diff --git a/.ansible-lint b/.ansible-lint deleted file mode 100644 index 397b347d2c..0000000000 --- a/.ansible-lint +++ /dev/null @@ -1,68 +0,0 @@ ---- -# .ansible-lint -# exclude_paths included in this file are parsed relative to this file's location -# and not relative to the CWD of execution. CLI arguments passed to the --exclude -# option will be parsed relative to the CWD of execution. -exclude_paths: - - .cache/ # implicit unless exclude_paths is defined in config - - cache_plugins - - callback_plugins - - files - - filter_plugins - - handlers - - library - - scripts - # Ignore playbooks with strange error happening in - - playbooks/groups/copr-db.yml - # Some playbooks contains hardcoded paths, so exclude them from check - - playbooks/list-vms-per-host.yml - - playbooks/set_root_auth_keys.yml - - playbooks/update-proxy-dns.yml - - playbooks/update_ticketkey.yml - - playbooks/vhost_reboot.yml - - playbooks/vhost_update_reboot.yml -# parseable: true -# quiet: true -# verbosity: 1 - -# Mock modules or roles in order to pass ansible-playbook --syntax-check -mock_modules: - - include_playbook -# - zuul_return -# # note the foo.bar is invalid as being neither a module or a collection -# - fake_namespace.fake_collection.fake_module -# - fake_namespace.fake_collection.fake_module.fake_submodule -mock_roles: - - linux-system-roles.network - -use_default_rules: true -# Load custom rules from this specific folder -# rulesdir: -# - ./rule/directory/ - -# Offline mode disables installation of requirements.yml -offline: true - -# Define required Ansible's variables to satisfy syntax check -extra_vars: - target: localhost - vhost: localhost -# multiline_string_variable: | -# line1 -# line2 -# complex_variable: ":{;\t$()" - -# List of additional kind:pattern to be added at the top of the default -# match list, first match determines the file kind. -kinds: - # - playbook: "**/examples/*.{yml,yaml}" - # - galaxy: "**/folder/galaxy.yml" - - tasks: "**/tasks/*.yml" - - vars: "**/vars/*.yml" - # - meta: "**/meta/main.yml" - - yaml: "**/*.yaml-too" - -skip_list: - - yaml - - role-name[path] - - var-naming[no-role-prefix] diff --git a/.gitignore b/.gitignore index 3a14f17b97..b94898552f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,2 @@ *.swp *.pyc - -# emacs projectile -.projectile diff --git a/.mailmap b/.mailmap deleted file mode 100644 index af8eb2f941..0000000000 --- a/.mailmap +++ /dev/null @@ -1,5 +0,0 @@ -Rick Elrod -Rick Elrod Ricky Elrod -Rick Elrod Ricky Elrod - -# ... others go here ... diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml deleted file mode 100644 index 4e63c40921..0000000000 --- a/.pre-commit-config.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# See https://pre-commit.com for more information -# See https://pre-commit.com/hooks.html for more hooks -repos: - -# - repo: https://github.com/pre-commit/pre-commit-hooks -# rev: v3.2.0 -# hooks: -# - id: trailing-whitespace -# - id: end-of-file-fixer -# - id: check-yaml -# - id: check-added-large-files - -- repo: https://github.com/adrienverge/yamllint - rev: v1.35.1 - hooks: - - id: yamllint - -# - repo: https://github.com/ansible/ansible-lint -# rev: v24.12.1 -# hooks: -# - id: ansible-lint diff --git a/.yamllint.yaml b/.yamllint.yaml deleted file mode 100644 index b5251e97f3..0000000000 --- a/.yamllint.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -extends: default - -rules: - comments: - min-spaces-from-content: 1 - level: error - comments-indentation: false - braces: - max-spaces-inside: 1 - document-start: - level: error - octal-values: - forbid-implicit-octal: true - forbid-explicit-octal: true - indentation: - spaces: 2 - indent-sequences: whatever - level: warning - line-length: disable - # line-length: - # max: 100 - # level: warning - truthy: - allowed-values: ['true', 'false', 'yes', 'no'] -... diff --git a/.zuul.yaml b/.zuul.yaml deleted file mode 100644 index 7a02e6f580..0000000000 --- a/.zuul.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- project: - check: - jobs: - - fi-ansible-lint-diff - - fi-yamllint-diff diff --git a/CONVENTIONS b/CONVENTIONS index 67eea24aac..f6c2eec65a 100644 --- a/CONVENTIONS +++ b/CONVENTIONS @@ -9,7 +9,7 @@ Playbook naming =============== The top level playbooks directory should contain: -* Playbooks that are generic and used by several groups/hosts playbooks +* Playbooks that are generic and used by serveral groups/hosts playbooks * Playbooks used for utility purposes from command line * Groups and Hosts subdirs. @@ -23,7 +23,7 @@ specific function. Examples: host update, vhost update, vhost reboot. The playbooks/groups/ directory should contain one playbook per group. This should be used in the case of multiple machines/instances in a group. MUST include a hosts entry that describes the hosts in the group. -Examples: packages, proxy, virthost, etc. +Examples: packages, proxy, unbound, virthost, etc. Try and be descriptive with the name here. The playbooks/hosts/ directory should contain one playbook per 'host' @@ -95,7 +95,7 @@ We would like to get ansible running over hosts in an automated way. A git hook could do this. * On commit: - If we have a way to determine exactly what hosts are affected by a + If we have a way to detemine exactly what hosts are affected by a change we could simply run only on those hosts. We might want a short delay (10m) to allow someone to see a problem diff --git a/README b/README deleted file mode 120000 index 42061c01a1..0000000000 --- a/README +++ /dev/null @@ -1 +0,0 @@ -README.md \ No newline at end of file diff --git a/README b/README new file mode 100644 index 0000000000..0ba9470733 --- /dev/null +++ b/README @@ -0,0 +1,245 @@ +== ansible repository/structure == + +files - files and templates for use in playbooks/tasks + - subdirs for specific tasks/dirs highly recommended + +inventory - where the inventory and additional vars is stored + - All files in this directory in ini format + - added together for total inventory + group_vars: + - per group variables set here in a file per group + host_vars: + - per host variables set here in a file per host + +library - library of custom local ansible modules + +playbooks - collections of plays we want to run on systems + +tasks - snippets of tasks that should be included in plays + +roles - specific roles to be use in playbooks. + Each role has it's own files/templates/vars + +== Paths == + +public path for everything is: + + /srv/web/infra/ansible + +private path - which is sysadmin-main accessible only is: + + /srv/private/ansible + +In general to run any ansible playbook you will want to run: + +sudo -i ansible-playbook /path/to/playbook.yml + +== Cloud information == + +cloud instances: +to startup a new cloud instance and configure for basic server use run (as +root): + +el6: +sudo -i ansible-playbook /srv/web/infra/ansible/playbooks/el6_temp_instance.yml + +f19: +sudo -i ansible-playbook /srv/web/infra/ansible/playbooks/f19_temp_instance.yml + + +The -i is important - ansible's tools need access to root's sshagent as well +as the cloud credentials to run the above playbooks successfully. + +This will setup a new instance, provision it and email sysadmin-main that +the instance was created, it's instance id (for terminating it, attaching +volumes, etc) and it's ip address. + +You will then be able to login, as root. + +You can add various extra vars to the above commands to change the instance +you've just spun up. + +variables to define: +instance_type=c1.medium +security_group=default +root_auth_users='username1 username2 @groupname' +hostbase=basename for hostname - will have instance id appended to it + + +define these with: + +--extra-vars="varname=value varname1=value varname2=value" + +Name Memory_MB Disk VCPUs +m1.tiny 512 0 1 +m1.small 2048 20 1 +m1.medium 4096 40 2 +m1.large 8192 80 4 +m1.xlarge 16384 160 8 +m1.builder 5120 50 3 + +Setting up a new persistent cloud host: +1. select an ip: + source /srv/private/ansible/files/openstack/persistent-admin/ec2rc.sh + euca-describe-addresses + - pick an ip from the list that is not assigned anywhere + - add it into dns - normally in the cloud.fedoraproject.org but it doesn't + have to be + +2. If needed create a persistent storage disk for the instance: + source /srv/private/ansible/files/openstack/persistent-admin/ec2rc.sh + euca-create-volume -z nova -s + + +3. set up the host/ip in ansible host inventory + - add to ansible/inventory/inventory under [persistent-cloud] + - either the ip itself or the hostname you want to refer to it as + +4. setup the host_vars + - create file named by the hostname or ip you used in the inventory + - for adding persistent volumes add an entry like this into the host_vars file + + volumes: ['-d /dev/vdb vol-BCA33FCD', '-d /dev/vdc vol-DC833F48'] + + for each volume you want to attach to the instance. + + The device names matter - they start at /dev/vdb and increment. However, + they are not reliable IN the instance. You should find the device, partition + it, format it and label the formatted device then mount the device by label + or by UUID. Do not count on the device name being the same each time. + + +Contents should look like this (remove all the comments) + +--- +# 2cpus, 3GB of ram 20GB of ephemeral space +instance_type: m1.large +# image id +image: emi-B8793915 +keypair: fedora-admin +# what security group to add the host to +security_group: webserver +zone: fedoracloud +# instance id will be appended +hostbase: hostname_base- +# ip should be in the 209.132.184.XXX range +public_ip: $ip_you_selected +# users/groups who should have root ssh access +root_auth_users: skvidal bkabrda +description: some description so someone else can know what this is + +The available images can be found by running:: + source /srv/private/ansible/files/openstack/persistent-admin/ec2rc.sh + euca-describe-images | grep ami + +4. setup a host playbook ansible/playbooks/hosts/$YOUR_HOSTNAME_HERE.yml + Note: the name of this file doesn't really matter but it should normally + be the hostname of the host you're setting up. + +- name: check/create instance + hosts: $YOUR_HOSTNAME/IP HERE + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + + tasks: + - include: "{{ tasks }}/persistent_cloud.yml" + +- name: provision instance + hosts: $YOUR_HOSTNAME/IP HERE + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars//{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/cloud_setup_basic.yml + # fill in other actions/includes/etc here + + handlers: + - include: "{{ handlers }}/restart_services.yml + + +5. add/commit the above to the git repo and push your changes + + +6. set it up: + sudo -i ansible-playbook /srv/web/infra/ansible/playbooks/hosts/$YOUR_HOSTNAME_HERE.yml + +7. login, etc + +You should be able to run that playbook over and over again safely, it will +only setup/create a new instance if the ip is not up/responding. + +SECURITY GROUPS +- to edit security groups you must either have your own cloud account or + be a member of sysadmin-main + +This gives you the credential to change things in the persistent tenant +- source /srv/private/ansible/files/openstack/persistent-admin/ec2rc.sh + + +This lists all security groups in that tenant: +- euca-describe-groups | grep GROUP + +the output will look like this: +euca-describe-groups | grep GROU +GROUP d4e664a10e2c4210839150be09c46e5e default default +GROUP d4e664a10e2c4210839150be09c46e5e jenkins jenkins instance group +GROUP d4e664a10e2c4210839150be09c46e5e logstash logstash security group +GROUP d4e664a10e2c4210839150be09c46e5e smtpserver list server group. needs web and smtp +GROUP d4e664a10e2c4210839150be09c46e5e webserver webserver security group +GROUP d4e664a10e2c4210839150be09c46e5e wideopen wideopen + + +This lets you list the rules in a specific group: +- euca-describe-group groupname + +the output will look like this: + +euca-describe-group wideopen +GROUP d4e664a10e2c4210839150be09c46e5e wideopen wideopen +PERMISSION d4e664a10e2c4210839150be09c46e5e wideopen ALLOWS tcp 1 65535 FROM CIDR 0.0.0.0/0 +PERMISSION d4e664a10e2c4210839150be09c46e5e wideopen ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0 + + +To create a new group: +euca-create-group -d "group description here" groupname + +To add a rule to a group: +euca-authorize -P tcp -p 22 groupname +euca-authorize -P icmp -t -1:-1 groupname + +To delete a rule from a group: +euca-revoke -P tcp -p 22 groupname + +Notes: +- Be careful removing or adding rules to existing groups b/c you could be +impacting other instances using that security group. + +- You will almost always want to allow 22/tcp (sshd) and icmp -1 -1 (ping +and traceroute and friends). + + + + +TERMINATING INSTANCES + +For transient: +1. source /srv/private/ansible/files/openstack/transient-admin/ec2rc.sh + + - OR - + +For persistent: +1. source /srv/private/ansible/files/openstack/persistent-admin/ec2rc.sh + +2. euca-describe-instances | grep + +3. euca-terminate-instances + diff --git a/README.md b/README.md deleted file mode 100644 index 063a913353..0000000000 --- a/README.md +++ /dev/null @@ -1,143 +0,0 @@ -Fedora Infrastructure -===================== - -Welcome! This is the Fedora Infrastructure Ansible Pagure project. - -Pull requests and forks can be made against this repository hosted -at https://pagure.io/fedora-infra/ansible - -This repository is also mirrored for production runs to -https://infrastructure.fedoraproject.org/infra/ansible/ -but this is the working repository where changes are made. - -If you would like to help out with Fedora Infrastructure, see: - -* https://docs.fedoraproject.org/en-US/infra/gettingstarted/ -* https://docs.fedoraproject.org/en-US/infra/apprentice/ - -Ansible repository/structure ----------------------------- - -``` -files - files and templates for use in playbooks/tasks - - subdirs for specific tasks/dirs highly recommended - -inventory - where the inventory and additional vars is stored - - All files in this directory in ini format - - added together for total inventory - group_vars: - - per group variables set here in a file per group - host_vars: - - per host variables set here in a file per host - -library - library of custom local ansible modules - -playbooks - collections of plays we want to run on systems - - groups: groups of hosts configured from one playbook. - - hosts: playbooks for single hosts. - - manual: playbooks that are only run manually by an admin as needed. - -tasks - snippets of tasks that should be included in plays - -roles - specific roles to be use in playbooks. - Each role has it's own files/templates/vars - -filter_plugins - Jinja filters - -main.yml - This is the main playbook, consisting of all - current group and host playbooks. Note that the - daily cron doesn't run this, it runs even over - playbooks that are not yet included in main. - This playbook is usefull for making changes over - multiple groups/hosts usually with -t (tag). -``` - -Paths ------ - -The public path on batcave01 (our control host) for everything is `/srv/web/infra/ansible` - -The private path on batcave01 (our control host) (which is sysadmin-main accessible only) -is `/srv/private/ansible` - -In general to run any ansible playbook you will want to run: - -``` -sudo -i ansible-playbook /path/to/playbook.yml -``` - -(On batcave01, our control host) - -Scheduled check-diff --------------------- - -Every night a cron job runs over all playbooks under `playbooks/{groups}{hosts}` -with `ansible --check --diff`. A report from this is sent to sysadmin-logs. -In the ideal state this report would be empty. - -Idempotency ------------ - -All playbooks should be idempotent. Ie, if run once they should bring the -machine(s) to the desired state, and if run again N times after that they should -make 0 changes (because the machine(s) are in the desired state). -Please make sure your playbooks are idempotent. - -Can be run anytime ------------------- - -When a playbook or change is checked into ansible you should assume -that it could be run at ***ANY TIME***. Always make sure the checked in state -is the desired state. Always test changes when they land so they don't -surprise you later. - -Contributing and Licensing --------------------------- - -Contributions to this repository are subject to the Fedora Project -Contributor Agreement. If no license is specified, the MIT license is used, otherwise -the contribution is under the specified acceptable Fedora License. -See https://docs.fedoraproject.org/en-US/legal/fpca/ -for more information. - -Contributing Pull Requests --------------------------- - -If found a way to improve this repository or fix an issue found in our -infrastructure tracker (see https://pagure.io/fedora-infrastructure/issues) -open a pull-request. - -You either should have capability to run the playbooks after they have been reviewed, -and merged or find the person responsible and work with them to make sure the changes -will be aplied afterwards. - -We are currently working on a simple to use list of Point Of Contanct people for the applications -here, untill it is done, you can, look at people that recently edited the ansible files, -or if you belong to sysadmin group, view the /etc/ansible_utils/rbac.yaml located on batcave01, -where you can see the groups of people that have capabilities to run the relevant playbooks. - -For example, to upgrade Release Monitoring, you need to run playbook openshift-apps/release-monitoring.yaml. -People in sysadmin-releasemonitoring have that capability, and you cand find the members in https://accounts.fedoraproject.org/group/sysadmin-releasemonitoring/ - -If the application in question is not on the critical path it should be sufficient, -if person responsible for the application reviews the PR. - -If the files in question are on the critical path, that are necessary for functioning packager workflow, -at least two different people should review the PR. - -If there is any risk at all, that the application of the changes would induce downtime, -work closely with other to ensure that the downtime is properly scheduled: - -- there is an issue in https://pagure.io/fedora-infrastructure/issues specifying the downtime -- there is an email sent to the devel-list -- https://status.fedoraproject.org is updated (see https://docs.fedoraproject.org/en-US/infra/sysadmin_guide/status-fedora/) - -Applications on critical path: pagure, mirrormanager, toddlers, bodhi, noggin, mdapi, rpmautospec, -pagure-dist-git, mirror_from_pagure, fedora-messaging, dist-git, PDC/FPDC, FMN, sigul -robosignatory, tag2distrepo, ci-resultsdb-listener, stylo, mirrorlist -resultsdb, Nagios, koschei, wiki / mediawiki, wiki / moin, waiverdb, -greenwave, ODCS, Mailman3 / HK, mailman 2, OSBS, pungi, koji, MBS, -IPA, rabbitmq, geoip,ipsilon diff --git a/STYLEGUIDE b/STYLEGUIDE deleted file mode 100644 index bdbadd27ea..0000000000 --- a/STYLEGUIDE +++ /dev/null @@ -1,20 +0,0 @@ -infrastructure ansible style guide -================================== - -* Use 'yml' instead of 'yaml' - -* do add '.j2' to the end of templates - -* in general let readablity trump grepability, i.e.: - -DONT: -- name: This is some play - module: name=thing arg=thing2 anotherlongerarg=thing arg4=anodheranth - -DO: -- name: This is some play - module: - - name: thing - - arg: thing2 -..etc - diff --git a/TODO b/TODO new file mode 100644 index 0000000000..31f74ea7ec --- /dev/null +++ b/TODO @@ -0,0 +1,17 @@ +- make it easy to run playbooks against cloud instances w/o modifying + inventory or changing host entries in playbooks + +- define standards for: + - playbook naming + - play naming + - hosts or service or groups for talking to sets of systems + - tags: + - config + - service + - initonly + +- figure out how and where we are going to run these from cron + +- merge in tasks/playbooks/inventory/etc from: + - builders + diff --git a/callback_plugins/fedmsg_callback.py b/callback_plugins/fedmsg_callback.py new file mode 100644 index 0000000000..5dd5509089 --- /dev/null +++ b/callback_plugins/fedmsg_callback.py @@ -0,0 +1,93 @@ +# (C) 2012, Michael DeHaan, +# based on the log_plays example +# skvidal@fedoraproject.org +# rbean@redhat.com + +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + +import os +import pwd + +import fedmsg +import fedmsg.config + + +def getlogin(): + try: + user = os.getlogin() + except OSError, e: + user = pwd.getpwuid(os.geteuid())[0] + return user + + +class CallbackModule(object): + """ Publish playbook starts and stops to fedmsg. """ + + playbook_path = None + + def __init__(self): + config = fedmsg.config.load_config() + config.update(dict( + name='relay_inbound', + cert_prefix='shell', + active=True, + )) + # It seems like recursive playbooks call this over and over again and + # fedmsg doesn't like to be initialized more than once. So, here, just + # catch that and ignore it. + try: + fedmsg.init(**config) + except ValueError: + pass + + + def playbook_on_play_start(self, pattern): + # This gets called once for each play.. but we just issue a message once + # for the first one. One per "playbook" + play = getattr(self, 'play', None) + if play: + # figure out where the playbook FILE is + path = os.path.abspath(play.playbook.filename) + + # Bail out early without publishing if we're in --check mode + if play.playbook.check: + return + + if not self.playbook_path: + fedmsg.publish( + modname="ansible", topic="playbook.start", + msg=dict( + playbook=path, + userid=getlogin(), + extra_vars=play.playbook.extra_vars, + inventory=play.playbook.inventory.host_list, + playbook_checksum=play.playbook.check, + check=play.playbook.check, + ), + ) + self.playbook_path = path + + def playbook_on_stats(self, stats): + if not self.playbook_path: + return + + results = dict([(h, stats.summarize(h)) for h in stats.processed]) + fedmsg.publish( + modname="ansible", topic="playbook.complete", + msg=dict( + playbook=self.playbook_path, + userid=getlogin(), + results=results, + ), + ) diff --git a/callback_plugins/fedora_messaging_callback.py b/callback_plugins/fedora_messaging_callback.py deleted file mode 100644 index 3ec8b8b252..0000000000 --- a/callback_plugins/fedora_messaging_callback.py +++ /dev/null @@ -1,137 +0,0 @@ -# (C) 2012, Michael DeHaan, -# based on the log_plays example -# skvidal@fedoraproject.org -# rbean@redhat.com -# karsten@redhat.com changes for fedora-messaging -# abompard@redhat.com changes to adapt to ansible's specific python - -# Ansible is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Ansible is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -import json -import logging -import os -import pwd -import uuid -from subprocess import run, PIPE, STDOUT -from tempfile import NamedTemporaryFile - -try: - from ansible.plugins.callback import CallbackBase -except ImportError: - # Ansible v1 compat - CallbackBase = object - -try: - from ansible.utils.hashing import secure_hash -except ImportError: - from ansible.utils import md5 as secure_hash - -LOGGER = logging.getLogger(__name__) -FEDORA_MESSAGING_CONF = "/etc/fedora-messaging/batcave-messaging.toml" - - -def getlogin(): - try: - user = os.getlogin() - except OSError: - user = pwd.getpwuid(os.geteuid())[0] - return user - - -def send_message(msg): - msg["id"] = str(uuid.uuid4()) - msg["headers"] = { - "fedora_messaging_schema": "base.message", - "fedora_messaging_severity": 20, - } - env = os.environ.copy() - env["FEDORA_MESSAGING_CONF"] = FEDORA_MESSAGING_CONF - with NamedTemporaryFile(mode="w+", buffering=1) as msg_file: - json.dump(msg, msg_file) - msg_file.write("\n") - result = run( - ["fedora-messaging", "publish", msg_file.name], - stdout=PIPE, stderr=STDOUT, text=True, env=env, - ) - if result.returncode > 0: - LOGGER.warning(f"Fedora Messaging plugin failed: {result.stdout}") - print(f"Fedora Messaging plugin failed: {result.stdout}") - - -class CallbackModule(CallbackBase): - """ Publish playbook starts and stops to fedora_messaging. """ - - CALLBACK_NAME = "fedora_messaging_callback" - CALLBACK_TYPE = "notification" - CALLBACK_VERSION = 2.0 - CALLBACK_NEEDS_WHITELIST = True - - playbook_path = None - - def __init__(self): - self.play = None - self.playbook = None - - super(CallbackModule, self).__init__() - - def set_play_context(self, play_context): - self.play_context = play_context - - def v2_playbook_on_start(self, playbook): - self.playbook = playbook - - def v2_playbook_on_play_start(self, play): - # This gets called once for each play.. but we just issue a message once - # for the first one. One per "playbook" - if not self.playbook: - return - # figure out where the playbook FILE is - path = os.path.abspath(self.playbook._file_name) - - # Bail out early without publishing if we're in --check mode - if self.play_context.check_mode: - return - - # Only publish on playbook start - if self.playbook_path: - return - - msg = { - "topic": "ansible.playbook.start", - "body": { - 'playbook': path, - 'userid': getlogin(), - 'extra_vars': play._variable_manager.extra_vars, - 'inventory': play._variable_manager._inventory._sources, - 'playbook_checksum': secure_hash(path), - 'check': self.play_context.check_mode - }, - } - send_message(msg) - self.playbook_path = path - - def v2_playbook_on_stats(self, stats): - if not self.playbook_path: - return - - results = dict([(h, stats.summarize(h)) for h in stats.processed]) - msg = { - "topic": "ansible.playbook.complete", - "body": { - 'playbook': self.playbook_path, - 'userid': getlogin(), - 'results': results - }, - } - send_message(msg) diff --git a/callback_plugins/logdetail.py b/callback_plugins/logdetail.py index 21aa97caae..cbf40b7356 100644 --- a/callback_plugins/logdetail.py +++ b/callback_plugins/logdetail.py @@ -15,68 +15,37 @@ # You should have received a copy of the GNU General Public License # along with Ansible. If not, see . -# Make coding more python3-ish -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -DOCUMENTATION = r''' -callback: logdetail -callback_type: notification -short_description: Logs playbook results, per date, playbook and host. -description: Logs playbook results, per date, playbook and host, in I(log_path). -options: - log_path: - description: The path where log files will be created. - default: /var/log/ansible - ini: - - section: callback_logdetail - key: log_path - env: - - name: ANSIBLE_LOGDETAIL_PATH -''' - import os import time import json import pwd -import gzip +from ansible import utils -try: - from ansible.utils.hashing import secure_hash -except ImportError: - from ansible.utils import md5 as secure_hash +TIME_FORMAT="%b %d %Y %H:%M:%S" -try: - from ansible.plugins.callback import CallbackBase -except ImportError: - # Ansible v1 compat - CallbackBase = object - -TIME_FORMAT = "%b %d %Y %H:%M:%S" - -MSG_FORMAT = "%(now)s\t%(count)s\t%(category)s\t%(name)s\t%(data)s\n" +MSG_FORMAT="%(now)s\t%(count)s\t%(category)s\t%(name)s\t%(data)s\n" +LOG_PATH = '/var/log/ansible' def getlogin(): try: user = os.getlogin() - except OSError: + except OSError, e: user = pwd.getpwuid(os.geteuid())[0] return user - class LogMech(object): - def __init__(self, logpath): + def __init__(self): self.started = time.time() self.pid = str(os.getpid()) self._pb_fn = None self._last_task_start = None self.play_info = {} - self.logpath = logpath + self.logpath = LOG_PATH if not os.path.exists(self.logpath): try: - os.makedirs(self.logpath, mode=0o750) - except OSError as e: + os.makedirs(self.logpath, mode=0750) + except OSError, e: if e.errno != 17: raise @@ -97,13 +66,13 @@ class LogMech(object): def logpath_play(self): # this is all to get our path to look nice ish tstamp = time.strftime('%Y/%m/%d/%H.%M.%S', time.localtime(self.started)) - path = os.path.normpath(self.logpath + '/' + self.playbook_id + '/' + tstamp + '/') + path = os.path.normpath(self.logpath + '/' + self.playbook_id + '/' + tstamp + '/') if not os.path.exists(path): try: os.makedirs(path) - except OSError as e: - if e.errno != 17: # if it is not dir exists then raise it up + except OSError, e: + if e.errno != 17: # if it is not dir exists then raise it up raise return path @@ -119,8 +88,8 @@ class LogMech(object): def task_to_json(self, task): res = {} res['task_name'] = task.name - res['task_module'] = task.action - res['task_args'] = task.args + res['task_module'] = task.module_name + res['task_args'] = task.module_args if self.playbook_id == 'ansible-cmd': res['task_userid'] = getlogin() for k in ("delegate_to", "environment", "with_first_found", @@ -138,21 +107,22 @@ class LogMech(object): host = 'HOSTMISSING' if type(data) == dict: - name = data.get('module_name', None) + name = data.get('module_name',None) else: name = "unknown" + # we're in setup - move the invocation info up one level if 'invocation' in data: invoc = data['invocation'] if not name and 'module_name' in invoc: name = invoc['module_name'] - # don't add this since it can often contain complete passwords :( + #don't add this since it can often contain complete passwords :( del(data['invocation']) if task: - name = task._name + name = task.name data['task_start'] = self._last_task_start data['task_end'] = time.time() data.update(self.task_to_json(task)) @@ -165,99 +135,119 @@ class LogMech(object): if self.play_info.get('check', False) and self.play_info.get('diff', False): category = 'CHECK_DIFF:' + category - elif self.play_info.get('check', False): + elif self.play_info.get('check', False): category = 'CHECK:' + category - # Sometimes this is None.. othertimes it's fine. Othertimes it has - # trailing whitespace that kills logview. Strip that, when possible. - if name: - name = name.strip() - - sanitize_host = host.replace(' ', '_').replace('>', '-') - fd = gzip.open(self.logpath_play + '/' + sanitize_host + '.log.gz', 'at') + fd = open(self.logpath_play + '/' + host + '.log', 'a') now = time.strftime(TIME_FORMAT, time.localtime()) fd.write(MSG_FORMAT % dict(now=now, name=name, count=count, category=category, data=json.dumps(data))) fd.close() -class CallbackModule(CallbackBase): +logmech = LogMech() + +class CallbackModule(object): """ logs playbook results, per host, in /var/log/ansible/hosts """ - CALLBACK_NAME = 'logdetail' - CALLBACK_TYPE = 'notification' - CALLBACK_VERSION = 2.0 - CALLBACK_NEEDS_WHITELIST = True - def __init__(self): self._task_count = 0 self._play_count = 0 - self.task = None - self.playbook = None - super(CallbackModule, self).__init__() - self.set_options() - self.logmech = LogMech(self.get_option('log_path')) + def on_any(self, *args, **kwargs): + pass - def set_play_context(self, play_context): - self.play_context = play_context - def v2_runner_on_failed(self, result, ignore_errors=False): + def runner_on_failed(self, host, res, ignore_errors=False): category = 'FAILED' - self.logmech.log(result._host.get_name(), category, result._result, self.task, self._task_count) + task = getattr(self,'task', None) + logmech.log(host, category, res, task, self._task_count) - def v2_runner_on_ok(self, result): + + def runner_on_ok(self, host, res): category = 'OK' - self.logmech.log(result._host.get_name(), category, result._result, self.task, self._task_count) + task = getattr(self,'task', None) + logmech.log(host, category, res, task, self._task_count) - def v2_runner_on_skipped(self, result): + + def runner_on_error(self, host, res): + category = 'ERROR' + task = getattr(self,'task', None) + logmech.log(host, category, res, task, self._task_count) + + def runner_on_skipped(self, host, item=None): category = 'SKIPPED' + task = getattr(self,'task', None) res = {} - res['item'] = self._get_item_label(getattr(result._result, 'results', {})) - self.logmech.log(result._host.get_name(), category, res, self.task, self._task_count) + res['item'] = item + logmech.log(host, category, res, task, self._task_count) - def v2_runner_on_unreachable(self, result): + def runner_on_unreachable(self, host, output): category = 'UNREACHABLE' + task = getattr(self,'task', None) res = {} - res['output'] = result._result - self.logmech.log(result._host.get_name(), category, res, self.task, self._task_count) + res['output'] = output + logmech.log(host, category, res, task, self._task_count) - def v2_runner_on_async_failed(self, result): + def runner_on_no_hosts(self): + pass + + def runner_on_async_poll(self, host, res, jid, clock): + pass + + def runner_on_async_ok(self, host, res, jid): + pass + + def runner_on_async_failed(self, host, res, jid): category = 'ASYNC_FAILED' - self.logmech.log(result._host.get_name(), category, result._result, self.task, self._task_count) + task = getattr(self,'task', None) + logmech.log(host, category, res, task, self._task_count) - def v2_playbook_on_start(self, playbook): - self.playbook = playbook + def playbook_on_start(self): + pass - def v2_playbook_on_task_start(self, task, is_conditional): - self.task = task - if self.task: - self.task._name = task.get_name().strip() - self.logmech._last_task_start = time.time() + def playbook_on_notify(self, host, handler): + pass + + def playbook_on_no_hosts_matched(self): + pass + + def playbook_on_no_hosts_remaining(self): + pass + + def playbook_on_task_start(self, name, is_conditional): + logmech._last_task_start = time.time() self._task_count += 1 - def v2_playbook_on_setup(self): - self._task_count += 1 + def playbook_on_vars_prompt(self, varname, private=True, prompt=None, encrypt=None, confirm=False, salt_size=None, salt=None, default=None): + pass - def v2_playbook_on_import_for_host(self, result, imported_file): + def playbook_on_setup(self): + self._task_count += 1 + pass + + def playbook_on_import_for_host(self, host, imported_file): + task = getattr(self,'task', None) res = {} res['imported_file'] = imported_file - self.logmech.log(result._host.get_name(), 'IMPORTED', res, self.task) + logmech.log(host, 'IMPORTED', res, task) - def v2_playbook_on_not_import_for_host(self, result, missing_file): + def playbook_on_not_import_for_host(self, host, missing_file): + task = getattr(self,'task', None) res = {} res['missing_file'] = missing_file - self.logmech.log(result._host.get_name(), 'NOTIMPORTED', res, self.task) + logmech.log(host, 'NOTIMPORTED', res, task) - def v2_playbook_on_play_start(self, play): + def playbook_on_play_start(self, pattern): self._task_count = 0 + play = getattr(self, 'play', None) if play: # figure out where the playbook FILE is - path = os.path.abspath(self.playbook._file_name) + path = os.path.abspath(play.playbook.filename) # tel the logger what the playbook is - self.logmech.playbook_id = path + logmech.playbook_id = path # if play count == 0 # write out playbook info now @@ -266,35 +256,33 @@ class CallbackModule(CallbackBase): pb_info['playbook_start'] = time.time() pb_info['playbook'] = path pb_info['userid'] = getlogin() - pb_info['extra_vars'] = play._variable_manager.extra_vars - pb_info['inventory'] = play._variable_manager._inventory._sources - pb_info['playbook_checksum'] = secure_hash(path) - if hasattr(self, "play_context"): - pb_info['check'] = self.play_context.check_mode - pb_info['diff'] = self.play_context.diff - self.logmech.play_log(json.dumps(pb_info, indent=4)) + pb_info['extra_vars'] = play.playbook.extra_vars + pb_info['inventory'] = play.playbook.inventory.host_list + pb_info['playbook_checksum'] = utils.md5(path) + pb_info['check'] = play.playbook.check + pb_info['diff'] = play.playbook.diff + logmech.play_log(json.dumps(pb_info, indent=4)) self._play_count += 1 # then write per-play info that doesn't duplcate the playbook info info = {} info['play'] = play.name info['hosts'] = play.hosts + info['transport'] = play.transport info['number'] = self._play_count - if hasattr(self, "play_context"): - info['transport'] = str(self.play_context.connection) - info['check'] = self.play_context.check_mode - info['diff'] = self.play_context.diff - self.logmech.play_info = info - try: - self.logmech.play_log(json.dumps(info, indent=4)) - except TypeError: - print(("Failed to conver to JSON:", info)) + info['check'] = play.playbook.check + info['diff'] = play.playbook.diff + logmech.play_info = info + logmech.play_log(json.dumps(info, indent=4)) - def v2_playbook_on_stats(self, stats): + + def playbook_on_stats(self, stats): results = {} - for host in list(stats.processed.keys()): + for host in stats.processed.keys(): results[host] = stats.summarize(host) - self.logmech.log(host, 'STATS', results[host]) - self.logmech.play_log(json.dumps({'stats': results}, indent=4)) - self.logmech.play_log(json.dumps({'playbook_end': time.time()}, indent=4)) - print(('logs written to: %s' % self.logmech.logpath_play)) + logmech.log(host, 'STATS', results[host]) + logmech.play_log(json.dumps({'stats': results}, indent=4)) + logmech.play_log(json.dumps({'playbook_end': time.time()}, indent=4)) + print 'logs written to: %s' % logmech.logpath_play + + diff --git a/callback_plugins/profile_tasks.py b/callback_plugins/profile_tasks.py new file mode 100644 index 0000000000..9d8fd06c7e --- /dev/null +++ b/callback_plugins/profile_tasks.py @@ -0,0 +1,40 @@ +import time + + +class CallbackModule(object): + """ + A plugin for timing tasks + """ + def __init__(self): + self.stats = {} + self.current = None + + def playbook_on_task_start(self, name, is_conditional): + """ + Logs the start of each task + """ + if self.current is not None: + # Record the running time of the last executed task + self.stats[self.current] = time.time() - self.stats[self.current] + + # Record the start time of the current task + self.current = name + self.stats[self.current] = time.time() + + def playbook_on_stats(self, stats): + """ + Prints the timings + """ + # Record the timing of the very last task + if self.current is not None: + self.stats[self.current] = time.time() - self.stats[self.current] + + # Sort the tasks by their running time + results = sorted(self.stats.items(), key=lambda value: value[1], reverse=True) + + # Just keep the top 10 + results = results[:10] + + # Print the timings + for name, elapsed in results: + print "{0:-<70}{1:->9}".format('{0} '.format(name), ' {0:.02f}s'.format(elapsed)) diff --git a/files/2fa/pam_url.conf.fakefas01.fedoraproject.org b/files/2fa/pam_url.conf.fakefas01.fedoraproject.org new file mode 100644 index 0000000000..9ce7690b81 --- /dev/null +++ b/files/2fa/pam_url.conf.fakefas01.fedoraproject.org @@ -0,0 +1,21 @@ +pam_url: +{ + settings: + { + url = "https://fas-all.phx2.fedoraproject.org:8443/"; # URI to fetch + returncode = "OK"; # The remote script/cgi should return a 200 http code and this string as its only results + userfield = "user"; # userfield name to send + passwdfield = "token"; # passwdfield name to send + extradata = "&do=login"; # extradata to send + prompt = "Password+Token: "; # password prompt + }; + + ssl: + { + verify_peer = true; # Should we verify SSL ? + verify_host = true; # Should we verify the CN in the SSL cert? + client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate + client_key = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert) + ca_cert = "/etc/pki/tls/private/totpcgi-ca.cert"; + }; +}; diff --git a/files/2fa/pam_url.conf.j2 b/files/2fa/pam_url.conf.j2 new file mode 100644 index 0000000000..6dcf99cbad --- /dev/null +++ b/files/2fa/pam_url.conf.j2 @@ -0,0 +1,27 @@ +pam_url: +{ + settings: + { + {% if env == 'staging' %} + url = "https://fas-all.stg.phx2.fedoraproject.org:8443/"; # URI to fetch + {% elif datacenter == 'phx2' %} + url = "https://fas-all.phx2.fedoraproject.org:8443/"; # URI to fetch + {% else %} + url = "https://fas-all.vpn.fedoraproject.org:8443/"; # URI to fetch + {% endif %} + returncode = "OK"; # The remote script/cgi should return a 200 http code and this string as its only results + userfield = "user"; # userfield name to send + passwdfield = "token"; # passwdfield name to send + extradata = "&do=login"; # extradata to send + prompt = "Password+Token: "; # password prompt + }; + + ssl: + { + verify_peer = true; # Should we verify SSL ? + verify_host = true; # Should we verify the CN in the SSL cert? + client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate + client_key = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert) + ca_cert = "/etc/pki/tls/private/totpcgi-ca.cert"; + }; +}; diff --git a/files/2fa/pam_url.conf.stg.fedoraproject.org b/files/2fa/pam_url.conf.stg.fedoraproject.org new file mode 100644 index 0000000000..508c5d9cf7 --- /dev/null +++ b/files/2fa/pam_url.conf.stg.fedoraproject.org @@ -0,0 +1,21 @@ +pam_url: +{ + settings: + { + url = "https://fas-all.stg.phx2.fedoraproject.org:8443/"; # URI to fetch + returncode = "OK"; # The remote script/cgi should return a 200 http code and this string as its only results + userfield = "user"; # userfield name to send + passwdfield = "token"; # passwdfield name to send + extradata = "&do=login"; # extradata to send + prompt = "Password+Token: "; # password prompt + }; + + ssl: + { + verify_peer = true; # Should we verify SSL ? + verify_host = true; # Should we verify the CN in the SSL cert? + client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate + client_key = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert) + ca_cert = "/etc/pki/tls/private/totpcgi-ca.cert"; + }; +}; diff --git a/files/2fa/pam_url.conf.taskotron-stg01.qa.fedoraproject.org b/files/2fa/pam_url.conf.taskotron-stg01.qa.fedoraproject.org new file mode 100644 index 0000000000..6dcf99cbad --- /dev/null +++ b/files/2fa/pam_url.conf.taskotron-stg01.qa.fedoraproject.org @@ -0,0 +1,27 @@ +pam_url: +{ + settings: + { + {% if env == 'staging' %} + url = "https://fas-all.stg.phx2.fedoraproject.org:8443/"; # URI to fetch + {% elif datacenter == 'phx2' %} + url = "https://fas-all.phx2.fedoraproject.org:8443/"; # URI to fetch + {% else %} + url = "https://fas-all.vpn.fedoraproject.org:8443/"; # URI to fetch + {% endif %} + returncode = "OK"; # The remote script/cgi should return a 200 http code and this string as its only results + userfield = "user"; # userfield name to send + passwdfield = "token"; # passwdfield name to send + extradata = "&do=login"; # extradata to send + prompt = "Password+Token: "; # password prompt + }; + + ssl: + { + verify_peer = true; # Should we verify SSL ? + verify_host = true; # Should we verify the CN in the SSL cert? + client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate + client_key = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert) + ca_cert = "/etc/pki/tls/private/totpcgi-ca.cert"; + }; +}; diff --git a/files/2fa/pam_url.conf.vpn.fedoraproject.org b/files/2fa/pam_url.conf.vpn.fedoraproject.org new file mode 100644 index 0000000000..6e102e12f7 --- /dev/null +++ b/files/2fa/pam_url.conf.vpn.fedoraproject.org @@ -0,0 +1,21 @@ +pam_url: +{ + settings: + { + url = "https://fas-all.vpn.fedoraproject.org:8443/"; # URI to fetch + returncode = "OK"; # The remote script/cgi should return a 200 http code and this string as its only results + userfield = "user"; # userfield name to send + passwdfield = "token"; # passwdfield name to send + extradata = "&do=login"; # extradata to send + prompt = "Password+Token: "; # password prompt + }; + + ssl: + { + verify_peer = true; # Should we verify SSL ? + verify_host = true; # Should we verify the CN in the SSL cert? + client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate + client_key = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert) + ca_cert = "/etc/pki/tls/private/totpcgi-ca.cert"; + }; +}; diff --git a/files/2fa/sudo.pam b/files/2fa/sudo.pam new file mode 100644 index 0000000000..aa59ebf7a7 --- /dev/null +++ b/files/2fa/sudo.pam @@ -0,0 +1,11 @@ +#%PAM-1.0 +auth required pam_env.so +auth sufficient pam_url.so config=/etc/pam_url.conf +auth requisite pam_succeed_if.so uid >= 500 quiet +auth required pam_deny.so + +auth include system-auth +account include system-auth +password include system-auth +session optional pam_keyinit.so revoke +session required pam_limits.so diff --git a/files/2fa/sudo.pam.dev.fedoraproject.org b/files/2fa/sudo.pam.dev.fedoraproject.org new file mode 100644 index 0000000000..030bb26463 --- /dev/null +++ b/files/2fa/sudo.pam.dev.fedoraproject.org @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth include system-auth +account include system-auth +password include system-auth +session optional pam_keyinit.so revoke +session required pam_limits.so diff --git a/files/artboard/artboard-backup b/files/artboard/artboard-backup new file mode 100755 index 0000000000..dd5e18952a --- /dev/null +++ b/files/artboard/artboard-backup @@ -0,0 +1,6 @@ +#!