From 061ae15638b2e8f760daf688d61b6b87c7619ddf Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 30 May 2018 18:42:05 +0000 Subject: [PATCH] Fare thee well s390x alternative arch. We are now one big happy single koji family. Also, no need for secondary sigul anymore. --- inventory/builders | 4 - inventory/group_vars/buildvm-s390 | 17 ---- inventory/group_vars/nagios | 1 - inventory/group_vars/releng-secondary | 33 ------- inventory/hardware | 1 - .../buildvm-s390-01.s390.fedoraproject.org | 19 ---- .../compose-s390-01.s390.fedoraproject.org | 24 ----- .../db-s390-koji01.s390.fedoraproject.org | 44 --------- .../s390-koji01.s390.fedoraproject.org | 32 ------- .../secondary-bridge01.phx2.fedoraproject.org | 13 --- .../secondary-vault01.phx2.fedoraproject.org | 13 --- .../virthost-s390.qa.fedoraproject.org | 3 - inventory/inventory | 9 -- playbooks/groups/buildvm.yml | 4 +- playbooks/groups/postgresql-server.yml | 4 +- playbooks/groups/releng-compose.yml | 2 +- roles/koji_hub/tasks/main.yml | 90 ------------------- roles/koji_hub/templates/hub.conf.j2 | 33 ------- roles/koji_hub/templates/kojihub.conf.j2 | 18 +--- roles/koji_hub/templates/kojiweb.conf.j2 | 36 -------- roles/koji_hub/templates/web.conf.j2 | 9 -- 21 files changed, 6 insertions(+), 403 deletions(-) delete mode 100644 inventory/group_vars/buildvm-s390 delete mode 100644 inventory/group_vars/releng-secondary delete mode 100644 inventory/host_vars/buildvm-s390-01.s390.fedoraproject.org delete mode 100644 inventory/host_vars/compose-s390-01.s390.fedoraproject.org delete mode 100644 inventory/host_vars/db-s390-koji01.s390.fedoraproject.org delete mode 100644 inventory/host_vars/s390-koji01.s390.fedoraproject.org delete mode 100644 inventory/host_vars/secondary-bridge01.phx2.fedoraproject.org delete mode 100644 inventory/host_vars/secondary-vault01.phx2.fedoraproject.org delete mode 100644 inventory/host_vars/virthost-s390.qa.fedoraproject.org diff --git a/inventory/builders b/inventory/builders index 3917821907..bf07375374 100644 --- a/inventory/builders +++ b/inventory/builders @@ -106,9 +106,6 @@ buildvm-armv7-22.arm.fedoraproject.org buildvm-armv7-23.arm.fedoraproject.org buildvm-armv7-24.arm.fedoraproject.org -[buildvm-s390] -buildvm-s390-01.s390.fedoraproject.org - [buildvm-s390x] buildvm-s390x-01.s390.fedoraproject.org buildvm-s390x-02.s390.fedoraproject.org @@ -302,7 +299,6 @@ buildvm-aarch64 buildvm-armv7 buildvm-ppc64 buildvm-ppc64le -buildvm-s390 buildvm-s390x bkernel diff --git a/inventory/group_vars/buildvm-s390 b/inventory/group_vars/buildvm-s390 deleted file mode 100644 index d567561ad9..0000000000 --- a/inventory/group_vars/buildvm-s390 +++ /dev/null @@ -1,17 +0,0 @@ ---- -# common items for the buildvm-s390* koji builders -host_group: kojibuilder -fas_client_groups: sysadmin-releng,sysadmin-secondary -sudoers: "{{ private }}/files/sudo/00releng-sudoers" - -koji_hub_nfs: "fedora_s390/data" -koji_server_url: "https://s390.koji.fedoraproject.org/kojihub" -koji_weburl: "https://s390.koji.fedoraproject.org/koji" -koji_topurl: "https://s390pkgs.fedoraproject.org/" - -# These variables are for koji-containerbuild/osbs -osbs_url: "osbs.fedoraproject.org" -docker_registry: "candidate-registry.fedoraproject.org" -source_registry: "registry.fedoraproject.org" -koji_root: "koji.fedoraproject.org/koji" -koji_hub: "koji.fedoraproject.org/kojihub" diff --git a/inventory/group_vars/nagios b/inventory/group_vars/nagios index 11829fbc57..9bd391c983 100644 --- a/inventory/group_vars/nagios +++ b/inventory/group_vars/nagios @@ -108,7 +108,6 @@ phx2_management_hosts: - vhcloud01.mgmt.fedoraproject.org - virthost-comm03.mgmt.fedoraproject.org - virthost-comm04.mgmt.fedoraproject.org - - virthost-s390.mgmt.fedoraproject.org - virthost01-stg.mgmt.fedoraproject.org - virthost02.mgmt.fedoraproject.org - virthost03.mgmt.fedoraproject.org diff --git a/inventory/group_vars/releng-secondary b/inventory/group_vars/releng-secondary deleted file mode 100644 index 251b93a40e..0000000000 --- a/inventory/group_vars/releng-secondary +++ /dev/null @@ -1,33 +0,0 @@ ---- -# common items for the releng-* boxes -lvm_size: 100000 -mem_size: 8196 -max_mem_size: "{{ mem_size }}" -num_cpus: 16 -nm: 255.255.255.0 -dns: 10.5.126.21 - -# With 16 cpus, theres a bunch more kernel threads -nrpe_procs_warn: 900 -nrpe_procs_crit: 1000 - -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" - -fas_client_groups: sysadmin-releng,sysadmin-secondary,sysadmin-noc,sysadmin-veteran -sudoers: "{{ private }}/files/sudo/00releng-sudoers" - -host_group: releng - -fedmsg_certs: -- service: releng - owner: root - group: sysadmin-releng - can_send: - # pungi-koji stuff (ask dgilmore) - - pungi.compose.phase.start - - pungi.compose.phase.stop - - pungi.compose.status.change - - pungi.compose.createiso.targets - - pungi.compose.createiso.imagefail - - pungi.compose.createiso.imagedone - diff --git a/inventory/hardware b/inventory/hardware index 8ed052bf2b..6d02c02401 100644 --- a/inventory/hardware +++ b/inventory/hardware @@ -40,7 +40,6 @@ fed-cloud12.cloud.fedoraproject.org fed-cloud13.cloud.fedoraproject.org fed-cloud14.cloud.fedoraproject.org fed-cloud15.cloud.fedoraproject.org -virthost-s390.s390.fedoraproject.org osuosl03.fedoraproject.org # ssh often disabled #autosign01.phx2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-s390-01.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390-01.s390.fedoraproject.org deleted file mode 100644 index cfca08f267..0000000000 --- a/inventory/host_vars/buildvm-s390-01.s390.fedoraproject.org +++ /dev/null @@ -1,19 +0,0 @@ ---- -vmhost: virthost-s390.s390.fedoraproject.org -eth0_ip: 10.5.129.81 -nm: 255.255.255.0 -gw: 10.5.129.254 -dns: 10.5.126.21 -main_bridge: br0 - -# common items for the buildvm-* koji builders -volgroup: /dev/vg_guests -lvm_size: 150000 -mem_size: 10240 -max_mem_size: "{{ mem_size }}" -num_cpus: 4 -ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-25 -ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Everything/x86_64/os/ - -virt_install_command: "{{ virt_install_command_one_nic }}" -sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers" diff --git a/inventory/host_vars/compose-s390-01.s390.fedoraproject.org b/inventory/host_vars/compose-s390-01.s390.fedoraproject.org deleted file mode 100644 index 75297acabf..0000000000 --- a/inventory/host_vars/compose-s390-01.s390.fedoraproject.org +++ /dev/null @@ -1,24 +0,0 @@ ---- -vmhost: virthost-s390.s390.fedoraproject.org -volgroup: /dev/vg_guests -ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25 -ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Everything/x86_64/os/ -virt_install_command: "{{ virt_install_command_one_nic }}" - -eth0_ip: 10.5.129.16 -nm: 255.255.255.0 -gw: 10.5.129.254 -dns: 10.5.126.21 -main_bridge: br0 - -koji_hub_nfs: "fedora_s390/data" - -kojipkgs_url: s390pkgs.fedoraproject.org -kojihub_url: s390.koji.fedoraproject.org/kojihub -kojihub_scheme: https - -koji_server_url: "https://s390.koji.fedoraproject.org/kojihub" -koji_weburl: "https://s390.koji.fedoraproject.org/koji" -koji_topurl: "https://s390pkgs.fedoraproject.org/" - -sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers" diff --git a/inventory/host_vars/db-s390-koji01.s390.fedoraproject.org b/inventory/host_vars/db-s390-koji01.s390.fedoraproject.org deleted file mode 100644 index 13f425037f..0000000000 --- a/inventory/host_vars/db-s390-koji01.s390.fedoraproject.org +++ /dev/null @@ -1,44 +0,0 @@ ---- -nm: 255.255.255.0 -gw: 10.5.129.254 -dns: 10.5.126.21 -volgroup: /dev/vg_guests -eth0_ip: 10.5.129.181 -vmhost: virthost-s390.s390.fedoraproject.org -datacenter: phx2 - -ks_url: http://infrastructure.phx2.fedoraproject.org/repo/rhel/ks/kvm-rhel-7 -ks_repo: http://infrastructure.phx2.fedoraproject.org/repo/rhel/RHEL7-x86_64/ - -# This is a generic list, monitored by collectd -databases: -- koji - -# This is a more strict list, to be made publicly available -dbs_to_backup: -- koji - -# These are normally group variables, but in this case db servers are often different -lvm_size: 500000 -mem_size: 25165 -num_cpus: 12 -fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-secondary,sysadmin-veteran -sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers" - -# kernel SHMMAX value -kernel_shmmax: 68719476736 - -# -# Only allow postgresql access from the frontend node. -# -custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.129.180 --dport 5432 -j ACCEPT' ] - -# -# Large updates pushes cause lots of db threads doing the tag moves, so up this from default. -# -nrpe_procs_warn: 600 -nrpe_procs_crit: 700 - -db_backup_dir: ['/backups'] -shared_buffers: "6GB" -effective_cache_size: "18GB" diff --git a/inventory/host_vars/s390-koji01.s390.fedoraproject.org b/inventory/host_vars/s390-koji01.s390.fedoraproject.org deleted file mode 100644 index 628121476e..0000000000 --- a/inventory/host_vars/s390-koji01.s390.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -nm: 255.255.255.0 -gw: 10.5.129.254 -dns: 10.5.126.21 -ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 -ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ -volgroup: /dev/vg_guests -eth0_ip: 10.5.129.180 -eth0_nm: 255.255.255.0 -vmhost: virthost-s390.s390.fedoraproject.org -datacenter: phx2 -nrpe_procs_warn: 900 -nrpe_procs_crit: 1000 - -fas_client_groups: sysadmin-releng,sysadmin-secondary -sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers" - -fedmsg_fqdn: s390-koji01.qa.fedoraproject.org - -# -# define this here because s390 koji only needs eth0, not eth1 also -# -virt_install_command: "{{ virt_install_command_one_nic }}" - -koji_topurl: "https://s390pkgs.fedoraproject.org/" -koji_server_url: "https://s390.koji.fedoraproject.org/kojihub" -koji_weburl: "https://s390.koji.fedoraproject.org/koji" - -fedmsg_koji_instance: s390 - -# Set this to use the qa domain resolv.conf to make sure it can talk to it's db -resolvconf: resolv.conf/qa diff --git a/inventory/host_vars/secondary-bridge01.phx2.fedoraproject.org b/inventory/host_vars/secondary-bridge01.phx2.fedoraproject.org deleted file mode 100644 index 647916c807..0000000000 --- a/inventory/host_vars/secondary-bridge01.phx2.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -nm: 255.255.255.0 -gw: 10.5.129.254 -dns: 10.5.126.21 - -ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 -ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ -volgroup: /dev/VirtGuests -vmhost: virthost-comm03.qa.fedoraproject.org -datacenter: phx2 - -eth0_ip: 10.5.129.248 -eth0_nm: 255.255.255.0 diff --git a/inventory/host_vars/secondary-vault01.phx2.fedoraproject.org b/inventory/host_vars/secondary-vault01.phx2.fedoraproject.org deleted file mode 100644 index 801d99e7a4..0000000000 --- a/inventory/host_vars/secondary-vault01.phx2.