Infrastructure/ansible
5
0
Fork 0
Code Issues Pull requests 3 Projects Releases Packages Wiki Activity Actions

Compare commits

base: Infrastructure:main
Branches Tags
Infrastructure:main
Infrastructure:letsencrypt
Infrastructure:rawhide-greenwave
Infrastructure:openqa
Infrastructure:secarch
Infrastructure:darkserver
Infrastructure:openvpn_handler
Infrastructure:easyfix
Infrastructure:denyhosts
..
compare: Infrastructure:rawhide-greenwave
Branches Tags
Infrastructure:main
Infrastructure:letsencrypt
Infrastructure:rawhide-greenwave
Infrastructure:openqa
Infrastructure:secarch
Infrastructure:darkserver
Infrastructure:openvpn_handler
Infrastructure:easyfix
Infrastructure:denyhosts

1 commit
main ... rawhide-gr

Author SHA1 Message Date
Adam Williamson
b916bc0757 Adjust greenwave rawhide sync policy to Basic tests only 
This adjusts the `openqa_important_stuff_for_rawhide` Greenwave
policy to include only openQA tests that enforce Basic release
criteria, removing all the tests that enforce Beta or Final
criteria. This matches the intentions expressed in the 'no more
Alphas' Change - we intend to gate Rawhide composes on meeting
the Basic criteria, not Beta or Final.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2017-10-24 14:44:43 -07:00
7431 changed files with 333597 additions and 221102 deletions
Download patch file Download diff file Expand all files Collapse all files

68
.ansible-lint
View file

@ -1,68 +0,0 @@
---
# .ansible-lint
# exclude_paths included in this file are parsed relative to this file's location
# and not relative to the CWD of execution. CLI arguments passed to the --exclude
# option will be parsed relative to the CWD of execution.
exclude_paths:
- .cache/ # implicit unless exclude_paths is defined in config
- cache_plugins
- callback_plugins
- files
- filter_plugins
- handlers
- library
- scripts
# Ignore playbooks with strange error happening in <unicode string>
- playbooks/groups/copr-db.yml
# Some playbooks contains hardcoded paths, so exclude them from check
- playbooks/list-vms-per-host.yml
- playbooks/set_root_auth_keys.yml
- playbooks/update-proxy-dns.yml
- playbooks/update_ticketkey.yml
- playbooks/vhost_reboot.yml
- playbooks/vhost_update_reboot.yml
# parseable: true
# quiet: true
# verbosity: 1
# Mock modules or roles in order to pass ansible-playbook --syntax-check
mock_modules:
- include_playbook
# - zuul_return
# # note the foo.bar is invalid as being neither a module or a collection
# - fake_namespace.fake_collection.fake_module
# - fake_namespace.fake_collection.fake_module.fake_submodule
mock_roles:
- linux-system-roles.network
use_default_rules: true
# Load custom rules from this specific folder
# rulesdir:
# - ./rule/directory/
# Offline mode disables installation of requirements.yml
offline: true
# Define required Ansible's variables to satisfy syntax check
extra_vars:
target: localhost
vhost: localhost
# multiline_string_variable: |
# line1
# line2
# complex_variable: ":{;\t$()"
# List of additional kind:pattern to be added at the top of the default
# match list, first match determines the file kind.
kinds:
# - playbook: "**/examples/*.{yml,yaml}"
# - galaxy: "**/folder/galaxy.yml"
- tasks: "**/tasks/*.yml"
- vars: "**/vars/*.yml"
# - meta: "**/meta/main.yml"
- yaml: "**/*.yaml-too"
skip_list:
- yaml
- role-name[path]
- var-naming[no-role-prefix]

3
.gitignore vendored
View file

@ -1,5 +1,2 @@
*.swp
*.pyc
# emacs projectile
.projectile

5
.mailmap
View file

@ -1,5 +0,0 @@
Rick Elrod <relrod@redhat.com> <codeblock@fedoraproject.org>
Rick Elrod <relrod@redhat.com> Ricky Elrod
Rick Elrod <relrod@redhat.com> Ricky Elrod <codeblock@lockbox01.phx2.fedoraproject.org>
# ... others go here ...

22
.pre-commit-config.yaml
View file

@ -1,22 +0,0 @@
---
# See https://pre-commit.com for more information
# See https://pre-commit.com/hooks.html for more hooks
repos:
# - repo: https://github.com/pre-commit/pre-commit-hooks
# rev: v3.2.0
# hooks:
# - id: trailing-whitespace
# - id: end-of-file-fixer
# - id: check-yaml
# - id: check-added-large-files
- repo: https://github.com/adrienverge/yamllint
rev: v1.35.1
hooks:
- id: yamllint
# - repo: https://github.com/ansible/ansible-lint
# rev: v24.12.1
# hooks:
# - id: ansible-lint

26
.yamllint.yaml
View file

@ -1,26 +0,0 @@
---
extends: default
rules:
comments:
min-spaces-from-content: 1
level: error
comments-indentation: false
braces:
max-spaces-inside: 1
document-start:
level: error
octal-values:
forbid-implicit-octal: true
forbid-explicit-octal: true
indentation:
spaces: 2
indent-sequences: whatever
level: warning
line-length: disable
# line-length:
# max: 100
# level: warning
truthy:
allowed-values: ['true', 'false', 'yes', 'no']
...

6
.zuul.yaml
View file

@ -1,6 +0,0 @@
---
- project:
check:
jobs:
- fi-ansible-lint-diff
- fi-yamllint-diff

2
CONVENTIONS
View file

@ -23,7 +23,7 @@ specific function. Examples: host update, vhost update, vhost reboot.
The playbooks/groups/ directory should contain one playbook per
group. This should be used in the case of multiple machines/instances
in a group. MUST include a hosts entry that describes the hosts in the group.
Examples: packages, proxy, virthost, etc.
Examples: packages, proxy, unbound, virthost, etc.
Try and be descriptive with the name here.
The playbooks/hosts/ directory should contain one playbook per 'host'

1
README
View file

@ -1 +0,0 @@
README.md

70
README Normal file
View file

@ -0,0 +1,70 @@
== ansible repository/structure ==
files - files and templates for use in playbooks/tasks
- subdirs for specific tasks/dirs highly recommended
inventory - where the inventory and additional vars is stored
- All files in this directory in ini format
- added together for total inventory
group_vars:
- per group variables set here in a file per group
host_vars:
- per host variables set here in a file per host
library - library of custom local ansible modules
playbooks - collections of plays we want to run on systems
groups: groups of hosts configured from one playbook.
hosts: playbooks for single hosts.
manual: playbooks that are only run manually by an admin as needed.
tasks - snippets of tasks that should be included in plays
roles - specific roles to be use in playbooks.
Each role has it's own files/templates/vars
filter_plugins - Jinja filters
master.yml - This is the master playbook, consisting of all
current group and host playbooks. Note that the
daily cron doesn't run this, it runs even over
playbooks that are not yet included in master.
This playbook is usefull for making changes over
multiple groups/hosts usually with -t (tag).
== Paths ==
public path for everything is:
/srv/web/infra/ansible
private path - which is sysadmin-main accessible only is:
/srv/private/ansible
In general to run any ansible playbook you will want to run:
sudo -i ansible-playbook /path/to/playbook.yml
== Scheduled check-diff ==
Every night a cron job runs over all playbooks under playbooks/{groups}{hosts}
with the ansible --check --diff options. A report from this is sent to
sysadmin-logs. In the ideal state this report would be empty.
== Idempotency ==
All playbooks should be idempotent. Ie, if run once they should bring the
machine(s) to the desired state, and if run again N times after that they should
make 0 changes (because the machine(s) are in the desired state).
Please make sure your playbooks are idempotent.
== Can be run anytime ==
When a playbook or change is checked into ansible you should assume
that it could be run at ANY TIME. Always make sure the checked in state
is the desired state. Always test changes when they land so they don't
surprise you later.

187
README.cloud Normal file
View file

@ -0,0 +1,187 @@
== Cloud information ==
The dashboard for the production cloud instance is:
https://fedorainfracloud.org/dashboard/
You can download credentials via the dashboard (under security and access)
=== Transient instances ===
Transient instances are short term use instances for Fedora
contributors. They can be terminated at any time and shouldn't be
relied on for any production use. If you have an application
or longer term item that should always be around
please create a persistent playbook instead. (see below)
to startup a new transient cloud instance and configure for basic
server use run (as root):
sudo -i ansible-playbook /srv/web/infra/ansible/playbooks/transient_cloud_instance.yml -e 'name=somename'
The -i is important - ansible's tools need access to root's sshagent as well
as the cloud credentials to run the above playbooks successfully.
This will setup a new instance, provision it and email sysadmin-main that
the instance was created and it's ip address.
You will then be able to login, as root if you are in the sysadmin-main group.
(If you are making the instance for another user, see below)
You MUST pass a name to it, ie: -e 'name=somethingdescriptive'
You can optionally override defaults by passing any of the following:
image=imagename (default is centos70_x86_64)
instance_type=some instance type (default is m1.small)
root_auth_users='user1 user2 user3 @group1' (default always includes sysadmin-main group)
Note: if you run this playbook with the same name= multiple times
openstack is smart enough to just return the current ip of that instance
and go on. This way you can re-run if you want to reconfigure it without
reprovisioning it.
Sizes options
-------------
Name Memory_MB Disk VCPUs
m1.tiny 512 0 1
m1.small 2048 20 1
m1.medium 4096 40 2
m1.large 8192 80 4
m1.xlarge 16384 160 8
m1.builder 5120 50 3
=== Persistent cloud instances ===
Persistent cloud instances are ones that we want to always have up and
configured. These are things like dev instances for various applications,
proof of concept servers for evaluating something, etc. They will be
reprovisioned after a reboot/maint window for the cloud.
Setting up a new persistent cloud host:
1) Select an available floating IP
source /srv/private/ansible/files/openstack/novarc
nova floating-ip-list
Note that an "available floating IP" is one that has only a "-" in the Fixed IP
column of the above `nova` command. Ignore the fact that the "Server Id" column
is completely blank for all instances. If there are no ip's with -, use:
nova floating-ip-create
and retry the list.
2) Add that IP addr to dns (typically as foo.fedorainfracloud.org)
3) Create persistent storage disk for the instance (if necessary.. you might not
need this).
nova volume-create --display-name SOME_NAME SIZE_IN_GB
4) Add to ansible inventory in the persistent-cloud group.
You should use the FQDN for this and not the IP. Names are good.
5) setup the host_vars file. It should looks something like this::
instance_type: m1.medium
image:
keypair: fedora-admin-20130801
security_group: default # NOTE: security_group MUST contain default.
zone: nova
tcp_ports: [22, 80, 443]
inventory_tenant: persistent
inventory_instance_name: taiga
hostbase: taiga
public_ip: 209.132.184.50
root_auth_users: ralph maxamillion
description: taiga frontend server
volumes:
- volume_id: VOLUME_UUID_GOES_HERE
device: /dev/vdc
cloud_networks:
# persistent-net
- net-id: "67b77354-39a4-43de-b007-bb813ac5c35f"
6) setup the host playbook
7) run the playbook:
sudo -i ansible-playbook /srv/web/infra/ansible/playbooks/hosts/$YOUR_HOSTNAME_HERE.yml
You should be able to run that playbook over and over again safely, it will
only setup/create a new instance if the ip is not up/responding.
=== SECURITY GROUPS ===
FIXME: needs work for new cloud.
- to edit security groups you must either have your own cloud account or
be a member of sysadmin-main
This gives you the credential to change things in the persistent tenant
- source /srv/private/ansible/files/openstack/persistent-admin/ec2rc.sh
This lists all security groups in that tenant:
- euca-describe-groups | grep GROUP
the output will look like this:
euca-describe-groups | grep GROU
GROUP d4e664a10e2c4210839150be09c46e5e default default
GROUP d4e664a10e2c4210839150be09c46e5e jenkins jenkins instance group
GROUP d4e664a10e2c4210839150be09c46e5e logstash logstash security group
GROUP d4e664a10e2c4210839150be09c46e5e smtpserver list server group. needs web and smtp
GROUP d4e664a10e2c4210839150be09c46e5e webserver webserver security group
GROUP d4e664a10e2c4210839150be09c46e5e wideopen wideopen
This lets you list the rules in a specific group:
- euca-describe-group groupname
the output will look like this:
euca-describe-group wideopen
GROUP d4e664a10e2c4210839150be09c46e5e wideopen wideopen
PERMISSION d4e664a10e2c4210839150be09c46e5e wideopen ALLOWS tcp 1 65535 FROM CIDR 0.0.0.0/0
PERMISSION d4e664a10e2c4210839150be09c46e5e wideopen ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0
To create a new group:
euca-create-group -d "group description here" groupname
To add a rule to a group:
euca-authorize -P tcp -p 22 groupname
euca-authorize -P icmp -t -1:-1 groupname
To delete a rule from a group:
euca-revoke -P tcp -p 22 groupname
Notes:
- Be careful removing or adding rules to existing groups b/c you could be
impacting other instances using that security group.
- You will almost always want to allow 22/tcp (sshd) and icmp -1 -1 (ping
and traceroute and friends).
=== TERMINATING INSTANCES ===
For transient:
1. source /srv/private/ansible/files/openstack/novarc
2. export OS_TENANT_NAME=transient
2. nova list | grep <ip of your instance or name of your instance>
3. nova delete <name of instance or ID of instance>
- OR -
For persistent:
1. source /srv/private/ansible/files/openstack/novarc
2. nova list | grep <ip of your instance or name of your instance>
3. nova delete <name of instance or ID of instance>

143
README.md
View file

@ -1,143 +0,0 @@
Fedora Infrastructure
=====================
Welcome! This is the Fedora Infrastructure Ansible Pagure project.
Pull requests and forks can be made against this repository hosted
at https://pagure.io/fedora-infra/ansible
This repository is also mirrored for production runs to
https://infrastructure.fedoraproject.org/infra/ansible/
but this is the working repository where changes are made.
If you would like to help out with Fedora Infrastructure, see:
* https://docs.fedoraproject.org/en-US/infra/gettingstarted/
* https://docs.fedoraproject.org/en-US/infra/apprentice/
Ansible repository/structure
----------------------------
```
files - files and templates for use in playbooks/tasks
- subdirs for specific tasks/dirs highly recommended
inventory - where the inventory and additional vars is stored
- All files in this directory in ini format
- added together for total inventory
group_vars:
- per group variables set here in a file per group
host_vars:
- per host variables set here in a file per host
library - library of custom local ansible modules
playbooks - collections of plays we want to run on systems
groups: groups of hosts configured from one playbook.
hosts: playbooks for single hosts.
manual: playbooks that are only run manually by an admin as needed.
tasks - snippets of tasks that should be included in plays
roles - specific roles to be use in playbooks.
Each role has it's own files/templates/vars
filter_plugins - Jinja filters
main.yml - This is the main playbook, consisting of all
current group and host playbooks. Note that the
daily cron doesn't run this, it runs even over
playbooks that are not yet included in main.
This playbook is usefull for making changes over
multiple groups/hosts usually with -t (tag).
```
Paths
-----
The public path on batcave01 (our control host) for everything is `/srv/web/infra/ansible`
The private path on batcave01 (our control host) (which is sysadmin-main accessible only)
is `/srv/private/ansible`
In general to run any ansible playbook you will want to run:
```
sudo -i ansible-playbook /path/to/playbook.yml
```
(On batcave01, our control host)
Scheduled check-diff
--------------------
Every night a cron job runs over all playbooks under `playbooks/{groups}{hosts}`
with `ansible --check --diff`. A report from this is sent to sysadmin-logs.
In the ideal state this report would be empty.
Idempotency
-----------
All playbooks should be idempotent. Ie, if run once they should bring the
machine(s) to the desired state, and if run again N times after that they should
make 0 changes (because the machine(s) are in the desired state).
Please make sure your playbooks are idempotent.
Can be run anytime
------------------
When a playbook or change is checked into ansible you should assume
that it could be run at ***ANY TIME***. Always make sure the checked in state
is the desired state. Always test changes when they land so they don't
surprise you later.
Contributing and Licensing
--------------------------
Contributions to this repository are subject to the Fedora Project
Contributor Agreement. If no license is specified, the MIT license is used, otherwise
the contribution is under the specified acceptable Fedora License.
See https://docs.fedoraproject.org/en-US/legal/fpca/
for more information.
Contributing Pull Requests
--------------------------
If found a way to improve this repository or fix an issue found in our
infrastructure tracker (see https://pagure.io/fedora-infrastructure/issues)
open a pull-request.
You either should have capability to run the playbooks after they have been reviewed,
and merged or find the person responsible and work with them to make sure the changes
will be aplied afterwards.
We are currently working on a simple to use list of Point Of Contanct people for the applications
here, untill it is done, you can, look at people that recently edited the ansible files,
or if you belong to sysadmin group, view the /etc/ansible_utils/rbac.yaml located on batcave01,
where you can see the groups of people that have capabilities to run the relevant playbooks.
For example, to upgrade Release Monitoring, you need to run playbook openshift-apps/release-monitoring.yaml.
People in sysadmin-releasemonitoring have that capability, and you cand find the members in https://accounts.fedoraproject.org/group/sysadmin-releasemonitoring/
If the application in question is not on the critical path it should be sufficient,
if person responsible for the application reviews the PR.
If the files in question are on the critical path, that are necessary for functioning packager workflow,
at least two different people should review the PR.
If there is any risk at all, that the application of the changes would induce downtime,
work closely with other to ensure that the downtime is properly scheduled:
- there is an issue in https://pagure.io/fedora-infrastructure/issues specifying the downtime
- there is an email sent to the devel-list
- https://status.fedoraproject.org is updated (see https://docs.fedoraproject.org/en-US/infra/sysadmin_guide/status-fedora/)
Applications on critical path: pagure, mirrormanager, toddlers, bodhi, noggin, mdapi, rpmautospec,
pagure-dist-git, mirror_from_pagure, fedora-messaging, dist-git, PDC/FPDC, FMN, sigul
robosignatory, tag2distrepo, ci-resultsdb-listener, stylo, mirrorlist
resultsdb, Nagios, koschei, wiki / mediawiki, wiki / moin, waiverdb,
greenwave, ODCS, Mailman3 / HK, mailman 2, OSBS, pungi, koji, MBS,
IPA, rabbitmq, geoip,ipsilon

20
STYLEGUIDE
View file

@ -1,20 +0,0 @@
infrastructure ansible style guide
==================================
* Use 'yml' instead of 'yaml'
* do add '.j2' to the end of templates
* in general let readablity trump grepability, i.e.:
DONT:
- name: This is some play
module: name=thing arg=thing2 anotherlongerarg=thing arg4=anodheranth
DO:
- name: This is some play
module:
- name: thing
- arg: thing2
..etc