/bin/sh +SNAPSHOTTIME=$(date +"%m-%d-%Y") +cd /srv/persist +echo "Snapshot taken $SNAPSHOTTIME.\n" >> /var/www/html/artboard/artboard-backup-summary.log +tar -zcvf "artboard-backup.tar.gz" artboard + diff --git a/files/artboard/artboard.conf b/files/artboard/artboard.conf new file mode 100644 index 0000000000..a457b2a023 --- /dev/null +++ b/files/artboard/artboard.conf @@ -0,0 +1,9 @@ + + Options Indexes FollowSymLinks + + AllowOverride All + + Order allow,deny + Allow from all + + diff --git a/files/artboard/redirect.conf b/files/artboard/redirect.conf new file mode 100644 index 0000000000..fad4ddfa41 --- /dev/null +++ b/files/artboard/redirect.conf @@ -0,0 +1,2 @@ +RedirectMatch "^/$" /artboard/ + diff --git a/files/aws/iam/policies/fcos-builds-releng.json b/files/aws/iam/policies/fcos-builds-releng.json deleted file mode 100644 index 3ce6d2e77b..0000000000 --- a/files/aws/iam/policies/fcos-builds-releng.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": [ - "s3:PutAnalyticsConfiguration", - "s3:GetObjectVersionTagging", - "s3:CreateBucket", - "s3:ReplicateObject", - "s3:GetObjectAcl", - "s3:GetBucketObjectLockConfiguration", - "s3:DeleteBucketWebsite", - "s3:PutLifecycleConfiguration", - "s3:GetObjectVersionAcl", - "s3:HeadBucket", - "s3:DeleteObject", - "s3:GetBucketPolicyStatus", - "s3:GetObjectRetention", - "s3:GetBucketWebsite", - "s3:ListJobs", - "s3:PutReplicationConfiguration", - "s3:PutObjectLegalHold", - "s3:GetObjectLegalHold", - "s3:GetBucketNotification", - "s3:PutBucketCORS", - "s3:GetReplicationConfiguration", - "s3:ListMultipartUploadParts", - "s3:PutObject", - "s3:GetObject", - "s3:PutBucketNotification", - "s3:DescribeJob", - "s3:PutBucketLogging", - "s3:GetAnalyticsConfiguration", - "s3:PutBucketObjectLockConfiguration", - "s3:GetObjectVersionForReplication", - "s3:CreateJob", - "s3:GetLifecycleConfiguration", - "s3:ListBucketByTags", - "s3:GetInventoryConfiguration", - "s3:GetBucketTagging", - "s3:PutAccelerateConfiguration", - "s3:DeleteObjectVersion", - "s3:GetBucketLogging", - "s3:ListBucketVersions", - "s3:RestoreObject", - "s3:ListBucket", - "s3:GetAccelerateConfiguration", - "s3:GetBucketPolicy", - "s3:PutEncryptionConfiguration", - "s3:GetEncryptionConfiguration", - "s3:GetObjectVersionTorrent", - "s3:AbortMultipartUpload", - "s3:GetBucketRequestPayment", - "s3:UpdateJobPriority", - "s3:GetObjectTagging", - "s3:GetMetricsConfiguration", - "s3:DeleteBucket", - "s3:PutBucketVersioning", - "s3:GetBucketPublicAccessBlock", - "s3:ListBucketMultipartUploads", - "s3:PutMetricsConfiguration", - "s3:UpdateJobStatus", - "s3:GetBucketVersioning", - "s3:GetBucketAcl", - "s3:PutInventoryConfiguration", - "s3:GetObjectTorrent", - "s3:GetAccountPublicAccessBlock", - "s3:PutBucketWebsite", - "s3:ListAllMyBuckets", - "s3:PutBucketRequestPayment", - "s3:PutObjectRetention", - "s3:GetBucketCORS", - "s3:GetBucketLocation", - "s3:ReplicateDelete", - "s3:GetObjectVersion" - ], - "Resource": "*", - "Condition": { - "IpAddress": { - "aws:SourceIp": "209.132.181.102/32" - } - } - } - ] -} diff --git a/files/aws/iam/policies/fcos-poc-artifacts.json b/files/aws/iam/policies/fcos-poc-artifacts.json deleted file mode 100644 index cdce0774c2..0000000000 --- a/files/aws/iam/policies/fcos-poc-artifacts.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": "s3:PutObjectAcl", - "Resource": [ - "arn:aws:s3:::fcos-builds/*", - "arn:aws:s3:::fcos-builds" - ] - }, - { - "Sid": "VisualEditor1", - "Effect": "Allow", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::fcos-builds/*", - "arn:aws:s3:::fcos-builds" - ] - } - ] -} diff --git a/files/aws/iam/policies/fcos-upload-amis.json b/files/aws/iam/policies/fcos-upload-amis.json deleted file mode 100644 index c398e0e47c..0000000000 --- a/files/aws/iam/policies/fcos-upload-amis.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": [ - "ec2:ImportVolume", - "ec2:CreateTags", - "ec2:RegisterImage", - "ec2:DeregisterImage", - "ec2:CancelConversionTask", - "ec2:CreateSnapshot", - "ec2:ImportSnapshot", - "ec2:CancelImportTask", - "ec2:DeleteSnapshot", - "ec2:CopyImage", - "ec2:DescribeImageAttribute", - "ec2:ModifyImageAttribute", - "ec2:DescribeSnapshots", - "ec2:DescribeSnapshotAttribute", - "ec2:DescribeImportSnapshotTasks", - "ec2:DescribeImages", - "ec2:DeleteVolume", - "ec2:ModifySnapshotAttribute", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeVolumes", - "ec2:DescribeRegions", - "ec2:DescribeConversionTasks", - "ec2:DescribeTags" - ], - "Resource": "*" - }, - { - "Sid": "VisualEditor1", - "Effect": "Allow", - "Action": "ec2:CreateTags", - "Resource": [ - "arn:aws:ec2:*::snapshot/*", - "arn:aws:ec2:*::image/*" - ] - } - ] -} diff --git a/files/aws/iam/policies/fedora-centos-ec2.json b/files/aws/iam/policies/fedora-centos-ec2.json deleted file mode 100644 index 1aea024a24..0000000000 --- a/files/aws/iam/policies/fedora-centos-ec2.json +++ /dev/null @@ -1,51 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "AllowDescription", - "Effect": "Allow", - "Action": [ - "ec2:Describe*", - "iam:PassRole", - "iam:ListInstanceProfiles", - "ec2:ImportKeyPair", - "ec2:CreateKeyPair", - "ec2:CreateSecurityGroup" - ], - "Resource": [ - "*" - ] - }, - { - "Sid": "AllowWhenOwnerOrUntagged", - "Effect": "Allow", - "Action": [ - "ec2:*" - ], - "Condition": { - "StringEqualsIfExists": { - "ec2:ResourceTag/FedoraGroup": [ - "centos" - ] - } - }, - "Resource": [ - "arn:aws:ec2:*:*:capacity-reservation/*", - "arn:aws:ec2:*:*:elasticGpu/*", - "arn:aws:ec2:*::fpga-image/*", - "arn:aws:ec2:*::image/*", - "arn:aws:ec2:*:*:instance/*", - "arn:aws:ec2:*:*:key-pair/*", - "arn:aws:ec2:*:*:launch-template/*", - "arn:aws:ec2:*:*:network-interface/*", - "arn:aws:ec2:*:*:placement-group/*", - "arn:aws:ec2:*:*:reserved-instances/*", - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*::snapshot/*", - "arn:aws:ec2:*::spot-instance-request/*", - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:subnet/*" - ] - } - ] -} diff --git a/files/aws/iam/policies/fedora-copr-ec2.json b/files/aws/iam/policies/fedora-copr-ec2.json deleted file mode 100644 index 09db7ce71f..0000000000 --- a/files/aws/iam/policies/fedora-copr-ec2.json +++ /dev/null @@ -1,51 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "AllowDescription", - "Effect": "Allow", - "Action": [ - "ec2:Describe*", - "iam:PassRole", - "iam:ListInstanceProfiles", - "ec2:ImportKeyPair", - "ec2:CreateKeyPair", - "ec2:CreateSecurityGroup" - ], - "Resource": [ - "*" - ] - }, - { - "Sid": "AllowWhenOwnerOrUntagged", - "Effect": "Allow", - "Action": [ - "ec2:*" - ], - "Condition": { - "StringEqualsIfExists": { - "ec2:ResourceTag/FedoraGroup": [ - "copr" - ] - } - }, - "Resource": [ - "arn:aws:ec2:*:*:capacity-reservation/*", - "arn:aws:ec2:*:*:elasticGpu/*", - "arn:aws:ec2:*::fpga-image/*", - "arn:aws:ec2:*::image/*", - "arn:aws:ec2:*:*:instance/*", - "arn:aws:ec2:*:*:key-pair/*", - "arn:aws:ec2:*:*:launch-template/*", - "arn:aws:ec2:*:*:network-interface/*", - "arn:aws:ec2:*:*:placement-group/*", - "arn:aws:ec2:*:*:reserved-instances/*", - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*::snapshot/*", - "arn:aws:ec2:*::spot-instance-request/*", - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:subnet/*" - ] - } - ] -} diff --git a/files/aws/iam/policies/fedora-infra-ec2.json b/files/aws/iam/policies/fedora-infra-ec2.json deleted file mode 100644 index 24d608a686..0000000000 --- a/files/aws/iam/policies/fedora-infra-ec2.json +++ /dev/null @@ -1,45 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": [ - "ec2:Describe*", - "iam:PassRole", - "ec2:ImportKeyPair", - "ec2:CreateKeyPair", - "ec2:CreateSecurityGroup", - "iam:ListInstanceProfiles" - ], - "Resource": "*" - }, - { - "Sid": "VisualEditor1", - "Effect": "Allow", - "Action": "ec2:*", - "Resource": [ - "arn:aws:ec2:*:*:subnet/*", - "arn:aws:ec2:*:*:elasticGpu/*", - "arn:aws:ec2:*:*:reserved-instances/*", - "arn:aws:ec2:*:*:launch-template/*", - "arn:aws:ec2:*::snapshot/*", - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:placement-group/*", - "arn:aws:ec2:*:*:network-interface/*", - "arn:aws:ec2:*:*:capacity-reservation/*", - "arn:aws:ec2:*:*:key-pair/*", - "arn:aws:ec2:*::spot-instance-request/*", - "arn:aws:ec2:*:*:instance/*", - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*::fpga-image/*", - "arn:aws:ec2:*::image/*" - ], - "Condition": { - "StringEqualsIfExists": { - "ec2:ResourceTag/FedoraGroup": "infra" - } - } - } - ] -} diff --git a/files/aws/iam/policies/robosignatory-fcos-devel.json b/files/aws/iam/policies/robosignatory-fcos-devel.json deleted file mode 100644 index 816757a5db..0000000000 --- a/files/aws/iam/policies/robosignatory-fcos-devel.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "WriteToTestBucket", - "Effect": "Allow", - "Action": [ - "s3:GetBucketPublicAccessBlock", - "s3:PutObject", - "s3:GetObjectAcl", - "s3:GetObject", - "s3:GetBucketTagging", - "s3:GetObjectTagging", - "s3:ListBucket", - "s3:GetBucketAcl", - "s3:PutObjectAcl" - ], - "Resource": [ - "arn:aws:s3:::*/*", - "arn:aws:s3:::robosig-dev-fcos-builds" - ] - }, - { - "Sid": "ReadFromProdBucket", - "Effect": "Allow", - "Action": [ - "s3:GetObject", - "s3:ListBucket" - ], - "Resource": [ - "arn:aws:s3:::*/*", - "arn:aws:s3:::fcos-builds" - ] - } - ] -} diff --git a/files/common/RPM-GPG-KEY-EPEL-7 b/files/common/RPM-GPG-KEY-EPEL-7 deleted file mode 100644 index f205ede463..0000000000 --- a/files/common/RPM-GPG-KEY-EPEL-7 +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.11 (GNU/Linux) - -mQINBFKuaIQBEAC1UphXwMqCAarPUH/ZsOFslabeTVO2pDk5YnO96f+rgZB7xArB -OSeQk7B90iqSJ85/c72OAn4OXYvT63gfCeXpJs5M7emXkPsNQWWSju99lW+AqSNm -jYWhmRlLRGl0OO7gIwj776dIXvcMNFlzSPj00N2xAqjMbjlnV2n2abAE5gq6VpqP -vFXVyfrVa/ualogDVmf6h2t4Rdpifq8qTHsHFU3xpCz+T6/dGWKGQ42ZQfTaLnDM -jToAsmY0AyevkIbX6iZVtzGvanYpPcWW4X0RDPcpqfFNZk643xI4lsZ+Y2Er9Yu5 -S/8x0ly+tmmIokaE0wwbdUu740YTZjCesroYWiRg5zuQ2xfKxJoV5E+Eh+tYwGDJ -n6HfWhRgnudRRwvuJ45ztYVtKulKw8QQpd2STWrcQQDJaRWmnMooX/PATTjCBExB -9dkz38Druvk7IkHMtsIqlkAOQMdsX1d3Tov6BE2XDjIG0zFxLduJGbVwc/6rIc95 -T055j36Ez0HrjxdpTGOOHxRqMK5m9flFbaxxtDnS7w77WqzW7HjFrD0VeTx2vnjj -GqchHEQpfDpFOzb8LTFhgYidyRNUflQY35WLOzLNV+pV3eQ3Jg11UFwelSNLqfQf -uFRGc+zcwkNjHh5yPvm9odR1BIfqJ6sKGPGbtPNXo7ERMRypWyRz0zi0twARAQAB -tChGZWRvcmEgRVBFTCAoNykgPGVwZWxAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMB -AgAiBQJSrmiEAhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBqL66iNSxk -5cfGD/4spqpsTjtDM7qpytKLHKruZtvuWiqt5RfvT9ww9GUUFMZ4ZZGX4nUXg49q -ixDLayWR8ddG/s5kyOi3C0uX/6inzaYyRg+Bh70brqKUK14F1BrrPi29eaKfG+Gu -MFtXdBG2a7OtPmw3yuKmq9Epv6B0mP6E5KSdvSRSqJWtGcA6wRS/wDzXJENHp5re -9Ism3CYydpy0GLRA5wo4fPB5uLdUhLEUDvh2KK//fMjja3o0L+SNz8N0aDZyn5Ax -CU9RB3EHcTecFgoy5umRj99BZrebR1NO+4gBrivIfdvD4fJNfNBHXwhSH9ACGCNv -HnXVjHQF9iHWApKkRIeh8Fr2n5dtfJEF7SEX8GbX7FbsWo29kXMrVgNqHNyDnfAB -VoPubgQdtJZJkVZAkaHrMu8AytwT62Q4eNqmJI1aWbZQNI5jWYqc6RKuCK6/F99q -thFT9gJO17+yRuL6Uv2/vgzVR1RGdwVLKwlUjGPAjYflpCQwWMAASxiv9uPyYPHc -ErSrbRG0wjIfAR3vus1OSOx3xZHZpXFfmQTsDP7zVROLzV98R3JwFAxJ4/xqeON4 -vCPFU6OsT3lWQ8w7il5ohY95wmujfr6lk89kEzJdOTzcn7DBbUru33CQMGKZ3Evt -RjsC7FDbL017qxS+ZVA/HGkyfiu4cpgV8VUnbql5eAZ+1Ll6Dw== -=hdPa ------END PGP PUBLIC KEY BLOCK----- diff --git a/files/common/RPM-GPG-KEY-EPEL-8 b/files/common/RPM-GPG-KEY-EPEL-8 deleted file mode 100644 index 30b69a6295..0000000000 --- a/files/common/RPM-GPG-KEY-EPEL-8 +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBFz3zvsBEADJOIIWllGudxnpvJnkxQz2CtoWI7godVnoclrdl83kVjqSQp+2 -dgxuG5mUiADUfYHaRQzxKw8efuQnwxzU9kZ70ngCxtmbQWGmUmfSThiapOz00018 -+eo5MFabd2vdiGo1y+51m2sRDpN8qdCaqXko65cyMuLXrojJHIuvRA/x7iqOrRfy -a8x3OxC4PEgl5pgDnP8pVK0lLYncDEQCN76D9ubhZQWhISF/zJI+e806V71hzfyL -/Mt3mQm/li+lRKU25Usk9dWaf4NH/wZHMIPAkVJ4uD4H/uS49wqWnyiTYGT7hUbi -ecF7crhLCmlRzvJR8mkRP6/4T/F3tNDPWZeDNEDVFUkTFHNU6/h2+O398MNY/fOh -yKaNK3nnE0g6QJ1dOH31lXHARlpFOtWt3VmZU0JnWLeYdvap4Eff9qTWZJhI7Cq0 -Wm8DgLUpXgNlkmquvE7P2W5EAr2E5AqKQoDbfw/GiWdRvHWKeNGMRLnGI3QuoX3U -pAlXD7v13VdZxNydvpeypbf/AfRyrHRKhkUj3cU1pYkM3DNZE77C5JUe6/0nxbt4 -ETUZBTgLgYJGP8c7PbkVnO6I/KgL1jw+7MW6Az8Ox+RXZLyGMVmbW/TMc8haJfKL -MoUo3TVk8nPiUhoOC0/kI7j9ilFrBxBU5dUtF4ITAWc8xnG6jJs/IsvRpQARAQAB -tChGZWRvcmEgRVBFTCAoOCkgPGVwZWxAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMB -AgAiBQJc9877AhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAh6kWrL4bW -oWagD/4xnLWws34GByVDQkjprk0fX7Iyhpm/U7BsIHKspHLL+Y46vAAGY/9vMvdE -0fcr9Ek2Zp7zE1RWmSCzzzUgTG6BFoTG1H4Fho/7Z8BXK/jybowXSZfqXnTOfhSF -alwDdwlSJvfYNV9MbyvbxN8qZRU1z7PEWZrIzFDDToFRk0R71zHpnPTNIJ5/YXTw -NqU9OxII8hMQj4ufF11040AJQZ7br3rzerlyBOB+Jd1zSPVrAPpeMyJppWFHSDAI -WK6x+am13VIInXtqB/Cz4GBHLFK5d2/IYspVw47Solj8jiFEtnAq6+1Aq5WH3iB4 -bE2e6z00DSF93frwOyWN7WmPIoc2QsNRJhgfJC+isGQAwwq8xAbHEBeuyMG8GZjz -xohg0H4bOSEujVLTjH1xbAG4DnhWO/1VXLX+LXELycO8ZQTcjj/4AQKuo4wvMPrv -9A169oETG+VwQlNd74VBPGCvhnzwGXNbTK/KH1+WRH0YSb+41flB3NKhMSU6dGI0 -SGtIxDSHhVVNmx2/6XiT9U/znrZsG5Kw8nIbbFz+9MGUUWgJMsd1Zl9R8gz7V9fp -n7L7y5LhJ8HOCMsY/Z7/7HUs+t/A1MI4g7Q5g5UuSZdgi0zxukiWuCkLeAiAP4y7 -zKK4OjJ644NDcWCHa36znwVmkz3ixL8Q0auR15Oqq2BjR/fyog== -=84m8 ------END PGP PUBLIC KEY BLOCK----- diff --git a/files/common/RPM-GPG-KEY-EPEL-9 b/files/common/RPM-GPG-KEY-EPEL-9 deleted file mode 100644 index 234c12fb6e..0000000000 --- a/files/common/RPM-GPG-KEY-EPEL-9 +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBGE3mOsBEACsU+XwJWDJVkItBaugXhXIIkb9oe+7aadELuVo0kBmc3HXt/Yp -CJW9hHEiGZ6z2jwgPqyJjZhCvcAWvgzKcvqE+9i0NItV1rzfxrBe2BtUtZmVcuE6 -2b+SPfxQ2Hr8llaawRjt8BCFX/ZzM4/1Qk+EzlfTcEcpkMf6wdO7kD6ulBk/tbsW -DHX2lNcxszTf+XP9HXHWJlA2xBfP+Dk4gl4DnO2Y1xR0OSywE/QtvEbN5cY94ieu -n7CBy29AleMhmbnx9pw3NyxcFIAsEZHJoU4ZW9ulAJ/ogttSyAWeacW7eJGW31/Z -39cS+I4KXJgeGRI20RmpqfH0tuT+X5Da59YpjYxkbhSK3HYBVnNPhoJFUc2j5iKy -XLgkapu1xRnEJhw05kr4LCbud0NTvfecqSqa+59kuVc+zWmfTnGTYc0PXZ6Oa3rK -44UOmE6eAT5zd/ToleDO0VesN+EO7CXfRsm7HWGpABF5wNK3vIEF2uRr2VJMvgqS -9eNwhJyOzoca4xFSwCkc6dACGGkV+CqhufdFBhmcAsUotSxe3zmrBjqA0B/nxIvH -DVgOAMnVCe+Lmv8T0mFgqZSJdIUdKjnOLu/GRFhjDKIak4jeMBMTYpVnU+HhMHLq -uDiZkNEvEEGhBQmZuI8J55F/a6UURnxUwT3piyi3Pmr2IFD7ahBxPzOBCQARAQAB -tCdGZWRvcmEgKGVwZWw5KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAk4EEwEI -ADgWIQT/itE0RZcQbs6BO5GKOHK/MihGfAUCYTeY6wIbDwULCQgHAgYVCgkICwIE -FgIDAQIeAQIXgAAKCRCKOHK/MihGfFX/EACBPWv20+ttYu1A5WvtHJPzwbj0U4yF -3zTQpBglQ2UfkRpYdipTlT3Ih6j5h2VmgRPtINCc/ZE28adrWpBoeFIS2YAKOCLC -nZYtHl2nCoLq1U7FSttUGsZ/t8uGCBgnugTfnIYcmlP1jKKA6RJAclK89evDQX5n -R9ZD+Cq3CBMlttvSTCht0qQVlwycedH8iWyYgP/mF0W35BIn7NuuZwWhgR00n/VG -4nbKPOzTWbsP45awcmivdrS74P6mL84WfkghipdmcoyVb1B8ZP4Y/Ke0RXOnLhNe -CfrXXvuW+Pvg2RTfwRDtehGQPAgXbmLmz2ZkV69RGIr54HJv84NDbqZovRTMr7gL -9k3ciCzXCiYQgM8yAyGHV0KEhFSQ1HV7gMnt9UmxbxBE2pGU7vu3CwjYga5DpwU7 -w5wu1TmM5KgZtZvuWOTDnqDLf0cKoIbW8FeeCOn24elcj32bnQDuF9DPey1mqcvT -/yEo/Ushyz6CVYxN8DGgcy2M9JOsnmjDx02h6qgWGWDuKgb9jZrvRedpAQCeemEd -fhEs6ihqVxRFl16HxC4EVijybhAL76SsM2nbtIqW1apBQJQpXWtQwwdvgTVpdEtE -r4ArVJYX5LrswnWEQMOelugUG6S3ZjMfcyOa/O0364iY73vyVgaYK+2XtT2usMux -VL469Kj5m13T6w== -=Mjs/ ------END PGP PUBLIC KEY BLOCK----- diff --git a/files/common/RPM-GPG-KEY-INFRASTRUCTURE-SIGUL b/files/common/RPM-GPG-KEY-INFRASTRUCTURE-SIGUL deleted file mode 100644 index c234c3a5c0..0000000000 --- a/files/common/RPM-GPG-KEY-INFRASTRUCTURE-SIGUL +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1 - -mQINBFfZrzsBEADGLYtUW4YZNKSq/bawWYSg3Z8OAD3amoWx9BTdiBjWyIn7PzBQ -g/Y2QpTj9Sylhi4ZDqcP6eikrC2bqZdBeJyOAHSkV6Nvt+D/ijHOViEsSg+OwHmC -9axbsNHI+WKYPR7GBb40/hu7miHTOWd7puuJ000nyeHckicSHNYb+KxwoN9TTyON -utqTtzUb1v0f+GZ2E3XHCa/SgHG+syFbKhFiPRqSmwuhESgz7JIPx9UPz/pkg/rA -qHILJDt5PGaxhRNcK4rOVhpIBxTdjyYvtkCzlMr8ZaLqlQx2B5Ub9osYSv7CwQD5 -tJTb9ed/p5HKuT9JEDSgtxV2yy6bxEMkBjlD5m4ISnOnZ8GGjPl434FdufusIwDX -vFUQDH5BSGV1xUcoCoNAMY+CUCoUaTBkv5PqLOgsCirSImvXhSCFBT1VVb2sPhuG -J6q9Nk18+i2sMtjflM9PzCblMe7C1gySiuH4q+hvB6IDnYirLLy0ctBvr3siY4hY -lTydy+4z7UuquLv02t5Zbw9jxqX1LEyiMvUppx5XgGyQ0cGQpkRHXRzQqI6bjUny -e8Ub2sfjidjqRWyycY4F7KGG/DeKE3UeclDjFlA+CTvgu88RGgzTMZym5NxgjgfJ -PYj+etPXth3PNzxd8FAC4tWP5b6kEVVJ2Oxiy6Z8dYQJVsAVP110bo/MFwARAQAB -tEBGZWRvcmEgSW5mcmFzdHJ1Y3R1cmUgKGluZnJhc3RydWN0dXJlKSA8YWRtaW5A -ZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMBAgAiBQJX2a87AhsPBgsJCAcDAgYVCAIJ -CgsEFgIDAQIeAQIXgAAKCRCAWYFeR92O+RbAD/9QzUyyoDPvPjlxn341BdT1iG3s -BvKjNOAtQkHeDzRQ0rBXG40yoTjQ+s4X+3aNumy4C+xeGqUiFMcBED/5EdahWcXm -5dqEAysTpiWOaamVfvQaNuBZjKP6GXXUeAVvkEVXggTI18tpNR/xFqfvHMCYuRUJ -QERNDtEPweQn9U3ewr7VOIrF8OnxVEQe9xOPKnGr0yD22NHz5hCiIKXwt34I7m9j -IlKMETTUflmERzzzwWp9CwmwU2o+g9hILqtvLFV/9TDSiWTvr2Ynj/hlNZPG8MhB -K73S8oQADP/ogmwYkK3cx06CkaSEiQciAkpL4v7GzWfw3hTScIxbf/R5YU5i5qHj -N+XJRLoW4AdNRAtrJ1KsLrFhFso9o7cfUlGGDPOwwQu3etoY3t0vViXYanOJrXqA -DaHZ7Ynj7V5KNB97xbjohT+YiApBV1jmMbydAMhNxo2ZlAC9hmlDEwD9L9CSPt1s -PvjcY20/RjVrm62vmXI/Sqa1zPjjYaxceEZzDIcxVDAneeeAdV99zHRDjZLqucux -GGJWwUNyxnuA7ZNdD3ZQBJlefOCT4Tg2Yj2ssH6PdGBoWS2gibnGdUsc/LhIaES4 -afRLHVbHRu1HJ3s7pAgxNRY5Cjc5GEqdvm+5LOt/usyyaUwds0cJp55KKovsqZ1v -+h4JFKdsC+6/ZUHRQQ== -=MNfm ------END PGP PUBLIC KEY BLOCK----- diff --git a/files/common/epel10.repo b/files/common/epel10.repo deleted file mode 100644 index 3b1a29be65..0000000000 --- a/files/common/epel10.repo +++ /dev/null @@ -1,13 +0,0 @@ -[epel] -name=Extras Packages for Enterprise Linux $releasever - $basearch -baseurl=https://infrastructure.fedoraproject.org/pub/epel/10/Everything/$basearch/ -enabled=1 -gpgcheck=1 -gpgkey=https://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-10 - -[epel-testing] -name=Extras Packages for Enterprise Linux $releasever - $basearch -baseurl=https://infrastructure.fedoraproject.org/pub/epel/testing/10/Everything/$basearch/ -enabled=0 -gpgcheck=1 -gpgkey=https://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-10 diff --git a/files/common/epel6.repo b/files/common/epel6.repo new file mode 100644 index 0000000000..d195e79ea5 --- /dev/null +++ b/files/common/epel6.repo @@ -0,0 +1,13 @@ +[epel] +name=Extras Packages for Enterprise Linux $releasever - $basearch +baseurl=http://infrastructure.fedoraproject.org/pub/epel/6/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6 + +[epel-testing] +name=Extras Packages for Enterprise Linux $releasever - $basearch +baseurl=http://infrastructure.fedoraproject.org/pub/epel/testing/6/$basearch/ +enabled=0 +gpgcheck=1 +gpgkey=http://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6 diff --git a/files/common/epel7.repo b/files/common/epel7.repo index 1a005aa589..885edf7c06 100644 --- a/files/common/epel7.repo +++ b/files/common/epel7.repo @@ -1,20 +1,20 @@ [epel] name=Extras Packages for Enterprise Linux $releasever - $basearch -baseurl=https://infrastructure.fedoraproject.org/pub/epel/7/$basearch/ -enabled=1 +baseurl=http://infrastructure.fedoraproject.org/pub/epel/7/$basearch/ +enabled=0 gpgcheck=1 -gpgkey=https://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 +gpgkey=http://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 [epel-testing] name=Extras Packages for Enterprise Linux $releasever - $basearch -baseurl=https://infrastructure.fedoraproject.org/pub/epel/testing/7/$basearch/ +baseurl=http://infrastructure.fedoraproject.org/pub/epel/testing/7/$basearch/ enabled=0 gpgcheck=1 -gpgkey=https://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 +gpgkey=http://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 [epel-beta] name=Extras Packages for Enterprise Linux beta $releasever - $basearch -baseurl=https://infrastructure.fedoraproject.org/pub/epel/beta/7/$basearch/ -enabled=0 +baseurl=http://infrastructure.fedoraproject.org/pub/epel/beta/7/$basearch/ +enabled=1 gpgcheck=1 -gpgkey=https://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 +gpgkey=http://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 diff --git a/files/common/epel8.repo b/files/common/epel8.repo deleted file mode 100644 index faf7c551fb..0000000000 --- a/files/common/epel8.repo +++ /dev/null @@ -1,13 +0,0 @@ -[epel] -name=Extras Packages for Enterprise Linux $releasever - $basearch -baseurl=https://infrastructure.fedoraproject.org/pub/epel/8/Everything/$basearch/ -enabled=1 -gpgcheck=1 -gpgkey=https://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8 - -[epel-testing] -name=Extras Packages for Enterprise Linux $releasever - $basearch -baseurl=https://infrastructure.fedoraproject.org/pub/epel/testing/8/Everything/$basearch/ -enabled=0 -gpgcheck=1 -gpgkey=https://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8 diff --git a/files/common/epel9.repo b/files/common/epel9.repo deleted file mode 100644 index b78f55a725..0000000000 --- a/files/common/epel9.repo +++ /dev/null @@ -1,13 +0,0 @@ -[epel] -name=Extras Packages for Enterprise Linux $releasever - $basearch -baseurl=https://infrastructure.fedoraproject.org/pub/epel/9/Everything/$basearch/ -enabled=1 -gpgcheck=1 -gpgkey=https://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9 - -[epel-testing] -name=Extras Packages for Enterprise Linux $releasever - $basearch -baseurl=https://infrastructure.fedoraproject.org/pub/epel/testing/9/Everything/$basearch/ -enabled=0 -gpgcheck=1 -gpgkey=https://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9 diff --git a/files/common/fedora-infra-tags-stg.repo b/files/common/fedora-infra-tags-stg.repo deleted file mode 100644 index fd3a25dee7..0000000000 --- a/files/common/fedora-infra-tags-stg.repo +++ /dev/null @@ -1,6 +0,0 @@ -[infrastructure-tags-stg] -name=Fedora Infrastructure staging tag $releasever - $basearch -baseurl=https://kojipkgs.fedoraproject.org/repos-dist/f$releasever-infra-stg/latest/$basearch/ -enabled=1 -gpgcheck=1 -gpgkey=https://infrastructure.fedoraproject.org/repo/infra/RPM-GPG-KEY-INFRA-TAGS diff --git a/files/common/fedora-infra-tags.repo b/files/common/fedora-infra-tags.repo deleted file mode 100644 index c7c6b8b709..0000000000 --- a/files/common/fedora-infra-tags.repo +++ /dev/null @@ -1,6 +0,0 @@ -[infrastructure-tags] -name=Fedora Infrastructure tag $releasever - $basearch -baseurl=https://kojipkgs.fedoraproject.org/repos-dist/f$releasever-infra/latest/$basearch/ -enabled=1 -gpgcheck=1 -gpgkey=https://infrastructure.fedoraproject.org/repo/infra/RPM-GPG-KEY-INFRA-TAGS diff --git a/files/common/fedora-updates-testing.repo b/files/common/fedora-updates-testing.repo index 05e87ff1e3..5b195dc6a7 100644 --- a/files/common/fedora-updates-testing.repo +++ b/files/common/fedora-updates-testing.repo @@ -1,10 +1,7 @@ [updates-testing] name=Fedora $releasever - $basearch - Test Updates -{% if ansible_distribution_major_version|int >27 %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/testing/$releasever/Everything/$basearch/ -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/testing/$releasever/$basearch/ -{% endif %} +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/$basearch/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch enabled=0 gpgcheck=1 @@ -12,11 +9,8 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch [updates-testing-debuginfo] name=Fedora $releasever - $basearch - Test Updates Debug -{% if ansible_distribution_major_version|int >27 %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/testing/$releasever/Everything/$basearch/debug/ -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/testing/$releasever/$basearch/debug/ -{% endif %} +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/$basearch/debug/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch enabled=0 gpgcheck=1 @@ -24,11 +18,8 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch [updates-testing-source] name=Fedora $releasever - Test Updates Source -{% if ansible_distribution_major_version|int >27 %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/testing/$releasever/Everything/SRPMS/ -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/testing/$releasever/SRPMS/ -{% endif %} +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/SRPMS/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch enabled=0 gpgcheck=1 diff --git a/files/common/fedora-updates-testing.repo-arm b/files/common/fedora-updates-testing.repo-arm new file mode 100644 index 0000000000..ed171c0a34 --- /dev/null +++ b/files/common/fedora-updates-testing.repo-arm @@ -0,0 +1,26 @@ +[updates-testing] +name=Fedora $releasever - $basearch - Test Updates +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/$basearch/ +#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch +enabled=0 +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch + +[updates-testing-debuginfo] +name=Fedora $releasever - $basearch - Test Updates Debug +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/$basearch/debug/ +#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch +enabled=0 +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch + +[updates-testing-source] +name=Fedora $releasever - Test Updates Source +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/SRPMS/ +#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch +enabled=0 +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch diff --git a/files/common/fedora-updates-testing.repo-secondary b/files/common/fedora-updates-testing.repo-secondary deleted file mode 100644 index c2c47a87b3..0000000000 --- a/files/common/fedora-updates-testing.repo-secondary +++ /dev/null @@ -1,35 +0,0 @@ -[updates-testing] -name=Fedora $releasever - $basearch - Test Updates -{% if ansible_distribution_major_version|int >27 %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/testing/$releasever/Everything/$basearch/ -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/testing/$releasever/$basearch/ -{% endif %} -#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch -enabled=0 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch - -[updates-testing-debuginfo] -name=Fedora $releasever - $basearch - Test Updates Debug -{% if ansible_distribution_major_version|int >27 %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/testing/$releasever/Everything/$basearch/debug/ -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/testing/$releasever/$basearch/debug/ -{% endif %} -#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch -enabled=0 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch - -[updates-testing-source] -name=Fedora $releasever - Test Updates Source -{% if ansible_distribution_major_version|int >27 %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/testing/$releasever/Everything/SRPMS/ -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/testing/$releasever/SRPMS/ -{% endif %} -#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch -enabled=0 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch diff --git a/files/common/fedora-updates.repo b/files/common/fedora-updates.repo index 63a029f532..ee6b7c8f4f 100644 --- a/files/common/fedora-updates.repo +++ b/files/common/fedora-updates.repo @@ -1,10 +1,7 @@ [updates] name=Fedora $releasever - $basearch - Updates -{% if ansible_distribution_major_version|int > 27 %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/$releasever/Everything/$basearch/ -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/$releasever/$basearch/ -{% endif %} +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/$releasever/$basearch/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch enabled=1 gpgcheck=1 @@ -12,11 +9,8 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch [updates-debuginfo] name=Fedora $releasever - $basearch - Updates - Debug -{% if ansible_distribution_major_version|int > 27 %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/$releasever/Everything/$basearch/debug/ -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/$releasever/$basearch/debug/ -{% endif %} +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/$releasever/$basearch/debug/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch enabled=0 gpgcheck=1 @@ -24,11 +18,8 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch [updates-source] name=Fedora $releasever - Updates Source -{% if ansible_distribution_major_version|int > 27 %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/$releasever/Everything/SRPMS/ -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/$releasever/SRPMS/ -{% endif %} +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/$releasever/SRPMS/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch enabled=0 gpgcheck=1 diff --git a/files/common/fedora-updates.repo-arm b/files/common/fedora-updates.repo-arm new file mode 100644 index 0000000000..b4f079f155 --- /dev/null +++ b/files/common/fedora-updates.repo-arm @@ -0,0 +1,26 @@ +[updates] +name=Fedora $releasever - $basearch - Updates +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/$releasever/$basearch/ +#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch +enabled=1 +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch + +[updates-debuginfo] +name=Fedora $releasever - $basearch - Updates - Debug +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/$releasever/$basearch/debug/ +#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch +enabled=0 +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch + +[updates-source] +name=Fedora $releasever - Updates Source +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/$releasever/SRPMS/ +#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch +enabled=0 +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch diff --git a/files/common/fedora-updates.repo-secondary b/files/common/fedora-updates.repo-secondary deleted file mode 100644 index c3475c21e7..0000000000 --- a/files/common/fedora-updates.repo-secondary +++ /dev/null @@ -1,35 +0,0 @@ -[updates] -name=Fedora $releasever - $basearch - Updates -{% if ansible_distribution_major_version|int >27 %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/$releasever/Everything/$basearch/ -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/$releasever/$basearch/ -{% endif %} -#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch -enabled=1 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch - -[updates-debuginfo] -name=Fedora $releasever - $basearch - Updates - Debug -{% if ansible_distribution_major_version|int >27 %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/$releasever/Everything/$basearch/debug/ -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/$releasever/$basearch/debug/ -{% endif %} -#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch -enabled=0 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch - -[updates-source] -name=Fedora $releasever - Updates Source -{% if ansible_distribution_major_version|int >27 %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/$releasever/SRPMS/ -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/$releasever/Everything/SRPMS/ -{% endif %} -#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch -enabled=0 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch diff --git a/files/common/fedora.repo b/files/common/fedora.repo index 7386c01645..0d5b908fd9 100644 --- a/files/common/fedora.repo +++ b/files/common/fedora.repo @@ -1,24 +1,18 @@ [fedora] name=Fedora $releasever - $basearch -{% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched == True else FedoraRawhideNumber|int ) %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/releases/$releasever/Everything/$basearch/os/ +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/os/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub/fedora/linux/development/$releasever/Everything/$basearch/os/ -{% endif %} enabled=1 metadata_expire=7d -gpgcheck=1 +gpgcheck=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch [fedora-debuginfo] name=Fedora $releasever - $basearch - Debug -{% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched == True else FedoraRawhideNumber|int ) %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/releases/$releasever/Everything/$basearch/debug/tree/ +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/debug/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub/fedora/linux/development/$releasever/Everything/$basearch/debug/tree/ -{% endif %} enabled=0 metadata_expire=7d gpgcheck=1 @@ -26,12 +20,9 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch [fedora-source] name=Fedora $releasever - Source -{% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched|int is defined else FedoraRawhideNumber|int ) %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/releases/$releasever/Everything/source/tree/ +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/source/SRPMS/ #metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub/fedora/linux/development/$releasever/Everything/source/tree -{% endif %} enabled=0 metadata_expire=7d gpgcheck=1 diff --git a/files/common/fedora.repo-arm b/files/common/fedora.repo-arm new file mode 100644 index 0000000000..68604f45dc --- /dev/null +++ b/files/common/fedora.repo-arm @@ -0,0 +1,29 @@ +[fedora] +name=Fedora $releasever - $basearch +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/os/ +#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch +enabled=1 +metadata_expire=7d +gpgcheck=0 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch + +[fedora-debuginfo] +name=Fedora $releasever - $basearch - Debug +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/debug/ +#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch +enabled=0 +metadata_expire=7d +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch + +[fedora-source] +name=Fedora $releasever - Source +failovermethod=priority +baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/source/SRPMS/ +#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch +enabled=0 +metadata_expire=7d +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch diff --git a/files/common/fedora.repo-secondary b/files/common/fedora.repo-secondary deleted file mode 100644 index 29cd964a78..0000000000 --- a/files/common/fedora.repo-secondary +++ /dev/null @@ -1,39 +0,0 @@ -[fedora] -name=Fedora $releasever - $basearch -{% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched == True else FedoraRawhideNumber|int ) %} -baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/releases/$releasever/Everything/$basearch/os/ -#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub/fedora-secondary/development/$releasever/Everything/$basearch/os/ -{% endif %} -enabled=1 -metadata_expire=7d -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch - -[fedora-debuginfo] -name=Fedora $releasever - $basearch - Debug -{% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched == True else FedoraRawhideNumber|int ) %} -baseurl=http://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/releases/$releasever/Everything/$basearch/debug/tree/ -#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub/fedora-secondary/development/$releasever/Everything/$basearch/debug/tree/ -{% endif %} -enabled=0 -metadata_expire=7d -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch - -[fedora-source] -name=Fedora $releasever - Source -{% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched == True else FedoraRawhideNumber|int ) %} -baseurl=http://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/releases/$releasever/Everything/source/tree/ -#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch -{% else %} -baseurl=https://infrastructure.fedoraproject.org/pub/fedora-secondary/development/$releasever/Everything/source/tree/ -{% endif %} -#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch -enabled=0 -metadata_expire=7d -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch diff --git a/files/common/infrastructure-testing.repo b/files/common/infrastructure-testing.repo index abbe4d330e..501bc6502e 100644 --- a/files/common/infrastructure-testing.repo +++ b/files/common/infrastructure-testing.repo @@ -1,7 +1,7 @@ [infrastructure-testing] name=Extras Packages from Fedora Infrastructure $releasever - $basearch - Testing -baseurl=https://infrastructure.fedoraproject.org/repo/testing/$releasever/$basearch/ +baseurl=http://infrastructure.fedoraproject.org/repo/testing/$releasever/$basearch/ enabled=0 gpgcheck=1 -gpgkey=https://infrastructure.fedoraproject.org/repo/RPM-GPG-KEY-INFRASTRUCTURE +gpgkey=http://infrastructure.fedoraproject.org/repo/RPM-GPG-KEY-INFRASTRUCTURE diff --git a/files/common/infrastructure.repo b/files/common/infrastructure.repo index acf1d013dd..98ceb3fa55 100644 --- a/files/common/infrastructure.repo +++ b/files/common/infrastructure.repo @@ -1,6 +1,6 @@ [infrastructure] name=Extras Packages from Fedora Infrastructure $releasever - $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/$releasever/$basearch/ +baseurl=http://infrastructure.fedoraproject.org/repo/$releasever/$basearch/ enabled=1 gpgcheck=1 -gpgkey=https://infrastructure.fedoraproject.org/repo/RPM-GPG-KEY-INFRASTRUCTURE +gpgkey=http://infrastructure.fedoraproject.org/repo/RPM-GPG-KEY-INFRASTRUCTURE diff --git a/files/common/mock b/files/common/mock deleted file mode 100644 index 347fc0c820..0000000000 --- a/files/common/mock +++ /dev/null @@ -1,15 +0,0 @@ -#%PAM-1.0 -auth sufficient pam_rootok.so -auth sufficient pam_succeed_if.so user ingroup mock use_uid quiet -account sufficient pam_succeed_if.so user ingroup packager use_uid quiet -auth sufficient pam_succeed_if.so user ingroup packager use_uid quiet -# Uncomment the following line to implicitly trust users in the "wheel" group. -#auth sufficient pam_wheel.so trust use_uid -# Uncomment the following line to require a user to be in the "wheel" group. -#auth required pam_wheel.so use_uid -auth include system-auth -account sufficient pam_succeed_if.so user ingroup mock use_uid quiet -account include system-auth -password include system-auth -session