP traffic" + tenant_name: "{{item}}" + rules: + - direction: "ingress" + ethertype: "IPv4" + protocol: "icmp" + remote_ip_prefix: "0.0.0.0/0" + with_items: "{{all_tenants}}" + + - name: "Create 'keygen-persistent' security group" + neutron_sec_group: + login_username: "admin" + login_password: "{{ ADMIN_PASS }}" + login_tenant_name: "admin" + auth_url: "https://{{controller_publicname}}:35357/v2.0" + state: "present" + name: 'keygen-persistent' + description: "rules for copr-keygen" + tenant_name: "persistent" + rules: + - direction: "ingress" + port_range_min: "5167" + port_range_max: "5167" + ethertype: "IPv4" + protocol: "tcp" + remote_ip_prefix: "172.25.32.1/20" + - direction: "ingress" + port_range_min: "80" + port_range_max: "80" + ethertype: "IPv4" + protocol: "tcp" + remote_ip_prefix: "172.25.32.1/20" + + - name: "Create 'pg-5432-anywhere' security group" + neutron_sec_group: + login_username: "admin" + login_password: "{{ ADMIN_PASS }}" + login_tenant_name: "admin" + auth_url: "https://{{controller_publicname}}:35357/v2.0" + state: "present" + name: 'pg-5432-anywhere-{{item}}' + description: "allow postgresql-5432 from anywhere" + tenant_name: "{{item}}" + rules: + - direction: "ingress" + port_range_min: "5432" + port_range_max: "5432" + ethertype: "IPv4" + protocol: "tcp" + remote_ip_prefix: "0.0.0.0/0" + with_items: "{{all_tenants}}" + + - name: "Create 'fedmsg-relay-persistent' security group" + neutron_sec_group: + login_username: "admin" + login_password: "{{ ADMIN_PASS }}" + login_tenant_name: "admin" + auth_url: "https://{{controller_publicname}}:35357/v2.0" + state: "present" + name: 'fedmsg-relay-persistent' + description: "allow incoming 2003 and 4001 from internal network" + tenant_name: "{{item}}" + rules: + - direction: "ingress" + port_range_min: "2003" + port_range_max: "2003" + ethertype: "IPv4" + protocol: "tcp" + remote_ip_prefix: "172.25.80.1/16" + - direction: "ingress" + port_range_min: "4001" + port_range_max: "4001" + ethertype: "IPv4" + protocol: "tcp" + remote_ip_prefix: "172.25.80.1/16" + with_items: "{{all_tenants}}" + + # Update quota for Copr + # SEE: + # nova quota-defaults + # nova quota-show --tenant $TENANT_ID + # default is 10 instances, 20 cores, 51200 RAM, 10 floating IPs + - shell: source /root/keystonerc_admin && keystone tenant-list | grep 'copr ' | awk '{print $2}' + register: TENANT_ID + check_mode: no + changed_when: false + - shell: source /root/keystonerc_admin && nova quota-update --instances 40 --cores 80 --ram 300000 --floating-ips 10 --security-groups 20 {{ TENANT_ID.stdout }} + + - shell: source /root/keystonerc_admin && keystone tenant-list | grep 'coprdev ' | awk '{print $2}' + check_mode: no + changed_when: false + register: TENANT_ID + - shell: source /root/keystonerc_admin && nova quota-update --instances 40 --cores 80 --ram 300000 --floating-ips 10 --security-groups 20 {{ TENANT_ID.stdout }} + +# +# Note that we set manually the amount of volumes for this tenant to 20 in the web interface. +# nova quota-update cannot do so. +# + - shell: source /root/keystonerc_admin && keystone tenant-list | grep 'persistent ' | awk '{print $2}' + check_mode: no + changed_when: false + register: TENANT_ID + - shell: source /root/keystonerc_admin && nova quota-update --instances 60 --cores 175 --ram 288300 --security-groups 20 {{ TENANT_ID.stdout }} + +# Transient quota + - shell: source /root/keystonerc_admin && keystone tenant-list | grep 'transient ' | awk '{print $2}' + check_mode: no + changed_when: false + register: TENANT_ID + - shell: source /root/keystonerc_admin && nova quota-update --instances 30 --cores 70 --ram 153600 --security-groups 20 {{ TENANT_ID.stdout }} + diff --git a/playbooks/hosts/fedimg-dev.fedorainfracloud.org.yml b/playbooks/hosts/fedimg-dev.fedorainfracloud.org.yml new file mode 100644 index 0000000000..5a03a849be --- /dev/null +++ b/playbooks/hosts/fedimg-dev.fedorainfracloud.org.yml @@ -0,0 +1,39 @@ +- name: check/create instance + hosts: fedimg-dev.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: setup all the things + hosts: fedimg-dev.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + pre_tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + + roles: + - basessh diff --git a/playbooks/hosts/fedora-bootstrap.fedorainfracloud.org.yml b/playbooks/hosts/fedora-bootstrap.fedorainfracloud.org.yml new file mode 100644 index 0000000000..840e7c6ef5 --- /dev/null +++ b/playbooks/hosts/fedora-bootstrap.fedorainfracloud.org.yml @@ -0,0 +1,47 @@ +- name: check/create instance + hosts: fedora-bootstrap.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: setup all the things + hosts: fedora-bootstrap.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + + roles: + - basessh + + tasks: + - name: add packages + package: state=present name={{ item }} + with_items: + - httpd + - php + - mariadb-server + - mariadb + - mod_ssl + - wget + - unzip + + - name: enable httpd service + service: name=httpd enabled=yes state=started diff --git a/playbooks/hosts/glittergallery-dev.fedorainfracloud.org.yml b/playbooks/hosts/glittergallery-dev.fedorainfracloud.org.yml new file mode 100644 index 0000000000..dc7e492553 --- /dev/null +++ b/playbooks/hosts/glittergallery-dev.fedorainfracloud.org.yml @@ -0,0 +1,32 @@ +- name: check/create instance + hosts: glittergallery-dev.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: setup all the things + hosts: glittergallery-dev.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + + roles: + - basessh diff --git a/playbooks/hosts/grafana.cloud.fedoraproject.org.yml b/playbooks/hosts/grafana.cloud.fedoraproject.org.yml new file mode 100644 index 0000000000..a20feab6f0 --- /dev/null +++ b/playbooks/hosts/grafana.cloud.fedoraproject.org.yml @@ -0,0 +1,46 @@ +- name: check/create instance + hosts: grafana.cloud.fedoraproject.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: setup all the things + hosts: grafana.cloud.fedoraproject.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - mod_wsgi + #- graphite/graphite + #- graphite/statsd + #- graphite/fedmsg2statsd + - graphite/grafana + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + #- import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + pre_tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" diff --git a/playbooks/hosts/graphite.fedorainfracloud.org.yml b/playbooks/hosts/graphite.fedorainfracloud.org.yml new file mode 100644 index 0000000000..0889210d1b --- /dev/null +++ b/playbooks/hosts/graphite.fedorainfracloud.org.yml @@ -0,0 +1,46 @@ +- name: check/create instance + hosts: graphite.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: setup all the things + hosts: graphite.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - mod_wsgi + - certbot + - graphite/graphite + - graphite/statsd + - graphite/fedmsg2statsd + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + #- import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + pre_tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" diff --git a/playbooks/hosts/hubs-dev.fedorainfracloud.org.yml b/playbooks/hosts/hubs-dev.fedorainfracloud.org.yml new file mode 100644 index 0000000000..ab46342d19 --- /dev/null +++ b/playbooks/hosts/hubs-dev.fedorainfracloud.org.yml @@ -0,0 +1,78 @@ +- name: check/create instance + hosts: hubs-dev.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + +- name: setup all the things + hosts: hubs-dev.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + + pre_tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + + - dnf: name={{item}} state=present + with_items: + - git + + - name: create the code directory + file: dest=/srv/hubs state=directory owner=fedora group=fedora + + - name: git clone the code + git: repo=https://pagure.io/fedora-hubs.git + dest=/srv/hubs/fedora-hubs + version=develop + become_user: fedora + #ignore_errors: true + + + roles: + - basessh + - certbot + + - role: hubs + main_user: fedora + hubs_url_hostname: hubs-dev.fedorainfracloud.org + hubs_secret_key: demotestinghubsmachine + hubs_db_type: sqlite + hubs_dev_mode: false + hubs_ssl_cert: /etc/letsencrypt/live/hubs-dev.fedorainfracloud.org/cert.pem + hubs_ssl_key: /etc/letsencrypt/live/hubs-dev.fedorainfracloud.org/privkey.pem + + + tasks: + - dnf: name={{item}} state=present + with_items: + - htop + - tmux + - vim + + - name: add more hubs workers + service: name={{item}} enabled=yes state=started + with_items: + - hubs-triage@3 + - hubs-triage@4 + - hubs-worker@3 + - hubs-worker@4 diff --git a/playbooks/hosts/iddev.fedorainfracloud.org.yml b/playbooks/hosts/iddev.fedorainfracloud.org.yml new file mode 100644 index 0000000000..d548296910 --- /dev/null +++ b/playbooks/hosts/iddev.fedorainfracloud.org.yml @@ -0,0 +1,42 @@ +- name: check/create instance + hosts: iddev.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: setup all the things + hosts: iddev.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - basessh + - sudo + - hosts + - mod_wsgi + - base + + pre_tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + + tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/hosts/insim.fedorainfracloud.org.yml b/playbooks/hosts/insim.fedorainfracloud.org.yml new file mode 100644 index 0000000000..8be270a54d --- /dev/null +++ b/playbooks/hosts/insim.fedorainfracloud.org.yml @@ -0,0 +1,45 @@ +--- +- name: check/create instance + hosts: insim.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: setup all the things + hosts: insim.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + + roles: + - basessh + + tasks: + - name: install basic packages + dnf: state=present pkg={{ item }} + with_items: + - java-devel + - postgresql-server + - httpd + - git + - maven + - wget + - emacs-nox diff --git a/playbooks/hosts/java-deptools.fedorainfracloud.org b/playbooks/hosts/java-deptools.fedorainfracloud.org new file mode 100644 index 0000000000..15971cc03c --- /dev/null +++ b/playbooks/hosts/java-deptools.fedorainfracloud.org @@ -0,0 +1,32 @@ +- name: check/create instance + hosts: java-deptools.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: setup all the things + hosts: java-deptools.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + shell: "hostname {{inventory_hostname}}" + + roles: + - basessh diff --git a/playbooks/hosts/lists-dev.fedorainfracloud.org.yml b/playbooks/hosts/lists-dev.fedorainfracloud.org.yml new file mode 100644 index 0000000000..d8685dd172 --- /dev/null +++ b/playbooks/hosts/lists-dev.fedorainfracloud.org.yml @@ -0,0 +1,176 @@ +- name: check/create instance + hosts: lists-dev.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: setup all the things + hosts: lists-dev.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + - tcp_ports: [22, 25, 80, 443] + - udp_ports: [] + - postfix_maincf: "{{ roles_path }}/base/files/postfix/main.cf/main.cf.{{ inventory_hostname }}" + + pre_tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + + roles: + - basessh + - sudo + - hosts + - mod_wsgi + - base + + tasks: + - import_tasks: "{{ tasks_path }}/postfix_basic.yml" + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + # Basic Apache config + - name: install mod_ssl + package: name=mod_ssl state=present + + - name: copy ssl.conf + copy: src="{{ files }}/lists-dev/ssl.conf" dest=/etc/httpd/conf.d/ssl.conf + owner=root group=root mode=0644 + notify: + - reload httpd + + - name: basic apache virtualhost config + template: src="{{ files }}/lists-dev/apache.conf.j2" dest=/etc/httpd/conf.d/lists-dev.conf + owner=root group=root mode=0644 + notify: + - reload httpd + + # Database + - name: install postgresql server packages + package: name={{ item }} state=present + with_items: + - postgresql-server + - postgresql-contrib + - python-psycopg2 + + - name: initialize postgresql + command: /usr/bin/postgresql-setup initdb + creates=/var/lib/pgsql/data/postgresql.conf + + - name: copy pg_hba.conf + copy: src="{{ files }}/lists-dev/pg_hba.conf" dest=/var/lib/pgsql/data/pg_hba.conf + owner=postgres group=postgres + notify: + - restart postgresql + + - name: start postgresql + service: state=started enabled=yes name=postgresql + + - name: allow running sudo commands as postgresql for ansible + copy: src="{{ files }}/lists-dev/sudoers-norequiretty-postgres" dest=/etc/sudoers.d/norequiretty-postgres + owner=root group=root mode=0440 + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + - name: restart postgresql + service: name=postgresql state=restarted + + + +# +# Database setup +# + +- name: setup db users/passwords for mailman and hyperkitty + hosts: lists-dev.fedorainfracloud.org + gather_facts: no + become: yes + become_user: postgres + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + + tasks: + # mailman auto-updates its schema, there can only be one admin user + - name: mailman DB user + postgresql_user: name=mailmanadmin password={{ lists_dev_mm_db_pass }} + - name: hyperkitty DB admin user + postgresql_user: name=hyperkittyadmin password={{ lists_dev_hk_db_pass }} + - name: hyperkitty DB user + postgresql_user: name=hyperkittyapp password={{ lists_dev_hk_db_pass }} + - name: databases creation + postgresql_db: name={{ item }} owner="{{ item }}admin" encoding=UTF-8 + with_items: + - mailman + - hyperkitty + - name: test database creation + postgresql_db: name=test_hyperkitty owner=hyperkittyadmin encoding=UTF-8 + + +- name: setup mailman and hyperkitty + hosts: lists-dev.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - role: mailman + mailman_db_server: localhost + mailman_mailman_db_pass: "{{ lists_dev_mm_db_pass }}" + mailman_hyperkitty_admin_db_pass: "{{ lists_dev_hk_db_pass }}" + mailman_hyperkitty_db_pass: "{{ lists_dev_hk_db_pass }}" + mailman_hyperkitty_cookie_key: "randomstringusedasacookiesecurekey-yesthisshouldbeinaprivaterepo_butidonthaveaccesstoit" + - collectd/base + + tasks: + + - name: install more needed packages + package: name={{ item }} state=present + with_items: + - tar + - vim + - tmux + - patch + tags: + - packages + + #- name: easy access to the postgresql databases + # template: src="{{ files }}/lists-dev/pgpass.j2" dest=/root/.pgpass + # owner=root group=root mode=0600 + + - name: send root mail to abompard + lineinfile: dest=/etc/aliases regexp='^root:' line="root:abompard@fedoraproject.org" + notify: + - reload aliases + + - name: start services + service: state=started enabled=yes name={{ item }} + with_items: + - httpd + - mailman3 + - postfix + + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + - name: reload aliases + command: newaliases diff --git a/playbooks/hosts/magazine2.fedorainfracloud.org.yml b/playbooks/hosts/magazine2.fedorainfracloud.org.yml new file mode 100644 index 0000000000..f9521abe5a --- /dev/null +++ b/playbooks/hosts/magazine2.fedorainfracloud.org.yml @@ -0,0 +1,73 @@ +- name: check/create instance + hosts: magazine2.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: setup all the things + hosts: magazine2.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + + tasks: + - name: add packages + package: state=present name={{ item }} + with_items: + - httpd + - php + - php-mysql + - mariadb-server + - mariadb + - mod_ssl + - php-mcrypt + - php-mbstring + - wget + - unzip + - postfix + - wordpress + + - name: enable httpd service + service: name=httpd enabled=yes state=started + + - name: configure postfix for ipv4 only + raw: postconf -e inet_protocols=ipv4 + + - name: enable local postfix service + service: name=postfix enabled=yes state=started + + roles: + - basessh + - nagios_client + - mariadb_server + + post_tasks: + - name: create databaseuser + mysql_user: name=magazine + host=localhost + state=present + password="{{ magazine_db_password }}" + priv="magazine.*:ALL" + + - name: Wordpress cron + cron: name="Wordpress cron" + minute="*/10" + job="curl -s http://localhost:8008/wp-cron.php >/dev/null" diff --git a/playbooks/hosts/modernpaste.fedorainfracloud.org.yml b/playbooks/hosts/modernpaste.fedorainfracloud.org.yml new file mode 100644 index 0000000000..635459cf44 --- /dev/null +++ b/playbooks/hosts/modernpaste.fedorainfracloud.org.yml @@ -0,0 +1,39 @@ +- name: check/create instance + hosts: modernpaste.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: setup all the things + hosts: modernpaste.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - basessh + - sudo + - hosts + - mod_wsgi + - base + + pre_tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + + tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" diff --git a/playbooks/hosts/modularity.fedorainfracloud.org.yml b/playbooks/hosts/modularity.fedorainfracloud.org.yml new file mode 100644 index 0000000000..d131c16171 --- /dev/null +++ b/playbooks/hosts/modularity.fedorainfracloud.org.yml @@ -0,0 +1,32 @@ +- name: check/create instance + hosts: modularity.fedorainfracloud.org:modularity2.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: setup all the things + hosts: modularity.fedorainfracloud.org:modularity2.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + + roles: + - basessh diff --git a/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml b/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml deleted file mode 100644 index 9d806ab7da..0000000000 --- a/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml +++ /dev/null @@ -1,69 +0,0 @@ -# This is a basic playbook - ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "noc-cc01.rdu-cc.fedoraproject.org" - -- name: Make cloud noc hardware - hosts: noc-cc01.rdu-cc.fedoraproject.org - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - rkhunter - - nagios_client - - hosts - - openvpn/client - - ipa/client - - collectd/base - - sudo - - dhcp_server - - tftp_server - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - tasks: - - name: install some packages which arent in playbooks - ansible.builtin.package: - state: present - name: - - nmap - - tcpdump - - dhcp-server - - - name: Check if ntpd port is already known by selinux - ansible.builtin.shell: semanage port -l | grep ntp - register: ntp_selinux_port - check_mode: no - changed_when: false - failed_when: false - tags: - - config - - selinux - - - name: Allow alternate ntpd port - ansible.builtin.command: semanage port -a -t ntp_port_t -p tcp 124 - when: '"124" not in ntp_selinux_port' - failed_when: false - tags: - - config - - selinux - - - name: Allow alternate ntpd port - ansible.builtin.command: semanage port -a -t ntp_port_t -p udp 124 - when: '"124" not in ntp_selinux_port' - failed_when: false - tags: - - config - - selinux - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/hosts/regcfp2.fedorainfracloud.org.yml b/playbooks/hosts/regcfp2.fedorainfracloud.org.yml new file mode 100644 index 0000000000..3242f9c197 --- /dev/null +++ b/playbooks/hosts/regcfp2.fedorainfracloud.org.yml @@ -0,0 +1,37 @@ +- name: check/create instance + hosts: regcfp2.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: setup all the things + hosts: regcfp2.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + + roles: + - basessh + - nagios_client + - postgresql_server + - regcfp + + tasks: diff --git a/playbooks/hosts/respins.fedorainfracloud.org.yml b/playbooks/hosts/respins.fedorainfracloud.org.yml new file mode 100644 index 0000000000..d34336d297 --- /dev/null +++ b/playbooks/hosts/respins.fedorainfracloud.org.yml @@ -0,0 +1,32 @@ +- name: check/create instance + hosts: respins.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: setup all the things + hosts: respins.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + + roles: + - basessh diff --git a/playbooks/hosts/shumgrepper-dev.fedorainfracloud.org.yml b/playbooks/hosts/shumgrepper-dev.fedorainfracloud.org.yml new file mode 100644 index 0000000000..7c49b94345 --- /dev/null +++ b/playbooks/hosts/shumgrepper-dev.fedorainfracloud.org.yml @@ -0,0 +1,32 @@ +- name: check/create instance + hosts: shumgrepper-dev.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: setup all the things + hosts: shumgrepper-dev.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + + roles: + - basessh diff --git a/playbooks/hosts/taiga.fedorainfracloud.org.yml b/playbooks/hosts/taiga.fedorainfracloud.org.yml new file mode 100644 index 0000000000..8f1650fdc8 --- /dev/null +++ b/playbooks/hosts/taiga.fedorainfracloud.org.yml @@ -0,0 +1,34 @@ +- name: check/create instance + hosts: taiga.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: setup all the things + hosts: taiga.fedorainfracloud.org + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + + roles: + - basessh + - role: taiga + taiga_back_version: stable + taiga_front_version: stable diff --git a/playbooks/hosts/taigastg.fedorainfracloud.org.yml b/playbooks/hosts/taigastg.fedorainfracloud.org.yml new file mode 100644 index 0000000000..9acf4d5084 --- /dev/null +++ b/playbooks/hosts/taigastg.fedorainfracloud.org.yml @@ -0,0 +1,35 @@ +- name: check/create instance + hosts: taigastg.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: setup all the things + hosts: taigastg.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + + roles: + - basessh + - role: taiga + taiga_back_version: stable + taiga_front_version: stable diff --git a/playbooks/hosts/testdays.fedorainfracloud.org.yml b/playbooks/hosts/testdays.fedorainfracloud.org.yml new file mode 100644 index 0000000000..20982c3a60 --- /dev/null +++ b/playbooks/hosts/testdays.fedorainfracloud.org.yml @@ -0,0 +1,53 @@ +--- +- name: check/create instance + hosts: testdays.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: setup all the things + hosts: testdays.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + + roles: + - basessh + - postgresql_server + +- name: configure resultsdb and testdays + hosts: testdays.fedorainfracloud.org + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: taskotron/resultsdb-backend, tags: ['resultsdb-be'] } + - { role: taskotron/resultsdb-frontend, tags: ['resultsdb-fe'] } + - { role: testdays, tags: ['testdays'] } + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + diff --git a/playbooks/hosts/upstreamfirst.fedorainfracloud.org.yml b/playbooks/hosts/upstreamfirst.fedorainfracloud.org.yml new file mode 100644 index 0000000000..4cee012b5f --- /dev/null +++ b/playbooks/hosts/upstreamfirst.fedorainfracloud.org.yml @@ -0,0 +1,89 @@ +- name: check/create instance + hosts: upstreamfirst.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: do base configuration + hosts: upstreamfirst.fedorainfracloud.org + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - sudo + - collectd/base + - postgresql_server + - certbot + + tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: deploy pagure + hosts: upstreamfirst.fedorainfracloud.org + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + +# pre_tasks: +# - name: install fedmsg-relay +# package: name=fedmsg-relay state=present +# tags: +# - pagure +# - pagure/fedmsg +# - name: and start it +# service: name=fedmsg-relay state=started +# tags: +# - pagure +# - pagure/fedmsg +# + roles: + - pagure/upstreamfirst-frontend + # - pagure/fedmsg + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: deploy ufmonitor + hosts: upstreamfirst.fedorainfracloud.org + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - { role: ufmonitor, tags: ['ufmonitor'] } + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/include/happy_birthday.yml b/playbooks/include/happy_birthday.yml deleted file mode 100644 index 0d4d99d048..0000000000 --- a/playbooks/include/happy_birthday.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Handle ssh keys on a hosts birthday (new hw machine) - hosts: "{{ myhosts }}" - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - import_tasks: "{{ tasks_path }}/happy_birthday.yml" - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/include/proxies-certificates.yml b/playbooks/include/proxies-certificates.yml index 7a848cf387..7f3a5fbc7a 100644 --- a/playbooks/include/proxies-certificates.yml +++ b/playbooks/include/proxies-certificates.yml @@ -1,13 +1,12 @@ ---- - name: Set up those proxy certificates. Good gravy.. - hosts: proxies_stg:proxies + hosts: proxies-stg:proxies user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" @@ -17,57 +16,62 @@ - role: httpd/mod_ssl - role: httpd/certificate - certname: wildcard-2024.fedoraproject.org - SSLCertificateChainFile: wildcard-2024.fedoraproject.org.intermediate.cert + name: wildcard-2017.fedoraproject.org + SSLCertificateChainFile: wildcard-2017.fedoraproject.org.intermediate.cert - role: httpd/certificate - certname: wildcard-2024.fedoraproject.org - SSLCertificateChainFile: wildcard-2024.fedoraproject.org.intermediate.cert + name: wildcard-2017.fedorahosted.org + SSLCertificateChainFile: wildcard-2017.fedorahosted.org.intermediate.cert - role: httpd/certificate - certname: wildcard-2024.id.fedoraproject.org - SSLCertificateChainFile: wildcard-2024.id.fedoraproject.org.intermediate.cert - tags: - - id.fedoraproject.org + name: wildcard-2017.id.fedoraproject.org + SSLCertificateChainFile: wildcard-2017.id.fedoraproject.org.intermediate.cert - role: httpd/certificate - certname: wildcard-2025.stg.fedoraproject.org - SSLCertificateChainFile: wildcard-2025.stg.fedoraproject.org.intermediate.cert + name: wildcard-2017.stg.fedoraproject.org + SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert when: env == "staging" - role: httpd/certificate - certname: wildcard-2025.stg.fedoraproject.org - SSLCertificateChainFile: wildcard-2025.stg.fedoraproject.org.intermediate.cert - when: env == "staging" - - - role: httpd/certificate - certname: wildcard-2024.apps.ocp.stg.fedoraproject.org - SSLCertificateChainFile: wildcard-2024.apps.ocp.stg.fedoraproject.org.intermediate.cert + name: wildcard-2017.app.os.stg.fedoraproject.org + SSLCertificateChainFile: wildcard-2017.app.os.stg.fedoraproject.org.intermediate.cert when: env == "staging" tags: - - apps.ocp.stg.fedoraproject.org + - app.os.fedoraproject.org - role: httpd/certificate - certname: wildcard-2024.apps.ocp.fedoraproject.org - SSLCertificateChainFile: wildcard-2024.apps.ocp.fedoraproject.org.intermediate.cert + name: wildcard-2017.app.os.fedoraproject.org + SSLCertificateChainFile: wildcard-2017.app.os.fedoraproject.org.intermediate.cert tags: - - apps.ocp.fedoraproject.org + - app.os.fedoraproject.org - role: httpd/certificate - certname: getfedora.org + name: fedoramagazine.org + SSLCertificateChainFile: fedoramagazine.org.intermediate.cert + + - role: httpd/certificate + name: getfedora.org SSLCertificateChainFile: getfedora.org.intermediate.cert - tags: - - getfedora.org - role: httpd/certificate - certname: qa.stg.fedoraproject.org + name: flocktofedora.org + SSLCertificateChainFile: flocktofedora.org.intermediate.cert + + - role: httpd/certificate + name: qa.stg.fedoraproject.org SSLCertificateChainFile: qa.stg.fedoraproject.org.intermediate.cert when: env == "staging" - role: httpd/certificate - certname: qa.fedoraproject.org + name: qa.fedoraproject.org SSLCertificateChainFile: qa.fedoraproject.org.intermediate.cert - # - role: httpd/certificate - # certname: secondary.koji.fedoraproject.org.letsencrypt - # SSLCertificateChainFile: secondary.koji.fedoraproject.org.letsencrypt.intermediate.crt + - role: httpd/certificate + name: secondary.koji.fedoraproject.org.letsencrypt + SSLCertificateChainFile: secondary.koji.fedoraproject.org.letsencrypt.intermediate.crt + + - role: httpd/certificate + name: whatcanidoforfedora.org + SSLCertificateChainFile: whatcanidoforfedora.org.intermediate.crt + tags: + - whatcanidoforfedora.org diff --git a/playbooks/include/proxies-fedora-web.yml b/playbooks/include/proxies-fedora-web.yml index 3dd7043df7..b0f16eb3bb 100644 --- a/playbooks/include/proxies-fedora-web.yml +++ b/playbooks/include/proxies-fedora-web.yml @@ -1,13 +1,12 @@ ---- - name: Set up all that fedora-web goodness. What a wonder! - hosts: proxies_stg:proxies + hosts: proxies-stg:proxies user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" @@ -16,24 +15,32 @@ - role: fedora-web/main website: fedoraproject.org + - role: fedora-web/spins + website: spins.fedoraproject.org - role: fedora-web/start website: start.fedoraproject.org + - role: fedora-web/boot + website: boot.fedoraproject.org - role: fedora-web/mirrors website: mirrors.fedoraproject.org + - role: fedora-web/communityblog + website: communityblog.fedoraproject.org - role: fedora-web/community website: fedoracommunity.org + - role: fedora-web/fudcon + website: fudcon.fedoraproject.org + - role: fedora-web/magazine + website: fedoramagazine.org - role: fedora-web/getfedora website: getfedora.org - role: fedora-web/flocktofedora website: flocktofedora.org - role: fedora-web/labs website: labs.fedoraproject.org - - role: fedora-web/iot - website: iot.fedoraproject.org + - role: fedora-web/arm + website: arm.fedoraproject.org - role: fedora-web/registry website: registry.fedoraproject.org - - role: fedora-web/ostree - website: ostree.fedoraproject.org - role: fedora-web/candidate-registry website: candidate-registry.fedoraproject.org - role: fedora-web/codecs @@ -42,8 +49,8 @@ website: alt.fedoraproject.org - role: fedora-web/src website: src.fedoraproject.org - - role: fedora-web/ols - website: ols.fedoraproject.org + - role: fedora-web/whatcanidoforfedora + website: whatcanidoforfedora.org # Some other static content, not strictly part of "fedora-web" goes below here - role: fedora-budget/proxy @@ -52,11 +59,8 @@ - role: fedora-docs/proxy website: docs.fedoraproject.org + - role: fedora-docs-old/proxy + website: docs-old.fedoraproject.org + - role: developer/website website: developer.fedoraproject.org - - - role: fedoraloveskde/website - website: fedoraloveskde.org - - - role: fedora-web/fedora.im - website: fedora.im diff --git a/playbooks/include/proxies-fedorahosted.yml b/playbooks/include/proxies-fedorahosted.yml index 04615b316c..8f413175bf 100644 --- a/playbooks/include/proxies-fedorahosted.yml +++ b/playbooks/include/proxies-fedorahosted.yml @@ -1,29 +1,20 @@ ---- -- name: Fedorahosted. No more on our servers, but still in our hearts... - hosts: proxies_stg:proxies +- name: Fedorahosted. No more on our servers, but still in our hearts... + hosts: proxies-stg:proxies user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - - name: Ensure directories exists - ansible.builtin.file: - path: "{{ item }}" - state: directory - mode: '0755' - loop: - - '/etc/httpd/conf.d/fedorahosted.org' - - '/etc/httpd/conf.d/git.fedorahosted.org' + - name: install special fedorahosted-redirects.conf with fedorahosted redirects + copy: src={{ files }}/httpd/fedorahosted-redirects.conf dest=/etc/httpd/conf.d/fedorahosted.org/fedorahosted-redirects.conf - - name: Install special fedorahosted-redirects.conf with fedorahosted redirects - ansible.builtin.copy: src={{ files }}/httpd/fedorahosted-redirects.conf dest=/etc/httpd/conf.d/fedorahosted.org/fedorahosted-redirects.conf + - name: install special git.fedorahosted-redirects.conf with git.fedorahosted redirects + copy: src={{ files }}/httpd/git.fedorahosted-redirects.conf dest=/etc/httpd/conf.d/git.fedorahosted.org/fedorahosted-redirects.conf - - name: Install special git.fedorahosted-redirects.conf with git.fedorahosted redirects - ansible.builtin.copy: src={{ files }}/httpd/git.fedorahosted-redirects.conf dest=/etc/httpd/conf.d/git.fedorahosted.org/fedorahosted-redirects.conf diff --git a/playbooks/include/proxies-haproxy.yml b/playbooks/include/proxies-haproxy.yml index bef04e47e8..2b5d38a3b9 100644 --- a/playbooks/include/proxies-haproxy.yml +++ b/playbooks/include/proxies-haproxy.yml @@ -1,13 +1,12 @@ ---- - name: Set up all the haproxy stuff. - hosts: proxies_stg:proxies + hosts: proxies-stg:proxies user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/include/proxies-miscellaneous.yml b/playbooks/include/proxies-miscellaneous.yml index 5bd1965fa3..a134f0c999 100644 --- a/playbooks/include/proxies-miscellaneous.yml +++ b/playbooks/include/proxies-miscellaneous.yml @@ -1,13 +1,12 @@ ---- - name: Set up all the other proxy stuff -- miscellaneous - hosts: proxies_stg:proxies + hosts: proxies-stg:proxies user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" @@ -15,11 +14,11 @@ tasks: # We retired this in favor of PDC # https://lists.fedoraproject.org/archives/list/rel-eng@lists.fedoraproject.org/thread/LOWVTF6WTS43LNPWDEISLXUELXAH5YXR/#LOWVTF6WTS43LNPWDEISLXUELXAH5YXR - - ansible.builtin.file: - dest=/etc/httpd/conf.d/apps.fedoraproject.org/fedora-releng-dash.conf - state=absent - tags: releng-dash - notify: Reload proxyhttpd + - file: + dest=/etc/httpd/conf.d/apps.fedoraproject.org/fedora-releng-dash.conf + state=absent + tags: releng-dash + notify: reload proxyhttpd roles: @@ -29,6 +28,15 @@ extensions: - .ico + - role: fedmsg/crl + website: fedoraproject.org + path: /fedmsg + + - role: fedmsg/gateway/slave + stunnel_service: "websockets" + stunnel_source_port: 9939 + stunnel_destination_port: 9938 + - role: httpd/fingerprints website: admin.fedoraproject.org @@ -40,14 +48,10 @@ website: fedoraproject.org path: /PackageReviewStatus + - role: membership-map/proxy + website: fedoraproject.org + path: /membership-map + - role: apps-fp-o website: apps.fedoraproject.org path: / - - - role: pkgdb-proxy - tags: - - pkgdb2 - - - role: security.txt - tags: - - security.txt diff --git a/playbooks/include/proxies-redirects.yml b/playbooks/include/proxies-redirects.yml index 66cf82d613..4560dcb182 100644 --- a/playbooks/include/proxies-redirects.yml +++ b/playbooks/include/proxies-redirects.yml @@ -1,13 +1,12 @@ ---- -- name: Set up those proxy redirects. Wow! - hosts: proxies_stg:proxies +- name: Set up those proxy redirects. Wow! + hosts: proxies-stg:proxies user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" @@ -17,154 +16,82 @@ # An exceptional rewrite for bugz.fp.o - role: packages3/bugz.fp.o website: bugz.fedoraproject.org - tags: - - bugz - # A special rewrite for cgit - - role: httpd/redirect - shortname: cgit - website: src.fedoraproject.org - tags: - - cgit # Various app redirects - role: httpd/redirect - shortname: neuro - website: neuro.fedoraproject.org - path: / - target: https://docs.fedoraproject.org/en-US/neurofedora/overview/ - tags: - - neuro - - - role: httpd/redirect - shortname: community + name: community website: admin.fedoraproject.org path: /community target: https://apps.fedoraproject.org/packages - role: httpd/redirect - shortname: packages - website: apps.fedoraproject.org - path: /packages - target: https://packages.fedoraproject.org/ - - - role: httpd/redirect - shortname: koschei - website: apps.fedoraproject.org - path: /koschei - target: "https://koschei{{env_suffix}}.fedoraproject.org" - tags: koschei - - - role: httpd/redirect - shortname: mdapi - website: apps.fedoraproject.org - path: /mdapi - target: "https://mdapi{{env_suffix}}.fedoraproject.org" - tags: mdapi - - - role: httpd/redirect - shortname: nagios + name: nagios website: admin.fedoraproject.org path: /nagios target: https://nagios.fedoraproject.org/nagios/ - role: httpd/redirect - shortname: docs + name: docs website: fedoraproject.org path: /docs target: https://docs.fedoraproject.org/ - role: httpd/redirect - shortname: people-fp-o + name: elections + website: admin.fedoraproject.org + path: /voting + target: https://admin.fedoraproject.org/voting + + - role: httpd/redirect + name: people-fp-o website: people.fedoraproject.org target: https://fedorapeople.org/ - role: httpd/redirect - shortname: fas + name: fas website: fas.fedoraproject.org - target: https://accounts.fedoraproject.org/ - - - role: httpd/redirect - shortname: oldfas - website: admin.fedoraproject.org - path: /accounts/ - target: https:/accounts.fedoraproject.org/ + target: https://admin.fedoraproject.org/accounts/ - role: httpd/redirectmatch - shortname: askbot-to-ask - website: askbot.fedoraproject.org - regex: ^.* - target: https://ask.fedoraproject.org/t/askbot-fedoraproject-org-archives-are-going-away/16118 - - - role: httpd/redirectmatch - shortname: codecs + name: codecs website: codecs.fedoraproject.org regex: ^.*/(.*openh264.*.rpm$) target: http://ciscobinary.openh264.org/$1 - - role: httpd/redirect - shortname: jenkins - website: jenkins.fedorainfracloud.org - target: https://jenkins-fedora-infra.apps.ci.centos.org/ - tags: jenkins - - - role: httpd/redirect - shortname: testdays-fic - website: testdays.fedorainfracloud.org - target: https://testdays.fedoraproject.org/ - tags: testdays-fic - - role: httpd/redirectmatch - shortname: fpaste + name: fpaste website: fpaste.org regex: /(.*)$ - target: https://paste.centos.org/$1 + target: https://paste.fedoraproject.org/$1 - role: httpd/redirectmatch - shortname: modernpaste - website: paste.fedoraproject.org - regex: /(.*)$ - target: https://paste.centos.org/$1 - - - role: httpd/redirectmatch - shortname: elections - website: admin.fedoraproject.org - regex: /voting - target: https://elections.fedoraproject.org/ - - - role: httpd/redirectmatch - shortname: calendar - website: apps.fedoraproject.org - regex: /calendar$1 - target: https://calendar.fedoraproject.org/$1 - - - role: httpd/redirectmatch - shortname: mailman + name: mailman website: admin.fedoraproject.org regex: /mailman/(.*)$ target: https://lists.fedoraproject.org/mailman/$1 - role: httpd/redirectmatch - shortname: mailman-pipermail + name: mailman-pipermail website: admin.fedoraproject.org regex: /pipermail/(.*)$ target: https://lists.fedoraproject.org/pipermail/$1 - role: httpd/redirectmatch - shortname: 00-bodhi2-cutover-users + name: 00-bodhi2-cutover-users website: admin.fedoraproject.org regex: /updates/user/(.*)$ target: https://bodhi.fedoraproject.org/users/$1 - role: httpd/redirectmatch - shortname: 01-bodhi2-cutover-comments-list + name: 01-bodhi2-cutover-comments-list website: admin.fedoraproject.org regex: /updates/comments$ target: https://bodhi.fedoraproject.org/comments/ # This one is sub-optimal, but we have no way to map /mine to /$username - role: httpd/redirectmatch - shortname: 02-bodhi2-mine-fallback + name: 02-bodhi2-mine-fallback website: admin.fedoraproject.org regex: /updates/mine$ target: https://bodhi.fedoraproject.org/ @@ -172,200 +99,318 @@ # This is similar to /mine. Ideally, we would redirect to # /overrides/?user=$USERNAME, but we can't get that username afaik. - role: httpd/redirectmatch - shortname: 03-bodhi2-cutover-overrides-list + name: 03-bodhi2-cutover-overrides-list website: admin.fedoraproject.org regex: /updates/override/list$ target: https://bodhi.fedoraproject.org/overrides/ - role: httpd/redirectmatch - shortname: 04-bodhi2-new-update-gotcha + name: 04-bodhi2-new-update-gotcha website: admin.fedoraproject.org regex: /updates/new/*$ target: https://bodhi.fedoraproject.org/updates/new - role: httpd/redirectmatch - shortname: 05-bodhi2-api-version + name: 05-bodhi2-api-version website: admin.fedoraproject.org regex: /updates/api_version$ target: https://bodhi.fedoraproject.org/api_version - role: httpd/redirectmatch - shortname: 06-bodhi2-login + name: 06-bodhi2-login website: admin.fedoraproject.org regex: /updates/login$ target: https://bodhi.fedoraproject.org/login - role: httpd/redirectmatch - shortname: 07-bodhi2-logout + name: 07-bodhi2-logout website: admin.fedoraproject.org regex: /updates/logout$ target: https://bodhi.fedoraproject.org/logout - role: httpd/redirectmatch - shortname: 08-bodhi2-rss + name: 08-bodhi2-rss website: admin.fedoraproject.org regex: /updates/rss/rss2\.0 target: https://bodhi.fedoraproject.org/updates - role: httpd/redirectmatch - shortname: 09-bodhi2-old-search-new-search + name: 09-bodhi2-old-search-new-search website: admin.fedoraproject.org regex: /updates/search/(.+)$ target: https://bodhi.fedoraproject.org/updates/?like=$1 - role: httpd/redirectmatch - shortname: 89-bodhi2-icon + name: 89-bodhi2-icon website: admin.fedoraproject.org regex: /updates/static/images/bodhi-icon-48.png$ target: https://apps.fedoraproject.org/img/icons/bodhi.png - role: httpd/redirectmatch - shortname: 90-bodhi2-cutover-updates + name: 90-bodhi2-cutover-updates website: admin.fedoraproject.org regex: /updates/(.+)$ target: https://bodhi.fedoraproject.org/updates/$1 - role: httpd/redirectmatch - shortname: 91-bodhi2-cutover-baseline + name: 91-bodhi2-cutover-baseline website: admin.fedoraproject.org regex: /updates/*$ target: https://bodhi.fedoraproject.org/ # See https://github.com/fedora-infra/bodhi/issues/476 - role: httpd/redirectmatch - shortname: send-user-to-users + name: send-user-to-users website: bodhi.fedoraproject.org regex: /user/(.*)$ target: https://bodhi.fedoraproject.org/users/$1 - role: httpd/redirect - shortname: get-fedora + name: get-fedora website: get.fedoraproject.org - target: https://fedoraproject.org/ - tags: - - fedoraproject.org + target: https://getfedora.org/ - role: httpd/redirect - shortname: main-fedoraproject - website: getfedora.org - target: https://fedoraproject.org/ - tags: - - fedoraproject.org - - - role: httpd/redirect - shortname: fedoraproject-fedoragpg - website: fedoraproject.org - path: /static/fedora.gpg - target: https://fedoraproject.org/fedora.gpg - tags: - - fedoraproject.org - - # ARM redirect - - role: httpd/redirect - shortname: arm-fedoraproject - website: arm.fedoraproject.org - target: https://fedoraproject.org/ - tags: - - fedoraproject.org - - - role: httpd/redirect - shortname: flocktofedora + name: flocktofedora website: flocktofedora.net target: https://flocktofedora.org/ - role: httpd/redirect - shortname: fedoramy + name: fedoramy website: fedora.my target: http://www.fedora.my/ - role: httpd/redirect - shortname: copr + name: copr website: copr.fedoraproject.org target: https://copr.fedorainfracloud.org/ - when: env != "staging" - tags: copr - role: httpd/redirect - shortname: join-fedora + name: join-fedora website: join.fedoraproject.org - target: https://docs.fedoraproject.org/en-US/project/join - tags: join-fedora + target: https://fedoraproject.org/wiki/Join - role: httpd/redirect - shortname: get-help + name: get-help website: help.fedoraproject.org - target: https://ask.fedoraproject.org - tags: ask-fedora + target: https://fedoraproject.org/get-help + + - role: httpd/redirect + name: l10n + website: l10n.fedoraproject.org + target: https://translate.fedoraproject.org/ # This is just a redirect to developer, to make it easier for people to get # here from Red Hat's developers.redhat.com (ticket #5216). - role: httpd/redirect - shortname: developers + name: developers website: developers.fedoraproject.org target: https://developer.fedoraproject.org/ # Redirect fudcon.fedoraproject.org to flocktofedora.org - role: httpd/redirect - shortname: fudcon + name: fudcon website: fudcon.fedoraproject.org path: /index.html target: https://flocktofedora.org/ + # Redirect specific websites from fedoraproject.org to getfedora.org - role: httpd/redirect - shortname: code-of-conduct + name: main-fedoraproject + website: fedoraproject.org + path: /index.html + target: https://getfedora.org/ + + - role: httpd/redirect + name: get-fedora-old + website: fedoraproject.org + path: /get-fedora + target: https://getfedora.org/ + + - role: httpd/redirect + name: sponsors + website: fedoraproject.org + path: /sponsors + target: https://getfedora.org/sponsors + + - role: httpd/redirect + name: code-of-conduct website: fedoraproject.org path: /code-of-conduct - target: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ + target: https://getfedora.org/code-of-conduct + - role: httpd/redirect + name: verify + website: fedoraproject.org + path: /verify + target: https://getfedora.org/verify + + - role: httpd/redirect + name: keys + website: fedoraproject.org + path: /keys + target: https://getfedora.org/keys + + - role: httpd/redirect + name: release-banner + website: fedoraproject.org + path: /static/js/release-counter-ext.js + target: https://getfedora.org/static/js/release-counter-ext.js # # When there is no prerelease we redirect the prerelease urls # back to the main release. # This should be disabled when there is a prerelease - - role: httpd/redirectmatch - shortname: prerelease-to-final-alt-1 - website: alt.fedoraproject.org - regex: /prerelease.*$ - target: https://alt.stg.fedoraproject.org/$1 - redirectmatch_enabled: true - when: env == 'staging' +# - role: httpd/redirectmatch +# name: prerelease-to-final-gfo +# website: getfedora.org +# regex: /(.*)/prerelease.*$ +# target: https://stg.getfedora.org/$1 +# when: env == 'staging' +# +# - role: httpd/redirectmatch +# name: prerelease-to-final-labs-1 +# website: labs.fedoraproject.org +# regex: /(.*)/prerelease.*$ +# target: https://labs.stg.fedoraproject.org/$1 +# when: env == 'staging' +# +# - role: httpd/redirectmatch +# name: prerelease-to-final-spins-1 +# website: spins.fedoraproject.org +# regex: /(.*)/prerelease.*$ +# target: https://spins.stg.fedoraproject.org/$1 +# when: env == 'staging' +# +# - role: httpd/redirectmatch +# name: prerelease-to-final-arm-1 +# website: arm.fedoraproject.org +# regex: /(.*)/prerelease.*$ +# target: https://arm.stg.fedoraproject.org/$1 +# when: env == 'staging' +# +# - role: httpd/redirectmatch +# name: prerelease-to-final-labs-2 +# website: labs.fedoraproject.org +# regex: /prerelease.*$ +# target: https://labs.stg.fedoraproject.org/$1 +# when: env == 'staging' +# +# - role: httpd/redirectmatch +# name: prerelease-to-final-spins-2 +# website: spins.fedoraproject.org +# regex: /prerelease.*$ +# target: https://spins.stg.fedoraproject.org/$1 +# when: env == 'staging' +# +# - role: httpd/redirectmatch +# name: prerelease-to-final-arm-2 +# website: arm.fedoraproject.org +# regex: /prerelease.*$ +# target: https://arm.stg.fedoraproject.org/$1 +# when: env == 'staging' +# +# - role: httpd/redirectmatch +# name: cloud-to-atomic +# website: getfedora.org +# regex: /cloud/.*$ +# target: https://alt.stg.fedoraproject.org/cloud/$1 +# when: env == 'staging' +# +# - role: httpd/redirectmatch +# name: cloud-to-atomic-download +# website: getfedora.org +# regex: /(.*)/cloud/download.*$ +# target: https://alt.stg.fedoraproject.org/$1/cloud +# when: env == 'staging' # end staging +# - role: httpd/redirectmatch +# name: prerelease-to-final-gfo +# website: getfedora.org +# regex: /(.*)/prerelease.*$ +# target: https://getfedora.org/$1 +# when: env != 'staging' +# +# - role: httpd/redirectmatch +# name: prerelease-to-final-labs-1 +# website: labs.fedoraproject.org +# regex: /(.*)/prerelease.*$ +# target: https://labs.fedoraproject.org/$1 +# when: env != 'staging' +# +# - role: httpd/redirectmatch +# name: prerelease-to-final-spins-1 +# website: spins.fedoraproject.org +# regex: /(.*)/prerelease.*$ +# target: https://spins.fedoraproject.org/$1 +# when: env != 'staging' +# +# - role: httpd/redirectmatch +# name: prerelease-to-final-arm-1 +# website: arm.fedoraproject.org +# regex: /(.*)/prerelease.*$ +# target: https://arm.fedoraproject.org/$1 +# when: env != 'staging' +# +# - role: httpd/redirectmatch +# name: prerelease-to-final-labs-2 +# website: labs.fedoraproject.org +# regex: /prerelease.*$ +# target: https://labs.fedoraproject.org/$1 +# when: env != 'staging' +# +# - role: httpd/redirectmatch +# name: prerelease-to-final-spins-2 +# website: spins.fedoraproject.org +# regex: /prerelease.*$ +# target: https://spins.fedoraproject.org/$1 +# when: env != 'staging' +# +# - role: httpd/redirectmatch +# name: prerelease-to-final-arm-2 +# website: arm.fedoraproject.org +# regex: /prerelease.*$ +# target: https://arm.fedoraproject.org/$1 +# when: env != 'staging' + - role: httpd/redirectmatch - shortname: prerelease-to-final-alt-1 - website: alt.fedoraproject.org - regex: /prerelease.*$ - target: https://alt.fedoraproject.org/$1 - redirectmatch_enabled: false + name: cloud-to-atomic + website: getfedora.org + regex: /cloud/.*$ + target: https://alt.fedoraproject.org/cloud/$1 when: env != 'staging' -# end of prod prerelease + - role: httpd/redirectmatch + name: cloud-to-atomic-download + website: getfedora.org + regex: /(.*)/cloud/download.*$ + target: https://alt.fedoraproject.org/$1/cloud + when: env != 'staging' - role: httpd/redirect - shortname: store + name: store website: store.fedoraproject.org target: "https://redhat.corpmerchandise.com/ProductList.aspx?did=20588" # Fonts on the wiki - role: httpd/redirect - shortname: fonts-wiki + name: fonts-wiki website: fonts.fedoraproject.org target: https://fedoraproject.org/wiki/Category:Fonts_SIG # Releng - role: httpd/redirect - shortname: nightly + name: nightly website: nightly.fedoraproject.org - target: https://openqa.fedoraproject.org/nightlies.html - tags: - - nightly + target: https://www.happyassassin.net/nightlies.html # We retired releng-dash in favor of PDC # https://lists.fedoraproject.org/archives/list/rel-eng@lists.fedoraproject.org/thread/LOWVTF6WTS43LNPWDEISLXUELXAH5YXR/#LOWVTF6WTS43LNPWDEISLXUELXAH5YXR - role: httpd/redirect - shortname: releng-dash + name: releng-dash website: apps.fedoraproject.org path: /releng-dash target: https://pdc.fedoraproject.org/ @@ -373,135 +418,81 @@ # Send fp.com to fp.org - role: httpd/redirect - shortname: site + name: site website: fedoraproject.com - target: https://fedoraproject.org/ - tags: - - fedoraproject.org - - # Fedora start page - - role: httpd/redirect - shortname: site - website: start.fedoraproject.org - target: https://fedoraproject.org/start - tags: - - fedoraproject.org + target: https://getfedora.org/ # Planet/people convenience - role: httpd/redirect - shortname: infofeed + name: infofeed website: fedoraproject.org path: /infofeed target: http://fedoraplanet.org/infofeed - role: httpd/redirect - shortname: people + name: people website: fedoraproject.org path: /people target: http://fedoraplanet.org/ - role: httpd/redirect - shortname: fedorapeople + name: fedorapeople website: fedoraproject.org path: /fedorapeople target: http://fedoraplanet.org/ - - role: httpd/redirect - shortname: planet.fedoraproject.org - website: planet.fedoraproject.org - target: http://fedoraplanet.org/ # QA - # - role: httpd/redirect - # shortname: qa - # website: qa.fedoraproject.org - # target: https://fedoraproject.org/wiki/QA - # when: env != 'staging' + - role: httpd/redirect + name: qa + website: qa.fedoraproject.org + target: https://fedoraproject.org/wiki/QA + when: env != 'staging' + # Various community sites - role: httpd/redirect - shortname: it-fedoracommunity-redirect + name: it-fedoracommunity-redirect website: it.fedoracommunity.org target: http://www.fedoraonline.it/ - role: httpd/redirect - shortname: uk-fedoracommunity-redirect + name: uk-fedoracommunity-redirect website: uk.fedoracommunity.org target: http://www.fedora-uk.org/ - role: httpd/redirect - shortname: tw-fedoracommunity-redirect + name: tw-fedoracommunity-redirect website: tw.fedoracommunity.org target: https://fedora-tw.org/ # Spins - role: httpd/redirect - shortname: kde + name: kde website: kde.fedoraproject.org - target: https://fedoraproject.org/kde - tags: - - fedoraproject.org + target: https://spins.fedoraproject.org/kde/ - - role: httpd/redirectmatch - shortname: spins - website: spins.fedoraproject.org - regex: ^.* - target: https://fedoraproject.org/spins - tags: - - fedoraproject.org - - # Labs - - role: httpd/redirectmatch - shortname: labs - website: labs.fedoraproject.org - regex: ^.* - target: https://fedoraproject.org/labs - tags: - - fedoraproject.org - - # Flock - - role: httpd/redirectmatch - shortname: flock - website: flocktofedora.org - regex: ^.* - target: https://fedoraproject.org/flock/2025 - tags: - - fedoraproject.org # Various sites that we are friends with - role: httpd/redirect - shortname: port389 + name: port389 website: port389.org - target: https://directory.fedoraproject.org - - # comment out 2020-02-05 .. this has been broken for 2 years - # - role: httpd/redirect - # shortname: k12linux - # website: k12linux.org - # target: https://fedorahosted.org/k12linux/ + target: http://directory.fedoraproject.org/ - role: httpd/redirect - shortname: dogtagpki - website: pki.fedoraproject.org - target: http://dogtagpki.org + name: k12linux + website: k12linux.org + target: https://fedorahosted.org/k12linux/ - # all of this goes to one place the graveyard. - - - role: httpd/redirect - shortname: boot - website: boot.fedoraproject.org - target: https://fedoraproject.org/wiki/Infrastructure/graveyard # Cloudy bits - role: httpd/redirect - shortname: cloud-front-page + name: cloud-front-page website: cloud.fedoraproject.org - target: https://fedoraproject.org/cloud - tags: - - fedoraproject.org + target: https://alt.fedoraproject.org/cloud/ - role: httpd/redirectmatch - shortname: redirect-cloudstart + name: redirect-cloudstart website: redirect.fedoraproject.org regex: /(console\.aws\.amazon\.com/ec2/v2/home.*)$ target: https://$1 @@ -510,428 +501,210 @@ # Redirects/pointers for fedora 25 BASE cloud images - role: httpd/redirect - shortname: cloud-base-64bit-25 + name: cloud-base-64bit-25 website: cloud.fedoraproject.org path: /fedora-25.x86_64.qcow2 target: https://download.fedoraproject.org/pub/fedora/linux/releases/25/CloudImages/x86_64/images/Fedora-Cloud-Base-25-1.3.x86_64.qcow2 - role: httpd/redirect - shortname: cloud-base-64bit-25-raw + name: cloud-base-64bit-25-raw website: cloud.fedoraproject.org path: /fedora-25.x86_64.raw.xz target: https://download.fedoraproject.org/pub/fedora/linux/releases/25/CloudImages/x86_64/images/Fedora-Cloud-Base-25-1.3.x86_64.raw.xz # Redirects/pointers for fedora 24 BASE cloud images - role: httpd/redirect - shortname: cloud-base-64bit-24 + name: cloud-base-64bit-24 website: cloud.fedoraproject.org path: /fedora-24.x86_64.qcow2 target: https://download.fedoraproject.org/pub/fedora/linux/releases/24/CloudImages/x86_64/images/Fedora-Cloud-Base-24-1.2.x86_64.qcow2 - role: httpd/redirect - shortname: cloud-base-64bit-24-raw + name: cloud-base-64bit-24-raw website: cloud.fedoraproject.org path: /fedora-24.x86_64.raw.xz target: https://download.fedoraproject.org/pub/fedora/linux/releases/24/CloudImages/x86_64/images/Fedora-Cloud-Base-24-1.2.x86_64.raw.xz # Redirects/pointers for fedora 23 BASE cloud images - role: httpd/redirect - shortname: cloud-base-64bit-23 + name: cloud-base-64bit-23 website: cloud.fedoraproject.org path: /fedora-23.x86_64.qcow2 target: https://download.fedoraproject.org/pub/fedora/linux/releases/23/Cloud/x86_64/Images/Fedora-Cloud-Base-23-20151030.x86_64.qcow2 - role: httpd/redirect - shortname: cloud-base-64bit-23-raw + name: cloud-base-64bit-23-raw website: cloud.fedoraproject.org path: /fedora-23.x86_64.raw.xz target: https://download.fedoraproject.org/pub/fedora/linux/releases/23/Cloud/x86_64/Images/Fedora-Cloud-Base-23-20151030.x86_64.raw.xz - role: httpd/redirect - shortname: cloud-base-32bit-23-raw + name: cloud-base-32bit-23-raw website: cloud.fedoraproject.org path: /fedora-23.i386.raw.xz target: https://download.fedoraproject.org/pub/fedora/linux/releases/23/Cloud/i386/Images/Fedora-Cloud-Base-23-20151030.i386.raw.xz - role: httpd/redirect - shortname: cloud-base-32bit-23 + name: cloud-base-32bit-23 website: cloud.fedoraproject.org path: /fedora-23.i386.qcow2 target: https://download.fedoraproject.org/pub/fedora/linux/releases/23/Cloud/i386/Images/Fedora-Cloud-Base-23-20151030.i386.qcow2 # Redirects/pointers for fedora 23 ATOMIC cloud images - role: httpd/redirect - shortname: cloud-atomic-64bit-23 + name: cloud-atomic-64bit-23 website: cloud.fedoraproject.org path: /fedora-atomic-23.x86_64.qcow2 target: https://download.fedoraproject.org/pub/fedora/linux/releases/23/Cloud/x86_64/Images/Fedora-Cloud-Atomic-23-20151030.x86_64.qcow2 - role: httpd/redirect - shortname: cloud-atomic-64bit-23-raw + name: cloud-atomic-64bit-23-raw website: cloud.fedoraproject.org path: /fedora-atomic-23.x86_64.raw.xz target: https://download.fedoraproject.org/pub/fedora/linux/releases/23/Cloud/x86_64/Images/Fedora-Cloud-Atomic-23-20151030.x86_64.raw.xz # Redirects/pointers for fedora 22 BASE cloud images - role: httpd/redirect - shortname: cloud-base-64bit-22 + name: cloud-base-64bit-22 website: cloud.fedoraproject.org path: /fedora-22.x86_64.qcow2 target: https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/Images/Fedora-Cloud-Base-22-20150521.x86_64.qcow2 - role: httpd/redirect - shortname: cloud-base-64bit-22-raw + name: cloud-base-64bit-22-raw website: cloud.fedoraproject.org path: /fedora-22.x86_64.raw.xz target: https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/Images/Fedora-Cloud-Base-22-20150521.x86_64.raw.xz - role: httpd/redirect - shortname: cloud-base-32bit-22-raw + name: cloud-base-32bit-22-raw website: cloud.fedoraproject.org path: /fedora-22.i386.raw.xz target: https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/i386/Images/Fedora-Cloud-Base-22-20150521.i386.raw.xz - role: httpd/redirect - shortname: cloud-base-32bit-22 + name: cloud-base-32bit-22 website: cloud.fedoraproject.org path: /fedora-22.i386.qcow2 target: https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/i386/Images/Fedora-Cloud-Base-22-20150521.i386.qcow2 # Redirects/pointers for fedora 22 ATOMIC cloud images - role: httpd/redirect - shortname: cloud-atomic-64bit-22 + name: cloud-atomic-64bit-22 website: cloud.fedoraproject.org path: /fedora-atomic-22.x86_64.qcow2 target: https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/Images/Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2 - role: httpd/redirect - shortname: cloud-atomic-64bit-22-raw + name: cloud-atomic-64bit-22-raw website: cloud.fedoraproject.org path: /fedora-atomic-22.x86_64.raw.xz target: https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/Images/Fedora-Cloud-Atomic-22-20150521.x86_64.raw.xz # Redirects/pointers for fedora 21 BASE cloud images - role: httpd/redirect - shortname: cloud-base-64bit-21 + name: cloud-base-64bit-21 website: cloud.fedoraproject.org path: /fedora-21.x86_64.qcow2 target: https://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/x86_64/Fedora-Cloud-Base-20141203-21.x86_64.qcow2 - role: httpd/redirect - shortname: cloud-base-64bit-21-raw + name: cloud-base-64bit-21-raw website: cloud.fedoraproject.org path: /fedora-21.x86_64.raw.xz target: https://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/x86_64/Fedora-Cloud-Base-20141203-21.x86_64.raw.xz - role: httpd/redirect - shortname: cloud-base-32bit-21-raw + name: cloud-base-32bit-21-raw website: cloud.fedoraproject.org path: /fedora-21.i386.raw.xz target: https://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/i386/Fedora-Cloud-Base-20141203-21.i386.raw.xz - role: httpd/redirect - shortname: cloud-base-32bit-21 + name: cloud-base-32bit-21 website: cloud.fedoraproject.org path: /fedora-21.i386.qcow2 target: https://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/i386/Fedora-Cloud-Base-20141203-21.i386.qcow2 # Redirects/pointers for fedora 21 ATOMIC cloud images - role: httpd/redirect - shortname: cloud-atomic-64bit-21 + name: cloud-atomic-64bit-21 website: cloud.fedoraproject.org path: /fedora-atomic-21.x86_64.qcow2 target: https://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/x86_64/Fedora-Cloud-Atomic-20141203-21.x86_64.qcow2 - role: httpd/redirect - shortname: cloud-atomic-64bit-21-raw + name: cloud-atomic-64bit-21-raw website: cloud.fedoraproject.org path: /fedora-atomic-21.x86_64.raw.xz target: https://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/x86_64/Fedora-Cloud-Atomic-20141203-21.x86_64.raw.xz # Except, there are no 32bit atomic images atm. - # - role: httpd/redirect - # shortname: cloud-atomic-32bit-21-raw + #- role: httpd/redirect + # name: cloud-atomic-32bit-21-raw # website: cloud.fedoraproject.org # path: /fedora-atomic-21.i386.raw.xz # target: https://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/i386/Fedora-Cloud-Atomic-20141203-21.i386.raw.xz - # - role: httpd/redirect - # shortname: cloud-atomic-32bit-21 + #- role: httpd/redirect + # name: cloud-atomic-32bit-21 # website: cloud.fedoraproject.org # path: /fedora-atomic-21.i386.qcow2 # target: https://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/i386/Fedora-Cloud-Atomic-20141203-21.i386.qcow2 # Redirects/pointers for fedora 20 cloud images - role: httpd/redirect - shortname: cloud-64bit-20 + name: cloud-64bit-20 website: cloud.fedoraproject.org path: /fedora-20.x86_64.qcow2 target: https://download.fedoraproject.org/pub/fedora/linux/updates/20/Images/x86_64/Fedora-x86_64-20-20140407-sda.qcow2 - role: httpd/redirect - shortname: cloud-32bit-20 + name: cloud-32bit-20 website: cloud.fedoraproject.org path: /fedora-20.i386.qcow2 target: https://download.fedoraproject.org/pub/fedora/linux/updates/20/Images/i386/Fedora-i386-20-20140407-sda.qcow2 - role: httpd/redirect - shortname: cloud-64bit-20-raw + name: cloud-64bit-20-raw website: cloud.fedoraproject.org path: /fedora-20.x86_64.raw.xz target: https://download.fedoraproject.org/pub/fedora/linux/updates/20/Images/x86_64/Fedora-x86_64-20-20140407-sda.raw.xz - role: httpd/redirect - shortname: cloud-32bit-20-raw + name: cloud-32bit-20-raw website: cloud.fedoraproject.org path: /fedora-20.i386.raw.xz target: https://download.fedoraproject.org/pub/fedora/linux/updates/20/Images/i386/Fedora-i386-20-20140407-sda.raw.xz # Redirects/pointers for fedora 19 cloud images - role: httpd/redirect - shortname: cloud-64bit-19 + name: cloud-64bit-19 website: cloud.fedoraproject.org path: /fedora-19.x86_64.qcow2 target: https://download.fedoraproject.org/pub/fedora/linux/updates/19/Images/x86_64/Fedora-x86_64-19-20140407-sda.qcow2 - role: httpd/redirect - shortname: cloud-32bit-19 + name: cloud-32bit-19 website: cloud.fedoraproject.org path: /fedora-19.i386.qcow2 target: https://download.fedoraproject.org/pub/fedora/linux/updates/19/Images/i386/Fedora-i386-19-20140407-sda.qcow2 # Redirects/pointers for latest fedora cloud images. - role: httpd/redirect - shortname: cloud-64bit-latest + name: cloud-64bit-latest website: cloud.fedoraproject.org path: /fedora-latest.x86_64.qcow2 target: https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/Images/Fedora-Cloud-Base-22-20150521.x86_64.qcow2 - role: httpd/redirect - shortname: cloud-32bit-latest + name: cloud-32bit-latest website: cloud.fedoraproject.org path: /fedora-latest.i386.qcow2 target: https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/i386/Images/Fedora-Cloud-Base-22-20150521.i386.qcow2 - role: httpd/redirect - shortname: cloud-atomic-64bit-latest + name: cloud-atomic-64bit-latest website: cloud.fedoraproject.org path: /fedora-atomic-latest.x86_64.qcow2 target: https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/Images/Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2 - - # Askbeta redirect - - role: httpd/redirect - shortname: askbeta - website: askbeta.fedoraproject.org - path: / - target: https://ask.fedoraproject.org - tags: - - askbeta.fedoraproject.org - - # iot redirect - - role: httpd/redirect - shortname: 01-iot - website: "iot.fedoraproject.org" - path: / - target: https://fedoraproject.org/iot - tags: - - iot.fedoraproject.org - - fedoraproject.org - - # coreos redirects - - role: httpd/redirect - shortname: 01-coreos - website: "coreos.fedoraproject.org" - path: / - target: https://fedoraproject.org/coreos - tags: - - coreos.fedoraproject.org - - fedoraproject.org - - - role: httpd/redirect - shortname: 00-coreosfaq - website: "coreos.fedoraproject.org" - path: /blogs/faq.html - target: https://docs.fedoraproject.org/en-US/fedora-coreos/faq - tags: - - coreos.fedoraproject.org - - - role: httpd/redirect - shortname: 00-coreosbuild - website: "builds.coreos{{ env_suffix }}.fedoraproject.org" - path: / - target: https://builds.coreos.fedoraproject.org/browser - tags: - - builds.coreos.fedoraproject.org - - # redirects for Taskotron decomissioning - - role: httpd/redirect - shortname: taskotron-landing - website: taskotron.fedoraproject.org - path: / - target: https://fedoraproject.org/wiki/Taskotron - - - role: httpd/redirect - shortname: taskotron-execdb - website: taskotron.fedoraproject.org - path: /execdb/ - target: https://fedoraproject.org/wiki/Taskotron - tags: - - taskotron - - - role: httpd/redirect - shortname: taskotron-buildmaster - website: taskotron.fedoraproject.org - path: /taskmaster/ - target: https://fedoraproject.org/wiki/Taskotron - tags: - - taskotron - - - role: httpd/redirectmatch - shortname: taskotron - website: taskotron.fedoraproject.org - regex: ^(.*) - target: https://resultsdb.fedoraproject.org/$1 - when: env != 'staging' - tags: - - taskotron - - - role: httpd/redirectmatch - shortname: taskotron-stg - website: taskotron.stg.fedoraproject.org - regex: ^/resultsdb_api/(.*) - target: https://resultsdb.stg.fedoraproject.org/$1 - when: env == 'staging' - tags: - - taskotron - - # fedora calendar redirect - - role: httpd/redirect - shortname: fedcalendar - website: apps.fedoraproject.org - path: /calendar - target: https://calendar.fedoraproject.org - - - role: httpd/redirect - shortname: fmn - website: apps.fedoraproject.org - path: /notifications - target: https://notifications.fedoraproject.org - tags: - - fmn - - - role: httpd/redirectmatch - shortname: 00-silverblue-redirect - website: silverblue.fedoraproject.org - regex: ^.* - target: https://fedoraproject.org/silverblue - tags: - - silverblue - - - role: httpd/redirectmatch - shortname: 00-kinoite-redirect - website: kinoite.fedoraproject.org - regex: ^.* - target: https://fedoraproject.org/kinoite - tags: - - kinoite - - - role: httpd/redirectmatch - shortname: 00-directory-redirect - website: directory.fedoraproject.org - regex: ^/(.*) - target: https://www.port389.org/$1 - tags: - - directory - - - role: httpd/redirectmatch - shortname: 00-podcast-redirect - website: podcast.fedoraproject.org - regex: ^.* - target: https://fedoraproject.fireside.fm - tags: - - podcast - - - role: httpd/redirectmatch - shortname: 00-docs-dei - website: "docs.fedoraproject.org" - regex: ^/en-US/diversity-inclusion/(.*)$ - target: https://docs.fedoraproject.org/en-US/dei/$1 - tags: - - docs - - - role: httpd/redirectmatch - shortname: 00-cloud-redirect - website: alt.fedoraproject.org - regex: ^.*/cloud - target: https://fedoraproject.org/cloud/ - tags: - - cloud - - - role: httpd/redirectmatch - shortname: 00-discussion-redirect - website: discussions.fedoraproject.org - regex: ^.* - target: https://discussion.fedoraproject.org - tags: - - discussion - - - role: httpd/redirect - shortname: kerneltest - website: apps.fedoraproject.org - path: /kerneltest - target: "https://kerneltest{{env_suffix}}.fedoraproject.org" - tags: kerneltest - - - role: httpd/redirect - shortname: epel.io - website: epel.io - target: https://docs.fedoraproject.org/en-US/epel - tags: - - epel.io - - - role: httpd/redirect - shortname: 00-old-pdc - website: pdc.fedoraproject.org - target: https://fedoraproject.org/wiki/Infrastructure/pdc-retirement - tags: - - pdc - - - role: httpd/redirectmatch - shortname: 00-old-odcs-repo - website: odcs.fedoraproject.org - regex: ^/composes/production/latest-Fedora-ELN/compose/(.*)$ - target: https://dl.fedoraproject.org/pub/eln/1/$1 - tags: - - odcs - - - role: httpd/redirect - shortname: 01-old-odcs - website: odcs.fedoraproject.org - target: https://dl.fedoraproject.org/pub/eln/1 - tags: - - odcs - - - role: httpd/redirect - shortname: bugs - website: "bugs{{env_suffix}}.fedoraproject.org" - target: https://docs.fedoraproject.org/en-US/quick-docs/bugzilla-file-a-bug - tags: - - bugs - - - role: httpd/redirectmatch - shortname: 00-cpe-to-cle - website: "docs.fedoraproject.org" - regex: ^/en-US/cpe/(.*)$ - target: https://docs.fedoraproject.org/en-US/cle/$1 - tags: - - cle - - docs - - # old registry.fedoraproject.org web interface - - role: httpd/redirectmatch - shortname: reg-server - website: registry.fedoraproject.org - regex: ^/(index\.html|repo(.*))$ - target: https://quay.io/organization/fedora/ - tags: - - registry diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml index ba90ac77e3..70654dc0d7 100644 --- a/playbooks/include/proxies-reverseproxy.yml +++ b/playbooks/include/proxies-reverseproxy.yml @@ -1,13 +1,12 @@ ---- - name: Set up those ProxyPassReverse statements. Somebody get me a cup of coffee.. - hosts: proxies_stg:proxies + hosts: proxies-stg:proxies user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" @@ -18,12 +17,12 @@ pre_tasks: - name: Remove some crusty files from bygone eras - ansible.builtin.file: dest=/etc/httpd/conf.d/{{item}} state=absent + file: dest=/etc/httpd/conf.d/{{item}} state=absent with_items: - meetbot.fedoraproject.org/reversepassproxy.conf - meetbot.fedoraproject.org/meetbot.conf notify: - - Reload proxyhttpd + - reload proxyhttpd tags: - httpd - httpd/reverseproxy @@ -34,42 +33,15 @@ - role: httpd/reverseproxy website: copr.fedoraproject.org destname: coprapi - when: env != "staging" - tags: copr - - - role: httpd/reverseproxy - website: copr.fedoraproject.org - destname: copr - proxyurl: http://localhost:10070 - keephost: true - when: env == "staging" - tags: copr + localpath: /api + remotepath: /api + proxyurl: https://copr.fedorainfracloud.org - role: httpd/reverseproxy website: nagios.fedoraproject.org destname: nagios remotepath: / - proxyurl: http://noc01.{{ datacenter }}.fedoraproject.org - - - role: httpd/reverseproxy - website: zabbix.fedoraproject.org - destname: zabbix - remotepath: / - proxyurl: http://localhost:10068 - keephost: true - header_scheme: true - when: env == "production" - tags: zabbix - - - role: httpd/reverseproxy - website: zabbix.stg.fedoraproject.org - destname: zabbix - remotepath: / - proxyurl: http://localhost:10068 - keephost: true - header_scheme: true - when: env == "staging" - tags: zabbix + proxyurl: http://noc01.phx2.fedoraproject.org - role: httpd/reverseproxy website: lists.fedoraproject.org @@ -79,7 +51,6 @@ header_scheme: true keephost: true proxyurl: "{{ varnish_url }}" - tags: lists.fedoraproject.org - role: httpd/reverseproxy website: lists.fedorahosted.org @@ -90,64 +61,60 @@ keephost: true proxyurl: "{{ varnish_url }}" - - role: httpd/reverseproxy - website: lists.pagure.io - destname: mailman3 - localpath: / - remotepath: / - header_scheme: true - keephost: true - proxyurl: "{{ varnish_url }}" - # The place for the raw originals - role: httpd/reverseproxy website: meetbot-raw.fedoraproject.org destname: meetbot remotepath: /meetbot/ # Talk directly to the app server, not haproxy - proxyurl: http://value02 - when: env != "staging" + proxyurl: http://value01 # The place for the fancy mote view - role: httpd/reverseproxy website: meetbot.fedoraproject.org destname: mote - balancer_name: app-os - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: mote - - # The place for the raw originals - - role: httpd/reverseproxy - website: meetbot-raw.fedoraproject.org - destname: meetbot - remotepath: /meetbot/ + #remotepath: /mote/ # Talk directly to the app server, not haproxy - proxyurl: http://value02 - when: env == "staging" + proxyurl: http://value01 + + - role: httpd/reverseproxy + website: apps.fedoraproject.org + destname: nuancier + localpath: /nuancier + remotepath: /nuancier + header_scheme: true + proxyurl: "{{ varnish_url }}" + + - role: httpd/reverseproxy + website: apps.fedoraproject.org + destname: github2fedmsg + localpath: /github2fedmsg + remotepath: /github2fedmsg + header_scheme: true + proxyurl: http://localhost:10037 - role: httpd/reverseproxy website: apps.fedoraproject.org destname: fedora-notifications - localpath: /notifications-old - remotepath: /notifications-old + localpath: /notifications + remotepath: /notifications header_scheme: true proxyurl: http://localhost:10036 - tags: - - fmn - role: httpd/reverseproxy - website: "notifications{{ env_suffix }}.fedoraproject.org" - destname: fmn - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - keephost: true - ocp4: true - tags: - - fmn + website: apps.fedoraproject.org + destname: packages + localpath: /packages + remotepath: /packages + proxyurl: http://localhost:10016 + + - role: httpd/reverseproxy + website: apps.fedoraproject.org + destname: tagger + localpath: /tagger + remotepath: /tagger + rewrite: true + proxyurl: http://localhost:10017 - role: httpd/reverseproxy website: ask.fedoraproject.org @@ -155,141 +122,118 @@ proxyurl: "{{ varnish_url }}" - role: httpd/reverseproxy - website: "accounts{{ env_suffix }}.fedoraproject.org" - destname: noggin - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - keephost: true - ocp4: true - tags: - - noggin + website: darkserver.fedoraproject.org + destname: darkserver + remotepath: /darkserver/ + # Talk directly to the app server, not haproxy + proxyurl: http://localhost:10009 - role: httpd/reverseproxy - website: "fasjson{{ env_suffix }}.fedoraproject.org" - destname: fasjson - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift + website: paste.fedoraproject.org + destname: modernpaste keephost: true - ocp4: true - tags: - - fasjson + proxyurl: "{{ varnish_url }}" - role: httpd/reverseproxy - website: "id{{ env_suffix }}.fedoraproject.org" + website: admin.fedoraproject.org + destname: totpcgiprovision + localpath: /totpcgiprovision + proxyurl: http://localhost:10019 + + - role: httpd/reverseproxy + website: admin.fedoraproject.org + destname: fas + remotepath: /accounts + localpath: /accounts + proxyurl: http://localhost:10004 + + - role: httpd/reverseproxy + website: admin.fedoraproject.org + destname: elections + remotepath: /voting + localpath: /voting + proxyurl: http://localhost:10007 + + # Fedoauth is odd here -- it has an entry for both stg and prod. + - role: httpd/reverseproxy + website: id.stg.fedoraproject.org destname: id proxyurl: http://localhost:10020 - keephost: true - header_scheme: true - tags: - - id.fedoraproject.org + when: env == "staging" - role: httpd/reverseproxy - website: "sso{{ env_suffix }}.fedoraproject.org" - destname: id - proxyurl: http://localhost:10020 - keephost: true - tags: - - sso.fedoraproject.org - - - role: httpd/reverseproxy - website: "username.id{{ env_suffix }}.fedoraproject.org" - destname: usernameid - proxyurl: http://localhost:10020 - keephost: true - tags: - - id.fedoraproject.org - - - role: httpd/reverseproxy - website: "id{{ env_suffix }}.fedoraproject.org" + website: id.stg.fedoraproject.org destname: 00-kdcproxy remotepath: /KdcProxy localpath: /KdcProxy proxyurl: http://localhost:10053 - tags: - - id.fedoraproject.org + when: env == "staging" - role: httpd/reverseproxy - website: "id{{ env_suffix }}.fedoraproject.org" + website: id.stg.fedoraproject.org destname: 00-ipa remotepath: /ipa localpath: /ipa proxyurl: http://localhost:10061 - tags: - - id.fedoraproject.org + when: env == "staging" + + - role: httpd/reverseproxy + website: id.fedoraproject.org + destname: id + proxyurl: http://localhost:10020 + when: env != "staging" + + - role: httpd/reverseproxy + website: id.fedoraproject.org + destname: 00-kdcproxy + remotepath: /KdcProxy + localpath: /KdcProxy + proxyurl: http://localhost:10053 + when: env != "staging" + + - role: httpd/reverseproxy + website: id.fedoraproject.org + destname: 00-ipa + remotepath: /ipa + localpath: /ipa + proxyurl: http://localhost:10061 + when: env != "staging" - role: httpd/reverseproxy website: apps.fedoraproject.org destname: datagrepper remotepath: /datagrepper localpath: /datagrepper - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: - - datagrepper + rewrite: true + proxyurl: http://localhost:10028 - role: httpd/reverseproxy - website: "badges.fedoraproject.org" + website: badges.fedoraproject.org destname: badges - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - keephost: true - ocp4: true - tags: - - badges + proxyurl: http://localhost:10032 - role: httpd/reverseproxy - website: kerneltest.fedoraproject.org - destname: kerneltest - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true + website: apps.fedoraproject.org + destname: fedocal + remotepath: /calendar + localpath: /calendar header_scheme: true - tags: kerneltest + proxyurl: "{{ varnish_url }}" + + - role: httpd/reverseproxy + website: apps.fedoraproject.org + destname: kerneltest + remotepath: /kerneltest + localpath: /kerneltest + header_scheme: true + proxyurl: "{{ varnish_url }}" - role: httpd/reverseproxy website: qa.fedoraproject.org destname: blockerbugs - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - keephost: true - ocp4: true remotepath: /blockerbugs localpath: /blockerbugs - tags: blockerbugs - when: env == "staging" - - - role: httpd/reverseproxy - website: qa.fedoraproject.org - destname: qa-landingpage - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - keephost: true - ocp4: true - tags: qa-landingpage - - - role: httpd/reverseproxy - website: qa.fedoraproject.org - destname: blockerbugs - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - keephost: true - ocp4: true - remotepath: /blockerbugs - localpath: /blockerbugs - tags: blockerbugs - when: env != "staging" - + proxyurl: "{{ varnish_url }}" - role: httpd/reverseproxy website: fedoraproject.org @@ -299,211 +243,80 @@ proxyurl: "{{ varnish_url }}" - role: httpd/reverseproxy - website: bodhi.fedoraproject.org - destname: bodhi - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - keephost: true - ocp4: true - tags: bodhi - when: env == "staging" + website: admin.fedoraproject.org + destname: pkgdb + remotepath: /pkgdb + localpath: /pkgdb + proxyurl: "{{ varnish_url }}" + - role: httpd/reverseproxy website: bodhi.fedoraproject.org destname: bodhi - balancer_name: apps-ocp - targettype: openshift - balancer_members: "{{ocp_nodes}}" - ocp4: true - keephost: true - tags: bodhi - when: env != "staging" - -# -# fedora core os routes -# These point to openshift -# - - role: httpd/reverseproxy - website: "updates.coreos{{ env_suffix }}.fedoraproject.org" - destname: cincinnati - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - ocp4: true - targettype: openshift - keephost: true - tags: - - updates.coreos.fedoraproject.org - when: env != "staging" - - - role: httpd/reverseproxy - website: "status.updates.coreos{{ env_suffix }}.fedoraproject.org" - destname: cincinnati - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - ocp4: true - targettype: openshift - keephost: true - tags: - - updates.coreos.fedoraproject.org - when: env != "staging" - - - role: httpd/reverseproxy - website: "raw-updates.coreos{{ env_suffix }}.fedoraproject.org" - destname: cincinnati - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - ocp4: true - targettype: openshift - keephost: true - tags: - - updates.coreos.fedoraproject.org - when: env != "staging" - - - role: httpd/reverseproxy - website: "status.raw-updates.coreos{{ env_suffix }}.fedoraproject.org" - destname: cincinnati - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - ocp4: true - targettype: openshift - keephost: true - tags: - - updates.coreos.fedoraproject.org - when: env != "staging" - - - role: httpd/reverseproxy - website: "updates.coreos{{ env_suffix }}.fedoraproject.org" - destname: cincinnati - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - ocp4: true - targettype: openshift - keephost: true - tags: - - updates.coreos.fedoraproject.org - when: env == "staging" - - - role: httpd/reverseproxy - website: "status.updates.coreos{{ env_suffix }}.fedoraproject.org" - destname: cincinnati - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - ocp4: true - targettype: openshift - keephost: true - tags: - - updates.coreos.fedoraproject.org - when: env == "staging" - - - role: httpd/reverseproxy - website: "raw-updates.coreos{{ env_suffix }}.fedoraproject.org" - destname: cincinnati - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - ocp4: true - targettype: openshift - keephost: true - tags: - - updates.coreos.fedoraproject.org - when: env == "staging" - - - role: httpd/reverseproxy - website: "status.raw-updates.coreos{{ env_suffix }}.fedoraproject.org" - destname: cincinnati - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - ocp4: true - targettype: openshift - keephost: true - tags: - - updates.coreos.fedoraproject.org - when: env == "staging" - - -# -# end coreos -# - - - role: httpd/reverseproxy - website: transtats.fedoraproject.org - destname: transtats - balancer_name: app-os - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: transtats - - - role: httpd/reverseproxy - website: "mirrormanager{{ env_suffix }}.fedoraproject.org" - destname: mirrormanager - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - keephost: true - ocp4: true - tags: - - mirrormanager + proxyurl: http://localhost:10010 - role: httpd/reverseproxy website: admin.fedoraproject.org - destname: mirrormanager-old + destname: mirrormanager remotepath: /mirrormanager localpath: /mirrormanager proxyurl: "{{ varnish_url }}" - tags: - - mirrormanager - role: httpd/reverseproxy website: mirrors.fedoraproject.org destname: mirrormanager-mirrorlist proxyurl: http://localhost:10002 - - role: httpd/reverseproxy - website: mirrors.centos.org - destname: mirrormanager-mirrorlist - proxyurl: http://localhost:10002 - tags: mirrors.centos.org - when: env != "staging" - - - role: httpd/reverseproxy - website: mirrors.stg.centos.org - destname: mirrormanager-mirrorlist - proxyurl: http://localhost:10002 - tags: mirrors.stg.centos.org - when: env == "staging" - - role: httpd/reverseproxy website: download.fedoraproject.org destname: mirrormanager-redirector proxyurl: http://localhost:10002 - role: httpd/reverseproxy - website: koschei.fedoraproject.org + website: apps.fedoraproject.org destname: koschei - balancer_name: app-os - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: koschei + localpath: /koschei + remotepath: /koschei + proxyurl: "{{ varnish_url }}" + + - role: httpd/reverseproxy + website: apps.fedoraproject.org + destname: mdapi + remotepath: /mdapi + localpath: /mdapi + proxyurl: http://localhost:10043 - role: httpd/reverseproxy website: openqa.fedoraproject.org destname: openqa - balancer_name: openqa - balancer_members: ['openqa01:80'] - http_not_https_yes_this_is_insecure_and_i_feel_bad: true - when: env == "production" - tags: openqa + remotepath: / + localpath: / + proxyurl: http://localhost:10044 - role: httpd/reverseproxy - website: openqa.fedoraproject.org - destname: openqa - balancer_name: openqa-stg - balancer_members: ['openqa-lab01.iad2.fedoraproject.org:80'] - http_not_https_yes_this_is_insecure_and_i_feel_bad: true - when: env == "staging" + website: apps.fedoraproject.org + destname: autocloud + localpath: /autocloud + remotepath: /autocloud + proxyurl: http://localhost:10041 + + - role: httpd/reverseproxy + website: apps.fedoraproject.org + destname: statscache + localpath: /statscache + remotepath: /statscache + proxyurl: http://localhost:10042 + + - role: httpd/reverseproxy + website: pdc.fedoraproject.org + destname: pdc + proxyurl: http://localhost:10045 + + - role: httpd/reverseproxy + website: apps.fedoraproject.org + destname: zanata2fedmsg + localpath: /zanata2fedmsg + remotepath: /zanata2fedmsg + proxyurl: http://localhost:10046 - role: httpd/reverseproxy website: admin.fedoraproject.org @@ -528,6 +341,14 @@ # Talk directly to the app server, not haproxy proxyurl: http://log01 + - role: httpd/reverseproxy + website: admin.fedoraproject.org + destname: epylog + remotepath: /epylog + localpath: /epylog + # Talk directly to the app server, not haproxy + proxyurl: http://log01 + - role: httpd/reverseproxy website: admin.fedoraproject.org destname: maps @@ -550,43 +371,141 @@ remotepath: /collectd # Talk directly to the app server, not haproxy proxyurl: http://log01 - tags: data-analysis + + ### Four entries for taskotron for production + - role: httpd/reverseproxy + website: taskotron.fedoraproject.org + destname: taskotron + # Talk directly to the app server, not haproxy + proxyurl: http://taskotron01.vpn.fedoraproject.org - role: httpd/reverseproxy - website: data-analysis.fedoraproject.org - destname: data-analysis - remotepath: / - localpath: / - proxyurl: http://log01 - tags: data-analysis + website: taskotron.fedoraproject.org + destname: taskotron-resultsdb + localpath: /resultsdb + remotepath: /resultsdb + # Talk directly to the app server, not haproxy + proxyurl: http://resultsdb01.vpn.fedoraproject.org - ### staging entries for resultsdb and resultsdb_frontend - role: httpd/reverseproxy - website: resultsdb.stg.fedoraproject.org - destname: zz-resultsdb-resultsdb - localpath: / - remotepath: / - balancer_name: resultsdb-stg - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true + website: taskotron.fedoraproject.org + destname: taskotron-resultsdbapi + localpath: /resultsdb_api + remotepath: /resultsdb_api + # Talk directly to the app server, not haproxy + proxyurl: http://resultsdb01.vpn.fedoraproject.org + + - role: httpd/reverseproxy + website: taskotron.fedoraproject.org + destname: taskotron-execdb + localpath: /execdb + remotepath: /execdb + # Talk directly to the app server, not haproxy + proxyurl: http://resultsdb01.vpn.fedoraproject.org + + ### And four entries for taskotron for staging + - role: httpd/reverseproxy + website: taskotron.stg.fedoraproject.org + destname: taskotron + # Talk directly to the app server, not haproxy + proxyurl: http://taskotron-stg01.qa.fedoraproject.org + when: env == "staging" + + - role: httpd/reverseproxy + website: taskotron.stg.fedoraproject.org + destname: taskotron-resultsdb + localpath: /resultsdb + remotepath: /resultsdb + # Talk directly to the app server, not haproxy + proxyurl: http://resultsdb-stg01.qa.fedoraproject.org + when: env == "staging" + + - role: httpd/reverseproxy + website: taskotron.stg.fedoraproject.org + destname: taskotron-resultsdbapi + localpath: /resultsdb_api + remotepath: /resultsdb_api + # Talk directly to the app server, not haproxy + proxyurl: http://resultsdb-stg01.qa.fedoraproject.org + when: env == "staging" + + - role: httpd/reverseproxy + website: taskotron.stg.fedoraproject.org + destname: taskotron-execdb + localpath: /execdb + remotepath: /execdb + # Talk directly to the app server, not haproxy + proxyurl: http://resultsdb-stg01.qa.fedoraproject.org + when: env == "staging" + + ### Beaker production + - role: httpd/reverseproxy + website: beaker.qa.fedoraproject.org + destname: beaker + # Talk directly to the app server, not haproxy + proxyurl: http://beaker01.vpn.fedoraproject.org + when: env == "production" + + ### Beaker staging + - role: httpd/reverseproxy + website: beaker.stg.fedoraproject.org + destname: beaker-stg + # Talk directly to the app server, not haproxy + proxyurl: http://beaker-stg01.qa.fedoraproject.org + when: env == "staging" + + ### QA staging + + - role: httpd/reverseproxy + website: qa.stg.fedoraproject.org + destname: qa-stg + # Talk directly to the app server, not haproxy + proxyurl: http://qa-stg01.qa.fedoraproject.org + when: env == "staging" + + - role: httpd/reverseproxy + website: qa.stg.fedoraproject.org + destname: blockerbugs + remotepath: /blockerbugs + localpath: /blockerbugs + proxyurl: "{{ varnish_url }}" + when: env == "staging" + + - role: httpd/reverseproxy + website: phab.qa.stg.fedoraproject.org + destname: qa-stg-phab + # Talk directly to the app server, not haproxy + proxyurl: http://phab.qa-stg01.qa.fedoraproject.org keephost: true when: env == "staging" - tags: resultsdb - ### production entries for resultsdb and resultsdb_frontend - role: httpd/reverseproxy - website: resultsdb.fedoraproject.org - destname: zz-resultsdb-resultsdb - localpath: / - remotepath: / - balancer_name: resultsdb - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true + website: docs.qa.stg.fedoraproject.org + destname: qa-stg-docs + # Talk directly to the app server, not haproxy + proxyurl: http://docs.qa-stg01.qa.fedoraproject.org + when: env == "staging" + + ### QA production + + - role: httpd/reverseproxy + website: qa.fedoraproject.org + destname: qa-prod + # Talk directly to the app server, not haproxy + proxyurl: http://qa-prod01.vpn.fedoraproject.org + + - role: httpd/reverseproxy + website: phab.qa.fedoraproject.org + destname: qa-prod-phab + # Talk directly to the app server, not haproxy + proxyurl: http://phab.qa-prod01.vpn.fedoraproject.org keephost: true - when: env != "staging" - tags: resultsdb + + - role: httpd/reverseproxy + website: docs.qa.fedoraproject.org + destname: qa-prod-docs + # Talk directly to the app server, not haproxy + proxyurl: http://docs.qa-prod01.vpn.fedoraproject.org # This one gets its own role (instead of httpd/reverseproxy) so that it can # copy in some silly static resources (globe.png, index.html) @@ -601,14 +520,17 @@ header_scheme: true keephost: true + - role: httpd/reverseproxy + website: osbs.fedoraproject.org + destname: osbs + proxyurl: http://localhost:10047 + - role: httpd/reverseproxy website: registry.fedoraproject.org - destname: registry-fedora + destname: registry # proxyurl in this one is totally ignored, because Docker. # (turns out it uses PATCH requests that Varnish cannot deal with) proxyurl: "{{ varnish_url }}" - tags: - - registry - role: httpd/reverseproxy website: candidate-registry.fedoraproject.org @@ -636,49 +558,41 @@ when: env == "staging" - role: httpd/reverseproxy - website: koji.fedoraproject.org - destname: koji - keephost: true - balancer_name: koji - balancer_members: - - "koji01.{{ datacenter }}.fedoraproject.org" - - "koji02.{{ datacenter }}.fedoraproject.org" - http_not_https_yes_this_is_insecure_and_i_feel_bad: true - when: env == "production" - - - role: httpd/reverseproxy - website: koji.fedoraproject.org - destname: koji - keephost: true - balancer_name: koji - balancer_members: - - "koji01.stg.{{ datacenter }}.fedoraproject.org" - http_not_https_yes_this_is_insecure_and_i_feel_bad: true + website: admin.fedoraproject.org + destname: fas3 + remotepath: /fas3 + localpath: /fas3 + proxyurl: http://localhost:10052 when: env == "staging" - role: httpd/reverseproxy - website: riscv-koji.fedoraproject.org - destname: koji - keephost: true - ocp4: false - balancer_name: riscv-koji - balancer_members: - - "riscv-koji01.{{ datacenter }}.fedoraproject.org" - http_not_https_yes_this_is_insecure_and_i_feel_bad: true - tags: - - riscv-koji + website: mbs.fedoraproject.org + destname: mbs + proxyurl: http://localhost:10063 - role: httpd/reverseproxy - website: riscv-kojipkgs.fedoraproject.org - destname: riscv-kojipkgs + website: koji.fedoraproject.org + destname: koji + proxyurl: http://localhost:10056 + keephost: true + + - role: httpd/reverseproxy + website: ppc.koji.fedoraproject.org + destname: ppckoji + proxyurl: http://localhost:10058 + keephost: true + + - role: httpd/reverseproxy + website: s390.koji.fedoraproject.org + destname: s390koji + proxyurl: http://localhost:10059 + keephost: true + + - role: httpd/reverseproxy + website: arm.koji.fedoraproject.org + destname: armkoji + proxyurl: http://localhost:10060 keephost: true - balancer_name: riscv-kojipkgs - ocp4: false - balancer_members: - - "riscv-koji01.{{ datacenter }}.fedoraproject.org" - http_not_https_yes_this_is_insecure_and_i_feel_bad: true - tags: - - riscv-koji - role: httpd/reverseproxy website: kojipkgs.fedoraproject.org @@ -687,270 +601,31 @@ keephost: true - role: httpd/reverseproxy - website: "ocp{{ env_suffix }}.fedoraproject.org" - destname: ocp - balancer_name: ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true + website: os.fedoraproject.org + destname: os + proxyurl: http://localhost:10064 keephost: true tags: - - ocp.stg.fedoraproject.org - when: env == "staging" + - os.fedoraproject.org - role: httpd/reverseproxy - website: "apps.ocp{{ env_suffix }}.fedoraproject.org" - destname: apps.ocp - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true + website: app.os.fedoraproject.org + destname: app.os + proxyurl: http://localhost:10065 keephost: true tags: - - apps.ocp.stg.fedoraproject.org - when: env == "staging" + - app.os.fedoraproject.org - role: httpd/reverseproxy - website: "ocp{{ env_suffix }}.fedoraproject.org" - destname: ocp - balancer_name: ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true + website: odcs.fedoraproject.org + destname: odcs + proxyurl: http://localhost:10066 tags: - - ocp.fedoraproject.org - when: env == "production" + - odcs - role: httpd/reverseproxy - website: "apps.ocp{{ env_suffix }}.fedoraproject.org" - destname: apps.ocp - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: - - apps.ocp.fedoraproject.org - when: env == "production" - - - role: httpd/reverseproxy - website: "provision{{ env_suffix }}.fedoraproject.org" - destname: zezere - balancer_name: app-os - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: - - zezere - - - role: httpd/reverseproxy - website: greenwave.fedoraproject.org - destname: greenwave - balancer_name: app-os - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: greenwave - - - role: httpd/reverseproxy - website: waiverdb.fedoraproject.org - destname: waiverdb - balancer_name: app-os - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: waiverdb - - - role: httpd/reverseproxy - website: elections.fedoraproject.org - destname: elections - balancer_name: app-os - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: elections - header_scheme: true - - - role: httpd/reverseproxy - website: calendar.fedoraproject.org - destname: calendar - balancer_name: app-os - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - header_scheme: true - tags: calendar - - - role: httpd/reverseproxy - website: mdapi.fedoraproject.org - destname: mdapi - balancer_name: app-os - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: mdapi - - - role: httpd/reverseproxy - website: release-monitoring.org - destname: release-monitoring - balancer_name: apps-ocp - balancer_members: "{{ocp_nodes}}" - targettype: openshift - ocp4: true - keephost: true - tags: release-montoring.org - when: env == "production" - - - role: httpd/reverseproxy - website: stg.release-monitoring.org - destname: stg.release-monitoring - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: release-montoring.org - when: env == "staging" - - - role: httpd/reverseproxy - website: whatcanidoforfedora.org - destname: whatcanidoforfedora - balancer_name: app-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: whatcanidoforfedora.org - - - role: httpd/reverseproxy - website: testdays.fedoraproject.org - destname: testdays - balancer_name: app-os - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: testdays - - - role: httpd/reverseproxy - website: packager-dashboard.fedoraproject.org - destname: packager-dashboard - balancer_name: app-os - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: packager-dashboard - - - role: httpd/reverseproxy - website: "languages{{ env_suffix }}.fedoraproject.org" - destname: languages - balancer_name: app-os - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: - - languages - - - role: httpd/reverseproxy - website: debuginfod.fedoraproject.org - destname: debuginfod - # manage non-trivial reverse-proxy specs in template - proxyurl: http://debuginfod01:8002 - proxyopts: "connectiontimeout=600 timeout=600 keepalive=on nocanon" - tags: - - debuginfod - - - role: httpd/reverseproxy - website: packages.fedoraproject.org - destname: fedora-packages-static - balancer_name: app-os - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: - - fedora-packages-static - - - role: httpd/reverseproxy - website: "discourse2fedmsg{{ env_suffix }}.fedoraproject.org" - destname: discourse2fedmsg - balancer_name: app-os - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: discourse2fedmsg - - - role: httpd/reverseproxy - website: ipsilon-project.org - destname: ipsilon-website - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: ipsilon-website - - - role: httpd/reverseproxy - website: awx.fedoraproject.org - destname: awx - balancer_name: app-ocp - balancer_members: "{{ ocp_nodes }}" - targettype: openshift - ocp4: true - keephost: true - tags: - - awx - when: env == "production" - - - role: httpd/reverseproxy - website: "openscanhub{{ env_suffix }}.fedoraproject.org" - destname: openscanhub - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - keephost: true - ocp4: true - tags: openscanhub - - - role: httpd/reverseproxy - website: "kanban.qa{{ env_suffix }}.fedoraproject.org" - destname: kanban - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - keephost: true - ocp4: true - tags: - - kanban - - - role: httpd/reverseproxy - website: "fedoraplanet.org" - destname: fedoraplanet - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - keephost: true - ocp4: true - tags: - - fedoraplanet - - - role: httpd/reverseproxy - website: "webhook{{ env_suffix }}.fedoraproject.org" - destname: webhook2fedmsg - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - keephost: true - ocp4: true - tags: - - webhook2fedmsg + website: data-analysis.fedoraproject.org + destname: awstats + remotepath: / + localpath: / + proxyurl: http://data-analysis01.phx2.fedoraproject.org diff --git a/playbooks/include/proxies-rewrites.yml b/playbooks/include/proxies-rewrites.yml index 66205f3f67..e59fdc0305 100644 --- a/playbooks/include/proxies-rewrites.yml +++ b/playbooks/include/proxies-rewrites.yml @@ -1,27 +1,18 @@ ---- - name: Set up some domain rewrites. - hosts: proxies_stg:proxies + hosts: proxies-stg:proxies user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" roles: - - role: httpd/domainrewrite - destname: keys - website: keys.fedoraproject.org - path: ^.*$ - status: 301,QSD - target: https://fedoraproject.org/wiki/Infrastructure/graveyard - tags: keys - - role: httpd/domainrewrite destname: admin website: admin.fedoraproject.org @@ -33,22 +24,35 @@ path: /status - role: httpd/domainrewrite - destname: 00-apps - website: apps.fedoraproject.org + destname: 00-admin + website: admin.fedoraproject.org path: ^/favicon.ico$ status: 301 - target: https://fedoraproject.org/favicon.ico + target: https://fedoraproject.org/static/images/favicon.ico - role: httpd/domainrewrite destname: 00-docs website: docs.fedoraproject.org path: ^/favicon.ico$ status: 301 - target: https://fedoraproject.org/favicon.ico + target: https://fedoraproject.org/static/images/favicon.ico - role: httpd/domainrewrite - destname: 00-registry-icon - website: registry.fedoraproject.org + destname: 00-start + website: start.fedoraproject.org path: ^/favicon.ico$ status: 301 - target: https://fedoraproject.org/favicon.ico + target: https://fedoraproject.org/static/images/favicon.ico + + - role: httpd/domainrewrite + destname: translate + website: translate.fedoraproject.org + # TODO - At some point, this will switch to fedora.zanata.org + target: https://fedora.transifex.net/ + + - role: httpd/domainrewrite + destname: 00-translate-icon + website: translate.fedoraproject.org + path: ^/favicon.ico$ + status: 301 + target: https://fedoraproject.org/static/images/favicon.ico diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml index 7a066e30cc..cb64910067 100644 --- a/playbooks/include/proxies-websites.yml +++ b/playbooks/include/proxies-websites.yml @@ -1,26 +1,31 @@ ---- - name: Set up those proxy websites. My, my.. - hosts: proxies_stg:proxies + hosts: proxies-stg:proxies user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" - tasks: + + pre_tasks: + - name: Install policycoreutils-python + package: name=policycoreutils-python state=present + - name: Create /srv/web/ for all the goodies. - ansible.builtin.file: dest=/srv/web state=directory owner=root group=root mode=0755 + file: > + dest=/srv/web state=directory + owner=root group=root mode=0755 tags: - httpd - httpd/website - - name: Check the selinux context of webdir - ansible.builtin.command: matchpathcon /srv/web + - name: check the selinux context of webdir + command: matchpathcon /srv/web register: webdir check_mode: no changed_when: "1 != 1" @@ -31,7 +36,7 @@ - httpd/website - name: /srv/web file contexts - ansible.builtin.command: semanage fcontext -a -t httpd_sys_content_t "/srv/web(/.*)?" + command: semanage fcontext -a -t httpd_sys_content_t "/srv/web(/.*)?" when: webdir.stdout.find('httpd_sys_content_t') == -1 tags: - config @@ -42,23 +47,18 @@ roles: - role: httpd/website - site_name: fedoraproject.org - sslonly: true + name: fedoraproject.org cert_name: "{{wildcard_cert_name}}" server_aliases: - stg.fedoraproject.org - localhost - - www.fedoraproject.org - - hotspot-nocache.fedoraproject.org # This is for all the other domains we own # that redirect to https://fedoraproject.org - role: httpd/website - site_name: fedoraproject.com + name: fedoraproject.com cert_name: "{{wildcard_cert_name}}" server_aliases: - - epel.io - - fedp.org - fedora.asia - fedora.com.my - fedora.cr @@ -95,7 +95,6 @@ - fedoraproject.pe - fedoraproject.su - projectofedora.org - - proyectofedora.org - www.fedora.asia - www.fedora.com.my - www.fedora.cr @@ -127,28 +126,30 @@ - www.fedoraproject.info - www.fedoraproject.net - www.fedoraproject.net.cn + - www.fedoraproject.org - www.fedoraproject.org.uk - www.fedoraproject.pe - www.fedoraproject.su - www.projectofedora.org - www.getfedora.com - getfedora.com + - www.getfedora.org - fedoraplayground.org - fedoraplayground.com - role: httpd/website - site_name: admin.fedoraproject.org + name: admin.fedoraproject.org server_aliases: [admin.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: cloud.fedoraproject.org + name: cloud.fedoraproject.org sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: mirrors.fedoraproject.org + name: mirrors.fedoraproject.org server_aliases: - mirrors.stg.fedoraproject.org - fedoramirror.net @@ -156,36 +157,13 @@ cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: mirrors.centos.org - sslonly: true - certbot: true - tags: mirrors.centos.org - when: env != "staging" - - - role: httpd/website - site_name: mirrors.stg.centos.org - sslonly: true - certbot: true - tags: mirrors.stg.centos.org - when: env == "staging" - - - role: httpd/website - site_name: "mirrormanager{{ env_suffix }}.fedoraproject.org" - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - mirrormanager - - - role: httpd/website - site_name: src.fedoraproject.org + name: src.fedoraproject.org server_aliases: [src.stg.fedoraproject.org] cert_name: "{{wildcard_cert_name}}" sslonly: true - use_h2: true - tags: src.fedoraproject.org - role: httpd/website - site_name: download.fedoraproject.org + name: download.fedoraproject.org server_aliases: - download01.fedoraproject.org - download02.fedoraproject.org @@ -197,22 +175,18 @@ - download08.fedoraproject.org - download09.fedoraproject.org - download10.fedoraproject.org + - download-rdu01.fedoraproject.org - download.stg.fedoraproject.org cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: translate.fedoraproject.org + name: translate.fedoraproject.org server_aliases: [translate.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: pki.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: spins.fedoraproject.org + name: spins.fedoraproject.org server_aliases: - spins.stg.fedoraproject.org - spins-test.fedoraproject.org @@ -220,61 +194,40 @@ cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: labs.fedoraproject.org + name: labs.fedoraproject.org server_aliases: - labs.stg.fedoraproject.org sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: arm.fedoraproject.org + name: arm.fedoraproject.org server_aliases: - arm.stg.fedoraproject.org sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: iot.fedoraproject.org - server_aliases: - - iot.stg.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: budget.fedoraproject.org + name: budget.fedoraproject.org server_aliases: - budget.stg.fedoraproject.org sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: boot.fedoraproject.org + name: boot.fedoraproject.org server_aliases: [boot.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: keys.fedoraproject.org - server_aliases: [keys.stg.fedoraproject.org] + name: boot.fedoraproject.org + server_aliases: [boot.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: testdays.fedoraproject.org - server_aliases: [testdays.qa.fedoraproject.org, testdays.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: testdays - - - role: httpd/website - site_name: packager-dashboard.fedoraproject.org - server_aliases: [packager-dashboard.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: packager-dashboard - - - role: httpd/website - site_name: smolts.org + name: smolts.org ssl: false server_aliases: - smolt.fedoraproject.org @@ -283,98 +236,38 @@ cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: docs.fedoraproject.org + name: docs.fedoraproject.org server_aliases: - doc.fedoraproject.org - docs.stg.fedoraproject.org sslonly: true - gzip: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: bodhi.fedoraproject.org + name: docs-old.fedoraproject.org + server_aliases: + - docs-old.stg.fedoraproject.org + sslonly: true + cert_name: "{{wildcard_cert_name}}" + + - role: httpd/website + name: bodhi.fedoraproject.org sslonly: true server_aliases: [bodhi.stg.fedoraproject.org] cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: "accounts{{ env_suffix }}.fedoraproject.org" - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - noggin - - - role: httpd/website - site_name: "fasjson{{ env_suffix }}.fedoraproject.org" - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - fasjson - - - role: httpd/website - site_name: "coreos{{ env_suffix }}.fedoraproject.org" - sslonly: true - certbot: true - tags: - - coreos.fedoraproject.org - when: env == "staging" - - - role: httpd/website - site_name: "updates.coreos{{ env_suffix }}.fedoraproject.org" - sslonly: true - certbot: true - tags: - - updates.coreos.fedoraproject.org - - - role: httpd/website - site_name: "status.updates.coreos{{ env_suffix }}.fedoraproject.org" - sslonly: true - certbot: true - tags: - - status.updates.coreos.fedoraproject.org - - - role: httpd/website - site_name: "raw-updates.coreos{{ env_suffix }}.fedoraproject.org" - sslonly: true - certbot: true - tags: - - raw-updates.coreos.fedoraproject.org - - - role: httpd/website - site_name: "status.raw-updates.coreos{{ env_suffix }}.fedoraproject.org" - sslonly: true - certbot: true - tags: - - status.raw-updates.coreos.fedoraproject.org - - - role: httpd/website - site_name: "builds.coreos{{ env_suffix }}.fedoraproject.org" - sslonly: true - certbot: false - cert_name: "{{wildcard_cert_name}}" - tags: - - builds.coreos.fedoraproject.org - - - role: httpd/website - site_name: ostree.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: ostree - - - role: httpd/website - site_name: flocktofedora.org + name: flocktofedora.org server_aliases: - flocktofedora.org - www.flocktofedora.org ssl: true sslonly: true - certbot: true - when: env == "production" - tags: - - flocktofedora.org + cert_name: flocktofedora.org + SSLCertificateChainFile: flocktofedora.org.intermediate.cert - role: httpd/website - site_name: flocktofedora.net + name: flocktofedora.net server_aliases: - flocktofedora.com - www.flocktofedora.net @@ -382,116 +275,122 @@ ssl: false - role: httpd/website - site_name: fedora.my + name: fedora.my server_aliases: - fedora.my ssl: false - role: httpd/website - site_name: copr.fedoraproject.org - sslonly: true + name: copr.fedoraproject.org + ssl: true + # We need sslonly=false because copr-cli hardcoded http + sslonly: false cert_name: "{{wildcard_cert_name}}" - tags: copr - role: httpd/website - site_name: bugz.fedoraproject.org + name: bugz.fedoraproject.org server_aliases: [bugz.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: fas.fedoraproject.org + name: fas.fedoraproject.org server_aliases: - fas.stg.fedoraproject.org + - accounts.fedoraproject.org sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: fedoracommunity.org + name: fedoracommunity.org server_aliases: - www.fedoracommunity.org - stg.fedoracommunity.org - # - fedoraproject.community - # - fedora.community - # - www.fedora.community - # - www.fedoraproject.community - sslonly: true - certbot: true - tags: fedoracommunity + - fedoraproject.community + - fedora.community + - www.fedora.community + - www.fedoraproject.community + ssl: false + cert_name: fedoracommunity.org + SSLCertificateChainFile: fedoracommunity.org.intermediate.cert - role: httpd/website - site_name: get.fedoraproject.org + name: get.fedoraproject.org server_aliases: [get.stg.fedoraproject.org] cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: help.fedoraproject.org + name: help.fedoraproject.org server_aliases: [help.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: it.fedoracommunity.org + name: it.fedoracommunity.org server_aliases: [it.fedoracommunity.org] cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: uk.fedoracommunity.org + name: uk.fedoracommunity.org server_aliases: - uk.fedoracommunity.org - www.uk.fedoracommunity.org cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: tw.fedoracommunity.org + name: tw.fedoracommunity.org server_aliases: - tw.fedoracommunity.org - www.tw.fedoracommunity.org cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: people.fedoraproject.org + name: communityblog.fedoraproject.org + server_aliases: [communityblog.fedoraproject.org] + sslonly: true + cert_name: "{{wildcard_cert_name}}" + + - role: httpd/website + name: people.fedoraproject.org server_aliases: [people.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: join.fedoraproject.org + name: join.fedoraproject.org server_aliases: [join.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: l10n.fedoraproject.org + name: l10n.fedoraproject.org server_aliases: [l10n.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: start.fedoraproject.org + name: start.fedoraproject.org server_aliases: [start.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - tags: - - start.fedoraproject.org - role: httpd/website - site_name: kde.fedoraproject.org + name: kde.fedoraproject.org sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: nightly.fedoraproject.org + name: nightly.fedoraproject.org sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: store.fedoraproject.org + name: store.fedoraproject.org sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: port389.org + name: port389.org server_aliases: - www.port389.org - 389tcp.org @@ -500,108 +399,101 @@ cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: transtats.fedoraproject.org - sslonly: true - server_aliases: [transtats.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - tags: - - transtats - - - role: httpd/website - site_name: whatcanidoforfedora.org + name: whatcanidoforfedora.org server_aliases: - www.whatcanidoforfedora.org - - stg.whatcanidoforfedora.org ssl: true sslonly: true + cert_name: whatcanidoforfedora.org + SSLCertificateChainFile: whatcanidoforfedora.org.intermediate.crt certbot: true tags: - whatcanidoforfedora.org - role: httpd/website - site_name: k12linux.org + name: fedoramagazine.org + server_aliases: [www.fedoramagazine.org stg.fedoramagazine.org] + cert_name: fedoramagazine.org + SSLCertificateChainFile: fedoramagazine.org.intermediate.cert + sslonly: true + + - role: httpd/website + name: k12linux.org server_aliases: - www.k12linux.org ssl: false cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: fonts.fedoraproject.org + name: fonts.fedoraproject.org server_aliases: [fonts.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: meetbot.fedoraproject.org + name: meetbot.fedoraproject.org server_aliases: [meetbot.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: meetbot-raw.fedoraproject.org + name: meetbot-raw.fedoraproject.org server_aliases: [meetbot-raw.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: fudcon.fedoraproject.org + name: fudcon.fedoraproject.org server_aliases: [fudcon.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: ask.fedoraproject.org + name: ask.fedoraproject.org server_aliases: [ask.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: askbot.fedoraproject.org - server_aliases: [askbot.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: badges.fedoraproject.org + name: badges.fedoraproject.org server_aliases: [badges.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - tags: - - badges - role: httpd/website - site_name: paste.fedoraproject.org + name: darkserver.fedoraproject.org + server_aliases: [darkserver.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: coreos.fedoraproject.org + name: paste.fedoraproject.org + server_aliases: + - paste.stg.fedoraproject.org + - modernpaste.stg.fedoraproject.org sslonly: true cert_name: "{{wildcard_cert_name}}" - when: env == "production" - tags: - - coreos.fedoraproject.org - - role: httpd/website - site_name: awx.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - awx # # Make a website here so we can redirect it to paste.fedoraproject.org # -# - role: httpd/website -# site_name: fpaste.org -# certbot: true -# server_aliases: -# - www.fpaste.org -# tags: -# - fpaste.org -# when: env == "production" + - role: httpd/website + name: fpaste.org + server_aliases: + - www.fpaste.org + cert_name: fpaste.org + SSLCertificateChainFile: fpaste.org.intermediate.cert + when: inventory_hostname == 'proxy01.phx2.fedoraproject.org' - role: httpd/website - site_name: koji.fedoraproject.org + name: fpaste.org + server_aliases: + - www.fpaste.org + cert_name: "{{wildcard_cert_name}}" + when: inventory_hostname != 'proxy01.phx2.fedoraproject.org' + + - role: httpd/website + name: koji.fedoraproject.org sslonly: true server_aliases: - koji.stg.fedoraproject.org @@ -610,39 +502,62 @@ cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: kojipkgs.fedoraproject.org + name: ppc.koji.fedoraproject.org + sslonly: true + certbot: true + server_aliases: + - ppcpkgs.fedoraproject.org + cert_name: secondary.koji.fedoraproject.org.letsencrypt + SSLCertificateChainFile: secondary.koji.fedoraproject.org.letsencrypt.intermediate.crt + tags: + - ppc.koji.fedoraproject.org + + - role: httpd/website + name: s390.koji.fedoraproject.org + sslonly: true + certbot: true + server_aliases: + - s390pkgs.fedoraproject.org + cert_name: secondary.koji.fedoraproject.org.letsencrypt + SSLCertificateChainFile: secondary.koji.fedoraproject.org.letsencrypt.intermediate.crt + tags: + - s390.koji.fedoraproject.org + + - role: httpd/website + name: arm.koji.fedoraproject.org + sslonly: true + certbot: true + server_aliases: + - armpkgs.fedoraproject.org + cert_name: secondary.koji.fedoraproject.org.letsencrypt + SSLCertificateChainFile: secondary.koji.fedoraproject.org.letsencrypt.intermediate.crt + tags: + - arm.koji.fedoraproject.org + + - role: httpd/website + name: kojipkgs.fedoraproject.org sslonly: true server_aliases: - kojipkgs01.fedoraproject.org - kojipkgs02.fedoraproject.org cert_name: "{{wildcard_cert_name}}" - use_h2: false - tags: - - kojipkgs.fedoraproject.org - role: httpd/website - site_name: apps.fedoraproject.org + name: apps.fedoraproject.org server_aliases: [apps.stg.fedoraproject.org] sslonly: true gzip: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: "notifications{{ env_suffix }}.fedoraproject.org" - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - fmn - - - role: httpd/website - site_name: pdc.fedoraproject.org + name: pdc.fedoraproject.org server_aliases: [pdc.stg.fedoraproject.org] sslonly: true gzip: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: developer.fedoraproject.org + name: developer.fedoraproject.org server_aliases: [developer.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" @@ -650,102 +565,61 @@ # This is just a redirect to developer, to make it easier for people to get # here from Red Hat's developers.redhat.com (ticket #5216). - role: httpd/website - site_name: developers.fedoraproject.org + name: developers.fedoraproject.org sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: fedoraloveskde.org - server_aliases: [stg.fedoraloveskde.org] - sslonly: true - certbot: true - tags: - - fedoraloveskde - - - role: httpd/website - site_name: "provision{{ env_suffix }}.fedoraproject.org" - # Zezere needs non-HTTPS for netboot - sslonly: false - cert_name: "{{wildcard_cert_name}}" - tags: - - zezere - - - role: httpd/website - site_name: ocp.stg.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - # The Connection and Upgrade headers don't work for h2 - # So non-h2 is needed to fix websockets. - use_h2: false - tags: - - ocp.stg.fedoraproject.org - when: env == "staging" - - - role: httpd/website - site_name: apps.ocp.stg.fedoraproject.org - server_aliases: ["*.apps.ocp.stg.fedoraproject.org", api.apps.ocp.stg.fedoraproject.org] - sslonly: true - cert_name: "{{ocp_wildcard_cert_name}}" - SSLCertificateChainFile: "{{ocp_wildcard_int_file}}" - # The Connection and Upgrade headers don't work for h2 - # So non-h2 is needed to fix websockets. - use_h2: false - tags: - - apps.ocp.stg.fedoraproject.org - when: env == "staging" - - - role: httpd/website - site_name: ocp.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - # The Connection and Upgrade headers don't work for h2 - # So non-h2 is needed to fix websockets. - use_h2: false - tags: - - ocp.fedoraproject.org - when: env == "production" - - - role: httpd/website - site_name: apps.ocp.fedoraproject.org - server_aliases: ["*.apps.ocp.fedoraproject.org", api.apps.ocp.fedoraproject.org] - sslonly: true - cert_name: "{{ocp_wildcard_cert_name}}" - SSLCertificateChainFile: "{{ocp_wildcard_int_file}}" - # The Connection and Upgrade headers don't work for h2 - # So non-h2 is needed to fix websockets. - use_h2: false - tags: - - apps.ocp.fedoraproject.org - when: env == "production" - - - role: httpd/website - site_name: registry.fedoraproject.org - server_aliases: [registry.stg.fedoraproject.org registry-no-cdn.fedoraproject.org] + name: osbs.fedoraproject.org + server_aliases: [osbs.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: candidate-registry.fedoraproject.org + name: os.fedoraproject.org + server_aliases: [os.stg.fedoraproject.org] + sslonly: true + cert_name: "{{wildcard_cert_name}}" + tags: + - os.fedoraproject.org + + - role: httpd/website + name: app.os.fedoraproject.org + server_aliases: ["*.app.os.fedoraproject.org", "*.app.os.stg.fedoraproject.org"] + sslonly: true + cert_name: "{{os_wildcard_cert_name}}" + SSLCertificateChainFile: "{{os_wildcard_int_file}}" + tags: + - app.os.fedoraproject.org + + - role: httpd/website + name: registry.fedoraproject.org + server_aliases: [registry.stg.fedoraproject.org] + sslonly: true + cert_name: "{{wildcard_cert_name}}" + + - role: httpd/website + name: candidate-registry.fedoraproject.org server_aliases: [candidate-registry.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: retrace.fedoraproject.org + name: retrace.fedoraproject.org server_aliases: [retrace.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" when: env == "staging" - role: httpd/website - site_name: faf.fedoraproject.org + name: faf.fedoraproject.org server_aliases: [faf.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" when: env == "staging" - role: httpd/website - site_name: alt.fedoraproject.org + name: alt.fedoraproject.org server_aliases: - alt.stg.fedoraproject.org sslonly: true @@ -755,476 +629,180 @@ # This is inherited from our puppet setup -- we can collapse them as soon as # is convenient. -- threebean - role: httpd/website - site_name: taskotron.fedoraproject.org + name: taskotron.fedoraproject.org server_aliases: [taskotron.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: taskotron.stg.fedoraproject.org + name: taskotron.stg.fedoraproject.org server_aliases: [taskotron.stg.fedoraproject.org] # Set this explicitly to stg here.. as per the original puppet config. - SSLCertificateChainFile: wildcard-2025.stg.fedoraproject.org.intermediate.cert + SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert sslonly: true cert_name: "{{wildcard_cert_name}}" when: env == "staging" - role: httpd/website - site_name: resultsdb.stg.fedoraproject.org - server_aliases: [resultsdb.stg.fedoraproject.org] - # Set this explicitly to stg here.. as per the original puppet config. - SSLCertificateChainFile: wildcard-2025.stg.fedoraproject.org.intermediate.cert - sslonly: true - cert_name: "{{wildcard_cert_name}}" - when: env == "staging" - tags: resultsdb - - - role: httpd/website - site_name: resultsdb.fedoraproject.org - server_aliases: [resultsdb.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - when: env != "staging" - tags: resultsdb - - - role: httpd/website - site_name: lists.fedoraproject.org + name: lists.fedoraproject.org server_aliases: [lists.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - tags: lists.fedoraproject.org - role: httpd/website - site_name: lists.fedorahosted.org - server_aliases: - - lists.stg.fedorahosted.org + name: lists.fedorahosted.org + server_aliases: [lists.stg.fedorahosted.org] sslonly: true - certbot: true - tags: fedorahosted + SSLCertificateChainFile: wildcard-2017.fedorahosted.org.intermediate.cert + cert_name: wildcard-2017.fedorahosted.org - role: httpd/website - site_name: "id{{ env_suffix }}.fedoraproject.org" - sslonly: true - cert_name: "{{wildcard_cert_name}}" - stssubdomains: false - tags: - - id.fedoraproject.org - - - role: httpd/website - site_name: "sso{{ env_suffix }}.fedoraproject.org" - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - sso.fedoraproject.org - - - role: httpd/website - site_name: username.id.fedoraproject.org + name: id.fedoraproject.org server_aliases: - "*.id.fedoraproject.org" # Must not be sslonly, because example.id.fedoraproject.org must be reachable # via plain http for openid identity support - sslonly: false - cert_name: wildcard-2024.id.fedoraproject.org - SSLCertificateChainFile: wildcard-2024.id.fedoraproject.org.intermediate.cert - tags: - - id.fedoraproject.org - when: env == "production" + cert_name: wildcard-2017.id.fedoraproject.org + SSLCertificateChainFile: wildcard-2017.id.fedoraproject.org.intermediate.cert - role: httpd/website - site_name: username.id.stg.fedoraproject.org + name: id.stg.fedoraproject.org server_aliases: - "*.id.stg.fedoraproject.org" # Must not be sslonly, because example.id.fedoraproject.org must be reachable # via plain http for openid identity support - sslonly: false cert_name: "{{wildcard_cert_name}}" - SSLCertificateChainFile: wildcard-2025.stg.fedoraproject.org.intermediate.cert - tags: - - id.fedoraproject.org + SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert when: env == "staging" - role: httpd/website - site_name: getfedora.org + name: getfedora.org server_aliases: [stg.getfedora.org] sslonly: true cert_name: getfedora.org SSLCertificateChainFile: getfedora.org.intermediate.cert - tags: - - getfedora.org - role: httpd/website - site_name: qa.fedoraproject.org - server_aliases: [qa.stg.fedoraproject.org] + name: qa.fedoraproject.org cert_name: "{{wildcard_cert_name}}" sslonly: true - role: httpd/website - site_name: openqa.fedoraproject.org + name: openqa.fedoraproject.org cert_name: "{{wildcard_cert_name}}" server_aliases: [openqa.stg.fedoraproject.org] sslonly: true - role: httpd/website - site_name: redirect.fedoraproject.org + name: redirect.fedoraproject.org server_aliases: [redirect.stg.fedoraproject.org] sslonly: true gzip: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: geoip.fedoraproject.org + name: geoip.fedoraproject.org server_aliases: [geoip.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: codecs.fedoraproject.org + name: codecs.fedoraproject.org server_aliases: [codecs.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: jenkins.fedorainfracloud.org - cert_name: jenkins.fedorainfracloud.org - certbot: true - when: env == "production" + name: beaker.qa.fedoraproject.org + server_aliases: [beaker.qa.fedoraproject.org] + # Set this explicitly to stg here.. as per the original puppet config. + SSLCertificateChainFile: qa.fedoraproject.org.intermediate.cert + sslonly: true + cert_name: "qa.fedoraproject.org" - role: httpd/website - site_name: testdays.fedorainfracloud.org - cert_name: testdays.fedorainfracloud.org - certbot: true - when: env == "production" - tags: testdays-fic + name: beaker.stg.fedoraproject.org + server_aliases: [beaker.stg.fedoraproject.org] + # Set this explicitly to stg here.. as per the original puppet config. + SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert + sslonly: true + cert_name: "{{wildcard_cert_name}}" + when: env == "staging" - role: httpd/website - site_name: data-analysis.fedoraproject.org + name: qa.stg.fedoraproject.org + server_aliases: [qa.stg.fedoraproject.org] + cert_name: qa.stg.fedoraproject.org + SSLCertificateChainFile: qa.stg.fedoraproject.org.intermediate.cert + sslonly: true + when: env == "staging" + + - role: httpd/website + name: phab.qa.stg.fedoraproject.org + server_aliases: [phab.qa.stg.fedoraproject.org] + cert_name: qa.stg.fedoraproject.org + SSLCertificateChainFile: qa.stg.fedoraproject.org.intermediate.cert + sslonly: true + when: env == "staging" + + - role: httpd/website + name: docs.qa.stg.fedoraproject.org + server_aliases: [docs.qa.stg.fedoraproject.org] + cert_name: qa.stg.fedoraproject.org + SSLCertificateChainFile: qa.stg.fedoraproject.org.intermediate.cert + sslonly: true + when: env == "staging" + + - role: httpd/website + name: phab.qa.fedoraproject.org + server_aliases: [phab.qa.fedoraproject.org] + cert_name: qa.fedoraproject.org + SSLCertificateChainFile: qa.fedoraproject.org.intermediate.cert + sslonly: true + + - role: httpd/website + name: data-analysis.fedoraproject.org server_aliases: [data-analysis.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - tags: data-analysis - role: httpd/website - site_name: nagios.fedoraproject.org + name: docs.qa.fedoraproject.org + server_aliases: [docs.qa.fedoraproject.org] + cert_name: qa.fedoraproject.org + SSLCertificateChainFile: qa.fedoraproject.org.intermediate.cert + sslonly: true + + - role: httpd/website + name: nagios.fedoraproject.org server_aliases: [nagios.stg.fedoraproject.org] - SSLCertificateChainFile: wildcard-2024.fedoraproject.org.intermediate.cert + SSLCertificateChainFile: wildcard-2017.fedoraproject.org.intermediate.cert sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website - site_name: zabbix.fedoraproject.org + name: mbs.fedoraproject.org sslonly: true - # server_aliases: [zabbix.fedoraproject.org] + server_aliases: [mbs.stg.fedoraproject.org] cert_name: "{{wildcard_cert_name}}" - tags: zabbix - role: httpd/website - site_name: zabbix.stg.fedoraproject.org - sslonly: true - # server_aliases: [zabbix.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - tags: zabbix - when: env == "staging" - - - role: httpd/website - site_name: odcs.fedoraproject.org + name: odcs.fedoraproject.org sslonly: true server_aliases: [odcs.stg.fedoraproject.org] cert_name: "{{wildcard_cert_name}}" - tags: odcs - - - role: httpd/website - site_name: greenwave.fedoraproject.org - sslonly: true - server_aliases: [greenwave.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: koschei.fedoraproject.org - sslonly: true - server_aliases: [koschei.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - tags: koschei - - - role: httpd/website - site_name: waiverdb.fedoraproject.org - sslonly: true - server_aliases: [waiverdb.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: silverblue.fedoraproject.org - sslonly: true - server_aliases: [silverblue.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: kinoite.fedoraproject.org - sslonly: true - server_aliases: [kinoite.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - tags: - - kinoite - - - role: httpd/website - site_name: release-monitoring.org - sslonly: true - certbot: true - tags: - - release-monitoring.org - when: env == "production" - - - role: httpd/website - site_name: stg.release-monitoring.org - sslonly: true - certbot: true - tags: - - release-monitoring.org - when: env == "staging" - - - role: httpd/website - site_name: lists.pagure.io - sslonly: true - certbot: true - tags: - - lists.pagure.io - when: env == "production" - - - role: httpd/website - site_name: "languages{{ env_suffix }}.fedoraproject.org" - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: languages - - - role: httpd/website - site_name: neuro.fedoraproject.org - sslonly: true - server_aliases: [neuro.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - tags: neuro - - - role: httpd/website - site_name: elections.fedoraproject.org - sslonly: true - server_aliases: [elections.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - tags: elections - - - role: httpd/website - site_name: wallpapers.fedoraproject.org - sslonly: true - server_aliases: [wallpapers.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - tags: wallpapers - - - role: httpd/website - site_name: mdapi.fedoraproject.org - sslonly: true - server_aliases: [mdapi.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - tags: mdapi - - - role: httpd/website - site_name: debuginfod.fedoraproject.org - sslonly: true - server_aliases: [debuginfod.stg.fedoraproject.org] - x_forward: true - cert_name: "{{wildcard_cert_name}}" - gzip: true - tags: debuginfod - - - role: httpd/website - site_name: calendar.fedoraproject.org - sslonly: true - server_aliases: [calendar.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - tags: calendar - - - role: httpd/website - site_name: kerneltest.fedoraproject.org - sslonly: true - server_aliases: [kerneltest.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - tags: kerneltest - - - role: httpd/website - site_name: podcast.fedoraproject.org - sslonly: true - server_aliases: [podcast.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - tags: - - podcast # fedorahosted is retired. We have the site here so we can redirect it. - role: httpd/website - site_name: fedorahosted.org + name: fedorahosted.org sslonly: true - server_aliases: - - git.fedorahosted.org - - bzr.fedorahosted.org - - hg.fedorahosted.org - - svn.fedorahosted.org - certbot: true - tags: fedorahosted - when: env == "production" - -# planet.fedoraproject.org is not to be used, it's fedoraplanet.org -# We only have it here so we can redirect it with the correct cert + server_aliases: [bzr.fedorahosted.org hg.fedorahosted.org svn.fedorahosted.org] + SSLCertificateChainFile: wildcard-2017.fedorahosted.org.intermediate.cert + cert_name: wildcard-2017.fedorahosted.org - role: httpd/website - site_name: planet.fedoraproject.org - cert_name: "{{wildcard_cert_name}}" - -# pkgs.fp.o will be an alias of src.fp.o once we get everyone over to https -# git push/pull. For now, we just want a cert via the certbot system. - - - role: httpd/website - site_name: pkgs.fedoraproject.org - ssl: true + name: git.fedorahosted.org sslonly: true - certbot: true - certbot_addhost: pkgs01.iad2.fedoraproject.org - tags: - - pkgs.fedoraproject.org - when: env == "production" and "iad2" in inventory_hostname - - - role: httpd/website - site_name: pkgs.stg.fedoraproject.org - ssl: true - sslonly: true - certbot: true - certbot_addhost: pkgs01.stg.iad2.fedoraproject.org - tags: - - pkgs.fedoraproject.org - when: env == "staging" and "iad2" in inventory_hostname - -# Askbeta -> ask redirects - - role: httpd/website - site_name: askbeta.fedoraproject.org - ssl: true - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - askbeta.fedoraproject.org - - -# -# We setup this site for old ols papers -# This used to be on fedorapeople.org, but a new 'ols' user showed up, so -# that no longer works. -# - - role: httpd/website - site_name: ols.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: packages.fedoraproject.org - server_aliases: [packages.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: "discourse2fedmsg{{ env_suffix }}.fedoraproject.org" - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: discourse2fedmsg - - - role: httpd/website - site_name: fedora.im - server_aliases: [stg.fedora.im] - sslonly: true - certbot: true - tags: - - fedora.im - - - role: httpd/website - site_name: ipsilon-project.org - cert_name: ipsilon-project.org - server_aliases: - - ipsilon-project.org - - www.ipsilon-project.org - ssl: true - sslonly: true - certbot: true - tags: - - ipsilon-website - - - role: httpd/website - site_name: directory.fedoraproject.org - ssl: true - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - directory - - - role: httpd/website - site_name: discussions.fedoraproject.org - ssl: true - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - discussion - - - role: httpd/website - site_name: "openscanhub{{ env_suffix }}.fedoraproject.org" - ssl: true - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - openscanhub - - - role: httpd/website - site_name: "kanban.qa{{ env_suffix }}.fedoraproject.org" - ssl: true - sslonly: true - certbot: true - tags: - - kanban - - - role: httpd/website - site_name: "epel.io" - ssl: true - sslonly: true - certbot: true - tags: - - epel.io - - - role: httpd/website - site_name: "fedoraplanet.org" - server_aliases: - - stg.fedoraplanet.org - ssl: true - sslonly: true - certbot: true - tags: - - fedoraplanet.org - - - role: httpd/website - site_name: "webhook{{ env_suffix }}.fedoraproject.org" - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - webhook2fedmsg - - - role: httpd/website - site_name: "bugs{{ env_suffix }}.fedoraproject.org" - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - bugs - - - role: httpd/website - site_name: riscv-koji.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - riscv-koji - - - role: httpd/website - site_name: riscv-kojipkgs.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - riscv-koji - + SSLCertificateChainFile: wildcard-2017.fedorahosted.org.intermediate.cert + cert_name: wildcard-2017.fedorahosted.org diff --git a/playbooks/include/virt-create.yml b/playbooks/include/virt-create.yml index 0eccb2cb0f..48efb79b13 100644 --- a/playbooks/include/virt-create.yml +++ b/playbooks/include/virt-create.yml @@ -1,15 +1,15 @@ ---- -- name: Make the virtual instance +- name: make the virtual instance hosts: "{{ myhosts }}" - gather_facts: false + gather_facts: False vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - import_tasks: "{{ tasks_path }}/virt_instance_create.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" + diff --git a/playbooks/list-vms-per-host.yml b/playbooks/list-vms-per-host.yml index 1a956f9a86..a7e4ef4b7f 100644 --- a/playbooks/list-vms-per-host.yml +++ b/playbooks/list-vms-per-host.yml @@ -4,7 +4,7 @@ --- - hosts: virtservers user: root - gather_facts: true + gather_facts: True vars_files: - /srv/web/infra/ansible/vars/global.yml @@ -16,5 +16,5 @@ - virt: command=info register: virt_info - - ansible.builtin.template: src={{files}}/virthost-lists.j2 dest=/tmp/virthost-lists.out + - template: src={{files}}/virthost-lists.j2 dest=/tmp/virthost-lists.out delegate_to: localhost diff --git a/playbooks/manual/autosign.yml b/playbooks/manual/autosign.yml index 11737da175..3dc8ac0a73 100644 --- a/playbooks/manual/autosign.yml +++ b/playbooks/manual/autosign.yml @@ -4,86 +4,41 @@ # Access is via management interface only. This playbook does initial setup. # Please check with rel-eng before doing anything here. ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "autosign_stg" +- include_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=autosign-stg" -- name: Make the box be real - hosts: autosign:autosign_stg +- name: make the box be real + hosts: autosign:autosign-stg user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - basessh - rkhunter - nagios_client - - {role: zabbix/zabbix_agent, when: env == "staging"} - hosts - - ipa/client + - fas_client - collectd/base - sudo + - fedmsg/base + - fedmsg/hub - role: nfs/client mnt_dir: '/mnt/fedora_koji' nfs_src_dir: 'fedora_koji' when: env != 'staging' - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/ostree' - nfs_src_dir: 'fedora_ostree_content/ostree' - when: env != 'staging' and datacenter == 'iad2' - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/compose/ostree' - nfs_src_dir: 'fedora_ostree_content/compose/ostree' - when: env != 'staging' and datacenter == 'iad2' - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/ostree' - nfs_src_dir: 'fedora_ostree_content/ostree' - when: env != 'staging' and datacenter == 'iad2' - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/compose/ostree' - nfs_src_dir: 'fedora_ostree_content/compose/ostree' - when: env != 'staging' and datacenter == 'iad2' - -# - role: nfs/client -# mnt_dir: '/mnt/fedora_koji/koji/ostree' -# nfs_src_dir: 'fedora_ostree_content/ostree' -# when: env == 'staging' -# -# - role: nfs/client -# mnt_dir: '/mnt/fedora_koji/koji/compose/ostree' -# nfs_src_dir: 'fedora_ostree_content/compose/ostree' -# when: env == 'staging' - - - role: rabbit/queue - queue_username: "robosignatory{{ env_suffix }}" - queue_name: "robosignatory{{ env_suffix }}" - queue_max_priority: 5 - queue_routing_keys: - - "org.fedoraproject.*.pungi.compose.ostree" - - "org.fedoraproject.*.coreos.build.request.artifacts-sign" - - "org.fedoraproject.*.coreos.build.request.ostree-sign" - - "org.fedoraproject.*.buildsys.tag" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(robosignatory|coreos)\..*\.finished$ - - robosignatory - role: keytab/service service: autosign - owner_user: robosignatory - owner_group: robosignatory + - robosignatory - - {role: linux-system-roles.nbde_client, when: datacenter == 'iad2' and env != 'staging' } - - {role: serial-console, when: datacenter == 'iad2'} - - pre_tasks: + tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/manual/centosci-keytab.yml b/playbooks/manual/centosci-keytab.yml deleted file mode 100644 index 0623b03ab3..0000000000 --- a/playbooks/manual/centosci-keytab.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- hosts: localhost - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Centos CI Keytab Creation Role - include_role: - name: centosci-keytab - tasks_from: main diff --git a/playbooks/manual/communishift.yml b/playbooks/manual/communishift.yml deleted file mode 100644 index aa07922ac3..0000000000 --- a/playbooks/manual/communishift.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -- hosts: localhost - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Configure the communishift virtualenv - ansible.builtin.pip: - name: "{{ communishift_package }}" - with_items: "{{ communishift_package_list }}" - loop_control: - loop_var: communishift_package - - - name: Communishift Role - include_role: - name: communishift - tasks_from: deploy-communishift-authorization-operator - apply: - tags: - - deploy-operators - - - name: Communishift Role - with_items: "{{ communishift_projects }}" - include_role: - name: communishift - tasks_from: main - apply: - tags: - - create_efs - loop: "{{ lookup('dict', communishift_projects) }}" - vars: - communishift_package_list: - - kubernetes - - boto3 diff --git a/playbooks/manual/communishift_send_email_notifications.yml b/playbooks/manual/communishift_send_email_notifications.yml deleted file mode 100644 index 6f599fdfc0..0000000000 --- a/playbooks/manual/communishift_send_email_notifications.