17
TODO Normal file
View file

@ -0,0 +1,17 @@
- make it easy to run playbooks against cloud instances w/o modifying
inventory or changing host entries in playbooks
- define standards for:
- playbook naming
- play naming
- hosts or service or groups for talking to sets of systems
- tags:
- config
- service
- initonly
- figure out how and where we are going to run these from cron
- merge in tasks/playbooks/inventory/etc from:
- builders

98
callback_plugins/fedmsg_callback.py Normal file
View file

@ -0,0 +1,98 @@
# (C) 2012, Michael DeHaan, <michael.dehaan@gmail.com>
# based on the log_plays example
# skvidal@fedoraproject.org
# rbean@redhat.com
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
import os
import pwd
import fedmsg
import fedmsg.config
try:
from ansible.plugins.callback import CallbackBase
except ImportError:
# Ansible v1 compat
CallbackBase = object
def getlogin():
try:
user = os.getlogin()
except OSError, e:
user = pwd.getpwuid(os.geteuid())[0]
return user
class CallbackModule(CallbackBase):
""" Publish playbook starts and stops to fedmsg. """
playbook_path = None
def __init__(self):
config = fedmsg.config.load_config()
config.update(dict(
name='relay_inbound',
cert_prefix='shell',
active=True,
))
# It seems like recursive playbooks call this over and over again and
# fedmsg doesn't like to be initialized more than once. So, here, just
# catch that and ignore it.
try:
fedmsg.init(**config)
except ValueError:
pass
def playbook_on_play_start(self, pattern):
# This gets called once for each play.. but we just issue a message once
# for the first one. One per "playbook"
play = getattr(self, 'play', None)
if play:
# figure out where the playbook FILE is
path = os.path.abspath(play.playbook.filename)
# Bail out early without publishing if we're in --check mode
if play.playbook.check:
return
if not self.playbook_path:
fedmsg.publish(
modname="ansible", topic="playbook.start",
msg=dict(
playbook=path,
userid=getlogin(),
extra_vars=play.playbook.extra_vars,
inventory=play.playbook.inventory.host_list,
playbook_checksum=play.playbook.check,
check=play.playbook.check,
),
)
self.playbook_path = path
def playbook_on_stats(self, stats):
if not self.playbook_path:
return
results = dict([(h, stats.summarize(h)) for h in stats.processed])
fedmsg.publish(
modname="ansible", topic="playbook.complete",
msg=dict(
playbook=self.playbook_path,
userid=getlogin(),
results=results,
),
)

116
callback_plugins/fedmsg_callback2.py Normal file
View file

@ -0,0 +1,116 @@
# (C) 2012, Michael DeHaan, <michael.dehaan@gmail.com>
# based on the log_plays example
# skvidal@fedoraproject.org
# rbean@redhat.com
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
import os
import pwd
import fedmsg
import fedmsg.config
try:
from ansible.plugins.callback import CallbackBase
except ImportError:
# Ansible v1 compat
CallbackBase = object
try:
from ansible.utils.hashing import secure_hash
except ImportError:
from ansible.utils import md5 as secure_hash
def getlogin():
try:
user = os.getlogin()
except OSError, e:
user = pwd.getpwuid(os.geteuid())[0]
return user
class CallbackModule(CallbackBase):
""" Publish playbook starts and stops to fedmsg. """
CALLBACK_NAME = 'fedmsg_callback2'
CALLBACK_TYPE = 'notification'
CALLBACK_VERSION = 2.0
CALLBACK_NEEDS_WHITELIST = True
playbook_path = None
def __init__(self):
config = fedmsg.config.load_config()
config.update(dict(
name='relay_inbound',
cert_prefix='shell',
active=True,
))
# It seems like recursive playbooks call this over and over again and
# fedmsg doesn't like to be initialized more than once. So, here, just
# catch that and ignore it.
try:
fedmsg.init(**config)
except ValueError:
pass
self.play = None
self.playbook = None
super(CallbackModule, self).__init__()
def set_play_context(self, play_context):
self.play_context = play_context
def v2_playbook_on_start(self, playbook):
self.playbook = playbook
def v2_playbook_on_play_start(self, play):
# This gets called once for each play.. but we just issue a message once
# for the first one. One per "playbook"
if self.playbook:
# figure out where the playbook FILE is
path = os.path.abspath(self.playbook._file_name)
# Bail out early without publishing if we're in --check mode
if self.play_context.check_mode:
return
if not self.playbook_path:
fedmsg.publish(
modname="ansible", topic="playbook.start",
msg=dict(
playbook=path,
userid=getlogin(),
extra_vars=play._variable_manager.extra_vars,
inventory=play._variable_manager._inventory._sources,
playbook_checksum=secure_hash(path),
check=self.play_context.check_mode,
),
)
self.playbook_path = path
def v2_playbook_on_stats(self, stats):
if not self.playbook_path:
return
results = dict([(h, stats.summarize(h)) for h in stats.processed])
fedmsg.publish(
modname="ansible", topic="playbook.complete",
msg=dict(
playbook=self.playbook_path,
userid=getlogin(),
results=results,
),
)

137
callback_plugins/fedora_messaging_callback.py
View file

@ -1,137 +0,0 @@
# (C) 2012, Michael DeHaan, <michael.dehaan@gmail.com>
# based on the log_plays example
# skvidal@fedoraproject.org
# rbean@redhat.com
# karsten@redhat.com changes for fedora-messaging
# abompard@redhat.com changes to adapt to ansible's specific python
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
import json
import logging
import os
import pwd
import uuid
from subprocess import run, PIPE, STDOUT
from tempfile import NamedTemporaryFile
try:
from ansible.plugins.callback import CallbackBase
except ImportError:
# Ansible v1 compat
CallbackBase = object
try:
from ansible.utils.hashing import secure_hash
except ImportError:
from ansible.utils import md5 as secure_hash
LOGGER = logging.getLogger(__name__)
FEDORA_MESSAGING_CONF = "/etc/fedora-messaging/batcave-messaging.toml"
def getlogin():
try:
user = os.getlogin()
except OSError:
user = pwd.getpwuid(os.geteuid())[0]
return user
def send_message(msg):
msg["id"] = str(uuid.uuid4())
msg["headers"] = {
"fedora_messaging_schema": "base.message",
"fedora_messaging_severity": 20,
}
env = os.environ.copy()
env["FEDORA_MESSAGING_CONF"] = FEDORA_MESSAGING_CONF
with NamedTemporaryFile(mode="w+", buffering=1) as msg_file:
json.dump(msg, msg_file)
msg_file.write("\n")
result = run(
["fedora-messaging", "publish", msg_file.name],
stdout=PIPE, stderr=STDOUT, text=True, env=env,
)
if result.returncode > 0:
LOGGER.warning(f"Fedora Messaging plugin failed: {result.stdout}")
print(f"Fedora Messaging plugin failed: {result.stdout}")
class CallbackModule(CallbackBase):
""" Publish playbook starts and stops to fedora_messaging. """
CALLBACK_NAME = "fedora_messaging_callback"
CALLBACK_TYPE = "notification"
CALLBACK_VERSION = 2.0
CALLBACK_NEEDS_WHITELIST = True
playbook_path = None
def __init__(self):
self.play = None
self.playbook = None
super(CallbackModule, self).__init__()
def set_play_context(self, play_context):
self.play_context = play_context
def v2_playbook_on_start(self, playbook):
self.playbook = playbook
def v2_playbook_on_play_start(self, play):
# This gets called once for each play.. but we just issue a message once
# for the first one. One per "playbook"
if not self.playbook:
return
# figure out where the playbook FILE is
path = os.path.abspath(self.playbook._file_name)
# Bail out early without publishing if we're in --check mode
if self.play_context.check_mode:
return
# Only publish on playbook start
if self.playbook_path:
return
msg = {
"topic": "ansible.playbook.start",
"body": {
'playbook': path,
'userid': getlogin(),
'extra_vars': play._variable_manager.extra_vars,
'inventory': play._variable_manager._inventory._sources,
'playbook_checksum': secure_hash(path),
'check': self.play_context.check_mode
},
}
send_message(msg)
self.playbook_path = path
def v2_playbook_on_stats(self, stats):
if not self.playbook_path:
return
results = dict([(h, stats.summarize(h)) for h in stats.processed])
msg = {
"topic": "ansible.playbook.complete",
"body": {
'playbook': self.playbook_path,
'userid': getlogin(),
'results': results
},
}
send_message(msg)

207
callback_plugins/logdetail.py
View file

@ -15,36 +15,13 @@
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = r'''
callback: logdetail
callback_type: notification
short_description: Logs playbook results, per date, playbook and host.
description: Logs playbook results, per date, playbook and host, in I(log_path).
options:
log_path:
description: The path where log files will be created.
default: /var/log/ansible
ini:
- section: callback_logdetail
key: log_path
env:
- name: ANSIBLE_LOGDETAIL_PATH
'''
from __future__ import absolute_import
import os
import time
import json
import pwd
import gzip
try:
from ansible.utils.hashing import secure_hash
except ImportError:
from ansible.utils import md5 as secure_hash
from ansible import utils
try:
from ansible.plugins.callback import CallbackBase
@ -52,31 +29,31 @@ except ImportError:
# Ansible v1 compat
CallbackBase = object
TIME_FORMAT = "%b %d %Y %H:%M:%S"
TIME_FORMAT="%b %d %Y %H:%M:%S"
MSG_FORMAT = "%(now)s\t%(count)s\t%(category)s\t%(name)s\t%(data)s\n"
MSG_FORMAT="%(now)s\t%(count)s\t%(category)s\t%(name)s\t%(data)s\n"
LOG_PATH = '/var/log/ansible'
def getlogin():
try:
user = os.getlogin()
except OSError:
except OSError, e:
user = pwd.getpwuid(os.geteuid())[0]
return user
class LogMech(object):
def __init__(self, logpath):
def __init__(self):
self.started = time.time()
self.pid = str(os.getpid())
self._pb_fn = None
self._last_task_start = None
self.play_info = {}
self.logpath = logpath
self.logpath = LOG_PATH
if not os.path.exists(self.logpath):
try:
os.makedirs(self.logpath, mode=0o750)
except OSError as e:
os.makedirs(self.logpath, mode=0750)
except OSError, e:
if e.errno != 17:
raise
@ -97,13 +74,13 @@ class LogMech(object):
def logpath_play(self):
# this is all to get our path to look nice ish
tstamp = time.strftime('%Y/%m/%d/%H.%M.%S', time.localtime(self.started))
path = os.path.normpath(self.logpath + '/' + self.playbook_id + '/' + tstamp + '/')
path = os.path.normpath(self.logpath + '/' + self.playbook_id + '/' + tstamp + '/')
if not os.path.exists(path):
try:
os.makedirs(path)
except OSError as e:
if e.errno != 17: # if it is not dir exists then raise it up
except OSError, e:
if e.errno != 17: # if it is not dir exists then raise it up
raise
return path
@ -119,8 +96,8 @@ class LogMech(object):
def task_to_json(self, task):
res = {}
res['task_name'] = task.name
res['task_module'] = task.action
res['task_args'] = task.args
res['task_module'] = task.module_name
res['task_args'] = task.module_args
if self.playbook_id == 'ansible-cmd':
res['task_userid'] = getlogin()
for k in ("delegate_to", "environment", "with_first_found",
@ -138,21 +115,22 @@ class LogMech(object):
host = 'HOSTMISSING'
if type(data) == dict:
name = data.get('module_name', None)
name = data.get('module_name',None)
else:
name = "unknown"
# we're in setup - move the invocation info up one level
if 'invocation' in data:
invoc = data['invocation']
if not name and 'module_name' in invoc:
name = invoc['module_name']
# don't add this since it can often contain complete passwords :(
#don't add this since it can often contain complete passwords :(
del(data['invocation'])
if task:
name = task._name
name = task.name
data['task_start'] = self._last_task_start
data['task_end'] = time.time()
data.update(self.task_to_json(task))
@ -165,7 +143,7 @@ class LogMech(object):
if self.play_info.get('check', False) and self.play_info.get('diff', False):
category = 'CHECK_DIFF:' + category
elif self.play_info.get('check', False):
elif self.play_info.get('check', False):
category = 'CHECK:' + category
# Sometimes this is None.. othertimes it's fine. Othertimes it has
@ -174,12 +152,14 @@ class LogMech(object):
name = name.strip()
sanitize_host = host.replace(' ', '_').replace('>', '-')
fd = gzip.open(self.logpath_play + '/' + sanitize_host + '.log.gz', 'at')
fd = open(self.logpath_play + '/' + sanitize_host + '.log', 'a')
now = time.strftime(TIME_FORMAT, time.localtime())
fd.write(MSG_FORMAT % dict(now=now, name=name, count=count, category=category, data=json.dumps(data)))
fd.close()
logmech = LogMech()
class CallbackModule(CallbackBase):
"""
logs playbook results, per host, in /var/log/ansible/hosts
@ -192,72 +172,101 @@ class CallbackModule(CallbackBase):
def __init__(self):
self._task_count = 0
self._play_count = 0
self.task = None
self.playbook = None
super(CallbackModule, self).__init__()
self.set_options()
self.logmech = LogMech(self.get_option('log_path'))
def on_any(self, *args, **kwargs):
pass
def set_play_context(self, play_context):
self.play_context = play_context
def v2_runner_on_failed(self, result, ignore_errors=False):
def runner_on_failed(self, host, res, ignore_errors=False):
category = 'FAILED'
self.logmech.log(result._host.get_name(), category, result._result, self.task, self._task_count)
task = getattr(self,'task', None)
logmech.log(host, category, res, task, self._task_count)
def v2_runner_on_ok(self, result):
def runner_on_ok(self, host, res):
category = 'OK'
self.logmech.log(result._host.get_name(), category, result._result, self.task, self._task_count)
task = getattr(self,'task', None)
logmech.log(host, category, res, task, self._task_count)
def v2_runner_on_skipped(self, result):
def runner_on_error(self, host, res):
category = 'ERROR'
task = getattr(self,'task', None)
logmech.log(host, category, res, task, self._task_count)
def runner_on_skipped(self, host, item=None):
category = 'SKIPPED'
task = getattr(self,'task', None)
res = {}
res['item'] = self._get_item_label(getattr(result._result, 'results', {}))
self.logmech.log(result._host.get_name(), category, res, self.task, self._task_count)
res['item'] = item
logmech.log(host, category, res, task, self._task_count)
def v2_runner_on_unreachable(self, result):
def runner_on_unreachable(self, host, output):
category = 'UNREACHABLE'
task = getattr(self,'task', None)
res = {}
res['output'] = result._result
self.logmech.log(result._host.get_name(), category, res, self.task, self._task_count)
res['output'] = output
logmech.log(host, category, res, task, self._task_count)
def v2_runner_on_async_failed(self, result):
def runner_on_no_hosts(self):
pass
def runner_on_async_poll(self, host, res, jid, clock):
pass
def runner_on_async_ok(self, host, res, jid):
pass
def runner_on_async_failed(self, host, res, jid):
category = 'ASYNC_FAILED'
self.logmech.log(result._host.get_name(), category, result._result, self.task, self._task_count)
task = getattr(self,'task', None)
logmech.log(host, category, res, task, self._task_count)
def v2_playbook_on_start(self, playbook):
self.playbook = playbook
def playbook_on_start(self):
pass
def v2_playbook_on_task_start(self, task, is_conditional):
self.task = task
if self.task:
self.task._name = task.get_name().strip()
self.logmech._last_task_start = time.time()
def playbook_on_notify(self, host, handler):
pass
def playbook_on_no_hosts_matched(self):
pass
def playbook_on_no_hosts_remaining(self):
pass
def playbook_on_task_start(self, name, is_conditional):
logmech._last_task_start = time.time()
self._task_count += 1
def v2_playbook_on_setup(self):
self._task_count += 1
def playbook_on_vars_prompt(self, varname, private=True, prompt=None, encrypt=None, confirm=False, salt_size=None, salt=None, default=None):
pass
def v2_playbook_on_import_for_host(self, result, imported_file):
def playbook_on_setup(self):
self._task_count += 1
pass
def playbook_on_import_for_host(self, host, imported_file):
task = getattr(self,'task', None)
res = {}
res['imported_file'] = imported_file
self.logmech.log(result._host.get_name(), 'IMPORTED', res, self.task)
logmech.log(host, 'IMPORTED', res, task)
def v2_playbook_on_not_import_for_host(self, result, missing_file):
def playbook_on_not_import_for_host(self, host, missing_file):
task = getattr(self,'task', None)
res = {}
res['missing_file'] = missing_file
self.logmech.log(result._host.get_name(), 'NOTIMPORTED', res, self.task)
logmech.log(host, 'NOTIMPORTED', res, task)
def v2_playbook_on_play_start(self, play):
def playbook_on_play_start(self, pattern):
self._task_count = 0
play = getattr(self, 'play', None)
if play:
# figure out where the playbook FILE is
path = os.path.abspath(self.playbook._file_name)
path = os.path.abspath(play.playbook.filename)
# tel the logger what the playbook is
self.logmech.playbook_id = path
logmech.playbook_id = path
# if play count == 0
# write out playbook info now
@ -266,35 +275,33 @@ class CallbackModule(CallbackBase):
pb_info['playbook_start'] = time.time()
pb_info['playbook'] = path
pb_info['userid'] = getlogin()
pb_info['extra_vars'] = play._variable_manager.extra_vars
pb_info['inventory'] = play._variable_manager._inventory._sources
pb_info['playbook_checksum'] = secure_hash(path)
if hasattr(self, "play_context"):
pb_info['check'] = self.play_context.check_mode
pb_info['diff'] = self.play_context.diff
self.logmech.play_log(json.dumps(pb_info, indent=4))
pb_info['extra_vars'] = play.playbook.extra_vars
pb_info['inventory'] = play.playbook.inventory.host_list
pb_info['playbook_checksum'] = utils.md5(path)
pb_info['check'] = play.playbook.check
pb_info['diff'] = play.playbook.diff
logmech.play_log(json.dumps(pb_info, indent=4))
self._play_count += 1
# then write per-play info that doesn't duplcate the playbook info
info = {}
info['play'] = play.name
info['hosts'] = play.hosts
info['transport'] = play.transport
info['number'] = self._play_count
if hasattr(self, "play_context"):
info['transport'] = str(self.play_context.connection)
info['check'] = self.play_context.check_mode
info['diff'] = self.play_context.diff
self.logmech.play_info = info
try:
self.logmech.play_log(json.dumps(info, indent=4))
except TypeError:
print(("Failed to conver to JSON:", info))
info['check'] = play.playbook.check
info['diff'] = play.playbook.diff
logmech.play_info = info
logmech.play_log(json.dumps(info, indent=4))
def v2_playbook_on_stats(self, stats):
def playbook_on_stats(self, stats):
results = {}
for host in list(stats.processed.keys()):
for host in stats.processed.keys():
results[host] = stats.summarize(host)
self.logmech.log(host, 'STATS', results[host])
self.logmech.play_log(json.dumps({'stats': results}, indent=4))
self.logmech.play_log(json.dumps({'playbook_end': time.time()}, indent=4))
print(('logs written to: %s' % self.logmech.logpath_play))
logmech.log(host, 'STATS', results[host])
logmech.play_log(json.dumps({'stats': results}, indent=4))
logmech.play_log(json.dumps({'playbook_end': time.time()}, indent=4))
print 'logs written to: %s' % logmech.logpath_play