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -nm: 255.255.255.0 -gw: 10.5.129.254 -dns: 10.5.126.21 - -ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 -ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ -volgroup: /dev/vg_guests -vmhost: virthost-comm04.qa.fedoraproject.org -datacenter: phx2 - -eth0_ip: 10.5.129.249 -eth0_nm: 255.255.255.0 diff --git a/inventory/host_vars/virthost-s390.qa.fedoraproject.org b/inventory/host_vars/virthost-s390.qa.fedoraproject.org deleted file mode 100644 index 9342178f79..0000000000 --- a/inventory/host_vars/virthost-s390.qa.fedoraproject.org +++ /dev/null @@ -1,3 +0,0 @@ ---- -# This virthost only has non release critical instances, so it doesn't freeze -freezes: false diff --git a/inventory/inventory b/inventory/inventory index 5aa446a4fd..fe182ffc3a 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -27,9 +27,6 @@ branched-composer.phx2.fedoraproject.org rawhide-composer.phx2.fedoraproject.org compose-iot-01.phx2.fedoraproject.org -[releng-secondary] -compose-s390-01.s390.fedoraproject.org - [releng-stg] composer.stg.phx2.fedoraproject.org @@ -243,14 +240,12 @@ bodhi-backend01.stg.phx2.fedoraproject.org [sign-bridge] sign-bridge01.phx2.fedoraproject.org sign-bridge01.stg.phx2.fedoraproject.org -secondary-bridge01.phx2.fedoraproject.org # # sign vault servers don't listen to ssh by default. # [sign-vault] #sign-vault03.phx2.fedoraproject.org #sign-vault04.phx2.fedoraproject.org -#secondary-vault01.phx2.fedoraproject.org #sign-vault01.stg.phx2.fedoraproject.org [autocloud-web] @@ -293,7 +288,6 @@ db03.phx2.fedoraproject.org db-fas01.phx2.fedoraproject.org db-datanommer02.phx2.fedoraproject.org db-koji01.phx2.fedoraproject.org -db-s390-koji01.s390.fedoraproject.org db-qa01.qa.fedoraproject.org db-qa02.qa.fedoraproject.org @@ -390,7 +384,6 @@ keys01.fedoraproject.org [koji] koji01.phx2.fedoraproject.org koji02.phx2.fedoraproject.org -s390-koji01.s390.fedoraproject.org [koji-stg] koji01.stg.phx2.fedoraproject.org @@ -942,7 +935,6 @@ virthost-comm01.qa.fedoraproject.org virthost-comm02.qa.fedoraproject.org virthost-comm03.qa.fedoraproject.org virthost-comm04.qa.fedoraproject.org -virthost-s390.s390.fedoraproject.org [wiki-stg] wiki01.stg.phx2.fedoraproject.org @@ -966,7 +958,6 @@ zanata2fedmsg01.phx2.fedoraproject.org [fedmsg-qa-network] retrace01.qa.fedoraproject.org retrace02.qa.fedoraproject.org -s390-koji01.s390.fedoraproject.org resultsdb01.qa.fedoraproject.org openqa01.qa.fedoraproject.org openqa-ppc64le-01.qa.fedoraproject.org diff --git a/playbooks/groups/buildvm.yml b/playbooks/groups/buildvm.yml index e6553050f3..33d35ddb99 100644 --- a/playbooks/groups/buildvm.yml +++ b/playbooks/groups/buildvm.yml @@ -3,10 +3,10 @@ # NOTE: make sure there is room/space for this builder on the buildvmhost # NOTE: most of these vars_path come from group_vars/buildvm or from hostvars -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=buildvm:buildvm-stg:buildvm-aarch64:buildvm-armv7:buildvm-ppc64:buildvm-ppc64le:buildvm-s390:buildvm-ppc64-stg:buildvm-ppc64le-stg:buildvm-aarch64-stg:buildvm-armv7-stg" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=buildvm:buildvm-stg:buildvm-aarch64:buildvm-armv7:buildvm-ppc64:buildvm-ppc64le:buildvm-ppc64-stg:buildvm-ppc64le-stg:buildvm-aarch64-stg:buildvm-armv7-stg" - name: make koji builder(s) - hosts: buildvm:buildvm-stg:buildvm-aarch64:buildvm-armv7:buildvm-ppc64:buildvm-ppc64le:buildvm-s390:buildvm-ppc64-stg:buildvm-ppc64le-stg:buildvm-aarch64-stg:buildvm-armv7-stg:buildvm-s390x:buildvm-s390x-stg + hosts: buildvm:buildvm-stg:buildvm-aarch64:buildvm-armv7:buildvm-ppc64:buildvm-ppc64le:buildvm-ppc64-stg:buildvm-ppc64le-stg:buildvm-aarch64-stg:buildvm-armv7-stg:buildvm-s390x:buildvm-s390x-stg user: root gather_facts: True diff --git a/playbooks/groups/postgresql-server.yml b/playbooks/groups/postgresql-server.yml index 749e0b84f2..c30946008b 100644 --- a/playbooks/groups/postgresql-server.yml +++ b/playbooks/groups/postgresql-server.yml @@ -2,12 +2,12 @@ # NOTE: should be used with --limit most of the time # NOTE: most of these vars_path come from group_vars/backup_server or from hostvars -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=db-datanommer02.phx2.fedoraproject.org:db-qa01.qa.fedoraproject.org:db-koji01.phx2.fedoraproject.org:db-fas01.stg.phx2.fedoraproject.org:db-fas01.phx2.fedoraproject.org:db01.phx2.fedoraproject.org:db01.stg.phx2.fedoraproject.org:db-s390-koji01.s390.fedoraproject.org:db-qa02.qa.fedoraproject.org:db-koji01.stg.phx2.fedoraproject.org" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=db-datanommer02.phx2.fedoraproject.org:db-qa01.qa.fedoraproject.org:db-koji01.phx2.fedoraproject.org:db-fas01.stg.phx2.fedoraproject.org:db-fas01.phx2.fedoraproject.org:db01.phx2.fedoraproject.org:db01.stg.phx2.fedoraproject.org:db-qa02.qa.fedoraproject.org:db-koji01.stg.phx2.fedoraproject.org" # Once the instance exists, configure it. - name: configure postgresql server system - hosts: db-datanommer02.phx2.fedoraproject.org:db-qa01.qa.fedoraproject.org:db-koji01.phx2.fedoraproject.org:db-fas01.stg.phx2.fedoraproject.org:db-fas01.phx2.fedoraproject.org:db01.phx2.fedoraproject.org:db01.stg.phx2.fedoraproject.org:db-s390-koji01.s390.fedoraproject.org:db-qa02.qa.fedoraproject.org:db-koji01.stg.phx2.fedoraproject.org + hosts: db-datanommer02.phx2.fedoraproject.org:db-qa01.qa.fedoraproject.org:db-koji01.phx2.fedoraproject.org:db-fas01.stg.phx2.fedoraproject.org:db-fas01.phx2.fedoraproject.org:db01.phx2.fedoraproject.org:db01.stg.phx2.fedoraproject.org:db-qa02.qa.fedoraproject.org:db-koji01.stg.phx2.fedoraproject.org user: root gather_facts: True diff --git a/playbooks/groups/releng-compose.yml b/playbooks/groups/releng-compose.yml index cbafe4278c..15a2b89e14 100644 --- a/playbooks/groups/releng-compose.yml +++ b/playbooks/groups/releng-compose.yml @@ -3,7 +3,7 @@ # NOTE: make sure there is room/space for this instance on the buildvmhost # NOTE: most of these vars_path come from group_vars/releng or from hostvars -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=releng-compose:releng-stg:compose-s390-01.s390.fedoraproject.org" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=releng-compose:releng-stg - name: Setup releng compose hosts hosts: releng-compose:releng-secondary:releng-stg diff --git a/roles/koji_hub/tasks/main.yml b/roles/koji_hub/tasks/main.yml index afefa8ab45..281e68b625 100644 --- a/roles/koji_hub/tasks/main.yml +++ b/roles/koji_hub/tasks/main.yml @@ -139,96 +139,6 @@ - koji_hub when: env != 'staging' and ansible_hostname.startswith('koji') -# -# install production s390 certs and keys -# -- name: install s390 kojiweb_cert_key.pem - copy: src={{ private }}/files/koji/s390.koji.fedoraproject.org_key_and_cert.pem dest=/etc/pki/tls/private/kojiweb_cert_key.pem owner=apache mode=600 - notify: - - reload httpd - tags: - - config - - koji_hub - when: ansible_hostname.startswith('s390') - -- name: install s390 production koji_cert.pem - copy: src={{ private }}/files/koji/s390_koji_cert.pem dest=/etc/pki/tls/certs/koji_cert.pem owner=apache mode=600 - notify: - - reload httpd - tags: - - config - - koji_hub - when: ansible_hostname.startswith('s390') - -- name: install s390 production koji_key.pem - copy: src={{ private }}/files/koji/s390_koji_key.pem dest=/etc/pki/tls/private/koji_key.pem owner=apache mode=600 - notify: - - reload httpd - tags: - - config - - koji_hub - when: ansible_hostname.startswith('s390') -# -# install production arm certs and keys -# -- name: install arm kojiweb_cert_key.pem - copy: src={{ private }}/files/koji/arm.koji.fedoraproject.org_key_and_cert.pem dest=/etc/pki/tls/private/kojiweb_cert_key.pem owner=apache mode=600 - notify: - - reload httpd - tags: - - config - - koji_hub - when: ansible_hostname.startswith('arm') - -- name: install arm production koji_cert.pem - copy: src={{ private }}/files/koji/arm_koji_cert.pem dest=/etc/pki/tls/certs/koji_cert.pem owner=apache mode=600 - notify: - - reload httpd - tags: - - config - - koji_hub - when: ansible_hostname.startswith('arm') - -- name: install arm production koji_key.pem - copy: src={{ private }}/files/koji/arm_koji_key.pem dest=/etc/pki/tls/private/koji_key.pem owner=apache mode=600 - notify: - - reload httpd - tags: - - config - - koji_hub - when: ansible_hostname.startswith('arm') - -# -# install production ppc certs and keys -# - -- name: install ppc kojiweb_cert_key.pem - copy: src={{ private }}/files/koji/ppc.koji.fedoraproject.org_key_and_cert.pem dest=/etc/pki/tls/private/kojiweb_cert_key.pem owner=apache mode=600 - notify: - - reload httpd - tags: - - config - - koji_hub - when: ansible_hostname.startswith('ppc') - -- name: install ppc production koji_cert.pem - copy: src={{ private }}/files/koji/ppc_koji_cert.pem dest=/etc/pki/tls/certs/koji_cert.pem owner=apache mode=600 - notify: - - reload httpd - tags: - - config - - koji_hub - when: ansible_hostname.startswith('ppc') - -- name: install ppc production koji_key.pem - copy: src={{ private }}/files/koji/ppc_koji_key.pem dest=/etc/pki/tls/private/koji_key.pem owner=apache mode=600 - notify: - - reload httpd - tags: - - config - - koji_hub - when: ansible_hostname.startswith('ppc') - # # install staging certs and keys # diff --git a/roles/koji_hub/templates/hub.conf.j2 b/roles/koji_hub/templates/hub.conf.j2 index ed99cd3b68..3645e86ac6 100644 --- a/roles/koji_hub/templates/hub.conf.j2 +++ b/roles/koji_hub/templates/hub.conf.j2 @@ -3,7 +3,6 @@ ## Basic options ## DBName = koji DBUser = koji -{% if inventory_hostname.startswith('koji') %} {% if env == "staging" %} DBHost = db-koji01 {% else %} @@ -16,22 +15,6 @@ ProxyPrincipals = modularity@STG.FEDORAPROJECT.ORG,HTTP/koji.stg.fedoraproject.o {% else %} ProxyPrincipals = HTTP/koji.fedoraproject.org@FEDORAPROJECT.ORG,sigul/sign-bridge01.phx2.fedoraproject.org@FEDORAPROJECT.ORG {% endif %} -{% elif inventory_hostname == 's390-koji01.s390.fedoraproject.org' %} -DBHost = db-s390-koji01.s390.fedoraproject.org -DBPass = {{ s390kojiPassword }} -AuthPrincipal = host/s390.koji.fedoraproject.org -ProxyPrincipals = HTTP/koji.fedoraproject.org@FEDORAPROJECT.ORG,sigul/secondary-bridge01.phx2.fedoraproject.org@FEDORAPROJECT.ORG -{% elif inventory_hostname == 'arm-koji01.qa.fedoraproject.org' %} -DBHost = db-arm-koji01.qa.fedoraproject.org -DBPass = {{ armkojiPassword }} -AuthPrincipal = host/arm.koji.fedoraproject.org -ProxyPrincipals = HTTP/koji.fedoraproject.org@FEDORAPROJECT.ORG,sigul/secondary-bridge01.phx2.fedoraproject.org@FEDORAPROJECT.ORG -{% elif inventory_hostname == 