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -- hosts: localhost - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Configure the communishift virtualenv - ansible.builtin.pip: - name: "{{ communishift_package }}" - with_items: "{{ communishift_package_list }}" - loop_control: - loop_var: communishift_package - - - name: Communishift Retrieve FASJSON data - include_role: - name: communishift - tasks_from: retrieve-communishift-admin-data - - - name: Communishift Cluster Cleanup Tasks - with_items: "{{ communishift_projects }}" - include_role: - name: communishift - tasks_from: cleanup-administration-tasks - apply: - tags: - - cleanup-administration-tasks - loop: "{{ lookup('dict', communishift_projects) }}" - - vars: - communishift_package_list: - - kubernetes - - boto3 diff --git a/playbooks/manual/copr/_generic_tasks.yml b/playbooks/manual/copr/_generic_tasks.yml deleted file mode 100644 index 07a6bcc013..0000000000 --- a/playbooks/manual/copr/_generic_tasks.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: Detect package versions - package_facts: manager=auto diff --git a/playbooks/manual/copr/copr-backend-upgrade.yml b/playbooks/manual/copr/copr-backend-upgrade.yml deleted file mode 100644 index afee40a906..0000000000 --- a/playbooks/manual/copr/copr-backend-upgrade.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- name: Upgrade copr backend - hosts: copr_back_dev_aws:copr_back_aws - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Generic upgrade tasks for copr servers - import_tasks: _generic_tasks.yml - - - name: Upgrade copr-backend packages - dnf: - state: latest - name: - - copr-backend - - copr-cli # copr-ping cron job needs this - - copr-selinux - - python3-copr - - python3-copr-common - - python3-copr-messaging - - prunerepo - update_cache: true - - - name: Upgrade createrepo_c from updates-testing, when needed - dnf: state=latest - name=createrepo_c - enablerepo=updates-testing - when: ansible_facts.packages['createrepo_c'][0].version is version('0.15.5', '<') - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/manual/copr/copr-dist-git-upgrade.yml b/playbooks/manual/copr/copr-dist-git-upgrade.yml deleted file mode 100644 index 6495d98cd0..0000000000 --- a/playbooks/manual/copr/copr-dist-git-upgrade.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -- name: Upgrade copr distgit - hosts: copr_dist_git_dev_aws:copr_dist_git_aws - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Generic upgrade tasks for copr servers - import_tasks: _generic_tasks.yml - - - name: Upgrade copr-distgit packages - dnf: - state: latest - name: - - dist-git - - dist-git-selinux - - copr-dist-git - - copr-selinux - - python3-copr - - python3-copr-common - update_cache: true - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/manual/copr/copr-frontend-upgrade.yml b/playbooks/manual/copr/copr-frontend-upgrade.yml deleted file mode 100644 index 81e4cf2c02..0000000000 --- a/playbooks/manual/copr/copr-frontend-upgrade.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -- name: Upgrade copr frontend - hosts: copr_front_dev_aws:copr_front_aws - user: root - gather_facts: true - - vars: - cache_file: /var/lib/copr/.ansible-copr-frontend-version - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Generic upgrade tasks for copr servers - import_tasks: _generic_tasks.yml - - - name: Check for copr-frontend update - ansible.builtin.shell: dnf clean all ; dnf check-update copr-frontend - register: frontend_has_update - changed_when: "frontend_has_update.rc != 0" - failed_when: false - - - name: Make httpd stopped - service: name=httpd state=stopped - register: httpd_stopped - when: frontend_has_update.changed - - - name: Upgrade copr-frontend packages - ansible.builtin.shell: dnf update -y copr-frontend copr-frontend-fedora copr-selinux python3-copr-common - when: frontend_has_update.changed - - - name: Upgrade db to head, logs in /var/log/copr-frontend/migrations.log - ansible.builtin.shell: alembic-3 upgrade head &> /var/log/copr-frontend/migrations.log - become: yes - become_user: copr-fe - args: - chdir: /usr/share/copr/coprs_frontend/ - when: frontend_has_update.changed - - - name: Make httpd started - service: name=httpd state=started - when: httpd_stopped.changed - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/manual/copr/copr-keygen-upgrade.yml b/playbooks/manual/copr/copr-keygen-upgrade.yml deleted file mode 100644 index 30989b0321..0000000000 --- a/playbooks/manual/copr/copr-keygen-upgrade.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: Upgrade copr keygen - hosts: copr_keygen_dev_aws:copr_keygen_aws - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Generic upgrade tasks for copr servers - import_tasks: _generic_tasks.yml - - - name: Upgrade copr-keygen packages - dnf: - state: latest - name: - - copr-keygen - - copr-selinux - - python3-copr-common - update_cache: true - notify: - - Restart haveged - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/manual/fas-readonly/fas-readonly.sql b/playbooks/manual/fas-readonly/fas-readonly.sql deleted file mode 100644 index 492d3347b7..0000000000 --- a/playbooks/manual/fas-readonly/fas-readonly.sql +++ /dev/null @@ -1,25 +0,0 @@ --- --- Make fas read only --- - - -REVOKE ALL PRIVILEGES on people from fas; -GRANT SELECT on people to fas; - --- This needs to stay so that people can still login. -GRANT update (last_seen) on people to fas; - -REVOKE ALL PRIVILEGES on groups from fas; -GRANT SELECT on groups to fas; - -REVOKE ALL PRIVILEGES on group_roles from fas; -GRANT SELECT on group_roles to fas; - -REVOKE ALL PRIVILEGES on person_roles from fas; -GRANT SELECT on person_roles to fas; - -REVOKE ALL PRIVILEGES on person_roles_fpca from fas; -GRANT SELECT on person_roles_fpca to fas; - -REVOKE ALL PRIVILEGES on bugzilla_queue from fas; -GRANT SELECT on bugzilla_queue to fas; diff --git a/playbooks/manual/fas-readonly/fas-readonly.yml b/playbooks/manual/fas-readonly/fas-readonly.yml deleted file mode 100644 index e6550b4e51..0000000000 --- a/playbooks/manual/fas-readonly/fas-readonly.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: Change fas db to readonly for most actions - hosts: db-fas01.iad2.fedoraproject.org:db-fas01.stg.iad2.fedoraproject.org - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - tasks: - - name: Copy the sql script to file - ansible.builtin.template: src=fas-readonly.sql dest=/var/lib/pgsql/fas-readonly.sql - - - name: Change permissions for relevant tables in the fas db - ansible.builtin.shell: psql -1 -v ON_ERROR_STOP=1 fas2 {{ hostvars['localhost']['sar_tmp_dir'] }}/{{ sar_output_file }}" - delegate_to: localhost - when: "sar_huge is defined and sar_huge" - -- name: Gather SAR data - openshift apps - hosts: os_masters[0] - tasks: - - include_tasks: sar_openshift.yml - loop: "{{ lookup('dict', sar_openshift, wantlist=True) }}" - -- name: Create the archive - hosts: localhost - tasks: - - name: "Create the archive" - block: - # Generate a private tarball of the files from each service. - - ansible.builtin.shell: "umask 0077 && tar --transform \"s:^:{{ sar_fas_user }}_{{ sar_email }}/:\" -czf {{ sar_tmp_dir }}/{{ sar_fas_user }}_{{ sar_email }}.tar.gz *" - args: - chdir: "{{ sar_tmp_dir }}" - # Move the tarball into the desired pick up location. - - ansible.builtin.command: "mv {{ sar_tmp_dir }}/{{ sar_fas_user }}_{{ sar_email }}.tar.gz {{ sar_tar_output_path }}" - always: - # Let's clean up our temporary directory. - - ansible.builtin.command: "rm -r {{ sar_tmp_dir }}" diff --git a/playbooks/manual/gdpr/sar_openshift.yml b/playbooks/manual/gdpr/sar_openshift.yml deleted file mode 100644 index d9fbc553e6..0000000000 --- a/playbooks/manual/gdpr/sar_openshift.yml +++ /dev/null @@ -1,16 +0,0 @@ -# Retrieve GDPR data from single openshift app. -# Get the correct pod ---- -- name: Retrieve the id of the running container/pod - ansible.builtin.shell: "oc get -n {{ item.value.openshift_namespace }} -o name -l app={{ item.value.openshift_pod }} pods | cut -f 2 -d '/'" - register: pod_id -# Run the SAR script -- name: Run oc exec in container to extract the data - ansible.builtin.command: "oc -n {{ item.value.openshift_namespace }} rsh {{ pod_id.stdout }} bash -c 'SAR_USERNAME={{ sar_fas_user }} SAR_EMAIL={{ sar_email }} {{ item.value.sar_script }}'" - register: sar_data -# Store the result on disk -- name: Copy the output data locally - ansible.builtin.copy: - content: "{{ sar_data['stdout'] }}" - dest: "{{ hostvars['localhost']['sar_tmp_dir'] }}/{{ item.value.sar_output_file }}" - delegate_to: localhost diff --git a/playbooks/manual/get-system-packages.yml b/playbooks/manual/get-system-packages.yml deleted file mode 100644 index cf0e245b0a..0000000000 --- a/playbooks/manual/get-system-packages.yml +++ /dev/null @@ -1,21 +0,0 @@ -# -# A playbook to get all the rpms installed on a set of systems. -# - ---- -- name: Get installed packages - hosts: builders:releng-compose:data-analysis01.iad2.fedoraproject.org - gather_facts: true - user: root - - tasks: - - - name: RPM_output - ansible.builtin.shell: "/usr/bin/rpm -qa" - register: rpm_output - args: - warn: false # set warn=false to prevent warning - - - - debug: var=rpm_output.stdout_lines -# when: rpm_output is defined and rpm_output.results|length > 0 diff --git a/playbooks/manual/history_undo.yml b/playbooks/manual/history_undo.yml index 931f947c64..30ec0e404d 100644 --- a/playbooks/manual/history_undo.yml +++ b/playbooks/manual/history_undo.yml @@ -8,14 +8,13 @@ # all the virthosts. If you run this once, it will undo those transactions. If # you run it again, it will undo that previous *undo*. ---- - name: Find and undo the latest yum transaction involving a $PACKAGE hosts: "{{ target }}" user: root tasks: - - name: Find the ID of the last yum transaction - ansible.builtin.shell: yum history package {{ package }} | sed -n 3p | awk -F "|" '{ print $1 }' | tr -d ' ' + - name: find the ID of the last yum transaction + shell: yum history package {{ package }} | sed -n 3p | awk -F "|" '{ print $1 }' | tr -d ' ' register: transaction_id # If transaction_id.stderr == "", then that means that the $PACKAGE we're @@ -23,17 +22,17 @@ - debug: var=transaction_id.stdout when: transaction_id.stderr == "" - - name: Get info on that transaction - ansible.builtin.command: yum history info {{ transaction_id.stdout }} + - name: get info on that transaction + command: yum history info {{ transaction_id.stdout }} register: transaction_info when: transaction_id.stderr == "" - debug: var=transaction_info.stdout_lines when: transaction_id.stderr == "" - # - pause: seconds=30 prompt="Undoing that yum transaction. Abort if this is wrong." + #- pause: seconds=30 prompt="Undoing that yum transaction. Abort if this is wrong." # when: transaction_id.stderr == "" - name: Okay.. undo that transaction now - ansible.builtin.command: yum -y history undo {{ transaction_id.stdout }} + command: yum -y history undo {{ transaction_id.stdout }} when: transaction_id.stderr == "" diff --git a/playbooks/manual/import-irc-cookies-to-matrix.yml b/playbooks/manual/import-irc-cookies-to-matrix.yml deleted file mode 100644 index 5f6c3c42ac..0000000000 --- a/playbooks/manual/import-irc-cookies-to-matrix.yml +++ /dev/null @@ -1,41 +0,0 @@ -# This playbook imports the cookies given on IRC to the Matrix Zodbot - ---- -- name: Import the cookies - hosts: value02.iad2.fedoraproject.org:value02.stg.iad2.fedoraproject.org - user: root - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - - name: Add the pgpass file - ansible.builtin.copy: - content: | - db01{{ env_suffix }}.iad2.fedoraproject.org:*:maubot:maubot:{{ (env == 'production')|ternary(maubot_prod_db_password, maubot_stg_db_password) }} - dest: /root/.pgpass - owner: root - group: root - mode: "0400" - - - name: Install the required package - dnf: - state: installed - name: python3-psycopg2 - - - name: Install the import script - ansible.builtin.copy: - src: "{{ files }}/zodbot/karma-to-cookies-db.py" - dest: /usr/local/bin/karma-to-cookies-db - mode: "0755" - - - name: Run the import script - ansible.builtin.command: - argv: - - /usr/local/bin/karma-to-cookies-db - - -i - - zodbot{% if env == "staging" %}-stg{% endif %}-fedora - - /var/lib/{{ (env == 'production')|ternary('zodbot', 'ursabot') }}/data/karma.db diff --git a/playbooks/manual/kernel-qa.yml b/playbooks/manual/kernel-qa.yml index 42de1b3ceb..7928424415 100644 --- a/playbooks/manual/kernel-qa.yml +++ b/playbooks/manual/kernel-qa.yml @@ -2,24 +2,28 @@ # NOTE: this assumes the kernel-qa boxes are already up and are accessible # NOTE: most of these vars_path come from group_vars/kernel-qa or from hostvars ---- -- name: Make kernel-qa - hosts: kernel_qa +- name: make kernel-qa + hosts: kernel-qa user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - rkhunter - nagios_client - - ipa/client + - fas_client - sudo - hosts + tasks: + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/manual/mirrormanager/emergency-expire-repo.yml b/playbooks/manual/mirrormanager/emergency-expire-repo.yml deleted file mode 100644 index c388f294ea..0000000000 --- a/playbooks/manual/mirrormanager/emergency-expire-repo.yml +++ /dev/null @@ -1,38 +0,0 @@ -# This playbook forces an update of the mirrorlist cache in MirrorManager - -# Usage: -# --extra-vars="product='EPEL' version='7'" -# product => The product name in MirrorManager's DB. Currently one of: -# "Fedora", "EPEL" or "RHEL" -# version => The version that must be expired and updated. - ---- -- name: Run the emergency-expire-repo script - hosts: os_control[0]:os_control_stg[0] - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/vars/apps/mirrormanager.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - pre_tasks: - - name: Validate the product {{ product }} - assert: - that: - - product is defined - - product in ["Fedora", "EPEL", "RHEL"] - fail_msg: "The 'product' variable is not set correctly" - - name: Validate the version {{ version }} - assert: - that: - - version is defined - fail_msg: "The 'version' variable is not defined" - - roles: - - role: openshift/job - job_app: mirrormanager - job_name: emergency-expire-repo-{{ product|lower|replace(" ", "-") }}-{{ version|lower|replace(" ", "-") }} - job_command: "/opt/app-root/bin/mm2_emergency-expire-repo {{ product }} {{ version }} && bash /opt/scripts/update-mirrorlist-cache.sh" diff --git a/playbooks/manual/mirrormanager/move-devel-to-release.yml b/playbooks/manual/mirrormanager/move-devel-to-release.yml deleted file mode 100644 index d5ac99013e..0000000000 --- a/playbooks/manual/mirrormanager/move-devel-to-release.yml +++ /dev/null @@ -1,35 +0,0 @@ -# This playbook moves a branched version to a released version in MirrorManager's DB - ---- -- name: Run the move-devel-to-release script - hosts: os_control[0]:os_control_stg[0] - user: root - vars: - version: "{{ FedoraCycleNumber }}" - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/vars/apps/mirrormanager.yml - - /srv/web/infra/ansible/vars/all/00-FedoraCycleNumber.yaml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - pre_tasks: - - name: Validate the version {{ version }} - assert: - that: - - version is defined - fail_msg: "The 'version' variable is not defined" - - roles: - - - role: openshift/job - job_app: mirrormanager - job_name: move-devel-to-release-fedora-linux-{{ version|lower|replace(" ", "-") }} - job_command: "/opt/app-root/bin/mm2_move-devel-to-release --version {{ version }} --category 'Fedora Linux'" - - - role: openshift/job - job_app: mirrormanager - job_name: move-devel-to-release-fedora-secondary-{{ version|lower|replace(" ", "-") }} - job_command: "/opt/app-root/bin/mm2_move-devel-to-release --version {{ version }} --category 'Fedora Secondary Arches'" diff --git a/playbooks/manual/mirrormanager/move-to-archive.yml b/playbooks/manual/mirrormanager/move-to-archive.yml deleted file mode 100644 index 404504c6a9..0000000000 --- a/playbooks/manual/mirrormanager/move-to-archive.yml +++ /dev/null @@ -1,38 +0,0 @@ -# This playbook moves a distro version to the archive in MirrorManager's DB - -# Usage: -# --extra-vars="product='EPEL' version='7'" -# product => The product name in MirrorManager's DB. Currently one of: -# "Fedora", "EPEL" or "RHEL" -# version => The version that must be archived. - ---- -- name: Run the move-to-archive script - hosts: os_control[0]:os_control_stg[0] - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/vars/apps/mirrormanager.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - pre_tasks: - - name: Validate the product {{ product }} - assert: - that: - - product is defined - - product in ["Fedora", "EPEL", "RHEL"] - fail_msg: "The 'product' variable is not set correctly" - - name: Validate the version {{ version }} - assert: - that: - - version is defined - fail_msg: "The 'version' variable is not defined" - - roles: - - role: openshift/job - job_app: mirrormanager - job_name: move-to-archive-{{ product|lower|replace(" ", "-") }}-{{ version|lower|replace(" ", "-") }} - job_command: "/opt/app-root/bin/mm2_move-to-archive --product {{ product }} --version {{ version }}" diff --git a/playbooks/manual/nagios/shush-fmn.yml b/playbooks/manual/nagios/shush-fmn.yml index 51812190c2..2b0ff9cee2 100644 --- a/playbooks/manual/nagios/shush-fmn.yml +++ b/playbooks/manual/nagios/shush-fmn.yml @@ -1,14 +1,13 @@ ---- -- name: Be quiet please... - hosts: notifs_backend:notifs_backend_stg +- name: be quiet please... + hosts: notifs-backend:notifs-backend-stg user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - - name: Tell nagios to shush. + - name: tell nagios to shush. nagios: action=downtime minutes=15 service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org + delegate_to: noc01.phx2.fedoraproject.org ignore_errors: true diff --git a/playbooks/manual/noggin-deployment/create-full-backup.yml b/playbooks/manual/noggin-deployment/create-full-backup.yml deleted file mode 100644 index 7195200530..0000000000 --- a/playbooks/manual/noggin-deployment/create-full-backup.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: Backup IPA data for testing - hosts: ipa_stg - # vars_files: - # - /srv/web/infra/ansible/vars/global.yml - # - "/srv/private/ansible/vars.yml" - # - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - tasks: - - name: Create backup of FreeIPA server data - ansible.builtin.command: ipa-backup - - - name: Make the latest backup available under a fixed name - ansible.builtin.shell: - cmd: ln -snf $(ls -1t ipa-full* | head -n 1) ipa-full-latest - chdir: /var/lib/ipa/backup diff --git a/playbooks/manual/noggin-deployment/fix-home-fedora-ownerships.yml b/playbooks/manual/noggin-deployment/fix-home-fedora-ownerships.yml deleted file mode 100644 index b55d22c413..0000000000 --- a/playbooks/manual/noggin-deployment/fix-home-fedora-ownerships.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -- name: Fix ownership of home directories in /home/fedora - hosts: all - user: root - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Check if /home/fedora exists - stat: - path: /home/fedora - follow: yes - register: home_fedora_res - - - name: Copy the script to the host - ansible.builtin.copy: - src: "{{ files }}/scripts/fix-home-fedora-ownerships.sh" - dest: /usr/local/sbin/fix-home-fedora-ownerships.sh - mode: "0755" - changed_when: false - when: home_fedora_res.stat.isdir - - - name: Fix ownership of home directories in /home/fedora - # assumes that directory name == user name - ansible.builtin.shell: - chdir: /home/fedora - cmd: /usr/local/sbin/fix-home-fedora-ownerships.sh - register: chown_res - changed_when: "'fixing ownership:' in chown_res.stdout" - when: home_fedora_res.stat.isdir - - - name: Delete the script from the host - ansible.builtin.file: - path: /usr/local/sbin/fix-home-fedora-ownerships.sh - state: absent - changed_when: false - when: home_fedora_res.stat.isdir diff --git a/playbooks/manual/noggin-deployment/reenroll-ipa-client.yml b/playbooks/manual/noggin-deployment/reenroll-ipa-client.yml deleted file mode 100644 index e3299df31a..0000000000 --- a/playbooks/manual/noggin-deployment/reenroll-ipa-client.yml +++ /dev/null @@ -1,71 +0,0 @@ ---- - -# Reenroll IPA clients if their IPA server was reinstalled. -# -# Limited to staging hosts (because the staging IPA server was reinstalled lately) to avoid breakage -# in prod. - -- name: Reenroll IPA client - hosts: staging - user: root - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tags: - - ipa/client - - reenroll - - tasks: - - # Preparation - - - name: Install packages - ansible.builtin.package: - name: - - freeipa-client - - krb5-workstation - state: present - - # Checks - - - name: Check if the host can obtain a Kerberos ticket - ansible.builtin.command: kinit -kt /etc/krb5.keytab - ignore_errors: yes - changed_when: no - register: kinit_res - when: ipa_server is defined - - - name: Ping the IPA server - ansible.builtin.command: ipa ping - ignore_errors: yes - changed_when: no - register: ipa_ping_res - when: ipa_server is defined and kinit_res.rc == 0 - - - name: Do the things, or don't - set_fact: - do_the_things: >- - ( - ipa_server is defined - and (kinit_res.rc != 0 or (ipa_ping_res.rc | default(0)) != 0) - ) | bool - - # Do the things - - - name: Unenroll IPA client - ansible.builtin.command: ipa-client-install --uninstall --unattended - when: do_the_things - - - name: Apply the ipa/client role - include_role: - name: ipa/client - when: do_the_things - -- name: Fix ownership of directories in /home/fedora - import_playbook: fix-home-fedora-ownerships.yml - when: do_the_things - tags: - - fix-ownership diff --git a/playbooks/manual/noggin-deployment/restore-latest-backup.yml b/playbooks/manual/noggin-deployment/restore-latest-backup.yml deleted file mode 100644 index 79f6d62435..0000000000 --- a/playbooks/manual/noggin-deployment/restore-latest-backup.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Restore latest IPA backup for testing - hosts: ipa_stg - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - # - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - tasks: - - name: Restore latest backup of FreeIPA server data - ansible.builtin.command: ipa-restore /var/lib/ipa/backup/ipa-full-latest -p {{ ipa_admin_password }} diff --git a/playbooks/manual/noggin-deployment/uninstall_ipa_client.yml b/playbooks/manual/noggin-deployment/uninstall_ipa_client.yml deleted file mode 100644 index 11e4584713..0000000000 --- a/playbooks/manual/noggin-deployment/uninstall_ipa_client.yml +++ /dev/null @@ -1,85 +0,0 @@ ---- -- name: Uninstall IPA client - hosts: bodhi_backend_stg:bugzilla2fedmsg_stg:ipsilon_stg:buildvm_stg:buildvm_ppc64le_stg:buildvm_aarch64_stg:buildvm_armv7_stg:buildvm_s390x_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Uninstall IPA client - ansible.builtin.command: ipa-client-install --uninstall --unattended - ignore_errors: yes - -- import_playbook: "/srv/web/infra/ansible/playbooks/groups/bodhi-backend.yml" -- import_playbook: "/srv/web/infra/ansible/playbooks/groups/bugzilla2fedmsg.yml" -- import_playbook: "/srv/web/infra/ansible/playbooks/groups/ipsilon.yml" -- import_playbook: "/srv/web/infra/ansible/playbooks/groups/buildvm.yml" - - -- name: Remove keytab in OpenShift - hosts: os_master_stg[0] - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - vars: - - keytabs: - - app: elections - key: service.keytab - secret_name: elections-keytab - - app: fasjson - key: http - secret_name: fasjson-keytab-http - - app: ipsilon - key: service.keytab - secret_name: ipsilon-keytab - - app: bodhi - key: koji-keytab - secret_name: bodhi-keytab - - app: coreos-koji-tagger - key: koji-keytab - secret_name: coreos-koji-tagger-keytab - - app: koschei - secret_name: keytab - key: krb5.keytab - - app: simple-koji-ci - key: simple-koji-ci-keytab - secret_name: simple-koji-ci-keytab - - app: sso - key: sso-keytab - secret_name: sso-keytab - - app: the-new-hotness - key: koji-keytab - secret_name: the-new-hotness-keytab - - tasks: - - name: Remove keytab - ansible.builtin.file: - path: "/etc/openshift_apps/{{item.app}}/{{item.key}}.kt" - state: absent - loop: "{{keytabs}}" - - - name: Remove keytab secret - ansible.builtin.command: oc -n {{item.app}} delete secret {{item.secret_name}} - register: delete_out - failed_when: "delete_out.rc != 0 and 'NotFound' not in delete_out.stderr" - changed_when: "delete_out.rc == 0 and 'secret \"{{item.secret_name}}\" deleted' in delete_out.stdout" - loop: "{{keytabs}}" - -- import_playbook: "/srv/web/infra/ansible/playbooks/openshift-apps/elections.yml" -- import_playbook: "/srv/web/infra/ansible/playbooks/openshift-apps/fasjson.yml" -- import_playbook: "/srv/web/infra/ansible/playbooks/openshift-apps/ipsilon.yml" -- import_playbook: "/srv/web/infra/ansible/playbooks/openshift-apps/bodhi.yml" -- import_playbook: "/srv/web/infra/ansible/playbooks/openshift-apps/coreos-koji-tagger.yml" -- import_playbook: "/srv/web/infra/ansible/playbooks/openshift-apps/koschei.yml" -- import_playbook: "/srv/web/infra/ansible/playbooks/openshift-apps/message-tagging-service.yml" -- import_playbook: "/srv/web/infra/ansible/playbooks/openshift-apps/monitor_gating.yml" -- import_playbook: "/srv/web/infra/ansible/playbooks/openshift-apps/sso.yml" -- import_playbook: "/srv/web/infra/ansible/playbooks/openshift-apps/the-new-hotness.yml" - -# No keytab, but the CA cert needs to be updated -- import_playbook: "/srv/web/infra/ansible/playbooks/openshift-apps/noggin.yml" -- import_playbook: "/srv/web/infra/ansible/playbooks/openshift-apps/noggin-centos.yml" diff --git a/playbooks/manual/oci-registry-prune.yml b/playbooks/manual/oci-registry-prune.yml deleted file mode 100644 index d6affeac75..0000000000 --- a/playbooks/manual/oci-registry-prune.yml +++ /dev/null @@ -1,49 +0,0 @@ -# This playbook search for old OCI images on the candidate registries -# and deletes them. -# Once the images tags are deleted the garbage collection is run on the -# registry hosts. - ---- -- name: Prune 30 days old OCI images from candidate-registry - hosts: oci-candidate-registry01.iad2.fedoraproject.org:oci-candidate-registry01.stg.iad2.fedoraproject.org - gather_facts: false - user: root - - vars: - - ansible_python_interpreter: "/usr/bin/python3" - - vars_files: - - "/srv/private/ansible/vars.yml" - - tasks: - - - name: Find and Delete 30 days old OCI images - delete_old_oci_images: - days: 30 - username: "{{candidate_registry_osbs_prod_username}}" - password: "{{candidate_registry_osbs_prod_password}}" - delegate_to: compose-x86-01.iad2.fedoraproject.org - when: env == "production" - register: prod_output - - - debug: var=prod_output.stdout_lines - - - name: Run registry garbage collection to reclaim disk space - ansible.builtin.command: "registry garbage-collect /etc/docker-distribution/registry/config.yml" - when: env == "production" - - - name: Find and Delete 30 days old OCI images (stg) - delete_old_oci_images: - registry: "https://candidate-registry.stg.fedoraproject.org" - days: 30 - username: "{{candidate_registry_osbs_stg_username}}" - password: "{{candidate_registry_osbs_stg_password}}" - delegate_to: compose-x86-01.iad2.fedoraproject.org - when: env == "staging" - register: stg_output - - - debug: var=stg_output.stdout_lines - - - name: Run registry garbage collection to reclaim disk space (stg) - ansible.builtin.command: "registry garbage-collect /etc/docker-distribution/registry/config.yml" - when: env == "staging" diff --git a/playbooks/manual/ocp4-place-ignitionfiles.yml b/playbooks/manual/ocp4-place-ignitionfiles.yml deleted file mode 100644 index cfe3e4b620..0000000000 --- a/playbooks/manual/ocp4-place-ignitionfiles.yml +++ /dev/null @@ -1,108 +0,0 @@ ---- -# This playbook is an ad-hoc task used to deploy kvm nodes for OCP4 -# It used the following variables, declared through inventory (group/host vars): -# rhcos_version: 4.5.6 # upstream version to fetch from mirror.openshift.com in local httpd dir for deployment -# rhcos_install_img_url: # Where to grab rhcos install http:////rhcos/rhcos-4.3.8-x86_64-metal.x86_64.raw.gz -# rhcos_ignition_file_url: # where to find ignition file http:///config/rhcos/bootstrap.ign #to be modified based on group or host level, for bootstrap, master, etc -# rhcos_install_url: #where kernel/initrd.img and .treeinfo are to be found, internal -# kvm_guest_vcpus: -# kvm_guest_memory: -# kvm_guest_disk_size: #in GiB, not to be added, so example: 120 -# kvm_host_bridge: # which defined bridged to use for the guest vnic -# kvm_guest_vnic: ens3 -# ip: -# nameservers: -# - 192.168.1.1 -# - 192.168.2.2 -# gateway -# deploy_host: # http server serving ignition files -- hosts: os_control_stg:os_control:ocp_controlplane_stg:ocp_controlplane:ocp_bootstrap:ocp_boostrap_stg:ocp_vms_stg:ocp_vms - user: root - gather_facts: false - - tasks: - - block: - - name: == OCP KVM provisioning == Ensuring we have needed httpd dir - ansible.builtin.file: - path: "/var/www/html/rhcos" - state: directory - mode: "0755" - - name: == OCP KVM provisioning == Importing generated Ignition files - ansible.builtin.template: - src: "/srv/web/infra/bigfiles/openshiftboot/{{ env }}/{{ item }}" - dest: "/var/www/html/rhcos/{{ item }}" - mode: "0755" - with_items: - - bootstrap.ign - - controlplane.ign - - worker.ign - - name: == OCP KVM provisioning == Creating treeinfo for virt-install --location - ansible.builtin.template: - src: "/srv/web/infra/bigfiles/openshiftboot/ocp-treeinfo.j2" - dest: "/var/www/html/rhcos/.treeinfo" - mode: "0644" - - name: == OCP KVM provisioning == Copy kubeadmin config files to bastion - ansible.builtin.copy: - src: "/srv/web/infra/bigfiles/openshiftboot/{{ env }}/auth/" - dest: "/root/ocp4/ocp-{{env}}/" - - name: == OCP KVM provisioning == Downloading RHCOS deploy files - get_url: - dest: /var/www/html/rhcos/ - mode: "0755" - url: "https://mirror.openshift.com/pub/openshift-v4/dependencies/rhcos/latest/{{ rhcos_version }}/{{ item }}" -# run_once: true - ignore_errors: true - with_items: - - "rhcos-{{ rhcos_version }}-x86_64-live-initramfs.x86_64.img" - - "rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" - - "rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" - - "rhcos-{{ rhcos_version }}-x86_64-live-kernel-x86_64" - - name: == OCP KVM provisioning == Ensuring symlink for correct version {{ rhcos_version }} - ansible.builtin.file: - state: link - src: "/var/www/html/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" - dest: "/var/www/html/rhcos/rhcos-metal.raw" - tags: - - ignition - - repo - when: inventory_hostname in groups['os_control_stg'] or inventory_hostname in groups['os_control'] - - - name: == OCP KVM provisioning == Downloading RHCOS deploy files - get_url: - dest: /srv/web/infra/bigfiles/tftpboot/rhcos/ - mode: "0755" - url: "https://mirror.openshift.com/pub/openshift-v4/dependencies/rhcos/latest/{{ rhcos_version }}/{{ item }}" - run_once: true - ignore_errors: true - with_items: - - "rhcos-{{ rhcos_version }}-x86_64-live-initramfs.x86_64.img" - - "rhcos-{{ rhcos_version }}-x86_64-live-kernel-x86_64" - delegate_to: 127.0.0.1 - tags: - - ignition - - repo - - - name: == OCP KVM provisioning == Checking OCP Virtual Guest exist[s] - virt: - name: "{{ inventory_hostname }}" - state: running - ignore_errors: yes - delegate_to: "{{ vmhost }}" - register: vm_exists - tags: - - kvm_deploy - when: inventory_hostname in groups['ocp_vms_stg'] or inventory_hostname in groups['ocp_vms'] - - block: - - name: Ensure the lv for the guest is made - lvol: lv={{ inventory_hostname }} vg={{ volgroup }} size={{ lvm_size }} state=present - delegate_to: "{{ vmhost }}" - tags: - - kvm_deploy - when: inventory_hostname in groups['ocp_vms_stg'] or inventory_hostname in groups['ocp_vms'] - - name: == OCP KVM provisioning == Deploying the OCP Virtual Guest[s] - ansible.builtin.command: "{{ virt_install_command }}" - delegate_to: "{{ vmhost }}" - tags: - - kvm_deploy - when: inventory_hostname in groups['ocp_vms_stg'] or inventory_hostname in groups['ocp_vms'] - when: vm_exists is failed diff --git a/playbooks/manual/ocp4-sysadmin-openshift.yml b/playbooks/manual/ocp4-sysadmin-openshift.yml deleted file mode 100644 index af83788b65..0000000000 --- a/playbooks/manual/ocp4-sysadmin-openshift.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- hosts: os_control_stg:os_control - gather_facts: false - - roles: - - role: openshift/sysadmin-openshift - sysadmin_openshift_appowners: - - darknao - - dkirwan - - jrichardson - - kevin - - lenkaseg - - siddharthvipul1 - - t0xic0der - - ryanlerch - - james diff --git a/playbooks/manual/openqa-restart-workers.yml b/playbooks/manual/openqa-restart-workers.yml deleted file mode 100644 index fe55eb7b41..0000000000 --- a/playbooks/manual/openqa-restart-workers.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: Restart worker services on openQA worker hosts (production) - hosts: openqa_workers:openqa_lab_workers - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - name: Restart all the worker services - service: name=openqa-worker@{{ item }} state=restarted - with_sequence: "count={{ openqa_workers }}" diff --git a/playbooks/manual/push-badges.yml b/playbooks/manual/push-badges.yml new file mode 100644 index 0000000000..b2213f981c --- /dev/null +++ b/playbooks/manual/push-badges.yml @@ -0,0 +1,77 @@ +# Push out any new badge stuff. +# +# Badge artists and badge developers should be pushing stuff to this repo: +# +# https://pagure.io/fedora-badges-assets.git +# +# This playbook will take any new content from there and push it out onto our +# servers. + +- name: get the badges repo happening from the batcave + hosts: batcave01.phx2.fedoraproject.org + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + vars: + tempdir: /var/tmp/badges-tempdir + upstream: "https://pagure.io/fedora-badges-assets.git" + workingdir: /srv/web/infra/badges/ + + tasks: + - name: clone the local bare repo + git: dest={{tempdir}} repo=/git/badges remote=origin update=yes + + - name: add pagure as a second remote + command: git remote add pagure {{upstream}} chdir={{tempdir}} + + - name: pull down changes from pagure + command: git pull pagure master chdir={{tempdir}} + + - name: push pagure changes back to the lockbox bare repo + command: git push origin master chdir={{tempdir}} + + - name: clean up that temporary {{tempdir}} dir + file: dest={{tempdir}} state=absent + + - name: and pull those commits from the bare repo to the working dir + command: git pull origin master chdir={{workingdir}} + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: copy new badge art over to the badges web nodes + hosts: badges-web:badges-web-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - badges/frontend + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: copy any new badges rules over to the badges backend and restart it + hosts: badges-backend:badges-backend-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - badges/backend + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/manual/qadevel.yml b/playbooks/manual/qadevel.yml index 478ba35b19..33b04c1d79 100644 --- a/playbooks/manual/qadevel.yml +++ b/playbooks/manual/qadevel.yml @@ -3,16 +3,15 @@ # This server looks for rawhide builds and requests they be signed. # ---- -- name: Make qadevel server - hosts: qadevel:qadevel_stg +- name: make qadevel server + hosts: qadevel:qadevel-stg user: root - gather_facts: false + gather_facts: False vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - import_tasks: "{{ tasks_path }}/virt_instance_create.yml" @@ -20,29 +19,29 @@ handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" -- name: Make the box be real - hosts: qadevel:qadevel_stg +- name: make the box be real + hosts: qadevel:qadevel-stg user: root - gather_facts: true + gather_facts: True vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - rkhunter - nagios_client + - fas_client - collectd/base - sudo - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - tasks: - import_tasks: "{{ tasks_path }}/hosts.yml" + - import_tasks: "{{ tasks_path }}/yumrepos.yml" - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/manual/rabbit/delete-queue.yml b/playbooks/manual/rabbit/delete-queue.yml deleted file mode 100644 index 63271eab9d..0000000000 --- a/playbooks/manual/rabbit/delete-queue.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Remove a RabbitMQ queue -# -# Required parameter: -# - queue_name (str): the name of the queue to delete. -# - vhost (str): the name of the RabbitMQ virtual host -# -# Use --extra-vars to define them. - ---- -- assert: - that: - - "queue_name is defined" - fail_msg: "You must define queue_name" - -- assert: - that: - - "vhost is defined" - fail_msg: "You must define vhost" - -- name: Create the queue in RabbitMQ - hosts: rabbitmq_stg[0]:rabbitmq[0] - rabbitmq_queue: - name: "{{ queue_name }}" - vhost: "{{ vhost }}" - state: absent - login_user: admin - login_password: "{{ (env == 'production')|ternary(rabbitmq_admin_password_production, rabbitmq_admin_password_staging) }}" diff --git a/playbooks/manual/rebuild/fedora-packages.yml b/playbooks/manual/rebuild/fedora-packages.yml new file mode 100644 index 0000000000..a0cefa4b7f --- /dev/null +++ b/playbooks/manual/rebuild/fedora-packages.yml @@ -0,0 +1,88 @@ +# Nuke and rebuild the xapian search index for fedora-packages +# +# "install_packages_indexer" is a host_var that instructs this to only run on +# one of the multiple packages nodes. The cache that this rebuilds is shared +# between nodes with gluster. + +- name: enter maintenance mode + hosts: packages:packages-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: tell nagios to shush for these hosts + nagios: action=downtime minutes=300 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + + - name: stop the cache warmer + service: name={{item}} state=stopped + with_items: + - fedmsg-hub + +- name: Rebuild that search index on the side and install it (just staging) + hosts: packages-stg + user: root + become: True + become_user: apache + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: Pull in the list of packages from pkgdb. Go get a snack. (2 hours) + command: /usr/bin/fcomm-index-packages --index-db-dest /var/cache/fedoracommunity/packages/xapian --icons-dest /var/cache/fedoracommunity/packages/icons --tagger-url https://apps.stg.fedoraproject.org/tagger --pkgdb-url https://admin.stg.fedoraproject.org/pkgdb --mdapi-url https://apps.stg.fedoraproject.org/mdapi --icons-url http://download01.phx2.fedoraproject.org/pub/alt/screenshots/ + async: 12000 + poll: 60 + when: install_packages_indexer + +- name: Rebuild that search index on the side and install it. (just prod) + hosts: packages + user: root + become: True + become_user: apache + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: Pull in the list of packages from pkgdb. Go get a snack. (2 hours) + command: /usr/bin/fcomm-index-packages --index-db-dest /var/cache/fedoracommunity/packages/xapian --icons-dest /var/cache/fedoracommunity/packages/icons --tagger-url https://apps.fedoraproject.org/tagger --pkgdb-url https://admin.fedoraproject.org/pkgdb --mdapi-url https://apps.fedoraproject.org/mdapi --icons-url http://download01.phx2.fedoraproject.org/pub/alt/screenshots/ + async: 12000 + poll: 60 + when: install_packages_indexer + +- name: leave maintenance mode + hosts: packages:packages-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: Make sure the perms are straight + file: path=/var/cache/fedoracommunity/packages/ state=directory owner=apache group=fedmsg mode="g+rw" recursive=yes + + - name: Restart the cache worker + service: name={{item}} state=started + with_items: + - fedmsg-hub + + - name: tell nagios to start bothering us again + nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true diff --git a/playbooks/manual/rebuild/hotspot.yml b/playbooks/manual/rebuild/hotspot.yml index 70ceded4cd..2a93a1865b 100644 --- a/playbooks/manual/rebuild/hotspot.yml +++ b/playbooks/manual/rebuild/hotspot.yml @@ -1,14 +1,11 @@ ---- - name: Put a hotspot.txt file in place. - hosts: proxies:proxies_stg + hosts: proxies:proxies-stg user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - - ansible.builtin.file: dest=/srv/web/fedoraproject.org/static/ state=directory - - ansible.builtin.copy: - src: hotspot.txt - dest: /srv/web/fedoraproject.org/static/hotspot.txt + - file: dest=/srv/web/fedoraproject.org/static/ state=directory + - copy: src=hotspot.txt dest=/srv/web/fedoraproject.org/static/hotspot.txt diff --git a/playbooks/manual/rebuild/mote.yml b/playbooks/manual/rebuild/mote.yml index 0fcc0c5f14..e3edba65da 100644 --- a/playbooks/manual/rebuild/mote.yml +++ b/playbooks/manual/rebuild/mote.yml @@ -1,15 +1,14 @@ ---- - name: Nuke the mote cache and restart the services to rebuild it. - hosts: value:value_stg + hosts: value:value-stg user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - - ansible.builtin.file: dest=/var/cache/httpd/mote/cache.json state=absent + - file: dest=/var/cache/httpd/mote/cache.json state=absent - service: name="httpd" state=restarted - service: name="mote-updater" state=restarted diff --git a/playbooks/manual/rebuild/websites.yml b/playbooks/manual/rebuild/websites.yml index 5e992fee8a..d573b3bac1 100644 --- a/playbooks/manual/rebuild/websites.yml +++ b/playbooks/manual/rebuild/websites.yml @@ -1,35 +1,38 @@ ---- - name: Force a rebuild of website content on the backend builder hosts: sundries01* user: root become: true become_user: apache - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - name: Run syncStatic (this takes a while)... - ansible.builtin.command: /usr/local/bin/lock-wrapper syncStatic /usr/local/bin/syncStatic + command: /usr/local/bin/lock-wrapper syncStatic /usr/local/bin/syncStatic - name: Tell the proxies to sync that freshness - hosts: proxies:proxies_stg + hosts: proxies:proxies-stg user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - - name: Rsync each site in to place - ansible.builtin.command: /usr/bin/rsync --delete -a --no-owner --no-group sundries01::{{item}}/ /srv/web/{{item}}/ + - name: rsync each site in to place + command: /usr/bin/rsync --delete -a --no-owner --no-group sundries01::{{item}}/ /srv/web/{{item}}/ with_items: - getfedora.org + - arm.fedoraproject.org + - boot.fedoraproject.org - fedoracommunity.org - developer.fedoraproject.org - fedoraproject.org + - fudcon.fedoraproject.org - labs.fedoraproject.org - mirrors.fedoraproject.org + - spins.fedoraproject.org - start.fedoraproject.org - budget.fedoraproject.org diff --git a/playbooks/manual/releng-emergency-expire-old-repo.yml b/playbooks/manual/releng-emergency-expire-old-repo.yml new file mode 100644 index 0000000000..90fbbf73be --- /dev/null +++ b/playbooks/manual/releng-emergency-expire-old-repo.yml @@ -0,0 +1,38 @@ +# Expire old repo metadata from mirrormanager +# +# This playbook will mark all older versions of a distro version to be outdated +# so that metalink will not serve for old versions. +# CAUTION: Until mirrors pick up the new content, this will mean that the master +# mirror is the only one deemed respectable, and as such should be used very +# sparingly! +# +# Before running this playbook, please make sure that: +# 1. The new updates repo is mashed and pushed to the master mirrors +# 2. The next UMDL run has occured to allow mirrormanager to pick up the new repo +# +# requires --extra-vars="product=Fedora version=23" +# +# Possible product: Fedora/EPEL/RHEL + +- name: Expire old repo files + hosts: mm-backend01.phx2.fedoraproject.org + user: mirrormanager + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: Expire old files + command: /usr/bin/mm2_emergency-expire-repo {{product}} {{version}} + + - name: Recreate pickle + command: /usr/bin/mm2_update-mirrorlist-server + + - name: Sync the pickle + command: /usr/local/bin/sync_pkl_to_mirrorlists.sh + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/manual/releng/koji-release-tags.yml b/playbooks/manual/releng/koji-release-tags.yml deleted file mode 100644 index d9df250ea2..0000000000 --- a/playbooks/manual/releng/koji-release-tags.yml +++ /dev/null @@ -1,227 +0,0 @@ ---- -- name: Create the release tags in koji. - hosts: compose-x86-01.stg.iad2.fedoraproject.org - gather_facts: no - vars_files: - - /srv/web/infra/ansible/vars/all/00-FedoraCycleNumber.yaml - - /srv/web/infra/ansible/vars/all/FedoraBranched.yaml - - /srv/web/infra/ansible/vars/all/FedoraBranchedNumber.yaml - - /srv/web/infra/ansible/vars/all/FedoraRawhideNumber.yaml - vars: - - appliance_build: [appliance-tools, bash, coreutils, grub, parted, perl, policycoreutils, selinux-policy, shadow-utils, sssd-client] - - build: [bash, bzip2, coreutils, cpio, diffutils, fedora-release, findutils, gawk, glibc-minimal-langpack, grep, gzip, info, patch, redhat-rpm-config, rpm-build, sed, shadow-utils, tar, unzip, util-linux, which, xz] - - livecd_build: [bash, coreutils, fedora-logos, fedora-release, livecd-tools, policycoreutils, python-dbus, sed, selinux-policy-targeted, shadow-utils, squashfs-tools, sssd-client, tar, unzip, util-linux, which, yum] - - livemedia_build: [bash, coreutils, glibc-all-langpacks, lorax-lmc-novirt, selinux-policy-targeted, shadow-utils, util-linux] - - srpm_build: [bash, fedora-release, fedpkg-minimal, glibc-minimal-langpack, gnupg2, redhat-rpm-config, rpm-build, shadow-utils] - - release: f{{FedoraBranchedNumber}} - collections: - - ktdreyer.koji_ansible - - pre_tasks: - - name: copy the koji.conf file with the correct variables - ansible.builtin.template: - src: koji.conf.j2 - dest: /etc/koji.conf - owner: root - group: root - mode: "0644" - - tasks: - - name: create the main koji tag for {{release}} - koji_tag: - koji: koji - name: "{{release}}" - state: present - perm: autosign - groups: - appliance-build: "{{appliance_build}}" - build: "{{build}}" - livecd-build: "{{livecd_build}}" - livemedia-build: "{{livemedia_build}}" - srpm-build: "{{srpm_build}}" - extra: - mock.package_manager: dnf - mock.new_chroot: 0 - tags: rpm - - - name: create the {{release}} tags - koji_tag: - koji: koji - name: "{{ item.name }}" - state: present - perm: "{{ item.perm }}" - arches: "{{item.arches}}" - inheritance: - - parent: "{{ item.parent }}" - priority: 0 - loop: - - {name: "{{release}}-updates", perm: admin, parent: "{{release}}", arches: ""} - - {name: "{{release}}-updates-testing", perm: admin, parent: "{{release}}", arches: ""} - - {name: "{{release}}-updates-pending", perm: admin, parent: "{{release}}", arches: ""} - - {name: "{{release}}-override", perm: fedora-override, parent: "{{release}}", arches: ""} - - {name: "{{release}}-updates-candidate", perm: '', parent: "{{release}}", arches: ""} - - {name: "{{release}}-compose", perm: '', parent: "{{release}}", arches: ""} - - {name: "{{release}}-updates-testing-pending", perm: 'autosign', parent: "{{release}}-updates-testing", arches: ""} - - {name: "{{release}}-signing-pending", perm: 'autosign', parent: "{{release}}-updates-testing-pending", arches: ""} - - {name: "{{release}}-pending", perm: '', parent: "{{release}}-updates", arches: ""} - - {name: "{{release}}-build", perm: 'admin', parent: "{{release}}-override", arches: "armv7hl i686 x86_64 aarch64 ppc64le s390x"} - tags: rpm - - - name: create the main infra tags - koji_tag: - koji: koji - name: "{{ item.name }}" - state: present - perm: "{{ item.perm }}" - inheritance: - - parent: "{{ item.parent }}" - priority: 0 - extra: - tag2distrepo.enabled: "true" - tag2distrepo.keys: 47dd8ef9 - loop: - - {name: "{{release}}-infra", perm: 'infra', parent: "{{release}}-build", arches: ""} - - {name: "{{release}}-infra-stg", perm: 'infra', parent: "{{release}}-infra", arches: ""} - tags: infra - - - name: create the other infra tags - koji_tag: - koji: koji - name: "{{ item.name }}" - state: present - perm: "{{ item.perm }}" - inheritance: - - parent: "{{ item.parent }}" - priority: 0 - loop: - - {name: "{{release}}-infra-candidate", perm: 'infra', parent: "{{release}}-infra-stg", arches: ""} - - {name: "{{release}}-infra-build", perm: 'infra', parent: "{{release}}-infra-stg", arches: ""} - tags: infra - - - - name: create the container tag - koji_tag: - koji: koji - name: "{{release}}-container" - state: present - tags: container - - - - name: create the container build tag - koji_tag: - koji: koji - name: "{{release}}-container-build" - state: present - arches: "x86_64" - inheritance: - - parent: "{{release}}-container" - priority: 0 - tags: container - - - name: create the openh264 tags - koji_tag: - koji: koji - name: "{{release}}-openh264" - state: present - inheritance: - - parent: "{{release}}" - priority: 0 - loop: - - {name: "{{release}}-container-build", perm: '', parent: "{{release}}-container", arches: "x86_64"} - tags: openh264 - - - - name: create the main coreos tag - koji_tag: - koji: koji - name: "{{release}}-coreos-continuous" - state: present - arches: "x86_64 aarch64 ppc64le s390x" - extra: - tag2distrepo.enabled: "true" - tags: coreos - - - name: create the coreos-pool tag - koji_tag: - koji: koji - name: "coreos-pool" - state: present - arches: "x86_64 aarch64 ppc64le s390x" - extra: - tag2distrepo.keys: "429476b4 cfc659b9 3c3359c4 12c944d0" - tags: coreos - - - name: create the other coreos tags - koji_tag: - koji: koji - name: "{{release}}-coreos-signing-pending" - state: present - arches: "x86_64 aarch64 ppc64le s390x" - inheritance: - - parent: "coreos-pool" - priority: 0 - extra: - tag2distrepo.enabled: "true" - tags: coreos - - - - name: create the {{release}} target - koji_target: - koji: koji - name: "{{release}}" - build_tag: "{{release}}-build" - dest_tag: "{{release}}-updates-candidate" - tags: rpm - - - - name: create the {{release}}-candidate target - koji_target: - koji: koji - name: "{{release}}-candidate" - build_tag: "{{release}}-build" - dest_tag: "{{release}}-updates-candidate" - tags: rpm - - - - name: create the {{release}}-infra target - koji_target: - koji: koji - name: "{{release}}-infra" - build_tag: "{{release}}-infra-build" - dest_tag: "{{release}}-infra-candidate" - tags: infra - - - - name: create the {{release}}-container-candidate target - koji_target: - koji: koji - name: "{{release}}-container-candidate" - build_tag: "{{release}}-container-build" - dest_tag: "{{release}}-container-updates-candidate" - tags: container - - - - name: create the rawhide target - koji_target: - koji: koji - name: "rawhide" - build_tag: "f{{FedoraRawhideNumber}}-build" - dest_tag: "f{{FedoraRawhideNumber}}-updates-candidate" - tags: rawhide - - - name: create the rawhide container target - koji_target: - koji: koji - name: "rawhide-container-candidate" - build_tag: "f{{FedoraRawhideNumber}}-container-build" - dest_tag: "f{{FedoraRawhideNumber}}-container" - tags: rawhide - - - - name: Change the rawhide tag inheritance - koji_tag_inheritance: - koji: koji - parent_tag: "f{{FedoraRawhideNumber}}" - child_tag: rawhide - priority: 0 - tags: rawhide diff --git a/playbooks/manual/releng/templates/koji.conf.j2 b/playbooks/manual/releng/templates/koji.conf.j2 deleted file mode 100644 index 18e63c4776..0000000000 --- a/playbooks/manual/releng/templates/koji.conf.j2 +++ /dev/null @@ -1,39 +0,0 @@ -[koji] -;configuration for koji cli tool -;url of XMLRPC server -server = https://koji{{env_suffix}}.fedoraproject.org/kojihub - -;url of web interface -weburl = https://koji{{env_suffix}}.fedoraproject.org/koji - -topurl = https://kojipkgs{{env_suffix}}.fedoraproject.org/ - -;configuration for Kerberos authentication -authtype = kerberos -krb_rdns = false - -;the service name of the principal being used by the hub -krbservice = compose - -;the principal to auth as for automated clients -{% if env == "staging" %} -principal = compose/koji.stg.fedoraproject.org@STG.FEDORAPROJECT.ORG -krb_server_realm = STG.FEDORAPROJECT.ORG -keytab = /etc/krb5.compose_koji.stg.iad2.fedoraproject.org.keytab -{% else %} -principal = compose/koji.fedoraproject.org@FEDORAPROJECT.ORG -krb_server_realm = FEDORAPROJECT.ORG -keytab = /etc/krb5.compose_koji.iad2.fedoraproject.org.keytab -{%endif%} - -;enable to lookup dns canonical hostname for krb auth -;krb_canon_host = no - -;[not_implemented_yet] -;enabled plugins for CLI, runroot and save_failed_tree are available -;plugins = -; runroot plugin is enabled by default in fedora -plugins = runroot - -; use the fast upload feature of koji by default -use_fast_upload = yes diff --git a/playbooks/manual/remote_delldrive.yml b/playbooks/manual/remote_delldrive.yml deleted file mode 100644 index 6e4961a2e8..0000000000 --- a/playbooks/manual/remote_delldrive.yml +++ /dev/null @@ -1,22 +0,0 @@ -# Call with, for example: -e 'target=ibiblio04.fedoraproject.org mgmt=ibiblio04-mgmt.fedoraproject.org' ---- -- name: Do a remote drive check - hosts: "{{target}}" - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Copy script over to {{target}} - ansible.builtin.copy: src={{private}}/scripts/drivestatus.py dest=/root/drivestatus.py - - - name: Run it for {{mgmt}} - ansible.builtin.shell: python /root/drivestatus.py {{mgmt}} - register: out - - - name: Remove it - ansible.builtin.file: path=/root/drivestatus.py state=absent - - - debug: var=out.stdout_lines diff --git a/playbooks/manual/restart-fedmsg-services.yml b/playbooks/manual/restart-fedmsg-services.yml new file mode 100644 index 0000000000..30a292ecce --- /dev/null +++ b/playbooks/manual/restart-fedmsg-services.yml @@ -0,0 +1,94 @@ +# Restart fedmsg services +# +# The grande list of "what is running and where" is maintained here manually. +# By running this playbook, you're not actually guaranteed that all services +# everywhere will be restarted. As stuff changes over time, this playbook will +# need to be periodically updated with new things. + +- name: restart fedmsg-gateway instances + hosts: fedmsg-gateways:fedmsg-gateways-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: bounce the fedmsg-gateway service + service: name=fedmsg-gateway state=restarted + +- name: restart fedmsg-relay instances + hosts: fedmsg-relays:fedmsg-relays-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: bounce the fedmsg-relay service + service: name=fedmsg-relay state=restarted + +- name: restart fedmsg-irc instances + hosts: fedmsg-ircs:fedmsg-ircs-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: bounce the fedmsg-irc service + service: name=fedmsg-irc state=restarted + +- name: tell nagios to be quiet about FMN for the moment + hosts: notifs-backend:notifs-backend-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: schedule a 25 minute downtime. give notifs backend time to start up. + nagios: action=downtime minutes=25 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + - name: bounce the fmn-digests service + service: name=fmn-digests@1 state=restarted + +- name: restart fedmsg-hub instances + hosts: fedmsg-hubs:fedmsg-hubs-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: bounce the fedmsg-hub service + service: name=fedmsg-hub state=restarted + +- name: restart moksha-hub instances + hosts: moksha-hubs:moksha-hubs-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: bounce the moksha-hub service + service: name=moksha-hub state=restarted diff --git a/playbooks/manual/restart-pagure.yml b/playbooks/manual/restart-pagure.yml index 65e2c70170..9f9630127e 100644 --- a/playbooks/manual/restart-pagure.yml +++ b/playbooks/manual/restart-pagure.yml @@ -1,22 +1,24 @@ ---- -- name: Reload the frontend - hosts: pagure:pagure_stg +- name: reload the frontend + hosts: pagure:pagure-stg user: root vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - - debug: msg="Karate Chop!" + - name: ask puiterwijk if he would like to capture debug info before restarting. + pause: seconds=30 prompt="Restarting pagure, abort if you want to get puiterwijk's attention first." + + - debug: msg=Karate Chop! - name: Reload apache... service: name="httpd" state=reloaded post_tasks: - - name: Tell nagios to unshush w.r.t. apache + - name: tell nagios to unshush w.r.t. apache nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org + delegate_to: noc01.phx2.fedoraproject.org ignore_errors: true diff --git a/playbooks/manual/restart-pkgdb.yml b/playbooks/manual/restart-pkgdb.yml new file mode 100644 index 0000000000..fa6038dc07 --- /dev/null +++ b/playbooks/manual/restart-pkgdb.yml @@ -0,0 +1,19 @@ +- name: verify the frontend and stop it + hosts: pkgdb:pkgdb-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - name: Start apache + service: name="httpd" state=started + + post_tasks: + - name: tell nagios to unshush w.r.t. apache + nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true diff --git a/playbooks/manual/riscv-keytabs.yml b/playbooks/manual/riscv-keytabs.yml deleted file mode 100644 index d8f05b6407..0000000000 --- a/playbooks/manual/riscv-keytabs.yml +++ /dev/null @@ -1,66 +0,0 @@ -- name: make some keytabs - hosts: riscv-koji01.iad2.fedoraproject.org - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - - name: create directory to store keytabs - ansible.builtin.file: - state: directory - path: /etc/builder-keytabs - mode: "700" - owner: root - group: root - - - name: make all the keytabs for builders - include_role: - name: keytab/service - vars: - kt_location: "/etc/builder-keytabs/{{ item }}.keytab" - service: compile-riscv - host: "{{ item }}" - with_items: - - buildhw-riscv-01.fedoraproject.org - - buildhw-riscv-02.fedoraproject.org - - buildhw-riscv-03.fedoraproject.org - - buildhw-riscv-04.fedoraproject.org - - buildhw-riscv-05.fedoraproject.org - - buildhw-riscv-06.fedoraproject.org - - buildhw-riscv-07.fedoraproject.org - - buildhw-riscv-08.fedoraproject.org - - buildhw-riscv-09.fedoraproject.org - - buildhw-riscv-10.fedoraproject.org - - buildhw-riscv-11.fedoraproject.org - - buildhw-riscv-12.fedoraproject.org - - buildhw-riscv-13.fedoraproject.org - - buildhw-riscv-14.fedoraproject.org - - buildhw-riscv-15.fedoraproject.org - - buildhw-riscv-16.fedoraproject.org - - buildhw-riscv-17.fedoraproject.org - - buildhw-riscv-18.fedoraproject.org - - buildhw-riscv-19.fedoraproject.org - - buildhw-riscv-20.fedoraproject.org - - buildhw-riscv-21.fedoraproject.org - - buildhw-riscv-22.fedoraproject.org - - buildhw-riscv-23.fedoraproject.org - - buildhw-riscv-24.fedoraproject.org - - buildhw-riscv-25.fedoraproject.org - - buildhw-riscv-26.fedoraproject.org - - buildhw-riscv-27.fedoraproject.org - - buildhw-riscv-28.fedoraproject.org - - buildhw-riscv-29.fedoraproject.org - - buildhw-riscv-30.fedoraproject.org - - buildhw-riscv-31.fedoraproject.org - - buildhw-riscv-32.fedoraproject.org - - buildhw-riscv-33.fedoraproject.org - - buildhw-riscv-34.fedoraproject.org - - buildhw-riscv-35.fedoraproject.org - - buildhw-riscv-36.fedoraproject.org - - buildhw-riscv-37.fedoraproject.org - - buildhw-riscv-38.fedoraproject.org - - buildhw-riscv-39.fedoraproject.org - - buildhw-riscv-40.fedoraproject.org diff --git a/playbooks/manual/sign-and-import.yml b/playbooks/manual/sign-and-import.yml index 479d157238..0f2d111030 100644 --- a/playbooks/manual/sign-and-import.yml +++ b/playbooks/manual/sign-and-import.yml @@ -14,8 +14,7 @@ # TODO -- grab rpms from koji build/task ids beforehand? # TODO -- other arches than x86_64? ---- -- name: Batch sign and import a directory full of rpms +- name: batch sign and import a directory full of rpms user: root hosts: localhost connection: local @@ -25,7 +24,7 @@ # It would be nice to be able to toggle this from the command line. vars: - repodir: /mnt/fedora/app/fi-repo/{% if testing %}testing/{% endif %}{{ rhel }} - - testing: false + - testing: False tasks: - fail: msg="Please use the infra tags from now on" @@ -40,41 +39,41 @@ # TODO -- I'd also like to fail if rpmdir does not exist. # TODO -- I'd also like to fail if there are no *.rpm files in there. - - name: Sign all the rpms with our gpg key - ansible.builtin.shell: /bin/rpm --resign {{ rpmdir }}/*.rpm + - name: sign all the rpms with our gpg key + shell: /bin/rpm --resign {{ rpmdir }}/*.rpm - - name: Make a directory where we store the rpms afterwards - ansible.builtin.file: path={{ rpmdir }}-old state=directory + - name: make a directory where we store the rpms afterwards + file: path={{ rpmdir }}-old state=directory - - name: Copy the source rpms to the SRPMS dir of {{ repodir }} - ansible.builtin.copy: src={{ item }} dest={{ repodir }}/SRPMS/ + - name: copy the source rpms to the SRPMS dir of {{ repodir }} + copy: src={{ item }} dest={{ repodir }}/SRPMS/ with_fileglob: - - "{{ rpmdir }}/*.src.rpm" + - "{{ rpmdir }}/*.src.rpm" - - name: Move processed srpms out to {{ rpmdir }}-old - ansible.builtin.command: /bin/mv {{ item }} {{ rpmdir }}-old/ + - name: move processed srpms out to {{ rpmdir }}-old + command: /bin/mv {{ item }} {{ rpmdir }}-old/ when: not testing with_fileglob: - - "{{ rpmdir }}/*.src.rpm" + - "{{ rpmdir }}/*.src.rpm" - - name: Copy the binary rpms to the x86_64 dir of {{ repodir }} - ansible.builtin.copy: src={{ item }} dest={{ repodir }}/x86_64/ + - name: copy the binary rpms to the x86_64 dir of {{ repodir }} + copy: src={{ item }} dest={{ repodir }}/x86_64/ with_fileglob: - - "{{ rpmdir }}/*.rpm" + - "{{ rpmdir }}/*.rpm" - - name: Copy the binary rpms to the i386 dir of {{ repodir }} - ansible.builtin.copy: src={{ item }} dest={{ repodir }}/i386/ + - name: copy the binary rpms to the i386 dir of {{ repodir }} + copy: src={{ item }} dest={{ repodir }}/i386/ with_fileglob: - - "{{ rpmdir }}/*.rpm" + - "{{ rpmdir }}/*.rpm" - - name: Move processed rpms out to {{ rpmdir }}-old - ansible.builtin.command: /bin/mv {{ item }} {{ rpmdir }}-old/ + - name: move processed rpms out to {{ rpmdir }}-old + command: /bin/mv {{ item }} {{ rpmdir }}-old/ when: not testing with_fileglob: - - "{{ rpmdir }}/*.rpm" + - "{{ rpmdir }}/*.rpm" - name: Run createrepo on each repo - ansible.builtin.command: createrepo --update {{ repodir }}/{{ item }}/ + command: createrepo --update {{ repodir }}/{{ item }}/ with_items: - SRPMS - x86_64 diff --git a/playbooks/manual/sign-vault.yml b/playbooks/manual/sign-vault.yml index cd677f9c11..9a54454211 100644 --- a/playbooks/manual/sign-vault.yml +++ b/playbooks/manual/sign-vault.yml @@ -6,16 +6,15 @@ # Access is via management interface only. This playbook does initial setup. # Please check with rel-eng before doing anything here. ---- -- name: Make sign-vault server vm (secondary and stg only) - hosts: sign-vault01.stg.iad2.fedoraproject.org +- name: make sign-vault server vm (secondary and stg only) + hosts: secondary-vault01.phx2.fedoraproject.org:sign-vault01.stg.phx2.fedoraproject.org user: root - gather_facts: false + gather_facts: False vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - import_tasks: "{{ tasks_path }}/virt_instance_create.yml" @@ -23,26 +22,25 @@ handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" -- name: Make sign vault server - hosts: sign_vault +- name: make sign vault server + hosts: sign-vault user: root gather_facts: true vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - rkhunter - - { role: linux-system-roles.nbde_client, when: datacenter == 'iad2' } - - { role: serial-console, when: datacenter == 'iad2'} + - serial-console - sigul/server - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README + tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/manual/staging-sync/badges.yml b/playbooks/manual/staging-sync/badges.yml deleted file mode 100644 index 1d90ef3580..0000000000 --- a/playbooks/manual/staging-sync/badges.yml +++ /dev/null @@ -1,58 +0,0 @@ -# This playbook syncs the production badges instance with staging. ---- -- name: Bring staging services down - hosts: os-control01.stg.iad2.fedoraproject.org - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - ansible.builtin.command: oc -n badges scale dc/frontend --replicas=0 - - ansible.builtin.command: oc -n badges scale dc/consumer --replicas=0 - -# Here's the meaty part in the middle -- name: Drop and re-create the staging db entirely - hosts: db01.stg.iad2.fedoraproject.org - user: root - become: yes - become_user: postgres - become_method: sudo - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/vars/apps/badges.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - ansible.builtin.copy: - src: /srv/web/infra/db-dumps/{{ badges_db_name }}.dump.xz - dest: /var/tmp/{{ badges_db_name }}.dump.xz - owner: postgres - group: postgres - - ansible.builtin.command: unxz /var/tmp/{{ badges_db_name }}.dump.xz - args: - creates: /var/tmp/{{ badges_db_name }}.dump - - ansible.builtin.command: dropdb {{ badges_db_name }} - - ansible.builtin.command: createdb -O {{ tahrirDBUser }} {{ badges_db_name }} - - name: Import the prod db. - ansible.builtin.shell: cat /var/tmp/{{ badges_db_name }}.dump | psql {{ badges_db_name }} - - ansible.builtin.file: path=/var/tmp/{{ badges_db_name }}.dump state=absent - - name: rename prod users to staging users - ansible.builtin.shell: psql -v ON_ERROR_STOP=1 {{ badges_db_name }} <<< "UPDATE persons SET email = REPLACE(email, '@fedoraproject.org', '@stg.fedoraproject.org')" - -- name: Bring staging services up - hosts: os-control01.stg.iad2.fedoraproject.org - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - ansible.builtin.command: oc -n badges scale dc/frontend --replicas=1 - - ansible.builtin.command: oc -n badges scale dc/consumer --replicas=1 diff --git a/playbooks/manual/staging-sync/bodhi.yml b/playbooks/manual/staging-sync/bodhi.yml index 515384b7c6..ae3a79c17e 100644 --- a/playbooks/manual/staging-sync/bodhi.yml +++ b/playbooks/manual/staging-sync/bodhi.yml @@ -1,110 +1,124 @@ # This playbook syncs the production bodhi instance with staging. ---- -- name: Bring staging services down (httpd) - hosts: bodhi2_stg + + +- name: bring staging services down (httpd) + hosts: bodhi2-stg user: root vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - service: name=httpd state=stopped -- name: Bring staging services down (OpenShift web services) - hosts: os-control01.stg.iad2.fedoraproject.org +- name: bring staging services down (fedmsg-hub) + hosts: bodhi-backend-stg user: root vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - - ansible.builtin.command: oc -n bodhi scale dc/bodhi-web --replicas=0 - - ansible.builtin.command: oc -n bodhi scale dc/bodhi-consumer --replicas=0 - - ansible.builtin.command: oc -n bodhi scale dc/bodhi-celery --replicas=0 - -- name: Bring staging services down (messaging) - hosts: bodhi_backend_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - service: - name: "{{ item }}" - state: stopped - with_items: - - fm-consumer@config.service - - bodhi-celery + - service: name=fedmsg-hub state=stopped # Here's the meaty part in the middle -- name: Drop and re-create the staging db entirely - hosts: db01.stg.iad2.fedoraproject.org +- name: drop and re-create the staging db entirely + hosts: pgbdr01.stg.phx2.fedoraproject.org user: root become: yes become_user: postgres become_method: sudo vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - - ansible.builtin.copy: - src: /srv/web/infra/db-dumps/bodhi2.dump.xz - dest: /var/tmp/bodhi2.dump.xz - owner: postgres - group: postgres - - ansible.builtin.command: unxz /var/tmp/bodhi2.dump.xz + - copy: src=/srv/web/infra/db-dumps/bodhi2.dump.xz dest=/var/tmp/bodhi2.dump.xz + owner=postgres group=postgres + - command: unxz /var/tmp/bodhi2.dump.xz creates=/var/tmp/bodhi2.dump - - ansible.builtin.command: dropdb bodhi2 - - ansible.builtin.command: createdb -O bodhi2 bodhi2 + - command: sed -i "s/CREATE DATABASE bodhi2.*/SET bdr.permit_ddl_locking = true;/" /var/tmp/bodhi2.dump + - command: sed -i "s/connect bodhi2/connect bodhi2\nSET bdr.permit_ddl_locking = true;/" /var/tmp/bodhi2.dump + - shell: > + psql -e --set ON_ERROR_STOP=on --set VERBOSITY verbose bodhi2 <<< " + BEGIN; + SET LOCAL bdr.permit_ddl_locking = on; + DELETE FROM alembic_version; + DROP TABLE IF EXISTS comments CASCADE; + DROP TABLE IF EXISTS groups CASCADE; + DROP TABLE IF EXISTS cves CASCADE; + DROP TABLE IF EXISTS packages CASCADE; + DROP TABLE IF EXISTS stacks CASCADE; + DROP TABLE IF EXISTS stack_user_table CASCADE; + DROP TABLE IF EXISTS update_cve_table CASCADE; + DROP TABLE IF EXISTS releases CASCADE; + DROP TABLE IF EXISTS comment_bug_assoc CASCADE; + DROP TABLE IF EXISTS comment_testcase_assoc CASCADE; + DROP TABLE IF EXISTS stack_group_table CASCADE; + DROP TABLE IF EXISTS testcases CASCADE; + DROP TABLE IF EXISTS buildroot_overrides CASCADE; + DROP TABLE IF EXISTS bug_cve_table CASCADE; + DROP TABLE IF EXISTS users CASCADE; + DROP TABLE IF EXISTS builds CASCADE; + DROP TABLE IF EXISTS updates CASCADE; + DROP TABLE IF EXISTS bugs CASCADE; + DROP TABLE IF EXISTS update_bug_table CASCADE; + DROP TABLE IF EXISTS user_group_table CASCADE; + DROP TABLE IF EXISTS user_package_table CASCADE; + DROP TYPE IF EXISTS ck_ci_status CASCADE; + DROP TYPE IF EXISTS ck_content_type CASCADE; + DROP TYPE IF EXISTS ck_release_state CASCADE; + DROP TYPE IF EXISTS ck_update_request CASCADE; + DROP TYPE IF EXISTS ck_update_severity CASCADE; + DROP TYPE IF EXISTS ck_update_status CASCADE; + DROP TYPE IF EXISTS ck_update_suggestion CASCADE; + DROP TYPE IF EXISTS ck_update_type CASCADE; + DROP TYPE IF EXISTS bug_cve_table CASCADE; + DROP TYPE IF EXISTS bugs CASCADE; + DROP TYPE IF EXISTS buildroot_overrides CASCADE; + COMMIT; + " + register: drop_script - name: Import the prod db. - ansible.builtin.shell: cat /var/tmp/bodhi2.dump | psql bodhi2 - - ansible.builtin.file: path=/var/tmp/bodhi2.dump state=absent + shell: cat /var/tmp/bodhi2.dump | psql bodhi2 + register: import_script + - file: path=/var/tmp/bodhi2.dump state=absent -- name: Bring staging services up (OpenShift web services) - hosts: os-control01.stg.iad2.fedoraproject.org +- name: Debug the psql drop script + hosts: bodhi-backend01.stg.phx2.fedoraproject.org user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - tasks: - - ansible.builtin.command: oc -n bodhi scale dc/bodhi-web --replicas=1 - - ansible.builtin.command: oc -n bodhi scale dc/bodhi-consumer --replicas=1 - - ansible.builtin.command: oc -n bodhi scale dc/bodhi-celery --replicas=1 + - copy: + content: "{{ hostvars['pgbdr01.stg.phx2.fedoraproject.org']['drop_script'].stdout }}\n{{ hostvars['pgbdr01.stg.phx2.fedoraproject.org']['drop_script'].stderr }}" + dest: /tmp/bodhi_drop.debug + - copy: + content: "{{ hostvars['pgbdr01.stg.phx2.fedoraproject.org']['import_script'].stdout }}\n{{ hostvars['pgbdr01.stg.phx2.fedoraproject.org']['import_script'].stderr }}" + dest: /tmp/bodhi_import.debug -- name: Bring staging services up (httpd) - hosts: bodhi2_stg +- name: bring staging services up (httpd) + hosts: bodhi2-stg user: root vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - service: name=httpd state=started -- name: Bring staging services up (messaging) - hosts: bodhi_backend_stg +- name: bring staging services up (fedmsg-hub) + hosts: bodhi-backend-stg user: root vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - - service: - name: "{{ item }}" - state: stopped - with_items: - - fm-consumer@config.service - - bodhi-celery + - service: name=fedmsg-hub state=started diff --git a/playbooks/manual/staging-sync/db-sync.yml b/playbooks/manual/staging-sync/db-sync.yml index f8287ad4fb..fdf2c4dabe 100644 --- a/playbooks/manual/staging-sync/db-sync.yml +++ b/playbooks/manual/staging-sync/db-sync.yml @@ -4,138 +4,122 @@ # Usage: # --extra-vars="dbhost='db01' server='pkgdb01.stg' db='pkgdb2'" # dbhost => The hostname for the database server (db01, db02...), the -# .iad2.fedoraproject.org part is automatically added. +# .phx2.fedoraproject.org part is automatically added. # Since this playbook syncs from stg to prod only, it is assumed you # are migrating from dbX to dbX.stg) # server => The application server where apache will be turned off during the # sync. /!\ it should be the *stg* server, not prod (the one you want # to load the new DB for) -# Can be a full hostname (foo01.iad2.fp.o) or a group (foo-stg) or an -# emptry string (''), for example if the app is running in openshift. +# Can be a full hostname (foo01.phx2.fp.o) or a group, foo-stg # db => The database name on both database server (must be the same) ---- -- name: Dump the prod db out - hosts: "{{ dbhost }}.iad2.fedoraproject.org" +- name: bring staging services down + hosts: "{{ server }}" + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - service: name=httpd state=stopped + +- name: dump the prod db out + hosts: "{{ dbhost }}.phx2.fedoraproject.org" user: root become: yes become_user: postgres become_method: sudo vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - name: Dumping the production db. This might take a minute. Go out to the lobby! - ansible.builtin.shell: pg_dump -C {{ db }} |xz -c > /var/tmp/{{ db }}.dump.xz + shell: pg_dump -C {{ db }} |xz -c > /var/tmp/{{ db }}.dump.xz - # Get the dump from `from` in the batcave - - name: Export the dump from the dbhost in prod to batcave - fetch: - src: /var/tmp/{{ db }}.dump.xz - dest: /var/tmp/ - flat: yes + # Get the dump from `from` in the batcave + - fetch: + src: /var/tmp/{{ db }}.dump.xz + dest: /var/tmp/ + flat: yes -- name: Bring staging services down - hosts: "{{ server or 'batcave01.iad2.fedoraproject.org' }}" - user: root - any_errors_fatal: false - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - name: Stop apache - service: name=httpd state=stopped - when: (server is defined) and (server|length > 0) - -- name: Drop and re-create the staging db entirely - hosts: "{{ dbhost }}.stg.iad2.fedoraproject.org" +- name: drop and re-create the staging db entirely + hosts: "{{ dbhost }}.stg.phx2.fedoraproject.org" user: root become: yes become_user: postgres become_method: sudo vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - # push dump to stg from batcave - - name: Push the DB dump from batcave to the dbhost in stg - ansible.builtin.copy: - src: /var/tmp/{{ db }}.dump.xz - dest: /var/tmp/{{ db }}.dump.xz + # push dump to stg from batcave + - copy: + src: /var/tmp/{{ db }}.dump.xz + dest: /var/tmp/{{ db }}.dump.xz - - name: Unpack the archive - ansible.builtin.command: unxz /var/tmp/{{ db }}.dump.xz + - command: unxz /var/tmp/{{ db }}.dump.xz creates=/var/tmp/{{ db }}.dump - - name: Drop the postgresql database in staging - ansible.builtin.command: dropdb {{ db }} - ignore_errors: yes - - - name: Create the postgresql database in staging - ansible.builtin.command: createdb {{ db }} - + - command: dropdb {{ db }} + - command: createdb {{ db }} - name: Import the prod db. This will take quite a while. Go get a snack! - ansible.builtin.shell: cat /var/tmp/{{ db }}.dump | psql {{ db }} + shell: cat /var/tmp/{{ db }}.dump | psql {{ db }} -- name: Bring staging services up - hosts: "{{ server or 'batcave01.iad2.fedoraproject.org' }}" +- name: bring staging services up + hosts: "{{ server }}" user: root - any_errors_fatal: false vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - - name: Restart apache - service: name=httpd state=started - when: (server is defined) and (server|length > 0) + - service: name=httpd state=started - name: Remove the prod db dump now that we are done - hosts: "{{ dbhost }}.iad2.fedoraproject.org" + hosts: "{{ dbhost }}.phx2.fedoraproject.org" user: root become: yes become_user: postgres become_method: sudo vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - name: Remove the db dump on the prod server - ansible.builtin.command: rm -f /var/tmp/{{ db }}.dump.xz + command: rm -f /var/tmp/{{ db }}.dump.xz - name: Remove the prod db dump on batcave - hosts: batcave01.iad2.fedoraproject.org + hosts: batcave01.phx2.fedoraproject.org user: root vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - - name: Remove the DB dump from batcave - ansible.builtin.command: rm -f /var/tmp/{{ db }}.dump.xz + - command: rm -f /var/tmp/{{ db }}.dump.xz + diff --git a/playbooks/manual/staging-sync/fas.yml b/playbooks/manual/staging-sync/fas.yml new file mode 100644 index 0000000000..71a62fc42e --- /dev/null +++ b/playbooks/manual/staging-sync/fas.yml @@ -0,0 +1,120 @@ +# This playbook syncs the production fas with staging and manages all +# the steps we need to keep our setup intact. +# + +- name: bring staging services down + hosts: fas01.stg.phx2.fedoraproject.org + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - service: name=httpd state=stopped + +- name: dump the prod db out + hosts: db-fas01.phx2.fedoraproject.org + user: root + become: yes + become_user: postgres + become_method: sudo + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - name: Dumping the production db. This might take a minute. Go out to the lobby! + shell: pg_dump -C fas2 |xz -c > /var/tmp/fas2.dump.xz +# +# pull dump from prod to batcave +# + - fetch: + src: /var/tmp/fas2.dump.xz + dest: /var/tmp/ + flat: yes + +- name: drop and re-create the staging db entirely + hosts: db-fas01.stg.phx2.fedoraproject.org + user: root + become: yes + become_user: postgres + become_method: sudo + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: +# +# push dump to stg from batcave +# + - copy: + src: /var/tmp/fas2.dump.xz + dest: /var/tmp/fas2.dump.xz + + - command: unxz /var/tmp/fas2.dump.xz + creates=/var/tmp/fas2.dump + + - command: dropdb fas2 + - command: createdb fas2 + - name: Import the prod db. This will take quite a while. Go get a snack! + shell: cat /var/tmp/fas2.dump | psql fas2 + - command: rm -f /var/tmp/fas2.dump /var/tmp/fas2.dump.xz + +- name: bring staging services up + hosts: fas01.stg.phx2.fedoraproject.org + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - service: name=httpd state=started + +- name: Remove the prod db dump now that we are done + hosts: db-fas01.phx2.fedoraproject.org + user: root + become: yes + become_user: postgres + become_method: sudo + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - name: Remove the db dump on the prod server + command: rm -f /var/tmp/fas2.dump.xz + +- name: Remove the prod db dump on batcave + hosts: batcave01.phx2.fedoraproject.org + user: root + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: +# +# delete tmp dump on batcave01 +# + - command: rm -f /var/tmp/fas2.dump.xz diff --git a/playbooks/manual/staging-sync/koji.yml b/playbooks/manual/staging-sync/koji.yml index cabb4edaaa..4ac9e96a18 100644 --- a/playbooks/manual/staging-sync/koji.yml +++ b/playbooks/manual/staging-sync/koji.yml @@ -9,163 +9,80 @@ # https://lists.fedoraproject.org/pipermail/buildsys/2015-June/004779.html ---- -- name: Bring staging services down - hosts: koji_stg +- name: bring staging services down + hosts: koji-stg user: root vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - service: name=httpd state=stopped + - service: name=kojid state=stopped - service: name=kojira state=stopped -- name: Drop and re-create the staging db entirely - hosts: db-koji01.stg.iad2.fedoraproject.org +- name: drop and re-create the staging db entirely + hosts: db-koji01.stg.phx2.fedoraproject.org user: root become: yes become_user: postgres become_method: sudo - tags: - - db-sync - vars: - - builder_groups: - - name: buildvm_stg - arches: i386 x86_64 - extra_channels: - - container - - createrepo - - livemedia - - name: buildvm_aarch64_stg - arches: aarch64 - - name: buildvm_ppc64le_stg - arches: ppc64le - - name: buildvm_s390x_stg - arches: s390x - # Users allowed to use content generators, only in staging - - cg_users: - - user_name: obudai - cg_name: osbuild vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - - ansible.builtin.template: src=templates/koji-reset-staging.sql dest=/var/lib/pgsql/koji-reset-staging.sql - tags: - - db-sync-script + - template: src=templates/koji-reset-staging.sql dest=/var/lib/pgsql/koji-reset-staging.sql + - copy: + src=/srv/web/infra/db-dumps/koji.dump.xz + dest=/var/tmp/koji.dump.xz + owner=postgres + group=postgres + - command: unxz /var/tmp/koji.dump.xz + creates=/var/tmp/koji.dump - - postgresql_user: name=koji password={{ kojiPassword }} - when: env != "staging" - - postgresql_user: name=koji password={{ kojiStgPassword }} - when: env == "staging" - - postgresql_user: name=backup - - postgresql_db: name=koji state=absent -# buildroot_listing is excluded from the sync to save some time -# TODO: install mbuffer on db-koji.stg +# TODO -- stop replication and wipe db's + + - command: dropdb koji + - command: createdb -O koji koji - name: Import the prod db. This will take quite a while. Go get a snack! - ansible.builtin.shell: > - curl -s -S https://infrastructure.fedoraproject.org/infra/db-dumps/koji.dump.xz | - mbuffer -q -s 8M -m 128M -l /tmp/mbuffer-curl-to-xz.log | - xzcat | - mbuffer -q -s 16M -m 256M -l /tmp/mbuffer-xz-to-sed.log | - sed '/COPY buildroot_listing /,/\./d' | - mbuffer -q -s 16M -m 512M -l /tmp/mbuffer-sed-to-psql.log | - psql -v ON_ERROR_STOP=1 - - name: Repoint all the prod rpm entries at the secondary volume (and other stuff) - ansible.builtin.shell: psql -1 -v ON_ERROR_STOP=1 koji + koschei-admin psql <<< " + BEGIN; + SET LOCAL bdr.permit_ddl_locking = true; + UPDATE base_package SET all_blocked = true; + UPDATE collection SET latest_repo_id = null, latest_repo_resolved = null; + DROP TABLE buildroot_problem; + DROP TABLE package CASCADE; + DROP TABLE build CASCADE; + DROP TABLE applied_change CASCADE; + DROP TABLE unapplied_change CASCADE; + DROP TABLE dependency CASCADE; + DROP TABLE koji_task CASCADE; + DROP TABLE resolution_change CASCADE; + DROP TABLE resolution_problem CASCADE; + DROP TABLE copr_rebuild_request CASCADE; + DROP TABLE copr_resolution_change CASCADE; + DROP TABLE copr_rebuild CASCADE; + DROP TABLE scalar_stats CASCADE; + DROP TABLE resource_consumption_stats CASCADE; + COMMIT; + " + - command: koschei-admin create-db - - name: Delete all pods - ansible.builtin.shell: oc -n koschei delete pod --all +- name: bring koschei staging services up + hosts: koschei-backend-stg:koschei-web-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" - - name: Drop koschei database - postgresql_db: name=koschei state=absent - become: yes - become_user: postgres - delegate_to: "{{ koschei_pgsql_hostname }}" - - - name: Create empty koschei database - postgresql_db: name=koschei owner=koscheiadmin - become: yes - become_user: postgres - delegate_to: "{{ koschei_pgsql_hostname }}" - - - name: Populate koschei database with schema and initial data - include_role: name=openshift-apps/koschei/job - vars: - job_app: "{{ app }}" - job_name: db-create - job_command: "koschei-admin create-db && koschei-admin create-collection f41 --display-name 'Fedora Rawhide' --target f41 --bugzilla-product Fedora --bugzilla-version rawhide && koschei-admin create-group php" - - - name: Resume all deployments - ansible.builtin.shell: oc -n koschei rollout resume deploy + tasks: + - service: name={{ item }} state=started + when: '"backend" in ansible_hostname' + with_items: "{{ koschei_backend_services }}" + - service: name=httpd state=started + when: '"web" in ansible_hostname' diff --git a/playbooks/manual/staging-sync/mailman.yml b/playbooks/manual/staging-sync/mailman.yml index b8b841ff8f..5104c60a1a 100644 --- a/playbooks/manual/staging-sync/mailman.yml +++ b/playbooks/manual/staging-sync/mailman.yml @@ -2,14 +2,13 @@ # the steps we need to keep our setup intact. ---- -- name: Bring staging services down +- name: bring staging services down hosts: mailman-stg user: root vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" @@ -19,50 +18,50 @@ - service: name=mailman3 state=stopped -- name: Drop and re-create the staging dbs entirely - hosts: db01.stg.iad2.fedoraproject.org +- name: drop and re-create the staging dbs entirely + hosts: db01.stg.phx2.fedoraproject.org user: root become: yes become_user: postgres become_method: sudo vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - # - ansible.builtin.template: src=templates/mailman-reset-staging.sql dest=/var/lib/pgsql/mailman-reset-staging.sql - - ansible.builtin.copy: - src: /srv/web/infra/db-dumps/mailman.dump.xz - dest: /var/tmp/mailman.dump.xz - owner: postgres - group: postgres - - ansible.builtin.command: unxz /var/tmp/mailman.dump.xz + #- template: src=templates/mailman-reset-staging.sql dest=/var/lib/pgsql/mailman-reset-staging.sql + - copy: + src=/srv/web/infra/db-dumps/mailman.dump.xz + dest=/var/tmp/mailman.dump.xz + owner=postgres + group=postgres + - command: unxz /var/tmp/mailman.dump.xz creates=/var/tmp/mailman.dump - - ansible.builtin.command: dropdb mailman - - ansible.builtin.command: createdb -O mailmanadmin mailman + - command: dropdb mailman + - command: createdb -O mailmanadmin mailman - name: Import the prod db. This will take quite a while. Go get a snack! - ansible.builtin.command: psql -f /var/tmp/mailman.dump mailman - # - name: Fix the database - # ansible.builtin.shell: psql -f /var/lib/pgsql/mailman-reset-staging.sql mailman + command: psql -f /var/tmp/mailman.dump mailman + #- name: Fix the database + # shell: psql -f /var/lib/pgsql/mailman-reset-staging.sql mailman - # - ansible.builtin.template: src=templates/hyperkitty-reset-staging.sql dest=/var/lib/pgsql/hyperkitty-reset-staging.sql - - ansible.builtin.copy: - src: /srv/web/infra/db-dumps/hyperkitty.dump.xz - dest: /var/tmp/hyperkitty.dump.xz - owner: postgres - group: postgres - - ansible.builtin.command: unxz /var/tmp/hyperkitty.dump.xz + #- template: src=templates/hyperkitty-reset-staging.sql dest=/var/lib/pgsql/hyperkitty-reset-staging.sql + - copy: + src=/srv/web/infra/db-dumps/hyperkitty.dump.xz + dest=/var/tmp/hyperkitty.dump.xz + owner=postgres + group=postgres + - command: unxz /var/tmp/hyperkitty.dump.xz creates=/var/tmp/hyperkitty.dump - - ansible.builtin.command: dropdb hyperkitty - - ansible.builtin.command: createdb -O hyperkittyadmin hyperkitty + - command: dropdb hyperkitty + - command: createdb -O hyperkittyadmin hyperkitty - name: Import the prod db. This will take quite a while. Go get a snack! - ansible.builtin.command: psql -f /var/tmp/hyperkitty.dump hyperkitty - # - name: Fix the database - # ansible.builtin.shell: psql -f /var/lib/pgsql/hyperkitty-reset-staging.sql hyperkitty + command: psql -f /var/tmp/hyperkitty.dump hyperkitty + #- name: Fix the database + # shell: psql -f /var/lib/pgsql/hyperkitty-reset-staging.sql hyperkitty # TODO: reindex emails (fulltext)? Not a full-reindex, it may take days. @@ -71,24 +70,24 @@ hosts: batcave user: root vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - name: Nuke the prod db dump that we cached on batcave - ansible.builtin.file: path=/var/tmp/prod-mailman-dump/ state=absent + file: path=/var/tmp/prod-mailman-dump/ state=absent -- name: Convert the data to staging and bring services back up. This will take a while too. +- name: convert the data to staging and bring services back up. This will take a while too. hosts: mailman-stg user: root vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - - ansible.builtin.command: /srv/webui/bin/prod-to-stg.py + - command: /srv/webui/bin/prod-to-stg.py diff --git a/playbooks/manual/staging-sync/pdc.yml b/playbooks/manual/staging-sync/pdc.yml new file mode 100644 index 0000000000..a76f518109 --- /dev/null +++ b/playbooks/manual/staging-sync/pdc.yml @@ -0,0 +1,72 @@ +# This playbook syncs the production pdc instance with staging. + + +- name: bring staging services down (httpd) + hosts: pdc-web-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - service: name=httpd state=stopped + +- name: bring staging services down (fedmsg-hub) + hosts: pdc-backend-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - service: name=fedmsg-hub state=stopped + +# Here's the meaty part in the middle +- name: drop and re-create the staging db entirely + hosts: db01.stg.phx2.fedoraproject.org + user: root + become: yes + become_user: postgres + become_method: sudo + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - copy: src=/srv/web/infra/db-dumps/pdc.dump.xz dest=/var/tmp/pdc.dump.xz + owner=postgres group=postgres + - command: unxz /var/tmp/pdc.dump.xz + creates=/var/tmp/pdc.dump + - command: dropdb pdc + - command: createdb -O pdc pdc + - name: Import the prod db. + shell: cat /var/tmp/pdc.dump | psql pdc + - file: path=/var/tmp/pdc.dump state=absent + +- name: bring staging services up (httpd) + hosts: pdc-web-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - service: name=httpd state=started + +- name: bring staging services up (fedmsg-hub) + hosts: pdc-backend-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - service: name=fedmsg-hub state=started diff --git a/playbooks/manual/staging-sync/scripts/create-pkgdb-stg-modules.py b/playbooks/manual/staging-sync/scripts/create-pkgdb-stg-modules.py new file mode 100755 index 0000000000..0121e458d2 --- /dev/null +++ b/playbooks/manual/staging-sync/scripts/create-pkgdb-stg-modules.py @@ -0,0 +1,74 @@ +#!/usr/bin/env python +""" Create modules/ pkgdb entries in staging. + +""" + +import argparse +import sys + +import pkgdb2client + +parser = argparse.ArgumentParser(description='Create new modules in stg pkgdb') +parser.add_argument('--users', + help='A comma separated list of users ' + 'to get acls on the new modules.') +parser.add_argument('--modules', + help='A comma separated list of module ' + 'names to be created in staging.') +args = parser.parse_args() +users = [user.strip() for user in args.users.split(',')] +modules = [module.strip() for module in args.modules.split(',')] + + +print "%r will get full ACLs on new modules %r" % (users, modules) +response = raw_input("Does that look correct? [y/N]") +if response.lower() != 'y': + print "Exiting." + sys.exit(0) +else: + print "Ok." + + +client = pkgdb2client.PkgDB( + 'https://admin.stg.fedoraproject.org/pkgdb', + login_callback=pkgdb2client.ask_password, +) + +modules = [ { + 'name': name, + 'summary': 'The %s module' % name, + 'description': 'This is a test entry for modularity development.', + 'review_url': 'https://fedoraproject.org/wiki/Modularity', + 'upstream_url': 'https://fedoraproject.org/wiki/Modularity', + 'status': 'Approved', + 'namespace': 'modules', +} for name in modules] + + +for module in modules: + print "Handling %s/%s" % (module['namespace'], module['name']) + client.create_package( + pkgname=module['name'], + summary=module['summary'], + description=module['description'], + review_url=module['review_url'], + status=module['status'], + shouldopen='whatever', # unused.. + branches='master', + poc=users[0], + upstream_url=module['upstream_url'], + namespace=module['namespace'], + critpath=False, + #monitoring_status=False, + #koschei=False + ) + for user in users: + print " Granting all to %r" % user + client.update_acl( + pkgname=module['name'], + namespace=module['namespace'], + branches='master', + acls=['watchcommits', 'watchbugzilla', 'approveacls', 'commit'], + status='Approved', + user=user, + ) diff --git a/playbooks/manual/staging-sync/scripts/export-pkgdb-stg-modules.py b/playbooks/manual/staging-sync/scripts/export-pkgdb-stg-modules.py new file mode 100644 index 0000000000..8e06096cb5 --- /dev/null +++ b/playbooks/manual/staging-sync/scripts/export-pkgdb-stg-modules.py @@ -0,0 +1,21 @@ +#!/usr/bin/env python +""" Save the staging modules/ pkgdb entries to a local json file. + +Use this script to save pkgdb modules/ entries in staging before wiping the db. +""" + +import json + +import requests + +filename = 'old-modules.json' + +response = requests.get( + 'https://admin.stg.fedoraproject.org/pkgdb/api/packages/', + params=dict(namespace='modules'), +) +data = response.json() +with open(filename, 'wb') as f: + f.write(json.dumps(data, indent=2).encode('utf-8')) + +print "Wrote %s" % filename diff --git a/playbooks/manual/staging-sync/scripts/restore-pkgdb-stg-modules.py b/playbooks/manual/staging-sync/scripts/restore-pkgdb-stg-modules.py new file mode 100644 index 0000000000..3217d6948f --- /dev/null +++ b/playbooks/manual/staging-sync/scripts/restore-pkgdb-stg-modules.py @@ -0,0 +1,60 @@ +#!/usr/bin/env python +""" Restore modules/ pkgdb entries in staging. + +Use this script to restore pkgdb entries in staging after having wiped that db. + +The workflow usually goes: + +- Run the `export-pkgdb-stg-modules.py` script. This will save the modules and + their acls out to a local `old-modules.json` file. +- Run the `playbooks/manual/staging-sync/db-sync.yml` playbook. This will nuke + the staging pkgdb db and replace it with a copy of the current production + pkgdb db. +- Run this `restore-pkgdb-stg-modules.py` script. It will read in that + `old-modules.json` script and then recreate those entries in the new fresh + staging db. + +""" + +import json + +import pkgdb2client + +client = pkgdb2client.PkgDB( + 'https://admin.stg.fedoraproject.org/pkgdb', + login_callback=pkgdb2client.ask_password, +) + +with open('old-modules.json', 'rb') as f: + data = json.loads(f.read().decode('utf-8')) + +for package in data['packages']: + print "Handling %s/%s" % (package['namespace'], package['name']) + client.create_package( + pkgname=package['name'], + summary=package['summary'], + description=package['description'], + review_url=package['review_url'], + status=package['status'], + shouldopen='whatever', # unused.. + branches='master', + poc=package['acls'][0]['point_of_contact'], + upstream_url=package['upstream_url'], + namespace=package['namespace'], + critpath=False, + #monitoring_status=False, + #koschei=False + ) + users = set([i['fas_name'] for i in package['acls'][0]['acls']]) + for user in users: + print " Granting all to %r" % user + client.update_acl( + pkgname=package['name'], + namespace=package['namespace'], + branches='master', + acls=['watchcommits', 'watchbugzilla', 'approveacls', 'commit'], + status='Approved', + user=user, + ) + + diff --git a/playbooks/manual/staging-sync/templates/koji-reset-staging.sql b/playbooks/manual/staging-sync/templates/koji-reset-staging.sql index e9372e7594..f9b8d2f3ac 100644 --- a/playbooks/manual/staging-sync/templates/koji-reset-staging.sql +++ b/playbooks/manual/staging-sync/templates/koji-reset-staging.sql @@ -24,16 +24,11 @@ -- [unset kojihub ServerOffline setting] --- wipe obsolete table that only causes problems with the sync, could --- even be dropped entirely (together with imageinfo table). -select now() as time, 'wiping imageinfo listings' as msg; -delete from imageinfo_listing; - -- bump sequences (not strictly needed anymore) select now() as time, 'bumping sequences' as msg; -alter sequence task_id_seq restart with 140000000; -alter sequence repo_id_seq restart with 140000000; -alter sequence imageinfo_id_seq restart with 14000000; +alter sequence task_id_seq restart with 90000000; +alter sequence repo_id_seq restart with 9000000; +alter sequence imageinfo_id_seq restart with 900000; -- truncate sessions select now() as time, 'truncating sessions' as msg; @@ -58,17 +53,14 @@ update build set volume_id=(select id from volume where name='prod') where volum -- delete files from incomplete builds to keep DB in sync with -- filesystem; these builds are on default (staging) volume and their -- files are not there; keeping rpminfo's ma -delete from archive_rpm_components where rpm_id in (select id from rpminfo where build_id in (select id from build where state<>1)); -delete from image_listing where rpm_id in (select id from rpminfo where build_id in (select id from build where state<>1)); -delete from buildroot_listing where rpm_id in (select id from rpminfo where build_id in (select id from build where state<>1)); delete from rpminfo where build_id in (select id from build where state<>1); -- expire any active buildroots select now() as time, 'expiring active buildroots' as msg; -update standard_buildroot set state=3, retire_event=get_event() where state=0; +update buildroot set state=3, retire_event=get_event() where state=0; -- enable/disable hosts -update host_config set enabled=False where active; +update host set enabled=False; -- fix host_channels truncate host_channels; @@ -80,32 +72,73 @@ update repo set state = 3 where state in (0, 1, 2); -- add our staging builders, dynamically pulled from ansible inventory -{% for group in builder_groups %} -{% for host in groups[group.name] %} +-- The koji hub is x86_64 and i386 and has createrepo ability +{% for host in groups['koji-stg'] %} select now() as time, 'adding staging host {{ host }}' as msg; -delete from host_config where host_id in (select id from host where name='{{host}}'); -delete from host where name='{{ host }}'; -delete from user_krb_principals where user_id = (select id from users where name ='{{ host }}'); -delete from users where name='{{ host }}'; -insert into users (name, status, usertype) values ('{{ host }}', 0, 1); -insert into user_krb_principals (user_id, krb_principal) values ( - (select id from users where name ='{{ host }}'), 'compile/{{ host }}@STG.FEDORAPROJECT.ORG'); -insert into host (user_id, name) values ( - (select id from users where name='{{host}}'), '{{host}}'); -insert into host_config (host_id, arches, creator_id) values ( - (select id from host where name='{{host}}'), '{{ group.arches }}', 2045); -{% for channel in [ 'default', 'osbuild', 'appliance', 'vm', 'secure-boot', 'compose', 'eclipse', 'images', 'image'] + group.extra_channels|default([]) %} -insert into host_channels (host_id, channel_id, creator_id) values ( - (select id from host where name='{{host}}'), (select id from channels where name='{{channel}}'), 2045); +insert into users (name, usertype, krb_principal, status) values ('{{ host }}', 1, 'compile/{{ host }}@STG.FEDORAPROJECT.ORG', 0); +insert into host (user_id, name, arches) values ( + (select id from users where name='{{host}}'), '{{host}}', 'i386 x86_64'); +{% for channel in [ 'default', 'createrepo', 'maven', 'appliance', 'livemedia', 'vm', 'secure-boot', 'compose', 'eclipse', 'images', 'image'] %} +insert into host_channels (host_id, channel_id) values ( + (select id from host where name='{{host}}'), (select id from channels where name='{{channel}}')); {% endfor %} {% endfor %} + +-- The buildvms are x86_64 and i386 and also have createrepo ability +{% for host in groups['buildvm-stg'] %} +select now() as time, 'adding staging host {{ host }}' as msg; +insert into users (name, usertype, krb_principal, status) values ('{{ host }}', 1, 'compile/{{ host }}@STG.FEDORAPROJECT.ORG', 0); +insert into host (user_id, name, arches) values ( + (select id from users where name='{{host}}'), '{{host}}', 'i386 x86_64'); +{% for channel in [ 'default', 'createrepo', 'appliance', 'livemedia', 'vm', 'secure-boot', 'compose', 'eclipse', 'images', 'image'] %} +insert into host_channels (host_id, channel_id) values ( + (select id from host where name='{{host}}'), (select id from channels where name='{{channel}}')); +{% endfor %} +{% endfor %} + +-- The aarch64 builders are aarch64 and do not have createrepo + +{% for host in groups['buildvm-aarch64-stg'] %} +select now() as time, 'adding staging host {{ host }}' as msg; +insert into users (name, usertype, krb_principal, status) values ('{{ host }}', 1, 'compile/{{ host }}@STG.FEDORAPROJECT.ORG', 0); +insert into host (user_id, name, arches) values ( + (select id from users where name='{{host}}'), '{{host}}', 'aarch64'); +{% for channel in [ 'default', 'appliance', 'vm', 'secure-boot', 'compose', 'eclipse', 'images', 'image'] %} +insert into host_channels (host_id, channel_id) values ( + (select id from host where name='{{host}}'), (select id from channels where name='{{channel}}')); +{% endfor %} +{% endfor %} + +-- The ppc64 builders are ppc64 and do not have createrepo + +{% for host in groups['buildvm-ppc64-stg'] %} +select now() as time, 'adding staging host {{ host }}' as msg; +insert into users (name, usertype, krb_principal, status) values ('{{ host }}', 1, 'compile/{{ host }}@STG.FEDORAPROJECT.ORG', 0); +insert into host (user_id, name, arches) values ( + (select id from users where name='{{host}}'), '{{host}}', 'ppc64'); +{% for channel in [ 'default', 'appliance', 'vm', 'secure-boot', 'compose', 'eclipse', 'images', 'image'] %} +insert into host_channels (host_id, channel_id) values ( + (select id from host where name='{{host}}'), (select id from channels where name='{{channel}}')); +{% endfor %} +{% endfor %} + +-- The ppc64le builders are ppc64le and do not have createrepo + +{% for host in groups['buildvm-ppc64le-stg'] %} +select now() as time, 'adding staging host {{ host }}' as msg; +insert into users (name, usertype, krb_principal, status) values ('{{ host }}', 1, 'compile/{{ host }}@STG.FEDORAPROJECT.ORG', 0); +insert into host (user_id, name, arches) values ( + (select id from users where name='{{host}}'), '{{host}}', 'ppc64le'); +{% for channel in [ 'default', 'appliance', 'vm', 'secure-boot', 'compose', 'eclipse', 'images', 'image'] %} +insert into host_channels (host_id, channel_id) values ( + (select id from host where name='{{host}}'), (select id from channels where name='{{channel}}')); +{% endfor %} {% endfor %} -- Add some people to be admins, only in staging. Feel free to grow this list.. -{% for username in ['mizdebsk', 'psabata', 'jkaluza', 'fivaldi'] %} +{% for username in ['modularity', 'mizdebsk', 'ralph', 'psabata', 'puiterwijk', 'jkaluza', 'fivaldi', 'mprahl'] %} select now() as time, 'adding staging admin {{username}}' as msg; -insert into users (name, usertype, status) values ('{{username}}', 0, 0) on conflict do nothing; insert into user_perms (user_id, perm_id, active, creator_id) values ( (select id from users where name='{{username}}'), (select id from permissions where name='admin'), @@ -113,24 +146,14 @@ insert into user_perms (user_id, perm_id, active, creator_id) values ( (select id from users where name='{{username}}')); {% endfor %} --- Allow some users to use content generators, only in staging. -{% for cg_user in cg_users %} -insert into cg_users (cg_id, user_id, creator_id) values ( - (select id from content_generator where name='{{ cg_user.cg_name }}'), - (select id from users where name='{{ cg_user.user_name }}'), - (select id from users where name='{{ cg_user.user_name }}')); -{% endfor %} - -- Fix krb principals for some users -{% for user_id, principal in [('3445', 'compose/koji.stg.fedoraproject.org'), - ('3199', 'koschei/koschei-backend01.stg.iad2.fedoraproject.org'), - ('3139', 'hotness/hotness01.stg.iad2.fedoraproject.org'), - ('3538', 'osbs/osbs.stg.fedoraproject.org'), - ('428', 'bodhi/bodhi.stg.fedoraproject.org'), - ('3638', 'autosign/autosign01.stg.iad2.fedoraproject.org'), - ('129', 'kojira/koji.stg.fedoraproject.org')] %} -update user_krb_principals set krb_principal='{{principal}}@STG.FEDORAPROJECT.ORG' where user_id='{{user_id}}'; +{% for username, principal in [('releng', 'compose/koji.stg.fedoraproject.org'), + ('koschei', 'koschei/koschei-backend01.stg.phx2.fedoraproject.org'), + ('hotness', 'hotness/hotness01.stg.phx2.fedoraproject.org'), + ('containerbuild', 'osbs/osbs.stg.fedoraproject.org'), + ('kojira', 'kojira/koji.stg.fedoraproject.org@STG.FEDORAPROJECT.ORG')] %} +update users set krb_principal='{{principal}}@STG.FEDORAPROJECT.ORG' where username='{{username}}'; {% endfor %} -update user_krb_principals set krb_principal=replace(krb_principal, '@FEDORAPROJECT.ORG', '@STG.FEDORAPROJECT.ORG'); +update users set krb_principal=replace(krb_principal, '@FEDORAPROJECT.ORG', '@STG.FEDORAPROJECT.ORG'); --- TODO fix kojipkgs url in external repos +VACUUM ANALYZE; diff --git a/playbooks/manual/stop_pkgdb.yml b/playbooks/manual/stop_pkgdb.yml new file mode 100644 index 0000000000..e9fc632845 --- /dev/null +++ b/playbooks/manual/stop_pkgdb.yml @@ -0,0 +1,19 @@ +- name: verify the frontend and stop it + hosts: pkgdb:pkgdb-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + pre_tasks: + - name: tell nagios to shush w.r.t. apache + nagios: action=downtime minutes=90 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + + tasks: + - name: Stop apache + service: name="httpd" state=stopped diff --git a/playbooks/manual/sync-hosts.yml b/playbooks/manual/sync-hosts.yml deleted file mode 100644 index 38a1581c67..0000000000 --- a/playbooks/manual/sync-hosts.yml +++ /dev/null @@ -1,29 +0,0 @@ -# Synchronizes files in /tmp/staging between remote hosts -# The following variables need to be supplied with the -# --extra-vars flag for the playbook to work: -# 'remote_src_host', 'remote_dest_host' -# -# Example: -# ansible-playbook sync-hosts.yml --extra-vars \ -# "remote_src_host=bodhi-backend01.iad2.fedoraproject.org \ -# remote_dest_host=sundries01.iad2.fedoraproject.org" ---- -- hosts: localhost - user: root - - tasks: - - - name: copy files from remote_src_host to control node - run_once: yes - fetch: - src: /tmp/staging - dest: /tmp/staging - flat: yes - validate_checksum: yes - when: "{{ inventory_hostname == 'remote_src_host' }}" - - - name: copy files from control node to remote_dest_host - ansible.builtin.copy: - src: /tmp/staging - dest: /tmp/staging - when: "{{ inventory_hostname == 'remote_dest_host' }}" diff --git a/playbooks/manual/update-aliases.yml b/playbooks/manual/update-aliases.yml deleted file mode 100644 index 2e5e19aa95..0000000000 --- a/playbooks/manual/update-aliases.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- name: Run fasjson playbook on bastion for alias changes - hosts: bastion - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - { role: fasjson, when: env != "staging" } diff --git a/playbooks/manual/update-firmware.yml b/playbooks/manual/update-firmware.yml index e3da09f3f2..301880a94d 100644 --- a/playbooks/manual/update-firmware.yml +++ b/playbooks/manual/update-firmware.yml @@ -9,7 +9,6 @@ ##################### WARNING ################################## # ---- - name: Show warning hosts: localhost tasks: @@ -21,9 +20,9 @@ hosts: all user: root vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" @@ -52,7 +51,8 @@ - name: Create drop place for upgrades check_mode: no when: ansible_virtualization_role == "host" - ansible.builtin.file: path=/root/firmware-upgrades state=directory + file: path=/root/firmware-upgrades + state=directory - name: Check which updates to copy check_mode: no @@ -60,12 +60,12 @@ register: is_applied_results when: item.0.vendor == ansible_system_vendor and item.0.product == ansible_product_name with_subelements: - - "{{ updates }}" - - "{{ files }}" + - updates + - files - name: Copy updates check_mode: no - ansible.builtin.copy: src={{ bigfiles }}/firmware/{{ item.item.0.dirname }}/{{ item.item.1}} + copy: src={{ bigfiles }}/firmware/{{ item.item.0.dirname }}/{{ item.item.1}} dest=/root/firmware-upgrades/ mode=0700 register: copy_results @@ -76,7 +76,7 @@ # Dell updates here - name: Check Dell updates check_mode: no - ansible.builtin.command: /root/firmware-upgrades/{{ item.item.1}} -qc + command: /root/firmware-upgrades/{{ item.item.1}} -qc register: check_results failed_when: "'System(s) supported by this package' in check_results.stdout" changed_when: "'is the same' not in check_results.stdout" @@ -84,7 +84,7 @@ with_items: "{{is_applied_results.results}}" - name: Apply Dell updates - ansible.builtin.command: /root/firmware-upgrades/{{ item.item.item.1}} -q + command: /root/firmware-upgrades/{{ item.item.item.1}} -q register: update_results failed_when: "'System(s) supported by this package:' in update_results.stdout" changed_when: "'should be restarted' in update_results.stdout or 'completed successfully' in update_results.stdout" @@ -98,7 +98,7 @@ # Generic stuff continues here - name: Mark updates as done - ansible.builtin.file: path=/root/firmware-upgrades/{{ item.item.1 }}.applied + file: path=/root/firmware-upgrades/{{ item.item.1 }}.applied state=touch owner=root mode=644 when: "'stat' in item and not item.stat.exists" with_items: "{{is_applied_results.results}}" @@ -106,7 +106,7 @@ # We are cleaning up all files we copied, regardless of update result - name: Delete update files check_mode: no - ansible.builtin.file: path=/root/firmware-upgrades/{{ item.item.1 }} + file: path=/root/firmware-upgrades/{{ item.item.1 }} state=absent when: "'stat' in item and not item.stat.exists" with_items: "{{is_applied_results.results}}" diff --git a/playbooks/manual/update-packages.yml b/playbooks/manual/update-packages.yml index 5718d0081d..7b6eb9344d 100644 --- a/playbooks/manual/update-packages.yml +++ b/playbooks/manual/update-packages.yml @@ -1,41 +1,41 @@ -# requires --extra-vars="target='host1:host2:group etc' package='python-tahrir'" +# requires --extra-vars="target='host1;host2;group etc' package='python-tahrir'" # # Alternatively, you could update a group of packages like -# --extra-vars="target='host1:host2' package='python-t*'" +# --extra-vars="target='host1;host2' package='python-t*'" # # To update from testing, adjust as follow: -# --extra-vars="target='host1:host2' package='python-t*' testing=True" +# --extra-vars="target='host1;host2' package='python-t*' testing=True" ---- -- name: Push packages out +- name: push packages out hosts: "{{target}}" user: root vars: - testing: false + testing: False tasks: - - name: Yum update {{ package }} from main repo + - name: yum update {{ package }} from main repo yum: name="{{ package }}" state=latest update_cache=yes - when: not testing and ansible_distribution_major_version|int < 8 and ansible_distribution == 'RedHat' + when: not testing and ansible_distribution_major_version|int < 22 - - name: Yum update {{ package }} from testing repo + - name: yum update {{ package }} from testing repo yum: name="{{ package }}" state=latest enablerepo=infrastructure-tags-stg update_cache=yes - when: testing and ansible_distribution_major_version|int < 8 and ansible_distribution == 'RedHat' + when: testing and ansible_distribution_major_version|int < 22 - - name: Dnf clean all (since we can't do it when updating) - ansible.builtin.command: dnf clean all - when: not testing and ansible_distribution_major_version|int > 21 and ansible_distribution == 'Fedora' + - name: dnf clean all (since we can't do it when updating) + command: dnf clean all + when: not testing and ansible_distribution_major_version|int > 21 - - name: Dnf update {{ package }} from main repo + - name: dnf update {{ package }} from main repo dnf: name="{{ package }}" state=latest - when: not testing and ansible_distribution_major_version|int > 21 and ansible_distribution == 'Fedora' + when: not testing and ansible_distribution_major_version|int > 21 - - name: Dnf clean all (since we can't do it when updating) - ansible.builtin.command: dnf clean all --enablerepo=infrastructure-tags-stg - when: testing and ansible_distribution_major_version|int > 21 and ansible_distribution == 'Fedora' + - name: dnf clean all (since we can't do it when updating) + command: dnf clean all --enablerepo=infrastructure-tags-stg + when: testing and ansible_distribution_major_version|int > 21 - - name: Dnf update {{ package }} from testing repo + - name: dnf update {{ package }} from testing repo dnf: name="{{ package }}" state=latest enablerepo=infrastructure-tags-stg - when: testing and ansible_distribution_major_version|int > 21 and ansible_distribution == 'Fedora' + when: testing and ansible_distribution_major_version|int > 21 + diff --git a/playbooks/manual/upgrade/anitya.yml b/playbooks/manual/upgrade/anitya.yml new file mode 100644 index 0000000000..b5a848db7b --- /dev/null +++ b/playbooks/manual/upgrade/anitya.yml @@ -0,0 +1,72 @@ +- name: push packages out + hosts: anitya-frontend:anitya-backend + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + tasks: + - name: clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} + command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} + check_mode: no + - name: yum update anitya packages from main repo + yum: name="anitya" state=latest + when: not testing + - name: yum update anitya packages from testing repo + yum: name="anitya" state=latest enablerepo=infrastructure-tags-stg + when: testing + +- name: verify the frontend + hosts: anitya-frontend + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + pre_tasks: + - name: tell nagios to shush w.r.t. the frontend + nagios: action=downtime minutes=15 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + roles: + - anitya/frontend + - anitya/fedmsg + post_tasks: + - name: tell nagios to unshush w.r.t. the frontend + nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + - service: name="httpd" state=restarted + +- name: verify the backend and then upgrade the db + hosts: anitya-backend + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + pre_tasks: + - name: tell nagios to shush w.r.t. the backend + nagios: action=downtime minutes=15 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + roles: + - anitya/backend + - anitya/fedmsg + tasks: + - name: Upgrade the database + command: /usr/bin/alembic -c /etc/anitya/alembic.ini upgrade head + args: + chdir: /usr/share/anitya/ + when: inventory_hostname.startswith('anitya-backend') + post_tasks: + - name: tell nagios to unshush w.r.t. the backend + nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true diff --git a/playbooks/manual/upgrade/autocloud.yml b/playbooks/manual/upgrade/autocloud.yml new file mode 100644 index 0000000000..6015d982ca --- /dev/null +++ b/playbooks/manual/upgrade/autocloud.yml @@ -0,0 +1,166 @@ +- name: push packages out + hosts: autocloud-backend:autocloud-backend-stg:autocloud-web:autocloud-web-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + testing: False + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - name: clean all metadata + command: dnf clean all + check_mode: no + - name: dnf update autocloud packages from main repo + dnf: name="autocloud*" state=latest + when: not testing + - name: dnf update autocloud packages from testing repo + dnf: name="autocloud*" state=latest enablerepo=infrastructure-tags-stg + when: testing + +- name: update tunir + hosts: autocloud-backend:autocloud-backend-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + testing: False + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - name: dnf update tunir packages from main repo + dnf: name="tunir" state=latest + when: not testing + - name: dnf update tunir packages from testing repo + dnf: name="tunir" state=latest enablerepo=infrastructure-tags-stg + when: testing + +- name: update fedfind + hosts: autocloud-backend:autocloud-backend-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + testing: False + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - name: dnf update fedfind packages from main repo + dnf: name="fedfind" state=latest + when: not testing + - name: dnf update fedfind packages from testing repo + dnf: name="fedfind" state=latest enablerepo=infrastructure-tags-stg + when: testing + +- name: update python2-fedfind + hosts: autocloud-backend:autocloud-backend-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + testing: False + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - name: dnf update fedfind packages from main repo + dnf: name="python2-fedfind" state=latest + when: not testing + - name: dnf update fedfind packages from testing repo + dnf: name="python2-fedfind" state=latest enablerepo=infrastructure-tags-stg + when: testing + +- name: verify the frontend and stop it + hosts: autocloud-web:autocloud-web-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + pre_tasks: + - name: tell nagios to shush w.r.t. the frontend + nagios: action=downtime minutes=15 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + + roles: + - autocloud/frontend + + post_tasks: + - service: name="httpd" state=stopped + +- name: verify the backends, stop them, and then upgrade the db + hosts: autocloud-backend:autocloud-backend-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + pre_tasks: + - name: tell nagios to shush w.r.t. the backend + nagios: action=downtime minutes=15 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + + roles: + - autocloud/backend + + tasks: + - name: Stop the fedmsg-hub backend + service: name="fedmsg-hub" state=stopped + - name: Stop the autocloud backend + service: name="autocloud" state=stopped + + # There is no alembic upgrade scripts yet... + #- name: Upgrade the database + # command: /usr/bin/alembic -c /usr/share/autocloud/alembic.ini upgrade head + # args: + # chdir: /usr/share/autocloud/ + # when: inventory_hostname.startswith('autocloud-backend-libvirt') + + - name: And... start the autocloud backend again + service: name="autocloud" state=started + - name: And... start the fedmsg-hub backend again + service: name="fedmsg-hub" state=started + + post_tasks: + - name: tell nagios to unshush w.r.t. the backend + nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + +- name: restart the frontend + hosts: autocloud-web:autocloud-web-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - service: name="httpd" state=started + + post_tasks: + - name: tell nagios to unshush w.r.t. the frontend + nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true diff --git a/playbooks/manual/upgrade/badges.yml b/playbooks/manual/upgrade/badges.yml new file mode 100644 index 0000000000..2916dabde2 --- /dev/null +++ b/playbooks/manual/upgrade/badges.yml @@ -0,0 +1,136 @@ +- name: push packages out to frontend + hosts: badges-web:badges-web-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + testing: False + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - name: clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} + command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} + check_mode: no + - name: yum update tahrir/badges packages from main repo + yum: name={{item}} state=latest + when: not testing + with_items: + - python-tahrir + - python-tahrir-api + - name: yum update tahrir/badges packages from testing repo + yum: name={{item}} state=latest enablerepo=infrastructure-tags-stg + when: testing + with_items: + - python-tahrir + - python-tahrir-api + +- name: push packages out to backend + hosts: badges-backend:badges-backend-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + testing: False + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - name: clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} + command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} + check_mode: no + - name: yum update tahrir/badges packages from main repo + yum: name={{item}} state=latest + when: not testing + with_items: + - python-fedbadges + - python-tahrir-api + - name: yum update tahrir/badges packages from testing repo + yum: name={{item}} state=latest enablerepo=infrastructure-tags-stg + when: testing + with_items: + - python-fedbadges + - python-tahrir-api + +- name: verify the frontend and stop it + hosts: badges-web:badges-web-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + pre_tasks: + - name: tell nagios to shush w.r.t. the frontend + nagios: action=downtime minutes=15 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + + roles: + - badges/frontend + + post_tasks: + - service: name="httpd" state=stopped + +- name: verify the backend, stop it, and then upgrade the db + hosts: badges-backend:badges-backend-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + pre_tasks: + - name: tell nagios to shush w.r.t. the backend + nagios: action=downtime minutes=15 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + + roles: + - badges/backend + + tasks: + - name: Stop the badges backend + service: name="fedmsg-hub" state=stopped + + - name: Upgrade the database + command: /usr/bin/alembic -c /usr/share/tahrir_api/alembic.ini upgrade head + args: + chdir: /usr/share/tahrir_api/ + ignore_errors: true + + - name: And... start the backend again + service: name="fedmsg-hub" state=started + + post_tasks: + - name: tell nagios to unshush w.r.t. the backend + nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + +- name: restart the frontend + hosts: badges-web:badges-web-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - service: name="httpd" state=started + + post_tasks: + - name: tell nagios to unshush w.r.t. the frontend + nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true diff --git a/playbooks/manual/upgrade/bodhi.yml b/playbooks/manual/upgrade/bodhi.yml index 75c9eb3fd7..c5fd790502 100644 --- a/playbooks/manual/upgrade/bodhi.yml +++ b/playbooks/manual/upgrade/bodhi.yml @@ -1,175 +1,125 @@ ---- -- name: Check to see if a compose is going on before we do anything... - hosts: bodhi_backend:bodhi_backend_stg +- name: check to see if a mash is going on before we do anything... + hosts: bodhi-backend:bodhi-backend-stg user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - include_vars: /srv/web/infra/ansible/vars/apps/bodhi.yml - - name: Check for running composes - ansible.builtin.shell: "curl https://bodhi{{env_suffix}}.fedoraproject.org/composes/" - register: composes - - - name: Fail if we found that a compose was in progress - fail: - msg: "There are composes in progress." - any_errors_fatal: true - when: "composes.stdout != '{\"composes\": []}' and env != 'staging'" - -- name: Push packages out - hosts: bodhi_backend:bodhi_backend_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - name: Update bodhi-server packages from main repo - dnf: - name: - - bodhi-server - - bodhi-composer - state: latest - update_cache: true - - name: Update bodhi-server packages from testing repo - dnf: - name: - - bodhi-server - - bodhi-composer - state: latest - enablerepo: infrastructure-tags-stg - update_cache: true - when: testing - -- name: Find out if there are migrations to run - hosts: bodhi_backend:bodhi_backend_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Find out what the current migration version is - ansible.builtin.command: /usr/bin/alembic-3 -c /etc/bodhi/alembic.ini current - register: current_migration_version - -- name: Stop the front end if there are migrations to run - hosts: os_control[0]:os_control_stg[0] - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - pre_tasks: - - name: Tell nagios to shush w.r.t. the frontend - nagios: action=downtime minutes=15 service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org + - name: Check for the existance of a mashing lock. + shell: "ls -alh /mnt/koji/mash/updates/MASHING*" + register: lockfile ignore_errors: true - tasks: - - set_fact: - # This will be a bool that indicates whether we need to run migrations or not. - migrations: "'(head)' not in hostvars['bodhi-backend01{{ env_suffix }}.iad2.fedoraproject.org']['current_migration_version'].stdout" - - name: Scale down to 0 pods - ansible.builtin.command: oc -n bodhi scale dc/bodhi-web --replicas=0 - when: migrations + - name: Fail if we found that a mash was in progress + fail: msg="Presence of lockfile indicates that a mash is in progress." + any_errors_fatal: true + when: lockfile.rc == 0 -- name: Verify the backends, stop them, and then upgrade the db - hosts: bodhi_backend:bodhi_backend_stg +- name: push packages out + hosts: bodhi-backend:bodhi-backend-stg:bodhi2:bodhi2-stg user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - name: clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} + command: dnf clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} + check_mode: no + - name: dnf update bodhi-server packages from main repo + dnf: name="{{ item }}" state=latest + with_items: + - bodhi-docs + - bodhi-server + - python2-fedmsg-atomic-composer + - name: dnf update bodhi-server packages from testing repo + dnf: name="{{ item }}" state=latest enablerepo=infrastructure-tags-stg + with_items: + - bodhi-docs + - bodhi-server + - python2-fedmsg-atomic-composer + when: testing + +- name: verify the frontend and stop it + hosts: bodhi2:bodhi2-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" pre_tasks: - - name: Tell nagios to shush w.r.t. the backend + - name: tell nagios to shush w.r.t. the frontend nagios: action=downtime minutes=15 service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + + roles: + - bodhi2/base + + post_tasks: + - service: name="httpd" state=stopped + +- name: verify the backends, stop them, and then upgrade the db + hosts: bodhi-backend:bodhi-backend-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + pre_tasks: + - name: tell nagios to shush w.r.t. the backend + nagios: action=downtime minutes=15 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org ignore_errors: true roles: - bodhi2/backend tasks: - - name: Stop the backend services - service: - name: "{{ item }}" - state: stopped - with_items: - - fm-consumer@config.service - - bodhi-celery + - name: Stop the fedmsg-hub backend + service: name="fedmsg-hub" state=stopped - name: Upgrade the database - ansible.builtin.command: /usr/bin/alembic-3 -c /etc/bodhi/alembic.ini upgrade head + command: /usr/bin/alembic -c /etc/bodhi/alembic.ini upgrade head args: chdir: /usr/share/bodhi/ + when: inventory_hostname.startswith(('bodhi-backend01.phx2', 'bodhi-backend01.stg.phx2')) - - name: Start the backend services - service: - name: "{{ item }}" - state: started - with_items: - - fm-consumer@config.service - - bodhi-celery + - name: And... start the backend again + service: name="fedmsg-hub" state=started post_tasks: - - name: Tell nagios to unshush w.r.t. the backend + - name: tell nagios to unshush w.r.t. the backend nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org + delegate_to: noc01.phx2.fedoraproject.org ignore_errors: true -- name: Restart the frontend - hosts: os_control[0]:os_control_stg[0] +- name: restart the frontend + hosts: bodhi2:bodhi2-stg user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - - include_vars: /srv/web/infra/ansible/vars/apps/bodhi.yml - - name: Scale up pods - ansible.builtin.command: oc -n bodhi scale dc/bodhi-web --replicas={{ bodhi_openshift_pods }} - when: env != "staging" - - name: Scale up pods - ansible.builtin.command: oc -n bodhi scale dc/bodhi-web --replicas={{ bodhi_openshift_pods }} - when: env == "staging" - # Redeploy the build config as it may request a newer version in the Dockerfile - # Only do it on prod because staging tracks a branch - - import_role: - name: openshift/object - vars: - object_app: bodhi - object_template: buildconfig.yml - object_objectname: buildconfig.yml - when: env != "staging" - # Start a build with the new buildconfig - # Only do it on prod because staging builds are triggered by Github's webhook - - import_role: - name: openshift/start-build - vars: - start_build_app: bodhi - start_build_buildname: bodhi-base - when: env != "staging" + - service: name="httpd" state=started post_tasks: - - name: Tell nagios to unshush w.r.t. the frontend + - name: tell nagios to unshush w.r.t. the frontend nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org + delegate_to: noc01.phx2.fedoraproject.org ignore_errors: true diff --git a/playbooks/manual/upgrade/bugyou.yml b/playbooks/manual/upgrade/bugyou.yml new file mode 100644 index 0000000000..bd87441fe8 --- /dev/null +++ b/playbooks/manual/upgrade/bugyou.yml @@ -0,0 +1,59 @@ +- name: push packages out + hosts: bugyou:bugyou-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + testing: False + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - name: clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} + command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} + always_run: yes + - name: yum update bugyou packages from main repo + yum: name="bugyou*" state=latest + when: not testing + - name: yum update bugyou packages from testing repo + yum: name="bugyou*" state=latest enablerepo=infrastructure-tags-stg + when: testing + +- name: verify the backends, stop them, and then upgrade the db + hosts: bugyou:bugyou-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + pre_tasks: + - name: tell nagios to shush w.r.t. the backend + nagios: action=downtime minutes=15 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + + roles: + - bugyou/backend + + tasks: + - name: Stop the fedmsg-hub backend + service: name="fedmsg-hub" state=stopped + - name: Stop the bugyou controller backend + service: name="bugyou-cntrl" state=stopped + + - name: And... start the bugyou controller backend again + service: name="bugyou-cntrl" state=started + - name: And... start the fedmsg-hub backend again + service: name="fedmsg-hub" state=started + + post_tasks: + - name: tell nagios to unshush w.r.t. the backend + nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + diff --git a/playbooks/manual/upgrade/bugzilla2fedmsg.yml b/playbooks/manual/upgrade/bugzilla2fedmsg.yml index 53454ed6de..2f6c3fa757 100644 --- a/playbooks/manual/upgrade/bugzilla2fedmsg.yml +++ b/playbooks/manual/upgrade/bugzilla2fedmsg.yml @@ -1,41 +1,40 @@ ---- -- name: Push packages out - hosts: bugzilla2fedmsg:bugzilla2fedmsg_stg +- name: push packages out + hosts: bugzilla2fedmsg:bugzilla2fedmsg-stg user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml vars: - testing: false + testing: False handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - - name: Clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} - ansible.builtin.command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} + - name: clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} + command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} check_mode: no - - name: Update bugzilla2fedmsg packages from main repo - ansible.builtin.package: name="python-bugzilla2fedmsg" state=latest + - name: yum update bugzilla2fedmsg packages from main repo + yum: name="python-bugzilla2fedmsg" state=latest when: not testing - - name: Update bugzilla2fedmsg packages from testing repo + - name: yum update bugzilla2fedmsg packages from testing repo yum: name="python-bugzilla2fedmsg" state=latest enablerepo=infrastructure-tags-stg when: testing -- name: Verify the backend and restart it - hosts: bugzilla2fedmsg:bugzilla2fedmsg_stg +- name: verify the backend and restart it + hosts: bugzilla2fedmsg:bugzilla2fedmsg-stg user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" pre_tasks: - - name: Tell nagios to shush + - name: tell nagios to shush nagios: action=downtime minutes=60 service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org + delegate_to: noc01.phx2.fedoraproject.org ignore_errors: true roles: @@ -43,7 +42,7 @@ post_tasks: - service: name="moksha-hub" state=restarted - - name: Tell nagios to unshush + - name: tell nagios to unshush nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org + delegate_to: noc01.phx2.fedoraproject.org ignore_errors: true diff --git a/playbooks/manual/upgrade/datagrepper.yml b/playbooks/manual/upgrade/datagrepper.yml index 3fd178980d..aea046edde 100644 --- a/playbooks/manual/upgrade/datagrepper.yml +++ b/playbooks/manual/upgrade/datagrepper.yml @@ -1,41 +1,40 @@ ---- -- name: Push packages out - hosts: datagrepper:datagrepper_stg +- name: push packages out + hosts: datagrepper:datagrepper-stg user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml vars: - testing: false + testing: False handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - - name: Clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} - ansible.builtin.command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} + - name: clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} + command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} check_mode: no - - name: Yum update datagrepper packages from main repo - ansible.builtin.package: name="datagrepper" state=latest + - name: yum update datagrepper packages from main repo + yum: name="datagrepper" state=latest when: not testing - - name: Yum update datagrepper packages from testing repo - ansible.builtin.package: name="datagrepper" state=latest enablerepo=infrastructure-tags-stg + - name: yum update datagrepper packages from testing repo + yum: name="datagrepper" state=latest enablerepo=infrastructure-tags-stg when: testing -- name: Verify the config and restart it - hosts: datagrepper:datagrepper_stg +- name: verify the config and restart it + hosts: datagrepper:datagrepper-stg user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" pre_tasks: - - name: Tell nagios to shush + - name: tell nagios to shush nagios: action=downtime minutes=60 service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org + delegate_to: noc01.phx2.fedoraproject.org ignore_errors: true roles: @@ -44,7 +43,7 @@ post_tasks: - service: name="httpd" state=restarted - - name: Tell nagios to unshush + - name: tell nagios to unshush nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org + delegate_to: noc01.phx2.fedoraproject.org ignore_errors: true diff --git a/playbooks/manual/upgrade/datanommer.yml b/playbooks/manual/upgrade/datanommer.yml index e1a25b8883..10d986e561 100644 --- a/playbooks/manual/upgrade/datanommer.yml +++ b/playbooks/manual/upgrade/datanommer.yml @@ -1,112 +1,159 @@ ---- -- name: Verify the badges backend and stop it +- name: push packages out hosts: - - badges_backend - - badges_backend_stg + - badges-backend + - badges-backend-stg + - datagrepper + - datagrepper-stg + - notifs-web + - notifs-web-stg + - busgateway + - busgateway-stg user: root vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + testing: False + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - name: clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} + command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} + check_mode: no + - name: yum update datanommer packages from main repo + yum: name="*datanommer*" state=latest + when: not testing + - name: yum update datanommer packages from testing repo + yum: name="*datanommer*" state=latest enablerepo=infrastructure-tags-stg + when: testing + +- name: verify the badges backend and stop it + hosts: badges-backend:badges-backend-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" pre_tasks: - name: tell nagios to shush nagios: action=downtime minutes=120 service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org + delegate_to: noc01.phx2.fedoraproject.org ignore_errors: true roles: - badges/backend tasks: - service: name="fedmsg-hub" state=stopped -- name: Stop datagrepper - hosts: - - os_masters[0] - - os_masters_stg[0] +- name: verify the datagrepper frontend and stop it + hosts: datagrepper:datagrepper-stg user: root vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" + pre_tasks: + - name: tell nagios to shush + nagios: action=downtime minutes=120 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + roles: + - datagrepper tasks: - - name: Scale down datagrepper to 0 pods - ansible.builtin.command: oc -n datagrepper scale dc/datagrepper --replicas=0 + - service: name="httpd" state=stopped -- name: Stop datanommer - hosts: - - os_masters[0] - - os_masters_stg[0] +- name: verify the notifs frontend and stop it + hosts: notifs-web:notifs-web-stg user: root vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" + pre_tasks: + - name: tell nagios to shush + nagios: action=downtime minutes=120 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + roles: + - notifs/frontend tasks: - - name: Scale down datanommer to 0 pods - ansible.builtin.command: oc -n datanommer scale dc/datanommer --replicas=0 + - service: name="httpd" state=stopped -- name: Upgrade the database - role: openshift/object - object_app: datanommer - object_template: job.yml.j2 - object_objectname: job.yml - -- name: Wait for the db-upgrade completion - ansible.builtin.command: oc get jobs/db-upgrade -o jsonpath='{@.status.succeeded}' - register: status - until: status.stdout | int == 1 - retries: 5 - delay: 30 - -- name: Delete the job in case it finished - role: openshift/object-delete - object_delete_app: datanommer - object_delete_objecttype: job - object_delete_objectname: db-upgrade - when: status.stdout | int == 1 - -- name: Start the datanommer again - hosts: - - os_masters[0] - - os_masters_stg[0] +- name: verify the datanommer backend, stop it, and then upgrade the db + hosts: busgateway:busgateway-stg user: root vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + pre_tasks: + - name: tell nagios to shush + nagios: action=downtime minutes=120 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + roles: + - fedmsg/datanommer tasks: - - name: Scale up datanommer pods - ansible.builtin.command: oc -n datanommer scale dc/db-datanommer --replicas=1 + - name: Stop the notification backend + service: name="fedmsg-hub" state=stopped -- name: Start the datagrepper again + - name: Upgrade the database + command: /usr/bin/alembic -c /usr/share/datanommer.models/alembic.ini upgrade head + args: + chdir: /usr/share/datanommer.models/ + async: 20000 + poll: 60 + + - name: And... start the backend again + service: name="fedmsg-hub" state=started + + post_tasks: + - name: tell nagios to unshush + nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + +- name: restart the frontend pieces (fmn.web and datagrepper) hosts: - - os_masters[0] - - os_masters_stg[0] + - datagrepper + - datagrepper-stg + - notifs-web + - notifs-web-stg user: root vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - - name: Scale up datagrepper pods - ansible.builtin.command: oc -n datagrepper scale dc/datagrepper --replicas=1 + - service: name="httpd" state=started + post_tasks: + - name: tell nagios to unshush + nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true -- name: Restart the last backend piece (badges) +- name: restart the last backend piece (badges) hosts: - badges-backend - badges-backend-stg user: root vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + tasks: + - service: name="fedmsg-hub" state=started post_tasks: - name: tell nagios to unshush nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org + delegate_to: noc01.phx2.fedoraproject.org ignore_errors: true diff --git a/playbooks/manual/upgrade/fedimg.yml b/playbooks/manual/upgrade/fedimg.yml new file mode 100644 index 0000000000..6a171603f1 --- /dev/null +++ b/playbooks/manual/upgrade/fedimg.yml @@ -0,0 +1,100 @@ +- name: push packages out + hosts: fedimg:fedimg-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + testing: False + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - name: clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} + command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} + check_mode: no + - name: yum update fedimg packages from main repo + yum: name="python-fedimg" state=latest + when: not testing + - name: yum update fedimg packages from testing repo + yum: name="python-fedimg" state=latest enablerepo=infrastructure-tags-stg + when: testing + - name: yum update libcloud from testing repo + yum: name="python2-libcloud" state=latest enablerepo=epel-testing + when: not testing + +- name: update fedfind + hosts: fedimg:fedimg-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + testing: False + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - name: yum update fedfind packages from main repo + yum: name="fedfind" state=latest + when: not testing + - name: yum update fedfind packages from testing repo + yum: name="fedfind" state=latest enablerepo=infrastructure-tags-stg + when: testing + +- name: update python2-fedfind + hosts: fedimg:fedimg-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + testing: False + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - name: yum update fedfind packages from main repo + yum: name="python2-fedfind" state=latest + when: not testing + - name: yum update fedfind packages from testing repo + yum: name="python2-fedfind" state=latest enablerepo=infrastructure-tags-stg + when: testing + +- name: verify the backend and restart it + hosts: fedimg:fedimg-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + pre_tasks: + - name: tell nagios to shush + nagios: action=downtime minutes=60 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + + roles: + - role: fedimg + aws_keyname: fedimg-dev + aws_keypath: /etc/pki/fedimg/fedimg-dev + aws_pubkeypath: /etc/pki/fedimg/fedimg-dev.pub + when: env == 'staging' + - role: fedimg + aws_keyname: releng-ap-northeast-1 + aws_keypath: /etc/pki/fedimg/fedimg-prod + aws_pubkeypath: /etc/pki/fedimg/fedimg-prod.pub + when: env != 'staging' + + post_tasks: + - service: name="fedmsg-hub" state=restarted + - name: tell nagios to unshush + nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true diff --git a/playbooks/manual/upgrade/fedmsg.yml b/playbooks/manual/upgrade/fedmsg.yml new file mode 100644 index 0000000000..20cdc332e8 --- /dev/null +++ b/playbooks/manual/upgrade/fedmsg.yml @@ -0,0 +1,66 @@ +- name: push packages out + hosts: + - fedmsg-hubs + - fedmsg-hubs-stg + + - fedmsg-relays + - fedmsg-relays-stg + + - fedmsg-ircs + - fedmsg-ircs-stg + + - fedmsg-gateways + - fedmsg-gateways-stg + + - moksha-hubs + - moksha-hubs-stg + + - notifs-web + - notifs-web-stg + + - datagrepper + - datagrepper-stg + + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + testing: False + packages: + - fedmsg + - python2-fedmsg-meta-fedora-infrastructure + - python-moksha-hub + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - name: clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} + command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} + check_mode: no + - name: yum update fedmsg packages from the main repo + yum: name={{item}} state=latest + when: not testing + with_items: "{{packages}}" + - name: yum update fedmsg packages from testing repo + yum: name={{item}} state=latest enablerepo=infrastructure-tags-stg + when: testing + with_items: "{{packages}}" + +# Restart all the backend daemons +- import_tasks: ../restart-fedmsg-services.yml + +# Also restart the frontend web services +- name: bounce apache + hosts: notifs-web:notifs-web-stg:datagrepper:datagrepper-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - service: name="httpd" state=restarted diff --git a/playbooks/manual/upgrade/fmn.yml b/playbooks/manual/upgrade/fmn.yml new file mode 100644 index 0000000000..b2f2542646 --- /dev/null +++ b/playbooks/manual/upgrade/fmn.yml @@ -0,0 +1,123 @@ +- name: push packages out + hosts: notifs-backend:notifs-backend-stg:notifs-web:notifs-web-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + testing: False + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - name: clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} + command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} + check_mode: no + - name: yum update FMN packages from main repo + yum: name="python-fmn" state=latest + when: not testing + - name: yum update FMN packages from testing repo + yum: pkg=python-fmn state=latest enablerepo=infrastructure-tags-stg + when: testing + - name: yum update FMN packages from testing repo + yum: pkg=python-fmn state=latest enablerepo=epel-testing + when: env == "staging" + +- name: verify the frontend and stop it + hosts: notifs-web:notifs-web-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + pre_tasks: + - name: tell nagios to shush w.r.t. the frontend + nagios: action=downtime minutes=15 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + + roles: + - notifs/frontend + + post_tasks: + - service: name="httpd" state=stopped + +- name: verify the backend, stop it, and then upgrade the db + hosts: notifs-backend:notifs-backend-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + pre_tasks: + - name: tell nagios to shush w.r.t. the backend + nagios: action=downtime minutes=5 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + + roles: + - notifs/backend + + tasks: + - name: Stop the notification backend + service: name="fedmsg-hub" state=stopped + + - name: Stop the workers and backends + service: name={{ item }} state=stopped + with_items: + - fmn-backend@1 + - fmn-worker@1 + - fmn-worker@2 + - fmn-worker@3 + - fmn-worker@4 + + - name: Upgrade the database + command: /usr/bin/alembic -c /usr/share/fmn/alembic.ini upgrade head + args: + chdir: /usr/share/fmn/ + + - name: Re-start the workers and the backend + service: name={{ item }} state=started + with_items: + - fmn-backend@1 + - fmn-worker@1 + - fmn-worker@2 + - fmn-worker@3 + - fmn-worker@4 + + - name: And... start the backend again + service: name="fedmsg-hub" state=started + + # Don't bother unshushing the backend here. it takes a few minutes to start + # up anyways, so just let the downtime expire. + #post_tasks: + #- name: tell nagios to unshush w.r.t. the backend + # nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} + # delegate_to: noc01.phx2.fedoraproject.org + # ignore_errors: true + +- name: restart the frontend + hosts: notifs-web:notifs-web-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - service: name="httpd" state=started + + post_tasks: + - name: tell nagios to unshush w.r.t. the frontend + nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true diff --git a/playbooks/manual/upgrade/hotness.yml b/playbooks/manual/upgrade/hotness.yml new file mode 100644 index 0000000000..bd3ffb65aa --- /dev/null +++ b/playbooks/manual/upgrade/hotness.yml @@ -0,0 +1,48 @@ +- name: push packages out + hosts: hotness:hotness-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + testing: False + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - name: clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} + command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} + check_mode: no + - name: yum update hotness packages from main repo + yum: name="the-new-hotness" state=latest + when: not testing + - name: yum update hotness packages from testing repo + yum: name="the-new-hotness" state=latest enablerepo=infrastructure-tags-stg + when: testing + +- name: verify the backend and restart it + hosts: hotness:hotness-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + pre_tasks: + - name: tell nagios to shush + nagios: action=downtime minutes=60 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + + roles: + - hotness + + post_tasks: + - service: name="fedmsg-hub" state=restarted + - name: tell nagios to unshush + nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true diff --git a/playbooks/manual/upgrade/koji.yml b/playbooks/manual/upgrade/koji.yml index 0296f97b6f..4e9848e6f4 100644 --- a/playbooks/manual/upgrade/koji.yml +++ b/playbooks/manual/upgrade/koji.yml @@ -16,93 +16,92 @@ # 5) upgrade database # 6) update hubs # 7) update all builders -# 8) restart +# 8) restart # # TODO: # - stop and restart kojira on koji02 # - kill any koji-gc processes # - nagios outage stuff didn't seem to work as well as we would want last time. ---- -- name: Preliminary tasks - hosts: koji:koji_stg +- name: preliminary tasks + hosts: koji:koji-stg user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - - name: Ask admin if an outage ticket was created. + - name: ask admin if an outage ticket was created. pause: seconds=30 prompt="Did you file an outage ticket before running this?" - - name: Ask admin if an outage ticket was reviewed. + - name: ask admin if an outage ticket was reviewed. pause: seconds=30 prompt="Did you have someone review that outage ticket? This is koji we're talking about here..." - - name: Ask admin if an outage ticket was announced. + - name: ask admin if an outage ticket was announced. pause: seconds=30 prompt="Did you send the outage announcement to devel-announce? People need to know." - - name: Ask admin if no db upgrade script is ok. + - name: ask admin if no db upgrade script is ok. pause: seconds=30 prompt="You didn't specify a db_upgrade_file extra-var. Are you sure there is no db upgrade required?" when: db_upgrade_file is undefined - - name: Tell nagios that everything is fine + - name: tell nagios that everything is fine nagios: action=downtime minutes=30 service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org + delegate_to: noc01.phx2.fedoraproject.org ignore_errors: true - - name: Stop httpd on the koji-hubs. + - name: stop httpd on the koji-hubs. service: name="httpd" state=stopped -- name: Run commands on the database host. +- name: run commands on the database host. # Note that the hosts are used explicitly here to choose only the "primary". # We don't want to run upgrades on both pgbdr nodes at the same time. # ... is anything special needed to upgrade pgbdr nodes? - hosts: db-koji01.iad2.fedoraproject.org:db-koji01.stg.iad2.fedoraproject.org + hosts: db-koji01.phx2.fedoraproject.org:db-koji01.stg.phx2.fedoraproject.org user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - name: Install the koji package, to get the upgrade script. # Note that "latest" here might as well be "present". The package shouldn't # be present in the first place. In any case, if it is erroneously present, # then we really do want the latest version. - ansible.builtin.package: name=koji state=latest update_cache=yes + yum: name=koji state=latest update_cache=yes when: db_upgrade_file is defined - name: Execute the db upgrade script - ansible.builtin.shell: psql koji < {{db_upgrade_file}} + shell: psql koji < {{db_upgrade_file}} become: true become_user: postgres when: db_upgrade_file is defined - name: Remove the package, since we no longer need the script. - ansible.builtin.package: name=koji state=absent + yum: name=koji state=absent when: db_upgrade_file is defined -- name: Update and restart the koji hubs before we touch the builders - hosts: koji:koji_stg +- name: update and restart the koji hubs before we touch the builders + hosts: koji:koji-stg user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - - ansible.builtin.package: name=koji-hub state=latest update_cache=yes - - name: Restart httpd on the koji-hubs. + - yum: name=koji-hub state=latest update_cache=yes + - name: restart httpd on the koji-hubs. service: name="httpd" state=started - - name: Unsilence nagios + - name: unsilence nagios nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org + delegate_to: noc01.phx2.fedoraproject.org ignore_errors: true -- name: Update and restart the koji builders, now that we're done with the hubs - hosts: builders:builders_stg +- name: update and restart the koji builders, now that we're done with the hubs + hosts: builders:builders-stg user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - - ansible.builtin.package: name=koji-builder state=latest update_cache=yes - - name: Restart all the builders. so many. + - yum: name=koji-builder state=latest update_cache=yes + - name: restart all the builders. so many. service: name="kojid" state=restarted diff --git a/playbooks/manual/upgrade/koschei-full.yml b/playbooks/manual/upgrade/koschei-full.yml deleted file mode 100644 index 4d11c486f7..0000000000 --- a/playbooks/manual/upgrade/koschei-full.yml +++ /dev/null @@ -1,55 +0,0 @@ -# This playbook can be used to update running Koschei instance to -# latest upstream version. It causes user-visible downtime, but -# unlike koschei-rolling.yml, it works even in case when there are -# database migrations to apply. - ---- -- name: Perform full Koschei update - hosts: os_control[0]:os_control_stg[0] - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/roles/openshift-apps/koschei/vars/main.yml - - /srv/web/infra/ansible/roles/openshift-apps/koschei/vars/{{ env }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - name: Delete all jobs - ansible.builtin.shell: oc -n koschei delete job --all - - - name: Pause all deployments - ansible.builtin.shell: oc -n koschei rollout pause deploy - - - name: Delete all replica sets - ansible.builtin.shell: oc -n koschei delete rs --all - - - name: Delete all pods - ansible.builtin.shell: oc -n koschei delete pod --all - - - name: Import upstream image into OpenShift - include_role: name=openshift/import-image - vars: - import_image_app: "{{ app }}" - import_image_imagestreamname: koschei - - - name: Run database migrations - include_role: name=openshift-apps/koschei/job - vars: - job_app: "{{ app }}" - job_name: db-migrate - job_command: "koschei-admin alembic upgrade head" - - # Since everything is stopped and users are seeing downtime anyway, - # we may as well want to vacuum the DB to improve performance. - - name: Vacuum database - include_role: name=openshift-apps/koschei/job - vars: - job_app: "{{ app }}" - job_name: db-vacuum - job_command: "koschei-admin psql <<<'VACUUM FULL ANALYZE'" - - - name: Resume all deployments - ansible.builtin.shell: oc -n koschei rollout resume deploy diff --git a/playbooks/manual/upgrade/koschei-rolling.yml b/playbooks/manual/upgrade/koschei-rolling.yml deleted file mode 100644 index 8f729621d6..0000000000 --- a/playbooks/manual/upgrade/koschei-rolling.yml +++ /dev/null @@ -1,26 +0,0 @@ -# This playbook can be used to update running Koschei instance to -# latest upstream version without causing user-visible outage, as long -# as updated version has identical database schema. - ---- -- name: Perform Koschei rolling update - hosts: os_control[0]:os_control_stg[0] - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/roles/openshift-apps/koschei/vars/main.yml - - /srv/web/infra/ansible/roles/openshift-apps/koschei/vars/{{ env }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - name: Import upstream image into OpenShift - include_role: name=openshift/import-image - vars: - import_image_app: "{{ app }}" - import_image_imagestreamname: koschei - - - name: Restart all deployments - ansible.builtin.shell: oc -n koschei rollout restart deploy diff --git a/playbooks/manual/upgrade/koschei-testing.yml b/playbooks/manual/upgrade/koschei-testing.yml new file mode 100644 index 0000000000..e6f040af87 --- /dev/null +++ b/playbooks/manual/upgrade/koschei-testing.yml @@ -0,0 +1,11 @@ +--- +- include_playbook: koschei.yml + vars: + fedora_repos: + - updates-testing + - msimacek-koschei + epel_repos: + - epel-testing + - msimacek-koschei + koschei_backend_hosts: koschei-backend-stg + koschei_web_hosts: koschei-web-stg diff --git a/playbooks/manual/upgrade/koschei.yml b/playbooks/manual/upgrade/koschei.yml new file mode 100644 index 0000000000..c41831a779 --- /dev/null +++ b/playbooks/manual/upgrade/koschei.yml @@ -0,0 +1,135 @@ +- name: verify koschei frontend + hosts: "{{ koschei_web_hosts | default('koschei-web:koschei-web-stg') }}" + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + roles: + - mod_wsgi + - koschei/frontend + +- name: verify koschei backend + hosts: "{{ koschei_backend_hosts | default('koschei-backend:koschei-backend-stg') }}" + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + roles: + - koschei/backend + +- name: upgrade koschei backend + hosts: "{{ koschei_backend_hosts | default('koschei-backend:koschei-backend-stg') }}" + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + fedora_repos: + - updates + pre_tasks: + - name: schedule nagios downtime + nagios: action=downtime minutes=20 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + when: env != 'staging' + tasks: + - name: clean dnf metadata + command: dnf {% for repo in fedora_repos %}--enablerepo {{ repo }} {% endfor %} clean all + - name: create dnf metadata cache + command: dnf {% for repo in fedora_repos %}--enablerepo {{ repo }} {% endfor %} makecache + - name: stop services + service: name="{{ item }}" state=stopped + with_items: "{{ koschei_backend_services }}" + - name: upgrade koschei + dnf: + name: "{{ item }}" + state: latest + enablerepo: "{{ fedora_repos | join(',') }}" + register: backend_upgrade + with_items: + - koschei-admin + - koschei-backend + - koschei-backend-fedora + +- name: upgrade koschei frontend + hosts: "{{ koschei_web_hosts | default('koschei-web:koschei-web-stg') }}" + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + epel_repos: + - epel + pre_tasks: + - name: schedule nagios downtime + nagios: action=downtime minutes=20 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + when: env != 'staging' + tasks: + - name: clean yum metadata + command: yum {% for repo in epel_repos %}--enablerepo {{ repo }} {% endfor %} clean all + - name: create yum metadata cache + command: yum {% for repo in epel_repos %}--enablerepo {{ repo }} {% endfor %} makecache + - name: stop httpd + service: name="httpd" state=stopped + - name: upgrade koschei + yum: + name: "{{ item }}" + state: latest + enablerepo: "{{ epel_repos | join(',') }}" + register: frontend_upgrade + with_items: + - koschei-frontend + - koschei-frontend-fedora + +- name: run DB migration + hosts: "{{ koschei_backend_hosts | default('koschei-backend:koschei-backend-stg') }}" + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + tasks: + - name: run db migration + become: yes + become_user: koschei + command: koschei-admin alembic upgrade head + +- name: restart koschei frontend + hosts: "{{ koschei_web_hosts | default('koschei-web:koschei-web-stg') }}" + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + roles: + - mod_wsgi + - koschei/frontend + +- name: restart koschei backend + hosts: "{{ koschei_backend_hosts | default('koschei-backend:koschei-backend-stg') }}" + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + roles: + - koschei/backend + +- name: Check whether backend update happened + hosts: "{{ koschei_backend_hosts | default('koschei-backend:koschei-backend-stg') }}" + tasks: + - assert: + that: backend_upgrade.changed + +- name: Check whether frontend update happened + hosts: "{{ koschei_web_hosts | default('koschei-web:koschei-web-stg') }}" + tasks: + - assert: + that: frontend_upgrade.changed diff --git a/playbooks/manual/upgrade/mbs.yml b/playbooks/manual/upgrade/mbs.yml new file mode 100644 index 0000000000..68cda885d2 --- /dev/null +++ b/playbooks/manual/upgrade/mbs.yml @@ -0,0 +1,136 @@ +- name: push packages out to frontend + hosts: mbs-frontend:mbs-frontend-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + testing: False + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - name: clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} + command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} + check_mode: no + - name: yum update mbs packages from main repo + yum: name={{item}} state=latest + when: not testing + with_items: + - module-build-service + - python-modulemd + - name: yum update mbs packages from testing repo + yum: name={{item}} state=latest enablerepo=infrastructure-tags-stg + when: testing + with_items: + - module-build-service + - python-modulemd + +- name: push packages out to backend + hosts: mbs-backend:mbs-backend-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + testing: False + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - name: clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} + command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} + check_mode: no + - name: yum update mbs packages from main repo + yum: name={{item}} state=latest + when: not testing + with_items: + - module-build-service + - python-modulemd + - name: yum update mbs packages from testing repo + yum: name={{item}} state=latest enablerepo=infrastructure-tags-stg + when: testing + with_items: + - module-build-service + - python-modulemd + +- name: verify the frontend and stop it + hosts: mbs-frontend:mbs-frontend-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + pre_tasks: + - name: tell nagios to shush w.r.t. the frontend + nagios: action=downtime minutes=15 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + + roles: + - mbs/common + - mbs/frontend + + post_tasks: + - service: name="httpd" state=stopped + +- name: verify the backend, stop it, and then upgrade the db + hosts: mbs-backend:mbs-backend-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + pre_tasks: + - name: tell nagios to shush w.r.t. the backend + nagios: action=downtime minutes=15 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + + roles: + - mbs/common + #- mbs/backend + + tasks: + - name: Stop the mbs backend + service: name="fedmsg-hub" state=stopped + + - name: Upgrade the database + command: mbs-upgradedb + ignore_errors: true + + - name: And... start the backend again + service: name="fedmsg-hub" state=started + + post_tasks: + - name: tell nagios to unshush w.r.t. the backend + nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + +- name: restart the frontend + hosts: mbs-frontend:mbs-frontend-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - service: name="httpd" state=started + + post_tasks: + - name: tell nagios to unshush w.r.t. the frontend + nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true diff --git a/playbooks/manual/upgrade/mote.yml b/playbooks/manual/upgrade/mote.yml index 876d724b6d..db3effc266 100644 --- a/playbooks/manual/upgrade/mote.yml +++ b/playbooks/manual/upgrade/mote.yml @@ -1,41 +1,40 @@ ---- -- name: Push packages out - hosts: value:value_stg +- name: push packages out + hosts: value:value-stg user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml vars: - testing: false + testing: False handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - - name: Clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} - ansible.builtin.command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} + - name: clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} + command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} check_mode: no - - name: Update mote packages from main repo - ansible.builtin.package: name="mote" state=latest + - name: yum update mote packages from main repo + yum: name="mote" state=latest when: not testing - - name: Update mote packages from testing repo + - name: yum update mote packages from testing repo yum: name="mote" state=latest enablerepo=infrastructure-tags-stg when: testing -- name: Verify the config and restart it - hosts: value:value_stg +- name: verify the config and restart it + hosts: value:value-stg user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" pre_tasks: - - name: Tell nagios to shush + - name: tell nagios to shush nagios: action=downtime minutes=60 service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org + delegate_to: noc01.phx2.fedoraproject.org ignore_errors: true roles: @@ -44,7 +43,7 @@ post_tasks: - service: name="httpd" state=restarted - service: name="mote-updater" state=restarted - - name: Tell nagios to unshush + - name: tell nagios to unshush nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org + delegate_to: noc01.phx2.fedoraproject.org ignore_errors: true diff --git a/playbooks/manual/upgrade/odcs.yml b/playbooks/manual/upgrade/odcs.yml new file mode 100644 index 0000000000..ddbd66ab83 --- /dev/null +++ b/playbooks/manual/upgrade/odcs.yml @@ -0,0 +1,131 @@ +- name: push packages out to frontend + hosts: odcs-frontend:odcs-frontend-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + testing: False + odcs_migrate_db: True + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - name: clean all metadata {%if testing%}(with infrastructure-tags-stg on){%endif%} + command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} + check_mode: no + - name: yum update odcs packages from main repo + yum: name={{item}} state=latest + when: not testing + with_items: + - odcs + - name: yum update odcs packages from testing repo + yum: name={{item}} state=latest enablerepo=infrastructure-tags-stg + when: testing + with_items: + - odcs + +- name: push packages out to backend + hosts: odcs-backend:odcs-backend-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + testing: False + odcs_migrate_db: True + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - name: clean all metadata {%if testing%}(with infrastructure-tags-stg on){%endif%} + command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} + check_mode: no + - name: yum update odcs packages from main repo + yum: name={{item}} state=latest + when: not testing + with_items: + - odcs + - name: yum update odcs packages from testing repo + yum: name={{item}} state=latest enablerepo=infrastructure-tags-stg + when: testing + with_items: + - odcs + +- name: verify the frontend and stop it + hosts: odcs-frontend:odcs-frontend-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + odcs_migrate_db: True + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + pre_tasks: + - name: tell nagios to shush w.r.t. the frontend + nagios: action=downtime minutes=15 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + + roles: + - odcs/base + - odcs/frontend + + post_tasks: + - service: name="httpd" state=stopped + +- name: verify the backend, stop it, and then upgrade the db + hosts: odcs-backend:odcs-backend-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + odcs_migrate_db: True + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + pre_tasks: + - name: tell nagios to shush w.r.t. the backend + nagios: action=downtime minutes=15 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + - name: Stop the odcs backend + service: name="odcs-backend" state=stopped + + roles: + - odcs/base + - odcs/backend + + post_tasks: + - name: tell nagios to unshush w.r.t. the backend + nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + +- name: restart the frontend + hosts: odcs-frontend:odcs-frontend-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + odcs_migrate_db: True + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - service: name="httpd" state=started + + post_tasks: + - name: tell nagios to unshush w.r.t. the frontend + nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true diff --git a/playbooks/manual/upgrade/packages.yml b/playbooks/manual/upgrade/packages.yml new file mode 100644 index 0000000000..7e7c2479c3 --- /dev/null +++ b/playbooks/manual/upgrade/packages.yml @@ -0,0 +1,53 @@ +- name: push packages out + hosts: packages:packages-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + testing: False + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - name: clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} + command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} + check_mode: no + - name: yum update fedora-packages packages from main repo + yum: name="fedora-packages" state=latest + when: not testing + - name: yum update fedora-packages packages from testing repo + yum: name="fedora-packages" state=latest enablerepo=infrastructure-tags-stg + when: testing + +- name: verify the config and restart it + hosts: packages:packages-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + pre_tasks: + - name: tell nagios to shush + nagios: action=downtime minutes=60 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + + roles: + - role: packages3/web + + post_tasks: + - service: name="fedmsg-hub" state=stopped + - service: name="httpd" state=stopped + # TODO -- do any DB maintenance steps we need to do here.. + - service: name="httpd" state=started + - service: name="fedmsg-hub" state=started + + - name: tell nagios to unshush + nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true diff --git a/playbooks/manual/upgrade/pagure.yml b/playbooks/manual/upgrade/pagure.yml index 89f58417b4..ecfb26d1ec 100644 --- a/playbooks/manual/upgrade/pagure.yml +++ b/playbooks/manual/upgrade/pagure.yml @@ -1,124 +1,69 @@ # Utility playbook to upgrade pagure in stg and prod. -# You can use it to update stg by simply calling ``-l pagure_stg`` to your +# You can use it to update stg by simply calling ``-l pagure-stg`` to your # ansible command. -# To specify that you want to use the testing repo specify ``-e "testing=True"`` -# to your ansible command. -# Main task to upgrade pagure ---- -- name: Upgrade pagure - hosts: pagure:pagure_stg +- name: upgrade pagure + hosts: pagure:pagure-stg user: root vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml vars: - testing: false + testing: False handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" pre_tasks: - - name: Tell nagios to shush w.r.t. the frontend + - name: tell nagios to shush w.r.t. the frontend nagios: - action=downtime - minutes=15 - service=host - host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org + action=downtime + minutes=15 + service=host + host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org ignore_errors: true - -## -## To do here. Call a play which can set status to say pagure is down. -## + - service: name="httpd" state=stopped tasks: - - name: Yum update pagure packages from main repo + - name: yum update pagure packages from main repo yum: name="pagure*" state=latest update_cache=yes when: not testing - - name: Yum update pagure* packages from testing repo + - name: yum update pagure* packages from testing repo yum: name="pagure*" state=latest enablerepo=infrastructure-tags-stg update_cache=yes when: testing - # This is needed so the alembic will work. - - name: Stop the general pagure workers - service: - name: "{{ item }}" - state: stopped - with_items: - - httpd - - pagure_ev - - pagure_gitolite_worker - - pagure_logcom - - pagure_milter - - pagure_webhook - - pagure_worker - - - name: Stop the specific workers on pagure.io - service: - name: "{{ item }}" - state: stopped - with_items: - - pagure_ci - - pagure_fast_worker - - pagure_loadjson - - pagure_logcom - - pagure_medium_worker - - pagure_mirror - - pagure_slow_worker - when: inventory_hostname.startswith('pagure') - - name: Upgrade the database - ansible.builtin.command: /usr/bin/alembic -c /etc/pagure/alembic.ini upgrade head + command: /usr/bin/alembic -c /etc/pagure/alembic.ini upgrade head args: chdir: /etc/pagure/ environment: - PAGURE_CONFIG: /etc/pagure/pagure.cfg + PAGURE_CONFIG: /etc/pagure/pagure.cfg + + - name: call createdb + command: /usr/bin/python2 /usr/share/pagure/pagure_createdb.py + environment: + PAGURE_CONFIG: /etc/pagure/pagure.cfg post_tasks: - - - name: Start the general pagure workers - service: - name: "{{ item }}" - state: started - with_items: - - httpd - - pagure_ev - - pagure_gitolite_worker - - pagure_logcom - - pagure_milter - - pagure_webhook - - pagure_worker - - - name: Start_pagure_workers on pagure servers - service: - name: "{{ item }}" - state: started - with_items: - - pagure_ci - - pagure_fast_worker - - pagure_loadjson - - pagure_logcom - - pagure_medium_worker - - pagure_mirror - - pagure_slow_worker - when: inventory_hostname.startswith('pagure') - -## -## ToDo: Put in an include to pull in setting status back -## - - - - name: Tell nagios to unshush w.r.t. the frontend + - service: name="httpd" state=restarted + - service: name="pagure_ev" state=restarted + - service: name="pagure_ci" state=restarted + - service: name="pagure_webhook" state=restarted + - service: name="pagure_milter" state=restarted + - service: name="pagure_worker" state=restarted + - service: name="pagure_logcom" state=restarted + - service: name="pagure_loadjson" state=restarted + - name: tell nagios to unshush w.r.t. the frontend nagios: - action=unsilence - service=host - host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org + action=unsilence + service=host + host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org ignore_errors: true diff --git a/playbooks/manual/upgrade/pdc.yml b/playbooks/manual/upgrade/pdc.yml new file mode 100644 index 0000000000..1443d63a96 --- /dev/null +++ b/playbooks/manual/upgrade/pdc.yml @@ -0,0 +1,89 @@ +- name: verify the backend, and stop it + hosts: pdc-backend:pdc-backend-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + pre_tasks: + - name: clean all metadata + command: yum clean all + check_mode: no + - name: yum update PDC packages + yum: name="{{item}}" state=latest + with_items: + - pdc-client + - pdc-updater + - python-productmd + + roles: + - pdc/backend + + post_tasks: + - name: tell nagios to shush w.r.t. the backend + nagios: action=downtime minutes=15 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + - name: Stop the pdc-updater backend + service: name="fedmsg-hub" state=stopped + +- name: verify the frontend, stop it, upgrade the db, and restart it + hosts: pdc-web:pdc-web-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + pre_tasks: + - name: clean all metadata + command: dnf clean all + check_mode: no + - name: dnf update PDC packages + dnf: name="{{item}}" state=latest + with_items: + - python-pdc + - python-productmd + + roles: + - pdc/frontend + + post_tasks: + - name: tell nagios to shush w.r.t. the frontend + nagios: action=downtime minutes=15 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + - service: name="httpd" state=stopped + - name: Upgrade the database, only on the primary web node. + command: python /usr/lib/python2.7/site-packages/pdc/manage.py migrate --noinput + args: + chdir: /usr/lib/python2.7/site-packages/pdc/ + when: inventory_hostname_short == 'pdc-web01' + - service: name="httpd" state=started + - name: tell nagios to unshush w.r.t. the frontend + nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + +- name: restart the backend + hosts: pdc-backend:pdc-backend-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - name: And... start the backend again + service: name="fedmsg-hub" state=started + - name: tell nagios to unshush w.r.t. the backend + nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true diff --git a/playbooks/manual/upgrade/statscache.yml b/playbooks/manual/upgrade/statscache.yml new file mode 100644 index 0000000000..c004be6699 --- /dev/null +++ b/playbooks/manual/upgrade/statscache.yml @@ -0,0 +1,100 @@ +- name: push packages out + hosts: statscache-backend:statscache-backend-stg:statscache-web:statscache-web-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + testing: False + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - name: clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} + command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} + check_mode: no + - name: yum update statscache packages from main repo + yum: name="statscache*" state=latest + when: not testing + - name: yum update statscache packages from testing repo + yum: name="statscache*" state=latest enablerepo=infrastructure-tags-stg + when: testing + +- name: verify the frontend and stop it + hosts: statscache-web:statscache-web-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + pre_tasks: + - name: tell nagios to shush w.r.t. the frontend + nagios: action=downtime minutes=15 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + + roles: + - statscache/frontend + + post_tasks: + - service: name="httpd" state=stopped + +- name: verify the backend, stop it, and then upgrade the db + hosts: statscache-backend:statscache-backend-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + pre_tasks: + - name: tell nagios to shush w.r.t. the backend + nagios: action=downtime minutes=15 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + + roles: + - statscache/backend + + tasks: + - name: Stop the statscache backend + service: name="fedmsg-hub" state=stopped + + #- name: Upgrade the database + # command: /usr/bin/alembic -c /usr/share/statscache/alembic.ini upgrade head + # args: + # chdir: /usr/share/statscache/ + + - name: And... start the backend again + service: name="fedmsg-hub" state=started + + post_tasks: + - name: tell nagios to unshush w.r.t. the backend + nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + +- name: restart the frontend + hosts: statscache-web:statscache-web-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - service: name="httpd" state=started + + post_tasks: + - name: tell nagios to unshush w.r.t. the frontend + nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true diff --git a/playbooks/manual/upgrade/tagger.yml b/playbooks/manual/upgrade/tagger.yml new file mode 100644 index 0000000000..eb7680c349 --- /dev/null +++ b/playbooks/manual/upgrade/tagger.yml @@ -0,0 +1,57 @@ +- name: push packages out + hosts: tagger:tagger-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + testing: False + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + tasks: + - name: clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} + command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} + check_mode: no + - name: yum update fedora-tagger packages from main repo + yum: name="fedora-tagger" state=latest + when: not testing + - name: yum update fedora-tagger packages from testing repo + yum: name="fedora-tagger" state=latest enablerepo=infrastructure-tags-stg + when: testing + +- name: verify the config and restart it + hosts: tagger:tagger-stg + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + + pre_tasks: + - name: tell nagios to shush + nagios: action=downtime minutes=60 service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true + + roles: + - tagger + + post_tasks: + - service: name="httpd" state=stopped + + - name: Upgrade the database (only on one of the two nodes...) + command: /usr/bin/alembic -c /usr/share/fedoratagger/alembic.ini upgrade head + args: + chdir: /usr/share/fedoratagger/ + when: inventory_hostname.startswith('tagger01') + + - service: name="httpd" state=started + + - name: tell nagios to unshush + nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} + delegate_to: noc01.phx2.fedoraproject.org + ignore_errors: true diff --git a/playbooks/openshift-apps/application-monitoring.yml b/playbooks/openshift-apps/application-monitoring.yml deleted file mode 100644 index 973076cb8a..0000000000 --- a/playbooks/openshift-apps/application-monitoring.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -- name: Make the app be real - hosts: os_masters_stg[0] # only in staging for the ARC deployment - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - # oc new-project application-monitoring - - role: openshift/project - project_app: application-monitoring - project_description: Hosts the application monitoring operator - project_appowners: - - asaleh - - siddharthvipul1 - - post_tasks: - - name: Apply node labels - ansible.builtin.command: oc label --overwrite namespace application-monitoring monitoring-key=cpe - - - name: Apply node labels for bodhi POC - ansible.builtin.command: oc label --overwrite namespace bodhi monitoring-key=cpe - - - name: Make other pods available to the application-monitoring project - ansible.builtin.command: oc adm pod-network make-projects-global application-monitoring - - - name: Copy files - ansible.builtin.copy: - src: "{{ roles_path }}/openshift-apps/application-monitoring/files/ dest=/etc/openshift_apps/application-monitoring/" - - - name: Prometheus CRDs - ansible.builtin.command: oc -n application-monitoring apply -f /etc/openshift_apps/application-monitoring/prometheus-operator/example/prometheus-operator-crd/ - - - name: Prometheus CRD RBAC - ansible.builtin.command: oc -n application-monitoring apply -f /etc/openshift_apps/application-monitoring/prometheus-operator/example/rbac/prometheus-operator-crd/ - - - name: Prometheus Operator RBAC - ansible.builtin.command: oc -n application-monitoring apply -f /etc/openshift_apps/application-monitoring/prometheus-operator/example/rbac/prometheus-operator/ - - - name: Prometheus RBAC - ansible.builtin.command: oc -n application-monitoring apply -f /etc/openshift_apps/application-monitoring/prometheus-operator/example/rbac/prometheus/ diff --git a/playbooks/openshift-apps/asknot.yml b/playbooks/openshift-apps/asknot.yml deleted file mode 100644 index 08d7eefcfe..0000000000 --- a/playbooks/openshift-apps/asknot.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control_stg:os_control - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: asknot - project_description: What can I do for Fedora - project_appowners: - - zlopez - - kevin - - - role: openshift/object - object_app: asknot - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: asknot - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/start-build - start_build_app: asknot - start_build_buildname: asknot-build - start_build_objectname: asknot-build - tags: - - never - - build - - - role: openshift/object - object_app: asknot - object_file: service.yml - object_objectname: service.yml - - - role: openshift/route - route_app: asknot - route_name: asknot - route_host: "stg.whatcanidoforfedora.org" - route_serviceport: 8080-tcp - route_servicename: asknot - when: env == "staging" - - - role: openshift/route - route_app: asknot - route_name: asknot - route_host: "whatcanidoforfedora.org" - route_serviceport: 8080-tcp - route_servicename: asknot - when: env == "production" - - - role: openshift/object - object_app: asknot - object_file: deploymentconfig.yml - object_objectname: deploymentconfig.yml - - - role: openshift/rollout - rollout_app: asknot - rollout_dcname: asknot - tags: - - never - - rollout diff --git a/playbooks/openshift-apps/awx.yml b/playbooks/openshift-apps/awx.yml deleted file mode 100644 index a18531bf9a..0000000000 --- a/playbooks/openshift-apps/awx.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -- name: Make the app be real - hosts: localhost - connection: local - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - module_defaults: - group/awx.awx.controller: - controller_host: awx.fedoraproject.org - controller_username: "{{ awx_admin_username }}" - controller_password: "{{ awx_admin_password }}" - - roles: - - role: awx/controller diff --git a/playbooks/openshift-apps/badges.yml b/playbooks/openshift-apps/badges.yml deleted file mode 100644 index f537e8d14f..0000000000 --- a/playbooks/openshift-apps/badges.yml +++ /dev/null @@ -1,219 +0,0 @@ -# -# Badges (fedbadges & Tahrir) -# - ---- -- name: Setup the database - hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/vars/apps/badges.yml - - tasks: - - name: DB user - community.postgresql.postgresql_user: - name: "{{ tahrirDBUser }}" - password: "{{ (env == 'production') | ternary(tahrirDBPassword, tahrirstgDBPassword) }}" - - name: Database creation - community.postgresql.postgresql_db: - name: "{{ badges_db_name }}" - owner: "{{ tahrirDBUser }}" - encoding: UTF-8 - -- name: Give access to the datanommer DB - hosts: datanommer_dbserver:datanommer_dbserver_stg - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/vars/apps/badges.yml - - tasks: - - name: DB user - community.postgresql.postgresql_user: - name: "{{ tahrirDBUser }}" - password: "{{ (env == 'production') | ternary(tahrirDBPassword, tahrirstgDBPassword) }}" - - name: Grant the db user read only access to datanommer2 - community.postgresql.postgresql_privs: - database: datanommer2 - privs: SELECT - objs: ALL_IN_SCHEMA - roles: "{{ tahrirDBUser }}" - -- name: Make the app be real - hosts: os_control_stg:os_control - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/vars/apps/badges.yml - - roles: - - role: rabbit/user - user_name: "tahrir{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.badges\..* - tags: - - config - - fedora-messaging - - rabbitmq_cluster - - role: rabbit/queue - queue_username: "fedbadges{{ env_suffix }}" - queue_name: "fedbadges{{ env_suffix }}" - queue_routing_keys: - # The badges queue is subscribed to everything - - "#" - queue_thresholds: - warning: 20000 - critical: 25000 - # It sends a message when a badge is awarded - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.badges\..* - tags: - - config - - fedora-messaging - - rabbitmq_cluster - - - role: openshift/project - project_app: badges - project_description: "Badges" - project_appowners: - - abompard - - nphilipp - - ryanlerch - tags: - - apply-appowners - - - role: openshift/object - object_app: badges - object_file: imagestream.yml - object_objectname: imagestream.yml - - - role: openshift/object - object_app: badges - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: badges - object_template: secrets.yml.j2 - object_objectname: secrets.yml - - - role: openshift/object - object_app: badges - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: badges - object_file: service.yml - object_objectname: service.yml - - - role: openshift/object - object_app: badges - object_file: storage.yml - object_objectname: storage.yml - - # Routes - - role: openshift/route - route_app: badges - route_name: frontend - route_host: "badges{{ env_suffix }}.fedoraproject.org" - route_servicename: frontend - route_serviceport: web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - - role: openshift/route - route_app: badges - route_name: frontend-openshift - route_host: "badges.apps.ocp{{ env_suffix }}.fedoraproject.org" - route_servicename: frontend - route_serviceport: web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - - # Fedora Messaging - - role: openshift/secret-file - secret_file_app: badges - secret_file_secret_name: fedora-messaging-ca - secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - role: openshift/secret-file - secret_file_app: badges - secret_file_secret_name: fedora-messaging-crt - secret_file_key: fedbadges-cert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/fedbadges{{env_suffix}}.crt" - - role: openshift/secret-file - secret_file_app: badges - secret_file_secret_name: fedora-messaging-key - secret_file_key: fedbadges-key.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/fedbadges{{env_suffix}}.key" - - - role: openshift/secret-file - secret_file_app: badges - secret_file_secret_name: tahrir-fedora-messaging-crt - secret_file_key: tahrir-cert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/tahrir{{env_suffix}}.crt" - - role: openshift/secret-file - secret_file_app: badges - secret_file_secret_name: tahrir-fedora-messaging-key - secret_file_key: tahrir-key.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/tahrir{{env_suffix}}.key" - - # FASJSON access - - role: openshift/ipa-client - ipa_client_app: badges - - role: openshift/keytab - keytab_app: badges - keytab_key: fedbadges.keytab - keytab_secret_name: fedbadges-keytab - keytab_service: fedbadges - - # Deployment config - - role: openshift/object - object_app: badges - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - # Cron jobs - - role: openshift/object - object_app: badges - object_template: cron-award.yml.j2 - object_objectname: cron-award.yml - - role: openshift/object - object_app: badges - object_template: cron-update-rules.yml.j2 - object_objectname: cron-update-rules.yml - - - role: openshift/start-build - start_build_app: badges - start_build_buildname: "{{ dcname }}" - loop: - - fedbadges - - tahrir - loop_control: - loop_var: dcname - tags: - - never - - build - - - role: openshift/rollout - rollout_app: badges - rollout_dcname: "{{ dcname }}" - loop: - - fedbadges - - tahrir - loop_control: - loop_var: dcname - tags: - - never - - rollout diff --git a/playbooks/openshift-apps/blockerbugs.yml b/playbooks/openshift-apps/blockerbugs.yml deleted file mode 100644 index 9e3dcecad9..0000000000 --- a/playbooks/openshift-apps/blockerbugs.yml +++ /dev/null @@ -1,149 +0,0 @@ ---- -- name: Prepare setting up the database - hosts: db01.stg.iad2.fedoraproject.org:db01.iad2.fedoraproject.org - gather_facts: no - user: root - - tasks: - - name: Install psycopg2 for the postgresql ansible modules - ansible.builtin.package: - name: python3-psycopg2 - state: present - tags: - - packages - -- name: Setup the database - hosts: db01.stg.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" - - tasks: - - name: Create the database user - community.postgresql.postgresql_user: - name: "{{ stg_blockerbugs_db_user }}" - password: "{{ stg_blockerbugs_db_password }}" - - name: Create the database itself - community.postgresql.postgresql_db: - name: "blockerbugs" - owner: "{{ stg_blockerbugs_db_user }}" - encoding: UTF-8 - - name: Test the database creation - community.postgresql.postgresql_db: - name: "blockerbugs" - owner: "{{ stg_blockerbugs_db_user }}" - encoding: UTF-8 - -- name: Setup the database - hosts: db01.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" - - tasks: - - name: Create the database user - community.postgresql.postgresql_user: - name: "{{ prod_blockerbugs_db_user }}" - password: "{{ prod_blockerbugs_db_password }}" - - name: Create the database itself - community.postgresql.postgresql_db: - name: "blockerbugs" - owner: "{{ prod_blockerbugs_db_user }}" - encoding: UTF-8 - - name: Test the database creation - community.postgresql.postgresql_db: - name: "blockerbugs" - owner: "{{ prod_blockerbugs_db_user }}" - encoding: UTF-8 - -- name: Make the app be real - hosts: os_control_stg[0]:os_control[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: blockerbugs - project_description: Blockerbugs - project_appowners: - - frantisekz - - jskladan - - adamwill - - lbrabec - project_alert_users: - - frantisekz - tags: - - appowners - - - role: openshift/object - object_app: blockerbugs - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: blockerbugs - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - - role: openshift/object - object_app: blockerbugs - object_template: deployment.yml.j2 - object_objectname: deployment.yml - - - role: openshift/object - object_app: blockerbugs - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: blockerbugs - object_file: service.yml - object_objectname: service.yml - - - role: openshift/object - object_app: blockerbugs - object_template: secret.yml.j2 - object_objectname: secret.yml - - - role: openshift/object - object_app: blockerbugs - object_template: cron.yml.j2 - object_objectname: cron.yml - - - role: openshift/route - route_app: blockerbugs - route_name: blockerbugs - route_host: "qa{{ env_suffix }}.fedoraproject.org" - route_path: "/blockerbugs" - route_serviceport: 8080-tcp - route_servicename: blockerbugs - - - role: openshift/route - route_app: blockerbugs - route_name: qa-landing - route_host: "qa{{ env_suffix }}.fedoraproject.org" - route_serviceport: 8080-tcp - route_servicename: qa-landing - route_annotations: - haproxy.router.openshift.io/set-forwarded-headers: append - - - role: openshift/start-build - start_build_app: blockerbugs - start_build_buildname: blockerbugs-build - start_build_objectname: blockerbugs-build - tags: - - never - - build diff --git a/playbooks/openshift-apps/bodhi.yml b/playbooks/openshift-apps/bodhi.yml deleted file mode 100644 index 0465964280..0000000000 --- a/playbooks/openshift-apps/bodhi.yml +++ /dev/null @@ -1,197 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - vars: - - bodhi_message_queue_name: "bodhi{{ env_suffix }}" - - bodhi_message_routing_keys: - - "org.fedoraproject.*.bodhi.update.edit" - - "org.fedoraproject.*.bodhi.update.request.testing" - - "org.fedoraproject.*.buildsys.tag" - - "org.fedoraproject.*.resultsdb.result.new" - - "org.fedoraproject.*.waiverdb.waiver.new" - - ocp4: true - - pre_tasks: - - name: Include Global Variables - ansible.builtin.include_vars: - dir: /srv/web/infra/ansible/vars/all/ - ignore_files: README - - name: Include Bodhi Variables - ansible.builtin.include_vars: /srv/web/infra/ansible/vars/apps/bodhi.yml - - name: Set bodhi_version fact - ansible.builtin.set_fact: - args: - bodhi_version: "{{ bodhi_version }}" - - roles: - - role: rabbit/queue - queue_username: "bodhi{{ env_suffix }}" - queue_name: "{{ bodhi_message_queue_name }}" - queue_routing_keys: "{{ bodhi_message_routing_keys }}" - queue_thresholds: - warning: 10 - critical: 100 - user_sent_topics: "{{ bodhi_sent_topics }}" - - - role: openshift/project - project_app: bodhi - project_description: bodhi - project_appowners: - - abompard - - mattia - - patrikp - - lenkaseg - - kevin - - amedvede - tags: - - apply-appowners - when: env == "production" - - role: openshift/project - project_app: bodhi - project_description: bodhi - project_appowners: - - abompard - - ryanlerch - - mattia - - humaton - - patrikp - - lenkaseg - - kevin - - amedvede - tags: - - apply-appowners - when: env == "staging" - - role: openshift/object - object_app: bodhi - object_file: pvc.yml - object_objectname: pvc.yml - - role: openshift/keytab - keytab_app: bodhi - keytab_key: koji-keytab - keytab_secret_name: bodhi-keytab - keytab_service: bodhi - keytab_host: "bodhi{{ env_suffix }}.fedoraproject.org" - - role: openshift/secret-file - secret_file_app: bodhi - secret_file_secret_name: bodhi-fedora-messaging-ca - secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - role: openshift/secret-file - secret_file_app: bodhi - secret_file_secret_name: bodhi-fedora-messaging-crt - secret_file_key: bodhi-cert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/bodhi{{env_suffix}}.crt" - - role: openshift/secret-file - secret_file_app: bodhi - secret_file_secret_name: bodhi-fedora-messaging-key - secret_file_key: bodhi-key.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/bodhi{{env_suffix}}.key" - - role: openshift/object - object_app: bodhi - object_template: imagestreams-tagged.yml.j2 - object_objectname: imagestreams.yml - - role: openshift/imagestream - imagestream_app: bodhi - imagestream_imagename: bodhi-base - - role: openshift/object - object_app: bodhi - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - role: openshift/start-build - start_build_app: bodhi - start_build_buildname: bodhi-base - tags: - - never - - build - - role: openshift/object - object_app: bodhi - object_template_fullpath: "{{roles_path}}/bodhi2/base/templates/configmap.yml.j2" - object_objectname: configmap.yml - - role: openshift/object - object_app: bodhi - object_file: service.yml - object_objectname: service.yml - - role: openshift/object - object_app: bodhi - object_file: servicemonitor.yml - object_objectname: servicemonitor.yml - when: env != "production" - - role: openshift/object - object_app: bodhi - object_file: podmonitor.yml - object_objectname: podmonitor.yml - when: env != "production" - - role: openshift/route - route_app: bodhi - route_name: bodhi-web - route_host: "bodhi{{ env_suffix }}.fedoraproject.org" - route_serviceport: web - route_servicename: bodhi-web - route_annotations: - haproxy.router.openshift.io/timeout: 180s - - role: openshift/object - object_app: bodhi - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - role: openshift/object - object_app: bodhi - object_template: critpathcron.yml.j2 - object_objectname: critpathcron.yml - - role: openshift/imagestream - imagestream_app: bodhi - imagestream_imagename: bodhi-critpathcron - - role: openshift/rollout - rollout_app: bodhi - rollout_dcname: bodhi-web - tags: - - never - - rollout - - role: openshift/rollout - rollout_app: bodhi - rollout_dcname: bodhi-consumer - tags: - - never - - rollout - - role: openshift/rollout - rollout_app: bodhi - rollout_dcname: bodhi-celery - tags: - - never - - rollout - - post_tasks: - - name: Scale up pods - ansible.builtin.command: oc -n bodhi scale dc/bodhi-consumer --replicas={{ bodhi_openshift_pods }} - when: env == "production" - - name: Scale up pods - ansible.builtin.command: oc -n bodhi scale dc/bodhi-celery --replicas={{ bodhi_openshift_pods }} - when: env == "production" - - name: Scale up pods - ansible.builtin.command: oc -n bodhi scale dc/bodhi-web --replicas=2 - when: env == "production" - - name: Scale up pods - ansible.builtin.command: oc -n bodhi scale dc/bodhi-consumer --replicas={{ bodhi_openshift_pods }} - when: env == "staging" - - name: Scale up pods - ansible.builtin.command: oc -n bodhi scale dc/bodhi-celery --replicas={{ bodhi_openshift_pods }} - when: env == "staging" - - name: Scale up pods - ansible.builtin.command: oc -n bodhi scale dc/bodhi-web --replicas={{ bodhi_openshift_pods }} - when: env == "staging" - - name: Set the timeout to the openshift route - ansible.builtin.command: "oc -n bodhi annotate route bodhi-web --overwrite haproxy.router.openshift.io/timeout=180s" - tags: - - route-timeout - - name: Trigger critpath cronjob - ansible.builtin.command: "oc -n bodhi create job critpathcron-manual-{{ lookup('pipe', 'date +%s') }} --from=cronjob/fedora-bodhi-critpathcron" - tags: - - never - - critpathcron diff --git a/playbooks/openshift-apps/bugzilla2fedmsg.yml b/playbooks/openshift-apps/bugzilla2fedmsg.yml deleted file mode 100644 index d1b832df66..0000000000 --- a/playbooks/openshift-apps/bugzilla2fedmsg.yml +++ /dev/null @@ -1,85 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - - role: rabbit/user - user_name: "bugzilla2fedmsg{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.bugzilla\..* - - - role: openshift/project - project_app: bugzilla2fedmsg - project_description: bugzilla2fedmsg - project_appowners: - - abompard - - kevin - tags: - - apply-appowners - - # Fedora Messaging secrets - - role: openshift/secret-file - secret_file_app: bugzilla2fedmsg - secret_file_secret_name: fedora-messaging-ca - secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - - role: openshift/secret-file - secret_file_app: bugzilla2fedmsg - secret_file_secret_name: fedora-messaging-crt - secret_file_key: bugzilla2fedmsg-cert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/bugzilla2fedmsg{{env_suffix}}.crt" - - - role: openshift/secret-file - secret_file_app: bugzilla2fedmsg - secret_file_secret_name: fedora-messaging-key - secret_file_key: bugzilla2fedmsg-key.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/bugzilla2fedmsg{{env_suffix}}.key" - - # STOMP secrets - - role: openshift/secret-file - secret_file_app: bugzilla2fedmsg - secret_file_secret_name: stomp-crt - secret_file_key: msg-client-fedora-prod.crt - secret_file_privatefile: "bugzilla2fedmsg/msg-client-fedora-prod.crt" - - - role: openshift/secret-file - secret_file_app: bugzilla2fedmsg - secret_file_secret_name: stomp-key - secret_file_key: msg-client-fedora-prod.key - secret_file_privatefile: "bugzilla2fedmsg/msg-client-fedora-prod.key" - - # FASJSON access - - role: openshift/ipa-client - ipa_client_app: bugzilla2fedmsg - - role: openshift/keytab - keytab_app: bugzilla2fedmsg - keytab_key: service.keytab - keytab_secret_name: keytab - keytab_service: bugzilla2fedmsg - - - role: openshift/imagestream - imagestream_app: bugzilla2fedmsg - imagestream_imagename: bugzilla2fedmsg - - - role: openshift/object - object_app: bugzilla2fedmsg - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: bugzilla2fedmsg - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: bugzilla2fedmsg - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml diff --git a/playbooks/openshift-apps/cloud-image-uploader.yml b/playbooks/openshift-apps/cloud-image-uploader.yml deleted file mode 100644 index 93e3e377ab..0000000000 --- a/playbooks/openshift-apps/cloud-image-uploader.yml +++ /dev/null @@ -1,168 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: rabbit/user - user_name: "cloud-image-uploader{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fedora_image_uploader\..* - - - role: rabbit/queue - queue_username: "cloud-image-uploader{{ env_suffix }}" - queue_name: "cloud-image-uploader{{ env_suffix }}-aws" - queue_routing_keys: - - "org.fedoraproject.*.pungi.compose.status.change" - queue_thresholds: - warning: 25 - critical: 50 - - - role: rabbit/queue - queue_username: "cloud-image-uploader{{ env_suffix }}" - queue_name: "cloud-image-uploader{{ env_suffix }}-azure" - queue_routing_keys: - - "org.fedoraproject.*.pungi.compose.status.change" - queue_thresholds: - warning: 25 - critical: 50 - - - role: rabbit/queue - queue_username: "cloud-image-uploader{{ env_suffix }}" - queue_name: "cloud-image-uploader{{ env_suffix }}-containers" - queue_routing_keys: - - "org.fedoraproject.*.pungi.compose.status.change" - queue_thresholds: - warning: 25 - critical: 50 - - - role: rabbit/queue - queue_username: "cloud-image-uploader{{ env_suffix }}" - queue_name: "cloud-image-uploader{{ env_suffix }}-gcp" - queue_routing_keys: - - "org.fedoraproject.*.pungi.compose.status.change" - queue_thresholds: - warning: 25 - critical: 50 - - - role: openshift/project - project_app: cloud-image-uploader - project_description: AMQP consumer that uploads Cloud images to cloud providers - project_appowners: - - jcline - - - role: openshift/object - object_app: cloud-image-uploader - object_file: imagestream.yml - object_objectname: imagestream.yml - - - role: openshift/object - object_app: cloud-image-uploader - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: cloud-image-uploader - object_template: configmap.yml.j2 - object_objectname: configmap.yml - vars: - azure_image_regions: - - "australiaeast" - - "brazilsouth" - - "canadacentral" - - "centralindia" - - "centralus" - - "eastasia" - - "eastus" - - "eastus2" - - "francecentral" - - "germanywestcentral" - - "israelcentral" - - "italynorth" - - "japaneast" - - "koreacentral" - - "mexicocentral" - - "northeurope" - - "norwayeast" - - "polandcentral" - - "qatarcentral" - - "southafricanorth" - - "southcentralus" - - "southeastasia" - - "spaincentral" - - "swedencentral" - - "switzerlandnorth" - - "uaenorth" - - "uksouth" - - "westeurope" - - "westus2" - - "westus3" - - - role: openshift/secret-file - secret_file_app: cloud-image-uploader - secret_file_secret_name: cloud-image-uploader-fedora-messaging-key - secret_file_key: cloud-image-uploader.key - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/cloud-image-uploader{{env_suffix}}.key" - - - role: openshift/secret-file - secret_file_app: cloud-image-uploader - secret_file_secret_name: cloud-image-uploader-fedora-messaging-crt - secret_file_key: cloud-image-uploader.crt - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/cloud-image-uploader{{env_suffix}}.crt" - - - role: openshift/secret-file - secret_file_app: cloud-image-uploader - secret_file_secret_name: cloud-image-uploader-fedora-messaging-ca - secret_file_key: cloud-image-uploader.ca - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - - role: openshift/secret-file - secret_file_app: cloud-image-uploader - secret_file_secret_name: registry-fedoraproject-cert - secret_file_key: registry-fedoraproject.cert - secret_file_privatefile: "docker-registry/{{env}}/pki/issued/containerstable.crt" - - - role: openshift/secret-file - secret_file_app: cloud-image-uploader - secret_file_secret_name: registry-fedoraproject-key - secret_file_key: registry-fedoraproject.key - secret_file_privatefile: "docker-registry/{{env}}/pki/private/containerstable.key" - - - role: openshift/secret-file - secret_file_app: cloud-image-uploader - secret_file_secret_name: cloud-image-uploader-google-cloud-key - secret_file_key: google_cloud_image_uploader.json - secret_file_privatefile: "gcp/{{env}}/image_uploader.json" - - - role: openshift/object - object_app: cloud-image-uploader - object_template: secret.yml.j2 - object_objectname: secret.yml - - - role: openshift/object - object_app: cloud-image-uploader - object_template: aws-secrets.yml.j2 - object_objectname: aws-secrets.yml - - - role: openshift/object - object_app: cloud-image-uploader - object_template: container-secrets.yml.j2 - object_objectname: container-secrets.yml - - - role: openshift/start-build - start_build_app: cloud-image-uploader - start_build_buildname: cloud-image-uploader-build - start_build_objectname: cloud-image-uploader-build - tags: - - never - - build - - - role: openshift/object - object_app: cloud-image-uploader - object_template: deployment.yml.j2 - object_objectname: deployment.yml diff --git a/playbooks/openshift-apps/compose-tracker.yml b/playbooks/openshift-apps/compose-tracker.yml deleted file mode 100644 index 996a537ca9..0000000000 --- a/playbooks/openshift-apps/compose-tracker.yml +++ /dev/null @@ -1,66 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: compose-tracker - project_description: Opens issues for failed Composes against https://pagure.io/releng/failed-composes/ - project_appowners: - - dustymabe - - mizdebsk - - humaton - tags: - - appowner - - - role: openshift/object - object_app: compose-tracker - object_template: secret.yml.j2 - object_objectname: secret.yml - - - role: openshift/object - object_app: compose-tracker - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: compose-tracker - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/start-build - start_build_app: compose-tracker - start_build_buildname: compose-tracker-build - start_build_objectname: compose-tracker-build - tags: - - never - - build - - - role: openshift/object - object_app: compose-tracker - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - - role: openshift/rollout - rollout_app: compose-tracker - rollout_dcname: compose-tracker - tags: - - never - - rollout - - ############################################### - # actions to delete the project from OpenShift - ############################################### - # to run: sudo rbac-playbook -l os_control_stg[0] -t delete openshift-apps/compose-tracker.yml - - role: openshift/object-delete - object_delete_app: compose-tracker - object_delete_objecttype: project - object_delete_objectname: compose-tracker - tags: [never, delete] diff --git a/playbooks/openshift-apps/coreos-ci.yml b/playbooks/openshift-apps/coreos-ci.yml deleted file mode 100644 index dafd197f1a..0000000000 --- a/playbooks/openshift-apps/coreos-ci.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control:os_control_stg - user: root - gather_facts: false - - ############################################ - # actions to create the project in OpenShift - ############################################ - # to run: sudo rbac-playbook -l os_control_stg openshift-apps/coreos-ci.yml - roles: - - role: openshift-apps/coreos-ci - project_name: coreos-ci - project_description: CoreOS CI Infrastructure - appowners: - - aaradhak - - dustymabe - - jbtrystram - - jlebon - - kevin - - marmijo - - ravanelli - - walters - - ############################################### - # actions to delete the project from OpenShift - ############################################### - # to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/coreos-ci.yml - - role: openshift/object-delete - object_delete_app: coreos-ci - object_delete_objecttype: project - object_delete_objectname: coreos-ci - tags: [never, delete] diff --git a/playbooks/openshift-apps/coreos-cincinnati.yml b/playbooks/openshift-apps/coreos-cincinnati.yml deleted file mode 100644 index bbbe7e77f6..0000000000 --- a/playbooks/openshift-apps/coreos-cincinnati.yml +++ /dev/null @@ -1,111 +0,0 @@ ---- -- name: Provision CoreOS Cincinnati backend - hosts: os_control:os_control_stg - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/roles/openshift-apps/coreos-cincinnati/vars/{{ env }}.yml - - pre_tasks: - - name: Include Global Variables - ansible.builtin.include_vars: - dir: /srv/web/infra/ansible/vars/all/ - ignore_files: README - - ############################################ - # actions to create the project in OpenShift - ############################################ - # to run: sudo rbac-playbook -l os_control_stg openshift-apps/coreos-cincinnati.yml - roles: - - role: openshift/project - project_app: coreos-cincinnati - project_description: Fedora CoreOS Cincinnati backend - project_appowners: - - c4rt0 - - dustymabe - - jbtrystram - - jlebon - - marmijo - - siosm - - - role: openshift/object - object_app: coreos-cincinnati - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: coreos-cincinnati - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/start-build - start_build_app: coreos-cincinnati - start_build_buildname: coreos-cincinnati-build - start_build_objectname: coreos-cincinnati-build - - - role: openshift/object - object_app: coreos-cincinnati - object_template: config-stub.yml.j2 - object_objectname: config-stub.yml - - - role: openshift/object - object_app: coreos-cincinnati - object_template: deployment.yml.j2 - object_objectname: deployment.yml - - - role: openshift/rollout - rollout_app: coreos-cincinnati - rollout_dcname: coreos-cincinnati - tags: [never, rollout] - - - role: openshift/object - object_app: coreos-cincinnati - object_template: service.yml.j2 - object_objectname: service.yml - - - role: openshift/object - object_app: coreos-cincinnati - object_template: servicemonitor.yml.j2 - object_objectname: servicemonitor.yml - - - role: openshift/route - route_app: coreos-cincinnati - route_name: coreos-updates - route_host: "updates.coreos{{ env_suffix }}.fedoraproject.org" - route_serviceport: coreos-cincinnati-updates - route_servicename: coreos-cincinnati - - - role: openshift/route - route_app: coreos-cincinnati - route_name: coreos-updates-status - route_host: "status.updates.coreos{{ env_suffix }}.fedoraproject.org" - route_serviceport: coreos-cincinnati-updates-status - route_servicename: coreos-cincinnati - - - role: openshift/route - route_app: coreos-cincinnati - route_name: coreos-updates-raw - route_host: "raw-updates.coreos{{ env_suffix }}.fedoraproject.org" - route_serviceport: coreos-cincinnati-raw-updates - route_servicename: coreos-cincinnati - - - role: openshift/route - route_app: coreos-cincinnati - route_name: coreos-updates-raw-status - route_host: "status.raw-updates.coreos{{ env_suffix }}.fedoraproject.org" - route_serviceport: coreos-cincinnati-raw-updates-status - route_servicename: coreos-cincinnati - - ############################################### - # actions to delete the project from OpenShift - ############################################### - # to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/coreos-cincinnati.yml - - role: openshift/object-delete - object_delete_app: coreos-cincinnati - object_delete_objecttype: project - object_delete_objectname: coreos-cincinnati - tags: [never, delete] diff --git a/playbooks/openshift-apps/coreos-koji-tagger.yml b/playbooks/openshift-apps/coreos-koji-tagger.yml deleted file mode 100644 index c91277cdc9..0000000000 --- a/playbooks/openshift-apps/coreos-koji-tagger.yml +++ /dev/null @@ -1,74 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control:os_control_stg - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - ############################################ - # actions to create the project in OpenShift - ############################################ - # to run: sudo rbac-playbook -l os_control_stg openshift-apps/coreos-koji-tagger.yml - roles: - - role: openshift/project - project_app: coreos-koji-tagger - project_description: Tags builds into koji tags within Fedora's Koji instance - project_appowners: - - c4rt0 - - dustymabe - - jlebon - - marmijo - - mizdebsk - - walters - - # Create a keytab. The default username will be like: - # coreos-koji-tagger/coreos-koji-tagger.fedoraproject.org@FEDORAPROJECT.ORG - - role: openshift/keytab - keytab_app: coreos-koji-tagger - keytab_key: koji-keytab - keytab_secret_name: coreos-koji-tagger-keytab - keytab_service: coreos-koji-tagger - keytab_host: "coreos-koji-tagger{{ env_suffix }}.fedoraproject.org" - - # Copy in a kerberos config that is unique to fedora infra - - role: openshift/object - object_app: coreos-koji-tagger - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: coreos-koji-tagger - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: coreos-koji-tagger - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/start-build - start_build_app: coreos-koji-tagger - start_build_buildname: coreos-koji-tagger-build - start_build_objectname: coreos-koji-tagger-build - tags: - - never - - build - - - role: openshift/object - object_app: coreos-koji-tagger - object_template: deployment.yml.j2 - object_objectname: deployment.yml - - ############################################### - # actions to delete the project from OpenShift - ############################################### - # to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/coreos-koji-tagger.yml - - role: openshift/object-delete - object_delete_app: coreos-koji-tagger - object_delete_objecttype: project - object_delete_objectname: coreos-koji-tagger - tags: [never, delete] diff --git a/playbooks/openshift-apps/coreos-ostree-importer.yml b/playbooks/openshift-apps/coreos-ostree-importer.yml deleted file mode 100644 index 24ab7829d3..0000000000 --- a/playbooks/openshift-apps/coreos-ostree-importer.yml +++ /dev/null @@ -1,108 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control:os_control_stg - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - vars: - fedora_messaging_username: "coreos-ostree-importer{{ env_suffix }}" - fedora_messaging_queue_name: "coreos-ostree-importer{{ env_suffix }}" - fedora_messaging_ca_file: "coreos-ostree-importer-fedora-messaging-cacert.pem" - fedora_messaging_cert_file: "coreos-ostree-importer-fedora-messaging-cert.pem" - fedora_messaging_key_file: "coreos-ostree-importer-fedora-messaging-key.pem" - - # Set the fedora_messaging_routing_keys var based on the environment - pre_tasks: - - name: Set the fedora_messaging_routing_keys var - ansible.builtin.set_fact: - fedora_messaging_routing_keys: - - "org.fedoraproject.stg.coreos.build.request.ostree-import" - when: env == 'staging' - - name: Set the fedora_messaging_routing_keys var - ansible.builtin.set_fact: - fedora_messaging_routing_keys: - - "org.fedoraproject.prod.coreos.build.request.ostree-import" - when: env != 'staging' - - ############################################ - # actions to create the project in OpenShift - ############################################ - # to run: sudo rbac-playbook -l os_control_stg openshift-apps/coreos-ostree-importer.yml - roles: - - role: openshift/project - project_app: coreos-ostree-importer - project_description: Imports OSTree commits into Fedora from the Fedora CoreOS pipeline - project_appowners: - - c4rt0 - - dustymabe - - jlebon - - kevin - - marmijo - - # Fedora Messaging User/Queue information - - role: rabbit/queue - queue_username: "{{ fedora_messaging_username }}" - queue_name: "{{ fedora_messaging_queue_name }}" - queue_routing_keys: "{{ fedora_messaging_routing_keys }}" - queue_thresholds: - warning: 10 - critical: 100 - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.coreos\..* - - # Fedora Messaging secrets - - role: openshift/secret-file - secret_file_app: coreos-ostree-importer - secret_file_secret_name: fedora-messaging-ca - secret_file_key: "{{ fedora_messaging_ca_file }}" - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - role: openshift/secret-file - secret_file_app: coreos-ostree-importer - secret_file_secret_name: fedora-messaging-crt - secret_file_key: "{{ fedora_messaging_cert_file }}" - secret_file_privatefile: "rabbitmq/{{env}}/pki.new/issued/coreos-ostree-importer{{env_suffix}}.crt" - - role: openshift/secret-file - secret_file_app: coreos-ostree-importer - secret_file_secret_name: fedora-messaging-key - secret_file_key: "{{ fedora_messaging_key_file }}" - secret_file_privatefile: "rabbitmq/{{env}}/pki.new/private/coreos-ostree-importer{{env_suffix}}.key" - - # Fedora Messaging config - - role: openshift/object - object_app: coreos-ostree-importer - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: coreos-ostree-importer - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: coreos-ostree-importer - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: coreos-ostree-importer - object_template: deployment.yml.j2 - object_objectname: deployment.yml - - - role: openshift/object - object_app: coreos-ostree-importer - object_template: pvc.yml.j2 - object_objectname: pvc.yml - - ############################################### - # actions to delete the project from OpenShift - ############################################### - # to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/coreos-ostree-importer.yml - - role: openshift/object-delete - object_delete_app: coreos-ostree-importer - object_delete_objecttype: project - object_delete_objectname: coreos-ostree-importer - tags: [never, delete] diff --git a/playbooks/openshift-apps/custom-error-pages.yml b/playbooks/openshift-apps/custom-error-pages.yml deleted file mode 100644 index 18085adcf5..0000000000 --- a/playbooks/openshift-apps/custom-error-pages.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - name: Create project directory - ansible.builtin.file: - path: /etc/openshift_apps/openshift-config - state: directory - owner: root - group: root - mode: "0750" - - roles: - - role: openshift/object - object_app: openshift-config - object_objectname: error-code-pages.yml - object_template: error-code-pages.yml.j2 - - post_tasks: - - name: Patch ingress controller with custom error pages - ansible.builtin.command: oc patch -n openshift-ingress-operator ingresscontroller/default --patch '{"spec":{"httpErrorCodePages":{"name":"fedora-error-code-pages"}}}' --type=merge diff --git a/playbooks/openshift-apps/datagrepper.yml b/playbooks/openshift-apps/datagrepper.yml deleted file mode 100644 index 8361daaec1..0000000000 --- a/playbooks/openshift-apps/datagrepper.yml +++ /dev/null @@ -1,115 +0,0 @@ ---- -- name: Give access to the datanommer DB - hosts: datanommer_dbserver:datanommer_dbserver_stg - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/vars/apps/badges.yml - - tasks: - - name: DB user - community.postgresql.postgresql_user: - name: datagrepper - password: "{{ (env == 'production') | ternary(datagrepper_prod_db_password, datagrepper_stg_db_password) }}" - - name: Grant the db user read only access to datanommer2 - community.postgresql.postgresql_privs: - database: datanommer2 - privs: SELECT - objs: ALL_IN_SCHEMA - roles: datagrepper - - -- name: Make the app be real - hosts: os_control_stg[0]:os_control[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - vars: - - roles: - - - role: openshift/project - project_app: datagrepper - project_description: "Query the message history" - project_appowners: - - abompard - - ryanlerch - - kevin - tags: - - apply-appowners - when: env == "production" - - role: openshift/project - project_app: datagrepper - project_description: "Query the message history" - project_appowners: - - abompard - - ryanlerch - - james02135 - - lenkaseg - - kevin - tags: - - apply-appowners - when: env == "staging" - - - role: openshift/object - object_app: datagrepper - object_file: imagestream.yml - object_objectname: imagestream.yml - - - role: openshift/object - object_app: datagrepper - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: datagrepper - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: datagrepper - object_template: service.yml.j2 - object_objectname: service.yml - - - role: openshift/route - route_app: datagrepper - route_name: datagrepper - route_host: "apps{{ env_suffix }}.fedoraproject.org" - route_path: "/datagrepper" - route_serviceport: web - route_servicename: datagrepper-web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - - - role: openshift/object - object_app: datagrepper - object_template: secret-webhook.yml.j2 - object_objectname: secret-webhook.yml - - - role: openshift/object - object_app: datagrepper - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - # - role: openshift/start-build - # start_build_app: datagrepper - # start_build_buildname: datagrepper - # tags: - # - never - # - build - - # - role: openshift/rollout - # rollout_app: datagrepper - # rollout_dcname: datagrepper - # tags: - # - never - # - rollout diff --git a/playbooks/openshift-apps/datanommer.yml b/playbooks/openshift-apps/datanommer.yml deleted file mode 100644 index 693a381df8..0000000000 --- a/playbooks/openshift-apps/datanommer.yml +++ /dev/null @@ -1,84 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control_stg[0]:os_control[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: rabbit/queue - queue_username: "datanommer{{ env_suffix }}" - queue_name: "datanommer{{ env_suffix }}" - queue_routing_keys: - - "#" - queue_thresholds: - warning: 50 - critical: 500 - # Datanommer does not publish messages - user_sent_topics: ^$ - - - role: openshift/project - project_app: datanommer - project_description: "Fedora messaging consumer" - project_appowners: - - abompard - - ryanlerch - - james02135 - - lenkaseg - - kevin - tags: - - apply-appowners - when: env == "production" - - - role: openshift/project - project_app: datanommer - project_description: "Fedora messaging consumer" - project_appowners: - - abompard - - ryanlerch - - james02135 - - lenkaseg - - kevin - tags: - - apply-appowners - when: env == "staging" - - - role: openshift/secret-file - secret_file_app: datanommer - secret_file_secret_name: fedora-messaging-ca - secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - role: openshift/secret-file - secret_file_app: datanommer - secret_file_secret_name: fedora-messaging-crt - secret_file_key: datanommer-cert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/datanommer{{env_suffix}}.crt" - - role: openshift/secret-file - secret_file_app: datanommer - secret_file_secret_name: fedora-messaging-key - secret_file_key: datanommer-key.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/datanommer{{env_suffix}}.key" - - - role: openshift/object - object_app: datanommer - object_file: imagestream.yml - object_objectname: imagestream.yml - - - role: openshift/object - object_app: datanommer - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: datanommer - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: datanommer - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml diff --git a/playbooks/openshift-apps/discourse2fedmsg.yml b/playbooks/openshift-apps/discourse2fedmsg.yml deleted file mode 100644 index c2c60a1ca6..0000000000 --- a/playbooks/openshift-apps/discourse2fedmsg.yml +++ /dev/null @@ -1,86 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: rabbit/user - user_name: "discourse2fedmsg{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.discourse\..* - - - role: openshift/project - project_app: discourse2fedmsg - project_description: "Relay Discourse webhooks to Fedora Messaging" - project_appowners: - - ryanlerch - - abompard - - kevin - tags: - - apply-appowners - - - role: openshift/secret-file - secret_file_app: discourse2fedmsg - secret_file_secret_name: fedora-messaging-ca - secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - role: openshift/secret-file - secret_file_app: discourse2fedmsg - secret_file_secret_name: fedora-messaging-crt - secret_file_key: discourse2fedmsg-cert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/discourse2fedmsg{{env_suffix}}.crt" - - role: openshift/secret-file - secret_file_app: discourse2fedmsg - secret_file_secret_name: fedora-messaging-key - secret_file_key: discourse2fedmsg-key.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/discourse2fedmsg{{env_suffix}}.key" - - - role: openshift/imagestream - imagestream_app: discourse2fedmsg - imagestream_imagename: discourse2fedmsg - - - role: openshift/object - object_app: discourse2fedmsg - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: discourse2fedmsg - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: discourse2fedmsg - object_file: service.yml - object_objectname: service.yml - - - role: openshift/route - route_app: discourse2fedmsg - route_name: discourse2fedmsg - route_host: "discourse2fedmsg{{ env_suffix }}.fedoraproject.org" - route_serviceport: web - route_servicename: discourse2fedmsg-web - - - role: openshift/object - object_app: discourse2fedmsg - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - # - role: openshift/start-build - # start_build_app: discourse2fedmsg - # start_build_buildname: discourse2fedmsg - # tags: - # - never - # - build - - # - role: openshift/rollout - # rollout_app: discourse2fedmsg - # rollout_dcname: discourse2fedmsg - # tags: - # - never - # - rollout diff --git a/playbooks/openshift-apps/docsbuilding.yml b/playbooks/openshift-apps/docsbuilding.yml deleted file mode 100644 index dbdb1a465d..0000000000 --- a/playbooks/openshift-apps/docsbuilding.yml +++ /dev/null @@ -1,80 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: docsbuilding - project_description: Documentation building - project_alerting: true - project_appowners: - - asamalik - - jibecfed - - dustymabe - - darknao - - pbokoc - project_alert_users: - - darknao - - pbokoc - - kevin - tags: - - apply-appowners - - appowners - - - role: openshift/imagestream - imagestream_app: docsbuilding - imagestream_imagename: builder - - - role: openshift/object - object_app: docsbuilding - object_objectname: buildconfig.yml - object_template: buildconfig.yml.j2 - - - role: openshift/start-build - start_build_app: docsbuilding - start_build_buildname: builder-build - tags: - - never - - build - - - role: openshift/object - object_app: docsbuilding - object_template: cron.yml.j2 - object_objectname: cron.yml - tags: - - deploy-cronjob - - - role: openshift/object - object_app: docsbuilding - object_template: cron-translated.yml.j2 - object_objectname: cron-translated.yml - tags: - - deploy-cronjob - - - role: openshift/object - object_app: docsbuilding - object_file: pvc.yml - object_objectname: pvc.yml - - - ############################################### - # actions to delete the project from OpenShift - ############################################### - # to run: sudo rbac-playbook -l os_masters_stg[0] -t delete openshift-apps/docsbuilding.yml - - role: openshift/object-delete - object_delete_app: docsbuilding - object_delete_objecttype: cronjob - object_delete_objectname: cron - tags: [never, delete] - - role: openshift/object-delete - object_delete_app: docsbuilding - object_delete_objecttype: cronjob - object_delete_objectname: cron-translated - tags: [never, delete] diff --git a/playbooks/openshift-apps/docstranslation.yml b/playbooks/openshift-apps/docstranslation.yml deleted file mode 100644 index 1d7539f8fc..0000000000 --- a/playbooks/openshift-apps/docstranslation.yml +++ /dev/null @@ -1,96 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - vars: - ssh_key_path: "{{ private }}/files/docstranslation/id_rsa_docstrans_{{ env_short }}" - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Define Project - ansible.builtin.include_role: - name: openshift/project - vars: - project_app: docstranslation - project_description: Documentation translation - project_appowners: - - asamalik - - darknao - - jibecfed - - misc - tags: - - apply-appowners - - - name: Define imagestream - ansible.builtin.include_role: - name: openshift/imagestream - vars: - imagestream_app: docstranslation - imagestream_imagename: builder - - - name: Define buildconfig - ansible.builtin.include_role: - name: openshift/object - vars: - object_app: docstranslation - object_objectname: buildconfig.yml - object_template: buildconfig.yml.j2 - - - name: Start build - ansible.builtin.include_role: - name: openshift/start-build - vars: - start_build_app: docstranslation - start_build_buildname: docstranslation-build - tags: - - never - - build - - - name: Define secrets - ansible.builtin.include_role: - name: openshift/object - vars: - object_app: docstranslation - object_objectname: secrets.yml - object_template: secrets.yml.j2 - tags: - - deploy-secrets - - - name: Define configMap - ansible.builtin.include_role: - name: openshift/object - vars: - object_app: docstranslation - object_objectname: configmap.yml - object_template: configmap.yml.j2 - tags: - - deploy-config - - - name: Define cron job - ansible.builtin.include_role: - name: openshift/object - vars: - object_app: docstranslation - object_template: cron.yml.j2 - object_objectname: cron.yml - tags: - - deploy-cronjob - -############################################### -# actions to delete the project from OpenShift -############################################### -# to run: sudo rbac-playbook -l os_masters_stg[0] -t delete openshift-apps/docstranslation.yml - - name: Delete project - ansible.builtin.include_role: - name: openshift/object-delete - vars: - object_delete_app: docstranslation - object_delete_objecttype: project - object_delete_objectname: docstranslation - tags: - - never - - delete diff --git a/playbooks/openshift-apps/easyfix.yml b/playbooks/openshift-apps/easyfix.yml deleted file mode 100644 index 7bfcbc31a8..0000000000 --- a/playbooks/openshift-apps/easyfix.yml +++ /dev/null @@ -1,71 +0,0 @@ -# -# Fedora Project easyfixes -# ---- -- name: Make the app be real - # hosts: os_control_stg:os_control - hosts: os_control_stg - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - vars: - - roles: - - role: openshift/project - project_app: easyfix - project_description: "Easyfixes" - project_appowners: - - abompard - tags: - - apply-appowners - - - role: openshift/object - object_app: easyfix - object_file: imagestream.yml - object_objectname: imagestream.yml - - - role: openshift/object - object_app: easyfix - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: easyfix - object_file: storage.yml - object_objectname: storage.yml - - - role: openshift/object - object_app: easyfix - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: easyfix - object_file: service.yml - object_objectname: service.yml - - # Routes - - role: openshift/route - route_app: easyfix - route_name: web - route_host: "easyfix.apps.ocp{{ env_suffix }}.fedoraproject.org" - route_servicename: web - route_serviceport: web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - - - role: openshift/object - object_app: easyfix - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - # Cron jobs - - role: openshift/object - object_app: easyfix - object_template: cron.yml.j2 - object_objectname: cron.yml diff --git a/playbooks/openshift-apps/elections.yml b/playbooks/openshift-apps/elections.yml deleted file mode 100644 index 1c5b14e9ee..0000000000 --- a/playbooks/openshift-apps/elections.yml +++ /dev/null @@ -1,121 +0,0 @@ ---- -- name: Setup the database - hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Elections DB user - community.postgresql.postgresql_user: - name: "{{ elections_db_user }}" - password: "{{ (env == 'production') | ternary(elections_db_pass, elections_stg_db_pass) }}" - - name: Elections database creation - community.postgresql.postgresql_db: - name: "{{ elections_db_name }}" - owner: "{{ elections_db_user }}" - encoding: UTF-8 - - -- name: Make the app be real - hosts: os_control_stg[0]:os_control[0] - user: root - gather_facts: false - vars: - elections_oidc_overwrite_redirect_uri: >- - https://elections{{ env_suffix }}.fedoraproject.org/oidc_callback - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: rabbit/user - user_name: "elections{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fedora_elections\..* - - - role: openshift/project - project_app: elections - project_description: Fedora Elections apps - project_appowners: - - bcotton - tags: - - appowners - - - role: openshift/keytab - keytab_app: elections - keytab_key: service.keytab - keytab_secret_name: elections-keytab - keytab_service: HTTP - keytab_host: "elections{{ env_suffix }}.fedoraproject.org" - - - role: openshift/ipa-client - ipa_client_app: elections - - - role: openshift/object - object_app: elections - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: elections - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/secret-file - secret_file_app: elections - secret_file_secret_name: elections-fedora-messaging-key - secret_file_key: elections.key - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/elections{{env_suffix}}.key" - - - role: openshift/secret-file - secret_file_app: elections - secret_file_secret_name: elections-fedora-messaging-crt - secret_file_key: elections.crt - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/elections{{env_suffix}}.crt" - - - role: openshift/secret-file - secret_file_app: elections - secret_file_secret_name: elections-fedora-messaging-ca - secret_file_key: elections.ca - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - - role: openshift/object - object_app: elections - object_template: secret.yml.j2 - object_objectname: secret.yml - - - role: openshift/object - object_app: elections - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/start-build - start_build_app: elections - start_build_buildname: elections-build - start_build_objectname: elections-build - tags: - - never - - build - - - role: openshift/object - object_app: elections - object_file: service.yml - object_objectname: service.yml - - - role: openshift/route - route_app: elections - route_name: elections - route_host: "elections{{ env_suffix }}.fedoraproject.org" - route_serviceport: 8000-tcp - route_servicename: elections - - - role: openshift/object - object_app: elections - object_file: deploymentconfig.yml - object_objectname: deploymentconfig.yml diff --git a/playbooks/openshift-apps/fasjson.yml b/playbooks/openshift-apps/fasjson.yml deleted file mode 100644 index 69ebb93e3f..0000000000 --- a/playbooks/openshift-apps/fasjson.yml +++ /dev/null @@ -1,125 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - vars: - - roles: - - role: openshift/project - project_app: fasjson - project_description: "Accounts API" - project_appowners: - - abompard - - nils - - ryanlerch - - kevin - tags: - - apply-appowners - when: env == "production" - - role: openshift/project - project_app: fasjson - project_description: "Accounts API" - project_appowners: - - abompard - - nils - - ryanlerch - - kevin - tags: - - apply-appowners - when: env == "staging" - - # Declare the service in IPA - - role: ipa/service - host: "fasjson{{ env_suffix }}.fedoraproject.org" - service: HTTP - - # Setup kerberos delegation - - role: ipa/servicedelegationtarget - targetname: ipa-http - members: - - { host: "{{ ipa_server }}", service: "HTTP" } - - role: ipa/servicedelegationrule - rulename: fasjson - members: - - { host: "fasjson{{ env_suffix }}.fedoraproject.org", service: "HTTP" } - targets: - - ipa-http - - ipa-ldap - # The ipa-ldap delegation target is declared during IPA installation - - # Keytabs - - role: openshift/keytab - keytab_app: fasjson - keytab_key: http - keytab_secret_name: fasjson-keytab-http - keytab_service: HTTP - keytab_host: "fasjson{{ env_suffix }}.fedoraproject.org" - - # Session secret key - - role: openshift/secret-file - secret_file_app: fasjson - secret_file_secret_name: session-key - secret_file_key: session.key - secret_file_privatefile: "fasjson/session.{{env}}.key" - - - role: openshift/imagestream - imagestream_app: fasjson - imagestream_imagename: fasjson - - - role: openshift/object - object_app: fasjson - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: fasjson - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/ipa-client - ipa_client_app: fasjson - - - role: openshift/object - object_app: fasjson - object_file: service.yml - object_objectname: service.yml - - - role: openshift/route - route_app: fasjson - route_name: fasjson - route_host: "fasjson{{ env_suffix }}.fedoraproject.org" - route_serviceport: web - route_servicename: fasjson-web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - - - role: openshift/object - object_app: fasjson - object_template: secret-webhook.yml.j2 - object_objectname: secret-webhook.yml - - - role: openshift/object - object_app: fasjson - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - # - role: openshift/start-build - # start_build_app: fasjson - # start_build_buildname: fasjson - # tags: - # - never - # - build - - # - role: openshift/rollout - # rollout_app: noggin - # rollout_dcname: noggin - # tags: - # - never - # - rollout diff --git a/playbooks/openshift-apps/fedocal.yml b/playbooks/openshift-apps/fedocal.yml deleted file mode 100644 index 240d37ccca..0000000000 --- a/playbooks/openshift-apps/fedocal.yml +++ /dev/null @@ -1,90 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control_stg[0],os_control[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: rabbit/user - user_name: "fedocal{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fedocal\..* - - - role: openshift/project - project_app: fedocal - project_description: Fedora calendar apps - project_appowners: - - kevin - - - role: openshift/object - object_app: fedocal - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: fedocal - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/secret-file - secret_file_app: fedocal - secret_file_secret_name: fedocal-fedora-messaging-key - secret_file_key: fedocal.key - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/fedocal{{env_suffix}}.key" - - - role: openshift/secret-file - secret_file_app: fedocal - secret_file_secret_name: fedocal-fedora-messaging-crt - secret_file_key: fedocal.crt - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/fedocal{{env_suffix}}.crt" - - - role: openshift/secret-file - secret_file_app: fedocal - secret_file_secret_name: fedocal-fedora-messaging-ca - secret_file_key: fedocal.ca - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - - role: openshift/object - object_app: fedocal - object_template: secret.yml.j2 - object_objectname: secret.yml - - - role: openshift/object - object_app: fedocal - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/start-build - start_build_app: fedocal - start_build_buildname: fedocal-build - start_build_objectname: fedocal-build - tags: - - never - - build - - - role: openshift/object - object_app: fedocal - object_file: service.yml - object_objectname: service.yml - - - role: openshift/route - route_app: fedocal - route_name: fedocal - route_host: "calendar{{ env_suffix }}.fedoraproject.org" - route_serviceport: 8080-tcp - route_servicename: fedocal - - - role: openshift/object - object_app: fedocal - object_file: deploymentconfig.yml - object_objectname: deploymentconfig.yml - - - role: openshift/object - object_app: fedocal - object_file: cron.yml - object_objectname: cron.yml - when: env != 'staging' diff --git a/playbooks/openshift-apps/fedora-coreos-pipeline.yml b/playbooks/openshift-apps/fedora-coreos-pipeline.yml deleted file mode 100644 index 10765a2b23..0000000000 --- a/playbooks/openshift-apps/fedora-coreos-pipeline.yml +++ /dev/null @@ -1,65 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control:os_control_stg - user: root - gather_facts: false - - ############################################ - # actions to create the project in OpenShift - ############################################ - # to run: sudo rbac-playbook -l os_control_stg openshift-apps/fedora-coreos-pipeline.yml - roles: - - role: openshift-apps/fedora-coreos-pipeline - project_name: fedora-coreos-pipeline - project_description: Fedora CoreOS Pipeline - appowners: - - aaradhak - - azukku - - c4rt0 - - cverna - - dustymabe - - gursewak - - hhei - - jbtrystram - - jcapitao - - jlebon - - jmarrero - - jschinta - - kevin - - lravicha - - lsm5 - - luyang - - madhu-7 - - marmijo - - mnguyen - - mtarsel - - poorna - - ravanelli - - shilpi-das1 - - siosm - - spresti - - sumantrom - - tlbueno - - walters - - ydesouza - - pragyan-poudyal - - bipinbn - - rchandar - alert_users: - - aaradhak - - dustymabe - - gursewak - - jlebon - - marmijo - - ravanelli - - tlbueno - - ############################################### - # actions to delete the project from OpenShift - ############################################### - # to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/fedora-coreos-pipeline.yml - - role: openshift/object-delete - object_delete_app: fedora-coreos-pipeline - object_delete_objecttype: project - object_delete_objectname: fedora-coreos-pipeline - tags: [never, delete] diff --git a/playbooks/openshift-apps/fedora-ostree-pruner.yml b/playbooks/openshift-apps/fedora-ostree-pruner.yml deleted file mode 100644 index 260d3f4d0d..0000000000 --- a/playbooks/openshift-apps/fedora-ostree-pruner.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control:os_control_stg - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - ############################################ - # actions to create the project in OpenShift - ############################################ - # to run: sudo rbac-playbook -l os_control_stg openshift-apps/fedora-ostree-pruner.yml - roles: - - role: openshift/project - project_app: fedora-ostree-pruner - project_description: Prunes OSTree repositories based on policy - project_appowners: - - aaradhak - - c4rt0 - - dustymabe - - jlebon - - kevin - - marmijo - - - role: openshift/object - object_app: fedora-ostree-pruner - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: fedora-ostree-pruner - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: fedora-ostree-pruner - object_template: deployment.yml.j2 - object_objectname: deployment.yml - - - role: openshift/object - object_app: fedora-ostree-pruner - object_template: pvc.yml.j2 - object_objectname: pvc.yml - - ############################################### - # actions to delete the project from OpenShift - ############################################### - # to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/fedora-ostree-pruner.yml - - role: openshift/object-delete - object_delete_app: fedora-ostree-pruner - object_delete_objecttype: project - object_delete_objectname: fedora-ostree-pruner - tags: [never, delete] diff --git a/playbooks/openshift-apps/fedora-packages-static.yml b/playbooks/openshift-apps/fedora-packages-static.yml deleted file mode 100644 index 18526437af..0000000000 --- a/playbooks/openshift-apps/fedora-packages-static.yml +++ /dev/null @@ -1,80 +0,0 @@ ---- -- name: Make fedora-packages-static - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: fedora-packages-static - project_description: Fedora fedora-packages-static apps - project_appowners: - - mymindstorm - - kevin - - - role: openshift/object - object_app: fedora-packages-static - object_file: imagestream.yml - object_objectname: imagestream.yml - - - role: openshift/object - object_app: fedora-packages-static - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: fedora-packages-static - object_template: storage.yml.j2 - object_objectname: storage.yml - - - role: openshift/object - object_app: fedora-packages-static - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/start-build - start_build_app: fedora-packages-static - start_build_buildname: fedora-packages-static-build - start_build_objectname: fedora-packages-static-build - tags: - - never - - build - - - role: openshift/object - object_app: fedora-packages-static - object_file: service.yml - object_objectname: service.yml - - - role: openshift/route - route_app: fedora-packages-static - route_name: fedora-packages-static - route_host: "packages{{ env_suffix }}.fedoraproject.org" - route_serviceport: 8080-tcp - route_servicename: fedora-packages-static - - - role: openshift/object - object_app: fedora-packages-static - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - -############################################### -# actions to delete the project from OpenShift -############################################### -# to run: sudo rbac-playbook -l staging -t delete openshift-apps/fedora-packages-static.yml - - role: openshift/object-delete - object_delete_app: fedora-packages-static - object_delete_objecttype: project - object_delete_objectname: fedora-packages-static - tags: [never, delete] - - # to run: sudo rbac-playbook -l staging -t deletesolr openshift-apps/fedora-packages-static.yml - - role: openshift/object-delete - object_delete_app: solr - object_delete_objecttype: project - object_delete_objectname: solr - tags: [never, deletesolr] diff --git a/playbooks/openshift-apps/firmitas.yml b/playbooks/openshift-apps/firmitas.yml deleted file mode 100644 index d99437154b..0000000000 --- a/playbooks/openshift-apps/firmitas.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control_stg:os_control - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Firmitas Role - ansible.builtin.include_role: - name: openshift-apps/firmitas - tasks_from: main diff --git a/playbooks/openshift-apps/flask-oidc-dev.yml b/playbooks/openshift-apps/flask-oidc-dev.yml deleted file mode 100644 index 11e81db5cc..0000000000 --- a/playbooks/openshift-apps/flask-oidc-dev.yml +++ /dev/null @@ -1,73 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control_stg:os_control - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - vars: - - roles: - - role: openshift/project - project_app: flask-oidc-dev - project_description: "Authentication testing" - project_appowners: - - abompard - - dkirwan - - jamricha - - sidharthvipul - tags: - - apply-appowners - - - role: openshift/imagestream - imagestream_app: flask-oidc-dev - imagestream_imagename: flask-oidc-dev - - - role: openshift/object - object_app: flask-oidc-dev - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: flask-oidc-dev - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: flask-oidc-dev - object_file: service.yml - object_objectname: service.yml - - # - role: openshift/route - # route_app: test-auth - # route_name: test-auth - # route_host: "admin{{ env_suffix }}.fedoraproject.org" - # route_path: "/test-auth" - # route_serviceport: web - # route_servicename: test-auth - # route_annotations: - # haproxy.router.openshift.io/timeout: 5m - - - role: openshift/route - route_app: flask-oidc-dev - route_name: flask-oidc-dev - route_host: "app-flask-oidc-dev.apps.ocp{{ env_suffix }}.fedoraproject.org" - route_serviceport: web - route_servicename: flask-oidc-dev - route_annotations: - haproxy.router.openshift.io/timeout: 5m - when: ocp4 - - - role: openshift/object - object_app: flask-oidc-dev - object_template: secret-webhook.yml.j2 - object_objectname: secret-webhook.yml - - - role: openshift/object - object_app: flask-oidc-dev - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml diff --git a/playbooks/openshift-apps/flatpak-indexer.yml b/playbooks/openshift-apps/flatpak-indexer.yml deleted file mode 100644 index 7a61fd982e..0000000000 --- a/playbooks/openshift-apps/flatpak-indexer.yml +++ /dev/null @@ -1,64 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/roles/openshift-apps/flatpak-indexer/vars/{{ env }}.yml - - roles: - - role: openshift/project - project_app: flatpak-indexer - project_description: Fedora Flatpak Indexer apps - project_appowners: - - otaylor - - kevin - - kalev - - yselkowitz - - - role: openshift/object - object_app: flatpak-indexer - object_template: secret.yml.j2 - object_objectname: secret.yml - - - role: openshift/object - object_app: flatpak-indexer - object_file: imagestream.yml - object_objectname: imagestream.yml - - - role: openshift/object - object_app: flatpak-indexer - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: flatpak-indexer - object_template: storage.yml.j2 - object_objectname: storage.yml - - - role: openshift/object - object_app: flatpak-indexer - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/start-build - start_build_app: flatpak-indexer - # This will trigger the main build via a imageChange trigger - start_build_buildname: flatpak-indexer-tardiff-build - tags: - - never - - build - - - role: openshift/object - object_app: flatpak-indexer - object_file: service.yml - object_objectname: service.yml - - - role: openshift/object - object_app: flatpak-indexer - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml diff --git a/playbooks/openshift-apps/fmn.yml b/playbooks/openshift-apps/fmn.yml deleted file mode 100644 index 8ada26e242..0000000000 --- a/playbooks/openshift-apps/fmn.yml +++ /dev/null @@ -1,221 +0,0 @@ -# -# Fedora Messaging Notifications (FMN) -# - ---- -- name: Setup the database - hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: FMN DB user - community.postgresql.postgresql_user: - name: fmn - password: "{{ (env == 'production') | ternary(fmn_prod_db_password, fmn_stg_db_password) }}" - - name: FMN database creation - community.postgresql.postgresql_db: - name: fmn - owner: fmn - encoding: UTF-8 - -- name: Setup RabbitMQ - hosts: rabbitmq[0]:rabbitmq_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: rabbit/queue - queue_username: "fmn{{ env_suffix }}" - queue_name: "fmn{{ env_suffix }}" - queue_routing_keys: - # The FMN queue is subscribed to everything - - "#" - queue_thresholds: - warning: 20000 - critical: 25000 - # FMN sends messages when a rule is changed, to invalidate its cache - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fmn\..* - tags: - - config - - fedora-messaging - - rabbitmq_cluster - - # FMN also has an internal VHost for communication between the consumer - # (which listens to the Fedora Messaging bus on /pubsub) and the senders - # (which send messages to the various destinations such as email, IRC, - # Matrix). - - role: rabbit/vhost - vhost: /fmn - tags: - - config - - fedora-messaging - - rabbitmq_cluster - - tasks: - - name: Grant the fmn user access to the fmn vhost - community.rabbitmq.rabbitmq_user: - user: "fmn{{ env_suffix }}" - vhost: /fmn - configure_priv: .* - read_priv: .* - write_priv: .* - # We have to repeat the topic permissions here until this is fixed: - # https://github.com/ansible-collections/community.rabbitmq/issues/156 - topic_permissions: - - vhost: /pubsub - read_priv: .* - write_priv: ^org\.fedoraproject\.{{ env_short }}\.fmn\..* - tags: - - config - - fedora-messaging - - rabbitmq_cluster - - - name: Create the sending queues in the fmn vhost - community.rabbitmq.rabbitmq_queue: - name: "{{ item }}" - vhost: /fmn - auto_delete: no - durable: yes - # message_ttl: 300000 - state: present - login_user: admin - login_password: "{{ (env == 'production') | ternary(rabbitmq_admin_password_production, rabbitmq_admin_password_staging) }}" - with_items: - - email - - irc - - matrix - tags: - - config - - fedora-messaging - - rabbitmq_cluster - -- name: Make the app be real - hosts: os_control_stg:os_control - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - vars: - - roles: - - role: openshift/project - project_app: fmn - project_description: "Fedora Messaging Notifications" - project_appowners: - - abompard - - ryanlerch - - nphilipp - tags: - - apply-appowners - - - role: openshift/object - object_app: fmn - object_file: imagestream.yml - object_objectname: imagestream.yml - - - role: openshift/object - object_app: fmn - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: fmn - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: fmn - object_file: service.yml - object_objectname: service.yml - - # Routes - - role: openshift/route - route_app: fmn - route_name: frontend - route_host: "notifications{{ env_suffix }}.fedoraproject.org" - route_servicename: frontend - route_serviceport: web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - - role: openshift/route - route_app: fmn - route_name: api - route_host: "fmn-api.apps.ocp{{ env_suffix }}.fedoraproject.org" - route_servicename: api - route_serviceport: web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - # Sendria is an email sink for testing, to avoid sending actual emails. - - role: openshift/route - route_app: fmn - route_name: sendria - route_host: "fmn-email.apps.ocp{{ env_suffix }}.fedoraproject.org" - route_servicename: sendria - route_serviceport: web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - when: env == "staging" - - # Secrets - - role: openshift/object - object_app: fmn - object_template: secrets.yml.j2 - object_objectname: secrets.yml - - - role: openshift/object - object_app: fmn - object_template: secret-webhook.yml.j2 - object_objectname: secret-webhook.yml - - # Fedora Messaging - - role: openshift/secret-file - secret_file_app: fmn - secret_file_secret_name: fedora-messaging-ca - secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - role: openshift/secret-file - secret_file_app: fmn - secret_file_secret_name: fedora-messaging-crt - secret_file_key: fmn-cert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/fmn{{env_suffix}}.crt" - - role: openshift/secret-file - secret_file_app: fmn - secret_file_secret_name: fedora-messaging-key - secret_file_key: fmn-key.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/fmn{{env_suffix}}.key" - - # Deployment config - - role: openshift/object - object_app: fmn - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - # FASJSON access - - role: openshift/ipa-client - ipa_client_app: fmn - - role: openshift/keytab - keytab_app: fmn - keytab_key: service.keytab - keytab_secret_name: keytab - keytab_service: fmn - - # Cron jobs - - role: openshift/object - object_app: fmn - object_template: cron.yml.j2 - object_objectname: cron.yml diff --git a/playbooks/openshift-apps/forgejo.yml b/playbooks/openshift-apps/forgejo.yml deleted file mode 100644 index 73ef4af398..0000000000 --- a/playbooks/openshift-apps/forgejo.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control_stg #:os_control - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Forgejo Role - ansible.builtin.include_role: - name: openshift-apps/forgejo - tasks_from: main diff --git a/playbooks/openshift-apps/greenwave.yml b/playbooks/openshift-apps/greenwave.yml index 7461f9530a..81adc00f35 100644 --- a/playbooks/openshift-apps/greenwave.yml +++ b/playbooks/openshift-apps/greenwave.yml @@ -1,120 +1,52 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] +- name: make the app be real + hosts: os-masters:os-masters-stg user: root - gather_facts: false + gather_facts: True vars_files: - /srv/web/infra/ansible/vars/global.yml - "/srv/private/ansible/vars.yml" - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - "/srv/web/infra/ansible/vars/all/00-FedoraCycleNumber.yaml" - - "/srv/web/infra/ansible/vars/all/FedoraBranched.yaml" - - "/srv/web/infra/ansible/vars/all/FedoraBranchedNumber.yaml" - - "/srv/web/infra/ansible/vars/all/FedoraPreviousCycleNumber.yaml" - - "/srv/web/infra/ansible/vars/all/FedoraPreviousPrevious.yaml" - - "/srv/web/infra/ansible/vars/all/FedoraPreviousPreviousCycleNumber.yaml" - - "/srv/web/infra/ansible/vars/all/FedoraRawhideNumber.yaml" - roles: + # The openshift/project role breaks if the project already exists: + # https://pagure.io/fedora-infrastructure/issue/6404 - role: openshift/project - project_app: greenwave - project_description: greenwave - project_appowners: - - lholecek - - vmaljulin - - kevin - tags: - - apply-appowners - - - role: rabbit/user - user_name: greenwave{{ env_suffix }} - user_queue_name: greenwave{{ env_suffix }} - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.greenwave\..* - - - role: openshift/secret-file - secret_file_app: greenwave - secret_file_secret_name: greenwave-fedora-messaging-key - secret_file_key: greenwave.key - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/greenwave{{env_suffix}}.key" - - - role: openshift/secret-file - secret_file_app: greenwave - secret_file_secret_name: greenwave-fedora-messaging-crt - secret_file_key: greenwave.crt - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/greenwave{{env_suffix}}.crt" - - - role: openshift/secret-file - secret_file_app: greenwave - secret_file_secret_name: greenwave-fedora-messaging-ca - secret_file_key: greenwave.ca - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - - role: openshift/object - object_app: greenwave - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: greenwave - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: greenwave - object_file: service.yml - object_objectname: service.yml - - - role: openshift/route - route_app: greenwave - route_name: web-pretty - route_host: "greenwave{{ env_suffix }}.fedoraproject.org" - route_serviceport: web - route_servicename: greenwave-web - - # TODO -- someday retire this old route in favor of the pretty one above. - - role: openshift/object - object_app: greenwave - object_file: route.yml - object_objectname: route.yml - - - role: openshift/object - object_app: greenwave - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - tags: - - apply-deploymentconfig - - - role: openshift/rollout - rollout_app: greenwave - rollout_dcname: greenwave-web - tags: - - never - - rollout - - - role: openshift/rollout - rollout_app: greenwave - rollout_dcname: greenwave-fedmsg-consumers - tags: - - never - - rollout - -- name: Change the route haproxy default timeout - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Set the timeout to the openshift route - ansible.builtin.command: "oc -n greenwave annotate route {{ item }} --overwrite haproxy.router.openshift.io/timeout=750s" - with_items: - - greenwave-web - - web-pretty - tags: - - route-timeout + app: greenwave + description: greenwave + appowners: + - mjia + - dcallagh + # These secret roles also break if the secret already exists. Can only be run once. + #- role: openshift/secret-file + # app: greenwave + # secret_name: greenwave-fedmsg-key + # key: fedmsg-greenwave.key + # privatefile: fedmsg-certs/keys/greenwave-greenwave-web-greenwave.app.os.stg.fedoraproject.org.key + # when: env == "staging" + #- role: openshift/secret-file + # app: greenwave + # secret_name: greenwave-fedmsg-crt + # key: fedmsg-greenwave.crt + # privatefile: fedmsg-certs/keys/greenwave-greenwave-web-greenwave.app.os.stg.fedoraproject.org.crt + # when: env == "staging" + #- role: openshift/secret-file + # app: greenwave + # secret_name: greenwave-fedmsg-key + # key: fedmsg-greenwave.key + # privatefile: fedmsg-certs/keys/greenwave-greenwave-web-greenwave.app.os.fedoraproject.org.key + # when: env != "staging" + #- role: openshift/secret-file + # app: greenwave + # secret_name: greenwave-fedmsg-crt + # key: fedmsg-greenwave.crt + # privatefile: fedmsg-certs/keys/greenwave-greenwave-web-greenwave.app.os.fedoraproject.org.crt + # when: env != "staging" + - { role: openshift/object, app: greenwave, file: imagestream.yml } + - { role: openshift/object, app: greenwave, template: buildconfig.yml } + - { role: openshift/start-build, app: greenwave, name: greenwave-docker-build } + - { role: openshift/object, app: greenwave, template: configmap.yml } + - { role: openshift/object, app: greenwave, file: service.yml } + - { role: openshift/object, app: greenwave, file: route.yml } + - { role: openshift/object, app: greenwave, file: deploymentconfig.yml } + - { role: openshift/rollout, app: greenwave, name: greenwave-web } diff --git a/playbooks/openshift-apps/ipsilon-website.yml b/playbooks/openshift-apps/ipsilon-website.yml deleted file mode 100644 index 1b94e6fa16..0000000000 --- a/playbooks/openshift-apps/ipsilon-website.yml +++ /dev/null @@ -1,58 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control_stg[0]:os_control[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - vars: - - roles: - - role: openshift/project - project_app: ipsilon-website - project_description: "ipsilon-project.org" - project_appowners: - - abompard - tags: - - apply-appowners - - - role: openshift/imagestream - imagestream_app: ipsilon-website - imagestream_imagename: ipsilon-website - - - role: openshift/object - object_app: ipsilon-website - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: ipsilon-website - object_file: service.yml - object_objectname: service.yml - - - role: openshift/route - route_app: ipsilon-website - route_name: web-internal - route_host: "ipsilon-website.apps.ocp{{ env_suffix }}.fedoraproject.org" - route_serviceport: web - route_servicename: web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - - - role: openshift/route - route_app: ipsilon-website - route_name: web - route_host: "ipsilon-project.org" - route_serviceport: web - route_servicename: web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - - - role: openshift/object - object_app: ipsilon-website - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml diff --git a/playbooks/openshift-apps/kanban.yml b/playbooks/openshift-apps/kanban.yml deleted file mode 100644 index d3ee7bf307..0000000000 --- a/playbooks/openshift-apps/kanban.yml +++ /dev/null @@ -1,133 +0,0 @@ ---- -- name: Prepare setting up the database - hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org - gather_facts: no - user: root - - tasks: - - name: Install psycopg2 for the postgresql ansible modules - ansible.builtin.package: - name: python3-psycopg2 - state: present - tags: - - packages - -- name: Setup PROD database - hosts: db01.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" - - tasks: - - name: Create the database user - community.postgresql.postgresql_user: - name: "{{ kanban_db_user }}" - password: "{{ kanban_db_pass }}" - - name: Create the database itself - community.postgresql.postgresql_db: - name: "{{ kanban_db_name }}" - owner: "{{ kanban_db_user }}" - encoding: UTF-8 - - name: Test the database creation - community.postgresql.postgresql_db: - name: "{{ kanban_db_name }}" - owner: "{{ kanban_db_user }}" - encoding: UTF-8 - -- name: Setup STG database - hosts: db01.stg.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" - - tasks: - - name: Create the database user - community.postgresql.postgresql_user: - name: "{{ kanban_db_user }}" - password: "{{ kanban_db_pass_stg }}" - - name: Create the database itself - community.postgresql.postgresql_db: - name: "{{ kanban_db_name }}" - owner: "{{ kanban_db_user }}" - encoding: UTF-8 - - name: Test the database creation - community.postgresql.postgresql_db: - name: "{{ kanban_db_name }}" - owner: "{{ kanban_db_user }}" - encoding: UTF-8 - -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: kanban - project_description: kanban - project_appowners: - - frantisekz - - jskladan - - lbrabec - project_alert_users: - - frantisekz - tags: - - apply-appowners - - - role: openshift/object - object_app: kanban - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: kanban - object_template: deployment.yml.j2 - object_objectname: deployment.yml - - - role: openshift/object - object_app: kanban - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: kanban - object_file: service.yml - object_objectname: service.yml - - - role: openshift/object - object_app: kanban - object_template: secret.yml.j2 - object_objectname: secret.yml - - - role: openshift/object - object_app: kanban - object_template: cron.yml.j2 - object_objectname: cron.yml - - - role: openshift/route - route_app: kanban - route_name: kanban - route_host: "kanban.qa{{ env_suffix }}.fedoraproject.org" - route_serviceport: 8080-tcp - route_servicename: kanban-web - - - role: openshift/start-build - start_build_app: kanban - start_build_buildname: kanban-build - start_build_objectname: kanban-build - tags: - - never - - build diff --git a/playbooks/openshift-apps/kerneltest.yml b/playbooks/openshift-apps/kerneltest.yml deleted file mode 100644 index f0ffbfcae1..0000000000 --- a/playbooks/openshift-apps/kerneltest.yml +++ /dev/null @@ -1,111 +0,0 @@ ---- -- name: Setup the database - hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Kerneltest DB user - community.postgresql.postgresql_user: - name: "{{ (env == 'production') | ternary(kerneltest_db_user, kerneltest_stg_db_user) }}" - password: "{{ (env == 'production') | ternary(kerneltest_db_pass, kerneltest_stg_db_pass) }}" - - name: Kerneltest database creation - community.postgresql.postgresql_db: - name: "{{ kerneltest_db_name }}" - owner: "{{ (env == 'production') | ternary(kerneltest_db_user, kerneltest_stg_db_user) }}" - encoding: UTF-8 - - -- name: Make the app be real - hosts: os_control_stg:os_control - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - name: Include Global Variables - ansible.builtin.include_vars: - dir: /srv/web/infra/ansible/vars/all/ - ignore_files: README - - - roles: - - role: rabbit/user - user_name: "kerneltest{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.kerneltest\..* - - - role: openshift/project - project_app: kerneltest - project_description: kerneltest - project_appowners: - - pingou - - ryanlerch - tags: - - apply-appowners - - - role: openshift/secret-file - secret_file_app: kerneltest - secret_file_secret_name: fedora-messaging-ca - secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - role: openshift/secret-file - secret_file_app: kerneltest - secret_file_secret_name: fedora-messaging-crt - secret_file_key: kerneltest-cert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/kerneltest{{env_suffix}}.crt" - - role: openshift/secret-file - secret_file_app: kerneltest - secret_file_secret_name: fedora-messaging-key - secret_file_key: kerneltest-key.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/kerneltest{{env_suffix}}.key" - - - role: openshift/object - object_app: kerneltest - object_file: imagestream.yml - object_objectname: imagestream.yml - - - role: openshift/object - object_app: kerneltest - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: kerneltest - object_file: storage.yml - object_objectname: storage.yml - - - role: openshift/object - object_app: kerneltest - object_file: service.yml - object_objectname: service.yml - - - role: openshift/object - object_app: kerneltest - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/ipa-client - ipa_client_app: kerneltest - - - role: openshift/route - route_app: kerneltest - route_name: kerneltest - route_host: "kerneltest{{ env_suffix }}.fedoraproject.org" - route_serviceport: web - route_servicename: kerneltest-web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - - - role: openshift/object - object_app: kerneltest - object_file: deploymentconfig.yml - object_objectname: deploymentconfig.yml diff --git a/playbooks/openshift-apps/koschei.yml b/playbooks/openshift-apps/koschei.yml deleted file mode 100644 index aaa5256994..0000000000 --- a/playbooks/openshift-apps/koschei.yml +++ /dev/null @@ -1,88 +0,0 @@ ---- -- name: Provision koschei - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/roles/openshift-apps/koschei/vars/main.yml - - /srv/web/infra/ansible/roles/openshift-apps/koschei/vars/{{ env }}.yml - - roles: - - role: rabbit/queue - queue_username: "{{ app }}{{ env_suffix }}" - queue_name: "{{ app }}{{ env_suffix }}" - queue_routing_keys: [] - queue_message_ttl: 60000 - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(koschei|ci)\..* - - - role: openshift/project - project_app: "{{ app }}" - project_description: "{{ description }}" - - - role: openshift/keytab - keytab_app: "{{ app }}" - keytab_secret_name: keytab - keytab_key: krb5.keytab - keytab_service: koschei - keytab_host: "koschei-backend01{{ env_suffix }}.iad2.fedoraproject.org" - - - role: openshift/route - route_app: "{{ app }}" - route_name: frontend - route_host: "koschei{{ env_suffix }}.fedoraproject.org" - route_serviceport: web - route_servicename: frontend - route_annotations: - haproxy.router.openshift.io/set-forwarded-headers: append - haproxy.router.openshift.io/timeout: 180s - - tasks: - - name: Apply objects - ansible.builtin.include_role: - name: openshift/object - vars: - object_app: "{{ app }}" - object_template: "{{ item }}.yml" - object_objectname: "{{ item }}.yml" - with_items: - - imagestream - - frontend-config - - backend-config - - admin-config - - admin-deployment - - frontend-deployment - - frontend-service - - - name: Apply Deployment - ansible.builtin.include_role: - name: openshift/object - vars: - object_app: "{{ app }}" - object_template: backend-deployment.yml - object_objectname: "{{ item.name }}-deployment.yml" - object_service: "{{ item.name }}" - object_min_cpu: "{{ item.cpu[0] }}" - object_max_cpu: "{{ item.cpu[1] }}" - object_min_mem: "{{ item.memory[0] }}" - object_max_mem: "{{ item.memory[1] }}" - with_items: "{{ koschei_backend_services }}" - loop_control: - label: "{{ item.name }}" - - - name: Apply CronJob - ansible.builtin.include_role: - name: openshift/object - vars: - object_app: "{{ app }}" - object_template: cronjob.yml - object_objectname: "{{ item.name }}-cronjob.yml" - object_name: "{{ item.name }}" - object_schedule: "{{ item.schedule }}" - object_command: "{{ item.command }}" - with_items: "{{ koschei_cron_jobs }}" - loop_control: - label: "{{ item.name }}" diff --git a/playbooks/openshift-apps/languages.yml b/playbooks/openshift-apps/languages.yml deleted file mode 100644 index bb9c990a4d..0000000000 --- a/playbooks/openshift-apps/languages.yml +++ /dev/null @@ -1,103 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: languages - project_description: Localization measurement and tooling - project_appowners: - - darknao - - jibecfed - - - role: openshift/object - object_app: languages - object_objectname: imagestream.yml - object_template: imagestream.yml.j2 - - - role: openshift/object - object_app: languages - object_objectname: buildconfig.yml - object_template: buildconfig.yml.j2 - - - role: openshift/start-build - start_build_app: languages - start_build_buildname: build-latest - tags: - - never - - build - - - role: openshift/object - object_app: languages - object_template: service.yml.j2 - object_objectname: service.yml - - - role: openshift/route - route_app: languages - route_name: languages - route_host: "languages{{ env_suffix }}.fedoraproject.org" - route_serviceport: web - route_servicename: web - - - role: openshift/object - object_app: languages - object_template: pvc.yml.j2 - object_objectname: pvc.yml - - - role: openshift/object - object_app: languages - object_template: deployment.yml.j2 - object_objectname: deployment.yml - - - role: openshift/object - object_app: languages - object_template: cron.yml.j2 - object_objectname: cron.yml - -############################################### -# actions to delete the project from OpenShift -############################################### -# to run: sudo rbac-playbook -l os_masters_stg[0] -t delete openshift-apps/languages.yml - - role: openshift/object-delete - object_delete_app: languages - object_delete_objecttype: project - object_delete_objectname: languages - tags: - - never - - delete - - post_tasks: - - name: Run initial f.10 import - ansible.builtin.command: "oc -n languages create job stats-10-{{ lookup('pipe', 'date +%s') }}-init --from=cronjob/stats-10" - tags: - - never - - init - - f10 - - - name: Run initial f.20 import - ansible.builtin.command: "oc -n languages create job stats-20-{{ lookup('pipe', 'date +%s') }}-init --from=cronjob/stats-20" - tags: - - never - - init - - f20 - - - name: Run initial f.30 import - ansible.builtin.command: "oc -n languages create job stats-30-{{ lookup('pipe', 'date +%s') }}-init --from=cronjob/stats-30" - tags: - - never - - init - - f30 - - - name: Run initial f.latest import - ansible.builtin.command: "oc -n languages create job stats-latest-{{ lookup('pipe', 'date +%s') }}-init --from=cronjob/stats-latest" - tags: - - never - - init - - latest diff --git a/playbooks/openshift-apps/maubot.yml b/playbooks/openshift-apps/maubot.yml deleted file mode 100644 index 003d71c5f7..0000000000 --- a/playbooks/openshift-apps/maubot.yml +++ /dev/null @@ -1,126 +0,0 @@ ---- -- name: Setup the database - hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Maubot DB user - community.postgresql.postgresql_user: - name: maubot - password: "{{ (env == 'production') | ternary(maubot_prod_db_password, maubot_stg_db_password) }}" - - name: Maubot database creation - community.postgresql.postgresql_db: - name: maubot - owner: maubot - encoding: UTF-8 - -- name: Make the app be real - hosts: os_control_stg:os_control - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: rabbit/user - user_name: "maubot{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(meetbot|maubot)\..* - - - role: openshift/project - project_app: maubot - project_description: Maubot - project_appowners: - - ryanlerch - - kevin - - - role: openshift/keytab - keytab_app: maubot - keytab_key: service.keytab - keytab_secret_name: maubot-keytab - keytab_service: HTTP - keytab_host: "maubot.apps.ocp{{env_suffix}}.fedoraproject.org" - - - role: openshift/ipa-client - ipa_client_app: maubot - - - role: openshift/object - object_app: maubot - object_file: imagestream.yml - object_objectname: imagestream.yml - - - role: openshift/object - object_app: maubot - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: maubot - object_template: meetbot-logs-volume.yml.j2 - object_objectname: meetbot-logs-volume.yml - - - role: openshift/object - object_app: maubot - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/secret-file - secret_file_app: maubot - secret_file_secret_name: maubot-fedora-messaging-key - secret_file_key: maubot.key - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/maubot{{env_suffix}}.key" - - - role: openshift/secret-file - secret_file_app: maubot - secret_file_secret_name: maubot-fedora-messaging-crt - secret_file_key: maubot.crt - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/maubot{{env_suffix}}.crt" - - - role: openshift/secret-file - secret_file_app: maubot - secret_file_secret_name: maubot-fedora-messaging-ca - secret_file_key: maubot.ca - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - - role: openshift/start-build - start_build_app: maubot - start_build_buildname: maubot-build - start_build_objectname: maubot-build - tags: - - never - - build - - - role: openshift/object - object_app: maubot - object_file: service.yml - object_objectname: service.yml - - - role: openshift/route - route_app: maubot - route_name: maubot - route_host: "maubot.apps.ocp{{ env_suffix }}.fedoraproject.org" - route_serviceport: maubot - route_servicename: maubot - - - role: openshift/object - object_app: maubot - object_file: deployment.yml - object_objectname: deployment.yml - - ############################################### - # actions to delete the project from OpenShift - ############################################### - # to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/maubot.yml - - role: openshift/object-delete - object_delete_app: maubot - object_delete_objecttype: project - object_delete_objectname: maubot - tags: [never, delete] diff --git a/playbooks/openshift-apps/mdapi.yml b/playbooks/openshift-apps/mdapi.yml deleted file mode 100644 index b0902cd9e5..0000000000 --- a/playbooks/openshift-apps/mdapi.yml +++ /dev/null @@ -1,99 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control_stg[0]:os_control[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: rabbit/user - user_name: "mdapi{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.mdapi\..* - - - role: openshift/project - project_app: mdapi - project_description: mdapi is a small API exposing the metadata contained in different RPM repositories. - project_appowners: - - t0xic0der - - kevin - - - role: openshift/object - object_app: mdapi - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: mdapi - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: mdapi - object_file: storage.yml - object_objectname: storage.yml - - - role: openshift/object - object_app: mdapi - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/secret-file - secret_file_app: mdapi - secret_file_secret_name: mdapi-fedora-messaging-key - secret_file_key: mdapi.key - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/mdapi{{env_suffix}}.key" - - - role: openshift/secret-file - secret_file_app: mdapi - secret_file_secret_name: mdapi-fedora-messaging-crt - secret_file_key: mdapi.crt - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/mdapi{{env_suffix}}.crt" - - - role: openshift/secret-file - secret_file_app: mdapi - secret_file_secret_name: mdapi-fedora-messaging-ca - secret_file_key: mdapi.ca - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - - role: openshift/object - object_app: mdapi - object_file: cron.yml - object_objectname: cron.yml - tags: - - cron-job - - - role: openshift/start-build - start_build_app: mdapi - start_build_buildname: mdapi-build - start_build_objectname: mdapi-build - tags: - - never - - build - - - role: openshift/object - object_app: mdapi - object_file: service.yml - object_objectname: service.yml - - - role: openshift/route - route_app: mdapi - route_name: mdapi - route_host: "mdapi{{env_suffix}}.fedoraproject.org" - route_serviceport: 8080-tcp - route_servicename: mdapi - - - role: openshift/object - object_app: mdapi - object_file: deploymentconfig.yml - object_objectname: deploymentconfig.yml - - - role: openshift/rollout - rollout_app: mdapi - rollout_dcname: mdapi - tags: - - never - - rollout diff --git a/playbooks/openshift-apps/mirrormanager.yml b/playbooks/openshift-apps/mirrormanager.yml deleted file mode 100644 index 54781e6e71..0000000000 --- a/playbooks/openshift-apps/mirrormanager.yml +++ /dev/null @@ -1,179 +0,0 @@ -# -# MirrorManager -# - ---- -- name: Setup the database - hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/vars/apps/mirrormanager.yml - - tasks: - - name: DB user - community.postgresql.postgresql_user: - name: "{{ (env == 'production') | ternary(mirrormanager_db_user, mirrormanager_stg_db_user) }}" - password: "{{ (env == 'production') | ternary(mirrormanager_db_pass, mirrormanager_stg_db_pass) }}" - - name: FMN database creation - community.postgresql.postgresql_db: - name: "{{ (env == 'production') | ternary(mirrormanager_db_name, mirrormanager_stg_db_name) }}" - owner: "{{ (env == 'production') | ternary(mirrormanager_db_user, mirrormanager_stg_db_user) }}" - encoding: UTF-8 - -- name: Make the app be real - hosts: os_control_stg:os_control - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/vars/apps/mirrormanager.yml - - roles: - - role: rabbit/user - user_name: "mirrormanager{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.mirrormanager\..* - tags: - - config - - fedora-messaging - - rabbitmq_cluster - - - role: openshift/project - project_app: mirrormanager - project_description: "MirrorManager" - project_appowners: - - abompard - - nphilipp - - adrian - project_allow_pod_creation: true - tags: - - apply-appowners - - - role: openshift/object - object_app: mirrormanager - object_file: imagestream.yml - object_objectname: imagestream.yml - - - role: openshift/object - object_app: mirrormanager - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: mirrormanager - object_file: storage.yml - object_objectname: storage.yml - - - role: openshift/object - object_app: mirrormanager - object_template: secrets.yml.j2 - object_objectname: secrets.yml - - - role: openshift/object - object_app: mirrormanager - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: mirrormanager - object_file: service.yml - object_objectname: service.yml - - # Routes - - role: openshift/route - route_app: mirrormanager - route_name: frontend - route_host: "{{ mirrormanager_hostname }}" - route_servicename: frontend - route_serviceport: web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - - - role: openshift/route - route_app: mirrormanager - route_name: frontend-openshift - route_host: "mirrormanager.apps.ocp{{ env_suffix }}.fedoraproject.org" - route_servicename: frontend - route_serviceport: web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - when: mirrormanager_hostname != "mirrormanager.apps.ocp{}.fedoraproject.org".format(env_suffix) - - # SSH key to get the access logs - - role: openshift/secret-file - secret_file_app: mirrormanager - secret_file_secret_name: ssh-mirrorlist-proxies-key - secret_file_key: ssh_mirrorlist_proxies.key - secret_file_privatefile: "mirrormanager/id_rsa" - - # Fedora Messaging - - role: openshift/secret-file - secret_file_app: mirrormanager - secret_file_secret_name: fedora-messaging-ca - secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - role: openshift/secret-file - secret_file_app: mirrormanager - secret_file_secret_name: fedora-messaging-crt - secret_file_key: cert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/mirrormanager{{env_suffix}}.crt" - - role: openshift/secret-file - secret_file_app: mirrormanager - secret_file_secret_name: fedora-messaging-key - secret_file_key: key.