278
callback_plugins/logdetail2.py Normal file
View file

@ -0,0 +1,278 @@
# (C) 2012, Michael DeHaan, <michael.dehaan@gmail.com>
# based on the log_plays example
# skvidal@fedoraproject.org
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
from __future__ import absolute_import
import os
import time
import json
import pwd
try:
from ansible.utils.hashing import secure_hash
except ImportError:
from ansible.utils import md5 as secure_hash
try:
from ansible.plugins.callback import CallbackBase
except ImportError:
# Ansible v1 compat
CallbackBase = object
TIME_FORMAT="%b %d %Y %H:%M:%S"
MSG_FORMAT="%(now)s\t%(count)s\t%(category)s\t%(name)s\t%(data)s\n"
LOG_PATH = '/var/log/ansible'
def getlogin():
try:
user = os.getlogin()
except OSError, e:
user = pwd.getpwuid(os.geteuid())[0]
return user
class LogMech(object):
def __init__(self):
self.started = time.time()
self.pid = str(os.getpid())
self._pb_fn = None
self._last_task_start = None
self.play_info = {}
self.logpath = LOG_PATH
if not os.path.exists(self.logpath):
try:
os.makedirs(self.logpath, mode=0750)
except OSError, e:
if e.errno != 17:
raise
# checksum of full playbook?
@property
def playbook_id(self):
if self._pb_fn:
return os.path.basename(self._pb_fn).replace('.yml', '').replace('.yaml', '')
else:
return "ansible-cmd"
@playbook_id.setter
def playbook_id(self, value):
self._pb_fn = value
@property
def logpath_play(self):
# this is all to get our path to look nice ish
tstamp = time.strftime('%Y/%m/%d/%H.%M.%S', time.localtime(self.started))
path = os.path.normpath(self.logpath + '/' + self.playbook_id + '/' + tstamp + '/')
if not os.path.exists(path):
try:
os.makedirs(path)
except OSError, e:
if e.errno != 17: # if it is not dir exists then raise it up
raise
return path
def play_log(self, content):
# record out playbook.log
# include path to playbook, checksums, user running playbook
# any args we can get back from the invocation
fd = open(self.logpath_play + '/' + 'playbook-' + self.pid + '.info', 'a')
fd.write('%s\n' % content)
fd.close()
def task_to_json(self, task):
res = {}
res['task_name'] = task.name
res['task_module'] = task.action
res['task_args'] = task.args
if self.playbook_id == 'ansible-cmd':
res['task_userid'] = getlogin()
for k in ("delegate_to", "environment", "with_first_found",
"local_action", "notified_by", "notify",
"register", "sudo", "sudo_user", "tags",
"transport", "when"):
v = getattr(task, k, None)
if v:
res['task_' + k] = v
return res
def log(self, host, category, data, task=None, count=0):
if not host:
host = 'HOSTMISSING'
if type(data) == dict:
name = data.get('module_name',None)
else:
name = "unknown"
# we're in setup - move the invocation info up one level
if 'invocation' in data:
invoc = data['invocation']
if not name and 'module_name' in invoc:
name = invoc['module_name']
#don't add this since it can often contain complete passwords :(
del(data['invocation'])
if task:
name = task.name
data['task_start'] = self._last_task_start
data['task_end'] = time.time()
data.update(self.task_to_json(task))
if 'task_userid' not in data:
data['task_userid'] = getlogin()
if category == 'OK' and data.get('changed', False):
category = 'CHANGED'
if self.play_info.get('check', False) and self.play_info.get('diff', False):
category = 'CHECK_DIFF:' + category
elif self.play_info.get('check', False):
category = 'CHECK:' + category
# Sometimes this is None.. othertimes it's fine. Othertimes it has
# trailing whitespace that kills logview. Strip that, when possible.
if name:
name = name.strip()
sanitize_host = host.replace(' ', '_').replace('>', '-')
fd = open(self.logpath_play + '/' + sanitize_host + '.log', 'a')
now = time.strftime(TIME_FORMAT, time.localtime())
fd.write(MSG_FORMAT % dict(now=now, name=name, count=count, category=category, data=json.dumps(data)))
fd.close()
logmech = LogMech()
class CallbackModule(CallbackBase):
"""
logs playbook results, per host, in /var/log/ansible/hosts
"""
CALLBACK_NAME = 'logdetail2'
CALLBACK_TYPE = 'notification'
CALLBACK_VERSION = 2.0
CALLBACK_NEEDS_WHITELIST = True
def __init__(self):
self._task_count = 0
self._play_count = 0
self.task = None
self.playbook = None
super(CallbackModule, self).__init__()
def set_play_context(self, play_context):
self.play_context = play_context
def v2_runner_on_failed(self, result, ignore_errors=False):
category = 'FAILED'
logmech.log(result._host.get_name(), category, result._result, self.task, self._task_count)
def v2_runner_on_ok(self, result):
category = 'OK'
logmech.log(result._host.get_name(), category, result._result, self.task, self._task_count)
def v2_runner_on_skipped(self, result):
category = 'SKIPPED'
res = {}
res['item'] = self._get_item(getattr(result._result, 'results', {}))
logmech.log(result._host.get_name(), category, res, self.task, self._task_count)
def v2_runner_on_unreachable(self, result):
category = 'UNREACHABLE'
res = {}
res['output'] = result._result
logmech.log(result._host.get_name(), category, res, self.task, self._task_count)
def v2_runner_on_async_failed(self, result):
category = 'ASYNC_FAILED'
logmech.log(result._host.get_name(), category, result._result, self.task, self._task_count)
def v2_playbook_on_start(self, playbook):
self.playbook = playbook
def v2_playbook_on_task_start(self, task, is_conditional):
self.task = task
logmech._last_task_start = time.time()
self._task_count += 1
def v2_playbook_on_setup(self):
self._task_count += 1
def v2_playbook_on_import_for_host(self, result, imported_file):
res = {}
res['imported_file'] = imported_file
logmech.log(result._host.get_name(), 'IMPORTED', res, self.task)
def v2_playbook_on_not_import_for_host(self, result, missing_file):
res = {}
res['missing_file'] = missing_file
logmech.log(result._host.get_name(), 'NOTIMPORTED', res, self.task)
def v2_playbook_on_play_start(self, play):
self._task_count = 0
if play:
# figure out where the playbook FILE is
path = os.path.abspath(self.playbook._file_name)
# tel the logger what the playbook is
logmech.playbook_id = path
# if play count == 0
# write out playbook info now
if not self._play_count:
pb_info = {}
pb_info['playbook_start'] = time.time()
pb_info['playbook'] = path
pb_info['userid'] = getlogin()
pb_info['extra_vars'] = play._variable_manager.extra_vars
pb_info['inventory'] = play._variable_manager._inventory._sources
pb_info['playbook_checksum'] = secure_hash(path)
pb_info['check'] = self.play_context.check_mode
pb_info['diff'] = self.play_context.diff
logmech.play_log(json.dumps(pb_info, indent=4))
self._play_count += 1
# then write per-play info that doesn't duplcate the playbook info
info = {}
info['play'] = play.name
info['hosts'] = play.hosts
info['transport'] = self.play_context.connection
info['number'] = self._play_count
info['check'] = self.play_context.check_mode
info['diff'] = self.play_context.diff
logmech.play_info = info
logmech.play_log(json.dumps(info, indent=4))
def v2_playbook_on_stats(self, stats):
results = {}
for host in stats.processed.keys():
results[host] = stats.summarize(host)
logmech.log(host, 'STATS', results[host])
logmech.play_log(json.dumps({'stats': results}, indent=4))
logmech.play_log(json.dumps({'playbook_end': time.time()}, indent=4))
print('logs written to: %s' % logmech.logpath_play)

21
files/2fa/pam_url.conf.cloud Normal file
View file

@ -0,0 +1,21 @@
pam_url:
{
settings:
{
url = "https://fas-all.phx2.fedoraproject.org:8443/"; # URI to fetch
returncode = "OK"; # The remote script/cgi should return a 200 http code and this string as its only results
userfield = "user"; # userfield name to send
passwdfield = "token"; # passwdfield name to send
extradata = "&do=login"; # extradata to send
prompt = "Password+Token: "; # password prompt
};
ssl:
{
verify_peer = true; # Should we verify SSL ?
verify_host = true; # Should we verify the CN in the SSL cert?
client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate
client_key = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert)
ca_cert = "/etc/pki/tls/private/totpcgi-ca.cert";
};
};

21
files/2fa/pam_url.conf.fakefas01.fedoraproject.org Normal file
View file

@ -0,0 +1,21 @@
pam_url:
{
settings:
{
url = "https://fas-all.phx2.fedoraproject.org:8443/"; # URI to fetch
returncode = "OK"; # The remote script/cgi should return a 200 http code and this string as its only results
userfield = "user"; # userfield name to send
passwdfield = "token"; # passwdfield name to send
extradata = "&do=login"; # extradata to send
prompt = "Password+Token: "; # password prompt
};
ssl:
{
verify_peer = true; # Should we verify SSL ?
verify_host = true; # Should we verify the CN in the SSL cert?
client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate
client_key = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert)
ca_cert = "/etc/pki/tls/private/totpcgi-ca.cert";
};
};

21
files/2fa/pam_url.conf.fed-cloud09.cloud.fedoraproject.org Normal file
View file

@ -0,0 +1,21 @@
pam_url:
{
settings:
{
url = "https://fas-all.phx2.fedoraproject.org:8443/"; # URI to fetch
returncode = "OK"; # The remote script/cgi should return a 200 http code and this string as its only results
userfield = "user"; # userfield name to send
passwdfield = "token"; # passwdfield name to send
extradata = "&do=login"; # extradata to send
prompt = "Password+Token: "; # password prompt
};
ssl:
{
verify_peer = true; # Should we verify SSL ?
verify_host = true; # Should we verify the CN in the SSL cert?
client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate
client_key = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert)
ca_cert = "/etc/pki/tls/private/totpcgi-ca.cert";
};
};

27
files/2fa/pam_url.conf.j2 Normal file
View file

@ -0,0 +1,27 @@
pam_url:
{
settings:
{
{% if env == 'staging' %}
url = "https://fas-all.stg.phx2.fedoraproject.org:8443/"; # URI to fetch
{% elif datacenter == 'phx2' %}
url = "https://fas-all.phx2.fedoraproject.org:8443/"; # URI to fetch
{% else %}
url = "https://fas-all.vpn.fedoraproject.org:8443/"; # URI to fetch
{% endif %}
returncode = "OK"; # The remote script/cgi should return a 200 http code and this string as its only results
userfield = "user"; # userfield name to send
passwdfield = "token"; # passwdfield name to send
extradata = "&do=login"; # extradata to send
prompt = "Password+Token: "; # password prompt
};
ssl:
{
verify_peer = true; # Should we verify SSL ?
verify_host = true; # Should we verify the CN in the SSL cert?
client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate
client_key = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert)
ca_cert = "/etc/pki/tls/private/totpcgi-ca.cert";
};
};

21
files/2fa/pam_url.conf.stg.fedoraproject.org Normal file
View file

@ -0,0 +1,21 @@
pam_url:
{
settings:
{
url = "https://fas-all.stg.phx2.fedoraproject.org:8443/"; # URI to fetch
returncode = "OK"; # The remote script/cgi should return a 200 http code and this string as its only results
userfield = "user"; # userfield name to send
passwdfield = "token"; # passwdfield name to send
extradata = "&do=login"; # extradata to send
prompt = "Password+Token: "; # password prompt
};
ssl:
{
verify_peer = true; # Should we verify SSL ?
verify_host = true; # Should we verify the CN in the SSL cert?
client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate
client_key = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert)
ca_cert = "/etc/pki/tls/private/totpcgi-ca.cert";
};
};

27
files/2fa/pam_url.conf.taskotron-stg01.qa.fedoraproject.org Normal file
View file

@ -0,0 +1,27 @@
pam_url:
{
settings:
{
{% if env == 'staging' %}
url = "https://fas-all.stg.phx2.fedoraproject.org:8443/"; # URI to fetch
{% elif datacenter == 'phx2' %}
url = "https://fas-all.phx2.fedoraproject.org:8443/"; # URI to fetch
{% else %}
url = "https://fas-all.vpn.fedoraproject.org:8443/"; # URI to fetch
{% endif %}
returncode = "OK"; # The remote script/cgi should return a 200 http code and this string as its only results
userfield = "user"; # userfield name to send
passwdfield = "token"; # passwdfield name to send
extradata = "&do=login"; # extradata to send
prompt = "Password+Token: "; # password prompt
};
ssl:
{
verify_peer = true; # Should we verify SSL ?
verify_host = true; # Should we verify the CN in the SSL cert?
client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate
client_key = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert)
ca_cert = "/etc/pki/tls/private/totpcgi-ca.cert";
};
};

21
files/2fa/pam_url.conf.vpn.fedoraproject.org Normal file
View file

@ -0,0 +1,21 @@
pam_url:
{
settings:
{
url = "https://fas-all.vpn.fedoraproject.org:8443/"; # URI to fetch
returncode = "OK"; # The remote script/cgi should return a 200 http code and this string as its only results
userfield = "user"; # userfield name to send
passwdfield = "token"; # passwdfield name to send
extradata = "&do=login"; # extradata to send
prompt = "Password+Token: "; # password prompt
};
ssl:
{
verify_peer = true; # Should we verify SSL ?
verify_host = true; # Should we verify the CN in the SSL cert?
client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate
client_key = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert)
ca_cert = "/etc/pki/tls/private/totpcgi-ca.cert";
};
};

9
files/2fa/sudo.pam Normal file
View file

@ -0,0 +1,9 @@
#%PAM-1.0
auth required pam_env.so
auth sufficient pam_url.so config=/etc/pam_url.conf
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account include system-auth
password include system-auth
session optional pam_keyinit.so revoke
session required pam_limits.so

6
files/2fa/sudo.pam.dev.fedoraproject.org Normal file
View file

@ -0,0 +1,6 @@
#%PAM-1.0
auth include system-auth
account include system-auth
password include system-auth
session optional pam_keyinit.so revoke
session required pam_limits.so

6
files/artboard/artboard-backup Executable file
View file

@ -0,0 +1,6 @@
#!/bin/sh
SNAPSHOTTIME=$(date +"%m-%d-%Y")
cd /srv/persist
echo "Snapshot taken $SNAPSHOTTIME.\n" >> /var/www/html/artboard/artboard-backup-summary.log
tar -zcvf "artboard-backup.tar.gz" artboard

16
files/artboard/artboard.conf Normal file
View file

@ -0,0 +1,16 @@
<Directory "/var/www/html/artboard">
Options Indexes FollowSymLinks
AllowOverride All
<IfModule mod_authz_core.c>
# Apache 2.4
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order deny,allow
Allow from all
</IfModule>
</Directory>

2
files/artboard/redirect.conf Normal file
View file

@ -0,0 +1,2 @@
RedirectMatch "^/$" /artboard/

87
files/aws/iam/policies/fcos-builds-releng.json
View file

@ -1,87 +0,0 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutAnalyticsConfiguration",
"s3:GetObjectVersionTagging",
"s3:CreateBucket",
"s3:ReplicateObject",
"s3:GetObjectAcl",
"s3:GetBucketObjectLockConfiguration",
"s3:DeleteBucketWebsite",
"s3:PutLifecycleConfiguration",
"s3:GetObjectVersionAcl",
"s3:HeadBucket",
"s3:DeleteObject",
"s3:GetBucketPolicyStatus",
"s3:GetObjectRetention",
"s3:GetBucketWebsite",
"s3:ListJobs",
"s3:PutReplicationConfiguration",
"s3:PutObjectLegalHold",
"s3:GetObjectLegalHold",
"s3:GetBucketNotification",
"s3:PutBucketCORS",
"s3:GetReplicationConfiguration",
"s3:ListMultipartUploadParts",
"s3:PutObject",
"s3:GetObject",
"s3:PutBucketNotification",
"s3:DescribeJob",
"s3:PutBucketLogging",
"s3:GetAnalyticsConfiguration",
"s3:PutBucketObjectLockConfiguration",
"s3:GetObjectVersionForReplication",
"s3:CreateJob",
"s3:GetLifecycleConfiguration",
"s3:ListBucketByTags",
"s3:GetInventoryConfiguration",
"s3:GetBucketTagging",
"s3:PutAccelerateConfiguration",
"s3:DeleteObjectVersion",
"s3:GetBucketLogging",
"s3:ListBucketVersions",
"s3:RestoreObject",
"s3:ListBucket",
"s3:GetAccelerateConfiguration",
"s3:GetBucketPolicy",
"s3:PutEncryptionConfiguration",
"s3:GetEncryptionConfiguration",
"s3:GetObjectVersionTorrent",
"s3:AbortMultipartUpload",
"s3:GetBucketRequestPayment",
"s3:UpdateJobPriority",
"s3:GetObjectTagging",
"s3:GetMetricsConfiguration",
"s3:DeleteBucket",
"s3:PutBucketVersioning",
"s3:GetBucketPublicAccessBlock",
"s3:ListBucketMultipartUploads",
"s3:PutMetricsConfiguration",
"s3:UpdateJobStatus",
"s3:GetBucketVersioning",
"s3:GetBucketAcl",
"s3:PutInventoryConfiguration",
"s3:GetObjectTorrent",
"s3:GetAccountPublicAccessBlock",
"s3:PutBucketWebsite",
"s3:ListAllMyBuckets",
"s3:PutBucketRequestPayment",
"s3:PutObjectRetention",
"s3:GetBucketCORS",
"s3:GetBucketLocation",
"s3:ReplicateDelete",
"s3:GetObjectVersion"
],
"Resource": "*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "209.132.181.102/32"
}
}
}
]
}

23
files/aws/iam/policies/fcos-poc-artifacts.json
View file

@ -1,23 +0,0 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "s3:PutObjectAcl",
"Resource": [
"arn:aws:s3:::fcos-builds/*",
"arn:aws:s3:::fcos-builds"
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::fcos-builds/*",
"arn:aws:s3:::fcos-builds"
]
}
]
}