include system-auth -session optional pam_xauth.so diff --git a/files/common/nbde_client-network-flush b/files/common/nbde_client-network-flush deleted file mode 100644 index c2a5700875..0000000000 --- a/files/common/nbde_client-network-flush +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/sh - -# do_flush() flushes every active network interface. It is intended to -# run before NetworkManager starts, so that when it does it will be able -# to set up the network using the regular host configuration. -do_flush() { - for f in /sys/class/net/*; do - iface="${f##*/}" - [ "${iface}" = "lo" ] && continue - echo "Preparing to flush interface ${iface}" >&2 - ip -statistics address flush dev "${iface}" - rm -f /run/NetworkManager/system-connections/default_connection.nmconnection >&2 - done -} - -# reset_autoconn_prio() will reset the autoconnect priority -# of the existing NM connections to zero. -reset_autoconn_prio() { - nmcli -t -f NAME connection show 2>/dev/null | while read -r _c; do - if ! _prio="$(nmcli -t connection show "${_c}" \ - | grep connection.autoconnect-priority: \ - | cut -d: -f2)" || [ -z "${_prio}" ]; then - continue - fi - [ "${_prio}" -ge 0 ] && continue - echo "Setting autoconnect-priority of connection ${_c} to zero" >&2 - nmcli connection modify "${_c}" connection.autoconnect-priority 0 - done -} - -case "${1}" in -reset-autoconn-prio) - reset_autoconn_prio;; -flush) - do_flush;; -esac - -# vim:set ts=2 sw=2 et: diff --git a/files/common/noautodefault.conf b/files/common/noautodefault.conf deleted file mode 100644 index 06b53d81da..0000000000 --- a/files/common/noautodefault.conf +++ /dev/null @@ -1,2 +0,0 @@ -[main] -no-auto-default=* diff --git a/files/common/original-epel8.repo b/files/common/original-epel8.repo deleted file mode 100644 index 61cd8502fe..0000000000 --- a/files/common/original-epel8.repo +++ /dev/null @@ -1,24 +0,0 @@ -[epel] -name=Extra Packages for Enterprise Linux $releasever - $basearch -#baseurl=https://download.fedoraproject.org/pub/epel/$releasever/Everything/$basearch -metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir -enabled=1 -gpgcheck=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 - -[epel-debuginfo] -name=Extra Packages for Enterprise Linux $releasever - $basearch - Debug -#baseurl=https://download.fedoraproject.org/pub/epel/$releasever/Everything/$basearch/debug -metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-$releasever&arch=$basearch&infra=$infra&content=$contentdir -enabled=0 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 -gpgcheck=1 - -[epel-source] -name=Extra Packages for Enterprise Linux $releasever - $basearch - Source -#baseurl=https://download.fedoraproject.org/pub/epel/$releasever/Everything/SRPMS -metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-$releasever&arch=$basearch&infra=$infra&content=$contentdir -enabled=0 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 -gpgcheck=1 diff --git a/files/common/original-epel9.repo b/files/common/original-epel9.repo deleted file mode 100644 index b49f3d58b5..0000000000 --- a/files/common/original-epel9.repo +++ /dev/null @@ -1,24 +0,0 @@ -[epel] -name=Extra Packages for Enterprise Linux $releasever - $basearch -#baseurl=https://download.example/pub/epel/$releasever/Everything/$basearch/ -metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir -enabled=1 -gpgcheck=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever - -[epel-debuginfo] -name=Extra Packages for Enterprise Linux $releasever - $basearch - Debug -#baseurl=https://download.example/pub/epel/$releasever/Everything/$basearch/debug/ -metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-$releasever&arch=$basearch&infra=$infra&content=$contentdir -enabled=0 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever -gpgcheck=1 - -[epel-source] -name=Extra Packages for Enterprise Linux $releasever - $basearch - Source -#baseurl=https://download.example/pub/epel/$releasever/Everything/source/tree/ -metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-$releasever&arch=$basearch&infra=$infra&content=$contentdir -enabled=0 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever -gpgcheck=1 diff --git a/files/common/rhel-8-aarch64-server-rpms.repo b/files/common/rhel-8-aarch64-server-rpms.repo deleted file mode 100644 index 6a70399465..0000000000 --- a/files/common/rhel-8-aarch64-server-rpms.repo +++ /dev/null @@ -1,19 +0,0 @@ -[rhel8-beta-dvd] -name = rhel8 beta base dvd -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel-8.0-beta-1-$basearch/AppStream -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release - -[rhel8-beta-BaseOS] -name = rhel8 beta BaseOS $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel-8.0-beta-1-aarch64/BaseOS -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release - -[rhel8-beta-ha] -name = rhel8 beta ha $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel8-beta/aarch64/rhel-8-for-aarch64-ha-beta-rpms -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release - -[rhel8-beta-appstream] -name = rhel8 beta appstream $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel8-beta/aarch64/rhel-8-for-aarch64-appstream-beta-rpms -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release diff --git a/files/common/rhel-infra-tags-stg.repo b/files/common/rhel-infra-tags-stg.repo deleted file mode 100644 index cf77a2b0c2..0000000000 --- a/files/common/rhel-infra-tags-stg.repo +++ /dev/null @@ -1,6 +0,0 @@ -[infrastructure-tags-stg] -name=Fedora Infrastructure tag $releasever - $basearch -baseurl=https://kojipkgs.fedoraproject.org/repos-dist/epel$releasever-infra-stg/latest/$basearch/ -enabled=1 -gpgcheck=1 -gpgkey=https://infrastructure.fedoraproject.org/repo/infra/RPM-GPG-KEY-INFRA-TAGS diff --git a/files/common/rhel-infra-tags.repo b/files/common/rhel-infra-tags.repo deleted file mode 100644 index 349a615635..0000000000 --- a/files/common/rhel-infra-tags.repo +++ /dev/null @@ -1,6 +0,0 @@ -[infrastructure-tags] -name=Fedora Infrastructure tag $releasever - $basearch -baseurl=https://kojipkgs.fedoraproject.org/repos-dist/epel$releasever-infra/latest/$basearch/ -enabled=1 -gpgcheck=1 -gpgkey=https://infrastructure.fedoraproject.org/repo/infra/RPM-GPG-KEY-INFRA-TAGS diff --git a/files/common/rhel10.repo b/files/common/rhel10.repo deleted file mode 100644 index f8e7b40927..0000000000 --- a/files/common/rhel10.repo +++ /dev/null @@ -1,34 +0,0 @@ -[rhel10-dvd-BaseOS] -name = rhel10 baseos dvd -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/RHEL10-$basearch/BaseOS -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 - -[rhel10-dvd-AppStream] -name = rhel10 AppStream dvd -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/RHEL10-$basearch/AppStream -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 - -[rhel10-BaseOS] -name = rhel10 BaseOS $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel10/10.0/repos/$basearch/baseos -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 - -[rhel10-AppStream] -name = rhel10 AppStream $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel10/10.0/repos/$basearch/appstream -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 - -[rhel10-CRB] -name = rhel10 CodeReadyBuilder $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel10/10.0/repos/$basearch/crb -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 diff --git a/files/common/rhel6.repo b/files/common/rhel6.repo new file mode 100644 index 0000000000..3c533fa197 --- /dev/null +++ b/files/common/rhel6.repo @@ -0,0 +1,14 @@ +[rhel6-dvd] +name = rhel6 base dvd +baseurl=http://infrastructure.fedoraproject.org/repo/rhel/RHEL6-$basearch/ +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release + +[rhel6-base] +name = rhel6 base $basearch +baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel-$basearch-server-6/ +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release + +[rhel6-optional] +name = rhel6 optional $basearch +baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel-$basearch-server-optional-6/ +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release diff --git a/files/common/rhel7.repo b/files/common/rhel7.repo index 8ed58ddd9e..c76f2a913a 100644 --- a/files/common/rhel7.repo +++ b/files/common/rhel7.repo @@ -1,24 +1,24 @@ [rhel7-dvd] name = rhel7 base dvd -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/RHEL7-$basearch/ +baseurl=http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-$basearch/ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release [rhel7-base] name = rhel7 base $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-rpms +baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-rpms gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release [rhel7-optional] name = rhel7 optional $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-optional-rpms +baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-optional-rpms gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release [rhel7-extras] name = rhel7 extras $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-extras-rpms +baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-extras-rpms gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release [rhel7-ha] name = rhel7 ha $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-ha-for-rhel-7-server-rpms/ +baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-ha-for-rhel-7-server-rpms/ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release diff --git a/files/common/rhel8.repo b/files/common/rhel8.repo deleted file mode 100644 index 0e1ae3bd20..0000000000 --- a/files/common/rhel8.repo +++ /dev/null @@ -1,41 +0,0 @@ -[rhel8-dvd-BaseOS] -name = rhel8 baseos dvd -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/RHEL8.0-$basearch/BaseOS -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 - -[rhel8-dvd-AppStream] -name = rhel8 AppStream dvd -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/RHEL8.0-$basearch/AppStream -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 - -[rhel8-BaseOS] -name = rhel8 BaseOS $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel8/$basearch/rhel-8-for-$basearch-baseos-rpms -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 - -[rhel8-AppStream] -name = rhel8 AppStream $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel8/$basearch/rhel-8-for-$basearch-appstream-rpms -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 - -[rhel8-CRB] -name = rhel8 CodeReadyBuilder $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel8/$basearch/codeready-builder-for-rhel-8-$basearch-rpms/ -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 - -[rhel8-advanced-virt] -name = rhel8 AdvancedVirt $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel8/$basearch/rhel-8-advanced-virt/ -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 diff --git a/files/common/rhel9.repo b/files/common/rhel9.repo deleted file mode 100644 index 39e007a58e..0000000000 --- a/files/common/rhel9.repo +++ /dev/null @@ -1,41 +0,0 @@ -[rhel9-dvd-BaseOS] -name = rhel9 baseos dvd -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/RHEL9.0-$basearch/BaseOS -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 - -[rhel9-dvd-AppStream] -name = rhel9 AppStream dvd -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/RHEL9.0-$basearch/AppStream -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 - -[rhel9-BaseOS] -name = rhel9 BaseOS $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel9/$basearch/rhel-9-for-$basearch-baseos-rpms -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 - -[rhel9-AppStream] -name = rhel9 AppStream $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel9/$basearch/rhel-9-for-$basearch-appstream-rpms -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 - -[rhel9-CRB] -name = rhel9 CodeReadyBuilder $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel9/$basearch/codeready-builder-for-rhel-9-$basearch-rpms/ -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=1 -gpgcheck=1 - -[rhel9-advanced-virt] -name = rhel9 AdvancedVirt $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel9/$basearch/rhel-9-advanced-virt/ -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -enabled=0 -gpgcheck=1 diff --git a/files/common/rhos16.repo b/files/common/rhos16.repo deleted file mode 100644 index 513573f9c5..0000000000 --- a/files/common/rhos16.repo +++ /dev/null @@ -1,4 +0,0 @@ -[rhel8-rhos16] -name = rhel8 openstack $basearch -baseurl=https://infrastructure.fedoraproject.org/repo/rhel/rhel8/other/rhel-8-x86_64-openstack-16-rpms -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release diff --git a/files/common/rsyslog-logrotate b/files/common/rsyslog-logrotate deleted file mode 100644 index f55c91d88c..0000000000 --- a/files/common/rsyslog-logrotate +++ /dev/null @@ -1,20 +0,0 @@ -/var/log/cron -/var/log/maillog -/var/log/messages -/var/log/secure -/var/log/spooler -{ - missingok - sharedscripts - postrotate - /usr/bin/systemctl reload rsyslog.service >/dev/null 2>&1 || true - endscript - daily - rotate 7 - ifempty - compress - compresscmd /usr/bin/xz - uncompresscmd /usr/bin/xz - compressext .xz - dateext -} diff --git a/files/common/step-tickers b/files/common/step-tickers index d0fe7ab26a..66b740b7e5 100644 --- a/files/common/step-tickers +++ b/files/common/step-tickers @@ -1,7 +1,10 @@ -208.75.88.4 -216.93.242.12 -107.170.242.27 -108.166.189.70 -199.223.248.98 +# [clock.redhat.com] +66.187.233.4 +# [time.nist.gov] +192.43.244.18 +# [otc1.psu.edu] +128.118.25.5 +# [clock.isc.org] +204.152.184.72 # [loopback] 127.127.1.0 diff --git a/files/common/sysadmin-main b/files/common/sysadmin-main index 0c59b85dde..f8056503a5 100644 --- a/files/common/sysadmin-main +++ b/files/common/sysadmin-main @@ -2,5 +2,16 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAD9QDskl41P2f4wqBuDBRD3VJ7MfKD6gMetMEaOy2b/Czf ssh-rsa AAAAB3NzaC1yc2EAAAABIwAACAEAstHxky7hl1inyHBy+q/9M+Aen2HSfy8IoW+sAO6HSuHEUT7qWB8AlSNjHhahjXx7sy/BUkUed+NB/177rjlThokZDJ0yoM9KKymp26ETGaamBSkWBxZatTj96BWfD0P2K9jc/9vxtgKBq3VK9UaOt6VtJ9q6mKY3DdWLZn+K6iGQAKMCAgd8cCMgD6epBB5/litz7WhYv+aYTyjZGUGbBojQUiWgXDv9lR7p0w+VP7pnZEeb3//k4pZhsPrKFwwRVRLxBvWgVKNvA6nMXmsdikHCLLj8YAevhEY1xAba+iCKOpTqT7Bu+1Fnb9St8u5iDod21gRmN7MGGWYsO+Iu2MNAW9sw2nsA/sdNR0HEEgBqJLhERjGv399fWKyiZaF90n59lg8Pb6EzE6wHRs6rSB+9uKApBzPk99BEHLvC6mhn6RjrOC+TWSTcmXojAwQYCadqIdgWUaBsxaugKEXBFcmRuDWtpDfsqmM1kjeGU6MiaMlqPW0KjsMaVVChLO5ZvB/T7qW4wr5ZjLri475MuHocCMP0ECSUk7I3YW2h8RU6FEFmTpuULFRQo01iPreY5XJ7l0+xy2eggAWo+X2h3nGjXhCPOelBg+LYe0WOmPgB5oc1m5HZtFTcFzYbhAE+xQKlbwNeYT8HmNmEMhPjVoNyOOV7NAap+ueS2u/7li5D59O5Iy8aa5n/WiuYfkqH4pG796nFyLr5L/LVudzyaYFb/Gk8C1j/NAWYw53D/9aOA277HHe5t0/daJhbo98u0asF5mvPld3swPuPqkEZzgUfmNgH5CkvcQcMzaOvj6qr6xNmQfgsHroCShb46kplQ2uSf1pMAqsjN7jGhk6l+Bu6hKHnJKhZJVLiuAZtgYvkCB1ahaO3wRVozA1VKCAlqHOqoCq4YLIobUL95H08Kwcz7vIRIadX1TkOoLb2EwPkE/xrhDp4BySh+j6YNklSBkiRHvJMBNnRIj8NTRjYyj2o1Om7kJ770lEdryg2og8QBaFWCmFkwzg1QVrBOuu0dN7kt2l7VI7Ib4lavKSVTrqUdxdSbthUlu/b4Qif+pbyEtUFgykRsHVs+5Ofg7FZpsgCJ8rLFjzeVF/hAYX7t3XaIPLu+DL8kzamb/CRy1b7+iAw9nJbd7ED2SGyU6+c2coMPG23y6+YxgEmNG/rkCLCypkEEDOZe4DuMerZQ/RxMo06+glC6HC/3VN2dHlVLtEEV33B04/6Z0plAhqtjG7PVs08f8a5msV/VYn5ifa4z0oIXX1r5CIg3Ejp1JguLhBHpWa7YbS2Mwu6GAbD+hQfCYrsUkFonoOLu5czpITLo7ceJFTQmAt7OxZEoZBfmtYfzADQsQVYQb6J4QwvM3iKJOn30dgtYnJOVlDZEn+0fivedxoBAt9jHJ8lVp2ov/dOFnimi5V+2QIMB0fKTkChsk10zsDZ/KUk6zfijjEju0WfjRHCd357KswNv3aXHazfRIw77S2UOenD+xmUDZ6WgnxservUSDNDz7NldLf/gdPOMO4uSwKZixzsoCNioeLEmQv4gomNK7DyZBLMHLlWlbliqP+QWuIJO1rfoH2vaxzzA7l5tJW1gfnxm87RrrwIf9v5kpdJM6gQZxqmBCRsKQd5VkrEJ/xaFfkv080pWNV0drWTZW8fAAgfUNYB260Hyk3rHsjQlVtQxGJ1aAcgjMi3eGKQMwptbUMYHqct75czX6xp6zgXPiC/glX6AtuiZQ5bOI07imil20ien/ks/dnel8L+dmYDasL9m0B2jZ3lbl3eR1Dy7UhqGyERx//vYQapEBuwFcqQ9UdIWCGGG2Pte1I39BSehUUGSCOOD38a/GCu0l7OWZKdwq80MK/Ixgz4neiZQZ7MD2wPy6vk6Num18PZPN7OynMrI2UG5MViQ0GAhRgxwbUCvc7uKnGRqZo9q2mCabCxLbv+hJ4bppxpHHJxMDDXilTKMfZb0YRbvjBUi7LFKLN3MBMK2U1jHE+PjBgweqF8Jtuw04CQMxK3unajZOVkYAIq8IdMbw0oBVP4++eGB9z0x1eH+IsqL6IgknbbyoMgQqW9/8atm8HW2QYCX47oPd4FHs8rgJZk3bz8MwN3tp8WCRtYnJuwkWGWSq77ans0Ycl/tUfSSwUjnSvMsJnuSbxvdX0XbP5eRWikk0pJz5lM9sjYFOPHrQ44/U254yBa0N6UhyNTQnMGzRvY+fADE49b10hXZwCCrxpY9KvGr1XNJMnMcUke+4p9RS5LUwcZ8A6v7oWtZaZwnuBzvKk+HAn2gevD7Stjto+TnRCx1qcbx8iOhAEC6nvbLl+U313TmawrO/usrI5w3EFKP/4BnlKJDtNBeklJ0MpU3R1fmisqfegjuBW2bbaxq8Uo6m7uqPsYuAl7E6rOyZHLbtA8szvbQ46MSqAHezqxHJajWn2oZXMtbddgO5vlkxbRp3SSVKaPOeIj3XOGl78Owp4gFNRE0RY2EuUvrwUhXZR4wx1VHYjS6o9HAwOx3dH+pf1OiblUEanLQ9HLuOBkLhP8wn1M2slsSw+A1gyuI0ayjRujYFXdw6Mqp6XKTdU8vNue2c3d0I+TMifBypP0oJtxXmEoPp/VsU9yLKA2FF7Xvv/Xq1gtZcuZWAbSwMok/ENY1xeIFyjV+0yBidmax3jaf9yus/XEpyeBS3iIz63ymU10Kb2vrWjubg/sa2yd+q0y96dLdDRbnbwGwMmg6mXvTlVXf8c= ricky@padlock01.home.elrod.me ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5bNJQBrvT/YuvfLO0y6smZW5N+946uISkzmDi9myffLgHAZP4nBGeH/4GcB5ns9HJ19xVtbIwqOz4QwIqKh4gKU7DgaqND2Iu0bUUFL1KXPLGyAIW+9N3yHB+nKkH31alDnF4dpKkvO63DRkqh4ptxwEQbZDCFqn+vXuMnG4cPmDEweR3QZUt5m0Vc7HXzbehZxjUZ3xRWvT/pu+khBhJcRFkLlA60Fnqv7Q+MQP1C0Cpf3hiX1LcXUogXkNooAqx1YYRd8VqvI8e9yQW+a99x8FftnmXKlGCxP33ng6+U6Y2H7u3cRDrlRTbWqkry4SuUYo+6MtvZVgL0fw6PsZ jstanley@hawtness.rmrf.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJH1lA7WHRCbaFtvzbw0HxHYJstZjuXhax1+eL+SUJ5fFRGosEc4fLrSCP0gSFDfXmNzuspoBgcQTqnNO8FdIUwkJLDEu0vTQls1aT9YUXb+RVwKB7ULA3b1dqFkmOgLEjTJL9AplK4OJ9Su0kq6QBV4mXCxMsgEML/gn6r8muZmu2L/LdzUnxKKggyq7O5q1K/eW5Yy21fpvbHt2UPQX1f6gt4ty7E9Nnuhi7SHCI7fNIa+kHyIesfTm/SzeK/PY9rDwZKjuyS8o22GJXGEScJomK1cjMESH/J+t8Hffaj88BjGHNczvcnXAjq6y73VJQ9DiGLD4zmFquQMxDu0Tf kevin@jelerak.scrye.com +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDefONrBaBJlCxKtDwkYWVhf96lMhRQfwVJyBoBd4Pk6TqKMlAu2eST1xRZlV4cJSxAWgZpOaFgqJ5EGd6mq8PvVk+mKXdtX7CAoWm4f3c6otUFsFDCTw3gVvYSlEk23XBHuACsbAVNL4HmP+9C7PxQBePukbMBFD2smsyQkPcX7lZw+lDJW5lOTz3dHAA92bcopDycxRDI99gGkawzjlmxpm2C9nhRabKS6mpGw3N64d8hwHkkFbtHY7rS0/0Cka0geYYYv0NVki1IIctkhZE9LndcWbVcVe1pIlR0RyW2sorfgCgoa5fRZZhukUCtspdv981h/0b87RpRVUJKuRd1 lmacken@tomservo +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsmLoA/97DrE7roCHOY7NdB5TV/g7oxAsk74HgHcFRYAbn/rkoa7r9ZsgR7qzwd6Z+5Z77qFqvl1Bs3XtJf+1vJ3kwdcNFdKTw1DgTdE/rNPI7QzUgXKKKv/WCiU6UDBX4HHWq8Yuq4tkr/yepS8sLzMz2e0pHU4uWFQuvr5ttP9ABGohhDnPr0IcaT5vm+uBTJItJBrhqGws2fnVxhWEm8Y96AZb2vFZVwiMdcKKqfVZby3/wTuEtaDbv0krQNtLJcjaOTWLHWnxJEvLWSdFgkuIDvoNKR7ZV2lsmh5UD/smStgf8TkORR59r63dp2kWAn0/Jl59ARsdXDXGCiduF3GamxglTUA+kYbkN/PBQbl6o+nNKy4Q5TI53WNmhpdsbEJWCjzT+V1ju5JejFEHIhnWyBoBUWB2NKxWaSlToI2B9E0iJ0HK68IlA7bO4X7SD8q5cZBVTKMByFxt9uQXFeZeG7QRCPIsg6bXsirnFn5028iz+RfVFe3Mavp18v1hObvH6SDTczQauuAhTwYOtphaPZj+iHbaKvKndvlOWdGoyrNxgcx+t4loyEEcEWD0Astdp0bZD39nag94PD7hnoENOC0oE6mbtyUuSCGrU6ogee8qxYAt0AP3Rq1LLaRWXqe/1rM5A9oaDNwNkWA/JWbJbZQf0vvWTZmTib3rfew== mdomsch@fedoraproject.org +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7U0WbKLL/D6iR03/vdDZJ8Lkj1jjAkindSvC4PkXVgi6qJo1YBZnIgsmoQopYcra2yzHFt58crygIh79P/rpQowWY99W+Sk4kB9UNuiAiX/LRi+1YdxwCKcRNTVOwuji6MGZoscACERmIjPY6P1oFPERoXhUkOuzPcrDK/0z/Bp9dpNRVZE/0zN6dvHA9QODLGvcFtgnX73SbZfoIbaVP/37IvOZvjGI1jxC5DwCmY+ihM13GpELP6BM8iihlnl1pjk1vtqPxD9g9Llr14Sc6cZJKl1WCulqhde4SEMOjpMJ8J8cGYBSsdh49hB36pdKQuTTnuCXpEt5Tl8PUKCrr mmcgrath@desktop.mmcgrath.net +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3eVd6Ccegp1r1mhm7tPnlGUcw0zsAbR2p9hrFZ7RKxdIponuVV9ix4lgwpNEVDs0j4vxAApeLpJrsV8R8+YLUZO3Mzi+2s8nM8LXrKHtJT9wKKqoU3O/lC79drbWk3EMgETyP61Zpjkub0hwG2MjviPee63zCuRbxzxyalzk+AtwkRSxYaS2Ha0uKxGDiq1c/Iu6HRgm8HrtW+Pr6QbSSoHLhGUpR0HkgoC6852xXGhrRMkzXXbD9L6vaK9F39YmzD7Z8yey+xDTFW529avkEIWDeqBpbae+HjKqEQaBx71/rcmXhqKYrEagzUGpS8Bwskp3JMksd/v9tMuUhGQ2XaooCeKzvM0KnVUk/Q031ZtjNYxLpy/rEqbyt18+8wYOvVoGgnRZ/yJ/UVwYbGJrttYrrQmaJv7b357bkgDJobkIki+zGzi1xkvb85JWEt0mfh38H2vCnpwQtSAIyF/hmrS+1xsD/oAoc83IUhsVYcDhLbBEVKMX2IsJLMAPwCE6GexRYyVE5vEN4PMV9A8VmGuIC3IzkPEbStdtlbP4ttNKtfwS+MrY+ceAABDixls6xpedgT1he44R+7C1p+w4uj4TnYReLVce6+KgfJ6mz8CTXVULLWM4l2H3PylEUyoHGRDpVanGAvm7h2D0HgxErWIkjZkL79GFhzQc1xjzixQ== notting@nostromo.devel.redhat.com +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDAeAohiRJ2v/RO7R9GS93TF92Gc9ixK6HM7wlbMdlZ4yYAbeoEX8VpeNaSTfo/Nw3zazr9VpmpHg+H70K8ljQsPgRwcgpetRVpF55M5FYjqM5oM+N94HV3nSGcnWbSIho1R31DaDH2ptxVqgh2m5DG7Bc45w9Bd4wjfdQ8nBrGv93tuH7X/cee4g6GvexLm5nXhAngdEmiyxw5MHuJAvj+54l4wMXRWpeF6XlI2iamW42nLSfRMCFkGNiXvBm8zkfkeH2L7I2cNKXXoP/cPCd3G/teIsI9FDqYpZ6CS0zMkWhlTuh7rlCjc9+nJsLdDLgwhb75skiUOOfimGvCCxWeHuCsSL+KpCu4AgI9UAVgO6xblDlmbQXxlGopep29U/s00W/0qv3Zp8Ks4Za0xHdoIwHiaLM0OYymFaNDd3ZqFG0FN23ZjcGqUmFGhGfUQRDt72+e9HtXlBJ0mUaCX9+e4wFGTVciG1/5CKsLHCaLRf+knsWXrv2zcv9BoZ9SCAK32zCZw05wjcmr7jYDCTLmtC6kEBNaOeE9Qqi2oomo4ji8ybg+Qq+1BwOtJKExvmZaooBZud0qd24HmCU0/0ysw732jGcqexzxsCR0VArd+7LKexOD7KwMW0VUss6fdOWac9gwCLx9FaKYh8mVvcQjKhKGI3aO2sXRUWSbBJw8w== ricky@alpha.rzhou.org +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAxnzCHH11nDM1m7yvqo6Uanq5vcZjBcs/mr3LccxwJ59ENzSXwUgEQy/P8vby9VKMwsskoaqZcvJdOSZBFhNV970NTPb69OIXPQAl/xhaLwiJOn606fB+/S8WepeuntS0qLiebbEiA9vIQLteZ+bWl1s/didD/sFo3/wItoTGA4GuShUu1AyWJx5Ue7Y34rwGR+kIvDoy2GHUcunn2PjGt4r3v2vpiR8GuK0JRupJAGYbYCiMBDRMkR0cgEyHW6+QQNqMlA6nRJjp94PcUMKaZK6Tc+6h5v8kLLtzuZ6ZupwMMC4X8sh85YcxqoW9DynrvO28pzaMNBHm7qr9LeY9PIhXscSa35GAcGZ7UwPK4aJAAuIzCf8BzazyvUM3Ye7GPCXHxUwY0kdXk+MHMVKFzZDChNp/ovgdhxNrw9Xzcs4yw7XYambN9Bk567cI6/tWcPuYLYD4ZJQP0qSXVzVgFEPss1lDcgd0k4if+pINyxM8eVFZVAqU+BMeDC+6W8HUUPgv6LiyTWs+xTXTuORwBTSF1pOqWB4LjqsCGIiMAc6n/xdALBGUN7qsuKDU6Q7bwPppaxypi4KCvuJsqW+8sDtMUaZ34I5Zo1q7cu03wqnOljUGoAY6IDn3J66F2KlPPyb/q3PDV3WbY/jnH16L29/xUA73nFUW1p+WXutwmSU= ssmoogen@ponyo.int.smoogespace.com +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFZ3AD/I0OfU84IrK573amZptucuBrDxHoue/c+PUsD3MGIA6QXRceq3ZkLuz25OAAu53hFxzCE4d6eVS299rVR8Cd+tVU8aqBdTHzdqv52Vs8zRfXMW69sV7fhwRLaQDcRTwY90Wmz2MbZmN996XmJDNtUIWI2mML+PBYEdO0PyiB2ttb7mmA3SwtC/rwEMJL2YHh+bTzlJ9W4BgFcFwizMXU3mk5uGp2/q3nKzEvgTROM8yWvqdM34cRYpjFKyOlpo6k3SPt76hgDUEIsAu6Ul1S0FHTCRMIihcxZOSN4frMtXVjX0NhW9mKcn1IRBpzd0Yon/gPB8OJ31ojIIop spot@pterodactyl +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDfgKJEBuHFlFc8/IHDeIpdprNnAFQHkicXAFfAzIJSkhUaOJFjsulmgPZn2TJJpYqFAxYUjhWJOdrOwx7AHSg6gWu4TT4a0sTay+Z0eqZOShf5UL/M587DxJk1JZU8g812yDKZMc7Sv7K6zdteONnCvno1kALSg0F2MVMJXFjE/tSontkIRH6IuG19R19NGEj1h56uGwdfe78xjOmv5wk6RZBjaOKqiPSQKNqCKbY9Kyz6yrem2M5uxRK45u3wSPJdmopo8l/nwf0p6ydrUSL5C/aXGh7LPqh31eTBDQUbWHw9LQMk1SibMGQPwJt59lLMlzc5OQZAJEbadsDAgl6VVA6MZkBQROiK9E087kvPesMoGWE0KBgvTqzpBZj0uHATP9i097dv80gjupMyaePsnQOxk0wRho9nRkxRo18Drt3QPVND4YGHzahMe/YR2N83MkbnGoP8K+GsFhLMAp3NKh6yUofFxTgRiB6H8ULKf3CV+hlk0Z9RJR3CpgMTKILYHPlaleJqoP6sXg6tJxI0rUE+0jUKvaTj+N2gX0MjKfUINk5mTbjD2mdVrPtKOBvos2luNhY5nTDpJuAHQqnFHPlPw8l3lXC2VBWOjqfTeeS+qD7ArKe6F7IO5ZNxJ2mTUuodhaPySta1MS37DWoz6UqeJu+wKIsHok90+EU4aAvUABh3RXSQA1E3IaxkooMhhrdIQO6K4L0M+CZ7lP35sW5pnwsN4sFlPec9Xn5e15LTlb9yFlx7Nm4DE2SX1s9QyMRE7z0LNO0X7wiihojuyQM6OQwc+ZaaDw5HerBisX/3LcC9osVLQQg1pt91YcCczUQ08qfUJV6aOD962K+EGzVFQGGauJDzgEH9BHQg7QwCWr0f3mu8/TNBzys2c0YsywDUc3AT1KP6TEJcR/dy6WbhJD3qyO/BLfCzRrHUOIaz+WbwmfTX8tGEQnVV5sEkZ39PWA1hRQ83b3MNV8cRJl+h/FnTk62yM4ZqGu73+x8JiEG3HAJp9/xYfNSwg8++PojJBXe+yM6DrTh5fTnBhxatLEKB658p8jTqJtF4+YD9D8+L39xEns6GQ7FphNqTC6IcpXyqq+zNuzF7vs/T+5n7978dUs3sK6YpBX4BlDxK6MsRF1WYqajEVeBJEMwdX2rfGkN9B5GfWdmdrzBjZQ6yyvlx5Dg++qgxpMiVOXSnw5v7H03PrT1we9wKre/2SQ1A2Oq/UDt/7tR2cMLoaPDNBpFT1W44LJB7o9iDT9YHUG3dC7R8JoeJ5YjyFmxbUQ5xg1oHnrBaPrGCuEYdQWhuDmp9Px2yRu8Agxzr9rNCZ/W8nWJVmvwvlXoldrum2rAECx0wiWqBhQ/+eX65 badger@unaka.lan +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAmS3g5fSXizcCqKMI1n5WPFrfMyu7BMrMkMYyck07rB/cf2orO8kKj5schjILA8NYJFStlv2CGRXmQlendj523FPzPmzxvTP/OT4qdywa4LKGvAxOkRGCMMxWzVFLdEMzsLUE/+FLX+xd1US9UPLGRsbMkdz4ORCc0G8gqTr835H56mQPI+/zPFeQjHoHGYtQA1wnJH/0LCuFFfU82IfzrXzFDIBAA5i2S+eEOk7/SA4Ciek1CthNtqPX27M6UqkJMBmVpnAdeDz2noWMvlzAAUQ7dHL84CiXbUnF3hhYrHDbmD+kEK+KiRrYh3PT+5YfEPVI/xiDJ2fdHGxY7Dr2TQ== root@lockbox01.phx2.fedoraproject.org +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDnI+8JwOdXUO6T7gI6oXHUG4oQJsMsCwEGnRBjU4po93i9g9C5sShgqJMvBI2wzDdgL/xOFJeHuo+WTP6W/oiv8KHEco3wXSI4OlsPanORGn2TajwzEaYlfxJNlQPvmuxFxcrfkPF8cOGa0DRNTLZK7abO3tKfZV7IJyNX3Z0LFZ+VwcJBy1ryg0GonMYkjEreiAgJyGCJ1crnKiRMPSu/QONb0MTytMlJRtc/Lfi/KkT8C/LQ/e3zA5DWo9Ykb79M1k4MmtmE8mIUlWUQ9hagMhCj3/6Uze04H48fpYzDPr6AHU6rqxLTdBGgLCeSIUkE1ReZpAk2E+QAB/fTliydT93ig5i2RDt3YHcAa994C85bc0D+A21u0H/LzR1wbIItx+MpOkZePHevDSe4y8ULx0cUiEHxmTTZ2C6j+1EqaP5PeWEqlU3iXTgiqOzTEwfEaH7nScBpGbFmPnzdgO7xLuKebnvWjGu6d8Jd41KN5dN5WNMJaNEXBl65ySfeQYCCX/JZ5bfvC/07zAKj0/RKOFMyS07rb0rKh3EBcRx/tHgCq0hJ23NwfkShchj7v2Zh+JjgHKBv1+ZiIwnx2/WuYwvKwyqXZ5Jpy+lgxcC7l11w1ZN3tCd66E6NdU8AJIOz0n+trIorsipQBY0In3ZBLUU0PUYwno73e7ZabgcE7Q== patrick-new@fedora.thuis.local +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDep2yv5JTFJ0IdCiqumMFfNdu3H5Ej/rVVDEotS+3n5+1plKvajPXOA9c/0RLrBC/vL8LqDVrxBaiCvPFCIRN9a3Y1ru3Dwg++NmcMEvYq/H3SMHhZsH1yjlCD2r38znpX+D+CBMQnn7F5jqYFAnaMeESrgGGFFANfJN9HdHjb6eIrBGJyUOJ2JnZnhLFT5y7ru2xRMDmgsO3U+crmecYAeX/4iUadUxit36defAniVOA/3Jwva4Gjz73vIDTHNy1mxB8Y2ZBBl9WcL4qHc6wnAyFaiULcT5++Gdjn+MIyL86G/7mIIgC+fcVk/5JrdwMBiAZYMUZO/pzPobOe0spF threebean@marat ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2xAeq5uO72kY4mSFgFl9ZSveiAqe4tUv8hemrxwZH+w24RFOGrW1nOV+hjQhRpYVNwvqJkrd9N7VY/HXkd9df2AgQyYoiVfeMPTA7lB0/e/S1Bd6XGdWudvqRU1O6Rug0j3RQOuz7WDJgnanBVcBl8+X7EaPGpv9aILgh6CJDOVAO2GgaFdzI7CHtR99CMqNG7BsQF8C9Y8ALK+8HOPRE0R1wzgaAw85HTo0gyIWcrZqr4HI/QDuLjUQ6AZSgzE7dTiwZuFnUjLBnL0YP1bxJglt9IFx6r6jvdp/yMD+Bn/91WvmBL/AD+GIQ/ZydoeLo+JQW22ibiX/SzdAE4Cd3 pingou@FedoraProject -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDLVoyChksxZ1T64H8sJ3JjZNwUEIBQ1RKoY3cL1FfntvkvmgluWw/AGKQME49W6iRC6o9IgCRrOPErtd8FtetX1jI7Lkrd5znqRkVUj+FrCyaOq4lCICAYX8q1QC2URlteXiHtoaOWUqHD20c0tQwktCXtBAxfLCQCVjfubvSs7rWRDSyC2diUTCfJGYYLyo41Pr5IyMKg6BMUE/BAURHwTncMXtRMjx8JqxZtMImp4cO5p4QV6BVydn99X/ueHOVE910OrPL46cOsBMV3EIm+Hwr7lAHa7eF6bTv1bsysNPHZZ23TzvEjIB71l2ptlJThm3iECmgRlb4ssllqH2zcnwjSOivnAaalgaHk937At6QlrOdtB2WY6sxklxYG1Uaq0P+IOIRhEOw/6/5mcqBH/G8ebYfwiv5CwJ0EzRZW78y6VOHfUo/XQEetcLMYMS7B1rSaQDMTsfIGTrjBXS5kKn/AEnVYYWbD+wVGC64ShQVhtXzpYEzHTRf2XQwCCnEUF9tSSAt3uuBhlaT5vXXac6rz7qy+4d54xTzxWZnmvgG3pWjaqZ84P8aqz72m6TQR0z1FKVgQkAXvnYunM6BXTzN5Osnr2rz68d4ONUWkldGnDmrIIMo7rxJTeMbCjCqTKMyaTamtAE+Vg3KQldbCOys6HEp+irelZkKdat+VcQ== mobrien@fedoraproject.org + diff --git a/files/communishift/haproxy.cfg b/files/communishift/haproxy.cfg deleted file mode 100644 index c13c168185..0000000000 --- a/files/communishift/haproxy.cfg +++ /dev/null @@ -1,95 +0,0 @@ -# this config needs haproxy-1.1.28 or haproxy-1.2.1 - -global - log 127.0.0.1 local0 warning - maxconn 4096 - chroot /var/lib/haproxy - user haproxy - group haproxy - daemon - stats socket /var/run/haproxy-stat user haproxy group nrpe mode 0664 - stats socket /var/run/haproxy-admin level admin user root group root mode 0660 - #debug - #quiet - -defaults - log global - mode tcp - option tcplog - option dontlognull - option httpclose - option redispatch - retries 3 - maxconn 5000 - timeout connect 5s - timeout client 500s - timeout server 500s - -frontend stats-frontend - mode http - option httplog - bind 0.0.0.0:8080 - default_backend stats-backend - -backend stats-backend - mode http - option httplog - balance hdr(appserver) - stats enable - stats uri / - -frontend os-masters-kapi - mode tcp - bind 0.0.0.0:6443 - default_backend os-masters-backend-kapi - -backend os-masters-backend-kapi - mode tcp - server os-node01.fedorainfracloud.org os-node01.fedorainfracloud.org:6443 weight 1 maxconn 16384 check - server os-node02.fedorainfracloud.org os-node02.fedorainfracloud.org:6443 weight 1 maxconn 16384 check - server os-node09.fedorainfracloud.org os-node09.fedorainfracloud.org:6443 weight 1 maxconn 16384 check -# temp bootstrap node - server os-node11.fedorainfracloud.org os-node11.fedorainfracloud.org:6443 weight 1 maxconn 16384 check - -frontend os-masters-machineconfig - mode tcp - bind 0.0.0.0:22623 - default_backend os-masters-backend-machineconfig - -backend os-masters-backend-machineconfig - mode tcp - server os-node01.fedorainfracloud.org os-node01.fedorainfracloud.org:22623 weight 1 maxconn 16384 check - server os-node02.fedorainfracloud.org os-node02.fedorainfracloud.org:22623 weight 1 maxconn 16384 check - server os-node09.fedorainfracloud.org os-node09.fedorainfracloud.org:22623 weight 1 maxconn 16384 check -# temp bootstrap node - server os-node11.fedorainfracloud.org os-node11.fedorainfracloud.org:22623 weight 1 maxconn 16384 check - -frontend os-routers-https - mode tcp - bind 0.0.0.0:443 - default_backend os-routers-https - -backend os-routers-https - server os-node03.fedorainfracloud.org os-node03.fedorainfracloud.org:443 weight 1 maxconn 16384 check - server os-node04.fedorainfracloud.org os-node04.fedorainfracloud.org:443 weight 1 maxconn 16384 check - server os-node05.fedorainfracloud.org os-node05.fedorainfracloud.org:443 weight 1 maxconn 16384 check - server os-node06.fedorainfracloud.org os-node06.fedorainfracloud.org:443 weight 1 maxconn 16384 check - server os-node07.fedorainfracloud.org os-node07.fedorainfracloud.org:443 weight 1 maxconn 16384 check - server os-node08.fedorainfracloud.org os-node08.fedorainfracloud.org:443 weight 1 maxconn 16384 check - server os-node10.fedorainfracloud.org os-node10.fedorainfracloud.org:443 weight 1 maxconn 16384 check - server os-node11.fedorainfracloud.org os-node11.fedorainfracloud.org:443 weight 1 maxconn 16384 check - -frontend os-routers-http - mode tcp - bind 0.0.0.0:80 - default_backend os-routers-http - -backend os-routers-http - server os-node03.fedorainfracloud.org os-node03.fedorainfracloud.org:80 weight 1 maxconn 16384 check - server os-node04.fedorainfracloud.org os-node04.fedorainfracloud.org:80 weight 1 maxconn 16384 check - server os-node05.fedorainfracloud.org os-node05.fedorainfracloud.org:80 weight 1 maxconn 16384 check - server os-node06.fedorainfracloud.org os-node06.fedorainfracloud.org:80 weight 1 maxconn 16384 check - server os-node07.fedorainfracloud.org os-node07.fedorainfracloud.org:80 weight 1 maxconn 16384 check - server os-node08.fedorainfracloud.org os-node08.fedorainfracloud.org:80 weight 1 maxconn 16384 check - server os-node10.fedorainfracloud.org os-node10.fedorainfracloud.org:80 weight 1 maxconn 16384 check - server os-node11.fedorainfracloud.org os-node11.fedorainfracloud.org:80 weight 1 maxconn 16384 check diff --git a/files/communishift/objects/README.md b/files/communishift/objects/README.md deleted file mode 100644 index ce226fd82f..0000000000 --- a/files/communishift/objects/README.md +++ /dev/null @@ -1,28 +0,0 @@ -Instructions ------------- - -The files in this directory are the configuration files for communishift to be applied. - -For OIDC auth, get the client secret for "communishift" from ansible-private/files/ipsilon/openidc.production.static, and run: -> oc create secret generic fedoraidp-clientsecret --from-literal=clientSecret= -n openshift-config - -For certificates, first install [cert-manager](https://docs.cert-manager.io/en/release-0.10/) -NOTE: The 0.11 version is buggy, as is the operator hub '1.0' version. Use 0.10 unless you want -to spend a lot of time debugging. - -Next create the Issuer object. You may need to wait a minute or two for the cert-manager install -to complete and have all pods up. -To do this, first create a new access key ID and secret key in AWS for the communishift_acme_dns01 user, and update issuer.yml with the access key ID and then create a secret with the private access key -> oc create -f issuer.yml -> oc -n cert-manager create secret generic route53-access-key-secret --from-literal=access-key=THEACCESSKEY -This gives it the ability to create a TXT record for acmechallenges.fedorainfracloud.org. -To allow certificates for other hostnames, those hostnames need a CNAME of "_acme-challenge." pointing to "acmechallenges.fedorainfracloud.org". - -After that, create the two certificate requests for the API server and ingress default cert: -> oc -n openshift-config create -f cert_api.yml -> oc -n openshift-ingress create -f cert_apps.yml -This will start the request of the certificates. -Then run the following commands to update the ingress router (will take affect after its restart) and API server with their new certs: - -> oc patch apiserver cluster --type=merge -p '{"spec": {"servingCerts": {"namedCertificates": {"names": "api.os.fedorainfracloud.org"}, "servingCertificate": {"name": "api-certificate"}}}}' -> oc patch ingresscontroller.operator default --type=merge -p '{"spec":{"defaultCertificate": {"name": "apps-certificate"}}}' -n openshift-ingress-operator diff --git a/files/communishift/objects/cert_api.yml b/files/communishift/objects/cert_api.yml deleted file mode 100644 index 44d6ff6ed0..0000000000 --- a/files/communishift/objects/cert_api.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: Certificate -metadata: - name: api-certificate - namespace: openshift-config -spec: - secretName: api-certificate - renewBefore: 360h # 15d - commonName: api.os.fedorainfracloud.org - dnsNames: - - 'api.os.fedorainfracloud.org' - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer diff --git a/files/communishift/objects/cert_apps.yml b/files/communishift/objects/cert_apps.yml deleted file mode 100644 index a449378e9e..0000000000 --- a/files/communishift/objects/cert_apps.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: Certificate -metadata: - name: apps-certificate - namespace: openshift-ingress -spec: - secretName: apps-certificate - renewBefore: 360h # 15d - commonName: apps.os.fedorainfracloud.org - dnsNames: - - '*.apps.os.fedorainfracloud.org' - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer diff --git a/files/communishift/objects/issuer.yml b/files/communishift/objects/issuer.yml deleted file mode 100644 index df3870916a..0000000000 --- a/files/communishift/objects/issuer.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: letsencrypt-production -spec: - acme: - email: admin@fedoraproject.org - server: https://acme-v02.api.letsencrypt.org/directory - privateKeySecretRef: - name: letsencrypt-production-account-key - solvers: - - dns01: - cnameStrategy: Follow - route53: - region: us-east-1 - accessKeyID: THEACCESSKEYID - secretAccessKeySecretRef: - namespace: cert-manager - name: route53-access-key-secret - key: access-key - hostedZoneID: Z2MFECC8O90CBA diff --git a/files/communishift/objects/machineconfigs/README.md b/files/communishift/objects/machineconfigs/README.md deleted file mode 100644 index 20cc85edd5..0000000000 --- a/files/communishift/objects/machineconfigs/README.md +++ /dev/null @@ -1,12 +0,0 @@ -MachineConfig files -------------------- - -The files in this directory are used as machineconfig files for communishift. -Note that they're template files: some changes will need to be made before "oc create -f". - -Specifically: -- The templates have two "DOBOTH" replacements. You want to create the file twice, - once with both DOBOTH cases replaced with "master" and once replaced with "worker". -- The mc_firewall.yml.template has a bit FILL_IN_HERE. Run "./to_data.sh firewall.sh", - and copy the output from that script into the FILL_IN_HERE bit in the MC. - Then run that MC twice as per the previous point (master and worker). diff --git a/files/communishift/objects/machineconfigs/firewall.sh b/files/communishift/objects/machineconfigs/firewall.sh deleted file mode 100644 index 0cea10a4c9..0000000000 --- a/files/communishift/objects/machineconfigs/firewall.sh +++ /dev/null @@ -1,10 +0,0 @@ -set -xe - -iptables -N fedora-block-ports -iptables -A fedora-block-ports -p tcp --dport 111 -j REJECT -iptables -A fedora-block-ports -p udp --dport 111 -j REJECT -iptables -A fedora-block-ports -p tcp --dport 22623 --src 38.145.48.42 -j ACCEPT -iptables -A fedora-block-ports -p tcp --dport 22623 --src 38.145.48.43 -j ACCEPT -iptables -A fedora-block-ports -p tcp --dport 22623 -j REJECT - -iptables -I INPUT 1 -j fedora-block-ports diff --git a/files/communishift/objects/machineconfigs/mc_chrony.yml.template b/files/communishift/objects/machineconfigs/mc_chrony.yml.template deleted file mode 100644 index 7ef78dc2bc..0000000000 --- a/files/communishift/objects/machineconfigs/mc_chrony.yml.template +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: machineconfiguration.openshift.io/v1 -kind: MachineConfig -metadata: - generation: 1 - name: 50-chrony-DOBOTH - labels: - machineconfiguration.openshift.io/role: DOBOTH -spec: - config: - ignition: - version: "2.2.0" - storage: - files: - - contents: - source: "data:,server%20cloud-noc01.fedorainfracloud.org%20port%20124" - verification: {} - filesystem: root - mode: 0644 - path: /etc/chrony.conf diff --git a/files/communishift/objects/machineconfigs/mc_firewall.yml.template b/files/communishift/objects/machineconfigs/mc_firewall.yml.template deleted file mode 100644 index 6dfc994716..0000000000 --- a/files/communishift/objects/machineconfigs/mc_firewall.yml.template +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: machineconfiguration.openshift.io/v1 -kind: MachineConfig -metadata: - generation: 1 - name: 40-firewall-DOBOTH - labels: - machineconfiguration.openshift.io/role: DOBOTH -spec: - config: - ignition: - version: "2.2.0" - storage: - files: - - path: /etc/fedora_firewall.sh - mode: 0755 - filesystem: root - contents: - source: "FILL_IN_HERE" - systemd: - units: - - name: "fedora_firewall.service" - enabled: true - contents: |- - [Unit] - Descrption=Block firewall ports for Fedora - - [Service] - Type=oneshot - ExecStart=bash /etc/fedora_firewall.sh - - [Install] - WantedBy=multi-user.target diff --git a/files/communishift/objects/machineconfigs/to_data.sh b/files/communishift/objects/machineconfigs/to_data.sh deleted file mode 100755 index 0e27d3bab4..0000000000 --- a/files/communishift/objects/machineconfigs/to_data.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -echo -n "data:," -cat $1 | tr '\n' '*' | sed -e 's/*/%0A/g' | sed -e 's/ /%20/g' -echo diff --git a/files/communishift/objects/oidc_cm.yml b/files/communishift/objects/oidc_cm.yml deleted file mode 100644 index d4d7c5e06b..0000000000 --- a/files/communishift/objects/oidc_cm.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -apiVersion: config.openshift.io/v1 -kind: OAuth -metadata: - name: cluster -spec: - identityProviders: - - name: fedoraidp - login: true - challenge: false - mappingMethod: claim - type: OpenID - openID: - clientID: communishift - clientSecret: - name: fedoraidp-clientsecret - extraScopes: - - email - - profile - claims: - preferredUsername: - - nickname - name: - - name - email: - - email - issuer: https://id.fedoraproject.org diff --git a/files/copr/DigiCertCA.crt b/files/copr/DigiCertCA.crt new file mode 100644 index 0000000000..d08b961f22 --- /dev/null +++ b/files/copr/DigiCertCA.crt @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j +ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL +MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 +LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy +YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2 +4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC +Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1 +itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn +4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X +sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft +bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA +MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw +NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy +dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t +L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG +BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ +UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D +aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd +aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH +E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly +/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu +xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF +0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae +cPUeybQ= +-----END CERTIFICATE----- diff --git a/roles/copr/backend/files/boto b/files/copr/boto similarity index 100% rename from roles/copr/backend/files/boto rename to files/copr/boto diff --git a/files/copr/copr-be.conf b/files/copr/copr-be.conf new file mode 100644 index 0000000000..fa138451aa --- /dev/null +++ b/files/copr/copr-be.conf @@ -0,0 +1,60 @@ +[backend] + +# URL where are results visible +# default is http://copr +results_baseurl=http://copr-be.cloud.fedoraproject.org/results + +# ??? What is this +# default is http://coprs/rest/api +#frontend_url=http://copr-fe.cloud.fedoraproject.org/backend +frontend_url=http://172.16.5.31/backend + +# must have same value as BACKEND_PASSWORD from have frontend in /etc/copr/copr.conf +# default is PASSWORDHERE but you really should change it. really. +frontend_auth={{ copr_backend_password }} + +# path to ansible playbook which spawns builder +# see /usr/share/copr*/playbooks/ for examples +# default is /etc/copr/builder_playbook.yml +spawn_playbook=/home/copr/provision/builderpb.yml + +# path to ansible playbook which terminate builder +# default is /etc/copr/terminate_playbook.yml +terminate_playbook=/home/copr/provision/terminatepb.yml + +terminate_vars=vm_name + +# directory where jobs are stored +# no defaults +jobsdir=/var/lib/copr/jobs + +# directory where results are stored +# should be accessible from web using 'results_baseurl' URL +# no default +destdir=/var/lib/copr/public_html/results + +# default is 10 +sleeptime=30 + +# default is 8 +num_workers=8 + +# path to log file +# default is /var/log/copr/backend.log +logfile=/var/log/copr/backend.log + +# default is /var/log/copr/workers/ +worker_logdir=/var/log/copr/workers/ + +# exit on worker failure +# default is false +#exit_on_worker=false + +# publish fedmsg notifications from workers if true +# default is false +#fedmsg_enabled=false +fedmsg_enabled=true + +[builder] +# default is 1800 +timeout=3600 diff --git a/files/copr/copr-be.conf-dev b/files/copr/copr-be.conf-dev new file mode 100644 index 0000000000..19dd9bbaf2 --- /dev/null +++ b/files/copr/copr-be.conf-dev @@ -0,0 +1,57 @@ +[backend] + +# URL where are results visible +# default is http://copr +results_baseurl=http://copr-be-dev.cloud.fedoraproject.org/results + +# ??? What is this +# default is http://coprs/rest/api +frontend_url=http://copr-fe-dev.cloud.fedoraproject.org/backend + +# must have same value as BACKEND_PASSWORD from have frontend in /etc/copr/copr.conf +# default is PASSWORDHERE but you really should change it. really. +frontend_auth=PASSWORDHERE + +# path to ansible playbook which spawns builder +# see /usr/share/copr*/playbooks/ for examples +# default is /etc/copr/builder_playbook.yml +spawn_playbook=/home/copr/provision/builderpb.yml + +# path to ansible playbook which terminate builder +# default is /etc/copr/terminate_playbook.yml +terminate_playbook=/home/copr/provision/terminatepb.yml + +# directory where jobs are stored +# no defaults +jobsdir=/var/lib/copr/jobs + +# directory where results are stored +# should be accessible from web using 'results_baseurl' URL +# no default +destdir=/var/lib/copr/public_html/results + +# default is 10 +sleeptime=30 + +# default is 8 +num_workers=5 + +# path to log file +# default is /var/log/copr/backend.log +logfile=/var/log/copr/backend.log + +# default is /var/log/copr/workers/ +worker_logdir=/var/log/copr/workers/ + +# exit on worker failure +# default is false +#exit_on_worker=false + +# publish fedmsg notifications from workers if true +# default is false +#fedmsg_enabled=false + + +[builder] +# default is 1800 +timeout=3600 diff --git a/roles/copr/backend/files/copr_bashrc b/files/copr/copr_bashrc similarity index 100% rename from roles/copr/backend/files/copr_bashrc rename to files/copr/copr_bashrc diff --git a/files/copr/delete-forgotten-instances.cron b/files/copr/delete-forgotten-instances.cron new file mode 100644 index 0000000000..5f4c191757 --- /dev/null +++ b/files/copr/delete-forgotten-instances.cron @@ -0,0 +1,5 @@ +#!