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/mirrormanager{{env_suffix}}.key" - - # Deployment config - - role: openshift/object - object_app: mirrormanager - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - # Cron jobs - - role: openshift/object - object_app: mirrormanager - object_template: cron-crawler.yml.j2 - object_objectname: cron-crawler.yml - when: env == "production" - - role: openshift/object - object_app: mirrormanager - object_template: cron-propagation.yml.j2 - object_objectname: cron-propagation.yml - when: env == "production" - - role: openshift/object - object_app: mirrormanager - object_template: cron-accesses.yml.j2 - object_objectname: cron-accesses.yml - - role: openshift/object - object_app: mirrormanager - object_template: cron-mirrorlist-cache.yml.j2 - object_objectname: cron-mirrorlist-cache.yml - - role: openshift/object - object_app: mirrormanager - object_template: cron-geoip.yml.j2 - object_objectname: cron-geoip.yml - - role: openshift/object - object_app: mirrormanager - object_template: cron-primary-mirror.yml.j2 - object_objectname: cron-primary-mirror.yml - - - role: openshift/start-build - start_build_app: mirrormanager - start_build_buildname: mm - tags: - - never - - build - - - role: openshift/rollout - rollout_app: mirrormanager - rollout_dcname: frontend - tags: - - never - - rollout diff --git a/playbooks/openshift-apps/modernpaste.yml b/playbooks/openshift-apps/modernpaste.yml new file mode 100644 index 0000000000..179c2bd4dc --- /dev/null +++ b/playbooks/openshift-apps/modernpaste.yml @@ -0,0 +1,20 @@ +- name: make the app be real + hosts: os-masters-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: openshift/object, app: modernpaste, file: imagestream.yml } + - { role: openshift/object, app: modernpaste, template: secret.yml } + - { role: openshift/object, app: modernpaste, file: buildconfig.yml } + - { role: openshift/start-build, app: modernpaste, name: modernpaste-docker-build } + - { role: openshift/object, app: modernpaste, template: configmap.yml } + - { role: openshift/object, app: modernpaste, file: service.yml } + - { role: openshift/object, app: modernpaste, file: route.yml } + - { role: openshift/object, app: modernpaste, file: deploymentconfig.yml } + - { role: openshift/rollout, app: modernpaste, name: modernpaste-web } diff --git a/playbooks/openshift-apps/mote.yml b/playbooks/openshift-apps/mote.yml deleted file mode 100644 index 7c66a4c00a..0000000000 --- a/playbooks/openshift-apps/mote.yml +++ /dev/null @@ -1,114 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: mote - project_description: Mote v2 - project_appowners: - - darknao - - t0xic0der - - ryanlerch - tags: - - appowners - - - role: openshift/imagestream - imagestream_app: mote - imagename: mote - - - role: openshift/object - object_app: mote - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: mote - object_template: mote-dc.yml.j2 - object_objectname: mote-dc.yml - - - role: openshift/object - object_app: mote - object_template: mote-worker-dc.yml.j2 - object_objectname: mote-worker-dc.yml - - - role: openshift/object - object_app: mote - object_template: fedmsg-dc.yml.j2 - object_objectname: fedmsg-dc.yml - - - role: openshift/object - object_app: mote - object_template: redis-is.yml.j2 - object_objectname: redis-is.yml - - - role: openshift/object - object_app: mote - object_template: redis-dc.yml.j2 - object_objectname: redis-dc.yml - - - role: openshift/object - object_app: mote - object_template: redis-svc.yml.j2 - object_objectname: redis-svc.yml - - - role: openshift/object - object_app: mote - object_template: mote-svc.yml.j2 - object_objectname: mote-svc.yml - - - role: openshift/object - object_app: mote - object_template: mote-cm.yml.j2 - object_objectname: mote-cm.yml - - - role: openshift/object - object_app: mote - object_template: secret.yml.j2 - object_objectname: secret.yml - - - role: openshift/object - object_app: mote - object_template: fedmsg-cm.yml.j2 - object_objectname: fedmsg-cm.yml - - - role: openshift/object - object_app: mote - object_template: pvc.yml.j2 - object_objectname: pvc.yml - - - role: openshift/route - route_app: mote - route_name: mote - route_serviceport: mote-tcp - route_servicename: mote - route_host: "meetbot{{ env_suffix }}.fedoraproject.org" - route_annotations: - haproxy.router.openshift.io/set-forwarded-headers: append - - - role: openshift/start-build - start_build_app: mote - start_build_buildname: mote - start_build_objectname: mote - tags: - - never - - build - -# -############################################### -# actions to delete the project from OpenShift -############################################### -# to run: sudo rbac-playbook -l os_control_stg[0] -t delete openshift-apps/mote.yml - - role: openshift/object-delete - object_delete_app: mote - object_delete_objecttype: project - object_delete_objectname: mote - tags: - - never - - delete diff --git a/playbooks/openshift-apps/noggin-centos.yml b/playbooks/openshift-apps/noggin-centos.yml deleted file mode 100644 index 4c1314007e..0000000000 --- a/playbooks/openshift-apps/noggin-centos.yml +++ /dev/null @@ -1,121 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - vars: - - roles: - - role: rabbit/user - user_name: "noggin{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fas\..* - - - role: openshift/project - project_app: noggin-centos - project_description: "Self-service account portal" - project_appowners: - - abompard - - nils - - ryanlerch - tags: - - apply-appowners - when: env == "production" - - role: openshift/project - project_app: noggin-centos - project_description: "Self-service account portal" - project_appowners: - - abompard - - nils - - ryanlerch - tags: - - apply-appowners - when: env == "staging" - - - role: openshift/secret-file - secret_file_app: noggin-centos - secret_file_secret_name: fedora-messaging-ca - secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - role: openshift/secret-file - secret_file_app: noggin-centos - secret_file_secret_name: fedora-messaging-crt - secret_file_key: noggin-cert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/noggin{{env_suffix}}.crt" - - role: openshift/secret-file - secret_file_app: noggin-centos - secret_file_secret_name: fedora-messaging-key - secret_file_key: noggin-key.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/noggin{{env_suffix}}.key" - - - role: openshift/imagestream - imagestream_app: noggin-centos - imagestream_imagename: noggin - - - role: openshift/object - object_app: noggin - object_os_app: noggin-centos - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: noggin - object_os_app: noggin-centos - object_template: configmap.yml.j2 - object_objectname: configmap.yml - noggin_theme: centos - - - role: openshift/ipa-client - ipa_client_app: noggin-centos - - - role: openshift/object - object_app: noggin - object_os_app: noggin-centos - object_template: service.yml.j2 - object_objectname: service.yml - - - role: openshift/route - route_app: noggin-centos - route_name: noggin - route_host: "accounts{{ env_suffix }}.centos.org" - route_serviceport: web - route_servicename: noggin-web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - - - role: openshift/object - object_app: noggin - object_os_app: noggin-centos - object_template: secrets.yml.j2 - object_objectname: secrets.yml - - - role: openshift/object - object_app: noggin - object_os_app: noggin-centos - object_template: secret-webhook.yml.j2 - object_objectname: secret-webhook.yml - - - role: openshift/object - object_app: noggin - object_os_app: noggin-centos - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - - role: openshift/start-build - start_build_app: noggin-centos - start_build_buildname: noggin - tags: - - never - - build - - - role: openshift/rollout - rollout_app: noggin-centos - rollout_dcname: noggin - tags: - - never - - rollout diff --git a/playbooks/openshift-apps/noggin.yml b/playbooks/openshift-apps/noggin.yml deleted file mode 100644 index 54b84bb6dc..0000000000 --- a/playbooks/openshift-apps/noggin.yml +++ /dev/null @@ -1,116 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - vars: - - roles: - - role: rabbit/user - user_name: "noggin{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fas\..* - - - role: openshift/project - project_app: noggin - project_description: "Self-service account portal" - project_appowners: - - abompard - - nils - - ryanlerch - tags: - - apply-appowners - when: env == "production" - - role: openshift/project - project_app: noggin - project_description: "Self-service account portal" - project_appowners: - - abompard - - nils - - ryanlerch - tags: - - apply-appowners - when: env == "staging" - - - role: openshift/secret-file - secret_file_app: noggin - secret_file_secret_name: fedora-messaging-ca - secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - role: openshift/secret-file - secret_file_app: noggin - secret_file_secret_name: fedora-messaging-crt - secret_file_key: noggin-cert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/noggin{{env_suffix}}.crt" - - role: openshift/secret-file - secret_file_app: noggin - secret_file_secret_name: fedora-messaging-key - secret_file_key: noggin-key.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/noggin{{env_suffix}}.key" - - - role: openshift/imagestream - imagestream_app: noggin - imagestream_imagename: noggin - - - role: openshift/object - object_app: noggin - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: noggin - object_template: configmap.yml.j2 - object_objectname: configmap.yml - noggin_theme: fas - - - role: openshift/ipa-client - ipa_client_app: noggin - - - role: openshift/object - object_app: noggin - object_template: service.yml.j2 - object_objectname: service.yml - - - role: openshift/route - route_app: noggin - route_name: noggin - route_host: "accounts{{ env_suffix }}.fedoraproject.org" - route_serviceport: web - route_servicename: noggin-web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - haproxy.router.openshift.io/set-forwarded-headers: append - - - role: openshift/object - object_app: noggin - object_template: secrets.yml.j2 - object_objectname: secrets.yml - - - role: openshift/object - object_app: noggin - object_template: secret-webhook.yml.j2 - object_objectname: secret-webhook.yml - - - role: openshift/object - object_app: noggin - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - - role: openshift/start-build - start_build_app: noggin - start_build_buildname: noggin - tags: - - never - - build - - - role: openshift/rollout - rollout_app: noggin - rollout_dcname: noggin - tags: - - never - - rollout diff --git a/playbooks/openshift-apps/openscanhub.yml b/playbooks/openshift-apps/openscanhub.yml deleted file mode 100644 index 41007c08e6..0000000000 --- a/playbooks/openshift-apps/openscanhub.yml +++ /dev/null @@ -1,176 +0,0 @@ ---- -- name: OpenScanHub - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - vars: - - ocp4: true - - openscanhub_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.openscanhub\..* - - pre_tasks: - - name: Include Global Variables - ansible.builtin.include_vars: - dir: /srv/web/infra/ansible/vars/all/ - ignore_files: README - - roles: - - role: openshift/project - project_app: openscanhub - project_description: openscanhub - project_appowners: - - praiskup - - svashisht - - kevin - - zlopez - tags: - - apply-appowners - when: env == "production" - - role: openshift/project - project_app: openscanhub - project_description: openscanhub - project_appowners: - - praiskup - - svashisht - - kevin - - zlopez - tags: - - apply-appowners - when: env == "staging" - - role: openshift/object - object_app: openscanhub - object_template: pvc-var-lib-osh.yml.j2 - object_objectname: pvc-var-lib-osh - - role: openshift/object - object_app: openscanhub - object_template: settings-local-configmap.yml.j2 - object_objectname: settings-local-configmap - - role: openshift/object - object_app: openscanhub - object_template: osh-hub-httpd-configmap.yml.j2 - object_objectname: osh-hub-httpd-configmap - - role: openshift/keytab - keytab_app: openscanhub - keytab_key: service.keytab - keytab_secret_name: openscanhub-keytab - keytab_service: HTTP - keytab_host: "openscanhub.stg.fedoraproject.org" - when: env == "staging" - - role: openshift/keytab - keytab_app: openscanhub - keytab_key: service.keytab - keytab_secret_name: openscanhub-keytab - keytab_service: HTTP - keytab_host: "openscanhub.fedoraproject.org" - when: env == "production" - - role: openshift/object - object_app: openscanhub - object_template: deployment-fedora-osh-hub.yml.j2 - object_objectname: deployment-fedora-osh-hub - - role: openshift/object - object_app: openscanhub - object_template: route-fedora-osh-hub.yml.j2 - object_objectname: route-fedora-osh-hub - - role: openshift/object - object_app: openscanhub - object_file: service-fedora-osh-hub.yml - object_objectname: service-fedora-osh-hub - - # Configurations for redis. - - role: openshift/object - object_app: openscanhub - object_template: pvc-var-lib-redis-data.yml.j2 - object_objectname: pvc-var-lib-redis-data - - role: openshift/object - object_app: openscanhub - object_file: deployment-redis.yml - object_objectname: deployment-redis - - role: openshift/object - object_app: openscanhub - object_file: route-redis.yml - object_objectname: route-redis - - role: openshift/object - object_app: openscanhub - object_file: service-redis.yml - object_objectname: service-redis - - # Configurations for resalloc-server. - - role: openshift/object - object_app: openscanhub - object_template: etc-resallocserver-server-configmap.yml.j2 - object_objectname: etc-resallocserver-server-configmap - - role: openshift/object - object_app: openscanhub - object_template: etc-resallocserver-pools-configmap.yml.j2 - object_objectname: etc-resallocserver-pools-configmap - - role: openshift/object - object_app: openscanhub - object_template: vm-provisioning-configmap.yml.j2 - object_objectname: vm-provisioning-configmap - - role: openshift/object - object_app: openscanhub - object_template: aws-credentials-configmap.yml.j2 - object_objectname: aws-credentials-configmap - - role: openshift/object - object_app: openscanhub - object_template: aws-openscanhub-key.yml.j2 - object_objectname: aws-openscanhub-key - - role: openshift/object - object_app: openscanhub - object_template: deployment-resalloc-server.yml.j2 - object_objectname: deployment-resalloc-server - - role: openshift/object - object_app: openscanhub - object_template: route-resalloc-server.yml.j2 - object_objectname: route-resalloc-server - - role: openshift/object - object_app: openscanhub - object_template: service-resalloc-server.yml.j2 - object_objectname: service-resalloc-server - - # Configurations for Fedora messaging - - role: rabbit/user - user_name: "openscanhub{{ env_suffix }}" - user_sent_topics: "{{ openscanhub_sent_topics }}" - - - role: rabbit/queue - queue_username: "openscanhub{{ env_suffix }}" - queue_name: "openscanhub{{ env_suffix }}" - queue_routing_keys: "org.fedoraproject.*.openscanhub.scan.started" - queue_thresholds: - warning: 10 - critical: 100 - user_sent_topics: "{{ openscanhub_sent_topics }}" - - - role: openshift/secret-file - secret_file_app: openscanhub - secret_file_secret_name: openscanhub-fedora-messaging-ca - secret_file_key: fedora-messaging-openscanhub-ca.crt - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - role: openshift/secret-file - secret_file_app: openscanhub - secret_file_secret_name: openscanhub-fedora-messaging-key - secret_file_key: fedora-messaging-openscanhub.key - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/openscanhub{{env_suffix}}.key" - - role: openshift/secret-file - secret_file_app: openscanhub - secret_file_secret_name: openscanhub-fedora-messaging-cert - secret_file_key: fedora-messaging-openscanhub.crt - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/openscanhub{{env_suffix}}.crt" - - role: openshift/object - object_app: openscanhub - object_template: fedora-messaging-configmap.yml.j2 - object_objectname: fedora-messaging-configmap - - # sudo rbac-playbook -l staging -t delete openshift-apps/openscanhub.yml - - role: openshift/object-delete - object_delete_app: openscanhub - object_delete_objecttype: project - object_delete_objectname: openscanhub - tags: [never, delete] - when: env == "staging" diff --git a/playbooks/openshift-apps/openvpn.yml b/playbooks/openshift-apps/openvpn.yml deleted file mode 100644 index a58629577b..0000000000 --- a/playbooks/openshift-apps/openvpn.yml +++ /dev/null @@ -1,87 +0,0 @@ ---- -- name: Make the app be real - # We don't have any VPN set up on stg - hosts: os_control[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - vars: - - roles: - - role: openshift/project - project_app: openvpn - project_description: Openvpn Client - project_appowners: - - kevin - tags: - - apply-appowners - - - role: openshift/object - object_app: openvpn - object_objectname: imagestream.yml - object_template: imagestream.yml.j2 - - - role: openshift/object - object_app: openvpn - object_objectname: buildconfig.yml - object_template: buildconfig.yml.j2 - - - role: openshift/object - object_app: openvpn - object_template: serviceaccount.yml.j2 - object_objectname: serviceaccount.yml - - - role: openshift/object - object_app: openvpn - object_template: scc.yml.j2 - object_objectname: scc.yml - - - role: openshift/object - object_app: openvpn - object_template: scc_role.yml.j2 - object_objectname: scc_role.yml - - - role: openshift/object - object_app: openvpn - object_template: scc_rolebinding.yml.j2 - object_objectname: scc_rolebinding.yml - - # load openVPN client certs for each node in ocp_nodes into ocp secret - # expect certs to be generated in {{private}}/files/vpn/pki/issued/ - - role: openshift/object - object_app: openvpn - object_template: secrets.yml.j2 - object_objectname: secrets.yml - - - role: openshift/object - object_app: openvpn - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: openvpn - object_template: deployment.yml.j2 - object_objectname: deployment.yml - - - role: openshift/start-build - start_build_app: openvpn - start_build_buildname: openvpn - tags: - - never - - build - -############################################### -# actions to delete the project from OpenShift -############################################### -# to run: sudo rbac-playbook -l os_masters_stg[0] -t delete openshift-apps/openvpn.yml - - role: openshift/object-delete - object_delete_app: openvpn - object_delete_objecttype: project - object_delete_objectname: openvpn - tags: - - never - - delete diff --git a/playbooks/openshift-apps/oraculum.yml b/playbooks/openshift-apps/oraculum.yml deleted file mode 100644 index adb2307a67..0000000000 --- a/playbooks/openshift-apps/oraculum.yml +++ /dev/null @@ -1,137 +0,0 @@ ---- -- name: Prepare setting up the database - hosts: db01.stg.iad2.fedoraproject.org:db01.iad2.fedoraproject.org - gather_facts: no - user: root - - tasks: - - name: Install psycopg2 for the postgresql ansible modules - ansible.builtin.package: - name: python3-psycopg2 - state: present - tags: - - packages - -- name: Setup the database - hosts: db01.stg.iad2.fedoraproject.org:db01.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" - - tasks: - - name: Create the database user - community.postgresql.postgresql_user: - name: "{{ oraculum_db_user }}" - password: "{{ oraculum_db_pass }}" - - name: Create the database itself - community.postgresql.postgresql_db: - name: "{{ oraculum_db_name }}" - owner: "{{ oraculum_db_user }}" - encoding: UTF-8 - - name: Test the database creation - community.postgresql.postgresql_db: - name: "{{ oraculum_db_name }}" - owner: "{{ oraculum_db_user }}" - encoding: UTF-8 - -- name: Make the app be real - hosts: os_control_stg[0]:os_control[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: oraculum - project_description: Packager Dashboard - project_appowners: - - frantisekz - - jskladan - - lbrabec - tags: - - appowners - - - role: openshift/object - object_app: oraculum - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: oraculum - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - - role: openshift/object - object_app: oraculum - object_template: deployment.yml.j2 - object_objectname: deployment.yml - - - role: openshift/object - object_app: oraculum - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: oraculum - object_file: service.yml - object_objectname: service.yml - - - role: openshift/object - object_app: oraculum - object_template: secret.yml.j2 - object_objectname: secret.yml - - - role: openshift/route - route_app: oraculum - route_name: oraculum-api - route_host: "packager-dashboard{{ env_suffix }}.fedoraproject.org" - route_path: "/api" - route_serviceport: 8080-tcp - route_servicename: oraculum-api-endpoint - route_annotations: - haproxy.router.openshift.io/set-forwarded-headers: append - - - role: openshift/route - route_app: oraculum - route_name: oraculum-oidc-callback - route_host: "packager-dashboard{{ env_suffix }}.fedoraproject.org" - route_path: "/oidc_callback" - route_serviceport: 8080-tcp - route_servicename: oraculum-api-endpoint - route_annotations: - haproxy.router.openshift.io/set-forwarded-headers: append - - - role: openshift/route - route_app: oraculum - route_name: oraculum-flower - route_host: "packager-dashboard{{ env_suffix }}.fedoraproject.org" - route_path: "/_flower" - route_serviceport: 8080-tcp - route_servicename: oraculum-flower - route_annotations: - haproxy.router.openshift.io/set-forwarded-headers: append - - - role: openshift/route - route_app: oraculum - route_name: oraculum-frontend - route_host: "packager-dashboard{{ env_suffix }}.fedoraproject.org" - route_serviceport: 8080-tcp - route_servicename: oraculum-frontend - route_annotations: - haproxy.router.openshift.io/set-forwarded-headers: append - - - role: openshift/start-build - start_build_app: oraculum - start_build_buildname: packager-dashboard-build - start_build_objectname: packager-dashboard-build - tags: - - never - - build diff --git a/playbooks/openshift-apps/planet.yml b/playbooks/openshift-apps/planet.yml deleted file mode 100644 index e6860d8f94..0000000000 --- a/playbooks/openshift-apps/planet.yml +++ /dev/null @@ -1,105 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: planet - project_description: "Fedora Planet" - project_appowners: - - phsmoura - - kevin - tags: - - apply-appowners - - # Keytabs - - role: openshift/keytab - keytab_app: planet - keytab_key: http - keytab_secret_name: planet-keytab-http - keytab_service: HTTP - keytab_host: "{{env_prefix}}fedoraplanet.org" - - - role: openshift/imagestream - imagestream_app: planet - imagestream_imagename: planet - - - role: openshift/object - object_app: planet - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: planet - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/ipa-client - ipa_client_app: planet - - - role: openshift/object - object_app: planet - object_file: service.yml - object_objectname: service.yml - - - role: openshift/object - object_app: planet - object_file: pvc.yml - object_objectname: pvc.yml - - - role: openshift/route - route_app: planet - route_name: planet-ocp - route_host: "planet.apps.ocp{{env_suffix}}.fedoraproject.org" - route_serviceport: web - route_servicename: planet - route_annotations: - haproxy.router.openshift.io/timeout: 5m - - - role: openshift/route - route_app: planet - route_name: planet - route_host: "{{env_prefix}}fedoraplanet.org" - route_serviceport: web - route_servicename: planet - route_annotations: - haproxy.router.openshift.io/timeout: 5m - - - role: openshift/object - object_app: planet - object_template: deployment.yml.j2 - object_objectname: deployment.yml - - - role: openshift/object - object_app: planet - object_template: cronjob.yml.j2 - object_objectname: cronjob.yml - - - role: openshift/secret-file - secret_file_app: planet - secret_file_secret_name: planet-fedora-messaging-ca - secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - - role: openshift/secret-file - secret_file_app: planet - secret_file_secret_name: planet-fedora-messaging-crt - secret_file_key: planet-cert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/planet{{env_suffix}}.crt" - - - role: openshift/secret-file - secret_file_app: planet - secret_file_secret_name: planet-fedora-messaging-key - secret_file_key: planet-key.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/planet{{env_suffix}}.key" - - - role: rabbit/user - user_name: "planet{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.planet\..* diff --git a/playbooks/openshift-apps/poddlers.yml b/playbooks/openshift-apps/poddlers.yml deleted file mode 100644 index f99eef7103..0000000000 --- a/playbooks/openshift-apps/poddlers.yml +++ /dev/null @@ -1,123 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/vars/apps/poddlers.yml - - pre_tasks: - - name: Setup Rabbit User - ansible.builtin.include_role: - name: rabbit/user - vars: - user_name: toddlers{{ env_suffix }} - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.toddlers\..* - - - name: Setup Rabbit Queue - ansible.builtin.include_role: - name: rabbit/queue - vars: - queue_username: toddlers{{ env_suffix }} - queue_name: toddlers{{ env_suffix }}-{{ item.name }} - queue_routing_keys: "{{ item.topics }}" - queue_thresholds: - warning: 10 - critical: 100 - loop: "{{ poddlers_toddlers }}" - when: "item.replicas|default(1) > 0" - - roles: - - role: openshift/project - project_app: poddlers - project_description: Small fedora-messaging toddlers that keep running around in pods. - project_appowners: - - abompard - - zlopez - - kevin - - amedvede - - jnsamyak - - nphilipp - - lenkaseg - - jnsamyak - tags: - - appowners - - # Keytabs - - role: openshift/keytab - keytab_app: poddlers - keytab_key: service.keytab - keytab_secret_name: keytab - keytab_service: toddlers - - role: openshift/keytab - keytab_app: poddlers - keytab_key: sync-group.keytab - keytab_secret_name: sync-group-keytab - keytab_service: toddlers-sync-group - - - role: openshift/ipa-client - ipa_client_app: poddlers - - - role: openshift/object - object_app: poddlers - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/secret-file - secret_file_app: poddlers - secret_file_secret_name: toddlers-fedora-messaging-key - secret_file_key: toddlers.key - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/toddlers{{env_suffix}}.key" - - - role: openshift/secret-file - secret_file_app: poddlers - secret_file_secret_name: toddlers-fedora-messaging-crt - secret_file_key: toddlers.crt - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/toddlers{{env_suffix}}.crt" - - - role: openshift/secret-file - secret_file_app: poddlers - secret_file_secret_name: toddlers-fedora-messaging-ca - secret_file_key: toddlers.ca - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - - role: openshift/object - object_app: poddlers - object_template: secrets.yml.j2 - object_objectname: secrets.yml - - - role: openshift/object - object_app: poddlers - object_template: cron-playtime.yml.j2 - object_objectname: cron-playtime.yml - tags: - - cron-job - - - role: openshift/object - object_app: poddlers - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - - role: openshift/object - object_app: poddlers - object_file: imagestream.yml - object_objectname: imagestream.yml - - - role: openshift/start-build - start_build_app: poddlers - start_build_buildname: toddlers - tags: - - never - - build - - - role: openshift/rollout - rollout_app: poddlers - rollout_dcname: "{{ item.name }}" - loop: "{{ poddlers_toddlers }}" - tags: - - never - - rollout diff --git a/playbooks/openshift-apps/release-monitoring.yml b/playbooks/openshift-apps/release-monitoring.yml deleted file mode 100644 index ed52cacda3..0000000000 --- a/playbooks/openshift-apps/release-monitoring.yml +++ /dev/null @@ -1,72 +0,0 @@ -# Deploy the app ---- -- name: Make the app be real - hosts: os_control_stg[0]:os_control[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: rabbit/user - user_name: "anitya{{ env_suffix }}" - user_sent_topics: ^org\.release-monitoring\.{{ env_short }}\.anitya\..* - - role: openshift/project - project_app: release-monitoring - project_description: release-monitoring - project_appowners: - - zlopez - - role: openshift/secret-file - secret_file_app: release-monitoring - secret_file_secret_name: release-monitoring-fedora-messaging-ca - secret_file_key: fedora-messaging-release-monitoring-ca.crt - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - role: openshift/secret-file - secret_file_app: release-monitoring - secret_file_secret_name: release-monitoring-fedora-messaging-key - secret_file_key: fedora-messaging-release-monitoring.key - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/anitya{{env_suffix}}.key" - - role: openshift/secret-file - secret_file_app: release-monitoring - secret_file_secret_name: release-monitoring-fedora-messaging-cert - secret_file_key: fedora-messaging-release-monitoring.crt - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/anitya{{env_suffix}}.crt" - - role: openshift/object - object_app: release-monitoring - object_file: imagestream.yml - object_objectname: imagestream.yml - - role: openshift/object - object_app: release-monitoring - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - role: openshift/start-build - start_build_app: release-monitoring - start_build_buildname: release-monitoring-web-build - tags: - - never - - build - - role: openshift/object - object_app: release-monitoring - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - role: openshift/object - object_app: release-monitoring - object_file: service.yml - object_objectname: service.yml - - role: openshift/object - object_app: release-monitoring - object_template: route.yml.j2 - object_objectname: route.yml - - role: openshift/object - object_app: release-monitoring - object_file: deploymentconfig.yml - object_objectname: deploymentconfig.yml - - role: openshift/rollout - rollout_app: release-monitoring - rollout_dcname: release-monitoring-web - tags: - - never - - rollout diff --git a/playbooks/openshift-apps/resultsdb-ci-listener.yml b/playbooks/openshift-apps/resultsdb-ci-listener.yml deleted file mode 100644 index 3ee5c5ba36..0000000000 --- a/playbooks/openshift-apps/resultsdb-ci-listener.yml +++ /dev/null @@ -1,85 +0,0 @@ -# -# ResultsDB CI Listener -# ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: rabbit/queue - queue_username: "resultsdb{{ env_suffix }}_ci_listener" - queue_name: "resultsdb{{ env_suffix }}_ci_listener" - queue_routing_keys: - - 'org.centos.*.ci.pipeline.allpackages-build.complete' - - 'org.centos.*.ci.pipeline.allpackages-build.image.complete' - - 'org.centos.*.ci.pipeline.allpackages-build.package.test.functional.complete' - - 'org.centos.*.ci.pipeline.allpackages-build.package.complete' - - 'org.centos.*.ci.pipeline.allpackages-build.package.ignored' - - 'org.centos.*.ci.koji-build.test.queued' - - 'org.centos.*.ci.koji-build.test.running' - - 'org.centos.*.ci.koji-build.test.complete' - - 'org.centos.*.ci.koji-build.test.error' - user_sent_topics: ^$ - - # The openshift/project role breaks if the project already exists: - # https://pagure.io/fedora-infrastructure/issue/6404 - - role: openshift/project - project_app: resultsdb-ci-listener - project_description: resultsdb-ci-listener - project_appowners: - - lholecek - - vmaljulin - - lrossett - - kevin - - gwmngilfen - tags: - - apply-appowners - - - role: openshift/secret-file - secret_file_app: resultsdb-ci-listener - secret_file_secret_name: resultsdb-ci-listener-fedora-messaging-key - secret_file_key: resultsdb-ci-listener.key - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/resultsdb{{env_suffix}}_ci_listener.key" - - - role: openshift/secret-file - secret_file_app: resultsdb-ci-listener - secret_file_secret_name: resultsdb-ci-listener-fedora-messaging-crt - secret_file_key: resultsdb-ci-listener.crt - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/resultsdb{{env_suffix}}_ci_listener.crt" - - - role: openshift/secret-file - secret_file_app: resultsdb-ci-listener - secret_file_secret_name: resultsdb-ci-listener-fedora-messaging-ca - secret_file_key: resultsdb-ci-listener.ca - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - - role: openshift/imagestream - imagestream_app: resultsdb-ci-listener - imagestream_imagename: resultsdb-ci-listener - - - role: openshift/object - object_app: resultsdb-ci-listener - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: resultsdb-ci-listener - object_template: secrets.yml.j2 - object_objectname: secrets.yml - - - role: openshift/object - object_app: resultsdb-ci-listener - object_template: configmaps.yml.j2 - object_objectname: configmaps.yml - - - role: openshift/object - object_app: resultsdb-ci-listener - object_template: deploymentconfigs.yml.j2 - object_objectname: deploymentconfigs.yml diff --git a/playbooks/openshift-apps/resultsdb.yml b/playbooks/openshift-apps/resultsdb.yml deleted file mode 100644 index e6a5bbce0d..0000000000 --- a/playbooks/openshift-apps/resultsdb.yml +++ /dev/null @@ -1,154 +0,0 @@ ---- -- name: Setup the database - hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Resultsdb DB user - prod - community.postgresql.postgresql_user: - name: "resultsdb" - password: "{{ prod_resultsdb_db_password }}" - when: env != 'staging' - - name: Resultsdb DB user - staging - community.postgresql.postgresql_user: - name: "resultsdb" - password: "{{ stg_resultsdb_db_password }}" - when: env == 'staging' - - name: Resultsdb database creation - community.postgresql.postgresql_db: - name: "resultsdb" - owner: "resultsdb" - encoding: UTF-8 - - -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: no - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/roles/openshift-apps/resultsdb/vars/main.yml - - roles: - - role: rabbit/user - user_name: "resultsdb{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.resultsdb\..* - - # The openshift/project role breaks if the project already exists: - # https://pagure.io/fedora-infrastructure/issue/6404 - - role: openshift/project - project_app: resultsdb - project_description: resultsdb - project_appowners: - - lholecek - - vmaljulin - - lrossett - - kevin - tags: - - apply-appowners - - - role: openshift/secret-file - secret_file_app: resultsdb - secret_file_secret_name: resultsdb-fedora-messaging-key - secret_file_key: resultsdb.key - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/resultsdb{{env_suffix}}.key" - - - role: openshift/secret-file - secret_file_app: resultsdb - secret_file_secret_name: resultsdb-fedora-messaging-crt - secret_file_key: resultsdb.crt - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/resultsdb{{env_suffix}}.crt" - - - role: openshift/secret-file - secret_file_app: resultsdb - secret_file_secret_name: resultsdb-fedora-messaging-ca - secret_file_key: resultsdb.ca - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - # backend objects - - role: openshift/object - object_app: resultsdb - object_template: backend/secrets.yml.j2 - object_objectname: backend-secrets.yml - - - role: openshift/object - object_app: resultsdb - object_template: backend/configmaps.yml.j2 - object_objectname: backend-configmaps.yml - - - role: openshift/object - object_app: resultsdb - object_template: backend/imagestream.yml.j2 - object_objectname: backend-imagestream.yml - - - role: openshift/object - object_app: resultsdb - object_template: backend/deploymentconfigs.yml.j2 - object_objectname: backend-deploymentconfigs.yml - - - role: openshift/object - object_app: resultsdb - object_template: backend/services.yml.j2 - object_objectname: backend-services.yml - - - role: openshift/route - route_app: resultsdb - route_name: resultsdb-api - route_host: "resultsdb{{ env_suffix }}.fedoraproject.org" - route_serviceport: api - route_servicename: resultsdb-api - route_path: /api - - # frontend objects - - role: openshift/object - object_app: resultsdb - object_template: frontend/secrets.yml.j2 - object_objectname: frontend-secrets.yml - - - role: openshift/object - object_app: resultsdb - object_template: frontend/configmaps.yml.j2 - object_objectname: frontend-configmaps.yml - - - role: openshift/object - object_app: resultsdb - object_template: frontend/deploymentconfigs.yml.j2 - object_objectname: frontend-deploymentconfigs.yml - - - role: openshift/object - object_app: resultsdb - object_template: frontend/services.yml.j2 - object_objectname: frontend-services.yml - - - role: openshift/route - route_app: resultsdb - route_name: resultsdb-web - route_host: "resultsdb{{ env_suffix }}.fedoraproject.org" - route_serviceport: web - route_servicename: resultsdb-frontend - route_path: / - - # rollouts - - role: openshift/rollout - rollout_app: resultsdb - rollout_dcname: "resultsdb-api" - failed_when: false - tags: - - never - - rollout - - - role: openshift/rollout - rollout_app: resultsdb - rollout_dcname: "resultsdb-frontend" - failed_when: false - tags: - - never - - rollout diff --git a/playbooks/openshift-apps/review-stats.yml b/playbooks/openshift-apps/review-stats.yml deleted file mode 100644 index b8d97bb9ae..0000000000 --- a/playbooks/openshift-apps/review-stats.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control_stg[0]:os_control[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: review-stats - project_description: Generate HTML with statistics about Fedora review tickets - project_appowners: - - mattia - - kevin - tags: - - apply-appowners - - role: openshift/imagestream - imagestream_app: review-stats - imagestream_imagename: builder - - role: openshift/object - object_app: review-stats - object_objectname: buildconfig.yml - object_template: buildconfig.yml.j2 - - role: openshift/object - object_app: review-stats - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - role: openshift/object - object_app: review-stats - object_template: pvc.yml.j2 - object_objectname: pvc.yml - - role: openshift/start-build - start_build_app: review-stats - start_build_buildname: builder-build - tags: - - never - - build - - role: openshift/object - object_app: review-stats - object_template: cron.yml.j2 - object_objectname: cron.yml - tags: - - deploy-cronjob diff --git a/playbooks/openshift-apps/test-auth.yml b/playbooks/openshift-apps/test-auth.yml deleted file mode 100644 index 0662024741..0000000000 --- a/playbooks/openshift-apps/test-auth.yml +++ /dev/null @@ -1,68 +0,0 @@ ---- -- name: Make the app be real - hosts: os_masters[0]:os_masters_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - vars: - - roles: - - role: openshift/project - project_app: test-auth - project_description: "Authentication testing" - project_appowners: - - abompard - tags: - - apply-appowners - - - role: openshift/imagestream - imagestream_app: test-auth - imagestream_imagename: test-auth - - - role: openshift/object - object_app: test-auth - object_template: buildconfig.yml - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: test-auth - object_template: configmap.yml - object_objectname: configmap.yml - - - role: openshift/object - object_app: test-auth - object_file: service.yml - object_objectname: service.yml - - # - role: openshift/route - # route_app: test-auth - # route_name: test-auth - # route_host: "admin{{ env_suffix }}.fedoraproject.org" - # route_path: "/test-auth" - # route_serviceport: web - # route_servicename: test-auth - # route_annotations: - # haproxy.router.openshift.io/timeout: 5m - - role: openshift/route - route_app: test-auth - route_name: test-auth - route_host: "test-auth.apps.ocp{{ env_suffix }}.fedoraproject.org" - route_serviceport: web - route_servicename: test-auth - route_annotations: - haproxy.router.openshift.io/timeout: 5m - - - role: openshift/object - object_app: test-auth - object_template: secret-webhook.yml - object_objectname: secret-webhook.yml - - - role: openshift/object - object_app: test-auth - object_template: deploymentconfig.yml - object_objectname: deploymentconfig.yml diff --git a/playbooks/openshift-apps/testdays.yml b/playbooks/openshift-apps/testdays.yml deleted file mode 100644 index 20bff1692c..0000000000 --- a/playbooks/openshift-apps/testdays.yml +++ /dev/null @@ -1,115 +0,0 @@ ---- -- name: Prepare setting up the database - hosts: db01.stg.iad2.fedoraproject.org:db01.iad2.fedoraproject.org - gather_facts: no - user: root - - tasks: - - name: Install psycopg2 for the postgresql ansible modules - ansible.builtin.package: - name: python3-psycopg2 - state: present - tags: - - packages - -- name: Setup the database - hosts: db01.stg.iad2.fedoraproject.org:db01.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" - - tasks: - - name: Create the database user - community.postgresql.postgresql_user: - name: "{{ testdays_db_user }}" - password: "{{ testdays_db_pass }}" - - name: Create the database itself - community.postgresql.postgresql_db: - name: "{{ testdays_db_name }}" - owner: "{{ testdays_db_user }}" - encoding: UTF-8 - - name: Test the database creation - community.postgresql.postgresql_db: - name: "{{ testdays_db_name }}" - owner: "{{ testdays_db_user }}" - encoding: UTF-8 - - name: Create the database user (resultsdb) - community.postgresql.postgresql_user: - name: "{{ resultsdb_testdays_db_user }}" - password: "{{ resultsdb_testdays_db_pass }}" - - name: Create the database itself (resultsdb) - community.postgresql.postgresql_db: - name: "{{ resultsdb_testdays_db_name }}" - owner: "{{ resultsdb_testdays_db_user }}" - encoding: UTF-8 - - name: Test the database creation (resultsdb) - community.postgresql.postgresql_db: - name: "{{ resultsdb_testdays_db_name }}" - owner: "{{ resultsdb_testdays_db_user }}" - encoding: UTF-8 - -- name: Make the app be real - hosts: os_control_stg[0]:os_control[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: testdays - project_description: The Fedora QE testdays application - project_appowners: - - frantisekz - - jskladan - - lbrabec - - kparal - tags: - - appowners - - - role: openshift/object - object_app: testdays - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: testdays - object_template: deployment.yml.j2 - object_objectname: deployment.yml - - - role: openshift/object - object_app: testdays - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: testdays - object_template: secret.yml.j2 - object_objectname: secret.yml - - - role: openshift/object - object_app: testdays - object_file: service.yml - object_objectname: service.yml - - - role: openshift/route - route_app: testdays - route_name: testdays - route_host: "testdays{{ env_suffix }}.fedoraproject.org" - route_serviceport: 8080-tcp - route_servicename: testdays - - - role: openshift/start-build - start_build_app: testdays - start_build_buildname: testdays-build - start_build_objectname: testdays-build - tags: - - never - - build diff --git a/playbooks/openshift-apps/the-new-hotness.yml b/playbooks/openshift-apps/the-new-hotness.yml deleted file mode 100644 index 5cbef45b8c..0000000000 --- a/playbooks/openshift-apps/the-new-hotness.yml +++ /dev/null @@ -1,104 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control_stg[0]:os_control[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: rabbit/queue - queue_username: the-new-hotness{{ env_suffix }} - queue_name: the-new-hotness{{ env_suffix }} - queue_routing_keys: - - "org.release-monitoring.*.anitya.project.version.update.v2" - - "org.release-monitoring.*.anitya.project.version.update" - - "org.release-monitoring.*.anitya.project.map.new" - - "org.fedoraproject.*.buildsys.task.state.change" - queue_thresholds: - warning: 10 - critical: 100 - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.hotness\..* - - - role: openshift/project - project_app: the-new-hotness - project_description: Fedora-messaging consumer that listens to the-new-hotness.org and files bugzilla bugs in response. - project_appowners: - - zlopez - - - role: openshift/keytab - keytab_app: the-new-hotness - keytab_key: koji-keytab - keytab_secret_name: the-new-hotness-keytab - keytab_service: the-new-hotness - keytab_host: "release-monitoring.org" - when: env == "production" - - - role: openshift/keytab - keytab_app: the-new-hotness - keytab_key: koji-keytab - keytab_secret_name: the-new-hotness-keytab - keytab_service: the-new-hotness - keytab_host: "stg.release-monitoring.org" - when: env == "staging" - - - role: openshift/secret-file - secret_file_app: the-new-hotness - secret_file_secret_name: the-new-hotness-fedora-messaging-ca - secret_file_key: fedora-messaging-the-new-hotness-ca.crt - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - - role: openshift/secret-file - secret_file_app: the-new-hotness - secret_file_secret_name: the-new-hotness-fedora-messaging-key - secret_file_key: fedora-messaging-the-new-hotness.key - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/the-new-hotness{{env_suffix}}.key" - - - role: openshift/secret-file - secret_file_app: the-new-hotness - secret_file_secret_name: the-new-hotness-fedora-messaging-cert - secret_file_key: fedora-messaging-the-new-hotness.crt - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/the-new-hotness{{env_suffix}}.crt" - - - role: openshift/object - object_app: the-new-hotness - object_file: imagestream.yml - object_objectname: imagestream.yml - - - role: openshift/object - object_app: the-new-hotness - object_file: service.yml - object_objectname: service.yml - - - role: openshift/object - object_app: the-new-hotness - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: the-new-hotness - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/start-build - start_build_app: the-new-hotness - start_build_buildname: the-new-hotness-build - start_build_objectname: the-new-hotness-build - tags: - - never - - build - - - role: openshift/object - object_app: the-new-hotness - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - - role: openshift/rollout - rollout_app: the-new-hotness - rollout_dcname: the-new-hotness - tags: - - never - - rollout diff --git a/playbooks/openshift-apps/transtats.yml b/playbooks/openshift-apps/transtats.yml deleted file mode 100644 index d6213dcaa3..0000000000 --- a/playbooks/openshift-apps/transtats.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: transtats - project_description: transtats - project_appowners: - - suanand - - role: openshift/object - object_app: transtats - object_objectname: secret.yml - object_template: secret.yml.j2 - - role: openshift/imagestream - imagestream_app: transtats - imagestream_imagename: transtats - - role: openshift/object - object_app: transtats - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - role: openshift/start-build - start_build_app: transtats - start_build_buildname: transtats-build - tags: - - never - - build - - role: openshift/object - object_app: transtats - object_file: service.yml - object_objectname: service.yml - - role: openshift/route - route_app: transtats - route_name: transtats-web - route_host: transtats{{ env_suffix }}.fedoraproject.org - route_serviceport: web - route_servicename: transtats-web - route_annotations: - haproxy.router.openshift.io/timeout: 8m - - role: openshift/object - object_app: transtats - object_file: deploymentconfig.yml - object_objectname: deploymentconfig.yml - - role: openshift/rollout - rollout_app: transtats - rollout_dcname: transtats-web - tags: - - never - - rollout diff --git a/playbooks/openshift-apps/waiverdb.yml b/playbooks/openshift-apps/waiverdb.yml index ef95e34350..cab69207be 100644 --- a/playbooks/openshift-apps/waiverdb.yml +++ b/playbooks/openshift-apps/waiverdb.yml @@ -1,39 +1,7 @@ ---- -- name: Setup the database - hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Waiverdb DB user - prod - community.postgresql.postgresql_user: - name: "waiverdb" - password: "{{ prod_waiverdb_db_password }}" - when: env != 'staging' - - name: Waiverdb DB user - staging - community.postgresql.postgresql_user: - name: "waiverdb" - password: "{{ stg_waiverdb_db_password }}" - when: env == 'staging' - - name: Waiverdb database creation - community.postgresql.postgresql_db: - name: "waiverdb" - owner: "waiverdb" - encoding: UTF-8 - - -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] +- name: make the app be real + hosts: os-masters:os-masters-stg user: root - gather_facts: false - vars: - waiverdb_oidc_overwrite_redirect_uri: >- - https://waiverdb{{ env_suffix }}.fedoraproject.org/oidc_callback + gather_facts: True vars_files: - /srv/web/infra/ansible/vars/global.yml @@ -41,92 +9,25 @@ - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - - role: rabbit/user - user_name: "waiverdb{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.waiverdb\..* - - # The openshift/project role breaks if the project already exists: - # https://pagure.io/fedora-infrastructure/issue/6404 - - role: openshift/project - project_app: waiverdb - project_description: waiverdb - project_appowners: - - lholecek - - vmaljulin - - kevin - tags: - - apply-appowners - - - role: openshift/object - object_app: waiverdb - object_template: secret.yml.j2 - object_objectname: secret.yml - - - role: openshift/secret-file - secret_file_app: waiverdb - secret_file_secret_name: waiverdb-fedora-messaging-key - secret_file_key: waiverdb.key - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/waiverdb{{env_suffix}}.key" - - - role: openshift/secret-file - secret_file_app: waiverdb - secret_file_secret_name: waiverdb-fedora-messaging-crt - secret_file_key: waiverdb.crt - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/waiverdb{{env_suffix}}.crt" - - - role: openshift/secret-file - secret_file_app: waiverdb - secret_file_secret_name: waiverdb-fedora-messaging-ca - secret_file_key: waiverdb.ca - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - - role: openshift/object - object_app: waiverdb - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: waiverdb - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: waiverdb - object_file: service.yml - object_objectname: service.yml - - - role: openshift/route - route_app: waiverdb - route_name: web-pretty - route_host: "waiverdb{{ env_suffix }}.fedoraproject.org" - route_serviceport: web - route_servicename: waiverdb-web - - # TODO -- someday retire this old route in favor of the pretty one above. - - role: openshift/object - object_app: waiverdb - object_file: route.yml - object_objectname: route.yml - - - role: openshift/object - object_app: waiverdb - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - # Remove no longer needed intermediate image build - - role: openshift/object-delete - object_delete_app: waiverdb - object_delete_objecttype: buildconfig - object_delete_objectname: waiverdb-docker-build - - - role: openshift/object-delete - object_delete_app: waiverdb - object_delete_objecttype: imagestream - object_delete_objectname: waiverdb-upstream - - - role: openshift/rollout - rollout_app: waiverdb - rollout_dcname: waiverdb-web - tags: - - never - - rollout + # The openshift/project role breaks if the project already exists: + # https://pagure.io/fedora-infrastructure/issue/6404 + - role: openshift/project + app: waiverdb + description: waiverdb + appowners: + - ralph + - mjia + - dcallagh + - { role: openshift/object, app: waiverdb, template: secret.yml } + #- { role: openshift/secret-file + # , app: waiverdb + # , secret_name: waiverdb-stg-secret + # , key: client_secrets.json + # , template: client_secrets.json + # } + - { role: openshift/object, app: waiverdb, file: imagestream.yml } + - { role: openshift/object, app: waiverdb, template: configmap.yml } + - { role: openshift/object, app: waiverdb, file: service.yml } + - { role: openshift/object, app: waiverdb, file: route.yml } + - { role: openshift/object, app: waiverdb, file: deploymentconfig.yml } + - { role: openshift/rollout, app: waiverdb, name: waiverdb-web } diff --git a/playbooks/openshift-apps/webhook2fedmsg.yml b/playbooks/openshift-apps/webhook2fedmsg.yml deleted file mode 100644 index 6f3b195dbc..0000000000 --- a/playbooks/openshift-apps/webhook2fedmsg.yml +++ /dev/null @@ -1,128 +0,0 @@ -# -# Webhook to Fedora Messaging -# ---- -- name: Setup the database - hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Webhook2fedmsg DB user - community.postgresql.postgresql_user: - name: webhook2fedmsg - password: "{{ (env == 'production') | ternary(webhook2fedmsg_prod_db_password, webhook2fedmsg_stg_db_password) }}" - - name: Webhook2fedmsg database creation - community.postgresql.postgresql_db: - name: webhook2fedmsg - owner: webhook2fedmsg - encoding: UTF-8 - -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: rabbit/user - user_name: "webhook2fedmsg{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(github|discourse|forgejo)\..* - - - role: openshift/project - project_app: webhook2fedmsg - project_description: "Relay webhooks to Fedora Messaging" - project_appowners: - - ryanlerch - - abompard - - t0xic0der - - kevin - tags: - - apply-appowners - - - role: openshift/secret-file - secret_file_app: webhook2fedmsg - secret_file_secret_name: fedora-messaging-ca - secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - role: openshift/secret-file - secret_file_app: webhook2fedmsg - secret_file_secret_name: fedora-messaging-crt - secret_file_key: webhook2fedmsg-cert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/webhook2fedmsg{{env_suffix}}.crt" - - role: openshift/secret-file - secret_file_app: webhook2fedmsg - secret_file_secret_name: fedora-messaging-key - secret_file_key: webhook2fedmsg-key.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/webhook2fedmsg{{env_suffix}}.key" - - - role: openshift/imagestream - imagestream_app: webhook2fedmsg - imagestream_imagename: webhook2fedmsg - - - role: openshift/object - object_app: webhook2fedmsg - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: webhook2fedmsg - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: webhook2fedmsg - object_file: service.yml - object_objectname: service.yml - - # Routes - - role: openshift/route - route_app: webhook2fedmsg - route_name: web - route_host: "webhook{{ env_suffix }}.fedoraproject.org" - route_serviceport: web - route_servicename: web - - role: openshift/route - route_app: webhook2fedmsg - route_name: web-alt - route_host: "webhook2fedmsg.apps.ocp{{env_suffix}}.fedoraproject.org" - route_serviceport: web - route_servicename: web - - # FASJSON access - - role: openshift/ipa-client - ipa_client_app: webhook2fedmsg - - role: openshift/keytab - keytab_app: webhook2fedmsg - keytab_key: service.keytab - keytab_secret_name: keytab - keytab_service: webhook2fedmsg - - # Deployment config - - role: openshift/object - object_app: webhook2fedmsg - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - # - role: openshift/start-build - # start_build_app: webhook2fedmsg - # start_build_buildname: webhook2fedmsg - # tags: - # - never - # - build - - # - role: openshift/rollout - # rollout_app: webhook2fedmsg - # rollout_dcname: webhook2fedmsg - # tags: - # - never - # - rollout diff --git a/playbooks/openshift-apps/websites.yml b/playbooks/openshift-apps/websites.yml deleted file mode 100644 index 5d93747eaf..0000000000 --- a/playbooks/openshift-apps/websites.yml +++ /dev/null @@ -1,74 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - vars: - ssh_key_path: "{{ private }}/files/websites/id_rsa_web_trans_{{ env_short }}" - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: websites - project_description: Fedora websites building - project_alerting: true - project_appowners: - - ryanlerch - - darknao - - kevin - - # legacy websites - - role: openshift/object - object_app: websites - object_file: pvc.yml - object_objectname: pvc.yml - - - role: openshift/imagestream - imagestream_app: websites - imagestream_imagename: fedora-websites - - - role: openshift/object - object_app: websites - object_template: fedora-websites-bc.yml.j2 - object_objectname: fedora-websites-bc.yml - - - role: openshift/start-build - start_build_app: websites - start_build_buildname: fedora-websites - start_build_objectname: fedora-websites - tags: - - never - - build - - - role: openshift/object - object_app: websites - object_template: fedora-websites-cron.yml.j2 - object_objectname: fedora-websites-cron.yml - - # New websites 3.0 - - role: openshift/imagestream - imagestream_app: websites - imagestream_imagename: builder - - - role: openshift/object - object_app: websites - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/start-build - start_build_app: websites - start_build_buildname: websites-build - start_build_objectname: websites-build - - - role: openshift/object - object_app: websites - object_file: obc.yml - object_objectname: obc.yml - - - role: openshift/object - object_app: websites - object_template: deployment.yml.j2 - object_objectname: deployment.yml diff --git a/playbooks/openshift-apps/zezere.yml b/playbooks/openshift-apps/zezere.yml deleted file mode 100644 index 6b46c6131e..0000000000 --- a/playbooks/openshift-apps/zezere.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: zezere - project_description: Zezere provisioning service - project_appowners: - - pbrobinson - - role: openshift/imagestream - imagestream_app: zezere - imagestream_imagename: zezere - - role: openshift/object - object_app: zezere - object_objectname: buildconfig.yml - object_file: buildconfig.yml - - role: openshift/start-build - start_build_app: zezere - start_build_buildname: zezere-build - tags: - - never - - build - - role: openshift/object - object_app: zezere - object_file: service.yml - object_objectname: service.yml - - role: openshift/route - route_app: zezere - route_name: zezere - route_host: "provision{{ env_suffix }}.fedoraproject.org" - route_servicename: zezere - route_serviceport: 8080 - route_annotations: - haproxy.router.openshift.io/set-forwarded-headers: append - - role: openshift/object - object_app: zezere - object_template: secret.yml.j2 - object_objectname: secret.yml - - role: openshift/object - object_app: zezere - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - role: openshift/rollout - rollout_app: zezere - rollout_dcname: zezere - tags: - - never - - rollout diff --git a/playbooks/rdiff-backup.yml b/playbooks/rdiff-backup.yml index 1cddf6b974..d6c46fea6b 100644 --- a/playbooks/rdiff-backup.yml +++ b/playbooks/rdiff-backup.yml @@ -3,11 +3,10 @@ # Since rdiff-backup doesn't have its own built-in-scheduler # this seemed like an obvious cheat ---- -- name: Rdiff-backup +- name: rdiff-backup hosts: backup_clients user: root - gather_facts: false + gather_facts: False serial: 10 # host_backup_targets set in host_vars or group_vars # global_backup_targets can be defined in vars, group_vars/all or anywhere @@ -20,17 +19,17 @@ - global_backup_targets: ['/etc', '/home'] tasks: - - name: Run rdiff-backup hitting all the global targets + - name: run rdiff-backup hitting all the global targets local_action: "shell rdiff-backup --remote-schema 'ssh -p {{ ansible_port|default(22) }} -C %s rdiff-backup --server' --create-full-path --print-statistics {{ inventory_hostname }}::{{ item }} /fedora_backups/{{ inventory_hostname }}/`basename {{ item }}` | mail -r sysadmin-backup-members@fedoraproject.org -s 'rdiff-backup: {{ inventory_hostname }}:{{ item }}' sysadmin-backup-members@fedoraproject.org" with_items: '{{ global_backup_targets }}' when: global_backup_targets is defined - - name: Copy new database dumps into the backup server database dir + - name: copy new database dumps into the backup server database dir local_action: "shell rsync -a {{ inventory_hostname }}:{{ item }}/ /fedora_backups/databases/{{ inventory_hostname }}/" with_items: '{{ db_backup_dir }}' when: db_backup_dir is defined - - name: Run rdiff-backup hitting all the host targets + - name: run rdiff-backup hitting all the host targets local_action: "shell rdiff-backup --remote-schema 'ssh -p {{ ansible_port|default(22) }} -C %s rdiff-backup --server' --exclude='**git-seed*' --exclude='**git_seed' --exclude='**.snapshot' --create-full-path --print-statistics {{ inventory_hostname }}::{{ item }} /fedora_backups/{{ inventory_hostname }}/`basename {{ item }}` | mail -r sysadmin-backup-members@fedoraproject.org -s 'rdiff-backup: {{ inventory_hostname }}:{{ item }}' sysadmin-backup-members@fedoraproject.org" with_items: '{{ host_backup_targets }}' when: host_backup_targets is defined diff --git a/playbooks/restart_unbound.yml b/playbooks/restart_unbound.yml new file mode 100644 index 0000000000..782b14e14c --- /dev/null +++ b/playbooks/restart_unbound.yml @@ -0,0 +1,16 @@ +# This playboook restarts unbound on a host +# +# requires --extra-vars="target=somevhostname" +# + +- name: find instances + hosts: "{{ target }}" + gather_facts: False + user: root + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - import_tasks: "{{ tasks_path }}/restart_unbound.yml" diff --git a/playbooks/restart_when_failed.yml b/playbooks/restart_when_failed.yml deleted file mode 100644 index 1a016a95e3..0000000000 --- a/playbooks/restart_when_failed.yml +++ /dev/null @@ -1,32 +0,0 @@ -# This playbook lets you safely display systemd logs for failed services -# and then restart it - ---- -- hosts: mirrorlist_proxies - gather_facts: false - - tasks: - - name: Listing failed units - ansible.builtin.shell: systemctl list-units --state failed --no-legend | awk '{ print $1 }' - register: listing_failed - - - name: Check log with journalctl - ansible.builtin.shell: journalctl -lru {{ item }} -n 50 - register: display_log - with_items: "{{ listing_failed.stdout_lines[0:] }}" - - - debug: var=listing_failed.stdout_lines[0:] - - - name: Display log - debug: var=display_log.stdout_lines - ignore_errors: true - when: display_log is defined - - - name: Restart failed service - systemd: - name: "{{ item }}" - state: restarted - with_items: "{{ listing_failed.stdout_lines[0:] }}" - register: restart_service - - - debug: var=restart_service.stdout_lines diff --git a/playbooks/rkhunter_only.yml b/playbooks/rkhunter_only.yml index c703f2fd15..63179e2fc0 100644 --- a/playbooks/rkhunter_only.yml +++ b/playbooks/rkhunter_only.yml @@ -1,16 +1,20 @@ # requires --extra-vars="target='host1:host2:group etc'" ---- -- name: Run rkhunter for times when rkhunter didn't seem to run. +- name: run rkhunter for times when rkhunter didn't seem to run. hosts: "{{ target }}" user: root tasks: - - name: Check for rkhunter - ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter + - name: check for rkhunter + command: /usr/bin/test -f /usr/bin/rkhunter register: rkhunter ignore_errors: true - - name: Run rkhunter --propupd - ansible.builtin.command: /usr/bin/rkhunter --propupd - when: rkhunter is success + - name: run rkhunter --propupd + command: /usr/bin/rkhunter --propupd + when: rkhunter|success + + + + + diff --git a/playbooks/rkhunter_update.yml b/playbooks/rkhunter_update.yml index 46d58ecc22..e2939877d1 100644 --- a/playbooks/rkhunter_update.yml +++ b/playbooks/rkhunter_update.yml @@ -1,24 +1,28 @@ # requires --extra-vars="target='host1:host2:group etc' yumcommand=update'" ---- -- name: Update all run rkhunter if installed +- name: update all run rkhunter if installed hosts: "{{ target }}" user: root tasks: - - name: Expire-caches - ansible.builtin.command: yum clean expire-cache + - name: expire-caches + command: yum clean expire-cache - - name: Yum -y {{ yumcommand }} - ansible.builtin.command: yum -y {{ yumcommand }} + - name: yum -y {{ yumcommand }} + command: yum -y {{ yumcommand }} async: 7200 poll: 15 - - name: Check for rkhunter - ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter + - name: check for rkhunter + command: /usr/bin/test -f /usr/bin/rkhunter register: rkhunter ignore_errors: true - - name: Run rkhunter --propupd - ansible.builtin.command: /usr/bin/rkhunter --propupd - when: rkhunter is success + - name: run rkhunter --propupd + command: /usr/bin/rkhunter --propupd + when: rkhunter|success + + + + + diff --git a/playbooks/run_fasClient.yml b/playbooks/run_fasClient.yml new file mode 100644 index 0000000000..4849ba78a6 --- /dev/null +++ b/playbooks/run_fasClient.yml @@ -0,0 +1,35 @@ +# Run `fasClient` on all hosts, N hosts at a time +# +# We exclude builders, persistent-cloud, jenkins-master and jenkins-slave as they don't have fasclient +# + +- name: run fasClient -a to make email aliases on bastion + hosts: bastion01.phx2.fedoraproject.org:bastion02.phx2.fedoraproject.org + user: root + gather_facts: False + + tasks: + - name: actually run fasClient -a + command: fasClient -a + ignore_errors: true + when: inventory_hostname_short.startswith('bastion0') + +- name: run fasClient on people and pkgs first as these are the ones most people want updated + hosts: people02.fedoraproject.org:pkgs02.phx2.fedoraproject.org + user: root + gather_facts: False + + tasks: + - name: actually run fasClient -i + command: fasClient -i + ignore_errors: true + +- name: run fasClient -i on the rest of hosts which only affects sysadmins + hosts: all:!builders:!*cloud*:!*composer*:!people*:!pkgs02*:!*.stg.*:!twisted*:!*.fedorainfracloud.org:!ppc-hub*:!bkernel*:!fed-cloud01*:!fed-cloud02*:!releng-secondary + user: root + gather_facts: False + + tasks: + - name: actually run fasClient -i + command: fasClient -i + ignore_errors: true diff --git a/playbooks/run_fasClient_simple.yml b/playbooks/run_fasClient_simple.yml new file mode 100644 index 0000000000..8176d978b6 --- /dev/null +++ b/playbooks/run_fasClient_simple.yml @@ -0,0 +1,24 @@ +# Run `fasClient` on the hosts of interest for most of our users (ie: bastion +# for the aliases, fedorapeople, fedorahosted and pkgs.fp.o +# + +- name: run fasClient -a to make email aliases on bastion + hosts: bastion01.phx2.fedoraproject.org:bastion02.phx2.fedoraproject.org + user: root + gather_facts: False + + tasks: + - name: actually run fasClient -a + command: fasClient -a + when: inventory_hostname_short.startswith('bastion0') + ignore_errors: true + +- name: run fasClient on people and pkgs first as these are the ones most people want updated + hosts: people02.fedoraproject.org:pkgs02.phx2.fedoraproject.org + user: root + gather_facts: False + + tasks: + - name: actually run fasClient -i + command: fasClient -i + ignore_errors: true diff --git a/playbooks/run_pkgdb_sync_git.yml b/playbooks/run_pkgdb_sync_git.yml new file mode 100644 index 0000000000..955ab8d762 --- /dev/null +++ b/playbooks/run_pkgdb_sync_git.yml @@ -0,0 +1,16 @@ +# Run `pkgdb2branch` on +# +#To update from testing, adjust as follow: +# --extra-vars="package='pkg1:pkg2:pkg3'" + + +- name: run pkgdb_sync_git_branches.py + hosts: pkgs01.phx2.fedoraproject.org + user: root + serial: 25 + gather_facts: False + + tasks: + - name: call pkgdb_sync_git_branches.py + command: /usr/local/bin/pkgdb_sync_git_branches.py + diff --git a/playbooks/set_root_auth_keys.yml b/playbooks/set_root_auth_keys.yml index 128d5bedac..ee431de364 100644 --- a/playbooks/set_root_auth_keys.yml +++ b/playbooks/set_root_auth_keys.yml @@ -1,19 +1,18 @@ # optionally can take --extra-vars="hostbase=hostnamebase root_auth_users='user1 user2 user3'" ---- - name: set auth keys hosts: "{{ target }}" user: root - gather_facts: false + gather_facts: False vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml vars: - - root_auth_users: '' + - root_auth_users: '' tasks: - - name: add root keys for sysadmin-main and other allowed users - action: authorized_key user=root key={{ item }} - with_lines: - - "{{ auth_keys_from_fas}} @sysadmin-main {{ root_auth_users }}" + - name: add root keys for sysadmin-main and other allowed users + action: authorized_key user=root key={{ item }} + with_lines: + - "{{ auth_keys_from_fas}} @sysadmin-main {{ root_auth_users }}" diff --git a/playbooks/ssh_host_keys.yml b/playbooks/ssh_host_keys.yml index 2f11a98441..cb1d9c99c0 100644 --- a/playbooks/ssh_host_keys.yml +++ b/playbooks/ssh_host_keys.yml @@ -1,17 +1,16 @@ ---- - hosts: all - become: false + become: False vars: keyfile: /tmp/known_hosts tasks: - name: Add short name to file local_action: shell ssh-keyscan -p {{ansible_port|default(22)}} -H {{inventory_hostname}} 2> /dev/null >> {{keyfile}} - ignore_errors: true + ignore_errors: True - name: Add FQDN to file local_action: shell ssh-keyscan -p {{ansible_port|default(22)}} -H {{ansible_fqdn}} 2> /dev/null >> {{keyfile}} - ignore_errors: true + ignore_errors: True - name: Add IPv4 to file local_action: shell ssh-keyscan -p {{ansible_port|default(22)}} -H {{ansible_default_ipv4.address}} 2> /dev/null >> {{keyfile}} - ignore_errors: true + ignore_errors: True diff --git a/playbooks/transient_cloud_instance.yml b/playbooks/transient_cloud_instance.yml new file mode 100644 index 0000000000..3f4682823f --- /dev/null +++ b/playbooks/transient_cloud_instance.yml @@ -0,0 +1,81 @@ +# +# setup a transient instance in the Fedora infrastructure private cloud +# +# This playbook is used to spin up a transient instance for someone to test something. +# In particular transient instances will all be terminated at least by the next +# maint window for the cloud, but ideally people will terminate instances they +# are done using. +# +# If you have an application or longer term item that should always be around +# please use the persistent playbook instead. +# +# You MUST pass a name to it, ie: -e 'name=somethingdescriptive' +# You can optionally override defaults by passing any of the following: +# image=imagename (default is centos70_x86_64) +# instance_type=some instance type (default is m1.small) +# root_auth_users='user1 user2 user3' (default is sysadmin-main group) +# +# Note: if you run this playbook with the same name= multiple times +# openstack is smart enough to just return the current ip of that instance +# and go on. This way you can re-run if you want to reconfigure it without +# reprovisioning it. +# +# Example command: +# transient_cloud_instance.yml --extra-vars="name='foo' image='Fedora-Cloud-Base-20141203-21.x86_64'" +# + +- name: check/create instance + hosts: batcave01.phx2.fedoraproject.org + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + vars: + image: "{{ centos70_x86_64 }}" + instance_type: m1.small + + tasks: + - name: fail when name is not provided + fail: msg="Please specify the name of the instance" + when: name is not defined + + - import_tasks: "{{ tasks_path }}/transient_cloud.yml" + + - name: gather facts + setup: + check_mode: no + ignore_errors: True + register: facts + + - name: install python2 and dnf stuff + raw: dnf -y install python-dnf libselinux-python + when: facts|failed + +- name: provision instance + hosts: tmp_just_created + gather_facts: True + environment: + ANSIBLE_HOST_KEY_CHECKING: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: install cloud-utils (yum) + package: name=cloud-utils state=present + when: ansible_distribution_major_version|int < 22 + + - name: install cloud-utils (dnf) + command: dnf install -y cloud-utils + when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not defined + + - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/universe_update.yml b/playbooks/universe_update.yml deleted file mode 100644 index c51207d48f..0000000000 --- a/playbooks/universe_update.yml +++ /dev/null @@ -1,66 +0,0 @@ -# -# This playboook updates every host in inventory -# - ---- -- name: Set downtime - hosts: all - gather_facts: false - user: root - serial: 1 - - tasks: - - - name: Silence nagios completely - nagios: action=silence - delegate_to: noc01.iad2.fedoraproject.org - ignore_errors: true - failed_when: no - when: nonagios is not defined or not "true" in nonagios - -- name: Update the world - hosts: all - gather_facts: true - user: root - - tasks: - - - name: Apply updates - ansible.builtin.package: - state: latest - name: "*" - update_cache: true - async: 7200 - poll: 30 - when: package_excludes is not defined - - - debug: - msg: - - '!!!!!!!!!!!!!!!!!!! host {{ inventory_hostname }} has EXCLUDES OF {{ package_excludes }} !!!!!!!!!!!!!' - - '!!!!!!!!!!!!!!!!!!! DANGER DANGER DANGER ^ CHECK THAT EXCLUDES ARE STILL NEEDED ^ !!!!!!!!!!!!!!!!!!!!' - when: package_excludes is defined - changed_when: true - - - name: Apply updates with excludes - ansible.builtin.package: - state: latest - name: "*" - update_cache: true - exclude: "{{ package_excludes }}" - async: 7200 - poll: 30 - when: package_excludes is defined - -- name: Run rkhunter if installed - hosts: all - user: root - - tasks: - - name: Check for rkhunter - ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter - register: rkhunter - ignore_errors: true - - - name: Run rkhunter --propupd - ansible.builtin.command: /usr/bin/rkhunter --propupd - when: rkhunter is success diff --git a/playbooks/update-proxy-dns.yml b/playbooks/update-proxy-dns.yml index ed2e5c5396..0730617a3c 100644 --- a/playbooks/update-proxy-dns.yml +++ b/playbooks/update-proxy-dns.yml @@ -3,15 +3,14 @@ # - status -- what to do. must be either 'enable' or 'disable' # - userstring -- the git commit userstring for the dns repo ---- - name: Either take a proxy out of dns or put it back in hosts: "{{ proxies }}" user: root serial: 1 vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml vars: - userstring: "Ansible update-proxy-dns.yml " @@ -23,7 +22,7 @@ when: nodns is not defined or not "true" in nodns - name: Clone the dns repo into /var/tmp/dns-checkout..... - local_action: git repo=/srv/git/dns/ dest={{tmp.stdout}} + local_action: git repo=/git/dns/ dest={{tmp.stdout}} when: nodns is not defined or not "true" in nodns - name: Run zone-template (fedoraproject.org) @@ -55,7 +54,7 @@ when: nodns is not defined or not "true" in nodns - name: Run update-dns on each nameserver - ansible.builtin.command: /usr/local/bin/update-dns + command: /usr/local/bin/update-dns delegate_to: "{{item}}" with_items: "{{groups.dns}}" when: nodns is not defined or not "true" in nodns diff --git a/playbooks/update_dns.yml b/playbooks/update_dns.yml index caa4186411..d5d9253b55 100644 --- a/playbooks/update_dns.yml +++ b/playbooks/update_dns.yml @@ -1,9 +1,8 @@ ---- -- name: Push dns changes out +- name: push dns changes out hosts: dns user: root tasks: - - name: Push dns changes out - ansible.builtin.command: /usr/local/bin/update-dns + - name: push dns changes out + command: /usr/local/bin/update-dns diff --git a/playbooks/update_grokmirror_repos.yml b/playbooks/update_grokmirror_repos.yml new file mode 100644 index 0000000000..b41b67ff25 --- /dev/null +++ b/playbooks/update_grokmirror_repos.yml @@ -0,0 +1,12 @@ +# update all mirrors currently served by grokmirror + +- name: update grokmirror repos + hosts: taskotron-dev:taskotron-stg:taskotron-prod + become: true + become_user: "{{ grokmirror_user }}" + gather_facts: false + + tasks: + - name: update grokmirror repos + command: chdir={{ grokmirror_basedir }}/{{ item.name }} git fetch origin {{ grokmirror_default_branch }}:{{ grokmirror_default_branch }} + with_items: "{{ grokmirror_repos }}" diff --git a/playbooks/update_ticketkey.yml b/playbooks/update_ticketkey.yml index 592823f790..7b77f4e5cb 100644 --- a/playbooks/update_ticketkey.yml +++ b/playbooks/update_ticketkey.yml @@ -1,31 +1,30 @@ ---- - name: make a new ssl ticketkey - hosts: batcave01.iad2.fedoraproject.org + hosts: batcave01.phx2.fedoraproject.org user: root vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - name: create new production ticket key - ansible.builtin.command: /usr/local/bin/generate_ticketkey /root/ticketkey_production.tkey fpprod + command: /usr/local/bin/generate_ticketkey /root/ticketkey_production.tkey fpprod - name: create new staging ticket key - ansible.builtin.command: /usr/local/bin/generate_ticketkey /root/ticketkey_staging.tkey fpstag + command: /usr/local/bin/generate_ticketkey /root/ticketkey_staging.tkey fpstag - name: Push out new ticket key - hosts: proxies:proxies_stg + hosts: proxies:proxies-stg user: root vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" @@ -33,7 +32,7 @@ tasks: - name: deploy ticket key - ansible.builtin.copy: src=/root/ticketkey_{{env}}.tkey dest=/etc/httpd/ticketkey_{{env}}.tkey + copy: src=/root/ticketkey_{{env}}.tkey dest=/etc/httpd/ticketkey_{{env}}.tkey owner=root group=root mode=0600 notify: - - Reload proxyhttpd + - reload proxyhttpd diff --git a/playbooks/vhost_halt_guests.yml b/playbooks/vhost_halt_guests.yml index e6ad857328..083147c358 100644 --- a/playbooks/vhost_halt_guests.yml +++ b/playbooks/vhost_halt_guests.yml @@ -1,6 +1,6 @@ # requires --extra-vars="vhost=somevhost fqdn" -# General overview: +#General overview: # talk to the vhost # get back list of instances # add each of their hostnames to an addhoc group @@ -19,35 +19,34 @@ # across multiple plays ---- -- name: Find instances +- name: find instances hosts: "{{ vhost }}" user: root tasks: - - name: Get list of guests + - name: get list of guests virt: command=list_vms register: vmlist - - name: Add them to myvms_new group + - name: add them to myvms_new group local_action: add_host hostname={{ item }} groupname=myvms_new with_items: "{{ vmlist.list_vms }}" -- name: Halt instances +- name: halt instances hosts: myvms_new user: root serial: 1 tasks: - - name: Tell nagios to shush + - name: tell nagios to shush nagios: action=silence host={{ inventory_hostname_short }} - delegate_to: noc01.iad2.fedoraproject.org + delegate_to: noc01.phx2.fedoraproject.org - - name: Echo-y - ansible.builtin.command: /sbin/halt -p + - name: echo-y + command: /sbin/halt -p ignore_errors: true # if one of them is down we don't care - - name: Wait for them to die + - name: wait for them to die local_action: wait_for port=22 delay=30 timeout=300 state=stopped host={{ inventory_hostname }} diff --git a/playbooks/vhost_poweroff.yml b/playbooks/vhost_poweroff.yml deleted file mode 100644 index c4bca9497b..0000000000 --- a/playbooks/vhost_poweroff.yml +++ /dev/null @@ -1,64 +0,0 @@ -# -# This playbook lets you safely reboot a virthost and all it's guests. -# -# requires --extra-vars="target=somevhost fqdn" - -# General overview: -# talk to the vhost -# get back list of instances -# add each of their hostnames to an addhoc group -# halt each of them in a second play -# wait for them to die -# third play, reboot the vhost -# wait for vhost to come back - -# TODO: Figure out how to compare virt info pre and post boot. - ---- -- name: Find instances - hosts: "{{ target }}" - gather_facts: false - user: root - - tasks: - - name: Get list of guests - virt: command=list_vms - register: vmlist - -# - name: Get info on guests (prereboot) -# virt: command=info -# register: vminfo_pre - - - name: Add them to myvms_new group - local_action: add_host hostname={{ item }} groupname=myvms_new - with_items: "{{ vmlist.list_vms }}" - -- name: Halt instances - hosts: myvms_new - user: root - gather_facts: false - serial: 1 - - tasks: - - name: Halt the vm instances - to poweroff - ansible.builtin.command: /sbin/shutdown -h 1 - ignore_errors: true - # if one of them is down we don't care - -- name: Wait for the whole set to die. - hosts: myvms_new - gather_facts: false - user: root - - tasks: - - name: Wait for them to die - local_action: wait_for port=22 delay=30 timeout=300 state=stopped host={{ inventory_hostname }} - -- name: Reboot vhost - hosts: "{{ target }}" - gather_facts: false - user: root - - tasks: - - name: Halt the virthost - ansible.builtin.command: /sbin/shutdown -h 1 diff --git a/playbooks/vhost_reboot.yml b/playbooks/vhost_reboot.yml index 0396573a4e..320e190dff 100644 --- a/playbooks/vhost_reboot.yml +++ b/playbooks/vhost_reboot.yml @@ -4,7 +4,7 @@ # requires --extra-vars="target=somevhost fqdn" # Might add nodns=true or nonagios=true to the extra vars -# General overview: +#General overview: # talk to the vhost # get back list of instances # add each of their hostnames to an addhoc group @@ -15,20 +15,14 @@ # TODO: Figure out how to compare virt info pre and post boot. ---- - name: find instances - vars_prompt: - - name: target - prompt: What is the target vhost (to reboot) - private: false - # Use a simple regexp to ignore spaces people might accidentally paste. - hosts: "{{ target | regex_search('[-a-z0-9.]+')}}" - gather_facts: false + hosts: "{{ target }}" + gather_facts: False user: root tasks: - name: get list of guests - virt: command=list_vms state=running + virt: command=list_vms register: vmlist # - name: get info on guests (prereboot) @@ -39,40 +33,31 @@ local_action: add_host hostname={{ item }} groupname=myvms_new with_items: "{{ vmlist.list_vms }}" - - name: add the vmhost to target group - # Use a simple regexp to ignore spaces people might accidentally paste. - local_action: add_host hostname={{ target | regex_search('[-a-z0-9.]+') }} groupname=target - # Call out to another playbook. Disable any proxies that may live here -- name: update proxy dns if needed - import_playbook: update-proxy-dns.yml - vars: - status: enable - proxies: myvms_new:&proxies +- include_playbook: update-proxy-dns.yml status=disable proxies=myvms_new:&proxies when: nodns is not defined or not "true" in nodns - name: halt instances hosts: myvms_new user: root - gather_facts: false + gather_facts: False serial: 1 tasks: - - name: schedule regular host downtime nagios: action=downtime minutes=30 service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org + delegate_to: noc01.phx2.fedoraproject.org ignore_errors: true when: nonagios is not defined or not nonagios - - name: shutdown vms - virt: command=shutdown name={{ inventory_hostname }} + - name: halt the vm instances - to poweroff + command: /sbin/shutdown -h 1 ignore_errors: true - delegate_to: "{{ hostvars[groups['target'][0]]['ansible_fqdn'] }}" + # if one of them is down we don't care - name: wait for the whole set to die. hosts: myvms_new - gather_facts: false + gather_facts: False user: root tasks: @@ -80,69 +65,60 @@ local_action: wait_for port=22 delay=30 timeout=300 state=stopped host={{ inventory_hostname }} - name: reboot vhost - hosts: "target" - gather_facts: false + hosts: "{{ target }}" + gather_facts: False user: root tasks: - name: tell nagios to shush nagios: action=downtime minutes=60 service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org + delegate_to: noc01.phx2.fedoraproject.org ignore_errors: true when: nonagios is not defined or not nonagios - # With drive firmware and sometimes needed to poke things, make this 30m - name: reboot the virthost - reboot: reboot_timeout=1800 + command: /sbin/shutdown -r 1 + + - name: wait for virthost to come back - up to 15 minutes + local_action: wait_for host={{ target }} port=22 delay=120 timeout=900 search_regex=OpenSSH - name: wait for libvirtd to come back on the virthost - wait_for: path=/run/libvirt/libvirt-sock state=present + wait_for: path=/var/run/libvirtd.pid state=present delay=10 - name: look up vmlist virt: command=list_vms register: newvmlist - - name: add them to myvms_postreboot group - local_action: add_host hostname={{ item }} groupname=myvms_postreboot - with_items: "{{ newvmlist.list_vms }}" + - name: sync time + command: ntpdate -u 1.rhel.pool.ntp.org -# - name: sync time -# ansible.builtin.command: ntpdate -u 1.rhel.pool.ntp.org + - name: serverbeach hosts need a special iptables config + command: /root/fix-iptables.sh + when: inventory_hostname_short.startswith('serverbeach') - name: tell nagios to unshush nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org + delegate_to: noc01.phx2.fedoraproject.org ignore_errors: true when: nonagios is not defined or not nonagios -- name: post reboot tasks - hosts: myvms_postreboot +# Call out to that dns playbook. Put proxies back in now that they're back +- include_playbook: update-proxy-dns.yml status=enable proxies=myvms_new:&proxies + when: nodns is not defined or not nodns + +- name: Fix unbound if necessary + # intersection - hosts that are in our dynamic group and also in unbound-dns + hosts: "myvms_new:&unbound" user: root - gather_facts: false - serial: 1 + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - - - name: Wait for host to come back (ipa or rabbitmq) - local_action: wait_for port=22 delay=30 timeout=300 state=started host={{ inventory_hostname }} - when: inventory_hostname.startswith(('ipa', 'rabbitmq')) - - - name: restart gssproxy if we rebooted a ipa server - service: name=gssproxy state=restarted - when: inventory_hostname.startswith('ipa') - - - name: restart rabbitmq if we rebooted a rabbit server - service: name=rabbitmq-server state=restarted - when: inventory_hostname.startswith('rabbitmq') - -# Call out to that dns playbook. Put proxies back in now that they're back -- name: update proxy dns if needed - import_playbook: update-proxy-dns.yml - vars: - status: enable - proxies: myvms_new:&proxies - when: nodns is not defined or not nodns + - import_tasks: "{{ tasks_path }}/restart_unbound.yml" # - name: get info on guests (postreboot) # virt: command=info # register: vminfo_post + diff --git a/playbooks/vhost_update.yml b/playbooks/vhost_update.yml index 6a7267ecf1..eece3fd51a 100644 --- a/playbooks/vhost_update.yml +++ b/playbooks/vhost_update.yml @@ -4,91 +4,62 @@ # Might add nodns=true or nonagios=true at extra-vars # ---- -- name: Find instances - vars_prompt: - - name: target - prompt: What is the target vhost (to upgrade) - private: false - # Use a simple regexp to ignore spaces people might accidentally paste. - hosts: "{{ target | regex_search('[-a-z0-9.]+')}}" - gather_facts: false +- name: find instances + hosts: "{{ target }}" + gather_facts: False user: root tasks: - - name: Get list of guests + - name: get list of guests virt: command=list_vms register: vmlist - - name: Add them to myvms_new group + - name: add them to myvms_new group local_action: add_host hostname={{ item }} groupname=myvms_new with_items: '{{vmlist.list_vms}}' - - name: Add the vmhost to target group - # Use a simple regexp to ignore spaces people might accidentally paste. - local_action: add_host hostname={{ target | regex_search('[-a-z0-9.]+') }} groupname=target - # Call out to another playbook. Disable any proxies that may live here -# - include_playbook: update-proxy-dns.yml status=disable proxies=myvms_new:&proxies +#- include_playbook: update-proxy-dns.yml status=disable proxies=myvms_new:&proxies -- name: Set downtime - hosts: "target:myvms_new" - gather_facts: false +- name: update the system + hosts: "{{ target }}:myvms_new" + gather_facts: True user: root - serial: 1 tasks: - - - name: Schedule regular host downtime + - name: schedule regular host downtime nagios: action=downtime minutes=30 service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org + delegate_to: noc01.phx2.fedoraproject.org ignore_errors: true failed_when: no when: nonagios is not defined or not "true" in nonagios -- name: Update the system - hosts: "target:myvms_new" - gather_facts: true + - name: expire-caches + command: yum clean expire-cache + when: ansible_distribution_major_version|int < 22 + + - name: yum -y {{ yumcommand }} + command: yum -y {{ yumcommand }} + async: 7200 + poll: 30 + when: ansible_distribution_major_version|int < 22 + + - name: dnf -y {{ yumcommand }} --refresh + command: dnf -y {{ yumcommand }} --refresh + async: 7200 + poll: 30 + when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not defined + +- name: run rkhunter if installed + hosts: "{{ target }}:myvms_new" user: root tasks: - - - name: Apply updates - ansible.builtin.package: - state: latest - name: "*" - update_cache: true - async: 7200 - poll: 30 - when: package_excludes is not defined - - - debug: - msg: - - '!!!!!!!!!!!!!!!!!!! host {{ inventory_hostname }} has EXCLUDES OF {{ package_excludes }} !!!!!!!!!!!!!' - - '!!!!!!!!!!!!!!!!!!! DANGER DANGER DANGER ^ CHECK THAT EXCLUDES ARE STILL NEEDED ^ !!!!!!!!!!!!!!!!!!!!' - when: package_excludes is defined - changed_when: true - - - name: Apply updates with excludes - ansible.builtin.package: - state: latest - name: "*" - update_cache: true - exclude: "{{ package_excludes }}" - async: 7200 - poll: 30 - when: package_excludes is defined - -- name: Run rkhunter if installed - hosts: "target:myvms_new" - user: root - - tasks: - - name: Check for rkhunter - ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter + - name: check for rkhunter + command: /usr/bin/test -f /usr/bin/rkhunter register: rkhunter ignore_errors: true - - name: Run rkhunter --propupd - ansible.builtin.command: /usr/bin/rkhunter --propupd - when: rkhunter is success + - name: run rkhunter --propupd + command: /usr/bin/rkhunter --propupd + when: rkhunter|success diff --git a/playbooks/vhost_update_reboot.yml b/playbooks/vhost_update_reboot.yml deleted file mode 100644 index 991c3297be..0000000000 --- a/playbooks/vhost_update_reboot.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- import_playbook: /srv/web/infra/ansible/playbooks/vhost_update.yml -- import_playbook: /srv/web/infra/ansible/playbooks/vhost_reboot.yml diff --git a/roles/abrt/faf-pre/files/group_abrt-faf-el7-epel-7.repo b/roles/abrt/faf-local/files/group_abrt-faf-el7-epel-7.repo similarity index 100% rename from roles/abrt/faf-pre/files/group_abrt-faf-el7-epel-7.repo rename to roles/abrt/faf-local/files/group_abrt-faf-el7-epel-7.repo diff --git a/roles/abrt/faf-local/handlers/main.yml b/roles/abrt/faf-local/handlers/main.yml new file mode 100644 index 0000000000..1ac3f2273f --- /dev/null +++ b/roles/abrt/faf-local/handlers/main.yml @@ -0,0 +1,7 @@ +--- +- name: restart httpd + service: name=httpd state=restarted + +- name: restart postgresql + service: name=postgresql + state=restarted diff --git a/roles/abrt/faf-local/tasks/cron.yml b/roles/abrt/faf-local/tasks/cron.yml new file mode 100644 index 0000000000..650b86c722 --- /dev/null +++ b/roles/abrt/faf-local/tasks/cron.yml @@ -0,0 +1,119 @@ +--- + +- name: backup database + cron: + name: "backup database" + user: faf + job: "( pg_dump -Fc faf > /srv/faf/db-backup/backup-$(date '+\\%F').dump ) >> /var/log/faf/db_backup.log 2>&1" + special_time: daily + state: present + +- name: match unknown packages + cron: + name: "match unknown packages" + user: faf + job: "faf match-unknown-packages -d >> /var/log/faf/match-unknown-packages.log 2>&1" + special_time: daily + state: present + +- name: pull releases, components and associates + cron: + name: "cron for {{ item.what }} {{ item.distro }}" + user: faf + job: "faf {{ item.what }} -o {{ item.distro }} -d >> /var/log/faf/{{ item.what }}-{{ item.distro }}.log 2>&1" + special_time: daily + state: present + when: not devel + with_items: + - { what: "pull-releases", distro: "fedora" } + - { what: "pull-components", distro: "fedora" } + - { what: "find-components", distro: "fedora" } + - { what: "pull-releases", distro: "centos" } + - { what: "pull-components", distro: "centos" } + - { what: "find-components", distro: "centos" } + +- name: pull associates + cron: + name: "cron for pull associates for f{{ item }}" + user: faf + job: "faf pull-associates -o fedora --opsys-release {{ item }} >> /var/log/faf/pull-associates-f{{ item }}.log 2>&1" + special_time: monthly + state: present + when: not devel + with_items: + - "25" + - "26" + - "27" + +- name: remove obsolete pull associates + cron: + name: "cron for pull associates for f{{ item }}" + user: faf + job: "faf pull-associates -o fedora --opsys-release {{ item }} >> /var/log/faf/pull-associates-f{{ item }}.log 2>&1" + special_time: monthly + state: absent + when: not devel + with_items: + - "24" + +- name: koops_to_xorg.py + cron: + name: "koops_to_xorg.py" + user: faf + job: "/etc/faf/koops_to_xorg.py >> /var/log/faf/koops-to-xorg.log" + special_time: daily + state: present + when: not devel + +- name: probable fixes + cron: + name: "cron for probable fixes for f{{ item }}" + user: faf + job: "faf mark-probably-fixed -o fedora --opsys-release {{ item }} >> /var/log/faf/mark-probably-fixed-f{{ item }}.log 2>&1" + special_time: daily + state: present + when: not devel + with_items: + - "25" + - "26" + - "27" + +- name: remove obsolete probable fixes + cron: + name: "cron for probable fixes for f{{ item }}" + user: faf + job: "faf mark-probably-fixed -o fedora --opsys-release {{ item }} >> /var/log/faf/mark-probably-fixed-f{{ item }}.log 2>&1" + special_time: daily + state: absent + when: not devel + with_items: + - "24" + +- name: update BZ bugs fedora + cron: + name: "cron for update BZ bugs fedora" + user: faf + job: "faf update-bugs -db fedora-bugzilla >> /var/log/faf/update-bugs.log 2>&1" + special_time: daily + state: present + when: not devel + +- name: update BZ bugs centos + cron: + name: "cron for update BZ bugs centos" + user: faf + job: "faf update-bugs -db centos-mantisbt >> /var/log/faf/update-bugs-centos.log 2>&1" + special_time: daily + state: present + when: not devel + +- name: attach BZ bugs centos + cron: + name: "cron for attach BZ bugs centos" + user: faf + job: "faf update-bugs -db centos-mantisbt >> /var/log/faf/update-bugs-centos.log 2>&1" + special_time: daily + state: present + when: not devel + + diff --git a/roles/abrt/faf-local/tasks/install.yml b/roles/abrt/faf-local/tasks/install.yml new file mode 100644 index 0000000000..0badb26ce8 --- /dev/null +++ b/roles/abrt/faf-local/tasks/install.yml @@ -0,0 +1,30 @@ +--- +- name: install postgresql packages + package: name={{ item }} state=present + with_items: + - python-psycopg2 + - postgresql-server + - postgresql + - pg-semver + +- name: install ssl packages for https + package: name={{ item }} state=present + with_items: + - openssl + - mod_ssl + +- name: memcached rhel + package: name={{ item }} state=present + with_items: + - memcached + - python-memcached + when: ansible_distribution == "RedHat" and faf_web_cache_type == "memcached" + +- name: memcached fedora + package: name={{ item }} state=present + with_items: + - libmemcached + - memcached + - zlib + - python-pylibmc + when: ansible_distribution == "Fedora" and faf_web_cache_type == "memcached" diff --git a/roles/abrt/faf-local/tasks/main.yml b/roles/abrt/faf-local/tasks/main.yml new file mode 100644 index 0000000000..aeedc746be --- /dev/null +++ b/roles/abrt/faf-local/tasks/main.yml @@ -0,0 +1,83 @@ +--- +# Install additional packages +- import_tasks: install.yml + +# Create database for faf +- import_tasks: setup_db.yml + +# Allow https and start httpd +- import_tasks: services.yml + +# landing page +- name: install abrt-server-info-page + package: name=abrt-server-info-page state=latest + +- name: configure ADMINS + lineinfile: + dest: /usr/lib/python2.7/site-packages/abrt-server-info-page/config.py + regexp: 'ADMINS =' + line: ' ADMINS = "infrastructure@lists.fedoraproject.org"' + notify: restart httpd + +- name: configure MORE_FAF + lineinfile: + dest: /usr/lib/python2.7/site-packages/abrt-server-info-page/config.py + regexp: 'MORE_FAF =' + line: ' MORE_FAF = "https://github.com/abrt/faf/"' + notify: restart httpd + +- name: configure MORE_RS + lineinfile: + dest: /usr/lib/python2.7/site-packages/abrt-server-info-page/config.py + regexp: 'MORE_RS =' + line: ' MORE_RS = "https://github.com/abrt/retrace-server"' + notify: restart httpd + +- name: configure MORE_ABRT + lineinfile: + dest: /usr/lib/python2.7/site-packages/abrt-server-info-page/config.py + regexp: 'MORE_ABRT =' + line: ' MORE_ABRT = "https://github.com/abrt/abrt/"' + notify: restart httpd + +- name: configure MORE_GABRT + lineinfile: + dest: /usr/lib/python2.7/site-packages/abrt-server-info-page/config.py + regexp: 'MORE_GABRT =' + line: ' MORE_GABRT = "https://github.com/abrt/gnome-abrt/"' + notify: restart httpd + +- name: configure MORE_LR + lineinfile: + dest: /usr/lib/python2.7/site-packages/abrt-server-info-page/config.py + regexp: 'MORE_LR =' + line: ' MORE_LR = "https://github.com/abrt/libreport/"' + notify: restart httpd + +- name: configure MORE_SATYR + lineinfile: + dest: /usr/lib/python2.7/site-packages/abrt-server-info-page/config.py + regexp: 'MORE_SATYR =' + line: ' MORE_SATYR = "https://github.com/abrt/satyr/"' + notify: restart httpd + +# the magic with ! is that it return exit code 1 if 'already defined' is not present in output +- name: add repositories + shell: ! faf repoadd --nogpgcheck "{{ item.name }}" yum "{{ item.url }}" 2>&1 | grep 'already defined' + become: yes + become_user: faf + ignore_errors: yes + when: not devel + tags: add_repo + with_items: "{{ faf_repos }}" + +- name: repoassign repositories + command: faf repoassign "{{ item.name }}" "{{ item.opsys }}" "{{ item.arch }}" + become: yes + become_user: faf + when: not devel + tags: add_repo + with_items: "{{ faf_repos }}" + +- import_tasks: cron.yml + tags: cron diff --git a/roles/abrt/faf-local/tasks/services.yml b/roles/abrt/faf-local/tasks/services.yml new file mode 100644 index 0000000000..993ab32a35 --- /dev/null +++ b/roles/abrt/faf-local/tasks/services.yml @@ -0,0 +1,10 @@ +--- +- name: start and enable httpd + service: name=httpd state=started enabled=yes + +- name: start and enable memcached + service: name=memcached state=started enabled=yes + when: faf_web_cache_type == "memcached" + +- name: turn off selinux + selinux: state=permissive policy=targeted diff --git a/roles/abrt/faf-local/tasks/setup_db.yml b/roles/abrt/faf-local/tasks/setup_db.yml new file mode 100644 index 0000000000..537a96d147 --- /dev/null +++ b/roles/abrt/faf-local/tasks/setup_db.yml @@ -0,0 +1,107 @@ +--- +- name: set max_connections for PostgreSQL + lineinfile: + path: /var/lib/pgsql/data/postgresql.conf + regexp: '^max_connections =' + line: 'max_connections = 150' + notify: restart postgresql + +- name: set shared_buffers for PostgreSQL + lineinfile: + path: /var/lib/pgsql/data/postgresql.conf + regexp: '^shared_buffers =' + line: 'shared_buffers = 33536MB' + notify: restart postgresql + +- name: set effective_cache_size for PostgreSQL + lineinfile: + path: /var/lib/pgsql/data/postgresql.conf + regexp: '^effective_cache_size =' + line: 'effective_cache_size = 100608MB' + notify: restart postgresql + +- name: set work_mem for PostgreSQL + lineinfile: + path: /var/lib/pgsql/data/postgresql.conf + regexp: '^work_mem =' + line: 'work_mem = 8MB' + notify: restart postgresql + +- name: set maintenance_work_mem for PostgreSQL + lineinfile: + path: /var/lib/pgsql/data/postgresql.conf + regexp: '^maintenance_work_mem =' + line: 'maintenance_work_mem = 2GB' + notify: restart postgresql + +- name: set checkpoint_segments for PostgreSQL + lineinfile: + path: /var/lib/pgsql/data/postgresql.conf + regexp: '^checkpoint_segments =' + line: 'checkpoint_segments = 32' + notify: restart postgresql + +- name: set checkpoint_completion_target for PostgreSQL + lineinfile: + path: /var/lib/pgsql/data/postgresql.conf + regexp: '^checkpoint_completion_target =' + line: 'checkpoint_completion_target = 0.9' + notify: restart postgresql + +- name: set wal_buffers for PostgreSQL + lineinfile: + path: /var/lib/pgsql/data/postgresql.conf + regexp: '^wal_buffers =' + line: 'wal_buffers = -1' + notify: restart postgresql + +- name: set default_statistics_target for PostgreSQL + lineinfile: + path: /var/lib/pgsql/data/postgresql.conf + regexp: '^default_statistics_target =' + line: 'default_statistics_target = 100' + notify: restart postgresql + +- name: drop faf database + postgresql_db: name=faf + owner=postgres + state=absent + when: faf_recreate_database + +- name: check postgresql initdb + stat: path=/var/lib/pgsql/initdb.log + register: st + +- name: initdb postgresql + command: postgresql-setup initdb + when: st.stat.exists == False + become: true + +- name: start service postgresql + service: name=postgresql + state=started + enabled=yes + become: true + +- name: pgsql create db faf + postgresql_db: name=faf + owner=postgres + state=present + become: true + become_user: postgres + +- name: pgsql create user faf + postgresql_user: db=faf + name=faf + priv=ALL + role_attr_flags=SUPERUSER + state=present + become: true + become_user: postgres + +- name: create extension for faf + postgresql_ext: name=semver + db=faf + state=present + become: true + become_user: postgres diff --git a/roles/abrt/faf-post/defaults/main.yml b/roles/abrt/faf-post/defaults/main.yml deleted file mode 100644 index f16bf90d57..0000000000 --- a/roles/abrt/faf-post/defaults/main.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# +n = greater; -n = less; n = exactly n days -archive_age: '+14' - -# Delete deferred reports -deferred_age: '+7' - -# Directory for saving FAF database backups. -faf_backup_dir: /srv/faf/db-backup - -# Delete FAF database backups older than this period. -faf_old_backup_age: '+7' diff --git a/roles/abrt/faf-post/handlers/main.yml b/roles/abrt/faf-post/handlers/main.yml deleted file mode 100644 index f910578967..0000000000 --- a/roles/abrt/faf-post/handlers/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Restart httpd - service: name=httpd state=restarted - -- name: Restart postgresql - service: name=postgresql - state=restarted diff --git a/roles/abrt/faf-post/tasks/cron.yml b/roles/abrt/faf-post/tasks/cron.yml deleted file mode 100644 index b074c0a45d..0000000000 --- a/roles/abrt/faf-post/tasks/cron.yml +++ /dev/null @@ -1,97 +0,0 @@ ---- -- name: Cron jobs for production machines - block: - - name: Backup database daily - cron: - name: "backup database" - user: faf - job: >- - ( pg_dump --format=custom --file={{ faf_backup_dir }}/backup-$(date '+\%F').dump faf ) - >> /var/log/faf/db_backup.log 2>&1 - special_time: daily - state: present - - - name: Delete old database backups - cron: - name: "delete old database backups" - user: faf - job: "find {{ faf_backup_dir }} -mtime {{ faf_old_backup_age }} -type f -delete" - special_time: daily - state: present - - - name: Pull associates - cron: - name: "cron for pull associates" - user: faf - job: "faf pull-associates -o fedora >> /var/log/faf/pull-associates.log 2>&1" - special_time: daily - state: present - - - name: Koops_to_xorg.py - cron: - name: "koops_to_xorg.py" - user: faf - job: "/etc/faf/koops_to_xorg.py >> /var/log/faf/koops-to-xorg.log 2>&1" - special_time: daily - state: present - - - name: Job for probable fixes in active Fedora releases - cron: - name: "cron for probable fixes for f{{ item }}" - user: faf - job: >- - faf mark-probably-fixed -o fedora --opsys-release {{ item }} - >> /var/log/faf/mark-probably-fixed-f{{ item }}.log 2>&1 - special_time: daily - state: present - loop: "{{ rs_internal_fedora_vers }}" - - - name: Remove job for probable fixes in removed Fedora releases - cron: - name: "cron for probable fixes for f{{ item }}" - user: faf - job: "faf mark-probably-fixed -o fedora --opsys-release {{ item }} >> /var/log/faf/mark-probably-fixed-f{{ item }}.log 2>&1" - special_time: daily - state: absent - loop: "{{ rs_internal_fedora_vers_removed }}" - - - name: Update BZ bugs fedora - cron: - name: "cron for update BZ bugs fedora" - user: faf - job: "faf update-bugs -db fedora-bugzilla >> /var/log/faf/update-bugs.log 2>&1" - special_time: daily - state: present - - - name: Update BZ bugs centos - cron: - name: "cron for update BZ bugs centos" - user: faf - job: "faf update-bugs -db centos-mantisbt >> /var/log/faf/update-bugs-centos.log 2>&1" - special_time: daily - state: present - - - name: Attach BZ bugs centos - cron: - name: "cron for attach BZ bugs centos" - user: faf - job: "faf attach-centos-bugs >> /var/log/faf/attach-centos-bugs.log 2>&1" - special_time: daily - state: present - - - name: Archive reports and attachments - cron: - name: "faf archive reports and attachments" - user: faf - job: "faf archive-reports -d >> /var/log/faf/archive-reports.log 2>&1" - special_time: daily - state: present - when: env != 'staging' - -- name: Cron job for deleting old archives - cron: - name: "rotate_faf_archives" - user: faf - job: "find '/srv/faf/reports/archive/' -type f -name '*.tar.xz' -mtime '{{archive_age}}' -delete" - special_time: daily - state: present diff --git a/roles/abrt/faf-post/tasks/main.yml b/roles/abrt/faf-post/tasks/main.yml deleted file mode 100644 index 33c120dc6d..0000000000 --- a/roles/abrt/faf-post/tasks/main.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- import_tasks: opsys_and_releases.yml - -- import_tasks: repositories.yml - -- name: Ensure directory for FAF database backups exists - ansible.builtin.file: - path: "{{ faf_backup_dir }}" - state: directory - owner: faf - group: faf - mode: "0750" - when: env != 'staging' - -- import_tasks: cron.yml - tags: cron -... diff --git a/roles/abrt/faf-post/tasks/opsys_and_releases.yml b/roles/abrt/faf-post/tasks/opsys_and_releases.yml deleted file mode 100644 index f49a6b9a05..0000000000 --- a/roles/abrt/faf-post/tasks/opsys_and_releases.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: Add CentOS opsys releases - loop: "{{ rs_internal_centos_vers }}" - ansible.builtin.shell: > - faf releaseadd -o centos --opsys-release {{ item }} -s ACTIVE - become: yes - become_user: faf - register: result - failed_when: result.rc != 0 and 'already defined' not in result.stderr - -- name: Add Fedora opsys releases - loop: "{{ rs_internal_fedora_vers }}" - ansible.builtin.shell: > - faf releaseadd -o fedora --opsys-release {{ item }} -s ACTIVE - become: yes - become_user: faf - register: result - failed_when: result.rc != 0 and 'already defined' not in result.stderr -... diff --git a/roles/abrt/faf-post/tasks/repositories.yml b/roles/abrt/faf-post/tasks/repositories.yml deleted file mode 100644 index c06fbfcb5b..0000000000 --- a/roles/abrt/faf-post/tasks/repositories.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -- name: Add Fedora package repositories - loop: "{{ faf_repos }}" - ansible.builtin.shell: > - faf repoadd --nogpgcheck "{{ item.name }}" dnf "{{ item.url | join('" "') }}" - become: yes - become_user: faf - register: result - failed_when: result.rc != 0 and 'already defined' not in result.stderr - tags: add_repo - -- name: Assign repositories to Fedora releases - loop: "{{ faf_repos }}" - ansible.builtin.command: "faf repoassign '{{ item.name }}' '{{ item.opsys }}' '{{ item.arch }}'" - become: yes - become_user: faf - tags: add_repo - -- name: List repositories of EOL Fedora releases - loop: "{{ rs_internal_fedora_vers_removed }}" - ansible.builtin.shell: "faf repolist | grep fedora-{{ item }} || true" - become: yes - become_user: faf - register: eol_repolist - changed_when: eol_repolist.stdout - -- name: Remove repositories of EOL Fedora releases - loop: "{{ eol_repolist.results | map(attribute='stdout_lines') | flatten }}" - ansible.builtin.command: "faf repodel '{{ item }}'" - become: yes - become_user: faf - ignore_errors: yes - -- name: Clean up packages from EOL Fedora releases - loop: "{{ rs_internal_fedora_vers_removed }}" - ansible.builtin.command: "faf cleanup-packages Fedora '{{ item }}'" - become: yes - become_user: faf - ignore_errors: yes -... diff --git a/roles/abrt/faf-pre/handlers/main.yml b/roles/abrt/faf-pre/handlers/main.yml deleted file mode 100644 index b201220162..0000000000 --- a/roles/abrt/faf-pre/handlers/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Restart httpd - service: - name: httpd - state: restarted - -- name: Restart postgresql - service: - name: postgresql - state: restarted diff --git a/roles/abrt/faf-pre/tasks/install.yml b/roles/abrt/faf-pre/tasks/install.yml deleted file mode 100644 index 49d83ea3b3..0000000000 --- a/roles/abrt/faf-pre/tasks/install.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -- name: Install postgresql packages - ansible.builtin.package: - state: present - name: - - python3-psycopg2 - - postgresql-server - - postgresql - - pg-semver - -- name: Install ssl packages for https - ansible.builtin.package: - state: present - name: - - openssl - - mod_ssl - -- name: Memcached rhel - ansible.builtin.package: - state: present - name: - - memcached - - python3-memcached - when: ansible_distribution == "RedHat" and faf_web_cache_type == "memcached" - -- name: Memcached fedora - ansible.builtin.package: - state: present - name: - - libmemcached - - memcached - - zlib - - python3-pylibmc - when: ansible_distribution == "Fedora" and faf_web_cache_type == "memcached" diff --git a/roles/abrt/faf-pre/tasks/main.yml b/roles/abrt/faf-pre/tasks/main.yml deleted file mode 100644 index 8c2c585196..0000000000 --- a/roles/abrt/faf-pre/tasks/main.yml +++ /dev/null @@ -1,104 +0,0 @@ ---- -# Install additional packages -- import_tasks: install.yml - -# Create database for faf -- import_tasks: setup_db.yml - -- import_tasks: ssl.yml - -# Allow https and start httpd -- import_tasks: services.yml - -- name: Create a directory /srv/faf - ansible.builtin.file: - path: /srv/faf - state: directory - owner: faf - group: faf - -- name: Create folders where we place certs for fedora-messaging - ansible.builtin.file: path=/etc/fedora-messaging/faf owner=root group=root mode=0755 state=directory - -- name: Install certs for fedora-messaging - ansible.builtin.copy: src={{ item.src }} - dest=/etc/fedora-messaging/faf/{{ item.dest }} - owner={{ item.owner }} group=root mode={{ item.mode }} - loop: - - { src: "{{private}}/files/rabbitmq/{{env}}/ca-combined.crt", - dest: "ca.crt", - owner: faf, - mode: "0644" - } - - { src: "{{private}}/files/rabbitmq/{{env}}/pki/private/faf{{env_suffix}}.key", - dest: "faf.key", - owner: faf, - mode: "600" - } - - { src: "{{private}}/files/rabbitmq/{{env}}/pki/issued/faf{{env_suffix}}.crt", - dest: "faf.crt", - owner: faf, - mode: "0644" - } - -# landing page -- name: Install abrt-server-info-page - ansible.builtin.package: - name: abrt-server-info-page - state: latest - -- name: Configure ADMINS - lineinfile: - dest: /usr/lib/python3.6/site-packages/abrt-server-info-page/config.py - regexp: 'ADMINS =' - line: ' ADMINS = "infrastructure@lists.fedoraproject.org"' - notify: Restart httpd - -- name: Configure MORE_FAF - lineinfile: - dest: /usr/lib/python3.6/site-packages/abrt-server-info-page/config.py - regexp: 'MORE_FAF =' - line: ' MORE_FAF = "https://github.com/abrt/faf/"' - notify: Restart httpd - -- name: Configure MORE_RS - lineinfile: - dest: /usr/lib/python3.6/site-packages/abrt-server-info-page/config.py - regexp: 'MORE_RS =' - line: ' MORE_RS = "https://github.com/abrt/retrace-server"' - notify: Restart httpd - -- name: Configure MORE_ABRT - lineinfile: - dest: /usr/lib/python3.6/site-packages/abrt-server-info-page/config.py - regexp: 'MORE_ABRT =' - line: ' MORE_ABRT = "https://github.com/abrt/abrt/"' - notify: Restart httpd - -- name: Configure MORE_GABRT - lineinfile: - dest: /usr/lib/python3.6/site-packages/abrt-server-info-page/config.py - regexp: 'MORE_GABRT =' - line: ' MORE_GABRT = "https://github.com/abrt/gnome-abrt/"' - notify: Restart httpd - -- name: Configure MORE_LR - lineinfile: - dest: /usr/lib/python3.6/site-packages/abrt-server-info-page/config.py - regexp: 'MORE_LR =' - line: ' MORE_LR = "https://github.com/abrt/libreport/"' - notify: Restart httpd - -- name: Configure MORE_SATYR - lineinfile: - dest: /usr/lib/python3.6/site-packages/abrt-server-info-page/config.py - regexp: 'MORE_SATYR =' - line: ' MORE_SATYR = "https://github.com/abrt/satyr/"' - notify: Restart httpd - -- name: Configure URL_FOR_FAF - lineinfile: - dest: /usr/lib/python3.6/site-packages/abrt-server-info-page/config.py - regexp: 'URL_FOR_FAF =' - line: ' URL_FOR_FAF = "https://{{ faf_server_name }}"' - notify: Restart httpd diff --git a/roles/abrt/faf-pre/tasks/services.yml b/roles/abrt/faf-pre/tasks/services.yml deleted file mode 100644 index 06ae10d07e..0000000000 --- a/roles/abrt/faf-pre/tasks/services.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: Start and enable httpd - service: - name: httpd - state: started - enabled: yes - -- name: Start and enable memcached - service: - name: memcached - state: started - enabled: yes - when: faf_web_cache_type == "memcached" - -- name: Turn off selinux - selinux: - state: permissive - policy: targeted diff --git a/roles/abrt/faf-pre/tasks/setup_db.yml b/roles/abrt/faf-pre/tasks/setup_db.yml deleted file mode 100644 index 1491e35d30..0000000000 --- a/roles/abrt/faf-pre/tasks/setup_db.yml +++ /dev/null @@ -1,101 +0,0 @@ ---- -- name: Ensure PostgreSQL database is initialized. - ansible.builtin.command: "postgresql-setup --initdb --unit postgresql" - args: - creates: "/var/lib/pgsql/data/PG_VERSION" - -- name: Set max_connections for PostgreSQL - lineinfile: - path: /var/lib/pgsql/data/postgresql.conf - regexp: '^max_connections =' - line: 'max_connections = 150' - notify: Restart postgresql - -- name: Set shared_buffers for PostgreSQL - lineinfile: - path: /var/lib/pgsql/data/postgresql.conf - regexp: '^shared_buffers =' - line: 'shared_buffers = 25536MB' - notify: Restart postgresql - -- name: Set effective_cache_size for PostgreSQL - lineinfile: - path: /var/lib/pgsql/data/postgresql.conf - regexp: '^effective_cache_size =' - line: 'effective_cache_size = 50608MB' - notify: Restart postgresql - -- name: Set work_mem for PostgreSQL - lineinfile: - path: /var/lib/pgsql/data/postgresql.conf - regexp: '^work_mem =' - line: 'work_mem = 6MB' - notify: Restart postgresql - -- name: Set maintenance_work_mem for PostgreSQL - lineinfile: - path: /var/lib/pgsql/data/postgresql.conf - regexp: '^maintenance_work_mem =' - line: 'maintenance_work_mem = 2GB' - notify: Restart postgresql - -- name: Set checkpoint_completion_target for PostgreSQL - lineinfile: - path: /var/lib/pgsql/data/postgresql.conf - regexp: '^checkpoint_completion_target =' - line: 'checkpoint_completion_target = 0.9' - notify: Restart postgresql - -- name: Set wal_buffers for PostgreSQL - lineinfile: - path: /var/lib/pgsql/data/postgresql.conf - regexp: '^wal_buffers =' - line: 'wal_buffers = -1' - notify: Restart postgresql - -- name: Set default_statistics_target for PostgreSQL - lineinfile: - path: /var/lib/pgsql/data/postgresql.conf - regexp: '^default_statistics_target =' - line: 'default_statistics_target = 100' - notify: Restart postgresql - -- name: Drop faf database - postgresql_db: - name: faf - owner: postgres - state: absent - when: faf_recreate_database|bool - -- name: Start service postgresql - service: - name: postgresql - state: started - enabled: yes - become: true - -- name: Pgsql create db faf - postgresql_db: - name: faf - owner: postgres - state: present - become: true - become_user: postgres - -- name: Pgsql create user faf - postgresql_user: - db: faf - name: faf - priv: ALL - role_attr_flags: SUPERUSER - state: present - become: true - become_user: postgres - -- name: Create extension for faf - postgresql_ext: - name: semver - db: faf - state: present - become: true - become_user: postgres diff --git a/roles/abrt/faf-pre/tasks/ssl.yml b/roles/abrt/faf-pre/tasks/ssl.yml deleted file mode 100644 index 44f1463103..0000000000 --- a/roles/abrt/faf-pre/tasks/ssl.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: Check whether we need to initialize letsencrypt first - stat: path="/etc/letsencrypt/live/{{ item.key }}" - register: le_stat_checks - with_dict: "{{ letsencrypt.certificates }}" - when: - - letsencrypt is defined - -- name: Stop httpd when letsencrypt has not been run - service: - name: httpd - state: stopped - when: - - letsencrypt is defined - - not item.stat.exists - with_items: "{{ le_stat_checks.results }}" - - -- name: Install letsencrypt ssl certificates for dev - include_role: name=copr/certbot - tags: - - config - -- name: Install retrace ssl vhost - ansible.builtin.template: src="httpd/retrace_ssl.conf.j2" dest="/etc/httpd/conf.d/retrace_ssl.conf" - when: letsencrypt is defined - tags: - - config diff --git a/roles/abrt/faf-pre/templates/httpd/retrace_ssl.conf.j2 b/roles/abrt/faf-pre/templates/httpd/retrace_ssl.conf.j2 deleted file mode 100644 index 6870d39190..0000000000 --- a/roles/abrt/faf-pre/templates/httpd/retrace_ssl.conf.j2 +++ /dev/null @@ -1,15 +0,0 @@ - - SSLEngine on - SSLProtocol {{ ssl_protocols }} - # Use secure TLSv1.1 and TLSv1.2 ciphers - SSLCipherSuite {{ ssl_ciphers }} - SSLHonorCipherOrder on - Header always add Strict-Transport-Security "max-age=31536000; preload" - - SSLCertificateFile /etc/letsencrypt/live/{{ public_hostname }}/cert.pem - SSLCertificateKeyFile /etc/letsencrypt/live/{{ public_hostname }}/privkey.pem - SSLCertificateChainFile /etc/letsencrypt/live/{{ public_hostname }}/fullchain.pem - - ServerName {{ public_hostname }} - - diff --git a/roles/abrt/faf/.ansible-lint b/roles/abrt/faf/.ansible-lint deleted file mode 100644 index c82bf3ad37..0000000000 --- a/roles/abrt/faf/.ansible-lint +++ /dev/null @@ -1,3 +0,0 @@ -# We have a task explicitly for updating all FAF packages. -skip_list: - - 403 diff --git a/roles/abrt/faf/.github/workflows/ansible-lint.yml b/roles/abrt/faf/.github/workflows/ansible-lint.yml deleted file mode 100644 index 274f858610..0000000000 --- a/roles/abrt/faf/.github/workflows/ansible-lint.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -name: Check Ansible Role - -on: # yamllint disable-line rule:truthy - push: - branches: [master] - pull_request: - branches: [master] - -jobs: - lint: - # The GitHub-hosted runners don’t do Fedora - runs-on: ubuntu-latest - - steps: - - name: Check out sources - uses: actions/checkout@v2 - - # This can be pinned to a specific tag after something newer than v4.1.0.post0 materializes. - # https://github.com/ansible/ansible-lint-action/commit/91db49755c0e720d9eac9d3a481c227d3d14faf6 - - name: Lint - uses: ansible/ansible-lint-action@master - with: - targets: ./ diff --git a/roles/abrt/faf/defaults/main.yml b/roles/abrt/faf/defaults/main.yml index a9b2bbec64..483de93023 100644 --- a/roles/abrt/faf/defaults/main.yml +++ b/roles/abrt/faf/defaults/main.yml @@ -1,16 +1,17 @@ --- +# SMTP server to use +smtp_server: localhost +smtp_port: 25 -########################### -# features configuration # -########################### +# domain of web service as seen from internet +domain: example.org -faf_with_bugtrackers: true -faf_with_celery: true -faf_with_fedmsg: false -faf_with_solutionfinders: true -faf_with_symboltransfer: false -faf_with_web: true -faf_python_version: "python3.6" +# default port for memcached +memcached_port: 11211 + +# connectstring to use for faf web & storage in format: +# driver://user:password@host:port/database +faf_db_connectstring: postgresql:///faf # dangerous, delete and re-create PostgreSQL database # (will wipe Postgre's data dir and re-create from scratch) @@ -28,80 +29,42 @@ faf_migrate_db: true # set up cron jobs for faf faf_cron_jobs: true -# faf reachable on httpd root (http://hostname/) -# if false it's (http://hostname/faf/) -faf_web_on_root: false - -########################### -# faf configuration # -########################### - -# [MAIN] -faf_plugins_dir: /etc/faf/plugins/ -faf_templates_dir: /etc/faf/templates/ -faf_autoenableplugins: false - -# [STORAGE] -# variables used to automatically create a connectstring -# connectstring is used for faf web & storage in format: -# postgresql://user:password@host:port/database -faf_db_user: -faf_db_password: -faf_db_host: -faf_db_port: -faf_db_name: faf - -# [MAIL] faf_admin_mail: root@localhost -# SMTP server to use -smtp_server: localhost -smtp_port: 25 -smtp_username: -smtp_password: -faf_from: no-reply@localhost -# [uREPORT] faf_spool_dir: /var/spool/faf -faf_create_components: false -# Allow uReports without affected package - meaning that crashing code was -# not packaged -faf_allow_unpackaged: false +########################### +# features configuration # +########################### + +faf_with_bugtrackers: true +faf_with_celery: true +faf_with_fedmsg: false +faf_with_solutionfinders: true +faf_with_symboltransfer: false +faf_with_web: true ########################### # faf-webui configuration # ########################### -# [HUB] +# faf_server_name is the URL without protocols and trailing slash +# the URL can be also with /path part (e.g. example-faf.org/faf) +faf_server_name: "example-faf.org" + +faf_web_brand_title: "FAF" +faf_web_brand_subtitle: "Fedora Analysis Framework" + +# perms +faf_web_everyone_is_admin: false +faf_web_everyone_is_maintainer: false + # enable debugging faf_web_debug: false # set to true if faf's running behind proxy like varnish faf_web_proxy_setup: false -# important for production deployments -faf_web_secret_key: not_a_secret - -# domain of web service as seen from internet -domain: example.org - -# faf_server_name is the URL without protocols and trailing slash -# the URL can be also with /path part (e.g. example-faf.org/faf) -faf_server_name: "example-faf.org" - -faf_web_brand_title: "ABRT" -faf_web_brand_subtitle: "Analytics" - -faf_web_fedmenu_url: -# https://apps.fedoraproject.org/fedmenu -faf_web_fedmenu_data_url: -# https://apps.fedoraproject.org/js/data.js - -# perms -faf_web_everyone_is_admin: false -faf_web_everyone_is_maintainer: false - -# [OPENID] # enable OpenID faf_web_openid: true @@ -111,31 +74,20 @@ faf_web_openid: true faf_web_openid_privileged_teams: # provenpackager,proventesters -# [CACHE] +faf_web_fedmenu_url: +# https://apps.fedoraproject.org/fedmenu +faf_web_fedmenu_data_url: +# https://apps.fedoraproject.org/js/data.js + # cache type either: memcached/simple/none faf_web_cache_type: memcached -memcached_port: 11211 +# faf reachable on httpd root (http://hostname/) +# if false it's (http://hostname/faf/) +faf_web_on_root: true -# number of mails that can be sent per the time frame -faf_web_throttle_rate: 1 -# time to wait (in seconds) before another mail can be sent -faf_web_throttle_timeframe: 30 -# start the throttling after this number of mails is sent -faf_web_throttle_burst: 1 - -############################## -# fedora-messaging config # -############################## -faf_fedmsg_server: -# The topic_prefix configuration value will add a prefix to the topics of every sent message. -# This is used for migrating from fedmsg, and should not be used afterwards. -faf_fedmsg_topic_prefix: - -# [TLS] -faf_fedmsg_ca_cert: -faf_fedmsg_keyfile: -faf_fedmsg_certfile: +# important for production deployments +faf_web_secret_key: not_a_secret ############################## # functionality checking # @@ -144,13 +96,6 @@ faf_fedmsg_certfile: faf_check: false faf_check_web: false -############################## -# faf cron configuration # -############################## - -faf_opsys_list: - - fedora - ############################## # faf packages configuration # ############################## @@ -161,7 +106,7 @@ faf_opsys_list: faf_packages: - faf - faf-migrations - - faf-dnf + - faf-yum faf_problem_packages: - faf-problem-coredump @@ -181,9 +126,6 @@ faf_action_packages: - faf-action-assign-release-to-builds - faf-action-attach-centos-bugs - faf-action-c2p - - faf-action-check-repo - - faf-action-cleanup-packages - - faf-action-cleanup-unassigned - faf-action-cleanup-task-results - faf-action-create-problems - faf-action-delete-invalid-ureports @@ -191,7 +133,6 @@ faf_action_packages: - faf-action-external-faf-clone-bz - faf-action-find-components - faf-action-find-crash-function - - faf-action-find-report-solution - faf-action-mark-probably-fixed - faf-action-pull-associates - faf-action-pull-components @@ -200,7 +141,6 @@ faf_action_packages: - faf-action-repo - faf-action-retrace - faf-action-retrace-remote - - faf-action-sar - faf-action-save-reports - faf-action-shell - faf-action-stats @@ -235,11 +175,3 @@ faf_web_celery_packages: faf_web_symboltransfer_packages: - faf-blueprint-symbol-transfer - -############### -# EOLed Opsys # -############### - -eol_opsys: [] -# When not empty, the array should have the following form: -# - { opsys: "Fedora", release: "36" } diff --git a/roles/abrt/faf/files/group_abrt-faf-el7-epel-7.repo b/roles/abrt/faf/files/group_abrt-faf-el7-epel-7.repo new file mode 100644 index 0000000000..ec4e5fa897 --- /dev/null +++ b/roles/abrt/faf/files/group_abrt-faf-el7-epel-7.repo @@ -0,0 +1,10 @@ +[group_abrt-faf-el7] +name=Copr repo for faf-el7 owned by @abrt +baseurl=https://copr-be.cloud.fedoraproject.org/results/@abrt/faf-el7/epel-7-$basearch/ +type=rpm-md +skip_if_unavailable=True +gpgcheck=1 +gpgkey=https://copr-be.cloud.fedoraproject.org/results/@abrt/faf-el7/pubkey.gpg +repo_gpgcheck=0 +enabled=1 +enabled_metadata=1 diff --git a/roles/abrt/faf/files/group_abrt-faf-el8-epel-8.repo b/roles/abrt/faf/files/group_abrt-faf-el8-epel-8.repo deleted file mode 100644 index 526f31f34f..0000000000 --- a/roles/abrt/faf/files/group_abrt-faf-el8-epel-8.repo +++ /dev/null @@ -1,21 +0,0 @@ -[faf-el8] -name=Copr repo for faf-el8 owned by @abrt -baseurl=https://copr-be.cloud.fedoraproject.org/results/@abrt/faf-el8/epel-8-$basearch/ -type=rpm-md -skip_if_unavailable=True -gpgcheck=1 -gpgkey=https://copr-be.cloud.fedoraproject.org/results/@abrt/faf-el8/pubkey.gpg -repo_gpgcheck=0 -enabled=1 -enabled_metadata=1 - -[faf-el8-required-packages] -name=Copr repo for faf-el8-required-packages owned by @abrt -baseurl=https://copr-be.cloud.fedoraproject.org/results/@abrt/faf-el8-required-packages/epel-8-$basearch/ -type=rpm-md -skip_if_unavailable=True -gpgcheck=1 -gpgkey=https://copr-be.cloud.fedoraproject.org/results/@abrt/faf-el8-required-packages/pubkey.gpg -repo_gpgcheck=0 -enabled=1 -enabled_metadata=1 diff --git a/roles/abrt/faf/files/group_abrt-faf-el8-fedora.repo b/roles/abrt/faf/files/group_abrt-faf-el8-fedora.repo deleted file mode 100644 index aaa55db4dc..0000000000 --- a/roles/abrt/faf/files/group_abrt-faf-el8-fedora.repo +++ /dev/null @@ -1,10 +0,0 @@ -[group_abrt-faf-el8] -name=Copr repo for faf-el8 owned by @abrt -baseurl=https://copr-be.cloud.fedoraproject.org/results/@abrt/faf-el8/fedora-$releasever-$basearch/ -type=rpm-md -skip_if_unavailable=True -gpgcheck=1 -gpgkey=https://copr-be.cloud.fedoraproject.org/results/@abrt/faf-el8/pubkey.gpg -repo_gpgcheck=0 -enabled=1 -enabled_metadata=1 \ No newline at end of file diff --git a/roles/abrt/faf/handlers/main.yml b/roles/abrt/faf/handlers/main.yml index 23d49bd16e..e379288d84 100644 --- a/roles/abrt/faf/handlers/main.yml +++ b/roles/abrt/faf/handlers/main.yml @@ -1,5 +1,3 @@ --- -- name: Restart httpd - service: - name: httpd - state: restarted +- name: restart httpd + service: name=httpd state=restarted diff --git a/roles/abrt/faf/meta/.galaxy_install_info b/roles/abrt/faf/meta/.galaxy_install_info index d014cfad01..07e2295663 100644 --- a/roles/abrt/faf/meta/.galaxy_install_info +++ b/roles/abrt/faf/meta/.galaxy_install_info @@ -1,2 +1 @@ -install_date: Thu May 27 08:27:11 2021 -version: master +{install_date: 'Tue Jul 4 08:35:09 2017', version: ''} diff --git a/roles/abrt/faf/meta/main.yml b/roles/abrt/faf/meta/main.yml index 0f16bf1bcd..18b616d6d8 100644 --- a/roles/abrt/faf/meta/main.yml +++ b/roles/abrt/faf/meta/main.yml @@ -1,18 +1,19 @@ --- galaxy_info: author: "ABRT team" - description: Deploy FAF company: Red Hat license: BSD - min_ansible_version: 2.5 + min_ansible_version: 1.8 platforms: - - name: EL - versions: - - 8 - - name: Fedora - versions: - - 29 - - 30 - galaxy_tags: - - web + - name: EL + versions: + - 7 + - 6 + - name: Fedora + versions: + - 25 + - 24 + - 23 + categories: + - web dependencies: [] diff --git a/roles/abrt/faf/tasks/celery.yml b/roles/abrt/faf/tasks/celery.yml index 881f7e9912..7c729a5512 100644 --- a/roles/abrt/faf/tasks/celery.yml +++ b/roles/abrt/faf/tasks/celery.yml @@ -1,40 +1,28 @@ ---- -- name: Install faf web celery packages - ansible.builtin.package: - name: "{{ faf_web_celery_packages }}" - state: present +- name: install faf web celery packages + package: name={{ item }} state=present + with_items: "{{ faf_web_celery_packages }}" tags: - packages -- name: Install redis package - ansible.builtin.package: - name: - - redis - - python3-redis - state: present +- name: install redis package + yum : name={{ item }} state=present + with_items: + - redis + - python-redis tags: - packages -- name: Enable redis service - service: - name: redis - state: started - enabled: yes +- name: enable redis service + service: name=redis state=started enabled=yes tags: - service -- name: Enable faf-celery-worker - service: - name: faf-celery-worker - state: started - enabled: yes +- name: enable faf-celery-worker + service: name=faf-celery-worker state=started enabled=yes tags: - service -- name: Enable faf-celery-beat - service: - name: faf-celery-beat - state: started - enabled: yes +- name: enable faf-celery-beat + service: name=faf-celery-beat state=started enabled=yes tags: - service diff --git a/roles/abrt/faf/tasks/check.yml b/roles/abrt/faf/tasks/check.yml index 2a324343de..4a08eaf365 100644 --- a/roles/abrt/faf/tasks/check.yml +++ b/roles/abrt/faf/tasks/check.yml @@ -2,39 +2,23 @@ # check backend functionality -- name: Add dummy Fedora 42 release - ansible.builtin.command: faf releaseadd -o fedora --opsys-release 42 +- name: faf + shell: faf {{ item }} become: yes become_user: faf - changed_when: false + with_items: + - "releaseadd -o fedora --opsys-release 42" + - "releaselist | grep 'Fedora 42'" + - "compadd -o fedora --opsys-release 42 meta_faf" -- name: Get releases from FAF - ansible.builtin.command: faf releaselist +- name: cpf + copy: src=ureport_sample dest={{ faf_spool_dir }}/reports/incoming + owner=faf group=faf + +- name: faf + shell: faf {{ item }} become: yes become_user: faf - register: release_list - failed_when: "'Fedora 42' not in release_list.stdout" - changed_when: false - -- name: Add dummy meta_faf component to Fedora 42 release - ansible.builtin.command: faf compadd -o fedora --opsys-release 42 meta_faf - become: yes - become_user: faf - changed_when: false - -- name: Cpf - ansible.builtin.copy: - src: ureport_sample - dest: "{{ faf_spool_dir }}/reports/incoming" - owner: faf - group: faf - -- name: Faf - ansible.builtin.command: faf {{ item }} - become: yes - become_user: faf - loop: + with_items: - "save-reports -v" - "create-problems -v" - # This task is 100% idempotent, no questions asked. - changed_when: false diff --git a/roles/abrt/faf/tasks/check_web.yml b/roles/abrt/faf/tasks/check_web.yml index 65aa450af1..ebd25855e1 100644 --- a/roles/abrt/faf/tasks/check_web.yml +++ b/roles/abrt/faf/tasks/check_web.yml @@ -1,27 +1,26 @@ + # check web functionality # ---- -- name: Set URL facts - set_fact: +- set_fact: main_url: "https://{{ ansible_default_ipv4.address }}{{ url_suffix }}" problems_url: "https://{{ ansible_default_ipv4.address }}{{ url_suffix }}/problems/" -- name: Check main - uri: - url: "{{ main_url }}" - return_content: yes - validate_certs: no +- name: check main + local_action: uri url={{ main_url }} + return_content=yes + validate_certs=no register: uri_res - check_mode: no - delegate_to: localhost - failed_when: "'ABRT' not in uri_res.content" -- name: Fetch problems - uri: - url: "{{ problems_url }}" - return_content: yes - validate_certs: no +- fail: msg="{{ main_url }} doesn't contain 'FAF' string" + when: + "'FAF' not in uri_res.content" + +- name: fetch problems + local_action: uri url={{ problems_url }} + return_content=yes + validate_certs=no register: uri_res - check_mode: no - delegate_to: localhost - failed_when: "'State' not in uri_res.content" + +- fail: msg="{{ main_url }} doesn't contain 'State' string" + when: + "'State' not in uri_res.content" diff --git a/roles/abrt/faf/tasks/cleanup.yml b/roles/abrt/faf/tasks/cleanup.yml deleted file mode 100644 index b59930dc98..0000000000 --- a/roles/abrt/faf/tasks/cleanup.