44
files/aws/iam/policies/fcos-upload-amis.json
View file

@ -1,44 +0,0 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ec2:ImportVolume",
"ec2:CreateTags",
"ec2:RegisterImage",
"ec2:DeregisterImage",
"ec2:CancelConversionTask",
"ec2:CreateSnapshot",
"ec2:ImportSnapshot",
"ec2:CancelImportTask",
"ec2:DeleteSnapshot",
"ec2:CopyImage",
"ec2:DescribeImageAttribute",
"ec2:ModifyImageAttribute",
"ec2:DescribeSnapshots",
"ec2:DescribeSnapshotAttribute",
"ec2:DescribeImportSnapshotTasks",
"ec2:DescribeImages",
"ec2:DeleteVolume",
"ec2:ModifySnapshotAttribute",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeVolumes",
"ec2:DescribeRegions",
"ec2:DescribeConversionTasks",
"ec2:DescribeTags"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "ec2:CreateTags",
"Resource": [
"arn:aws:ec2:*::snapshot/*",
"arn:aws:ec2:*::image/*"
]
}
]
}

51
files/aws/iam/policies/fedora-centos-ec2.json
View file

@ -1,51 +0,0 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowDescription",
"Effect": "Allow",
"Action": [
"ec2:Describe*",
"iam:PassRole",
"iam:ListInstanceProfiles",
"ec2:ImportKeyPair",
"ec2:CreateKeyPair",
"ec2:CreateSecurityGroup"
],
"Resource": [
"*"
]
},
{
"Sid": "AllowWhenOwnerOrUntagged",
"Effect": "Allow",
"Action": [
"ec2:*"
],
"Condition": {
"StringEqualsIfExists": {
"ec2:ResourceTag/FedoraGroup": [
"centos"
]
}
},
"Resource": [
"arn:aws:ec2:*:*:capacity-reservation/*",
"arn:aws:ec2:*:*:elasticGpu/*",
"arn:aws:ec2:*::fpga-image/*",
"arn:aws:ec2:*::image/*",
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:key-pair/*",
"arn:aws:ec2:*:*:launch-template/*",
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:placement-group/*",
"arn:aws:ec2:*:*:reserved-instances/*",
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*::snapshot/*",
"arn:aws:ec2:*::spot-instance-request/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:subnet/*"
]
}
]
}

51
files/aws/iam/policies/fedora-copr-ec2.json
View file

@ -1,51 +0,0 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowDescription",
"Effect": "Allow",
"Action": [
"ec2:Describe*",
"iam:PassRole",
"iam:ListInstanceProfiles",
"ec2:ImportKeyPair",
"ec2:CreateKeyPair",
"ec2:CreateSecurityGroup"
],
"Resource": [
"*"
]
},
{
"Sid": "AllowWhenOwnerOrUntagged",
"Effect": "Allow",
"Action": [
"ec2:*"
],
"Condition": {
"StringEqualsIfExists": {
"ec2:ResourceTag/FedoraGroup": [
"copr"
]
}
},
"Resource": [
"arn:aws:ec2:*:*:capacity-reservation/*",
"arn:aws:ec2:*:*:elasticGpu/*",
"arn:aws:ec2:*::fpga-image/*",
"arn:aws:ec2:*::image/*",
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:key-pair/*",
"arn:aws:ec2:*:*:launch-template/*",
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:placement-group/*",
"arn:aws:ec2:*:*:reserved-instances/*",
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*::snapshot/*",
"arn:aws:ec2:*::spot-instance-request/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:subnet/*"
]
}
]
}

45
files/aws/iam/policies/fedora-infra-ec2.json
View file

@ -1,45 +0,0 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ec2:Describe*",
"iam:PassRole",
"ec2:ImportKeyPair",
"ec2:CreateKeyPair",
"ec2:CreateSecurityGroup",
"iam:ListInstanceProfiles"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "ec2:*",
"Resource": [
"arn:aws:ec2:*:*:subnet/*",
"arn:aws:ec2:*:*:elasticGpu/*",
"arn:aws:ec2:*:*:reserved-instances/*",
"arn:aws:ec2:*:*:launch-template/*",
"arn:aws:ec2:*::snapshot/*",
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:placement-group/*",
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:capacity-reservation/*",
"arn:aws:ec2:*:*:key-pair/*",
"arn:aws:ec2:*::spot-instance-request/*",
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*::fpga-image/*",
"arn:aws:ec2:*::image/*"
],
"Condition": {
"StringEqualsIfExists": {
"ec2:ResourceTag/FedoraGroup": "infra"
}
}
}
]
}

36
files/aws/iam/policies/robosignatory-fcos-devel.json
View file

@ -1,36 +0,0 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "WriteToTestBucket",
"Effect": "Allow",
"Action": [
"s3:GetBucketPublicAccessBlock",
"s3:PutObject",
"s3:GetObjectAcl",
"s3:GetObject",
"s3:GetBucketTagging",
"s3:GetObjectTagging",
"s3:ListBucket",
"s3:GetBucketAcl",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::*/*",
"arn:aws:s3:::robosig-dev-fcos-builds"
]
},
{
"Sid": "ReadFromProdBucket",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::*/*",
"arn:aws:s3:::fcos-builds"
]
}
]
}

29
files/common/RPM-GPG-KEY-EPEL-7
View file

@ -1,29 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)
mQINBFKuaIQBEAC1UphXwMqCAarPUH/ZsOFslabeTVO2pDk5YnO96f+rgZB7xArB
OSeQk7B90iqSJ85/c72OAn4OXYvT63gfCeXpJs5M7emXkPsNQWWSju99lW+AqSNm
jYWhmRlLRGl0OO7gIwj776dIXvcMNFlzSPj00N2xAqjMbjlnV2n2abAE5gq6VpqP
vFXVyfrVa/ualogDVmf6h2t4Rdpifq8qTHsHFU3xpCz+T6/dGWKGQ42ZQfTaLnDM
jToAsmY0AyevkIbX6iZVtzGvanYpPcWW4X0RDPcpqfFNZk643xI4lsZ+Y2Er9Yu5
S/8x0ly+tmmIokaE0wwbdUu740YTZjCesroYWiRg5zuQ2xfKxJoV5E+Eh+tYwGDJ
n6HfWhRgnudRRwvuJ45ztYVtKulKw8QQpd2STWrcQQDJaRWmnMooX/PATTjCBExB
9dkz38Druvk7IkHMtsIqlkAOQMdsX1d3Tov6BE2XDjIG0zFxLduJGbVwc/6rIc95
T055j36Ez0HrjxdpTGOOHxRqMK5m9flFbaxxtDnS7w77WqzW7HjFrD0VeTx2vnjj
GqchHEQpfDpFOzb8LTFhgYidyRNUflQY35WLOzLNV+pV3eQ3Jg11UFwelSNLqfQf
uFRGc+zcwkNjHh5yPvm9odR1BIfqJ6sKGPGbtPNXo7ERMRypWyRz0zi0twARAQAB
tChGZWRvcmEgRVBFTCAoNykgPGVwZWxAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMB
AgAiBQJSrmiEAhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBqL66iNSxk
5cfGD/4spqpsTjtDM7qpytKLHKruZtvuWiqt5RfvT9ww9GUUFMZ4ZZGX4nUXg49q
ixDLayWR8ddG/s5kyOi3C0uX/6inzaYyRg+Bh70brqKUK14F1BrrPi29eaKfG+Gu
MFtXdBG2a7OtPmw3yuKmq9Epv6B0mP6E5KSdvSRSqJWtGcA6wRS/wDzXJENHp5re
9Ism3CYydpy0GLRA5wo4fPB5uLdUhLEUDvh2KK//fMjja3o0L+SNz8N0aDZyn5Ax
CU9RB3EHcTecFgoy5umRj99BZrebR1NO+4gBrivIfdvD4fJNfNBHXwhSH9ACGCNv
HnXVjHQF9iHWApKkRIeh8Fr2n5dtfJEF7SEX8GbX7FbsWo29kXMrVgNqHNyDnfAB
VoPubgQdtJZJkVZAkaHrMu8AytwT62Q4eNqmJI1aWbZQNI5jWYqc6RKuCK6/F99q
thFT9gJO17+yRuL6Uv2/vgzVR1RGdwVLKwlUjGPAjYflpCQwWMAASxiv9uPyYPHc
ErSrbRG0wjIfAR3vus1OSOx3xZHZpXFfmQTsDP7zVROLzV98R3JwFAxJ4/xqeON4
vCPFU6OsT3lWQ8w7il5ohY95wmujfr6lk89kEzJdOTzcn7DBbUru33CQMGKZ3Evt
RjsC7FDbL017qxS+ZVA/HGkyfiu4cpgV8VUnbql5eAZ+1Ll6Dw==
=hdPa
-----END PGP PUBLIC KEY BLOCK-----

28
files/common/RPM-GPG-KEY-EPEL-8
View file

@ -1,28 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFz3zvsBEADJOIIWllGudxnpvJnkxQz2CtoWI7godVnoclrdl83kVjqSQp+2
dgxuG5mUiADUfYHaRQzxKw8efuQnwxzU9kZ70ngCxtmbQWGmUmfSThiapOz00018
+eo5MFabd2vdiGo1y+51m2sRDpN8qdCaqXko65cyMuLXrojJHIuvRA/x7iqOrRfy
a8x3OxC4PEgl5pgDnP8pVK0lLYncDEQCN76D9ubhZQWhISF/zJI+e806V71hzfyL
/Mt3mQm/li+lRKU25Usk9dWaf4NH/wZHMIPAkVJ4uD4H/uS49wqWnyiTYGT7hUbi
ecF7crhLCmlRzvJR8mkRP6/4T/F3tNDPWZeDNEDVFUkTFHNU6/h2+O398MNY/fOh
yKaNK3nnE0g6QJ1dOH31lXHARlpFOtWt3VmZU0JnWLeYdvap4Eff9qTWZJhI7Cq0
Wm8DgLUpXgNlkmquvE7P2W5EAr2E5AqKQoDbfw/GiWdRvHWKeNGMRLnGI3QuoX3U
pAlXD7v13VdZxNydvpeypbf/AfRyrHRKhkUj3cU1pYkM3DNZE77C5JUe6/0nxbt4
ETUZBTgLgYJGP8c7PbkVnO6I/KgL1jw+7MW6Az8Ox+RXZLyGMVmbW/TMc8haJfKL
MoUo3TVk8nPiUhoOC0/kI7j9ilFrBxBU5dUtF4ITAWc8xnG6jJs/IsvRpQARAQAB
tChGZWRvcmEgRVBFTCAoOCkgPGVwZWxAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMB
AgAiBQJc9877AhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAh6kWrL4bW
oWagD/4xnLWws34GByVDQkjprk0fX7Iyhpm/U7BsIHKspHLL+Y46vAAGY/9vMvdE
0fcr9Ek2Zp7zE1RWmSCzzzUgTG6BFoTG1H4Fho/7Z8BXK/jybowXSZfqXnTOfhSF
alwDdwlSJvfYNV9MbyvbxN8qZRU1z7PEWZrIzFDDToFRk0R71zHpnPTNIJ5/YXTw
NqU9OxII8hMQj4ufF11040AJQZ7br3rzerlyBOB+Jd1zSPVrAPpeMyJppWFHSDAI
WK6x+am13VIInXtqB/Cz4GBHLFK5d2/IYspVw47Solj8jiFEtnAq6+1Aq5WH3iB4
bE2e6z00DSF93frwOyWN7WmPIoc2QsNRJhgfJC+isGQAwwq8xAbHEBeuyMG8GZjz
xohg0H4bOSEujVLTjH1xbAG4DnhWO/1VXLX+LXELycO8ZQTcjj/4AQKuo4wvMPrv
9A169oETG+VwQlNd74VBPGCvhnzwGXNbTK/KH1+WRH0YSb+41flB3NKhMSU6dGI0
SGtIxDSHhVVNmx2/6XiT9U/znrZsG5Kw8nIbbFz+9MGUUWgJMsd1Zl9R8gz7V9fp
n7L7y5LhJ8HOCMsY/Z7/7HUs+t/A1MI4g7Q5g5UuSZdgi0zxukiWuCkLeAiAP4y7
zKK4OjJ644NDcWCHa36znwVmkz3ixL8Q0auR15Oqq2BjR/fyog==
=84m8
-----END PGP PUBLIC KEY BLOCK-----

29
files/common/RPM-GPG-KEY-EPEL-9
View file

@ -1,29 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGE3mOsBEACsU+XwJWDJVkItBaugXhXIIkb9oe+7aadELuVo0kBmc3HXt/Yp
CJW9hHEiGZ6z2jwgPqyJjZhCvcAWvgzKcvqE+9i0NItV1rzfxrBe2BtUtZmVcuE6
2b+SPfxQ2Hr8llaawRjt8BCFX/ZzM4/1Qk+EzlfTcEcpkMf6wdO7kD6ulBk/tbsW
DHX2lNcxszTf+XP9HXHWJlA2xBfP+Dk4gl4DnO2Y1xR0OSywE/QtvEbN5cY94ieu
n7CBy29AleMhmbnx9pw3NyxcFIAsEZHJoU4ZW9ulAJ/ogttSyAWeacW7eJGW31/Z
39cS+I4KXJgeGRI20RmpqfH0tuT+X5Da59YpjYxkbhSK3HYBVnNPhoJFUc2j5iKy
XLgkapu1xRnEJhw05kr4LCbud0NTvfecqSqa+59kuVc+zWmfTnGTYc0PXZ6Oa3rK
44UOmE6eAT5zd/ToleDO0VesN+EO7CXfRsm7HWGpABF5wNK3vIEF2uRr2VJMvgqS
9eNwhJyOzoca4xFSwCkc6dACGGkV+CqhufdFBhmcAsUotSxe3zmrBjqA0B/nxIvH
DVgOAMnVCe+Lmv8T0mFgqZSJdIUdKjnOLu/GRFhjDKIak4jeMBMTYpVnU+HhMHLq
uDiZkNEvEEGhBQmZuI8J55F/a6UURnxUwT3piyi3Pmr2IFD7ahBxPzOBCQARAQAB
tCdGZWRvcmEgKGVwZWw5KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAk4EEwEI
ADgWIQT/itE0RZcQbs6BO5GKOHK/MihGfAUCYTeY6wIbDwULCQgHAgYVCgkICwIE
FgIDAQIeAQIXgAAKCRCKOHK/MihGfFX/EACBPWv20+ttYu1A5WvtHJPzwbj0U4yF
3zTQpBglQ2UfkRpYdipTlT3Ih6j5h2VmgRPtINCc/ZE28adrWpBoeFIS2YAKOCLC
nZYtHl2nCoLq1U7FSttUGsZ/t8uGCBgnugTfnIYcmlP1jKKA6RJAclK89evDQX5n
R9ZD+Cq3CBMlttvSTCht0qQVlwycedH8iWyYgP/mF0W35BIn7NuuZwWhgR00n/VG
4nbKPOzTWbsP45awcmivdrS74P6mL84WfkghipdmcoyVb1B8ZP4Y/Ke0RXOnLhNe
CfrXXvuW+Pvg2RTfwRDtehGQPAgXbmLmz2ZkV69RGIr54HJv84NDbqZovRTMr7gL
9k3ciCzXCiYQgM8yAyGHV0KEhFSQ1HV7gMnt9UmxbxBE2pGU7vu3CwjYga5DpwU7
w5wu1TmM5KgZtZvuWOTDnqDLf0cKoIbW8FeeCOn24elcj32bnQDuF9DPey1mqcvT
/yEo/Ushyz6CVYxN8DGgcy2M9JOsnmjDx02h6qgWGWDuKgb9jZrvRedpAQCeemEd
fhEs6ihqVxRFl16HxC4EVijybhAL76SsM2nbtIqW1apBQJQpXWtQwwdvgTVpdEtE
r4ArVJYX5LrswnWEQMOelugUG6S3ZjMfcyOa/O0364iY73vyVgaYK+2XtT2usMux
VL469Kj5m13T6w==
=Mjs/
-----END PGP PUBLIC KEY BLOCK-----

13
files/common/epel10.repo
View file

@ -1,13 +0,0 @@
[epel]
name=Extras Packages for Enterprise Linux $releasever - $basearch
baseurl=https://infrastructure.fedoraproject.org/pub/epel/10/Everything/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-10
[epel-testing]
name=Extras Packages for Enterprise Linux $releasever - $basearch
baseurl=https://infrastructure.fedoraproject.org/pub/epel/testing/10/Everything/$basearch/
enabled=0
gpgcheck=1
gpgkey=https://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-10

13
files/common/epel6.repo Normal file
View file

@ -0,0 +1,13 @@
[epel]
name=Extras Packages for Enterprise Linux $releasever - $basearch
baseurl=http://infrastructure.fedoraproject.org/pub/epel/6/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6
[epel-testing]
name=Extras Packages for Enterprise Linux $releasever - $basearch
baseurl=http://infrastructure.fedoraproject.org/pub/epel/testing/6/$basearch/
enabled=0
gpgcheck=1
gpgkey=http://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6

12
files/common/epel7.repo
View file

@ -1,20 +1,20 @@
[epel]
name=Extras Packages for Enterprise Linux $releasever - $basearch
baseurl=https://infrastructure.fedoraproject.org/pub/epel/7/$basearch/
baseurl=http://infrastructure.fedoraproject.org/pub/epel/7/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
gpgkey=http://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
[epel-testing]
name=Extras Packages for Enterprise Linux $releasever - $basearch
baseurl=https://infrastructure.fedoraproject.org/pub/epel/testing/7/$basearch/
baseurl=http://infrastructure.fedoraproject.org/pub/epel/testing/7/$basearch/
enabled=0
gpgcheck=1
gpgkey=https://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
gpgkey=http://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
[epel-beta]
name=Extras Packages for Enterprise Linux beta $releasever - $basearch
baseurl=https://infrastructure.fedoraproject.org/pub/epel/beta/7/$basearch/
baseurl=http://infrastructure.fedoraproject.org/pub/epel/beta/7/$basearch/
enabled=0
gpgcheck=1
gpgkey=https://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
gpgkey=http://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7

13
files/common/epel8.repo
View file

@ -1,13 +0,0 @@
[epel]
name=Extras Packages for Enterprise Linux $releasever - $basearch
baseurl=https://infrastructure.fedoraproject.org/pub/epel/8/Everything/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8
[epel-testing]
name=Extras Packages for Enterprise Linux $releasever - $basearch
baseurl=https://infrastructure.fedoraproject.org/pub/epel/testing/8/Everything/$basearch/
enabled=0
gpgcheck=1
gpgkey=https://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8

13
files/common/epel9.repo
View file

@ -1,13 +0,0 @@
[epel]
name=Extras Packages for Enterprise Linux $releasever - $basearch
baseurl=https://infrastructure.fedoraproject.org/pub/epel/9/Everything/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9
[epel-testing]
name=Extras Packages for Enterprise Linux $releasever - $basearch
baseurl=https://infrastructure.fedoraproject.org/pub/epel/testing/9/Everything/$basearch/
enabled=0
gpgcheck=1
gpgkey=https://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9