/usr/bin/bash + +source /home/copr/cloud/ec2rc.sh +/home/copr/delete-forgotten-instances.pl + diff --git a/files/copr/delete-forgotten-instances.pl b/files/copr/delete-forgotten-instances.pl new file mode 100644 index 0000000000..8aa5d41f78 --- /dev/null +++ b/files/copr/delete-forgotten-instances.pl @@ -0,0 +1,28 @@ +#!/usr/bin/perl +# this scrip query for all running VM and terminate those +# which are not currently started by some ansible script + +while (chomp($a = qx(ps ax |grep -v 'sh -c ps ax' |grep /home/copr/provision/builderpb.yml | grep -v grep))) { + # we are starting some VM and could not determine correct list of running VMs + sleep 5; +} + +#print qx(ps ax |grep ' 172.16.3.' |awk '{ print \$33 }'); +@IPs = split('\s+', qx(ps ax |grep ' 172.16.3.' |awk '{ print \$33 }')); + +#print "Running instances\n"; +#print join(", ", @IPs), "\n"; +for my $i (@IPs) { + $check{$i} = 1; +} + +@instances = split('\n', qx(/bin/euca-describe-instances)); +@TO_DELETE = (); +for my $i (@instances) { + my @COLUMNS = split('\s+', $i); + next if $COLUMNS[0] eq 'RESERVATION'; + #print $COLUMNS[1], ", ", $COLUMNS[15], "\n"; + push(@TO_DELETE, $COLUMNS[1]) unless $check{$COLUMNS[15]}; +} +$id_merged = join(" ", @TO_DELETE); +qx|euca-terminate-instances $id_merged| if ($id_merged); diff --git a/files/copr/fe/README b/files/copr/fe/README new file mode 100644 index 0000000000..c59148083e --- /dev/null +++ b/files/copr/fe/README @@ -0,0 +1 @@ +in this dir is where we put all the configs for the copr frontend diff --git a/files/copr/fe/copr.conf b/files/copr/fe/copr.conf new file mode 100644 index 0000000000..22899acf9a --- /dev/null +++ b/files/copr/fe/copr.conf @@ -0,0 +1,33 @@ +# Directory and files where is stored Copr database files +DATA_DIR = '/var/lib/copr/data' +DATABASE = '/var/lib/copr/data/copr.db' +OPENID_STORE = '/var/lib/copr/data/openid_store' +WHOOSHEE_DIR = '/var/lib/copr/data/whooshee' + +SECRET_KEY = '{{ copr_secret_key }}' +BACKEND_PASSWORD = '{{ copr_backend_password }}' + +# restrict access to a set of users +#USE_ALLOWED_USERS = False +#ALLOWED_USERS = ['bonnie', 'clyde'] + +SQLALCHEMY_DATABASE_URI = '{{ copr_database_uri }}' + +# Token length, defaults to 30 (max 255) +#API_TOKEN_LENGTH = 30 + +# Expiration of API token in days +#API_TOKEN_EXPIRATION = 180 + +# logging options +#SEND_LOGS_TO = ['root@localhost'] +#LOGGING_LEVEL = logging.ERROR + +DEBUG = False +SQLALCHEMY_ECHO = False + +CSRF_ENABLED = True +WTF_CSRF_ENABLED = True + +# send emails when user's perms change in project? +SEND_EMAILS = True diff --git a/files/copr/fe/httpd/coprs.conf b/files/copr/fe/httpd/coprs.conf new file mode 100644 index 0000000000..dd4536cfef --- /dev/null +++ b/files/copr/fe/httpd/coprs.conf @@ -0,0 +1,64 @@ +NameVirtualHost *:80 +LoadModule wsgi_module modules/mod_wsgi.so +WSGISocketPrefix /var/run/wsgi + + + ServerName copr-fe.cloud.fedoraproject.org + + WSGIPassAuthorization On + WSGIDaemonProcess 127.0.0.1 user=copr-fe group=copr-fe threads=5 + WSGIScriptAlias / /usr/share/copr/coprs_frontend/application + WSGIProcessGroup 127.0.0.1 + + #ErrorLog logs/error_coprs + #CustomLog logs/access_coprs common + + + WSGIApplicationGroup %{GLOBAL} + Require all granted + + + + + SSLEngine on + SSLProtocol all -SSLv2 + #optimeize on speed + SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5 + SSLHonorCipherOrder on + + SSLCertificateFile /etc/pki/tls/ca.crt + SSLCertificateKeyFile /etc/pki/tls/private/ca.key + ServerName copr-fe.cloud.fedoraproject.org:443 + + WSGIPassAuthorization On + #WSGIDaemonProcess 127.0.0.1 user=copr-fe group=copr-fe threads=5 + WSGIScriptAlias / /usr/share/copr/coprs_frontend/application + WSGIProcessGroup 127.0.0.1 + + #ErrorLog logs/error_coprs + #CustomLog logs/access_coprs common + + + WSGIApplicationGroup %{GLOBAL} + Require all granted + + + + +ExtendedStatus On + + + SetHandler server-status + Require all denied + Require host localhost .redhat.com + + + + + StartServers 8 + MinSpareServers 8 + MaxSpareServers 20 + MaxClients 50 + MaxRequestsPerChild 10000 + + diff --git a/files/copr/fe/httpd/welcome.conf b/files/copr/fe/httpd/welcome.conf new file mode 100644 index 0000000000..3b15c42b9f --- /dev/null +++ b/files/copr/fe/httpd/welcome.conf @@ -0,0 +1 @@ +#commented out so it doesn't do that stupid index page diff --git a/roles/copr/frontend/files/pg/pg_hba.conf b/files/copr/fe/pg/pg_hba.conf similarity index 100% rename from roles/copr/frontend/files/pg/pg_hba.conf rename to files/copr/fe/pg/pg_hba.conf diff --git a/files/copr/fe/yum/copr.repo b/files/copr/fe/yum/copr.repo new file mode 100644 index 0000000000..e79a7b79e3 --- /dev/null +++ b/files/copr/fe/yum/copr.repo @@ -0,0 +1,10 @@ +[Copr] +name=Copr +failovermethod=priority +#baseurl=http://copr-be.cloud.fedoraproject.org/results/msuchy/copr/fedora-19-x86_64/ +# 172.16.5.4 is copr-be.cloud.fedoraproject.org +# see https://fedorahosted.org/fedora-infrastructure/ticket/4025 +baseurl=http://172.16.5.4/results/msuchy/copr/fedora-20-x86_64/ +enabled=1 +gpgcheck=0 + diff --git a/files/copr/forward b/files/copr/forward new file mode 100644 index 0000000000..5f68f7ad39 --- /dev/null +++ b/files/copr/forward @@ -0,0 +1,4 @@ +msuchy+coprmachine@redhat.com +kevin@scrye.com +nb@fedoraproject.org +sgallagh@redhat.com diff --git a/files/copr/forward-dev b/files/copr/forward-dev new file mode 100644 index 0000000000..e25b03e22b --- /dev/null +++ b/files/copr/forward-dev @@ -0,0 +1,2 @@ +msuchy+coprmachine@redhat.com +asamalik@redhat.com diff --git a/files/copr/hosts b/files/copr/hosts new file mode 100644 index 0000000000..8d78139ab8 --- /dev/null +++ b/files/copr/hosts @@ -0,0 +1,7 @@ +127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 +::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 +172.16.5.31 copr-fe.cloud.fedoraproject.org +172.16.5.31 copr.fedoraproject.org +172.16.5.4 copr-be.cloud.fedoraproject.org +172.16.5.5 copr-be-dev.cloud.fedoraproject.org +172.16.5.15 copr-fe-dev.cloud.fedoraproject.org diff --git a/files/copr/keystonerc b/files/copr/keystonerc new file mode 100644 index 0000000000..1f7737a67e --- /dev/null +++ b/files/copr/keystonerc @@ -0,0 +1,23 @@ +#!/bin/bash + +# With the addition of Keystone, to use an openstack cloud you should +# authenticate against keystone, which returns a **Token** and **Service +# Catalog**. The catalog contains the endpoint for all services the +# user/tenant has access to - including nova, glance, keystone, swift. +# +# *NOTE*: Using the 2.0 *auth api* does not mean that compute api is 2.0. We +# will use the 1.1 *compute api* +export OS_AUTH_URL=http://172.23.0.2:5000/v2.0 + +# With the addition of Keystone we have standardized on the term **tenant** +# as the entity that owns the resources. + +export OS_TENANT_ID={{ copr_tenant_id }} +export OS_TENANT_NAME="copr" + +# In addition to the owning entity (tenant), openstack stores the entity +# performing the action as the **user**. +export OS_USERNAME=msuchy + +# With Keystone you pass the keystone password. +export OS_PASSWORD={{ copr_nova_password }} diff --git a/roles/copr/backend/files/lighttpd/dirlisting.conf b/files/copr/lighttpd/dirlisting.conf similarity index 100% rename from roles/copr/backend/files/lighttpd/dirlisting.conf rename to files/copr/lighttpd/dirlisting.conf diff --git a/files/copr/lighttpd/lighttpd.conf b/files/copr/lighttpd/lighttpd.conf new file mode 100644 index 0000000000..177d3d08a4 --- /dev/null +++ b/files/copr/lighttpd/lighttpd.conf @@ -0,0 +1,455 @@ +####################################################################### +## +## /etc/lighttpd/lighttpd.conf +## +## check /etc/lighttpd/conf.d/*.conf for the configuration of modules. +## +####################################################################### + +####################################################################### +## +## Some Variable definition which will make chrooting easier. +## +## if you add a variable here. Add the corresponding variable in the +## chroot example aswell. +## +var.log_root = "/var/log/lighttpd" +var.server_root = "/var/www" +var.state_dir = "/var/run" +var.home_dir = "/var/lib/lighttpd" +var.conf_dir = "/etc/lighttpd" + +## +## run the server chrooted. +## +## This requires root permissions during startup. +## +## If you run Chrooted set the the variables to directories relative to +## the chroot dir. +## +## example chroot configuration: +## +#var.log_root = "/logs" +#var.server_root = "/" +#var.state_dir = "/run" +#var.home_dir = "/lib/lighttpd" +#var.vhosts_dir = "/vhosts" +#var.conf_dir = "/etc" +# +#server.chroot = "/srv/www" + +## +## Some additional variables to make the configuration easier +## + +## +## Base directory for all virtual hosts +## +## used in: +## conf.d/evhost.conf +## conf.d/simple_vhost.conf +## vhosts.d/vhosts.template +## +var.vhosts_dir = server_root + "/vhosts" + +## +## Cache for mod_compress +## +## used in: +## conf.d/compress.conf +## +var.cache_dir = "/var/cache/lighttpd" + +## +## Base directory for sockets. +## +## used in: +## conf.d/fastcgi.conf +## conf.d/scgi.conf +## +var.socket_dir = home_dir + "/sockets" + +## +####################################################################### + +####################################################################### +## +## Load the modules. +include "modules.conf" + +## +####################################################################### + +####################################################################### +## +## Basic Configuration +## --------------------- +## +server.port = 80 + +## +## Use IPv6? +## +server.use-ipv6 = "disable" + +## +## bind to a specific IP +## +#server.bind = "localhost" + +## +## Run as a different username/groupname. +## This requires root permissions during startup. +## +server.username = "lighttpd" +server.groupname = "lighttpd" + +## +## enable core files. +## +#server.core-files = "disable" + +## +## Document root +## +server.document-root = "/var/lib/copr/public_html" + +## +## The value for the "Server:" response field. +## +## It would be nice to keep it at "lighttpd". +## +#server.tag = "lighttpd" + +## +## store a pid file +## +server.pid-file = state_dir + "/lighttpd.pid" + +## +####################################################################### + +####################################################################### +## +## Logging Options +## ------------------ +## +## all logging options can be overwritten per vhost. +## +## Path to the error log file +## +server.errorlog = log_root + "/error.log" + +## +## If you want to log to syslog you have to unset the +## server.errorlog setting and uncomment the next line. +## +#server.errorlog-use-syslog = "enable" + +## +## Access log config +## +include "conf.d/access_log.conf" + +## +## The debug options are moved into their own file. +## see conf.d/debug.conf for various options for request debugging. +## +include "conf.d/debug.conf" + +## +####################################################################### + +####################################################################### +## +## Tuning/Performance +## -------------------- +## +## corresponding documentation: +## http://www.lighttpd.net/documentation/performance.html +## +## set the event-handler (read the performance section in the manual) +## +## possible options on linux are: +## +## select +## poll +## linux-sysepoll +## +## linux-sysepoll is recommended on kernel 2.6. +## +server.event-handler = "linux-sysepoll" + +## +## The basic network interface for all platforms at the syscalls read() +## and write(). Every modern OS provides its own syscall to help network +## servers transfer files as fast as possible +## +## linux-sendfile - is recommended for small files. +## writev - is recommended for sending many large files +## +server.network-backend = "linux-sendfile" + +## +## As lighttpd is a single-threaded server, its main resource limit is +## the number of file descriptors, which is set to 1024 by default (on +## most systems). +## +## If you are running a high-traffic site you might want to increase this +## limit by setting server.max-fds. +## +## Changing this setting requires root permissions on startup. see +## server.username/server.groupname. +## +## By default lighttpd would not change the operation system default. +## But setting it to 2048 is a better default for busy servers. +## +## With SELinux enabled, this is denied by default and needs to be allowed +## by running the following once : setsebool -P httpd_setrlimit on +#server.max-fds = 2048 + +## +## Stat() call caching. +## +## lighttpd can utilize FAM/Gamin to cache stat call. +## +## possible values are: +## disable, simple or fam. +## +server.stat-cache-engine = "simple" + +## +## Fine tuning for the request handling +## +## max-connections == max-fds/2 (maybe /3) +## means the other file handles are used for fastcgi/files +## +server.max-connections = 1024 + +## +## How many seconds to keep a keep-alive connection open, +## until we consider it idle. +## +## Default: 5 +## +#server.max-keep-alive-idle = 5 + +## +## How many keep-alive requests until closing the connection. +## +## Default: 16 +## +#server.max-keep-alive-requests = 16 + +## +## Maximum size of a request in kilobytes. +## By default it is unlimited (0). +## +## Uploads to your server cant be larger than this value. +## +#server.max-request-size = 0 + +## +## Time to read from a socket before we consider it idle. +## +## Default: 60 +## +#server.max-read-idle = 60 + +## +## Time to write to a socket before we consider it idle. +## +## Default: 360 +## +#server.max-write-idle = 360 + +## +## Traffic Shaping +## ----------------- +## +## see /usr/share/doc/lighttpd/traffic-shaping.txt +## +## Values are in kilobyte per second. +## +## Keep in mind that a limit below 32kB/s might actually limit the +## traffic to 32kB/s. This is caused by the size of the TCP send +## buffer. +## +## per server: +## +#server.kbytes-per-second = 128 + +## +## per connection: +## +#connection.kbytes-per-second = 32 + +## +####################################################################### + +####################################################################### +## +## Filename/File handling +## ------------------------ + +## +## files to check for if .../ is requested +## index-file.names = ( "index.php", "index.rb", "index.html", +## "index.htm", "default.htm" ) +## +index-file.names += ( + "index.xhtml", "index.html", "index.htm", "default.htm", "index.php" +) + +## +## deny access the file-extensions +## +## ~ is for backupfiles from vi, emacs, joe, ... +## .inc is often used for code includes which should in general not be part +## of the document-root +url.access-deny = ( "~", ".inc" ) + +## +## disable range requests for pdf files +## workaround for a bug in the Acrobat Reader plugin. +## +$HTTP["url"] =~ "\.pdf$" { + server.range-requests = "disable" +} + +## +## url handling modules (rewrite, redirect) +## +#url.rewrite = ( "^/$" => "/server-status" ) +#url.redirect = ( "^/wishlist/(.+)" => "http://www.example.com/$1" ) + +## +## both rewrite/redirect support back reference to regex conditional using %n +## +#$HTTP["host"] =~ "^www\.(.*)" { +# url.redirect = ( "^/(.*)" => "http://%1/$1" ) +#} + +## +## which extensions should not be handle via static-file transfer +## +## .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi +## +static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" ) + +## +## error-handler for status 404 +## +#server.error-handler-404 = "/error-handler.html" +#server.error-handler-404 = "/error-handler.php" + +## +## Format: .html +## -> ..../status-404.html for 'File not found' +## +#server.errorfile-prefix = "/srv/www/htdocs/errors/status-" + +## +## mimetype mapping +## +include "conf.d/mime.conf" + +## +## directory listing configuration +## +include "conf.d/dirlisting.conf" + +## +## Should lighttpd follow symlinks? +## +server.follow-symlink = "enable" + +## +## force all filenames to be lowercase? +## +#server.force-lowercase-filenames = "disable" + +## +## defaults to /var/tmp as we assume it is a local harddisk +## +server.upload-dirs = ( "/var/tmp" ) + +## +####################################################################### + + +####################################################################### +## +## SSL Support +## ------------- +## +## To enable SSL for the whole server you have to provide a valid +## certificate and have to enable the SSL engine.:: +## +## ssl.engine = "enable" +## ssl.pemfile = "/path/to/server.pem" +## +## The HTTPS protocol does not allow you to use name-based virtual +## hosting with SSL. If you want to run multiple SSL servers with +## one lighttpd instance you must use IP-based virtual hosting: :: +## +## $SERVER["socket"] == "10.0.0.1:443" { +## ssl.engine = "enable" +## ssl.pemfile = "/etc/ssl/private/www.example.com.pem" +## # +## # Mitigate BEAST attack: +## # +## # A stricter base cipher suite. For details see: +## # http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html +## # +## ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM" +## # +## # Make the server prefer the order of the server side cipher suite instead of the client suite. +## # This is necessary to mitigate the BEAST attack (unless you disable all non RC4 algorithms). +## # This option is enabled by default, but only used if ssl.cipher-list is set. +## # +## # ssl.honor-cipher-order = "enable" +## # +## # Mitigate CVE-2009-3555 by disabling client triggered renegotation +## # This is enabled by default. +## # +## # ssl.disable-client-renegotiation = "enable" +## # +## server.name = "www.example.com" +## +## server.document-root = "/srv/www/vhosts/example.com/www/" +## } +## + +## If you have a .crt and a .key file, cat them together into a +## single PEM file: +## $ cat /etc/ssl/private/lighttpd.key /etc/ssl/certs/lighttpd.crt \ +## > /etc/ssl/private/lighttpd.pem +## +#ssl.pemfile = "/etc/ssl/private/lighttpd.pem" + +## +## optionally pass the CA certificate here. +## +## +#ssl.ca-file = "" + +## +####################################################################### + +####################################################################### +## +## custom includes like vhosts. +## +#include "conf.d/config.conf" +#include_shell "cat /etc/lighttpd/vhosts.d/*.conf" +## +####################################################################### + +$SERVER["socket"] == ":443" { + ssl.engine = "enable" + ssl.pemfile = "/etc/lighttpd/copr-be.fedoraproject.org.pem" + ssl.ca-file = "/etc/lighttpd/DigiCertCA.crt" + ssl.disable-client-renegotiation = "enable" + ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM" +} diff --git a/roles/copr/backend/files/lighttpd/mime.conf b/files/copr/lighttpd/mime.conf similarity index 100% rename from roles/copr/backend/files/lighttpd/mime.conf rename to files/copr/lighttpd/mime.conf diff --git a/roles/copr/backend/files/provision/ansible.cfg b/files/copr/provision/ansible.cfg similarity index 100% rename from roles/copr/backend/files/provision/ansible.cfg rename to files/copr/provision/ansible.cfg diff --git a/files/copr/provision/builderpb.yml b/files/copr/provision/builderpb.yml new file mode 100644 index 0000000000..8220965236 --- /dev/null +++ b/files/copr/provision/builderpb.yml @@ -0,0 +1,96 @@ +#jinja2:variable_start_string:'[%' , variable_end_string:'%]' +--- +- name: check/create instance + hosts: localhost + user: copr + gather_facts: False + + vars: + - security_group: builder + - OS_AUTH_URL: http://172.23.0.2:5000/v2.0 + - OS_TENANT_NAME: copr + - OS_USERNAME: msuchy + - OS_PASSWORD: [% copr_nova_password %] + # rhel 6.4 2013-02-21 x86_64 - ami + - image_id: cba0c766-84ac-4048-b0f5-6d4000af62f8 + + tasks: + - name: generate builder name + local_action: command echo "Copr builder {{ 999999999 | random }}" + register: vm_name + + - name: spin it up + local_action: nova_compute auth_url={{OS_AUTH_URL}} flavor_id=6 image_id={{ image_id }} key_name=buildsys login_password={{OS_PASSWORD}} login_tenant_name={{OS_TENANT_NAME}} login_username={{OS_USERNAME}} security_groups={{security_group}} wait=yes name="{{vm_name.stdout}}" + register: nova + + # should be able to use nova.private_ip, but it does not work with Fedora Cloud. + - debug: msg="IP={{ nova.info.addresses.vlannet_3[0].addr }}" + + - debug: msg="vm_name={{vm_name.stdout}}" + + - name: add it to the special group + local_action: add_host hostname={{ nova.info.addresses.vlannet_3[0].addr }} groupname=builder_temp_group + + - name: wait for the host to be hot + local_action: wait_for host={{ nova.info.addresses.vlannet_3[0].addr }} port=22 delay=5 timeout=600 + +- hosts: builder_temp_group + user: root + gather_facts: False + vars: + - files: files/ + + tasks: + - name: edit hostname to be instance name + action: shell hostname `curl -s http://169.254.169.254/2009-04-04/meta-data/instance-id` + + - name: install pkgs + action: yum state=present pkg={{ item }} + with_items: + - rsync + - openssh-clients + - libselinux-python + - libsemanage-python + + - name: add repos + action: copy src={{ files }}/{{ item }} dest=/etc/yum.repos.d/{{ item }} + with_items: + - builder.repo + - epel6.repo + + - name: install additional pkgs + action: yum state=present pkg={{ item }} + with_items: + - mock + - createrepo + - yum-utils + - pyliblzma + + - name: make sure newest rpm + action: yum name={{ item }} state=latest + with_items: + - rpm + - glib2 + + - yum: name=mock enablerepo=epel-testing state=latest + + - name: mockbuilder user + action: user name=mockbuilder groups=mock + + - name: mockbuilder .ssh + action: file state=directory path=/home/mockbuilder/.ssh mode=0700 owner=mockbuilder group=mockbuilder + + - name: mockbuilder authorized_keys + action: authorized_key user=mockbuilder key='{{ lookup('file', '/home/copr/provision/files/buildsys.pub') }}' + + - name: put updated mock configs into /etc/mock + action: copy src={{ files }}/mock/{{ item }} dest=/etc/mock + with_items: + - site-defaults.cfg + - epel-5-x86_64.cfg + - epel-5-i386.cfg + - fedora-20-x86_64.cfg + - fedora-20-i386.cfg + - epel-7-x86_64.cfg + + - lineinfile: dest=/root/.bashrc line="ulimit -n 10240" insertafter=EOF diff --git a/files/copr/provision/files/builder.repo b/files/copr/provision/files/builder.repo new file mode 100644 index 0000000000..f90e909422 --- /dev/null +++ b/files/copr/provision/files/builder.repo @@ -0,0 +1,23 @@ +[builder-infrastructure] +name=Builder Packages from Fedora Infrastructure $releasever - $basearch +baseurl=http://infrastructure.fedoraproject.org/repo/builder-rpms/$releasever/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://infrastructure.fedoraproject.org/repo/RPM-GPG-KEY-INFRASTRUCTURE + +[msuchy-Mock] +name=Copr repo for Mock owned by msuchy +description=Mock for RHEL6 with patch from https://bugzilla.redhat.com/show_bug.cgi?id=1028438 and https://bugzilla.redhat.com/show_bug.cgi?id=1034805 +baseurl=http://172.16.5.4/results/msuchy/Mock/epel-6-$basearch/ +skip_if_unavailable=True +gpgcheck=0 +enabled=1 + +[msuchy-scl-utils] +name=Copr repo for scl-utils owned by msuchy +description=scl-utils with patch from https://bugzilla.redhat.com/show_bug.cgi?id=985233 +baseurl=http://172.16.5.4/results/msuchy/scl-utils/epel-6-$basearch/ +skip_if_unavailable=True +gpgcheck=0 +enabled=1 + diff --git a/roles/copr/backend/files/provision/files/buildsys.pub b/files/copr/provision/files/buildsys.pub similarity index 100% rename from roles/copr/backend/files/provision/files/buildsys.pub rename to files/copr/provision/files/buildsys.pub diff --git a/files/copr/provision/files/epel6.repo b/files/copr/provision/files/epel6.repo new file mode 100644 index 0000000000..d195e79ea5 --- /dev/null +++ b/files/copr/provision/files/epel6.repo @@ -0,0 +1,13 @@ +[epel] +name=Extras Packages for Enterprise Linux $releasever - $basearch +baseurl=http://infrastructure.fedoraproject.org/pub/epel/6/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6 + +[epel-testing] +name=Extras Packages for Enterprise Linux $releasever - $basearch +baseurl=http://infrastructure.fedoraproject.org/pub/epel/testing/6/$basearch/ +enabled=0 +gpgcheck=1 +gpgkey=http://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6 diff --git a/files/copr/provision/files/mock/epel-5-i386.cfg b/files/copr/provision/files/mock/epel-5-i386.cfg new file mode 100644 index 0000000000..bd55bbcb52 --- /dev/null +++ b/files/copr/provision/files/mock/epel-5-i386.cfg @@ -0,0 +1,60 @@ +config_opts['root'] = 'epel-5-i386' +config_opts['target_arch'] = 'i386' +config_opts['legal_host_arches'] = ('i386', 'i586', 'i686', 'x86_64') +config_opts['chroot_setup_cmd'] = 'install buildsys-build' +config_opts['dist'] = 'el5' # only useful for --resultdir variable subst +if not config_opts.has_key('macros'): config_opts['macros'] = {} +config_opts['macros']['%__arch_install_post'] = '%{nil}' +config_opts['macros']['%rhel'] = '5' +config_opts['macros']['%dist'] = '.el5' +config_opts['macros']['%el5'] = '1' +config_opts['releasever'] = '5' + +config_opts['yum.conf'] = """ +[main] +cachedir=/var/cache/yum +debuglevel=1 +logfile=/var/log/yum.log +reposdir=/dev/null +retries=20 +obsoletes=1 +gpgcheck=0 +assumeyes=1 +syslog_ident=mock +syslog_device= + +# repos + +[core] +name=base +mirrorlist=http://mirrorlist.centos.org/?release=5&arch=i386&repo=os + +[update] +name=updates +mirrorlist=http://mirrorlist.centos.org/?release=5&arch=i386&repo=updates + +[groups] +name=groups +baseurl=http://buildsys.fedoraproject.org/buildgroups/rhel5/i386/ + +[extras] +name=epel +mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=i386 + +[testing] +name=epel-testing +enabled=0 +mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-epel5&arch=i386 + +[local] +name=local +baseurl=http://kojipkgs.fedoraproject.org/repos/dist-5E-epel-build/latest/i386/ +cost=2000 +enabled=0 + +[epel-debug] +name=epel-debug +mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-5&arch=i386 +failovermethod=priority +enabled=0 +""" diff --git a/files/copr/provision/files/mock/epel-5-x86_64.cfg b/files/copr/provision/files/mock/epel-5-x86_64.cfg new file mode 100644 index 0000000000..31351d53c3 --- /dev/null +++ b/files/copr/provision/files/mock/epel-5-x86_64.cfg @@ -0,0 +1,60 @@ +config_opts['root'] = 'epel-5-x86_64' +config_opts['target_arch'] = 'x86_64' +config_opts['legal_host_arches'] = ('x86_64',) +config_opts['chroot_setup_cmd'] = 'install buildsys-build' +config_opts['dist'] = 'el5' # only useful for --resultdir variable subst +if not config_opts.has_key('macros'): config_opts['macros'] = {} +config_opts['macros']['%__arch_install_post'] = '%{nil}' +config_opts['macros']['%rhel'] = '5' +config_opts['macros']['%dist'] = '.el5' +config_opts['macros']['%el5'] = '1' +config_opts['releasever'] = '5' + +config_opts['yum.conf'] = """ +[main] +cachedir=/var/cache/yum +debuglevel=1 +logfile=/var/log/yum.log +reposdir=/dev/null +retries=20 +obsoletes=1 +gpgcheck=0 +assumeyes=1 +syslog_ident=mock +syslog_device= + +# repos + +[core] +name=base +mirrorlist=http://mirrorlist.centos.org/?release=5&arch=x86_64&repo=os + +[update] +name=updates +mirrorlist=http://mirrorlist.centos.org/?release=5&arch=x86_64&repo=updates + +[groups] +name=groups +baseurl=http://buildsys.fedoraproject.org/buildgroups/rhel5/x86_64/ + +[extras] +name=epel +mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=x86_64 + +[testing] +name=epel-testing +enabled=0 +mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-epel5&arch=x86_64 + +[local] +name=local +baseurl=http://kojipkgs.fedoraproject.org/repos/dist-5E-epel-build/latest/x86_64/ +cost=2000 +enabled=0 + +[epel-debug] +name=epel-debug +mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-5&arch=x86_64 +failovermethod=priority +enabled=0 +""" diff --git a/files/copr/provision/files/mock/epel-7-x86_64.cfg b/files/copr/provision/files/mock/epel-7-x86_64.cfg new file mode 100644 index 0000000000..dcb49d760c --- /dev/null +++ b/files/copr/provision/files/mock/epel-7-x86_64.cfg @@ -0,0 +1,45 @@ +config_opts['chroothome'] = '/builddir' +config_opts['basedir'] = '/var/lib/mock' +config_opts['root'] = 'epel-7-x86_64' +config_opts['target_arch'] = 'x86_64' +config_opts['legal_host_arches'] = ('x86_64',) +config_opts['chroot_setup_cmd'] = 'install bash bzip2 coreutils cpio diffutils findutils gawk gcc gcc-c++ grep gzip info make patch redhat-release-server redhat-rpm-config rpm-build sed shadow-utils tar unzip util-linux which xz' +config_opts['dist'] = 'el7' # only useful for --resultdir variable subst +config_opts['macros'] = {} +config_opts['macros']['%dist'] = '.el7' +config_opts['macros']['%rhel'] = '7' +config_opts['macros']['%el7'] = '1' +config_opts['macros']['%_topdir'] = '/builddir/build' +config_opts['macros']['%_rpmfilename'] = '%%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm' +config_opts['releasever'] = '7' + +config_opts['plugin_conf']['root_cache_enable'] = False +config_opts['plugin_conf']['yum_cache_enable'] = False +config_opts['plugin_conf']['ccache_enable'] = False + +config_opts['yum.conf'] = """ +[main] +cachedir=/var/cache/yum +debuglevel=1 +logfile=/var/log/yum.log +reposdir=/dev/null +retries=20 +obsoletes=1 +gpgcheck=0 +assumeyes=1 +syslog_ident=mock +syslog_device= + +# repos + +[beta] +name=beta +baseurl=http://kojipkgs.fedoraproject.org/rhel/beta/7/x86_64/os/ + +[epel] +name=Extra Packages for Enterprise Linux 7 - $basearch +#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch +mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch +failovermethod=priority +enabled=1 +""" diff --git a/files/copr/provision/files/mock/fedora-20-i386.cfg b/files/copr/provision/files/mock/fedora-20-i386.cfg new file mode 100644 index 0000000000..fde3c2754f --- /dev/null +++ b/files/copr/provision/files/mock/fedora-20-i386.cfg @@ -0,0 +1,62 @@ +config_opts['root'] = 'fedora-20-i386' +config_opts['target_arch'] = 'i686' +config_opts['legal_host_arches'] = ('i386', 'i586', 'i686', 'x86_64') +config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build' +config_opts['dist'] = 'fc20' # only useful for --resultdir variable subst +config_opts['releasever'] = '20' + +config_opts['yum.conf'] = """ +[main] +cachedir=/var/cache/yum +debuglevel=1 +reposdir=/dev/null +logfile=/var/log/yum.log +retries=20 +obsoletes=1 +gpgcheck=0 +assumeyes=1 +syslog_ident=mock +syslog_device= + +# repos + +[fedora] +name=fedora +mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-20&arch=i386 +failovermethod=priority + +[updates] +name=updates +mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f20&arch=i386 +failovermethod=priority + +[updates-testing] +name=updates-testing +mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-testing-f20&arch=i386 +failovermethod=priority +enabled=0 + +[local] +name=local +baseurl=http://kojipkgs.fedoraproject.org/repos/f20-build/latest/i386/ +cost=2000 +enabled=0 + +[fedora-debuginfo] +name=fedora-debuginfo +mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-debug-20&arch=i386 +failovermethod=priority +enabled=0 + +[updates-debuginfo] +name=updates-debuginfo +mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-debug-f20&arch=i386 +failovermethod=priority +enabled=0 + +[updates-testing-debuginfo] +name=updates-testing-debuginfo +mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-testing-debug-f20&arch=i386 +failovermethod=priority +enabled=0 +""" diff --git a/files/copr/provision/files/mock/fedora-20-x86_64.cfg b/files/copr/provision/files/mock/fedora-20-x86_64.cfg new file mode 100644 index 0000000000..fa7f6d4c42 --- /dev/null +++ b/files/copr/provision/files/mock/fedora-20-x86_64.cfg @@ -0,0 +1,62 @@ +config_opts['root'] = 'fedora-20-x86_64' +config_opts['target_arch'] = 'x86_64' +config_opts['legal_host_arches'] = ('x86_64',) +config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build' +config_opts['dist'] = 'fc20' # only useful for --resultdir variable subst +config_opts['releasever'] = '20' + +config_opts['yum.conf'] = """ +[main] +cachedir=/var/cache/yum +debuglevel=1 +reposdir=/dev/null +logfile=/var/log/yum.log +retries=20 +obsoletes=1 +gpgcheck=0 +assumeyes=1 +syslog_ident=mock +syslog_device= + +# repos + +[fedora] +name=fedora +mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-20&arch=x86_64 +failovermethod=priority + +[updates] +name=updates +mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f20&arch=x86_64 +failovermethod=priority + +[updates-testing] +name=updates-testing +mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-testing-f20&arch=x86_64 +failovermethod=priority +enabled=0 + +[local] +name=local +baseurl=http://kojipkgs.fedoraproject.org/repos/f20-build/latest/x86_64/ +cost=2000 +enabled=0 + +[fedora-debuginfo] +name=fedora-debuginfo +mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-debug-20&arch=x86_64 +failovermethod=priority +enabled=0 + +[updates-debuginfo] +name=updates-debuginfo +mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-debug-f20&arch=x86_64 +failovermethod=priority +enabled=0 + +[updates-testing-debuginfo] +name=updates-testing-debuginfo +mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-testing-debug-f20&arch=x86_64 +failovermethod=priority +enabled=0 +""" diff --git a/files/copr/provision/files/mock/fedora-21-i386.cfg b/files/copr/provision/files/mock/fedora-21-i386.cfg new file mode 100644 index 0000000000..9ac64f2933 --- /dev/null +++ b/files/copr/provision/files/mock/fedora-21-i386.cfg @@ -0,0 +1,63 @@ +config_opts['root'] = 'fedora-21-i386' +config_opts['target_arch'] = 'i686' +config_opts['legal_host_arches'] = ('i386', 'i586', 'i686', 'x86_64') +config_opts['chroot_setup_cmd'] = 'install @buildsys-build' +config_opts['dist'] = 'fc21' # only useful for --resultdir variable subst +config_opts['extra_chroot_dirs'] = [ '/run/lock', ] +config_opts['releasever'] = '21' + +config_opts['yum.conf'] = """ +[main] +cachedir=/var/cache/yum +debuglevel=1 +reposdir=/dev/null +logfile=/var/log/yum.log +retries=20 +obsoletes=1 +gpgcheck=0 +assumeyes=1 +syslog_ident=mock +syslog_device= + +# repos + +[fedora] +name=fedora +metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch +failovermethod=priority + +[updates] +name=updates +metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch +failovermethod=priority + +[updates-testing] +name=updates-testing +metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch +failovermethod=priority +enabled=0 + +[local] +name=local +baseurl=http://kojipkgs.fedoraproject.org/repos/f21-build/latest/i386/ +cost=2000 +enabled=0 + +[fedora-debuginfo] +name=fedora-debuginfo +metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch +failovermethod=priority +enabled=0 + +[updates-debuginfo] +name=updates-debuginfo +metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch +failovermethod=priority +enabled=0 + +[updates-testing-debuginfo] +name=updates-testing-debuginfo +metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch +failovermethod=priority +enabled=0 +""" diff --git a/files/copr/provision/files/mock/fedora-21-x86_64.cfg b/files/copr/provision/files/mock/fedora-21-x86_64.cfg new file mode 100644 index 0000000000..517be438a0 --- /dev/null +++ b/files/copr/provision/files/mock/fedora-21-x86_64.cfg @@ -0,0 +1,63 @@ +config_opts['root'] = 'fedora-21-x86_64' +config_opts['target_arch'] = 'x86_64' +config_opts['legal_host_arches'] = ('x86_64',) +config_opts['chroot_setup_cmd'] = 'install @buildsys-build' +config_opts['dist'] = 'fc21' # only useful for --resultdir variable subst +config_opts['extra_chroot_dirs'] = [ '/run/lock', ] +config_opts['releasever'] = '21' + +config_opts['yum.conf'] = """ +[main] +cachedir=/var/cache/yum +debuglevel=1 +reposdir=/dev/null +logfile=/var/log/yum.log +retries=20 +obsoletes=1 +gpgcheck=0 +assumeyes=1 +syslog_ident=mock +syslog_device= + +# repos + +[fedora] +name=fedora +metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch +failovermethod=priority + +[updates] +name=updates +metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch +failovermethod=priority + +[updates-testing] +name=updates-testing +metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch +failovermethod=priority +enabled=0 + +[local] +name=local +baseurl=http://kojipkgs.fedoraproject.org/repos/f21-build/latest/x86_64/ +cost=2000 +enabled=0 + +[fedora-debuginfo] +name=fedora-debuginfo +metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch +failovermethod=priority +enabled=0 + +[updates-debuginfo] +name=updates-debuginfo +metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch +failovermethod=priority +enabled=0 + +[updates-testing-debuginfo] +name=updates-testing-debuginfo +metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch +failovermethod=priority +enabled=0 +""" diff --git a/files/copr/provision/files/mock/site-defaults.cfg b/files/copr/provision/files/mock/site-defaults.cfg new file mode 100644 index 0000000000..8842bdb52a --- /dev/null +++ b/files/copr/provision/files/mock/site-defaults.cfg @@ -0,0 +1,152 @@ +# mock defaults +# vim:tw=0:ts=4:sw=4:et: +# +# This config file is for site-specific default values that apply across all +# configurations. Options specified in this config file can be overridden in +# the individual mock config files. +# +# The site-defaults.cfg delivered by default has NO options set. Only set +# options here if you want to override the defaults. +# +# Entries in this file follow the same format as other mock config files. +# config_opts['foo'] = bar + +############################################################################# +# +# Things that we recommend you set in site-defaults.cfg: +# +# config_opts['basedir'] = '/var/lib/mock/' +# config_opts['cache_topdir'] = '/var/cache/mock' +# Note: the path pointed to by basedir and cache_topdir must be owned +# by group 'mock' and must have mode: g+rws +# config_opts['rpmbuild_timeout'] = 0 +# config_opts['use_host_resolv'] = True + +# You can configure log format to pull from logging.ini formats of these names: +# config_opts['build_log_fmt_name'] = "unadorned" +# config_opts['root_log_fmt_name'] = "detailed" +# config_opts['state_log_fmt_name'] = "state" +# +# mock will normally set up a minimal chroot /dev. +# If you want to use a pre-configured /dev, disable this and use the bind-mount +# plugin to mount your special /dev +# config_opts['internal_dev_setup'] = True +# +# internal_setarch defaults to 'True' if the python 'ctypes' package is +# available. It is in the python std lib on >= python 2.5. On older versions, +# it is available as an addon. On systems w/o ctypes, it will default to 'False' +# config_opts['internal_setarch'] = False +# +# the cleanup_on_* options allow you to automatically clean and remove the +# mock build directory, but only take effect if --resultdir is used. +# config_opts provides fine-grained control. cmdline only has big hammer +# +# config_opts['cleanup_on_success'] = 1 +# config_opts['cleanup_on_failure'] = 1 + +# if you want mock to automatically run createrepo on the rpms in your +# resultdir. +# config_opts['createrepo_on_rpms'] = False +# config_opts['createrepo_command'] = '/usr/bin/createrepo -d -q -x *.src.rpm' + +############################################################################# +# +# plugin related. Below are the defaults. Change to suit your site +# policy. site-defaults.cfg is a good place to do this. +# +# NOTE: Some of the caching options can theoretically affect build +# reproducability. Change with care. +# +config_opts['plugin_conf']['package_state_enable'] = True +# config_opts['plugin_conf']['ccache_enable'] = True +# config_opts['plugin_conf']['ccache_opts']['max_cache_size'] = '4G' +# config_opts['plugin_conf']['ccache_opts']['compress'] = None +# config_opts['plugin_conf']['ccache_opts']['dir'] = "%(cache_topdir)s/%(root)s/ccache/" +# config_opts['plugin_conf']['yum_cache_enable'] = True +# config_opts['plugin_conf']['yum_cache_opts']['max_age_days'] = 30 +# config_opts['plugin_conf']['yum_cache_opts']['dir'] = "%(cache_topdir)s/%(root)s/yum_cache/" +# config_opts['plugin_conf']['root_cache_enable'] = True +# config_opts['plugin_conf']['root_cache_opts']['max_age_days'] = 15 +# config_opts['plugin_conf']['root_cache_opts']['dir'] = "%(cache_topdir)s/%(root)s/root_cache/" +# config_opts['plugin_conf']['root_cache_opts']['compress_program'] = "pigz" +# config_opts['plugin_conf']['root_cache_opts']['extension'] = ".gz" +# config_opts['plugin_conf']['root_cache_opts']['exclude_dirs'] = ["./proc", "./sys", "./dev", +# "./tmp/ccache", "./var/cache/yum" ] +# +# bind mount plugin is enabled by default but has no configured directories to +# mount +# config_opts['plugin_conf']['bind_mount_enable'] = True +# config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/host/path', '/bind/mount/path/in/chroot/' )) +# +# config_opts['plugin_conf']['tmpfs_enable'] = False +# config_opts['plugin_conf']['tmpfs_opts']['required_ram_mb'] = 1024 +# config_opts['plugin_conf']['tmpfs_opts']['max_fs_size'] = '512m' + +############################################################################# +# +# environment for chroot +# +# config_opts['environment']['TERM'] = 'vt100' +# config_opts['environment']['SHELL'] = '/bin/bash' +# config_opts['environment']['HOME'] = '/builddir' +# config_opts['environment']['HOSTNAME'] = 'mock' +# config_opts['environment']['PATH'] = '/usr/bin:/bin:/usr/sbin:/sbin' +# config_opts['environment']['PROMPT_COMMAND'] = 'echo -n ""' +# config_opts['environment']['LANG'] = os.environ.setdefault('LANG', 'en_US.UTF-8') +# config_opts['environment']['TZ'] = os.environ.setdefault('TZ', 'EST5EDT') + +############################################################################# +# +# Things that you can change, but we dont recommend it: +# config_opts['chroothome'] = '/builddir' +# config_opts['clean'] = True + +############################################################################# +# +# Things that must be adjusted if SCM integration is used: +# +# config_opts['scm'] = True +# config_opts['scm_opts']['method'] = 'git' +# config_opts['scm_opts']['cvs_get'] = 'cvs -d /srv/cvs co SCM_BRN SCM_PKG' +# config_opts['scm_opts']['git_get'] = 'git clone SCM_BRN git://localhost/SCM_PKG.git SCM_PKG' +# config_opts['scm_opts']['svn_get'] = 'svn co file:///srv/svn/SCM_PKG/SCM_BRN SCM_PKG' +# config_opts['scm_opts']['spec'] = 'SCM_PKG.spec' +# config_opts['scm_opts']['ext_src_dir'] = '/dev/null' +# config_opts['scm_opts']['write_tar'] = True +# config_opts['scm_opts']['git_timestamps'] = True + +# These options are also recognized but usually defined in cmd line +# with --scm-option package= --scm-option branch= +# config_opts['scm_opts']['package'] = 'mypkg' +# config_opts['scm_opts']['branch'] = 'master' + +############################################################################# +# +# Things that are best suited for individual chroot config files: +# +# MUST SET (in individual chroot cfg file): +# config_opts['root'] = 'name-of-yum-build-dir' +# config_opts['target_arch'] = 'i386' +# config_opts['yum.conf'] = '' +# config_opts['yum_common_opts'] = [] +# +# CAN SET, defaults usually work ok: +# config_opts['chroot_setup_cmd'] = 'install buildsys-build' +# config_opts['log_config_file'] = 'logging.ini' +# config_opts['more_buildreqs']['srpm_name-version-release'] = 'dependencies' +# config_opts['macros']['%Add_your_macro_name_here'] = "add macro value here" +# config_opts['files']['path/name/no/leading/slash'] = "put file contents here." +# config_opts['chrootuid'] = os.getuid() + +# If you change chrootgid, you must also change "mock" to the correct group +# name in this line of the mock PAM config: +# auth sufficient pam_succeed_if.so user ingroup mock use_uid quiet +# config_opts['chrootgid'] = grp.getgrnam("mock")[2] + +# config_opts['useradd'] = '/usr/sbin/useradd -m -u %(uid)s -g %(gid)s -d %(home)s -n %(user)s' # Fedora/RedHat +# +# Security related +# config_opts['no_root_shells'] = False +# +# Proxy settings (https_proxy, ftp_proxy, and no_proxy can also be set) +# config_opts['http_proxy'] = 'http://localhost:3128' diff --git a/roles/copr/backend/files/provision/inventory b/files/copr/provision/inventory similarity index 100% rename from roles/copr/backend/files/provision/inventory rename to files/copr/provision/inventory diff --git a/files/copr/provision/terminatepb.yml b/files/copr/provision/terminatepb.yml new file mode 100644 index 0000000000..d36f2000ee --- /dev/null +++ b/files/copr/provision/terminatepb.yml @@ -0,0 +1,18 @@ +#jinja2:variable_start_string:'[%' , variable_end_string:'%]' +--- +- name: terminate instance + hosts: all + user: root + gather_facts: False + + vars: + - OS_AUTH_URL: http://172.23.0.2:5000/v2.0 + - OS_TENANT_NAME: copr + - OS_USERNAME: msuchy + - OS_PASSWORD: [% copr_nova_password %] + + tasks: + - name: terminate it + local_action: nova_compute auth_url={{OS_AUTH_URL}} login_password={{OS_PASSWORD}} login_tenant_name={{OS_TENANT_NAME}} login_username={{OS_USERNAME}} name="{{copr_task.vm_name}}" state=absent + + diff --git a/files/copr/ssh_config b/files/copr/ssh_config new file mode 100644 index 0000000000..302851e103 --- /dev/null +++ b/files/copr/ssh_config @@ -0,0 +1,4 @@ +Host * + IdentityFile ~/.ssh/id_rsa + StrictHostKeyChecking no + UserKnownHostsFile /dev/null diff --git a/files/debuginfod/debuginfod.service.d b/files/debuginfod/debuginfod.service.d deleted file mode 100644 index 019a2effc2..0000000000 --- a/files/debuginfod/debuginfod.service.d +++ /dev/null @@ -1,10 +0,0 @@ -[Service] -TasksMax=40 -CPUAccounting=yes -IOAccounting=yes -IPAccounting=yes -BlockIOAccounting=yes -MemoryAccounting=yes -TasksAccounting=yes -ConditionPathExists=/mnt/fedora_koji_prod/koji/packages - diff --git a/files/debuginfod/sysconfig.debuginfod b/files/debuginfod/sysconfig.debuginfod deleted file mode 100644 index 4abb6db636..0000000000 --- a/files/debuginfod/sysconfig.debuginfod +++ /dev/null @@ -1,18 +0,0 @@ -# -DEBUGINFOD_PORT="8002" -#DEBUGINFOD_VERBOSE="-vv" - -DEBUGINFOD_PATHS="--cors --fdcache-mintmp=15 --fdcache-mbs=100000 --fdcache-prefetch-fds=1024 -t43200 -g604800 -C20 -c6 -vv -r --koji-sigcache -R /mnt/fedora_koji_prod/koji/packages -X /data/ -I \.(module_f|fc)(35|36|37|38|39|4.)[.+].*\.rpm" - -# to age old fedoras, change the -I regex - -# prefer reliability/durability over performance -#DEBUGINFOD_PRAGMAS="-D 'pragma synchronous=full;'" - -# upstream debuginfods -#DEBUGINFOD_URLS="http://secondhost:8002 http://thirdhost:8002" -#DEBUGINFOD_TIMEOUT="5" -#DEBUGINFOD_CACHE_DIR="" - -# Don't use tmpfs /tmp on scarce-RAM machine. -TMPDIR=/var/tmp diff --git a/files/download/download-sync.cron b/files/download/download-sync.cron index 828f810d06..d01dc5620c 100644 --- a/files/download/download-sync.cron +++ b/files/download/download-sync.cron @@ -1,4 +1,3 @@ # run twice daily rsync of download. but lock it -MAILTO=root@fedoraproject.org +MAILTO=smooge@gmail.com 00 11,23 * * * root /usr/local/bin/lock-wrapper sync-up-downloads "/usr/local/bin/sync-up-downloads" - diff --git a/files/download/download-sync.cron.cc-rdu01 b/files/download/download-sync.cron.cc-rdu01 deleted file mode 100644 index 0c6b11453c..0000000000 --- a/files/download/download-sync.cron.cc-rdu01 +++ /dev/null @@ -1,5 +0,0 @@ -# Run quick mirror fedora every 10minutes -MAILTO=root@fedoraproject.org -*/10 * * * * root flock -n -E0 /tmp/download-sync -c '/root/quick-fedora-mirror/quick-fedora-mirror -c /root/quick-fedora-mirror.conf' -## Need to run this to keep centos mirror up to date. -00 1,7,13,19 * * * root /usr/local/bin/lock-wrapper sync-up-downloads "/usr/local/bin/sync-up-centos" diff --git a/files/download/download-sync.cron.ib01 b/files/download/download-sync.cron.ib01 deleted file mode 100644 index b9bd80558d..0000000000 --- a/files/download/download-sync.cron.ib01 +++ /dev/null @@ -1,4 +0,0 @@ -# Run quick mirror fedora every 10minutes -*/10 * * * * root flock -n -E0 /tmp/download-sync -c '/root/quick-fedora-mirror/quick-fedora-mirror -c /root/quick-fedora-mirror/quick-fedora-mirror.conf' -## Need to run this to keep centos mirror up to date. -00 1,7,13,19 * * * root /usr/local/bin/lock-wrapper sync-up-downloads "/usr/local/bin/sync-up-centos" diff --git a/files/download/last-sync b/files/download/last-sync deleted file mode 100644 index fd43dc77af..0000000000 --- a/files/download/last-sync +++ /dev/null @@ -1,162 +0,0 @@ -#!/usr/bin/python - -# Copyright (C) 2014 by Adrian Reber -# -# Permission is hereby granted, free of charge, to any person obtaining -# a copy of this software and associated documentation files (the -# "Software"), to deal in the Software without restriction, including -# without limitation the rights to use, copy, modify, merge, publish, -# distribute, sublicense, and/or sell copies of the Software, and to -# permit persons to whom the Software is furnished to do so, subject to -# the following conditions: -# -# The above copyright notice and this permission notice shall be -# included in all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE -# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION -# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -import requests -import time -import sys -import getopt - -fedora = 'org.fedoraproject.prod.bodhi.updates.fedora.sync' -epel = 'org.fedoraproject.prod.bodhi.updates.epel.sync' - -branched = 'org.fedoraproject.prod.compose.branched.rsync.complete' -rawhide = 'org.fedoraproject.prod.compose.rawhide.rsync.complete' - -base_url = 'https://apps.fedoraproject.org/datagrepper/raw' - - -topics = [] -# default time interval to query for syncs: 1 day -delta = 86400 -# return 0 and no output if a sync happened during -# if no sync happened 1 is returned -quiet = False -secondary = False -rawtime = False - -def usage(): - print - print "last-sync queries the Fedora Message Bus if new data is available on the public servers" - print - print "Usage: last-sync [options]" - print - print "Options:" - print " -a, --all query all possible releases (default)" - print " (fedora, epel, branched, rawhide)" - print " -f, --fedora only query if fedora has been updated during " - print " -e, --epel only query if epel has been updated" - print " -b, --branched only query if the branched off release" - print " has been updated" - print " -r, --rawhide only query if rawhide has been updated" - print " -q, --quiet do not print out any informations" - print " -t, --time print date in seconds since 1970-01-01" - print " -d DELTA, --delta=DELTA specify the time interval which should be used" - print " for the query (default: 86400)" - - -# -a -f -e -b -r -s -q -d -def parse_args(): - global topics - global delta - global quiet - global secondary - global rawtime - try: - opts, args = getopt.getopt(sys.argv[1:], "afhebrsqtd:", ["all", "fedora", "epel", "rawhide", "branched", "secondary", "quiet", "time", "delta="]) - except getopt.GetoptError as err: - print str(err) - usage() - sys.exit(2) - - for option, argument in opts: - if option in ("-a", "--all"): - topics = [ fedora, epel, branched, rawhide ] - secondary = True - if option in ("-f", "--fedora"): - topics.append(fedora) - if option in ("-e", "--epel"): - topics.append(epel) - if option in ("-r", "--rawhide"): - topics.append(rawhide) - if option in ("-b", "--branched"): - topics.append(branched) - if option in ("-s", "--secondary"): - topics.append(rawhide) - secondary = True - if option in ("-q", "--quiet"): - quiet = True - if option in ("-t", "--time"): - rawtime = True - if option in ("-d", "--delta"): - delta = argument - if option in ("-h"): - usage(); - sys.exit(0) - - - -def getKey(item): - return item[1] - -def create_url(url, topics, delta): - topic = "" - for i in topics: - topic += "&topic=%s" % i - return '%s?delta=%s%s' % (url, delta, topic) - -parse_args() - -if topics == []: - topics = [ fedora, epel, branched, rawhide ] - secondary = True - -i = 0 -data = None -while i < 5: - try: - data = requests.get(create_url(base_url, topics, delta), timeout=1).json() - break - except: - pass - -if not data: - sys.exit(1) - -repos = [] - -for i in range(0, data['count']): - try: - repo = "%s-%s" % (data['raw_messages'][i]['msg']['repo'], data['raw_messages'][i]['msg']['release']) - except: - # the rawhide and branch sync message has no repo information - arch = data['raw_messages'][i]['msg']['arch'] - if arch == '': - arch = 'primary' - elif not secondary: - continue - repo = "%s-%s" % (data['raw_messages'][i]['msg']['branch'], arch) - - repos.append([repo, data['raw_messages'][i]['timestamp']]) - -if quiet == False: - for repo, timestamp in sorted(repos, key=getKey): - if rawtime == True: - # this is useful if you want to compare the timestamp in seconds versus string - print "%s: %s" % (repo, timestamp) - else: - print "%s: %s" % (repo, time.strftime("%a, %d %b %Y %H:%M:%S +0000", time.gmtime(timestamp))) - -if data['count'] > 0: - sys.exit(0) -else: - sys.exit(1) diff --git a/files/download/sync-up-centos.sh.cc-rdu01 b/files/download/sync-up-centos.sh.cc-rdu01 deleted file mode 100644 index 380f54671c..0000000000 --- a/files/download/sync-up-centos.sh.cc-rdu01 +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash - -## -## This script is used to sync data from main download servers to -## secondary server at RDU community cage. -## - -RSYNC='/usr/bin/rsync' -RS_OPT="-avSHP --numeric-ids --log-file=/var/log/rsync-update.log" -RS_DEADLY="--delete --delete-excluded --delete-delay --delay-updates" -EPL_EXCLUDES="" -FED_EXCLUDES="" - -# CentOS -${RSYNC} ${RS_OPT} ${RS_DEADLY} master-1.centos.org::CentOS-community-cage/centos/ /srv/centos/ | tail -n2 | logger -p local0.notice -t rsync_centos -if [[ $? -ne 0 ]]; then - echo "Unable to finish sync to CentOS" -fi -# CentOS-altarch -${RSYNC} ${RS_OPT} ${RS_DEADLY} master-1.centos.org::CentOS-community-cage/altarch/ /srv/centos-altarch/ | tail -n2 | logger -p local0.notice -t rsync_centos_alt -if [[ $? -ne 0 ]]; then - echo "Unable to finish sync to CentOS-altarch" -fi - -${RSYNC} ${RS_OPT} ${RS_DEADLY} rsync.stream.centos.org::CentOS-Stream-All/ /srv/centos-stream/ | tail -n2 | logger -p local0.notice -t rsync_centos_stream -if [[ $? -ne 0 ]]; then - echo "Unable to finish sync to CentOS-stream" -fi diff --git a/files/download/sync-up-centos.sh.ib01 b/files/download/sync-up-centos.sh.ib01 deleted file mode 100644 index b824e082fe..0000000000 --- a/files/download/sync-up-centos.sh.ib01 +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash - -## -## This script is used to sync data from main download servers to -## secondary server at ibiblio. -## - -RSYNC='/usr/bin/rsync' -RS_OPT="-avSHP --numeric-ids --log-file=/var/log/rsync-update.log" -RS_DEADLY="--delete --delete-excluded --delete-delay --delay-updates" -EPL_EXCLUDES="" -FED_EXCLUDES="" - -# CentOS -${RSYNC} ${RS_OPT} ${RS_DEADLY} download-cc-rdu01.fedoraproject.org::centos/ /srv/centos/ | tail -n2 | logger -p local0.notice -t rsync_centos -if [[ $? -ne 0 ]]; then - echo "Unable to finish sync to CentOS" -fi -# CentOS-altarch -${RSYNC} ${RS_OPT} ${RS_DEADLY} download-cc-rdu01.fedoraproject.org::centos-altarch/ /srv/centos-altarch/ | tail -n2 | logger -p local0.notice -t rsync_centos_alt -if [[ $? -ne 0 ]]; then - echo "Unable to finish sync to CentOS-altarch" -fi - -${RSYNC} ${RS_OPT} ${RS_DEADLY} rsync.stream.centos.org::CentOS-Stream-All/ /srv/centos-stream/ | tail -n2 | logger -p local0.notice -t rsync_centos_stream -if [[ $? -ne 0 ]]; then - echo "Unable to finish sync to CentOS-stream" -fi diff --git a/files/download/sync-up-downloads.sh b/files/download/sync-up-downloads.sh index b1517a13d2..22128cc3b7 100755 --- a/files/download/sync-up-downloads.sh +++ b/files/download/sync-up-downloads.sh @@ -8,7 +8,7 @@ RSYNC='/usr/bin/rsync' RS_OPT="-avSHP --numeric-ids" RS_DEADLY="--delete --delete-excluded --delete-delay --delay-updates" -ALT_EXCLUDES="--exclude deltaisos/archive --exclude 22_Alpha* --exclude 22_Beta*" +ALT_EXCLUDES="--exclude deltaisos/archive" EPL_EXCLUDES="" FED_EXCLUDES="" diff --git a/files/download/sync-up-downloads.sh.cc-rdu01 b/files/download/sync-up-downloads.sh.cc-rdu01 deleted file mode 100755 index a95b2dce83..0000000000 --- a/files/download/sync-up-downloads.sh.cc-rdu01 +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash - -## -## This script is used to sync data from main download servers to -## secondary server at RDU community cage. -## - -RSYNC='/usr/bin/rsync' -RS_OPT="-avSHP --numeric-ids --log-file=/var/log/rsync-update.log" -RS_DEADLY="--delete --delete-excluded --delete-delay --delay-updates" -EPL_EXCLUDES="" -FED_EXCLUDES="" - -SERVER=download-ib01.fedoraproject.org - -# http://dl.fedoraproject.org/pub/epel/ -${RSYNC} ${RS_OPT} ${RS_DEADLY} ${EPL_EXCLUDES} ${SERVER}::fedora-epel/ /srv/pub/epel/ | tail -n2 | logger -p local0.notice -t rsync_updates_epel -if [[ $? -ne 0 ]]; then - echo "Unable to finish sync to epel" -fi - -# http://dl.fedoraproject.org/pub/fedora/ -${RSYNC} ${RS_OPT} ${RS_DEADLY} ${FED_EXCLUDES} ${SERVER}::fedora-enchilada0/ /srv/pub/fedora/ | tail -n2 | logger -p local0.notice -t rsync_updates_fedora -if [[ $? -ne 0 ]]; then - echo "Unable to finish sync to fedora" -fi -# http://dl.fedoraproject.org/pub/fedora-secondary/ -${RSYNC} ${RS_OPT} ${RS_DEADLY} ${FED_EXCLUDES} ${SERVER}::fedora-secondary0/ /srv/pub/fedora-secondary/ | tail -n2 | logger -p local0.notice -t rsync_updates_fedora_2nd -if [[ $? -ne 0 ]]; then - echo "Unable to finish sync to fedora-secondary" -fi - - -# Let MM know I'm all up to date -#/usr/bin/report_mirror diff --git a/files/download/sync-up-downloads.sh.ib01 b/files/download/sync-up-downloads.sh.ib01 deleted file mode 100755 index fa2c3e64cc..0000000000 --- a/files/download/sync-up-downloads.sh.ib01 +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash - -## -## This script is used to sync data from main download servers to -## secondary server at ibiblio. -## - -RSYNC='/usr/bin/rsync' -RS_OPT="-avSHP --numeric-ids" -RS_DEADLY="--delete --delete-excluded --delete-delay --delay-updates" -ALT_EXCLUDES="" -EPL_EXCLUDES="" -FED_EXCLUDES="" - -DATE_EPEL='/root/last-epel-sync' -DATE_FED='/root/last-fed-sync' -DATE_ARCHIVE='/root/last-archive-sync' -DATE_ALT='/root/last-alt-sync' -DATE_SECOND='/root/last-second-sync' - -for i in ${DATE_EPEL} ${DATE_FED} ${DATE_ARCHIVE} ${DATE_ALT} ${DATE_SECOND}; do - touch ${i} -done - -LAST_SYNC='/usr/local/bin/last-sync' - -SERVER=dl.fedoraproject.org - -function sync_stuff() { - if [[ $# -ne 5 ]]; then - echo "Illegal number of arguments to sync_stuff: " $# - exit 1 - fi - DATE_FILE=$1 - LOGGER_NAME=$2 - RSYNC_FROM=$3 - RSYNC_TO=$4 - FLAG="$5" - - CURDATE=$( date +%s ) - if [[ -s ${DATE_FILE} ]]; then - LASTRUN=$( cat ${DATE_FILE} | awk '{print int($NF)}' ) - else - LASTRUN=$( date +%s --date="Jan 1 00:00:00 UTC 2007" ) - fi - DELTA=`echo ${CURDATE}-${LASTRUN} | bc` - - ${LAST_SYNC} -d ${DELTA} -q ${FLAG} - - if [ "$?" -eq "0" ]; then - ${RSYNC} ${RS_OPT} ${RS_DEADLY} ${ALT_EXCLUDES} ${SERVER}::${RSYNC_FROM} ${RSYNC_TO} | tail -n2 | logger -p local0.notice -t ${LOGGER_NAME} - echo ${CURDATE} > ${DATE_FILE} - else - logger -p local0.notice -t ${LOGGER_NAME} "No change found. Not syncing" - fi -} - -sync_stuff ${DATE_EPEL} rsync_epel fedora-epel0 /srv/pub/epel/ "-e" -sync_stuff ${DATE_FED} rsync_fedora fedora-enchilada0 /srv/pub/fedora/ "-f" -sync_stuff ${DATE_ARCHIVE} rsync_archive fedora-archive0 /srv/pub/archive/ "-f" -sync_stuff ${DATE_ALT} rsync_alt fedora-alt0 /srv/pub/alt/ "-f" -sync_stuff ${DATE_SECOND} rsync_second fedora-secondary0 /srv/pub/fedora-secondary/ "-f" - - -# Let MM know I'm all up to date -#/usr/bin/report_mirror diff --git a/files/download/sync-up-other.sh.ib01 b/files/download/sync-up-other.sh.ib01 deleted file mode 100755 index 5c47129839..0000000000 --- a/files/download/sync-up-other.sh.ib01 +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash - -## -## This script is used to sync data from main download servers to -## secondary server at ibiblio. -## - -RSYNC='/usr/bin/rsync' -RS_OPT="-avSHP --numeric-ids" -RS_DEADLY="--delete --delete-excluded --delete-delay --delay-updates" -ALT_EXCLUDES="" -EPL_EXCLUDES="" -FED_EXCLUDES="" - -LAST_SYNC='/usr/local/bin/last-sync' - -SERVER=dl.fedoraproject.org - -# Alt -${RSYNC} ${RS_OPT} ${RS_DEADLY} ${ALT_EXCLUDES} ${SERVER}::fedora-alt0/ /srv/pub/alt/ | tail -n2 | logger -p local0.notice -t rsync_alt -# Secondary -${RSYNC} ${RS_OPT} ${RS_DEADLY} ${ALT_EXCLUDES} ${SERVER}::fedora-secondary/ /srv/pub/fedora-secondary/ | tail -n2 | logger -p local0.notice -t rsync_2nd -# Archives -${RSYNC} ${RS_OPT} ${RS_DEADLY} ${ALT_EXCLUDES} ${SERVER}::fedora-archive/ /srv/pub/archive/ | tail -n2 | logger -p local0.notice -t rsync_archive - - -# Let MM know I'm all up to date -#/usr/bin/report_mirror diff --git a/files/gnome/backup.sh b/files/gnome/backup.sh new file mode 100644 index 0000000000..635d2bd77b --- /dev/null +++ b/files/gnome/backup.sh @@ -0,0 +1,40 @@ +#!/bin/bash +# backup.sh will run FROM backup03 TO the various GNOME boxes on the set. (there's two set +# of machines, one being the ones with a public IP and the others being the IP-less ones that +# will forward their agent through bastion.gnome.org) + +export PATH=$PATH:/bin:/usr/bin:/usr/local/bin + +MACHINES='signal.gnome.org + webapps2.gnome.org + clutter.gnome.org + blogs.gnome.org + chooser.gnome.org + git.gnome.org + webapps.gnome.org + socket.gnome.org + bugzilla-web.gnome.org + progress.gnome.org + clipboard.gnome.org + cloud-ssh.gnome.org + bastion.gnome.org + spinner.gnome.org + master.gnome.org + combobox.gnome.org + restaurant.gnome.org + expander.gnome.org + live.gnome.org + extensions.gnome.org + view.gnome.org + puppet.gnome.org + accelerator.gnome.org + range.gnome.org + pentagon.gimp.org' + +BACKUP_DIR='/fedora_backups/gnome/' +LOGS_DIR='/fedora_backups/gnome/logs' + +for MACHINE in $MACHINES; do + rsync -avz -e 'ssh -F /usr/local/etc/gnome_ssh_config' --bwlimit=2000 $MACHINE:/etc/rsyncd/backup.exclude $BACKUP_DIR/excludes/$MACHINE.exclude + rdiff-backup --remote-schema 'ssh -F /usr/local/etc/gnome_ssh_config %s rdiff-backup --server' --print-statistics --exclude-device-files --exclude /selinux --exclude /sys --exclude /proc --exclude-globbing-filelist $BACKUP_DIR/excludes/$MACHINE.exclude $MACHINE::/ $BACKUP_DIR/$MACHINE/ | mail -s "Daily backup: $MACHINE" backups@gnome.org +done diff --git a/files/gnome/ssh_config b/files/gnome/ssh_config new file mode 100644 index 0000000000..c46ffa013e --- /dev/null +++ b/files/gnome/ssh_config @@ -0,0 +1,8 @@ +Host live.gnome.org extensions.gnome.org puppet.gnome.org view.gnome.org drawable.gnome.org + User root + IdentityFile /usr/local/etc/gnome_backup_id.rsa + ProxyCommand ssh -W %h:%p bastion.gnome.org -F /usr/local/etc/gnome_ssh_config + +Host *.gnome.org pentagon.gimp.org + User root + IdentityFile /usr/local/etc/gnome_backup_id.rsa diff --git a/files/hotfix/httpd/httpd.sysconfig.el7 b/files/hotfix/httpd/httpd.sysconfig.el7 deleted file mode 100644 index 25ee7cee37..0000000000 --- a/files/hotfix/httpd/httpd.sysconfig.el7 +++ /dev/null @@ -1,2 +0,0 @@ -export OPENSSL_NO_DEFAULT_ZLIB=1 -export PYTHONHASHSEED=random diff --git a/files/hotfix/mailman3/mailman3-broken-unicode-emails.patch b/files/hotfix/mailman3/mailman3-broken-unicode-emails.patch deleted file mode 100644 index 3065157385..0000000000 --- a/files/hotfix/mailman3/mailman3-broken-unicode-emails.patch +++ /dev/null @@ -1,19 +0,0 @@ ---- a/src/mailman/email/message.py -+++ b/src/mailman/email/message.py -@@ -47,6 +47,16 @@ class Message(email.message.Message): - def __setstate__(self, values): - self.__dict__ = values - -+ def as_string(self): -+ # Work around for https://bugs.python.org/issue27321 and -+ # https://bugs.python.org/issue32330. -+ try: -+ value = email.message.Message.as_string(self) -+ except (KeyError, UnicodeEncodeError): -+ value = email.message.Message.as_bytes(self).decode( -+ 'ascii', 'replace') -+ return value -+ - @property - def sender(self): - """The address considered to be the author of the email. diff --git a/files/hotfix/python-openid/fetchers.py b/files/hotfix/python-openid/fetchers.py new file mode 100644 index 0000000000..bdacfb9410 --- /dev/null +++ b/files/hotfix/python-openid/fetchers.py @@ -0,0 +1,430 @@ +# -*- test-case-name: openid.test.test_fetchers -*- +""" +This module contains the HTTP fetcher interface and several implementations. +""" + +__all__ = ['fetch', 'getDefaultFetcher', 'setDefaultFetcher', 'HTTPResponse', + 'HTTPFetcher', 'createHTTPFetcher', 'HTTPFetchingError', + 'HTTPError'] + +import urllib2 +import time +import cStringIO +import sys + +import openid +import openid.urinorm + +# Try to import httplib2 for caching support +# http://bitworking.org/projects/httplib2/ +try: + import httplib2 +except ImportError: + # httplib2 not available + httplib2 = None + +# try to import pycurl, which will let us use CurlHTTPFetcher +try: + import pycurl +except ImportError: + pycurl = None + +USER_AGENT = "python-openid/%s (%s)" % (openid.__version__, sys.platform) +MAX_RESPONSE_KB = 1024 + +def fetch(url, body=None, headers=None): + """Invoke the fetch method on the default fetcher. Most users + should need only this method. + + @raises Exception: any exceptions that may be raised by the default fetcher + """ + fetcher = getDefaultFetcher() + return fetcher.fetch(url, body, headers) + +def createHTTPFetcher(): + """Create a default HTTP fetcher instance + + prefers Curl to urllib2.""" + if pycurl is None: + fetcher = Urllib2Fetcher() + else: + fetcher = CurlHTTPFetcher() + + return fetcher + +# Contains the currently set HTTP fetcher. If it is set to None, the +# library will call createHTTPFetcher() to set it. Do not access this +# variable outside of this module. +_default_fetcher = None + +def getDefaultFetcher(): + """Return the default fetcher instance + if no fetcher has been set, it will create a default fetcher. + + @return: the default fetcher + @rtype: HTTPFetcher + """ + global _default_fetcher + + if _default_fetcher is None: + setDefaultFetcher(createHTTPFetcher()) + + return _default_fetcher + +def setDefaultFetcher(fetcher, wrap_exceptions=True): + """Set the default fetcher + + @param fetcher: The fetcher to use as the default HTTP fetcher + @type fetcher: HTTPFetcher + + @param wrap_exceptions: Whether to wrap exceptions thrown by the + fetcher wil HTTPFetchingError so that they may be caught + easier. By default, exceptions will be wrapped. In general, + unwrapped fetchers are useful for debugging of fetching errors + or if your fetcher raises well-known exceptions that you would + like to catch. + @type wrap_exceptions: bool + """ + global _default_fetcher + if fetcher is None or not wrap_exceptions: + _default_fetcher = fetcher + else: + _default_fetcher = ExceptionWrappingFetcher(fetcher) + +def usingCurl(): + """Whether the currently set HTTP fetcher is a Curl HTTP fetcher.""" + fetcher = getDefaultFetcher() + if isinstance(fetcher, ExceptionWrappingFetcher): + fetcher = fetcher.fetcher + return isinstance(fetcher, CurlHTTPFetcher) + +class HTTPResponse(object): + """XXX document attributes""" + headers = None + status = None + body = None + final_url = None + + def __init__(self, final_url=None, status=None, headers=None, body=None): + self.final_url = final_url + self.status = status + self.headers = headers + self.body = body + + def __repr__(self): + return "<%s status %s for %s>" % (self.__class__.__name__, + self.status, + self.final_url) + +class HTTPFetcher(object): + """ + This class is the interface for openid HTTP fetchers. This + interface is only important if you need to write a new fetcher for + some reason. + """ + + def fetch(self, url, body=None, headers=None): + """ + This performs an HTTP POST or GET, following redirects along + the way. If a body is specified, then the request will be a + POST. Otherwise, it will be a GET. + + + @param headers: HTTP headers to include with the request + @type headers: {str:str} + + @return: An object representing the server's HTTP response. If + there are network or protocol errors, an exception will be + raised. HTTP error responses, like 404 or 500, do not + cause exceptions. + + @rtype: L{HTTPResponse} + + @raise Exception: Different implementations will raise + different errors based on the underlying HTTP library. + """ + raise NotImplementedError + +def _allowedURL(url): + return url.startswith('http://') or url.startswith('https://') + +class HTTPFetchingError(Exception): + """Exception that is wrapped around all exceptions that are raised + by the underlying fetcher when using the ExceptionWrappingFetcher + + @ivar why: The exception that caused this exception + """ + def __init__(self, why=None): + Exception.__init__(self, why) + self.why = why + +class ExceptionWrappingFetcher(HTTPFetcher): + """Fetcher that wraps another fetcher, causing all exceptions + + @cvar uncaught_exceptions: Exceptions that should be exposed to the + user if they are raised by the fetch call + """ + + uncaught_exceptions = (SystemExit, KeyboardInterrupt, MemoryError) + + def __init__(self, fetcher): + self.fetcher = fetcher + + def fetch(self, *args, **kwargs): + try: + return self.fetcher.fetch(*args, **kwargs) + except self.uncaught_exceptions: + raise + except: + exc_cls, exc_inst = sys.exc_info()[:2] + if exc_inst is None: + # string exceptions + exc_inst = exc_cls + + raise HTTPFetchingError(why=exc_inst) + +class Urllib2Fetcher(HTTPFetcher): + """An C{L{HTTPFetcher}} that uses urllib2. + """ + + # Parameterized for the benefit of testing frameworks, see + # http://trac.openidenabled.com/trac/ticket/85 + urlopen = staticmethod(urllib2.urlopen) + + def fetch(self, url, body=None, headers=None): + if not _allowedURL(url): + raise ValueError('Bad URL scheme: %r' % (url,)) + + if headers is None: + headers = {} + + headers.setdefault( + 'User-Agent', + "%s Python-urllib/%s" % (USER_AGENT, urllib2.__version__,)) + + req = urllib2.Request(url, data=body, headers=headers) + try: + f = self.urlopen(req) + try: + return self._makeResponse(f) + finally: + f.close() + except urllib2.HTTPError, why: + try: + return self._makeResponse(why) + finally: + why.close() + + def _makeResponse(self, urllib2_response): + resp = HTTPResponse() + resp.body = urllib2_response.read(MAX_RESPONSE_KB * 1024) + resp.final_url = urllib2_response.geturl() + resp.headers = dict(urllib2_response.info().items()) + + if hasattr(urllib2_response, 'code'): + resp.status = urllib2_response.code + else: + resp.status = 200 + + return resp + +class HTTPError(HTTPFetchingError): + """ + This exception is raised by the C{L{CurlHTTPFetcher}} when it + encounters an exceptional situation fetching a URL. + """ + pass + +# XXX: define what we mean by paranoid, and make sure it is. +class CurlHTTPFetcher(HTTPFetcher): + """ + An C{L{HTTPFetcher}} that uses pycurl for fetching. + See U{http://pycurl.sourceforge.net/}. + """ + ALLOWED_TIME = 20 # seconds + + def __init__(self): + HTTPFetcher.__init__(self) + if pycurl is None: + raise RuntimeError('Cannot find pycurl library') + + def _parseHeaders(self, header_file): + header_file.seek(0) + + # Remove the status line from the beginning of the input + unused_http_status_line = header_file.readline().lower () + while unused_http_status_line.lower().startswith('http/1.1 1'): + unused_http_status_line = header_file.readline() + unused_http_status_line = header_file.readline() + + lines = [line.strip() for line in header_file] + + # and the blank line from the end + empty_line = lines.pop() + if empty_line: + raise HTTPError("No blank line at end of headers: %r" % (line,)) + + headers = {} + for line in lines: + try: + name, value = line.split(':', 1) + except ValueError: + raise HTTPError( + "Malformed HTTP header line in response: %r" % (line,)) + + value = value.strip() + + # HTTP headers are case-insensitive + name = name.lower() + headers[name] = value + + return headers + + def _checkURL(self, url): + # XXX: document that this can be overridden to match desired policy + # XXX: make sure url is well-formed and routeable + return _allowedURL(url) + + def fetch(self, url, body=None, headers=None): + stop = int(time.time()) + self.ALLOWED_TIME + off = self.ALLOWED_TIME + + if headers is None: + headers = {} + + headers.setdefault('User-Agent', + "%s %s" % (USER_AGENT, pycurl.version,)) + + header_list = [] + if headers is not None: + for header_name, header_value in headers.iteritems(): + header_list.append('%s: %s' % (header_name, header_value)) + + c = pycurl.Curl() + try: + c.setopt(pycurl.NOSIGNAL, 1) + + if header_list: + c.setopt(pycurl.HTTPHEADER, header_list) + + # Presence of a body indicates that we should do a POST + if body is not None: + c.setopt(pycurl.POST, 1) + c.setopt(pycurl.POSTFIELDS, body) + + while off > 0: + if not self._checkURL(url): + raise HTTPError("Fetching URL not allowed: %r" % (url,)) + + data = cStringIO.StringIO() + def write_data(chunk): + if data.tell() > 1024*MAX_RESPONSE_KB: + return 0 + else: + return data.write(chunk) + + response_header_data = cStringIO.StringIO() + c.setopt(pycurl.WRITEFUNCTION, write_data) + c.setopt(pycurl.HEADERFUNCTION, response_header_data.write) + c.setopt(pycurl.TIMEOUT, off) + c.setopt(pycurl.URL, openid.urinorm.urinorm(url)) + + c.perform() + + response_headers = self._parseHeaders(response_header_data) + code = c.getinfo(pycurl.RESPONSE_CODE) + if code in [301, 302, 303, 307]: + url = response_headers.get('location') + if url is None: + raise HTTPError( + 'Redirect (%s) returned without a location' % code) + + # Redirects are always GETs + c.setopt(pycurl.POST, 0) + + # There is no way to reset POSTFIELDS to empty and + # reuse the connection, but we only use it once. + else: + resp = HTTPResponse() + resp.headers = response_headers + resp.status = code + resp.final_url = url + resp.body = data.getvalue() + return resp + + off = stop - int(time.time()) + + raise HTTPError("Timed out fetching: %r" % (url,)) + finally: + c.close() + +class HTTPLib2Fetcher(HTTPFetcher): + """A fetcher that uses C{httplib2} for performing HTTP + requests. This implementation supports HTTP caching. + + @see: http://bitworking.org/projects/httplib2/ + """ + + def __init__(self, cache=None): + """@param cache: An object suitable for use as an C{httplib2} + cache. If a string is passed, it is assumed to be a + directory name. + """ + if httplib2 is None: + raise RuntimeError('Cannot find httplib2 library. ' + 'See http://bitworking.org/projects/httplib2/') + + super(HTTPLib2Fetcher, self).__init__() + + # An instance of the httplib2 object that performs HTTP requests + self.httplib2 = httplib2.Http(cache) + + # We want httplib2 to raise exceptions for errors, just like + # the other fetchers. + self.httplib2.force_exception_to_status_code = False + + def fetch(self, url, body=None, headers=None): + """Perform an HTTP request + + @raises Exception: Any exception that can be raised by httplib2 + + @see: C{L{HTTPFetcher.fetch}} + """ + if body: + method = 'POST' + else: + method = 'GET' + + if headers is None: + headers = {} + + # httplib2 doesn't check to make sure that the URL's scheme is + # 'http' so we do it here. + if not (url.startswith('http://') or url.startswith('https://')): + raise ValueError('URL is not a HTTP URL: %r' % (url,)) + + httplib2_response, content = self.httplib2.request( + url, method, body=body, headers=headers) + + # Translate the httplib2 response to our HTTP response abstraction + + # When a 400 is returned, there is no "content-location" + # header set. This seems like a bug to me. I can't think of a + # case where we really care about the final URL when it is an + # error response, but being careful about it can't hurt. + try: + final_url = httplib2_response['content-location'] + except KeyError: + # We're assuming that no redirects occurred + assert not httplib2_response.previous + + # And this should never happen for a successful response + assert httplib2_response.status != 200 + final_url = url + + return HTTPResponse( + body=content, + final_url=final_url, + headers=dict(httplib2_response.items()), + status=httplib2_response.status, + ) diff --git a/files/httpd/apachestatus.conf b/files/httpd/apachestatus.conf index cfd499349f..747fb1a32e 100644 --- a/files/httpd/apachestatus.conf +++ b/files/httpd/apachestatus.conf @@ -2,13 +2,4 @@ ExtendedStatus on SetHandler server-status - - # Apache 2.4 - - Require ip 127.0.0.1 - Require ip ::1 - Require host localhost - Require valid-user - - diff --git a/files/httpd/fedorahosted-redirects.conf b/files/httpd/fedorahosted-redirects.conf deleted file mode 100644 index 239930bd88..0000000000 --- a/files/httpd/fedorahosted-redirects.conf +++ /dev/null @@ -1,252 +0,0 @@ -RewriteEngine On - -RewriteRule ^/fedora-commops/ticket/(.*) https://pagure.io/fedora-commops/issue/$1 [R=301] -RewriteRule ^/fedora-commops/report https://pagure.io/fedora-commops/issues [R=301] -RewriteRule ^/fedora-commops https://pagure.io/fedora-commops/ [R=301] - -RewriteRule ^/marketing-team/report https://pagure.io/fedora-marketing/issues [R=301] -RewriteRule ^/marketing-team/ticket/(.*) https://pagure.io/fedora-marketing/issue/$1 [R=301] -RewriteRule ^/marketing-team https://pagure.io/fedora-marketing [R=301] - -RewriteRule ^/fedora-project-schedule/report https://pagure.io/fedora-project-schedule/issues [R=301] -RewriteRule ^/fedora-project-schedule https://pagure.io/fedora-project-schedule [R=301] - -RewriteRule ^/firewalld https://github.com/t-woerner/firewalld [R=301] - -RewriteRule ^/fpaste https://pagure.io/fpaste [R=301] - -RewriteRule ^/rpmfluff https://pagure.io/rpmfluff [R=301] - -RewriteRule ^/weatheralert https://pagure.io/weatheralert [R=301] - -RewriteRule ^/create-tx-configuration https://pagure.io/create-tx-configuration [R=301] - -RewriteRule ^/fedora-magazine https://pagure.io/fedoramagazine-images [R=301] - -RewriteRule ^/newt https://pagure.io/newt [R=301] -RewriteRule ^/releases/n/e/newt/(.*) https://pagure.io/releases/newt/$1 [R=301] -RewriteRule ^/releases/n/e/newt https://pagure.io/releases/newt [R=301] - -Rewriterule ^/cloud/report https://pagure.io/atomic-wg/issues [R=301] -Rewriterule ^/cloud/ticket/(.*) https://pagure.io/atomic-wg/issue/$1 [R=301] -Rewriterule ^/cloud https://pagure.io/atomic-wg [R=301] - -RewriteRule ^/imapsync https://pagure.io/imapsync [R=301] -RewriteRule ^/releases/i/m/imapsync/(.*) https://pagure.io/releases/imapsync/$1 [R=301] -RewriteRule ^/releases/i/m/imapsync https://pagure.io/releases/imapsync [R=301] -RewriteRule ^/released/i/m/imapsync/(.*) https://pagure.io/releases/imapsync/$1 [R=301] -RewriteRule ^/released/i/m/imapsync https://pagure.io/releases/imapsync [R=301] -RewriteRule ^/released/imapsync https://pagure.io/releases/imapsync [R=301] - -RewriteRule ^/fedora-infrastructure/report https://pagure.io/fedora-infrastructure/issues [R=301] -RewriteRule ^/fedora-infrastructure/ticket/(.