'ppc-koji01.ppc.fedoraproject.org' %} -DBHost = db-ppc-koji01.ppc.fedoraproject.org -DBPass = {{ ppckojiPassword }} -AuthPrincipal = host/ppc.koji.fedoraproject.org -ProxyPrincipals = HTTP/koji.fedoraproject.org@FEDORAPROJECT.ORG,sigul/secondary-bridge01.phx2.fedoraproject.org@FEDORAPROJECT.ORG -{% endif %} KojiDir = /mnt/koji MemoryWarnThreshold = 10000 MaxRequestLength = 167772160 @@ -50,16 +33,8 @@ AuthKeytab = /etc/koji-hub/koji-hub.keytab ## the client username is the common name of the subject of their client certificate DNUsernameComponent = CN -{% if inventory_hostname.startswith('koji') %} ## separate multiple DNs with | ProxyDNs = emailAddress=buildsys@fedoraproject.org,CN=kojiweb,OU=Fedora Builders,O=Fedora Project,ST=North Carolina,C=US|emailAddress=releng@fedoraproject.org,CN=sign-bridge1,OU=Package Signing,O=Fedora Project,ST=North Carolina,C=US -{% elif inventory_hostname == 's390-koji01.s390.fedoraproject.org' %} -ProxyDNs = /C=US/ST=North Carolina/O=Fedora Project/OU=Fedora Builders/CN=s390.koji.fedoraproject.org/emailAddress=buildsys@fedoraproject.org|emailAddress=buildsys@fedoraproject.org,CN=secondary-signer,OU=Fedora Builders,O=Fedora Project,ST=North Carolina,C=US -{% elif inventory_hostname == 'arm-koji01.qa.fedoraproject.org' %} -ProxyDNs = /C=US/ST=North Carolina/O=Fedora Project/OU=Fedora Builders/CN=arm.koji.fedoraproject.org/emailAddress=buildsys@fedoraproject.org|emailAddress=buildsys@fedoraproject.org,CN=secondary-signer,OU=Fedora Builders,O=Fedora Project,ST=North Carolina,C=US -{% elif inventory_hostname == 'ppc-koji01.ppc.fedoraproject.org' %} -ProxyDNs = /C=US/ST=North Carolina/O=Fedora Project/OU=Buildsys/CN=ppc.koji.fedoraproject.org/emailAddress=ppc@fedoraproject.org|/C=US/ST=North Carolina/O=Fedora Project/OU=Fedora Builders/CN=secondary-signer/emailAddress=buildsys@fedoraproject.org|emailAddress=buildsys@fedoraproject.org,CN=secondary-signer,OU=Fedora Builders,O=Fedora Project,ST=North Carolina,C=US -{% endif %} ## end SSL client certificate auth configuration @@ -67,15 +42,7 @@ ProxyDNs = /C=US/ST=North Carolina/O=Fedora Project/OU=Buildsys/CN=ppc.koji.fedo ## Other options ## LoginCreatesUser = On -{% if inventory_hostname.startswith('koji') %} KojiWebURL = http://koji.fedoraproject.org/koji -{% elif inventory_hostname == 's390-koji01.s390.fedoraproject.org' %} -KojiWebURL = http://s390.koji.fedoraproject.org/koji -{% elif inventory_hostname == 'arm-koji01.qa.fedoraproject.org' %} -KojiWebURL = http://arm.koji.fedoraproject.org/koji -{% elif inventory_hostname == 'ppc-koji01.ppc.fedoraproject.org' %} -KojiWebURL = http://ppc.koji.fedoraproject.org/koji -{% endif %} # The domain name that will be appended to Koji usernames # when creating email notifications EmailDomain = fedoraproject.org diff --git a/roles/koji_hub/templates/kojihub.conf.j2 b/roles/koji_hub/templates/kojihub.conf.j2 index 2b38551625..10e7de8a3c 100644 --- a/roles/koji_hub/templates/kojihub.conf.j2 +++ b/roles/koji_hub/templates/kojihub.conf.j2 @@ -12,28 +12,12 @@ Alias /kojihub /usr/share/koji-hub/kojixmlrpc.py Require all granted -{% if inventory_hostname == 'arm-koji01.qa.fedoraproject.org' or inventory_hostname == 'ppc-koji01.ppc.fedoraproject.org' or inventory_hostname == 's390-koji01.s390.fedoraproject.org' %} -# Also serve /mnt/koji -Alias /kojifiles "/mnt/koji/" - - - Options Indexes FollowSymLinks - AllowOverride None - Order allow,deny - Allow from all - -{% endif %} - AuthType GSSAPI GssapiSSLonly Off GssapiLocalName On AuthName "GSSAPI Single Sign On Login" - {% if