21
files/common/fedora-updates-testing.repo
View file

@ -1,10 +1,7 @@
[updates-testing]
name=Fedora $releasever - $basearch - Test Updates
{% if ansible_distribution_major_version|int >27 %}
baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/testing/$releasever/Everything/$basearch/
{% else %}
baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/testing/$releasever/$basearch/
{% endif %}
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/$basearch/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch
enabled=0
gpgcheck=1
@ -12,11 +9,8 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
[updates-testing-debuginfo]
name=Fedora $releasever - $basearch - Test Updates Debug
{% if ansible_distribution_major_version|int >27 %}
baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/testing/$releasever/Everything/$basearch/debug/
{% else %}
baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/testing/$releasever/$basearch/debug/
{% endif %}
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/$basearch/debug/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch
enabled=0
gpgcheck=1
@ -24,11 +18,8 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
[updates-testing-source]
name=Fedora $releasever - Test Updates Source
{% if ansible_distribution_major_version|int >27 %}
baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/testing/$releasever/Everything/SRPMS/
{% else %}
baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/testing/$releasever/SRPMS/
{% endif %}
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/SRPMS/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch
enabled=0
gpgcheck=1

21
files/common/fedora-updates-testing.repo-secondary
View file

@ -1,10 +1,7 @@
[updates-testing]
name=Fedora $releasever - $basearch - Test Updates
{% if ansible_distribution_major_version|int >27 %}
baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/testing/$releasever/Everything/$basearch/
{% else %}
baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/testing/$releasever/$basearch/
{% endif %}
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/testing/$releasever/$basearch/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch
enabled=0
gpgcheck=1
@ -12,11 +9,8 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
[updates-testing-debuginfo]
name=Fedora $releasever - $basearch - Test Updates Debug
{% if ansible_distribution_major_version|int >27 %}
baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/testing/$releasever/Everything/$basearch/debug/
{% else %}
baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/testing/$releasever/$basearch/debug/
{% endif %}
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/testing/$releasever/$basearch/debug/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch
enabled=0
gpgcheck=1
@ -24,11 +18,8 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
[updates-testing-source]
name=Fedora $releasever - Test Updates Source
{% if ansible_distribution_major_version|int >27 %}
baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/testing/$releasever/Everything/SRPMS/
{% else %}
baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/testing/$releasever/SRPMS/
{% endif %}
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/testing/$releasever/SRPMS/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch
enabled=0
gpgcheck=1

21
files/common/fedora-updates.repo
View file

@ -1,10 +1,7 @@
[updates]
name=Fedora $releasever - $basearch - Updates
{% if ansible_distribution_major_version|int > 27 %}
baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/$releasever/Everything/$basearch/
{% else %}
baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/$releasever/$basearch/
{% endif %}
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/$releasever/$basearch/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch
enabled=1
gpgcheck=1
@ -12,11 +9,8 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
[updates-debuginfo]
name=Fedora $releasever - $basearch - Updates - Debug
{% if ansible_distribution_major_version|int > 27 %}
baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/$releasever/Everything/$basearch/debug/
{% else %}
baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/$releasever/$basearch/debug/
{% endif %}
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/$releasever/$basearch/debug/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch
enabled=0
gpgcheck=1
@ -24,11 +18,8 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
[updates-source]
name=Fedora $releasever - Updates Source
{% if ansible_distribution_major_version|int > 27 %}
baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/$releasever/Everything/SRPMS/
{% else %}
baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/$releasever/SRPMS/
{% endif %}
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/$releasever/SRPMS/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch
enabled=0
gpgcheck=1

21
files/common/fedora-updates.repo-secondary
View file

@ -1,10 +1,7 @@
[updates]
name=Fedora $releasever - $basearch - Updates
{% if ansible_distribution_major_version|int >27 %}
baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/$releasever/Everything/$basearch/
{% else %}
baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/$releasever/$basearch/
{% endif %}
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/$releasever/$basearch/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch
enabled=1
gpgcheck=1
@ -12,11 +9,8 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
[updates-debuginfo]
name=Fedora $releasever - $basearch - Updates - Debug
{% if ansible_distribution_major_version|int >27 %}
baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/$releasever/Everything/$basearch/debug/
{% else %}
baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/$releasever/$basearch/debug/
{% endif %}
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/$releasever/$basearch/debug/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch
enabled=0
gpgcheck=1
@ -24,11 +18,8 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
[updates-source]
name=Fedora $releasever - Updates Source
{% if ansible_distribution_major_version|int >27 %}
baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/$releasever/SRPMS/
{% else %}
baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/$releasever/Everything/SRPMS/
{% endif %}
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/$releasever/SRPMS/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch
enabled=0
gpgcheck=1

23
files/common/fedora.repo
View file

@ -1,24 +1,18 @@
[fedora]
name=Fedora $releasever - $basearch
{% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched == True else FedoraRawhideNumber|int ) %}
baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/releases/$releasever/Everything/$basearch/os/
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/os/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
{% else %}
baseurl=https://infrastructure.fedoraproject.org/pub/fedora/linux/development/$releasever/Everything/$basearch/os/
{% endif %}
enabled=1
metadata_expire=7d
gpgcheck=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
[fedora-debuginfo]
name=Fedora $releasever - $basearch - Debug
{% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched == True else FedoraRawhideNumber|int ) %}
baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/releases/$releasever/Everything/$basearch/debug/tree/
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/debug/tree/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch
{% else %}
baseurl=https://infrastructure.fedoraproject.org/pub/fedora/linux/development/$releasever/Everything/$basearch/debug/tree/
{% endif %}
enabled=0
metadata_expire=7d
gpgcheck=1
@ -26,12 +20,9 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
[fedora-source]
name=Fedora $releasever - Source
{% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched|int is defined else FedoraRawhideNumber|int ) %}
baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/releases/$releasever/Everything/source/tree/
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/source/tree/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch
{% else %}
baseurl=https://infrastructure.fedoraproject.org/pub/fedora/linux/development/$releasever/Everything/source/tree
{% endif %}
enabled=0
metadata_expire=7d
gpgcheck=1

24
files/common/fedora.repo-secondary
View file

@ -1,24 +1,18 @@
[fedora]
name=Fedora $releasever - $basearch
{% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched == True else FedoraRawhideNumber|int ) %}
baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/releases/$releasever/Everything/$basearch/os/
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/$releasever/Everything/$basearch/os/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
{% else %}
baseurl=https://infrastructure.fedoraproject.org/pub/fedora-secondary/development/$releasever/Everything/$basearch/os/
{% endif %}
enabled=1
metadata_expire=7d
gpgcheck=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
[fedora-debuginfo]
name=Fedora $releasever - $basearch - Debug
{% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched == True else FedoraRawhideNumber|int ) %}
baseurl=http://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/releases/$releasever/Everything/$basearch/debug/tree/
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/$releasever/Everything/$basearch/debug/tree/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch
{% else %}
baseurl=https://infrastructure.fedoraproject.org/pub/fedora-secondary/development/$releasever/Everything/$basearch/debug/tree/
{% endif %}
enabled=0
metadata_expire=7d
gpgcheck=1
@ -26,12 +20,8 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
[fedora-source]
name=Fedora $releasever - Source
{% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched == True else FedoraRawhideNumber|int ) %}
baseurl=http://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/releases/$releasever/Everything/source/tree/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch
{% else %}
baseurl=https://infrastructure.fedoraproject.org/pub/fedora-secondary/development/$releasever/Everything/source/tree/
{% endif %}
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/$releasever/Everything/source/tree/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch
enabled=0
metadata_expire=7d

4
files/common/infrastructure-testing.repo
View file

@ -1,7 +1,7 @@
[infrastructure-testing]
name=Extras Packages from Fedora Infrastructure $releasever - $basearch - Testing
baseurl=https://infrastructure.fedoraproject.org/repo/testing/$releasever/$basearch/
baseurl=http://infrastructure.fedoraproject.org/repo/testing/$releasever/$basearch/
enabled=0
gpgcheck=1
gpgkey=https://infrastructure.fedoraproject.org/repo/RPM-GPG-KEY-INFRASTRUCTURE
gpgkey=http://infrastructure.fedoraproject.org/repo/RPM-GPG-KEY-INFRASTRUCTURE

4
files/common/infrastructure.repo
View file

@ -1,6 +1,6 @@
[infrastructure]
name=Extras Packages from Fedora Infrastructure $releasever - $basearch
baseurl=https://infrastructure.fedoraproject.org/repo/$releasever/$basearch/
baseurl=http://infrastructure.fedoraproject.org/repo/$releasever/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://infrastructure.fedoraproject.org/repo/RPM-GPG-KEY-INFRASTRUCTURE
gpgkey=http://infrastructure.fedoraproject.org/repo/RPM-GPG-KEY-INFRASTRUCTURE

15
files/common/mock
View file

@ -1,15 +0,0 @@
#%PAM-1.0
auth sufficient pam_rootok.so
auth sufficient pam_succeed_if.so user ingroup mock use_uid quiet
account sufficient pam_succeed_if.so user ingroup packager use_uid quiet
auth sufficient pam_succeed_if.so user ingroup packager use_uid quiet
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required pam_wheel.so use_uid
auth include system-auth
account sufficient pam_succeed_if.so user ingroup mock use_uid quiet
account include system-auth
password include system-auth
session include system-auth
session optional pam_xauth.so

38
files/common/nbde_client-network-flush
View file

@ -1,38 +0,0 @@
#!/bin/sh
# do_flush() flushes every active network interface. It is intended to
# run before NetworkManager starts, so that when it does it will be able
# to set up the network using the regular host configuration.
do_flush() {
for f in /sys/class/net/*; do
iface="${f##*/}"
[ "${iface}" = "lo" ] && continue
echo "Preparing to flush interface ${iface}" >&2
ip -statistics address flush dev "${iface}"
rm -f /run/NetworkManager/system-connections/default_connection.nmconnection >&2
done
}
# reset_autoconn_prio() will reset the autoconnect priority
# of the existing NM connections to zero.
reset_autoconn_prio() {
nmcli -t -f NAME connection show 2>/dev/null | while read -r _c; do
if ! _prio="$(nmcli -t connection show "${_c}" \
| grep connection.autoconnect-priority: \
| cut -d: -f2)" || [ -z "${_prio}" ]; then
continue
fi
[ "${_prio}" -ge 0 ] && continue
echo "Setting autoconnect-priority of connection ${_c} to zero" >&2
nmcli connection modify "${_c}" connection.autoconnect-priority 0
done
}
case "${1}" in
reset-autoconn-prio)
reset_autoconn_prio;;
flush)
do_flush;;
esac
# vim:set ts=2 sw=2 et:

2
files/common/noautodefault.conf
View file

@ -1,2 +0,0 @@
[main]
no-auto-default=*

24
files/common/original-epel8.repo
View file

@ -1,24 +0,0 @@
[epel]
name=Extra Packages for Enterprise Linux $releasever - $basearch
#baseurl=https://download.fedoraproject.org/pub/epel/$releasever/Everything/$basearch
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir
enabled=1
gpgcheck=1
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
[epel-debuginfo]
name=Extra Packages for Enterprise Linux $releasever - $basearch - Debug
#baseurl=https://download.fedoraproject.org/pub/epel/$releasever/Everything/$basearch/debug
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-$releasever&arch=$basearch&infra=$infra&content=$contentdir
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
gpgcheck=1
[epel-source]
name=Extra Packages for Enterprise Linux $releasever - $basearch - Source
#baseurl=https://download.fedoraproject.org/pub/epel/$releasever/Everything/SRPMS
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-$releasever&arch=$basearch&infra=$infra&content=$contentdir
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
gpgcheck=1

24
files/common/original-epel9.repo
View file

@ -1,24 +0,0 @@
[epel]
name=Extra Packages for Enterprise Linux $releasever - $basearch
#baseurl=https://download.example/pub/epel/$releasever/Everything/$basearch/
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir
enabled=1
gpgcheck=1
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever
[epel-debuginfo]
name=Extra Packages for Enterprise Linux $releasever - $basearch - Debug
#baseurl=https://download.example/pub/epel/$releasever/Everything/$basearch/debug/
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-$releasever&arch=$basearch&infra=$infra&content=$contentdir
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever
gpgcheck=1
[epel-source]
name=Extra Packages for Enterprise Linux $releasever - $basearch - Source
#baseurl=https://download.example/pub/epel/$releasever/Everything/source/tree/
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-$releasever&arch=$basearch&infra=$infra&content=$contentdir
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever
gpgcheck=1

4
files/common/rhel-7-aarch64-server-rpms.repo Normal file
View file

@ -0,0 +1,4 @@
[rhel7-aarch64-server]
name = rhel7 $basearch server
baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-rpms
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

19
files/common/rhel-8-aarch64-server-rpms.repo
View file

@ -1,19 +0,0 @@
[rhel8-beta-dvd]
name = rhel8 beta base dvd
baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel-8.0-beta-1-$basearch/AppStream
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[rhel8-beta-BaseOS]
name = rhel8 beta BaseOS $basearch
baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel-8.0-beta-1-aarch64/BaseOS
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[rhel8-beta-ha]
name = rhel8 beta ha $basearch
baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel8-beta/aarch64/rhel-8-for-aarch64-ha-beta-rpms
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[rhel8-beta-appstream]
name = rhel8 beta appstream $basearch
baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel8-beta/aarch64/rhel-8-for-aarch64-appstream-beta-rpms
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

34
files/common/rhel10.repo
View file

@ -1,34 +0,0 @@
[rhel10-dvd-BaseOS]
name = rhel10 baseos dvd
baseurl=https://infrastructure.fedoraproject.org/repo/rhel/RHEL10-$basearch/BaseOS
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
enabled=1
gpgcheck=1
[rhel10-dvd-AppStream]
name = rhel10 AppStream dvd
baseurl=https://infrastructure.fedoraproject.org/repo/rhel/RHEL10-$basearch/AppStream
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
enabled=1
gpgcheck=1
[rhel10-BaseOS]
name = rhel10 BaseOS $basearch
baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel10/10.0/repos/$basearch/baseos
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
enabled=1
gpgcheck=1
[rhel10-AppStream]
name = rhel10 AppStream $basearch
baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel10/10.0/repos/$basearch/appstream
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
enabled=1
gpgcheck=1
[rhel10-CRB]
name = rhel10 CodeReadyBuilder $basearch
baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel10/10.0/repos/$basearch/crb
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
enabled=1
gpgcheck=1

14
files/common/rhel6.repo Normal file
View file

@ -0,0 +1,14 @@
[rhel6-dvd]
name = rhel6 base dvd
baseurl=http://infrastructure.fedoraproject.org/repo/rhel/RHEL6-$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[rhel6-base]
name = rhel6 base $basearch
baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel-$basearch-server-6/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[rhel6-optional]
name = rhel6 optional $basearch
baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel-$basearch-server-optional-6/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

4
files/common/rhel7-power-rhev.repo Normal file
View file

@ -0,0 +1,4 @@
[rhel7-rhev]
name = rhel7 rhev $basearch
baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-for-rhev-power-agents-rpms
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

10
files/common/rhel7.repo
View file

@ -1,24 +1,24 @@
[rhel7-dvd]
name = rhel7 base dvd
baseurl=https://infrastructure.fedoraproject.org/repo/rhel/RHEL7-$basearch/
baseurl=http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[rhel7-base]
name = rhel7 base $basearch
baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-rpms
baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-rpms
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[rhel7-optional]
name = rhel7 optional $basearch
baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-optional-rpms
baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-optional-rpms
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[rhel7-extras]
name = rhel7 extras $basearch
baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-extras-rpms
baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-extras-rpms
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[rhel7-ha]
name = rhel7 ha $basearch
baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-ha-for-rhel-7-server-rpms/
baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-ha-for-rhel-7-server-rpms/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

4
files/common/rhel7ah.repo Normal file
View file

@ -0,0 +1,4 @@
[rhel7-atomic-host]
name = rhel7 Atomic Host $basearch
baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-atomic-host-rpms
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

41
files/common/rhel8.repo
View file

@ -1,41 +0,0 @@
[rhel8-dvd-BaseOS]
name = rhel8 baseos dvd
baseurl=https://infrastructure.fedoraproject.org/repo/rhel/RHEL8.0-$basearch/BaseOS
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
enabled=1
gpgcheck=1
[rhel8-dvd-AppStream]
name = rhel8 AppStream dvd
baseurl=https://infrastructure.fedoraproject.org/repo/rhel/RHEL8.0-$basearch/AppStream
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
enabled=1
gpgcheck=1
[rhel8-BaseOS]
name = rhel8 BaseOS $basearch
baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel8/$basearch/rhel-8-for-$basearch-baseos-rpms
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
enabled=1
gpgcheck=1
[rhel8-AppStream]
name = rhel8 AppStream $basearch
baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel8/$basearch/rhel-8-for-$basearch-appstream-rpms
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
enabled=1
gpgcheck=1
[rhel8-CRB]
name = rhel8 CodeReadyBuilder $basearch
baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel8/$basearch/codeready-builder-for-rhel-8-$basearch-rpms/
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
enabled=1
gpgcheck=1
[rhel8-advanced-virt]
name = rhel8 AdvancedVirt $basearch
baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel8/$basearch/rhel-8-advanced-virt/
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
enabled=1
gpgcheck=1

41
files/common/rhel9.repo
View file

@ -1,41 +0,0 @@
[rhel9-dvd-BaseOS]
name = rhel9 baseos dvd
baseurl=https://infrastructure.fedoraproject.org/repo/rhel/RHEL9.0-$basearch/BaseOS
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
enabled=1
gpgcheck=1
[rhel9-dvd-AppStream]
name = rhel9 AppStream dvd
baseurl=https://infrastructure.fedoraproject.org/repo/rhel/RHEL9.0-$basearch/AppStream
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
enabled=1
gpgcheck=1
[rhel9-BaseOS]
name = rhel9 BaseOS $basearch
baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel9/$basearch/rhel-9-for-$basearch-baseos-rpms
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
enabled=1
gpgcheck=1
[rhel9-AppStream]
name = rhel9 AppStream $basearch
baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel9/$basearch/rhel-9-for-$basearch-appstream-rpms
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
enabled=1
gpgcheck=1
[rhel9-CRB]
name = rhel9 CodeReadyBuilder $basearch
baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel9/$basearch/codeready-builder-for-rhel-9-$basearch-rpms/
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
enabled=1
gpgcheck=1
[rhel9-advanced-virt]
name = rhel9 AdvancedVirt $basearch
baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel9/$basearch/rhel-9-advanced-virt/
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
enabled=0
gpgcheck=1