*) https://pagure.io/fedora-infrastructure/issue/$1 [R=301] -RewriteRule ^/fedora-infrastructure https://pagure.io/fedora-infrastructure [R=301] - -RewriteRule ^/fesco/report https://pagure.io/fesco/issues [R=301] -RewriteRule ^/fesco/ticket/(.*) https://pagure.io/fesco/issue/$1 [R=301] -RewriteRule ^/fesco https://pagure.io/fesco [R=301] - -Rewriterule ^/fedora-packager/report https://pagure.io/fedora-packager/issues [R=301] -RewriteRule ^/fedora-packager/ticket/(.*) https://pagure.io/fedora-packager/issue/$1 [R=301] -Rewriterule ^/fedora-packager https://pagure.io/fedora-packager [R=301] - -RewriteRule ^/rpkg/report https://pagure.io/rpkg/issues [R=301] -RewriteRule ^/rpkg/ticket/(.*) https://pagure.io/rpkg/issue/$1 [R=301] -RewriteRule ^/rpkg https://pagure.io/rpkg [R=301] - -RewriteRule ^/fedpkg/report https://pagure.io/fedpkg/issues [R=301] -Rewriterule ^/fedpkg/ticket/(.*) https://pagure.io/fedpkg/issue/$1 [R=301] -Rewriterule ^/fedpkg https://pagure.io/fedpkg [R=301] - -RewriteRule ^/ELAPI/report https://pagure.io/ELAPI/issues [R=301] -RewriteRule ^/ELAPI/ticket/(.*) https://pagure.io/ELAPI/issue/$1 [R=301] -RewriteRule ^/ELAPI https://pagure.io/ELAPI [R=301] - -RewriteRule ^/irc-support-sig/report https://pagure.io/irc-support-sig/issues [R=301] -Rewriterule ^/irc-support-sig/ticket/(.*) https://pagure.io/irc-support-sig/issue/$1 [R=301] -RewriteRule ^/irc-support-sig https://pagure.io/irc-support-sig [R=301] - -RewriteRule ^/packager-sponsors/report https://pagure.io/packager-sponsors/issues [R=301] -Rewriterule ^/packager-sponsors/ticket/(.*) https://pagure.io/packager-sponsors/issue/$1 [R=301] -Rewriterule ^/packager-sponsors https://pagure.io/packager-sponsors [R=301] - -RewriteRule ^/epel/report https://pagure.io/epel/issues [R=301] -Rewriterule ^/epel/ticket/(.*) https://pagure.io/epel/issue/$1 [R=301] -RewriteRule ^/epel https://pagure.io/epel [R=301] - -RewriteRule ^/elfutils/wiki/(.*) https://sourceware.org/elfutils/$1 [R=301] -RewriteRule ^/elfutils https://sourceware.org/elfutils [R=301] -Rewriterule ^/releases/e/l/elfutils/(.*) https://sourceware.org/elfutils/ftp/$1 [R=301] - -RewriteRule ^/rpmdevtools/report https://pagure.io/rpmdevtools/issues [R=301] -RewriteRule ^/rpmdevtools/ticket/(.*) https://pagure.io/rpmdevtools/issue/$1 [R=301] -Rewriterule ^/rpmdevtools https://pagure.io/rpmdevtools [R=301] - -RewriteRule ^/fudcon-planning/report https://pagure.io/fudcon-planning/issues [R=301] -RewriteRule ^/fudcon-planning/ticket/(.*) https://pagure.io/fudcon-planning/issue/$1 [R=301] -Rewriterule ^/fudcon-planning https://pagure.io/fudcon-planning [R=301] - -RewriteRule ^/gfs2-utils/report https://pagure.io/gfs2-utils/issues [R=301] -RewriteRule ^/gfs2-utils/ticket/(.*) https://pagure.io/gfs2-utils/issue/$1 [R=301] -RewriteRule ^/gfs2-utils https://pagure.io/gfs2-utils [R=301] - -RewriteRule ^/elections/report https://pagure.io/elections/issues [R=301] -RewriteRule ^/elections/ticket/(.*) https://pagure.io/elections/issue/$1 [R=301] -RewriteRule ^/elections https://pagure.io/elections [R=301] - -RewriteRule ^/fedocal/report https://pagure.io/fedocal/issues [R=301] -RewriteRule ^/fedocal/ticket/(.*) https://pagure.io/fedocal/issue/$1 [R=301] -RewriteRule ^/fedocal https://pagure.io/fedocal [R=301] - -RewriteRule ^/FedoraReview/report https://pagure.io/FedoraReview/issues [R=301] -RewriteRule ^/FedoraReview/ticket/(.*) https://pagure.io/FedoraReview/issue/$1 [R=301] -RewriteRule ^/FedoraReview https://pagure.io/FedoraReview [R=301] - -RewriteRule ^/packagedb-cli/report https://pagure.io/pkgdb-cli/issues [R=301] -RewriteRule ^/packagedb-cli/ticket/(.*) https://pagure.io/pkgdb-cli/issue/$1 [R=301] -RewriteRule ^/packagedb-cli https://pagure.io/pkgdb-cli [R=301] - -RewriteRule ^/r2spec/report https://pagure.io/r2spec/issues [R=301] -RewriteRule ^/r2spec/ticket/(.*) https://pagure.io/r2spec/issue/$1 [R=301] -RewriteRule ^/r2spec https://pagure.io/r2spec [R=301] - -RewriteRule ^/pkgdb2/report https://pagure.io/pkgdb2/issues [R=301] -RewriteRule ^/pkgdb2/ticket/(.*) https://pagure.io/pkgdb2/issue/$1 [R=301] -RewriteRule ^/pkgdb2 https://pagure.io/pkgdb2/ [R=301] - -RewriteRule ^/tgcapcha22/report https://pagure.io/tgcapcha22/issues [R=301] -RewriteRule ^/tgcapcha22/ticket/(.*) https://pagure.io/tgcapcha22/issue/$1 [R=301] -RewriteRule ^/tgcapcha22 https://pagure.io/tgcapcha22 [R=301] - -RewriteRule ^/fedora-gather-easyfix/report https://pagure.io/fedora-gather-easyfi/issues [R=301] -RewriteRule ^/fedora-gather-easyfix/ticket/(.*) https://pagure.io/fedora-gather-easyfile/issue/$1 [R=301] -RewriteRule ^/fedora-gather-easyfix https://pagure.io/fedora-gather-easyfile [R=301] - -RewriteRule ^/389/report https://pagure.io/389-ds-base/issues [R=301] -RewriteRule ^/389/ticket/(.*) https://pagure.io/389-ds-base/issue/$1 [R=301] -RewriteRule ^/389 https:///pagure.io/389-ds-base [R=301] - -RewriteRule ^/ipsilon/report https://pagure.io/ipsilon/issues [R=301] -RewriteRule ^/ipsilon/ticket/(.*) https://pagure.io/ipsilon/issue/$1 [R=301] -RewriteRule ^/released/ipsilon/(.*) http://releases.pagure.org/ipsilon/$1 [R=301] -RewriteRule ^/released/ipsilon http://releases.pagure.org/ipsilon/ [R=301] -RedirectMatch ^/ipsilon https://pagure.io/ipsilon -RedirectMatch ^/ipsilon/ https://pagure.io/ipsilon/ - -RewriteRule ^/mod_nss/report https://pagure.io/mod_nss/issues [R=301] -Rewriterule ^/mod_nss/ticket/(.*) https://pagure.io/mod_nss/issue/$1 [R=301] -RewriteRule ^/mod_nss https:///pagure.io/mod_nss [R=301] - -RewriteRule ^/mod_revocator/report https://pagure.io/mod_revocator/issues [R=301] -RewriteRule ^/mod_revocator/ticket/(.*) https://pagure.io/mod_revocator/issue/$1 [R=301] -RewriteRule ^/mod_revocator https:///pagure.io/mod_revocator [R=301] - -RewriteRule ^/fpc/report https://pagure.io/packaging-committee/issues [R=301] -Rewriterule ^/fpc/ticket/(.*) https://pagure.io/packaging-committee/issue/$1 [R=301] -RewriteRule ^/fpc https:///pagure.io/packaging-committee [R=301] - -RewriteRule ^/certmonger/report https://pagure.io/certmonger/issues [R=301] -RewriteRule ^/certmonger/ticket/(.*) https://pagure.io/certmonger/issue/$1 [R=301] -RewriteRule ^/certmonger https:///pagure.io/certmonger [R=301] - -RewriteRule ^/publican https:///sourceware.org/publican [R=301] - -RewriteRule ^/fedora-apac/report https://pagure.io/ambassadors-apac/issues [R=301] -RewriteRule ^/fedora-apac/ticket/(.*) https://pagure.io/ambassadors-apac/issue/$1 [R=301] -Rewriterule ^/fedora-apac https:///pagure.io/ambassadors-apac [R=301] - -RewriteRule ^/sssd/report https://pagure.io/SSSD/sssd/issues [L,R] -RewriteRule ^/sssd/ticket/(.*) https://pagure.io/SSSD/sssd/issue/$1 [L,R] -RewriteRule ^/releases/s/s/sssd/(.*) https://releases.pagure.org/SSSD/sssd/$1 [L,R] -RewriteRule ^/releases/s/s/sssd https://releases.pagure.org/SSSD/sssd/ [L,R] -RewriteRule ^/released/sssd/(.*) https://releases.pagure.org/SSSD/sssd/$1 [L,R] -RewriteRule ^/released/sssd https://releases.pagure.org/SSSD/sssd/ [L,R] -#RewriteRule ^/sssd https://pagure.io/SSSD/sssd [L,R] -#RewriteRule ^/sssd/ https://pagure.io/SSSD/sssd/ [L,R] - -RewriteRule ^/freeipa/changeset/(.*) https://pagure.io/freeipa/c/$1 [L,R] -RewriteRule ^/freeipa/report https://pagure.io/freeipa/issues [L,R] -RewriteRule ^/freeipa/ticket/(.*) https://pagure.io/freeipa/issue/$1 [L,R] -RewriteRule ^/freeipa https://pagure.io/freeipa [L,R] -RewriteRule ^/freeipa/(.*) https://pagure.io/freeipa [L,R] - -RewriteRule ^/rel-eng/report https://pagure.io/releng/issues [R=301] -RewriteRule ^/rel-eng/ticket/(.*) https://pagure.io/releng/issue/$1 [R=301] -RewriteRule ^/rel-eng https://pagure.io/releng [R=301] - -RewriteRule ^/fedora-badges/report https://pagure.io/Fedora-Badges/issues [R=301] -RewriteRule ^/fedora-badges/ticket/(.*) https://pagure.io/Fedora-Badges/issue/$1 [R=301] -RewriteRule ^/fedora-badges https://pagure.io/Fedora-Badges [R=301] - -RewriteRule ^/bind-dyndb-ldap/wiki https://docs.pagure.org/bind-dyndb-ldap/ [R=301] -RewriteRule ^/bind-dyndb-ldap/wiki/ https://docs.pagure.org/bind-dyndb-ldap/ [R=301] -RewriteRule ^/bind-dyndb-ldap/wiki/(.*) https://docs.pagure.org/bind-dyndb-ldap/$1.html [R=301] -RewriteRule ^/bind-dyndb-ldap/wiki/(.*)/ https://docs.pagure.org/bind-dyndb-ldap/$1.html [R=301] -RewriteRule ^/bind-dyndb-ldap/report https://pagure.io/bind-dyndb-ldap/issues [R=301] -RewriteRule ^/bind-dyndb-ldap/ticket/(.*) https://pagure.io/bind-dyndb-ldap/issue/$1 [R=301] -RewriteRule ^/bind-dyndb-ldap/changeset/(.*) https://pagure.io/bind-dyndb-ldap/c/$1 [R=301] -RewriteRule ^/bind-dyndb-ldap https://pagure.io/bind-dyndb-ldap [R=301] -RewriteRule ^/released/bind-dyndb-ldap/(.*) https://releases.pagure.io/bind-dyndb-ldap [R=301] -RewriteRule ^/released/bind-dyndb-ldap https://releases.pagure.io/bind-dyndb-ldap [R=301] - -RewriteRule ^/released/ding-libs/(.*) https://releases.pagure.org/SSSD/ding-libs/$1 [R=301] -RewriteRule ^/released/ding-libs https://releases.pagure.org/SSSD/ding-libs/ [R=301] - -RewriteRule ^/webauthinfra/wiki/mod_lookup_identity https://www.adelton.com/apache/mod_lookup_identity/ [R] -RewriteRule ^/webauthinfra/wiki/mod_intercept_form_submit https://www.adelton.com/apache/mod_intercept_form_submit/ [R] -RewriteRule ^/webauthinfra/wiki/mod_authnz_pam https://www.adelton.com/apache/mod_authnz_pam/ [R] -RewriteRule ^/webauthinfra https://pagure.io/webauthinfra [R] - -RewriteRule ^/spacewalk/wiki/(.*) https://github.com/spacewalkproject/spacewalk/wiki/$1 [R] -RewriteRule ^/spacewalk/wiki https://github.com/spacewalkproject/spacewalk/wiki [R] -RewriteRule ^/spacewalk https://github.com/spacewalkproject/spacewalk [R] - -RewriteRule ^/famnarequests/report https://pagure.io/ambassadors-na/requests/issues [R=301] -RewriteRule ^/famnarequests/ticket/(.*) https://pagure.io/ambassadors-na/requests/issue/$1 [R=301] -RewriteRule ^/famnarequests https://pagure.io/ambassadors-na/requests [R=301] - -RewriteCond %{HTTP_HOST} ^fedorahosted.org [NC,OR] -RewriteCond %{REQUEST_URI} ^/released/javapackages/doc/(.*) -RewriteRule ^/released/javapackages/doc/(.*)$ https://fedora-java.github.io/howto/latest/$1 [L,R=301,NC] - -RewriteRule ^/liberation-fonts/report https://pagure.io/liberation-fonts/issues [L,R] -RewriteRule ^/liberation-fonts/ticket/(.*) https://pagure.io/liberation-fonts/issue/$1 [L,R] -RewriteRule ^/liberation-fonts/l/i/liberation-fonts/(.*) https://releases.pagure.org/liberation-fonts/$1 [L,R] -RewriteRule ^/liberation-fonts/l/i/liberation-fonts https://releases.pagure.org/liberation-fonts/ [L,R] -RewriteRule ^/liberation-fonts https://pagure.io/liberation-fonts [R=301] - -RewriteRule ^/lohit/report https://pagure.io/lohit/issues [L,R] -RewriteRule ^/lohit/ticket/(.*) https://pagure.io/lohit/issue/$1 [L,R] -RewriteRule ^/lohit/l/i/liberation-fonts/(.*) https://releases.pagure.org/lohit/$1 [L,R] -RewriteRule ^/lohit/l/i/liberation-fonts https://releases.pagure.org/lohit/ [L,R] -RewriteRule ^/lohit/ https://pagure.io/lohit [R=301] - -RewriteRule ^/aplaws/ https://aplaws.org/ [R=301] -RewriteRule ^/aplaws https://aplaws.org [R=301] - -RewriteRule ^/fedora-medical/report https://pagure.io/fedora-medical/issues [L,R] -RewriteRule ^/fedora-medical/ticket/(.*) https://pagure.io/fedora-medical/issue/$1 [L,R] -RewriteRule ^/fedora-medical/ https://pagure.io/fedora-medical [R=301] - -RewriteRule ^/libverto/ https://github.com/latchset/libverto/ [R=301] -RewriteRule ^/libverto https://github.com/latchset/libverto [R=301] - -RewriteRule ^/pki/report https://pagure.io/dogtagpki/issues [L,R] -RewriteRule ^/pki/ticket/(.*) https://pagure.io/dogtagpki/issue/$1 [L,R] -RewriteRule ^/pki/p/k/pki/(.*) https://releases.pagure.org/dogtagpki/$1 [L,R] -RewriteRule ^/pki/p/k/pki https://releases.pagure.org/dogtagpki/ [L,R] -RewriteRule ^/pki https://pagure.io/dogtagpki [R=301] - -RewriteRule ^/generic-logos/ https://pagure.io/generic-logos/ [R=301] -RewriteRule ^/generic-logos https://pagure.io/generic-logos/ [R=301] -RewriteRule ^/released/generic-logos/(.*) https://releases.pagure.org/generic-logos/$1 [R=301] -RewriteRule ^/released/generic-logos https://releases.pagure.org/generic-logos/ [R=301] - -RewriteRule ^/beakerlib/wiki/Manual https://github.com/beakerlib/beakerlib/wiki/man [R=301] -RewriteRule ^/beakerlib/wiki/(.*) https://github.com/beakerlib/beakerlib/wiki/$1 [R=301] -RewriteRule ^/beakerlib/(.*) https://github.com/beakerlib/beakerlib/ [R=301] - -# Ipsilon wiki is now moving content -ReWriteCond %{REQUEST_URI} !^/ipsilon/.* - -RewriteRule ^/.* https://fedoraproject.org/wiki/Infrastructure/Fedorahosted-retirement diff --git a/files/httpd/fpaste.org.conf b/files/httpd/fpaste.org.conf deleted file mode 100644 index b38b68995a..0000000000 --- a/files/httpd/fpaste.org.conf +++ /dev/null @@ -1,2 +0,0 @@ -RewriteEngine on -RewriteRule ^/\.well-known/(.*) /srv/web/acme-challenge/.well-known/$1 [L] diff --git a/files/httpd/git.fedorahosted-redirects.conf b/files/httpd/git.fedorahosted-redirects.conf deleted file mode 100644 index 7c1fd64829..0000000000 --- a/files/httpd/git.fedorahosted-redirects.conf +++ /dev/null @@ -1,49 +0,0 @@ -RewriteEngine on - -RewriteRule ^/git/ipsilon.git(.*)$ https://pagure.io/ipsilon.git$1 [L,R] -RewriteRule ^/git/rpkg.git(.*)$ https://pagure.io/rpkg.git$1 [L,R] -RewriteRule ^/git/weatheralert.git(.*)$ https://pagure.io/weatheralert.git$1 [L,R] -RewriteRule ^/git/create-tx-configuration.git(.*)$ https://pagure.io/create-tx-configuration.git$1 [L,R] -RewriteRule ^/git/kernel-tests.git(.*)$ https://pagure.io/kernel-tests.git$1 [L,R] -RewriteRule ^/git/elfutils.git$ https://sourceware.org/git/?p=elfutils.git;a=summary [L,R] - -RewriteRule ^/c*git/389/ds.git(.*)$ https://pagure.io/389-ds-base [L,R] -RewriteRule ^/c*git/389/lib389.git(.*)$ https://pagure.io/lib389 [L,R] -RewriteRule ^/c*git/389/console.git(.*)$ https://pagure.io/389-console [L,R] -RewriteRule ^/c*git/389/ds-console.git(.*)$ https://pagure.io/389-ds-console [L,R] -RewriteRule ^/c*git/389/dsgw.git(.*)$ https://pagure.io/389-dsgw [L,R] -RewriteRule ^/c*git/389/admin.git(.*)$ https://pagure.io/389-admin [L,R] -RewriteRule ^/c*git/389/adminutil.git(.*)$ https://pagure.io/389-adminutil [L,R] -RewriteRule ^/c*git/389/admin-console.git(.*)$ https://pagure.io/389-admin-console [L,R] - -RewriteRule ^/c*git/idm-console-framework.git(.*)$ https://pagure.io/idm-console-framework [L,R] -RewriteRule ^/c*git/gss-ntlmssp.git(.*)$ https://pagure.io/gssntlmssp [L,R] -RewriteRule ^/c*git/mod_nss.git(.*)$ https://pagure.io/mod_nss [L,R] -RewriteRule ^/c*git/freeipa.git(.*)$ https://pagure.io/freeipa [L,R] -RewriteRule ^/c*git/certmonger.git(.*)$ https://pagure.io/certmonger [L,R] - -RewriteCond %{REQUEST_URI} /cgit/sanlock\.git/commit/ -RewriteCond %{query_string} id=(.+)$ -RewriteRule ^/.*$ https://pagure.io/sanlock/c/%1 [R,L,NE] -RewriteRule ^/git/sanlock.git$ https://pagure.io/sanlock.git [L,R] - -RewriteCond %{REQUEST_URI} /cgit/dlm\.git/commit/ -RewriteCond %{query_string} id=(.+)$ -RewriteRule ^/.*$ https://pagure.io/dlm/c/%1 [R,L,NE] -RewriteRule ^/git/dlm.git(.*)$ https://pagure.io/dlm.git$1 [L,R] - -RewriteCond %{REQUEST_URI} /cgit/lvm2\.git/commit/ -RewriteCond %{query_string} id=(.+)$ -RewriteRule ^/.*$ https://sourceware.org/git/?p=lvm2.git;a=commitdiff;h=%1 [R,L,NE] -RewriteCond %{REQUEST_URI} /cgit/lvm2\.git/patch/ -RewriteCond %{query_string} id=(.+)$ -RewriteRule ^/.*$ https://sourceware.org/git/?p=lvm2.git;a=commitdiff;h=%1 [R,L,NE] -RewriteCond %{REQUEST_URI} /cgit/lvm2\.git(.*)$ -RewriteRule ^/.*$ https://sourceware.org/git/?p=lvm2.git [R,L,NE] -RewriteRule ^/git/lvm2.git https://sourceware.org/git/?p=lvm2.git [L,R] - -# redirect vdsm to ovirt git server - since ?p == querystring we have to match that sanely -RewriteCond %{QUERY_STRING} ^.*p=(.*vdsm\.git.*)$ -RewriteRule ^.*$ http://gerrit.ovirt.org/gitweb\?p=%1 [R,L,NE] - -RedirectMatch permanent ^/.* https://fedoraproject.org/wiki/Infrastructure/Fedorahosted-retirement diff --git a/files/httpd/h2.conf.j2 b/files/httpd/h2.conf.j2 deleted file mode 100644 index 2627ea8a32..0000000000 --- a/files/httpd/h2.conf.j2 +++ /dev/null @@ -1 +0,0 @@ -Protocols h2 {% if not inventory_hostname.startswith('proxy') %} h2c {% endif %} http/1.1 diff --git a/files/httpd/headers.conf.j2 b/files/httpd/headers.conf.j2 index 3fb1104608..a1525c20c4 100644 --- a/files/httpd/headers.conf.j2 +++ b/files/httpd/headers.conf.j2 @@ -1,13 +1,5 @@ -ServerTokens ProductOnly - Header set AppTime "%D" PassEnv HOSTNAME -{% if 'proxy' in inventory_hostname %} -Header set X-Fedora-ProxyServer "{{ inventory_hostname }}" -{% else %} -Header set X-Fedora-AppServer "{{ inventory_hostname }}" -{% endif %} -{% if inventory_hostname in groups['proxies'] and ansible_distribution == 'Fedora' %} +Header set AppServer "{{ inventory_hostname }}" + -ErrorDocument 421 "You have hit an incorrect proxy for a Fedora Project website due to a bug in Firefox. Please refresh" -{% endif %} diff --git a/files/httpd/httpd.logrotate b/files/httpd/httpd.logrotate new file mode 100644 index 0000000000..171befe580 --- /dev/null +++ b/files/httpd/httpd.logrotate @@ -0,0 +1,13 @@ +/var/log/httpd/*log { + daily + rotate 7 + missingok + ifempty + compress + compresscmd /usr/bin/xz + uncompresscmd /usr/bin/xz + compressext .xz + dateext + sharedscripts + copytruncate +} diff --git a/files/httpd/httpd.logrotate.j2 b/files/httpd/httpd.logrotate.j2 deleted file mode 100644 index 2a0dad210c..0000000000 --- a/files/httpd/httpd.logrotate.j2 +++ /dev/null @@ -1,17 +0,0 @@ -/var/log/httpd/*log -{% if ansible_hostname.startswith("kojipkgs") %} -/var/log/httpd/*.log.????-??-?? -{% endif %} -{ - daily - rotate 7 - missingok - ifempty - compress - compresscmd /usr/bin/xz - uncompresscmd /usr/bin/xz - compressext .xz - dateext - sharedscripts - copytruncate -} diff --git a/files/httpd/newvirtualhost.conf.j2 b/files/httpd/newvirtualhost.conf.j2 deleted file mode 100644 index a00dd53db6..0000000000 --- a/files/httpd/newvirtualhost.conf.j2 +++ /dev/null @@ -1,74 +0,0 @@ - - # Change this to the domain which points to your host. - ServerName {{ item.name }} - - # Use separate log files for the SSL virtual host; note that LogLevel - # is not inherited from httpd.conf. - ErrorLog logs/{{ item.name }}_error_log - TransferLog logs/{{ item.name }}_access_log - LogLevel warn - - # SSL Engine Switch: - # Enable/Disable SSL for this virtual host. - SSLEngine on - - # SSL Protocol support: - # List the enable protocol levels with which clients will be able to - # connect. Disable SSLv2 access by default: - SSLProtocol {{ ssl_protocols }} - - # SSL Cipher Suite: - # List the ciphers that the client is permitted to negotiate. - # See the mod_ssl documentation for a complete list. - SSLCipherSuite {{ ssl_ciphers }} - - # Server Certificate: - # Point SSLCertificateFile at a PEM encoded certificate. If - # the certificate is encrypted, then you will be prompted for a - # pass phrase. Note that a kill -HUP will prompt again. A new - # certificate can be generated using the genkey(1) command. - SSLCertificateFile /etc/pki/tls/certs/{{ sslcertfile }} - - # Server Private Key: - # If the key is not combined with the certificate, use this - # directive to point at the key file. Keep in mind that if - # you've both a RSA and a DSA private key you can configure - # both in parallel (to also allow the use of DSA ciphers, etc.) - SSLCertificateKeyFile /etc/pki/tls/private/{{ sslkeyfile }} - - # Server Certificate Chain: - # Point SSLCertificateChainFile at a file containing the - # concatenation of PEM encoded CA certificates which form the - # certificate chain for the server certificate. Alternatively - # the referenced file can be the same as SSLCertificateFile - # when the CA certificates are directly appended to the server - # certificate for convinience. - #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt - {% if sslintermediatecertfile != '' %} - SSLCertificateChainFile /etc/pki/tls/certs/{{ sslintermediatecertfile }} - {% endif %} - - # Certificate Authority (CA): - # Set the CA certificate verification path where to find CA - # certificates for client authentication or alternatively one - # huge file containing all of them (file must be PEM encoded) - #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt - - DocumentRoot {{ item.document_root }} - - Options Indexes FollowSymLinks - - - - - - # Change this to the domain which points to your host. - ServerName {{ item.name }} - {% if sslonly %} - RewriteEngine On - RewriteCond %{HTTPS} off - RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE] - {% else %} - Options Indexes FollowSymLinks - {% endif %} - diff --git a/files/httpd/qadevel-virtualhost.conf.j2 b/files/httpd/qadevel-virtualhost.conf.j2 deleted file mode 100644 index 0b5472959c..0000000000 --- a/files/httpd/qadevel-virtualhost.conf.j2 +++ /dev/null @@ -1,27 +0,0 @@ -# this is meant for proxied stuff only, hence the lack of ssl - - - # Change this to the domain which points to your host. - ServerName {{ item.external_name }} - ServerAlias {{ item.name }} - - DocumentRoot {{ item.document_root }} - - ErrorLog "/var/log/httpd/{{ item.name }}.error_log" - CustomLog "/var/log/httpd/{{ item.name }}.access_log" common - - - Options Indexes FollowSymLinks - Require all granted - - - - Options +Indexes - DirectoryIndex default.html - - - - DirectoryIndex index.html - - - diff --git a/files/iptables/iptables b/files/iptables/iptables new file mode 100644 index 0000000000..78b74c8096 --- /dev/null +++ b/files/iptables/iptables @@ -0,0 +1,52 @@ +# {{ ansible_managed }} +*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] + +# allow ping and traceroute +-A INPUT -p icmp -j ACCEPT + +# localhost is fine +-A INPUT -i lo -j ACCEPT + +# Established connections allowed +-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT + +# allow ssh - always +-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT + +# for fireball mode - allow port 5099 from lockbox and it's ips +-A INPUT -p tcp -m tcp --dport 5099 -s 192.168.1.58 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5099 -s 10.5.126.23 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5099 -s 10.5.127.51 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5099 -s 209.132.181.6 -j ACCEPT + +# for nrpe - allow it from nocs +-A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT +# FIXME - this is the global nat-ip and we need the noc01-specific ip +-A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT + + +# if the host/group defines incoming tcp_ports - allow them +{% for port in tcp_ports %} +-A INPUT -p tcp -m tcp --dport {{ port }} -j ACCEPT +{% endfor %} + +# if the host/group defines incoming udp_ports - allow them +{% for port in udp_ports %} +-A INPUT -p udp -m udp --dport {{ port }} -j ACCEPT +{% endfor %} + +# if there are custom rules - put them in as-is +{% for rule in custom_rules %} +{{ rule }} +{% endfor %} + +# otherwise kick everything out +-A INPUT -j REJECT --reject-with icmp-host-prohibited +-A FORWARD -j REJECT --reject-with icmp-host-prohibited +COMMIT diff --git a/files/iptables/iptables.sign b/files/iptables/iptables.sign new file mode 100644 index 0000000000..f213e8855b --- /dev/null +++ b/files/iptables/iptables.sign @@ -0,0 +1,14 @@ +# {{ ansible_managed }} +*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +-A INPUT -p icmp -j ACCEPT +-A INPUT -i lo -j ACCEPT +# Allow connections from client/server +-A INPUT -p tcp -m tcp --dport 44333:44334 -j ACCEPT +-A INPUT -j REJECT --reject-with icmp-host-prohibited +-A FORWARD -j REJECT --reject-with icmp-host-prohibited +COMMIT + diff --git a/files/iptables/iptables.staging b/files/iptables/iptables.staging new file mode 100644 index 0000000000..8ead9b6d8c --- /dev/null +++ b/files/iptables/iptables.staging @@ -0,0 +1,64 @@ +# {{ ansible_managed }} +*nat +:PREROUTING ACCEPT [] +:POSTROUTING ACCEPT [] +:OUTPUT ACCEPT [] + +# Redirect staging attempts to talk to the external proxy to an internal ip. +# This is primarily for openid in staging which needs to get around proxy +# redirects. +-A OUTPUT -d 209.132.181.14 -j DNAT --to-destination 10.5.126.89 + +COMMIT + +*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] + +# allow ping and traceroute +-A INPUT -p icmp -j ACCEPT + +# localhost is fine +-A INPUT -i lo -j ACCEPT + +# Established connections allowed +-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT + +# allow ssh - always +-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT + +# for fireball mode - allow port 5099 from lockbox and it's ips +-A INPUT -p tcp -m tcp --dport 5099 -s 192.168.1.58 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5099 -s 10.5.126.23 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5099 -s 10.5.127.51 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5099 -s 209.132.181.6 -j ACCEPT + +# for nrpe - allow it from nocs +-A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT +# FIXME - this is the global nat-ip and we need the noc01-specific ip +-A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT + + +# if the host/group defines incoming tcp_ports - allow them +{% for port in tcp_ports %} +-A INPUT -p tcp -m tcp --dport {{ port }} -j ACCEPT +{% endfor %} + +# if the host/group defines incoming udp_ports - allow them +{% for port in udp_ports %} +-A INPUT -p udp -m udp --dport {{ port }} -j ACCEPT +{% endfor %} + +# if there are custom rules - put them in as-is +{% for rule in custom_rules %} +{{ rule }} +{% endfor %} + +# otherwise kick everything out +-A INPUT -j REJECT --reject-with icmp-host-prohibited +-A FORWARD -j REJECT --reject-with icmp-host-prohibited +COMMIT diff --git a/files/jenkins/gitconfig b/files/jenkins/gitconfig new file mode 100644 index 0000000000..780b54524f --- /dev/null +++ b/files/jenkins/gitconfig @@ -0,0 +1,4 @@ +[user] + email = sysadmin@fedoraproject.org + name = ${dist_tag} node - Fedora cloud + diff --git a/files/jenkins/jenkins-admin-keys b/files/jenkins/jenkins-admin-keys new file mode 100644 index 0000000000..8894468117 --- /dev/null +++ b/files/jenkins/jenkins-admin-keys @@ -0,0 +1,38 @@ +#ausil +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAD9QDskl41P2f4wqBuDBRD3VJ7MfKD6gMetMEaOy2b/CzfxN1vzeoxEvUxefi4+uh5b5ht5+BhQVhvBV7sTxxYftEH+B7IRmWigqcS1Ndnw+ML6zCbSTCJOqDvTLxmkZic0NUBIBP907ztMCoZjaOW9SSCrdA9Vp87V3x/KEQaeSNntmnFqtnpQI/N0NlmqxB78p97W/QDpLuftqJ33sM0uyvxXSusThLSFBHjisezsWox49nEKY8HW+Kwkmw+k7EF4tsDWymPB+S0gMsMlTxzjutNASVDmn6H+lgkzns+5Xxii4/mZWrcjqfLuH7vCI2mWykZJ6ek0LiQea9tNN+KZomqX6NbTUK3riaDPrZPNexa4I83Fp+DYNmYgnGMInqn+cZ5PoUJ3u3LaqZGBQeuuONTw0yQ8Pkkn5xibpPO6qblHKcet0pfmWQ5ab+5BDrsyLcPXolMci5h45GNWebr7UMuXT6+q+EolnYgbgDzzGJ4xPohF04OW8CwflK64KEnYcqlGs+DF4TNgGFlhKiyCWfXSjizmQusxn17ayi6+yrkiGeqfz72qyZ1pSKlwA8XRYC2VkAAquJP6zAtAKjCUdmRTSyYgCpoIAlMwBO07BiPLLov6lKdphZYY1DI7pTXA98fhVU04PDqJJYR1GKkttmCsjbRWnxjkPl/Zka1+ei3k9DNidT6j4hFj+uTj8SS70qZUtKLNpc5IcedHaGEK0vcXJm9lIEKBIEnN0PCLZCa4kQZnfdsbuep1fbXNf4WYPXea29aRKJc4hiqsdrccTp4KueHgWt1Jj6CZDZcFgX+NlUVWwk6djgjRzHUryExtsjCcgGMPRJWdUnVcpgkQ1qJhEXng3W+nFFboArWfwU8u1pXEdeE1Z+m+ows3nJHdEgQevyy/cUx6BPNPZkBh10MWskSV8Z+vb02vJB+QikRMwQs3Ywf6RMaZFrBkWD4FfUaU24f4wgtPQN7j5xxJ2rWLJ/s9ZOWSl9yrytC6ZUQwmayLmiPUdm4u/7ZZmaly39K1YWqFDl3eUrRAZwf1L/NAqFu/qcQQ3Xf20K0nI55nVbZ8ODyx6BtfwoioblnTEcehK0uud5Vamc5mfpErFY0agEecsc0sMZO+ky9pf/gCUdM7je7kMDI2hdx61fOa8Wypb5u9WNBWKRKx8xT1XUKhb2uFumm3sR1iNm1Qhj92mo/NO2aETOA1lsYSL0XK571Yy0iFK3X1nOqp/gCsEGLI8OPQk6XuFqv8hmfiIXNKV8IwuDStw7eIvuQIgT7bmMkj+1Ca25foSmg3w5FqJux1gO9t5F018LeQZ6LVlYHZaQnaN+eTU7KfoCozhWw1H9pprDz Dennis Gilmore + +#codeblock +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAACAEAstHxky7hl1inyHBy+q/9M+Aen2HSfy8IoW+sAO6HSuHEUT7qWB8AlSNjHhahjXx7sy/BUkUed+NB/177rjlThokZDJ0yoM9KKymp26ETGaamBSkWBxZatTj96BWfD0P2K9jc/9vxtgKBq3VK9UaOt6VtJ9q6mKY3DdWLZn+K6iGQAKMCAgd8cCMgD6epBB5/litz7WhYv+aYTyjZGUGbBojQUiWgXDv9lR7p0w+VP7pnZEeb3//k4pZhsPrKFwwRVRLxBvWgVKNvA6nMXmsdikHCLLj8YAevhEY1xAba+iCKOpTqT7Bu+1Fnb9St8u5iDod21gRmN7MGGWYsO+Iu2MNAW9sw2nsA/sdNR0HEEgBqJLhERjGv399fWKyiZaF90n59lg8Pb6EzE6wHRs6rSB+9uKApBzPk99BEHLvC6mhn6RjrOC+TWSTcmXojAwQYCadqIdgWUaBsxaugKEXBFcmRuDWtpDfsqmM1kjeGU6MiaMlqPW0KjsMaVVChLO5ZvB/T7qW4wr5ZjLri475MuHocCMP0ECSUk7I3YW2h8RU6FEFmTpuULFRQo01iPreY5XJ7l0+xy2eggAWo+X2h3nGjXhCPOelBg+LYe0WOmPgB5oc1m5HZtFTcFzYbhAE+xQKlbwNeYT8HmNmEMhPjVoNyOOV7NAap+ueS2u/7li5D59O5Iy8aa5n/WiuYfkqH4pG796nFyLr5L/LVudzyaYFb/Gk8C1j/NAWYw53D/9aOA277HHe5t0/daJhbo98u0asF5mvPld3swPuPqkEZzgUfmNgH5CkvcQcMzaOvj6qr6xNmQfgsHroCShb46kplQ2uSf1pMAqsjN7jGhk6l+Bu6hKHnJKhZJVLiuAZtgYvkCB1ahaO3wRVozA1VKCAlqHOqoCq4YLIobUL95H08Kwcz7vIRIadX1TkOoLb2EwPkE/xrhDp4BySh+j6YNklSBkiRHvJMBNnRIj8NTRjYyj2o1Om7kJ770lEdryg2og8QBaFWCmFkwzg1QVrBOuu0dN7kt2l7VI7Ib4lavKSVTrqUdxdSbthUlu/b4Qif+pbyEtUFgykRsHVs+5Ofg7FZpsgCJ8rLFjzeVF/hAYX7t3XaIPLu+DL8kzamb/CRy1b7+iAw9nJbd7ED2SGyU6+c2coMPG23y6+YxgEmNG/rkCLCypkEEDOZe4DuMerZQ/RxMo06+glC6HC/3VN2dHlVLtEEV33B04/6Z0plAhqtjG7PVs08f8a5msV/VYn5ifa4z0oIXX1r5CIg3Ejp1JguLhBHpWa7YbS2Mwu6GAbD+hQfCYrsUkFonoOLu5czpITLo7ceJFTQmAt7OxZEoZBfmtYfzADQsQVYQb6J4QwvM3iKJOn30dgtYnJOVlDZEn+0fivedxoBAt9jHJ8lVp2ov/dOFnimi5V+2QIMB0fKTkChsk10zsDZ/KUk6zfijjEju0WfjRHCd357KswNv3aXHazfRIw77S2UOenD+xmUDZ6WgnxservUSDNDz7NldLf/gdPOMO4uSwKZixzsoCNioeLEmQv4gomNK7DyZBLMHLlWlbliqP+QWuIJO1rfoH2vaxzzA7l5tJW1gfnxm87RrrwIf9v5kpdJM6gQZxqmBCRsKQd5VkrEJ/xaFfkv080pWNV0drWTZW8fAAgfUNYB260Hyk3rHsjQlVtQxGJ1aAcgjMi3eGKQMwptbUMYHqct75czX6xp6zgXPiC/glX6AtuiZQ5bOI07imil20ien/ks/dnel8L+dmYDasL9m0B2jZ3lbl3eR1Dy7UhqGyERx//vYQapEBuwFcqQ9UdIWCGGG2Pte1I39BSehUUGSCOOD38a/GCu0l7OWZKdwq80MK/Ixgz4neiZQZ7MD2wPy6vk6Num18PZPN7OynMrI2UG5MViQ0GAhRgxwbUCvc7uKnGRqZo9q2mCabCxLbv+hJ4bppxpHHJxMDDXilTKMfZb0YRbvjBUi7LFKLN3MBMK2U1jHE+PjBgweqF8Jtuw04CQMxK3unajZOVkYAIq8IdMbw0oBVP4++eGB9z0x1eH+IsqL6IgknbbyoMgQqW9/8atm8HW2QYCX47oPd4FHs8rgJZk3bz8MwN3tp8WCRtYnJuwkWGWSq77ans0Ycl/tUfSSwUjnSvMsJnuSbxvdX0XbP5eRWikk0pJz5lM9sjYFOPHrQ44/U254yBa0N6UhyNTQnMGzRvY+fADE49b10hXZwCCrxpY9KvGr1XNJMnMcUke+4p9RS5LUwcZ8A6v7oWtZaZwnuBzvKk+HAn2gevD7Stjto+TnRCx1qcbx8iOhAEC6nvbLl+U313TmawrO/usrI5w3EFKP/4BnlKJDtNBeklJ0MpU3R1fmisqfegjuBW2bbaxq8Uo6m7uqPsYuAl7E6rOyZHLbtA8szvbQ46MSqAHezqxHJajWn2oZXMtbddgO5vlkxbRp3SSVKaPOeIj3XOGl78Owp4gFNRE0RY2EuUvrwUhXZR4wx1VHYjS6o9HAwOx3dH+pf1OiblUEanLQ9HLuOBkLhP8wn1M2slsSw+A1gyuI0ayjRujYFXdw6Mqp6XKTdU8vNue2c3d0I+TMifBypP0oJtxXmEoPp/VsU9yLKA2FF7Xvv/Xq1gtZcuZWAbSwMok/ENY1xeIFyjV+0yBidmax3jaf9yus/XEpyeBS3iIz63ymU10Kb2vrWjubg/sa2yd+q0y96dLdDRbnbwGwMmg6mXvTlVXf8c= ricky@padlock01.home.elrod.me + +#jstanley +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5bNJQBrvT/YuvfLO0y6smZW5N+946uISkzmDi9myffLgHAZP4nBGeH/4GcB5ns9HJ19xVtbIwqOz4QwIqKh4gKU7DgaqND2Iu0bUUFL1KXPLGyAIW+9N3yHB+nKkH31alDnF4dpKkvO63DRkqh4ptxwEQbZDCFqn+vXuMnG4cPmDEweR3QZUt5m0Vc7HXzbehZxjUZ3xRWvT/pu+khBhJcRFkLlA60Fnqv7Q+MQP1C0Cpf3hiX1LcXUogXkNooAqx1YYRd8VqvI8e9yQW+a99x8FftnmXKlGCxP33ng6+U6Y2H7u3cRDrlRTbWqkry4SuUYo+6MtvZVgL0fw6PsZ jstanley@hawtness.rmrf.net + +#kevin +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJH1lA7WHRCbaFtvzbw0HxHYJstZjuXhax1+eL+SUJ5fFRGosEc4fLrSCP0gSFDfXmNzuspoBgcQTqnNO8FdIUwkJLDEu0vTQls1aT9YUXb+RVwKB7ULA3b1dqFkmOgLEjTJL9AplK4OJ9Su0kq6QBV4mXCxMsgEML/gn6r8muZmu2L/LdzUnxKKggyq7O5q1K/eW5Yy21fpvbHt2UPQX1f6gt4ty7E9Nnuhi7SHCI7fNIa+kHyIesfTm/SzeK/PY9rDwZKjuyS8o22GJXGEScJomK1cjMESH/J+t8Hffaj88BjGHNczvcnXAjq6y73VJQ9DiGLD4zmFquQMxDu0Tf kevin@jelerak.scrye.com + +#lmacken +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDefONrBaBJlCxKtDwkYWVhf96lMhRQfwVJyBoBd4Pk6TqKMlAu2eST1xRZlV4cJSxAWgZpOaFgqJ5EGd6mq8PvVk+mKXdtX7CAoWm4f3c6otUFsFDCTw3gVvYSlEk23XBHuACsbAVNL4HmP+9C7PxQBePukbMBFD2smsyQkPcX7lZw+lDJW5lOTz3dHAA92bcopDycxRDI99gGkawzjlmxpm2C9nhRabKS6mpGw3N64d8hwHkkFbtHY7rS0/0Cka0geYYYv0NVki1IIctkhZE9LndcWbVcVe1pIlR0RyW2sorfgCgoa5fRZZhukUCtspdv981h/0b87RpRVUJKuRd1 lmacken@tomservo + +#mdomsch +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsmLoA/97DrE7roCHOY7NdB5TV/g7oxAsk74HgHcFRYAbn/rkoa7r9ZsgR7qzwd6Z+5Z77qFqvl1Bs3XtJf+1vJ3kwdcNFdKTw1DgTdE/rNPI7QzUgXKKKv/WCiU6UDBX4HHWq8Yuq4tkr/yepS8sLzMz2e0pHU4uWFQuvr5ttP9ABGohhDnPr0IcaT5vm+uBTJItJBrhqGws2fnVxhWEm8Y96AZb2vFZVwiMdcKKqfVZby3/wTuEtaDbv0krQNtLJcjaOTWLHWnxJEvLWSdFgkuIDvoNKR7ZV2lsmh5UD/smStgf8TkORR59r63dp2kWAn0/Jl59ARsdXDXGCiduF3GamxglTUA+kYbkN/PBQbl6o+nNKy4Q5TI53WNmhpdsbEJWCjzT+V1ju5JejFEHIhnWyBoBUWB2NKxWaSlToI2B9E0iJ0HK68IlA7bO4X7SD8q5cZBVTKMByFxt9uQXFeZeG7QRCPIsg6bXsirnFn5028iz+RfVFe3Mavp18v1hObvH6SDTczQauuAhTwYOtphaPZj+iHbaKvKndvlOWdGoyrNxgcx+t4loyEEcEWD0Astdp0bZD39nag94PD7hnoENOC0oE6mbtyUuSCGrU6ogee8qxYAt0AP3Rq1LLaRWXqe/1rM5A9oaDNwNkWA/JWbJbZQf0vvWTZmTib3rfew== mdomsch@fedoraproject.org + +#mmcgrath +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7U0WbKLL/D6iR03/vdDZJ8Lkj1jjAkindSvC4PkXVgi6qJo1YBZnIgsmoQopYcra2yzHFt58crygIh79P/rpQowWY99W+Sk4kB9UNuiAiX/LRi+1YdxwCKcRNTVOwuji6MGZoscACERmIjPY6P1oFPERoXhUkOuzPcrDK/0z/Bp9dpNRVZE/0zN6dvHA9QODLGvcFtgnX73SbZfoIbaVP/37IvOZvjGI1jxC5DwCmY+ihM13GpELP6BM8iihlnl1pjk1vtqPxD9g9Llr14Sc6cZJKl1WCulqhde4SEMOjpMJ8J8cGYBSsdh49hB36pdKQuTTnuCXpEt5Tl8PUKCrr mmcgrath@desktop.mmcgrath.net + +#notting +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3eVd6Ccegp1r1mhm7tPnlGUcw0zsAbR2p9hrFZ7RKxdIponuVV9ix4lgwpNEVDs0j4vxAApeLpJrsV8R8+YLUZO3Mzi+2s8nM8LXrKHtJT9wKKqoU3O/lC79drbWk3EMgETyP61Zpjkub0hwG2MjviPee63zCuRbxzxyalzk+AtwkRSxYaS2Ha0uKxGDiq1c/Iu6HRgm8HrtW+Pr6QbSSoHLhGUpR0HkgoC6852xXGhrRMkzXXbD9L6vaK9F39YmzD7Z8yey+xDTFW529avkEIWDeqBpbae+HjKqEQaBx71/rcmXhqKYrEagzUGpS8Bwskp3JMksd/v9tMuUhGQ2XaooCeKzvM0KnVUk/Q031ZtjNYxLpy/rEqbyt18+8wYOvVoGgnRZ/yJ/UVwYbGJrttYrrQmaJv7b357bkgDJobkIki+zGzi1xkvb85JWEt0mfh38H2vCnpwQtSAIyF/hmrS+1xsD/oAoc83IUhsVYcDhLbBEVKMX2IsJLMAPwCE6GexRYyVE5vEN4PMV9A8VmGuIC3IzkPEbStdtlbP4ttNKtfwS+MrY+ceAABDixls6xpedgT1he44R+7C1p+w4uj4TnYReLVce6+KgfJ6mz8CTXVULLWM4l2H3PylEUyoHGRDpVanGAvm7h2D0HgxErWIkjZkL79GFhzQc1xjzixQ== notting@nostromo.devel.redhat.com + +#ricky +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDAeAohiRJ2v/RO7R9GS93TF92Gc9ixK6HM7wlbMdlZ4yYAbeoEX8VpeNaSTfo/Nw3zazr9VpmpHg+H70K8ljQsPgRwcgpetRVpF55M5FYjqM5oM+N94HV3nSGcnWbSIho1R31DaDH2ptxVqgh2m5DG7Bc45w9Bd4wjfdQ8nBrGv93tuH7X/cee4g6GvexLm5nXhAngdEmiyxw5MHuJAvj+54l4wMXRWpeF6XlI2iamW42nLSfRMCFkGNiXvBm8zkfkeH2L7I2cNKXXoP/cPCd3G/teIsI9FDqYpZ6CS0zMkWhlTuh7rlCjc9+nJsLdDLgwhb75skiUOOfimGvCCxWeHuCsSL+KpCu4AgI9UAVgO6xblDlmbQXxlGopep29U/s00W/0qv3Zp8Ks4Za0xHdoIwHiaLM0OYymFaNDd3ZqFG0FN23ZjcGqUmFGhGfUQRDt72+e9HtXlBJ0mUaCX9+e4wFGTVciG1/5CKsLHCaLRf+knsWXrv2zcv9BoZ9SCAK32zCZw05wjcmr7jYDCTLmtC6kEBNaOeE9Qqi2oomo4ji8ybg+Qq+1BwOtJKExvmZaooBZud0qd24HmCU0/0ysw732jGcqexzxsCR0VArd+7LKexOD7KwMW0VUss6fdOWac9gwCLx9FaKYh8mVvcQjKhKGI3aO2sXRUWSbBJw8w== ricky@alpha.rzhou.org + +#smooge +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAxnzCHH11nDM1m7yvqo6Uanq5vcZjBcs/mr3LccxwJ59ENzSXwUgEQy/P8vby9VKMwsskoaqZcvJdOSZBFhNV970NTPb69OIXPQAl/xhaLwiJOn606fB+/S8WepeuntS0qLiebbEiA9vIQLteZ+bWl1s/didD/sFo3/wItoTGA4GuShUu1AyWJx5Ue7Y34rwGR+kIvDoy2GHUcunn2PjGt4r3v2vpiR8GuK0JRupJAGYbYCiMBDRMkR0cgEyHW6+QQNqMlA6nRJjp94PcUMKaZK6Tc+6h5v8kLLtzuZ6ZupwMMC4X8sh85YcxqoW9DynrvO28pzaMNBHm7qr9LeY9PIhXscSa35GAcGZ7UwPK4aJAAuIzCf8BzazyvUM3Ye7GPCXHxUwY0kdXk+MHMVKFzZDChNp/ovgdhxNrw9Xzcs4yw7XYambN9Bk567cI6/tWcPuYLYD4ZJQP0qSXVzVgFEPss1lDcgd0k4if+pINyxM8eVFZVAqU+BMeDC+6W8HUUPgv6LiyTWs+xTXTuORwBTSF1pOqWB4LjqsCGIiMAc6n/xdALBGUN7qsuKDU6Q7bwPppaxypi4KCvuJsqW+8sDtMUaZ34I5Zo1q7cu03wqnOljUGoAY6IDn3J66F2KlPPyb/q3PDV3WbY/jnH16L29/xUA73nFUW1p+WXutwmSU= ssmoogen@ponyo.int.smoogespace.com + +#spot +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFZ3AD/I0OfU84IrK573amZptucuBrDxHoue/c+PUsD3MGIA6QXRceq3ZkLuz25OAAu53hFxzCE4d6eVS299rVR8Cd+tVU8aqBdTHzdqv52Vs8zRfXMW69sV7fhwRLaQDcRTwY90Wmz2MbZmN996XmJDNtUIWI2mML+PBYEdO0PyiB2ttb7mmA3SwtC/rwEMJL2YHh+bTzlJ9W4BgFcFwizMXU3mk5uGp2/q3nKzEvgTROM8yWvqdM34cRYpjFKyOlpo6k3SPt76hgDUEIsAu6Ul1S0FHTCRMIihcxZOSN4frMtXVjX0NhW9mKcn1IRBpzd0Yon/gPB8OJ31ojIIop spot@pterodactyl + +#toshio +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDfgKJEBuHFlFc8/IHDeIpdprNnAFQHkicXAFfAzIJSkhUaOJFjsulmgPZn2TJJpYqFAxYUjhWJOdrOwx7AHSg6gWu4TT4a0sTay+Z0eqZOShf5UL/M587DxJk1JZU8g812yDKZMc7Sv7K6zdteONnCvno1kALSg0F2MVMJXFjE/tSontkIRH6IuG19R19NGEj1h56uGwdfe78xjOmv5wk6RZBjaOKqiPSQKNqCKbY9Kyz6yrem2M5uxRK45u3wSPJdmopo8l/nwf0p6ydrUSL5C/aXGh7LPqh31eTBDQUbWHw9LQMk1SibMGQPwJt59lLMlzc5OQZAJEbadsDAgl6VVA6MZkBQROiK9E087kvPesMoGWE0KBgvTqzpBZj0uHATP9i097dv80gjupMyaePsnQOxk0wRho9nRkxRo18Drt3QPVND4YGHzahMe/YR2N83MkbnGoP8K+GsFhLMAp3NKh6yUofFxTgRiB6H8ULKf3CV+hlk0Z9RJR3CpgMTKILYHPlaleJqoP6sXg6tJxI0rUE+0jUKvaTj+N2gX0MjKfUINk5mTbjD2mdVrPtKOBvos2luNhY5nTDpJuAHQqnFHPlPw8l3lXC2VBWOjqfTeeS+qD7ArKe6F7IO5ZNxJ2mTUuodhaPySta1MS37DWoz6UqeJu+wKIsHok90+EU4aAvUABh3RXSQA1E3IaxkooMhhrdIQO6K4L0M+CZ7lP35sW5pnwsN4sFlPec9Xn5e15LTlb9yFlx7Nm4DE2SX1s9QyMRE7z0LNO0X7wiihojuyQM6OQwc+ZaaDw5HerBisX/3LcC9osVLQQg1pt91YcCczUQ08qfUJV6aOD962K+EGzVFQGGauJDzgEH9BHQg7QwCWr0f3mu8/TNBzys2c0YsywDUc3AT1KP6TEJcR/dy6WbhJD3qyO/BLfCzRrHUOIaz+WbwmfTX8tGEQnVV5sEkZ39PWA1hRQ83b3MNV8cRJl+h/FnTk62yM4ZqGu73+x8JiEG3HAJp9/xYfNSwg8++PojJBXe+yM6DrTh5fTnBhxatLEKB658p8jTqJtF4+YD9D8+L39xEns6GQ7FphNqTC6IcpXyqq+zNuzF7vs/T+5n7978dUs3sK6YpBX4BlDxK6MsRF1WYqajEVeBJEMwdX2rfGkN9B5GfWdmdrzBjZQ6yyvlx5Dg++qgxpMiVOXSnw5v7H03PrT1we9wKre/2SQ1A2Oq/UDt/7tR2cMLoaPDNBpFT1W44LJB7o9iDT9YHUG3dC7R8JoeJ5YjyFmxbUQ5xg1oHnrBaPrGCuEYdQWhuDmp9Px2yRu8Agxzr9rNCZ/W8nWJVmvwvlXoldrum2rAECx0wiWqBhQ/+eX65 badger@unaka.lan + +#pingou +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2xAeq5uO72kY4mSFgFl9ZSveiAqe4tUv8hemrxwZH+w24RFOGrW1nOV+hjQhRpYVNwvqJkrd9N7VY/HXkd9df2AgQyYoiVfeMPTA7lB0/e/S1Bd6XGdWudvqRU1O6Rug0j3RQOuz7WDJgnanBVcBl8+X7EaPGpv9aILgh6CJDOVAO2GgaFdzI7CHtR99CMqNG7BsQF8C9Y8ALK+8HOPRE0R1wzgaAw85HTo0gyIWcrZqr4HI/QDuLjUQ6AZSgzE7dTiwZuFnUjLBnL0YP1bxJglt9IFx6r6jvdp/yMD+Bn/91WvmBL/AD+GIQ/ZydoeLo+JQW22ibiX/SzdAE4Cd3 FedoraProject diff --git a/files/jenkins/master/config.xml b/files/jenkins/master/config.xml new file mode 100644 index 0000000000..b58e4fb86d --- /dev/null +++ b/files/jenkins/master/config.xml @@ -0,0 +1,119 @@ + + + + 1.486 + 0 + NORMAL + true + + hudson.model.Hudson.Administer:sysadmin-jenkins + hudson.model.Hudson.ConfigureUpdateCenter:sysadmin-jenkins + hudson.model.Hudson.Read:sysadmin-jenkins + hudson.model.Hudson.Read:anonymous + hudson.model.Hudson.RunScripts:sysadmin-jenkins + hudson.model.Item.Read:anonymous + + + http://id.fedoraproject.org/ + + + ${ITEM_ROOTDIR}/workspace + ${ITEM_ROOTDIR}/builds + + false + + + + + + + + Fedora19 + + /mnt/jenkins/ + 2 + NORMAL + + + 172.16.5.12 + 22 + d844d352-af1d-466b-9fc9-cbb19348103a + + + + + + EL6 + + /mnt/jenkins/ + 2 + NORMAL + + + 172.16.5.10 + 22 + 950d5dd7-acb2-402a-8670-21f152d04928 + + + + + + Fedora20 + + /mnt/jenkins/ + 2 + NORMAL + + + 172.16.5.23 + 22 + 950d5dd7-acb2-402a-8670-21f152d04928 + + + + + + EL7-beta + + /mnt/jenkins/ + 2 + NORMAL + + + 172.16.5.14 + 22 + 950d5dd7-acb2-402a-8670-21f152d04928 + + + + + + 5 + 0 + + + + All + false + false + + + + All + 0 + + + false + X-Forwarded-For + + + + + diff --git a/files/jenkins/master/hudson.plugins.git.GitSCM.xml b/files/jenkins/master/hudson.plugins.git.GitSCM.xml new file mode 100644 index 0000000000..66ac10cc3a --- /dev/null +++ b/files/jenkins/master/hudson.plugins.git.GitSCM.xml @@ -0,0 +1,8 @@ + + + + 1 + jenkins @ fedora infr + infrastructure@fedoraproject.org + false + diff --git a/files/jenkins/master/hudson.plugins.warnings.WarningsPublisher.xml b/files/jenkins/master/hudson.plugins.warnings.WarningsPublisher.xml new file mode 100644 index 0000000000..5594ea588d --- /dev/null +++ b/files/jenkins/master/hudson.plugins.warnings.WarningsPublisher.xml @@ -0,0 +1,22 @@ + + + + + + pyflakes + ^(.*):([0-9]*):(.