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Remove EOLed opsys - ansible.builtin.command: faf releasemod -o "{{ item.opsys | lower }}" --opsys-release "{{ item.release }}" -s EOL - loop: "{{ eol_opsys }}" - become: yes - become_user: faf - failed_when: false - changed_when: false - -- name: Remove EOLed packages - ansible.builtin.command: faf cleanup-packages "{{ item.opsys }}" "{{ item.release }}" - loop: "{{ eol_opsys }}" - become: yes - become_user: faf - failed_when: false - changed_when: false - -- name: Remove unassigned packages - ansible.builtin.command: faf cleanup-unassigned -f - become: yes - become_user: faf - failed_when: false - changed_when: false diff --git a/roles/abrt/faf/tasks/config.yml b/roles/abrt/faf/tasks/config.yml index 8bd459a16f..8d3954d8a9 100644 --- a/roles/abrt/faf/tasks/config.yml +++ b/roles/abrt/faf/tasks/config.yml @@ -1,22 +1,5 @@ --- -- name: Provide /etc/faf/faf.conf - ansible.builtin.template: - src: etc-faf-faf.conf.j2 - dest: /etc/faf/faf.conf - -# setup fedora-messaging -- name: Create the config folder for fedora-messaging - ansible.builtin.file: - path: /etc/fedora-messaging/ - owner: root - group: root - mode: "0755" - state: directory - when: faf_with_fedmsg|bool - -- name: Provide configuration for fedora-messaging - ansible.builtin.template: - src: etc-fedora-messaging-config.toml.j2 - dest: /etc/fedora-messaging/config.toml - when: faf_with_fedmsg|bool +- name: provide /etc/faf/faf.conf + template: src=etc-faf-faf.conf.j2 + dest=/etc/faf/faf.conf diff --git a/roles/abrt/faf/tasks/cron.yml b/roles/abrt/faf/tasks/cron.yml index fda06747ae..d6af09221e 100644 --- a/roles/abrt/faf/tasks/cron.yml +++ b/roles/abrt/faf/tasks/cron.yml @@ -1,116 +1,82 @@ --- -- name: Cron save-reports +- name: cron save-reports cron: name: "faf save-reports" user: faf job: "faf save-reports --speedup >> /var/log/faf/save-reports.log 2>&1" minute: "*/5" state: present + become: yes -- name: Cron create-problems-speedup +- name: cron create-problems-speedup cron: - name: "faf create-problems-speedup with type {{ item }}" + name: "faf create-problems-speedup with type {{ item}}" user: faf - job: "faf create-problems -p {{ item }} --speedup --report-min-count 2 >> /var/log/faf/create-problems-{{ item }}.log 2>&1" - minute: "{{ 60 | random(seed=item) }}" + job: "faf create-problems -p {{ item }} --speedup >> /var/log/faf/create-problems.log 2>&1" + minute: 30 hour: "2" state: present - loop: + become: yes + with_items: - "core" - "kerneloops" - "python" - "ruby" - - "java" -- name: Cron create-problems +- name: cron create-problems cron: - name: "faf create-problems with type {{ item }}" + name: "faf create-problems with type {{ item}}" user: faf - job: "faf create-problems -p {{ item }} >> /var/log/faf/create-problems-{{ item }}.log 2>&1" + job: "faf create-problems -p {{ item }} >> /var/log/faf/create-problems.log 2>&1" day: "15" - minute: "30" + minute: 30 hour: "14" state: present - loop: + become: yes + with_items: - "core" - "kerneloops" - "python" - "ruby" - - "java" -- name: Cron reposync +- name: cron reposync cron: name: "faf reposync" user: faf job: "faf reposync >> /var/log/faf/reposync.log 2>&1" - minute: "5" - hour: "3" + minute: 5 + hour: 3 state: present + become: yes -- name: Retrace symbols +- name: retrace symbols cron: name: "retrace symbols with type {{ item.type }}" user: faf job: "faf retrace --workers 4 -dp {{ item.type }} --max-fail-count 1 >> /var/log/faf/retrace-{{ item.type }}.log 2>&1" - minute: "32" - hour: "2" + minute: 32 + hour: 2 weekday: "{{ item.day }}" state: present - loop: + become: yes + with_items: - { type: "core", day: "2,4,6" } - { type: "kerneloops", day: "1,3,5" } -- name: Cron - faf find-crashfn +- name: cron - faf find-crashfn core cron: - name: "cron for faf find-crashfn for {{ item }}" + name: "cron for faf find-crashfn for core" user: faf - job: "faf find-crashfn -p {{ item }}" - minute: "{{ 60 | random(seed=item) }}" - hour: "5" + job: "faf find-crashfn -p core" + special_time: daily state: present - loop: - - "core" - - "kerneloops" - - "python" - - "ruby" - - "java" -- name: Cron pull-releases +- name: cron - faf find-crashfn kerneloops cron: - name: "faf pull-releases {{ item }}" + name: "cron for faf find-crashfn for kerneloops" user: faf - job: "faf pull-releases -o {{ item }} >> /var/log/faf/pull-releases.log 2>&1" - minute: "5" - hour: "0" - state: present - loop: "{{ faf_opsys_list }}" - -- name: Cron pull-components - cron: - name: "faf pull-components {{ item }}" - user: faf - job: "faf pull-components -o {{ item }} >> /var/log/faf/pull-components.log 2>&1" - minute: "5" - hour: "1" - state: present - loop: "{{ faf_opsys_list }}" - -- name: Cron - faf find-components - cron: - name: "cron for faf find-components -o {{ item }}" - user: faf - job: "faf find-components -o {{ item }} >> /var/log/faf/find-components.log 2>&1" - minute: "5" - hour: "2" - state: present - loop: "{{ faf_opsys_list }}" - -- name: Cron - faf match-unknown-packages - cron: - name: "cron for faf match-unknown-packages" - user: faf - job: "faf match-unknown-packages >> /var/log/faf/match-unknown-packages.log 2>&1" - minute: "23" - hour: "22" + job: "faf find-crashfn -p kerneloops" + minute: 15 + hour: "*/3" state: present diff --git a/roles/abrt/faf/tasks/first_time_setup.yml b/roles/abrt/faf/tasks/first_time_setup.yml index d9a7326434..40e697abac 100644 --- a/roles/abrt/faf/tasks/first_time_setup.yml +++ b/roles/abrt/faf/tasks/first_time_setup.yml @@ -1,27 +1,26 @@ --- -- name: Check for count of faf tables - ansible.builtin.shell: psql -c "SELECT COUNT(*) FROM pg_stat_user_tables" +- name: check for count of faf tables + shell: psql -c "SELECT COUNT(*) FROM pg_stat_user_tables" register: count_tables changed_when: "( count_tables.stdout_lines[2]|int ) == 0" - check_mode: no become: yes become_user: faf # Skip whole block if faf owns atleast 1 table in db - block: - - name: Create faf's database schema - ansible.builtin.command: faf-migrate-db --create-all + - name: create faf's database schema + command: faf-migrate-db --create-all become: yes become_user: faf - - name: Stamp database as migrated to latest version - ansible.builtin.command: faf-migrate-db --stamp-only + - name: stamp database as migrated to latest version + command: faf-migrate-db --stamp-only become: yes become_user: faf - - name: Init faf - ansible.builtin.command: faf init + - name: init faf + command: faf init become: yes become_user: faf when: ( count_tables.stdout_lines[2]|int ) == 0 diff --git a/roles/abrt/faf/tasks/install.yml b/roles/abrt/faf/tasks/install.yml index 09ea84e55c..f941817802 100644 --- a/roles/abrt/faf/tasks/install.yml +++ b/roles/abrt/faf/tasks/install.yml @@ -1,63 +1,44 @@ --- -- name: Enable Copr repo for RHEL - ansible.builtin.copy: - src: group_abrt-faf-el8-epel-8.repo - dest: /etc/yum.repos.d/ - when: ansible_distribution == 'RedHat' +- name: enable Copr repo + copy: src=group_abrt-faf-el7-epel-7.repo dest=/etc/yum.repos.d/ -- name: Enable Copr repo for Fedora - ansible.builtin.copy: - src: group_abrt-faf-el8-fedora.repo - dest: /etc/yum.repos.d/ - when: ansible_distribution == 'Fedora' +- name: erase faf packages + package: name="faf-*" state=absent + when: faf_force_reinstall -- name: Erase faf packages - ansible.builtin.package: - name: "faf-*" - state: absent - when: faf_force_reinstall|bool +- name: install core faf packages + package: name={{ item }} state=present + with_items: "{{ faf_packages }}" -- name: Install core faf packages - ansible.builtin.package: - name: "{{ faf_packages }}" - state: present +- name: install faf problem packages + package: name={{ item }} state=present + with_items: "{{ faf_problem_packages }}" -- name: Install faf problem packages - ansible.builtin.package: - name: "{{ faf_problem_packages }}" - state: present +- name: install faf opsys packages + package: name={{ item }} state=present + with_items: "{{ faf_opsys_packages }}" -- name: Install faf opsys packages - ansible.builtin.package: - name: "{{ faf_opsys_packages }}" - state: present +- name: install faf action packages + package: name={{ item }} state=present + with_items: "{{ faf_action_packages }}" -- name: Install faf action packages - ansible.builtin.package: - name: "{{ faf_action_packages }}" - state: present +- name: install faf bugtracker packages + package: name={{ item }} state=present + with_items: "{{ faf_bugtracker_packages }}" + when: faf_with_bugtrackers -- name: Install faf bugtracker packages - ansible.builtin.package: - name: "{{ faf_bugtracker_packages }}" - state: present - when: faf_with_bugtrackers|bool +- name: install faf celery packages + package: name={{ item }} state=present + with_items: "{{ faf_celery_packages }}" + when: faf_with_celery -- name: Install faf celery packages - ansible.builtin.package: - name: "{{ faf_celery_packages }}" - state: present - when: faf_with_celery|bool +- name: install faf fedmsg packages + package: name={{ item }} state=present + with_items: "{{ faf_fedmsg_packages }}" + when: faf_with_fedmsg -- name: Install faf fedmsg packages - ansible.builtin.package: - name: "{{ faf_fedmsg_packages }}" - state: present - when: faf_with_fedmsg|bool - -- name: Install faf solutionfinder packages - ansible.builtin.package: - name: "{{ faf_solutionfinder_packages }}" - state: present - when: faf_with_solutionfinders|bool +- name: install faf solutionfinder packages + package: name={{ item }} state=present + with_items: "{{ faf_solutionfinder_packages }}" + when: faf_with_solutionfinders diff --git a/roles/abrt/faf/tasks/main.yml b/roles/abrt/faf/tasks/main.yml index 0255a54074..ab64a30865 100644 --- a/roles/abrt/faf/tasks/main.yml +++ b/roles/abrt/faf/tasks/main.yml @@ -1,9 +1,8 @@ ---- - import_tasks: install.yml tags: [faf, faf_install, packages] - import_tasks: update.yml - when: faf_update|bool + when: faf_update tags: [faf, faf_update, packages] - import_tasks: first_time_setup.yml @@ -13,24 +12,21 @@ tags: [faf, faf_config, config] - import_tasks: migrate_db.yml - when: faf_migrate_db|bool + when: faf_migrate_db tags: [faf, faf_migrate_db] - import_tasks: cron.yml - when: faf_cron_jobs|bool + when: faf_cron_jobs tags: [faf, config] - import_tasks: web.yml - when: faf_with_web|bool + when: faf_with_web tags: [faf, faf_web] - import_tasks: check.yml - when: faf_check|bool + when: faf_check tags: [faf, faf_check] - import_tasks: check_web.yml - when: faf_check_web|bool + when: faf_check_web tags: [faf, faf_check_web] - -- import_tasks: cleanup.yml - tags: [faf, cleanup] diff --git a/roles/abrt/faf/tasks/migrate_db.yml b/roles/abrt/faf/tasks/migrate_db.yml index e55d40237a..7110362738 100644 --- a/roles/abrt/faf/tasks/migrate_db.yml +++ b/roles/abrt/faf/tasks/migrate_db.yml @@ -1,6 +1,5 @@ --- -- name: Run database migrations - ansible.builtin.command: faf-migrate-db +- name: run database migrations + command: faf-migrate-db become: yes become_user: faf - changed_when: false diff --git a/roles/abrt/faf/tasks/update.yml b/roles/abrt/faf/tasks/update.yml index 3108371ed9..660323c78f 100644 --- a/roles/abrt/faf/tasks/update.yml +++ b/roles/abrt/faf/tasks/update.yml @@ -1,5 +1,3 @@ --- -- name: Update faf packages - ansible.builtin.package: - name: "faf*" - state: latest +- name: update faf packages + package: name="faf*" state=latest diff --git a/roles/abrt/faf/tasks/web.yml b/roles/abrt/faf/tasks/web.yml index 0475ca8a7b..5a42615a51 100644 --- a/roles/abrt/faf/tasks/web.yml +++ b/roles/abrt/faf/tasks/web.yml @@ -1,39 +1,32 @@ ---- -- name: Set url_suffix fact - set_fact: + +- set_fact: url_suffix: "" - when: faf_web_on_root|bool + when: faf_web_on_root -- name: Set url_suffix fact - set_fact: +- set_fact: url_suffix: "/faf" - when: not faf_web_on_root|bool + when: not faf_web_on_root -- name: Install faf-webui packages - ansible.builtin.package: - name: "{{ faf_web_packages }}" - state: present +- name: install faf-webui packages + yum : name={{ item }} state=latest + with_items: "{{ faf_web_packages }}" -- name: Import Celery tasks - import_tasks: celery.yml - when: faf_with_celery|bool +- import_tasks: celery.yml + when: faf_with_celery -- name: Install faf web symboltransfer packages - ansible.builtin.package: - name: "{{ faf_web_symboltransfer_packages }}" - state: present - when: faf_with_symboltransfer|bool +- name: install faf web symboltransfer packages + package: name={{ item }} state=present + with_items: "{{ faf_web_symboltransfer_packages }}" + when: faf_with_symboltransfer -- name: Provide /etc/faf/plugins/web.conf - ansible.builtin.template: - src: etc-faf-plugins-web.conf.j2 - dest: /etc/faf/plugins/web.conf +- name: provide /etc/faf/plugins/web.conf + template: src=etc-faf-plugins-web.conf.j2 + dest=/etc/faf/plugins/web.conf notify: - - Restart httpd + - restart httpd -- name: Put webfaf on root (/) if configured - ansible.builtin.template: - src: etc-httpd-conf.d-faf-web.conf.j2 - dest: /etc/httpd/conf.d/faf-web.conf +- name: put webfaf on root (/) if configured + template: src=etc-httpd-conf.d-faf-web.conf.j2 + dest=/etc/httpd/conf.d/faf-web.conf notify: - - Restart httpd + - restart httpd diff --git a/roles/abrt/faf/templates/etc-faf-faf.conf.j2 b/roles/abrt/faf/templates/etc-faf-faf.conf.j2 index b1221d0b3a..9dc8cfd8eb 100644 --- a/roles/abrt/faf/templates/etc-faf-faf.conf.j2 +++ b/roles/abrt/faf/templates/etc-faf-faf.conf.j2 @@ -1,19 +1,13 @@ #{{ ansible_managed }} # Faf site-wide configuration file -# The settings are overridden by the file specified in -# FAF_CONFIG_FILE environment variable. [Main] -PluginsDir = {{ faf_plugins_dir }} -TemplatesDir = {{ faf_templates_dir }} -AutoEnablePlugins = {{ faf_autoenableplugins|bool }} +PluginsDir = /etc/faf/plugins/ +TemplatesDir = /etc/faf/templates/ +AutoEnablePlugins = False [Storage] -DBUser = {{ faf_db_user }} -DBPasswd = {{ faf_db_password }} -DBHost = {{ faf_db_host }} -DBPort = {{ faf_db_port }} -DBName = {{ faf_db_name }} +ConnectString = {{ faf_db_connectstring }} LobDir = {{ faf_spool_dir }}/lob # Using platform-specific location by default. # Uncomment and change if needed. @@ -26,31 +20,12 @@ Server = {{ smtp_server }} Port = {{ smtp_port }} Username = {{ smtp_username|default("", true) }} Password = {{ smtp_password|default("", true) }} -From = {{ faf_from }} - +From = {{ faf_admin_mail }} [uReport] # The directory that holds 'reports' and 'attachments' subdirectories Directory = {{ faf_spool_dir }} -CreateComponents = {{ faf_create_components }} +CreateComponents = False # attachments accepted by this server # allowed values: fedora-bugzilla rhel-bugzilla centos-mantisb comment email url # or * to allow all attachments AcceptAttachments = fedora-bugzilla rhel-bugzilla centos-mantisbt - -# Allow uReports without affected package - meaning that crashing code was -# not packaged -allow-unpackaged = {{ faf_allow_unpackaged }} - -# Determines which strategy will be used for searching known or uknown ureport's -# and bugzilla bug's, if known is empty, then is used BUG_OS_MINOR_VERSION -# -# BUG_OS_MAJOR_VERSION - The report has attached a bug with equivalent OS Major -# version name -# BUG_OS_MINOR_VERSION - The report has attached a bug with equivalent OS Major -# version and OS Minor version name -# EQUAL_UREPORT_EXISTS - Report OS Major version match AND uReport OS Minor -# version match AND uReport OS Architecture match AND Packages match name -# -# allowed values for the Known option -# BUG_OS_MAJOR_VERSION BUG_OS_MINOR_VERSION EQUAL_UREPORT_EXISTS -Known = diff --git a/roles/abrt/faf/templates/etc-faf-plugins-web.conf.j2 b/roles/abrt/faf/templates/etc-faf-plugins-web.conf.j2 index 7fbebbda06..21c0d9d8fd 100644 --- a/roles/abrt/faf/templates/etc-faf-plugins-web.conf.j2 +++ b/roles/abrt/faf/templates/etc-faf-plugins-web.conf.j2 @@ -33,6 +33,12 @@ enabled = {{ faf_web_openid }} privileged_teams = {{ faf_web_openid_privileged_teams }} {% endif %} +[DumpDir] +CacheDirectory = {{ faf_spool_dir }}/dumpdirs +CacheDirectoryCountQuota = 100 +CacheDirectorySizeQuota = 107374182400 +MaxDumpDirSize = 1073741824 + [cache] #types: # null - no caching @@ -42,11 +48,3 @@ type = {{ faf_web_cache_type }} memcached_host = localhost memcached_port = {{ memcached_port }} memcached_key_prefix = webfaf - -[throttle] -# Number of mails that can be sent per the time frame -rate = {{ faf_web_throttle_rate }} -# Time to wait (in seconds) before another mail can be sent -timeframe = {{ faf_web_throttle_timeframe }} -# Start the throttling after this number of mails is sent -burst = {{ faf_web_throttle_burst }} diff --git a/roles/abrt/faf/templates/etc-fedora-messaging-config.toml.j2 b/roles/abrt/faf/templates/etc-fedora-messaging-config.toml.j2 deleted file mode 100644 index b905439cd3..0000000000 --- a/roles/abrt/faf/templates/etc-fedora-messaging-config.toml.j2 +++ /dev/null @@ -1,20 +0,0 @@ -#{{ ansible_managed }} - -# A sample configuration for fedora-messaging. This file is in the TOML format. -# For complete details on all configuration options, see the documentation. - -amqp_url = "amqp://{{ faf_fedmsg_server }}?connection_attempts=3&retry_delay=5" - -passive_declares = true - -# The topic_prefix configuration value will add a prefix to the topics of every sent message. -# This is used for migrating from fedmsg, and should not be used afterwards. -topic_prefix = {{ faf_fedmsg_topic_prefix }} - -[tls] -ca_cert = {{ faf_fedmsg_ca_cert }} -keyfile = {{ faf_fedmsg_keyfile }} -certfile = {{ faf_fedmsg_certfile }} - -[client_properties] -app = "FAF" diff --git a/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 b/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 index af69d27855..333ee413ea 100644 --- a/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 +++ b/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 @@ -4,7 +4,9 @@ WSGIPythonOptimize 1 WSGISocketPrefix {{ faf_spool_dir }}/wsgi WSGIDaemonProcess faf user=faf group=faf processes=3 threads=5 -WSGIScriptAlias /{{ url_suffix }} /usr/lib/{{ faf_python_version }}/site-packages/webfaf/hub.wsgi process-group=faf application-group=%{GLOBAL} +{% set python = 'python2.7' %} + +WSGIScriptAlias /{{ url_suffix }} /usr/lib/{{ python }}/site-packages/webfaf/hub.wsgi process-group=faf application-group=%{GLOBAL} @@ -19,7 +21,7 @@ WSGIScriptAlias /{{ url_suffix }} /usr/lib/{{ faf_python_version }}/site-package # project main - + Options Indexes IndexOptions FancyIndexing diff --git a/roles/abrt/requirements.yml b/roles/abrt/requirements.yml index a2d6f8bb51..6295e31cee 100644 --- a/roles/abrt/requirements.yml +++ b/roles/abrt/requirements.yml @@ -1,9 +1,6 @@ # Install a role from GitHub ---- - name: faf src: https://github.com/abrt/ansible-role-faf.git - version: master - name: retrace src: https://github.com/abrt/ansible-role-retrace-server.git - version: master diff --git a/roles/abrt/retrace-local-pre/tasks/main.yml b/roles/abrt/retrace-local-pre/tasks/main.yml new file mode 100644 index 0000000000..b02502d57b --- /dev/null +++ b/roles/abrt/retrace-local-pre/tasks/main.yml @@ -0,0 +1,21 @@ +--- +- file: + path: /srv/retrace/repos + state: directory + mode: 0755 + owner: retrace + group: retrace + +- file: + path: /srv/retrace/tasks + state: directory + mode: 0755 + owner: retrace + group: retrace + +- file: + path: /srv/retrace/hardlink-local + state: directory + mode: 0755 + owner: retrace + group: retrace diff --git a/roles/abrt/retrace-local/defaults/main.yml b/roles/abrt/retrace-local/defaults/main.yml new file mode 100644 index 0000000000..cd32bde882 --- /dev/null +++ b/roles/abrt/retrace-local/defaults/main.yml @@ -0,0 +1,9 @@ +--- + +# List of fedora versions for reposync +rs_internal_fedora_vers: [25, 26, 27, rawhide] +rs_internal_fedora_vers_removed: [24] + +# List of architectures for reposync +# armhfp disabled untill we get more space +rs_internal_arch_list: [x86_64, i386] diff --git a/roles/abrt/faf-pre/defaults/main.yml b/roles/abrt/retrace-local/handlers/main.yml similarity index 100% rename from roles/abrt/faf-pre/defaults/main.yml rename to roles/abrt/retrace-local/handlers/main.yml diff --git a/roles/abrt/retrace-local/tasks/cron.yml b/roles/abrt/retrace-local/tasks/cron.yml new file mode 100644 index 0000000000..5e7a7f68f9 --- /dev/null +++ b/roles/abrt/retrace-local/tasks/cron.yml @@ -0,0 +1,43 @@ +--- + +- name: Create cron job for retrace-server + cron: + name: "rs reposync fedora {{ item[0] }} {{ item[1] }}" + user: retrace + job: "/usr/bin/retrace-server-reposync fedora {{ item[0] }} {{ item[1] }} >> /var/log/retrace-server/reposync_error.log 2>&1" + special_time: daily + state: present + with_nested: + - "{{ rs_internal_fedora_vers }}" + - "{{ rs_internal_arch_list }}" + when: not devel + +- name: Remove obsolete cron job for retrace-server + cron: + name: "rs reposync fedora {{ item[0] }} {{ item[1] }}" + user: retrace + job: "/usr/bin/retrace-server-reposync fedora {{ item[0] }} {{ item[1] }} >> /var/log/retrace-server/reposync_error.log 2>&1" + special_time: daily + state: absent + with_nested: + - "{{ rs_internal_fedora_vers_removed }}" + - "{{ rs_internal_arch_list }}" + when: not devel + +- name: Create cron job for retrace-server + cron: + name: "rs reposync centos 7 x86_64" + user: retrace + job: "/usr/bin/retrace-server-reposync centos 7 x86_64 >> /var/log/retrace-server/reposync_error.log 2>&1" + special_time: daily + state: present + when: not devel + +- name: Create cron job for retrace-server + cron: + name: "retrace-server-cleanup" + user: retrace + job: "/usr/bin/retrace-server-cleanup >> /var/log/retrace-server/cleanup_error.log 2>&1" + special_time: daily + state: present + when: not devel diff --git a/roles/abrt/retrace-local/tasks/main.yml b/roles/abrt/retrace-local/tasks/main.yml new file mode 100644 index 0000000000..1b06bcbe42 --- /dev/null +++ b/roles/abrt/retrace-local/tasks/main.yml @@ -0,0 +1,8 @@ +--- + +# Setup retrace-server +- import_tasks: retrace_setup.yml + +# Set up cron jobs for retrace-server +- import_tasks: cron.yml + tags: cron diff --git a/roles/abrt/retrace-local/tasks/retrace_setup.yml b/roles/abrt/retrace-local/tasks/retrace_setup.yml new file mode 100644 index 0000000000..bab02341d5 --- /dev/null +++ b/roles/abrt/retrace-local/tasks/retrace_setup.yml @@ -0,0 +1,39 @@ +--- + +- name: reposync for fedora + command: retrace-server-reposync fedora {{ item[0] }} {{ item[1] }} + with_nested: + - "{{ rs_internal_fedora_vers }}" + - "{{ rs_internal_arch_list }}" + become: yes + become_user: retrace + tags: [rs_reposync, rs_fedora] + when: not devel + +- name: reposync for centos + command: retrace-server-reposync centos 7 x86_64 + become: yes + become_user: retrace + tags: [rs_reposync, rs_fedora] + when: not devel + +- file: + path: /srv/retrace/repos + state: directory + mode: 0755 + owner: retrace + group: retrace + +- file: + path: /srv/retrace/tasks + state: directory + mode: 0755 + owner: retrace + group: retrace + +- file: + path: /srv/retrace/hardlink-local + state: directory + mode: 0755 + owner: retrace + group: retrace diff --git a/roles/abrt/retrace-post/defaults/main.yml b/roles/abrt/retrace-post/defaults/main.yml deleted file mode 100644 index 89e3534fb0..0000000000 --- a/roles/abrt/retrace-post/defaults/main.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- - -# List of Fedora versions for reposync -rs_internal_fedora_vers: [33, 34, rawhide] -rs_internal_fedora_vers_removed: [24, 25, 26, 27, 28, 29, 30, 31, 32] - -# List of CentOS versions for reposync -rs_internal_centos_vers: [7, 8] - -# List of architectures for reposync -# armhfp disabled untill we get more space -rs_internal_arch_list: [x86_64] diff --git a/roles/abrt/retrace-post/handlers/main.yml b/roles/abrt/retrace-post/handlers/main.yml deleted file mode 100644 index ed97d539c0..0000000000 --- a/roles/abrt/retrace-post/handlers/main.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/roles/abrt/retrace-post/tasks/cron.yml b/roles/abrt/retrace-post/tasks/cron.yml deleted file mode 100644 index 772cb8a143..0000000000 --- a/roles/abrt/retrace-post/tasks/cron.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -- name: Create retrace-server reposync cron jobs for active Fedora versions - loop: "{{ rs_internal_fedora_vers | product(rs_internal_arch_list) | list }}" - when: "{{ item[1] != 'source' }}" - cron: - name: "rs reposync fedora {{ item[0] }} {{ item[1] }}" - user: retrace - job: "/usr/bin/retrace-server-reposync fedora {{ item[0] }} {{ item[1] }} >> /var/log/retrace-server/reposync_error.log 2>&1" - special_time: daily - state: present - -- name: Remove retrace-server reposync cron jobs of removed Fedora versions - loop: "{{ rs_internal_fedora_vers_removed | product(rs_internal_arch_list) | list }}" - when: "{{ item[1] != 'source' }}" - cron: - name: "rs reposync fedora {{ item[0] }} {{ item[1] }}" - user: retrace - job: "/usr/bin/retrace-server-reposync fedora {{ item[0] }} {{ item[1] }} >> /var/log/retrace-server/reposync_error.log 2>&1" - special_time: daily - state: absent - -- name: Create retrace-server reposync cron jobs for CentOS - cron: - name: "rs reposync centos {{ item }} x86_64" - user: retrace - job: "/usr/bin/retrace-server-reposync centos {{ item }} x86_64 >> /var/log/retrace-server/reposync_error.log 2>&1" - special_time: daily - state: present - loop: "{{ rs_internal_centos_vers }}" - -- name: Create retrace-server cleanup cron job - cron: - name: "retrace-server-cleanup" - user: retrace - job: "/usr/bin/retrace-server-cleanup >> /var/log/retrace-server/cleanup_error.log 2>&1" - special_time: daily - state: present - -- name: Create cron job for retrace-server - cron: - name: "podman prune" - user: retrace - job: "/usr/bin/podman system prune --all --force >> /var/log/retrace-server/podman_prune.log 2>&1" - special_time: daily - state: present diff --git a/roles/abrt/retrace-post/tasks/main.yml b/roles/abrt/retrace-post/tasks/main.yml deleted file mode 100644 index 3c905f5d7a..0000000000 --- a/roles/abrt/retrace-post/tasks/main.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- - -# Setup retrace-server -- import_tasks: retrace_setup.yml - -# Set up production cron jobs for retrace-server -- import_tasks: cron.yml - tags: cron - when: env != 'staging' diff --git a/roles/abrt/retrace-post/tasks/retrace_setup.yml b/roles/abrt/retrace-post/tasks/retrace_setup.yml deleted file mode 100644 index 7820970a25..0000000000 --- a/roles/abrt/retrace-post/tasks/retrace_setup.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- - -# long running tasks - run them in background - we do not actually care about the results -- name: Reposync for fedora - ansible.builtin.shell: nohup retrace-server-reposync fedora {{ item[0] }} {{ item[1] }} $(mktemp /tmp/ansible.reposync_for_fedoraXXXXXX.log) & - loop: "{{ rs_internal_fedora_vers | product(rs_internal_arch_list) | list }}" - become: yes - become_user: retrace - tags: [rs_reposync, rs_fedora] - when: env != 'staging' - -- name: Reposync for centos - ansible.builtin.shell: nohup retrace-server-reposync centos {{ item }} x86_64 $(mktemp /tmp/ansible.reposync_for_centosXXXXXX.log) & - loop: "{{ rs_internal_centos_vers }}" - become: yes - become_user: retrace - tags: [rs_reposync, rs_fedora] - when: env != 'staging' - -- ansible.builtin.file: - path: /srv/retrace/repos - state: directory - mode: "0755" - owner: retrace - group: retrace - -- ansible.builtin.file: - path: /srv/retrace/tasks - state: directory - mode: "0755" - owner: retrace - group: retrace - -- ansible.builtin.file: - path: /srv/retrace/hardlink-local - state: directory - mode: "0755" - owner: retrace - group: retrace diff --git a/roles/abrt/retrace-pre/defaults/main.yml b/roles/abrt/retrace-pre/defaults/main.yml deleted file mode 100644 index 490f879e53..0000000000 --- a/roles/abrt/retrace-pre/defaults/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -retrace_user_home: /srv/retrace/home -retrace_user_uid_gid: 174 diff --git a/roles/abrt/retrace-pre/tasks/main.yml b/roles/abrt/retrace-pre/tasks/main.yml deleted file mode 100644 index 4c1a5239de..0000000000 --- a/roles/abrt/retrace-pre/tasks/main.yml +++ /dev/null @@ -1,67 +0,0 @@ ---- -- name: Make sure retrace user exists - user: - name: retrace - group: retrace - system: yes - create_home: no - register: retrace_user_info - -- name: Ensure retrace user has correct UID and home directory - when: > - retrace_user_info.changed or - retrace_user_info.uid != retrace_user_uid_gid or - retrace_user_info.home != retrace_user_home - block: - - name: Stop httpd service before modifying user - service: - name: httpd - state: stopped - - # Create UID with our reserved UID. This is normaly done during the - # installation of the retrace-server package but it's not yet installed - # at this momement. - - name: Ensure correct UID and home directory - user: - name: retrace - uid: "{{ retrace_user_uid_gid }}" - home: "{{ retrace_user_home }}" - create_home: yes - - # NOTE: We do not attempt to change the GID here if it's incorrect - # since groups are not managed locally (via /etc/group) on these servers. - # TODO: Find the correct way to do this and if it's even necessary. - # - name: Ensure correct GID - # group: - # name: retrace - # gid: "{{ retrace_user_uid_gid }}" - # system: yes - # state: present - - - name: Restart httpd service after modifications are done - service: - name: httpd - state: started - -- name: Create directory for repositories - ansible.builtin.file: - path: /srv/retrace/repos - state: directory - mode: "0755" - owner: retrace - group: retrace - -- name: Create directory for retrace tasks - ansible.builtin.file: - path: /srv/retrace/tasks - state: directory - mode: "0755" - owner: retrace - group: retrace - -- ansible.builtin.file: - path: /srv/retrace/hardlink-local - state: directory - mode: "0755" - owner: retrace - group: retrace diff --git a/roles/abrt/retrace/.github/workflows/ansible-lint.yml b/roles/abrt/retrace/.github/workflows/ansible-lint.yml deleted file mode 100644 index a4860216e1..0000000000 --- a/roles/abrt/retrace/.github/workflows/ansible-lint.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -name: Check Ansible Role - -on: # yamllint disable-line rule:truthy - push: - branches: [master] - pull_request: - branches: [master] - -jobs: - lint: - # The GitHub-hosted runners don’t do Fedora - runs-on: ubuntu-latest - - steps: - - name: Check out sources - uses: actions/checkout@v2 - - - name: Lint - uses: ansible/ansible-lint-action@master - with: - targets: ./ diff --git a/roles/abrt/retrace/defaults/main.yml b/roles/abrt/retrace/defaults/main.yml index 8757afb331..3a64a79a2d 100644 --- a/roles/abrt/retrace/defaults/main.yml +++ b/roles/abrt/retrace/defaults/main.yml @@ -15,9 +15,6 @@ rs_allow_interactive: false # Allow X-CoreFileDirectory header rs_allow_external_dir: false -# Expose metrics for monitoring via Prometheus -rs_allow_metrics: true - # Allow to create tasks owned by task manager (security risk) rs_allow_task_manager: false @@ -87,6 +84,12 @@ rs_save_dir: /var/spool/retrace-server # Directory where old tasks are moved rs_drop_dir: /srv/retrace/archive +# Whether to use explicit working directory, otherwise default mock settings are used +rs_use_work_dir: false + +# Working directory +rs_work_dir: /tmp/retrace-server + # Whether to use createrepo's --update option (faster, but requires a lot of memory) rs_use_createrepo_update: false @@ -96,9 +99,6 @@ rs_keep_rawhide_latest: 3 # Repo used to install chroot for vmcores rs_kernel_chroot_repo: http://dl.fedoraproject.org/pub/fedora/linux/releases/16/Everything/$ARCH/os/ -# Path to the kernel (vmcore) debugger -rs_kernel_debugger_path: /usr/bin/crash - # Koji directory structure can be used to search for kernel debuginfo rs_koji_root: /mnt/koji @@ -126,18 +126,20 @@ rs_kernel_debuginfo_url: http://kojipkgs.fedoraproject.org/packages/$BASENAME/$V # Run makedumpfile with specified dumplevel; <= 0 or >= 32 means disabled rs_vmcore_dump_level: 0 +# Whether to run kmem command by default (this may take a long time on large vmcores) +# 1 => run 'kmem -f'; 2 => run 'kmem -f' with 'set hash off'; 3 => run 'kmem -z'; anything else => do not run kmem +rs_vmcore_run_kmem: 0 + # EXPERIMENTAL! Use ABRT Server's storage to map build-ids # into debuginfo packages and resolve dependencies # Requires support from ABRT Server rs_use_faf_packages: false -# Spool directory for FAF packages +# where faf store data faf_spool_dir: /var/spool/faf -# Run the retrace in a Mock chroot (default), a Podman container, -# or on the native machine. -# (mock|podman|native) -rs_retrace_environment: podman +# Where to hardlink faf packages +rs_faf_link_dir: "{{ faf_spool_dir }}/retrace-tmp" # Whether to enable e-mail notifications rs_email_notify: false @@ -145,38 +147,6 @@ rs_email_notify: false # Who sends the e-mail notifications rs_email_notify_from_user: retrace -# Calculate md5sum for remote resources - changeable on manager page -rs_calculate_md5: 0 - -# URL of Bugzilla -rs_bugzilla_url: "https://bugzilla.redhat.com" -# Custom path to the file with Bugzilla credentials, stored in format: -# [bugzilla.yoursite.com] -# user = -# password = -# If not set checks for credentials in: -# ~/.config/python-bugzilla/bugzillarc, ~/.bugzillarc, /etc/bugzillarc -rs_bugzilla_credentials_path: - -# Clean up tasks with assigned bugzilla bugs in following states -# NEW, ASSIGNED, ON_DEV, POST, MODIFIED, ON_QA, VERIFIED, RELEASE_PENDING, CLOSED -rs_bugzilla_status: "VERIFIED, RELEASE_PENDING, CLOSED" - -# Search query options for bugzilla bugs -rs_bugzilla_product: "Red Hat Enterprise Linux 7" - -rs_bugzilla_component: "kernel" - -# Number and order of values in TriggerWords and RegExes should be identical -# Trigger words to look for in the text of bugzilla bugs -rs_bugzilla_triggerwords: "retrace-server-interact, retrace/tasks" - -# Regular expressions used to get task numbers from the text of bugzilla bugs -rs_bugzilla_regexes: "retrace-server-interact\\s+([0-9]{9}), /var/spool/retrace-server/([0-9]{9})/crash/vmcore" - -# Timeout (in seconds) for communication with any process -rs_process_communicate_timeout: 3600 - rs_archhosts: - { arch: i386, url: } - { arch: x86_64, url: } @@ -184,6 +154,27 @@ rs_archhosts: - { arch: armhfp, url: } - { arch: s390x, url: } +# Parameters are replaced using python's format. +# Available parameters: hook_name, task_id, task_dir +# Example: pre_start = /bin/echo {hook_name} {task_id} {task_dir} +# When worker.start() is called +rs_hookscripts: + - { hook: pre_start, cmd: } + - { hook: start, cmd: } + - { hook: pre_prepare_debuginfo, cmd: } + - { hook: post_prepare_debuginfo, cmd: } + - { hook: pre_prepare_mock, cmd: } + - { hook: post_prepare_mock, cmd: } + - { hook: pre_retrace, cmd: } + - { hook: post_retrace, cmd: } + - { hook: success, cmd: } + - { hook: fail, cmd: } + - { hook: pre_remove_task, cmd: } + - { hook: post_remove_task, cmd: } + - { hook: pre_clean_task, cmd: } + - { hook: post_clean_task, cmd: } + + # Force package reinstall rs_force_reinstall: false @@ -192,10 +183,3 @@ rs_check_health: true # Hostname hostname: example.org - -# Path to the executable hook scripts -# see https://github.com/abrt/retrace-server/wiki/Hook-scripts -rs_executable_hooks_path: "/usr/libexec/retrace-server/hooks/" - -# Global time limit for hook scripts (in seconds) -rs_global_hook_timeout: 300 diff --git a/roles/abrt/retrace/handlers/main.yml b/roles/abrt/retrace/handlers/main.yml index 23d49bd16e..e379288d84 100644 --- a/roles/abrt/retrace/handlers/main.yml +++ b/roles/abrt/retrace/handlers/main.yml @@ -1,5 +1,3 @@ --- -- name: Restart httpd - service: - name: httpd - state: restarted +- name: restart httpd + service: name=httpd state=restarted diff --git a/roles/abrt/retrace/meta/.galaxy_install_info b/roles/abrt/retrace/meta/.galaxy_install_info index 4e65b113df..4e5f81968e 100644 --- a/roles/abrt/retrace/meta/.galaxy_install_info +++ b/roles/abrt/retrace/meta/.galaxy_install_info @@ -1,2 +1 @@ -install_date: Thu May 27 08:27:12 2021 -version: master +{install_date: 'Tue Jul 4 08:34:40 2017', version: ''} diff --git a/roles/abrt/retrace/meta/main.yml b/roles/abrt/retrace/meta/main.yml index 6674d7862e..dc9c449d10 100644 --- a/roles/abrt/retrace/meta/main.yml +++ b/roles/abrt/retrace/meta/main.yml @@ -1,18 +1,19 @@ --- galaxy_info: author: sorki - description: Retrace Server deployment + description: Deploy retrace-server license: BSD - min_ansible_version: 2.8 + min_ansible_version: 1.9 platforms: - - name: EL - versions: - - 7 - - 8 - - name: Fedora - versions: - - 33 - - 34 - - 35 - galaxy_tags: - - system + - name: EL + versions: + - 7 + - name: Fedora + versions: + - 21 + - 22 + - 23 + categories: + - system +#dependencies: +# - { role: httpd } diff --git a/roles/abrt/retrace/tasks/check.yml b/roles/abrt/retrace/tasks/check.yml index 71ef57a42a..d4411b0653 100644 --- a/roles/abrt/retrace/tasks/check.yml +++ b/roles/abrt/retrace/tasks/check.yml @@ -4,20 +4,15 @@ - meta: flush_handlers -- name: Set settings_url fact - set_fact: - settings_url: "https://{{ hostname }}/settings" +- set_fact: + settings_url: "https://{{ ansible_default_ipv4.address }}/settings" -- name: Fetch settings - uri: - url: "{{ settings_url }}" - return_content: yes - validate_certs: no +- name: fetch settings + local_action: uri url={{ settings_url }} + return_content=yes + validate_certs=no register: uri_res - check_mode: no - delegate_to: localhost -- name: Fail if /settings does not contain supported_releases - fail: msg="{{ settings_url }} doesn't contain supported_releases" +- fail: msg="{{ settings_url }} doesn't contain supported_releases" when: "'supported_releases' not in uri_res.content" diff --git a/roles/abrt/retrace/tasks/config.yml b/roles/abrt/retrace/tasks/config.yml index dc622c4356..ce1ff3dca9 100644 --- a/roles/abrt/retrace/tasks/config.yml +++ b/roles/abrt/retrace/tasks/config.yml @@ -1,21 +1,10 @@ --- -- name: Configure retrace-server - ansible.builtin.template: - src: etc-retrace-server.conf.j2 - dest: /etc/retrace-server/retrace-server.conf - mode: "0644" - notify: Restart httpd +- name: configure retrace-server + template: src=etc-retrace-server.conf.j2 + dest=/etc/retrace-server.conf + notify: restart httpd -- name: Retrace-server http config - ansible.builtin.template: - src: retrace-server-httpd.conf.j2 - dest: /etc/httpd/conf.d/retrace-server-httpd.conf - mode: "0644" - notify: Restart httpd - -- name: Configure retrace-server hooks config - ansible.builtin.template: - src: etc-retrace-server-hooks.conf.j2 - dest: /etc/retrace-server/retrace-server-hooks.conf - mode: "0644" - notify: Restart httpd +- name: retrace-server http config + template: src=retrace-server-httpd.conf.j2 + dest=/etc/httpd/conf.d/retrace-server-httpd.conf + notify: restart httpd diff --git a/roles/abrt/retrace/tasks/install.yml b/roles/abrt/retrace/tasks/install.yml index 000a9b7b3b..7acb10f471 100644 --- a/roles/abrt/retrace/tasks/install.yml +++ b/roles/abrt/retrace/tasks/install.yml @@ -1,11 +1,7 @@ --- -- name: Erase retrace-server packages - ansible.builtin.package: - name: retrace-server - state: absent - when: rs_force_reinstall|bool +- name: erase retrace-server packages + package: name=retrace-server state=absent + when: rs_force_reinstall -- name: Install retrace-server package - ansible.builtin.package: - name: retrace-server - state: present +- name: install retrace-server package + yum : name=retrace-server state=present diff --git a/roles/abrt/retrace/tasks/main.yml b/roles/abrt/retrace/tasks/main.yml index aea0c93c3e..9b6d63e222 100644 --- a/roles/abrt/retrace/tasks/main.yml +++ b/roles/abrt/retrace/tasks/main.yml @@ -5,17 +5,14 @@ # Set up use of FAF packages - import_tasks: usefafpkgs.yml - when: rs_use_faf_packages|bool + when: rs_use_faf_packages tags: [rs, use_faf_packages] # Configure retrace-server - import_tasks: config.yml tags: [rs, config] -- import_tasks: podman.yml - tags: [rs, podman] - # Check functionality of the retrace-server - import_tasks: check.yml - when: rs_check_health|bool + when: rs_check_health tags: [rs, check] diff --git a/roles/abrt/retrace/tasks/podman.yml b/roles/abrt/retrace/tasks/podman.yml deleted file mode 100644 index 246bd2dc31..0000000000 --- a/roles/abrt/retrace/tasks/podman.yml +++ /dev/null @@ -1,65 +0,0 @@ ---- -- name: Install Podman package - ansible.builtin.package: - name: podman - state: present - -- name: Stop httpd to allow retrace user modification - service: - name: httpd - state: stopped - -- name: Check if subuid is set for retrace user - ansible.builtin.command: cat /etc/subuid - changed_when: false - register: retrace_subuid - -- block: - - name: Get last subuid entry - ansible.builtin.shell: | - set -o pipefail - sort -nrt: -k2 /etc/subuid | awk -F: 'NR == 1 { print $2 }' - changed_when: false - register: t_subuid - args: - executable: /usr/bin/bash - - - name: Set variables for min and max subuid - set_fact: - rs_subuid_min: "{{ t_subuid.stdout | default(100000) | int + 65536 }}" - rs_subuid_max: "{{ t_subuid.stdout | default(100000) | int + 2 * 65536 - 1 }}" - - - name: Set subuid for retrace user. - ansible.builtin.command: usermod retrace --add-subuids "{{ rs_subuid_min }}-{{ rs_subuid_max }}" - - when: '"retrace" not in retrace_subuid.stdout' - -- name: Check if subgid is set for retrace user - ansible.builtin.command: cat /etc/subgid - changed_when: false - register: retrace_subgid - -- block: - - name: Get last subgid entry - ansible.builtin.shell: | - set -o pipefail - cut -d ':' -f2 /etc/subgid | sort | tail -1 - changed_when: false - register: t_subgid - args: - executable: /usr/bin/bash - - - name: Set variables for min and max subgid - set_fact: - rs_subgid_min: "{{ t_subgid.stdout | default(100000) | int + 65536 }}" - rs_subgid_max: "{{ t_subgid.stdout | default(100000) | int + 2 * 65536 - 1 }}" - - - name: Set subgid for retrace user - ansible.builtin.command: usermod retrace --add-subgids "{{ rs_subgid_min }}-{{ rs_subgid_max }}" - - when: '"retrace" not in retrace_subgid.stdout' - -- name: Start httpd after retrace user modification - service: - name: httpd - state: started diff --git a/roles/abrt/retrace/tasks/usefafpkgs.yml b/roles/abrt/retrace/tasks/usefafpkgs.yml index d2a34c29de..5a589db84b 100644 --- a/roles/abrt/retrace/tasks/usefafpkgs.yml +++ b/roles/abrt/retrace/tasks/usefafpkgs.yml @@ -1,14 +1,33 @@ --- -- name: Check if faf is installed - ansible.builtin.command: rpm -q faf +- name: check if faf installed + command: rpm -q faf + args: + warn: no changed_when: false -- name: Add user retrace to faf db - postgresql_user: - db: faf - name: retrace - priv: ALL - role_attr_flags: SUPERUSER - state: present +- name: add user retrace to faf db + postgresql_user: db=faf + name=retrace + priv=ALL + role_attr_flags=SUPERUSER + state=present become: yes become_user: postgres + +# for already existing files/dirs +- name: ACL for user retrace + acl: path="{{ faf_spool_dir }}/lob" state=present recursive=yes + entity=retrace etype=user permissions=rwX + +# for files/dirs created in future +- name: default ACL for user retrace + acl: path="{{ faf_spool_dir }}/lob" state=present recursive=yes default=yes + entity=retrace etype=user permissions=rwX + +- name: check for hardlink dir + stat: path={{ rs_faf_link_dir }} + register: rsdir + +- name: make dir for hardlinks + file: path={{ rs_faf_link_dir }} state=directory owner=retrace group=retrace + when: rsdir.stat.exists == False diff --git a/roles/abrt/retrace/templates/etc-retrace-server-hooks.conf.j2 b/roles/abrt/retrace/templates/etc-retrace-server-hooks.conf.j2 deleted file mode 100644 index 278057b0dd..0000000000 --- a/roles/abrt/retrace/templates/etc-retrace-server-hooks.conf.j2 +++ /dev/null @@ -1,8 +0,0 @@ -#{{ ansible_managed }} - -[main] -# Path to the executable hook scripts -HookDir = {{ rs_executable_hooks_path }} - -# Global time limit for hook scripts (in seconds) -Timeout = {{ rs_global_hook_timeout }} diff --git a/roles/abrt/retrace/templates/etc-retrace-server.conf.j2 b/roles/abrt/retrace/templates/etc-retrace-server.conf.j2 index d36c7b77f9..edda02fab5 100644 --- a/roles/abrt/retrace/templates/etc-retrace-server.conf.j2 +++ b/roles/abrt/retrace/templates/etc-retrace-server.conf.j2 @@ -21,9 +21,6 @@ AllowInteractive = {{ rs_allow_interactive|int }} # Allow X-CoreFileDirectory header AllowExternalDir = {{ rs_allow_external_dir|int }} -# Expose metrics for monitoring via Prometheus -AllowMetrics = {{ rs_allow_metrics|int }} - # Allow to create tasks owned by task manager (security risk) AllowTaskManager = {{ rs_allow_task_manager|int }} @@ -94,6 +91,12 @@ SaveDir = {{ rs_save_dir }} # Directory where old tasks are moved DropDir = {{ rs_drop_dir }} +# Whether to use explicit working directory, otherwise default mock settings are used +UseWorkDir = {{ rs_use_work_dir|int }} + +# Working directory +WorkDir = {{ rs_work_dir }} + # Whether to use createrepo's --update option (faster, but requires a lot of memory) UseCreaterepoUpdate = {{ rs_use_createrepo_update|int }} @@ -130,18 +133,17 @@ KernelDebuginfoURL = {{ rs_kernel_debuginfo_url }} # Run makedumpfile with specified dumplevel; <= 0 or >= 32 means disabled VmcoreDumpLevel = {{ rs_vmcore_dump_level|int }} +# Whether to run kmem command by default (this may take a long time on large vmcores) +# 1 => run 'kmem -f'; 2 => run 'kmem -f' with 'set hash off'; 3 => run 'kmem -z'; anything else => do not run kmem +VmcoreRunKmem = {{ rs_vmcore_run_kmem|int }} + # EXPERIMENTAL! Use ABRT Server's storage to map build-ids # into debuginfo packages and resolve dependencies # Requires support from ABRT Server UseFafPackages = {{ rs_use_faf_packages|int }} -# Spool directory for FAF packages -FafLinkDir = {{ faf_spool_dir }} - -# Run the retrace in a Mock chroot (default), a Podman container, -# or on the native machine. -# (mock|podman|native) -RetraceEnvironment = {{ rs_retrace_environment }} +# Where to hardlink faf packages +FafLinkDir = {{ rs_faf_link_dir }} # Whether to enable e-mail notifications EmailNotify = {{ rs_email_notify|int }} @@ -149,37 +151,12 @@ EmailNotify = {{ rs_email_notify|int }} # Who sends the e-mail notifications EmailNotifyFrom = {{ rs_email_notify_from_user }}@{{ hostname }} -# Calculate md5sum for remote resources - changeable on manager page -CalculateMd5 = {{ rs_calculate_md5 }} - -# URL of Bugzilla -BugzillaURL = {{ rs_bugzilla_url }} -# Custom path to the file with Bugzilla credentials, stored in format: -# [bugzilla.yoursite.com] -# user = -# password = -# If not set checks for credentials in: -# ~/.config/python-bugzilla/bugzillarc, ~/.bugzillarc, /etc/bugzillarc -BugzillaCredentials = {{ rs_bugzilla_credentials_path }} -# Clean up tasks with assigned bugzilla bugs in following states -# NEW, ASSIGNED, ON_DEV, POST, MODIFIED, ON_QA, VERIFIED, RELEASE_PENDING, CLOSED -BugzillaStatus = {{ rs_bugzilla_status }} -# Search query options for bugzilla bugs -BugzillaProduct = {{ rs_bugzilla_product }} -BugzillaComponent = {{ rs_bugzilla_component }} -# Number and order of values in TriggerWords and RegExes should be identical -# Trigger words to look for in the text of bugzilla bugs -BugzillaTriggerWords = {{ rs_bugzilla_triggerwords }} -# Regular expressions used to get task numbers from the text of bugzilla bugs -BugzillaRegExes = {{ rs_bugzilla_regexes }} - -# Timeout (in seconds) for communication with any process -ProcessCommunicateTimeout = {{ rs_process_communicate_timeout|int }} - -# Path to the kernel (vmcore) debugger -KernelDebuggerPath = {{ rs_kernel_debugger_path }} - [archhosts] {% for a in rs_archhosts %} {{ a.arch }} = {{ a.url|default('', true) }} {% endfor %} + +[hookscripts] +{% for h in rs_hookscripts %} +{{ h.hook }} = {{ h.cmd|default('', true) }} +{% endfor %} diff --git a/roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 b/roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 index f0731548ad..8e65e3af30 100644 --- a/roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 +++ b/roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 @@ -7,7 +7,6 @@ WSGIScriptAliasMatch ^/manager(/.*)?$ /usr/share/retrace-server/manager.wsgi WSGIScriptAliasMatch ^/ftp(/.*)?$ /usr/share/retrace-server/ftp.wsgi WSGIScriptAliasMatch ^/settings$ /usr/share/retrace-server/settings.wsgi WSGIScriptAliasMatch ^/create$ /usr/share/retrace-server/create.wsgi -WSGIScriptAliasMatch ^/metrics$ /usr/share/retrace-server/metrics.wsgi WSGIScriptAliasMatch ^/stats$ /usr/share/retrace-server/stats.wsgi WSGIScriptAliasMatch ^/checkpackage$ /usr/share/retrace-server/checkpackage.wsgi WSGIScriptAliasMatch ^/[0-9]+/?$ /usr/share/retrace-server/status.wsgi @@ -32,9 +31,8 @@ WSGIScriptAliasMatch ^/$ /usr/share/retrace-server/index.wsgi - + WSGIProcessGroup retrace - WSGIApplicationGroup %{GLOBAL} Options -Indexes -FollowSymLinks # Apache 2.4 @@ -47,9 +45,4 @@ WSGIScriptAliasMatch ^/$ /usr/share/retrace-server/index.wsgi -Alias /repos {{ rs_repo_dir }} - - Require all granted - Options Indexes FollowSymLinks - IndexOptions FancyIndexing - +Alias /repos /var/cache/retrace-server diff --git a/roles/anitya/backend/files/anitya.cron b/roles/anitya/backend/files/anitya.cron new file mode 100644 index 0000000000..d208839ae8 --- /dev/null +++ b/roles/anitya/backend/files/anitya.cron @@ -0,0 +1,3 @@ +# Checks bi-daily for new versions +# +10 */12 * * * root time ANITYA_WEB_CONFIG=/etc/anitya/anitya.cfg /usr/local/bin/lock-wrapper anitya /usr/share/anitya/anitya_cron.py diff --git a/roles/pagure/files/backup-database b/roles/anitya/backend/files/backup-database similarity index 100% rename from roles/pagure/files/backup-database rename to roles/anitya/backend/files/backup-database diff --git a/roles/anitya/backend/files/pg_hba.conf b/roles/anitya/backend/files/pg_hba.conf new file mode 100644 index 0000000000..db350f8fdf --- /dev/null +++ b/roles/anitya/backend/files/pg_hba.conf @@ -0,0 +1,80 @@ +# PostgreSQL Client Authentication Configuration File +# =================================================== +# +# Refer to the PostgreSQL Administrator's Guide, chapter "Client +# Authentication" for a complete description. A short synopsis +# follows. +# +# This file controls: which hosts are allowed to connect, how clients +# are authenticated, which PostgreSQL user names they can use, which +# databases they can access. Records take one of these forms: +# +# local DATABASE USER METHOD [OPTION] +# host DATABASE USER CIDR-ADDRESS METHOD [OPTION] +# hostssl DATABASE USER CIDR-ADDRESS METHOD [OPTION] +# hostnossl DATABASE USER CIDR-ADDRESS METHOD [OPTION] +# +# (The uppercase items must be replaced by actual values.) +# +# The first field is the connection type: "local" is a Unix-domain socket, +# "host" is either a plain or SSL-encrypted TCP/IP socket, "hostssl" is an +# SSL-encrypted TCP/IP socket, and "hostnossl" is a plain TCP/IP socket. +# +# DATABASE can be "all", "sameuser", "samerole", a database name, or +# a comma-separated list thereof. +# +# USER can be "all", a user name, a group name prefixed with "+", or +# a comma-separated list thereof. In both the DATABASE and USER fields +# you can also write a file name prefixed with "@" to include names from +# a separate file. +# +# CIDR-ADDRESS specifies the set of hosts the record matches. +# It is made up of an IP address and a CIDR mask that is an integer +# (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that specifies +# the number of significant bits in the mask. Alternatively, you can write +# an IP address and netmask in separate columns to specify the set of hosts. +# +# METHOD can be "trust", "reject", "md5", "crypt", "password", +# "krb5", "ident", or "pam". Note that "password" sends passwords +# in clear text; "md5" is preferred since it sends encrypted passwords. +# +# OPTION is the ident map or the name of the PAM service, depending on METHOD. +# +# Database and user names containing spaces, commas, quotes and other special +# characters must be quoted. Quoting one of the keywords "all", "sameuser" or +# "samerole" makes the name lose its special character, and just match a +# database or username with that name. +# +# This file is read on server startup and when the postmaster receives +# a SIGHUP signal. If you edit the file on a running system, you have +# to SIGHUP the postmaster for the changes to take effect. You can use +# "pg_ctl reload" to do that. + +# Put your actual configuration here +# ---------------------------------- +# +# If you want to allow non-local connections, you need to add more +# "host" records. In that case you will also need to make PostgreSQL listen +# on a non-local interface via the listen_addresses configuration parameter, +# or via the -i or -h command line switches. +# + +#@authcomment@ + +# TYPE DATABASE USER CIDR-ADDRESS METHOD + +#@remove-line-for-nolocal@# "local" is for Unix domain socket connections only +#@remove-line-for-nolocal@local all all @authmethod@ +# IPv4 local connections: +#host all all 127.0.0.1/32 @authmethod@ +# IPv6 local connections: +#host all all ::1/128 @authmethod@ + +local all all ident +host koji koji 10.5.128.166 255.255.255.255 md5 +host all all 0.0.0.0 0.0.0.0 md5 +# Note, I can't think of a reason to make this more restrictive than ipv4 but +# only fakefas needs it so far +host all all ::1/128 md5 + + diff --git a/roles/anitya/backend/handlers/main.yml b/roles/anitya/backend/handlers/main.yml new file mode 100644 index 0000000000..c51e7d1cc8 --- /dev/null +++ b/roles/anitya/backend/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart postgresql + service: name=postgresql state=restarted diff --git a/roles/anitya/backend/tasks/main.yml b/roles/anitya/backend/tasks/main.yml new file mode 100644 index 0000000000..ff367db22b --- /dev/null +++ b/roles/anitya/backend/tasks/main.yml @@ -0,0 +1,121 @@ +--- +# Configuration for the anitya webapp + +- name: install needed packages + package: name={{ item }} state=present update_cache=yes + with_items: + - anitya + - python-psycopg2 + - libsemanage-python + - postgresql-server + tags: + - packages + - anitya_backend + +- name: Initialize postgres if necessary + command: /usr/bin/postgresql-setup initdb + creates=/var/lib/pgsql/data + notify: + - restart postgresql + tags: + - anitya_backend + +- name: Set postgresql-server to run on boot + service: name=postgresql enabled=yes + ignore_errors: true + notify: + - restart postgresql + tags: + - service + - anitya_backend + +- name: Ensure postgres has a place to backup to + file: dest=/backups state=directory owner=postgres + tags: + - anitya_backend + +- name: Copy over backup scriplet + copy: src=backup-database dest=/usr/local/bin/backup-database mode=0755 + tags: + - anitya_backend + +- name: Set up some cronjobs to backup databases as configured + template: > + src=cron-backup-database + dest=/etc/cron.d/cron-backup-database-{{ item }} + with_items: + - anitya + tags: + - cron + - postgresql + +- name: Add our postgres config file. + copy: > + src={{ item }} + dest=/var/lib/pgsql/data/{{ item }} + owner=postgres + with_items: + - pg_hba.conf + notify: + - restart postgresql + tags: + - config + - postgresql + +- name: Let postgresql listen to '*' + command: sed -i -e "s|#listen_addresses = 'localhost'|listen_addresses = '*'|" /var/lib/pgsql/data/postgresql.conf + notify: + - restart postgresql + tags: + - anitya_backend + +- name: Set up some cronjobs to backup databases as configured + template: > + src=cron-backup-database + dest=/etc/cron.d/cron-backup-database-{{ item }} + with_items: + - "{{ dbs_to_backup }}" + when: dbs_to_backup != [] + tags: + - cron + - anitya_backend + +- name: copy sundry anitya configuration + template: src={{ item.file }} + dest={{ item.location }}/{{ item.dest }} + owner=root group=root mode=0600 + with_items: + - { file: anitya_admin.cfg, location: /etc/anitya, dest: anitya.cfg } + - { file: alembic.ini, location: /etc/anitya, dest: alembic.ini } + + changed_when: "1 != 1" + tags: + - config + - anitya_backend + +- name: create the database scheme + command: /usr/bin/python2 /usr/share/anitya/anitya_createdb.py + environment: + ANITYA_WEB_CONFIG: /etc/anitya/anitya.cfg + tags: + - anitya_backend + +- name: Install the configuration file of anitya + template: src={{ item.file }} + dest={{ item.location }}/{{ item.file }} + owner=root group=root mode=0600 + with_items: + - { file: anitya.cfg, location: /etc/anitya } + tags: + - config + - anitya_backend + +- name: Install the cron job + copy: src={{ item.file }} + dest={{ item.location }}/{{ item.file }} + with_items: + - { file: 'anitya.cron', location: /etc/cron.d } + tags: + - cron + - config + - anitya_backend diff --git a/roles/anitya/backend/templates/alembic.ini b/roles/anitya/backend/templates/alembic.ini new file mode 100644 index 0000000000..1b0d9333f5 --- /dev/null +++ b/roles/anitya/backend/templates/alembic.ini @@ -0,0 +1,59 @@ +# A generic, single database configuration. + +[alembic] +# path to migration scripts +script_location = /usr/share/anitya/alembic + +# template used to generate migration files +# file_template = %%(rev)s_%%(slug)s + +# max length of characters to apply to the +# "slug" field +#truncate_slug_length = 40 + +# set to 'true' to run the environment during +# the 'revision' command, regardless of autogenerate +# revision_environment = false + +# set to 'true' to allow .pyc and .pyo files without +# a source .py file to be detected as revisions in the +# versions/ directory +# sourceless = false + +#sqlalchemy.url = driver://user:pass@localhost/dbname +sqlalchemy.url = postgresql://{{ anitya_db_admin_user }}:{{ anitya_db_admin_pass }}@{{ anitya_db_host }}/{{ anitya_db_name }} + + +# Logging configuration +[loggers] +keys = root,sqlalchemy,alembic + +[handlers] +keys = console + +[formatters] +keys = generic + +[logger_root] +level = WARN +handlers = console +qualname = + +[logger_sqlalchemy] +level = WARN +handlers = +qualname = sqlalchemy.engine +[logger_alembic] +level = INFO +handlers = +qualname = alembic + +[handler_console] +class = StreamHandler +args = (sys.stderr,) +level = NOTSET +formatter = generic + +[formatter_generic] +format = %(levelname)-5.5s [%(name)s] %(message)s +datefmt = %H:%M:%S diff --git a/roles/anitya/backend/templates/anitya.cfg b/roles/anitya/backend/templates/anitya.cfg new file mode 100644 index 0000000000..5e886e91b0 --- /dev/null +++ b/roles/anitya/backend/templates/anitya.cfg @@ -0,0 +1,29 @@ +# Beware that the quotes around the values are mandatory + +### Secret key for the Flask application +SECRET_KEY='{{ anitya_secret_key }}' + +### url to the database server: +#DB_URL=mysql://user:pass@host/db_name +#DB_URL=postgres://user:pass@host/db_name +DB_URL='postgresql://{{ anitya_db_user }}:{{ anitya_db_pass }}@{{ anitya_db_host }}/{{ anitya_db_name }}' + +# List of admins based on their openid +CNUCNU_WEB_ADMINS = [ + 'http://ralph.id.fedoraproject.org/', + 'http://pingou.id.fedoraproject.org/', +] + +# Fedora OpenID endpoint +{% if env == 'staging' %} +CNUCNU_WEB_FEDORA_OPENID = 'https://id.stg.fedoraproject.org' +{% else %} +CNUCNU_WEB_FEDORA_OPENID = 'https://id.fedoraproject.org' +{% endif %} + + +# This is required to fix login +PREFERRED_URL_SCHEME='https' + +# Make browsers send session cookie only via HTTPS +SESSION_COOKIE_SECURE = True diff --git a/roles/anitya/backend/templates/anitya_admin.cfg b/roles/anitya/backend/templates/anitya_admin.cfg new file mode 100644 index 0000000000..04ce54da74 --- /dev/null +++ b/roles/anitya/backend/templates/anitya_admin.cfg @@ -0,0 +1,29 @@ +# Beware that the quotes around the values are mandatory + +### Secret key for the Flask application +SECRET_KEY='{{ anitya_secret_key }}' + +### url to the database server: +#DB_URL=mysql://user:pass@host/db_name +#DB_URL=postgres://user:pass@host/db_name +DB_URL='postgresql://{{ anitya_db_admin_user }}:{{ anitya_db_admin_pass }}@{{ anitya_db_host }}/{{ anitya_db_name }}' + +# List of admins based on their openid +CNUCNU_WEB_ADMINS = [ + 'http://ralph.id.fedoraproject.org/', + 'http://pingou.id.fedoraproject.org/', +] + +# Fedora OpenID endpoint +{% if env == 'staging' %} +CNUCNU_WEB_FEDORA_OPENID = 'https://id.stg.fedoraproject.org' +{% else %} +CNUCNU_WEB_FEDORA_OPENID = 'https://id.fedoraproject.org' +{% endif %} + + +# This is required to fix login +PREFERRED_URL_SCHEME='https' + +# Make browsers send session cookie only via HTTPS +SESSION_COOKIE_SECURE = True diff --git a/roles/anitya/backend/templates/cron-backup-database b/roles/anitya/backend/templates/cron-backup-database new file mode 100644 index 0000000000..ce3c52d7d4 --- /dev/null +++ b/roles/anitya/backend/templates/cron-backup-database @@ -0,0 +1 @@ +0 0 * * * postgres /usr/local/bin/backup-database {{ item }} diff --git a/roles/anitya/fedmsg/files/selinux/fedmsg.mod b/roles/anitya/fedmsg/files/selinux/fedmsg.mod new file mode 100644 index 0000000000..25e47ae694 Binary files /dev/null and b/roles/anitya/fedmsg/files/selinux/fedmsg.mod differ diff --git a/roles/anitya/fedmsg/files/selinux/fedmsg.pp b/roles/anitya/fedmsg/files/selinux/fedmsg.pp new file mode 100644 index 0000000000..17a25943f7 Binary files /dev/null and b/roles/anitya/fedmsg/files/selinux/fedmsg.pp differ diff --git a/roles/anitya/fedmsg/files/selinux/fedmsg.te b/roles/anitya/fedmsg/files/selinux/fedmsg.te new file mode 100644 index 0000000000..6ce38d40f6 --- /dev/null +++ b/roles/anitya/fedmsg/files/selinux/fedmsg.te @@ -0,0 +1,21 @@ + +module fedmsg 1.1; + +require { + type anon_inodefs_t; + type httpd_t; + class file write; +} + +require { + type ptmx_t; + type httpd_t; + class chr_file getattr; +} + +#============= httpd_t ============== +# For basic port binding +allow httpd_t anon_inodefs_t:file write; +# So that psutil can work from /etc/fedmsg.d/logging.py +allow httpd_t ptmx_t:chr_file getattr; + diff --git a/roles/anitya/fedmsg/tasks/main.yml b/roles/anitya/fedmsg/tasks/main.yml new file mode 100644 index 0000000000..f4e596d2bb --- /dev/null +++ b/roles/anitya/fedmsg/tasks/main.yml @@ -0,0 +1,133 @@ +--- +# tasklist for setting up fedmsg +# This is the base set of files needed for fedmsg + +- name: install needed packages + package: name={{ item }} state=present + with_items: + - fedmsg + - libsemanage-python + - python-psutil + - policycoreutils-python # This is in the kickstart now. Here for old hosts. + tags: + - packages + - anitya/fedmsg + +# We use setgid here so that the monitoring sockets created by fedmsg services +# are accessible to the nrpe group. +- name: create a /var/run/fedmsg dir with setgid for monitoring. + file: > + dest=/var/run/fedmsg + mode=2775 + owner=fedmsg + group=nrpe + state=directory + tags: + - anitya/fedmsg + +- name: setup /etc/fedmsg.d directory + file: path=/etc/fedmsg.d owner=root group=root mode=0755 state=directory + tags: + - anitya/fedmsg + - config + +# Any files that change need to restart any services that depend on them. A +# trick here is that some hosts have an httpd that uses fedmsg, while others do +# not. Some hosts have a fedmsg-hub that uses this config, while others do not. +# Our handlers in handlers/restart_services.yml are smart enough to +# *conditionally* restart these services, only if they are installed on the +# system. +- name: setup basic /etc/fedmsg.d/ contents + template: > + src="{{ item }}.j2" + dest="/etc/fedmsg.d/{{ item }}" + owner=root + group=root + mode=644 + with_items: + - ssl.py + - relay.py + - logging.py + - base.py + tags: + - config + - fedmsgdconfig + - anitya/fedmsg + notify: + - reload httpd + - restart fedmsg-relay + +- name: Remove unwanted files + file: dest=/etc/fedmsg.d/{{item}} state=absent + with_items: + - endpoints.py + tags: + - config + - fedmsgdconfig + - anitya/fedmsg + notify: + - reload httpd + - restart fedmsg-relay + +- name: setup /etc/pki/fedmsg directory + file: path=/etc/pki/fedmsg owner=root group=root mode=0755 state=directory + tags: + - config + - anitya/fedmsg + +- name: install fedmsg ca.cert + copy: > + src="{{ private }}/files/fedmsg-certs/keys/ca.crt" + dest=/etc/pki/fedmsg/ca.crt + owner=root + group=root + mode=0644 + tags: + - config + - anitya/fedmsg + +- name: fedmsg certs + copy: > + src="{{ private }}/files/fedmsg-certs/keys/{{item['service']}}-{{fedmsg_fqdn | default(inventory_hostname)}}.crt" + dest=/etc/pki/fedmsg/ + mode=644 + owner={{item['owner']}} + group={{item['group']}} + with_items: + - "{{ fedmsg_certs }}" + when: fedmsg_certs != [] + tags: + - config + - anitya/fedmsg + +- name: fedmsg keys + copy: > + src="{{ private }}/files/fedmsg-certs/keys/{{item['service']}}-{{fedmsg_fqdn | default(inventory_hostname)}}.key" + dest=/etc/pki/fedmsg/ + mode=0640 + owner={{item['owner']}} + group={{item['group']}} + with_items: + - "{{ fedmsg_certs }}" + when: fedmsg_certs != [] + tags: + - config + - anitya/fedmsg + +# Three tasks for handling our custom selinux module +- name: ensure a directory exists for our custom selinux module + file: dest=/usr/local/share/fedmsg state=directory + tags: + - anitya/fedmsg + +- name: copy over our custom selinux module + copy: src=selinux/fedmsg.pp dest=/usr/local/share/fedmsg/fedmsg.pp + register: selinux_module + tags: + - anitya/fedmsg + +- name: install our custom selinux module + command: semodule -i /usr/local/share/fedmsg/fedmsg.pp + when: selinux_module|changed + tags: + - anitya/fedmsg diff --git a/roles/anitya/fedmsg/templates/base.py.j2 b/roles/anitya/fedmsg/templates/base.py.j2 new file mode 100644 index 0000000000..9f24fecd06 --- /dev/null +++ b/roles/anitya/fedmsg/templates/base.py.j2 @@ -0,0 +1,63 @@ +config = dict( + topic_prefix="{{ fedmsg_prefix }}", + environment="{{ fedmsg_env }}", + + # This used to be set to 1 for safety, but it turns out it was + # excessive. It is the number of seconds that fedmsg should sleep + # after it has initialized, but before it begins to try and send any + # messages. If set to a non-zero value, this will slow down one-off + # fedmsg scripts like the git post-receive hook and pkgdb2branch. + # If we are experiencing message-loss problems, one of the first things + # to try should be to turn this number up to a non-zero value. '1' should + # be more than sufficient. + post_init_sleep=0.4, + + # This is the number of milliseconds to wait before timing out on + # connections.. notably to the fedmsg-relay in the event that it has + # crashed. + zmq_linger=2000, + + # Default is 0 + high_water_mark=0, + io_threads=1, + + # We almost always want the fedmsg-hub to be sending messages with zmq as + # opposed to amqp or stomp. The only exception will be the bugzilla + # amqp<->zmq bridge service. + zmq_enabled=True, + + # When subscribing to messages, we want to allow splats ('*') so we tell the + # hub to not be strict when comparing messages topics to subscription + # topics. + zmq_strict=False, + + # See the following + # - http://tldp.org/HOWTO/TCP-Keepalive-HOWTO/overview.html + # - http://api.zeromq.org/3-2:zmq-setsockopt + zmq_tcp_keepalive=1, + zmq_tcp_keepalive_cnt=3, + zmq_tcp_keepalive_idle=60, + zmq_tcp_keepalive_intvl=5, +) + +# This option adds an IPC socket by which we can monitor hub health. +try: + import os + import psutil + + pid = os.getpid() + proc = [p for p in psutil.process_iter() if p.pid == pid][0] + + # proc.name is a method on modern versions of psutil. + name = proc.name + if callable(name): + name = name() + + config['moksha.monitoring.socket'] = \ + 'ipc:///var/run/fedmsg/monitoring-%s.socket' % name + config['moksha.monitoring.socket.mode'] = '770' +except (OSError, ImportError): + # We run into issues when trying to import psutil from mod_wsgi on rhel7 + # but this feature is of no concern in that context, so just fail quietly. + # https://github.com/jmflinuxtx/kerneltest-harness/pull/17#issuecomment-48007837 + pass diff --git a/roles/anitya/fedmsg/templates/logging.py.j2 b/roles/anitya/fedmsg/templates/logging.py.j2 new file mode 100644 index 0000000000..947a370ef0 --- /dev/null +++ b/roles/anitya/fedmsg/templates/logging.py.j2 @@ -0,0 +1,162 @@ +# Setup fedmsg logging. + +# All of these modules are just used by the ContextInjector below. +import inspect +import logging +import os +import socket +import traceback + +psutil = None +try: + import psutil +except (OSError, ImportError): + # We run into issues when trying to import psutil from inside mod_wsgi on + # rhel7. If we hit that here, then just fail quietly. + # https://github.com/jmflinuxtx/kerneltest-harness/pull/17#issuecomment-48007837 + pass + + +class ContextInjector(logging.Filter): + """ Logging filter that adds context to log records. + + Filters are typically used to "filter" log records. They declare a filter + method that can return True or False. Only records with 'True' will + actually be logged. + + Here, we somewhat abuse the concept of a filter. We always return true, + but we use the opportunity to hang important contextual information on the + log record to later be used by the logging Formatter. We don't normally + want to see all this stuff in normal log records, but we *do* want to see + it when we are emailed error messages. Seeing an error, but not knowing + which host it comes from, is not that useful. + + http://docs.python.org/2/howto/logging-cookbook.html#filters-contextual + """ + + def filter(self, record): + current_process = ContextInjector.get_current_process() + current_hostname = socket.gethostname() + + record.host = current_hostname + record.proc = current_process + record.pid = current_process.pid + record.proc_name = current_process.name + record.command_line = current_process.cmdline + # These are callabls on more modern versions of psutil. + if callable(record.proc_name): + record.proc_name = record.proc_name() + if callable(record.command_line): + record.command_line = record.command_line() + record.command_line = " ".join(record.command_line) + record.callstack = self.format_callstack() + return True + + @staticmethod + def format_callstack(): + for i, frame in enumerate(f[0] for f in inspect.stack()): + if not '__name__' in frame.f_globals: + continue + modname = frame.f_globals['__name__'].split('.')[0] + if modname != "logging": + break + + def _format_frame(frame): + return ' File "%s", line %i in %s\n %s' % (frame) + + stack = traceback.extract_stack() + stack = stack[:-i] + return "\n".join([_format_frame(frame) for frame in stack]) + + @staticmethod + def get_current_process(): + mypid = os.getpid() + + if not psutil: + raise OSError("Could not import psutil for %r" % mypid) + + for proc in psutil.process_iter(): + if proc.pid == mypid: + return proc + + # This should be impossible. + raise ValueError("Could not find process %r" % mypid) + + @classmethod + def __json__(cls): + """ We need to be jsonifiable for "fedmsg-config" """ + return {'name': 'ContextInjector'} + + +hefty_format = """Message +------- +[%(asctime)s][%(name)10s %(levelname)7s] +%(message)s + +Process Details +--------------- +host: %(host)s +PID: %(pid)s +name: %(proc_name)s +command: %(command_line)s + +Callstack that lead to the logging statement +-------------------------------------------- +%(callstack)s +""" + + +# See the following for constraints on this format http://bit.ly/Xn1WDn +config = dict( + logging=dict( + version=1, + formatters=dict( + bare={ + "datefmt": "%Y-%m-%d %H:%M:%S", + "format": "[%(asctime)s][%(name)10s %(levelname)7s] %(message)s" + }, + hefty={ + "datefmt": "%Y-%m-%d %H:%M:%S", + "format": hefty_format, + }, + ), + filters=dict( + context={ + # This "()" syntax in the stdlib doesn't seem to be documented + # anywhere. I had to read + # /usr/lib64/python2.7/logging/config.py to figure it out. + "()": ContextInjector, + }, + ), + handlers=dict( + console={ + "class": "logging.StreamHandler", + "formatter": "bare", + "level": "INFO", + "stream": "ext://sys.stdout", + }, + mailer={ + "class": "logging.handlers.SMTPHandler", + "formatter": "hefty", + "filters": ["context"], + "level": "ERROR", + "mailhost": "bastion.vpn.fedoraproject.org", + "fromaddr": "fedmsg@fedoraproject.org", + "toaddrs": ["sysadmin-datanommer-members@fedoraproject.org"], + "subject": "fedmsg error log (anitya)", + }, + ), + loggers=dict( + fedmsg={ + "level": "INFO", + "propagate": False, + "handlers": ["console", "mailer"], + }, + moksha={ + "level": "INFO", + "propagate": False, + "handlers": ["console", "mailer"], + }, + ), + ), +) diff --git a/roles/anitya/fedmsg/templates/relay.py.j2 b/roles/anitya/fedmsg/templates/relay.py.j2 new file mode 100644 index 0000000000..b88082d435 --- /dev/null +++ b/roles/anitya/fedmsg/templates/relay.py.j2 @@ -0,0 +1,17 @@ +config = dict( + endpoints={ + # This is the output side of the relay to which all other + # services can listen. + "relay_outbound": [ + # Messages emerge here + #"tcp://release-monitoring.org:9940", + "tcp://anitya-frontend01.fedoraproject.org:9940", + ], + }, + + # wsgi scripts on the frontend talk back here + # so do cronjobs on anitya-backend01. they get a firewall rule. + relay_inbound=[ + "tcp://anitya-frontend01.fedoraproject.org:9941", + ], +) diff --git a/roles/anitya/fedmsg/templates/ssl.py.j2 b/roles/anitya/fedmsg/templates/ssl.py.j2 new file mode 100644 index 0000000000..a862ede110 --- /dev/null +++ b/roles/anitya/fedmsg/templates/ssl.py.j2 @@ -0,0 +1,18 @@ + +config = dict( + sign_messages=True, + validate_signatures=True, + ssldir="/etc/pki/fedmsg", + + crl_location="https://fedoraproject.org/fedmsg/crl.pem", + crl_cache="/var/run/fedmsg/crl.pem", + crl_cache_expiry=86400, # Daily + + certnames=dict([ + ("shell.anitya-frontend01", "shell-anitya-frontend01.fedoraproject.org"), + ("anitya.anitya-frontend01", "anitya-anitya-frontend01.fedoraproject.org"), + ("shell.anitya-backend01", "shell-anitya-backend01.fedoraproject.org"), + ("anitya.anitya-backend01", "anitya-anitya-backend01.fedoraproject.org"), + ]), +) + diff --git a/roles/anitya/frontend/tasks/main.yml b/roles/anitya/frontend/tasks/main.yml new file mode 100644 index 0000000000..3a3888f05d --- /dev/null +++ b/roles/anitya/frontend/tasks/main.yml @@ -0,0 +1,72 @@ +--- +# Configuration for the anitya webapp + +- name: install needed packages + package: name={{ item }} state=present update_cache=yes + with_items: + - anitya + - python-psycopg2 + - python-memcached + - libsemanage-python + - httpd + - mod_ssl + tags: + - packages + - anitya_frontend + +- name: Install all the configuration file of anitya + template: src={{ item.file }} + dest={{ item.location }}/{{ item.file }} + owner=apache group=apache mode=0600 + with_items: + - { file: anitya.cfg, location: /etc/anitya } + - { file: anitya.conf, location: /etc/httpd/conf.d } + - { file: anitya.wsgi, location: /var/www/, dest: anitya.wsgi } + tags: + - config + - anitya_frontend + notify: + - restart apache + +- name: create the folder where we store the ssl cert if not already there + file: state=directory + path=/etc/pki/tls/certs/ + owner=root group=root mode=0755 + +- name: Install the SSL cert so that we can use https + copy: > + src={{ private}}/files/httpd/{{ item }} dest=/etc/pki/tls/certs/{{ item }} + owner=root group=root mode=0600 + with_items: + - release-monitoring.org.cert + - release-monitoring.org.key + - release-monitoring.org.intermediate.cert + notify: + - restart apache + tags: + - config + - anitya_frontend + +- name: Install the configuration file to activate https + template: > + src={{ item }} dest=/etc/httpd/conf.d/{{ item }} + owner=root group=root mode=0644 + with_items: + - 0_releasemonitoring.conf + tags: + - files + - config + - anitya_frontend + notify: + - restart apache + +- name: set sebooleans so anitya can talk to the db + seboolean: name={{ item }} + state=true + persistent=true + with_items: + - httpd_can_network_connect_db + - httpd_can_network_connect + tags: + - anitya_frontend + diff --git a/roles/anitya/frontend/templates/0_releasemonitoring.conf b/roles/anitya/frontend/templates/0_releasemonitoring.conf new file mode 100644 index 0000000000..e05414777f --- /dev/null +++ b/roles/anitya/frontend/templates/0_releasemonitoring.conf @@ -0,0 +1,17 @@ + + ServerName release-monitoring.org + Redirect permanent / https://release-monitoring.org/ + + + + ServerName release-monitoring.org:443 + + SSLEngine on + SSLProtocol {{ ssl_protocols }} + SSLCipherSuite {{ ssl_ciphers }} + Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" + + SSLCertificateFile /etc/pki/tls/certs/release-monitoring.org.cert + SSLCertificateChainFile /etc/pki/tls/certs/release-monitoring.org.intermediate.cert + SSLCertificateKeyFile /etc/pki/tls/certs/release-monitoring.org.key + diff --git a/roles/anitya/frontend/templates/anitya.cfg b/roles/anitya/frontend/templates/anitya.cfg new file mode 100644 index 0000000000..2c4dfd9e3d --- /dev/null +++ b/roles/anitya/frontend/templates/anitya.cfg @@ -0,0 +1,42 @@ +# Beware that the quotes around the values are mandatory + +from datetime import timedelta +# Set the time after which the session expires +PERMANENT_SESSION_LIFETIME = timedelta(hours=24) + + +### Secret key for the Flask application +SECRET_KEY='{{ anitya_secret_key }}' + +### url to the database server: +#DB_URL=mysql://user:pass@host/db_name +#DB_URL=postgres://user:pass@host/db_name +DB_URL='postgresql://{{ anitya_db_user }}:{{ anitya_db_pass }}@{{ anitya_db_host }}/{{ anitya_db_name }}' + +# List of admins based on their openid +ANITYA_WEB_ADMINS = [ + 'http://ralph.id.fedoraproject.org/', + 'http://pingou.id.fedoraproject.org/', + 'http://jcline.id.fedoraproject.org/', + 'http://tibbs.id.fedoraproject.org/', +] + +# Email addresses to send tracebacks to when an HTTP 500 occurs +ADMIN_EMAIL = [ + 'admin@fedoraproject.org', + 'jeremy@jcline.org', +] + +# Fedora OpenID endpoint +{% if env == 'staging' %} +ANITYA_WEB_FEDORA_OPENID = 'https://id.stg.fedoraproject.org' +{% else %} +ANITYA_WEB_FEDORA_OPENID = 'https://id.fedoraproject.org' +{% endif %} + +ANITYA_WEB_ALLOW_GOOGLE_OPENID = False + +# This is required to fix login +PREFERRED_URL_SCHEME='https' +# Make browsers send session cookie only via HTTPS +SESSION_COOKIE_SECURE=True diff --git a/roles/anitya/frontend/templates/anitya.conf b/roles/anitya/frontend/templates/anitya.conf new file mode 100644 index 0000000000..1ad401da7d --- /dev/null +++ b/roles/anitya/frontend/templates/anitya.conf @@ -0,0 +1,23 @@ + +Alias /static /usr/lib/python2.7/site-packages/anitya/static/ + +WSGIDaemonProcess anitya user=apache maximum-requests=1000 display-name=anitya processes=4 threads=4 +WSGISocketPrefix run/wsgi +WSGIRestrictStdout Off +WSGIRestrictSignal Off +WSGIPythonOptimize 1 + +WSGIScriptAlias / /var/www/anitya.wsgi + + + WSGIProcessGroup anitya + + # Apache 2.4 + Require all granted + + + # Apache 2.2 + Order deny,allow + Allow from all + + diff --git a/roles/anitya/frontend/templates/anitya.wsgi b/roles/anitya/frontend/templates/anitya.wsgi new file mode 100644 index 0000000000..5071055152 --- /dev/null +++ b/roles/anitya/frontend/templates/anitya.wsgi @@ -0,0 +1,21 @@ +#-*- coding: UTF-8 -*- + +# The three lines below are required to run on EL6 as EL6 has +# two possible version of python-sqlalchemy and python-jinja2 +# These lines make sure the application uses the correct version. +import __main__ +__main__.__requires__ = ['SQLAlchemy >= 0.7', 'jinja2 >= 2.4'] +import pkg_resources + +import os +## Set the environment variable pointing to the configuration file +os.environ['ANITYA_WEB_CONFIG'] = '/etc/anitya/anitya.cfg' + +## The following is only needed if you did not install anitya +## as a python module (for example if you run it from a git clone). +#import sys +#sys.path.insert(0, '/path/to/anitya/') + + +## The most import line to make the wsgi working +from anitya.app import APP as application diff --git a/roles/ansible-ansible-openshift-ansible/.travis.yml b/roles/ansible-ansible-openshift-ansible/.travis.yml new file mode 100644 index 0000000000..36bbf6208c --- /dev/null +++ b/roles/ansible-ansible-openshift-ansible/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/roles/ansible-ansible-openshift-ansible/README.rst b/roles/ansible-ansible-openshift-ansible/README.rst new file mode 100644 index 0000000000..b06f1efee5 --- /dev/null +++ b/roles/ansible-ansible-openshift-ansible/README.rst @@ -0,0 +1,54 @@ +ansible-ansible-openshift-ansible +################################# + +Ansible role to run ansible on a remote "openshift control" what will run +`openshift-ansible`_ to deploy a cluster. + +This is a Fedora Infrastructure specific adaptation into a role of the original +prototype located in pagure: + + https://pagure.io/ansible-ansible-openshift-ansible/tree/master + +What? Why? +---------- + +The `openshift-ansible`_ playbooks require that various tasks be run on +``localhost`` in order to build their internal abstracted representation of the +inventory list. Running potentially arbitrary code from external sources on a +bastion host (which is what ``localhost`` would be as the ansible control +machine) is often frowned upon. The goal here is to allow for the deployment of +`openshift-ansible`_ via an intermediate host. + +.. note:: + There is a requirement to setup the SSH keys such that the bastion host + can passwordless ssh into the openshift control host and such that the + openshift control host can passwordless ssh into each of the hosts in + the openshift cluster. This is outside the scope of this document. + + +:: + + +---------------+ +-------------------+ + | | | | + | bastion host +----[ansible]----->| openshift control | + | | | | + +---------------+ +---------+---------+ + | + | + [ansible] + | + | + V + +--------------------------------------------------------------------------+ + | | + | openshift cluster | + | | + | +-----------+ +-----------+ +-----------+ | + | | | | | | | | + | | openshift | ...[masters] | openshift | | openshift | ...[nodes] | + | | master | | node | | node | | + | | | | | | | | + | +-----------+ +-----------+ +-----------+ | + | | + +--------------------------------------------------------------------------+ + diff --git a/roles/ansible-ansible-openshift-ansible/defaults/main.yml b/roles/ansible-ansible-openshift-ansible/defaults/main.yml new file mode 100644 index 0000000000..f0c635b58c --- /dev/null +++ b/roles/ansible-ansible-openshift-ansible/defaults/main.yml @@ -0,0 +1,86 @@ +--- +# defaults file for ansible-ansible-openshift-ansible +# +# +# + +# Auth Profile +# These are Fedora Infra specific auth profiles +# +# Acceptable values: +# osbs - this will configure htpasswd for use with osbs +# fedoraidp - configure for fedora idp +# fedoraidp-stg - configure for fedora idp staging env +openshift_auth_profile: osbs + +# Do we want OpenShift itself to be containerized? +# This is a requirement if using Atomic Host +# +# As of v3.5.x this would mean that all our systems would completely go down +# in the event the docker daemon were to restart or crash. +# +# In the future (as of v3.6 devel branch), this is done with system containers +# and won't be bound to the docker daemon. +openshift_ansible_containerized_deploy: false + +# This will co-host the infra nodes with the primary nodes +openshift_shared_infra: false + +# OpenShift Cluster URL +# Example: openshift.fedoraproject.org +openshift_cluster_url: None + +# OpenShift Console and API listening ports +# These default to 8443 in openshift-ansible +openshift_api_port: 8443 +openshift_console_port: 8443 + +# OpenShift Applications Ingress subdomain (OpenShift routes) +openshift_app_subdomain: None + +# Setup native OpenShift Master High Availability (true or false) +openshift_master_ha: false + +# Destination file name for template-generated cluster inventory +cluster_inventory_filename: "cluster-inventory" + +# Ansible user for use with openshift-ansible playbooks +openshift_ansible_ssh_user: root + +# OpenShift Debug level (Default is 2 upstream) +openshift_debug_level: 2 + +# Release required as per the openshift-ansible +openshift_release: "v1.5.0" + +# OpenShift Deployment Type +# Possible options: +# origin +# openshift-enterprise +deployment_type: origin + +# Install the OpenShift App Examples (value should be "true" or "false") +openshift_ansible_install_examples: false + +# Path to clone the openshift-ansible git repo into +openshift_ansible_path: "/root/openshift-ansible" + +# Relative path inside the openshift-ansible git repo of the playbook to execute +# remotely +openshift_ansible_playbook: "playbooks/byo/config.yml" + +# openshift-ansible version tag, this is the git tag of the "release" of the +# openshift-ansible git repo. We need to track OpenShift v1.x to +# openshift-ansible-3.x.y-1 as that's the release/tag standard upstream. +openshift_ansible_version: "openshift-ansible-3.2.35-1" + +# The group names assigned to these variables are used to create the "effective" +# inventory (via a template) that is used to deploy the OpenShift Cluster via +# openshift-ansible (https://github.com/openshift/openshift-ansible). The values +# assigned here must match group names in the current running inventory or the +# remote effective inventory that actually deploys the OpenShift Cluster will be +# empty causing undesired effects. +openshift_cluster_masters_group: "openshift-cluster-masters" +openshift_cluster_nodes_group: "openshift-cluster-nodes" +openshift_cluster_infra_group: "openshift-cluster-nodes" + diff --git a/roles/ansible-ansible-openshift-ansible/tasks/main.yml b/roles/ansible-ansible-openshift-ansible/tasks/main.yml new file mode 100644 index 0000000000..7dbf3f6bc6 --- /dev/null +++ b/roles/ansible-ansible-openshift-ansible/tasks/main.yml @@ -0,0 +1,50 @@ +--- +# tasks file for ansible-ansible-openshift-ansible +# + +- name: Install required packages + package: name="{{ item }}" state=present + with_items: + - ansible + - git + - pyOpenSSL + +- name: git clone the openshift-ansible repo + git: + repo: "https://github.com/openshift/openshift-ansible.git" + dest: "{{ openshift_ansible_path }}" + version: "{{ openshift_ansible_version }}" + when: env == "production" + +# Need to use my fork in stage until these are merged upstream and backported +# to the release-3.6 branch +# +# https://github.com/openshift/openshift-ansible/pull/5101 +# https://github.com/openshift/openshift-ansible/pull/5129 +- name: git clone the openshift-ansible repo + git: + repo: "https://github.com/maxamillion/openshift-ansible" + dest: "{{ openshift_ansible_path }}" + version: "{{ openshift_ansible_version }}" + when: env == "staging" + +- name: generate the inventory file + template: + src: "cluster-inventory.j2" + dest: "{{ openshift_ansible_path }}/{{ cluster_inventory_filename }}" + +- name: run ansible + shell: "ansible-playbook {{ openshift_ansible_playbook }} -i {{ cluster_inventory_filename }}" + args: + chdir: "{{ openshift_ansible_path }}" + register: run_ansible_out + +- name: display run ansible stdout_lines + debug: + var: run_ansible_out.stdout_lines + +- name: display run ansible stderr + debug: + var: run_ansible_out.stderr + + diff --git a/roles/ansible-ansible-openshift-ansible/templates/cluster-inventory.j2 b/roles/ansible-ansible-openshift-ansible/templates/cluster-inventory.j2 new file mode 100644 index 0000000000..9d42bd6fc2 --- /dev/null +++ b/roles/ansible-ansible-openshift-ansible/templates/cluster-inventory.j2 @@ -0,0 +1,850 @@ +# This is based on the example inventories provided by the upstream +# openshift-ansible project available: +# https://github.com/openshift/openshift-ansible/tree/master/inventory/byo + + +# Create an OSEv3 group that contains the masters and nodes groups +[OSEv3:children] +masters +nodes +etcd + +# Add this if using nfs and have defined the nfs group +#nfs + +# Set variables common for all OSEv3 hosts +[OSEv3:vars] +# SSH user, this user should allow ssh based auth without requiring a +# password. If using ssh key based auth, then the key should be managed by an +# ssh agent. +ansible_ssh_user={{openshift_ansible_ssh_user}} + +# OpenShift Containerized deployment or not? +containerized={{openshift_ansible_containerized_deploy}} + +{% if openshift_ansible_ssh_user != "root" %} +# If ansible_ssh_user is not root, ansible_become must be set to true and the +# user must be configured for passwordless sudo +ansible_become=yes +{% endif %} + +{% if openshift_ansible_python_interpreter is defined %} +ansible_python_interpreter={{openshift_ansible_python_interpreter}} +{% endif %} + +# Debug level for all OpenShift components (Defaults to 2) +debug_level={{openshift_debug_level}} + +# Specify the deployment type. Valid values are origin and openshift-enterprise. +deployment_type={{openshift_deployment_type}} + +# Specify the generic release of OpenShift to install. This is used mainly just during installation, after which we +# rely on the version running on the first master. Works best for containerized installs where we can usually +# use this to lookup the latest exact version of the container images, which is the tag actually used to configure +# the cluster. For RPM installations we just verify the version detected in your configured repos matches this +# release. +openshift_release={{openshift_release}} + +# Specify an exact container image tag to install or configure. +# WARNING: This value will be used for all hosts in containerized environments, even those that have another version installed. +# This could potentially trigger an upgrade and downtime, so be careful with modifying this value after the cluster is set up. +#openshift_image_tag=v3.5.0 + +# Specify an exact rpm version to install or configure. +# WARNING: This value will be used for all hosts in RPM based environments, even those that have another version installed. +# This could potentially trigger an upgrade and downtime, so be careful with modifying this value after the cluster is set up. +#openshift_pkg_version=-3.5.0 + +# Install the openshift examples +{% if openshift_ansible_install_examples is defined %} +openshift_install_examples={{openshift_ansible_install_examples}} +{% endif %} + +# Configure logoutURL in the master config for console customization +# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#changing-the-logout-url +#openshift_master_logout_url=http://example.com + +# Configure extensionScripts in the master config for console customization +# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#loading-custom-scripts-and-stylesheets +#openshift_master_extension_scripts=['/path/to/script1.js','/path/to/script2.js'] + +# Configure extensionStylesheets in the master config for console customization +# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#loading-custom-scripts-and-stylesheets +#openshift_master_extension_stylesheets=['/path/to/stylesheet1.css','/path/to/stylesheet2.css'] + +# Configure extensions in the master config for console customization +# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#serving-static-files +#openshift_master_extensions=[{'name': 'images', 'sourceDirectory': '/path/to/my_images'}] + +# Configure extensions in the master config for console customization +# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#serving-static-files +#openshift_master_oauth_template=/path/to/login-template.html + +# Configure imagePolicyConfig in the master config +# See: https://godoc.org/github.com/openshift/origin/pkg/cmd/server/api#ImagePolicyConfig +#openshift_master_image_policy_config={"maxImagesBulkImportedPerRepository": 3, "disableScheduledImport": true} + +# Docker Configuration +# Add additional, insecure, and blocked registries to global docker configuration +# For enterprise deployment types we ensure that registry.access.redhat.com is +# included if you do not include it +#openshift_docker_additional_registries=registry.example.com +#openshift_docker_insecure_registries=registry.example.com +#openshift_docker_blocked_registries=registry.hacker.com +# Disable pushing to dockerhub +#openshift_docker_disable_push_dockerhub=True +# Use Docker inside a System Container. Note that this is a tech preview and should +# not be used to upgrade! +# The following options for docker are ignored: +# - docker_version +# - docker_upgrade +# The following options must not be used +# - openshift_docker_options +#openshift_docker_use_system_container=False +# Force the registry to use for the system container. By default the registry +# will be built off of the deployment type and ansible_distribution. Only +# use this option if you are sure you know what you are doing! +#openshift_docker_systemcontainer_image_registry_override="registry.example.com" +# Items added, as is, to end of /etc/sysconfig/docker OPTIONS +# Default value: "--log-driver=journald" +#openshift_docker_options="-l warn --ipv6=false" + +# Specify exact version of Docker to configure or upgrade to. +# Downgrades are not supported and will error out. Be careful when upgrading docker from < 1.10 to > 1.10. +# docker_version="1.12.1" + +# Skip upgrading Docker during an OpenShift upgrade, leaves the current Docker version alone. +# docker_upgrade=False + +# Specify exact version of etcd to configure or upgrade to. +# etcd_version="3.1.0" +# Enable etcd debug logging, defaults to false +# etcd_debug=true +# Set etcd log levels by package +# etcd_log_package_levels="etcdserver=WARNING,security=DEBUG" + +# Upgrade Hooks +# +# Hooks are available to run custom tasks at various points during a cluster +# upgrade. Each hook should point to a file with Ansible tasks defined. Suggest using +# absolute paths, if not the path will be treated as relative to the file where the +# hook is actually used. +# +# Tasks to run before each master is upgraded. +# openshift_master_upgrade_pre_hook=/usr/share/custom/pre_master.yml +# +# Tasks to run to upgrade the master. These tasks run after the main openshift-ansible +# upgrade steps, but before we restart system/services. +# openshift_master_upgrade_hook=/usr/share/custom/master.yml +# +# Tasks to run after each master is upgraded and system/services have been restarted. +# openshift_master_upgrade_post_hook=/usr/share/custom/post_master.yml + + +# Alternate image format string, useful if you've got your own registry mirror +#oreg_url=example.com/openshift3/ose-${component}:${version} +# If oreg_url points to a registry other than registry.access.redhat.com we can +# modify image streams to point at that registry by setting the following to true +#openshift_examples_modify_imagestreams=true + +# Additional yum repos to install +#openshift_additional_repos=[{'id': 'ose-devel', 'name': 'ose-devel', 'baseurl': 'http://example.com/puddle/build/AtomicOpenShift/3.1/latest/RH7-RHOSE-3.0/$basearch/os', 'enabled': 1, 'gpgcheck': 0}] + +# Defining htpasswd users +#openshift_master_htpasswd_users={'user1': '', 'user2': ''} +# or +#openshift_master_htpasswd_file= + +# OSBS Specific Auth +{% if openshift_auth_profile == "osbs" %} +openshift_master_manage_htpasswd=false +openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '{{ openshift_htpasswd_file }}'}] +{% endif %} + +{% if openshift_auth_profile == "fedoraidp" %} +openshift_master_identity_providers=[{"name": "fedoraidp", "login": "true", "challenge": "false", "kind": "OpenIDIdentityProvider", "client_id": "openshift", "client_secret": "{{openshift_prod_client_secret}}", "extraScopes": ["profile", "email", "https://id.fedoraproject.org/scope/groups"], "claims": {"id": ["sub"], "preferredUsername": ["sub"], "name": ["name"], "email": ["email"]}, "urls": {"authorize": "https://id{{env_suffix}}.fedoraproject.org/openidc/Authorization", "token": "https://id{{env_suffix}}.fedoraproject.org/openidc/Token", "userInfo": "https://id{{env_suffix}}.fedoraproject.org/openidc/UserInfo"}}] +{% endif %} + +{% if openshift_auth_profile == "fedoraidp-stg" %} +openshift_master_identity_providers=[{"name": "fedoraidp", "login": "true", "challenge": "false", "kind": "OpenIDIdentityProvider", "client_id": "openshift", "client_secret": "{{openshift_stg_client_secret}}", "claims": {"id": ["sub"], "preferredUsername": ["sub"], "name": ["name"], "email": ["email"]}, "urls": {"authorize": "https://id{{env_suffix}}.fedoraproject.org/openidc/Authorization", "token": "https://id{{env_suffix}}.fedoraproject.org/openidc/Token", "userInfo": "https://id{{env_suffix}}.fedoraproject.org/openidc/UserInfo"}}] +{% endif %} + +# Allow all auth +#openshift_master_identity_providers=[{'name': 'allow_all', 'login': 'true', 'challenge': 'true', 'kind': 'AllowAllPasswordIdentityProvider'}] + +# LDAP auth +#openshift_master_identity_providers=[{'name': 'my_ldap_provider', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider', 'attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': '', 'bindPassword': '', 'ca': 'my-ldap-ca.crt', 'insecure': 'false', 'url': 'ldap://ldap.example.com:389/ou=users,dc=example,dc=com?uid'}] +# +# Configure LDAP CA certificate +# Specify either the ASCII contents of the certificate or the path to +# the local file that will be copied to the remote host. CA +# certificate contents will be copied to master systems and saved +# within /etc/origin/master/ with a filename matching the "ca" key set +# within the LDAPPasswordIdentityProvider. +# +#openshift_master_ldap_ca= +# or +#openshift_master_ldap_ca_file= + +# OpenID auth +#openshift_master_identity_providers=[{"name": "openid_auth", "login": "true", "challenge": "false", "kind": "OpenIDIdentityProvider", "client_id": "my_client_id", "client_secret": "my_client_secret", "claims": {"id": ["sub"], "preferredUsername": ["preferred_username"], "name": ["name"], "email": ["email"]}, "urls": {"authorize": "https://myidp.example.com/oauth2/authorize", "token": "https://myidp.example.com/oauth2/token"}, "ca": "my-openid-ca-bundle.crt"}] +# +# Configure OpenID CA certificate +# Specify either the ASCII contents of the certificate or the path to +# the local file that will be copied to the remote host. CA +# certificate contents will be copied to master systems and saved +# within /etc/origin/master/ with a filename matching the "ca" key set +# within the OpenIDIdentityProvider. +# +#openshift_master_openid_ca= +# or +#openshift_master_openid_ca_file= + +# Request header auth +#openshift_master_identity_providers=[{"name": "my_request_header_provider", "challenge": "true", "login": "true", "kind": "RequestHeaderIdentityProvider", "challengeURL": "https://www.example.com/challenging-proxy/oauth/authorize?${query}", "loginURL": "https://www.example.com/login-proxy/oauth/authorize?${query}", "clientCA": "my-request-header-ca.crt", "clientCommonNames": ["my-auth-proxy"], "headers": ["X-Remote-User", "SSO-User"], "emailHeaders": ["X-Remote-User-Email"], "nameHeaders": ["X-Remote-User-Display-Name"], "preferredUsernameHeaders": ["X-Remote-User-Login"]}] +# +# Configure request header CA certificate +# Specify either the ASCII contents of the certificate or the path to +# the local file that will be copied to the remote host. CA +# certificate contents will be copied to master systems and saved +# within /etc/origin/master/ with a filename matching the "clientCA" +# key set within the RequestHeaderIdentityProvider. +# +#openshift_master_request_header_ca= +# or +#openshift_master_request_header_ca_file= + +{% if openshift_master_ha is defined %} +{% if openshift_master_ha %} +# Native high availability cluster method with optional load balancer. +# If no lb group is defined, the installer assumes that a load balancer has +# been preconfigured. For installation the value of +# openshift_master_cluster_hostname must resolve to the load balancer +# or to one or all of the masters defined in the inventory if no load +# balancer is present. +openshift_master_cluster_method=native +openshift_master_cluster_hostname={{openshift_internal_cluster_url}} +openshift_master_cluster_public_hostname={{openshift_cluster_url}} +{% endif %} +{% endif %} + +# Override the default controller lease ttl +#osm_controller_lease_ttl=30 + +# Configure controller arguments +#osm_controller_args={'resource-quota-sync-period': ['10s']} + +# Configure api server arguments +#osm_api_server_args={'max-requests-inflight': ['400']} + +# default subdomain to use for exposed routes +{% if openshift_app_subdomain is defined %} +{% if openshift_app_subdomain %} +openshift_master_default_subdomain={{openshift_app_subdomain}} +{% endif %} +{% endif %} + +# additional cors origins +#osm_custom_cors_origins=['foo.example.com', 'bar.example.com'] + +# default project node selector +#osm_default_node_selector='region=primary' + +# Override the default pod eviction timeout +#openshift_master_pod_eviction_timeout=5m + +# Override the default oauth tokenConfig settings: +# openshift_master_access_token_max_seconds=86400 +# openshift_master_auth_token_max_seconds=500 + +# Override master servingInfo.maxRequestsInFlight +#openshift_master_max_requests_inflight=500 + +# Override master and node servingInfo.minTLSVersion and .cipherSuites +# valid TLS versions are VersionTLS10, VersionTLS11, VersionTLS12 +# example cipher suites override, valid cipher suites are https://golang.org/pkg/crypto/tls/#pkg-constants +#openshift_master_min_tls_version=VersionTLS12 +#openshift_master_cipher_suites=['TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', '...'] +# +#openshift_node_min_tls_version=VersionTLS12 +#openshift_node_cipher_suites=['TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', '...'] + +# default storage plugin dependencies to install, by default the ceph and +# glusterfs plugin dependencies will be installed, if available. +#osn_storage_plugin_deps=['ceph','glusterfs'] + +# OpenShift Router Options +# +# An OpenShift router will be created during install if there are +# nodes present with labels matching the default router selector, +# "region=infra". Set openshift_node_labels per node as needed in +# order to label nodes. +# +# Example: +# [nodes] +# node.example.com openshift_node_labels="{'region': 'infra'}" +# +# Router selector (optional) +# Router will only be created if nodes matching this label are present. +# Default value: 'region=infra' +#openshift_hosted_router_selector='region=infra' +# +# Router replicas (optional) +# Unless specified, openshift-ansible will calculate the replica count +# based on the number of nodes matching the openshift router selector. +#openshift_hosted_router_replicas=2 +# +# Router force subdomain (optional) +# A router path format to force on all routes used by this router +# (will ignore the route host value) +#openshift_hosted_router_force_subdomain='${name}-${namespace}.apps.example.com' +# +# Router certificate (optional) +# Provide local certificate paths which will be configured as the +# router's default certificate. +#openshift_hosted_router_certificate={"certfile": "/path/to/router.crt", "keyfile": "/path/to/router.key", "cafile": "/path/to/router-ca.crt"} +# +# Disable management of the OpenShift Router +#openshift_hosted_manage_router=false +# +# Router sharding support has been added and can be achieved by supplying the correct +# data to the inventory. The variable to house the data is openshift_hosted_routers +# and is in the form of a list. If no data is passed then a default router will be +# created. There are multiple combinations of router sharding. The one described +# below supports routers on separate nodes. +#openshift_hosted_routers: +#- name: router1 +# stats_port: 1936 +# ports: +# - 80:80 +# - 443:443 +# replicas: 1 +# namespace: default +# serviceaccount: router +# selector: type=router1 +# images: "openshift3/ose-${component}:${version}" +# edits: [] +# certificates: +# certfile: /path/to/certificate/abc.crt +# keyfile: /path/to/certificate/abc.key +# cafile: /path/to/certificate/ca.crt +#- name: router2 +# stats_port: 1936 +# ports: +# - 80:80 +# - 443:443 +# replicas: 1 +# namespace: default +# serviceaccount: router +# selector: type=router2 +# images: "openshift3/ose-${component}:${version}" +# certificates: +# certfile: /path/to/certificate/xyz.crt +# keyfile: /path/to/certificate/xyz.key +# cafile: /path/to/certificate/ca.crt +# edits: +# # ROUTE_LABELS sets the router to listen for routes +# # tagged with the provided values +# - key: spec.template.spec.containers[0].env +# value: +# name: ROUTE_LABELS +# value: "route=external" +# action: append + +# OpenShift Registry Console Options +# Override the console image prefix for enterprise deployments, not used in origin +# default is "registry.access.redhat.com/openshift3/" and the image appended is "registry-console" +#openshift_cockpit_deployer_prefix=registry.example.com/myrepo/ +# Override image version, defaults to latest for origin, matches the product version for enterprise +#openshift_cockpit_deployer_version=1.4.1 + +# Openshift Registry Options +# +# An OpenShift registry will be created during install if there are +# nodes present with labels matching the default registry selector, +# "region=infra". Set openshift_node_labels per node as needed in +# order to label nodes. +# +# Example: +# [nodes] +# node.example.com openshift_node_labels="{'region': 'infra'}" +# +# Registry selector (optional) +# Registry will only be created if nodes matching this label are present. +# Default value: 'region=infra' +#openshift_hosted_registry_selector='region=infra' +# +# Registry replicas (optional) +# Unless specified, openshift-ansible will calculate the replica count +# based on the number of nodes matching the openshift registry selector. +#openshift_hosted_registry_replicas=2 +# +# Validity of the auto-generated certificate in days (optional) +#openshift_hosted_registry_cert_expire_days=730 +# +# Disable management of the OpenShift Registry +#openshift_hosted_manage_registry=false + +# Registry Storage Options +# +# NFS Host Group +# An NFS volume will be created with path "nfs_directory/volume_name" +# on the host within the [nfs] host group. For example, the volume +# path using these options would be "/exports/registry" +#openshift_hosted_registry_storage_kind=nfs +#openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] +#openshift_hosted_registry_storage_nfs_directory=/exports +#openshift_hosted_registry_storage_nfs_options='*(rw,root_squash)' +#openshift_hosted_registry_storage_volume_name=registry +#openshift_hosted_registry_storage_volume_size=10Gi +# +# External NFS Host +# NFS volume must already exist with path "nfs_directory/_volume_name" on +# the storage_host. For example, the remote volume path using these +# options would be "nfs.example.com:/exports/registry" +#openshift_hosted_registry_storage_kind=nfs +#openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] +#openshift_hosted_registry_storage_host=nfs.example.com +#openshift_hosted_registry_storage_nfs_directory=/exports +#openshift_hosted_registry_storage_volume_name=registry +#openshift_hosted_registry_storage_volume_size=10Gi +# +# Openstack +# Volume must already exist. +#openshift_hosted_registry_storage_kind=openstack +#openshift_hosted_registry_storage_access_modes=['ReadWriteOnce'] +#openshift_hosted_registry_storage_openstack_filesystem=ext4 +#openshift_hosted_registry_storage_openstack_volumeID=3a650b4f-c8c5-4e0a-8ca5-eaee11f16c57 +#openshift_hosted_registry_storage_volume_size=10Gi +# +# Native GlusterFS Registry Storage +#openshift_hosted_registry_storage_kind=glusterfs +# +# AWS S3 +# +# S3 bucket must already exist. +#openshift_hosted_registry_storage_kind=object +#openshift_hosted_registry_storage_provider=s3 +#openshift_hosted_registry_storage_s3_accesskey=aws_access_key_id +#openshift_hosted_registry_storage_s3_secretkey=aws_secret_access_key +#openshift_hosted_registry_storage_s3_bucket=bucket_name +#openshift_hosted_registry_storage_s3_region=bucket_region +#openshift_hosted_registry_storage_s3_chunksize=26214400 +#openshift_hosted_registry_storage_s3_rootdirectory=/registry +#openshift_hosted_registry_pullthrough=true +#openshift_hosted_registry_acceptschema2=true +#openshift_hosted_registry_enforcequota=true +# +# Any S3 service (Minio, ExoScale, ...): Basically the same as above +# but with regionendpoint configured +# S3 bucket must already exist. +#openshift_hosted_registry_storage_kind=object +#openshift_hosted_registry_storage_provider=s3 +#openshift_hosted_registry_storage_s3_accesskey=access_key_id +#openshift_hosted_registry_storage_s3_secretkey=secret_access_key +#openshift_hosted_registry_storage_s3_regionendpoint=https://myendpoint.example.com/ +#openshift_hosted_registry_storage_s3_bucket=bucket_name +#openshift_hosted_registry_storage_s3_region=bucket_region +#openshift_hosted_registry_storage_s3_chunksize=26214400 +#openshift_hosted_registry_storage_s3_rootdirectory=/registry +#openshift_hosted_registry_pullthrough=true +#openshift_hosted_registry_acceptschema2=true +#openshift_hosted_registry_enforcequota=true +# +# Additional CloudFront Options. When using CloudFront all three +# of the followingg variables must be defined. +#openshift_hosted_registry_storage_s3_cloudfront_baseurl=https://myendpoint.cloudfront.net/ +#openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile=/full/path/to/secret.pem +#openshift_hosted_registry_storage_s3_cloudfront_keypairid=yourpairid + +# Metrics deployment +# See: https://docs.openshift.com/enterprise/latest/install_config/cluster_metrics.html +# +# By default metrics are not automatically deployed, set this to enable them +# +# openshift_hosted_metrics_deploy=true +{% if openshift_metrics_deploy is defined %} +{% if openshift_metrics_deploy %} +# +openshift_hosted_metrics_deploy=true + +# Storage Options +# If openshift_hosted_metrics_storage_kind is unset then metrics will be stored +# in an EmptyDir volume and will be deleted when the cassandra pod terminates. +# Storage options A & B currently support only one cassandra pod which is +# generally enough for up to 1000 pods. Additional volumes can be created +# manually after the fact and metrics scaled per the docs. +# +# Option A - NFS Host Group +# An NFS volume will be created with path "nfs_directory/volume_name" +# on the host within the [nfs] host group. For example, the volume +# path using these options would be "/exports/metrics" +#openshift_hosted_metrics_storage_kind=nfs +#openshift_hosted_metrics_storage_access_modes=['ReadWriteOnce'] +#openshift_hosted_metrics_storage_nfs_directory=/exports +#openshift_hosted_metrics_storage_nfs_options='*(rw,root_squash)' +#openshift_hosted_metrics_storage_volume_name=metrics +#openshift_hosted_metrics_storage_volume_size=10Gi +# +# Option B - External NFS Host +# NFS volume must already exist with path "nfs_directory/_volume_name" on +# the storage_host. For example, the remote volume path using these +# options would be "nfs.example.com:/exports/metrics" +#openshift_hosted_metrics_storage_kind=nfs +#openshift_hosted_metrics_storage_access_modes=['ReadWriteOnce'] +#openshift_hosted_metrics_storage_host=nfs.example.com +#openshift_hosted_metrics_storage_nfs_directory=/exports +#openshift_hosted_metrics_storage_volume_name=metrics +#openshift_hosted_metrics_storage_volume_size=10Gi +# +# Option C - Dynamic -- If openshift supports dynamic volume provisioning for +# your cloud platform use this. +#openshift_hosted_metrics_storage_kind=dynamic +# +# Other Metrics Options -- Common items you may wish to reconfigure, for the complete +# list of options please see roles/openshift_metrics/README.md +# +# Override metricsPublicURL in the master config for cluster metrics +# Defaults to https://hawkular-metrics.openshift_master_default_subdomain/hawkular/metrics +# Currently, you may only alter the hostname portion of the url, alterting the +# `/hawkular/metrics` path will break installation of metrics. +#openshift_hosted_metrics_public_url=https://hawkular-metrics.{{openshift_cluster_url}}/hawkular/metrics +{% endif %} +{% endif %} + +# Logging deployment +# +# Currently logging deployment is disabled by default, enable it by setting this +#openshift_hosted_logging_deploy=true +# +# Logging storage config +# Option A - NFS Host Group +# An NFS volume will be created with path "nfs_directory/volume_name" +# on the host within the [nfs] host group. For example, the volume +# path using these options would be "/exports/logging" +#openshift_hosted_logging_storage_kind=nfs +#openshift_hosted_logging_storage_access_modes=['ReadWriteOnce'] +#openshift_hosted_logging_storage_nfs_directory=/exports +#openshift_hosted_logging_storage_nfs_options='*(rw,root_squash)' +#openshift_hosted_logging_storage_volume_name=logging +#openshift_hosted_logging_storage_volume_size=10Gi +# +# Option B - External NFS Host +# NFS volume must already exist with path "nfs_directory/_volume_name" on +# the storage_host. For example, the remote volume path using these +# options would be "nfs.example.com:/exports/logging" +#openshift_hosted_logging_storage_kind=nfs +#openshift_hosted_logging_storage_access_modes=['ReadWriteOnce'] +#openshift_hosted_logging_storage_host=nfs.example.com +#openshift_hosted_logging_storage_nfs_directory=/exports +#openshift_hosted_logging_storage_volume_name=logging +#openshift_hosted_logging_storage_volume_size=10Gi +# +# Option C - Dynamic -- If openshift supports dynamic volume provisioning for +# your cloud platform use this. +#openshift_hosted_logging_storage_kind=dynamic +# +# Option D - none -- Logging will use emptydir volumes which are destroyed when +# pods are deleted +# +# Other Logging Options -- Common items you may wish to reconfigure, for the complete +# list of options please see roles/openshift_logging/README.md +# +# Configure loggingPublicURL in the master config for aggregate logging, defaults +# to kibana.openshift_master_default_subdomain +#openshift_hosted_logging_hostname=logging.apps.example.com +# Configure the number of elastic search nodes, unless you're using dynamic provisioning +# this value must be 1 +#openshift_hosted_logging_elasticsearch_cluster_size=1 +# Configure the prefix and version for the component images +#openshift_hosted_logging_deployer_prefix=registry.example.com:8888/openshift3/ +#openshift_hosted_logging_deployer_version=3.5.0 + +# Configure the multi-tenant SDN plugin (default is 'redhat/openshift-ovs-subnet') +# os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant' + +# Disable the OpenShift SDN plugin +# openshift_use_openshift_sdn=False + +# Configure SDN cluster network and kubernetes service CIDR blocks. These +# network blocks should be private and should not conflict with network blocks +# in your infrastructure that pods may require access to. Can not be changed +# after deployment. +# +# WARNING : Do not pick subnets that overlap with the default Docker bridge subnet of +# 172.17.0.0/16. Your installation will fail and/or your configuration change will +# cause the Pod SDN or Cluster SDN to fail. +# +# WORKAROUND : If you must use an overlapping subnet, you can configure a non conflicting +# docker0 CIDR range by adding '--bip=192.168.2.1/24' to DOCKER_NETWORK_OPTIONS +# environment variable located in /etc/sysconfig/docker-network. +#osm_cluster_network_cidr=10.128.0.0/14 +#openshift_portal_net=172.30.0.0/16 + +# ExternalIPNetworkCIDRs controls what values are acceptable for the +# service external IP field. If empty, no externalIP may be set. It +# may contain a list of CIDRs which are checked for access. If a CIDR +# is prefixed with !, IPs in that CIDR will be rejected. Rejections +# will be applied first, then the IP checked against one of the +# allowed CIDRs. You should ensure this range does not overlap with +# your nodes, pods, or service CIDRs for security reasons. +#openshift_master_external_ip_network_cidrs=['0.0.0.0/0'] + +# IngressIPNetworkCIDR controls the range to assign ingress IPs from for +# services of type LoadBalancer on bare metal. If empty, ingress IPs will not +# be assigned. It may contain a single CIDR that will be allocated from. For +# security reasons, you should ensure that this range does not overlap with +# the CIDRs reserved for external IPs, nodes, pods, or services. +#openshift_master_ingress_ip_network_cidr=172.46.0.0/16 + +# Configure number of bits to allocate to each host's subnet e.g. 9 +# would mean a /23 network on the host. +#osm_host_subnet_length=9 + +# Configure master API and console ports. +# These will default to 8443 +{% if openshift_api_port is defined and openshift_console_port is defined %} +{% if openshift_api_port and openshift_console_port %} +openshift_master_api_port={{openshift_api_port}} +openshift_master_console_port={{openshift_console_port}} +{% endif %} +{% endif %} + + +# set RPM version for debugging purposes +#openshift_pkg_version=-3.1.0.0 + +# Configure custom ca certificate +#openshift_master_ca_certificate={'certfile': '/path/to/ca.crt', 'keyfile': '/path/to/ca.key'} +# +# NOTE: CA certificate will not be replaced with existing clusters. +# This option may only be specified when creating a new cluster or +# when redeploying cluster certificates with the redeploy-certificates +# playbook. + +# Configure custom named certificates (SNI certificates) +# +# https://docs.openshift.com/enterprise/latest/install_config/certificate_customization.html +# +# NOTE: openshift_master_named_certificates is cached on masters and is an +# additive fact, meaning that each run with a different set of certificates +# will add the newly provided certificates to the cached set of certificates. +# +# An optional CA may be specified for each named certificate. CAs will +# be added to the OpenShift CA bundle which allows for the named +# certificate to be served for internal cluster communication. +# +# If you would like openshift_master_named_certificates to be overwritten with +# the provided value, specify openshift_master_overwrite_named_certificates. +#openshift_master_overwrite_named_certificates=true +# +# Provide local certificate paths which will be deployed to masters +#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key", "cafile": "/path/to/custom-ca1.crt"}] +# +# Detected names may be overridden by specifying the "names" key +#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key", "names": ["public-master-host.com"], "cafile": "/path/to/custom-ca1.crt"}] + +# Session options +#openshift_master_session_name=ssn +#openshift_master_session_max_seconds=3600 + +# An authentication and encryption secret will be generated if secrets +# are not provided. If provided, openshift_master_session_auth_secrets +# and openshift_master_encryption_secrets must be equal length. +# +# Signing secrets, used to authenticate sessions using +# HMAC. Recommended to use secrets with 32 or 64 bytes. +#openshift_master_session_auth_secrets=['DONT+USE+THIS+SECRET+b4NV+pmZNSO'] +# +# Encrypting secrets, used to encrypt sessions. Must be 16, 24, or 32 +# characters long, to select AES-128, AES-192, or AES-256. +#openshift_master_session_encryption_secrets=['DONT+USE+THIS+SECRET+b4NV+pmZNSO'] + +# configure how often node iptables rules are refreshed +#openshift_node_iptables_sync_period=5s + +# Configure nodeIP in the node config +# This is needed in cases where node traffic is desired to go over an +# interface other than the default network interface. +#openshift_set_node_ip=True + +# Force setting of system hostname when configuring OpenShift +# This works around issues related to installations that do not have valid dns +# entries for the interfaces attached to the host. +#openshift_set_hostname=True + +# Configure dnsIP in the node config +#openshift_dns_ip=172.30.0.1 + +# Configure node kubelet arguments. pods-per-core is valid in OpenShift Origin 1.3 or OpenShift Container Platform 3.3 and later. +#openshift_node_kubelet_args={'pods-per-core': ['10'], 'max-pods': ['250'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']} + +# Configure logrotate scripts +# See: https://github.com/nickhammond/ansible-logrotate +#logrotate_scripts=[{"name": "syslog", "path": "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/log/secure\n/var/log/spooler\n", "options": ["daily", "rotate 7", "compress", "sharedscripts", "missingok"], "scripts": {"postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true"}}] + +# openshift-ansible will wait indefinitely for your input when it detects that the +# value of openshift_hostname resolves to an IP address not bound to any local +# interfaces. This mis-configuration is problematic for any pod leveraging host +# networking and liveness or readiness probes. +# Setting this variable to true will override that check. +#openshift_override_hostname_check=true + +# Configure dnsmasq for cluster dns, switch the host's local resolver to use dnsmasq +# and configure node's dnsIP to point at the node's local dnsmasq instance. Defaults +# to True for Origin 1.2 and OSE 3.2. False for 1.1 / 3.1 installs, this cannot +# be used with 1.0 and 3.0. +#openshift_use_dnsmasq=False +# Define an additional dnsmasq.conf file to deploy to /etc/dnsmasq.d/openshift-ansible.conf +# This is useful for POC environments where DNS may not actually be available yet or to set +# options like 'strict-order' to alter dnsmasq configuration. +#openshift_node_dnsmasq_additional_config_file=/home/bob/ose-dnsmasq.conf + +# Global Proxy Configuration +# These options configure HTTP_PROXY, HTTPS_PROXY, and NOPROXY environment +# variables for docker and master services. +#openshift_http_proxy=http://USER:PASSWORD@IPADDR:PORT +#openshift_https_proxy=https://USER:PASSWORD@IPADDR:PORT +#openshift_no_proxy='.hosts.example.com,some-host.com' +# +# Most environments don't require a proxy between openshift masters, nodes, and +# etcd hosts. So automatically add those hostnames to the openshift_no_proxy list. +# If all of your hosts share a common domain you may wish to disable this and +# specify that domain above. +#openshift_generate_no_proxy_hosts=True +# +# These options configure the BuildDefaults admission controller which injects +# configuration into Builds. Proxy related values will default to the global proxy +# config values. You only need to set these if they differ from the global proxy settings. +# See BuildDefaults documentation at +# https://docs.openshift.org/latest/admin_guide/build_defaults_overrides.html +#openshift_builddefaults_http_proxy=http://USER:PASSWORD@HOST:PORT +#openshift_builddefaults_https_proxy=https://USER:PASSWORD@HOST:PORT +#openshift_builddefaults_no_proxy=mycorp.com +#openshift_builddefaults_git_http_proxy=http://USER:PASSWORD@HOST:PORT +#openshift_builddefaults_git_https_proxy=https://USER:PASSWORD@HOST:PORT +#openshift_builddefaults_git_no_proxy=mycorp.com +#openshift_builddefaults_image_labels=[{'name':'imagelabelname1','value':'imagelabelvalue1'}] +#openshift_builddefaults_nodeselectors={'nodelabel1':'nodelabelvalue1'} +#openshift_builddefaults_annotations={'annotationkey1':'annotationvalue1'} +#openshift_builddefaults_resources_requests_cpu=100m +#openshift_builddefaults_resources_requests_memory=256m +#openshift_builddefaults_resources_limits_cpu=1000m +#openshift_builddefaults_resources_limits_memory=512m + +# Or you may optionally define your own build defaults configuration serialized as json +#openshift_builddefaults_json='{"BuildDefaults":{"configuration":{"apiVersion":"v1","env":[{"name":"HTTP_PROXY","value":"http://proxy.example.com.redhat.com:3128"},{"name":"NO_PROXY","value":"ose3-master.example.com"}],"gitHTTPProxy":"http://proxy.example.com:3128","gitNoProxy":"ose3-master.example.com","kind":"BuildDefaultsConfig"}}}' + +# These options configure the BuildOverrides admission controller which injects +# configuration into Builds. +# See BuildOverrides documentation at +# https://docs.openshift.org/latest/admin_guide/build_defaults_overrides.html +#openshift_buildoverrides_force_pull=true +#openshift_buildoverrides_image_labels=[{'name':'imagelabelname1','value':'imagelabelvalue1'}] +#openshift_buildoverrides_nodeselectors={'nodelabel1':'nodelabelvalue1'} +#openshift_buildoverrides_annotations={'annotationkey1':'annotationvalue1'} + +# Or you may optionally define your own build overrides configuration serialized as json +#openshift_buildoverrides_json='{"BuildOverrides":{"configuration":{"apiVersion":"v1","kind":"BuildDefaultsConfig","forcePull":"true"}}}' + +# masterConfig.volumeConfig.dynamicProvisioningEnabled, configurable as of 1.2/3.2, enabled by default +#openshift_master_dynamic_provisioning_enabled=False + +# Admission plugin config +#openshift_master_admission_plugin_config={"ProjectRequestLimit":{"configuration":{"apiVersion":"v1","kind":"ProjectRequestLimitConfig","limits":[{"selector":{"admin":"true"}},{"maxProjects":"1"}]}},"PodNodeConstraints":{"configuration":{"apiVersion":"v1","kind":"PodNodeConstraintsConfig"}}} + +# Configure usage of openshift_clock role. +#openshift_clock_enabled=true + +# OpenShift Per-Service Environment Variables +# Environment variables are added to /etc/sysconfig files for +# each OpenShift service: node, master (api and controllers). +# API and controllers environment variables are merged in single +# master environments. +{% if no_http2 is defined %} +{% if no_http2 %} +openshift_master_api_env_vars={"ENABLE_HTTP2": "true"} +openshift_master_controllers_env_vars={"ENABLE_HTTP2": "true"} +openshift_node_env_vars={"ENABLE_HTTP2": "true"} +{% endif %} +{% endif %} + +# Enable API service auditing, available as of 3.2 +#openshift_master_audit_config={"enabled": true} + +# Validity of the auto-generated OpenShift certificates in days. +# See also openshift_hosted_registry_cert_expire_days above. +# +#openshift_ca_cert_expire_days=1825 +#openshift_node_cert_expire_days=730 +#openshift_master_cert_expire_days=730 + +# Validity of the auto-generated external etcd certificates in days. +# Controls validity for etcd CA, peer, server and client certificates. +# +#etcd_ca_default_days=1825 + +# NOTE: Currently we require that masters be part of the SDN which requires that they also be nodes +# However, in order to ensure that your masters are not burdened with running pods you should +# make them unschedulable by adding openshift_schedulable=False any node that's also a master. + +[masters] +{% for host in groups[openshift_cluster_masters_group] %} +{{ host }} +{% endfor %} + +[etcd] +{% for host in groups[openshift_cluster_masters_group] %} +{{ host }} +{% endfor %} + +{% if openshift_shared_infra is defined %} +{% if openshift_shared_infra %} + +[nodes] +{% for host in groups[openshift_cluster_masters_group] %} +{{ host }} openshift_schedulable=False +{% endfor %} +{% for host in groups[openshift_cluster_nodes_group] %} +{{ host }} openshift_node_labels="{'region': 'infra', 'zone': 'default'}" +{% endfor %} + +{% else %} + +[nodes] +{% for host in groups[openshift_cluster_infra_group] %} +{{ host }} openshift_node_labels="{'region':'infra'}" +{% endfor %} +{% for host in groups[openshift_cluster_masters_group] %} +{{ host }} openshift_schedulable=False +{% endfor %} +{% for host in groups[openshift_cluster_nodes_group] %} +{{ host }} openshift_node_labels="{'region': 'primary', 'zone': 'default'}" +{% endfor %} + +{% endif %} + +{% else %} + +[nodes] +{% for host in groups[openshift_cluster_infra_group] %} +{{ host }} openshift_node_labels="{'region':'infra'}" +{% endfor %} + +{% for host in groups[openshift_cluster_masters_group] %} +{{ host }} openshift_schedulable=False +{% endfor %} + +{% for host in groups[openshift_cluster_nodes_group] %} + +{% if openshift_nodeselectors is defined %} +{% if openshift_nodeselectors %} +{{ host }} openshift_node_labels="{'region': 'primary', 'zone': 'default', {{openshift_nodeselectors}}}" +{% else %} +{{ host }} openshift_node_labels="{'region': 'primary', 'zone': 'default'}" +{% endif %} +{% endif %} + +{% endfor %} + +{% endif %} diff --git a/roles/ansible-osbuild-worker/LICENSE b/roles/ansible-osbuild-worker/LICENSE deleted file mode 100644 index 261eeb9e9f..0000000000 --- a/roles/ansible-osbuild-worker/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/roles/ansible-osbuild-worker/README.md b/roles/ansible-osbuild-worker/README.md deleted file mode 100644 index 712f35d64a..0000000000 --- a/roles/ansible-osbuild-worker/README.md +++ /dev/null @@ -1,208 +0,0 @@ -# osbuild.osbuild_worker - -This roles installs, configures and starts `osbuild-composer` remote worker on the host. - -## Role Variables - -The role has a few required variables, which must be provided by the user in order for the role to not fail. - -**Required variables are:** - -* `osbuild_worker_server_hostname` -* `osbuild_worker_authentication_oauth_url` -* `osbuild_worker_authentication_client_id` -* Any of - * `osbuild_worker_authentication_client_secret_file` - * `osbuild_worker_authentication_offline_token_file` - -The rest of the variables are not required and if set, they enable optional functionality in the worker. - -Variables that the user can set are listed and explained below: - -```yaml -################################# -# General configuration options # -################################# - -# The hostname of the osbuild-composer API server. -# REQUIRED -osbuild_worker_server_hostname: "" -# The osbuild-composer server API base path. If empty, the default value is used. -osbuild_worker_server_api_base_path: "" - -# Worker proxy configuration. -osbuild_worker_proxy_server_hostname: "" -osbuild_worker_proxy_server_port: 443 -osbuild_worker_no_proxy_domains: [] - -################################################ -# Worker authentication to the composer server # -################################################ - -# The OAuth server URL. -# REQUIRED -osbuild_worker_authentication_oauth_url: "" -# The OAuth client ID. -# REQUIRED -osbuild_worker_authentication_client_id: "" -# Local path to the worker OAuth client secret file. If not empty, this file will be -# copied to the worker to {{ osbuild_worker_authentication_client_secret_path }}. -# REQUIRED (if osbuild_worker_authentication_offline_token_file not specified) -osbuild_worker_authentication_client_secret_file: "" -# Path to the worker OAuth client secret file on the worker. If empty, -# defaults to {{ osbuild_worker_authentication_client_secret_path_default }}. -osbuild_worker_authentication_client_secret_path: "" -# Local path to the worker OAuth offline token file. If not empty, this file will be -# copied to the worker to {{ osbuild_worker_authentication_offline_token_path }}. -# REQUIRED (if osbuild_worker_authentication_client_secret_file not specified) -osbuild_worker_authentication_offline_token_file: "" -# Path to the worker OAuth offline token file on the worker. If empty, -# defaults to {{ osbuild_worker_authentication_offline_token_path_default }}. -osbuild_worker_authentication_offline_token_path: "" - -########################## -# Configuration for Koji # -########################## - -osbuild_worker_koji_instances: [] -# example: -# osbuild_worker_koji_instances: -# - koji_host: "koji.example.com" -# krb_principal: "osbuild-automation@EXAMPLE.COM" -# # Local path to the krb keytab file. If not empty, this file will be -# # copied to the worker to {{ krb_keytab_path }}. -# krb_keytab_file: "" -# # Path to the krb keytab file on the worker. If empty, a default path -# # under {{ osbuild_worker_config_dir }} with filename -# # "client_{{ koji_host }}.keytab" will be used. -# krb_keytab_path: "" -# relax_timeout_factor: 5 - -########################### -# Configuration for Azure # -########################### - -# Local path to the Azure credentials file. If not empty, this file will be -# copied to the worker to {{ osbuild_worker_azure_credentials_path }}. -osbuild_worker_azure_credentials_file: "" -# Path to the Azure credentials file on the worker. If empty, -# defaults to {{ osbuild_worker_azure_credentials_path_default }}. -osbuild_worker_azure_credentials_path: "" -# Number of threads to use when uploading image blob to Azure. If 0, no -# explicit value is set in the configuration file and the worker will use -# its internal default. Set to a positive integer to override the default. -osbuild_worker_azure_upload_threads: 0 - -######################### -# Configuration for AWS # -######################### - -# Local path to the AWS credentials file. If not empty, this file will be -# copied to the worker to {{ osbuild_worker_aws_credentials_path }}. -osbuild_worker_aws_credentials_file: "" -# Path to the AWS credentials file on the worker. If empty, -# defaults to {{ osbuild_worker_aws_credentials_path_default }}. -osbuild_worker_aws_credentials_path: "" -osbuild_worker_aws_bucket: "" - -######################### -# Configuration for GCP # -######################### - -# Local path to the GCP credentials file. If not empty, this file will be -# copied to the worker to {{ osbuild_worker_gcp_credentials_path }}. -osbuild_worker_gcp_credentials_file: "" -# Path to the GCP credentials file on the worker. If empty, -# defaults to {{ osbuild_worker_gcp_credentials_path_default }}. -osbuild_worker_gcp_credentials_path: "" -osbuild_worker_gcp_bucket: "" -``` - -### Internal variables - -The role also uses some internal variables, which usually hold default values used by the role. Although the user can override them when using the role, this is discouraged. Do it only if you know what you are doing. Backward compatibility is not guaranteed when setting those. - -```yaml -osbuild_worker_config_dir: /etc/osbuild-worker -osbuild_worker_config_dir_mode: '0755' - -osbuild_worker_config_file: "{{ osbuild_worker_config_dir }}/osbuild-worker.toml" -osbuild_worker_config_file_mode: '0644' - -osbuild_worker_remote_worker_service_name: osbuild-remote-worker@ -osbuild_worker_remote_worker_service_dropin_dir: /etc/systemd/system/{{ osbuild_worker_remote_worker_service_name }}.service.d -osbuild_worker_remote_worker_service_proxy_dropin_file: "{{ osbuild_worker_remote_worker_service_dropin_dir }}/proxy.conf" - -osbuild_worker_secrets_owner: root -osbuild_worker_secrets_group: root -osbuild_worker_secrets_mode: '0400' - -osbuild_worker_authentication_client_secret_path_default: "{{ osbuild_worker_config_dir }}/client_secret" -osbuild_worker_authentication_offline_token_path_default: "{{ osbuild_worker_config_dir }}/offline_token" - -osbuild_worker_azure_credentials_path_default: "{{ osbuild_worker_config_dir }}/azure-credentials" -osbuild_worker_aws_credentials_path_default: "{{ osbuild_worker_config_dir }}/aws-credentials" -osbuild_worker_gcp_credentials_path_default: "{{ osbuild_worker_config_dir }}/gcp-credentials" -``` - -## Dependencies - -The role has no external dependencies. - -## Example Playbook - -Below is an example minimal playbook using the role with only the requires role variables specified. This playbook will install and configure remote `osbuild-worker` on the host with authentication settings for connecting to the remote `osbuild-composer` job queue server located at `composer.example.com`. The `client_secret` is expected to be a filename of a local file that will be copied to the remote host by the role. - -Note that this example is not very useful, because the worker is not configured with any upload target authentication (e.g. AWS, Azure, GCP or Koji), thus it won't be able o upload the built image anywhere. - -```yaml -- hosts: osbuild-worker - tasks: - - name: Include osbuild_worker role - ansible.builtin.include_role: - name: "osbuild.osbuild_worker" - vars: - osbuild_worker_server_hostname: "composer.example.com" - osbuild_worker_authentication_oauth_url: "oauth-server.example.com" - osbuild_worker_authentication_client_id: "osbuild-automation" - osbuild_worker_authentication_client_secret_file: "client_secret" -``` - -More useful example could be an instance of a remote worker configured with the option to upload built images to a Koji instance as well as to AWS. The following things are assumed: - -* `client_secret` is a local filename with OAuth client secret -* `aws_credentials` is a local filename with AWS credentials -* `koji.keytab` is a local filename of Kerberos keytab file - -```yaml -- hosts: osbuild-worker - tasks: - - name: Include osbuild_worker role - ansible.builtin.include_role: - name: "osbuild.osbuild_worker" - vars: - osbuild_worker_server_hostname: "composer.example.com" - osbuild_worker_authentication_oauth_url: "oauth-server.example.com" - osbuild_worker_authentication_client_id: "osbuild-automation" - osbuild_worker_authentication_client_secret_file: "client_secret" - osbuild_worker_aws_credentials_file: "aws_credentials" - osbuild_worker_aws_bucket: "my-s3-bucket" - osbuild_worker_koji_instances: - - koji_host: "koji.example.com" - krb_principal: "osbuild-automation@EXAMPLE.COM" - krb_keytab_file: "koji.keytab" -``` - -## What is NOT supported - -* Configuring a local osbuild-worker. -* Configuring the "generic S3" upload target authentication. -* Configuring the "container registry" upload target authentication. -* Configuring the path to `dnf-json` binary. -* Configuring the proxy server in the worker configuration. -* Configuring the TLS client certificate authentication. -* Configuring the osbuild-composer server TLS CA certificate. - -## License - -Apache-2.0 diff --git a/roles/ansible-osbuild-worker/defaults/main.yml b/roles/ansible-osbuild-worker/defaults/main.yml deleted file mode 100644 index 7c5a5daedc..0000000000 --- a/roles/ansible-osbuild-worker/defaults/main.yml +++ /dev/null @@ -1,99 +0,0 @@ ---- -# defaults file for osbuild_worker - -################################# -# General configuration options # -################################# - -# The hostname of the osbuild-composer API server. -# REQUIRED -osbuild_worker_server_hostname: "" -# The osbuild-composer server API base path. If empty, the default value is used. -osbuild_worker_server_api_base_path: "" - -# Worker proxy configuration. -osbuild_worker_proxy_server_hostname: "" -osbuild_worker_proxy_server_port: 443 -osbuild_worker_no_proxy_domains: [] - -################################################ -# Worker authentication to the composer server # -################################################ - -# The OAuth server URL. -# REQUIRED -osbuild_worker_authentication_oauth_url: "" -# The OAuth client ID. -# REQUIRED -osbuild_worker_authentication_client_id: "" -# Local path to the worker OAuth client secret file. If not empty, this file will be -# copied to the worker to {{ osbuild_worker_authentication_client_secret_path }}. -# REQUIRED (if osbuild_worker_authentication_offline_token_file not specified) -osbuild_worker_authentication_client_secret_file: "" -# Path to the worker OAuth client secret file on the worker. If empty, -# defaults to {{ osbuild_worker_authentication_client_secret_path_default }}. -osbuild_worker_authentication_client_secret_path: "" -# Local path to the worker OAuth offline token file. If not empty, this file will be -# copied to the worker to {{ osbuild_worker_authentication_offline_token_path }}. -# REQUIRED (if osbuild_worker_authentication_client_secret_file not specified) -osbuild_worker_authentication_offline_token_file: "" -# Path to the worker OAuth offline token file on the worker. If empty, -# defaults to {{ osbuild_worker_authentication_offline_token_path_default }}. -osbuild_worker_authentication_offline_token_path: "" - -########################## -# Configuration for Koji # -########################## - -osbuild_worker_koji_instances: [] -# example: -# osbuild_worker_koji_instances: -# - koji_host: "koji.example.com" -# krb_principal: "osbuild-automation@EXAMPLE.COM" -# # Local path to the krb keytab file. If not empty, this file will be -# # copied to the worker to {{ krb_keytab_path }}. -# krb_keytab_file: "" -# # Path to the krb keytab file on the worker. If empty, a default path -# # under {{ osbuild_worker_config_dir }} with filename -# # "client_{{ koji_host }}.keytab" will be used. -# krb_keytab_path: "" -# relax_timeout_factor: 5 - -########################### -# Configuration for Azure # -########################### - -# Local path to the Azure credentials file. If not empty, this file will be -# copied to the worker to {{ osbuild_worker_azure_credentials_path }}. -osbuild_worker_azure_credentials_file: "" -# Path to the Azure credentials file on the worker. If empty, -# defaults to {{ osbuild_worker_azure_credentials_path_default }}. -osbuild_worker_azure_credentials_path: "" -# Number of threads to use when uploading image blob to Azure. If 0, no -# explicit value is set in the configuration file and the worker will use -# its internal default. Set to a positive integer to override the default. -osbuild_worker_azure_upload_threads: 0 - -######################### -# Configuration for AWS # -######################### - -# Local path to the AWS credentials file. If not empty, this file will be -# copied to the worker to {{ osbuild_worker_aws_credentials_path }}. -osbuild_worker_aws_credentials_file: "" -# Path to the AWS credentials file on the worker. If empty, -# defaults to {{ osbuild_worker_aws_credentials_path_default }}. -osbuild_worker_aws_credentials_path: "" -osbuild_worker_aws_bucket: "" - -######################### -# Configuration for GCP # -######################### - -# Local path to the GCP credentials file. If not empty, this file will be -# copied to the worker to {{ osbuild_worker_gcp_credentials_path }}. -osbuild_worker_gcp_credentials_file: "" -# Path to the GCP credentials file on the worker. If empty, -# defaults to {{ osbuild_worker_gcp_credentials_path_default }}. -osbuild_worker_gcp_credentials_path: "" -osbuild_worker_gcp_bucket: "" diff --git a/roles/ansible-osbuild-worker/handlers/main.yml b/roles/ansible-osbuild-worker/handlers/main.yml deleted file mode 100644 index 08e2d30ad9..0000000000 --- a/roles/ansible-osbuild-worker/handlers/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Restart remote worker - become: true - ansible.builtin.systemd: - name: "{{ osbuild_worker_remote_worker_service_name }}{{ osbuild_worker_server_hostname }}" - daemon_reload: true - state: restarted diff --git a/roles/ansible-osbuild-worker/meta/.galaxy_install_info b/roles/ansible-osbuild-worker/meta/.galaxy_install_info deleted file mode 100644 index b669cc89fa..0000000000 --- a/roles/ansible-osbuild-worker/meta/.galaxy_install_info +++ /dev/null @@ -1,2 +0,0 @@ -install_date: "\xDAt\_20.\_\u010Dervna\_2023,\_16:41:07" -version: main diff --git a/roles/ansible-osbuild-worker/meta/main.yml b/roles/ansible-osbuild-worker/meta/main.yml deleted file mode 100644 index c7028fd16b..0000000000 --- a/roles/ansible-osbuild-worker/meta/main.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -galaxy_info: - role_name: osbuild_worker - namespace: osbuild - author: Tomáš Hozza - description: Ansible role for deploying osbuild-composer worker - company: Red Hat - issue_tracker_url: https://github.com/osbuild/ansible-osbuild-worker/issues - license: Apache-2.0 - min_ansible_version: "2.1" - platforms: - - name: Fedora - versions: - - all - - name: EL - versions: - - "8" - - "9" - galaxy_tags: - - "osbuild" - - "composer" - - "worker" - -dependencies: [] diff --git a/roles/ansible-osbuild-worker/tasks/deploy_worker.yml b/roles/ansible-osbuild-worker/tasks/deploy_worker.yml deleted file mode 100644 index 3911b298aa..0000000000 --- a/roles/ansible-osbuild-worker/tasks/deploy_worker.yml +++ /dev/null @@ -1,97 +0,0 @@ ---- -# tasks to deploy osbuild worker -- name: Install osbuild-composer-worker - become: true - ansible.builtin.dnf: - name: - - osbuild-composer-worker - state: installed - update_cache: true - -- name: Create worker configuration directory - become: true - ansible.builtin.file: - path: "{{ osbuild_worker_config_dir }}" - state: directory - mode: "{{ osbuild_worker_config_dir_mode }}" - -- name: Copy secrets to the worker - become: true - ansible.builtin.copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: "{{ osbuild_worker_secrets_owner }}" - group: "{{ osbuild_worker_secrets_group }}" - mode: "{{ osbuild_worker_secrets_mode }}" - loop: - - { src: "{{ osbuild_worker_authentication_client_secret_file }}", dest: "{{ osbuild_worker_authentication_client_secret_path }}" } - - { src: "{{ osbuild_worker_authentication_offline_token_file }}", dest: "{{ osbuild_worker_authentication_offline_token_path }}" } - - { src: "{{ osbuild_worker_azure_credentials_file }}", dest: "{{ osbuild_worker_azure_credentials_path }}" } - - { src: "{{ osbuild_worker_aws_credentials_file }}", dest: "{{ osbuild_worker_aws_credentials_path }}" } - - { src: "{{ osbuild_worker_gcp_credentials_file }}", dest: "{{ osbuild_worker_gcp_credentials_path }}" } - when: item.src | length > 0 and item.dest | length > 0 - notify: Restart remote worker - -- name: Copy Koji keytabs to the worker - become: true - ansible.builtin.copy: - src: "{{ item.krb_keytab_file }}" - dest: "{{ item.krb_keytab_path }}" - owner: "{{ osbuild_worker_secrets_owner }}" - group: "{{ osbuild_worker_secrets_group }}" - mode: "{{ osbuild_worker_secrets_mode }}" - loop: "{{ _osbuild_worker_koji_instances }}" - when: _osbuild_worker_koji_instances is defined and _osbuild_worker_koji_instances | length > 0 - notify: Restart remote worker - -- name: Configure osbuild-remote-worker to use proxy - when: osbuild_worker_proxy_server_hostname | length > 0 - become: true - block: - - name: Create drop-in directory for osbuild-remote-worker service - ansible.builtin.file: - path: "{{ osbuild_worker_remote_worker_service_dropin_dir }}" - state: directory - mode: '0755' - - - name: Configure osbuild-remote-worker to use proxy using drop-in - ansible.builtin.template: - src: templates/osbuild-remote-worker-proxy.conf.j2 - dest: "{{ osbuild_worker_remote_worker_service_proxy_dropin_file }}" - mode: '0644' - notify: Restart remote worker - -- name: Copy osbuild-worker configuration file - become: true - ansible.builtin.template: - src: templates/osbuild-worker.toml.j2 - dest: "{{ osbuild_worker_config_file }}" - mode: "{{ osbuild_worker_config_file_mode }}" - notify: Restart remote worker - -- name: Stop any unwanted osbuild-remote-worker services - become: true - block: - - name: Populate service facts - ansible.builtin.service_facts: - - - name: Filter any unwanted osbuild-remote-worker services - ansible.builtin.set_fact: - osbuild_remote_worker_services_unwanted: "{{ ansible_facts.services | list | select('regex', '^osbuild-remote-worker@.