4
files/common/rhos16.repo
View file

@ -1,4 +0,0 @@
[rhel8-rhos16]
name = rhel8 openstack $basearch
baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel8/other/rhel-8-x86_64-openstack-16-rpms
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

20
files/common/rsyslog-logrotate
View file

@ -1,20 +0,0 @@
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
{
missingok
sharedscripts
postrotate
/usr/bin/systemctl reload rsyslog.service >/dev/null 2>&1 || true
endscript
daily
rotate 7
ifempty
compress
compresscmd /usr/bin/xz
uncompresscmd /usr/bin/xz
compressext .xz
dateext
}

13
files/common/sysadmin-main
View file

@ -2,5 +2,16 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAD9QDskl41P2f4wqBuDBRD3VJ7MfKD6gMetMEaOy2b/Czf
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAACAEAstHxky7hl1inyHBy+q/9M+Aen2HSfy8IoW+sAO6HSuHEUT7qWB8AlSNjHhahjXx7sy/BUkUed+NB/177rjlThokZDJ0yoM9KKymp26ETGaamBSkWBxZatTj96BWfD0P2K9jc/9vxtgKBq3VK9UaOt6VtJ9q6mKY3DdWLZn+K6iGQAKMCAgd8cCMgD6epBB5/litz7WhYv+aYTyjZGUGbBojQUiWgXDv9lR7p0w+VP7pnZEeb3//k4pZhsPrKFwwRVRLxBvWgVKNvA6nMXmsdikHCLLj8YAevhEY1xAba+iCKOpTqT7Bu+1Fnb9St8u5iDod21gRmN7MGGWYsO+Iu2MNAW9sw2nsA/sdNR0HEEgBqJLhERjGv399fWKyiZaF90n59lg8Pb6EzE6wHRs6rSB+9uKApBzPk99BEHLvC6mhn6RjrOC+TWSTcmXojAwQYCadqIdgWUaBsxaugKEXBFcmRuDWtpDfsqmM1kjeGU6MiaMlqPW0KjsMaVVChLO5ZvB/T7qW4wr5ZjLri475MuHocCMP0ECSUk7I3YW2h8RU6FEFmTpuULFRQo01iPreY5XJ7l0+xy2eggAWo+X2h3nGjXhCPOelBg+LYe0WOmPgB5oc1m5HZtFTcFzYbhAE+xQKlbwNeYT8HmNmEMhPjVoNyOOV7NAap+ueS2u/7li5D59O5Iy8aa5n/WiuYfkqH4pG796nFyLr5L/LVudzyaYFb/Gk8C1j/NAWYw53D/9aOA277HHe5t0/daJhbo98u0asF5mvPld3swPuPqkEZzgUfmNgH5CkvcQcMzaOvj6qr6xNmQfgsHroCShb46kplQ2uSf1pMAqsjN7jGhk6l+Bu6hKHnJKhZJVLiuAZtgYvkCB1ahaO3wRVozA1VKCAlqHOqoCq4YLIobUL95H08Kwcz7vIRIadX1TkOoLb2EwPkE/xrhDp4BySh+j6YNklSBkiRHvJMBNnRIj8NTRjYyj2o1Om7kJ770lEdryg2og8QBaFWCmFkwzg1QVrBOuu0dN7kt2l7VI7Ib4lavKSVTrqUdxdSbthUlu/b4Qif+pbyEtUFgykRsHVs+5Ofg7FZpsgCJ8rLFjzeVF/hAYX7t3XaIPLu+DL8kzamb/CRy1b7+iAw9nJbd7ED2SGyU6+c2coMPG23y6+YxgEmNG/rkCLCypkEEDOZe4DuMerZQ/RxMo06+glC6HC/3VN2dHlVLtEEV33B04/6Z0plAhqtjG7PVs08f8a5msV/VYn5ifa4z0oIXX1r5CIg3Ejp1JguLhBHpWa7YbS2Mwu6GAbD+hQfCYrsUkFonoOLu5czpITLo7ceJFTQmAt7OxZEoZBfmtYfzADQsQVYQb6J4QwvM3iKJOn30dgtYnJOVlDZEn+0fivedxoBAt9jHJ8lVp2ov/dOFnimi5V+2QIMB0fKTkChsk10zsDZ/KUk6zfijjEju0WfjRHCd357KswNv3aXHazfRIw77S2UOenD+xmUDZ6WgnxservUSDNDz7NldLf/gdPOMO4uSwKZixzsoCNioeLEmQv4gomNK7DyZBLMHLlWlbliqP+QWuIJO1rfoH2vaxzzA7l5tJW1gfnxm87RrrwIf9v5kpdJM6gQZxqmBCRsKQd5VkrEJ/xaFfkv080pWNV0drWTZW8fAAgfUNYB260Hyk3rHsjQlVtQxGJ1aAcgjMi3eGKQMwptbUMYHqct75czX6xp6zgXPiC/glX6AtuiZQ5bOI07imil20ien/ks/dnel8L+dmYDasL9m0B2jZ3lbl3eR1Dy7UhqGyERx//vYQapEBuwFcqQ9UdIWCGGG2Pte1I39BSehUUGSCOOD38a/GCu0l7OWZKdwq80MK/Ixgz4neiZQZ7MD2wPy6vk6Num18PZPN7OynMrI2UG5MViQ0GAhRgxwbUCvc7uKnGRqZo9q2mCabCxLbv+hJ4bppxpHHJxMDDXilTKMfZb0YRbvjBUi7LFKLN3MBMK2U1jHE+PjBgweqF8Jtuw04CQMxK3unajZOVkYAIq8IdMbw0oBVP4++eGB9z0x1eH+IsqL6IgknbbyoMgQqW9/8atm8HW2QYCX47oPd4FHs8rgJZk3bz8MwN3tp8WCRtYnJuwkWGWSq77ans0Ycl/tUfSSwUjnSvMsJnuSbxvdX0XbP5eRWikk0pJz5lM9sjYFOPHrQ44/U254yBa0N6UhyNTQnMGzRvY+fADE49b10hXZwCCrxpY9KvGr1XNJMnMcUke+4p9RS5LUwcZ8A6v7oWtZaZwnuBzvKk+HAn2gevD7Stjto+TnRCx1qcbx8iOhAEC6nvbLl+U313TmawrO/usrI5w3EFKP/4BnlKJDtNBeklJ0MpU3R1fmisqfegjuBW2bbaxq8Uo6m7uqPsYuAl7E6rOyZHLbtA8szvbQ46MSqAHezqxHJajWn2oZXMtbddgO5vlkxbRp3SSVKaPOeIj3XOGl78Owp4gFNRE0RY2EuUvrwUhXZR4wx1VHYjS6o9HAwOx3dH+pf1OiblUEanLQ9HLuOBkLhP8wn1M2slsSw+A1gyuI0ayjRujYFXdw6Mqp6XKTdU8vNue2c3d0I+TMifBypP0oJtxXmEoPp/VsU9yLKA2FF7Xvv/Xq1gtZcuZWAbSwMok/ENY1xeIFyjV+0yBidmax3jaf9yus/XEpyeBS3iIz63ymU10Kb2vrWjubg/sa2yd+q0y96dLdDRbnbwGwMmg6mXvTlVXf8c= ricky@padlock01.home.elrod.me
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5bNJQBrvT/YuvfLO0y6smZW5N+946uISkzmDi9myffLgHAZP4nBGeH/4GcB5ns9HJ19xVtbIwqOz4QwIqKh4gKU7DgaqND2Iu0bUUFL1KXPLGyAIW+9N3yHB+nKkH31alDnF4dpKkvO63DRkqh4ptxwEQbZDCFqn+vXuMnG4cPmDEweR3QZUt5m0Vc7HXzbehZxjUZ3xRWvT/pu+khBhJcRFkLlA60Fnqv7Q+MQP1C0Cpf3hiX1LcXUogXkNooAqx1YYRd8VqvI8e9yQW+a99x8FftnmXKlGCxP33ng6+U6Y2H7u3cRDrlRTbWqkry4SuUYo+6MtvZVgL0fw6PsZ jstanley@hawtness.rmrf.net
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJH1lA7WHRCbaFtvzbw0HxHYJstZjuXhax1+eL+SUJ5fFRGosEc4fLrSCP0gSFDfXmNzuspoBgcQTqnNO8FdIUwkJLDEu0vTQls1aT9YUXb+RVwKB7ULA3b1dqFkmOgLEjTJL9AplK4OJ9Su0kq6QBV4mXCxMsgEML/gn6r8muZmu2L/LdzUnxKKggyq7O5q1K/eW5Yy21fpvbHt2UPQX1f6gt4ty7E9Nnuhi7SHCI7fNIa+kHyIesfTm/SzeK/PY9rDwZKjuyS8o22GJXGEScJomK1cjMESH/J+t8Hffaj88BjGHNczvcnXAjq6y73VJQ9DiGLD4zmFquQMxDu0Tf kevin@jelerak.scrye.com
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDefONrBaBJlCxKtDwkYWVhf96lMhRQfwVJyBoBd4Pk6TqKMlAu2eST1xRZlV4cJSxAWgZpOaFgqJ5EGd6mq8PvVk+mKXdtX7CAoWm4f3c6otUFsFDCTw3gVvYSlEk23XBHuACsbAVNL4HmP+9C7PxQBePukbMBFD2smsyQkPcX7lZw+lDJW5lOTz3dHAA92bcopDycxRDI99gGkawzjlmxpm2C9nhRabKS6mpGw3N64d8hwHkkFbtHY7rS0/0Cka0geYYYv0NVki1IIctkhZE9LndcWbVcVe1pIlR0RyW2sorfgCgoa5fRZZhukUCtspdv981h/0b87RpRVUJKuRd1 lmacken@tomservo
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsmLoA/97DrE7roCHOY7NdB5TV/g7oxAsk74HgHcFRYAbn/rkoa7r9ZsgR7qzwd6Z+5Z77qFqvl1Bs3XtJf+1vJ3kwdcNFdKTw1DgTdE/rNPI7QzUgXKKKv/WCiU6UDBX4HHWq8Yuq4tkr/yepS8sLzMz2e0pHU4uWFQuvr5ttP9ABGohhDnPr0IcaT5vm+uBTJItJBrhqGws2fnVxhWEm8Y96AZb2vFZVwiMdcKKqfVZby3/wTuEtaDbv0krQNtLJcjaOTWLHWnxJEvLWSdFgkuIDvoNKR7ZV2lsmh5UD/smStgf8TkORR59r63dp2kWAn0/Jl59ARsdXDXGCiduF3GamxglTUA+kYbkN/PBQbl6o+nNKy4Q5TI53WNmhpdsbEJWCjzT+V1ju5JejFEHIhnWyBoBUWB2NKxWaSlToI2B9E0iJ0HK68IlA7bO4X7SD8q5cZBVTKMByFxt9uQXFeZeG7QRCPIsg6bXsirnFn5028iz+RfVFe3Mavp18v1hObvH6SDTczQauuAhTwYOtphaPZj+iHbaKvKndvlOWdGoyrNxgcx+t4loyEEcEWD0Astdp0bZD39nag94PD7hnoENOC0oE6mbtyUuSCGrU6ogee8qxYAt0AP3Rq1LLaRWXqe/1rM5A9oaDNwNkWA/JWbJbZQf0vvWTZmTib3rfew== mdomsch@fedoraproject.org
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7U0WbKLL/D6iR03/vdDZJ8Lkj1jjAkindSvC4PkXVgi6qJo1YBZnIgsmoQopYcra2yzHFt58crygIh79P/rpQowWY99W+Sk4kB9UNuiAiX/LRi+1YdxwCKcRNTVOwuji6MGZoscACERmIjPY6P1oFPERoXhUkOuzPcrDK/0z/Bp9dpNRVZE/0zN6dvHA9QODLGvcFtgnX73SbZfoIbaVP/37IvOZvjGI1jxC5DwCmY+ihM13GpELP6BM8iihlnl1pjk1vtqPxD9g9Llr14Sc6cZJKl1WCulqhde4SEMOjpMJ8J8cGYBSsdh49hB36pdKQuTTnuCXpEt5Tl8PUKCrr mmcgrath@desktop.mmcgrath.net
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3eVd6Ccegp1r1mhm7tPnlGUcw0zsAbR2p9hrFZ7RKxdIponuVV9ix4lgwpNEVDs0j4vxAApeLpJrsV8R8+YLUZO3Mzi+2s8nM8LXrKHtJT9wKKqoU3O/lC79drbWk3EMgETyP61Zpjkub0hwG2MjviPee63zCuRbxzxyalzk+AtwkRSxYaS2Ha0uKxGDiq1c/Iu6HRgm8HrtW+Pr6QbSSoHLhGUpR0HkgoC6852xXGhrRMkzXXbD9L6vaK9F39YmzD7Z8yey+xDTFW529avkEIWDeqBpbae+HjKqEQaBx71/rcmXhqKYrEagzUGpS8Bwskp3JMksd/v9tMuUhGQ2XaooCeKzvM0KnVUk/Q031ZtjNYxLpy/rEqbyt18+8wYOvVoGgnRZ/yJ/UVwYbGJrttYrrQmaJv7b357bkgDJobkIki+zGzi1xkvb85JWEt0mfh38H2vCnpwQtSAIyF/hmrS+1xsD/oAoc83IUhsVYcDhLbBEVKMX2IsJLMAPwCE6GexRYyVE5vEN4PMV9A8VmGuIC3IzkPEbStdtlbP4ttNKtfwS+MrY+ceAABDixls6xpedgT1he44R+7C1p+w4uj4TnYReLVce6+KgfJ6mz8CTXVULLWM4l2H3PylEUyoHGRDpVanGAvm7h2D0HgxErWIkjZkL79GFhzQc1xjzixQ== notting@nostromo.devel.redhat.com
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDAeAohiRJ2v/RO7R9GS93TF92Gc9ixK6HM7wlbMdlZ4yYAbeoEX8VpeNaSTfo/Nw3zazr9VpmpHg+H70K8ljQsPgRwcgpetRVpF55M5FYjqM5oM+N94HV3nSGcnWbSIho1R31DaDH2ptxVqgh2m5DG7Bc45w9Bd4wjfdQ8nBrGv93tuH7X/cee4g6GvexLm5nXhAngdEmiyxw5MHuJAvj+54l4wMXRWpeF6XlI2iamW42nLSfRMCFkGNiXvBm8zkfkeH2L7I2cNKXXoP/cPCd3G/teIsI9FDqYpZ6CS0zMkWhlTuh7rlCjc9+nJsLdDLgwhb75skiUOOfimGvCCxWeHuCsSL+KpCu4AgI9UAVgO6xblDlmbQXxlGopep29U/s00W/0qv3Zp8Ks4Za0xHdoIwHiaLM0OYymFaNDd3ZqFG0FN23ZjcGqUmFGhGfUQRDt72+e9HtXlBJ0mUaCX9+e4wFGTVciG1/5CKsLHCaLRf+knsWXrv2zcv9BoZ9SCAK32zCZw05wjcmr7jYDCTLmtC6kEBNaOeE9Qqi2oomo4ji8ybg+Qq+1BwOtJKExvmZaooBZud0qd24HmCU0/0ysw732jGcqexzxsCR0VArd+7LKexOD7KwMW0VUss6fdOWac9gwCLx9FaKYh8mVvcQjKhKGI3aO2sXRUWSbBJw8w== ricky@alpha.rzhou.org
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAxnzCHH11nDM1m7yvqo6Uanq5vcZjBcs/mr3LccxwJ59ENzSXwUgEQy/P8vby9VKMwsskoaqZcvJdOSZBFhNV970NTPb69OIXPQAl/xhaLwiJOn606fB+/S8WepeuntS0qLiebbEiA9vIQLteZ+bWl1s/didD/sFo3/wItoTGA4GuShUu1AyWJx5Ue7Y34rwGR+kIvDoy2GHUcunn2PjGt4r3v2vpiR8GuK0JRupJAGYbYCiMBDRMkR0cgEyHW6+QQNqMlA6nRJjp94PcUMKaZK6Tc+6h5v8kLLtzuZ6ZupwMMC4X8sh85YcxqoW9DynrvO28pzaMNBHm7qr9LeY9PIhXscSa35GAcGZ7UwPK4aJAAuIzCf8BzazyvUM3Ye7GPCXHxUwY0kdXk+MHMVKFzZDChNp/ovgdhxNrw9Xzcs4yw7XYambN9Bk567cI6/tWcPuYLYD4ZJQP0qSXVzVgFEPss1lDcgd0k4if+pINyxM8eVFZVAqU+BMeDC+6W8HUUPgv6LiyTWs+xTXTuORwBTSF1pOqWB4LjqsCGIiMAc6n/xdALBGUN7qsuKDU6Q7bwPppaxypi4KCvuJsqW+8sDtMUaZ34I5Zo1q7cu03wqnOljUGoAY6IDn3J66F2KlPPyb/q3PDV3WbY/jnH16L29/xUA73nFUW1p+WXutwmSU= ssmoogen@ponyo.int.smoogespace.com
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFZ3AD/I0OfU84IrK573amZptucuBrDxHoue/c+PUsD3MGIA6QXRceq3ZkLuz25OAAu53hFxzCE4d6eVS299rVR8Cd+tVU8aqBdTHzdqv52Vs8zRfXMW69sV7fhwRLaQDcRTwY90Wmz2MbZmN996XmJDNtUIWI2mML+PBYEdO0PyiB2ttb7mmA3SwtC/rwEMJL2YHh+bTzlJ9W4BgFcFwizMXU3mk5uGp2/q3nKzEvgTROM8yWvqdM34cRYpjFKyOlpo6k3SPt76hgDUEIsAu6Ul1S0FHTCRMIihcxZOSN4frMtXVjX0NhW9mKcn1IRBpzd0Yon/gPB8OJ31ojIIop spot@pterodactyl
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDfgKJEBuHFlFc8/IHDeIpdprNnAFQHkicXAFfAzIJSkhUaOJFjsulmgPZn2TJJpYqFAxYUjhWJOdrOwx7AHSg6gWu4TT4a0sTay+Z0eqZOShf5UL/M587DxJk1JZU8g812yDKZMc7Sv7K6zdteONnCvno1kALSg0F2MVMJXFjE/tSontkIRH6IuG19R19NGEj1h56uGwdfe78xjOmv5wk6RZBjaOKqiPSQKNqCKbY9Kyz6yrem2M5uxRK45u3wSPJdmopo8l/nwf0p6ydrUSL5C/aXGh7LPqh31eTBDQUbWHw9LQMk1SibMGQPwJt59lLMlzc5OQZAJEbadsDAgl6VVA6MZkBQROiK9E087kvPesMoGWE0KBgvTqzpBZj0uHATP9i097dv80gjupMyaePsnQOxk0wRho9nRkxRo18Drt3QPVND4YGHzahMe/YR2N83MkbnGoP8K+GsFhLMAp3NKh6yUofFxTgRiB6H8ULKf3CV+hlk0Z9RJR3CpgMTKILYHPlaleJqoP6sXg6tJxI0rUE+0jUKvaTj+N2gX0MjKfUINk5mTbjD2mdVrPtKOBvos2luNhY5nTDpJuAHQqnFHPlPw8l3lXC2VBWOjqfTeeS+qD7ArKe6F7IO5ZNxJ2mTUuodhaPySta1MS37DWoz6UqeJu+wKIsHok90+EU4aAvUABh3RXSQA1E3IaxkooMhhrdIQO6K4L0M+CZ7lP35sW5pnwsN4sFlPec9Xn5e15LTlb9yFlx7Nm4DE2SX1s9QyMRE7z0LNO0X7wiihojuyQM6OQwc+ZaaDw5HerBisX/3LcC9osVLQQg1pt91YcCczUQ08qfUJV6aOD962K+EGzVFQGGauJDzgEH9BHQg7QwCWr0f3mu8/TNBzys2c0YsywDUc3AT1KP6TEJcR/dy6WbhJD3qyO/BLfCzRrHUOIaz+WbwmfTX8tGEQnVV5sEkZ39PWA1hRQ83b3MNV8cRJl+h/FnTk62yM4ZqGu73+x8JiEG3HAJp9/xYfNSwg8++PojJBXe+yM6DrTh5fTnBhxatLEKB658p8jTqJtF4+YD9D8+L39xEns6GQ7FphNqTC6IcpXyqq+zNuzF7vs/T+5n7978dUs3sK6YpBX4BlDxK6MsRF1WYqajEVeBJEMwdX2rfGkN9B5GfWdmdrzBjZQ6yyvlx5Dg++qgxpMiVOXSnw5v7H03PrT1we9wKre/2SQ1A2Oq/UDt/7tR2cMLoaPDNBpFT1W44LJB7o9iDT9YHUG3dC7R8JoeJ5YjyFmxbUQ5xg1oHnrBaPrGCuEYdQWhuDmp9Px2yRu8Agxzr9rNCZ/W8nWJVmvwvlXoldrum2rAECx0wiWqBhQ/+eX65 badger@unaka.lan
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAmS3g5fSXizcCqKMI1n5WPFrfMyu7BMrMkMYyck07rB/cf2orO8kKj5schjILA8NYJFStlv2CGRXmQlendj523FPzPmzxvTP/OT4qdywa4LKGvAxOkRGCMMxWzVFLdEMzsLUE/+FLX+xd1US9UPLGRsbMkdz4ORCc0G8gqTr835H56mQPI+/zPFeQjHoHGYtQA1wnJH/0LCuFFfU82IfzrXzFDIBAA5i2S+eEOk7/SA4Ciek1CthNtqPX27M6UqkJMBmVpnAdeDz2noWMvlzAAUQ7dHL84CiXbUnF3hhYrHDbmD+kEK+KiRrYh3PT+5YfEPVI/xiDJ2fdHGxY7Dr2TQ== root@lockbox01.phx2.fedoraproject.org
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDnI+8JwOdXUO6T7gI6oXHUG4oQJsMsCwEGnRBjU4po93i9g9C5sShgqJMvBI2wzDdgL/xOFJeHuo+WTP6W/oiv8KHEco3wXSI4OlsPanORGn2TajwzEaYlfxJNlQPvmuxFxcrfkPF8cOGa0DRNTLZK7abO3tKfZV7IJyNX3Z0LFZ+VwcJBy1ryg0GonMYkjEreiAgJyGCJ1crnKiRMPSu/QONb0MTytMlJRtc/Lfi/KkT8C/LQ/e3zA5DWo9Ykb79M1k4MmtmE8mIUlWUQ9hagMhCj3/6Uze04H48fpYzDPr6AHU6rqxLTdBGgLCeSIUkE1ReZpAk2E+QAB/fTliydT93ig5i2RDt3YHcAa994C85bc0D+A21u0H/LzR1wbIItx+MpOkZePHevDSe4y8ULx0cUiEHxmTTZ2C6j+1EqaP5PeWEqlU3iXTgiqOzTEwfEaH7nScBpGbFmPnzdgO7xLuKebnvWjGu6d8Jd41KN5dN5WNMJaNEXBl65ySfeQYCCX/JZ5bfvC/07zAKj0/RKOFMyS07rb0rKh3EBcRx/tHgCq0hJ23NwfkShchj7v2Zh+JjgHKBv1+ZiIwnx2/WuYwvKwyqXZ5Jpy+lgxcC7l11w1ZN3tCd66E6NdU8AJIOz0n+trIorsipQBY0In3ZBLUU0PUYwno73e7ZabgcE7Q== patrick-new@fedora.thuis.local
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDep2yv5JTFJ0IdCiqumMFfNdu3H5Ej/rVVDEotS+3n5+1plKvajPXOA9c/0RLrBC/vL8LqDVrxBaiCvPFCIRN9a3Y1ru3Dwg++NmcMEvYq/H3SMHhZsH1yjlCD2r38znpX+D+CBMQnn7F5jqYFAnaMeESrgGGFFANfJN9HdHjb6eIrBGJyUOJ2JnZnhLFT5y7ru2xRMDmgsO3U+crmecYAeX/4iUadUxit36defAniVOA/3Jwva4Gjz73vIDTHNy1mxB8Y2ZBBl9WcL4qHc6wnAyFaiULcT5++Gdjn+MIyL86G/7mIIgC+fcVk/5JrdwMBiAZYMUZO/pzPobOe0spF threebean@marat
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2xAeq5uO72kY4mSFgFl9ZSveiAqe4tUv8hemrxwZH+w24RFOGrW1nOV+hjQhRpYVNwvqJkrd9N7VY/HXkd9df2AgQyYoiVfeMPTA7lB0/e/S1Bd6XGdWudvqRU1O6Rug0j3RQOuz7WDJgnanBVcBl8+X7EaPGpv9aILgh6CJDOVAO2GgaFdzI7CHtR99CMqNG7BsQF8C9Y8ALK+8HOPRE0R1wzgaAw85HTo0gyIWcrZqr4HI/QDuLjUQ6AZSgzE7dTiwZuFnUjLBnL0YP1bxJglt9IFx6r6jvdp/yMD+Bn/91WvmBL/AD+GIQ/ZydoeLo+JQW22ibiX/SzdAE4Cd3 pingou@FedoraProject
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDLVoyChksxZ1T64H8sJ3JjZNwUEIBQ1RKoY3cL1FfntvkvmgluWw/AGKQME49W6iRC6o9IgCRrOPErtd8FtetX1jI7Lkrd5znqRkVUj+FrCyaOq4lCICAYX8q1QC2URlteXiHtoaOWUqHD20c0tQwktCXtBAxfLCQCVjfubvSs7rWRDSyC2diUTCfJGYYLyo41Pr5IyMKg6BMUE/BAURHwTncMXtRMjx8JqxZtMImp4cO5p4QV6BVydn99X/ueHOVE910OrPL46cOsBMV3EIm+Hwr7lAHa7eF6bTv1bsysNPHZZ23TzvEjIB71l2ptlJThm3iECmgRlb4ssllqH2zcnwjSOivnAaalgaHk937At6QlrOdtB2WY6sxklxYG1Uaq0P+IOIRhEOw/6/5mcqBH/G8ebYfwiv5CwJ0EzRZW78y6VOHfUo/XQEetcLMYMS7B1rSaQDMTsfIGTrjBXS5kKn/AEnVYYWbD+wVGC64ShQVhtXzpYEzHTRf2XQwCCnEUF9tSSAt3uuBhlaT5vXXac6rz7qy+4d54xTzxWZnmvgG3pWjaqZ84P8aqz72m6TQR0z1FKVgQkAXvnYunM6BXTzN5Osnr2rz68d4ONUWkldGnDmrIIMo7rxJTeMbCjCqTKMyaTamtAE+Vg3KQldbCOys6HEp+irelZkKdat+VcQ== mobrien@fedoraproject.org

