This `[0:]` syntax doesn't seem to be correct. iptables 1.8.10
errors out on encountering it, saying:
invalid policy counters for chain 'PREROUTING'
this seems to be because the check was tightened between 1.8.9
and 1.8.10 to apply even when iptables is not actively restoring
the counters:
https://git.netfilter.org/iptables/commit/?id=4a2b2008fdf4df980433f99a6d8f2003f2005296
I think these are all meant to be 0:0, so let's make them that
and stop iptables choking.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
The latest import failed due to "ERROR: Unable to create local
directories(/.ansible/tmp): [Errno 13] Permission denied: b'/.ansible'".
Which implies the code is being executed from `/`, despite the WORKDIR
variable being set in the container image--I suspect this is a quirk of
kube/openshift that was not expected.
This change sets the workingDir to /srv/cloud-uploader, as specified in
the Containerfile, which should resolve the execution error.
Signed-off-by: Neil Hanlon <neil@shrug.pw>
This crawler is doing about 2M requests a day to
lists.fedoraproject.org. This is causing db load on db01, causing
services to have issues.
So, block them here for now, but we may want to block them elsewhere
too.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
There were folks on site this week to rack new machines/pull old
machines, and unfortunately we don't really have much control over when
this happens based on our freeze, so I am just pushing this as part of
the 'do whats required to handle an outage'.
We did the following changes:
- removed old autosign01 (was out of service as we moved to autosign02 a
while ago)
- removed vmhost-x86-08/09. We also want to migrate off 07 soon and
remove it next visit. A new vmhost-x86-08 is installed to replace
these 3.
- removed vmhost-x86-03/04.stg. Added new vmhost-x86-01.stg to replace
them both.
- added a new kernel02 to replace kernel01 the next onsite trip.
This machine still needs switch ports configured.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This will ensure that people don't "accidentally" export their staging
badges to their official backpack.
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
env renders to "production" which is not what messages are published
under ("prod"). Match what other apps are doing and just use a wildcard
so it'll match anything. Since prod and stage are separate brokers this
is fine.
The image needs to be replicated to a region to be usable in that
region. It's likely we'll want to expand this list and potentially add
logic to the uploader to not replicate nightly images until they are
promoted to the latest image in the stream so I've templated it it
in the configuration.
Storage account names need to be globally unique. It seems fedoraimages
was already taken, so I've adjusted it to one that's not taken. It's
only used to import the images so the name doesn't really matter.