+.service$') - | difference([_osbuild_remote_worker_service_wanted]) }}" - vars: - _osbuild_remote_worker_service_wanted: "{{ osbuild_worker_remote_worker_service_name }}{{ osbuild_worker_server_hostname }}.service" - - - name: Stop and disable any running osbuild-remote-worker service for a different server - ansible.builtin.service: - name: "{{ item }}" - state: stopped - enabled: false - loop: "{{ osbuild_remote_worker_services_unwanted }}" - -- name: Start and enable osbuild-remote-worker service - become: true - ansible.builtin.service: - name: "{{ osbuild_worker_remote_worker_service_name }}{{ osbuild_worker_server_hostname }}.service" - state: started - enabled: true diff --git a/roles/ansible-osbuild-worker/tasks/main.yml b/roles/ansible-osbuild-worker/tasks/main.yml deleted file mode 100644 index 74f8e6948d..0000000000 --- a/roles/ansible-osbuild-worker/tasks/main.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -# tasks for osbuild_worker role - -- name: Validate set role variables - ansible.builtin.include_tasks: tasks/vars_validate.yml - -- name: Define unset role variables - ansible.builtin.include_tasks: tasks/vars_define.yml - -- name: Install and configure osbuild-composer worker - ansible.builtin.include_tasks: tasks/deploy_worker.yml diff --git a/roles/ansible-osbuild-worker/tasks/vars_define.yml b/roles/ansible-osbuild-worker/tasks/vars_define.yml deleted file mode 100644 index a14be2d3d2..0000000000 --- a/roles/ansible-osbuild-worker/tasks/vars_define.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# tasks to define potentially missing variables - -- name: Define worker Oauth client secret path if not defined - ansible.builtin.set_fact: - osbuild_worker_authentication_client_secret_path: "{{ osbuild_worker_authentication_client_secret_path_default }}" - when: osbuild_worker_authentication_client_secret_file | length > 0 and osbuild_worker_authentication_client_secret_path | length == 0 - -- name: Define worker Oauth offline token path if not defined - ansible.builtin.set_fact: - osbuild_worker_authentication_offline_token_path: "{{ osbuild_worker_authentication_offline_token_path_default }}" - when: osbuild_worker_authentication_offline_token_file | length > 0 and osbuild_worker_authentication_offline_token_path | length == 0 - -- name: Define Azure credentials path on worker if not defined - ansible.builtin.set_fact: - osbuild_worker_azure_credentials_path: "{{ osbuild_worker_azure_credentials_path_default }}" - when: osbuild_worker_azure_credentials_file | length > 0 and osbuild_worker_azure_credentials_path | length == 0 - -- name: Define AWS credentials path on worker if not defined - ansible.builtin.set_fact: - osbuild_worker_aws_credentials_path: "{{ osbuild_worker_aws_credentials_path_default }}" - when: osbuild_worker_aws_credentials_file | length > 0 and osbuild_worker_aws_credentials_path | length == 0 - -- name: Define GCP credentials path on worker if not defined - ansible.builtin.set_fact: - osbuild_worker_gcp_credentials_path: "{{ osbuild_worker_gcp_credentials_path_default }}" - when: osbuild_worker_gcp_credentials_file | length > 0 and osbuild_worker_gcp_credentials_path | length == 0 - -- name: Ensure that Koji keytab paths on worker are defined - ansible.builtin.set_fact: - _osbuild_worker_koji_instances: "{{ (_osbuild_worker_koji_instances | default([])) + [_item] }}" - vars: - _krb_keytab_path: "{{ (item.krb_keytab_path is not defined or item.krb_keytab_path | length == 0) | \ - ternary(osbuild_worker_config_dir + '/client_' + item.koji_host + '.keytab', item.krb_keytab_path) }}" - _item: "{{ item | combine({'krb_keytab_path': _krb_keytab_path}) }}" - loop: "{{ osbuild_worker_koji_instances }}" diff --git a/roles/ansible-osbuild-worker/tasks/vars_validate.yml b/roles/ansible-osbuild-worker/tasks/vars_validate.yml deleted file mode 100644 index 4a33bf1ec4..0000000000 --- a/roles/ansible-osbuild-worker/tasks/vars_validate.yml +++ /dev/null @@ -1,123 +0,0 @@ ---- -# tasks to validate variable values - -- name: Check that required variables are set - block: - - name: Check that osbuild_worker_server_hostname is set - ansible.builtin.assert: - quiet: true - that: - - osbuild_worker_server_hostname is defined - - osbuild_worker_server_hostname | length > 0 - fail_msg: "osbuild_worker_server_hostname must be set" - - - name: Check that osbuild_worker_authentication_oauth_url is set - ansible.builtin.assert: - quiet: true - that: - - osbuild_worker_authentication_oauth_url is defined - - osbuild_worker_authentication_oauth_url | length > 0 - fail_msg: "osbuild_worker_authentication_oauth_url must be set" - - - name: Check that osbuild_worker_authentication_client_id is set - ansible.builtin.assert: - quiet: true - that: - - osbuild_worker_authentication_client_id is defined - - osbuild_worker_authentication_client_id | length > 0 - fail_msg: "osbuild_worker_authentication_client_id must be set" - - - name: Check that at least one of osbuild_worker_authentication_client_secret_file or osbuild_worker_authentication_offline_token_file is set - ansible.builtin.assert: - quiet: true - that: - - is_client_secret_file_defined or is_offline_token_file_defined - fail_msg: "At least one of osbuild_worker_authentication_client_secret_file and osbuild_worker_authentication_offline_token_file must be set" - vars: - is_client_secret_file_defined: - "{{ osbuild_worker_authentication_client_secret_file is defined and osbuild_worker_authentication_client_secret_file | length > 0 }}" - is_offline_token_file_defined: - "{{ osbuild_worker_authentication_offline_token_file is defined and osbuild_worker_authentication_offline_token_file | length > 0 }}" - -- name: Check optional variables - block: - - name: Check that osbuild_worker_authentication_client_secret_file is set if osbuild_worker_authentication_client_secret_path is set - ansible.builtin.assert: - quiet: true - that: - - osbuild_worker_authentication_client_secret_file is defined - - osbuild_worker_authentication_client_secret_file | length > 0 - fail_msg: "osbuild_worker_authentication_client_secret_file must be set if osbuild_worker_authentication_client_secret_path is set" - when: osbuild_worker_authentication_client_secret_path | length > 0 - - - name: Check that osbuild_worker_authentication_offline_token_file is set if osbuild_worker_authentication_offline_token_path is set - ansible.builtin.assert: - quiet: true - that: - - osbuild_worker_authentication_offline_token_file is defined - - osbuild_worker_authentication_offline_token_file | length > 0 - fail_msg: "osbuild_worker_authentication_offline_token_file must be set if osbuild_worker_authentication_offline_token_path is set" - when: osbuild_worker_authentication_offline_token_path | length > 0 - - - name: Check Koji variables - when: osbuild_worker_koji_instances | length > 0 - block: - - name: Check that required Koji variables are set - ansible.builtin.assert: - quiet: true - that: - - item.koji_host is defined - - item.koji_host | length > 0 - - item.krb_principal is defined - - item.krb_principal | length > 0 - - item.krb_keytab_file is defined - - item.krb_keytab_file | length > 0 - fail_msg: All of koji_host, krb_principal, and krb_keytab_file must be set for each Koji instance - loop: "{{ osbuild_worker_koji_instances }}" - - - name: Check that relax_timeout_factor is a positive integer - ansible.builtin.assert: - quiet: true - that: - - item.relax_timeout_factor | int > 0 - fail_msg: relax_timeout_factor must be a positive integer if set - loop: "{{ osbuild_worker_koji_instances }}" - when: item.relax_timeout_factor is defined - - - name: Check Azure variables - block: - - name: Check that no Azure variables are set if osbuild_worker_azure_credentials_file is not set - ansible.builtin.assert: - quiet: true - that: - - osbuild_worker_azure_credentials_path | length == 0 - - osbuild_worker_azure_upload_threads == 0 - fail_msg: "osbuild_worker_azure_credentials_path and osbuild_worker_azure_upload_threads must not be set - if osbuild_worker_azure_credentials_file is not set" - when: osbuild_worker_azure_credentials_file | length == 0 - - - name: Check that osbuild_worker_azure_upload_threads is a positive integer - ansible.builtin.assert: - quiet: true - that: - - osbuild_worker_azure_upload_threads | int > 0 - fail_msg: "osbuild_worker_azure_upload_threads must be a positive integer" - when: osbuild_worker_azure_upload_threads != 0 - - - name: Check that no AWS variables are set if osbuild_worker_aws_credentials_file is not set - ansible.builtin.assert: - quiet: true - that: - - osbuild_worker_aws_credentials_path | length == 0 - - osbuild_worker_aws_bucket | length == 0 - fail_msg: "osbuild_worker_aws_credentials_path and osbuild_worker_aws_bucket must not be set if osbuild_worker_aws_credentials_file is not set" - when: osbuild_worker_aws_credentials_file | length == 0 - - - name: Check that no GCP variables are set if osbuild_worker_gcp_credentials_file is not set - ansible.builtin.assert: - quiet: true - that: - - osbuild_worker_gcp_credentials_path | length == 0 - - osbuild_worker_gcp_bucket | length == 0 - fail_msg: "osbuild_worker_gcp_credentials_path and osbuild_worker_gcp_bucket must not be set if osbuild_worker_gcp_credentials_file is not set" - when: osbuild_worker_gcp_credentials_file | length == 0 diff --git a/roles/ansible-osbuild-worker/templates/osbuild-remote-worker-proxy.conf.j2 b/roles/ansible-osbuild-worker/templates/osbuild-remote-worker-proxy.conf.j2 deleted file mode 100644 index 134c72baec..0000000000 --- a/roles/ansible-osbuild-worker/templates/osbuild-remote-worker-proxy.conf.j2 +++ /dev/null @@ -1,6 +0,0 @@ -[Service] -Environment="http_proxy={{ osbuild_worker_proxy_server_hostname }}:{{ osbuild_worker_proxy_server_port }}" -Environment="https_proxy={{ osbuild_worker_proxy_server_hostname }}:{{ osbuild_worker_proxy_server_port }}" -{% if osbuild_worker_no_proxy_domains is defined and osbuild_worker_no_proxy_domains | length > 0 %} -Environment="no_proxy={{ osbuild_worker_no_proxy_domains | join(',') }}" -{% endif %} diff --git a/roles/ansible-osbuild-worker/templates/osbuild-worker.toml.j2 b/roles/ansible-osbuild-worker/templates/osbuild-worker.toml.j2 deleted file mode 100644 index cb5f104c99..0000000000 --- a/roles/ansible-osbuild-worker/templates/osbuild-worker.toml.j2 +++ /dev/null @@ -1,52 +0,0 @@ -# {{ ansible_managed }} - -{% if osbuild_worker_server_api_base_path %} -base_path = "{{ osbuild_worker_server_api_base_path }}" - -{% endif %} -[authentication] -oauth_url = "{{ osbuild_worker_authentication_oauth_url }}" -client_id = "{{ osbuild_worker_authentication_client_id }}" -{% if osbuild_worker_authentication_client_secret_path %} -client_secret = "{{ osbuild_worker_authentication_client_secret_path }}" -{% endif %} -{%if osbuild_worker_authentication_offline_token_path %} -offline_token = "{{ osbuild_worker_authentication_offline_token_path }}" -{% endif %} - -{% if _osbuild_worker_koji_instances is defined %} -{% for koji_instance in _osbuild_worker_koji_instances %} -{% if koji_instance.relax_timeout_factor is defined %} -[koji."{{ koji_instance.koji_host }}"] -relax_timeout_factor = {{ koji_instance.relax_timeout_factor }} - -{% endif %} -[koji."{{ koji_instance.koji_host }}".kerberos] -principal = "{{ koji_instance.krb_principal }}" -keytab = "{{ koji_instance.krb_keytab_path }}" - -{% endfor %} -{% endif %} -{% if osbuild_worker_azure_credentials_path is defined and osbuild_worker_azure_credentials_path %} -[azure] -credentials = "{{ osbuild_worker_azure_credentials_path }}" -{% if osbuild_worker_azure_upload_threads is defined %} -upload_threads = {{ osbuild_worker_azure_upload_threads }} -{% endif %} - -{% endif %} -{% if osbuild_worker_aws_credentials_path is defined and osbuild_worker_aws_credentials_path %} -[aws] -credentials = "{{ osbuild_worker_aws_credentials_path }}" -{% if osbuild_worker_aws_bucket is defined %} -bucket = "{{ osbuild_worker_aws_bucket }}" -{% endif %} - -{% endif %} -{% if osbuild_worker_gcp_credentials_path is defined and osbuild_worker_gcp_credentials_path %} -[gcp] -credentials = "{{ osbuild_worker_gcp_credentials_path }}" -{% if osbuild_worker_gcp_bucket is defined %} -bucket = "{{ osbuild_worker_gcp_bucket }}" -{% endif %} -{% endif %} diff --git a/roles/ansible-osbuild-worker/vars/main.yml b/roles/ansible-osbuild-worker/vars/main.yml deleted file mode 100644 index 788004a2f7..0000000000 --- a/roles/ansible-osbuild-worker/vars/main.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# vars file for osbuild_worker - -osbuild_worker_config_dir: /etc/osbuild-worker -osbuild_worker_config_dir_mode: '0755' - -osbuild_worker_config_file: "{{ osbuild_worker_config_dir }}/osbuild-worker.toml" -osbuild_worker_config_file_mode: '0644' - -osbuild_worker_remote_worker_service_name: osbuild-remote-worker@ -osbuild_worker_remote_worker_service_dropin_dir: /etc/systemd/system/{{ osbuild_worker_remote_worker_service_name }}.service.d -osbuild_worker_remote_worker_service_proxy_dropin_file: "{{ osbuild_worker_remote_worker_service_dropin_dir }}/proxy.conf" - -osbuild_worker_secrets_owner: root -osbuild_worker_secrets_group: root -osbuild_worker_secrets_mode: '0400' - -osbuild_worker_authentication_client_secret_path_default: "{{ osbuild_worker_config_dir }}/client_secret" -osbuild_worker_authentication_offline_token_path_default: "{{ osbuild_worker_config_dir }}/offline_token" - -osbuild_worker_azure_credentials_path_default: "{{ osbuild_worker_config_dir }}/azure-credentials" -osbuild_worker_aws_credentials_path_default: "{{ osbuild_worker_config_dir }}/aws-credentials" -osbuild_worker_gcp_credentials_path_default: "{{ osbuild_worker_config_dir }}/gcp-credentials" diff --git a/roles/ansible-server/files/dns_check.py b/roles/ansible-server/files/dns_check.py index 5b630d291b..786a25c8df 100644 --- a/roles/ansible-server/files/dns_check.py +++ b/roles/ansible-server/files/dns_check.py @@ -10,7 +10,6 @@ ZONE_REGEX = "(\S+)\s+IN\s+([A-Z]+)\s+(\S+)" DNS_REGEX = "([a-z0-9._-]+)$" ZONE_FILENAMES = [ - "master/0.16.10.in-addr.arpa", "master/125.5.10.in-addr.arpa", "master/126.5.10.in-addr.arpa", "master/127.5.10.in-addr.arpa", diff --git a/roles/ansible-server/files/requirements.yml b/roles/ansible-server/files/requirements.yml deleted file mode 100644 index 60a4061609..0000000000 --- a/roles/ansible-server/files/requirements.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -roles: - # Needed for copr-pulp playbooks - # https://pagure.io/fedora-infrastructure/issue/11396 - - name: geerlingguy.postgresql - version: 3.5.0 - -collections: - # Needed for Zabbix playbooks - - name: community.zabbix - version: 3.3.0 - # Needed for copr - - name: amazon.aws - version: 4.1.0 - # Needed for logview and fedora-messaging plugins - - name: ansible.utils - version: 4.1.0 - # Needed for efs mgmt for communishift - - name: community.aws - version: 4.1.1 - # Needed by ipa roles - - name: community.general - version: 9.5.5 - # Needed by communishift - - name: community.okd - version: 2.2.0 - # Needed for helm/forgejo deployment - - name: kubernetes.core - version: 2.3.2 - # Needed for misc playbooks - - name: ansible.netcommon - version: 6.1.3 - # Needed because other collections pull in 2.0.0, which we do not want - - name: ansible.posix - version: 1.6.1 diff --git a/roles/ansible-server/tasks/main.yml b/roles/ansible-server/tasks/main.yml index b592fc5ebd..fc034dfd4f 100644 --- a/roles/ansible-server/tasks/main.yml +++ b/roles/ansible-server/tasks/main.yml @@ -2,34 +2,33 @@ # # Setup ansible-server instance # -- name: Install needed packages - ansible.builtin.package: - name: - - ansible-core - - git-core - - ansible-collection-ansible-posix - - ansible-collection-community-general - - ansible-collection-community-mysql - - ansible-collection-community-docker - - ansible-collection-community-libvirt - - ansible-collection-community-rabbitmq - - ansible-collection-community-postgresql - - ansible-collection-pulp-pulp_installer +- name: install needed packages + package: name={{ item }} state=present + with_items: + - ansible + - git tags: - packages - ansible-server -- name: Generate default ansible config - ansible.builtin.template: src=ansible.cfg.j2 dest=/etc/ansible/ansible.cfg owner=root group=root mode=0644 +- name: generate default ansible config + template: src=ansible.cfg.j2 dest=/etc/ansible/ansible.cfg owner=root group=root mode=0644 tags: - ansible-server -- name: Installing the phx2 dns check script - ansible.builtin.copy: src=dns_check.py dest=/usr/local/bin/dns_check owner=root mode=0755 +- name: installing the phx2 dns check script + copy: src=dns_check.py dest=/usr/local/bin/dns_check owner=root mode=0755 tags: - ansible-server -- name: Install required collections - ansible.builtin.command: ansible-galaxy install -r {{ ansible_base }}/ansible/roles/ansible-server/files/requirements.yml - tags: - - ansible-server +# https://github.com/ansible/ansible-modules-core/pull/4070 +#- name: Fix the nova_compute module +# patch: src=4070.patch +# dest=/usr/lib/python2.7/site-packages/ansible/modules/cloud/openstack/_nova_compute.py +# +# +# TODO: +# cgit? +# rbac-playbook? +# zodbot notifications? +# diff --git a/roles/ansible-server/templates/ansible.cfg.j2 b/roles/ansible-server/templates/ansible.cfg.j2 index 9d095a7ccd..7fbba5506e 100644 --- a/roles/ansible-server/templates/ansible.cfg.j2 +++ b/roles/ansible-server/templates/ansible.cfg.j2 @@ -1,993 +1,487 @@ +# config file for ansible -- https://ansible.com/ +# =============================================== + +# nearly all parameters can be overridden in ansible-playbook +# or with command line flags. ansible will read ANSIBLE_CONFIG, +# ansible.cfg in the current working directory, .ansible.cfg in +# the home directory or /etc/ansible/ansible.cfg, whichever it +# finds first + [defaults] -# (boolean) By default Ansible will issue a warning when received from a task action (module or action plugin) -# These warnings can be silenced by adjusting this setting to False. -;action_warnings=True - -# (list) Accept list of cowsay templates that are 'safe' to use, set to empty list if you want to enable all installed templates. -;cowsay_enabled_stencils=bud-frogs, bunny, cheese, daemon, default, dragon, elephant-in-snake, elephant, eyes, hellokitty, kitty, luke-koala, meow, milk, moofasa, moose, ren, sheep, small, stegosaurus, stimpy, supermilker, three-eyes, turkey, turtle, tux, udder, vader-koala, vader, www - -# (string) Specify a custom cowsay path or swap in your cowsay implementation of choice -;cowpath= - -# (string) This allows you to chose a specific cowsay stencil for the banners or use 'random' to cycle through them. -;cow_selection=default - -# (boolean) This option forces color mode even when running without a TTY or the "nocolor" setting is True. -;force_color=False - -# (boolean) This setting allows suppressing colorizing output, which is used to give a better indication of failure and status information. -;nocolor=False - -# (boolean) If you have cowsay installed but want to avoid the 'cows' (why????), use this. -;nocows=False - -# (boolean) Sets the default value for the any_errors_fatal keyword, if True, Task failures will be considered fatal errors. -;any_errors_fatal=False - -# (path) The password file to use for the become plugin. --become-password-file. -# If executable, it will be run and the resulting stdout will be used as the password. -;become_password_file= - -# (pathspec) Colon separated paths in which Ansible will search for Become Plugins. -;become_plugins=~/.ansible/plugins/become:/usr/share/ansible/plugins/become - -# (string) Chooses which cache plugin to use, the default 'memory' is ephemeral. -;fact_caching=memory -fact_caching=jsonfile - -# (string) Defines connection or path information for the cache plugin -;fact_caching_connection= -fact_caching_connection=~/.ansible_facts_cache - -# (string) Prefix to use for cache plugin files/tables -;fact_caching_prefix=ansible_facts - -# (integer) Expiration timeout for the cache plugin data -;fact_caching_timeout=86400 - -# (list) Whitelist of callable methods to be made available to template evaluation -;callable_enabled= - -# (list) List of enabled callbacks, not all callbacks need enabling, but many of those shipped with Ansible do as we don't want them activated by default. -;callbacks_enabled= -callbacks_enabled=profile_roles,profile_tasks,logdetail,fedora_messaging_callback - -# (string) When a collection is loaded that does not support the running Ansible version (via the collection metadata key `requires_ansible`), the default behavior is to issue a warning and continue anyway. Setting this value to `ignore` skips the warning entirely, while setting it to `fatal` will immediately halt Ansible execution. -;collections_on_ansible_version_mismatch=warning - -# (pathspec) Colon separated paths in which Ansible will search for collections content. Collections must be in nested *subdirectories*, not directly in these directories. For example, if ``COLLECTIONS_PATHS`` includes ``~/.ansible/collections``, and you want to add ``my.collection`` to that directory, it must be saved as ``~/.ansible/collections/ansible_collections/my/collection``. - -;collections_path=~/.ansible/collections:/usr/share/ansible/collections - -# (boolean) A boolean to enable or disable scanning the sys.path for installed collections -;collections_scan_sys_path=True - -# (boolean) Ansible can issue a warning when the shell or command module is used and the command appears to be similar to an existing Ansible module. -# These warnings can be silenced by adjusting this setting to False. You can also control this at the task level with the module option ``warn``. -# As of version 2.11, this is disabled by default. -;command_warnings=False - -# (path) The password file to use for the connection plugin. --connection-password-file. -;connection_password_file= - -# (pathspec) Colon separated paths in which Ansible will search for Action Plugins. -;action_plugins=~/.ansible/plugins/action:/usr/share/ansible/plugins/action -action_plugins={{ ansible_base }}/ansible/action_plugins:~/.ansible/plugins/action:/usr/share/ansible/plugins/action - -# (boolean) When enabled, this option allows lookup plugins (whether used in variables as or as a loop as with_foo) to return data that is not marked 'unsafe'. -# By default, such data is marked as unsafe to prevent the templating engine from evaluating any jinja2 templating language, as this could represent a security risk. This option is provided to allow for backward compatibility, however users should first consider adding allow_unsafe=True to any lookups which may be expected to contain data which may be run through the templating engine late -;allow_unsafe_lookups=False - -# (boolean) This controls whether an Ansible playbook should prompt for a login password. If using SSH keys for authentication, you probably do not needed to change this setting. -;ask_pass=False - -# (boolean) This controls whether an Ansible playbook should prompt for a vault password. -;ask_vault_pass=False - -# (pathspec) Colon separated paths in which Ansible will search for Cache Plugins. -;cache_plugins=~/.ansible/plugins/cache:/usr/share/ansible/plugins/cache -cache_plugins={{ ansible_base }}/ansible/cache_plugins:~/.ansible/plugins/cache:/usr/share/ansible/plugins/cache - -# (pathspec) Colon separated paths in which Ansible will search for Callback Plugins. -;callback_plugins=~/.ansible/plugins/callback:/usr/share/ansible/plugins/callback -callback_plugins={{ ansible_base }}/ansible/callback_plugins:~/.ansible/plugins/callback:/usr/share/ansible/plugins/callback - -# (pathspec) Colon separated paths in which Ansible will search for Cliconf Plugins. -;cliconf_plugins=~/.ansible/plugins/cliconf:/usr/share/ansible/plugins/cliconf - -# (pathspec) Colon separated paths in which Ansible will search for Connection Plugins. -;connection_plugins=~/.ansible/plugins/connection:/usr/share/ansible/plugins/connection -connection_plugins={{ ansible_base }}/ansible/connection_plugins:~/.ansible/plugins/connection:/usr/share/ansible/plugins/connection - -# (boolean) Toggles debug output in Ansible. This is *very* verbose and can hinder multiprocessing. Debug output can also include secret information despite no_log settings being enabled, which means debug mode should not be used in production. -;debug=False - -# (string) This indicates the command to use to spawn a shell under for Ansible's execution needs on a target. Users may need to change this in rare instances when shell usage is constrained, but in most cases it may be left as is. -;executable=/bin/sh - -# (string) This option allows you to globally configure a custom path for 'local_facts' for the implied M(ansible.builtin.setup) task when using fact gathering. -# If not set, it will fallback to the default from the M(ansible.builtin.setup) module: ``/etc/ansible/facts.d``. -# This does **not** affect user defined tasks that use the M(ansible.builtin.setup) module. -;fact_path= - -# (pathspec) Colon separated paths in which Ansible will search for Jinja2 Filter Plugins. -;filter_plugins=~/.ansible/plugins/filter:/usr/share/ansible/plugins/filter -filter_plugins={{ ansible_base }}/ansible/filter_plugins:~/.ansible/plugins/filter:/usr/share/ansible/plugins/filter - -# (boolean) This option controls if notified handlers run on a host even if a failure occurs on that host. -# When false, the handlers will not run if a failure has occurred on a host. -# This can also be set per play or on the command line. See Handlers and Failure for more details. -;force_handlers=False - -# (integer) Maximum number of forks Ansible will use to execute tasks on target hosts. -;forks=5 -forks=150 - -# (string) This setting controls the default policy of fact gathering (facts discovered about remote systems). -# When 'implicit' (the default), the cache plugin will be ignored and facts will be gathered per play unless 'gather_facts: False' is set. -# When 'explicit' the inverse is true, facts will not be gathered unless directly requested in the play. -# The 'smart' value means each new host that has no facts discovered will be scanned, but if the same host is addressed in multiple plays it will not be contacted again in the playbook run. -# This option can be useful for those wishing to save fact gathering time. Both 'smart' and 'explicit' will use the cache plugin. -;gathering=implicit -gathering=smart - -# (list) Set the `gather_subset` option for the M(ansible.builtin.setup) task in the implicit fact gathering. See the module documentation for specifics. -# It does **not** apply to user defined M(ansible.builtin.setup) tasks. -;gather_subset=all - -# (integer) Set the timeout in seconds for the implicit fact gathering. -# It does **not** apply to user defined M(ansible.builtin.setup) tasks. -;gather_timeout=10 - -# (string) This setting controls how duplicate definitions of dictionary variables (aka hash, map, associative array) are handled in Ansible. -# This does not affect variables whose values are scalars (integers, strings) or arrays. -# **WARNING**, changing this setting is not recommended as this is fragile and makes your content (plays, roles, collections) non portable, leading to continual confusion and misuse. Don't change this setting unless you think you have an absolute need for it. -# We recommend avoiding reusing variable names and relying on the ``combine`` filter and ``vars`` and ``varnames`` lookups to create merged versions of the individual variables. In our experience this is rarely really needed and a sign that too much complexity has been introduced into the data structures and plays. -# For some uses you can also look into custom vars_plugins to merge on input, even substituting the default ``host_group_vars`` that is in charge of parsing the ``host_vars/`` and ``group_vars/`` directories. Most users of this setting are only interested in inventory scope, but the setting itself affects all sources and makes debugging even harder. -# All playbooks and roles in the official examples repos assume the default for this setting. -# Changing the setting to ``merge`` applies across variable sources, but many sources will internally still overwrite the variables. For example ``include_vars`` will dedupe variables internally before updating Ansible, with 'last defined' overwriting previous definitions in same file. -# The Ansible project recommends you **avoid ``merge`` for new projects.** -# It is the intention of the Ansible developers to eventually deprecate and remove this setting, but it is being kept as some users do heavily rely on it. New projects should **avoid 'merge'**. -;hash_behaviour=replace -hash_behaviour=merge - -# (pathlist) Comma separated list of Ansible inventory sources -;inventory=/etc/ansible/hosts -inventory={{ ansible_base }}/ansible/inventory - -# (pathspec) Colon separated paths in which Ansible will search for HttpApi Plugins. -;httpapi_plugins=~/.ansible/plugins/httpapi:/usr/share/ansible/plugins/httpapi - -# (float) This sets the interval (in seconds) of Ansible internal processes polling each other. Lower values improve performance with large playbooks at the expense of extra CPU load. Higher values are more suitable for Ansible usage in automation scenarios, when UI responsiveness is not required but CPU usage might be a concern. -# The default corresponds to the value hardcoded in Ansible <= 2.1 -;internal_poll_interval=0.001 - -# (pathspec) Colon separated paths in which Ansible will search for Inventory Plugins. -;inventory_plugins=~/.ansible/plugins/inventory:/usr/share/ansible/plugins/inventory - -# (string) This is a developer-specific feature that allows enabling additional Jinja2 extensions. -# See the Jinja2 documentation for details. If you do not know what these do, you probably don't need to change this setting :) -;jinja2_extensions=[] - -# (boolean) This option preserves variable types during template operations. This requires Jinja2 >= 2.10. -;jinja2_native=False - -# (boolean) Enables/disables the cleaning up of the temporary files Ansible used to execute the tasks on the remote. -# If this option is enabled it will disable ``ANSIBLE_PIPELINING``. -;keep_remote_files=False - -# (boolean) Controls whether callback plugins are loaded when running /usr/bin/ansible. This may be used to log activity from the command line, send notifications, and so on. Callback plugins are always loaded for ``ansible-playbook``. -;bin_ansible_callbacks=False - -# (tmppath) Temporary directory for Ansible to use on the controller. -;local_tmp=~/.ansible/tmp - -# (list) List of logger names to filter out of the log file -;log_filter= - -# (path) File to which Ansible will log on the controller. When empty logging is disabled. -;log_path= - -# (pathspec) Colon separated paths in which Ansible will search for Lookup Plugins. -;lookup_plugins=~/.ansible/plugins/lookup:/usr/share/ansible/plugins/lookup -lookup_plugins={{ ansible_base }}/ansible/lookup_plugins:~/.ansible/plugins/lookup:/usr/share/ansible/plugins/lookup - -# (string) Sets the macro for the 'ansible_managed' variable available for M(ansible.builtin.template) and M(ansible.windows.win_template) modules. This is only relevant for those two modules. -;ansible_managed=Ansible managed - -# (string) This sets the default arguments to pass to the ``ansible`` adhoc binary if no ``-a`` is specified. -;module_args= - -# (string) Compression scheme to use when transferring Python modules to the target. -;module_compression=ZIP_DEFLATED - -# (string) Module to use with the ``ansible`` AdHoc command, if none is specified via ``-m``. -;module_name=command - -# (pathspec) Colon separated paths in which Ansible will search for Modules. -;library=~/.ansible/plugins/modules:/usr/share/ansible/plugins/modules -library={{ ansible_base }}/ansible/library:~/.ansible/plugins/modules:/usr/share/ansible/plugins/modules - -# (pathspec) Colon separated paths in which Ansible will search for Module utils files, which are shared by modules. -;module_utils=~/.ansible/plugins/module_utils:/usr/share/ansible/plugins/module_utils - -# (pathspec) Colon separated paths in which Ansible will search for Netconf Plugins. -;netconf_plugins=~/.ansible/plugins/netconf:/usr/share/ansible/plugins/netconf - -# (boolean) Toggle Ansible's display and logging of task details, mainly used to avoid security disclosures. -;no_log=False - -# (boolean) Toggle Ansible logging to syslog on the target when it executes tasks. On Windows hosts this will disable a newer style PowerShell modules from writting to the event log. -;no_target_syslog=False - -# (none) What templating should return as a 'null' value. When not set it will let Jinja2 decide. -;null_representation= - -# (integer) For asynchronous tasks in Ansible (covered in Asynchronous Actions and Polling), this is how often to check back on the status of those tasks when an explicit poll interval is not supplied. The default is a reasonably moderate 15 seconds which is a tradeoff between checking in frequently and providing a quick turnaround when something may have completed. -;poll_interval=15 - -# (path) Option for connections using a certificate or key file to authenticate, rather than an agent or passwords, you can set the default value here to avoid re-specifying --private-key with every invocation. -;private_key_file= - -# (boolean) Makes role variables inaccessible from other roles. -# This was introduced as a way to reset role variables to default values if a role is used more than once in a playbook. -;private_role_vars=False - -# (integer) Port to use in remote connections, when blank it will use the connection plugin default. -;remote_port= - -# (string) Sets the login user for the target machines -# When blank it uses the connection plugin's default, normally the user currently executing Ansible. -;remote_user= - -# (pathspec) Colon separated paths in which Ansible will search for Roles. -;roles_path=~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles -roles_path={{ ansible_base }}/ansible/roles:~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles - -# (string) Set the main callback used to display Ansible output, you can only have one at a time. -# You can have many other callbacks, but just one can be in charge of stdout. -;stdout_callback=default - -# (string) Set the default strategy used for plays. -;strategy=linear - -# (pathspec) Colon separated paths in which Ansible will search for Strategy Plugins. -;strategy_plugins=~/.ansible/plugins/strategy:/usr/share/ansible/plugins/strategy - -# (boolean) Toggle the use of "su" for tasks. -;su=False - -# (string) Syslog facility to use when Ansible logs to the remote target -;syslog_facility=LOG_USER - -# (pathspec) Colon separated paths in which Ansible will search for Terminal Plugins. -;terminal_plugins=~/.ansible/plugins/terminal:/usr/share/ansible/plugins/terminal - -# (pathspec) Colon separated paths in which Ansible will search for Jinja2 Test Plugins. -;test_plugins=~/.ansible/plugins/test:/usr/share/ansible/plugins/test - -# (integer) This is the default timeout for connection plugins to use. -;timeout=10 - -# (string) Default connection plugin to use, the 'smart' option will toggle between 'ssh' and 'paramiko' depending on controller OS and ssh versions -;transport=smart - -# (boolean) When True, this causes ansible templating to fail steps that reference variable names that are likely typoed. -# Otherwise, any ' template_expression ' that contains undefined variables will be rendered in a template or ansible action line exactly as written. -;error_on_undefined_vars=True - -# (pathspec) Colon separated paths in which Ansible will search for Vars Plugins. -;vars_plugins=~/.ansible/plugins/vars:/usr/share/ansible/plugins/vars -vars_plugins={{ ansible_base }}/ansible/vars_plugins:~/.ansible/plugins/vars:/usr/share/ansible/plugins/vars - -# (string) The vault_id to use for encrypting by default. If multiple vault_ids are provided, this specifies which to use for encryption. The --encrypt-vault-id cli option overrides the configured value. -;vault_encrypt_identity= - -# (string) The label to use for the default vault id label in cases where a vault id label is not provided -;vault_identity=default - -# (list) A list of vault-ids to use by default. Equivalent to multiple --vault-id args. Vault-ids are tried in order. -;vault_identity_list= - -# (string) If true, decrypting vaults with a vault id will only try the password from the matching vault-id -;vault_id_match=False - -# (path) The vault password file to use. Equivalent to --vault-password-file or --vault-id -# If executable, it will be run and the resulting stdout will be used as the password. -;vault_password_file= - -# (integer) Sets the default verbosity, equivalent to the number of ``-v`` passed in the command line. -;verbosity=0 - -# (boolean) Toggle to control the showing of deprecation warnings -;deprecation_warnings=True - -# (boolean) Toggle to control showing warnings related to running devel -;devel_warning=True - -# (boolean) Normally ``ansible-playbook`` will print a header for each task that is run. These headers will contain the name: field from the task if you specified one. If you didn't then ``ansible-playbook`` uses the task's action to help you tell which task is presently running. Sometimes you run many of the same action and so you want more information about the task to differentiate it from others of the same action. If you set this variable to True in the config then ``ansible-playbook`` will also include the task's arguments in the header. -# This setting defaults to False because there is a chance that you have sensitive values in your parameters and you do not want those to be printed. -# If you set this to True you should be sure that you have secured your environment's stdout (no one can shoulder surf your screen and you aren't saving stdout to an insecure file) or made sure that all of your playbooks explicitly added the ``no_log: True`` parameter to tasks which have sensitive values See How do I keep secret data in my playbook? for more information. -;display_args_to_stdout=False - -# (boolean) Toggle to control displaying skipped task/host entries in a task in the default callback -;display_skipped_hosts=True - -# (string) Root docsite URL used to generate docs URLs in warning/error text; must be an absolute URL with valid scheme and trailing slash. -;docsite_root_url=https://docs.ansible.com/ansible-core/ - -# (pathspec) Colon separated paths in which Ansible will search for Documentation Fragments Plugins. -;doc_fragment_plugins=~/.ansible/plugins/doc_fragments:/usr/share/ansible/plugins/doc_fragments - -# (string) By default Ansible will issue a warning when a duplicate dict key is encountered in YAML. -# These warnings can be silenced by adjusting this setting to False. -;duplicate_dict_key=warn - -# (boolean) Whether or not to enable the task debugger, this previously was done as a strategy plugin. -# Now all strategy plugins can inherit this behavior. The debugger defaults to activating when -# a task is failed on unreachable. Use the debugger keyword for more flexibility. -;enable_task_debugger=False - -# (boolean) Toggle to allow missing handlers to become a warning instead of an error when notifying. -;error_on_missing_handler=True - -# (list) Which modules to run during a play's fact gathering stage, using the default of 'smart' will try to figure it out based on connection type. -;facts_modules=smart -facts_modules=smart, python3_fact - -# (boolean) Set this to "False" if you want to avoid host key checking by the underlying tools Ansible uses to connect to the host -;host_key_checking=True - -# (boolean) Facts are available inside the `ansible_facts` variable, this setting also pushes them as their own vars in the main namespace. -# Unlike inside the `ansible_facts` dictionary, these will have an `ansible_` prefix. -;inject_facts_as_vars=True - -# (string) Path to the Python interpreter to be used for module execution on remote targets, or an automatic discovery mode. Supported discovery modes are ``auto`` (the default), ``auto_silent``, ``auto_legacy``, and ``auto_legacy_silent``. All discovery modes employ a lookup table to use the included system Python (on distributions known to include one), falling back to a fixed ordered list of well-known Python interpreter locations if a platform-specific default is not available. The fallback behavior will issue a warning that the interpreter should be set explicitly (since interpreters installed later may change which one is used). This warning behavior can be disabled by setting ``auto_silent`` or ``auto_legacy_silent``. The value of ``auto_legacy`` provides all the same behavior, but for backwards-compatibility with older Ansible releases that always defaulted to ``/usr/bin/python``, will use that interpreter if present. -;interpreter_python=auto - -# (boolean) If 'false', invalid attributes for a task will result in warnings instead of errors -;invalid_task_attribute_failed=True - -# (boolean) Toggle to control showing warnings related to running a Jinja version older than required for jinja2_native -;jinja2_native_warning=True - -# (boolean) By default Ansible will issue a warning when there are no hosts in the inventory. -# These warnings can be silenced by adjusting this setting to False. -;localhost_warning=True - -# (int) Maximum size of files to be considered for diff display -;max_diff_size=104448 - -# (list) List of extensions to ignore when looking for modules to load -# This is for rejecting script and binary module fallback extensions -;module_ignore_exts=dropped, regen file to see default value - -# (list) TODO: write it -;network_group_modules=eos, nxos, ios, iosxr, junos, enos, ce, vyos, sros, dellos9, dellos10, dellos6, asa, aruba, aireos, bigip, ironware, onyx, netconf, exos, voss, slxos - -# (boolean) Previously Ansible would only clear some of the plugin loading caches when loading new roles, this led to some behaviours in which a plugin loaded in prevoius plays would be unexpectedly 'sticky'. This setting allows to return to that behaviour. -;old_plugin_cache_clear=False - -# (path) A number of non-playbook CLIs have a ``--playbook-dir`` argument; this sets the default value for it. -;playbook_dir= - -# (string) This sets which playbook dirs will be used as a root to process vars plugins, which includes finding host_vars/group_vars -# The ``top`` option follows the traditional behaviour of using the top playbook in the chain to find the root directory. -# The ``bottom`` option follows the 2.4.0 behaviour of using the current playbook to find the root directory. -# The ``all`` option examines from the first parent to the current playbook. -;playbook_vars_root=top - -# (path) A path to configuration for filtering which plugins installed on the system are allowed to be used. -# See :ref:`plugin_filtering_config` for details of the filter file's format. -# The default is /etc/ansible/plugin_filters.yml -;plugin_filters_cfg= - -# (string) Attempts to set RLIMIT_NOFILE soft limit to the specified value when executing Python modules (can speed up subprocess usage on Python 2.x. See https://bugs.python.org/issue11284). The value will be limited by the existing hard limit. Default value of 0 does not attempt to adjust existing system-defined limits. -;python_module_rlimit_nofile=0 - -# (bool) This controls whether a failed Ansible playbook should create a .retry file. -;retry_files_enabled=False - -# (path) This sets the path in which Ansible will save .retry files when a playbook fails and retry files are enabled. -# This file will be overwritten after each run with the list of failed hosts from all plays. -;retry_files_save_path= - -# (str) This setting can be used to optimize vars_plugin usage depending on user's inventory size and play selection. -# Setting to C(demand) will run vars_plugins relative to inventory sources anytime vars are 'demanded' by tasks. -# Setting to C(start) will run vars_plugins relative to inventory sources after importing that inventory source. -;run_vars_plugins=demand - -# (bool) This adds the custom stats set via the set_stats plugin to the default output -;show_custom_stats=False - -# (string) Action to take when a module parameter value is converted to a string (this does not affect variables). For string parameters, values such as '1.00', "['a', 'b',]", and 'yes', 'y', etc. will be converted by the YAML parser unless fully quoted. -# Valid options are 'error', 'warn', and 'ignore'. -# Since 2.8, this option defaults to 'warn' but will change to 'error' in 2.12. -;string_conversion_action=warn - -# (boolean) Allows disabling of warnings related to potential issues on the system running ansible itself (not on the managed hosts) -# These may include warnings about 3rd party packages or other conditions that should be resolved if possible. -;system_warnings=True - -# (boolean) This option defines whether the task debugger will be invoked on a failed task when ignore_errors=True is specified. -# True specifies that the debugger will honor ignore_errors, False will not honor ignore_errors. -;task_debugger_ignore_errors=True - -# (integer) Set the maximum time (in seconds) that a task can run for. -# If set to 0 (the default) there is no timeout. -;task_timeout=0 - -# (string) Make ansible transform invalid characters in group names supplied by inventory sources. -# If 'never' it will allow for the group name but warn about the issue. -# When 'ignore', it does the same as 'never', without issuing a warning. -# When 'always' it will replace any invalid characters with '_' (underscore) and warn the user -# When 'silently', it does the same as 'always', without issuing a warning. -;force_valid_group_names=never - -# (boolean) Toggles the use of persistence for connections. -;use_persistent_connections=False - -# (bool) A toggle to disable validating a collection's 'metadata' entry for a module_defaults action group. Metadata containing unexpected fields or value types will produce a warning when this is True. -;validate_action_group_metadata=True - -# (list) Accept list for variable plugins that require it. -;vars_plugins_enabled=host_group_vars - -# (list) Allows to change the group variable precedence merge order. -;precedence=all_inventory, groups_inventory, all_plugins_inventory, all_plugins_play, groups_plugins_inventory, groups_plugins_play - -# (bool) Force 'verbose' option to use stderr instead of stdout -;verbose_to_stderr=False - -# (integer) For asynchronous tasks in Ansible (covered in Asynchronous Actions and Polling), this is how long, in seconds, to wait for the task spawned by Ansible to connect back to the named pipe used on Windows systems. The default is 5 seconds. This can be too low on slower systems, or systems under heavy load. -# This is not the total time an async command can run for, but is a separate timeout to wait for an async command to start. The task will only start to be timed against its async_timeout once it has connected to the pipe, so the overall maximum duration the task can take will be extended by the amount specified here. -;win_async_startup_timeout=5 - -# (list) Check all of these extensions when looking for 'variable' files which should be YAML or JSON or vaulted versions of these. -# This affects vars_files, include_vars, inventory and vars plugins among others. -;yaml_valid_extensions=.yml, .yaml, .json - -# (string) User defined prefix to use when creating the JSON files -;fact_caching_prefix= - -# (integer) Expiration timeout for the cache plugin data -;fact_caching_timeout=86400 - -# (path) Path in which the cache plugin will save the JSON files -;fact_caching_connection= - -# (bool) Toggle to control displaying markers when running in check mode. -# The markers are C(DRY RUN) at the beginning and ending of playbook execution (when calling C(ansible-playbook --check)) and C(CHECK MODE) as a suffix at every play and task that is run in check mode. -;check_mode_markers=False - -# (bool) Toggle to control whether failed and unreachable tasks are displayed to STDERR (vs. STDOUT) -;display_failed_stderr=False - -# (bool) Toggle to control displaying 'ok' task/host results in a task -;display_ok_hosts=True - -# (bool) Toggle to control displaying skipped task/host results in a task -;display_skipped_hosts=True - -# (bool) This adds the custom stats set via the set_stats plugin to the play recap -;show_custom_stats=False - -# (bool) This adds output that shows when a task is started to execute for each host -;show_per_host_start=False - -# (bool) When a task fails, display the path to the file containing the failed task and the line number. This information is displayed automatically for every task when running with C(-vv) or greater verbosity. -;show_task_path_on_failure=False - -# (boolean) Pipelining reduces the number of connection operations required to execute a module on the remote server, by executing many Ansible modules without actual file transfers. -# This can result in a very significant performance improvement when enabled. -# However this can conflict with privilege escalation (become). For example, when using sudo operations you must first disable 'requiretty' in the sudoers file for the target hosts, which is why this feature is disabled by default. -;pipelining=ANSIBLE_PIPELINING -pipelining=True - -# (boolean) Toggles the use of persistence for connections -;use_persistent_connections=False - -# (boolean) Pipelining reduces the number of connection operations required to execute a module on the remote server, by executing many Ansible modules without actual file transfers. -# This can result in a very significant performance improvement when enabled. -# However this can conflict with privilege escalation (become). For example, when using sudo operations you must first disable 'requiretty' in the sudoers file for the target hosts, which is why this feature is disabled by default. -;pipelining=ANSIBLE_PIPELINING - -# (int) Remote port to connect to. -;remote_port= - -# (string) Path to private key file to use for authentication. -;private_key_file= - -# (string) User name with which to login to the remote server, normally set by the remote_user keyword. -# If no user is supplied, Ansible will let the SSH client binary choose the user as it normally. -;remote_user= - -# (boolean) Pipelining reduces the number of connection operations required to execute a module on the remote server, by executing many Ansible modules without actual file transfers. -# This can result in a very significant performance improvement when enabled. -# However this can conflict with privilege escalation (become). For example, when using sudo operations you must first disable 'requiretty' in the sudoers file for the target hosts, which is why this feature is disabled by default. -;pipelining=ANSIBLE_PIPELINING - -# (list) list of users to be expected to have admin privileges. This is used by the controller to determine how to share temporary files between the remote user and the become user. -;admin_users=root, toor - -# (string) Directory in which ansible will keep async job information -;async_dir=~/.ansible_async - -# (string) Checked when Ansible needs to execute a module as a different user. -# If setfacl and chown both fail and do not let the different user access the module's files, they will be chgrp'd to this group. -# In order for this to work, the remote_user and become_user must share a common group and this setting must be set to that group. -;common_remote_group= - -# (string) Temporary directory to use on targets when executing tasks. -;remote_tmp=~/.ansible/tmp - -# (list) List of valid system temporary directories on the managed machine for Ansible to choose when it cannot use C(remote_tmp), normally due to permission issues. These must be world readable, writable, and executable. This list should only contain directories which the system administrator has pre-created with the proper ownership and permissions otherwise security issues can arise. -;system_tmpdirs=/var/tmp, /tmp - -# (boolean) This makes the temporary files created on the machine world-readable and will issue a warning instead of failing the task. -# It is useful when becoming an unprivileged user. -;allow_world_readable_tmpfiles=False - -# (list) Check all of these extensions when looking for 'variable' files which should be YAML or JSON or vaulted versions of these. -# This affects vars_files, include_vars, inventory and vars plugins among others. -;yaml_valid_extensions=.yml, .yaml, .json +# some basic default values... + +#inventory = /etc/ansible/hosts +inventory = {{ ansible_base }}/ansible/inventory +#library = /usr/share/my_modules/ +library = {{ ansible_base }}/ansible/library:/usr/share/ansible +#module_utils = /usr/share/my_module_utils/ +#remote_tmp = ~/.ansible/tmp +#local_tmp = ~/.ansible/tmp +#forks = 5 +forks = 150 +#poll_interval = 15 +#sudo_user = root +#ask_sudo_pass = True +#ask_pass = True +#transport = smart +#remote_port = 22 +#module_lang = C +#module_set_locale = False + +# plays will gather facts by default, which contain information about +# the remote system. +# +# smart - gather by default, but don't regather if already gathered +# implicit - gather by default, turn off with gather_facts: False +# explicit - do not gather by default, must say gather_facts: True +#gathering = implicit + +# This only affects the gathering done by a play's gather_facts directive, +# by default gathering retrieves all facts subsets +# all - gather all subsets +# network - gather min and network facts +# hardware - gather hardware facts (longest facts to retrieve) +# virtual - gather min and virtual facts +# facter - import facts from facter +# ohai - import facts from ohai +# You can combine them using comma (ex: network,virtual) +# You can negate them using ! (ex: !hardware,!facter,!ohai) +# A minimal set of facts is always gathered. +#gather_subset = all + +# some hardware related facts are collected +# with a maximum timeout of 10 seconds. This +# option lets you increase or decrease that +# timeout to something more suitable for the +# environment. +# gather_timeout = 10 + +# additional paths to search for roles in, colon separated +#roles_path = /etc/ansible/roles +roles_path = {{ ansible_base }}/ansible/roles + +# uncomment this to disable SSH key host checking +#host_key_checking = False + +# change the default callback, you can only have one 'stdout' type enabled at a time. +#stdout_callback = skippy + + +## Ansible ships with some plugins that require whitelisting, +## this is done to avoid running all of a type by default. +## These setting lists those that you want enabled for your system. +## Custom plugins should not need this unless plugin author specifies it. + +# enable callback plugins, they can output to stdout but cannot be 'stdout' type. +#callback_whitelist = timer, mail +callback_whitelist = fedmsg_callback2,profile_tasks,logdetail2 + +# Determine whether includes in tasks and handlers are "static" by +# default. As of 2.0, includes are dynamic by default. Setting these +# values to True will make includes behave more like they did in the +# 1.x versions. +#task_includes_static = True +#handler_includes_static = True + +# Controls if a missing handler for a notification event is an error or a warning +#error_on_missing_handler = True + +# change this for alternative sudo implementations +#sudo_exe = sudo + +# What flags to pass to sudo +# WARNING: leaving out the defaults might create unexpected behaviours +#sudo_flags = -H -S -n + +# SSH timeout +#timeout = 10 + +# default user to use for playbooks if user is not specified +# (/usr/bin/ansible will use current user as default) +#remote_user = root + +# logging is off by default unless this path is defined +# if so defined, consider logrotate +#log_path = /var/log/ansible.log + +# default module name for /usr/bin/ansible +#module_name = command + +# use this shell for commands executed under sudo +# you may need to change this to bin/bash in rare instances +# if sudo is constrained +#executable = /bin/sh + +# if inventory variables overlap, does the higher precedence one win +# or are hash values merged together? The default is 'replace' but +# this can also be set to 'merge'. +#hash_behaviour = replace + +# by default, variables from roles will be visible in the global variable +# scope. To prevent this, the following option can be enabled, and only +# tasks and handlers within the role will see the variables there +#private_role_vars = yes + +# list any Jinja2 extensions to enable here: +#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n + +# if set, always use this private key file for authentication, same as +# if passing --private-key to ansible or ansible-playbook +#private_key_file = /path/to/file + +# If set, configures the path to the Vault password file as an alternative to +# specifying --vault-password-file on the command line. +#vault_password_file = /path/to/vault_password_file + +# format of string {{ ansible_managed }} available within Jinja2 +# templates indicates to users editing templates files will be replaced. +# replacing {file}, {host} and {uid} and strftime codes with proper values. +#ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host} +# {file}, {host}, {uid}, and the timestamp can all interfere with idempotence +# in some situations so the default is a static string: +#ansible_managed = Ansible managed + +# by default, ansible-playbook will display "Skipping [host]" if it determines a task +# should not be run on a host. Set this to "False" if you don't want to see these "Skipping" +# messages. NOTE: the task header will still be shown regardless of whether or not the +# task is skipped. +#display_skipped_hosts = True + +# by default, if a task in a playbook does not include a name: field then +# ansible-playbook will construct a header that includes the task's action but +# not the task's args. This is a security feature because ansible cannot know +# if the *module* considers an argument to be no_log at the time that the +# header is printed. If your environment doesn't have a problem securing +# stdout from ansible-playbook (or you have manually specified no_log in your +# playbook on all of the tasks where you have secret information) then you can +# safely set this to True to get more informative messages. +#display_args_to_stdout = False + +# by default (as of 1.3), Ansible will raise errors when attempting to dereference +# Jinja2 variables that are not set in templates or action lines. Uncomment this line +# to revert the behavior to pre-1.3. +#error_on_undefined_vars = False + +# by default (as of 1.6), Ansible may display warnings based on the configuration of the +# system running ansible itself. This may include warnings about 3rd party packages or +# other conditions that should be resolved if possible. +# to disable these warnings, set the following value to False: +#system_warnings = True + +# by default (as of 1.4), Ansible may display deprecation warnings for language +# features that should no longer be used and will be removed in future versions. +# to disable these warnings, set the following value to False: +#deprecation_warnings = True + +# (as of 1.8), Ansible can optionally warn when usage of the shell and +# command module appear to be simplified by using a default Ansible module +# instead. These warnings can be silenced by adjusting the following +# setting or adding warn=yes or warn=no to the end of the command line +# parameter string. This will for example suggest using the git module +# instead of shelling out to the git command. +# command_warnings = False + + +# set plugin path directories here, separate with colons +#action_plugins = /usr/share/ansible/plugins/action +action_plugins = /srv/web/infra/ansible/action_plugins:/usr/lib/python2.7/site-packages/ansible/plugins/action +#cache_plugins = /usr/share/ansible/plugins/cache +#callback_plugins = /usr/share/ansible/plugins/callback +callback_plugins = /srv/web/infra/ansible/callback_plugins:/usr/lib/python2.7/site-packages/ansible/plugins/callback +#connection_plugins = /usr/share/ansible/plugins/connection +connection_plugins = /srv/web/infra/ansible/connection_plugins:/usr/lib/python2.7/site-packages/ansible/plugins/connection +#lookup_plugins = /usr/share/ansible/plugins/lookup +lookup_plugins = /srv/web/infra/ansible/lookup_plugins:/usr/lib/python2.7/site-packages/ansible/plugins/lookup +#inventory_plugins = /usr/share/ansible/plugins/inventory +#vars_plugins = /usr/share/ansible/plugins/vars +vars_plugins = /srv/web/infra/ansible/vars_plugins:/usr/lib/python2.7/site-packages/ansible/plugins/vars +#filter_plugins = /usr/share/ansible/plugins/filter +filter_plugins = /srv/web/infra/ansible/filter_plugins:/usr/lib/python2.7/site-packages/ansible/plugins/filter +#test_plugins = /usr/share/ansible/plugins/test +#terminal_plugins = /usr/share/ansible/plugins/terminal +#strategy_plugins = /usr/share/ansible/plugins/strategy + +# by default, ansible will use the 'linear' strategy but you may want to try +# another one +#strategy = free + +# by default callbacks are not loaded for /bin/ansible, enable this if you +# want, for example, a notification or logging callback to also apply to +# /bin/ansible runs +#bin_ansible_callbacks = False + + +# don't like cows? that's unfortunate. +# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1 +#nocows = 1 + +# set which cowsay stencil you'd like to use by default. When set to 'random', +# a random stencil will be selected for each task. The selection will be filtered +# against the `cow_whitelist` option below. +#cow_selection = default +#cow_selection = random + +# when using the 'random' option for cowsay, stencils will be restricted to this list. +# it should be formatted as a comma-separated list with no spaces between names. +# NOTE: line continuations here are for formatting purposes only, as the INI parser +# in python does not support them. +#cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\ +# hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,\ +# stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www + +# don't like colors either? +# set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1 +#nocolor = 1 + +# if set to a persistent type (not 'memory', for example 'redis') fact values +# from previous runs in Ansible will be stored. This may be useful when +# wanting to use, for example, IP information from one group of servers +# without having to talk to them in the same playbook run to get their +# current IP information. +#fact_caching = memory + + +# retry files +# When a playbook fails by default a .retry file will be created in ~/ +# You can disable this feature by setting retry_files_enabled to False +# and you can change the location of the files by setting retry_files_save_path + +#retry_files_enabled = False +retry_files_enabled = False +#retry_files_save_path = ~/.ansible-retry + +# squash actions +# Ansible can optimise actions that call modules with list parameters +# when looping. Instead of calling the module once per with_ item, the +# module is called once with all items at once. Currently this only works +# under limited circumstances, and only with parameters named 'name'. +#squash_actions = apk,apt,dnf,homebrew,pacman,pkgng,yum,zypper + +# prevents logging of task data, off by default +#no_log = False + +# prevents logging of tasks, but only on the targets, data is still logged on the master/controller +#no_target_syslog = False + +# controls whether Ansible will raise an error or warning if a task has no +# choice but to create world readable temporary files to execute a module on +# the remote machine. This option is False by default for security. Users may +# turn this on to have behaviour more like Ansible prior to 2.1.x. See +# https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user +# for more secure ways to fix this than enabling this option. +#allow_world_readable_tmpfiles = False + +# controls the compression level of variables sent to +# worker processes. At the default of 0, no compression +# is used. This value must be an integer from 0 to 9. +#var_compression_level = 4 + +# controls what compression method is used for new-style ansible modules when +# they are sent to the remote system. The compression types depend on having +# support compiled into both the controller's python and the client's python. +# The names should match with the python Zipfile compression types: +# * ZIP_STORED (no compression. available everywhere) +# * ZIP_DEFLATED (uses zlib, the default) +# These values may be set per host via the ansible_module_compression inventory +# variable +#module_compression = 'ZIP_DEFLATED' + +# This controls the cutoff point (in bytes) on --diff for files +# set to 0 for unlimited (RAM may suffer!). +#max_diff_size = 1048576 + +# This controls how ansible handles multiple --tags and --skip-tags arguments +# on the CLI. If this is True then multiple arguments are merged together. If +# it is False, then the last specified argument is used and the others are ignored. +# This option will be removed in 2.8. +#merge_multiple_cli_flags = True + +# Controls showing custom stats at the end, off by default +#show_custom_stats = True + +# Controls which files to ignore when using a directory as inventory with +# possibly multiple sources (both static and dynamic) +#inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo + +# This family of modules use an alternative execution path optimized for network appliances +# only update this setting if you know how this works, otherwise it can break module execution +#network_group_modules=['eos', 'nxos', 'ios', 'iosxr', 'junos', 'vyos'] + +# This keeps facts from polluting the main namespace as variables. +# Setting to True keeps them under the ansible_facts namespace, the default is False +#restrict_facts_namespace: True + +# When enabled, this option allows lookups (via variables like lookup('foo') or when used as +# a loop with `with_foo`) to return data that is not marked "unsafe". This means the data may contain +# jinja2 templating language which will be run through the templating engine. +# ENABLING THIS COULD BE A SECURITY RISK +#allow_unsafe_lookups = False + +# set default errors for all plays +#any_errors_fatal = False + +[inventory] +# enable inventory plugins, default: 'host_list', 'script', 'yaml', 'ini' +#enable_plugins = host_list, virtualbox, yaml, constructed + +# ignore these extensions when parsing a directory as inventory source +#ignore_extensions = '.pyc', '.pyo', '.swp', '.bak', '~', '.rpm', '.md', '.txt', '~', '.orig', '.ini', '.cfg', '.retry' + +# ignore files matching these patterns when parsing a directory as inventory source +#ignore_patterns= + +# If 'true' unparsed inventory sources become fatal errors, they are warnings otherwise. +#unparsed_is_failed=False [privilege_escalation] -# (boolean) Display an agnostic become prompt instead of displaying a prompt containing the command line supplied become method -;agnostic_become_prompt=True +#become=True +#become_method=sudo +#become_user=root +#become_ask_pass=False -# (boolean) This setting controls if become is skipped when remote user and become user are the same. I.E root sudo to root. -# If executable, it will be run and the resulting stdout will be used as the password. -;become_allow_same_user=False +[paramiko_connection] -# (boolean) Toggles the use of privilege escalation, allowing you to 'become' another user after login. -;become=False +# uncomment this line to cause the paramiko connection plugin to not record new host +# keys encountered. Increases performance on new host additions. Setting works independently of the +# host key checking setting above. +#record_host_keys=False -# (boolean) Toggle to prompt for privilege escalation password. -;become_ask_pass=False +# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this +# line to disable this behaviour. +#pty=False -# (string) executable to use for privilege escalation, otherwise Ansible will depend on PATH -;become_exe= +# paramiko will default to looking for SSH keys initially when trying to +# authenticate to remote devices. This is a problem for some network devices +# that close the connection after a key failure. Uncomment this line to +# disable the Paramiko look for keys function +#look_for_keys = False -# (string) Flags to pass to the privilege escalation executable. -;become_flags= +# When using persistent connections with Paramiko, the connection runs in a +# background process. If the host doesn't already have a valid SSH key, by +# default Ansible will prompt to add the host key. This will cause connections +# running in background processes to fail. Uncomment this line to have +# Paramiko automatically add host keys. +#host_key_auto_add = True -# (string) Privilege escalation method to use when `become` is enabled. -;become_method=sudo +[ssh_connection] -# (string) The user your login/remote user 'becomes' when using privilege escalation, most systems will use 'root' when no user is specified. -;become_user=root +# ssh arguments to use +# Leaving off ControlPersist will result in poor performance, so use +# paramiko on older platforms rather than removing it, -C controls compression use +#ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s +ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s +# The base directory for the ControlPath sockets. +# This is the "%(directory)s" in the control_path option +# +# Example: +# control_path_dir = /tmp/.ansible/cp +#control_path_dir = ~/.ansible/cp + +# The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname, +# port and username (empty string in the config). The hash mitigates a common problem users +# found with long hostames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format. +# In those cases, a "too long for Unix domain socket" ssh error would occur. +# +# Example: +# control_path = %(directory)s/%%h-%%r +#control_path = + +# Enabling pipelining reduces the number of SSH operations required to +# execute a module on the remote server. This can result in a significant +# performance improvement when enabled, however when using "sudo:" you must +# first disable 'requiretty' in /etc/sudoers +# +# By default, this option is disabled to preserve compatibility with +# sudoers configurations that have requiretty (the default on many distros). +# +#pipelining = False +pipelining = True + +# Control the mechanism for transferring files (old) +# * smart = try sftp and then try scp [default] +# * True = use scp only +# * False = use sftp only +#scp_if_ssh = smart + +# Control the mechanism for transferring files (new) +# If set, this will override the scp_if_ssh option +# * sftp = use sftp to transfer files +# * scp = use scp to transfer files +# * piped = use 'dd' over SSH to transfer files +# * smart = try sftp, scp, and piped, in that order [default] +#transfer_method = smart + +# if False, sftp will not use batch mode to transfer files. This may cause some +# types of file transfer failures impossible to catch however, and should +# only be disabled if your sftp version has problems with batch mode +#sftp_batch_mode = False [persistent_connection] -# (path) Specify where to look for the ansible-connection script. This location will be checked before searching $PATH. -# If null, ansible will start with the same directory as the ansible script. -;ansible_connection_path= -# (int) This controls the amount of time to wait for response from remote device before timing out persistent connection. -;command_timeout=30 +# Configures the persistent connection timeout value in seconds. This value is +# how long the persistent connection will remain idle before it is destroyed. +# If the connection doesn't receive a request before the timeout value +# expires, the connection is shutdown. The default value is 30 seconds. +#connect_timeout = 30 -# (integer) This controls the retry timeout for persistent connection to connect to the local domain socket. -;connect_retry_timeout=15 +# Configures the persistent connection retry timeout. This value configures the +# the retry timeout that ansible-connection will wait to connect +# to the local domain socket. This value must be larger than the +# ssh timeout (timeout) and less than persistent connection idle timeout (connect_timeout). +# The default value is 15 seconds. +#connect_retry_timeout = 15 -# (integer) This controls how long the persistent connection will remain idle before it is destroyed. -;connect_timeout=30 +# The command timeout value defines the amount of time to wait for a command +# or RPC call before timing out. The value for the command timeout must +# be less than the value of the persistent connection idle timeout (connect_timeout) +# The default value is 10 second. +#command_timeout = 10 -# (path) Path to socket to be used by the connection persistence system. -;control_path_dir=~/.ansible/pc +[accelerate] +#accelerate_port = 5099 +#accelerate_timeout = 30 +#accelerate_connect_timeout = 5.0 +# The daemon timeout is measured in minutes. This time is measured +# from the last activity to the accelerate daemon. +#accelerate_daemon_timeout = 30 -[connection] -# (boolean) Pipelining, if supported by the connection plugin, reduces the number of network operations required to execute a module on the remote server, by executing many Ansible modules without actual file transfer. -# This can result in a very significant performance improvement when enabled. -# However this conflicts with privilege escalation (become). For example, when using 'sudo:' operations you must first disable 'requiretty' in /etc/sudoers on all managed hosts, which is why it is disabled by default. -# This option is disabled if ``ANSIBLE_KEEP_REMOTE_FILES`` is enabled. -# This is a global option, each connection plugin can override either by having more specific options or not supporting pipelining at all. -;pipelining=False - - -[colors] -# (string) Defines the color to use on 'Changed' task status -;changed=yellow - -# (string) Defines the default color to use for ansible-console -;console_prompt=white - -# (string) Defines the color to use when emitting debug messages -;debug=dark gray - -# (string) Defines the color to use when emitting deprecation messages -;deprecate=purple - -# (string) Defines the color to use when showing added lines in diffs -;diff_add=green - -# (string) Defines the color to use when showing diffs -;diff_lines=cyan - -# (string) Defines the color to use when showing removed lines in diffs -;diff_remove=red - -# (string) Defines the color to use when emitting error messages -;error=red - -# (string) Defines the color to use for highlighting -;highlight=white - -# (string) Defines the color to use when showing 'OK' task status -;ok=green - -# (string) Defines the color to use when showing 'Skipped' task status -;skip=cyan - -# (string) Defines the color to use on 'Unreachable' status -;unreachable=bright red - -# (string) Defines the color to use when emitting verbose messages. i.e those that show with '-v's. -;verbose=blue - -# (string) Defines the color to use when emitting warning messages -;warn=bright purple - +# If set to yes, accelerate_multi_key will allow multiple +# private keys to be uploaded to it, though each user must +# have access to the system via SSH to add a new key. The default +# is "no". +#accelerate_multi_key = yes [selinux] -# (boolean) This setting causes libvirt to connect to lxc containers by passing --noseclabel to virsh. This is necessary when running on systems which do not have SELinux. -;libvirt_lxc_noseclabel=False +# file systems that require special treatment when dealing with security context +# the default behaviour that copies the existing context or uses the user default +# needs to be changed to use the file system dependent context. +#special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p -# (list) Some filesystems do not support safe operations and/or return inconsistent errors, this setting makes Ansible 'tolerate' those in the list w/o causing fatal errors. -# Data corruption may occur and writes are not always verified when a filesystem is in the list. -;special_context_filesystems=fuse, nfs, vboxsf, ramfs, 9p, vfat +# Set this to yes to allow libvirt_lxc connections to work without SELinux. +#libvirt_lxc_noseclabel = yes + +[colors] +#highlight = white +#verbose = blue +#warn = bright purple +#error = red +#debug = dark gray +#deprecate = purple +#skip = cyan +#unreachable = red +#ok = green +#changed = yellow +#diff_add = green +#diff_remove = red +#diff_lines = cyan [diff] -# (bool) Configuration toggle to tell modules to show differences when in 'changed' status, equivalent to ``--diff``. -;always=False - -# (integer) How many lines of context to show when displaying the differences between files. -;context=3 - - -[galaxy] -# (path) The directory that stores cached responses from a Galaxy server. -# This is only used by the ``ansible-galaxy collection install`` and ``download`` commands. -# Cache files inside this dir will be ignored if they are world writable. -;cache_dir=~/.ansible/galaxy_cache - -# (bool) Some steps in ``ansible-galaxy`` display a progress wheel which can cause issues on certain displays or when outputing the stdout to a file. -# This config option controls whether the display wheel is shown or not. -# The default is to show the display wheel if stdout has a tty. -;display_progress= - -# (boolean) If set to yes, ansible-galaxy will not validate TLS certificates. This can be useful for testing against a server with a self-signed certificate. -;ignore_certs=False - -# (path) Role or collection skeleton directory to use as a template for the ``init`` action in ``ansible-galaxy``, same as ``--role-skeleton``. -;role_skeleton= - -# (list) patterns of files to ignore inside a Galaxy role or collection skeleton directory -;role_skeleton_ignore=^.git$, ^.*/.git_keep$ - -# (string) URL to prepend when roles don't specify the full URI, assume they are referencing this server as the source. -;server=https://galaxy.ansible.com - -# (list) A list of Galaxy servers to use when installing a collection. -# The value corresponds to the config ini header ``[galaxy_server.item]`` which defines the server details. -# See :ref:`galaxy_server_config` for more details on how to define a Galaxy server. -# The order of servers in this list is used to as the order in which a collection is resolved. -# Setting this config option will ignore the :ref:`galaxy_server` config option. -;server_list= - -# (path) Local path to galaxy access token file -;token_path=~/.ansible/galaxy_token - - -[inventory] -# (string) This setting changes the behaviour of mismatched host patterns, it allows you to force a fatal error, a warning or just ignore it -;host_pattern_mismatch=warning - -# (boolean) If 'true', it is a fatal error when any given inventory source cannot be successfully parsed by any available inventory plugin; otherwise, this situation only attracts a warning. - -;any_unparsed_is_failed=False - -# (bool) Toggle to turn on inventory caching. -# This setting has been moved to the individual inventory plugins as a plugin option :ref:`inventory_plugins`. -# The existing configuration settings are still accepted with the inventory plugin adding additional options from inventory configuration. -# This message will be removed in 2.16. -;cache=False - -# (string) The plugin for caching inventory. -# This setting has been moved to the individual inventory plugins as a plugin option :ref:`inventory_plugins`. -# The existing configuration settings are still accepted with the inventory plugin adding additional options from inventory and fact cache configuration. -# This message will be removed in 2.16. -;cache_plugin= - -# (string) The inventory cache connection. -# This setting has been moved to the individual inventory plugins as a plugin option :ref:`inventory_plugins`. -# The existing configuration settings are still accepted with the inventory plugin adding additional options from inventory and fact cache configuration. -# This message will be removed in 2.16. -;cache_connection= - -# (string) The table prefix for the cache plugin. -# This setting has been moved to the individual inventory plugins as a plugin option :ref:`inventory_plugins`. -# The existing configuration settings are still accepted with the inventory plugin adding additional options from inventory and fact cache configuration. -# This message will be removed in 2.16. -;cache_prefix=ansible_inventory_ - -# (string) Expiration timeout for the inventory cache plugin data. -# This setting has been moved to the individual inventory plugins as a plugin option :ref:`inventory_plugins`. -# The existing configuration settings are still accepted with the inventory plugin adding additional options from inventory and fact cache configuration. -# This message will be removed in 2.16. -;cache_timeout=3600 - -# (list) List of enabled inventory plugins, it also determines the order in which they are used. -;enable_plugins=host_list, script, auto, yaml, ini, toml -enable_plugins=ini, constructed - -# (bool) Controls if ansible-inventory will accurately reflect Ansible's view into inventory or its optimized for exporting. -;export=False - -# (list) List of extensions to ignore when using a directory as an inventory source -;ignore_extensions=dropped, see regenerated version for default value - -# (list) List of patterns to ignore when using a directory as an inventory source -;ignore_patterns= - -# (bool) If 'true' it is a fatal error if every single potential inventory source fails to parse, otherwise this situation will only attract a warning. - -;unparsed_is_failed=False - - -[netconf_connection] -# (string) This variable is used to enable bastion/jump host with netconf connection. If set to True the bastion/jump host ssh settings should be present in ~/.ssh/config file, alternatively it can be set to custom ssh configuration file path to read the bastion/jump host settings. -;ssh_config= - - -[paramiko_connection] -# (boolean) TODO: write it -;host_key_auto_add=False - -# (boolean) TODO: write it -;look_for_keys=True - -# (boolean) TODO: write it -;host_key_auto_add= - -# (boolean) Set this to "False" if you want to avoid host key checking by the underlying tools Ansible uses to connect to the host -;host_key_checking=True - -# (boolean) TODO: write it -;look_for_keys=True - -# (string) Proxy information for running the connection via a jumphost -# Also this plugin will scan 'ssh_args', 'ssh_extra_args' and 'ssh_common_args' from the 'ssh' plugin settings for proxy information if set. -;proxy_command= - -# (boolean) TODO: write it -;pty=True - -# (boolean) TODO: write it -;record_host_keys=True - -# (string) User to login/authenticate as -# Can be set from the CLI via the C(--user) or C(-u) options. -;remote_user= - - -[jinja2] -# (list) This list of filters avoids 'type conversion' when templating variables -# Useful when you want to avoid conversion into lists or dictionaries for JSON strings, for example. -;dont_type_filters=string, to_json, to_nice_json, to_yaml, to_nice_yaml, ppretty, json - - -[tags] -# (list) default list of tags to run in your plays, Skip Tags has precedence. -;run= - -# (list) default list of tags to skip in your plays, has precedence over Run Tags -;skip= - - -[runas_become_plugin] -# (string) Options to pass to runas, a space delimited list of k=v pairs -;flags= - -# (string) password -;password= - -# (string) User you 'become' to execute the task -;user= - - -[su_become_plugin] -# (string) Su executable -;executable=su - -# (string) Options to pass to su -;flags= - -# (string) Password to pass to su -;password= - -# (string) User you 'become' to execute the task -;user=root - -# (list) List of localized strings to match for prompt detection -# If empty we'll use the built in one -# Do NOT add a colon (:) to your custom entries. Ansible adds a colon at the end of each prompt; if you add another one in your string, your prompt will fail with a "Timeout" error. -;localized_prompts= - - -[sudo_become_plugin] -# (string) Sudo executable -;executable=sudo - -# (string) Options to pass to sudo -;flags=-H -S -n - -# (string) Password to pass to sudo -;password= - -# (string) User you 'become' to execute the task -;user=root - - -[callback_tree] -# (path) directory that will contain the per host JSON files. Also set by the C(--tree) option when using adhoc. -;directory=~/.ansible/tree - - -[ssh_connection] -# (string) This is the location to save SSH's ControlPath sockets, it uses SSH's variable substitution. -# Since 2.3, if null (default), ansible will generate a unique hash. Use ``%(directory)s`` to indicate where to use the control dir path setting. -# Before 2.3 it defaulted to ``control_path=%(directory)s/ansible-ssh-%%h-%%p-%%r``. -# Be aware that this setting is ignored if C(-o ControlPath) is set in ssh args. -;control_path= - -# (string) This sets the directory to use for ssh control path if the control path setting is null. -# Also, provides the ``%(directory)s`` variable for the control path setting. -;control_path_dir=~/.ansible/cp - -# (boolean) Determines if SSH should check host keys. -;host_key_checking=True - -# (boolean) Pipelining reduces the number of connection operations required to execute a module on the remote server, by executing many Ansible modules without actual file transfers. -# This can result in a very significant performance improvement when enabled. -# However this can conflict with privilege escalation (become). For example, when using sudo operations you must first disable 'requiretty' in the sudoers file for the target hosts, which is why this feature is disabled by default. -;pipelining=ANSIBLE_PIPELINING - -# (string) PKCS11 SmartCard provider such as opensc, example: /usr/local/lib/opensc-pkcs11.so -# Requires sshpass version 1.06+, sshpass must support the -P option. -;pkcs11_provider= - -# (integer) Number of attempts to connect. -;retries=0 - -# (string) This defines the location of the scp binary. It defaults to C(scp) which will use the first binary available in $PATH. -;scp_executable=scp - -# (string) Extra exclusive to the C(scp) CLI -;scp_extra_args= - -# (string) Preferred method to use when transfering files over SSH. -# When set to I(smart), Ansible will try them until one succeeds or they all fail. -# If set to I(True), it will force 'scp', if I(False) it will use 'sftp'. -# This setting will overridden by ssh_transfer_method if set. -;scp_if_ssh=smart - -# (bool) TODO: write it -;sftp_batch_mode=yes - -# (string) This defines the location of the sftp binary. It defaults to C(sftp) which will use the first binary available in $PATH. -;sftp_executable=sftp - -# (string) Extra exclusive to the C(sftp) CLI -;sftp_extra_args= - -# (string) Arguments to pass to all SSH CLI tools. -;ssh_args=-C -o ControlMaster=auto -o ControlPersist=60s - -# (string) Common extra args for all SSH CLI tools. -;ssh_common_args= - -# (string) This defines the location of the SSH binary. It defaults to C(ssh) which will use the first SSH binary available in $PATH. -# This option is usually not required, it might be useful when access to system SSH is restricted, or when using SSH wrappers to connect to remote hosts. -;ssh_executable=ssh - -# (string) Extra exclusive to the SSH CLI. -;ssh_extra_args= - -# (string) Preferred method to use when transferring files over ssh -# Setting to 'smart' (default) will try them in order, until one succeeds or they all fail -# Using 'piped' creates an ssh pipe with C(dd) on either side to copy the data -;transfer_method= -transfer_method=scp - -# (string) Password prompt that sshpass should search for. Supported by sshpass 1.06 and up. -# Defaults to C(Enter PIN for) when pkcs11_provider is set. -;sshpass_prompt= - -# (integer) This is the default ammount of time we will wait while establishing an SSH connection. -# It also controls how long we can wait to access reading the connection once established (select on the socket). -;timeout=10 - -# (bool) add -tt to ssh commands to force tty allocation. -;usetty=yes - - -[winrm] -# (list) A list of environment variables to pass through to C(kinit) when getting the Kerberos authentication ticket. -# By default no environment variables are passed through and C(kinit) is run with a blank slate. -# The environment variable C(KRB5CCNAME) cannot be specified here as it's used to store the temp Kerberos ticket used by WinRM. -;kinit_env_vars= - - -[inventory_plugins] -# (bool) Merge extra vars into the available variables for composition (highest precedence). -;use_extra_vars=False - - -[inventory_plugin_script] -# (boolean) Toggle display of stderr even when script was successful -;always_show_stderr=True - - -[inventory_plugin_yaml] -# (list) list of 'valid' extensions for files containing YAML -;yaml_valid_extensions=.yaml, .yml, .json - - -[url_lookup] -# (string) String of file system path to CA cert bundle to use -;ca_path= - -# (string) String of urllib2, all/yes, safe, none to determine how redirects are followed, see RedirectHandlerFactory for more information -;follow_redirects=urllib2 - -# (boolean) Whether or not to set "cache-control" header with value "no-cache" -;force=False - -# (boolean) Force basic authentication -;agent=False - -# (string) User-Agent to use in the request. The default was changed in 2.11 to C(ansible-httpget). -;agent=ansible-httpget - -# (float) How long to wait for the server to send data before giving up -;timeout=10 - -# (string) String of file system path to unix socket file to use when establishing connection to the provided url -;unix_socket= - -# (list) A list of headers to not attach on a redirected request -;unredirected_headers= - -# (boolean) Use GSSAPI handler of requests -# As of Ansible 2.11, GSSAPI credentials can be specified with I(username) and I(password). -;use_gssapi=False - - -[powershell] -# (string) Directory in which ansible will keep async job information. -# Before Ansible 2.8, this was set to C(remote_tmp + "\.ansible_async"). -;async_dir=%USERPROFILE%\.ansible_async - -# (string) Temporary directory to use on targets when copying files to the host. -;remote_tmp=%TEMP% - -# (string) Directory in which ansible will keep async job information. -# Before Ansible 2.8, this was set to C(remote_tmp + "\.ansible_async"). -;async_dir=%USERPROFILE%\.ansible_async - -# (string) Temporary directory to use on targets when copying files to the host. -;remote_tmp=%TEMP% - - -[vars_host_group_vars] -# (str) Control when this vars plugin may be executed. -# Setting this option to C(all) will run the vars plugin after importing inventory and whenever it is demanded by a task. -# Setting this option to C(task) will only run the vars plugin whenever it is demanded by a task. -# Setting this option to C(inventory) will only run the vars plugin after parsing inventory. -# If this option is omitted, the global I(RUN_VARS_PLUGINS) configuration is used to determine when to execute the vars plugin. -;stage= +# Always print diff when running ( same as always running with -D/--diff ) +# always = no +# Set how many context lines to show in diff +# context = 3 diff --git a/roles/apache/handlers/main.yml b/roles/apache/handlers/main.yml index ffc1f9bdd9..f599732052 100644 --- a/roles/apache/handlers/main.yml +++ b/roles/apache/handlers/main.yml @@ -1,3 +1,2 @@ ---- -- name: Restart apache - ansible.builtin.command: /usr/local/bin/conditional-restart.sh httpd httpd +- name: restart apache + command: /usr/local/bin/conditional-restart.sh httpd httpd diff --git a/roles/apache/tasks/main.yml b/roles/apache/tasks/main.yml index cb0cf42daa..0c2b3e148b 100644 --- a/roles/apache/tasks/main.yml +++ b/roles/apache/tasks/main.yml @@ -1,89 +1,84 @@ --- # install apache(httpd) -- name: Install apache (package) - ansible.builtin.package: - state: present - name: - - httpd - - httpd-tools +- name: install apache (yum) + package: name={{ item }} state=present + with_items: + - httpd + - httpd-tools tags: - packages - apache - when: ansible_cmdline.ostree is not defined + when: ansible_distribution_major_version|int < 22 -- name: Install mod_http2 on rhel8 hosts - ansible.builtin.package: - state: present - name: - - mod_http2 +# install apache(httpd) +- name: install apache (dnf) + dnf: name={{ item }} state=present + with_items: + - httpd + - httpd-tools tags: - packages - apache - when: ansible_distribution_major_version|int >= 8 and ansible_distribution == 'RedHat' + when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not defined -- name: Set apache running/enabled +- name: set apache running/enabled service: name=httpd enabled=yes ignore_errors: true notify: - - Reload apache + - reload apache tags: - service - apache # install hash randomization hotfix -- name: Hotfix - copy over new httpd init script - ansible.builtin.copy: src="{{ files }}/hotfix/httpd/httpd.init" dest=/etc/init.d/httpd +- name: hotfix - copy over new httpd init script + copy: src="{{ files }}/hotfix/httpd/httpd.init" dest=/etc/init.d/httpd owner=root group=root mode=0755 - when: ansible_distribution_major_version|int < 30 and ansible_distribution == 'Fedora' notify: - - Reload apache + - reload apache tags: - config - hotfix - apache -# install hash randomization hotfix -- name: Hotfix - copy over new httpd init script - ansible.builtin.copy: src="{{ files }}/hotfix/httpd/httpd.init" dest=/etc/init.d/httpd - owner=root group=root mode=0755 - when: ansible_distribution_major_version|int <= 8 and ansible_distribution == 'RedHat' +- name: hotfix - copy over new httpd sysconfig (el6) + copy: src="{{ files }}/hotfix/httpd/httpd.sysconfig" dest=/etc/sysconfig/httpd + when: ansible_distribution_major_version|int == 6 notify: - - Reload apache + - reload apache tags: - config - hotfix - apache -- name: Add appserver headers.conf - ansible.builtin.template: src="{{ files }}/httpd/headers.conf.j2" dest=/etc/httpd/conf.d/headers.conf +- name: hotfix - copy over new httpd sysconfig (el7) + copy: src="{{ files }}/hotfix/httpd/httpd.sysconfig" dest=/etc/sysconfig/httpd + when: ansible_distribution_major_version|int == 7 notify: - - Reload apache + - reload apache tags: - config + - hotfix - apache - - apache/headers -- name: Add appserver h2.conf - ansible.builtin.template: src="{{ files }}/httpd/h2.conf.j2" dest=/etc/httpd/conf.d/h2.conf - when: ansible_distribution == 'Fedora' +- name: add appserver headers.conf + template: src="{{ files }}/httpd/headers.conf.j2" dest=/etc/httpd/conf.d/headers.conf notify: - - Reload apache + - reload apache tags: - config - apache - - h2 -- name: Add apache_status location for collectd - ansible.builtin.template: src="{{ files }}/httpd/apachestatus.conf" dest=/etc/httpd/conf.d/apachestatus.conf +- name: add apache_status location for collectd + template: src="{{ files }}/httpd/apachestatus.conf" dest=/etc/httpd/conf.d/apachestatus.conf notify: - - Reload apache + - reload apache tags: - config - apache - - apachestatus -- name: Setup logrotate to our needs - ansible.builtin.template: src="{{ files }}/httpd/httpd.logrotate.j2" dest=/etc/logrotate.d/httpd +- name: setup logrotate to our needs + copy: src="{{ files }}/httpd/httpd.logrotate" dest=/etc/logrotate.d/httpd tags: - config - apache diff --git a/roles/apps-fp-o/files/apps.fp.o.conf b/roles/apps-fp-o/files/apps.fp.o.conf index 8dbc3e718c..a86bd8eede 100644 --- a/roles/apps-fp-o/files/apps.fp.o.conf +++ b/roles/apps-fp-o/files/apps.fp.o.conf @@ -8,7 +8,7 @@ DocumentRoot /srv/web/apps-fp-o/ - SetEnvIf Origin "http(s)?://(fedoraproject.org|.*\.fedoraproject.org|pagure\.io)$" AccessControlAllowOrigin=$0 + SetEnvIf Origin "http(s)?://(.*\.fedoraproject.org|pagure\.io)$" AccessControlAllowOrigin=$0 Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin Header set Vary "Accept-Encoding, Origin" diff --git a/roles/apps-fp-o/files/apps.yaml b/roles/apps-fp-o/files/apps.yaml index 65f8d027c5..80d816225a 100644 --- a/roles/apps-fp-o/files/apps.yaml +++ b/roles/apps-fp-o/files/apps.yaml @@ -1,611 +1,802 @@ %YAML 1.2 +# This file is managed in two places, please keep them synchronised: +# - https://infrastructure.fedoraproject.org/cgit/ansible.git/tree/roles/apps-fp-o/files/apps.yaml +# - https://github.com/fedora-infra/apps.fp.o/blob/develop/data/apps.yaml --- -name: Fedora Apps +name: Fedora Apps data: - description: > - This is a landing page for Fedora Apps. Fedora Infrastructure is - huge; this page details only the public facing portion of - it all. Explore! + description: > + This is a landing page for Fedora Apps. Fedora Infrastructure is + huge; this page details only the public facing portion of + it all. Explore! children: - - name: Accounts +- name: Accounts data: - description: > - Tools for everybody -- use these things to manage your Fedora - Account. + description: > + Tools for everybody -- use these things to manage your Fedora + Account. children: - - name: FedoraPeople + - name: Ambassadors Map data: - url: https://fedorapeople.org - user_url: https://{user}.fedorapeople.org - status_mappings: [people] - description: > - Being a community member you gain access to fedorapeople which - provides you with a space on the web where you can upload - files to share them with the community. - - name: Fedora Accounts + url: https://fedoraproject.org/membership-map/ambassadors.html + # TODO -- add source, bugs, and docs urls for this. + description: > + Ambassadors are the representatives of Fedora. Ambassadors + ensure the public understand Fedora's principles and the work + that Fedora is doing. Additionally Ambassadors are responsible + for helping to grow the contributor base, and to act as a + liaison between other FLOSS projects and the Fedora community. + + This thing is a map of where all the Fedora + Ambassadors live showing just how vibrant the Fedora + Community really is. (It's easy to add + yourself to the map too, if you can't find yourself on it.) + - name: FedoraPeople data: - url: https://accounts.fedoraproject.org/ - user_url: https://accounts.fedoraproject.org/user/{user} - source_url: https://github.com/fedora-infra/noggin/ - bugs_url: https://github.com/fedora-infra/noggin/issues/ - docs_url: https://noggin-aaa.readthedocs.io/en/latest/ - sops: - - https://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/fas-notes.html - - https://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/fas-openid.html - - https://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/accountdeletion.html - - https://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/nonhumanaccounts.html - status_mappings: [fas] - description: > - Fedora Accounts. Update your profile - information and apply for membership in groups. - - name: Notifications + url: https://fedorapeople.org + user_url: https://{user}.fedorapeople.org + status_mappings: ['people'] + description: > + Being a community member you gain access to fedorapeople which + provides you with a space on the web where you can upload + files to share them with the community. + - name: FAS data: - icon: fedmsg.png - url: https://notifications.fedoraproject.org/ - source_url: https://github.com/fedora-infra/fmn/ - bugs_url: https://github.com/fedora-infra/fmn/issues/ - docs_url: https://fmn.readthedocs.io/ - sops: [https://docs.fedoraproject.org/en-US/infra/sysadmin_guide/fmn/] - status_mappings: [fedmsg] - description: > - Centrally managed preferences for Fedora Infrastructure - notifications to your inbox, irc client, and mobile device. - - name: Badges - status_mappings: [badges] + url: https://admin.fedoraproject.org/accounts + user_url: https://admin.fedoraproject.org/accounts/user/view/{user} + source_url: https://github.com/fedora-infra/fas/ + bugs_url: https://github.com/fedora-infra/fas/issues/ + docs_url: https://github.com/fedora-infra/fas/blob/develop/README.rst + sops: + - https://infrastructure.fedoraproject.org/infra/docs/fas-notes.rst + - https://infrastructure.fedoraproject.org/infra/docs/fas-openid.rst + - https://infrastructure.fedoraproject.org/infra/docs/accountdeletion.rst + - https://infrastructure.fedoraproject.org/infra/docs/nonhumanaccounts.rst + status_mappings: ['fas'] + description: > + The Fedora Account System. Update your profile + information and apply for membership in groups. + - name: Notifications data: - icon: badges.png - url: https://badges.fedoraproject.org - user_url: https://badges.fedoraproject.org/user/{user} - source_url: https://github.com/fedora-infra/tahrir/ - bugs_url: https://github.com/fedora-infra/tahrir/issues/ - docs_url: https://tahrir.readthedocs.org/en/latest/ - sops: [https://infrastructure.fedoraproject.org/infra/docs/badges.rst] - description: > - An achievements system for Fedora Contributors! "Badges" - are awarded based on activity in the community. Can you - unlock them all? - You can export your badges to Mozilla's - Open Badges - Infrastructure - - name: Content + icon: fedmsg.png + url: https://apps.fedoraproject.org/notifications + source_url: https://github.com/fedora-infra/fmn/ + bugs_url: https://github.com/fedora-infra/fmn/issues/ + docs_url: https://github.com/fedora-infra/fmn/blob/develop/README.rst + sops: + - https://infrastructure.fedoraproject.org/infra/docs/fmn.rst + status_mappings: ['fedmsg'] + description: > + Centrally managed preferences for Fedora Infrastructure + notifications to your inbox, irc client, and mobile device. + - name: Badges + status_mappings: ['badges'] + data: + icon: badges.png + url: https://badges.fedoraproject.org + user_url: https://badges.fedoraproject.org/user/{user} + source_url: https://github.com/fedora-infra/tahrir/ + bugs_url: https://github.com/fedora-infra/tahrir/issues/ + docs_url: https://tahrir.readthedocs.org/en/latest/ + sops: + - https://infrastructure.fedoraproject.org/infra/docs/badges.rst + description: > + An achievements system for Fedora Contributors! "Badges" + are awarded based on activity in the community. Can you + unlock them all? + You can export your badges to Mozilla's + Open Badges + Infrastructure +- name: Content data: - description: > - Tools for wordsmiths -- the apps that store and archive the troves - of content that Fedora authors produce. Blog posts, the wiki, and - more.. + description: > + Tools for wordsmiths -- the apps that store and archive the troves + of content that Fedora authors produce. Blog posts, the wiki, and + more.. children: - - name: Ask Fedora + - name: Ask Fedora data: - icon: ask_fedora.png - url: https://ask.fedoraproject.org/ - source_url: https://github.com/askbot/askbot-devel - bugs_url: https://github.com/askbot/askbot-devel/issues/ - docs_url: http://askbot.org/doc/index.html - sops: [https://infrastructure.fedoraproject.org/infra/docs/askbot.rst] - status_mappings: [ask] - description: > - Any question at all about Fedora? Ask it here. - - name: The Wiki + icon: ask_fedora.png + url: https://ask.fedoraproject.org/ + source_url: https://github.com/askbot/askbot-devel + bugs_url: https://github.com/askbot/askbot-devel/issues/ + docs_url: http://askbot.org/doc/index.html + sops: + - https://infrastructure.fedoraproject.org/infra/docs/askbot.rst + status_mappings: ['ask'] + description: > + Any question at all about Fedora? Ask it here. + - name: The Wiki data: - icon: mediawiki.png - url: https://fedoraproject.org/wiki - user_url: https://fedoraproject.org/wiki/User:{user} - source_url: https://www.mediawiki.org/ - bugs_url: https://www.mediawiki.org/wiki/Phabricator#Get_started - docs_url: https://www.mediawiki.org/wiki/Sysadmin_hub - sops: [https://infrastructure.fedoraproject.org/infra/docs/wiki.rst] - status_mappings: [wiki] - description: > - Maintain your own user profile page, contribute to - documents about features, process, and governance. - - name: Fedora Magazine + icon: mediawiki.png + url: https://fedoraproject.org/wiki + user_url: https://fedoraproject.org/wiki/User:{user} + source_url: https://www.mediawiki.org/ + bugs_url: https://www.mediawiki.org/wiki/Phabricator#Get_started + docs_url: https://www.mediawiki.org/wiki/Sysadmin_hub + sops: + - https://infrastructure.fedoraproject.org/infra/docs/wiki.rst + status_mappings: ['wiki'] + description: > + Maintain your own user profile page, contribute to + documents about features, process, and governance. + - name: Fedora Magazine data: - icon: magazine.png - url: https://fedoramagazine.org - docs_url: https://codex.wordpress.org/ - # We don't have a SOP for the magazine yet. - # https://pagure.io/fedora-infrastructure/issue/5149 - # sops: - # - put the url here - description: > - Fedora Magazine is a WordPress-based site which delivers all - the news of the Fedora Community. (It replaces the previous - Fedora Weekly News.) - - name: The Planet + icon: magazine.png + url: http://fedoramagazine.org + docs_url: https://codex.wordpress.org/ + # We don't have a SOP for the magazine yet. + # https://fedorahosted.org/fedora-infrastructure/ticket/5149 + #sops: + # - put the url here + description: > + Fedora Magazine is a WordPress-based site which delivers all + the news of the Fedora Community. (It replaces the previous + Fedora Weekly News.) + - name: The Planet data: - icon: planet_logo.png - url: http://fedoraplanet.org - docs_url: https://www.intertwingly.net/code/venus/ - sops: - - https://infrastructure.fedoraproject.org/infra/docs/planetsubgroup.rst - description: > - The planet is a blog aggregator, a space accessible to you - as a community member where you can express your opinion and - talk about what you are doing for Fedora. - - name: Docs + icon: planet_logo.png + url: http://fedoraplanet.org + docs_url: http://www.intertwingly.net/code/venus/ + sops: + - https://infrastructure.fedoraproject.org/infra/docs/planetsubgroup.rst + description: > + The planet is a blog aggregator, a space accessible to you + as a community member where you can express your opinion and + talk about what you are doing for Fedora. + - name: Docs data: - url: https://docs.fedoraproject.org - status_mappings: [docs] - # TODO - add the docs_url. I asked pete travis for info on this - # docs_url: put the url here - # TODO - add a sop. - # https://pagure.io/fedora-infrastructure/issue/5150 - # sops: - # - add the sop url here. - description: > - RTFM! Everything you could ever want to know. - Probably the best place to find documentation about Fedora, - including the changes between releases (and a big kudos to - the translation teams to keep this resource up to date in - the different languages!) - - name: QA + url: https://docs.fedoraproject.org + status_mappings: ['docs'] + # TODO - add the docs_url. I asked pete travis for info on this + #docs_url: put the url here + # TODO - add a sop. + # https://fedorahosted.org/fedora-infrastructure/ticket/5150 + #sops: + # - add the sop url here. + description: > + RTFM! Everything you could ever want to know. + Probably the best place to find documentation about Fedora, + including the changes between releases (and a big kudos to + the translation teams to keep this resource up to date in + the different languages!) +- name: QA data: - description: > - Tools for testers -- the people who tell us its broken so we can - fix it. + description: > + Tools for testers -- the people who tell us its broken so we can + fix it. children: - - name: Problem Tracker + - name: Taskotron data: - url: https://retrace.fedoraproject.org - package_url: https://retrace.fedoraproject.org/faf/reports/?component_names={package} - source_url: https://github.com/abrt/retrace-server/ - bugs_url: https://github.com/abrt/retrace-server/issues - docs_url: https://abrt.readthedocs.org/en/latest/howitworks.html#faf - # TODO - write SOPs for this - # https://pagure.io/fedora-infrastructure/issue/5151 - # sops: - # - url goes here - # - and another one goes here - description: > - The Problem Tracker is a platform for collecting and - analyzing package crashes reported via ABRT (Automatic Bug - Reporting Tool). It makes it easy to see what problems - users are hitting the most, and allows you to filter them - by Fedora release, associate, or component. - - name: Blocker Bugs + icon: taskotron.png + url: https://taskotron.fedoraproject.org + package_url: https://taskotron.fedoraproject.org/resultsdb/results?item={package} + source_url: https://pagure.io/group/taskotron + bugs_url: https://pagure.io/group/taskotron + docs_url: https://taskotron.fedoraproject.org + sops: + - https://infrastructure.fedoraproject.org/infra/docs/taskotron.rst + - https://infrastructure.fedoraproject.org/infra/docs/resultsdb.rst + description: > + Taskotron is a framework for automated task execution. + It currently runs selected package checks in Fedora. + - name: Problem Tracker data: - url: https://qa.fedoraproject.org/blockerbugs - source_url: https://pagure.io/fedora-qa/blockerbugs - bugs_url: https://pagure.io/fedora-qa/blockerbugs - docs_url: https://tflink.fedorapeople.org/blockerbugs/docs/ - sops: - - https://infrastructure.fedoraproject.org/infra/docs/blockerbugs.rst - status_mappings: [blockerbugs] - description: > - The Fedora Blocker Bug Tracker tracks release blocking bugs - and related updates in Fedora releases currently under - development. - - name: Bugzilla + url: https://retrace.fedoraproject.org + package_url: https://retrace.fedoraproject.org/faf/reports/?component_names={package} + source_url: https://github.com/abrt/retrace-server/ + bugs_url: https://github.com/abrt/retrace-server/issues + docs_url: https://abrt.readthedocs.org/en/latest/howitworks.html#faf + # TODO - write SOPs for this + # https://fedorahosted.org/fedora-infrastructure/ticket/5151 + #sops: + # - url goes here + # - and another one goes here + description: > + The Problem Tracker is a platform for collecting and + analyzing package crashes reported via ABRT (Automatic Bug + Reporting Tool). It makes it easy to see what problems + users are hitting the most, and allows you to filter them + by Fedora release, associate, or component. + - name: Blocker Bugs data: - icon: bugzilla.png - url: https://bugzilla.redhat.com - package_url: > - https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Fedora&product=Fedora%20EPEL&query_format=advanced&component={package} - description: > - The Fedora Community makes use of a bugzilla instance - run by Red Hat. Notice something wrong with a Fedora - package? You can file an official bug here. - - name: Review Status + url: https://qa.fedoraproject.org/blockerbugs + source_url: https://pagure.io/fedora-qa/blockerbugs + bugs_url: https://pagure.io/fedora-qa/blockerbugs + docs_url: https://tflink.fedorapeople.org/blockerbugs/docs/ + sops: + - https://infrastructure.fedoraproject.org/infra/docs/blockerbugs.rst + status_mappings: ['blockerbugs'] + description: > + The Fedora Blocker Bug Tracker tracks release blocking bugs + and related updates in Fedora releases currently under + development. + - name: Bugzilla data: - url: https://fedoraproject.org/PackageReviewStatus/ - package_url: > - https://bugzilla.redhat.com/buglist.cgi?component=Package%20Review&query_format=advanced&short_desc_type=allwordssubstr&short_desc={package} - # TODO - write the SOP for this - # https://pagure.io/fedora-infrastructure/issue/5152 - # sops: - # - url goes here - description: > - These pages contain periodically generated reports with - information on the current state of all Fedora package review - tickets -- a super useful window on bugzilla. - - name: Kerneltest + icon: bugzilla.png + url: https://bugzilla.redhat.com + package_url: https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Fedora&product=Fedora%20EPEL&query_format=advanced&component={package} + description: > + The Fedora Community makes use of a bugzilla instance + run by Red Hat. Notice something wrong with a Fedora + package? You can file an official bug here. + - name: Review Status data: - icon: tux.png - url: https://apps.fedoraproject.org/kerneltest - source_url: https://github.com/jmflinuxtx/kerneltest-harness - bugs_url: https://github.com/jmflinuxtx/kerneltest-harness/issues - docs_url: https://fedoraproject.org/wiki/KernelTestingInitiative - sops: - - https://infrastructure.fedoraproject.org/infra/docs/kerneltest-harness.rst - description: > - As part of the kernel - testing initiative we provide a webapp where users and - automated systems can upload test results. If you have - access to hardware where we could catch tricky driver - issues, your assistance here would be much appreciated. - - name: Koschei + url: https://fedoraproject.org/PackageReviewStatus/ + package_url: https://bugzilla.redhat.com/buglist.cgi?component=Package%20Review&query_format=advanced&short_desc_type=allwordssubstr&short_desc={package} + # TODO - write the SOP for this + # https://fedorahosted.org/fedora-infrastructure/ticket/5152 + #sops: + # - url goes here + description: > + These pages contain periodically generated reports with + information on the current state of all Fedora package review + tickets -- a super useful window on bugzilla. + - name: Kerneltest data: - icon: koschei.png - url: https://koschei.fedoraproject.org/ - user_url: https://koschei.fedoraproject.org/user/{user} - package_url: https://koschei.fedoraproject.org/package/{package} - source_url: https://github.com/fedora-infra/koschei - bugs_url: https://github.com/fedora-infra/koschei/issues - docs_url: https://fedoraproject.org/wiki/Koschei - sops: [https://infrastructure.fedoraproject.org/infra/docs/koschei.rst] - status_mappings: [koschei] - description: > - Koschei is a continuous integration system for RPM packages. It - tracks dependency changes done in Koji repositories and rebuilds - packages whose dependencies change. It can help packagers to - detect failures early and provide relevant information to narrow - down the cause. - - name: Coordination + icon: tux.png + url: https://apps.fedoraproject.org/kerneltest + source_url: https://github.com/jmflinuxtx/kerneltest-harness + bugs_url: https://github.com/jmflinuxtx/kerneltest-harness/issues + docs_url: https://fedoraproject.org/wiki/KernelTestingInitiative + sops: + - https://infrastructure.fedoraproject.org/infra/docs/kerneltest-harness.rst + description: > + As part of the kernel + testing initiative we provide a webapp where users and + automated systems can upload test results. If you have + access to hardware where we could catch tricky driver + issues, your assistance here would be much appreciated. + - name: Koschei + data: + icon: koschei.png + url: https://apps.fedoraproject.org/koschei/ + user_url: https://apps.fedoraproject.org/koschei/user/{user} + package_url: https://apps.fedoraproject.org/koschei/package/{package} + source_url: https://github.com/msimacek/koschei + bugs_url: https://github.com/msimacek/koschei/issues + docs_url: https://fedoraproject.org/wiki/Koschei + sops: + - https://infrastructure.fedoraproject.org/infra/docs/koschei.rst + status_mappings: ['koschei'] + description: > + Koschei is a continuous integration system for RPM packages. It + tracks dependency changes done in Koji repositories and rebuilds + packages whose dependencies change. It can help packagers to + detect failures early and provide relevant information to narrow + down the cause. +- name: Coordination data: - description: > - Tools for people -- so we can talk to each other and share content - and ideas. + description: > + Tools for people -- so we can talk to each other and share content + and ideas. children: - - name: Asknot + - name: Asknot data: - url: https://whatcanidoforfedora.org - source_url: https://github.com/fedora-infra/asknot-ng - bugs_url: https://github.com/fedora-infra/asknot-ng/issues - docs_url: https://github.com/fedora-infra/asknot-ng/blob/develop/README.md - # TODO - write SOP for asknot-ng - # https://pagure.io/fedora-infrastructure/issue/5154 - # sops: - # - url goes here - status_mappings: [] - description: > - Ask not what Fedora can do for you, but what you can do for - Fedora? This site is a starting place for brand new - contributors to help them figure out where they can - hop on board! - - name: Elections + url: http://whatcanidoforfedora.org + source_url: https://github.com/fedora-infra/asknot-ng + bugs_url: https://github.com/fedora-infra/asknot-ng/issues + docs_url: https://github.com/fedora-infra/asknot-ng/blob/develop/README.md + # TODO - write SOP for asknot-ng + # https://fedorahosted.org/fedora-infrastructure/ticket/5154 + #sops: + # - url goes here + status_mappings: [] + description: > + Ask not what Fedora can do for you, but what you can do for + Fedora? This site is a starting place for brand new + contributors to help them figure out where they can + hop on board! + - name: Paste data: - url: https://elections.fedoraproject.org/ - source_url: https://github.com/fedora-infra/elections - bugs_url: https://github.com/fedora-infra/elections/issues - docs_url: https://github.com/fedora-infra/elections/blob/develop/README.md - sops: [https://infrastructure.fedoraproject.org/infra/docs/voting.rst] - status_mappings: [elections] - description: > - As a member of the community, you can now vote for the - different steering committees and for this you will use the - Election application. Voting is a right and a duty as a member - of the community; it is one of the things you can do to - influence the development of Fedora. - - name: The Mailing lists + url: https://paste.fedoraproject.org + source_url: https://github.com/sayakb/sticky-notes + # Theme is from https://github.com/athmane/sticky-notes-fedora-skin + bugs_url: https://github.com/sayakb/sticky-notes/pulls + docs_url: https://sayakb.github.io/sticky-notes/pages/home/ + sops: + - https://infrastructure.fedoraproject.org/infra/docs/fedorapastebin.rst + status_mappings: ['fedorapaste'] + description: > + Our very own pastebin server. If you yum install the + fpaste command, it will use this site + automatically. + - name: Elections data: - icon: hyperkitty.png - url: https://lists.fedoraproject.org - source_url: https://gitlab.com/mailman/hyperkitty - bugs_url: https://gitlab.com/mailman/hyperkitty/issues - docs_url: https://hyperkitty.readthedocs.org/en/latest/ - sops: [https://infrastructure.fedoraproject.org/infra/docs/mailman.rst] - status_mappings: [mailinglists] - description: > - Mailing lists are used for communication within the community. - There are lists for generic topics and lists more dedicated - to a specific topic, there is for sure one for you. - - name: FedoCal + url: https://admin.fedoraproject.org/voting + source_url: https://github.com/fedora-infra/elections + bugs_url: https://github.com/fedora-infra/elections/issues + docs_url: https://github.com/fedora-infra/elections/blob/develop/README.rst + sops: + - https://infrastructure.fedoraproject.org/infra/docs/voting.rst + status_mappings: ['elections'] + description: > + As a member of the community, you can now vote for the + different steering committees and for this you will use the + Election application. Voting is a right and a duty as a member + of the community; it is one of the things you can do to + influence the development of Fedora. + - name: Nuancier data: - icon: fedocal.png - url: https://calendar.fedoraproject.org/ - source_url: https://github.com/fedora-infra/fedocal - bugs_url: https://github.com/fedora-infra/fedocal/issues - docs_url: https://fedocal.readthedocs.org/en/latest/ - sops: [https://infrastructure.fedoraproject.org/infra/docs/fedocal.rst] - status_mappings: [fedocal] - description: > - The Fedora Calendar (or fedocal), you might - have already guessed, is a public calendar service. You can - create your own calendar, or subscribe to others. Want to - be kept abrest of releases, freezes, and events? This is - the tool for you. - - name: Meetbot + icon: nuancier.png + url: https://apps.fedoraproject.org/nuancier + source_url: https://github.com/fedora-infra/nuancier + bugs_url: https://github.com/fedora-infra/nuancier/issues + docs_url: https://nuancier.readthedocs.org/en/latest/ + sops: + - https://infrastructure.fedoraproject.org/infra/docs/nuancier.rst + description: > + Nuancier is a simple voting application for the + supplementary wallpapers included in Fedora. + - name: The Mailing lists data: - icon: meetbot.png - url: https://meetbot.fedoraproject.org - source_url: https://github.com/fedora-infra/mote - bugs_url: https://github.com/fedora-infra/mote/issues - docs_url: https://github.com/fedora-infra/mote/blob/master/README.md - sops: - - https://infrastructure.fedoraproject.org/infra/docs/mote.rst - - https://infrastructure.fedoraproject.org/infra/docs/zodbot.rst - status_mappings: [zodbot] - description: > - Fedora Infrastructure runs a friendly IRC bot that you may - know named zodbot. - Among its many and varied functions is logging IRC meetings, - the archives of which you can find here. - - name: Packaging + icon: hyperkitty.png + url: https://lists.fedoraproject.org + source_url: https://gitlab.com/mailman/hyperkitty + bugs_url: https://gitlab.com/mailman/hyperkitty/issues + docs_url: https://hyperkitty.readthedocs.org/en/latest/ + sops: + - https://infrastructure.fedoraproject.org/infra/docs/mailman.rst + status_mappings: ['mailinglists'] + description: > + Mailing lists are used for communication within the community. + There are lists for generic topics and lists more dedicated + to a specific topic, there is for sure one for you. + - name: FedoCal + data: + icon: fedocal.png + url: https://apps.fedoraproject.org/calendar + source_url: https://github.com/fedora-infra/fedocal + bugs_url: https://github.com/fedora-infra/fedocal/issues + docs_url: https://fedocal.readthedocs.org/en/latest/ + sops: + - https://infrastructure.fedoraproject.org/infra/docs/fedocal.rst + status_mappings: ['fedocal'] + description: > + The Fedora Calendar (or fedocal), you might + have already guessed, is a public calendar service. You can + create your own calendar, or subscribe to others. Want to + be kept abrest of releases, freezes, and events? This is + the tool for you. + - name: Meetbot + data: + icon: meetbot.png + url: https://meetbot.fedoraproject.org + source_url: https://github.com/fedora-infra/mote + bugs_url: https://github.com/fedora-infra/mote/issues + docs_url: https://github.com/fedora-infra/mote/blob/master/README.md + sops: + - https://infrastructure.fedoraproject.org/infra/docs/mote.rst + - https://infrastructure.fedoraproject.org/infra/docs/zodbot.rst + status_mappings: ['zodbot'] + description: > + Fedora Infrastructure runs a friendly IRC bot that you may + know named zodbot. + Among its many and varied functions is logging IRC meetings, + the archives of which you can find here. + +- name: Packaging data: - description: > - Tools for packagers -- where the pieces of the distribution get - built. + description: > + Tools for packagers -- where the pieces of the distribution get + built. + children: - - name: Packages - data: - url: https://packages.fedoraproject.org/ - package_url: https://apps.fedoraproject.org/packages/{package} - source_url: https://pagure.io/fedora-packages-static - bugs_url: https://pagure.io/fedora-packages-static/issues - docs_url: http://threebean.org/blog/history-of-fedora-packages/ - sops: - - https://infrastructure.fedoraproject.org/infra/docs/fedorapackages.rst - status_mappings: [packages] - description: > - A meta-app over the other packaging apps; the best place to - find out what is in the Fedora repositories. Which - packages are present in which version, who is maintaining - them, what patches have been applied, what bugs have been - reported against them. All these kind of questions can be - answered here. - It is sometimes called "Fedora Community v2" after the old - Fedora Community - site. - - name: COPR - data: - icon: copr.png - url: https://copr.fedoraproject.org - user_url: https://copr.fedoraproject.org/coprs/{user}/ - source_url: https://github.com/fedora-copr/copr - bugs_url: > - https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=POST&bug_status=MODIFIED&bug_status=ON_DEV&bug_status=ON_QA&bug_status=VERIFIED&bug_status=RELEASE_PENDING&classification=Community&list_id=4767864&product=Copr&query_format=advanced - docs_url: https://copr-backend.readthedocs.org/ - # Also: - # - https://copr-keygen.readthedocs.org/ - # - https://copr-rest-api.readthedocs.org/ - sops: [https://infrastructure.fedoraproject.org/infra/docs/copr.rst] - status_mappings: [copr] - description: > - Copr is an easy-to-use automatic build system providing a - package repository as its output. You can make your **own** repositories! - - name: Koji - data: - icon: koji.png - url: https://koji.fedoraproject.org/koji - package_url: > - https://koji.fedoraproject.org/koji/search?match=glob&type=package&terms={package} - user_url: https://koji.fedoraproject.org/koji/userinfo?userID={user} - source_url: https://pagure.io/koji - bugs_url: https://pagure.io/koji/issues - docs_url: https://koji.build/ - sops: - - https://infrastructure.fedoraproject.org/infra/docs/koji.rst - - https://infrastructure.fedoraproject.org/infra/docs/koji-builder-setup.rst - status_mappings: [koji] - description: > - Koji is the software that builds RPM packages for the - Fedora project. It uses Mock to create chroot - environments to perform builds that are both safe and - trusted. - - name: Bodhi - data: - icon: bodhi.png - url: https://admin.fedoraproject.org/updates - package_url: https://admin.fedoraproject.org/updates/{package} - user_url: https://admin.fedoraproject.org/updates/user/{user} - source_url: https://github.com/fedora-infra/bodhi - bugs_url: https://github.com/fedora-infra/bodhi/issues - docs_url: https://bodhi.fedoraproject.org/docs - sops: [https://infrastructure.fedoraproject.org/infra/docs/bodhi.rst] - status_mappings: [bodhi] - description: > - The tool you will use to push your packages to the Fedora - repositories as an update, first an update to be tested - (repository: updates-testing) then a stable update - (repository: updates). Behold -- the Magic - Cabbage. - - name: Package Sources - data: - icon: package-sources.png - url: https://src.fedoraproject.org/ - package_url: https://src.fedoraproject.org/rpms/{package} - source_url: https://pagure.io/pagure - bugs_url: https://pagure.io/pagure/issues - docs_url: https://pagure.io/docs/pagure/ - status_mappings: [pkgs] - description: > - Ever wonder exactly what is in the new release - of a Fedora package? This is where the change histories - of all the packages in Fedora for every release of - Fedora (and EPEL) are kept.. forever! A gold mine. - - name: Mdapi - data: - url: https://apps.fedoraproject.org/mdapi - description: > - mdapi is a small API exposing the metadata contained in - different RPM repositories. - - name: Upstream + - name: Packages + data: + url: https://apps.fedoraproject.org/packages + package_url: https://apps.fedoraproject.org/packages/{package} + source_url: https://github.com/fedora-infra/fedora-packages + bugs_url: https://github.com/fedora-infra/fedora-packages/issues + docs_url: http://threebean.org/blog/history-of-fedora-packages/ + sops: + - https://infrastructure.fedoraproject.org/infra/docs/fedorapackages.rst + status_mappings: ['packages'] + description: > + A meta-app over the other packaging apps; the best place to + find out what is in the Fedora repositories. Which + packages are present in which version, who is maintaining + them, what patches have been applied, what bugs have been + reported against them. All these kind of questions can be + answered here. + It is sometimes called "Fedora Community v2" after the old + Fedora Community site. + - name: Tagger + data: + icon: tagger.png + url: https://apps.fedoraproject.org/tagger + package_url: https://apps.fedoraproject.org/tagger/{package} + source_url: https://github.com/fedora-infra/fedora-tagger + bugs_url: https://github.com/fedora-infra/fedora-tagger/issues + docs_url: https://github.com/fedora-infra/fedora-tagger/blob/develop/README.rst + sops: + - https://infrastructure.fedoraproject.org/infra/docs/fedora-tagger.rst + status_mappings: ['tagger'] + description: > + Help build a tag cloud of all our packages.. It's actually + really useful. It'll help improve the search of the + "Packages" webapp. + - name: COPR + data: + icon: copr.png + url: https://copr.fedoraproject.org + user_url: https://copr.fedoraproject.org/coprs/{user}/ + source_url: https://github.com/fedora-copr/copr + bugs_url: https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=POST&bug_status=MODIFIED&bug_status=ON_DEV&bug_status=ON_QA&bug_status=VERIFIED&bug_status=RELEASE_PENDING&classification=Community&list_id=4767864&product=Copr&query_format=advanced + docs_url: https://copr-backend.readthedocs.org/ + # Also: + # - https://copr-keygen.readthedocs.org/ + # - https://copr-rest-api.readthedocs.org/ + sops: + - https://infrastructure.fedoraproject.org/infra/docs/copr.rst + status_mappings: ['copr'] + description: > + Copr is an easy-to-use automatic build system providing a + package repository as its output. You can make your **own** repositories! + - name: PkgDB + data: + url: https://admin.fedoraproject.org/pkgdb + user_url: https://admin.fedoraproject.org/pkgdb/packager/{user}/ + package_url: https://admin.fedoraproject.org/pkgdb/package/{package}/ + source_url: https://github.com/fedora-infra/pkgdb2 + bugs_url: https://github.com/fedora-infra/pkgdb2/issues + docs_url: https://pkgdb2.readthedocs.org/en/latest/ + sops: + - https://infrastructure.fedoraproject.org/infra/docs/packagedatabase.rst + status_mappings: ['pkgdb'] + description: > + Manage ACLs of your packages. + - name: Koji + data: + icon: koji.png + url: https://koji.fedoraproject.org/koji + package_url: https://koji.fedoraproject.org/koji/search?match=glob&type=package&terms={package} + user_url: https://koji.fedoraproject.org/koji/userinfo?userID={user} + source_url: https://pagure.io/koji + bugs_url: https://pagure.io/koji/issues + docs_url: https://koji.build/ + sops: + - https://infrastructure.fedoraproject.org/infra/docs/koji.rst + - https://infrastructure.fedoraproject.org/infra/docs/koji-builder-setup.rst + status_mappings: ['koji'] + description: > + Koji is the software that builds RPM packages for the + Fedora project. It uses Mock to create chroot + environments to perform builds that are both safe and + trusted. + - name: Bodhi + data: + icon: bodhi.png + url: https://admin.fedoraproject.org/updates + package_url: https://admin.fedoraproject.org/updates/{package} + user_url: https://admin.fedoraproject.org/updates/user/{user} + source_url: https://github.com/fedora-infra/bodhi + bugs_url: https://github.com/fedora-infra/bodhi/issues + docs_url: https://bodhi.fedoraproject.org/docs + sops: + - https://infrastructure.fedoraproject.org/infra/docs/bodhi.rst + status_mappings: ['bodhi'] + description: > + The tool you will use to push your packages to the Fedora + repositories as an update, first an update to be tested + (repository: updates-testing) then a stable update + (repository: updates). Behold -- the Magic + Cabbage. + - name: SCM + data: + icon: git-logo.png + url: https://src.fedoraproject.org/cgit + package_url: https://src.fedoraproject.org/cgit/{package}.git + source_url: https://github.com/sitaramc/gitolite + bugs_url: http://gitolite.com/gitolite/#contact + docs_url: https://github.com/sitaramc/gitolite#readme + sops: + - https://infrastructure.fedoraproject.org/infra/docs/scmadmin.rst + status_mappings: ['pkgs'] + description: > + Ever wonder exactly what is in the new release + of a Fedora package? This is where the change histories + of all the packages in Fedora for every release of + Fedora (and EPEL) are kept.. forever! A gold mine. + - name: Darkserver + data: + url: https://darkserver.fedoraproject.org + source_url: https://github.com/kushaldas/darkserver + bugs_url: https://github.com/kushaldas/darkserver/issues + docs_url: https://fedoraproject.org/wiki/Darkserver + sops: + - https://infrastructure.fedoraproject.org/infra/docs/darkserver.rst + status_mappings: ['darkserver'] + description: > + A set of tools and JSON service to help userspace developers + to debug their applications and libraries. People are be + able query the service based on build-id(s) + or rpm package names. + + You can read more about why you + might want to use it or you can just click below to... + - name: Mdapi + data: + url: https://apps.fedoraproject.org/mdapi + description: > + mdapi is a small API exposing the metadata contained in + different RPM repositories. + +- name: Upstream data: - description: > - Tools for upstream - developers -- because we love you. + description: > + Tools for upstream + developers -- because we love you. + children: - - name: Release Monitoring + - name: Release Monitoring data: - url: https://release-monitoring.org - package_url: https://release-monitoring.org/projects/search/?pattern={package} - source_url: https://github.com/fedora-infra/anitya - bugs_url: https://github.com/fedora-infra/anitya/issues - docs_url: https://fedoraproject.org/wiki/Upstream_release_monitoring - # TODO - write sops for anitya and the-new-hotness - # https://pagure.io/fedora-infrastructure/issue/5157 - # sops: - # - https://infrastructure.fedoraproject.org/infra/docs/anitya.rst - # - https://infrastructure.fedoraproject.org/infra/docs/hotness.rst - description: > - Code named anitya, this - project is slated to replace the - old wiki page for Upstream Release Monitoring. It will - track upstream tarball locations and publish notifications to - the fedmsg bus when new ones are found. Other daemons will - then be responsible for filing bugs, attempting to - automatically build packages, perform some preliminary QA - checks, etc.. - - name: Webhook to Fedora Messaging + url: https://release-monitoring.org + package_url: https://release-monitoring.org/projects/search/?pattern={package} + source_url: https://github.com/fedora-infra/anitya + bugs_url: https://github.com/fedora-infra/anitya/issues + docs_url: https://fedoraproject.org/wiki/Upstream_release_monitoring + # TODO - write sops for anitya and the-new-hotness + # https://fedorahosted.org/fedora-infrastructure/ticket/5157 + #sops: + # - https://infrastructure.fedoraproject.org/infra/docs/anitya.rst + # - https://infrastructure.fedoraproject.org/infra/docs/hotness.rst + description: > + Code named anitya, this + project is slated to replace the + old wiki page for Upstream Release Monitoring. It will + track upstream tarball locations and publish notifications to + the fedmsg bus when new ones are found. Other daemons will + then be responsible for filing bugs, attempting to + automatically build packages, perform some preliminary QA + checks, etc.. + - name: github2fedmsg data: - url: https://webhook.fedoraproject.org/ - source_url: https://github.com/fedora-infra/webhook-to-fedora-messaging - bugs_url: https://github.com/fedora-infra/webhook-to-fedora-messaging/issues - docs_url: > - https://github.com/fedora-infra/webhook-to-fedora-messaging/ - sops: - - https://docs.fedoraproject.org/en-US/infra/sysadmin_guide/webhook2fedmsg/ - description: > - Webhook to Fedora Messaging is a web service that bridges upstream - activity into the Fedora Infrastructure message bus. Visit the self-service - dashboard to add your application. - - name: Pagure + icon: github.png + url: https://apps.fedoraproject.org/github2fedmsg + source_url: https://github.com/fedora-infra/github2fedmsg + bugs_url: https://github.com/fedora-infra/github2fedmsg/issues + docs_url: https://github.com/fedora-infra/github2fedmsg/blob/develop/README.rst#github2fedmsg + sops: + - https://infrastructure.fedoraproject.org/infra/docs/github2fedmsg.rst + status_mappings: ['fedmsg'] + description: > + github2fedmsg is a web service that bridges upstream + development activity from GitHub into the Fedora Infrastructure message + bus. Visit the self-service dashboard to toggle the + status of your repositories. + - name: Fedora Hosted data: - icon: pagure.png - url: https://pagure.io/ - status_mappings: [pagure] - description: > - Pagure is a git-centered forge, python based using pygit2. - With pagure you can host your project with its documentation, - let your users report issues or request enhancements using - the ticketing system and build your community of contributors - by allowing them to fork your projects and contribute to it - via the now-popular pull-request mechanism. - - name: Infrastructure + icon: trac.png + url: https://fedorahosted.org + source_url: https://trac.edgewall.org/browser + bugs_url: https://trac.edgewall.org/report + docs_url: https://trac.edgewall.org/wiki/TracGuide + sops: + - https://infrastructure.fedoraproject.org/infra/docs/fedorahosted.rst + - https://infrastructure.fedoraproject.org/infra/docs/fedorahosted-fedmsg.rst + - https://infrastructure.fedoraproject.org/infra/docs/fedorahosted-project-cleanup.rst + - https://infrastructure.fedoraproject.org/infra/docs/fedorahosted-repo-setup.rst + - https://infrastructure.fedoraproject.org/infra/docs/fedorahostedrename.rst + - https://infrastructure.fedoraproject.org/infra/docs/hosted_git_to_svn.rst + status_mappings: ['fedorahosted'] + description: > + Fedora is dedicated to open source software. This + commitment can extend beyond regular Fedora offerings.