95
files/communishift/haproxy.cfg
View file

@ -1,95 +0,0 @@
# this config needs haproxy-1.1.28 or haproxy-1.2.1
global
log 127.0.0.1 local0 warning
maxconn 4096
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
stats socket /var/run/haproxy-stat user haproxy group nrpe mode 0664
stats socket /var/run/haproxy-admin level admin user root group root mode 0660
#debug
#quiet
defaults
log global
mode tcp
option tcplog
option dontlognull
option httpclose
option redispatch
retries 3
maxconn 5000
timeout connect 5s
timeout client 500s
timeout server 500s
frontend stats-frontend
mode http
option httplog
bind 0.0.0.0:8080
default_backend stats-backend
backend stats-backend
mode http
option httplog
balance hdr(appserver)
stats enable
stats uri /
frontend os-masters-kapi
mode tcp
bind 0.0.0.0:6443
default_backend os-masters-backend-kapi
backend os-masters-backend-kapi
mode tcp
server os-node01.fedorainfracloud.org os-node01.fedorainfracloud.org:6443 weight 1 maxconn 16384 check
server os-node02.fedorainfracloud.org os-node02.fedorainfracloud.org:6443 weight 1 maxconn 16384 check
server os-node09.fedorainfracloud.org os-node09.fedorainfracloud.org:6443 weight 1 maxconn 16384 check
# temp bootstrap node
server os-node11.fedorainfracloud.org os-node11.fedorainfracloud.org:6443 weight 1 maxconn 16384 check
frontend os-masters-machineconfig
mode tcp
bind 0.0.0.0:22623
default_backend os-masters-backend-machineconfig
backend os-masters-backend-machineconfig
mode tcp
server os-node01.fedorainfracloud.org os-node01.fedorainfracloud.org:22623 weight 1 maxconn 16384 check
server os-node02.fedorainfracloud.org os-node02.fedorainfracloud.org:22623 weight 1 maxconn 16384 check
server os-node09.fedorainfracloud.org os-node09.fedorainfracloud.org:22623 weight 1 maxconn 16384 check
# temp bootstrap node
server os-node11.fedorainfracloud.org os-node11.fedorainfracloud.org:22623 weight 1 maxconn 16384 check
frontend os-routers-https
mode tcp
bind 0.0.0.0:443
default_backend os-routers-https
backend os-routers-https
server os-node03.fedorainfracloud.org os-node03.fedorainfracloud.org:443 weight 1 maxconn 16384 check
server os-node04.fedorainfracloud.org os-node04.fedorainfracloud.org:443 weight 1 maxconn 16384 check
server os-node05.fedorainfracloud.org os-node05.fedorainfracloud.org:443 weight 1 maxconn 16384 check
server os-node06.fedorainfracloud.org os-node06.fedorainfracloud.org:443 weight 1 maxconn 16384 check
server os-node07.fedorainfracloud.org os-node07.fedorainfracloud.org:443 weight 1 maxconn 16384 check
server os-node08.fedorainfracloud.org os-node08.fedorainfracloud.org:443 weight 1 maxconn 16384 check
server os-node10.fedorainfracloud.org os-node10.fedorainfracloud.org:443 weight 1 maxconn 16384 check
server os-node11.fedorainfracloud.org os-node11.fedorainfracloud.org:443 weight 1 maxconn 16384 check
frontend os-routers-http
mode tcp
bind 0.0.0.0:80
default_backend os-routers-http
backend os-routers-http
server os-node03.fedorainfracloud.org os-node03.fedorainfracloud.org:80 weight 1 maxconn 16384 check
server os-node04.fedorainfracloud.org os-node04.fedorainfracloud.org:80 weight 1 maxconn 16384 check
server os-node05.fedorainfracloud.org os-node05.fedorainfracloud.org:80 weight 1 maxconn 16384 check
server os-node06.fedorainfracloud.org os-node06.fedorainfracloud.org:80 weight 1 maxconn 16384 check
server os-node07.fedorainfracloud.org os-node07.fedorainfracloud.org:80 weight 1 maxconn 16384 check
server os-node08.fedorainfracloud.org os-node08.fedorainfracloud.org:80 weight 1 maxconn 16384 check
server os-node10.fedorainfracloud.org os-node10.fedorainfracloud.org:80 weight 1 maxconn 16384 check
server os-node11.fedorainfracloud.org os-node11.fedorainfracloud.org:80 weight 1 maxconn 16384 check

28
files/communishift/objects/README.md
View file

@ -1,28 +0,0 @@
Instructions
------------
The files in this directory are the configuration files for communishift to be applied.
For OIDC auth, get the client secret for "communishift" from ansible-private/files/ipsilon/openidc.production.static, and run:
> oc create secret generic fedoraidp-clientsecret --from-literal=clientSecret=<client-secret> -n openshift-config
For certificates, first install [cert-manager](https://docs.cert-manager.io/en/release-0.10/)
NOTE: The 0.11 version is buggy, as is the operator hub '1.0' version. Use 0.10 unless you want
to spend a lot of time debugging.
Next create the Issuer object. You may need to wait a minute or two for the cert-manager install
to complete and have all pods up.
To do this, first create a new access key ID and secret key in AWS for the communishift_acme_dns01 user, and update issuer.yml with the access key ID and then create a secret with the private access key
> oc create -f issuer.yml
> oc -n cert-manager create secret generic route53-access-key-secret --from-literal=access-key=THEACCESSKEY
This gives it the ability to create a TXT record for acmechallenges.fedorainfracloud.org.
To allow certificates for other hostnames, those hostnames need a CNAME of "_acme-challenge.<hostname>" pointing to "acmechallenges.fedorainfracloud.org".
After that, create the two certificate requests for the API server and ingress default cert:
> oc -n openshift-config create -f cert_api.yml
> oc -n openshift-ingress create -f cert_apps.yml
This will start the request of the certificates.
Then run the following commands to update the ingress router (will take affect after its restart) and API server with their new certs:
> oc patch apiserver cluster --type=merge -p '{"spec": {"servingCerts": {"namedCertificates": {"names": "api.os.fedorainfracloud.org"}, "servingCertificate": {"name": "api-certificate"}}}}'
> oc patch ingresscontroller.operator default --type=merge -p '{"spec":{"defaultCertificate": {"name": "apps-certificate"}}}' -n openshift-ingress-operator

15
files/communishift/objects/cert_api.yml
View file

@ -1,15 +0,0 @@
---
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: api-certificate
namespace: openshift-config
spec:
secretName: api-certificate
renewBefore: 360h # 15d
commonName: api.os.fedorainfracloud.org
dnsNames:
- 'api.os.fedorainfracloud.org'
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer

15
files/communishift/objects/cert_apps.yml
View file

@ -1,15 +0,0 @@
---
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: apps-certificate
namespace: openshift-ingress
spec:
secretName: apps-certificate
renewBefore: 360h # 15d
commonName: apps.os.fedorainfracloud.org
dnsNames:
- '*.apps.os.fedorainfracloud.org'
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer

22
files/communishift/objects/issuer.yml
View file

@ -1,22 +0,0 @@
---
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: letsencrypt-production
spec:
acme:
email: admin@fedoraproject.org
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-production-account-key
solvers:
- dns01:
cnameStrategy: Follow
route53:
region: us-east-1
accessKeyID: THEACCESSKEYID
secretAccessKeySecretRef:
namespace: cert-manager
name: route53-access-key-secret
key: access-key
hostedZoneID: Z2MFECC8O90CBA

12
files/communishift/objects/machineconfigs/README.md
View file

@ -1,12 +0,0 @@
MachineConfig files
-------------------
The files in this directory are used as machineconfig files for communishift.
Note that they're template files: some changes will need to be made before "oc create -f".
Specifically:
- The templates have two "DOBOTH" replacements. You want to create the file twice,
once with both DOBOTH cases replaced with "master" and once replaced with "worker".
- The mc_firewall.yml.template has a bit FILL_IN_HERE. Run "./to_data.sh firewall.sh",
and copy the output from that script into the FILL_IN_HERE bit in the MC.
Then run that MC twice as per the previous point (master and worker).