fedmsg_koji_instance == "primary" %} - GssapiCredStore keytab:/etc/koji-hub/gssapi.keytab - {% else %} - GssapiCredStore keytab:/etc/krb5.HTTP_{{ fedmsg_koji_instance }}.koji.fedoraproject.org.keytab - {% endif %} + GssapiCredStore keytab:/etc/koji-hub/gssapi.keytab Require valid-user diff --git a/roles/koji_hub/templates/kojiweb.conf.j2 b/roles/koji_hub/templates/kojiweb.conf.j2 index 4e7eb3ceba..82201847f7 100644 --- a/roles/koji_hub/templates/kojiweb.conf.j2 +++ b/roles/koji_hub/templates/kojiweb.conf.j2 @@ -65,42 +65,6 @@ Alias /buildgroups "/mnt/koji/buildgroups/" Require all granted -{% if inventory_hostname.startswith('koji') and env == "production" %} # use redirects for compose and packages locations RewriteRule ^/compose(.+) https://kojipkgs.fedoraproject.org/compose$1 [R=301,L] RewriteRule ^/packages(.+) https://kojipkgs.fedoraproject.org/packages$1 [R=301,L] -{% else %} -Alias /compose "/mnt/koji/compose/" - - - Options Indexes FollowSymLinks - Require all granted - - -Alias /packages "/mnt/koji/packages/" - - - Options Indexes FollowSymLinks - Require all granted - - -# use redirects for compose and packages locations to be consistent with primary hub -{% if inventory_hostname == 'arm-koji01.qa.fedoraproject.org' %} -# Disable these for now since there's a cert issue and no virtual host definition to redirect to -# We need to either add a apache virthost and a proper cert or a seperate vm for packages. -#RewriteRule ^/compose(.+) http://arm.koji.fedoraproject.org/compose$1 [R=301,L] -#RewriteRule ^/packages(.+) http://arm.koji.fedoraproject.org/packages$1 [R=301,L] -{% endif %} -{% if inventory_hostname == 'ppc-koji01.ppc.fedoraproject.org' %} -# Disable these for now since there's a cert issue and no virtual host definition to redirect to -# We need to either add a apache virthost and a proper cert or a seperate vm for packages. -#RewriteRule ^/compose(.+) http://ppc.koji.fedoraproject.org/compose$1 [R=301,L] -#RewriteRule ^/packages(.+) http://ppc.koji.fedoraproject.org/packages$1 [R=301,L] -{% endif %} -{% if inventory_hostname == 's390-koji01.qa.fedoraproject.org' %} -# Disable these for now since there's a cert issue and no virtual host definition to redirect to -# We need to either add a apache virthost and a proper cert or a seperate vm for packages. -#RewriteRule ^/compose(.+) https://s390pkgs.fedoraproject.org/compose$1 [R=301,L] -#RewriteRule ^/packages(.+) https://s390pkgs.fedoraproject.org/packages$1 [R=301,L] -{% endif %} -{% endif %} diff --git a/roles/koji_hub/templates/web.conf.j2 b/roles/koji_hub/templates/web.conf.j2 index 085807b88c..180edb2912 100644 --- a/roles/koji_hub/templates/web.conf.j2 +++ b/roles/koji_hub/templates/web.conf.j2 @@ -6,15 +6,6 @@ SiteName = koji {% if env == 'staging' %} KojiHubURL = https://koji.stg.fedoraproject.org/kojihub KojiFilesURL = https://kojipkgs.stg.fedoraproject.org/ -{% elif inventory_hostname == 's390-koji01.s390.fedoraproject.org' %} -KojiHubURL = https://s390.koji.fedoraproject.org/kojihub -KojiFilesURL = https://s390.koji.fedoraproject.org/kojifiles -{% elif inventory_hostname == 'arm-koji01.qa.fedoraproject.org' %} -KojiHubURL = https://arm.koji.fedoraproject.org/kojihub -KojiFilesURL = https://arm.koji.fedoraproject.org/kojifiles -{% elif inventory_hostname == 'ppc-koji01.ppc.fedoraproject.org' %} -KojiHubURL = https://ppc.koji.fedoraproject.org/kojihub -KojiFilesURL = https://ppc.koji.fedoraproject.org/kojifiles {% else %} KojiHubURL = https://koji.fedoraproject.org/kojihub KojiFilesURL = https://kojipkgs.fedoraproject.org/