+ Fedora Hosted is our most feature rich + hosting solution. It includes an scm, trac instance, + release dir, account system for access control, etc. + This is our most common hosting option. When most groups + want hosting, this is what they want. + - name: Pagure + data: + icon: pagure.png + url: https://pagure.io/ + status_mappings: ['pagure'] + description: > + Pagure is a git-centered forge, python based using pygit2. + With pagure you can host your project with its documentation, + let your users report issues or request enhancements using + the ticketing system and build your community of contributors + by allowing them to fork your projects and contribute to it + via the now-popular pull-request mechanism. + +- name: Infrastructure data: - description: > - Tools for sysadmins -- the people who run the servers that run - Fedora (and otherwise). + description: > + Tools for sysadmins -- the people who run the servers that run + Fedora (and otherwise). children: - - name: GeoIP + - name: GeoIP data: - url: https://geoip.fedoraproject.org - source_url: https://github.com/fedora-infra/geoip-city-wsgi - bugs_url: https://github.com/fedora-infra/geoip-city-wsgi/issues - docs_url: https://github.com/fedora-infra/geoip-city-wsgi/blob/master/geoip-city.wsgi - # TODO - write a sop for this thing - # https://pagure.io/fedora-infrastructure/issue/5159 - # sops: - # - https://infrastructure.fedoraproject.org/infra/docs/geoip.rst - description: > - A simple web service running geoip-city-wsgi - that will return geoip information to you. - - name: Easyfix + url: https://geoip.fedoraproject.org + source_url: https://github.com/fedora-infra/geoip-city-wsgi + bugs_url: https://github.com/fedora-infra/geoip-city-wsgi/issues + docs_url: https://github.com/fedora-infra/geoip-city-wsgi/blob/master/geoip-city.wsgi + # TODO - write a sop for this thing + # https://fedorahosted.org/fedora-infrastructure/ticket/5159 + #sops: + # - https://infrastructure.fedoraproject.org/infra/docs/geoip.rst + description: > + A simple web service running geoip-city-wsgi + that will return geoip information to you. + - name: Easyfix data: - url: https://fedoraproject.org/easyfix - source_url: https://github.com/fedora-infra/fedora-gather-easyfix - bugs_url: https://github.com/fedora-infra/fedora-gather-easyfix/issues - docs_url: https://github.com/fedora-infra/fedora-gather-easyfix/blob/master/README - sops: - - https://infrastructure.fedoraproject.org/infra/docs/gather-easyfix.rst - description: > - A list of easy-to-fix problems for the different projects in - Fedora. Interested in getting into helping out with sysadmin - work or web application development? This should be useful - to you. - - name: DataGrepper + url: https://fedoraproject.org/easyfix + source_url: https://github.com/fedora-infra/fedora-gather-easyfix + bugs_url: https://github.com/fedora-infra/fedora-gather-easyfix/issues + docs_url: https://github.com/fedora-infra/fedora-gather-easyfix/blob/master/README + sops: + - https://infrastructure.fedoraproject.org/infra/docs/gather-easyfix.rst + description: > + A list of easy-to-fix problems for the different projects in + Fedora. Interested in getting into helping out with sysadmin + work or web application development? This should be useful + to you. + - name: DataGrepper data: - icon: fedmsg.png - url: https://apps.fedoraproject.org/datagrepper - package_url: https://apps.fedoraproject.org/datagrepper/raw?package={package} - user_url: https://apps.fedoraproject.org/datagrepper/raw?user={user} - source_url: https://github.com/fedora-infra/datagrepper - bugs_url: https://github.com/fedora-infra/datagrepper/issues - docs_url: https://github.com/fedora-infra/datagrepper/blob/develop/README.rst - sops: [https://infrastructure.fedoraproject.org/infra/docs/datanommer.rst] - status_mappings: [fedmsg] - description: > - DataGrepper is an HTTP API for querying the datanommer - database. You can use it to dig into the history of the - fedmsg message bus. You - can grab events by username, by package, by message - source, by topic... you name it. - - name: Status + icon: fedmsg.png + url: https://apps.fedoraproject.org/datagrepper + package_url: https://apps.fedoraproject.org/datagrepper/raw?package={package} + user_url: https://apps.fedoraproject.org/datagrepper/raw?user={user} + source_url: https://github.com/fedora-infra/datagrepper + bugs_url: https://github.com/fedora-infra/datagrepper/issues + docs_url: https://github.com/fedora-infra/datagrepper/blob/develop/README.rst + sops: + - https://infrastructure.fedoraproject.org/infra/docs/datanommer.rst + status_mappings: ['fedmsg'] + description: > + DataGrepper is an HTTP API for querying the datanommer + database. You can use it to dig into the history of the + fedmsg message bus. You + can grab events by username, by package, by message + source, by topic... you name it. + + - name: Status data: - icon: status-good.png - url: http://www.fedorastatus.org - source_url: https://github.com/fedora-infra/statusfpo/ - bugs_url: https://github.com/fedora-infra/statusfpo/issues - docs_url: https://github.com/fedora-infra/statusfpo/README - sops: - - https://infrastructure.fedoraproject.org/infra/docs/status-fedora.rst - description: > - Sometimes the Fedora Infrastructure team messes up (or - lightning strikes our datacenter(s)). Sorry about that. - You can use this website to check the status. Is it - "down for everyone, or just me?"
Notice the favicon - in your browser tab. It changes based on the status, - so if you keep this open you can check back to it at a - glance. - - name: MirrorManager + icon: status-good.png + url: http://status.fedoraproject.org + source_url: https://git.fedorahosted.org/git/fedora-status.git + bugs_url: https://fedorahosted.org/fedora-infrastructure/newticket + docs_url: https://git.fedorahosted.org/cgit/fedora-status.git/tree/README + sops: + - https://infrastructure.fedoraproject.org/infra/docs/status-fedora.rst + description: > + Sometimes the Fedora Infrastructure team messes up (or + lightning strikes our datacenter(s)). Sorry about that. + You can use this website to check the status. Is it + "down for everyone, or just me?"
Notice the favicon + in your browser tab. It changes based on the status, + so if you keep this open you can check back to it at a + glance. + - name: MirrorManager data: - icon: downloads.png - url: https://mirrors.fedoraproject.org - source_url: https://github.com/fedora-infra/mirrormanager2 - bugs_url: https://github.com/fedora-infra/mirrormanager2/issues - docs_url: https://mirrormanager.readthedocs.org/en/latest/ - sops: - - https://infrastructure.fedoraproject.org/infra/docs/mirrormanager.rst - - https://infrastructure.fedoraproject.org/infra/docs/mastermirror.rst - - https://infrastructure.fedoraproject.org/infra/docs/mirrorhiding.rst - - https://infrastructure.fedoraproject.org/infra/docs/mirrormanager-S3-EC2-netblocks.rst - status_mappings: [mirrormanager, mirrorlist] - description: > - Fedora is distributed to millions of systems globally. - This would not be possible without the donations of time, - disk space, and bandwidth by hundreds of volunteer system - administrators and their companies or institutions. Your - fast download experience is made possible by these - donations. The list on the MirrorManager - site is dynamically generated every hour, listing only - up-to-date mirrors. - - name: Nagios + icon: downloads.png + url: https://mirrors.fedoraproject.org + source_url: https://github.com/fedora-infra/mirrormanager2 + bugs_url: https://github.com/fedora-infra/mirrormanager2/issues + docs_url: https://mirrormanager.readthedocs.org/en/latest/ + sops: + - https://infrastructure.fedoraproject.org/infra/docs/mirrormanager.rst + - https://infrastructure.fedoraproject.org/infra/docs/mastermirror.rst + - https://infrastructure.fedoraproject.org/infra/docs/mirrorhiding.rst + - https://infrastructure.fedoraproject.org/infra/docs/mirrormanager-S3-EC2-netblocks.rst + status_mappings: ['mirrormanager', 'mirrorlist'] + description: > + Fedora is distributed to millions of systems globally. + This would not be possible without the donations of time, + disk space, and bandwidth by hundreds of volunteer system + administrators and their companies or institutions. Your + fast download experience is made possible by these + donations. The list on the MirrorManager + site is dynamically generated every hour, listing only + up-to-date mirrors. + - name: Nagios data: - icon: nagios-logo.png - url: https://admin.fedoraproject.org/nagios - source_url: https://github.com/NagiosEnterprises/nagioscore - bugs_url: https://pagure.io/fedora-infrastructure/issues - docs_url: https://www.nagios.org/documentation/ - sops: [https://infrastructure.fedoraproject.org/infra/docs/nagios.rst] - description: > - "Is telia down?" The answer can most definitively be - found here (and in detail). The Fedora Infrastructure - team uses Nagios to monitor the servers that serve - Fedora. Accessing most details requires membership - in the sysadmin group. - - name: Collectd + icon: nagios-logo.png + url: https://admin.fedoraproject.org/nagios + source_url: https://github.com/NagiosEnterprises/nagioscore + bugs_url: https://fedorahosted.org/fedora-infrastructure/newticket + docs_url: https://www.nagios.org/documentation/ + sops: + - https://infrastructure.fedoraproject.org/infra/docs/nagios.rst + description: > + "Is telia down?" The answer can most definitively be + found here (and in detail). The Fedora Infrastructure + team uses Nagios to monitor the servers that serve + Fedora. Accessing most details requires membership + in the sysadmin group. + - name: Collectd data: - icon: collectd.png - url: https://admin.fedoraproject.org/collectd/ - source_url: https://github.com/collectd/collectd - bugs_url: https://github.com/collectd/collectd/issues - docs_url: https://collectd.org/documentation.shtml - sops: [https://infrastructure.fedoraproject.org/infra/docs/collectd.rst] - description: > - Tracks and displays statistics on the Fedora - Infrastructure machines over time. Useful for debugging - ineffeciencies and problems. - - name: HAProxy + icon: collectd.png + url: https://admin.fedoraproject.org/collectd/ + source_url: https://github.com/collectd/collectd + bugs_url: https://github.com/collectd/collectd/issues + docs_url: https://collectd.org/documentation.shtml + sops: + - https://infrastructure.fedoraproject.org/infra/docs/collectd.rst + description: > + Tracks and displays statistics on the Fedora + Infrastructure machines over time. Useful for debugging + ineffeciencies and problems. + - name: HAProxy data: - url: https://admin.fedoraproject.org/haproxy/proxy1 - source_url: https://git.haproxy.org/ - bugs_url: https://www.haproxy.org/knownbugs-1.3.html - docs_url: https://www.haproxy.org/#docs - sops: [https://infrastructure.fedoraproject.org/infra/docs/haproxy.rst] - description: > - Shows the health of our proxies. How many bytes? - Concurrent sessions? Health checks? - - name: In Development + url: https://admin.fedoraproject.org/haproxy/proxy1 + source_url: https://git.haproxy.org/ + bugs_url: https://www.haproxy.org/knownbugs-1.3.html + docs_url: https://www.haproxy.org/#docs + sops: + - https://infrastructure.fedoraproject.org/infra/docs/haproxy.rst + description: > + Shows the health of our proxies. How many bytes? + Concurrent sessions? Health checks? +- name: In Development data: - description: > - These are the apps that we're working on, but that aren't quite - ready for prime-time yet. Try and use them, and report bugs when - they're broken -- it's a big help!. - Check back here from time to time, as this section will change. + description: > + These are the apps that we're working on, but that aren't quite + ready for prime-time yet. Try and use them, and report bugs when + they're broken -- it's a big help!. + Check back here from time to time, as this section will change. children: - - name: Ipsilon + - name: Product Definition Center data: - url: https://pagure.io/ipsilon - description: >- - Ipsilon is our central authentication agent that is used to - authenticate users agains FAS. It is seperate from FAS. The - only service that is not using this currently is the wiki. - It is a web service that is presented via httpd and is load - balanced by our standard haproxy setup. + url: https://pdc.fedoraproject.org/ + source_url: https://github.com/product-definition-center/product-definition-center + bugs_url: https://github.com/product-definition-center/product-definition-center/issues + # Also, https://fedoraproject.org/wiki/Changes/PDC + docs_url: https://github.com/product-definition-center/product-definition-center/issues/303 + sops: + - https://infrastructure.fedoraproject.org/infra/docs/pdc.rst + description: > + The Product Definition Center (PDC) is a new app we're working + on which will track 1) all of the artifacts that release + engineering *should* be producing and 2) all of the artifacts + taht release engineering *did* produce. The web interface isn't + much to write home about, but the API is where it's at. + - name: Jenkins + data: + url: https://jenkins.fedorainfracloud.org + description: > + Our own continuous integration (CI) service! It works now and + you can use it.. we just don't yet give it the same kind of + guarantees that we give our other apps. Look forwards to us + promoting it soon.. + - name: faitout + data: + url: http://faitout.fedorainfracloud.org/ + description: > + Provides access to temporary postgresql databases. This + database can be used for unit-test thus reducing the + differences between testing and production environment. + - name: Taiga + data: + icon: taiga.png + url: https://taiga.fedorainfracloud.org/ + description: > + Taiga is a very pretty project management platform that we've + been messing around with. Feel free to use it. We backup the + database, but we don't necessarily support it yet with the same + kind of focus that we dedicate to our other services. If you + run into problems with it, let us know! + - name: Ipsilon + data: + icon: + url: https://infrastructure.fedoraproject.org/infra/docs/ipsilon.rst + Description: + Ipsilon is our central authentication agent that is used to + authenticate users agains FAS. It is seperate from FAS. The + only service that is not using this currently is the wiki. + It is a web service that is presented via httpd and is load + balanced by our standard haproxy setup. diff --git a/roles/apps-fp-o/files/fedmenu-staging/js/fedmenu.js b/roles/apps-fp-o/files/fedmenu-staging/js/fedmenu.js index 4509cee2e4..5c78cab8cd 100644 --- a/roles/apps-fp-o/files/fedmenu-staging/js/fedmenu.js +++ b/roles/apps-fp-o/files/fedmenu-staging/js/fedmenu.js @@ -66,7 +66,6 @@ var fedmenu = function(options) { $(document).ready(function() { $('body', c).append('
'); $('#fedmenu-main-content', c).append(""); $('#fedmenu-main-content', c).append("

Fedora Infrastructure Apps

"); - $('#fedmenu-main-content', c).append("

Legal

"); } $("#fedmenu-main-content", c).append(html); }; diff --git a/roles/apps-fp-o/files/fedmenu/js/fedmenu.js b/roles/apps-fp-o/files/fedmenu/js/fedmenu.js index 4509cee2e4..5c78cab8cd 100644 --- a/roles/apps-fp-o/files/fedmenu/js/fedmenu.js +++ b/roles/apps-fp-o/files/fedmenu/js/fedmenu.js @@ -66,7 +66,6 @@ var fedmenu = function(options) { $(document).ready(function() { $('body', c).append('
'); $('#fedmenu-main-content', c).append(""); $('#fedmenu-main-content', c).append("

Fedora Infrastructure Apps

"); - $('#fedmenu-main-content', c).append("

Legal

"); } $("#fedmenu-main-content", c).append(html); }; diff --git a/roles/apps-fp-o/files/global/README b/roles/apps-fp-o/files/global/README index df4ef67628..fd923187ce 100644 --- a/roles/apps-fp-o/files/global/README +++ b/roles/apps-fp-o/files/global/README @@ -9,11 +9,3 @@ fedora apps. - The bootstrap-fedora* folders contain an old, deprecated fedora bootstrap theme (ask @ralph) - ---- -ryanlerch 24/04/2023 -legacy-static contains some old CSS / images that was previously hosted on -fedoraproject.org/static/ but is now here. the last three sites to use this are -* https://fedoraproject.org/easyfix/ -* https://torrent.fedoraproject.org -* https://admin.fedoraproject.org/fingerprints diff --git a/roles/apps-fp-o/files/global/fedora-bootstrap-1.1.1/fedora-bootstrap.css b/roles/apps-fp-o/files/global/fedora-bootstrap-1.1.1/fedora-bootstrap.css deleted file mode 100644 index ec70b8c6fb..0000000000 --- a/roles/apps-fp-o/files/global/fedora-bootstrap-1.1.1/fedora-bootstrap.css +++ /dev/null @@ -1,6293 +0,0 @@ -/*fedora-bootstrap v1.1.1 -- https://pagure.io/fedora-bootstrap */ -/*! - * Bootstrap v4.0.0-beta (https://getbootstrap.com) - * Copyright 2011-2017 The Bootstrap Authors - * Copyright 2011-2017 Twitter, Inc. - * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) - */ -@media print { - *, - *::before, - *::after { - text-shadow: none !important; - box-shadow: none !important; } - a, - a:visited { - text-decoration: underline; } - abbr[title]::after { - content: " (" attr(title) ")"; } - pre { - white-space: pre-wrap !important; } - pre, - blockquote { - border: 1px solid #999; - page-break-inside: avoid; } - thead { - display: table-header-group; } - tr, - img { - page-break-inside: avoid; } - p, - h2, - h3 { - orphans: 3; - widows: 3; } - h2, - h3 { - page-break-after: avoid; } - .navbar { - display: none; } - .badge { - border: 1px solid #000; } - .table { - border-collapse: collapse !important; } - .table td, - .table th { - background-color: #fff !important; } - .table-bordered th, - .table-bordered td { - border: 1px solid #ddd !important; } } - -html { - box-sizing: border-box; - font-family: sans-serif; - line-height: 1.15; - -webkit-text-size-adjust: 100%; - -ms-text-size-adjust: 100%; - -ms-overflow-style: scrollbar; - -webkit-tap-highlight-color: transparent; } - -*, -*::before, -*::after { - box-sizing: inherit; } - -@-ms-viewport { - width: device-width; } - -article, aside, dialog, figcaption, figure, footer, header, hgroup, main, nav, section { - display: block; } - -body { - margin: 0; - font-family: "Open Sans"; - font-size: 1rem; - font-weight: normal; - line-height: 1.5; - color: #212529; - background-color: #fff; } - -[tabindex="-1"]:focus { - outline: none !important; } - -hr { - box-sizing: content-box; - height: 0; - overflow: visible; } - -h1, h2, h3, h4, h5, h6 { - margin-top: 0; - margin-bottom: .5rem; } - -p { - margin-top: 0; - margin-bottom: 1rem; } - -abbr[title], -abbr[data-original-title] { - text-decoration: underline; - text-decoration: underline dotted; - cursor: help; - border-bottom: 0; } - -address { - margin-bottom: 1rem; - font-style: normal; - line-height: inherit; } - -ol, -ul, -dl { - margin-top: 0; - margin-bottom: 1rem; } - -ol ol, -ul ul, -ol ul, -ul ol { - margin-bottom: 0; } - -dt { - font-weight: bold; } - -dd { - margin-bottom: .5rem; - margin-left: 0; } - -blockquote { - margin: 0 0 1rem; } - -dfn { - font-style: italic; } - -b, -strong { - font-weight: bolder; } - -small { - font-size: 80%; } - -sub, -sup { - position: relative; - font-size: 75%; - line-height: 0; - vertical-align: baseline; } - -sub { - bottom: -.25em; } - -sup { - top: -.5em; } - -a { - color: #3c6eb4; - text-decoration: none; - background-color: transparent; - -webkit-text-decoration-skip: objects; } - a:hover { - color: #294b7b; - text-decoration: underline; } - -a:not([href]):not([tabindex]) { - color: inherit; - text-decoration: none; } - a:not([href]):not([tabindex]):focus, a:not([href]):not([tabindex]):hover { - color: inherit; - text-decoration: none; } - a:not([href]):not([tabindex]):focus { - outline: 0; } - -pre, -code, -kbd, -samp { - font-family: monospace, monospace; - font-size: 1em; } - -pre { - margin-top: 0; - margin-bottom: 1rem; - overflow: auto; } - -figure { - margin: 0 0 1rem; } - -img { - vertical-align: middle; - border-style: none; } - -svg:not(:root) { - overflow: hidden; } - -a, -area, -button, -[role="button"], -input, -label, -select, -summary, -textarea { - touch-action: manipulation; } - -table { - border-collapse: collapse; } - -caption { - padding-top: 0.75rem; - padding-bottom: 0.75rem; - color: #868e96; - text-align: left; - caption-side: bottom; } - -th { - text-align: left; } - -label { - display: inline-block; - margin-bottom: .5rem; } - -button:focus { - outline: 1px dotted; - outline: 5px auto -webkit-focus-ring-color; } - -input, -button, -select, -optgroup, -textarea { - margin: 0; - font-family: inherit; - font-size: inherit; - line-height: inherit; } - -button, -input { - overflow: visible; } - -button, -select { - text-transform: none; } - -button, -html [type="button"], -[type="reset"], -[type="submit"] { - -webkit-appearance: button; } - -button::-moz-focus-inner, -[type="button"]::-moz-focus-inner, -[type="reset"]::-moz-focus-inner, -[type="submit"]::-moz-focus-inner { - padding: 0; - border-style: none; } - -input[type="radio"], -input[type="checkbox"] { - box-sizing: border-box; - padding: 0; } - -input[type="date"], -input[type="time"], -input[type="datetime-local"], -input[type="month"] { - -webkit-appearance: listbox; } - -textarea { - overflow: auto; - resize: vertical; } - -fieldset { - min-width: 0; - padding: 0; - margin: 0; - border: 0; } - -legend { - display: block; - width: 100%; - max-width: 100%; - padding: 0; - margin-bottom: .5rem; - font-size: 1.5rem; - line-height: inherit; - color: inherit; - white-space: normal; } - -progress { - vertical-align: baseline; } - -[type="number"]::-webkit-inner-spin-button, -[type="number"]::-webkit-outer-spin-button { - height: auto; } - -[type="search"] { - outline-offset: -2px; - -webkit-appearance: none; } - -[type="search"]::-webkit-search-cancel-button, -[type="search"]::-webkit-search-decoration { - -webkit-appearance: none; } - -::-webkit-file-upload-button { - font: inherit; - -webkit-appearance: button; } - -output { - display: inline-block; } - -summary { - display: list-item; } - -template { - display: none; } - -[hidden] { - display: none !important; } - -h1, h2, h3, h4, h5, h6, -.h1, .h2, .h3, .h4, .h5, .h6 { - margin-bottom: 0.5rem; - font-family: inherit; - font-weight: 500; - line-height: 1.1; - color: inherit; } - -h1, .h1 { - font-size: 2rem; } - -h2, .h2 { - font-size: 1.75rem; } - -h3, .h3 { - font-size: 1.5rem; } - -h4, .h4 { - font-size: 1.25rem; } - -h5, .h5 { - font-size: 1rem; } - -h6, .h6 { - font-size: 1rem; } - -.lead { - font-size: 1.25rem; - font-weight: 300; } - -.display-1 { - font-size: 6rem; - font-weight: 300; - line-height: 1.1; } - -.display-2 { - font-size: 5.5rem; - font-weight: 300; - line-height: 1.1; } - -.display-3 { - font-size: 4.5rem; - font-weight: 300; - line-height: 1.1; } - -.display-4 { - font-size: 3.5rem; - font-weight: 300; - line-height: 1.1; } - -hr { - margin-top: 1rem; - margin-bottom: 1rem; - border: 0; - border-top: 1px solid rgba(0, 0, 0, 0.1); } - -small, -.small { - font-size: 80%; - font-weight: normal; } - -mark, -.mark { - padding: 0.2em; - background-color: #fcf8e3; } - -.list-unstyled { - padding-left: 0; - list-style: none; } - -.list-inline { - padding-left: 0; - list-style: none; } - -.list-inline-item { - display: inline-block; } - .list-inline-item:not(:last-child) { - margin-right: 5px; } - -.initialism { - font-size: 90%; - text-transform: uppercase; } - -.blockquote { - margin-bottom: 1rem; - font-size: 1.25rem; } - -.blockquote-footer { - display: block; - font-size: 80%; - color: #868e96; } - .blockquote-footer::before { - content: "\2014 \A0"; } - -.img-fluid { - max-width: 100%; - height: auto; } - -.img-thumbnail { - padding: 0.25rem; - background-color: #fff; - border: 1px solid #ddd; - border-radius: 0.25rem; - transition: all 0.2s ease-in-out; - max-width: 100%; - height: auto; } - -.figure { - display: inline-block; } - -.figure-img { - margin-bottom: 0.5rem; - line-height: 1; } - -.figure-caption { - font-size: 90%; - color: #868e96; } - -code, -kbd, -pre, -samp { - font-family: "Hack", monospace; } - -code { - padding: 0.2rem 0.4rem; - font-size: 90%; - color: #bd4147; - background-color: #f8f9fa; - border-radius: 0.25rem; } - a > code { - padding: 0; - color: inherit; - background-color: inherit; } - -kbd { - padding: 0.2rem 0.4rem; - font-size: 90%; - color: #fff; - background-color: #212529; - border-radius: 0.2rem; } - kbd kbd { - padding: 0; - font-size: 100%; - font-weight: bold; } - -pre { - display: block; - margin-top: 0; - margin-bottom: 1rem; - font-size: 90%; - color: #586e75; } - pre code { - padding: 0; - font-size: inherit; - color: inherit; - background-color: transparent; - border-radius: 0; } - -.pre-scrollable { - max-height: 340px; - overflow-y: scroll; } - -.container { - margin-right: auto; - margin-left: auto; - padding-right: 15px; - padding-left: 15px; - width: 100%; } - @media (min-width: 576px) { - .container { - max-width: 540px; } } - @media (min-width: 768px) { - .container { - max-width: 720px; } } - @media (min-width: 992px) { - .container { - max-width: 960px; } } - @media (min-width: 1200px) { - .container { - max-width: 1140px; } } - -.container-fluid { - width: 100%; - margin-right: auto; - margin-left: auto; - padding-right: 15px; - padding-left: 15px; - width: 100%; } - -.row { - display: flex; - flex-wrap: wrap; - margin-right: -15px; - margin-left: -15px; } - -.no-gutters { - margin-right: 0; - margin-left: 0; } - .no-gutters > .col, - .no-gutters > [class*="col-"] { - padding-right: 0; - padding-left: 0; } - -.col-1, .col-2, .col-3, .col-4, .col-5, .col-6, .col-7, .col-8, .col-9, .col-10, .col-11, .col-12, .col, -.col-auto, .col-sm-1, .col-sm-2, .col-sm-3, .col-sm-4, .col-sm-5, .col-sm-6, .col-sm-7, .col-sm-8, .col-sm-9, .col-sm-10, .col-sm-11, .col-sm-12, .col-sm, -.col-sm-auto, .col-md-1, .col-md-2, .col-md-3, .col-md-4, .col-md-5, .col-md-6, .col-md-7, .col-md-8, .col-md-9, .col-md-10, .col-md-11, .col-md-12, .col-md, -.col-md-auto, .col-lg-1, .col-lg-2, .col-lg-3, .col-lg-4, .col-lg-5, .col-lg-6, .col-lg-7, .col-lg-8, .col-lg-9, .col-lg-10, .col-lg-11, .col-lg-12, .col-lg, -.col-lg-auto, .col-xl-1, .col-xl-2, .col-xl-3, .col-xl-4, .col-xl-5, .col-xl-6, .col-xl-7, .col-xl-8, .col-xl-9, .col-xl-10, .col-xl-11, .col-xl-12, .col-xl, -.col-xl-auto { - position: relative; - width: 100%; - min-height: 1px; - padding-right: 15px; - padding-left: 15px; } - -.col { - flex-basis: 0; - flex-grow: 1; - max-width: 100%; } - -.col-auto { - flex: 0 0 auto; - width: auto; - max-width: none; } - -.col-1 { - flex: 0 0 8.33333%; - max-width: 8.33333%; } - -.col-2 { - flex: 0 0 16.66667%; - max-width: 16.66667%; } - -.col-3 { - flex: 0 0 25%; - max-width: 25%; } - -.col-4 { - flex: 0 0 33.33333%; - max-width: 33.33333%; } - -.col-5 { - flex: 0 0 41.66667%; - max-width: 41.66667%; } - -.col-6 { - flex: 0 0 50%; - max-width: 50%; } - -.col-7 { - flex: 0 0 58.33333%; - max-width: 58.33333%; } - -.col-8 { - flex: 0 0 66.66667%; - max-width: 66.66667%; } - -.col-9 { - flex: 0 0 75%; - max-width: 75%; } - -.col-10 { - flex: 0 0 83.33333%; - max-width: 83.33333%; } - -.col-11 { - flex: 0 0 91.66667%; - max-width: 91.66667%; } - -.col-12 { - flex: 0 0 100%; - max-width: 100%; } - -.order-1 { - order: 1; } - -.order-2 { - order: 2; } - -.order-3 { - order: 3; } - -.order-4 { - order: 4; } - -.order-5 { - order: 5; } - -.order-6 { - order: 6; } - -.order-7 { - order: 7; } - -.order-8 { - order: 8; } - -.order-9 { - order: 9; } - -.order-10 { - order: 10; } - -.order-11 { - order: 11; } - -.order-12 { - order: 12; } - -@media (min-width: 576px) { - .col-sm { - flex-basis: 0; - flex-grow: 1; - max-width: 100%; } - .col-sm-auto { - flex: 0 0 auto; - width: auto; - max-width: none; } - .col-sm-1 { - flex: 0 0 8.33333%; - max-width: 8.33333%; } - .col-sm-2 { - flex: 0 0 16.66667%; - max-width: 16.66667%; } - .col-sm-3 { - flex: 0 0 25%; - max-width: 25%; } - .col-sm-4 { - flex: 0 0 33.33333%; - max-width: 33.33333%; } - .col-sm-5 { - flex: 0 0 41.66667%; - max-width: 41.66667%; } - .col-sm-6 { - flex: 0 0 50%; - max-width: 50%; } - .col-sm-7 { - flex: 0 0 58.33333%; - max-width: 58.33333%; } - .col-sm-8 { - flex: 0 0 66.66667%; - max-width: 66.66667%; } - .col-sm-9 { - flex: 0 0 75%; - max-width: 75%; } - .col-sm-10 { - flex: 0 0 83.33333%; - max-width: 83.33333%; } - .col-sm-11 { - flex: 0 0 91.66667%; - max-width: 91.66667%; } - .col-sm-12 { - flex: 0 0 100%; - max-width: 100%; } - .order-sm-1 { - order: 1; } - .order-sm-2 { - order: 2; } - .order-sm-3 { - order: 3; } - .order-sm-4 { - order: 4; } - .order-sm-5 { - order: 5; } - .order-sm-6 { - order: 6; } - .order-sm-7 { - order: 7; } - .order-sm-8 { - order: 8; } - .order-sm-9 { - order: 9; } - .order-sm-10 { - order: 10; } - .order-sm-11 { - order: 11; } - .order-sm-12 { - order: 12; } } - -@media (min-width: 768px) { - .col-md { - flex-basis: 0; - flex-grow: 1; - max-width: 100%; } - .col-md-auto { - flex: 0 0 auto; - width: auto; - max-width: none; } - .col-md-1 { - flex: 0 0 8.33333%; - max-width: 8.33333%; } - .col-md-2 { - flex: 0 0 16.66667%; - max-width: 16.66667%; } - .col-md-3 { - flex: 0 0 25%; - max-width: 25%; } - .col-md-4 { - flex: 0 0 33.33333%; - max-width: 33.33333%; } - .col-md-5 { - flex: 0 0 41.66667%; - max-width: 41.66667%; } - .col-md-6 { - flex: 0 0 50%; - max-width: 50%; } - .col-md-7 { - flex: 0 0 58.33333%; - max-width: 58.33333%; } - .col-md-8 { - flex: 0 0 66.66667%; - max-width: 66.66667%; } - .col-md-9 { - flex: 0 0 75%; - max-width: 75%; } - .col-md-10 { - flex: 0 0 83.33333%; - max-width: 83.33333%; } - .col-md-11 { - flex: 0 0 91.66667%; - max-width: 91.66667%; } - .col-md-12 { - flex: 0 0 100%; - max-width: 100%; } - .order-md-1 { - order: 1; } - .order-md-2 { - order: 2; } - .order-md-3 { - order: 3; } - .order-md-4 { - order: 4; } - .order-md-5 { - order: 5; } - .order-md-6 { - order: 6; } - .order-md-7 { - order: 7; } - .order-md-8 { - order: 8; } - .order-md-9 { - order: 9; } - .order-md-10 { - order: 10; } - .order-md-11 { - order: 11; } - .order-md-12 { - order: 12; } } - -@media (min-width: 992px) { - .col-lg { - flex-basis: 0; - flex-grow: 1; - max-width: 100%; } - .col-lg-auto { - flex: 0 0 auto; - width: auto; - max-width: none; } - .col-lg-1 { - flex: 0 0 8.33333%; - max-width: 8.33333%; } - .col-lg-2 { - flex: 0 0 16.66667%; - max-width: 16.66667%; } - .col-lg-3 { - flex: 0 0 25%; - max-width: 25%; } - .col-lg-4 { - flex: 0 0 33.33333%; - max-width: 33.33333%; } - .col-lg-5 { - flex: 0 0 41.66667%; - max-width: 41.66667%; } - .col-lg-6 { - flex: 0 0 50%; - max-width: 50%; } - .col-lg-7 { - flex: 0 0 58.33333%; - max-width: 58.33333%; } - .col-lg-8 { - flex: 0 0 66.66667%; - max-width: 66.66667%; } - .col-lg-9 { - flex: 0 0 75%; - max-width: 75%; } - .col-lg-10 { - flex: 0 0 83.33333%; - max-width: 83.33333%; } - .col-lg-11 { - flex: 0 0 91.66667%; - max-width: 91.66667%; } - .col-lg-12 { - flex: 0 0 100%; - max-width: 100%; } - .order-lg-1 { - order: 1; } - .order-lg-2 { - order: 2; } - .order-lg-3 { - order: 3; } - .order-lg-4 { - order: 4; } - .order-lg-5 { - order: 5; } - .order-lg-6 { - order: 6; } - .order-lg-7 { - order: 7; } - .order-lg-8 { - order: 8; } - .order-lg-9 { - order: 9; } - .order-lg-10 { - order: 10; } - .order-lg-11 { - order: 11; } - .order-lg-12 { - order: 12; } } - -@media (min-width: 1200px) { - .col-xl { - flex-basis: 0; - flex-grow: 1; - max-width: 100%; } - .col-xl-auto { - flex: 0 0 auto; - width: auto; - max-width: none; } - .col-xl-1 { - flex: 0 0 8.33333%; - max-width: 8.33333%; } - .col-xl-2 { - flex: 0 0 16.66667%; - max-width: 16.66667%; } - .col-xl-3 { - flex: 0 0 25%; - max-width: 25%; } - .col-xl-4 { - flex: 0 0 33.33333%; - max-width: 33.33333%; } - .col-xl-5 { - flex: 0 0 41.66667%; - max-width: 41.66667%; } - .col-xl-6 { - flex: 0 0 50%; - max-width: 50%; } - .col-xl-7 { - flex: 0 0 58.33333%; - max-width: 58.33333%; } - .col-xl-8 { - flex: 0 0 66.66667%; - max-width: 66.66667%; } - .col-xl-9 { - flex: 0 0 75%; - max-width: 75%; } - .col-xl-10 { - flex: 0 0 83.33333%; - max-width: 83.33333%; } - .col-xl-11 { - flex: 0 0 91.66667%; - max-width: 91.66667%; } - .col-xl-12 { - flex: 0 0 100%; - max-width: 100%; } - .order-xl-1 { - order: 1; } - .order-xl-2 { - order: 2; } - .order-xl-3 { - order: 3; } - .order-xl-4 { - order: 4; } - .order-xl-5 { - order: 5; } - .order-xl-6 { - order: 6; } - .order-xl-7 { - order: 7; } - .order-xl-8 { - order: 8; } - .order-xl-9 { - order: 9; } - .order-xl-10 { - order: 10; } - .order-xl-11 { - order: 11; } - .order-xl-12 { - order: 12; } } - -.table { - width: 100%; - max-width: 100%; - margin-bottom: 1rem; - background-color: transparent; } - .table th, - .table td { - padding: 0.75rem; - vertical-align: top; - border-top: 1px solid #e9ecef; } - .table thead th { - vertical-align: bottom; - border-bottom: 2px solid #e9ecef; } - .table tbody + tbody { - border-top: 2px solid #e9ecef; } - .table .table { - background-color: #fff; } - -.table-sm th, -.table-sm td { - padding: 0.3rem; } - -.table-bordered { - border: 1px solid #e9ecef; } - .table-bordered th, - .table-bordered td { - border: 1px solid #e9ecef; } - .table-bordered thead th, - .table-bordered thead td { - border-bottom-width: 2px; } - -.table-striped tbody tr:nth-of-type(odd) { - background-color: rgba(0, 0, 0, 0.05); } - -.table-hover tbody tr:hover { - background-color: rgba(0, 0, 0, 0.075); } - -.table-primary, -.table-primary > th, -.table-primary > td { - background-color: #c8d6ea; } - -.table-hover .table-primary:hover { - background-color: #b6c8e3; } - .table-hover .table-primary:hover > td, - .table-hover .table-primary:hover > th { - background-color: #b6c8e3; } - -.table-secondary, -.table-secondary > th, -.table-secondary > td { - background-color: #dddfe2; } - -.table-hover .table-secondary:hover { - background-color: #cfd2d6; } - .table-hover .table-secondary:hover > td, - .table-hover .table-secondary:hover > th { - background-color: #cfd2d6; } - -.table-success, -.table-success > th, -.table-success > td { - background-color: #c3e6cb; } - -.table-hover .table-success:hover { - background-color: #b1dfbb; } - .table-hover .table-success:hover > td, - .table-hover .table-success:hover > th { - background-color: #b1dfbb; } - -.table-info, -.table-info > th, -.table-info > td { - background-color: #bee5eb; } - -.table-hover .table-info:hover { - background-color: #abdde5; } - .table-hover .table-info:hover > td, - .table-hover .table-info:hover > th { - background-color: #abdde5; } - -.table-warning, -.table-warning > th, -.table-warning > td { - background-color: #ffeeba; } - -.table-hover .table-warning:hover { - background-color: #ffe8a1; } - .table-hover .table-warning:hover > td, - .table-hover .table-warning:hover > th { - background-color: #ffe8a1; } - -.table-danger, -.table-danger > th, -.table-danger > td { - background-color: #f5c6cb; } - -.table-hover .table-danger:hover { - background-color: #f1b0b7; } - .table-hover .table-danger:hover > td, - .table-hover .table-danger:hover > th { - background-color: #f1b0b7; } - -.table-light, -.table-light > th, -.table-light > td { - background-color: #fdfdfe; } - -.table-hover .table-light:hover { - background-color: #ececf6; } - .table-hover .table-light:hover > td, - .table-hover .table-light:hover > th { - background-color: #ececf6; } - -.table-dark, -.table-dark > th, -.table-dark > td { - background-color: #c6c8ca; } - -.table-hover .table-dark:hover { - background-color: #b9bbbe; } - .table-hover .table-dark:hover > td, - .table-hover .table-dark:hover > th { - background-color: #b9bbbe; } - -.table-active, -.table-active > th, -.table-active > td { - background-color: rgba(0, 0, 0, 0.075); } - -.table-hover .table-active:hover { - background-color: rgba(0, 0, 0, 0.075); } - .table-hover .table-active:hover > td, - .table-hover .table-active:hover > th { - background-color: rgba(0, 0, 0, 0.075); } - -.thead-inverse th { - color: #fff; - background-color: #212529; } - -.thead-default th { - color: #495057; - background-color: #e9ecef; } - -.table-inverse { - color: #fff; - background-color: #212529; } - .table-inverse th, - .table-inverse td, - .table-inverse thead th { - border-color: #32383e; } - .table-inverse.table-bordered { - border: 0; } - .table-inverse.table-striped tbody tr:nth-of-type(odd) { - background-color: rgba(255, 255, 255, 0.05); } - .table-inverse.table-hover tbody tr:hover { - background-color: rgba(255, 255, 255, 0.075); } - -@media (max-width: 991px) { - .table-responsive { - display: block; - width: 100%; - overflow-x: auto; - -ms-overflow-style: -ms-autohiding-scrollbar; } - .table-responsive.table-bordered { - border: 0; } } - -.form-control { - display: block; - width: 100%; - padding: 0.5rem 0.75rem; - font-size: 1rem; - line-height: 1.25; - color: #495057; - background-color: #fff; - background-image: none; - background-clip: padding-box; - border: 1px solid rgba(0, 0, 0, 0.15); - border-radius: 0.25rem; - transition: border-color ease-in-out 0.15s, box-shadow ease-in-out 0.15s; } - .form-control::-ms-expand { - background-color: transparent; - border: 0; } - .form-control:focus { - color: #495057; - background-color: #fff; - border-color: #94b2db; - outline: none; } - .form-control::placeholder { - color: #868e96; - opacity: 1; } - .form-control:disabled, .form-control[readonly] { - background-color: #e9ecef; - opacity: 1; } - -select.form-control:not([size]):not([multiple]) { - height: calc(2.25rem + 2px); } - -select.form-control:focus::-ms-value { - color: #495057; - background-color: #fff; } - -.form-control-file, -.form-control-range { - display: block; } - -.col-form-label { - padding-top: calc(0.5rem - 1px * 2); - padding-bottom: calc(0.5rem - 1px * 2); - margin-bottom: 0; } - -.col-form-label-lg { - padding-top: calc(0.5rem - 1px * 2); - padding-bottom: calc(0.5rem - 1px * 2); - font-size: 1.25rem; } - -.col-form-label-sm { - padding-top: calc(0.25rem - 1px * 2); - padding-bottom: calc(0.25rem - 1px * 2); - font-size: 0.875rem; } - -.col-form-legend { - padding-top: 0.5rem; - padding-bottom: 0.5rem; - margin-bottom: 0; - font-size: 1rem; } - -.form-control-plaintext { - padding-top: 0.5rem; - padding-bottom: 0.5rem; - margin-bottom: 0; - line-height: 1.25; - border: solid transparent; - border-width: 1px 0; } - .form-control-plaintext.form-control-sm, .input-group-sm > .form-control-plaintext.form-control, - .input-group-sm > .form-control-plaintext.input-group-addon, - .input-group-sm > .input-group-btn > .form-control-plaintext.btn, .form-control-plaintext.form-control-lg, .input-group-lg > .form-control-plaintext.form-control, - .input-group-lg > .form-control-plaintext.input-group-addon, - .input-group-lg > .input-group-btn > .form-control-plaintext.btn { - padding-right: 0; - padding-left: 0; } - -.form-control-sm, .input-group-sm > .form-control, -.input-group-sm > .input-group-addon, -.input-group-sm > .input-group-btn > .btn { - padding: 0.25rem 0.5rem; - font-size: 0.875rem; - line-height: 1.5; - border-radius: 0.2rem; } - -select.form-control-sm:not([size]):not([multiple]), .input-group-sm > select.form-control:not([size]):not([multiple]), -.input-group-sm > select.input-group-addon:not([size]):not([multiple]), -.input-group-sm > .input-group-btn > select.btn:not([size]):not([multiple]) { - height: calc(1.8125rem + 2px); } - -.form-control-lg, .input-group-lg > .form-control, -.input-group-lg > .input-group-addon, -.input-group-lg > .input-group-btn > .btn { - padding: 0.5rem 1rem; - font-size: 1.25rem; - line-height: 1.5; - border-radius: 0.3rem; } - -select.form-control-lg:not([size]):not([multiple]), .input-group-lg > select.form-control:not([size]):not([multiple]), -.input-group-lg > select.input-group-addon:not([size]):not([multiple]), -.input-group-lg > .input-group-btn > select.btn:not([size]):not([multiple]) { - height: calc(2.3125rem + 2px); } - -.form-group { - margin-bottom: 1rem; } - -.form-text { - display: block; - margin-top: 0.25rem; } - -.form-row { - display: flex; - flex-wrap: wrap; - margin-right: -5px; - margin-left: -5px; } - .form-row > .col, - .form-row > [class*="col-"] { - padding-right: 5px; - padding-left: 5px; } - -.form-check { - position: relative; - display: block; - margin-bottom: 0.5rem; } - .form-check.disabled .form-check-label { - color: #868e96; } - -.form-check-label { - padding-left: 1.25rem; - margin-bottom: 0; } - -.form-check-input { - position: absolute; - margin-top: 0.25rem; - margin-left: -1.25rem; } - .form-check-input:only-child { - position: static; } - -.form-check-inline { - display: inline-block; } - .form-check-inline .form-check-label { - vertical-align: middle; } - .form-check-inline + .form-check-inline { - margin-left: 0.75rem; } - -.invalid-feedback { - display: none; - margin-top: .25rem; - font-size: .875rem; - color: #dc3545; } - -.invalid-tooltip { - position: absolute; - top: 100%; - z-index: 5; - display: none; - width: 250px; - padding: .5rem; - margin-top: .1rem; - font-size: .875rem; - line-height: 1; - color: #fff; - background-color: rgba(220, 53, 69, 0.8); - border-radius: .2rem; } - -.was-validated .form-control:valid, .form-control.is-valid, .was-validated -.custom-select:valid, -.custom-select.is-valid { - border-color: #28a745; } - .was-validated .form-control:valid:focus, .form-control.is-valid:focus, .was-validated - .custom-select:valid:focus, - .custom-select.is-valid:focus { - box-shadow: 0 0 0 0.2rem rgba(40, 167, 69, 0.25); } - .was-validated .form-control:valid ~ .invalid-feedback, - .was-validated .form-control:valid ~ .invalid-tooltip, .form-control.is-valid ~ .invalid-feedback, - .form-control.is-valid ~ .invalid-tooltip, .was-validated - .custom-select:valid ~ .invalid-feedback, - .was-validated - .custom-select:valid ~ .invalid-tooltip, - .custom-select.is-valid ~ .invalid-feedback, - .custom-select.is-valid ~ .invalid-tooltip { - display: block; } - -.was-validated .form-check-input:valid + .form-check-label, .form-check-input.is-valid + .form-check-label { - color: #28a745; } - -.was-validated .custom-control-input:valid ~ .custom-control-indicator, .custom-control-input.is-valid ~ .custom-control-indicator { - background-color: rgba(40, 167, 69, 0.25); } - -.was-validated .custom-control-input:valid ~ .custom-control-description, .custom-control-input.is-valid ~ .custom-control-description { - color: #28a745; } - -.was-validated .custom-file-input:valid ~ .custom-file-control, .custom-file-input.is-valid ~ .custom-file-control { - border-color: #28a745; } - .was-validated .custom-file-input:valid ~ .custom-file-control::before, .custom-file-input.is-valid ~ .custom-file-control::before { - border-color: inherit; } - -.was-validated .custom-file-input:valid:focus, .custom-file-input.is-valid:focus { - box-shadow: 0 0 0 0.2rem rgba(40, 167, 69, 0.25); } - -.was-validated .form-control:invalid, .form-control.is-invalid, .was-validated -.custom-select:invalid, -.custom-select.is-invalid { - border-color: #dc3545; } - .was-validated .form-control:invalid:focus, .form-control.is-invalid:focus, .was-validated - .custom-select:invalid:focus, - .custom-select.is-invalid:focus { - box-shadow: 0 0 0 0.2rem rgba(220, 53, 69, 0.25); } - .was-validated .form-control:invalid ~ .invalid-feedback, - .was-validated .form-control:invalid ~ .invalid-tooltip, .form-control.is-invalid ~ .invalid-feedback, - .form-control.is-invalid ~ .invalid-tooltip, .was-validated - .custom-select:invalid ~ .invalid-feedback, - .was-validated - .custom-select:invalid ~ .invalid-tooltip, - .custom-select.is-invalid ~ .invalid-feedback, - .custom-select.is-invalid ~ .invalid-tooltip { - display: block; } - -.was-validated .form-check-input:invalid + .form-check-label, .form-check-input.is-invalid + .form-check-label { - color: #dc3545; } - -.was-validated .custom-control-input:invalid ~ .custom-control-indicator, .custom-control-input.is-invalid ~ .custom-control-indicator { - background-color: rgba(220, 53, 69, 0.25); } - -.was-validated .custom-control-input:invalid ~ .custom-control-description, .custom-control-input.is-invalid ~ .custom-control-description { - color: #dc3545; } - -.was-validated .custom-file-input:invalid ~ .custom-file-control, .custom-file-input.is-invalid ~ .custom-file-control { - border-color: #dc3545; } - .was-validated .custom-file-input:invalid ~ .custom-file-control::before, .custom-file-input.is-invalid ~ .custom-file-control::before { - border-color: inherit; } - -.was-validated .custom-file-input:invalid:focus, .custom-file-input.is-invalid:focus { - box-shadow: 0 0 0 0.2rem rgba(220, 53, 69, 0.25); } - -.form-inline { - display: flex; - flex-flow: row wrap; - align-items: center; } - .form-inline .form-check { - width: 100%; } - @media (min-width: 576px) { - .form-inline label { - display: flex; - align-items: center; - justify-content: center; - margin-bottom: 0; } - .form-inline .form-group { - display: flex; - flex: 0 0 auto; - flex-flow: row wrap; - align-items: center; - margin-bottom: 0; } - .form-inline .form-control { - display: inline-block; - width: auto; - vertical-align: middle; } - .form-inline .form-control-plaintext { - display: inline-block; } - .form-inline .input-group { - width: auto; } - .form-inline .form-control-label { - margin-bottom: 0; - vertical-align: middle; } - .form-inline .form-check { - display: flex; - align-items: center; - justify-content: center; - width: auto; - margin-top: 0; - margin-bottom: 0; } - .form-inline .form-check-label { - padding-left: 0; } - .form-inline .form-check-input { - position: relative; - margin-top: 0; - margin-right: 0.25rem; - margin-left: 0; } - .form-inline .custom-control { - display: flex; - align-items: center; - justify-content: center; - padding-left: 0; } - .form-inline .custom-control-indicator { - position: static; - display: inline-block; - margin-right: 0.25rem; - vertical-align: text-bottom; } - .form-inline .has-feedback .form-control-feedback { - top: 0; } } - -.btn { - display: inline-block; - font-weight: normal; - text-align: center; - white-space: nowrap; - vertical-align: middle; - user-select: none; - border: 1px solid transparent; - padding: 0.5rem 0.75rem; - font-size: 1rem; - line-height: 1.25; - border-radius: 0.25rem; - transition: all 0.15s ease-in-out; } - .btn:focus, .btn:hover { - text-decoration: none; } - .btn:focus, .btn.focus { - outline: 0; - box-shadow: 0 0 0 3px rgba(60, 110, 180, 0.25); } - .btn.disabled, .btn:disabled { - opacity: .65; } - .btn:active, .btn.active { - background-image: none; } - -a.btn.disabled, -fieldset[disabled] a.btn { - pointer-events: none; } - -.btn-primary { - color: #fff; - background-color: #3c6eb4; - border-color: #3c6eb4; } - .btn-primary:hover { - color: #fff; - background-color: #325c97; - border-color: #2f578e; } - .btn-primary:focus, .btn-primary.focus { - box-shadow: 0 0 0 3px rgba(60, 110, 180, 0.5); } - .btn-primary.disabled, .btn-primary:disabled { - background-color: #3c6eb4; - border-color: #3c6eb4; } - .btn-primary:active, .btn-primary.active, - .show > .btn-primary.dropdown-toggle { - background-color: #325c97; - background-image: none; - border-color: #2f578e; } - -.btn-secondary { - color: #fff; - background-color: #868e96; - border-color: #868e96; } - .btn-secondary:hover { - color: #fff; - background-color: #727b84; - border-color: #6c757d; } - .btn-secondary:focus, .btn-secondary.focus { - box-shadow: 0 0 0 3px rgba(134, 142, 150, 0.5); } - .btn-secondary.disabled, .btn-secondary:disabled { - background-color: #868e96; - border-color: #868e96; } - .btn-secondary:active, .btn-secondary.active, - .show > .btn-secondary.dropdown-toggle { - background-color: #727b84; - background-image: none; - border-color: #6c757d; } - -.btn-success { - color: #fff; - background-color: #28a745; - border-color: #28a745; } - .btn-success:hover { - color: #fff; - background-color: #218838; - border-color: #1e7e34; } - .btn-success:focus, .btn-success.focus { - box-shadow: 0 0 0 3px rgba(40, 167, 69, 0.5); } - .btn-success.disabled, .btn-success:disabled { - background-color: #28a745; - border-color: #28a745; } - .btn-success:active, .btn-success.active, - .show > .btn-success.dropdown-toggle { - background-color: #218838; - background-image: none; - border-color: #1e7e34; } - -.btn-info { - color: #fff; - background-color: #17a2b8; - border-color: #17a2b8; } - .btn-info:hover { - color: #fff; - background-color: #138496; - border-color: #117a8b; } - .btn-info:focus, .btn-info.focus { - box-shadow: 0 0 0 3px rgba(23, 162, 184, 0.5); } - .btn-info.disabled, .btn-info:disabled { - background-color: #17a2b8; - border-color: #17a2b8; } - .btn-info:active, .btn-info.active, - .show > .btn-info.dropdown-toggle { - background-color: #138496; - background-image: none; - border-color: #117a8b; } - -.btn-warning { - color: #111; - background-color: #ffc107; - border-color: #ffc107; } - .btn-warning:hover { - color: #111; - background-color: #e0a800; - border-color: #d39e00; } - .btn-warning:focus, .btn-warning.focus { - box-shadow: 0 0 0 3px rgba(255, 193, 7, 0.5); } - .btn-warning.disabled, .btn-warning:disabled { - background-color: #ffc107; - border-color: #ffc107; } - .btn-warning:active, .btn-warning.active, - .show > .btn-warning.dropdown-toggle { - background-color: #e0a800; - background-image: none; - border-color: #d39e00; } - -.btn-danger { - color: #fff; - background-color: #dc3545; - border-color: #dc3545; } - .btn-danger:hover { - color: #fff; - background-color: #c82333; - border-color: #bd2130; } - .btn-danger:focus, .btn-danger.focus { - box-shadow: 0 0 0 3px rgba(220, 53, 69, 0.5); } - .btn-danger.disabled, .btn-danger:disabled { - background-color: #dc3545; - border-color: #dc3545; } - .btn-danger:active, .btn-danger.active, - .show > .btn-danger.dropdown-toggle { - background-color: #c82333; - background-image: none; - border-color: #bd2130; } - -.btn-light { - color: #111; - background-color: #f8f9fa; - border-color: #f8f9fa; } - .btn-light:hover { - color: #111; - background-color: #e2e6ea; - border-color: #dae0e5; } - .btn-light:focus, .btn-light.focus { - box-shadow: 0 0 0 3px rgba(248, 249, 250, 0.5); } - .btn-light.disabled, .btn-light:disabled { - background-color: #f8f9fa; - border-color: #f8f9fa; } - .btn-light:active, .btn-light.active, - .show > .btn-light.dropdown-toggle { - background-color: #e2e6ea; - background-image: none; - border-color: #dae0e5; } - -.btn-dark { - color: #fff; - background-color: #343a40; - border-color: #343a40; } - .btn-dark:hover { - color: #fff; - background-color: #23272b; - border-color: #1d2124; } - .btn-dark:focus, .btn-dark.focus { - box-shadow: 0 0 0 3px rgba(52, 58, 64, 0.5); } - .btn-dark.disabled, .btn-dark:disabled { - background-color: #343a40; - border-color: #343a40; } - .btn-dark:active, .btn-dark.active, - .show > .btn-dark.dropdown-toggle { - background-color: #23272b; - background-image: none; - border-color: #1d2124; } - -.btn-outline-primary { - color: #3c6eb4; - background-color: transparent; - background-image: none; - border-color: #3c6eb4; } - .btn-outline-primary:hover { - color: #fff; - background-color: #3c6eb4; - border-color: #3c6eb4; } - .btn-outline-primary:focus, .btn-outline-primary.focus { - box-shadow: 0 0 0 3px rgba(60, 110, 180, 0.5); } - .btn-outline-primary.disabled, .btn-outline-primary:disabled { - color: #3c6eb4; - background-color: transparent; } - .btn-outline-primary:active, .btn-outline-primary.active, - .show > .btn-outline-primary.dropdown-toggle { - color: #fff; - background-color: #3c6eb4; - border-color: #3c6eb4; } - -.btn-outline-secondary { - color: #868e96; - background-color: transparent; - background-image: none; - border-color: #868e96; } - .btn-outline-secondary:hover { - color: #fff; - background-color: #868e96; - border-color: #868e96; } - .btn-outline-secondary:focus, .btn-outline-secondary.focus { - box-shadow: 0 0 0 3px rgba(134, 142, 150, 0.5); } - .btn-outline-secondary.disabled, .btn-outline-secondary:disabled { - color: #868e96; - background-color: transparent; } - .btn-outline-secondary:active, .btn-outline-secondary.active, - .show > .btn-outline-secondary.dropdown-toggle { - color: #fff; - background-color: #868e96; - border-color: #868e96; } - -.btn-outline-success { - color: #28a745; - background-color: transparent; - background-image: none; - border-color: #28a745; } - .btn-outline-success:hover { - color: #fff; - background-color: #28a745; - border-color: #28a745; } - .btn-outline-success:focus, .btn-outline-success.focus { - box-shadow: 0 0 0 3px rgba(40, 167, 69, 0.5); } - .btn-outline-success.disabled, .btn-outline-success:disabled { - color: #28a745; - background-color: transparent; } - .btn-outline-success:active, .btn-outline-success.active, - .show > .btn-outline-success.dropdown-toggle { - color: #fff; - background-color: #28a745; - border-color: #28a745; } - -.btn-outline-info { - color: #17a2b8; - background-color: transparent; - background-image: none; - border-color: #17a2b8; } - .btn-outline-info:hover { - color: #fff; - background-color: #17a2b8; - border-color: #17a2b8; } - .btn-outline-info:focus, .btn-outline-info.focus { - box-shadow: 0 0 0 3px rgba(23, 162, 184, 0.5); } - .btn-outline-info.disabled, .btn-outline-info:disabled { - color: #17a2b8; - background-color: transparent; } - .btn-outline-info:active, .btn-outline-info.active, - .show > .btn-outline-info.dropdown-toggle { - color: #fff; - background-color: #17a2b8; - border-color: #17a2b8; } - -.btn-outline-warning { - color: #ffc107; - background-color: transparent; - background-image: none; - border-color: #ffc107; } - .btn-outline-warning:hover { - color: #fff; - background-color: #ffc107; - border-color: #ffc107; } - .btn-outline-warning:focus, .btn-outline-warning.focus { - box-shadow: 0 0 0 3px rgba(255, 193, 7, 0.5); } - .btn-outline-warning.disabled, .btn-outline-warning:disabled { - color: #ffc107; - background-color: transparent; } - .btn-outline-warning:active, .btn-outline-warning.active, - .show > .btn-outline-warning.dropdown-toggle { - color: #fff; - background-color: #ffc107; - border-color: #ffc107; } - -.btn-outline-danger { - color: #dc3545; - background-color: transparent; - background-image: none; - border-color: #dc3545; } - .btn-outline-danger:hover { - color: #fff; - background-color: #dc3545; - border-color: #dc3545; } - .btn-outline-danger:focus, .btn-outline-danger.focus { - box-shadow: 0 0 0 3px rgba(220, 53, 69, 0.5); } - .btn-outline-danger.disabled, .btn-outline-danger:disabled { - color: #dc3545; - background-color: transparent; } - .btn-outline-danger:active, .btn-outline-danger.active, - .show > .btn-outline-danger.dropdown-toggle { - color: #fff; - background-color: #dc3545; - border-color: #dc3545; } - -.btn-outline-light { - color: #f8f9fa; - background-color: transparent; - background-image: none; - border-color: #f8f9fa; } - .btn-outline-light:hover { - color: #fff; - background-color: #f8f9fa; - border-color: #f8f9fa; } - .btn-outline-light:focus, .btn-outline-light.focus { - box-shadow: 0 0 0 3px rgba(248, 249, 250, 0.5); } - .btn-outline-light.disabled, .btn-outline-light:disabled { - color: #f8f9fa; - background-color: transparent; } - .btn-outline-light:active, .btn-outline-light.active, - .show > .btn-outline-light.dropdown-toggle { - color: #fff; - background-color: #f8f9fa; - border-color: #f8f9fa; } - -.btn-outline-dark { - color: #343a40; - background-color: transparent; - background-image: none; - border-color: #343a40; } - .btn-outline-dark:hover { - color: #fff; - background-color: #343a40; - border-color: #343a40; } - .btn-outline-dark:focus, .btn-outline-dark.focus { - box-shadow: 0 0 0 3px rgba(52, 58, 64, 0.5); } - .btn-outline-dark.disabled, .btn-outline-dark:disabled { - color: #343a40; - background-color: transparent; } - .btn-outline-dark:active, .btn-outline-dark.active, - .show > .btn-outline-dark.dropdown-toggle { - color: #fff; - background-color: #343a40; - border-color: #343a40; } - -.btn-link { - font-weight: normal; - color: #3c6eb4; - border-radius: 0; } - .btn-link, .btn-link:active, .btn-link.active, .btn-link:disabled { - background-color: transparent; } - .btn-link, .btn-link:focus, .btn-link:active { - border-color: transparent; - box-shadow: none; } - .btn-link:hover { - border-color: transparent; } - .btn-link:focus, .btn-link:hover { - color: #294b7b; - text-decoration: underline; - background-color: transparent; } - .btn-link:disabled { - color: #868e96; } - .btn-link:disabled:focus, .btn-link:disabled:hover { - text-decoration: none; } - -.btn-lg, .btn-group-lg > .btn { - padding: 0.5rem 1rem; - font-size: 1.25rem; - line-height: 1.5; - border-radius: 0.3rem; } - -.btn-sm, .btn-group-sm > .btn { - padding: 0.25rem 0.5rem; - font-size: 0.875rem; - line-height: 1.5; - border-radius: 0.2rem; } - -.btn-block { - display: block; - width: 100%; } - -.btn-block + .btn-block { - margin-top: 0.5rem; } - -input[type="submit"].btn-block, -input[type="reset"].btn-block, -input[type="button"].btn-block { - width: 100%; } - -.fade { - opacity: 0; - transition: opacity 0.15s linear; } - .fade.show { - opacity: 1; } - -.collapse { - display: none; } - .collapse.show { - display: block; } - -tr.collapse.show { - display: table-row; } - -tbody.collapse.show { - display: table-row-group; } - -.collapsing { - position: relative; - height: 0; - overflow: hidden; - transition: height 0.35s ease; } - -.dropup, -.dropdown { - position: relative; } - -.dropdown-toggle::after { - display: inline-block; - width: 0; - height: 0; - margin-left: 0.255em; - vertical-align: 0.255em; - content: ""; - border-top: 0.3em solid; - border-right: 0.3em solid transparent; - border-left: 0.3em solid transparent; } - -.dropdown-toggle:empty::after { - margin-left: 0; } - -.dropup .dropdown-menu { - margin-top: 0; - margin-bottom: 0.125rem; } - -.dropup .dropdown-toggle::after { - border-top: 0; - border-bottom: 0.3em solid; } - -.dropdown-menu { - position: absolute; - top: 100%; - left: 0; - z-index: 1000; - display: none; - float: left; - min-width: 10rem; - padding: 0.5rem 0; - margin: 0.125rem 0 0; - font-size: 1rem; - color: #212529; - text-align: left; - list-style: none; - background-color: #fff; - background-clip: padding-box; - border: 1px solid rgba(0, 0, 0, 0.15); - border-radius: 0.25rem; } - -.dropdown-divider { - height: 0; - margin: 0.5rem 0; - overflow: hidden; - border-top: 1px solid #e9ecef; } - -.dropdown-item { - display: block; - width: 100%; - padding: 0.25rem 1.5rem; - clear: both; - font-weight: normal; - color: #212529; - text-align: inherit; - white-space: nowrap; - background: none; - border: 0; } - .dropdown-item:focus, .dropdown-item:hover { - color: #16181b; - text-decoration: none; - background-color: #f8f9fa; } - .dropdown-item.active, .dropdown-item:active { - color: #fff; - text-decoration: none; - background-color: #3c6eb4; } - .dropdown-item.disabled, .dropdown-item:disabled { - color: #868e96; - background-color: transparent; } - -.show > a { - outline: 0; } - -.dropdown-menu.show { - display: block; } - -.dropdown-header { - display: block; - padding: 0.5rem 1.5rem; - margin-bottom: 0; - font-size: 0.875rem; - color: #868e96; - white-space: nowrap; } - -.btn-group, -.btn-group-vertical { - position: relative; - display: inline-flex; - vertical-align: middle; } - .btn-group > .btn, - .btn-group-vertical > .btn { - position: relative; - flex: 0 1 auto; - margin-bottom: 0; } - .btn-group > .btn:hover, - .btn-group-vertical > .btn:hover { - z-index: 2; } - .btn-group > .btn:focus, .btn-group > .btn:active, .btn-group > .btn.active, - .btn-group-vertical > .btn:focus, - .btn-group-vertical > .btn:active, - .btn-group-vertical > .btn.active { - z-index: 2; } - .btn-group .btn + .btn, - .btn-group .btn + .btn-group, - .btn-group .btn-group + .btn, - .btn-group .btn-group + .btn-group, - .btn-group-vertical .btn + .btn, - .btn-group-vertical .btn + .btn-group, - .btn-group-vertical .btn-group + .btn, - .btn-group-vertical .btn-group + .btn-group { - margin-left: -1px; } - -.btn-toolbar { - display: flex; - flex-wrap: wrap; - justify-content: flex-start; } - .btn-toolbar .input-group { - width: auto; } - -.btn-group > .btn:not(:first-child):not(:last-child):not(.dropdown-toggle) { - border-radius: 0; } - -.btn-group > .btn:first-child { - margin-left: 0; } - .btn-group > .btn:first-child:not(:last-child):not(.dropdown-toggle) { - border-top-right-radius: 0; - border-bottom-right-radius: 0; } - -.btn-group > .btn:last-child:not(:first-child), -.btn-group > .dropdown-toggle:not(:first-child) { - border-top-left-radius: 0; - border-bottom-left-radius: 0; } - -.btn-group > .btn-group { - float: left; } - -.btn-group > .btn-group:not(:first-child):not(:last-child) > .btn { - border-radius: 0; } - -.btn-group > .btn-group:first-child:not(:last-child) > .btn:last-child, -.btn-group > .btn-group:first-child:not(:last-child) > .dropdown-toggle { - border-top-right-radius: 0; - border-bottom-right-radius: 0; } - -.btn-group > .btn-group:last-child:not(:first-child) > .btn:first-child { - border-top-left-radius: 0; - border-bottom-left-radius: 0; } - -.btn + .dropdown-toggle-split { - padding-right: 0.5625rem; - padding-left: 0.5625rem; } - .btn + .dropdown-toggle-split::after { - margin-left: 0; } - -.btn-sm + .dropdown-toggle-split, .btn-group-sm > .btn + .dropdown-toggle-split { - padding-right: 0.375rem; - padding-left: 0.375rem; } - -.btn-lg + .dropdown-toggle-split, .btn-group-lg > .btn + .dropdown-toggle-split { - padding-right: 0.75rem; - padding-left: 0.75rem; } - -.btn-group-vertical { - display: inline-flex; - flex-direction: column; - align-items: flex-start; - justify-content: center; } - .btn-group-vertical .btn, - .btn-group-vertical .btn-group { - width: 100%; } - .btn-group-vertical > .btn + .btn, - .btn-group-vertical > .btn + .btn-group, - .btn-group-vertical > .btn-group + .btn, - .btn-group-vertical > .btn-group + .btn-group { - margin-top: -1px; - margin-left: 0; } - -.btn-group-vertical > .btn:not(:first-child):not(:last-child) { - border-radius: 0; } - -.btn-group-vertical > .btn:first-child:not(:last-child) { - border-bottom-right-radius: 0; - border-bottom-left-radius: 0; } - -.btn-group-vertical > .btn:last-child:not(:first-child) { - border-top-left-radius: 0; - border-top-right-radius: 0; } - -.btn-group-vertical > .btn-group:not(:first-child):not(:last-child) > .btn { - border-radius: 0; } - -.btn-group-vertical > .btn-group:first-child:not(:last-child) > .btn:last-child, -.btn-group-vertical > .btn-group:first-child:not(:last-child) > .dropdown-toggle { - border-bottom-right-radius: 0; - border-bottom-left-radius: 0; } - -.btn-group-vertical > .btn-group:last-child:not(:first-child) > .btn:first-child { - border-top-left-radius: 0; - border-top-right-radius: 0; } - -[data-toggle="buttons"] > .btn input[type="radio"], -[data-toggle="buttons"] > .btn input[type="checkbox"], -[data-toggle="buttons"] > .btn-group > .btn input[type="radio"], -[data-toggle="buttons"] > .btn-group > .btn input[type="checkbox"] { - position: absolute; - clip: rect(0, 0, 0, 0); - pointer-events: none; } - -.input-group { - position: relative; - display: flex; - width: 100%; } - .input-group .form-control { - position: relative; - z-index: 2; - flex: 1 1 auto; - width: 1%; - margin-bottom: 0; } - .input-group .form-control:focus, .input-group .form-control:active, .input-group .form-control:hover { - z-index: 3; } - -.input-group-addon, -.input-group-btn, -.input-group .form-control { - display: flex; - align-items: center; } - .input-group-addon:not(:first-child):not(:last-child), - .input-group-btn:not(:first-child):not(:last-child), - .input-group .form-control:not(:first-child):not(:last-child) { - border-radius: 0; } - -.input-group-addon, -.input-group-btn { - white-space: nowrap; - vertical-align: middle; } - -.input-group-addon { - padding: 0.5rem 0.75rem; - margin-bottom: 0; - font-size: 1rem; - font-weight: normal; - line-height: 1.25; - color: #495057; - text-align: center; - background-color: #e9ecef; - border: 1px solid rgba(0, 0, 0, 0.15); - border-radius: 0.25rem; } - .input-group-addon.form-control-sm, - .input-group-sm > .input-group-addon, - .input-group-sm > .input-group-btn > .input-group-addon.btn { - padding: 0.25rem 0.5rem; - font-size: 0.875rem; - border-radius: 0.2rem; } - .input-group-addon.form-control-lg, - .input-group-lg > .input-group-addon, - .input-group-lg > .input-group-btn > .input-group-addon.btn { - padding: 0.5rem 1rem; - font-size: 1.25rem; - border-radius: 0.3rem; } - .input-group-addon input[type="radio"], - .input-group-addon input[type="checkbox"] { - margin-top: 0; } - -.input-group .form-control:not(:last-child), -.input-group-addon:not(:last-child), -.input-group-btn:not(:last-child) > .btn, -.input-group-btn:not(:last-child) > .btn-group > .btn, -.input-group-btn:not(:last-child) > .dropdown-toggle, -.input-group-btn:not(:first-child) > .btn:not(:last-child):not(.dropdown-toggle), -.input-group-btn:not(:first-child) > .btn-group:not(:last-child) > .btn { - border-top-right-radius: 0; - border-bottom-right-radius: 0; } - -.input-group-addon:not(:last-child) { - border-right: 0; } - -.input-group .form-control:not(:first-child), -.input-group-addon:not(:first-child), -.input-group-btn:not(:first-child) > .btn, -.input-group-btn:not(:first-child) > .btn-group > .btn, -.input-group-btn:not(:first-child) > .dropdown-toggle, -.input-group-btn:not(:last-child) > .btn:not(:first-child), -.input-group-btn:not(:last-child) > .btn-group:not(:first-child) > .btn { - border-top-left-radius: 0; - border-bottom-left-radius: 0; } - -.form-control + .input-group-addon:not(:first-child) { - border-left: 0; } - -.input-group-btn { - position: relative; - font-size: 0; - white-space: nowrap; } - .input-group-btn > .btn { - position: relative; } - .input-group-btn > .btn + .btn { - margin-left: -1px; } - .input-group-btn > .btn:focus, .input-group-btn > .btn:active, .input-group-btn > .btn:hover { - z-index: 3; } - .input-group-btn:not(:last-child) > .btn, - .input-group-btn:not(:last-child) > .btn-group { - margin-right: -1px; } - .input-group-btn:not(:first-child) > .btn, - .input-group-btn:not(:first-child) > .btn-group { - z-index: 2; - margin-left: -1px; } - .input-group-btn:not(:first-child) > .btn:focus, .input-group-btn:not(:first-child) > .btn:active, .input-group-btn:not(:first-child) > .btn:hover, - .input-group-btn:not(:first-child) > .btn-group:focus, - .input-group-btn:not(:first-child) > .btn-group:active, - .input-group-btn:not(:first-child) > .btn-group:hover { - z-index: 3; } - -.custom-control { - position: relative; - display: inline-flex; - min-height: 1.5rem; - padding-left: 1.5rem; - margin-right: 1rem; } - -.custom-control-input { - position: absolute; - z-index: -1; - opacity: 0; } - .custom-control-input:checked ~ .custom-control-indicator { - color: #fff; - background-color: #3c6eb4; } - .custom-control-input:focus ~ .custom-control-indicator { - box-shadow: 0 0 0 1px #fff, 0 0 0 3px #3c6eb4; } - .custom-control-input:active ~ .custom-control-indicator { - color: #fff; - background-color: #bacde8; } - .custom-control-input:disabled ~ .custom-control-indicator { - background-color: #e9ecef; } - .custom-control-input:disabled ~ .custom-control-description { - color: #868e96; } - -.custom-control-indicator { - position: absolute; - top: 0.25rem; - left: 0; - display: block; - width: 1rem; - height: 1rem; - pointer-events: none; - user-select: none; - background-color: #ddd; - background-repeat: no-repeat; - background-position: center center; - background-size: 50% 50%; } - -.custom-checkbox .custom-control-indicator { - border-radius: 0.25rem; } - -.custom-checkbox .custom-control-input:checked ~ .custom-control-indicator { - background-image: url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 8 8'%3E%3Cpath fill='%23fff' d='M6.564.75l-3.59 3.612-1.538-1.55L0 4.26 2.974 7.25 8 2.193z'/%3E%3C/svg%3E"); } - -.custom-checkbox .custom-control-input:indeterminate ~ .custom-control-indicator { - background-color: #3c6eb4; - background-image: url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 4 4'%3E%3Cpath stroke='%23fff' d='M0 2h4'/%3E%3C/svg%3E"); } - -.custom-radio .custom-control-indicator { - border-radius: 50%; } - -.custom-radio .custom-control-input:checked ~ .custom-control-indicator { - background-image: url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='-4 -4 8 8'%3E%3Ccircle r='3' fill='%23fff'/%3E%3C/svg%3E"); } - -.custom-controls-stacked { - display: flex; - flex-direction: column; } - .custom-controls-stacked .custom-control { - margin-bottom: 0.25rem; } - .custom-controls-stacked .custom-control + .custom-control { - margin-left: 0; } - -.custom-select { - display: inline-block; - max-width: 100%; - height: calc(2.25rem + 2px); - padding: 0.375rem 1.75rem 0.375rem 0.75rem; - line-height: 1.25; - color: #495057; - vertical-align: middle; - background: #fff url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 4 5'%3E%3Cpath fill='%23333' d='M2 0L0 2h4zm0 5L0 3h4z'/%3E%3C/svg%3E") no-repeat right 0.75rem center; - background-size: 8px 10px; - border: 1px solid rgba(0, 0, 0, 0.15); - border-radius: 0.25rem; - appearance: none; } - .custom-select:focus { - border-color: #94b2db; - outline: none; } - .custom-select:focus::-ms-value { - color: #495057; - background-color: #fff; } - .custom-select:disabled { - color: #868e96; - background-color: #e9ecef; } - .custom-select::-ms-expand { - opacity: 0; } - -.custom-select-sm { - height: calc(1.8125rem + 2px); - padding-top: 0.375rem; - padding-bottom: 0.375rem; - font-size: 75%; } - -.custom-file { - position: relative; - display: inline-block; - max-width: 100%; - height: 2.5rem; - margin-bottom: 0; } - -.custom-file-input { - min-width: 14rem; - max-width: 100%; - height: 2.5rem; - margin: 0; - opacity: 0; } - -.custom-file-control { - position: absolute; - top: 0; - right: 0; - left: 0; - z-index: 5; - height: 2.5rem; - padding: 0.5rem 1rem; - line-height: 1.5; - color: #495057; - pointer-events: none; - user-select: none; - background-color: #fff; - border: 1px solid rgba(0, 0, 0, 0.15); - border-radius: 0.25rem; } - .custom-file-control:lang(en):empty::after { - content: "Choose file..."; } - .custom-file-control::before { - position: absolute; - top: -1px; - right: -1px; - bottom: -1px; - z-index: 6; - display: block; - height: 2.5rem; - padding: 0.5rem 1rem; - line-height: 1.5; - color: #495057; - background-color: #e9ecef; - border: 1px solid rgba(0, 0, 0, 0.15); - border-radius: 0 0.25rem 0.25rem 0; } - .custom-file-control:lang(en)::before { - content: "Browse"; } - -.nav { - display: flex; - flex-wrap: wrap; - padding-left: 0; - margin-bottom: 0; - list-style: none; } - -.nav-link { - display: block; - padding: 0.5rem 1rem; } - .nav-link:focus, .nav-link:hover { - text-decoration: none; } - .nav-link.disabled { - color: #868e96; } - -.nav-tabs { - border-bottom: 1px solid #ddd; } - .nav-tabs .nav-item { - margin-bottom: -1px; } - .nav-tabs .nav-link { - border: 1px solid transparent; - border-top-left-radius: 0.25rem; - border-top-right-radius: 0.25rem; } - .nav-tabs .nav-link:focus, .nav-tabs .nav-link:hover { - border-color: #e9ecef #e9ecef #ddd; } - .nav-tabs .nav-link.disabled { - color: #868e96; - background-color: transparent; - border-color: transparent; } - .nav-tabs .nav-link.active, - .nav-tabs .nav-item.show .nav-link { - color: #495057; - background-color: #fff; - border-color: #ddd #ddd #fff; } - .nav-tabs .dropdown-menu { - margin-top: -1px; - border-top-left-radius: 0; - border-top-right-radius: 0; } - -.nav-pills .nav-link { - border-radius: 0.25rem; } - .nav-pills .nav-link.active, - .show > .nav-pills .nav-link { - color: #fff; - background-color: #3c6eb4; } - -.nav-fill .nav-item { - flex: 1 1 auto; - text-align: center; } - -.nav-justified .nav-item { - flex-basis: 0; - flex-grow: 1; - text-align: center; } - -.tab-content > .tab-pane { - display: none; } - -.tab-content > .active { - display: block; } - -.navbar { - position: relative; - display: flex; - flex-wrap: wrap; - align-items: center; - justify-content: space-between; - padding: 0.5rem 1rem; } - .navbar > .container, - .navbar > .container-fluid { - display: flex; - flex-wrap: wrap; - align-items: center; - justify-content: space-between; } - -.navbar-brand { - display: inline-block; - padding-top: 0.3125rem; - padding-bottom: 0.3125rem; - margin-right: 1rem; - font-size: 1.25rem; - line-height: inherit; - white-space: nowrap; } - .navbar-brand:focus, .navbar-brand:hover { - text-decoration: none; } - -.navbar-nav { - display: flex; - flex-direction: column; - padding-left: 0; - margin-bottom: 0; - list-style: none; } - .navbar-nav .nav-link { - padding-right: 0; - padding-left: 0; } - .navbar-nav .dropdown-menu { - position: static; - float: none; } - -.navbar-text { - display: inline-block; - padding-top: 0.5rem; - padding-bottom: 0.5rem; } - -.navbar-collapse { - flex-basis: 100%; - align-items: center; } - -.navbar-toggler { - padding: 0.25rem 0.75rem; - font-size: 1.25rem; - line-height: 1; - background: transparent; - border: 1px solid transparent; - border-radius: 0.25rem; } - .navbar-toggler:focus, .navbar-toggler:hover { - text-decoration: none; } - -.navbar-toggler-icon { - display: inline-block; - width: 1.5em; - height: 1.5em; - vertical-align: middle; - content: ""; - background: no-repeat center center; - background-size: 100% 100%; } - -@media (max-width: 575px) { - .navbar-expand-sm > .container, - .navbar-expand-sm > .container-fluid { - padding-right: 0; - padding-left: 0; } } - -@media (min-width: 576px) { - .navbar-expand-sm { - flex-direction: row; - flex-wrap: nowrap; - justify-content: flex-start; } - .navbar-expand-sm .navbar-nav { - flex-direction: row; } - .navbar-expand-sm .navbar-nav .dropdown-menu { - position: absolute; } - .navbar-expand-sm .navbar-nav .dropdown-menu-right { - right: 0; - left: auto; } - .navbar-expand-sm .navbar-nav .nav-link { - padding-right: .5rem; - padding-left: .5rem; } - .navbar-expand-sm > .container, - .navbar-expand-sm > .container-fluid { - flex-wrap: nowrap; } - .navbar-expand-sm .navbar-collapse { - display: flex !important; } - .navbar-expand-sm .navbar-toggler { - display: none; } } - -@media (max-width: 767px) { - .navbar-expand-md > .container, - .navbar-expand-md > .container-fluid { - padding-right: 0; - padding-left: 0; } } - -@media (min-width: 768px) { - .navbar-expand-md { - flex-direction: row; - flex-wrap: nowrap; - justify-content: flex-start; } - .navbar-expand-md .navbar-nav { - flex-direction: row; } - .navbar-expand-md .navbar-nav .dropdown-menu { - position: absolute; } - .navbar-expand-md .navbar-nav .dropdown-menu-right { - right: 0; - left: auto; } - .navbar-expand-md .navbar-nav .nav-link { - padding-right: .5rem; - padding-left: .5rem; } - .navbar-expand-md > .container, - .navbar-expand-md > .container-fluid { - flex-wrap: nowrap; } - .navbar-expand-md .navbar-collapse { - display: flex !important; } - .navbar-expand-md .navbar-toggler { - display: none; } } - -@media (max-width: 991px) { - .navbar-expand-lg > .container, - .navbar-expand-lg > .container-fluid { - padding-right: 0; - padding-left: 0; } } - -@media (min-width: 992px) { - .navbar-expand-lg { - flex-direction: row; - flex-wrap: nowrap; - justify-content: flex-start; } - .navbar-expand-lg .navbar-nav { - flex-direction: row; } - .navbar-expand-lg .navbar-nav .dropdown-menu { - position: absolute; } - .navbar-expand-lg .navbar-nav .dropdown-menu-right { - right: 0; - left: auto; } - .navbar-expand-lg .navbar-nav .nav-link { - padding-right: .5rem; - padding-left: .5rem; } - .navbar-expand-lg > .container, - .navbar-expand-lg > .container-fluid { - flex-wrap: nowrap; } - .navbar-expand-lg .navbar-collapse { - display: flex !important; } - .navbar-expand-lg .navbar-toggler { - display: none; } } - -@media (max-width: 1199px) { - .navbar-expand-xl > .container, - .navbar-expand-xl > .container-fluid { - padding-right: 0; - padding-left: 0; } } - -@media (min-width: 1200px) { - .navbar-expand-xl { - flex-direction: row; - flex-wrap: nowrap; - justify-content: flex-start; } - .navbar-expand-xl .navbar-nav { - flex-direction: row; } - .navbar-expand-xl .navbar-nav .dropdown-menu { - position: absolute; } - .navbar-expand-xl .navbar-nav .dropdown-menu-right { - right: 0; - left: auto; } - .navbar-expand-xl .navbar-nav .nav-link { - padding-right: .5rem; - padding-left: .5rem; } - .navbar-expand-xl > .container, - .navbar-expand-xl > .container-fluid { - flex-wrap: nowrap; } - .navbar-expand-xl .navbar-collapse { - display: flex !important; } - .navbar-expand-xl .navbar-toggler { - display: none; } } - -.navbar-expand { - flex-direction: row; - flex-wrap: nowrap; - justify-content: flex-start; } - .navbar-expand > .container, - .navbar-expand > .container-fluid { - padding-right: 0; - padding-left: 0; } - .navbar-expand .navbar-nav { - flex-direction: row; } - .navbar-expand .navbar-nav .dropdown-menu { - position: absolute; } - .navbar-expand .navbar-nav .dropdown-menu-right { - right: 0; - left: auto; } - .navbar-expand .navbar-nav .nav-link { - padding-right: .5rem; - padding-left: .5rem; } - .navbar-expand > .container, - .navbar-expand > .container-fluid { - flex-wrap: nowrap; } - .navbar-expand .navbar-collapse { - display: flex !important; } - .navbar-expand .navbar-toggler { - display: none; } - -.navbar-light .navbar-brand { - color: rgba(0, 0, 0, 0.9); } - .navbar-light .navbar-brand:focus, .navbar-light .navbar-brand:hover { - color: rgba(0, 0, 0, 0.9); } - -.navbar-light .navbar-nav .nav-link { - color: rgba(0, 0, 0, 0.5); } - .navbar-light .navbar-nav .nav-link:focus, .navbar-light .navbar-nav .nav-link:hover { - color: rgba(0, 0, 0, 0.7); } - .navbar-light .navbar-nav .nav-link.disabled { - color: rgba(0, 0, 0, 0.3); } - -.navbar-light .navbar-nav .show > .nav-link, -.navbar-light .navbar-nav .active > .nav-link, -.navbar-light .navbar-nav .nav-link.show, -.navbar-light .navbar-nav .nav-link.active { - color: rgba(0, 0, 0, 0.9); } - -.navbar-light .navbar-toggler { - color: rgba(0, 0, 0, 0.5); - border-color: rgba(0, 0, 0, 0.1); } - -.navbar-light .navbar-toggler-icon { - background-image: url("data:image/svg+xml;charset=utf8,%3Csvg viewBox='0 0 30 30' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath stroke='rgba(0, 0, 0, 0.5)' stroke-width='2' stroke-linecap='round' stroke-miterlimit='10' d='M4 7h22M4 15h22M4 23h22'/%3E%3C/svg%3E"); } - -.navbar-light .navbar-text { - color: rgba(0, 0, 0, 0.5); } - -.navbar-dark .navbar-brand { - color: white; } - .navbar-dark .navbar-brand:focus, .navbar-dark .navbar-brand:hover { - color: white; } - -.navbar-dark .navbar-nav .nav-link { - color: rgba(255, 255, 255, 0.5); } - .navbar-dark .navbar-nav .nav-link:focus, .navbar-dark .navbar-nav .nav-link:hover { - color: rgba(255, 255, 255, 0.75); } - .navbar-dark .navbar-nav .nav-link.disabled { - color: rgba(255, 255, 255, 0.25); } - -.navbar-dark .navbar-nav .show > .nav-link, -.navbar-dark .navbar-nav .active > .nav-link, -.navbar-dark .navbar-nav .nav-link.show, -.navbar-dark .navbar-nav .nav-link.active { - color: white; } - -.navbar-dark .navbar-toggler { - color: rgba(255, 255, 255, 0.5); - border-color: rgba(255, 255, 255, 0.1); } - -.navbar-dark .navbar-toggler-icon { - background-image: url("data:image/svg+xml;charset=utf8,%3Csvg viewBox='0 0 30 30' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath stroke='rgba(255, 255, 255, 0.5)' stroke-width='2' stroke-linecap='round' stroke-miterlimit='10' d='M4 7h22M4 15h22M4 23h22'/%3E%3C/svg%3E"); } - -.navbar-dark .navbar-text { - color: rgba(255, 255, 255, 0.5); } - -.card { - position: relative; - display: flex; - flex-direction: column; - min-width: 0; - word-wrap: break-word; - background-color: #fff; - background-clip: border-box; - border: 1px solid rgba(0, 0, 0, 0.125); - border-radius: 0.25rem; } - -.card-body { - flex: 1 1 auto; - padding: 1.25rem; } - -.card-title { - margin-bottom: 0.75rem; } - -.card-subtitle { - margin-top: -0.375rem; - margin-bottom: 0; } - -.card-text:last-child { - margin-bottom: 0; } - -.card-link:hover { - text-decoration: none; } - -.card-link + .card-link { - margin-left: 1.25rem; } - -.card > .list-group:first-child .list-group-item:first-child { - border-top-left-radius: 0.25rem; - border-top-right-radius: 0.25rem; } - -.card > .list-group:last-child .list-group-item:last-child { - border-bottom-right-radius: 0.25rem; - border-bottom-left-radius: 0.25rem; } - -.card-header { - padding: 0.75rem 1.25rem; - margin-bottom: 0; - background-color: rgba(0, 0, 0, 0.03); - border-bottom: 1px solid rgba(0, 0, 0, 0.125); } - .card-header:first-child { - border-radius: calc(0.25rem - 1px) calc(0.25rem - 1px) 0 0; } - -.card-footer { - padding: 0.75rem 1.25rem; - background-color: rgba(0, 0, 0, 0.03); - border-top: 1px solid rgba(0, 0, 0, 0.125); } - .card-footer:last-child { - border-radius: 0 0 calc(0.25rem - 1px) calc(0.25rem - 1px); } - -.card-header-tabs { - margin-right: -0.625rem; - margin-bottom: -0.75rem; - margin-left: -0.625rem; - border-bottom: 0; } - -.card-header-pills { - margin-right: -0.625rem; - margin-left: -0.625rem; } - -.card-img-overlay { - position: absolute; - top: 0; - right: 0; - bottom: 0; - left: 0; - padding: 1.25rem; } - -.card-img { - width: 100%; - border-radius: calc(0.25rem - 1px); } - -.card-img-top { - width: 100%; - border-top-left-radius: calc(0.25rem - 1px); - border-top-right-radius: calc(0.25rem - 1px); } - -.card-img-bottom { - width: 100%; - border-bottom-right-radius: calc(0.25rem - 1px); - border-bottom-left-radius: calc(0.25rem - 1px); } - -@media (min-width: 576px) { - .card-deck { - display: flex; - flex-flow: row wrap; - margin-right: -15px; - margin-left: -15px; } - .card-deck .card { - display: flex; - flex: 1 0 0%; - flex-direction: column; - margin-right: 15px; - margin-left: 15px; } } - -@media (min-width: 576px) { - .card-group { - display: flex; - flex-flow: row wrap; } - .card-group .card { - flex: 1 0 0%; } - .card-group .card + .card { - margin-left: 0; - border-left: 0; } - .card-group .card:first-child { - border-top-right-radius: 0; - border-bottom-right-radius: 0; } - .card-group .card:first-child .card-img-top { - border-top-right-radius: 0; } - .card-group .card:first-child .card-img-bottom { - border-bottom-right-radius: 0; } - .card-group .card:last-child { - border-top-left-radius: 0; - border-bottom-left-radius: 0; } - .card-group .card:last-child .card-img-top { - border-top-left-radius: 0; } - .card-group .card:last-child .card-img-bottom { - border-bottom-left-radius: 0; } - .card-group .card:not(:first-child):not(:last-child) { - border-radius: 0; } - .card-group .card:not(:first-child):not(:last-child) .card-img-top, - .card-group .card:not(:first-child):not(:last-child) .card-img-bottom { - border-radius: 0; } } - -.card-columns .card { - margin-bottom: 0.75rem; } - -@media (min-width: 576px) { - .card-columns { - column-count: 3; - column-gap: 1.25rem; } - .card-columns .card { - display: inline-block; - width: 100%; } } - -.breadcrumb { - padding: 0.75rem 1rem; - margin-bottom: 1rem; - list-style: none; - background-color: #e9ecef; - border-radius: 0.25rem; } - .breadcrumb::after { - display: block; - clear: both; - content: ""; } - -.breadcrumb-item { - float: left; } - .breadcrumb-item + .breadcrumb-item::before { - display: inline-block; - padding-right: 0.5rem; - padding-left: 0.5rem; - color: #868e96; - content: "/"; } - .breadcrumb-item + .breadcrumb-item:hover::before { - text-decoration: underline; } - .breadcrumb-item + .breadcrumb-item:hover::before { - text-decoration: none; } - .breadcrumb-item.active { - color: #868e96; } - -.pagination { - display: flex; - padding-left: 0; - list-style: none; - border-radius: 0.25rem; } - -.page-item:first-child .page-link { - margin-left: 0; - border-top-left-radius: 0.25rem; - border-bottom-left-radius: 0.25rem; } - -.page-item:last-child .page-link { - border-top-right-radius: 0.25rem; - border-bottom-right-radius: 0.25rem; } - -.page-item.active .page-link { - z-index: 2; - color: #fff; - background-color: #3c6eb4; - border-color: #3c6eb4; } - -.page-item.disabled .page-link { - color: #868e96; - pointer-events: none; - background-color: #fff; - border-color: #ddd; } - -.page-link { - position: relative; - display: block; - padding: 0.5rem 0.75rem; - margin-left: -1px; - line-height: 1.25; - color: #3c6eb4; - background-color: #fff; - border: 1px solid #ddd; } - .page-link:focus, .page-link:hover { - color: #294b7b; - text-decoration: none; - background-color: #e9ecef; - border-color: #ddd; } - -.pagination-lg .page-link { - padding: 0.75rem 1.5rem; - font-size: 1.25rem; - line-height: 1.5; } - -.pagination-lg .page-item:first-child .page-link { - border-top-left-radius: 0.3rem; - border-bottom-left-radius: 0.3rem; } - -.pagination-lg .page-item:last-child .page-link { - border-top-right-radius: 0.3rem; - border-bottom-right-radius: 0.3rem; } - -.pagination-sm .page-link { - padding: 0.25rem 0.5rem; - font-size: 0.875rem; - line-height: 1.5; } - -.pagination-sm .page-item:first-child .page-link { - border-top-left-radius: 0.2rem; - border-bottom-left-radius: 0.2rem; } - -.pagination-sm .page-item:last-child .page-link { - border-top-right-radius: 0.2rem; - border-bottom-right-radius: 0.2rem; } - -.badge { - display: inline-block; - padding: 0.25em 0.4em; - font-size: 75%; - font-weight: bold; - line-height: 1; - color: #fff; - text-align: center; - white-space: nowrap; - vertical-align: baseline; - border-radius: 0.25rem; } - .badge:empty { - display: none; } - -.btn .badge { - position: relative; - top: -1px; } - -.badge-pill { - padding-right: 0.6em; - padding-left: 0.6em; - border-radius: 10rem; } - -.badge-primary { - color: #fff; - background-color: #3c6eb4; } - .badge-primary[href]:focus, .badge-primary[href]:hover { - color: #fff; - text-decoration: none; - background-color: #2f578e; } - -.badge-secondary { - color: #fff; - background-color: #868e96; } - .badge-secondary[href]:focus, .badge-secondary[href]:hover { - color: #fff; - text-decoration: none; - background-color: #6c757d; } - -.badge-success { - color: #fff; - background-color: #28a745; } - .badge-success[href]:focus, .badge-success[href]:hover { - color: #fff; - text-decoration: none; - background-color: #1e7e34; } - -.badge-info { - color: #fff; - background-color: #17a2b8; } - .badge-info[href]:focus, .badge-info[href]:hover { - color: #fff; - text-decoration: none; - background-color: #117a8b; } - -.badge-warning { - color: #111; - background-color: #ffc107; } - .badge-warning[href]:focus, .badge-warning[href]:hover { - color: #111; - text-decoration: none; - background-color: #d39e00; } - -.badge-danger { - color: #fff; - background-color: #dc3545; } - .badge-danger[href]:focus, .badge-danger[href]:hover { - color: #fff; - text-decoration: none; - background-color: #bd2130; } - -.badge-light { - color: #111; - background-color: #f8f9fa; } - .badge-light[href]:focus, .badge-light[href]:hover { - color: #111; - text-decoration: none; - background-color: #dae0e5; } - -.badge-dark { - color: #fff; - background-color: #343a40; } - .badge-dark[href]:focus, .badge-dark[href]:hover { - color: #fff; - text-decoration: none; - background-color: #1d2124; } - -.jumbotron { - padding: 2rem 1rem; - margin-bottom: 2rem; - background-color: #e9ecef; - border-radius: 0.3rem; } - @media (min-width: 576px) { - .jumbotron { - padding: 4rem 2rem; } } - -.jumbotron-fluid { - padding-right: 0; - padding-left: 0; - border-radius: 0; } - -.alert { - padding: 0.75rem 1.25rem; - margin-bottom: 1rem; - border: 1px solid transparent; - border-radius: 0.25rem; } - -.alert-heading { - color: inherit; } - -.alert-link { - font-weight: bold; } - -.alert-dismissible .close { - position: relative; - top: -0.75rem; - right: -1.25rem; - padding: 0.75rem 1.25rem; - color: inherit; } - -.alert-primary { - color: #1f395e; - background-color: #d8e2f0; - border-color: #c8d6ea; } - .alert-primary hr { - border-top-color: #b6c8e3; } - .alert-primary .alert-link { - color: #122238; } - -.alert-secondary { - color: #464a4e; - background-color: #e7e8ea; - border-color: #dddfe2; } - .alert-secondary hr { - border-top-color: #cfd2d6; } - .alert-secondary .alert-link { - color: #2e3133; } - -.alert-success { - color: #155724; - background-color: #d4edda; - border-color: #c3e6cb; } - .alert-success hr { - border-top-color: #b1dfbb; } - .alert-success .alert-link { - color: #0b2e13; } - -.alert-info { - color: #0c5460; - background-color: #d1ecf1; - border-color: #bee5eb; } - .alert-info hr { - border-top-color: #abdde5; } - .alert-info .alert-link { - color: #062c33; } - -.alert-warning { - color: #856404; - background-color: #fff3cd; - border-color: #ffeeba; } - .alert-warning hr { - border-top-color: #ffe8a1; } - .alert-warning .alert-link { - color: #533f03; } - -.alert-danger { - color: #721c24; - background-color: #f8d7da; - border-color: #f5c6cb; } - .alert-danger hr { - border-top-color: #f1b0b7; } - .alert-danger .alert-link { - color: #491217; } - -.alert-light { - color: #818182; - background-color: #fefefe; - border-color: #fdfdfe; } - .alert-light hr { - border-top-color: #ececf6; } - .alert-light .alert-link { - color: #686868; } - -.alert-dark { - color: #1b1e21; - background-color: #d6d8d9; - border-color: #c6c8ca; } - .alert-dark hr { - border-top-color: #b9bbbe; } - .alert-dark .alert-link { - color: #040505; } - -@keyframes progress-bar-stripes { - from { - background-position: 1rem 0; } - to { - background-position: 0 0; } } - -.progress { - display: flex; - overflow: hidden; - font-size: 0.75rem; - line-height: 1rem; - text-align: center; - background-color: #e9ecef; - border-radius: 0.25rem; } - -.progress-bar { - height: 1rem; - line-height: 1rem; - color: #fff; - background-color: #3c6eb4; - transition: width 0.6s ease; } - -.progress-bar-striped { - background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-size: 1rem 1rem; } - -.progress-bar-animated { - animation: progress-bar-stripes 1s linear infinite; } - -.media { - display: flex; - align-items: flex-start; } - -.media-body { - flex: 1; } - -.list-group { - display: flex; - flex-direction: column; - padding-left: 0; - margin-bottom: 0; } - -.list-group-item-action { - width: 100%; - color: #495057; - text-align: inherit; } - .list-group-item-action:focus, .list-group-item-action:hover { - color: #495057; - text-decoration: none; - background-color: #f8f9fa; } - .list-group-item-action:active { - color: #212529; - background-color: #e9ecef; } - -.list-group-item { - position: relative; - display: block; - padding: 0.75rem 1.25rem; - margin-bottom: -1px; - background-color: #fff; - border: 1px solid rgba(0, 0, 0, 0.125); } - .list-group-item:first-child { - border-top-left-radius: 0.25rem; - border-top-right-radius: 0.25rem; } - .list-group-item:last-child { - margin-bottom: 0; - border-bottom-right-radius: 0.25rem; - border-bottom-left-radius: 0.25rem; } - .list-group-item:focus, .list-group-item:hover { - text-decoration: none; } - .list-group-item.disabled, .list-group-item:disabled { - color: #868e96; - background-color: #fff; } - .list-group-item.active { - z-index: 2; - color: #fff; - background-color: #3c6eb4; - border-color: #3c6eb4; } - -.list-group-flush .list-group-item { - border-right: 0; - border-left: 0; - border-radius: 0; } - -.list-group-flush:first-child .list-group-item:first-child { - border-top: 0; } - -.list-group-flush:last-child .list-group-item:last-child { - border-bottom: 0; } - -.list-group-item-primary { - color: #1f395e; - background-color: #c8d6ea; } - -a.list-group-item-primary, -button.list-group-item-primary { - color: #1f395e; } - a.list-group-item-primary:focus, a.list-group-item-primary:hover, - button.list-group-item-primary:focus, - button.list-group-item-primary:hover { - color: #1f395e; - background-color: #b6c8e3; } - a.list-group-item-primary.active, - button.list-group-item-primary.active { - color: #fff; - background-color: #1f395e; - border-color: #1f395e; } - -.list-group-item-secondary { - color: #464a4e; - background-color: #dddfe2; } - -a.list-group-item-secondary, -button.list-group-item-secondary { - color: #464a4e; } - a.list-group-item-secondary:focus, a.list-group-item-secondary:hover, - button.list-group-item-secondary:focus, - button.list-group-item-secondary:hover { - color: #464a4e; - background-color: #cfd2d6; } - a.list-group-item-secondary.active, - button.list-group-item-secondary.active { - color: #fff; - background-color: #464a4e; - border-color: #464a4e; } - -.list-group-item-success { - color: #155724; - background-color: #c3e6cb; } - -a.list-group-item-success, -button.list-group-item-success { - color: #155724; } - a.list-group-item-success:focus, a.list-group-item-success:hover, - button.list-group-item-success:focus, - button.list-group-item-success:hover { - color: #155724; - background-color: #b1dfbb; } - a.list-group-item-success.active, - button.list-group-item-success.active { - color: #fff; - background-color: #155724; - border-color: #155724; } - -.list-group-item-info { - color: #0c5460; - background-color: #bee5eb; } - -a.list-group-item-info, -button.list-group-item-info { - color: #0c5460; } - a.list-group-item-info:focus, a.list-group-item-info:hover, - button.list-group-item-info:focus, - button.list-group-item-info:hover { - color: #0c5460; - background-color: #abdde5; } - a.list-group-item-info.active, - button.list-group-item-info.active { - color: #fff; - background-color: #0c5460; - border-color: #0c5460; } - -.list-group-item-warning { - color: #856404; - background-color: #ffeeba; } - -a.list-group-item-warning, -button.list-group-item-warning { - color: #856404; } - a.list-group-item-warning:focus, a.list-group-item-warning:hover, - button.list-group-item-warning:focus, - button.list-group-item-warning:hover { - color: #856404; - background-color: #ffe8a1; } - a.list-group-item-warning.active, - button.list-group-item-warning.active { - color: #fff; - background-color: #856404; - border-color: #856404; } - -.list-group-item-danger { - color: #721c24; - background-color: #f5c6cb; } - -a.list-group-item-danger, -button.list-group-item-danger { - color: #721c24; } - a.list-group-item-danger:focus, a.list-group-item-danger:hover, - button.list-group-item-danger:focus, - button.list-group-item-danger:hover { - color: #721c24; - background-color: #f1b0b7; } - a.list-group-item-danger.active, - button.list-group-item-danger.active { - color: #fff; - background-color: #721c24; - border-color: #721c24; } - -.list-group-item-light { - color: #818182; - background-color: #fdfdfe; } - -a.list-group-item-light, -button.list-group-item-light { - color: #818182; } - a.list-group-item-light:focus, a.list-group-item-light:hover, - button.list-group-item-light:focus, - button.list-group-item-light:hover { - color: #818182; - background-color: #ececf6; } - a.list-group-item-light.active, - button.list-group-item-light.active { - color: #fff; - background-color: #818182; - border-color: #818182; } - -.list-group-item-dark { - color: #1b1e21; - background-color: #c6c8ca; } - -a.list-group-item-dark, -button.list-group-item-dark { - color: #1b1e21; } - a.list-group-item-dark:focus, a.list-group-item-dark:hover, - button.list-group-item-dark:focus, - button.list-group-item-dark:hover { - color: #1b1e21; - background-color: #b9bbbe; } - a.list-group-item-dark.active, - button.list-group-item-dark.active { - color: #fff; - background-color: #1b1e21; - border-color: #1b1e21; } - -.close { - float: right; - font-size: 1.5rem; - font-weight: bold; - line-height: 1; - color: #000; - text-shadow: 0 1px 0 #fff; - opacity: .5; } - .close:focus, .close:hover { - color: #000; - text-decoration: none; - opacity: .75; } - -button.close { - padding: 0; - background: transparent; - border: 0; - -webkit-appearance: none; } - -.modal-open { - overflow: hidden; } - -.modal { - position: fixed; - top: 0; - right: 0; - bottom: 0; - left: 0; - z-index: 1050; - display: none; - overflow: hidden; - outline: 0; } - .modal.fade .modal-dialog { - transition: transform 0.3s ease-out; - transform: translate(0, -25%); } - .modal.show .modal-dialog { - transform: translate(0, 0); } - -.modal-open .modal { - overflow-x: hidden; - overflow-y: auto; } - -.modal-dialog { - position: relative; - width: auto; - margin: 10px; } - -.modal-content { - position: relative; - display: flex; - flex-direction: column; - background-color: #fff; - background-clip: padding-box; - border: 1px solid rgba(0, 0, 0, 0.2); - border-radius: 0.3rem; - outline: 0; } - -.modal-backdrop { - position: fixed; - top: 0; - right: 0; - bottom: 0; - left: 0; - z-index: 1040; - background-color: #000; } - .modal-backdrop.fade { - opacity: 0; } - .modal-backdrop.show { - opacity: 0.5; } - -.modal-header { - display: flex; - align-items: center; - justify-content: space-between; - padding: 15px; - border-bottom: 1px solid #e9ecef; } - -.modal-title { - margin-bottom: 0; - line-height: 1.5; } - -.modal-body { - position: relative; - flex: 1 1 auto; - padding: 15px; } - -.modal-footer { - display: flex; - align-items: center; - justify-content: flex-end; - padding: 15px; - border-top: 1px solid #e9ecef; } - .modal-footer > :not(:first-child) { - margin-left: .25rem; } - .modal-footer > :not(:last-child) { - margin-right: .25rem; } - -.modal-scrollbar-measure { - position: absolute; - top: -9999px; - width: 50px; - height: 50px; - overflow: scroll; } - -@media (min-width: 576px) { - .modal-dialog { - max-width: 500px; - margin: 30px auto; } - .modal-sm { - max-width: 300px; } } - -@media (min-width: 992px) { - .modal-lg { - max-width: 800px; } } - -.tooltip { - position: absolute; - z-index: 1070; - display: block; - margin: 0; - font-family: "Open Sans"; - font-style: normal; - font-weight: normal; - line-height: 1.5; - text-align: left; - text-align: start; - text-decoration: none; - text-shadow: none; - text-transform: none; - letter-spacing: normal; - word-break: normal; - word-spacing: normal; - white-space: normal; - line-break: auto; - font-size: 0.875rem; - word-wrap: break-word; - opacity: 0; } - .tooltip.show { - opacity: 0.9; } - .tooltip .arrow { - position: absolute; - display: block; - width: 5px; - height: 5px; } - .tooltip.bs-tooltip-top, .tooltip.bs-tooltip-auto[x-placement^="top"] { - padding: 5px 0; } - .tooltip.bs-tooltip-top .arrow, .tooltip.bs-tooltip-auto[x-placement^="top"] .arrow { - bottom: 0; } - .tooltip.bs-tooltip-top .arrow::before, .tooltip.bs-tooltip-auto[x-placement^="top"] .arrow::before { - margin-left: -3px; - content: ""; - border-width: 5px 5px 0; - border-top-color: #000; } - .tooltip.bs-tooltip-right, .tooltip.bs-tooltip-auto[x-placement^="right"] { - padding: 0 5px; } - .tooltip.bs-tooltip-right .arrow, .tooltip.bs-tooltip-auto[x-placement^="right"] .arrow { - left: 0; } - .tooltip.bs-tooltip-right .arrow::before, .tooltip.bs-tooltip-auto[x-placement^="right"] .arrow::before { - margin-top: -3px; - content: ""; - border-width: 5px 5px 5px 0; - border-right-color: #000; } - .tooltip.bs-tooltip-bottom, .tooltip.bs-tooltip-auto[x-placement^="bottom"] { - padding: 5px 0; } - .tooltip.bs-tooltip-bottom .arrow, .tooltip.bs-tooltip-auto[x-placement^="bottom"] .arrow { - top: 0; } - .tooltip.bs-tooltip-bottom .arrow::before, .tooltip.bs-tooltip-auto[x-placement^="bottom"] .arrow::before { - margin-left: -3px; - content: ""; - border-width: 0 5px 5px; - border-bottom-color: #000; } - .tooltip.bs-tooltip-left, .tooltip.bs-tooltip-auto[x-placement^="left"] { - padding: 0 5px; } - .tooltip.bs-tooltip-left .arrow, .tooltip.bs-tooltip-auto[x-placement^="left"] .arrow { - right: 0; } - .tooltip.bs-tooltip-left .arrow::before, .tooltip.bs-tooltip-auto[x-placement^="left"] .arrow::before { - right: 0; - margin-top: -3px; - content: ""; - border-width: 5px 0 5px 5px; - border-left-color: #000; } - .tooltip .arrow::before { - position: absolute; - border-color: transparent; - border-style: solid; } - -.tooltip-inner { - max-width: 200px; - padding: 3px 8px; - color: #fff; - text-align: center; - background-color: #000; - border-radius: 0.25rem; } - -.popover { - position: absolute; - top: 0; - left: 0; - z-index: 1060; - display: block; - max-width: 276px; - padding: 1px; - font-family: "Open Sans"; - font-style: normal; - font-weight: normal; - line-height: 1.5; - text-align: left; - text-align: start; - text-decoration: none; - text-shadow: none; - text-transform: none; - letter-spacing: normal; - word-break: normal; - word-spacing: normal; - white-space: normal; - line-break: auto; - font-size: 0.875rem; - word-wrap: break-word; - background-color: #fff; - background-clip: padding-box; - border: 1px solid rgba(0, 0, 0, 0.2); - border-radius: 0.3rem; } - .popover .arrow { - position: absolute; - display: block; - width: 10px; - height: 5px; } - .popover .arrow::before, - .popover .arrow::after { - position: absolute; - display: block; - border-color: transparent; - border-style: solid; } - .popover .arrow::before { - content: ""; - border-width: 11px; } - .popover .arrow::after { - content: ""; - border-width: 11px; } - .popover.bs-popover-top, .popover.bs-popover-auto[x-placement^="top"] { - margin-bottom: 10px; } - .popover.bs-popover-top .arrow, .popover.bs-popover-auto[x-placement^="top"] .arrow { - bottom: 0; } - .popover.bs-popover-top .arrow::before, .popover.bs-popover-auto[x-placement^="top"] .arrow::before, - .popover.bs-popover-top .arrow::after, .popover.bs-popover-auto[x-placement^="top"] .arrow::after { - border-bottom-width: 0; } - .popover.bs-popover-top .arrow::before, .popover.bs-popover-auto[x-placement^="top"] .arrow::before { - bottom: -11px; - margin-left: -6px; - border-top-color: rgba(0, 0, 0, 0.25); } - .popover.bs-popover-top .arrow::after, .popover.bs-popover-auto[x-placement^="top"] .arrow::after { - bottom: -10px; - margin-left: -6px; - border-top-color: #fff; } - .popover.bs-popover-right, .popover.bs-popover-auto[x-placement^="right"] { - margin-left: 10px; } - .popover.bs-popover-right .arrow, .popover.bs-popover-auto[x-placement^="right"] .arrow { - left: 0; } - .popover.bs-popover-right .arrow::before, .popover.bs-popover-auto[x-placement^="right"] .arrow::before, - .popover.bs-popover-right .arrow::after, .popover.bs-popover-auto[x-placement^="right"] .arrow::after { - margin-top: -8px; - border-left-width: 0; } - .popover.bs-popover-right .arrow::before, .popover.bs-popover-auto[x-placement^="right"] .arrow::before { - left: -11px; - border-right-color: rgba(0, 0, 0, 0.25); } - .popover.bs-popover-right .arrow::after, .popover.bs-popover-auto[x-placement^="right"] .arrow::after { - left: -10px; - border-right-color: #fff; } - .popover.bs-popover-bottom, .popover.bs-popover-auto[x-placement^="bottom"] { - margin-top: 10px; } - .popover.bs-popover-bottom .arrow, .popover.bs-popover-auto[x-placement^="bottom"] .arrow { - top: 0; } - .popover.bs-popover-bottom .arrow::before, .popover.bs-popover-auto[x-placement^="bottom"] .arrow::before, - .popover.bs-popover-bottom .arrow::after, .popover.bs-popover-auto[x-placement^="bottom"] .arrow::after { - margin-left: -7px; - border-top-width: 0; } - .popover.bs-popover-bottom .arrow::before, .popover.bs-popover-auto[x-placement^="bottom"] .arrow::before { - top: -11px; - border-bottom-color: rgba(0, 0, 0, 0.25); } - .popover.bs-popover-bottom .arrow::after, .popover.bs-popover-auto[x-placement^="bottom"] .arrow::after { - top: -10px; - border-bottom-color: #fff; } - .popover.bs-popover-bottom .popover-header::before, .popover.bs-popover-auto[x-placement^="bottom"] .popover-header::before { - position: absolute; - top: 0; - left: 50%; - display: block; - width: 20px; - margin-left: -10px; - content: ""; - border-bottom: 1px solid #f7f7f7; } - .popover.bs-popover-left, .popover.bs-popover-auto[x-placement^="left"] { - margin-right: 10px; } - .popover.bs-popover-left .arrow, .popover.bs-popover-auto[x-placement^="left"] .arrow { - right: 0; } - .popover.bs-popover-left .arrow::before, .popover.bs-popover-auto[x-placement^="left"] .arrow::before, - .popover.bs-popover-left .arrow::after, .popover.bs-popover-auto[x-placement^="left"] .arrow::after { - margin-top: -8px; - border-right-width: 0; } - .popover.bs-popover-left .arrow::before, .popover.bs-popover-auto[x-placement^="left"] .arrow::before { - right: -11px; - border-left-color: rgba(0, 0, 0, 0.25); } - .popover.bs-popover-left .arrow::after, .popover.bs-popover-auto[x-placement^="left"] .arrow::after { - right: -10px; - border-left-color: #fff; } - -.popover-header { - padding: 8px 14px; - margin-bottom: 0; - font-size: 1rem; - color: inherit; - background-color: #f7f7f7; - border-bottom: 1px solid #ebebeb; - border-top-left-radius: calc(0.3rem - 1px); - border-top-right-radius: calc(0.3rem - 1px); } - .popover-header:empty { - display: none; } - -.popover-body { - padding: 9px 14px; - color: #212529; } - -.carousel { - position: relative; } - -.carousel-inner { - position: relative; - width: 100%; - overflow: hidden; } - -.carousel-item { - position: relative; - display: none; - align-items: center; - width: 100%; - transition: transform 0.6s ease; - backface-visibility: hidden; - perspective: 1000px; } - -.carousel-item.active, -.carousel-item-next, -.carousel-item-prev { - display: block; } - -.carousel-item-next, -.carousel-item-prev { - position: absolute; - top: 0; } - -.carousel-item-next.carousel-item-left, -.carousel-item-prev.carousel-item-right { - transform: translateX(0); } - @supports (transform-style: preserve-3d) { - .carousel-item-next.carousel-item-left, - .carousel-item-prev.carousel-item-right { - transform: translate3d(0, 0, 0); } } - -.carousel-item-next, -.active.carousel-item-right { - transform: translateX(100%); } - @supports (transform-style: preserve-3d) { - .carousel-item-next, - .active.carousel-item-right { - transform: translate3d(100%, 0, 0); } } - -.carousel-item-prev, -.active.carousel-item-left { - transform: translateX(-100%); } - @supports (transform-style: preserve-3d) { - .carousel-item-prev, - .active.carousel-item-left { - transform: translate3d(-100%, 0, 0); } } - -.carousel-control-prev, -.carousel-control-next { - position: absolute; - top: 0; - bottom: 0; - display: flex; - align-items: center; - justify-content: center; - width: 15%; - color: #fff; - text-align: center; - opacity: 0.5; } - .carousel-control-prev:focus, .carousel-control-prev:hover, - .carousel-control-next:focus, - .carousel-control-next:hover { - color: #fff; - text-decoration: none; - outline: 0; - opacity: .9; } - -.carousel-control-prev { - left: 0; } - -.carousel-control-next { - right: 0; } - -.carousel-control-prev-icon, -.carousel-control-next-icon { - display: inline-block; - width: 20px; - height: 20px; - background: transparent no-repeat center center; - background-size: 100% 100%; } - -.carousel-control-prev-icon { - background-image: url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' fill='%23fff' viewBox='0 0 8 8'%3E%3Cpath d='M4 0l-4 4 4 4 1.5-1.5-2.5-2.5 2.5-2.5-1.5-1.5z'/%3E%3C/svg%3E"); } - -.carousel-control-next-icon { - background-image: url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' fill='%23fff' viewBox='0 0 8 8'%3E%3Cpath d='M1.5 0l-1.5 1.5 2.5 2.5-2.5 2.5 1.5 1.5 4-4-4-4z'/%3E%3C/svg%3E"); } - -.carousel-indicators { - position: absolute; - right: 0; - bottom: 10px; - left: 0; - z-index: 15; - display: flex; - justify-content: center; - padding-left: 0; - margin-right: 15%; - margin-left: 15%; - list-style: none; } - .carousel-indicators li { - position: relative; - flex: 0 1 auto; - width: 30px; - height: 3px; - margin-right: 3px; - margin-left: 3px; - text-indent: -999px; - background-color: rgba(255, 255, 255, 0.5); } - .carousel-indicators li::before { - position: absolute; - top: -10px; - left: 0; - display: inline-block; - width: 100%; - height: 10px; - content: ""; } - .carousel-indicators li::after { - position: absolute; - bottom: -10px; - left: 0; - display: inline-block; - width: 100%; - height: 10px; - content: ""; } - .carousel-indicators .active { - background-color: #fff; } - -.carousel-caption { - position: absolute; - right: 15%; - bottom: 20px; - left: 15%; - z-index: 10; - padding-top: 20px; - padding-bottom: 20px; - color: #fff; - text-align: center; } - -.align-baseline { - vertical-align: baseline !important; } - -.align-top { - vertical-align: top !important; } - -.align-middle { - vertical-align: middle !important; } - -.align-bottom { - vertical-align: bottom !important; } - -.align-text-bottom { - vertical-align: text-bottom !important; } - -.align-text-top { - vertical-align: text-top !important; } - -.bg-primary { - background-color: #3c6eb4 !important; } - -a.bg-primary:focus, a.bg-primary:hover { - background-color: #2f578e !important; } - -.bg-secondary { - background-color: #868e96 !important; } - -a.bg-secondary:focus, a.bg-secondary:hover { - background-color: #6c757d !important; } - -.bg-success { - background-color: #28a745 !important; } - -a.bg-success:focus, a.bg-success:hover { - background-color: #1e7e34 !important; } - -.bg-info { - background-color: #17a2b8 !important; } - -a.bg-info:focus, a.bg-info:hover { - background-color: #117a8b !important; } - -.bg-warning { - background-color: #ffc107 !important; } - -a.bg-warning:focus, a.bg-warning:hover { - background-color: #d39e00 !important; } - -.bg-danger { - background-color: #dc3545 !important; } - -a.bg-danger:focus, a.bg-danger:hover { - background-color: #bd2130 !important; } - -.bg-light { - background-color: #f8f9fa !important; } - -a.bg-light:focus, a.bg-light:hover { - background-color: #dae0e5 !important; } - -.bg-dark { - background-color: #343a40 !important; } - -a.bg-dark:focus, a.bg-dark:hover { - background-color: #1d2124 !important; } - -.bg-white { - background-color: #fff !important; } - -.bg-transparent { - background-color: transparent !important; } - -.border { - border: 1px solid #e9ecef !important; } - -.border-0 { - border: 0 !important; } - -.border-top-0 { - border-top: 0 !important; } - -.border-right-0 { - border-right: 0 !important; } - -.border-bottom-0 { - border-bottom: 0 !important; } - -.border-left-0 { - border-left: 0 !important; } - -.border-primary { - border-color: #3c6eb4 !important; } - -.border-secondary { - border-color: #868e96 !important; } - -.border-success { - border-color: #28a745 !important; } - -.border-info { - border-color: #17a2b8 !important; } - -.border-warning { - border-color: #ffc107 !important; } - -.border-danger { - border-color: #dc3545 !important; } - -.border-light { - border-color: #f8f9fa !important; } - -.border-dark { - border-color: #343a40 !important; } - -.border-white { - border-color: #fff !important; } - -.rounded { - border-radius: 0.25rem !important; } - -.rounded-top { - border-top-left-radius: 0.25rem !important; - border-top-right-radius: 0.25rem !important; } - -.rounded-right { - border-top-right-radius: 0.25rem !important; - border-bottom-right-radius: 0.25rem !important; } - -.rounded-bottom { - border-bottom-right-radius: 0.25rem !important; - border-bottom-left-radius: 0.25rem !important; } - -.rounded-left { - border-top-left-radius: 0.25rem !important; - border-bottom-left-radius: 0.25rem !important; } - -.rounded-circle { - border-radius: 50%; } - -.rounded-0 { - border-radius: 0; } - -.clearfix::after { - display: block; - clear: both; - content: ""; } - -.d-none { - display: none !important; } - -.d-inline { - display: inline !important; } - -.d-inline-block { - display: inline-block !important; } - -.d-block { - display: block !important; } - -.d-table { - display: table !important; } - -.d-table-cell { - display: table-cell !important; } - -.d-flex { - display: flex !important; } - -.d-inline-flex { - display: inline-flex !important; } - -@media (min-width: 576px) { - .d-sm-none { - display: none !important; } - .d-sm-inline { - display: inline !important; } - .d-sm-inline-block { - display: inline-block !important; } - .d-sm-block { - display: block !important; } - .d-sm-table { - display: table !important; } - .d-sm-table-cell { - display: table-cell !important; } - .d-sm-flex { - display: flex !important; } - .d-sm-inline-flex { - display: inline-flex !important; } } - -@media (min-width: 768px) { - .d-md-none { - display: none !important; } - .d-md-inline { - display: inline !important; } - .d-md-inline-block { - display: inline-block !important; } - .d-md-block { - display: block !important; } - .d-md-table { - display: table !important; } - .d-md-table-cell { - display: table-cell !important; } - .d-md-flex { - display: flex !important; } - .d-md-inline-flex { - display: inline-flex !important; } } - -@media (min-width: 992px) { - .d-lg-none { - display: none !important; } - .d-lg-inline { - display: inline !important; } - .d-lg-inline-block { - display: inline-block !important; } - .d-lg-block { - display: block !important; } - .d-lg-table { - display: table !important; } - .d-lg-table-cell { - display: table-cell !important; } - .d-lg-flex { - display: flex !important; } - .d-lg-inline-flex { - display: inline-flex !important; } } - -@media (min-width: 1200px) { - .d-xl-none { - display: none !important; } - .d-xl-inline { - display: inline !important; } - .d-xl-inline-block { - display: inline-block !important; } - .d-xl-block { - display: block !important; } - .d-xl-table { - display: table !important; } - .d-xl-table-cell { - display: table-cell !important; } - .d-xl-flex { - display: flex !important; } - .d-xl-inline-flex { - display: inline-flex !important; } } - -.d-print-block { - display: none !important; } - @media print { - .d-print-block { - display: block !important; } } - -.d-print-inline { - display: none !important; } - @media print { - .d-print-inline { - display: inline !important; } } - -.d-print-inline-block { - display: none !important; } - @media print { - .d-print-inline-block { - display: inline-block !important; } } - -@media print { - .d-print-none { - display: none !important; } } - -.embed-responsive { - position: relative; - display: block; - width: 100%; - padding: 0; - overflow: hidden; } - .embed-responsive::before { - display: block; - content: ""; } - .embed-responsive .embed-responsive-item, - .embed-responsive iframe, - .embed-responsive embed, - .embed-responsive object, - .embed-responsive video { - position: absolute; - top: 0; - bottom: 0; - left: 0; - width: 100%; - height: 100%; - border: 0; } - -.embed-responsive-21by9::before { - padding-top: 42.85714%; } - -.embed-responsive-16by9::before { - padding-top: 56.25%; } - -.embed-responsive-4by3::before { - padding-top: 75%; } - -.embed-responsive-1by1::before { - padding-top: 100%; } - -.flex-row { - flex-direction: row !important; } - -.flex-column { - flex-direction: column !important; } - -.flex-row-reverse { - flex-direction: row-reverse !important; } - -.flex-column-reverse { - flex-direction: column-reverse !important; } - -.flex-wrap { - flex-wrap: wrap !important; } - -.flex-nowrap { - flex-wrap: nowrap !important; } - -.flex-wrap-reverse { - flex-wrap: wrap-reverse !important; } - -.justify-content-start { - justify-content: flex-start !important; } - -.justify-content-end { - justify-content: flex-end !important; } - -.justify-content-center { - justify-content: center !important; } - -.justify-content-between { - justify-content: space-between !important; } - -.justify-content-around { - justify-content: space-around !important; } - -.align-items-start { - align-items: flex-start !important; } - -.align-items-end { - align-items: flex-end !important; } - -.align-items-center { - align-items: center !important; } - -.align-items-baseline { - align-items: baseline !important; } - -.align-items-stretch { - align-items: stretch !important; } - -.align-content-start { - align-content: flex-start !important; } - -.align-content-end { - align-content: flex-end !important; } - -.align-content-center { - align-content: center !important; } - -.align-content-between { - align-content: space-between !important; } - -.align-content-around { - align-content: space-around !important; } - -.align-content-stretch { - align-content: stretch !important; } - -.align-self-auto { - align-self: auto !important; } - -.align-self-start { - align-self: flex-start !important; } - -.align-self-end { - align-self: flex-end !important; } - -.align-self-center { - align-self: center !important; } - -.align-self-baseline { - align-self: baseline !important; } - -.align-self-stretch { - align-self: stretch !important; } - -@media (min-width: 576px) { - .flex-sm-row { - flex-direction: row !important; } - .flex-sm-column { - flex-direction: column !important; } - .flex-sm-row-reverse { - flex-direction: row-reverse !important; } - .flex-sm-column-reverse { - flex-direction: column-reverse !important; } - .flex-sm-wrap { - flex-wrap: wrap !important; } - .flex-sm-nowrap { - flex-wrap: nowrap !important; } - .flex-sm-wrap-reverse { - flex-wrap: wrap-reverse !important; } - .justify-content-sm-start { - justify-content: flex-start !important; } - .justify-content-sm-end { - justify-content: flex-end !important; } - .justify-content-sm-center { - justify-content: center !important; } - .justify-content-sm-between { - justify-content: space-between !important; } - .justify-content-sm-around { - justify-content: space-around !important; } - .align-items-sm-start { - align-items: flex-start !important; } - .align-items-sm-end { - align-items: flex-end !important; } - .align-items-sm-center { - align-items: center !important; } - .align-items-sm-baseline { - align-items: baseline !important; } - .align-items-sm-stretch { - align-items: stretch !important; } - .align-content-sm-start { - align-content: flex-start !important; } - .align-content-sm-end { - align-content: flex-end !important; } - .align-content-sm-center { - align-content: center !important; } - .align-content-sm-between { - align-content: space-between !important; } - .align-content-sm-around { - align-content: space-around !important; } - .align-content-sm-stretch { - align-content: stretch !important; } - .align-self-sm-auto { - align-self: auto !important; } - .align-self-sm-start { - align-self: flex-start !important; } - .align-self-sm-end { - align-self: flex-end !important; } - .align-self-sm-center { - align-self: center !important; } - .align-self-sm-baseline { - align-self: baseline !important; } - .align-self-sm-stretch { - align-self: stretch !important; } } - -@media (min-width: 768px) { - .flex-md-row { - flex-direction: row !important; } - .flex-md-column { - flex-direction: column !important; } - .flex-md-row-reverse { - flex-direction: row-reverse !important; } - .flex-md-column-reverse { - flex-direction: column-reverse !important; } - .flex-md-wrap { - flex-wrap: wrap !important; } - .flex-md-nowrap { - flex-wrap: nowrap !important; } - .flex-md-wrap-reverse { - flex-wrap: wrap-reverse !important; } - .justify-content-md-start { - justify-content: flex-start !important; } - .justify-content-md-end { - justify-content: flex-end !important; } - .justify-content-md-center { - justify-content: center !important; } - .justify-content-md-between { - justify-content: space-between !important; } - .justify-content-md-around { - justify-content: space-around !important; } - .align-items-md-start { - align-items: flex-start !important; } - .align-items-md-end { - align-items: flex-end !important; } - .align-items-md-center { - align-items: center !important; } - .align-items-md-baseline { - align-items: baseline !important; } - .align-items-md-stretch { - align-items: stretch !important; } - .align-content-md-start { - align-content: flex-start !important; } - .align-content-md-end { - align-content: flex-end !important; } - .align-content-md-center { - align-content: center !important; } - .align-content-md-between { - align-content: space-between !important; } - .align-content-md-around { - align-content: space-around !important; } - .align-content-md-stretch { - align-content: stretch !important; } - .align-self-md-auto { - align-self: auto !important; } - .align-self-md-start { - align-self: flex-start !important; } - .align-self-md-end { - align-self: flex-end !important; } - .align-self-md-center { - align-self: center !important; } - .align-self-md-baseline { - align-self: baseline !important; } - .align-self-md-stretch { - align-self: stretch !important; } } - -@media (min-width: 992px) { - .flex-lg-row { - flex-direction: row !important; } - .flex-lg-column { - flex-direction: column !important; } - .flex-lg-row-reverse { - flex-direction: row-reverse !important; } - .flex-lg-column-reverse { - flex-direction: column-reverse !important; } - .flex-lg-wrap { - flex-wrap: wrap !important; } - .flex-lg-nowrap { - flex-wrap: nowrap !important; } - .flex-lg-wrap-reverse { - flex-wrap: wrap-reverse !important; } - .justify-content-lg-start { - justify-content: flex-start !important; } - .justify-content-lg-end { - justify-content: flex-end !important; } - .justify-content-lg-center { - justify-content: center !important; } - .justify-content-lg-between { - justify-content: space-between !important; } - .justify-content-lg-around { - justify-content: space-around !important; } - .align-items-lg-start { - align-items: flex-start !important; } - .align-items-lg-end { - align-items: flex-end !important; } - .align-items-lg-center { - align-items: center !important; } - .align-items-lg-baseline { - align-items: baseline !important; } - .align-items-lg-stretch { - align-items: stretch !important; } - .align-content-lg-start { - align-content: flex-start !important; } - .align-content-lg-end { - align-content: flex-end !important; } - .align-content-lg-center { - align-content: center !important; } - .align-content-lg-between { - align-content: space-between !important; } - .align-content-lg-around { - align-content: space-around !important; } - .align-content-lg-stretch { - align-content: stretch !important; } - .align-self-lg-auto { - align-self: auto !important; } - .align-self-lg-start { - align-self: flex-start !important; } - .align-self-lg-end { - align-self: flex-end !important; } - .align-self-lg-center { - align-self: center !important; } - .align-self-lg-baseline { - align-self: baseline !important; } - .align-self-lg-stretch { - align-self: stretch !important; } } - -@media (min-width: 1200px) { - .flex-xl-row { - flex-direction: row !important; } - .flex-xl-column { - flex-direction: column !important; } - .flex-xl-row-reverse { - flex-direction: row-reverse !important; } - .flex-xl-column-reverse { - flex-direction: column-reverse !important; } - .flex-xl-wrap { - flex-wrap: wrap !important; } - .flex-xl-nowrap { - flex-wrap: nowrap !important; } - .flex-xl-wrap-reverse { - flex-wrap: wrap-reverse !important; } - .justify-content-xl-start { - justify-content: flex-start !important; } - .justify-content-xl-end { - justify-content: flex-end !important; } - .justify-content-xl-center { - justify-content: center !important; } - .justify-content-xl-between { - justify-content: space-between !important; } - .justify-content-xl-around { - justify-content: space-around !important; } - .align-items-xl-start { - align-items: flex-start !important; } - .align-items-xl-end { - align-items: flex-end !important; } - .align-items-xl-center { - align-items: center !important; } - .align-items-xl-baseline { - align-items: baseline !important; } - .align-items-xl-stretch { - align-items: stretch !important; } - .align-content-xl-start { - align-content: flex-start !important; } - .align-content-xl-end { - align-content: flex-end !important; } - .align-content-xl-center { - align-content: center !important; } - .align-content-xl-between { - align-content: space-between !important; } - .align-content-xl-around { - align-content: space-around !important; } - .align-content-xl-stretch { - align-content: stretch !important; } - .align-self-xl-auto { - align-self: auto !important; } - .align-self-xl-start { - align-self: flex-start !important; } - .align-self-xl-end { - align-self: flex-end !important; } - .align-self-xl-center { - align-self: center !important; } - .align-self-xl-baseline { - align-self: baseline !important; } - .align-self-xl-stretch { - align-self: stretch !important; } } - -.float-left { - float: left !important; } - -.float-right { - float: right !important; } - -.float-none { - float: none !important; } - -@media (min-width: 576px) { - .float-sm-left { - float: left !important; } - .float-sm-right { - float: right !important; } - .float-sm-none { - float: none !important; } } - -@media (min-width: 768px) { - .float-md-left { - float: left !important; } - .float-md-right { - float: right !important; } - .float-md-none { - float: none !important; } } - -@media (min-width: 992px) { - .float-lg-left { - float: left !important; } - .float-lg-right { - float: right !important; } - .float-lg-none { - float: none !important; } } - -@media (min-width: 1200px) { - .float-xl-left { - float: left !important; } - .float-xl-right { - float: right !important; } - .float-xl-none { - float: none !important; } } - -.fixed-top { - position: fixed; - top: 0; - right: 0; - left: 0; - z-index: 1030; } - -.fixed-bottom { - position: fixed; - right: 0; - bottom: 0; - left: 0; - z-index: 1030; } - -@supports (position: sticky) { - .sticky-top { - position: sticky; - top: 0; - z-index: 1020; } } - -.sr-only { - position: absolute; - width: 1px; - height: 1px; - padding: 0; - overflow: hidden; - clip: rect(0, 0, 0, 0); - white-space: nowrap; - clip-path: inset(50%); - border: 0; } - -.sr-only-focusable:active, .sr-only-focusable:focus { - position: static; - width: auto; - height: auto; - overflow: visible; - clip: auto; - white-space: normal; - clip-path: none; } - -.w-25 { - width: 25% !important; } - -.w-50 { - width: 50% !important; } - -.w-75 { - width: 75% !important; } - -.w-100 { - width: 100% !important; } - -.h-25 { - height: 25% !important; } - -.h-50 { - height: 50% !important; } - -.h-75 { - height: 75% !important; } - -.h-100 { - height: 100% !important; } - -.mw-100 { - max-width: 100% !important; } - -.mh-100 { - max-height: 100% !important; } - -.m-0 { - margin: 0 !important; } - -.mt-0 { - margin-top: 0 !important; } - -.mr-0 { - margin-right: 0 !important; } - -.mb-0 { - margin-bottom: 0 !important; } - -.ml-0 { - margin-left: 0 !important; } - -.mx-0 { - margin-right: 0 !important; - margin-left: 0 !important; } - -.my-0 { - margin-top: 0 !important; - margin-bottom: 0 !important; } - -.m-1 { - margin: 0.25rem !important; } - -.mt-1 { - margin-top: 0.25rem !important; } - -.mr-1 { - margin-right: 0.25rem !important; } - -.mb-1 { - margin-bottom: 0.25rem !important; } - -.ml-1 { - margin-left: 0.25rem !important; } - -.mx-1 { - margin-right: 0.25rem !important; - margin-left: 0.25rem !important; } - -.my-1 { - margin-top: 0.25rem !important; - margin-bottom: 0.25rem !important; } - -.m-2 { - margin: 0.5rem !important; } - -.mt-2 { - margin-top: 0.5rem !important; } - -.mr-2 { - margin-right: 0.5rem !important; } - -.mb-2 { - margin-bottom: 0.5rem !important; } - -.ml-2 { - margin-left: 0.5rem !important; } - -.mx-2 { - margin-right: 0.5rem !important; - margin-left: 0.5rem !important; } - -.my-2 { - margin-top: 0.5rem !important; - margin-bottom: 0.5rem !important; } - -.m-3 { - margin: 1rem !important; } - -.mt-3 { - margin-top: 1rem !important; } - -.mr-3 { - margin-right: 1rem !important; } - -.mb-3 { - margin-bottom: 1rem !important; } - -.ml-3 { - margin-left: 1rem !important; } - -.mx-3 { - margin-right: 1rem !important; - margin-left: 1rem !important; } - -.my-3 { - margin-top: 1rem !important; - margin-bottom: 1rem !important; } - -.m-4 { - margin: 1.5rem !important; } - -.mt-4 { - margin-top: 1.5rem !important; } - -.mr-4 { - margin-right: 1.5rem !important; } - -.mb-4 { - margin-bottom: 1.5rem !important; } - -.ml-4 { - margin-left: 1.5rem !important; } - -.mx-4 { - margin-right: 1.5rem !important; - margin-left: 1.5rem !important; } - -.my-4 { - margin-top: 1.5rem !important; - margin-bottom: 1.5rem !important; } - -.m-5 { - margin: 3rem !important; } - -.mt-5 { - margin-top: 3rem !important; } - -.mr-5 { - margin-right: 3rem !important; } - -.mb-5 { - margin-bottom: 3rem !important; } - -.ml-5 { - margin-left: 3rem !important; } - -.mx-5 { - margin-right: 3rem !important; - margin-left: 3rem !important; } - -.my-5 { - margin-top: 3rem !important; - margin-bottom: 3rem !important; } - -.p-0 { - padding: 0 !important; } - -.pt-0 { - padding-top: 0 !important; } - -.pr-0 { - padding-right: 0 !important; } - -.pb-0 { - padding-bottom: 0 !important; } - -.pl-0 { - padding-left: 0 !important; } - -.px-0 { - padding-right: 0 !important; - padding-left: 0 !important; } - -.py-0 { - padding-top: 0 !important; - padding-bottom: 0 !important; } - -.p-1 { - padding: 0.25rem !important; } - -.pt-1 { - padding-top: 0.25rem !important; } - -.pr-1 { - padding-right: 0.25rem !important; } - -.pb-1 { - padding-bottom: 0.25rem !important; } - -.pl-1 { - padding-left: 0.25rem !important; } - -.px-1 { - padding-right: 0.25rem !important; - padding-left: 0.25rem !important; } - -.py-1 { - padding-top: 0.25rem !important; - padding-bottom: 0.25rem !important; } - -.p-2 { - padding: 0.5rem !important; } - -.pt-2 { - padding-top: 0.5rem !important; } - -.pr-2 { - padding-right: 0.5rem !important; } - -.pb-2 { - padding-bottom: 0.5rem !important; } - -.pl-2 { - padding-left: 0.5rem !important; } - -.px-2 { - padding-right: 0.5rem !important; - padding-left: 0.5rem !important; } - -.py-2 { - padding-top: 0.5rem !important; - padding-bottom: 0.5rem !important; } - -.p-3 { - padding: 1rem !important; } - -.pt-3 { - padding-top: 1rem !important; } - -.pr-3 { - padding-right: 1rem !important; } - -.pb-3 { - padding-bottom: 1rem !important; } - -.pl-3 { - padding-left: 1rem !important; } - -.px-3 { - padding-right: 1rem !important; - padding-left: 1rem !important; } - -.py-3 { - padding-top: 1rem !important; - padding-bottom: 1rem !important; } - -.p-4 { - padding: 1.5rem !important; } - -.pt-4 { - padding-top: 1.5rem !important; } - -.pr-4 { - padding-right: 1.5rem !important; } - -.pb-4 { - padding-bottom: 1.5rem !important; } - -.pl-4 { - padding-left: 1.5rem !important; } - -.px-4 { - padding-right: 1.5rem !important; - padding-left: 1.5rem !important; } - -.py-4 { - padding-top: 1.5rem !important; - padding-bottom: 1.5rem !important; } - -.p-5 { - padding: 3rem !important; } - -.pt-5 { - padding-top: 3rem !important; } - -.pr-5 { - padding-right: 3rem !important; } - -.pb-5 { - padding-bottom: 3rem !important; } - -.pl-5 { - padding-left: 3rem !important; } - -.px-5 { - padding-right: 3rem !important; - padding-left: 3rem !important; } - -.py-5 { - padding-top: 3rem !important; - padding-bottom: 3rem !important; } - -.m-auto { - margin: auto !important; } - -.mt-auto { - margin-top: auto !important; } - -.mr-auto { - margin-right: auto !important; } - -.mb-auto { - margin-bottom: auto !important; } - -.ml-auto { - margin-left: auto !important; } - -.mx-auto { - margin-right: auto !important; - margin-left: auto !important; } - -.my-auto { - margin-top: auto !important; - margin-bottom: auto !important; } - -@media (min-width: 576px) { - .m-sm-0 { - margin: 0 !important; } - .mt-sm-0 { - margin-top: 0 !important; } - .mr-sm-0 { - margin-right: 0 !important; } - .mb-sm-0 { - margin-bottom: 0 !important; } - .ml-sm-0 { - margin-left: 0 !important; } - .mx-sm-0 { - margin-right: 0 !important; - margin-left: 0 !important; } - .my-sm-0 { - margin-top: 0 !important; - margin-bottom: 0 !important; } - .m-sm-1 { - margin: 0.25rem !important; } - .mt-sm-1 { - margin-top: 0.25rem !important; } - .mr-sm-1 { - margin-right: 0.25rem !important; } - .mb-sm-1 { - margin-bottom: 0.25rem !important; } - .ml-sm-1 { - margin-left: 0.25rem !important; } - .mx-sm-1 { - margin-right: 0.25rem !important; - margin-left: 0.25rem !important; } - .my-sm-1 { - margin-top: 0.25rem !important; - margin-bottom: 0.25rem !important; } - .m-sm-2 { - margin: 0.5rem !important; } - .mt-sm-2 { - margin-top: 0.5rem !important; } - .mr-sm-2 { - margin-right: 0.5rem !important; } - .mb-sm-2 { - margin-bottom: 0.5rem !important; } - .ml-sm-2 { - margin-left: 0.5rem !important; } - .mx-sm-2 { - margin-right: 0.5rem !important; - margin-left: 0.5rem !important; } - .my-sm-2 { - margin-top: 0.5rem !important; - margin-bottom: 0.5rem !important; } - .m-sm-3 { - margin: 1rem !important; } - .mt-sm-3 { - margin-top: 1rem !important; } - .mr-sm-3 { - margin-right: 1rem !important; } - .mb-sm-3 { - margin-bottom: 1rem !important; } - .ml-sm-3 { - margin-left: 1rem !important; } - .mx-sm-3 { - margin-right: 1rem !important; - margin-left: 1rem !important; } - .my-sm-3 { - margin-top: 1rem !important; - margin-bottom: 1rem !important; } - .m-sm-4 { - margin: 1.5rem !important; } - .mt-sm-4 { - margin-top: 1.5rem !important; } - .mr-sm-4 { - margin-right: 1.5rem !important; } - .mb-sm-4 { - margin-bottom: 1.5rem !important; } - .ml-sm-4 { - margin-left: 1.5rem !important; } - .mx-sm-4 { - margin-right: 1.5rem !important; - margin-left: 1.5rem !important; } - .my-sm-4 { - margin-top: 1.5rem !important; - margin-bottom: 1.5rem !important; } - .m-sm-5 { - margin: 3rem !important; } - .mt-sm-5 { - margin-top: 3rem !important; } - .mr-sm-5 { - margin-right: 3rem !important; } - .mb-sm-5 { - margin-bottom: 3rem !important; } - .ml-sm-5 { - margin-left: 3rem !important; } - .mx-sm-5 { - margin-right: 3rem !important; - margin-left: 3rem !important; } - .my-sm-5 { - margin-top: 3rem !important; - margin-bottom: 3rem !important; } - .p-sm-0 { - padding: 0 !important; } - .pt-sm-0 { - padding-top: 0 !important; } - .pr-sm-0 { - padding-right: 0 !important; } - .pb-sm-0 { - padding-bottom: 0 !important; } - .pl-sm-0 { - padding-left: 0 !important; } - .px-sm-0 { - padding-right: 0 !important; - padding-left: 0 !important; } - .py-sm-0 { - padding-top: 0 !important; - padding-bottom: 0 !important; } - .p-sm-1 { - padding: 0.25rem !important; } - .pt-sm-1 { - padding-top: 0.25rem !important; } - .pr-sm-1 { - padding-right: 0.25rem !important; } - .pb-sm-1 { - padding-bottom: 0.25rem !important; } - .pl-sm-1 { - padding-left: 0.25rem !important; } - .px-sm-1 { - padding-right: 0.25rem !important; - padding-left: 0.25rem !important; } - .py-sm-1 { - padding-top: 0.25rem !important; - padding-bottom: 0.25rem !important; } - .p-sm-2 { - padding: 0.5rem !important; } - .pt-sm-2 { - padding-top: 0.5rem !important; } - .pr-sm-2 { - padding-right: 0.5rem !important; } - .pb-sm-2 { - padding-bottom: 0.5rem !important; } - .pl-sm-2 { - padding-left: 0.5rem !important; } - .px-sm-2 { - padding-right: 0.5rem !important; - padding-left: 0.5rem !important; } - .py-sm-2 { - padding-top: 0.5rem !important; - padding-bottom: 0.5rem !important; } - .p-sm-3 { - padding: 1rem !important; } - .pt-sm-3 { - padding-top: 1rem !important; } - .pr-sm-3 { - padding-right: 1rem !important; } - .pb-sm-3 { - padding-bottom: 1rem !important; } - .pl-sm-3 { - padding-left: 1rem !important; } - .px-sm-3 { - padding-right: 1rem !important; - padding-left: 1rem !important; } - .py-sm-3 { - padding-top: 1rem !important; - padding-bottom: 1rem !important; } - .p-sm-4 { - padding: 1.5rem !important; } - .pt-sm-4 { - padding-top: 1.5rem !important; } - .pr-sm-4 { - padding-right: 1.5rem !important; } - .pb-sm-4 { - padding-bottom: 1.5rem !important; } - .pl-sm-4 { - padding-left: 1.5rem !important; } - .px-sm-4 { - padding-right: 1.5rem !important; - padding-left: 1.5rem !important; } - .py-sm-4 { - padding-top: 1.5rem !important; - padding-bottom: 1.5rem !important; } - .p-sm-5 { - padding: 3rem !important; } - .pt-sm-5 { - padding-top: 3rem !important; } - .pr-sm-5 { - padding-right: 3rem !important; } - .pb-sm-5 { - padding-bottom: 3rem !important; } - .pl-sm-5 { - padding-left: 3rem !important; } - .px-sm-5 { - padding-right: 3rem !important; - padding-left: 3rem !important; } - .py-sm-5 { - padding-top: 3rem !important; - padding-bottom: 3rem !important; } - .m-sm-auto { - margin: auto !important; } - .mt-sm-auto { - margin-top: auto !important; } - .mr-sm-auto { - margin-right: auto !important; } - .mb-sm-auto { - margin-bottom: auto !important; } - .ml-sm-auto { - margin-left: auto !important; } - .mx-sm-auto { - margin-right: auto !important; - margin-left: auto !important; } - .my-sm-auto { - margin-top: auto !important; - margin-bottom: auto !important; } } - -@media (min-width: 768px) { - .m-md-0 { - margin: 0 !important; } - .mt-md-0 { - margin-top: 0 !important; } - .mr-md-0 { - margin-right: 0 !important; } - .mb-md-0 { - margin-bottom: 0 !important; } - .ml-md-0 { - margin-left: 0 !important; } - .mx-md-0 { - margin-right: 0 !important; - margin-left: 0 !important; } - .my-md-0 { - margin-top: 0 !important; - margin-bottom: 0 !important; } - .m-md-1 { - margin: 0.25rem !important; } - .mt-md-1 { - margin-top: 0.25rem !important; } - .mr-md-1 { - margin-right: 0.25rem !important; } - .mb-md-1 { - margin-bottom: 0.25rem !important; } - .ml-md-1 { - margin-left: 0.25rem !important; } - .mx-md-1 { - margin-right: 0.25rem !important; - margin-left: 0.25rem !important; } - .my-md-1 { - margin-top: 0.25rem !important; - margin-bottom: 0.25rem !important; } - .m-md-2 { - margin: 0.5rem !important; } - .mt-md-2 { - margin-top: 0.5rem !important; } - .mr-md-2 { - margin-right: 0.5rem !important; } - .mb-md-2 { - margin-bottom: 0.5rem !important; } - .ml-md-2 { - margin-left: 0.5rem !important; } - .mx-md-2 { - margin-right: 0.5rem !important; - margin-left: 0.5rem !important; } - .my-md-2 { - margin-top: 0.5rem !important; - margin-bottom: 0.5rem !important; } - .m-md-3 { - margin: 1rem !important; } - .mt-md-3 { - margin-top: 1rem !important; } - .mr-md-3 { - margin-right: 1rem !important; } - .mb-md-3 { - margin-bottom: 1rem !important; } - .ml-md-3 { - margin-left: 1rem !important; } - .mx-md-3 { - margin-right: 1rem !important; - margin-left: 1rem !important; } - .my-md-3 { - margin-top: 1rem !important; - margin-bottom: 1rem !important; } - .m-md-4 { - margin: 1.5rem !important; } - .mt-md-4 { - margin-top: 1.5rem !important; } - .mr-md-4 { - margin-right: 1.5rem !important; } - .mb-md-4 { - margin-bottom: 1.5rem !important; } - .ml-md-4 { - margin-left: 1.5rem !important; } - .mx-md-4 { - margin-right: 1.5rem !important; - margin-left: 1.5rem !important; } - .my-md-4 { - margin-top: 1.5rem !important; - margin-bottom: 1.5rem !important; } - .m-md-5 { - margin: 3rem !important; } - .mt-md-5 { - margin-top: 3rem !important; } - .mr-md-5 { - margin-right: 3rem !important; } - .mb-md-5 { - margin-bottom: 3rem !important; } - .ml-md-5 { - margin-left: 3rem !important; } - .mx-md-5 { - margin-right: 3rem !important; - margin-left: 3rem !important; } - .my-md-5 { - margin-top: 3rem !important; - margin-bottom: 3rem !important; } - .p-md-0 { - padding: 0 !important; } - .pt-md-0 { - padding-top: 0 !important; } - .pr-md-0 { - padding-right: 0 !important; } - .pb-md-0 { - padding-bottom: 0 !important; } - .pl-md-0 { - padding-left: 0 !important; } - .px-md-0 { - padding-right: 0 !important; - padding-left: 0 !important; } - .py-md-0 { - padding-top: 0 !important; - padding-bottom: 0 !important; } - .p-md-1 { - padding: 0.25rem !important; } - .pt-md-1 { - padding-top: 0.25rem !important; } - .pr-md-1 { - padding-right: 0.25rem !important; } - .pb-md-1 { - padding-bottom: 0.25rem !important; } - .pl-md-1 { - padding-left: 0.25rem !important; } - .px-md-1 { - padding-right: 0.25rem !important; - padding-left: 0.25rem !important; } - .py-md-1 { - padding-top: 0.25rem !important; - padding-bottom: 0.25rem !important; } - .p-md-2 { - padding: 0.5rem !important; } - .pt-md-2 { - padding-top: 0.5rem !important; } - .pr-md-2 { - padding-right: 0.5rem !important; } - .pb-md-2 { - padding-bottom: 0.5rem !important; } - .pl-md-2 { - padding-left: 0.5rem !important; } - .px-md-2 { - padding-right: 0.5rem !important; - padding-left: 0.5rem !important; } - .py-md-2 { - padding-top: 0.5rem !important; - padding-bottom: 0.5rem !important; } - .p-md-3 { - padding: 1rem !important; } - .pt-md-3 { - padding-top: 1rem !important; } - .pr-md-3 { - padding-right: 1rem !important; } - .pb-md-3 { - padding-bottom: 1rem !important; } - .pl-md-3 { - padding-left: 1rem !important; } - .px-md-3 { - padding-right: 1rem !important; - padding-left: 1rem !important; } - .py-md-3 { - padding-top: 1rem !important; - padding-bottom: 1rem !important; } - .p-md-4 { - padding: 1.5rem !important; } - .pt-md-4 { - padding-top: 1.5rem !important; } - .pr-md-4 { - padding-right: 1.5rem !important; } - .pb-md-4 { - padding-bottom: 1.5rem !important; } - .pl-md-4 { - padding-left: 1.5rem !important; } - .px-md-4 { - padding-right: 1.5rem !important; - padding-left: 1.5rem !important; } - .py-md-4 { - padding-top: 1.5rem !important; - padding-bottom: 1.5rem !important; } - .p-md-5 { - padding: 3rem !important; } - .pt-md-5 { - padding-top: 3rem !important; } - .pr-md-5 { - padding-right: 3rem !important; } - .pb-md-5 { - padding-bottom: 3rem !important; } - .pl-md-5 { - padding-left: 3rem !important; } - .px-md-5 { - padding-right: 3rem !important; - padding-left: 3rem !important; } - .py-md-5 { - padding-top: 3rem !important; - padding-bottom: 3rem !important; } - .m-md-auto { - margin: auto !important; } - .mt-md-auto { - margin-top: auto !important; } - .mr-md-auto { - margin-right: auto !important; } - .mb-md-auto { - margin-bottom: auto !important; } - .ml-md-auto { - margin-left: auto !important; } - .mx-md-auto { - margin-right: auto !important; - margin-left: auto !important; } - .my-md-auto { - margin-top: auto !important; - margin-bottom: auto !important; } } - -@media (min-width: 992px) { - .m-lg-0 { - margin: 0 !important; } - .mt-lg-0 { - margin-top: 0 !important; } - .mr-lg-0 { - margin-right: 0 !important; } - .mb-lg-0 { - margin-bottom: 0 !important; } - .ml-lg-0 { - margin-left: 0 !important; } - .mx-lg-0 { - margin-right: 0 !important; - margin-left: 0 !important; } - .my-lg-0 { - margin-top: 0 !important; - margin-bottom: 0 !important; } - .m-lg-1 { - margin: 0.25rem !important; } - .mt-lg-1 { - margin-top: 0.25rem !important; } - .mr-lg-1 { - margin-right: 0.25rem !important; } - .mb-lg-1 { - margin-bottom: 0.25rem !important; } - .ml-lg-1 { - margin-left: 0.25rem !important; } - .mx-lg-1 { - margin-right: 0.25rem !important; - margin-left: 0.25rem !important; } - .my-lg-1 { - margin-top: 0.25rem !important; - margin-bottom: 0.25rem !important; } - .m-lg-2 { - margin: 0.5rem !important; } - .mt-lg-2 { - margin-top: 0.5rem !important; } - .mr-lg-2 { - margin-right: 0.5rem !important; } - .mb-lg-2 { - margin-bottom: 0.5rem !important; } - .ml-lg-2 { - margin-left: 0.5rem !important; } - .mx-lg-2 { - margin-right: 0.5rem !important; - margin-left: 0.5rem !important; } - .my-lg-2 { - margin-top: 0.5rem !important; - margin-bottom: 0.5rem !important; } - .m-lg-3 { - margin: 1rem !important; } - .mt-lg-3 { - margin-top: 1rem !important; } - .mr-lg-3 { - margin-right: 1rem !important; } - .mb-lg-3 { - margin-bottom: 1rem !important; } - .ml-lg-3 { - margin-left: 1rem !important; } - .mx-lg-3 { - margin-right: 1rem !important; - margin-left: 1rem !important; } - .my-lg-3 { - margin-top: 1rem !important; - margin-bottom: 1rem !important; } - .m-lg-4 { - margin: 1.5rem !important; } - .mt-lg-4 { - margin-top: 1.5rem !important; } - .mr-lg-4 { - margin-right: 1.5rem !important; } - .mb-lg-4 { - margin-bottom: 1.5rem !important; } - .ml-lg-4 { - margin-left: 1.5rem !important; } - .mx-lg-4 { - margin-right: 1.5rem !important; - margin-left: 1.5rem !important; } - .my-lg-4 { - margin-top: 1.5rem !important; - margin-bottom: 1.5rem !important; } - .m-lg-5 { - margin: 3rem !important; } - .mt-lg-5 { - margin-top: 3rem !important; } - .mr-lg-5 { - margin-right: 3rem !important; } - .mb-lg-5 { - margin-bottom: 3rem !important; } - .ml-lg-5 { - margin-left: 3rem !important; } - .mx-lg-5 { - margin-right: 3rem !important; - margin-left: 3rem !important; } - .my-lg-5 { - margin-top: 3rem !important; - margin-bottom: 3rem !important; } - .p-lg-0 { - padding: 0 !important; } - .pt-lg-0 { - padding-top: 0 !important; } - .pr-lg-0 { - padding-right: 0 !important; } - .pb-lg-0 { - padding-bottom: 0 !important; } - .pl-lg-0 { - padding-left: 0 !important; } - .px-lg-0 { - padding-right: 0 !important; - padding-left: 0 !important; } - .py-lg-0 { - padding-top: 0 !important; - padding-bottom: 0 !important; } - .p-lg-1 { - padding: 0.25rem !important; } - .pt-lg-1 { - padding-top: 0.25rem !important; } - .pr-lg-1 { - padding-right: 0.25rem !important; } - .pb-lg-1 { - padding-bottom: 0.25rem !important; } - .pl-lg-1 { - padding-left: 0.25rem !important; } - .px-lg-1 { - padding-right: 0.25rem !important; - padding-left: 0.25rem !important; } - .py-lg-1 { - padding-top: 0.25rem !important; - padding-bottom: 0.25rem !important; } - .p-lg-2 { - padding: 0.5rem !important; } - .pt-lg-2 { - padding-top: 0.5rem !important; } - .pr-lg-2 { - padding-right: 0.5rem !important; } - .pb-lg-2 { - padding-bottom: 0.5rem !important; } - .pl-lg-2 { - padding-left: 0.5rem !important; } - .px-lg-2 { - padding-right: 0.5rem !important; - padding-left: 0.5rem !important; } - .py-lg-2 { - padding-top: 0.5rem !important; - padding-bottom: 0.5rem !important; } - .p-lg-3 { - padding: 1rem !important; } - .pt-lg-3 { - padding-top: 1rem !important; } - .pr-lg-3 { - padding-right: 1rem !important; } - .pb-lg-3 { - padding-bottom: 1rem !important; } - .pl-lg-3 { - padding-left: 1rem !important; } - .px-lg-3 { - padding-right: 1rem !important; - padding-left: 1rem !important; } - .py-lg-3 { - padding-top: 1rem !important; - padding-bottom: 1rem !important; } - .p-lg-4 { - padding: 1.5rem !important; } - .pt-lg-4 { - padding-top: 1.5rem !important; } - .pr-lg-4 { - padding-right: 1.5rem !important; } - .pb-lg-4 { - padding-bottom: 1.5rem !important; } - .pl-lg-4 { - padding-left: 1.5rem !important; } - .px-lg-4 { - padding-right: 1.5rem !important; - padding-left: 1.5rem !important; } - .py-lg-4 { - padding-top: 1.5rem !important; - padding-bottom: 1.5rem !important; } - .p-lg-5 { - padding: 3rem !important; } - .pt-lg-5 { - padding-top: 3rem !important; } - .pr-lg-5 { - padding-right: 3rem !important; } - .pb-lg-5 { - padding-bottom: 3rem !important; } - .pl-lg-5 { - padding-left: 3rem !important; } - .px-lg-5 { - padding-right: 3rem !important; - padding-left: 3rem !important; } - .py-lg-5 { - padding-top: 3rem !important; - padding-bottom: 3rem !important; } - .m-lg-auto { - margin: auto !important; } - .mt-lg-auto { - margin-top: auto !important; } - .mr-lg-auto { - margin-right: auto !important; } - .mb-lg-auto { - margin-bottom: auto !important; } - .ml-lg-auto { - margin-left: auto !important; } - .mx-lg-auto { - margin-right: auto !important; - margin-left: auto !important; } - .my-lg-auto { - margin-top: auto !important; - margin-bottom: auto !important; } } - -@media (min-width: 1200px) { - .m-xl-0 { - margin: 0 !important; } - .mt-xl-0 { - margin-top: 0 !important; } - .mr-xl-0 { - margin-right: 0 !important; } - .mb-xl-0 { - margin-bottom: 0 !important; } - .ml-xl-0 { - margin-left: 0 !important; } - .mx-xl-0 { - margin-right: 0 !important; - margin-left: 0 !important; } - .my-xl-0 { - margin-top: 0 !important; - margin-bottom: 0 !important; } - .m-xl-1 { - margin: 0.25rem !important; } - .mt-xl-1 { - margin-top: 0.25rem !important; } - .mr-xl-1 { - margin-right: 0.25rem !important; } - .mb-xl-1 { - margin-bottom: 0.25rem !important; } - .ml-xl-1 { - margin-left: 0.25rem !important; } - .mx-xl-1 { - margin-right: 0.25rem !important; - margin-left: 0.25rem !important; } - .my-xl-1 { - margin-top: 0.25rem !important; - margin-bottom: 0.25rem !important; } - .m-xl-2 { - margin: 0.5rem !important; } - .mt-xl-2 { - margin-top: 0.5rem !important; } - .mr-xl-2 { - margin-right: 0.5rem !important; } - .mb-xl-2 { - margin-bottom: 0.5rem !important; } - .ml-xl-2 { - margin-left: 0.5rem !important; } - .mx-xl-2 { - margin-right: 0.5rem !important; - margin-left: 0.5rem !important; } - .my-xl-2 { - margin-top: 0.5rem !important; - margin-bottom: 0.5rem !important; } - .m-xl-3 { - margin: 1rem !important; } - .mt-xl-3 { - margin-top: 1rem !important; } - .mr-xl-3 { - margin-right: 1rem !important; } - .mb-xl-3 { - margin-bottom: 1rem !important; } - .ml-xl-3 { - margin-left: 1rem !important; } - .mx-xl-3 { - margin-right: 1rem !important; - margin-left: 1rem !important; } - .my-xl-3 { - margin-top: 1rem !important; - margin-bottom: 1rem !important; } - .m-xl-4 { - margin: 1.5rem !important; } - .mt-xl-4 { - margin-top: 1.5rem !important; } - .mr-xl-4 { - margin-right: 1.5rem !important; } - .mb-xl-4 { - margin-bottom: 1.5rem !important; } - .ml-xl-4 { - margin-left: 1.5rem !important; } - .mx-xl-4 { - margin-right: 1.5rem !important; - margin-left: 1.5rem !important; } - .my-xl-4 { - margin-top: 1.5rem !important; - margin-bottom: 1.5rem !important; } - .m-xl-5 { - margin: 3rem !important; } - .mt-xl-5 { - margin-top: 3rem !important; } - .mr-xl-5 { - margin-right: 3rem !important; } - .mb-xl-5 { - margin-bottom: 3rem !important; } - .ml-xl-5 { - margin-left: 3rem !important; } - .mx-xl-5 { - margin-right: 3rem !important; - margin-left: 3rem !important; } - .my-xl-5 { - margin-top: 3rem !important; - margin-bottom: 3rem !important; } - .p-xl-0 { - padding: 0 !important; } - .pt-xl-0 { - padding-top: 0 !important; } - .pr-xl-0 { - padding-right: 0 !important; } - .pb-xl-0 { - padding-bottom: 0 !important; } - .pl-xl-0 { - padding-left: 0 !important; } - .px-xl-0 { - padding-right: 0 !important; - padding-left: 0 !important; } - .py-xl-0 { - padding-top: 0 !important; - padding-bottom: 0 !important; } - .p-xl-1 { - padding: 0.25rem !important; } - .pt-xl-1 { - padding-top: 0.25rem !important; } - .pr-xl-1 { - padding-right: 0.25rem !important; } - .pb-xl-1 { - padding-bottom: 0.25rem !important; } - .pl-xl-1 { - padding-left: 0.25rem !important; } - .px-xl-1 { - padding-right: 0.25rem !important; - padding-left: 0.25rem !important; } - .py-xl-1 { - padding-top: 0.25rem !important; - padding-bottom: 0.25rem !important; } - .p-xl-2 { - padding: 0.5rem !important; } - .pt-xl-2 { - padding-top: 0.5rem !important; } - .pr-xl-2 { - padding-right: 0.5rem !important; } - .pb-xl-2 { - padding-bottom: 0.5rem !important; } - .pl-xl-2 { - padding-left: 0.5rem !important; } - .px-xl-2 { - padding-right: 0.5rem !important; - padding-left: 0.5rem !important; } - .py-xl-2 { - padding-top: 0.5rem !important; - padding-bottom: 0.5rem !important; } - .p-xl-3 { - padding: 1rem !important; } - .pt-xl-3 { - padding-top: 1rem !important; } - .pr-xl-3 { - padding-right: 1rem !important; } - .pb-xl-3 { - padding-bottom: 1rem !important; } - .pl-xl-3 { - padding-left: 1rem !important; } - .px-xl-3 { - padding-right: 1rem !important; - padding-left: 1rem !important; } - .py-xl-3 { - padding-top: 1rem !important; - padding-bottom: 1rem !important; } - .p-xl-4 { - padding: 1.5rem !important; } - .pt-xl-4 { - padding-top: 1.5rem !important; } - .pr-xl-4 { - padding-right: 1.5rem !important; } - .pb-xl-4 { - padding-bottom: 1.5rem !important; } - .pl-xl-4 { - padding-left: 1.5rem !important; } - .px-xl-4 { - padding-right: 1.5rem !important; - padding-left: 1.5rem !important; } - .py-xl-4 { - padding-top: 1.5rem !important; - padding-bottom: 1.5rem !important; } - .p-xl-5 { - padding: 3rem !important; } - .pt-xl-5 { - padding-top: 3rem !important; } - .pr-xl-5 { - padding-right: 3rem !important; } - .pb-xl-5 { - padding-bottom: 3rem !important; } - .pl-xl-5 { - padding-left: 3rem !important; } - .px-xl-5 { - padding-right: 3rem !important; - padding-left: 3rem !important; } - .py-xl-5 { - padding-top: 3rem !important; - padding-bottom: 3rem !important; } - .m-xl-auto { - margin: auto !important; } - .mt-xl-auto { - margin-top: auto !important; } - .mr-xl-auto { - margin-right: auto !important; } - .mb-xl-auto { - margin-bottom: auto !important; } - .ml-xl-auto { - margin-left: auto !important; } - .mx-xl-auto { - margin-right: auto !important; - margin-left: auto !important; } - .my-xl-auto { - margin-top: auto !important; - margin-bottom: auto !important; } } - -.text-justify { - text-align: justify !important; } - -.text-nowrap { - white-space: nowrap !important; } - -.text-truncate { - overflow: hidden; - text-overflow: ellipsis; - white-space: nowrap; } - -.text-left { - text-align: left !important; } - -.text-right { - text-align: right !important; } - -.text-center { - text-align: center !important; } - -@media (min-width: 576px) { - .text-sm-left { - text-align: left !important; } - .text-sm-right { - text-align: right !important; } - .text-sm-center { - text-align: center !important; } } - -@media (min-width: 768px) { - .text-md-left { - text-align: left !important; } - .text-md-right { - text-align: right !important; } - .text-md-center { - text-align: center !important; } } - -@media (min-width: 992px) { - .text-lg-left { - text-align: left !important; } - .text-lg-right { - text-align: right !important; } - .text-lg-center { - text-align: center !important; } } - -@media (min-width: 1200px) { - .text-xl-left { - text-align: left !important; } - .text-xl-right { - text-align: right !important; } - .text-xl-center { - text-align: center !important; } } - -.text-lowercase { - text-transform: lowercase !important; } - -.text-uppercase { - text-transform: uppercase !important; } - -.text-capitalize { - text-transform: capitalize !important; } - -.font-weight-normal { - font-weight: normal; } - -.font-weight-bold { - font-weight: bold; } - -.font-italic { - font-style: italic; } - -.text-white { - color: #fff !important; } - -.text-primary { - color: #3c6eb4 !important; } - -a.text-primary:focus, a.text-primary:hover { - color: #2f578e !important; } - -.text-secondary { - color: #868e96 !important; } - -a.text-secondary:focus, a.text-secondary:hover { - color: #6c757d !important; } - -.text-success { - color: #28a745 !important; } - -a.text-success:focus, a.text-success:hover { - color: #1e7e34 !important; } - -.text-info { - color: #17a2b8 !important; } - -a.text-info:focus, a.text-info:hover { - color: #117a8b !important; } - -.text-warning { - color: #ffc107 !important; } - -a.text-warning:focus, a.text-warning:hover { - color: #d39e00 !important; } - -.text-danger { - color: #dc3545 !important; } - -a.text-danger:focus, a.text-danger:hover { - color: #bd2130 !important; } - -.text-light { - color: #f8f9fa !important; } - -a.text-light:focus, a.text-light:hover { - color: #dae0e5 !important; } - -.text-dark { - color: #343a40 !important; } - -a.text-dark:focus, a.text-dark:hover { - color: #1d2124 !important; } - -.text-muted { - color: #868e96 !important; } - -.text-hide { - font: 0/0 a; - color: transparent; - text-shadow: none; - background-color: transparent; - border: 0; } - -.visible { - visibility: visible !important; } - -.invisible { - visibility: hidden !important; } - -.container-narrow { - margin-right: auto; - margin-left: auto; - padding-right: 15px; - padding-left: 15px; - width: 100%; } - @media (min-width: 576px) { - .container-narrow { - max-width: 34rem; } } - @media (min-width: 768px) { - .container-narrow { - max-width: 45rem; } } - @media (min-width: 992px) { - .container-narrow { - max-width: 45rem; } } - @media (min-width: 1200px) { - .container-narrow { - max-width: 45rem; } } - -/*------------------------------------* #LISTS -\*------------------------------------*/ -/** - * Inline list - */ -.inline-list li { - display: inline-block; } - -/** - * Social list - */ -.social-list li { - margin: 0 0.4rem 1em 0; } - -.social-list a { - font-size: 1.6em; } - -/** - * Headline list - */ -.headline-list { - margin-bottom: 1em; } - .headline-list.flush { - margin: 0; } - .headline-list h4 { - font-weight: normal; } - .headline-list li { - padding: 1em/4 0; - border-top: 1px solid #d5d5d5; } - -/** - * Post list - */ -.post-list li { - margin-bottom: 1em; } - -/** - * Bullet list - */ -.bullet-list { - list-style: square; - margin: 0 0 1em 1.2em; - line-height: 1.3; } - .bullet-list li { - margin-bottom: 1em; } - -/** - * Text list - */ -.text-list { - margin: 0 0 1em; - line-height: 1.3; } - .text-list li { - margin-bottom: 1em; } - -/** - * Media List - */ -.c-media-list__item { - margin-bottom: 1.5em; } - -/** - * Tile list - */ -.c-tile-list { - display: flex; - flex-direction: column; } - @media all and (min-width: 55rem) { - .c-tile-list { - flex-direction: row; - flex-wrap: wrap; } } - -/** - * Tile list item - */ -.c-tile-list__item { - width: 100%; - margin-bottom: 1em; - position: relative; } - .c-tile-list__item:nth-child(2n) { - padding-right: 0; } - @media all and (min-width: 55rem) { - .c-tile-list__item { - width: 50%; - margin: 0; - padding: 0 1em 1em 0; } } - -/** Thumbnail list - * - */ -.c-thumbnail-list li { - margin-bottom: 1.5em; } - -.c-thumbnail-list .c-block-media__media { - width: 80px; } - -.c-thumbnail-list .c-block-media__headline { - text-transform: none !important; - font-size: 1.5em; } - -/** - * Color bars list - */ -.c-color-bars-list li { - max-width: 480px; - position: relative; - height: 80px; - padding-top: 15px; - padding-left: 20px; - border: 1px solid #d5d5d5; - border-top: 0; - color: #55595c; - font-size: 1.3rem; - font-weight: bold; } - .c-color-bars-list li:first-child { - border-top: 1px solid #d5d5d5; } - .c-color-bars-list li.cur { - height: 120px; } - .c-color-bars-list li.cur:before { - position: absolute; - height: 100%; - width: 10px; - bottom: 0px; - left: 0px; - content: ""; - background: #3c6eb4; } - .c-color-bars-list li.prev:before { - position: absolute; - height: 100%; - width: 10px; - bottom: 0px; - left: 0px; - content: ""; - background: #79db32; } - .c-color-bars-list li.old { - color: #d5d5d5; } - -/** - * Ticket list - */ -.c-ticket-list { - max-width: 480px; } - .c-ticket-list li { - border: 1px solid #d5d5d5; - border-top: 0; - padding: 15px 20px; - color: #808080; } - .c-ticket-list:first-child { - border-top: 1px solid #d5d5d5; } - .c-ticket-list .list-item-title, .c-ticket-list .list-item-data { - float: left; } - .c-ticket-list .list-item-title { - border-radius: 20px; - padding: 4px 10px; - background: #808080; - color: white; - font-size: 1.2rem; - font-weight: bold; } - .c-ticket-list .origin { - float: right; - margin-top: 3px; } - .c-ticket-list .origin p { - display: inline-block; - margin-right: 2px; } - .c-ticket-list .origin img { - margin-bottom: 5px; } - .c-ticket-list .c-widget-action-btn.btn { - float: right; - padding: 3px 15px; } - .c-ticket-list .c-widget-action-btn.btn img { - display: block; } - .c-ticket-list .list-subheader { - font-size: 1.2rem; - font-weight: bold; } - .c-ticket-list .list-item-info, .c-ticket-list .list-item-data { - margin: 0; - font-size: 1.2rem; } - -.nav-underline .nav-item.active, .nav-underline .nav-item.active:hover { - box-shadow: 0px -3px 0 0 #3c6eb4 inset; } - .nav-underline .nav-item.active .nav-link, .nav-underline .nav-item.active:hover .nav-link { - color: #3c6eb4; } - -.nav-underline li:hover { - box-shadow: 0px -3px 0 0 #ddd inset; } - -.nav-underline li { - padding-top: 0.2rem; - padding-bottom: 0.2rem; } - -.navbar-underline { - background-color: #d5d5d5; - border-top: 1px solid #c8c8c8; } - -pre { - background-color: #fdf6e3; - padding: 1rem; } - -.table-expand-col { - min-width: 100%; } - -body { - background-color: #495057; } - -/*.card-success { - @include alert-variant($alert-success-bg, $alert-success-border, $alert-success-text); - .card-header{ - background-color:darken($alert-success-bg, 5%); - border-bottom:1px solid darken($alert-success-bg, 10%) - } -} - -.card-info { - @include alert-variant($alert-info-bg, $alert-info-border, $alert-info-text); - .card-header{ - background-color:darken($alert-info-bg, 5%); - border-bottom:1px solid darken($alert-info-bg, 10%) - } -} - -.card-primary { - @include alert-variant($alert-info-bg, $alert-info-border, $alert-info-text); - .card-header{ - background-color:darken($alert-info-bg, 5%); - border-bottom:1px solid darken($alert-info-bg, 10%) - } -} - -.card-warning { - @include alert-variant($alert-warning-bg, $alert-warning-border, $alert-warning-text); - .card-header{ - background-color:darken($alert-warning-bg, 5%); - border-bottom:1px solid darken($alert-warning-bg, 10%) - } -} - -.card-danger { - @include alert-variant($alert-danger-bg, $alert-danger-border, $alert-danger-text); - .card-header{ - background-color:darken($alert-danger-bg, 5%); - border-bottom:1px solid darken($alert-danger-bg, 10%) - } -}*/ -.modal-header { - background-color: #eceeef; } - -.modal-footer { - border-top: 0px !important; } - -.modal h4 { - text-transform: none !important; } - -.modal-card { - background-color: #d5d5d5; - padding: 15px; } - -.modal-body h4 { - font-weight: 600 !important; } - -/** TODO - -* work with inkscape design and get .c-widget-header h5 style overrides matching it better -* fine-tune positioning of c-widget-header-btns - -**/ -/** - * Widget header - */ -.c-widget-header.card-header { - padding: 10px 10px 5px 10px; - max-width: 480px; - border: 1px solid #d5d5d5; - border-radius: 0 !important; - background: #f7f7f9; } - -.c-widget-header h6 { - font-family: "Open Sans"; - font-size: 1.3rem; - font-weight: normal; } - -.c-widget-header-btn { - margin-top: -29px; - float: right; } - -/** - * Widget action button - */ -.c-widget-action-btn.btn { - padding: 5px 10px; - color: #a07cbc; - font-weight: bold; } - .c-widget-action-btn.btn:hover, .c-widget-action-btn.btn:focus, .c-widget-action-btn.btn:active, .c-widget-action-btn.btn:active:focus { - color: #a07cbc; } - -/** - * Widget view more button - */ -.c-widget-view-more-btn button { - padding: 0px; - margin-right: 5px; - color: #808080; - font-size: 1.2rem; } - .c-widget-view-more-btn button:hover, .c-widget-view-more-btn button:focus { - color: #55595c; } - -.c-widget-view-more-btn img { - margin-top: 2px; } - -/** - * Widget meeting event - */ -.c-widget-meeting-event { - max-width: 480px; - border: 1px solid #d5d5d5; - padding: 15px 20px; } - .c-widget-meeting-event h6, .c-widget-meeting-event h5, .c-widget-meeting-event p { - color: #55595c; - font-family: "Open Sans"; } - .c-widget-meeting-event h5 { - font-weight: bold; - font-size: 2rem; } - .c-widget-meeting-event h6 { - margin-top: 2px; - margin-bottom: 10px; - font-size: 1.1rem; } - .c-widget-meeting-event .date, .c-widget-meeting-event .time-ch { - font-size: 0.9rem; - float: left; } - .c-widget-meeting-event button { - float: right; } - .c-widget-meeting-event .date { - margin-right: 20px; } - .c-widget-meeting-event .time-ch p, .c-widget-meeting-event .time-ch a { - padding: 0; - margin: 0; } - -/** - * Widget meeting request - */ -.c-widget-meeting-request { - max-width: 480px; - border: 1px solid #d5d5d5; - padding: 15px 20px; } - .c-widget-meeting-request h6, .c-widget-meeting-request h5 { - color: #55595c; - font-family: "Open Sans"; } - .c-widget-meeting-request h5 { - float: left; - font-weight: bold; - font-size: 2rem; } - .c-widget-meeting-request h6 { - margin-top: 2px; - margin-bottom: 10px; - font-size: 1.1rem; } - .c-widget-meeting-request .meeting-request-btn { - float: right; } - -.masthead { - background-image: linear-gradient(to bottom, #eee 0%, #ddd 100%); - background-repeat: repeat-x; - padding-top: 10px; - padding-bottom: 10px; } - -.subheader { - background: #f8f9fa; - border-bottom: 1px solid #dee2e6; } - .subheader .nav-tabs { - margin-bottom: -1px; } - -.footer { - background-color: #495057; } - -.bodycontent { - background: #fff; } - -/*Overrides for content generated by python docutils*/ -.document-docutils > .section { - padding-bottom: 1rem; } - -.document-docutils pre { - /* Comment */ - /* Error */ - /* Generic */ - /* Keyword */ - /* Literal */ - /* Name */ - /* Operator */ - /* Other */ - /* Punctuation */ - /* Comment.Multiline */ - /* Comment.Preproc */ - /* Comment.Single */ - /* Comment.Special */ - /* Generic.Deleted */ - /* Generic.Emph */ - /* Generic.Error */ - /* Generic.Heading */ - /* Generic.Inserted */ - /* Generic.Output */ - /* Generic.Prompt */ - /* Generic.Strong */ - /* Generic.Subheading */ - /* Generic.Traceback */ - /* Keyword.Constant */ - /* Keyword.Declaration */ - /* Keyword.Namespace */ - /* Keyword.Pseudo */ - /* Keyword.Reserved */ - /* Keyword.Type */ - /* Literal.Date */ - /* Literal.Number */ - /* Literal.String */ - /* Name.Attribute */ - /* Name.Builtin */ - /* Name.Class */ - /* Name.Constant */ - /* Name.Decorator */ - /* Name.Entity */ - /* Name.Exception */ - /* Name.Function */ - /* Name.Label */ - /* Name.Namespace */ - /* Name.Other */ - /* Name.Property */ - /* Name.Tag */ - /* Name.Variable */ - /* Operator.Word */ - /* Text.Whitespace */ - /* Literal.Number.Float */ - /* Literal.Number.Hex */ - /* Literal.Number.Integer */ - /* Literal.Number.Oct */ - /* Literal.String.Backtick */ - /* Literal.String.Char */ - /* Literal.String.Doc */ - /* Literal.String.Double */ - /* Literal.String.Escape */ - /* Literal.String.Heredoc */ - /* Literal.String.Interpol */ - /* Literal.String.Other */ - /* Literal.String.Regex */ - /* Literal.String.Single */ - /* Literal.String.Symbol */ - /* Name.Builtin.Pseudo */ - /* Name.Variable.Class */ - /* Name.Variable.Global */ - /* Name.Variable.Instance */ - /* Literal.Number.Integer.Long */ } - .document-docutils pre .comment { - color: #586e75; } - .document-docutils pre .error { - color: #93a1a1; } - .document-docutils pre .generic { - color: #93a1a1; } - .document-docutils pre .keyword { - color: #859900; } - .document-docutils pre .literal { - color: #93a1a1; } - .document-docutils pre .name { - color: #93a1a1; } - .document-docutils pre .operator { - color: #859900; } - .document-docutils pre .other { - color: #cb4b16; } - .document-docutils pre .punctuation { - color: #93a1a1; } - .document-docutils pre .comment.multiline { - color: #586e75; } - .document-docutils pre .comment.preproc { - color: #859900; } - .document-docutils pre .comment.single { - color: #586e75; } - .document-docutils pre .comment.special { - color: #859900; } - .document-docutils pre .generic.deleted { - color: #2aa198; } - .document-docutils pre .generic.emph { - color: #93a1a1; - font-style: italic; } - .document-docutils pre .generic.error { - color: #dc322f; } - .document-docutils pre .generic.heading { - color: #cb4b16; } - .document-docutils pre .generic.inserted { - color: #859900; } - .document-docutils pre .generic.output { - color: #93a1a1; } - .document-docutils pre .generic.prompt { - color: #93a1a1; } - .document-docutils pre .generic.strong { - color: #93a1a1; - font-weight: bold; } - .document-docutils pre .generic.subheading { - color: #cb4b16; } - .document-docutils pre .generic.traceback { - color: #93a1a1; } - .document-docutils pre .keyword.constant { - color: #cb4b16; } - .document-docutils pre .keyword.declaration { - color: #268bd2; } - .document-docutils pre .keyword.namespace { - color: #859900; } - .document-docutils pre .keyword.pseudo { - color: #859900; } - .document-docutils pre .keyword.reserved { - color: #268bd2; } - .document-docutils pre .keyword.type { - color: #dc322f; } - .document-docutils pre .literal.date { - color: #93a1a1; } - .document-docutils pre .literal.number { - color: #2aa198; } - .document-docutils pre .literal.string { - color: #2aa198; } - .document-docutils pre .name.attribute { - color: #93a1a1; } - .document-docutils pre .name.builtin { - color: #B58900; } - .document-docutils pre .name.class { - color: #268bd2; } - .document-docutils pre .name.constant { - color: #cb4b16; } - .document-docutils pre .name.decorator { - color: #268bd2; } - .document-docutils pre .name.entity { - color: #cb4b16; } - .document-docutils pre .name.exception { - color: #cb4b16; } - .document-docutils pre .name.function { - color: #268bd2; } - .document-docutils pre .name.label { - color: #93a1a1; } - .document-docutils pre .name.namespace { - color: #93a1a1; } - .document-docutils pre .name.other { - color: #93a1a1; } - .document-docutils pre .name.property { - color: #93a1a1; } - .document-docutils pre .name.tag { - color: #268bd2; } - .document-docutils pre .name.variable { - color: #268bd2; } - .document-docutils pre .operator.word { - color: #859900; } - .document-docutils pre .text.whitespace { - color: #93a1a1; } - .document-docutils pre .literal.number.float { - color: #2aa198; } - .document-docutils pre .literal.number.hex { - color: #2aa198; } - .document-docutils pre .literal.number.integer { - color: #2aa198; } - .document-docutils pre .literal.number.oct { - color: #2aa198; } - .document-docutils pre .literal.string.backtick { - color: #586e75; } - .document-docutils pre .literal.string.char { - color: #2aa198; } - .document-docutils pre .literal.string.doc { - color: #93a1a1; } - .document-docutils pre .literal.string.double { - color: #2aa198; } - .document-docutils pre .literal.string.escape { - color: #cb4b16; } - .document-docutils pre .literal.string.heredoc { - color: #93a1a1; } - .document-docutils pre .literal.string.interpol { - color: #2aa198; } - .document-docutils pre .literal.string.other { - color: #2aa198; } - .document-docutils pre .literal.string.regex { - color: #dc322f; } - .document-docutils pre .literal.string.single { - color: #2aa198; } - .document-docutils pre .literal.string.symbol { - color: #2aa198; } - .document-docutils pre .name.builtin.pseudo { - color: #268bd2; } - .document-docutils pre .name.variable.class { - color: #268bd2; } - .document-docutils pre .name.variable.global { - color: #268bd2; } - .document-docutils pre .name.variable.instance { - color: #268bd2; } - .document-docutils pre .literal.number.integer.long { - color: #2aa198; } diff --git a/roles/apps-fp-o/files/global/fedora-bootstrap-1.1.1/fedora-bootstrap.js b/roles/apps-fp-o/files/global/fedora-bootstrap-1.1.1/fedora-bootstrap.js deleted file mode 100644 index 07dc40dc29..0000000000 --- a/roles/apps-fp-o/files/global/fedora-bootstrap-1.1.1/fedora-bootstrap.js +++ /dev/null @@ -1,6401 +0,0 @@ -/******/ (function(modules) { // webpackBootstrap -/******/ // The module cache -/******/ var installedModules = {}; -/******/ -/******/ // The require function -/******/ function __webpack_require__(moduleId) { -/******/ -/******/ // Check if module is in cache -/******/ if(installedModules[moduleId]) { -/******/ return installedModules[moduleId].exports; -/******/ } -/******/ // Create a new module (and put it into the cache) -/******/ var module = installedModules[moduleId] = { -/******/ i: moduleId, -/******/ l: false, -/******/ exports: {} -/******/ }; -/******/ -/******/ // Execute the module function -/******/ modules[moduleId].call(module.exports, module, module.exports, __webpack_require__); -/******/ -/******/ // Flag the module as loaded -/******/ module.l = true; -/******/ -/******/ // Return the exports of the module -/******/ return module.exports; -/******/ } -/******/ -/******/ -/******/ // expose the modules object (__webpack_modules__) -/******/ __webpack_require__.m = modules; -/******/ -/******/ // expose the module cache -/******/ __webpack_require__.c = installedModules; -/******/ -/******/ // identity function for calling harmony imports with the correct context -/******/ __webpack_require__.i = function(value) { return value; }; -/******/ -/******/ // define getter function for harmony exports -/******/ __webpack_require__.d = function(exports, name, getter) { -/******/ if(!__webpack_require__.o(exports, name)) { -/******/ Object.defineProperty(exports, name, { -/******/ configurable: false, -/******/ enumerable: true, -/******/ get: getter -/******/ }); -/******/ } -/******/ }; -/******/ -/******/ // getDefaultExport function for compatibility with non-harmony modules -/******/ __webpack_require__.n = function(module) { -/******/ var getter = module && module.__esModule ? -/******/ function getDefault() { return module['default']; } : -/******/ function getModuleExports() { return module; }; -/******/ __webpack_require__.d(getter, 'a', getter); -/******/ return getter; -/******/ }; -/******/ -/******/ // Object.prototype.hasOwnProperty.call -/******/ __webpack_require__.o = function(object, property) { return Object.prototype.hasOwnProperty.call(object, property); }; -/******/ -/******/ // __webpack_public_path__ -/******/ __webpack_require__.p = ""; -/******/ -/******/ // Load entry module and return exports -/******/ return __webpack_require__(__webpack_require__.s = 2); -/******/ }) -/************************************************************************/ -/******/ ([ -/* 0 */ -/***/ (function(module, exports, __webpack_require__) { - -/* WEBPACK VAR INJECTION */(function(Popper) {/*! - * Bootstrap v4.0.0-beta (https://getbootstrap.com) - * Copyright 2011-2017 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors) - * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) - */ - -if (typeof jQuery === 'undefined') { - throw new Error('Bootstrap\'s JavaScript requires jQuery. jQuery must be included before Bootstrap\'s JavaScript.') -} - -(function ($) { - var version = $.fn.jquery.split(' ')[0].split('.') - if ((version[0] < 2 && version[1] < 9) || (version[0] == 1 && version[1] == 9 && version[2] < 1) || (version[0] >= 4)) { - throw new Error('Bootstrap\'s JavaScript requires at least jQuery v1.9.1 but less than v4.0.0') - } -})(jQuery); - -(function () { -var _typeof = typeof Symbol === "function" && typeof Symbol.iterator === "symbol" ? function (obj) { return typeof obj; } : function (obj) { return obj && typeof Symbol === "function" && obj.constructor === Symbol && obj !== Symbol.prototype ? "symbol" : typeof obj; }; - -var _createClass = function () { function defineProperties(target, props) { for (var i = 0; i < props.length; i++) { var descriptor = props[i]; descriptor.enumerable = descriptor.enumerable || false; descriptor.configurable = true; if ("value" in descriptor) descriptor.writable = true; Object.defineProperty(target, descriptor.key, descriptor); } } return function (Constructor, protoProps, staticProps) { if (protoProps) defineProperties(Constructor.prototype, protoProps); if (staticProps) defineProperties(Constructor, staticProps); return Constructor; }; }(); - -function _possibleConstructorReturn(self, call) { if (!self) { throw new ReferenceError("this hasn't been initialised - super() hasn't been called"); } return call && (typeof call === "object" || typeof call === "function") ? call : self; } - -function _inherits(subClass, superClass) { if (typeof superClass !== "function" && superClass !== null) { throw new TypeError("Super expression must either be null or a function, not " + typeof superClass); } subClass.prototype = Object.create(superClass && superClass.prototype, { constructor: { value: subClass, enumerable: false, writable: true, configurable: true } }); if (superClass) Object.setPrototypeOf ? Object.setPrototypeOf(subClass, superClass) : subClass.__proto__ = superClass; } - -function _classCallCheck(instance, Constructor) { if (!(instance instanceof Constructor)) { throw new TypeError("Cannot call a class as a function"); } } - -/** - * -------------------------------------------------------------------------- - * Bootstrap (v4.0.0-beta): util.js - * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) - * -------------------------------------------------------------------------- - */ - -var Util = function ($) { - - /** - * ------------------------------------------------------------------------ - * Private TransitionEnd Helpers - * ------------------------------------------------------------------------ - */ - - var transition = false; - - var MAX_UID = 1000000; - - var TransitionEndEvent = { - WebkitTransition: 'webkitTransitionEnd', - MozTransition: 'transitionend', - OTransition: 'oTransitionEnd otransitionend', - transition: 'transitionend' - - // shoutout AngusCroll (https://goo.gl/pxwQGp) - };function toType(obj) { - return {}.toString.call(obj).match(/\s([a-zA-Z]+)/)[1].toLowerCase(); - } - - function isElement(obj) { - return (obj[0] || obj).nodeType; - } - - function getSpecialTransitionEndEvent() { - return { - bindType: transition.end, - delegateType: transition.end, - handle: function handle(event) { - if ($(event.target).is(this)) { - return event.handleObj.handler.apply(this, arguments); // eslint-disable-line prefer-rest-params - } - return undefined; - } - }; - } - - function transitionEndTest() { - if (window.QUnit) { - return false; - } - - var el = document.createElement('bootstrap'); - - for (var name in TransitionEndEvent) { - if (el.style[name] !== undefined) { - return { - end: TransitionEndEvent[name] - }; - } - } - - return false; - } - - function transitionEndEmulator(duration) { - var _this = this; - - var called = false; - - $(this).one(Util.TRANSITION_END, function () { - called = true; - }); - - setTimeout(function () { - if (!called) { - Util.triggerTransitionEnd(_this); - } - }, duration); - - return this; - } - - function setTransitionEndSupport() { - transition = transitionEndTest(); - - $.fn.emulateTransitionEnd = transitionEndEmulator; - - if (Util.supportsTransitionEnd()) { - $.event.special[Util.TRANSITION_END] = getSpecialTransitionEndEvent(); - } - } - - /** - * -------------------------------------------------------------------------- - * Public Util Api - * -------------------------------------------------------------------------- - */ - - var Util = { - - TRANSITION_END: 'bsTransitionEnd', - - getUID: function getUID(prefix) { - do { - // eslint-disable-next-line no-bitwise - prefix += ~~(Math.random() * MAX_UID); // "~~" acts like a faster Math.floor() here - } while (document.getElementById(prefix)); - return prefix; - }, - getSelectorFromElement: function getSelectorFromElement(element) { - var selector = element.getAttribute('data-target'); - if (!selector || selector === '#') { - selector = element.getAttribute('href') || ''; - } - - try { - var $selector = $(selector); - return $selector.length > 0 ? selector : null; - } catch (error) { - return null; - } - }, - reflow: function reflow(element) { - return element.offsetHeight; - }, - triggerTransitionEnd: function triggerTransitionEnd(element) { - $(element).trigger(transition.end); - }, - supportsTransitionEnd: function supportsTransitionEnd() { - return Boolean(transition); - }, - typeCheckConfig: function typeCheckConfig(componentName, config, configTypes) { - for (var property in configTypes) { - if (configTypes.hasOwnProperty(property)) { - var expectedTypes = configTypes[property]; - var value = config[property]; - var valueType = value && isElement(value) ? 'element' : toType(value); - - if (!new RegExp(expectedTypes).test(valueType)) { - throw new Error(componentName.toUpperCase() + ': ' + ('Option "' + property + '" provided type "' + valueType + '" ') + ('but expected type "' + expectedTypes + '".')); - } - } - } - } - }; - - setTransitionEndSupport(); - - return Util; -}(jQuery); - -/** - * -------------------------------------------------------------------------- - * Bootstrap (v4.0.0-beta): alert.js - * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) - * -------------------------------------------------------------------------- - */ - -var Alert = function ($) { - - /** - * ------------------------------------------------------------------------ - * Constants - * ------------------------------------------------------------------------ - */ - - var NAME = 'alert'; - var VERSION = '4.0.0-beta'; - var DATA_KEY = 'bs.alert'; - var EVENT_KEY = '.' + DATA_KEY; - var DATA_API_KEY = '.data-api'; - var JQUERY_NO_CONFLICT = $.fn[NAME]; - var TRANSITION_DURATION = 150; - - var Selector = { - DISMISS: '[data-dismiss="alert"]' - }; - - var Event = { - CLOSE: 'close' + EVENT_KEY, - CLOSED: 'closed' + EVENT_KEY, - CLICK_DATA_API: 'click' + EVENT_KEY + DATA_API_KEY - }; - - var ClassName = { - ALERT: 'alert', - FADE: 'fade', - SHOW: 'show' - - /** - * ------------------------------------------------------------------------ - * Class Definition - * ------------------------------------------------------------------------ - */ - - }; - var Alert = function () { - function Alert(element) { - _classCallCheck(this, Alert); - - this._element = element; - } - - // getters - - // public - - Alert.prototype.close = function close(element) { - element = element || this._element; - - var rootElement = this._getRootElement(element); - var customEvent = this._triggerCloseEvent(rootElement); - - if (customEvent.isDefaultPrevented()) { - return; - } - - this._removeElement(rootElement); - }; - - Alert.prototype.dispose = function dispose() { - $.removeData(this._element, DATA_KEY); - this._element = null; - }; - - // private - - Alert.prototype._getRootElement = function _getRootElement(element) { - var selector = Util.getSelectorFromElement(element); - var parent = false; - - if (selector) { - parent = $(selector)[0]; - } - - if (!parent) { - parent = $(element).closest('.' + ClassName.ALERT)[0]; - } - - return parent; - }; - - Alert.prototype._triggerCloseEvent = function _triggerCloseEvent(element) { - var closeEvent = $.Event(Event.CLOSE); - - $(element).trigger(closeEvent); - return closeEvent; - }; - - Alert.prototype._removeElement = function _removeElement(element) { - var _this2 = this; - - $(element).removeClass(ClassName.SHOW); - - if (!Util.supportsTransitionEnd() || !$(element).hasClass(ClassName.FADE)) { - this._destroyElement(element); - return; - } - - $(element).one(Util.TRANSITION_END, function (event) { - return _this2._destroyElement(element, event); - }).emulateTransitionEnd(TRANSITION_DURATION); - }; - - Alert.prototype._destroyElement = function _destroyElement(element) { - $(element).detach().trigger(Event.CLOSED).remove(); - }; - - // static - - Alert._jQueryInterface = function _jQueryInterface(config) { - return this.each(function () { - var $element = $(this); - var data = $element.data(DATA_KEY); - - if (!data) { - data = new Alert(this); - $element.data(DATA_KEY, data); - } - - if (config === 'close') { - data[config](this); - } - }); - }; - - Alert._handleDismiss = function _handleDismiss(alertInstance) { - return function (event) { - if (event) { - event.preventDefault(); - } - - alertInstance.close(this); - }; - }; - - _createClass(Alert, null, [{ - key: 'VERSION', - get: function get() { - return VERSION; - } - }]); - - return Alert; - }(); - - /** - * ------------------------------------------------------------------------ - * Data Api implementation - * ------------------------------------------------------------------------ - */ - - $(document).on(Event.CLICK_DATA_API, Selector.DISMISS, Alert._handleDismiss(new Alert())); - - /** - * ------------------------------------------------------------------------ - * jQuery - * ------------------------------------------------------------------------ - */ - - $.fn[NAME] = Alert._jQueryInterface; - $.fn[NAME].Constructor = Alert; - $.fn[NAME].noConflict = function () { - $.fn[NAME] = JQUERY_NO_CONFLICT; - return Alert._jQueryInterface; - }; - - return Alert; -}(jQuery); - -/** - * -------------------------------------------------------------------------- - * Bootstrap (v4.0.0-beta): button.js - * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) - * -------------------------------------------------------------------------- - */ - -var Button = function ($) { - - /** - * ------------------------------------------------------------------------ - * Constants - * ------------------------------------------------------------------------ - */ - - var NAME = 'button'; - var VERSION = '4.0.0-beta'; - var DATA_KEY = 'bs.button'; - var EVENT_KEY = '.' + DATA_KEY; - var DATA_API_KEY = '.data-api'; - var JQUERY_NO_CONFLICT = $.fn[NAME]; - - var ClassName = { - ACTIVE: 'active', - BUTTON: 'btn', - FOCUS: 'focus' - }; - - var Selector = { - DATA_TOGGLE_CARROT: '[data-toggle^="button"]', - DATA_TOGGLE: '[data-toggle="buttons"]', - INPUT: 'input', - ACTIVE: '.active', - BUTTON: '.btn' - }; - - var Event = { - CLICK_DATA_API: 'click' + EVENT_KEY + DATA_API_KEY, - FOCUS_BLUR_DATA_API: 'focus' + EVENT_KEY + DATA_API_KEY + ' ' + ('blur' + EVENT_KEY + DATA_API_KEY) - - /** - * ------------------------------------------------------------------------ - * Class Definition - * ------------------------------------------------------------------------ - */ - - }; - var Button = function () { - function Button(element) { - _classCallCheck(this, Button); - - this._element = element; - } - - // getters - - // public - - Button.prototype.toggle = function toggle() { - var triggerChangeEvent = true; - var addAriaPressed = true; - var rootElement = $(this._element).closest(Selector.DATA_TOGGLE)[0]; - - if (rootElement) { - var input = $(this._element).find(Selector.INPUT)[0]; - - if (input) { - if (input.type === 'radio') { - if (input.checked && $(this._element).hasClass(ClassName.ACTIVE)) { - triggerChangeEvent = false; - } else { - var activeElement = $(rootElement).find(Selector.ACTIVE)[0]; - - if (activeElement) { - $(activeElement).removeClass(ClassName.ACTIVE); - } - } - } - - if (triggerChangeEvent) { - if (input.hasAttribute('disabled') || rootElement.hasAttribute('disabled') || input.classList.contains('disabled') || rootElement.classList.contains('disabled')) { - return; - } - input.checked = !$(this._element).hasClass(ClassName.ACTIVE); - $(input).trigger('change'); - } - - input.focus(); - addAriaPressed = false; - } - } - - if (addAriaPressed) { - this._element.setAttribute('aria-pressed', !$(this._element).hasClass(ClassName.ACTIVE)); - } - - if (triggerChangeEvent) { - $(this._element).toggleClass(ClassName.ACTIVE); - } - }; - - Button.prototype.dispose = function dispose() { - $.removeData(this._element, DATA_KEY); - this._element = null; - }; - - // static - - Button._jQueryInterface = function _jQueryInterface(config) { - return this.each(function () { - var data = $(this).data(DATA_KEY); - - if (!data) { - data = new Button(this); - $(this).data(DATA_KEY, data); - } - - if (config === 'toggle') { - data[config](); - } - }); - }; - - _createClass(Button, null, [{ - key: 'VERSION', - get: function get() { - return VERSION; - } - }]); - - return Button; - }(); - - /** - * ------------------------------------------------------------------------ - * Data Api implementation - * ------------------------------------------------------------------------ - */ - - $(document).on(Event.CLICK_DATA_API, Selector.DATA_TOGGLE_CARROT, function (event) { - event.preventDefault(); - - var button = event.target; - - if (!$(button).hasClass(ClassName.BUTTON)) { - button = $(button).closest(Selector.BUTTON); - } - - Button._jQueryInterface.call($(button), 'toggle'); - }).on(Event.FOCUS_BLUR_DATA_API, Selector.DATA_TOGGLE_CARROT, function (event) { - var button = $(event.target).closest(Selector.BUTTON)[0]; - $(button).toggleClass(ClassName.FOCUS, /^focus(in)?$/.test(event.type)); - }); - - /** - * ------------------------------------------------------------------------ - * jQuery - * ------------------------------------------------------------------------ - */ - - $.fn[NAME] = Button._jQueryInterface; - $.fn[NAME].Constructor = Button; - $.fn[NAME].noConflict = function () { - $.fn[NAME] = JQUERY_NO_CONFLICT; - return Button._jQueryInterface; - }; - - return Button; -}(jQuery); - -/** - * -------------------------------------------------------------------------- - * Bootstrap (v4.0.0-beta): carousel.js - * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) - * -------------------------------------------------------------------------- - */ - -var Carousel = function ($) { - - /** - * ------------------------------------------------------------------------ - * Constants - * ------------------------------------------------------------------------ - */ - - var NAME = 'carousel'; - var VERSION = '4.0.0-beta'; - var DATA_KEY = 'bs.carousel'; - var EVENT_KEY = '.' + DATA_KEY; - var DATA_API_KEY = '.data-api'; - var JQUERY_NO_CONFLICT = $.fn[NAME]; - var TRANSITION_DURATION = 600; - var ARROW_LEFT_KEYCODE = 37; // KeyboardEvent.which value for left arrow key - var ARROW_RIGHT_KEYCODE = 39; // KeyboardEvent.which value for right arrow key - var TOUCHEVENT_COMPAT_WAIT = 500; // Time for mouse compat events to fire after touch - - var Default = { - interval: 5000, - keyboard: true, - slide: false, - pause: 'hover', - wrap: true - }; - - var DefaultType = { - interval: '(number|boolean)', - keyboard: 'boolean', - slide: '(boolean|string)', - pause: '(string|boolean)', - wrap: 'boolean' - }; - - var Direction = { - NEXT: 'next', - PREV: 'prev', - LEFT: 'left', - RIGHT: 'right' - }; - - var Event = { - SLIDE: 'slide' + EVENT_KEY, - SLID: 'slid' + EVENT_KEY, - KEYDOWN: 'keydown' + EVENT_KEY, - MOUSEENTER: 'mouseenter' + EVENT_KEY, - MOUSELEAVE: 'mouseleave' + EVENT_KEY, - TOUCHEND: 'touchend' + EVENT_KEY, - LOAD_DATA_API: 'load' + EVENT_KEY + DATA_API_KEY, - CLICK_DATA_API: 'click' + EVENT_KEY + DATA_API_KEY - }; - - var ClassName = { - CAROUSEL: 'carousel', - ACTIVE: 'active', - SLIDE: 'slide', - RIGHT: 'carousel-item-right', - LEFT: 'carousel-item-left', - NEXT: 'carousel-item-next', - PREV: 'carousel-item-prev', - ITEM: 'carousel-item' - }; - - var Selector = { - ACTIVE: '.active', - ACTIVE_ITEM: '.active.carousel-item', - ITEM: '.carousel-item', - NEXT_PREV: '.carousel-item-next, .carousel-item-prev', - INDICATORS: '.carousel-indicators', - DATA_SLIDE: '[data-slide], [data-slide-to]', - DATA_RIDE: '[data-ride="carousel"]' - - /** - * ------------------------------------------------------------------------ - * Class Definition - * ------------------------------------------------------------------------ - */ - - }; - var Carousel = function () { - function Carousel(element, config) { - _classCallCheck(this, Carousel); - - this._items = null; - this._interval = null; - this._activeElement = null; - - this._isPaused = false; - this._isSliding = false; - - this.touchTimeout = null; - - this._config = this._getConfig(config); - this._element = $(element)[0]; - this._indicatorsElement = $(this._element).find(Selector.INDICATORS)[0]; - - this._addEventListeners(); - } - - // getters - - // public - - Carousel.prototype.next = function next() { - if (!this._isSliding) { - this._slide(Direction.NEXT); - } - }; - - Carousel.prototype.nextWhenVisible = function nextWhenVisible() { - // Don't call next when the page isn't visible - if (!document.hidden) { - this.next(); - } - }; - - Carousel.prototype.prev = function prev() { - if (!this._isSliding) { - this._slide(Direction.PREV); - } - }; - - Carousel.prototype.pause = function pause(event) { - if (!event) { - this._isPaused = true; - } - - if ($(this._element).find(Selector.NEXT_PREV)[0] && Util.supportsTransitionEnd()) { - Util.triggerTransitionEnd(this._element); - this.cycle(true); - } - - clearInterval(this._interval); - this._interval = null; - }; - - Carousel.prototype.cycle = function cycle(event) { - if (!event) { - this._isPaused = false; - } - - if (this._interval) { - clearInterval(this._interval); - this._interval = null; - } - - if (this._config.interval && !this._isPaused) { - this._interval = setInterval((document.visibilityState ? this.nextWhenVisible : this.next).bind(this), this._config.interval); - } - }; - - Carousel.prototype.to = function to(index) { - var _this3 = this; - - this._activeElement = $(this._element).find(Selector.ACTIVE_ITEM)[0]; - - var activeIndex = this._getItemIndex(this._activeElement); - - if (index > this._items.length - 1 || index < 0) { - return; - } - - if (this._isSliding) { - $(this._element).one(Event.SLID, function () { - return _this3.to(index); - }); - return; - } - - if (activeIndex === index) { - this.pause(); - this.cycle(); - return; - } - - var direction = index > activeIndex ? Direction.NEXT : Direction.PREV; - - this._slide(direction, this._items[index]); - }; - - Carousel.prototype.dispose = function dispose() { - $(this._element).off(EVENT_KEY); - $.removeData(this._element, DATA_KEY); - - this._items = null; - this._config = null; - this._element = null; - this._interval = null; - this._isPaused = null; - this._isSliding = null; - this._activeElement = null; - this._indicatorsElement = null; - }; - - // private - - Carousel.prototype._getConfig = function _getConfig(config) { - config = $.extend({}, Default, config); - Util.typeCheckConfig(NAME, config, DefaultType); - return config; - }; - - Carousel.prototype._addEventListeners = function _addEventListeners() { - var _this4 = this; - - if (this._config.keyboard) { - $(this._element).on(Event.KEYDOWN, function (event) { - return _this4._keydown(event); - }); - } - - if (this._config.pause === 'hover') { - $(this._element).on(Event.MOUSEENTER, function (event) { - return _this4.pause(event); - }).on(Event.MOUSELEAVE, function (event) { - return _this4.cycle(event); - }); - if ('ontouchstart' in document.documentElement) { - // if it's a touch-enabled device, mouseenter/leave are fired as - // part of the mouse compatibility events on first tap - the carousel - // would stop cycling until user tapped out of it; - // here, we listen for touchend, explicitly pause the carousel - // (as if it's the second time we tap on it, mouseenter compat event - // is NOT fired) and after a timeout (to allow for mouse compatibility - // events to fire) we explicitly restart cycling - $(this._element).on(Event.TOUCHEND, function () { - _this4.pause(); - if (_this4.touchTimeout) { - clearTimeout(_this4.touchTimeout); - } - _this4.touchTimeout = setTimeout(function (event) { - return _this4.cycle(event); - }, TOUCHEVENT_COMPAT_WAIT + _this4._config.interval); - }); - } - } - }; - - Carousel.prototype._keydown = function _keydown(event) { - if (/input|textarea/i.test(event.target.tagName)) { - return; - } - - switch (event.which) { - case ARROW_LEFT_KEYCODE: - event.preventDefault(); - this.prev(); - break; - case ARROW_RIGHT_KEYCODE: - event.preventDefault(); - this.next(); - break; - default: - return; - } - }; - - Carousel.prototype._getItemIndex = function _getItemIndex(element) { - this._items = $.makeArray($(element).parent().find(Selector.ITEM)); - return this._items.indexOf(element); - }; - - Carousel.prototype._getItemByDirection = function _getItemByDirection(direction, activeElement) { - var isNextDirection = direction === Direction.NEXT; - var isPrevDirection = direction === Direction.PREV; - var activeIndex = this._getItemIndex(activeElement); - var lastItemIndex = this._items.length - 1; - var isGoingToWrap = isPrevDirection && activeIndex === 0 || isNextDirection && activeIndex === lastItemIndex; - - if (isGoingToWrap && !this._config.wrap) { - return activeElement; - } - - var delta = direction === Direction.PREV ? -1 : 1; - var itemIndex = (activeIndex + delta) % this._items.length; - - return itemIndex === -1 ? this._items[this._items.length - 1] : this._items[itemIndex]; - }; - - Carousel.prototype._triggerSlideEvent = function _triggerSlideEvent(relatedTarget, eventDirectionName) { - var targetIndex = this._getItemIndex(relatedTarget); - var fromIndex = this._getItemIndex($(this._element).find(Selector.ACTIVE_ITEM)[0]); - var slideEvent = $.Event(Event.SLIDE, { - relatedTarget: relatedTarget, - direction: eventDirectionName, - from: fromIndex, - to: targetIndex - }); - - $(this._element).trigger(slideEvent); - - return slideEvent; - }; - - Carousel.prototype._setActiveIndicatorElement = function _setActiveIndicatorElement(element) { - if (this._indicatorsElement) { - $(this._indicatorsElement).find(Selector.ACTIVE).removeClass(ClassName.ACTIVE); - - var nextIndicator = this._indicatorsElement.children[this._getItemIndex(element)]; - - if (nextIndicator) { - $(nextIndicator).addClass(ClassName.ACTIVE); - } - } - }; - - Carousel.prototype._slide = function _slide(direction, element) { - var _this5 = this; - - var activeElement = $(this._element).find(Selector.ACTIVE_ITEM)[0]; - var activeElementIndex = this._getItemIndex(activeElement); - var nextElement = element || activeElement && this._getItemByDirection(direction, activeElement); - var nextElementIndex = this._getItemIndex(nextElement); - var isCycling = Boolean(this._interval); - - var directionalClassName = void 0; - var orderClassName = void 0; - var eventDirectionName = void 0; - - if (direction === Direction.NEXT) { - directionalClassName = ClassName.LEFT; - orderClassName = ClassName.NEXT; - eventDirectionName = Direction.LEFT; - } else { - directionalClassName = ClassName.RIGHT; - orderClassName = ClassName.PREV; - eventDirectionName = Direction.RIGHT; - } - - if (nextElement && $(nextElement).hasClass(ClassName.ACTIVE)) { - this._isSliding = false; - return; - } - - var slideEvent = this._triggerSlideEvent(nextElement, eventDirectionName); - if (slideEvent.isDefaultPrevented()) { - return; - } - - if (!activeElement || !nextElement) { - // some weirdness is happening, so we bail - return; - } - - this._isSliding = true; - - if (isCycling) { - this.pause(); - } - - this._setActiveIndicatorElement(nextElement); - - var slidEvent = $.Event(Event.SLID, { - relatedTarget: nextElement, - direction: eventDirectionName, - from: activeElementIndex, - to: nextElementIndex - }); - - if (Util.supportsTransitionEnd() && $(this._element).hasClass(ClassName.SLIDE)) { - - $(nextElement).addClass(orderClassName); - - Util.reflow(nextElement); - - $(activeElement).addClass(directionalClassName); - $(nextElement).addClass(directionalClassName); - - $(activeElement).one(Util.TRANSITION_END, function () { - $(nextElement).removeClass(directionalClassName + ' ' + orderClassName).addClass(ClassName.ACTIVE); - - $(activeElement).removeClass(ClassName.ACTIVE + ' ' + orderClassName + ' ' + directionalClassName); - - _this5._isSliding = false; - - setTimeout(function () { - return $(_this5._element).trigger(slidEvent); - }, 0); - }).emulateTransitionEnd(TRANSITION_DURATION); - } else { - $(activeElement).removeClass(ClassName.ACTIVE); - $(nextElement).addClass(ClassName.ACTIVE); - - this._isSliding = false; - $(this._element).trigger(slidEvent); - } - - if (isCycling) { - this.cycle(); - } - }; - - // static - - Carousel._jQueryInterface = function _jQueryInterface(config) { - return this.each(function () { - var data = $(this).data(DATA_KEY); - var _config = $.extend({}, Default, $(this).data()); - - if ((typeof config === 'undefined' ? 'undefined' : _typeof(config)) === 'object') { - $.extend(_config, config); - } - - var action = typeof config === 'string' ? config : _config.slide; - - if (!data) { - data = new Carousel(this, _config); - $(this).data(DATA_KEY, data); - } - - if (typeof config === 'number') { - data.to(config); - } else if (typeof action === 'string') { - if (data[action] === undefined) { - throw new Error('No method named "' + action + '"'); - } - data[action](); - } else if (_config.interval) { - data.pause(); - data.cycle(); - } - }); - }; - - Carousel._dataApiClickHandler = function _dataApiClickHandler(event) { - var selector = Util.getSelectorFromElement(this); - - if (!selector) { - return; - } - - var target = $(selector)[0]; - - if (!target || !$(target).hasClass(ClassName.CAROUSEL)) { - return; - } - - var config = $.extend({}, $(target).data(), $(this).data()); - var slideIndex = this.getAttribute('data-slide-to'); - - if (slideIndex) { - config.interval = false; - } - - Carousel._jQueryInterface.call($(target), config); - - if (slideIndex) { - $(target).data(DATA_KEY).to(slideIndex); - } - - event.preventDefault(); - }; - - _createClass(Carousel, null, [{ - key: 'VERSION', - get: function get() { - return VERSION; - } - }, { - key: 'Default', - get: function get() { - return Default; - } - }]); - - return Carousel; - }(); - - /** - * ------------------------------------------------------------------------ - * Data Api implementation - * ------------------------------------------------------------------------ - */ - - $(document).on(Event.CLICK_DATA_API, Selector.DATA_SLIDE, Carousel._dataApiClickHandler); - - $(window).on(Event.LOAD_DATA_API, function () { - $(Selector.DATA_RIDE).each(function () { - var $carousel = $(this); - Carousel._jQueryInterface.call($carousel, $carousel.data()); - }); - }); - - /** - * ------------------------------------------------------------------------ - * jQuery - * ------------------------------------------------------------------------ - */ - - $.fn[NAME] = Carousel._jQueryInterface; - $.fn[NAME].Constructor = Carousel; - $.fn[NAME].noConflict = function () { - $.fn[NAME] = JQUERY_NO_CONFLICT; - return Carousel._jQueryInterface; - }; - - return Carousel; -}(jQuery); - -/** - * -------------------------------------------------------------------------- - * Bootstrap (v4.0.0-beta): collapse.js - * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) - * -------------------------------------------------------------------------- - */ - -var Collapse = function ($) { - - /** - * ------------------------------------------------------------------------ - * Constants - * ------------------------------------------------------------------------ - */ - - var NAME = 'collapse'; - var VERSION = '4.0.0-beta'; - var DATA_KEY = 'bs.collapse'; - var EVENT_KEY = '.' + DATA_KEY; - var DATA_API_KEY = '.data-api'; - var JQUERY_NO_CONFLICT = $.fn[NAME]; - var TRANSITION_DURATION = 600; - - var Default = { - toggle: true, - parent: '' - }; - - var DefaultType = { - toggle: 'boolean', - parent: 'string' - }; - - var Event = { - SHOW: 'show' + EVENT_KEY, - SHOWN: 'shown' + EVENT_KEY, - HIDE: 'hide' + EVENT_KEY, - HIDDEN: 'hidden' + EVENT_KEY, - CLICK_DATA_API: 'click' + EVENT_KEY + DATA_API_KEY - }; - - var ClassName = { - SHOW: 'show', - COLLAPSE: 'collapse', - COLLAPSING: 'collapsing', - COLLAPSED: 'collapsed' - }; - - var Dimension = { - WIDTH: 'width', - HEIGHT: 'height' - }; - - var Selector = { - ACTIVES: '.show, .collapsing', - DATA_TOGGLE: '[data-toggle="collapse"]' - - /** - * ------------------------------------------------------------------------ - * Class Definition - * ------------------------------------------------------------------------ - */ - - }; - var Collapse = function () { - function Collapse(element, config) { - _classCallCheck(this, Collapse); - - this._isTransitioning = false; - this._element = element; - this._config = this._getConfig(config); - this._triggerArray = $.makeArray($('[data-toggle="collapse"][href="#' + element.id + '"],' + ('[data-toggle="collapse"][data-target="#' + element.id + '"]'))); - var tabToggles = $(Selector.DATA_TOGGLE); - for (var i = 0; i < tabToggles.length; i++) { - var elem = tabToggles[i]; - var selector = Util.getSelectorFromElement(elem); - if (selector !== null && $(selector).filter(element).length > 0) { - this._triggerArray.push(elem); - } - } - - this._parent = this._config.parent ? this._getParent() : null; - - if (!this._config.parent) { - this._addAriaAndCollapsedClass(this._element, this._triggerArray); - } - - if (this._config.toggle) { - this.toggle(); - } - } - - // getters - - // public - - Collapse.prototype.toggle = function toggle() { - if ($(this._element).hasClass(ClassName.SHOW)) { - this.hide(); - } else { - this.show(); - } - }; - - Collapse.prototype.show = function show() { - var _this6 = this; - - if (this._isTransitioning || $(this._element).hasClass(ClassName.SHOW)) { - return; - } - - var actives = void 0; - var activesData = void 0; - - if (this._parent) { - actives = $.makeArray($(this._parent).children().children(Selector.ACTIVES)); - if (!actives.length) { - actives = null; - } - } - - if (actives) { - activesData = $(actives).data(DATA_KEY); - if (activesData && activesData._isTransitioning) { - return; - } - } - - var startEvent = $.Event(Event.SHOW); - $(this._element).trigger(startEvent); - if (startEvent.isDefaultPrevented()) { - return; - } - - if (actives) { - Collapse._jQueryInterface.call($(actives), 'hide'); - if (!activesData) { - $(actives).data(DATA_KEY, null); - } - } - - var dimension = this._getDimension(); - - $(this._element).removeClass(ClassName.COLLAPSE).addClass(ClassName.COLLAPSING); - - this._element.style[dimension] = 0; - - if (this._triggerArray.length) { - $(this._triggerArray).removeClass(ClassName.COLLAPSED).attr('aria-expanded', true); - } - - this.setTransitioning(true); - - var complete = function complete() { - $(_this6._element).removeClass(ClassName.COLLAPSING).addClass(ClassName.COLLAPSE).addClass(ClassName.SHOW); - - _this6._element.style[dimension] = ''; - - _this6.setTransitioning(false); - - $(_this6._element).trigger(Event.SHOWN); - }; - - if (!Util.supportsTransitionEnd()) { - complete(); - return; - } - - var capitalizedDimension = dimension[0].toUpperCase() + dimension.slice(1); - var scrollSize = 'scroll' + capitalizedDimension; - - $(this._element).one(Util.TRANSITION_END, complete).emulateTransitionEnd(TRANSITION_DURATION); - - this._element.style[dimension] = this._element[scrollSize] + 'px'; - }; - - Collapse.prototype.hide = function hide() { - var _this7 = this; - - if (this._isTransitioning || !$(this._element).hasClass(ClassName.SHOW)) { - return; - } - - var startEvent = $.Event(Event.HIDE); - $(this._element).trigger(startEvent); - if (startEvent.isDefaultPrevented()) { - return; - } - - var dimension = this._getDimension(); - - this._element.style[dimension] = this._element.getBoundingClientRect()[dimension] + 'px'; - - Util.reflow(this._element); - - $(this._element).addClass(ClassName.COLLAPSING).removeClass(ClassName.COLLAPSE).removeClass(ClassName.SHOW); - - if (this._triggerArray.length) { - for (var i = 0; i < this._triggerArray.length; i++) { - var trigger = this._triggerArray[i]; - var selector = Util.getSelectorFromElement(trigger); - if (selector !== null) { - var $elem = $(selector); - if (!$elem.hasClass(ClassName.SHOW)) { - $(trigger).addClass(ClassName.COLLAPSED).attr('aria-expanded', false); - } - } - } - } - - this.setTransitioning(true); - - var complete = function complete() { - _this7.setTransitioning(false); - $(_this7._element).removeClass(ClassName.COLLAPSING).addClass(ClassName.COLLAPSE).trigger(Event.HIDDEN); - }; - - this._element.style[dimension] = ''; - - if (!Util.supportsTransitionEnd()) { - complete(); - return; - } - - $(this._element).one(Util.TRANSITION_END, complete).emulateTransitionEnd(TRANSITION_DURATION); - }; - - Collapse.prototype.setTransitioning = function setTransitioning(isTransitioning) { - this._isTransitioning = isTransitioning; - }; - - Collapse.prototype.dispose = function dispose() { - $.removeData(this._element, DATA_KEY); - - this._config = null; - this._parent = null; - this._element = null; - this._triggerArray = null; - this._isTransitioning = null; - }; - - // private - - Collapse.prototype._getConfig = function _getConfig(config) { - config = $.extend({}, Default, config); - config.toggle = Boolean(config.toggle); // coerce string values - Util.typeCheckConfig(NAME, config, DefaultType); - return config; - }; - - Collapse.prototype._getDimension = function _getDimension() { - var hasWidth = $(this._element).hasClass(Dimension.WIDTH); - return hasWidth ? Dimension.WIDTH : Dimension.HEIGHT; - }; - - Collapse.prototype._getParent = function _getParent() { - var _this8 = this; - - var parent = $(this._config.parent)[0]; - var selector = '[data-toggle="collapse"][data-parent="' + this._config.parent + '"]'; - - $(parent).find(selector).each(function (i, element) { - _this8._addAriaAndCollapsedClass(Collapse._getTargetFromElement(element), [element]); - }); - - return parent; - }; - - Collapse.prototype._addAriaAndCollapsedClass = function _addAriaAndCollapsedClass(element, triggerArray) { - if (element) { - var isOpen = $(element).hasClass(ClassName.SHOW); - - if (triggerArray.length) { - $(triggerArray).toggleClass(ClassName.COLLAPSED, !isOpen).attr('aria-expanded', isOpen); - } - } - }; - - // static - - Collapse._getTargetFromElement = function _getTargetFromElement(element) { - var selector = Util.getSelectorFromElement(element); - return selector ? $(selector)[0] : null; - }; - - Collapse._jQueryInterface = function _jQueryInterface(config) { - return this.each(function () { - var $this = $(this); - var data = $this.data(DATA_KEY); - var _config = $.extend({}, Default, $this.data(), (typeof config === 'undefined' ? 'undefined' : _typeof(config)) === 'object' && config); - - if (!data && _config.toggle && /show|hide/.test(config)) { - _config.toggle = false; - } - - if (!data) { - data = new Collapse(this, _config); - $this.data(DATA_KEY, data); - } - - if (typeof config === 'string') { - if (data[config] === undefined) { - throw new Error('No method named "' + config + '"'); - } - data[config](); - } - }); - }; - - _createClass(Collapse, null, [{ - key: 'VERSION', - get: function get() { - return VERSION; - } - }, { - key: 'Default', - get: function get() { - return Default; - } - }]); - - return Collapse; - }(); - - /** - * ------------------------------------------------------------------------ - * Data Api implementation - * ------------------------------------------------------------------------ - */ - - $(document).on(Event.CLICK_DATA_API, Selector.DATA_TOGGLE, function (event) { - if (!/input|textarea/i.test(event.target.tagName)) { - event.preventDefault(); - } - - var $trigger = $(this); - var selector = Util.getSelectorFromElement(this); - $(selector).each(function () { - var $target = $(this); - var data = $target.data(DATA_KEY); - var config = data ? 'toggle' : $trigger.data(); - Collapse._jQueryInterface.call($target, config); - }); - }); - - /** - * ------------------------------------------------------------------------ - * jQuery - * ------------------------------------------------------------------------ - */ - - $.fn[NAME] = Collapse._jQueryInterface; - $.fn[NAME].Constructor = Collapse; - $.fn[NAME].noConflict = function () { - $.fn[NAME] = JQUERY_NO_CONFLICT; - return Collapse._jQueryInterface; - }; - - return Collapse; -}(jQuery); - -/* global Popper */ - -/** - * -------------------------------------------------------------------------- - * Bootstrap (v4.0.0-beta): dropdown.js - * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) - * -------------------------------------------------------------------------- - */ - -var Dropdown = function ($) { - - /** - * Check for Popper dependency - * Popper - https://popper.js.org - */ - if (typeof Popper === 'undefined') { - throw new Error('Bootstrap dropdown require Popper.js (https://popper.js.org)'); - } - - /** - * ------------------------------------------------------------------------ - * Constants - * ------------------------------------------------------------------------ - */ - - var NAME = 'dropdown'; - var VERSION = '4.0.0-beta'; - var DATA_KEY = 'bs.dropdown'; - var EVENT_KEY = '.' + DATA_KEY; - var DATA_API_KEY = '.data-api'; - var JQUERY_NO_CONFLICT = $.fn[NAME]; - var ESCAPE_KEYCODE = 27; // KeyboardEvent.which value for Escape (Esc) key - var SPACE_KEYCODE = 32; // KeyboardEvent.which value for space key - var TAB_KEYCODE = 9; // KeyboardEvent.which value for tab key - var ARROW_UP_KEYCODE = 38; // KeyboardEvent.which value for up arrow key - var ARROW_DOWN_KEYCODE = 40; // KeyboardEvent.which value for down arrow key - var RIGHT_MOUSE_BUTTON_WHICH = 3; // MouseEvent.which value for the right button (assuming a right-handed mouse) - var REGEXP_KEYDOWN = new RegExp(ARROW_UP_KEYCODE + '|' + ARROW_DOWN_KEYCODE + '|' + ESCAPE_KEYCODE); - - var Event = { - HIDE: 'hide' + EVENT_KEY, - HIDDEN: 'hidden' + EVENT_KEY, - SHOW: 'show' + EVENT_KEY, - SHOWN: 'shown' + EVENT_KEY, - CLICK: 'click' + EVENT_KEY, - CLICK_DATA_API: 'click' + EVENT_KEY + DATA_API_KEY, - KEYDOWN_DATA_API: 'keydown' + EVENT_KEY + DATA_API_KEY, - KEYUP_DATA_API: 'keyup' + EVENT_KEY + DATA_API_KEY - }; - - var ClassName = { - DISABLED: 'disabled', - SHOW: 'show', - DROPUP: 'dropup', - MENURIGHT: 'dropdown-menu-right', - MENULEFT: 'dropdown-menu-left' - }; - - var Selector = { - DATA_TOGGLE: '[data-toggle="dropdown"]', - FORM_CHILD: '.dropdown form', - MENU: '.dropdown-menu', - NAVBAR_NAV: '.navbar-nav', - VISIBLE_ITEMS: '.dropdown-menu .dropdown-item:not(.disabled)' - }; - - var AttachmentMap = { - TOP: 'top-start', - TOPEND: 'top-end', - BOTTOM: 'bottom-start', - BOTTOMEND: 'bottom-end' - }; - - var Default = { - placement: AttachmentMap.BOTTOM, - offset: 0, - flip: true - }; - - var DefaultType = { - placement: 'string', - offset: '(number|string)', - flip: 'boolean' - - /** - * ------------------------------------------------------------------------ - * Class Definition - * ------------------------------------------------------------------------ - */ - - }; - var Dropdown = function () { - function Dropdown(element, config) { - _classCallCheck(this, Dropdown); - - this._element = element; - this._popper = null; - this._config = this._getConfig(config); - this._menu = this._getMenuElement(); - this._inNavbar = this._detectNavbar(); - - this._addEventListeners(); - } - - // getters - - // public - - Dropdown.prototype.toggle = function toggle() { - if (this._element.disabled || $(this._element).hasClass(ClassName.DISABLED)) { - return; - } - - var parent = Dropdown._getParentFromElement(this._element); - var isActive = $(this._menu).hasClass(ClassName.SHOW); - - Dropdown._clearMenus(); - - if (isActive) { - return; - } - - var relatedTarget = { - relatedTarget: this._element - }; - var showEvent = $.Event(Event.SHOW, relatedTarget); - - $(parent).trigger(showEvent); - - if (showEvent.isDefaultPrevented()) { - return; - } - - var element = this._element; - // for dropup with alignment we use the parent as popper container - if ($(parent).hasClass(ClassName.DROPUP)) { - if ($(this._menu).hasClass(ClassName.MENULEFT) || $(this._menu).hasClass(ClassName.MENURIGHT)) { - element = parent; - } - } - this._popper = new Popper(element, this._menu, this._getPopperConfig()); - - // if this is a touch-enabled device we add extra - // empty mouseover listeners to the body's immediate children; - // only needed because of broken event delegation on iOS - // https://www.quirksmode.org/blog/archives/2014/02/mouse_event_bub.html - if ('ontouchstart' in document.documentElement && !$(parent).closest(Selector.NAVBAR_NAV).length) { - $('body').children().on('mouseover', null, $.noop); - } - - this._element.focus(); - this._element.setAttribute('aria-expanded', true); - - $(this._menu).toggleClass(ClassName.SHOW); - $(parent).toggleClass(ClassName.SHOW).trigger($.Event(Event.SHOWN, relatedTarget)); - }; - - Dropdown.prototype.dispose = function dispose() { - $.removeData(this._element, DATA_KEY); - $(this._element).off(EVENT_KEY); - this._element = null; - this._menu = null; - if (this._popper !== null) { - this._popper.destroy(); - } - this._popper = null; - }; - - Dropdown.prototype.update = function update() { - this._inNavbar = this._detectNavbar(); - if (this._popper !== null) { - this._popper.scheduleUpdate(); - } - }; - - // private - - Dropdown.prototype._addEventListeners = function _addEventListeners() { - var _this9 = this; - - $(this._element).on(Event.CLICK, function (event) { - event.preventDefault(); - event.stopPropagation(); - _this9.toggle(); - }); - }; - - Dropdown.prototype._getConfig = function _getConfig(config) { - var elementData = $(this._element).data(); - if (elementData.placement !== undefined) { - elementData.placement = AttachmentMap[elementData.placement.toUpperCase()]; - } - - config = $.extend({}, this.constructor.Default, $(this._element).data(), config); - - Util.typeCheckConfig(NAME, config, this.constructor.DefaultType); - - return config; - }; - - Dropdown.prototype._getMenuElement = function _getMenuElement() { - if (!this._menu) { - var parent = Dropdown._getParentFromElement(this._element); - this._menu = $(parent).find(Selector.MENU)[0]; - } - return this._menu; - }; - - Dropdown.prototype._getPlacement = function _getPlacement() { - var $parentDropdown = $(this._element).parent(); - var placement = this._config.placement; - - // Handle dropup - if ($parentDropdown.hasClass(ClassName.DROPUP) || this._config.placement === AttachmentMap.TOP) { - placement = AttachmentMap.TOP; - if ($(this._menu).hasClass(ClassName.MENURIGHT)) { - placement = AttachmentMap.TOPEND; - } - } else if ($(this._menu).hasClass(ClassName.MENURIGHT)) { - placement = AttachmentMap.BOTTOMEND; - } - return placement; - }; - - Dropdown.prototype._detectNavbar = function _detectNavbar() { - return $(this._element).closest('.navbar').length > 0; - }; - - Dropdown.prototype._getPopperConfig = function _getPopperConfig() { - var popperConfig = { - placement: this._getPlacement(), - modifiers: { - offset: { - offset: this._config.offset - }, - flip: { - enabled: this._config.flip - } - } - - // Disable Popper.js for Dropdown in Navbar - };if (this._inNavbar) { - popperConfig.modifiers.applyStyle = { - enabled: !this._inNavbar - }; - } - return popperConfig; - }; - - // static - - Dropdown._jQueryInterface = function _jQueryInterface(config) { - return this.each(function () { - var data = $(this).data(DATA_KEY); - var _config = (typeof config === 'undefined' ? 'undefined' : _typeof(config)) === 'object' ? config : null; - - if (!data) { - data = new Dropdown(this, _config); - $(this).data(DATA_KEY, data); - } - - if (typeof config === 'string') { - if (data[config] === undefined) { - throw new Error('No method named "' + config + '"'); - } - data[config](); - } - }); - }; - - Dropdown._clearMenus = function _clearMenus(event) { - if (event && (event.which === RIGHT_MOUSE_BUTTON_WHICH || event.type === 'keyup' && event.which !== TAB_KEYCODE)) { - return; - } - - var toggles = $.makeArray($(Selector.DATA_TOGGLE)); - for (var i = 0; i < toggles.length; i++) { - var parent = Dropdown._getParentFromElement(toggles[i]); - var context = $(toggles[i]).data(DATA_KEY); - var relatedTarget = { - relatedTarget: toggles[i] - }; - - if (!context) { - continue; - } - - var dropdownMenu = context._menu; - if (!$(parent).hasClass(ClassName.SHOW)) { - continue; - } - - if (event && (event.type === 'click' && /input|textarea/i.test(event.target.tagName) || event.type === 'keyup' && event.which === TAB_KEYCODE) && $.contains(parent, event.target)) { - continue; - } - - var hideEvent = $.Event(Event.HIDE, relatedTarget); - $(parent).trigger(hideEvent); - if (hideEvent.isDefaultPrevented()) { - continue; - } - - // if this is a touch-enabled device we remove the extra - // empty mouseover listeners we added for iOS support - if ('ontouchstart' in document.documentElement) { - $('body').children().off('mouseover', null, $.noop); - } - - toggles[i].setAttribute('aria-expanded', 'false'); - - $(dropdownMenu).removeClass(ClassName.SHOW); - $(parent).removeClass(ClassName.SHOW).trigger($.Event(Event.HIDDEN, relatedTarget)); - } - }; - - Dropdown._getParentFromElement = function _getParentFromElement(element) { - var parent = void 0; - var selector = Util.getSelectorFromElement(element); - - if (selector) { - parent = $(selector)[0]; - } - - return parent || element.parentNode; - }; - - Dropdown._dataApiKeydownHandler = function _dataApiKeydownHandler(event) { - if (!REGEXP_KEYDOWN.test(event.which) || /button/i.test(event.target.tagName) && event.which === SPACE_KEYCODE || /input|textarea/i.test(event.target.tagName)) { - return; - } - - event.preventDefault(); - event.stopPropagation(); - - if (this.disabled || $(this).hasClass(ClassName.DISABLED)) { - return; - } - - var parent = Dropdown._getParentFromElement(this); - var isActive = $(parent).hasClass(ClassName.SHOW); - - if (!isActive && (event.which !== ESCAPE_KEYCODE || event.which !== SPACE_KEYCODE) || isActive && (event.which === ESCAPE_KEYCODE || event.which === SPACE_KEYCODE)) { - - if (event.which === ESCAPE_KEYCODE) { - var toggle = $(parent).find(Selector.DATA_TOGGLE)[0]; - $(toggle).trigger('focus'); - } - - $(this).trigger('click'); - return; - } - - var items = $(parent).find(Selector.VISIBLE_ITEMS).get(); - - if (!items.length) { - return; - } - - var index = items.indexOf(event.target); - - if (event.which === ARROW_UP_KEYCODE && index > 0) { - // up - index--; - } - - if (event.which === ARROW_DOWN_KEYCODE && index < items.length - 1) { - // down - index++; - } - - if (index < 0) { - index = 0; - } - - items[index].focus(); - }; - - _createClass(Dropdown, null, [{ - key: 'VERSION', - get: function get() { - return VERSION; - } - }, { - key: 'Default', - get: function get() { - return Default; - } - }, { - key: 'DefaultType', - get: function get() { - return DefaultType; - } - }]); - - return Dropdown; - }(); - - /** - * ------------------------------------------------------------------------ - * Data Api implementation - * ------------------------------------------------------------------------ - */ - - $(document).on(Event.KEYDOWN_DATA_API, Selector.DATA_TOGGLE, Dropdown._dataApiKeydownHandler).on(Event.KEYDOWN_DATA_API, Selector.MENU, Dropdown._dataApiKeydownHandler).on(Event.CLICK_DATA_API + ' ' + Event.KEYUP_DATA_API, Dropdown._clearMenus).on(Event.CLICK_DATA_API, Selector.DATA_TOGGLE, function (event) { - event.preventDefault(); - event.stopPropagation(); - Dropdown._jQueryInterface.call($(this), 'toggle'); - }).on(Event.CLICK_DATA_API, Selector.FORM_CHILD, function (e) { - e.stopPropagation(); - }); - - /** - * ------------------------------------------------------------------------ - * jQuery - * ------------------------------------------------------------------------ - */ - - $.fn[NAME] = Dropdown._jQueryInterface; - $.fn[NAME].Constructor = Dropdown; - $.fn[NAME].noConflict = function () { - $.fn[NAME] = JQUERY_NO_CONFLICT; - return Dropdown._jQueryInterface; - }; - - return Dropdown; -}(jQuery); - -/** - * -------------------------------------------------------------------------- - * Bootstrap (v4.0.0-beta): modal.js - * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) - * -------------------------------------------------------------------------- - */ - -var Modal = function ($) { - - /** - * ------------------------------------------------------------------------ - * Constants - * ------------------------------------------------------------------------ - */ - - var NAME = 'modal'; - var VERSION = '4.0.0-beta'; - var DATA_KEY = 'bs.modal'; - var EVENT_KEY = '.' + DATA_KEY; - var DATA_API_KEY = '.data-api'; - var JQUERY_NO_CONFLICT = $.fn[NAME]; - var TRANSITION_DURATION = 300; - var BACKDROP_TRANSITION_DURATION = 150; - var ESCAPE_KEYCODE = 27; // KeyboardEvent.which value for Escape (Esc) key - - var Default = { - backdrop: true, - keyboard: true, - focus: true, - show: true - }; - - var DefaultType = { - backdrop: '(boolean|string)', - keyboard: 'boolean', - focus: 'boolean', - show: 'boolean' - }; - - var Event = { - HIDE: 'hide' + EVENT_KEY, - HIDDEN: 'hidden' + EVENT_KEY, - SHOW: 'show' + EVENT_KEY, - SHOWN: 'shown' + EVENT_KEY, - FOCUSIN: 'focusin' + EVENT_KEY, - RESIZE: 'resize' + EVENT_KEY, - CLICK_DISMISS: 'click.dismiss' + EVENT_KEY, - KEYDOWN_DISMISS: 'keydown.dismiss' + EVENT_KEY, - MOUSEUP_DISMISS: 'mouseup.dismiss' + EVENT_KEY, - MOUSEDOWN_DISMISS: 'mousedown.dismiss' + EVENT_KEY, - CLICK_DATA_API: 'click' + EVENT_KEY + DATA_API_KEY - }; - - var ClassName = { - SCROLLBAR_MEASURER: 'modal-scrollbar-measure', - BACKDROP: 'modal-backdrop', - OPEN: 'modal-open', - FADE: 'fade', - SHOW: 'show' - }; - - var Selector = { - DIALOG: '.modal-dialog', - DATA_TOGGLE: '[data-toggle="modal"]', - DATA_DISMISS: '[data-dismiss="modal"]', - FIXED_CONTENT: '.fixed-top, .fixed-bottom, .is-fixed, .sticky-top', - NAVBAR_TOGGLER: '.navbar-toggler' - - /** - * ------------------------------------------------------------------------ - * Class Definition - * ------------------------------------------------------------------------ - */ - - }; - var Modal = function () { - function Modal(element, config) { - _classCallCheck(this, Modal); - - this._config = this._getConfig(config); - this._element = element; - this._dialog = $(element).find(Selector.DIALOG)[0]; - this._backdrop = null; - this._isShown = false; - this._isBodyOverflowing = false; - this._ignoreBackdropClick = false; - this._originalBodyPadding = 0; - this._scrollbarWidth = 0; - } - - // getters - - // public - - Modal.prototype.toggle = function toggle(relatedTarget) { - return this._isShown ? this.hide() : this.show(relatedTarget); - }; - - Modal.prototype.show = function show(relatedTarget) { - var _this10 = this; - - if (this._isTransitioning) { - return; - } - - if (Util.supportsTransitionEnd() && $(this._element).hasClass(ClassName.FADE)) { - this._isTransitioning = true; - } - - var showEvent = $.Event(Event.SHOW, { - relatedTarget: relatedTarget - }); - - $(this._element).trigger(showEvent); - - if (this._isShown || showEvent.isDefaultPrevented()) { - return; - } - - this._isShown = true; - - this._checkScrollbar(); - this._setScrollbar(); - - $(document.body).addClass(ClassName.OPEN); - - this._setEscapeEvent(); - this._setResizeEvent(); - - $(this._element).on(Event.CLICK_DISMISS, Selector.DATA_DISMISS, function (event) { - return _this10.hide(event); - }); - - $(this._dialog).on(Event.MOUSEDOWN_DISMISS, function () { - $(_this10._element).one(Event.MOUSEUP_DISMISS, function (event) { - if ($(event.target).is(_this10._element)) { - _this10._ignoreBackdropClick = true; - } - }); - }); - - this._showBackdrop(function () { - return _this10._showElement(relatedTarget); - }); - }; - - Modal.prototype.hide = function hide(event) { - var _this11 = this; - - if (event) { - event.preventDefault(); - } - - if (this._isTransitioning || !this._isShown) { - return; - } - - var transition = Util.supportsTransitionEnd() && $(this._element).hasClass(ClassName.FADE); - - if (transition) { - this._isTransitioning = true; - } - - var hideEvent = $.Event(Event.HIDE); - - $(this._element).trigger(hideEvent); - - if (!this._isShown || hideEvent.isDefaultPrevented()) { - return; - } - - this._isShown = false; - - this._setEscapeEvent(); - this._setResizeEvent(); - - $(document).off(Event.FOCUSIN); - - $(this._element).removeClass(ClassName.SHOW); - - $(this._element).off(Event.CLICK_DISMISS); - $(this._dialog).off(Event.MOUSEDOWN_DISMISS); - - if (transition) { - - $(this._element).one(Util.TRANSITION_END, function (event) { - return _this11._hideModal(event); - }).emulateTransitionEnd(TRANSITION_DURATION); - } else { - this._hideModal(); - } - }; - - Modal.prototype.dispose = function dispose() { - $.removeData(this._element, DATA_KEY); - - $(window, document, this._element, this._backdrop).off(EVENT_KEY); - - this._config = null; - this._element = null; - this._dialog = null; - this._backdrop = null; - this._isShown = null; - this._isBodyOverflowing = null; - this._ignoreBackdropClick = null; - this._scrollbarWidth = null; - }; - - Modal.prototype.handleUpdate = function handleUpdate() { - this._adjustDialog(); - }; - - // private - - Modal.prototype._getConfig = function _getConfig(config) { - config = $.extend({}, Default, config); - Util.typeCheckConfig(NAME, config, DefaultType); - return config; - }; - - Modal.prototype._showElement = function _showElement(relatedTarget) { - var _this12 = this; - - var transition = Util.supportsTransitionEnd() && $(this._element).hasClass(ClassName.FADE); - - if (!this._element.parentNode || this._element.parentNode.nodeType !== Node.ELEMENT_NODE) { - // don't move modals dom position - document.body.appendChild(this._element); - } - - this._element.style.display = 'block'; - this._element.removeAttribute('aria-hidden'); - this._element.scrollTop = 0; - - if (transition) { - Util.reflow(this._element); - } - - $(this._element).addClass(ClassName.SHOW); - - if (this._config.focus) { - this._enforceFocus(); - } - - var shownEvent = $.Event(Event.SHOWN, { - relatedTarget: relatedTarget - }); - - var transitionComplete = function transitionComplete() { - if (_this12._config.focus) { - _this12._element.focus(); - } - _this12._isTransitioning = false; - $(_this12._element).trigger(shownEvent); - }; - - if (transition) { - $(this._dialog).one(Util.TRANSITION_END, transitionComplete).emulateTransitionEnd(TRANSITION_DURATION); - } else { - transitionComplete(); - } - }; - - Modal.prototype._enforceFocus = function _enforceFocus() { - var _this13 = this; - - $(document).off(Event.FOCUSIN) // guard against infinite focus loop - .on(Event.FOCUSIN, function (event) { - if (document !== event.target && _this13._element !== event.target && !$(_this13._element).has(event.target).length) { - _this13._element.focus(); - } - }); - }; - - Modal.prototype._setEscapeEvent = function _setEscapeEvent() { - var _this14 = this; - - if (this._isShown && this._config.keyboard) { - $(this._element).on(Event.KEYDOWN_DISMISS, function (event) { - if (event.which === ESCAPE_KEYCODE) { - event.preventDefault(); - _this14.hide(); - } - }); - } else if (!this._isShown) { - $(this._element).off(Event.KEYDOWN_DISMISS); - } - }; - - Modal.prototype._setResizeEvent = function _setResizeEvent() { - var _this15 = this; - - if (this._isShown) { - $(window).on(Event.RESIZE, function (event) { - return _this15.handleUpdate(event); - }); - } else { - $(window).off(Event.RESIZE); - } - }; - - Modal.prototype._hideModal = function _hideModal() { - var _this16 = this; - - this._element.style.display = 'none'; - this._element.setAttribute('aria-hidden', true); - this._isTransitioning = false; - this._showBackdrop(function () { - $(document.body).removeClass(ClassName.OPEN); - _this16._resetAdjustments(); - _this16._resetScrollbar(); - $(_this16._element).trigger(Event.HIDDEN); - }); - }; - - Modal.prototype._removeBackdrop = function _removeBackdrop() { - if (this._backdrop) { - $(this._backdrop).remove(); - this._backdrop = null; - } - }; - - Modal.prototype._showBackdrop = function _showBackdrop(callback) { - var _this17 = this; - - var animate = $(this._element).hasClass(ClassName.FADE) ? ClassName.FADE : ''; - - if (this._isShown && this._config.backdrop) { - var doAnimate = Util.supportsTransitionEnd() && animate; - - this._backdrop = document.createElement('div'); - this._backdrop.className = ClassName.BACKDROP; - - if (animate) { - $(this._backdrop).addClass(animate); - } - - $(this._backdrop).appendTo(document.body); - - $(this._element).on(Event.CLICK_DISMISS, function (event) { - if (_this17._ignoreBackdropClick) { - _this17._ignoreBackdropClick = false; - return; - } - if (event.target !== event.currentTarget) { - return; - } - if (_this17._config.backdrop === 'static') { - _this17._element.focus(); - } else { - _this17.hide(); - } - }); - - if (doAnimate) { - Util.reflow(this._backdrop); - } - - $(this._backdrop).addClass(ClassName.SHOW); - - if (!callback) { - return; - } - - if (!doAnimate) { - callback(); - return; - } - - $(this._backdrop).one(Util.TRANSITION_END, callback).emulateTransitionEnd(BACKDROP_TRANSITION_DURATION); - } else if (!this._isShown && this._backdrop) { - $(this._backdrop).removeClass(ClassName.SHOW); - - var callbackRemove = function callbackRemove() { - _this17._removeBackdrop(); - if (callback) { - callback(); - } - }; - - if (Util.supportsTransitionEnd() && $(this._element).hasClass(ClassName.FADE)) { - $(this._backdrop).one(Util.TRANSITION_END, callbackRemove).emulateTransitionEnd(BACKDROP_TRANSITION_DURATION); - } else { - callbackRemove(); - } - } else if (callback) { - callback(); - } - }; - - // ---------------------------------------------------------------------- - // the following methods are used to handle overflowing modals - // todo (fat): these should probably be refactored out of modal.js - // ---------------------------------------------------------------------- - - Modal.prototype._adjustDialog = function _adjustDialog() { - var isModalOverflowing = this._element.scrollHeight > document.documentElement.clientHeight; - - if (!this._isBodyOverflowing && isModalOverflowing) { - this._element.style.paddingLeft = this._scrollbarWidth + 'px'; - } - - if (this._isBodyOverflowing && !isModalOverflowing) { - this._element.style.paddingRight = this._scrollbarWidth + 'px'; - } - }; - - Modal.prototype._resetAdjustments = function _resetAdjustments() { - this._element.style.paddingLeft = ''; - this._element.style.paddingRight = ''; - }; - - Modal.prototype._checkScrollbar = function _checkScrollbar() { - this._isBodyOverflowing = document.body.clientWidth < window.innerWidth; - this._scrollbarWidth = this._getScrollbarWidth(); - }; - - Modal.prototype._setScrollbar = function _setScrollbar() { - var _this18 = this; - - if (this._isBodyOverflowing) { - // Note: DOMNode.style.paddingRight returns the actual value or '' if not set - // while $(DOMNode).css('padding-right') returns the calculated value or 0 if not set - - // Adjust fixed content padding - $(Selector.FIXED_CONTENT).each(function (index, element) { - var actualPadding = $(element)[0].style.paddingRight; - var calculatedPadding = $(element).css('padding-right'); - $(element).data('padding-right', actualPadding).css('padding-right', parseFloat(calculatedPadding) + _this18._scrollbarWidth + 'px'); - }); - - // Adjust navbar-toggler margin - $(Selector.NAVBAR_TOGGLER).each(function (index, element) { - var actualMargin = $(element)[0].style.marginRight; - var calculatedMargin = $(element).css('margin-right'); - $(element).data('margin-right', actualMargin).css('margin-right', parseFloat(calculatedMargin) + _this18._scrollbarWidth + 'px'); - }); - - // Adjust body padding - var actualPadding = document.body.style.paddingRight; - var calculatedPadding = $('body').css('padding-right'); - $('body').data('padding-right', actualPadding).css('padding-right', parseFloat(calculatedPadding) + this._scrollbarWidth + 'px'); - } - }; - - Modal.prototype._resetScrollbar = function _resetScrollbar() { - // Restore fixed content padding - $(Selector.FIXED_CONTENT).each(function (index, element) { - var padding = $(element).data('padding-right'); - if (typeof padding !== 'undefined') { - $(element).css('padding-right', padding).removeData('padding-right'); - } - }); - - // Restore navbar-toggler margin - $(Selector.NAVBAR_TOGGLER).each(function (index, element) { - var margin = $(element).data('margin-right'); - if (typeof margin !== 'undefined') { - $(element).css('margin-right', margin).removeData('margin-right'); - } - }); - - // Restore body padding - var padding = $('body').data('padding-right'); - if (typeof padding !== 'undefined') { - $('body').css('padding-right', padding).removeData('padding-right'); - } - }; - - Modal.prototype._getScrollbarWidth = function _getScrollbarWidth() { - // thx d.walsh - var scrollDiv = document.createElement('div'); - scrollDiv.className = ClassName.SCROLLBAR_MEASURER; - document.body.appendChild(scrollDiv); - var scrollbarWidth = scrollDiv.getBoundingClientRect().width - scrollDiv.clientWidth; - document.body.removeChild(scrollDiv); - return scrollbarWidth; - }; - - // static - - Modal._jQueryInterface = function _jQueryInterface(config, relatedTarget) { - return this.each(function () { - var data = $(this).data(DATA_KEY); - var _config = $.extend({}, Modal.Default, $(this).data(), (typeof config === 'undefined' ? 'undefined' : _typeof(config)) === 'object' && config); - - if (!data) { - data = new Modal(this, _config); - $(this).data(DATA_KEY, data); - } - - if (typeof config === 'string') { - if (data[config] === undefined) { - throw new Error('No method named "' + config + '"'); - } - data[config](relatedTarget); - } else if (_config.show) { - data.show(relatedTarget); - } - }); - }; - - _createClass(Modal, null, [{ - key: 'VERSION', - get: function get() { - return VERSION; - } - }, { - key: 'Default', - get: function get() { - return Default; - } - }]); - - return Modal; - }(); - - /** - * ------------------------------------------------------------------------ - * Data Api implementation - * ------------------------------------------------------------------------ - */ - - $(document).on(Event.CLICK_DATA_API, Selector.DATA_TOGGLE, function (event) { - var _this19 = this; - - var target = void 0; - var selector = Util.getSelectorFromElement(this); - - if (selector) { - target = $(selector)[0]; - } - - var config = $(target).data(DATA_KEY) ? 'toggle' : $.extend({}, $(target).data(), $(this).data()); - - if (this.tagName === 'A' || this.tagName === 'AREA') { - event.preventDefault(); - } - - var $target = $(target).one(Event.SHOW, function (showEvent) { - if (showEvent.isDefaultPrevented()) { - // only register focus restorer if modal will actually get shown - return; - } - - $target.one(Event.HIDDEN, function () { - if ($(_this19).is(':visible')) { - _this19.focus(); - } - }); - }); - - Modal._jQueryInterface.call($(target), config, this); - }); - - /** - * ------------------------------------------------------------------------ - * jQuery - * ------------------------------------------------------------------------ - */ - - $.fn[NAME] = Modal._jQueryInterface; - $.fn[NAME].Constructor = Modal; - $.fn[NAME].noConflict = function () { - $.fn[NAME] = JQUERY_NO_CONFLICT; - return Modal._jQueryInterface; - }; - - return Modal; -}(jQuery); - -/** - * -------------------------------------------------------------------------- - * Bootstrap (v4.0.0-beta): scrollspy.js - * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) - * -------------------------------------------------------------------------- - */ - -var ScrollSpy = function ($) { - - /** - * ------------------------------------------------------------------------ - * Constants - * ------------------------------------------------------------------------ - */ - - var NAME = 'scrollspy'; - var VERSION = '4.0.0-beta'; - var DATA_KEY = 'bs.scrollspy'; - var EVENT_KEY = '.' + DATA_KEY; - var DATA_API_KEY = '.data-api'; - var JQUERY_NO_CONFLICT = $.fn[NAME]; - - var Default = { - offset: 10, - method: 'auto', - target: '' - }; - - var DefaultType = { - offset: 'number', - method: 'string', - target: '(string|element)' - }; - - var Event = { - ACTIVATE: 'activate' + EVENT_KEY, - SCROLL: 'scroll' + EVENT_KEY, - LOAD_DATA_API: 'load' + EVENT_KEY + DATA_API_KEY - }; - - var ClassName = { - DROPDOWN_ITEM: 'dropdown-item', - DROPDOWN_MENU: 'dropdown-menu', - ACTIVE: 'active' - }; - - var Selector = { - DATA_SPY: '[data-spy="scroll"]', - ACTIVE: '.active', - NAV_LIST_GROUP: '.nav, .list-group', - NAV_LINKS: '.nav-link', - LIST_ITEMS: '.list-group-item', - DROPDOWN: '.dropdown', - DROPDOWN_ITEMS: '.dropdown-item', - DROPDOWN_TOGGLE: '.dropdown-toggle' - }; - - var OffsetMethod = { - OFFSET: 'offset', - POSITION: 'position' - - /** - * ------------------------------------------------------------------------ - * Class Definition - * ------------------------------------------------------------------------ - */ - - }; - var ScrollSpy = function () { - function ScrollSpy(element, config) { - var _this20 = this; - - _classCallCheck(this, ScrollSpy); - - this._element = element; - this._scrollElement = element.tagName === 'BODY' ? window : element; - this._config = this._getConfig(config); - this._selector = this._config.target + ' ' + Selector.NAV_LINKS + ',' + (this._config.target + ' ' + Selector.LIST_ITEMS + ',') + (this._config.target + ' ' + Selector.DROPDOWN_ITEMS); - this._offsets = []; - this._targets = []; - this._activeTarget = null; - this._scrollHeight = 0; - - $(this._scrollElement).on(Event.SCROLL, function (event) { - return _this20._process(event); - }); - - this.refresh(); - this._process(); - } - - // getters - - // public - - ScrollSpy.prototype.refresh = function refresh() { - var _this21 = this; - - var autoMethod = this._scrollElement !== this._scrollElement.window ? OffsetMethod.POSITION : OffsetMethod.OFFSET; - - var offsetMethod = this._config.method === 'auto' ? autoMethod : this._config.method; - - var offsetBase = offsetMethod === OffsetMethod.POSITION ? this._getScrollTop() : 0; - - this._offsets = []; - this._targets = []; - - this._scrollHeight = this._getScrollHeight(); - - var targets = $.makeArray($(this._selector)); - - targets.map(function (element) { - var target = void 0; - var targetSelector = Util.getSelectorFromElement(element); - - if (targetSelector) { - target = $(targetSelector)[0]; - } - - if (target) { - var targetBCR = target.getBoundingClientRect(); - if (targetBCR.width || targetBCR.height) { - // todo (fat): remove sketch reliance on jQuery position/offset - return [$(target)[offsetMethod]().top + offsetBase, targetSelector]; - } - } - return null; - }).filter(function (item) { - return item; - }).sort(function (a, b) { - return a[0] - b[0]; - }).forEach(function (item) { - _this21._offsets.push(item[0]); - _this21._targets.push(item[1]); - }); - }; - - ScrollSpy.prototype.dispose = function dispose() { - $.removeData(this._element, DATA_KEY); - $(this._scrollElement).off(EVENT_KEY); - - this._element = null; - this._scrollElement = null; - this._config = null; - this._selector = null; - this._offsets = null; - this._targets = null; - this._activeTarget = null; - this._scrollHeight = null; - }; - - // private - - ScrollSpy.prototype._getConfig = function _getConfig(config) { - config = $.extend({}, Default, config); - - if (typeof config.target !== 'string') { - var id = $(config.target).attr('id'); - if (!id) { - id = Util.getUID(NAME); - $(config.target).attr('id', id); - } - config.target = '#' + id; - } - - Util.typeCheckConfig(NAME, config, DefaultType); - - return config; - }; - - ScrollSpy.prototype._getScrollTop = function _getScrollTop() { - return this._scrollElement === window ? this._scrollElement.pageYOffset : this._scrollElement.scrollTop; - }; - - ScrollSpy.prototype._getScrollHeight = function _getScrollHeight() { - return this._scrollElement.scrollHeight || Math.max(document.body.scrollHeight, document.documentElement.scrollHeight); - }; - - ScrollSpy.prototype._getOffsetHeight = function _getOffsetHeight() { - return this._scrollElement === window ? window.innerHeight : this._scrollElement.getBoundingClientRect().height; - }; - - ScrollSpy.prototype._process = function _process() { - var scrollTop = this._getScrollTop() + this._config.offset; - var scrollHeight = this._getScrollHeight(); - var maxScroll = this._config.offset + scrollHeight - this._getOffsetHeight(); - - if (this._scrollHeight !== scrollHeight) { - this.refresh(); - } - - if (scrollTop >= maxScroll) { - var target = this._targets[this._targets.length - 1]; - - if (this._activeTarget !== target) { - this._activate(target); - } - return; - } - - if (this._activeTarget && scrollTop < this._offsets[0] && this._offsets[0] > 0) { - this._activeTarget = null; - this._clear(); - return; - } - - for (var i = this._offsets.length; i--;) { - var isActiveTarget = this._activeTarget !== this._targets[i] && scrollTop >= this._offsets[i] && (this._offsets[i + 1] === undefined || scrollTop < this._offsets[i + 1]); - - if (isActiveTarget) { - this._activate(this._targets[i]); - } - } - }; - - ScrollSpy.prototype._activate = function _activate(target) { - this._activeTarget = target; - - this._clear(); - - var queries = this._selector.split(','); - queries = queries.map(function (selector) { - return selector + '[data-target="' + target + '"],' + (selector + '[href="' + target + '"]'); - }); - - var $link = $(queries.join(',')); - - if ($link.hasClass(ClassName.DROPDOWN_ITEM)) { - $link.closest(Selector.DROPDOWN).find(Selector.DROPDOWN_TOGGLE).addClass(ClassName.ACTIVE); - $link.addClass(ClassName.ACTIVE); - } else { - // Set triggered link as active - $link.addClass(ClassName.ACTIVE); - // Set triggered links parents as active - // With both