10
files/communishift/objects/machineconfigs/firewall.sh
View file

@ -1,10 +0,0 @@
set -xe
iptables -N fedora-block-ports
iptables -A fedora-block-ports -p tcp --dport 111 -j REJECT
iptables -A fedora-block-ports -p udp --dport 111 -j REJECT
iptables -A fedora-block-ports -p tcp --dport 22623 --src 38.145.48.42 -j ACCEPT
iptables -A fedora-block-ports -p tcp --dport 22623 --src 38.145.48.43 -j ACCEPT
iptables -A fedora-block-ports -p tcp --dport 22623 -j REJECT
iptables -I INPUT 1 -j fedora-block-ports

19
files/communishift/objects/machineconfigs/mc_chrony.yml.template
View file

@ -1,19 +0,0 @@
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
generation: 1
name: 50-chrony-DOBOTH
labels:
machineconfiguration.openshift.io/role: DOBOTH
spec:
config:
ignition:
version: "2.2.0"
storage:
files:
- contents:
source: "data:,server%20cloud-noc01.fedorainfracloud.org%20port%20124"
verification: {}
filesystem: root
mode: 0644
path: /etc/chrony.conf

32
files/communishift/objects/machineconfigs/mc_firewall.yml.template
View file

@ -1,32 +0,0 @@
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
generation: 1
name: 40-firewall-DOBOTH
labels:
machineconfiguration.openshift.io/role: DOBOTH
spec:
config:
ignition:
version: "2.2.0"
storage:
files:
- path: /etc/fedora_firewall.sh
mode: 0755
filesystem: root
contents:
source: "FILL_IN_HERE"
systemd:
units:
- name: "fedora_firewall.service"
enabled: true
contents: |-
[Unit]
Descrption=Block firewall ports for Fedora
[Service]
Type=oneshot
ExecStart=bash /etc/fedora_firewall.sh
[Install]
WantedBy=multi-user.target

4
files/communishift/objects/machineconfigs/to_data.sh
View file

@ -1,4 +0,0 @@
#!/bin/bash
echo -n "data:,"
cat $1 | tr '\n' '*' | sed -e 's/*/%0A/g' | sed -e 's/ /%20/g'
echo

27
files/communishift/objects/oidc_cm.yml
View file

@ -1,27 +0,0 @@
---
apiVersion: config.openshift.io/v1
kind: OAuth
metadata:
name: cluster
spec:
identityProviders:
- name: fedoraidp
login: true
challenge: false
mappingMethod: claim
type: OpenID
openID:
clientID: communishift
clientSecret:
name: fedoraidp-clientsecret
extraScopes:
- email
- profile
claims:
preferredUsername:
- nickname
name:
- name
email:
- email
issuer: https://id.fedoraproject.org

10
files/debuginfod/debuginfod.service.d
View file

@ -1,10 +0,0 @@
[Service]
TasksMax=40
CPUAccounting=yes
IOAccounting=yes
IPAccounting=yes
BlockIOAccounting=yes
MemoryAccounting=yes
TasksAccounting=yes
ConditionPathExists=/mnt/fedora_koji_prod/koji/packages

18
files/debuginfod/sysconfig.debuginfod
View file

@ -1,18 +0,0 @@
#
DEBUGINFOD_PORT="8002"
#DEBUGINFOD_VERBOSE="-vv"
DEBUGINFOD_PATHS="--cors --fdcache-mintmp=15 --fdcache-mbs=100000 --fdcache-prefetch-fds=1024 -t43200 -g604800 -C20 -c6 -vv -r --koji-sigcache -R /mnt/fedora_koji_prod/koji/packages -X /data/ -I \.(module_f|fc)(35|36|37|38|39|4.)[.+].*\.rpm"
# to age old fedoras, change the -I regex
# prefer reliability/durability over performance
#DEBUGINFOD_PRAGMAS="-D 'pragma synchronous=full;'"
# upstream debuginfods
#DEBUGINFOD_URLS="http://secondhost:8002 http://thirdhost:8002"
#DEBUGINFOD_TIMEOUT="5"
#DEBUGINFOD_CACHE_DIR=""
# Don't use tmpfs /tmp on scarce-RAM machine.
TMPDIR=/var/tmp

2
files/download/download-sync.cron
View file

@ -1,4 +1,4 @@
# run twice daily rsync of download. but lock it
MAILTO=root@fedoraproject.org
MAILTO=smooge@gmail.com,root@fedoraproject.org
00 11,23 * * * root /usr/local/bin/lock-wrapper sync-up-downloads "/usr/local/bin/sync-up-downloads"

5
files/download/download-sync.cron.cc-rdu01
View file

@ -1,5 +0,0 @@
# Run quick mirror fedora every 10minutes
MAILTO=root@fedoraproject.org
*/10 * * * * root flock -n -E0 /tmp/download-sync -c '/root/quick-fedora-mirror/quick-fedora-mirror -c /root/quick-fedora-mirror.conf'
## Need to run this to keep centos mirror up to date.
00 1,7,13,19 * * * root /usr/local/bin/lock-wrapper sync-up-downloads "/usr/local/bin/sync-up-centos"

2
files/download/download-sync.cron.ib01
View file

@ -1,4 +1,2 @@
# Run quick mirror fedora every 10minutes
*/10 * * * * root flock -n -E0 /tmp/download-sync -c '/root/quick-fedora-mirror/quick-fedora-mirror -c /root/quick-fedora-mirror/quick-fedora-mirror.conf'
## Need to run this to keep centos mirror up to date.
00 1,7,13,19 * * * root /usr/local/bin/lock-wrapper sync-up-downloads "/usr/local/bin/sync-up-centos"

28
files/download/sync-up-centos.sh.cc-rdu01
View file

@ -1,28 +0,0 @@
#!/bin/bash
##
## This script is used to sync data from main download servers to
## secondary server at RDU community cage.
##
RSYNC='/usr/bin/rsync'
RS_OPT="-avSHP --numeric-ids --log-file=/var/log/rsync-update.log"
RS_DEADLY="--delete --delete-excluded --delete-delay --delay-updates"
EPL_EXCLUDES=""
FED_EXCLUDES=""
# CentOS
${RSYNC} ${RS_OPT} ${RS_DEADLY} master-1.centos.org::CentOS-community-cage/centos/ /srv/centos/ | tail -n2 | logger -p local0.notice -t rsync_centos
if [[ $? -ne 0 ]]; then
echo "Unable to finish sync to CentOS"
fi
# CentOS-altarch
${RSYNC} ${RS_OPT} ${RS_DEADLY} master-1.centos.org::CentOS-community-cage/altarch/ /srv/centos-altarch/ | tail -n2 | logger -p local0.notice -t rsync_centos_alt
if [[ $? -ne 0 ]]; then
echo "Unable to finish sync to CentOS-altarch"
fi
${RSYNC} ${RS_OPT} ${RS_DEADLY} rsync.stream.centos.org::CentOS-Stream-All/ /srv/centos-stream/ | tail -n2 | logger -p local0.notice -t rsync_centos_stream
if [[ $? -ne 0 ]]; then
echo "Unable to finish sync to CentOS-stream"
fi

28
files/download/sync-up-centos.sh.ib01
View file

@ -1,28 +0,0 @@
#!/bin/bash
##
## This script is used to sync data from main download servers to
## secondary server at ibiblio.
##
RSYNC='/usr/bin/rsync'
RS_OPT="-avSHP --numeric-ids --log-file=/var/log/rsync-update.log"
RS_DEADLY="--delete --delete-excluded --delete-delay --delay-updates"
EPL_EXCLUDES=""
FED_EXCLUDES=""
# CentOS
${RSYNC} ${RS_OPT} ${RS_DEADLY} download-cc-rdu01.fedoraproject.org::centos/ /srv/centos/ | tail -n2 | logger -p local0.notice -t rsync_centos
if [[ $? -ne 0 ]]; then
echo "Unable to finish sync to CentOS"
fi
# CentOS-altarch
${RSYNC} ${RS_OPT} ${RS_DEADLY} download-cc-rdu01.fedoraproject.org::centos-altarch/ /srv/centos-altarch/ | tail -n2 | logger -p local0.notice -t rsync_centos_alt
if [[ $? -ne 0 ]]; then
echo "Unable to finish sync to CentOS-altarch"
fi
${RSYNC} ${RS_OPT} ${RS_DEADLY} rsync.stream.centos.org::CentOS-Stream-All/ /srv/centos-stream/ | tail -n2 | logger -p local0.notice -t rsync_centos_stream
if [[ $? -ne 0 ]]; then
echo "Unable to finish sync to CentOS-stream"
fi

35
files/download/sync-up-downloads.sh.cc-rdu01
View file

@ -1,35 +0,0 @@
#!/bin/bash
##
## This script is used to sync data from main download servers to
## secondary server at RDU community cage.
##
RSYNC='/usr/bin/rsync'
RS_OPT="-avSHP --numeric-ids --log-file=/var/log/rsync-update.log"
RS_DEADLY="--delete --delete-excluded --delete-delay --delay-updates"
EPL_EXCLUDES=""
FED_EXCLUDES=""
SERVER=download-ib01.fedoraproject.org
# http://dl.fedoraproject.org/pub/epel/
${RSYNC} ${RS_OPT} ${RS_DEADLY} ${EPL_EXCLUDES} ${SERVER}::fedora-epel/ /srv/pub/epel/ | tail -n2 | logger -p local0.notice -t rsync_updates_epel
if [[ $? -ne 0 ]]; then
echo "Unable to finish sync to epel"
fi
# http://dl.fedoraproject.org/pub/fedora/
${RSYNC} ${RS_OPT} ${RS_DEADLY} ${FED_EXCLUDES} ${SERVER}::fedora-enchilada0/ /srv/pub/fedora/ | tail -n2 | logger -p local0.notice -t rsync_updates_fedora
if [[ $? -ne 0 ]]; then
echo "Unable to finish sync to fedora"
fi
# http://dl.fedoraproject.org/pub/fedora-secondary/
${RSYNC} ${RS_OPT} ${RS_DEADLY} ${FED_EXCLUDES} ${SERVER}::fedora-secondary0/ /srv/pub/fedora-secondary/ | tail -n2 | logger -p local0.notice -t rsync_updates_fedora_2nd
if [[ $? -ne 0 ]]; then
echo "Unable to finish sync to fedora-secondary"
fi
# Let MM know I'm all up to date
#/usr/bin/report_mirror

4
files/download/sync-up-downloads.sh.ib01
View file

@ -6,7 +6,7 @@
##
RSYNC='/usr/bin/rsync'
RS_OPT="-avSHP --numeric-ids"
RS_OPT="-avSHP --numeric-ids "
RS_DEADLY="--delete --delete-excluded --delete-delay --delay-updates"
ALT_EXCLUDES=""
EPL_EXCLUDES=""
@ -55,12 +55,12 @@ function sync_stuff() {
fi
}
sync_stuff ${DATE_EPEL} rsync_epel fedora-epel0 /srv/pub/epel/ "-e"
sync_stuff ${DATE_FED} rsync_fedora fedora-enchilada0 /srv/pub/fedora/ "-f"
sync_stuff ${DATE_ARCHIVE} rsync_archive fedora-archive0 /srv/pub/archive/ "-f"
sync_stuff ${DATE_ALT} rsync_alt fedora-alt0 /srv/pub/alt/ "-f"
sync_stuff ${DATE_SECOND} rsync_second fedora-secondary0 /srv/pub/fedora-secondary/ "-f"
# Let MM know I'm all up to date
#/usr/bin/report_mirror

23
files/fedora-cloud/fed-cloud09.pem Normal file
View file

@ -0,0 +1,23 @@
-----BEGIN CERTIFICATE-----
MIID2DCCAsACCQCxRWmzwjSj6TANBgkqhkiG9w0BAQUFADCBrTELMAkGA1UEBhMC
VVMxCzAJBgNVBAgMAk5NMRAwDgYDVQQHDAdSYWxlaWdoMRAwDgYDVQQKDAdSZWQg
SGF0MRcwFQYDVQQLDA5GZWRvcmEgUHJvamVjdDEsMCoGA1UEAwwjZmVkLWNsb3Vk
MDkuY2xvdWQuZmVkb3JhcHJvamVjdC5vcmcxJjAkBgkqhkiG9w0BCQEWF2FkbWlu
QGZlZG9yYXByb2plY3Qub3JnMB4XDTE0MDkxODEwMjMxMloXDTE1MDkxODEwMjMx
Mlowga0xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOTTEQMA4GA1UEBwwHUmFsZWln
aDEQMA4GA1UECgwHUmVkIEhhdDEXMBUGA1UECwwORmVkb3JhIFByb2plY3QxLDAq
BgNVBAMMI2ZlZC1jbG91ZDA5LmNsb3VkLmZlZG9yYXByb2plY3Qub3JnMSYwJAYJ
KoZIhvcNAQkBFhdhZG1pbkBmZWRvcmFwcm9qZWN0Lm9yZzCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALFOYDRhow6sEyCvm4jNlIAxs9vYDF07q3sEHzVj
zXy0NNlUgZPRCijWFyHRDwy383f7ZtRlqVCGXxm4l8ltQUU+jmXcnIY1xY2A1TPv
nWv+f1dGSv+SfWGAjqgwyajr6wyPAOnpwui2v03/xalAx6Xl7padfdlAEsNjAvNb
5uZkW7DLlDu3jSIroDSKsJUQW9kc1elT90W0mNgw3MpFA5zdj0QRxi2JpBth6PeT
CewN4r7QZ5cP4EzfHMLKT21kJzm+j5jlaQEak4yKWDEeLh4+RxgTnmss4zYKTUit
7H+j9KaxqVsneB8Sg7EtVnXafYLrSlr9fwOV5DWklLzvjBMCAwEAATANBgkqhkiG
9w0BAQUFAAOCAQEAHToeNGFaGlybHICw1ncLCmdu6vikPPn/UShfS25U54Q9eIMn
zqlhbbEyzuF4wKjV35W0BORWKJ+hQ2vpfk21jUMVOsdl7IMEXtIWotfO17ufWM28
zhwcPAlrs/Pr5dF7ihbOGKAHhEYVopSH8OTFayAQKWWKGv52lZsgwfrnDDu0TjIo
zmhCEmOWZf+CeEWT/AP7BJ6g4Apz9grUmaRvaQGft5y5sGC8tsV0im/C9WaMfVhF
wemG2KcOuKJDXtvd7DHNBoHcDrB1cN1i0uKhj0nxXsXpeag9Xh4BmkgHMU8rnegK
q7hOy15qVU/lOBZUtfx69aYHPpOGJ7Jc1xFIiQ==
-----END CERTIFICATE-----

2
files/fedora-cloud/fed09-ssh-key.pub Normal file
View file

@ -0,0 +1,2 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCv8WqXOuL78Rd7ZvDqoi84M7uRV3uueXTXtvlPdyNQBzIBmxh+spw9IhtoR+FlzgQQ1MN4B7YVLTGki6QDxWDM5jgTVfzxTh/HTg7kJ31HbM1/jDuBK7HMfay2BGx/HCqS2oxIBgIBwIMQAU93jBZUxNyYWvO+5TiU35IHEkYOtHyGYtTtuGCopYRQoAAOIVIIzzDbPvopojCBF5cMYglR/G02YgWM7hMpQ9IqEttLctLmpg6ckcp/sDTHV/8CbXbrSN6pOYxn1YutOgC9MHNmxC1joMH18qkwvSnzXaeVNh4PBWnm1f3KVTSZXKuewPThc3fk2sozgM9BH6KmZoKl

1
files/fedora-cloud/fed_cloud09_nova_public_key Normal file
View file

@ -0,0 +1 @@
{{fed_cloud09_nova_public_key}}

1
files/fedora-cloud/fedora-admin-20130801.pub Normal file
View file

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1sBKROSJ3rzI0IlBkM926Dvpiw3a4wYSys0ZeKRohWZg369ilZkUkRhsy0g4JU85lt6rxf5JLwURF+fWBEohauF1Uvklc25LdZpRS3IBQPaXvWeM8lygQQomFc0Df6iUbCYFWnEWMjKd7FGYX3DgOZLnG8tV2vX7jFjqitsh5LRAbmghUBRarw/ix4CFx7+VIeKCBkAybviQIW828N1IqJC6/e7v6/QStpblYpCFPqMflXhQ/KS2D043Yy/uUjmOjMWwOMFS6Qk+py1C0mDU0TUptFYwDP5o9IK/c5HaccmOl2IyUPB1/RCtTfOn6wXPRTMUU+5w+TcPH6MPvvuiSQ== root@lockbox01.phx2.fedoraproject.org

135
files/fedora-cloud/haproxy.cfg Normal file
View file

@ -0,0 +1,135 @@
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
tune.ssl.default-dh-param 1024
ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#frontend keystone_public *:5000
# default_backend keystone_public
#frontend keystone_admin *:35357
# default_backend keystone_admin
frontend neutron
bind 0.0.0.0:9696 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/fedorainfracloud.org.combined
default_backend neutron
# HSTS (15768000 seconds = 6 months)
rspadd Strict-Transport-Security:\ max-age=15768000
frontend cinder
bind 0.0.0.0:8776 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/fedorainfracloud.org.combined
default_backend cinder
# HSTS (15768000 seconds = 6 months)
rspadd Strict-Transport-Security:\ max-age=15768000
frontend swift
bind 0.0.0.0:8080 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/fedorainfracloud.org.combined
default_backend swift
# HSTS (15768000 seconds = 6 months)
rspadd Strict-Transport-Security:\ max-age=15768000
frontend nova
bind 0.0.0.0:8774 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/fedorainfracloud.org.combined
default_backend nova
# HSTS (15768000 seconds = 6 months)
rspadd Strict-Transport-Security:\ max-age=15768000
frontend ceilometer
bind 0.0.0.0:8777 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/fedorainfracloud.org.combined
default_backend ceilometer
# HSTS (15768000 seconds = 6 months)
rspadd Strict-Transport-Security:\ max-age=15768000
frontend ec2
bind 0.0.0.0:8773 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/fedorainfracloud.org.combined
default_backend ec2
# HSTS (15768000 seconds = 6 months)
rspadd Strict-Transport-Security:\ max-age=15768000
frontend glance
bind 0.0.0.0:9292 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/fedorainfracloud.org.combined
default_backend glance
# HSTS (15768000 seconds = 6 months)
rspadd Strict-Transport-Security:\ max-age=15768000
backend neutron
server neutron 127.0.0.1:8696 check
backend cinder
server cinder 127.0.0.1:6776 check
backend swift
server swift 127.0.0.1:7080 check
backend nova
server nova 127.0.0.1:6774 check
backend ceilometer
server ceilometer 127.0.0.1:6777 check
backend ec2
server ec2 127.0.0.1:6773 check
backend glance
server glance 127.0.0.1:7292 check
backend keystone_public
server keystone_public 127.0.0.1:5000 check
backend keystone_admin
server keystone_admin 127.0.0.1:35357 check

24
files/fedora-cloud/hosts Normal file
View file

@ -0,0 +1,24 @@
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
# http://docs.openstack.org/icehouse/install-guide/install/yum/content/basics-neutron-networking-controller-node.html
# controller
{{ controller_public_ip }} controller
# network
{{ network_public_ip }} network
# compute1
{{ compute1_private_ip }} fed-cloud10.cloud.fedoraproject.org
{{ compute2_private_ip }} fed-cloud11.cloud.fedoraproject.org
{{ compute3_private_ip }} fed-cloud12.cloud.fedoraproject.org
{{ compute4_private_ip }} fed-cloud13.cloud.fedoraproject.org
{{ compute5_private_ip }} fed-cloud14.cloud.fedoraproject.org
{{ compute6_private_ip }} fed-cloud15.cloud.fedoraproject.org
#
# This is needed for 2fa to work correctly.
#
209.132.181.6 infrastructure infrastructure.fedoraproject.org
209.132.181.32 fas-all.phx2.fedoraproject.org
{{ controller_private_ip }} fed-cloud09.cloud.fedoraproject.org fedorainfracloud.org

9
files/fedora-cloud/ifcfg-br-ex Normal file
View file

@ -0,0 +1,9 @@
DEVICE=br-ex
DEVICETYPE=ovs
TYPE=OVSBridge
BOOTPROTO=static
IPADDR={{ network_public_ip }}
NETMASK={{ public_netmask }} # your netmask
GATEWAY={{ public_gateway_ip }} # your gateway
DNS1={{ public_dns }} # your nameserver
ONBOOT=yes

8
files/fedora-cloud/ifcfg-eth0 Normal file
View file

@ -0,0 +1,8 @@
DEVICE="eth0"
NAME="eth0"
ONBOOT=yes
BOOTPROTO=none
HWADDR="f0:1f:af:e3:5f:0c"
DEVICETYPE=ovs
TYPE=OVSPort
OVS_BRIDGE=br-ex

5
files/fedora-cloud/keystonerc_msuchy Normal file
View file

@ -0,0 +1,5 @@
export OS_USERNAME=msuchy
export OS_TENANT_NAME=copr
export OS_PASSWORD=TBD
export OS_AUTH_URL=http://209.132.184.9:5000/v2.0/
export PS1='[\u@\h \W(keystone_msuchy)]\$ '

4
files/fedora-cloud/my.cnf Normal file
View file

@ -0,0 +1,4 @@
[client]
host=localhost
user=root
password={{ DBPASSWORD }}

Some files were not shown because too many files have changed in this diff Show more