*)$ + + + https://pypi.python.org/pypi/pyflakes + pyflakes errors + + + diff --git a/files/jenkins/master/hudson.tasks.Mailer.xml b/files/jenkins/master/hudson.tasks.Mailer.xml new file mode 100644 index 0000000000..04461c8206 --- /dev/null +++ b/files/jenkins/master/hudson.tasks.Mailer.xml @@ -0,0 +1,10 @@ + + + + @fedoraproject.org + http://jenkins.cloud.fedoraproject.org/ + jenkins@fedoraproject.org + localhost + false + UTF-8 + diff --git a/files/jenkins/master/hudson.triggers.SCMTrigger.xml b/files/jenkins/master/hudson.triggers.SCMTrigger.xml new file mode 100644 index 0000000000..d2ce84479b --- /dev/null +++ b/files/jenkins/master/hudson.triggers.SCMTrigger.xml @@ -0,0 +1,6 @@ + + + + false + 0 + diff --git a/files/jenkins/master/jenkins-apache.conf b/files/jenkins/master/jenkins-apache.conf new file mode 100644 index 0000000000..a3515d49b2 --- /dev/null +++ b/files/jenkins/master/jenkins-apache.conf @@ -0,0 +1,9 @@ +ProxyPass / http://localhost:8080/ +ProxyPassReverse / http://localhost:8080/ +ProxyRequests Off + +# Local reverse proxy authorization override + + Order deny,allow + Allow from all + \ No newline at end of file diff --git a/files/jenkins/master/jenkins-ci.org.key b/files/jenkins/master/jenkins-ci.org.key new file mode 100644 index 0000000000..7a6e8128c0 --- /dev/null +++ b/files/jenkins/master/jenkins-ci.org.key @@ -0,0 +1,112 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.9 (GNU/Linux) + +mQGiBEmFQG0RBACXScOxb6BTV6rQE/tcJopAEWsdvmE0jNIRWjDDzB7HovX6Anrq +n7+Vq4spAReSFbBVaYiiOx2cGDymj2dyx2i9NAI/9/cQXJOU+RPdDzHVlO1Edksp +5rKn0cGPWY5sLxRf8s/tO5oyKgwCVgTaB5a8gBHaoGms3nNC4YYf+lqlpwCgjbti +3u1iMIx6Rs+dG0+xw1oi5FUD/2tLJMx7vCUQHhPRupeYFPoD8vWpcbGb5nHfHi4U +8/x4qZspAIwvXtGw0UBHildGpqe9onp22Syadn/7JgMWhHoFw5Ke/rTMlxREL7pa +TiXuagD2G84tjJ66oJP1FigslJzrnG61y85V7THL61OFqDg6IOP4onbsdqHby4VD +zZj9A/9uQxIn5250AGLNpARStAcNPJNJbHOQuv0iF3vnG8uO7/oscB0TYb8/juxr +hs9GdSN0U0BxENR+8KWy5lttpqLMKlKRknQYy34UstQiyFgAQ9Epncu9uIbVDgWt +y7utnqXN033EyYkcWx5EhLAgHkC7wSzeSWABV3JSXN7CeeOif7QiS29oc3VrZSBL +YXdhZ3VjaGkgPGtrQGtvaHN1a2Uub3JnPohjBBMRAgAjAhsDBgsJCAcDAgQVAggD +BBYCAwECHgECF4AFAko/7vYCGQEACgkQm30y8tUFguabhgCgi54IQR4rpJZ/uUHe +ZB879zUWTQwAniQDBO+Zly7Fsvm0Mcvqvl02UzxCtC1Lb2hzdWtlIEthd2FndWNo +aSA8a29oc3VrZS5rYXdhZ3VjaGlAc3VuLmNvbT6IYAQTEQIAIAUCSj/qbQIbAwYL +CQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEJt9MvLVBYLm38gAoIGR2+TQeJaCeEa8 +CQhZYzDoiJkQAJ0cpmD+0VA+leOAr5LEccNVd70Z/dHNy83JARAAAQEAAAAAAAAA +AAAAAAD/2P/gABBKRklGAAEBAQBgAGAAAP/hAGBFeGlmAABJSSoACAAAAAQAMQEC +ABkAAAA+AAAAEFEBAAEAAAABQ5AAEVEEAAEAAAASCwAAElEEAAEAAAASCwAAAAAA +AE1hY3JvbWVkaWEgRmlyZXdvcmtzIDQuMAAA/9sAQwAIBgYHBgUIBwcHCQkICgwU +DQwLCwwZEhMPFB0aHx4dGhwcICQuJyAiLCMcHCg3KSwwMTQ0NB8nOT04MjwuMzQy +/9sAQwEJCQkMCwwYDQ0YMiEcITIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIy +MjIyMjIyMjIyMjIyMjIyMjIyMjIy/8AAEQgArgCWAwEiAAIRAQMRAf/EAB8AAAEF +AQEBAQEBAAAAAAAAAAABAgMEBQYHCAkKC//EALUQAAIBAwMCBAMFBQQEAAABfQEC +AwAEEQUSITFBBhNRYQcicRQygZGhCCNCscEVUtHwJDNicoIJChYXGBkaJSYnKCkq +NDU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6g4SFhoeIiYqS +k5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk +5ebn6Onq8fLz9PX29/j5+v/EAB8BAAMBAQEBAQEBAQEAAAAAAAABAgMEBQYHCAkK +C//EALURAAIBAgQEAwQHBQQEAAECdwABAgMRBAUhMQYSQVEHYXETIjKBCBRCkaGx +wQkjM1LwFWJy0QoWJDThJfEXGBkaJicoKSo1Njc4OTpDREVGR0hJSlNUVVZXWFla +Y2RlZmdoaWpzdHV2d3h5eoKDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2 +t7i5usLDxMXGx8jJytLT1NXW19jZ2uLj5OXm5+jp6vLz9PX29/j5+v/aAAwDAQAC +EQMRAD8A9wEj/wB9vzpfMf8Avt+dRinCpGSeY398/nS72/vH86YKBQBJvb+8fzpd +7f3j+dMFLQA/e394/nS7j6n86ZSimA7cfU07cfU1HnFOFADtx9aXJ9TTKUUxD8n1 +pc+9Mp1AC5ozSUtAC0maKKADNFJ2ooAoCnCmilzWZQ6lFJSimAopaQUtAC54rOvN +dsLCTZPPGrdwXAry/wCKHxXfRppND0Mq16Bie5PIi9lHdv5V8/X+rXt/O8tzcyyy +MclnYkk0avYdl1PqPxT8VtH8NwqwzdXEuSkaHoB61wjftCXhlzHosBjHZpSCa8PW +O7uhuAkcDueaaYbhOqMMe1L5lcvWx9U+FPjJ4f8AEU0dpdhtLvXOFWdgY3PoH6fg +cV6MrZGa+EklIOJOPqK9i+G3xem0TytI8QSSXGnHCQXJO57f2Pqn6indrclq+x9G +5pwNVoLiO4hSaGRZIpFDKynIYHuKmBqyB+aWmg0uaAFopKKAFoozRQBQFLSUorMo +UUtJSigB1ZHijWovD/hu+1KZlUQxErnu3YfnWsK8k+Pt60PhaxtAxAnuOQO4UE0P +YaWp8/Xd1LeTz3Mzl5pnLuxPJJNa+i+HDclZZ1yp5C1Q0axa+1BEx8i8mvS7S3WG +NQo6elcWLxDprljuelgsOp+/IgtdCiVFVYx07CnXHhyNgflA/Ct+1BwOKmkVq8xS +m9bnr2S0sec6n4UVo2KKNw6Vx9xby2U3lSAj617NcR5J4zmua1/Q4r+1JVQJU5Ui +uzD4qUXyz2OHFYWM1zR3Ol+CHj0xXX/CKajMTHKd1g7H7r94/oeo9wR3r3tWr4ht +pZtNv4bmElZ7eVZUIOPmU5/pX2dpOpR6tpFnqMQxHdQpMoz03DOK9ePY8OaszUDU ++oFNSg0yUOopKWgAoo6mikBRpwptLWZY4UoptLTELXin7QbD7PoiFv45Gx+Ar2uv +FP2g7dfsejXOfm8x48evGf6UmNbnm3hCBls57sJuYnYg9TXSyW2uIgNpJbs5GWDj +gewrP8EJu0XIHKyNV2+j1txM0MzIQV8oIQN3POSenHTg15VSV6z2+Z7dGNqKt26G +hpeo6rC3lajZxKOgdG6/hW5NcoIC4HOOhrmbJb1IokuZWkfbmUsQQGz2xW5OAbAE +Y3d/es5TtJo6oRbjcx7uXVryXbblIIv723JqN9PuUdLhJ2aQf6xW6OP6VBqS6jcQ +sLS4aOQHCqH2qVx64znP8verWn2d/DKrPOzxbFBWQ5O7HJyOxParv7t7oxcfeasz +z3xBaC01uZV4RxvAr6X+F0rv8NdCMj7iICAfQBjgV87+NYzHr6jHHlA/rX0H8LFa +P4baLu3DMTHDDtvOPwr1sM7xR4mK0m/U7lTUyniqyGp1NbtHOmSUuaaDS1JQuaKS +ikBTpaQUVmUOpabS0xC15f8AF7wxc+IEsJI3VI4Nyrkfxtjn6YH616hWL4ptDd6B +cBTh0+cH0xUVL8j5dzSk0prm2PD/AAnYvp+ltazDbNHM6yD3BrpEiWToOKzPLktr +mRiSwlO7J9atQ3bFsCvGnJSlzM+gpLlXKJcpDAegGT+ZqYgPYAgVnz3DpKW8pJW6 +AM2MUranci38vy4gBz/9alGF3dG0ppKzZYs0ilB4BwauOixggVlW9w8sivsWJuhC +nOanmun83bimtNCZPS5g6/osOta3Zq8giRImMjeoyMAe5Oa940SxTStFsbCM/JbQ +JGv0AryTTLRLzXIwwDOWVAvfGecCvZx19q9fAttPyPBzCyatuyyhqZTxVdDU612M +4ESg04GowacDUFjqKQc0UDKlLSUtZFC0UUCmAtMmiSeF4pBlHBVh7U6imI878Y+G +rbTbGC7tFf5WKyFmz1rimZoy2wZJGQBXter2C6lpc9qw++vy/XtXiMoe3upLeTiS +Nipry8XSUJJpaHq4Os5JpvUoC4uJr1rYIkJC7vMuGCgj2rZ/4Ry/aHzvtdltO4Ei +TPTH+NUrhFlUB1yQODVB8RjyRboR6hiAfqM4rCLTPR6aSt8rktzJc2l7HZgRXLOu +4SQPkKPU1fUtu3SHJUc/WqlvGIULKo3kdhgCr+lwfb9ZtLItxLIAx9upp25pKKMq +klFN3PTfDenR2mjWbtEvnsm8sVG4buevXpit1aiUAcAYHapVr6GMVGKij5iUnKTk +ydKnU1ClSikwRIKcD60wU4GpLQ7PpRSUUhlaikpc1kWLRSUUxC5ozSZozTA5Txn8 +QtF8DxRDUDLPeTDdFaQAFyucbiTwo+vXsK8huNZHiVJddtbY2/mysfJL7iAD0JwM +1h/F+X7V8RtUKybzEUj5PTCjj8KseD2S304WbzxPJ9/CsDjcM4/DvXLjF+6TXc7M +F/EafY1YNThkVcttccMpqY3trtx8ufeoJbK3acrLECPcUsmj2EUYfyw27kcmvOjY +9NuS6kc+pxp8seWc8Koq7pWox+HLiHWdQSR0gO90jALYxjAzjnmsxbnTbCXMssMK +r6nk/h1rH17xLY3lpJa25dw4wWxgfrW9KnOU04owqziotSZ7r4S8daT4xFwunpcR +S24DPHOoBweMjBOa6pDXzn8JNej0nxdFbSKqwX6/ZtzHG1s5U59yMfjX0SpwcGvc +Wp4MlZltDUoNV42qYGpYIlFOzUYNOBqSx4opBzRSArUtNqrqWqWOj2D32pXcVrap +96WVsDPoO5PsOayNC5TXkWKJpZHVI0GWd2AVR7k9K8Z8R/HTazweHNPBHQXd4Ovu +sY/9mP4V5Trvi7XPETltW1S4uVzkRM2I1+iDCj8qtRYWPfvEXxh8L6GJIrWZ9Vu1 +48u1/wBWD7yHj8s15Jr/AMYfFGtyOlvdDS7c5xFZnace7n5j+n0rz1n3Hmmk4zzV +KKFcdNPI7s0jM7sxZmY5LE9ST61CsrI25SQR3BwacWzwRUZX0qiblgaheq25bucH +18w086tqDrta9uCvp5hqng56UDmp5I9iueXcmDsxyzEn1JqROvNQKD7VKCqDJOas +kuRuMgjp711+n/FHxVpyIsWqNPHEAojukWQEe5PP61wvnEj0B4ApykZJJ7UDPfvD +Hxp0+/dLfXbYWMp4E8RLxH6jqv616laXtve26XFrPFPC/KyRsGU/iK+MBICcDitn +QPFWseHbvztMv5YM/eTOUb6qeDRcXKj7CV8ing1434V+NtpezR2niC3W0Y8fa4cm +PP8AtL1H1Ga9atrqG6gSe3mjmhcZSSNgysPYikTZouCiow4xRRYLmRr+tW/h7Qrv +Vbkbo7dCwQHBdugUfU4r5Y8TeKtV8Tak15qlwztk+XEDiOFf7qL2H6nvXr3x01n7 +Po2n6SjfNcymaQf7K8D9T+leBzPuT3H8qiC0NHoNeYnvURc4phPNITmrJuLu5pSa +Z3pRyKYhM80oOaaetAoAkzwKTd6Cm5pBQA8EnqTijOSeOKaT2oHSgY7cTTg1Rilp +AS7/AGpc4UA96iHJApXbk0wJ0kOeDXTeGPGer+GbtZNOunWMnLwscxv9V/ya5T7q +D1NOEhQYHU9/Siw0z7A8KeJ7XxToceo2ymNs7JoicmNx1HuOcg0V5j8A9RQnWNKl +lVARHcruOOfut/7LRTViJaPQ5b42agbrx29uGytrAiAehPJ/nXmrNu2H14NdD481 +A6j401S6zkPMQPoOP6VzQOcj0OaiGxctxpNA5obqfrQKokSlWkzQDzQAMOaSnN1F +JQAtFFFAAKKKO9AC0UlGaBj0HemjlvrTkOEY03vQIe7YJP4CkTBfn6mkbkA/Wkzg +YHU9aYGtpl7Pau8kEzxMwwShwcUVUtWIU4oqbXLTFv3M0jSkksWJP481SU/Pk1Ym +b7/1FViMY96diWKwy5+tITTm+7mo6BC0DrR2oHWgB7dBTac3SmUALS0lKOtACUua +KKACm0vSk70ASLxF9TSYzznrQf8AVqKTPH40wHHHQfjTM55pTwp9+KQdKALEL7Is ++poph4Cr6Cigdz//2YhgBBMRAgAgBQJKP/cgAhsDBgsJCAcDAgQVAggDBBYCAwEC +HgECF4AACgkQm30y8tUFgua3awCdFQlChLgn/n4tb4jLe1RgxOxHxosAn2Cn2oNh +sZ91wUb4d5JuH88TCupsuQINBEmFQG0QCADqAXWgiis4yi96os3QZmK5809ojjTT +nlICgbztrT55cMVTDBc9SneyRQlC0cS+M1z4Do6lj81sNJdJiBPqTYYA1+exTFvs +5zCxPInDP3hvqXxHTP142XN1hdzt53R7smn8O0wyO+RCBUb44e9NkusvBd5UP3Je +449hnpXJ4WO3cVMFm4ghxs7ERlpAi5NTEsVVdM8dqHbZJtk8gbzdAHH0ybiAXmWy +LFGZDuuKiFAkqm/Wled7id6N+cPx107dwBclwPxzfEYKEqJ1YDDHoDlyfx4012y1 +53e5sGyah/IPBYrrLMfG+Wmiwr5nCX0tmwOcyukuE94hbzJCX2wBdbWLAAMGCACz +l3cuM4lGt/wr5liM4gotXpZAopY+EnbLIBuOHFXXR7HnyAgST1jH/AUbafvPjyDh +EkFDyUP14XtHNIAqsN1UpuyYbM90bMPAWXJxrazMsSF+Tv5yIxHiy4cc1pjoqHA2 +kwqIGHmTxYzOPOS19ZWQAtevoTE6pCARphY0dzpscCWaXGs/ZqNAhjL96WLYV1Oo +Ut+9mTnOcs6Vuxaxp2wN2S5DK1S9gdIxWEc8wMUPiQe8CYk0OySdORIblMs3bGqD +FoM5HcBAZP1YlXitPH2nIRv0DtOQGMQOCkqUWmQuQAUgKV+YO86lO4S7EhTET/GP +sQb6P7efm/Cs8wbq/wyIiEkEGBECAAkFAkmFQG0CGwwACgkQm30y8tUFgua2mACe +JNBW4snDC4OzjKU6QT386/GA9ssAn3vLzSwn8N1xv5MihWGr5kVzvaE2 +=cjdq +-----END PGP PUBLIC KEY BLOCK----- diff --git a/files/jenkins/master/jenkins.repo b/files/jenkins/master/jenkins.repo new file mode 100644 index 0000000000..5e3c88a5ea --- /dev/null +++ b/files/jenkins/master/jenkins.repo @@ -0,0 +1,5 @@ +[jenkins] +name=Jenkins +baseurl=http://pkg.jenkins-ci.org/redhat +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-jenkins-ci.org diff --git a/files/jenkins/master/plugins/bazaar.hpi b/files/jenkins/master/plugins/bazaar.hpi new file mode 100644 index 0000000000..393ede31b6 Binary files /dev/null and b/files/jenkins/master/plugins/bazaar.hpi differ diff --git a/files/jenkins/master/plugins/chucknorris.hpi b/files/jenkins/master/plugins/chucknorris.hpi new file mode 100644 index 0000000000..999a810575 Binary files /dev/null and b/files/jenkins/master/plugins/chucknorris.hpi differ diff --git a/files/jenkins/master/plugins/cobertura.hpi b/files/jenkins/master/plugins/cobertura.hpi new file mode 100644 index 0000000000..369eb15bd0 Binary files /dev/null and b/files/jenkins/master/plugins/cobertura.hpi differ diff --git a/files/jenkins/master/plugins/cvs.hpi b/files/jenkins/master/plugins/cvs.hpi new file mode 100644 index 0000000000..bf38242439 Binary files /dev/null and b/files/jenkins/master/plugins/cvs.hpi differ diff --git a/files/jenkins/master/plugins/external-monitor-job.hpi b/files/jenkins/master/plugins/external-monitor-job.hpi new file mode 100644 index 0000000000..e2a96ec274 Binary files /dev/null and b/files/jenkins/master/plugins/external-monitor-job.hpi differ diff --git a/files/jenkins/master/plugins/git-client.hpi b/files/jenkins/master/plugins/git-client.hpi new file mode 100644 index 0000000000..4748e066c3 Binary files /dev/null and b/files/jenkins/master/plugins/git-client.hpi differ diff --git a/files/jenkins/master/plugins/git.hpi b/files/jenkins/master/plugins/git.hpi new file mode 100644 index 0000000000..a386868ed7 Binary files /dev/null and b/files/jenkins/master/plugins/git.hpi differ diff --git a/files/jenkins/master/plugins/instant-messaging.hpi b/files/jenkins/master/plugins/instant-messaging.hpi new file mode 100644 index 0000000000..4409b090da Binary files /dev/null and b/files/jenkins/master/plugins/instant-messaging.hpi differ diff --git a/files/jenkins/master/plugins/ldap.hpi b/files/jenkins/master/plugins/ldap.hpi new file mode 100644 index 0000000000..ee03e7f618 Binary files /dev/null and b/files/jenkins/master/plugins/ldap.hpi differ diff --git a/files/jenkins/master/plugins/maven-plugin.hpi b/files/jenkins/master/plugins/maven-plugin.hpi new file mode 100644 index 0000000000..f8fb3f4390 Binary files /dev/null and b/files/jenkins/master/plugins/maven-plugin.hpi differ diff --git a/files/jenkins/master/plugins/mercurial.hpi b/files/jenkins/master/plugins/mercurial.hpi new file mode 100644 index 0000000000..03044bd8eb Binary files /dev/null and b/files/jenkins/master/plugins/mercurial.hpi differ diff --git a/files/jenkins/master/plugins/openid.hpi b/files/jenkins/master/plugins/openid.hpi new file mode 100644 index 0000000000..1888510db7 Binary files /dev/null and b/files/jenkins/master/plugins/openid.hpi differ diff --git a/files/jenkins/master/plugins/python.hpi b/files/jenkins/master/plugins/python.hpi new file mode 100644 index 0000000000..f2894c1a76 Binary files /dev/null and b/files/jenkins/master/plugins/python.hpi differ diff --git a/files/jenkins/master/plugins/scm-api.hpi b/files/jenkins/master/plugins/scm-api.hpi new file mode 100644 index 0000000000..5e931d9a41 Binary files /dev/null and b/files/jenkins/master/plugins/scm-api.hpi differ diff --git a/files/jenkins/master/plugins/ssh-agent.hpi b/files/jenkins/master/plugins/ssh-agent.hpi new file mode 100644 index 0000000000..39a5efd691 Binary files /dev/null and b/files/jenkins/master/plugins/ssh-agent.hpi differ diff --git a/files/jenkins/master/plugins/subversion.hpi b/files/jenkins/master/plugins/subversion.hpi new file mode 100644 index 0000000000..99d981f1e4 Binary files /dev/null and b/files/jenkins/master/plugins/subversion.hpi differ diff --git a/files/jenkins/master/plugins/translation.hpi b/files/jenkins/master/plugins/translation.hpi new file mode 100644 index 0000000000..f85bbcfbe0 Binary files /dev/null and b/files/jenkins/master/plugins/translation.hpi differ diff --git a/files/jenkins/master/plugins/violations.hpi b/files/jenkins/master/plugins/violations.hpi new file mode 100644 index 0000000000..c6cf43e45f Binary files /dev/null and b/files/jenkins/master/plugins/violations.hpi differ diff --git a/files/jenkins/master/plugins/xunit.hpi b/files/jenkins/master/plugins/xunit.hpi new file mode 100644 index 0000000000..be07136e9a Binary files /dev/null and b/files/jenkins/master/plugins/xunit.hpi differ diff --git a/files/jenkins/slaves/sbt.repo b/files/jenkins/slaves/sbt.repo new file mode 100644 index 0000000000..02af2a2de9 --- /dev/null +++ b/files/jenkins/slaves/sbt.repo @@ -0,0 +1,6 @@ +[sbt-fedorapeople] +name=SBT Fedorapeople Repo +baseurl=http://repos.fedorapeople.org/repos/codeblock/sbt/fedora-18/RPMS/ +enabled=1 +skip_if_unavailable=1 +gpgcheck=0 diff --git a/files/jenkins/sshd_config_slave b/files/jenkins/sshd_config_slave new file mode 100644 index 0000000000..ca6f43b746 --- /dev/null +++ b/files/jenkins/sshd_config_slave @@ -0,0 +1,149 @@ +# $OpenBSD: sshd_config,v 1.84 2011/05/23 03:30:07 djm Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# The default requires explicit activation of protocol 1 +#Protocol 2 + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 1024 + +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +SyslogFacility AUTHPRIV +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#RSAAuthentication yes +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandRunAs nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication no +PasswordAuthentication yes +#PermitEmptyPasswords no +AllowUsers jenkins_slave root + + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes +ChallengeResponseAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no +#KerberosUseKuserok yes + +# GSSAPI options +#GSSAPIAuthentication no +GSSAPIAuthentication yes +#GSSAPICleanupCredentials yes +GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes +#GSSAPIKeyExchange no + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +# WARNING: 'UsePAM no' is not supported in Fedora and may cause several +# problems. +#UsePAM no +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#ShowPatchLevel no +#UseDNS yes +#PidFile /var/run/sshd.pid +#MaxStartups 10 +#PermitTunnel no +#ChrootDirectory none + +# no default banner path +#Banner none + +# Accept locale-related environment variables +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE +AcceptEnv XMODIFIERS + +# override default of no subsystems +Subsystem sftp /usr/libexec/openssh/sftp-server + +# Uncomment this if you want to use .local domain +#Host *.local +# CheckHostIP no + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# ForceCommand cvs server diff --git a/files/jenkins/sshd_config_slave.RedHat b/files/jenkins/sshd_config_slave.RedHat new file mode 100644 index 0000000000..a429f05b35 --- /dev/null +++ b/files/jenkins/sshd_config_slave.RedHat @@ -0,0 +1,141 @@ +# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# Disable legacy (protocol version 1) support in the server for new +# installations. In future the default will change to require explicit +# activation of protocol 1 +Protocol 2 + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 1024 + +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +SyslogFacility AUTHPRIV +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +RSAAuthentication yes +PubkeyAuthentication yes +AuthorizedKeysFile .ssh/authorized_keys +#AuthorizedKeysCommand none +#AuthorizedKeysCommandRunAs nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no +PasswordAuthentication yes +AllowUsers jenkins_slave root + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes +ChallengeResponseAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no +#KerberosUseKuserok yes + +# GSSAPI options +#GSSAPIAuthentication no +GSSAPIAuthentication yes +#GSSAPICleanupCredentials yes +GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes +#GSSAPIKeyExchange no + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +#UsePAM no +UsePAM yes + +# Accept locale-related environment variables +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE +AcceptEnv XMODIFIERS + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#ShowPatchLevel no +#UseDNS yes +#PidFile /var/run/sshd.pid +#MaxStartups 10 +#PermitTunnel no +#ChrootDirectory none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/libexec/openssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# ForceCommand cvs server +PermitRootLogin without-password +UseDNS no diff --git a/files/keyserver/sks.conf b/files/keyserver/sks.conf new file mode 100644 index 0000000000..e91dfd764b --- /dev/null +++ b/files/keyserver/sks.conf @@ -0,0 +1,83 @@ +ServerName keys.fedoraproject.org +Listen 80.239.156.219:11371 +NameVirtualHost *:443 + + + LoadModule proxy_module modules/mod_proxy.so + + + + LoadModule proxy_http_module modules/mod_proxy_http.so + + + + LoadModule proxy_balancer_module modules/mod_proxy_balancer.so + + + + LoadModule headers_module modules/mod_headers.so + + + + LoadModule authz_host_module modules/mod_authz_host.so + + + + LoadModule log_config_module modules/mod_log_config.so + + + + LoadModule env_module modules/mod_env.so + + + + Options FollowSymLinks + AllowOverride None + Order deny,allow + Deny from all + + + + ServerAdmin sysadmin-keys-members@fedoraproject.org + ServerName keys.fedoraproject.org + ProxyPass / http://127.0.0.1:11371/ + ProxyPassReverse / http://127.0.0.1:11371/ + SetEnv proxy-nokeepalive 1 + ProxyVia Full + + + ServerAdmin sysadmin-keys-members@fedoraproject.org + ServerName keys.fedoraproject.org + ServerAlias keys01.fedoraproject.org + + SSLEngine on + SSLCertificateFile /etc/pki/tls/wildcard-2014.fedoraproject.org.cert + SSLCertificateChainFile /etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert + SSLCertificateKeyFile /etc/pki/tls/wildcard-2014.fedoraproject.org.key + ProxyPass / http://localhost:11371/ + ProxyPassReverse / http://localhost:11371/ + SetEnv proxy-nokeepalive 1 + ProxyVia Full + + + ServerAdmin sysadmin-keys-members@fedoraproject.org + ServerName pool.sks-keyservers.net + ServerAlias sks-keyservers.net + ServerAlias *.sks-keyservers.net + + SSLEngine on + SSLCertificateFile /etc/pki/tls/keys_fedoraproject_org.crt.pem + SSLCertificateKeyFile /etc/pki/tls/keys_fedoraproject_org.key + ProxyPass / http://localhost:11371/ + ProxyPassReverse / http://localhost:11371/ + SetEnv proxy-nokeepalive 1 + ProxyVia Full + + + ServerAdmin sysadmin-keys-members@fedoraproject.org + ServerName keys.fedoraproject.org + ProxyPass / http://127.0.0.1:11371/ + ProxyPassReverse / http://127.0.0.1:11371/ + SetEnv proxy-nokeepalive 1 + ProxyVia Full + diff --git a/files/lists-dev/pg_hba.conf b/files/lists-dev/pg_hba.conf new file mode 100644 index 0000000000..90087fed5b --- /dev/null +++ b/files/lists-dev/pg_hba.conf @@ -0,0 +1,3 @@ +local all all peer +host all all 127.0.0.1/32 md5 +host all all ::1/128 md5 diff --git a/files/lists-dev/pgpass.j2 b/files/lists-dev/pgpass.j2 new file mode 100644 index 0000000000..b0b2297296 --- /dev/null +++ b/files/lists-dev/pgpass.j2 @@ -0,0 +1,3 @@ +*:*:mailman:mailmanadmin:{{ lists_dev_mm_db_pass }} +*:*:hyperkitty:hyperkittyadmin:{{ lists_dev_hk_db_pass }} +*:*:kittystore:kittystoreadmin:{{ lists_dev_ks_db_pass }} diff --git a/files/logserver/fixfiles_exclude_dirs b/files/logserver/fixfiles_exclude_dirs deleted file mode 100644 index 81a340f025..0000000000 --- a/files/logserver/fixfiles_exclude_dirs +++ /dev/null @@ -1 +0,0 @@ -/var/log/hosts diff --git a/files/mailman/mailman2-import.sh b/files/mailman/mailman2-import.sh new file mode 100644 index 0000000000..71f0821d14 --- /dev/null +++ b/files/mailman/mailman2-import.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +HKCONFDIR="/etc/hyperkitty/sites/default" +MMDIR=$1 +DOMAIN=$2 + +if [ -z "$MMDIR" ]; then + echo "Usage: $0 " + exit 2 +fi + +[ -z "$DOMAIN" ] && DOMAIN=lists.fedoraproject.org + +existinglists=`mktemp` +trap "rm -f $existinglists" EXIT +sudo -u mailman mailman3 lists -q > $existinglists + +for listname in `ls $MMDIR/lists`; do + listaddr="$listname@$DOMAIN" + if ! grep -qs $listaddr $existinglists; then + echo "sudo -u mailman mailman3 create -d $listaddr" + echo "sudo -u mailman PYTHONPATH=/usr/lib/mailman mailman3 import21 $listaddr $MMDIR/lists/$listname/config.pck" + fi + echo "sudo kittystore-import -p $HKCONFDIR -s settings_admin -l $listaddr --continue $MMDIR/archives/private/${listname}.mbox/${listname}.mbox" +done diff --git a/files/mailman/pgpass.j2 b/files/mailman/pgpass.j2 index dae76e65da..bfb3161ad0 100644 --- a/files/mailman/pgpass.j2 +++ b/files/mailman/pgpass.j2 @@ -1,5 +1,7 @@ *:*:mailman:mailman:{{ mailman_mm_db_pass }} *:*:hyperkitty:hyperkittyapp:{{ mailman_hk_db_pass }} *:*:hyperkitty:hyperkittyadmin:{{ mailman_hk_admin_db_pass }} +*:*:kittystore:kittystoreapp:{{ mailman_ks_db_pass }} +*:*:kittystore:kittystoreadmin:{{ mailman_ks_admin_db_pass }} *:*:postorius:postoriusapp:{{ mailman_ps_db_pass }} *:*:postorius:postoriusadmin:{{ mailman_ps_admin_db_pass }} diff --git a/roles/mod_wsgi/files/wsgi.conf b/files/mod_wsgi/wsgi.conf similarity index 100% rename from roles/mod_wsgi/files/wsgi.conf rename to files/mod_wsgi/wsgi.conf diff --git a/files/mysql/my.cnf b/files/mysql/my.cnf new file mode 100644 index 0000000000..fb4a7de97d --- /dev/null +++ b/files/mysql/my.cnf @@ -0,0 +1,74 @@ +[mysqld] +datadir=/var/lib/mysql +socket=/var/lib/mysql/mysql.sock +user=mysql +# Default to using old password format for compatibility with mysql 3.x +# clients (those using the mysqlclient10 compatibility package). +old_passwords=1 +max_connections=900 +query_cache_size=64M +query_cache_limit=2M +ft_min_word_len=3 + +log-slow-queries=/var/log/mysqld/slow-queries.log +long_query_time = 2 +general_log = 1 +general_log_file = /var/log/mysqld/mysql-transfer.log + +skip-locking +key_buffer = 384M +key_buffer_size=64M +max_allowed_packet = 16M +table_cache = 2048 +sort_buffer_size = 8M +join_buffer_size = 8M +read_buffer_size = 2M +read_rnd_buffer_size = 16M +bulk_insert_buffer_size = 64M +myisam_sort_buffer_size = 128M +myisam_max_sort_file_size=15G +myisam_max_extra_sort_file_size = 10G +thread_cache_size = 8 +# Try number of CPU's*2 for thread_concurrency +thread_concurrency = 16 +thread_stack = 192K + +transaction_isolation = REPEATABLE-READ + +back_log = 50 +binlog_cache_size = 1M +max_heap_table_size = 128M + +tmp_table_size = 128M + +innodb_additional_mem_pool_size = 16M +innodb_buffer_pool_size = 4G +innodb_file_io_threads = 4 +innodb_thread_concurrency = 16 +innodb_flush_log_at_trx_commit = 1 +innodb_log_buffer_size = 8M +#innodb_log_file_size = 2G +#innodb_log_files_in_group = 3 +innodb_max_dirty_pages_pct = 90 + + +[mysqld_safe] +log-error=/var/log/mysqld.log +pid-file=/var/run/mysqld/mysqld.pid +open-files-limit = 8192 + +[isamchk] +key_buffer = 512M +sort_buffer_size = 512M +read_buffer = 8M +write_buffer = 8M + +[myisamchk] +key_buffer = 512M +sort_buffer_size = 512M +read_buffer = 8M +write_buffer = 8M + +[mysqlhotcopy] +interactive-timeout + diff --git a/files/openshift/Gemfile b/files/openshift/Gemfile new file mode 100644 index 0000000000..1a8a78806e --- /dev/null +++ b/files/openshift/Gemfile @@ -0,0 +1,50 @@ +source 'http://rubygems.org' + +gem 'rails', '~> 3.0.13' +gem 'json' +gem 'parseconfig' +gem 'mongo' +gem 'xml-simple' +gem 'rack' +gem 'regin' +gem 'open4' +gem 'stickshift-common' +gem 'stickshift-controller' +gem 'rest-client' +gem 'systemu' + +# Add plugin gems here +gem 'gearchanger-mcollective-plugin' +gem 'uplift-bind-plugin' +gem 'swingshift-mongo-plugin' +gem 'dnsruby' + +# Bundle edge Rails instead: +# gem 'rails', :git => 'git://github.com/rails/rails.git' + +# Use unicorn as the web server +# gem 'unicorn' + +# Deploy with Capistrano +# gem 'capistrano' + +# To use debugger (ruby-debug for Ruby 1.8.7+, ruby-debug19 for Ruby 1.9.2+) +# gem 'ruby-debug' +# gem 'ruby-debug19', :require => 'ruby-debug' + +# Bundle the extra gems: +# gem 'bj' +# gem 'nokogiri' +# gem 'sqlite3-ruby', :require => 'sqlite3' +# gem 'aws-s3', :require => 'aws/s3' + +# Bundle gems for the local environment. Make sure to +# put test-only gems in this group so their generators +# and rake tasks are available in development mode: +group :development, :test do + # The require part from http://tinyurl.com/3pf68ho + gem 'mocha', :require => nil + gem 'cucumber' + gem 'rcov' +end + diff --git a/files/openshift/jenkins.repo b/files/openshift/jenkins.repo new file mode 100644 index 0000000000..5ab0572477 --- /dev/null +++ b/files/openshift/jenkins.repo @@ -0,0 +1,5 @@ +[jenkins] +name=Jenkins +baseurl=http://pkg.jenkins-ci.org/redhat +gpgcheck=1 +gpgkey=http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key diff --git a/files/openshift/mcollective-client.cfg b/files/openshift/mcollective-client.cfg new file mode 100644 index 0000000000..3e8a44f598 --- /dev/null +++ b/files/openshift/mcollective-client.cfg @@ -0,0 +1,18 @@ +topicprefix = /topic/ +main_collective = mcollective +collectives = mcollective +libdir = /usr/libexec/mcollective +loglevel = debug +logfile = /var/log/mcollective-client.log + +# Plugins +securityprovider = psk +plugin.psk = unset +connector = qpid +plugin.qpid.host=127.0.0.1 +plugin.qpid.secure=false +plugin.qpid.timeout=5 + +# Facts +factsource = yaml +plugin.yaml = /etc/mcollective/facts.yaml \ No newline at end of file diff --git a/files/openshift/mongo-acct.sh b/files/openshift/mongo-acct.sh new file mode 100644 index 0000000000..15e8973e00 --- /dev/null +++ b/files/openshift/mongo-acct.sh @@ -0,0 +1,7 @@ +#!/bin/bash +mongo stickshift_broker_dev --eval 'db.addUser("stickshift", "mooo")' +mongo stickshift_broker_dev --eval 'db.auth_user.update({"_id":"admin"}, {"_id":"admin","user":"admin","password":"2a8462d93a13e51387a5e607cbd1139f"} , true)' +echo "Acct setup done on `date`" > /etc/mongo-acct-setup + + + \ No newline at end of file diff --git a/files/openshift/mongodb.conf b/files/openshift/mongodb.conf new file mode 100644 index 0000000000..b983014e4c --- /dev/null +++ b/files/openshift/mongodb.conf @@ -0,0 +1,91 @@ +## +### Basic Defaults +## +bind_ip = 127.0.0.1 +port = 27017 +fork = true +pidfilepath = /var/run/mongodb/mongodb.pid +logpath = /var/log/mongodb/mongodb.log +dbpath =/var/lib/mongodb +journal = true + +# Enables periodic logging of CPU utilization and I/O wait +#cpu = true + +# Turn on/off security. Off is currently the default +#noauth = true +auth = true + +# Verbose logging output. +#verbose = true + +# Inspect all client data for validity on receipt (useful for +# developing drivers) +#objcheck = true + +# Enable db quota management +#quota = true + +# Set oplogging level where n is +# 0=off (default) +# 1=W +# 2=R +# 3=both +# 7=W+some reads +#oplog = 0 + +# Diagnostic/debugging option +#nocursors = true + +# Ignore query hints +#nohints = true + +# Disable the HTTP interface (Defaults to port+1000). +nohttpinterface = true + +# Turns off server-side scripting. This will result in greatly limited +# functionality +#noscripting = true + +# Turns off table scans. Any query that would do a table scan fails. +#notablescan = true + +# Disable data file preallocation. +#noprealloc = true + +# Specify .ns file size for new databases. +# nssize = + +# Accout token for Mongo monitoring server. +#mms-token = + +# Server name for Mongo monitoring server. +#mms-name = + +# Ping interval for Mongo monitoring server. +#mms-interval = + +# Replication Options + +# in replicated mongo databases, specify here whether this is a slave or master +#slave = true +#source = master.example.com +# Slave only: specify a single database to replicate +#only = master.example.com +# or +#master = true +#source = slave.example.com + +# Address of a server to pair with. +#pairwith = +# Address of arbiter server. +#arbiter = +# Automatically resync if slave data is stale +#autoresync +# Custom size for replication operation log. +#oplogSize = +# Size limit for in-memory storage of op ids. +#opIdMem = + +# smallfiles +smallfiles = true \ No newline at end of file diff --git a/files/openshift/openshift-el6.repo b/files/openshift/openshift-el6.repo new file mode 100644 index 0000000000..87e34a7074 --- /dev/null +++ b/files/openshift/openshift-el6.repo @@ -0,0 +1,5 @@ +[openshift] +name=OpenShift +baseurl=http://mirror.openshift.com/pub/crankcase/rhel-6/x86_64/ +enabled=1 +gpgcheck=0 diff --git a/files/openshift/qpidd.conf b/files/openshift/qpidd.conf new file mode 100644 index 0000000000..be2e0b862e --- /dev/null +++ b/files/openshift/qpidd.conf @@ -0,0 +1,3 @@ +cluster-mechanism=DIGEST-MD5 ANONYMOUS +auth=no + diff --git a/files/openvpn/client.conf b/files/openvpn/client.conf index abb5d03d16..d274e72acf 100644 --- a/files/openvpn/client.conf +++ b/files/openvpn/client.conf @@ -13,6 +13,7 @@ resolv-retry infinite nobind persist-key +persist-tun ca ca.crt cert client.crt diff --git a/files/phabricator/phabricator-vhost.conf b/files/phabricator/phabricator-vhost.conf new file mode 100644 index 0000000000..abf1d6f3a6 --- /dev/null +++ b/files/phabricator/phabricator-vhost.conf @@ -0,0 +1,19 @@ +NameVirtualHost *:80 + + + Options All + AllowOverride All + Require all granted + + + + ServerName {{domain}} + DocumentRoot /srv/www/facebook/phabricator/webroot + + RewriteEngine on + RewriteRule ^/rsrc/(.*) - [L,QSA] + RewriteRule ^/favicon.ico - [L,QSA] + RewriteRule ^(.*)$ /index.php?__path__=$1 [B,L,QSA] + + SetEnv PHABRICATOR_ENV custom/myconfig + diff --git a/files/phabricator/phabricator.conf.php b/files/phabricator/phabricator.conf.php new file mode 100644 index 0000000000..f15abc8ded --- /dev/null +++ b/files/phabricator/phabricator.conf.php @@ -0,0 +1,18 @@ + 'http://{{domain}}/', + + 'mysql.host' => 'localhost', + 'mysql.user' => 'root', + + 'metamta.default-address' => 'phabricator@{{domain}}', + 'metamta.domain' => '{{domain}}', + + 'phabricator.timezone' => 'America/New_York', + 'pygments.enabled' => true, + + // NOTE: Check default.conf.php for detailed explanations of all the + // configuration options, including these. + +) + phabricator_read_config_file('production'); diff --git a/files/rdiff-backup/#run-rdiff-backups.cron# b/files/rdiff-backup/#run-rdiff-backups.cron# new file mode 100644 index 0000000000..e1045d2329 --- /dev/null +++ b/files/rdiff-backup/#run-rdiff-backups.cron# @@ -0,0 +1,3 @@ +# run rdiff backups +MAILTO=kevin@scrye.com,smooge@gmail.com +00 22 * * * root /usr/local/bin/lock-wrapper run-rdiff-backups "/usr/local/bin/run-rdiff-backups" diff --git a/files/rdiff-backup/run-rdiff-backups b/files/rdiff-backup/run-rdiff-backups index 0c2b970c92..f3ed29da02 100644 --- a/files/rdiff-backup/run-rdiff-backups +++ b/files/rdiff-backup/run-rdiff-backups @@ -5,5 +5,5 @@ source /root/sshagent >>/dev/null TMPDIR=`mktemp -d /tmp/backups.XXXX` cd $TMPDIR -git clone https://infrastructure.fedoraproject.org/infra/ansible +git clone http://infrastructure.fedoraproject.org/infra/ansible.git ansible-playbook -i ansible/inventory ansible/playbooks/rdiff-backup.yml diff --git a/files/rdo/rdo.conf b/files/rdo/rdo.conf new file mode 100644 index 0000000000..e0f89c5693 --- /dev/null +++ b/files/rdo/rdo.conf @@ -0,0 +1,7 @@ +Alias /openstack /srv/persist/openstack + + Options Indexes MultiViews FollowSymLinks + AllowOverride None + Order allow,deny + Allow from all + diff --git a/files/releng/branched b/files/releng/branched new file mode 100644 index 0000000000..f642d0f411 --- /dev/null +++ b/files/releng/branched @@ -0,0 +1,3 @@ +# branched compose +MAILTO=releng-cron@lists.fedoraproject.org +15 7 * * * masher TMPDIR=`mktemp -d /tmp/branched.XXXXXX` && cd $TMPDIR && git clone -n git://git.fedorahosted.org/releng && cd releng && git checkout -b stable rawhide-stable && LANG=en_US.UTF-8 ./scripts/buildbranched $(date "+\%Y\%m\%d") && sudo -u ftpsync /usr/local/bin/update-fullfilelist fedora diff --git a/files/releng/fedmsg/base.py b/files/releng/fedmsg/base.py new file mode 100644 index 0000000000..00d391a162 --- /dev/null +++ b/files/releng/fedmsg/base.py @@ -0,0 +1,20 @@ + +config = dict( + # Set this to dev if you're hacking on fedmsg or an app locally. + # Set to stg or prod if running in the Fedora Infrastructure. + environment="prod", + + # Default is 0 + high_water_mark=0, + io_threads=1, + + # We almost always want the fedmsg-hub to be sending messages with zmq as + # opposed to amqp or stomp. The only exception will be the bugzilla + # amqp<->zmq bridge service. + zmq_enabled=True, + + # When subscribing to messages, we want to allow splats ('*') so we tell the + # hub to not be strict when comparing messages topics to subscription + # topics. + zmq_strict=False, +) diff --git a/files/releng/fedmsg/endpoints.py b/files/releng/fedmsg/endpoints.py new file mode 100644 index 0000000000..d7729d78fa --- /dev/null +++ b/files/releng/fedmsg/endpoints.py @@ -0,0 +1,89 @@ +suffix = 'phx2.fedoraproject.org' +non_phx_suffix = 'fedoraproject.org' + +config = dict( + # This is a dict of possible addresses from which fedmsg can send + # messages. fedmsg.init(...) requires that a 'name' argument be passed + # to it which corresponds with one of the keys in this dict. + endpoints = { + # This is the output side of the relay to which all other + # services can listen. + "relay_outbound": [ + "tcp://busgateway01.%s:3999" % suffix, + ], + + # For other, more 'normal' services, fedmsg will try to guess the + # name of it's calling module to determine which endpoint definition + # to use. This can be overridden by explicitly providing the name in + # the initial call to fedmsg.init(...). + "bodhi.app01": [ + "tcp://app01.%s:300%i" % (suffix, i) + for i in range(8) + ], + "bodhi.app02": [ + "tcp://app02.%s:300%i" % (suffix, i) + for i in range(8) + ], + "bodhi.branched-composer": [ + "tcp://branched-composer.%s:3000" % suffix + ], + "bodhi.rawhide-composer": [ + "tcp://rawhide-composer.%s:3000" % suffix + ], + "bodhi.app03": [ + "tcp://app03.%s:300%i" % (suffix, i) + for i in range(8) + ], + "bodhi.app04": [ + "tcp://app04.%s:300%i" % (suffix, i) + for i in range(8) + ], + "bodhi.app05": [ + "tcp://app05.%s:300%i" % (non_phx_suffix, i) + for i in range(8) + ], + "bodhi.app07": [ + "tcp://app07.%s:300%i" % (suffix, i) + for i in range(8) + ], + "bodhi.app08": [ + "tcp://app08.%s:300%i" % (non_phx_suffix, i) + for i in range(8) + ], + "bodhi.releng04": [ + "tcp://releng04.%s:3000" % suffix + ], + "bodhi.relepel01": [ + "tcp://relepel01.%s:3000" % suffix + ], + "fas.fas01": [ + "tcp://fas01.%s:300%i" % (suffix, i) + for i in range(8) + ], + "fedoratagger.tagger01": [ + "tcp://tagger01.%s:300%i" % (suffix, i) + for i in range(8) + ], + "fedoratagger.tagger02": [ + "tcp://tagger02.%s:300%i" % (suffix, i) + for i in range(8) + ], + "busmon.app01": [ + "tcp://app01.%s:3008" % suffix, + ], + "busmon.app02": [ + "tcp://app02.%s:3008" % suffix, + ], + "supybot.value03": [ + "tcp://value03.%s:3000" % suffix, + ], + }, + + # This is the address of an active->passive relay. It is used for the + # fedmsg-logger command which requires another service with a stable + # listening address for it to send messages to. + # It is also used by the git-hook, for the same reason. + # It is also used by the mediawiki php plugin which, due to the oddities of + # php, can't maintain a single passive-bind endpoint of it's own. + relay_inbound="tcp://busgateway01.%s:9941" % suffix, +) diff --git a/files/releng/fedmsg/ircbot.py b/files/releng/fedmsg/ircbot.py new file mode 100644 index 0000000000..44e35679e6 --- /dev/null +++ b/files/releng/fedmsg/ircbot.py @@ -0,0 +1,18 @@ +config = dict( + irc=[ + dict( + network='irc.freenode.net', + port=6667, + nickname='fedmsg-bot', + channel='fedora-fedmsg', + make_pretty=True, + make_terse=True, + # Don't show busmon or the heartbeat... gross. + # any httpd topics would also be a huge source of spam. + filters=dict( + topic=['busmon', 'httpd'], + body=['lub-dub'], + ), + ), + ], +) diff --git a/files/releng/fedmsg/ssl.py b/files/releng/fedmsg/ssl.py new file mode 100644 index 0000000000..721fb2504e --- /dev/null +++ b/files/releng/fedmsg/ssl.py @@ -0,0 +1,65 @@ + +suffix = "phx2.fedoraproject.org" +app_hosts = [ + "app01.phx2.fedoraproject.org", + "app02.phx2.fedoraproject.org", + "app03.phx2.fedoraproject.org", + "app04.phx2.fedoraproject.org", + "app05.fedoraproject.org", + "app07.phx2.fedoraproject.org", + "app08.fedoraproject.org", +] + +config = dict( + sign_messages=True, + validate_signatures=False, + ssldir="/etc/pki/fedmsg", + + crl_location="https://fedoraproject.org/fedmsg/crl.pem", + crl_cache="/var/run/fedmsg/crl.pem", + crl_cache_expiry=86400, # Daily + + certnames=dict( + [ + ("shell.app0%i" % i, "shell-%s" % app_hosts[i-1]) + for i in range(1, len(app_hosts) + 1) + ] + [ + ("bodhi.app0%i" % i, "bodhi-%s" % app_hosts[i-1]) + for i in range(1, len(app_hosts) + 1) + ] + [ + ("mediawiki.app0%i" % i, "mediawiki-%s" % app_hosts[i-1]) + for i in range(1, len(app_hosts) + 1) + ] + [ + ("shell.fas0%i" % i, "shell-fas0%i.%s" % (i, suffix)) + for i in range(1, 4) + ] + [ + ("fas.fas0%i" % i, "fas-fas0%i.%s" % (i, suffix)) + for i in range(1, 4) + ] + [ + ("shell.packages0%i" % i, "shell-packages0%i.%s" % (i, suffix)) + for i in range(1, 3) + ] + [ + ("fedoratagger.packages0%i" % i, "fedoratagger-packages0%i.%s" % (i, suffix)) + for i in range(1, 3) + ] + [ + ("shell.pkgs0%i" % i, "shell-pkgs0%i.%s" % (i, suffix)) + for i in range(1, 2) + ] + [ + ("scm.pkgs0%i" % i, "scm-pkgs0%i.%s" % (i, suffix)) + for i in range(1, 2) + ] + [ + ("shell.relepel01", "shell-relepel01.%s" % suffix), + ("shell.releng04", "shell-releng04.%s" % suffix), + ("shell.branched-composer", "shell-releng01.%s" % suffix), + ("shell.rawhide-composer", "shell-releng02.%s" % suffix), + ("bodhi.relepel01", "bodhi-relepel01.%s" % suffix), + ("bodhi.releng04", "bodhi-releng04.%s" % suffix), + ("bodhi.branched-composer", "bodhi-releng01.%s" % suffix), + ("bodhi.rawhide-composer", "bodhi-releng02.%s" % suffix), + ] + [ + ("shell.value01", "shell-value01.%s" % suffix), + ("shell.value03", "shell-value03.%s" % suffix), + ("supybot.value03", "supybot-value03.%s" % suffix), + ]) +) + diff --git a/files/releng/fedora-branched-compose-armhfp.cfg b/files/releng/fedora-branched-compose-armhfp.cfg new file mode 100644 index 0000000000..53bd79d964 --- /dev/null +++ b/files/releng/fedora-branched-compose-armhfp.cfg @@ -0,0 +1,41 @@ +config_opts['root'] = 'fedora-branched-compose-armhfp' +config_opts['target_arch'] = 'armv7hl' +config_opts['chroot_setup_cmd'] = 'install @buildsys-build vim-enhanced pungi uboot-tools' +config_opts['dist'] = 'fc16' # only useful for --resultdir variable subst +config_opts['plugin_conf']['root_cache_enable'] = False +config_opts['internal_dev_setup'] = False +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/srv/pungi', '/srv/pungi' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev', '/dev' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/koji', '/mnt/koji' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/fedora_koji', '/mnt/fedora_koji' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/pub/fedora', '/pub/fedora' )) + + +config_opts['yum.conf'] = """ +[main] +cachedir=/var/cache/yum +debuglevel=2 +reposdir=/dev/null +logfile=/var/log/yum.log +retries=20 +obsoletes=1 +gpgcheck=0 +assumeyes=1 + +# repos + +[fedora] +name=fedora +baseurl=http://kojipkgs.fedoraproject.org/mash/branched/armhfp/os +enabled=1 +cost=5000 + +[static] +name=static +baseurl=http://kojipkgs.fedoraproject.org/repos/f21-build/latest/armhfp +enabled=1 +#cost=2000 +""" + + + diff --git a/files/releng/fedora-branched-compose-i386.cfg b/files/releng/fedora-branched-compose-i386.cfg new file mode 100644 index 0000000000..aa4a886827 --- /dev/null +++ b/files/releng/fedora-branched-compose-i386.cfg @@ -0,0 +1,41 @@ +config_opts['root'] = 'fedora-branched-compose-i386' +config_opts['target_arch'] = 'i386' +config_opts['chroot_setup_cmd'] = 'install @buildsys-build vim-enhanced pungi' +config_opts['dist'] = 'fc16' # only useful for --resultdir variable subst +config_opts['plugin_conf']['root_cache_enable'] = False +config_opts['internal_dev_setup'] = False +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/srv/pungi', '/srv/pungi' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev', '/dev' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/koji', '/mnt/koji' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/fedora_koji', '/mnt/fedora_koji' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/pub/fedora', '/pub/fedora' )) + + +config_opts['yum.conf'] = """ +[main] +cachedir=/var/cache/yum +debuglevel=2 +reposdir=/dev/null +logfile=/var/log/yum.log +retries=20 +obsoletes=1 +gpgcheck=0 +assumeyes=1 + +# repos + +[fedora] +name=fedora +baseurl=http://kojipkgs.fedoraproject.org/mash/branched/i386/os +enabled=1 +cost=5000 + +[static] +name=static +baseurl=http://kojipkgs.fedoraproject.org/repos/f21-build/latest/i386 +enabled=1 +#cost=2000 +""" + + + diff --git a/files/releng/fedora-branched-compose-x86_64.cfg b/files/releng/fedora-branched-compose-x86_64.cfg new file mode 100644 index 0000000000..f183c923a0 --- /dev/null +++ b/files/releng/fedora-branched-compose-x86_64.cfg @@ -0,0 +1,41 @@ +config_opts['root'] = 'fedora-branched-compose-x86_64' +config_opts['target_arch'] = 'x86_64' +config_opts['chroot_setup_cmd'] = 'install @buildsys-build vim-enhanced pungi' +config_opts['dist'] = 'fc16' # only useful for --resultdir variable subst +config_opts['plugin_conf']['root_cache_enable'] = False +config_opts['internal_dev_setup'] = False +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/srv/pungi', '/srv/pungi' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev', '/dev' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/koji', '/mnt/koji' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/fedora_koji', '/mnt/fedora_koji' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/pub/fedora', '/pub/fedora' )) + + +config_opts['yum.conf'] = """ +[main] +cachedir=/var/cache/yum +debuglevel=2 +reposdir=/dev/null +logfile=/var/log/yum.log +retries=20 +obsoletes=1 +gpgcheck=0 +assumeyes=1 + +# repos + +[fedora] +name=fedora +baseurl=http://kojipkgs.fedoraproject.org/mash/branched/x86_64/os +enabled=1 +cost=5000 + +[static] +name=static +baseurl=http://kojipkgs.fedoraproject.org/repos/f21-build/latest/x86_64 +enabled=1 +#cost=2000 +""" + + + diff --git a/files/releng/fedora-branched-pungi-i386.cfg b/files/releng/fedora-branched-pungi-i386.cfg new file mode 100644 index 0000000000..28ce560705 --- /dev/null +++ b/files/releng/fedora-branched-pungi-i386.cfg @@ -0,0 +1,31 @@ +config_opts['root'] = 'fedora-branched-pungi-i386' +config_opts['target_arch'] = 'i386' +config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build' +config_opts['dist'] = 'fc9' +config_opts['plugin_conf']['root_cache_enable'] = False +config_opts['internal_dev_setup'] = False +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev', '/dev' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/pts', '/dev/pts' )) + + +config_opts['yum.conf'] = """ +[main] +cachedir=/var/cache/yum +debuglevel=1 +reposdir=/dev/null +logfile=/var/log/yum.log +retries=20 +obsoletes=1 +gpgcheck=0 +assumeyes=1 + +# repos + +[fedora] +name=fedora +baseurl=http://kojipkgs.fedoraproject.org/mash/branched/i386/os + +[buildroot] +name=buildroot +baseurl=http://kojipkgs.fedoraproject.org/repos/f20-build/latest/i386/ +""" diff --git a/files/releng/fedora-branched-pungi-x86_64.cfg b/files/releng/fedora-branched-pungi-x86_64.cfg new file mode 100644 index 0000000000..d6b9a892a1 --- /dev/null +++ b/files/releng/fedora-branched-pungi-x86_64.cfg @@ -0,0 +1,34 @@ +config_opts['root'] = 'fedora-branched-pungi-x86_64' +config_opts['target_arch'] = 'x86_64' +config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build' +config_opts['dist'] = 'fc9' +config_opts['plugin_conf']['root_cache_enable'] = False +config_opts['internal_dev_setup'] = False +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev', '/dev' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/pts', '/dev/pts' )) + + +config_opts['yum.conf'] = """ +[main] +cachedir=/var/cache/yum +debuglevel=1 +reposdir=/dev/null +logfile=/var/log/yum.log +retries=20 +obsoletes=1 +gpgcheck=0 +assumeyes=1 +# grub/syslinux on x86_64 need glibc-devel.i386 which pulls in glibc.i386, need to exclude all +# .i?86 packages except these. +exclude=[!g]*.i*86 g[!l]*.i?86 gl[!i]*.i?86 gli[!b]*.i?86 glib[!c]*.i?86 + +# repos + +[fedora] +name=fedora +baseurl=http://kojipkgs.fedoraproject.org/mash/branched/x86_64/os + +[buildroot] +name=buildroot +baseurl=http://kojipkgs.fedoraproject.org/repos/f20-build/latest/x86_64/ +""" diff --git a/files/releng/fedora-devel-pungi-ppc.cfg b/files/releng/fedora-devel-pungi-ppc.cfg new file mode 100644 index 0000000000..b1c58b94e6 --- /dev/null +++ b/files/releng/fedora-devel-pungi-ppc.cfg @@ -0,0 +1,32 @@ +config_opts['root'] = 'fedora-development-pungi-ppc' +config_opts['target_arch'] = 'ppc' +config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build' +config_opts['dist'] = 'fc9' +config_opts['plugin_conf']['root_cache_enable'] = False +config_opts['internal_dev_setup'] = False +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev', '/dev' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/pts', '/dev/pts' )) + + +config_opts['yum.conf'] = """ +[main] +cachedir=/var/cache/yum +debuglevel=1 +reposdir=/dev/null +logfile=/var/log/yum.log +retries=20 +obsoletes=1 +gpgcheck=0 +assumeyes=1 + +# repos + +[static] +name=fedora +baseurl=http://kojipkgs.fedoraproject.org/repos/dist-rawhide/latest/ppc/ +cost=2 + +[fedora] +name=fedora +baseurl=http://kojipkgs.fedoraproject.org/mash/rawhide/ppc/os +""" diff --git a/files/releng/fedora-rawhide-compose-armhfp.cfg b/files/releng/fedora-rawhide-compose-armhfp.cfg new file mode 100644 index 0000000000..2fc304b49d --- /dev/null +++ b/files/releng/fedora-rawhide-compose-armhfp.cfg @@ -0,0 +1,40 @@ +config_opts['root'] = 'fedora-rawhide-compose-armhfp' +config_opts['target_arch'] = 'armv7hl' +config_opts['chroot_setup_cmd'] = 'install @buildsys-build vim-enhanced pungi uboot-tools' +config_opts['dist'] = 'fc21' # only useful for --resultdir variable subst +config_opts['plugin_conf']['root_cache_enable'] = False +config_opts['internal_dev_setup'] = False +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/srv/pungi', '/srv/pungi' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev', '/dev' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/koji', '/mnt/koji' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/fedora_koji', '/mnt/fedora_koji' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/pub/fedora', '/pub/fedora' )) + +config_opts['yum.conf'] = """ +[main] +cachedir=/var/cache/yum +debuglevel=2 +reposdir=/dev/null +logfile=/var/log/yum.log +retries=20 +obsoletes=1 +gpgcheck=0 +assumeyes=1 + +# repos + +[fedora] +name=fedora +baseurl=http://kojipkgs.fedoraproject.org/mash/rawhide/armhfp/os +enabled=1 +cost=5000 + +[static] +name=static +baseurl=http://kojipkgs.fedoraproject.org/repos/rawhide/latest/armhfp +enabled=1 +#cost=2000 +""" + + + diff --git a/files/releng/fedora-rawhide-compose-i386.cfg b/files/releng/fedora-rawhide-compose-i386.cfg new file mode 100644 index 0000000000..410f458f3e --- /dev/null +++ b/files/releng/fedora-rawhide-compose-i386.cfg @@ -0,0 +1,40 @@ +config_opts['root'] = 'fedora-rawhide-compose-i386' +config_opts['target_arch'] = 'i386' +config_opts['chroot_setup_cmd'] = 'install @buildsys-build vim-enhanced pungi' +config_opts['dist'] = 'fc16' # only useful for --resultdir variable subst +config_opts['plugin_conf']['root_cache_enable'] = False +config_opts['internal_dev_setup'] = False +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/srv/pungi', '/srv/pungi' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev', '/dev' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/koji', '/mnt/koji' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/fedora_koji', '/mnt/fedora_koji' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/pub/fedora', '/pub/fedora' )) + +config_opts['yum.conf'] = """ +[main] +cachedir=/var/cache/yum +debuglevel=2 +reposdir=/dev/null +logfile=/var/log/yum.log +retries=20 +obsoletes=1 +gpgcheck=0 +assumeyes=1 + +# repos + +[fedora] +name=fedora +baseurl=http://kojipkgs.fedoraproject.org/mash/rawhide/i386/os +enabled=1 +cost=5000 + +[static] +name=static +baseurl=http://kojipkgs.fedoraproject.org/repos/rawhide/latest/i386 +enabled=1 +#cost=2000 +""" + + + diff --git a/files/releng/fedora-rawhide-compose-x86_64.cfg b/files/releng/fedora-rawhide-compose-x86_64.cfg new file mode 100644 index 0000000000..c20a4d670b --- /dev/null +++ b/files/releng/fedora-rawhide-compose-x86_64.cfg @@ -0,0 +1,40 @@ +config_opts['root'] = 'fedora-rawhide-compose-x86_64' +config_opts['target_arch'] = 'x86_64' +config_opts['chroot_setup_cmd'] = 'install @buildsys-build vim-enhanced pungi' +config_opts['dist'] = 'fc16' # only useful for --resultdir variable subst +config_opts['plugin_conf']['root_cache_enable'] = False +config_opts['internal_dev_setup'] = False +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/srv/pungi', '/srv/pungi' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev', '/dev' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/koji', '/mnt/koji' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/fedora_koji', '/mnt/fedora_koji' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/pub/fedora', '/pub/fedora' )) + +config_opts['yum.conf'] = """ +[main] +cachedir=/var/cache/yum +debuglevel=2 +reposdir=/dev/null +logfile=/var/log/yum.log +retries=20 +obsoletes=1 +gpgcheck=0 +assumeyes=1 + +# repos + +[fedora] +name=fedora +baseurl=http://kojipkgs.fedoraproject.org/mash/rawhide/x86_64/os +enabled=1 +cost=5000 + +[static] +name=static +baseurl=http://kojipkgs.fedoraproject.org/repos/rawhide/latest/x86_64 +enabled=1 +#cost=2000 +""" + + + diff --git a/files/releng/fedora-rawhide-pungi-i386.cfg b/files/releng/fedora-rawhide-pungi-i386.cfg new file mode 100644 index 0000000000..0dfc726923 --- /dev/null +++ b/files/releng/fedora-rawhide-pungi-i386.cfg @@ -0,0 +1,33 @@ +config_opts['root'] = 'fedora-rawhide-pungi-i386' +config_opts['target_arch'] = 'i386' +config_opts['chroot_setup_cmd'] = 'install @buildsys-build vim-enhanced pungi' +config_opts['dist'] = 'fc16' # only useful for --resultdir variable subst +config_opts['plugin_conf']['root_cache_enable'] = False +config_opts['internal_dev_setup'] = False +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/srv/pungi', '/srv/pungi' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev', '/dev' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/koji', '/mnt/koji' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/fedora_koji', '/mnt/fedora_koji' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/pub/fedora', '/pub/fedora' )) + +config_opts['yum.conf'] = """ +[main] +cachedir=/var/cache/yum +debuglevel=1 +reposdir=/dev/null +logfile=/var/log/yum.log +retries=20 +obsoletes=1 +gpgcheck=0 +assumeyes=1 + +# repos + +[fedora] +name=fedora +baseurl=http://kojipkgs.fedoraproject.org/mash/rawhide/i386/os + +[buildroot] +name=buildroot +baseurl=http://kojipkgs.fedoraproject.org/repos/f20-build/latest/i386/ +""" diff --git a/files/releng/fedora-rawhide-pungi-x86_64.cfg b/files/releng/fedora-rawhide-pungi-x86_64.cfg new file mode 100644 index 0000000000..333e10fc5a --- /dev/null +++ b/files/releng/fedora-rawhide-pungi-x86_64.cfg @@ -0,0 +1,36 @@ +config_opts['root'] = 'fedora-rawhide-pungi-x86_64' +config_opts['target_arch'] = 'x86_64' +config_opts['chroot_setup_cmd'] = 'install @buildsys-build vim-enhanced pungi' +config_opts['dist'] = 'fc16' # only useful for --resultdir variable subst +config_opts['plugin_conf']['root_cache_enable'] = False +config_opts['internal_dev_setup'] = False +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/srv/pungi', '/srv/pungi' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev', '/dev' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/koji', '/mnt/koji' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/fedora_koji', '/mnt/fedora_koji' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/pub/fedora', '/pub/fedora' )) + +config_opts['yum.conf'] = """ +[main] +cachedir=/var/cache/yum +debuglevel=1 +reposdir=/dev/null +logfile=/var/log/yum.log +retries=20 +obsoletes=1 +gpgcheck=0 +assumeyes=1 +# grub/syslinux on x86_64 need glibc-devel.i386 which pulls in glibc.i386, need to exclude all +# .i?86 packages except these. +exclude=[!g]*.i*86 g[!l]*.i?86 gl[!i]*.i?86 gli[!b]*.i?86 glib[!c]*.i?86 + +# repos + +[fedora] +name=fedora +baseurl=http://kojipkgs.fedoraproject.org/mash/rawhide/x86_64/os + +[buildroot] +name=buildroot +baseurl=http://kojipkgs.fedoraproject.org/repos/f20-build/latest/x86_64/ +""" diff --git a/roles/releng/files/mash/masher.config b/files/releng/mash/masher.config similarity index 100% rename from roles/releng/files/mash/masher.config rename to files/releng/mash/masher.config diff --git a/roles/releng/files/mash/masher.id_rsa.pub b/files/releng/mash/masher.id_rsa.pub similarity index 100% rename from roles/releng/files/mash/masher.id_rsa.pub rename to files/releng/mash/masher.id_rsa.pub diff --git a/files/releng/rawhide b/files/releng/rawhide new file mode 100644 index 0000000000..679b4a784f --- /dev/null +++ b/files/releng/rawhide @@ -0,0 +1,3 @@ +# rawhide compose +MAILTO=releng-cron@lists.fedoraproject.org +15 5 * * * masher TMPDIR=`mktemp -d /tmp/rawhide.XXXXXX` && cd $TMPDIR && git clone -n git://git.fedorahosted.org/releng && cd releng && git checkout -b stable rawhide-stable && LANG=en_US.UTF-8 ./scripts/buildrawhide $(date "+\%Y\%m\%d") && sudo -u ftpsync /usr/local/bin/update-fullfilelist fedora diff --git a/files/releng/relengpush b/files/releng/relengpush deleted file mode 100755 index 0b8cae74f4..0000000000 --- a/files/releng/relengpush +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -# This file exists to facilitate fully automated mass rebuilds without relying -# on user intervention or an individual users's account permissions -sudo /usr/local/bin/relengpush-int $@ \ No newline at end of file diff --git a/files/releng/relengpush-int b/files/releng/relengpush-int deleted file mode 100755 index 5fbd2957de..0000000000 --- a/files/releng/relengpush-int +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -# This file exists to facilitate fully automated mass rebuilds without relying -# on user intervention or an individual users's account permissions -ssh -i /etc/pki/releng $@ \ No newline at end of file diff --git a/files/releng/update-fullfilelist b/files/releng/update-fullfilelist new file mode 100755 index 0000000000..0302c6a5b6 --- /dev/null +++ b/files/releng/update-fullfilelist @@ -0,0 +1,20 @@ +#!/bin/bash + +# currently runs on releng2.fedora.phx.redhat.com + +MOD=$1 +[ -z "$MOD" ] && { + echo "usage: $0 " + exit 1 +} + +TMPFILE=$(mktemp -p /tmp/) +pushd /pub/$MOD > /dev/null +find * -print > $TMPFILE +if diff $TMPFILE fullfilelist > /dev/null; then + rm -f $TMPFILE +else + mv $TMPFILE fullfilelist +fi +chmod 0644 fullfilelist +popd > /dev/null diff --git a/files/scripts/confine-ssh.sh b/files/scripts/confine-ssh.sh deleted file mode 100644 index 07a448fc46..0000000000 --- a/files/scripts/confine-ssh.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh -# Confine ssh commands -case "$SSH_ORIGINAL_COMMAND" in -*\&*) -echo "Rejected" -;; -*\;*) -echo "Rejected" -;; -rsync\ --server\ --sender*) -$SSH_ORIGINAL_COMMAND -;; -*) -echo "Rejected" -;; -esac diff --git a/files/scripts/create-filelist b/files/scripts/create-filelist deleted file mode 100644 index d71add8d6e..0000000000 --- a/files/scripts/create-filelist +++ /dev/null @@ -1,216 +0,0 @@ -#!/usr/bin/python3 - -# A simple script to generate a file list in a format easily consumable by a -# shell script. - -# Originally written by Jason Tibbitts in 2016. -# Donated to the public domain. If you require a statement of license, please -# consider this work to be licensed as "CC0 Universal", any version you choose. - -import argparse -import hashlib -import os -import stat -import sys - -# Get scandir from whatever module provides it today -try: - from os import scandir -except ImportError: - from scandir import scandir - -# productmd is optional, needed only for the imagelist feature -try: - from productmd.images import SUPPORTED_IMAGE_FORMATS -except ImportError: - SUPPORTED_IMAGE_FORMATS = [] - - -CHECKSUM_ALGORITHMS = ("sha1", "md5", "sha256", "sha512") - - -class SEntry(object): - """A simpler DirEntry-like object.""" - - def __init__(self, direntry, restricted=False): - self.direntry = direntry - self.restricted = restricted - self.path = direntry.path - self.name = direntry.name - - info = direntry.stat(follow_symlinks=False) - # Make sure we have an int here. Whether the stat calls give us ints - # or floats depends on the python version, and the extra precision - # isn't really helpful. - self.modtime = int(max(info.st_mtime, info.st_ctime)) - self.readable_group = info.st_mode & stat.S_IRGRP - self.readable_world = info.st_mode & stat.S_IROTH - self.size = info.st_size - - ftype = 'f' - perm = '' - if direntry.is_symlink(): - ftype = 'l' - elif direntry.is_dir(): - ftype = 'd' - - if self.restricted: - perm = '*' - - # Note that we want an unreadable state to override the restricted state - if not self.readable_world: - perm = '-' - - self.ftype = ftype + perm - - -def get_checksum(algo, fname): - """Return the checksum of a file in hex.""" - fh = open(fname, 'rb') - hasher = getattr(hashlib, algo)() - block = fh.read(2 ** 16) - while len(block) > 0: - hasher.update(block) - block = fh.read(2 ** 16) - - return hasher.hexdigest() - - -def recursedir(path='.', skip=[], alwaysskip=['.~tmp~'], in_restricted=False): - """Like scandir, but recursively. - - Will skip everything in the skip array, but only at the top level - directory. - - Returns SEntry objects. If in_restricted is true, all returned entries will - be marked as restricted even if their permissions are not restricted. - """ - for dentry in scandir(path): - if dentry.name in skip: - continue - if dentry.name in alwaysskip: - continue - if dentry.name.startswith('.nfs'): - continue - - # Skip things which are not at least group readable - # Symlinks are followed here so that clients won't see dangling - # symlinks to content they can't transfer. It's the default, but to - # avoid confusion it's been made explicit. - try: - s = dentry.stat(follow_symlinks=True) - except os.error: - print('Could not stat {0}. Dangling symlink?'.format(dentry.name), file=sys.stderr) - continue - - if not (s.st_mode & stat.S_IRGRP): - # print('{} is not group readable; skipping.'.format(dentry.path)) - continue - - se = SEntry(dentry, in_restricted) - if dentry.is_dir(follow_symlinks=False): - this_restricted = in_restricted - if not se.readable_world: - # print('{} is not world readable; marking as restricted.'.format(se.path), file=sys.stderr) - this_restricted = True - - # Don't pass skip here, because we only skip in the top level - for re in recursedir(se.path, alwaysskip=alwaysskip, in_restricted=this_restricted): - yield re - yield se - - -def write_checksum_section(algo, files, output): - print('\n[Checksums {}]'.format(algo.upper()), file=output) - - # It's OK if the checksum section is empty, but we should include it anyway - # as the client expects it. - for f in sorted(files): - print('{0}\t{1}'.format(get_checksum(algo, f), f), file=output) - - -def parseopts(): - null = open(os.devnull, 'w') - p = argparse.ArgumentParser( - description='Generate a list of files and times, suitable for consumption by quick-fedora-mirror, ' - 'and (optionally) a much smaller list of only files that match one of the productmd ' - ' supported image types, for use by fedfind.') - p.add_argument('-c', '--checksum', action='store_true', - help='Include checksums of all repomd.xml files in the file list.') - p.add_argument('-C', '--checksum-file', action='append', dest='checksum_files', - help='Include checksums of all instances of the specified file.') - p.add_argument('-s', '--skip', action='store_true', - help='Skip the file lists in the top directory') - p.add_argument('-S', '--skip-file', action='append', dest='skip_files', - help='Skip the specified file in the top directory.') - - p.add_argument('-d', '--dir', help='Directory to scan (default: .).') - - p.add_argument('-t', '--timelist', type=argparse.FileType('w'), default=sys.stdout, - help='Filename of the file list with times (default: stdout).') - p.add_argument('-f', '--filelist', type=argparse.FileType('w'), default=null, - help='Filename of the file list without times (default: no plain file list is generated).') - p.add_argument('-i', '--imagelist', type=argparse.FileType('w'), default=null, - help='Filename of the image file list for fedfind (default: not generated). Requires ' - 'the productmd library.') - - opts = p.parse_args() - - if not opts.dir: - opts.dir = '.' - - opts.checksum_files = opts.checksum_files or [] - if opts.checksum: - opts.checksum_files += ['repomd.xml'] - - opts.skip_files = opts.skip_files or [] - if opts.skip: - if not opts.timelist.name == '': - opts.skip_files += [os.path.basename(opts.timelist.name)] - if not opts.filelist.name == '': - opts.skip_files += [os.path.basename(opts.filelist.name)] - if not opts.imagelist.name == '': - opts.skip_files += [os.path.basename(opts.imagelist.name)] - - return opts - - -def main(): - opts = parseopts() - if opts.imagelist.name != os.devnull and not SUPPORTED_IMAGE_FORMATS: - sys.exit("--imagelist requires the productmd library!") - checksums = {} - - os.chdir(opts.dir) - - print('[Version]', file=opts.timelist) - # XXX Technically this should be version 3. But old clients will simply - # ignore the extended file types for restricted directories, and so we can - # add this now and let things simmer for a while before bumping the format - # and hard-breaking old clients. - print('2', file=opts.timelist) - print(file=opts.timelist) - print('[Files]', file=opts.timelist) - - for entry in recursedir(skip=opts.skip_files): - print(entry.path, file=opts.filelist) - - # write to filtered list if appropriate - imgs = ['.{0}'.format(form) for form in SUPPORTED_IMAGE_FORMATS] - if any(entry.path.endswith(img) for img in imgs): - print(entry.path, file=opts.imagelist) - if entry.name in opts.checksum_files: - checksums[entry.path[2:]] = True - - print('{0}\t{1}\t{2}\t{3}'.format(entry.modtime, entry.ftype, - entry.size, entry.path[2:]), - file=opts.timelist) - - for algo in CHECKSUM_ALGORITHMS: - write_checksum_section(algo, checksums, opts.timelist) - - print('\n[End]', file=opts.timelist) - - -if __name__ == '__main__': - main() diff --git a/files/scripts/create-filelist.py2 b/files/scripts/create-filelist.py2 deleted file mode 100644 index 5491856a9c..0000000000 --- a/files/scripts/create-filelist.py2 +++ /dev/null @@ -1,209 +0,0 @@ -#!/usr/bin/python -from __future__ import print_function - -# A simple script to generate a file list in a format easily consumable by a -# shell script. - -# Originally written by Jason Tibbitts in 2016. -# Donated to the public domain. If you require a statement of license, please -# consider this work to be licensed as "CC0 Universal", any version you choose. - -import argparse -import hashlib -import os -import stat -import sys - -# Get scandir from whatever module provides it today -try: - from os import scandir -except ImportError: - from scandir import scandir - -# productmd is optional, needed only for the imagelist feature -try: - from productmd.images import SUPPORTED_IMAGE_FORMATS -except ImportError: - SUPPORTED_IMAGE_FORMATS = [] - - -class SEntry(object): - """A simpler DirEntry-like object.""" - - def __init__(self, direntry, restricted=False): - self.direntry = direntry - self.restricted = restricted - self.path = direntry.path - self.name = direntry.name - - info = direntry.stat(follow_symlinks=False) - # Make sure we have an int here. Whether the stat calls give us ints - # or floats depends on the python version, and the extra precision - # isn't really helpful. - self.modtime = int(max(info.st_mtime, info.st_ctime)) - self.readable_group = info.st_mode & stat.S_IRGRP - self.readable_world = info.st_mode & stat.S_IROTH - self.size = info.st_size - - ftype = 'f' - perm = '' - if direntry.is_symlink(): - ftype = 'l' - elif direntry.is_dir(): - ftype = 'd' - - if self.restricted: - perm = '*' - - # Note that we want an unreadable state to override the restricted state - if not self.readable_world: - perm = '-' - - self.ftype = ftype + perm - - -def sha1(fname): - """Return the SHA1 checksum of a file in hex.""" - fh = open(fname, 'rb') - sha1 = hashlib.sha1() - block = fh.read(2 ** 16) - while len(block) > 0: - sha1.update(block) - block = fh.read(2 ** 16) - - return sha1.hexdigest() - - -def recursedir(path='.', skip=[], alwaysskip=['.~tmp~'], in_restricted=False): - """Like scandir, but recursively. - - Will skip everything in the skip array, but only at the top level - directory. - - Returns SEntry objects. If in_restricted is true, all returned entries will - be marked as restricted even if their permissions are not restricted. - """ - for dentry in scandir(path): - if dentry.name in skip: - continue - if dentry.name in alwaysskip: - continue - if dentry.name.startswith('.nfs'): - continue - - # Skip things which are not at least group readable - # Symlinks are followed here so that clients won't see dangling - # symlinks to content they can't transfer. It's the default, but to - # avoid confusion it's been made explicit. - try: - s = dentry.stat(follow_symlinks=True) - except os.error: - print('Could not stat {0}. Dangling symlink?'.format(dentry.name), file=sys.stderr) - continue - - if not (s.st_mode & stat.S_IRGRP): - # print('{} is not group readable; skipping.'.format(dentry.path)) - continue - - se = SEntry(dentry, in_restricted) - if dentry.is_dir(follow_symlinks=False): - this_restricted = in_restricted - if not se.readable_world: - # print('{} is not world readable; marking as restricted.'.format(se.path), file=sys.stderr) - this_restricted = True - - # Don't pass skip here, because we only skip in the top level - for re in recursedir(se.path, alwaysskip=alwaysskip, in_restricted=this_restricted): - yield re - yield se - - -def parseopts(): - null = open(os.devnull, 'w') - p = argparse.ArgumentParser( - description='Generate a list of files and times, suitable for consumption by quick-fedora-mirror, ' - 'and (optionally) a much smaller list of only files that match one of the productmd ' - ' supported image types, for use by fedfind.') - p.add_argument('-c', '--checksum', action='store_true', - help='Include checksums of all repomd.xml files in the file list.') - p.add_argument('-C', '--checksum-file', action='append', dest='checksum_files', - help='Include checksums of all instances of the specified file.') - p.add_argument('-s', '--skip', action='store_true', - help='Skip the file lists in the top directory') - p.add_argument('-S', '--skip-file', action='append', dest='skip_files', - help='Skip the specified file in the top directory.') - - p.add_argument('-d', '--dir', help='Directory to scan (default: .).') - - p.add_argument('-t', '--timelist', type=argparse.FileType('w'), default=sys.stdout, - help='Filename of the file list with times (default: stdout).') - p.add_argument('-f', '--filelist', type=argparse.FileType('w'), default=null, - help='Filename of the file list without times (default: no plain file list is generated).') - p.add_argument('-i', '--imagelist', type=argparse.FileType('w'), default=null, - help='Filename of the image file list for fedfind (default: not generated). Requires ' - 'the productmd library.') - - opts = p.parse_args() - - if not opts.dir: - opts.dir = '.' - - opts.checksum_files = opts.checksum_files or [] - if opts.checksum: - opts.checksum_files += ['repomd.xml'] - - opts.skip_files = opts.skip_files or [] - if opts.skip: - if not opts.timelist.name == '': - opts.skip_files += [os.path.basename(opts.timelist.name)] - if not opts.filelist.name == '': - opts.skip_files += [os.path.basename(opts.filelist.name)] - if not opts.imagelist.name == '': - opts.skip_files += [os.path.basename(opts.imagelist.name)] - - return opts - - -def main(): - opts = parseopts() - if opts.imagelist.name != os.devnull and not SUPPORTED_IMAGE_FORMATS: - sys.exit("--imagelist requires the productmd library!") - checksums = {} - - os.chdir(opts.dir) - - print('[Version]', file=opts.timelist) - # XXX Technically this should be version 3. But old clients will simply - # ignore the extended file types for restricted directories, and so we can - # add this now and let things simmer for a while before bumping the format - # and hard-breaking old clients. - print('2', file=opts.timelist) - print(file=opts.timelist) - print('[Files]', file=opts.timelist) - - for entry in recursedir(skip=opts.skip_files): - print(entry.path, file=opts.filelist) - - # write to filtered list if appropriate - imgs = ['.{0}'.format(form) for form in SUPPORTED_IMAGE_FORMATS] - if any(entry.path.endswith(img) for img in imgs): - print(entry.path, file=opts.imagelist) - if entry.name in opts.checksum_files: - checksums[entry.path[2:]] = True - - print('{0}\t{1}\t{2}\t{3}'.format(entry.modtime, entry.ftype, - entry.size, entry.path[2:]), - file=opts.timelist) - - print('\n[Checksums SHA1]', file=opts.timelist) - - # It's OK if the checksum section is empty, but we should include it anyway - # as the client expects it. - for f in sorted(checksums): - print('{0}\t{1}'.format(sha1(f), f), file=opts.timelist) - - print('\n[End]', file=opts.timelist) - - -if __name__ == '__main__': - main() diff --git a/files/scripts/fix-home-fedora-ownerships.sh b/files/scripts/fix-home-fedora-ownerships.sh deleted file mode 100755 index ff84c85e37..0000000000 --- a/files/scripts/fix-home-fedora-ownerships.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -for dname in */; do - dname="${dname%%/}" - downer="$(stat --format %U "$dname")" - # skip directories owned by root - if [ "$downer" = "root" ]; then - continue - fi - # verify that the directory actually is the home directory of the same-named user - IFS=":" read -r _ _ _ _ _ homedir _ < <(getent passwd "$dname") - if [ "$homedir" != "/home/fedora/$dname" ]; then - continue - fi - echo "fixing ownership: $dname" - chown -R "$dname:" "$dname" -done diff --git a/files/scripts/jobs-summary b/files/scripts/jobs-summary deleted file mode 100644 index 79d056b44f..0000000000 --- a/files/scripts/jobs-summary +++ /dev/null @@ -1,146 +0,0 @@ -#!/usr/bin/env python3 -# vim: set et ts=4 sw=4 si - -import json -import os -import sys -import datetime -from argparse import ArgumentParser -from enum import Enum -from subprocess import run, PIPE - - -class TermHandler(type): - - def is_tty(cls): - if "NO_COLOR" in os.environ: - return False - if "FORCE_COLOR" in os.environ: - return True - return sys.stdout.isatty() - - def __getattr__(cls, name): - if cls.is_tty(): - return getattr(cls, f"_{name}") - else: - return "" - - -class Color(metaclass=TermHandler): - _END = '\033[0m' - _HEADER = '\033[95m' - _OKBLUE = '\033[94m' - _OKCYAN = '\033[96m' - _OKGREEN = '\033[92m' - _WARNING = '\033[93m' - _FAIL = '\033[91m' - _BOLD = '\033[1m' - _UNDERLINE = '\033[4m' - - # def __getattribute__(self, name): - # print("Calling __getattribute__") - # return object.__getattribute__(self, f"_{name}") - - -class Status(Enum): - ACTIVE = f"{Color.OKBLUE}ACTIVE{Color.END}" - FAILED = f"{Color.FAIL}FAILED{Color.END}" - DONE = f"{Color.OKGREEN}DONE{Color.END}" - UNKNOWN = f"{Color.WARNING}UNKNOWN{Color.END}" - - -def fromisoformat(date_string): - try: - return datetime.datetime.fromisoformat(date_string.rstrip("Z")) - except AttributeError: - return datetime.datetime( - year=int(date_string[0:4]), - month=int(date_string[5:7]), - day=int(date_string[8:10]), - hour=int(date_string[11:13]), - minute=int(date_string[14:16]), - second=int(date_string[17:19]), - ) - - -def get_duration(date_string, until=None): - until = fromisoformat(until) if until is not None else datetime.datetime.now() - date = fromisoformat(date_string) - duration = int((until - date).total_seconds()) - hours = int(duration / 3600) - minutes = int((duration % 3600) / 60) - seconds = int(duration % 60) - output = [ - f"{hours}h" if hours else "", - f"{minutes}m" if minutes else "", - f"{seconds}s" if seconds else "", - ] - return "".join(output) - - -def parse_json_output(project_name): - jobs = {} - statuses = {} - result = run(["oc", "-n", project_name, "get", "jobs", "--sort-by=.metadata.creationTimestamp", "-o", "json"], stdout=PIPE, check=True, universal_newlines=True) - result = json.loads(result.stdout) - for job in result["items"]: - try: - cronjob = list([ref["name"] for ref in job["metadata"]["ownerReferences"] if ref["kind"] == "CronJob"])[0] - except (KeyError, IndexError): - continue - full_name = job["metadata"]["name"] - jobs[cronjob] = full_name - details = None - if job["status"].get("active", 0) > 0: - status = Status.ACTIVE - duration = get_duration(job['status']['startTime']) - details = f"for {duration}" - failures = job["status"].get("failed", 0) - if failures > 0: - details += f" {Color.WARNING}(failed {failures} time{'s' if failures > 1 else ''}, was restarted){Color.END}" - elif job["status"].get("failed", 0) > 0: - status = Status.FAILED - try: - completed = job['status']['conditions'][0]['lastTransitionTime'] - except KeyError: - pass - else: - at = get_duration(completed) - duration = get_duration(job['status']['startTime'], completed) - details = f"{at} ago, ran for {duration}" - elif job["status"].get("succeeded") == job["spec"]["completions"]: - status = Status.DONE - completed = job['status']['completionTime'] - at = get_duration(completed) - duration = get_duration(job['status']['startTime'], completed) - details = f"{at} ago, ran for {duration}" - else: - status = Status.UNKNOWN - statuses[cronjob] = (status, details) - return jobs, statuses - - -def project_report(project_name): - jobs, statuses = parse_json_output(project_name) - for name in sorted(jobs): - full_name = jobs[name] - status, details = statuses[name] - showlogs = f"oc -n {project_name} logs job/{full_name}" - if status == Status.ACTIVE: - showlogs += " -f --since 1s" - else: - showlogs += " | less" - print(f"{Color.BOLD}→ {name}:{Color.END} {status.value} {details or ''}") - print(showlogs) - - -def main(): - parser = ArgumentParser() - parser.add_argument("project_name", nargs="+") - args = parser.parse_args() - for project_name in args.project_name: - project_report(project_name) - - -if __name__ == "__main__": - main() diff --git a/files/scripts/linuxsystemroles-logs-clean b/files/scripts/linuxsystemroles-logs-clean deleted file mode 100755 index cca129c376..0000000000 --- a/files/scripts/linuxsystemroles-logs-clean +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/bash -# -# Contact: -# Email: systemroles-owner@lists.fedorahosted.org -# IRC/matrix: #systemroles - @all - irc.libera.chat - -set -euo pipefail - -AGE_IN_DAYS=${AGE_IN_DAYS:-183} -newest_date=$(date --date="${AGE_IN_DAYS} days ago" +%Y%m%d) - -function normalize_image_name() { - if [[ "${1:-}" =~ ^(RHEL-[[:digit:]]+\.[[:digit:]]+)[.-]([[:alnum:]._-]+)?$ ]]; then - echo "${BASH_REMATCH[1]}" - else - echo "${1:-}" - fi -} - -if [ -z "${1:-}" ]; then - echo "Need a directory to pushd in" >&2 - exit 1 -fi - -pushd "${1}" - -find -maxdepth 1 -type d | while read dir; do - # Case: linux-system-roles-certificate-pull-linux-system-roles_certificate-80-4f880f7-rhel-x-20210305-152227 - if [[ "${dir}" =~ ^./linux-system-roles-[[:alnum:]._-]+-pull-linux-system-roles_([[:alnum:]._-]+)-[[:digit:]]+-([[:xdigit:]]+|HEAD)-([[:alnum:]._-]+)-([[:digit:]]+)-([[:digit:]]+)$ ]]; then - echo "${BASH_REMATCH[1]}" "$(normalize_image_name "${BASH_REMATCH[3]}")" "${BASH_REMATCH[4]}" "${BASH_REMATCH[5]}" "${dir}" - # Case: lsr-citool_bootloader-19-0f14842_20220104-080416 - elif [[ "${dir}" =~ ^./lsr-citool_([[:alnum:]._-]+)-[[:digit:]]+-([[:xdigit:]]+|HEAD)_([[:digit:]]+)-([[:digit:]]+)$ ]]; then - echo "${BASH_REMATCH[1]}" "unknown" "${BASH_REMATCH[3]}" "${BASH_REMATCH[4]}" "${dir}" - # Case: lsr-citool_certificate-132-212741b_RHEL-9.1.0-20220814.1_20220818-223408 - elif [[ "${dir}" =~ ^./lsr-citool_([[:alnum:]._-]+)-[[:digit:]]+-([[:xdigit:]]+|HEAD)_([[:alnum:]._-]+)_([[:digit:]]+)-([[:digit:]]+)$ ]]; then - echo "${BASH_REMATCH[1]}" "$(normalize_image_name "${BASH_REMATCH[3]}")" "${BASH_REMATCH[4]}" "${BASH_REMATCH[5]}" "${dir}" - # Case: lsr-citool_network-509-82dd06b_RHEL-6.10-updates-20201110.17 - elif [[ "${dir}" =~ ^./lsr-citool_([[:alnum:]._-]+)-[[:digit:]]+-([[:xdigit:]]+|HEAD)_([[:alnum:]._-]+)$ ]]; then - tmod="$(stat -c %Y "${dir}")" - tmod="$(date --date="@${tmod}" +'%Y%m%d %H%M%S')" - echo "${BASH_REMATCH[1]}" "$(normalize_image_name "${BASH_REMATCH[3]}")" "${tmod}" "${dir}" - # Case: lsr-citool_* (artifacts of early lsr-citool development) - elif [[ "${dir}" =~ ^./lsr-citool_.*$ ]]; then - tmod="$(stat -c %Y "${dir}")" - tmod="$(date --date="@${tmod}" +'%Y%m%d %H%M%S')" - echo unknown unknown "${tmod}" "${dir}" - fi -done | sort -n -r | while read role image date time dir; do - # `sort -n -r` ensures that the most recent log for $role $image is on the top - if [[ "${role}" = unknown && "${date}" -lt "${newest_date}" ]]; then - # Let not artifacts of early stage of lsr-citool development to rot forever - rm -rf "${dir}" - continue - fi - latest_file=".latest_${role}_${image}" - if [[ -f "${latest_file}" ]]; then - # Latest log for $role $image seen already - if [[ "${date}" -lt "${newest_date}" ]]; then - rm -rf "${dir}" - fi - else - echo keeping ${role} ${image} ${date} ${time} ${dir} - echo "${dir}" > "${latest_file}" - fi -done -rm -rf .latest_* - -popd diff --git a/files/scripts/linuxsystemroles-logs-clean.test b/files/scripts/linuxsystemroles-logs-clean.test deleted file mode 100755 index 81d590dd52..0000000000 --- a/files/scripts/linuxsystemroles-logs-clean.test +++ /dev/null @@ -1,417 +0,0 @@ -#!/bin/bash -# -# Test `linuxsystemroles-logs-clean` script. -# -# Usage: ./linuxsystemroles-logs-clean.test -# -# Expects `linuxsystemroles-logs-clean` script in the same directory. - -set -euo pipefail - -: <<_EOF_ - -Roles (as found in log names at /srv/pub/alt/linuxsystemroles/logs): - "ad_integration" - "bootloader" - "certificate" - "ci-test" - "ci-testing" - "cockpit" - "crypto_policies" - "firewall" - "ha_cluster" - "kdump" - "kernel_settings" - "logging" - "metrics" - "mssql" - "nbde_client" - "nbde_server" - "network" - "podman" - "postfix" - "postgresql" - "rhc" - "selinux" - "ssh" - "storage" - "timesync" - "tlog" - "tuned" - "vpn" - -Images (as found in log names at /srv/pub/alt/linuxsystemroles/logs): - "centos-6" - "centos-7" - "centos-8" - "fedora-33" - "fedora-34" - "fedora-35" - "rhel-6" - "rhel-7" - "rhel-8" - "rhel-8-y" - "rhel-x" - "CentOS-7-latest" - "CentOS-Stream-8" - "Fedora-36" - "Fedora-37" - "RHEL-6.10-updates-20201110.17" - "RHEL-7.9-updates-20221012.4" - "RHEL-8.8.0-20221211.0" - "RHEL-9.2.0-20221212.0" - -_EOF_ - -ME="$(basename ${0})" -HERE="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)" -NOW="$(date +'%Y-%m-%d %H:%M:%S')" -TEMPDIR="$(mktemp -d /var/tmp/${ME}.XXXXXXXXXX)" -STATUS=0 - -trap "rm -rf ${TEMPDIR}" ABRT EXIT HUP INT QUIT TERM - -## -# failure - report test's failure and set STATUS to 1 -# -# Parameters: -# $1 - message -# -function failure() { - echo $* >&2 - STATUS=1 -} - -## -# error - report an error and exit with 2 -# -# Parameters: -# $1 - message -# -function error() { - echo $* >&2 - exit 2 -} - -## -# log_1_name - generate a name of a directory with logs -# -# Parameters: -# $1 - role name -# $2 - pull request number -# $3 - commit hash -# $4 - image name -# $5 - date -# $6 - time -# -function log_1_name() { - echo "linux-system-roles-${1}-pull-linux-system-roles_${1}-${2}-${3}-${4}-${5}-${6}" -} - -## -# log_2_name - see log_1_name -# -function log_2_name() { - if [[ -z "${4:-}" ]]; then - echo "lsr-citool_${1}-${2}-${3}_${5}-${6}" - elif [[ -z "${5:-}" || -z "${6:-}" ]]; then - echo "lsr-citool_${1}-${2}-${3}_${4}" - else - echo "lsr-citool_${1}-${2}-${3}_${4}_${5}-${6}" - fi -} - -## -# log_3_name - see log_1_name -# -function log_3_name() { - # Produced by early stage of development of lsr-citool - echo "lsr-citool_ci-tt" -} - -## -# log_4_name - see log_1_name -# -function log_4_name() { - # Produced by early stage of development of lsr-citool - echo "lsr-citool_repoName-7-54sd5fsd_${5}-${6}" -} - -## -# stay - decides whether log should stay or be removed (auxiliary function -# used by prep_test) -# -# Parameters: -# $1 - days ago divided by 10 (integer division) -# -function stay() { - if [[ ${1:-0} -ge 18 ]]; then - echo 0 - else - echo 1 - fi -} - -## -# stay3 - decides which group of logs should stay (see prep_test) -# -# Parameters: -# $1 - group A days ago divided by 10 (integer division) -# $2 - group B days ago divided by 10 (integer division) -# $3 - group C days ago divided by 10 (integer division) -# $4 - selector -# -function stay3() { - local A="$(stay "${1:-}")" - local B="$(stay "${2:-}")" - local C="$(stay "${3:-}")" - - # It is assumed that group A is younger than group B is younger than group C - # (see prep_test). Thus, A should stay if all groups are deletion candidates - if [[ "${A}${B}${C}" = "000" ]]; then - A=1 - fi - - case "${4:-}" in - A) echo "${A}";; - B) echo "${B}";; - C) echo "${C}";; - *) error "stay3: Invalid selector (${4:-})";; - esac -} - -## -# create_log - create a log -# -# Options: -# -n - do not include time stamp into log name -# -# Parameters: -# $1 - log name generator -# $2 - role name -# $3 - pull request number -# $4 - commit hash -# $5 - image name -# $6 - time ago (___) -# $7 - stay flag (1 - log should stay, 0 - log should be removed) -# -function create_log() { - local INCLUDE_STAMP=1 - local LOG_STAMP="" - local LOG_DATE="" - local LOG_TIME="" - local LOG_NAME="" - local TEMP="" - - if [[ "X${1:-}" = X-n ]]; then - INCLUDE_STAMP=0 - shift - fi - - if [[ "${6:-}" =~ ^([[:digit:]]+)_([[:digit:]]+)_([[:digit:]]+)_([[:digit:]]+)$ ]]; then - if [[ "${BASH_REMATCH[1]}" -gt 0 ]]; then - TEMP+="${BASH_REMATCH[1]} days ago " - fi - if [[ "${BASH_REMATCH[2]}" -gt 0 ]]; then - TEMP+="${BASH_REMATCH[2]} hours ago " - fi - if [[ "${BASH_REMATCH[3]}" -gt 0 ]]; then - TEMP+="${BASH_REMATCH[3]} minutes ago " - fi - if [[ "${BASH_REMATCH[4]}" -gt 0 ]]; then - TEMP+="${BASH_REMATCH[4]} seconds ago " - fi - LOG_STAMP="$(date --date="${NOW} ${TEMP}" +'%Y-%m-%d %H:%M:%S')" - LOG_DATE="$(date --date="${LOG_STAMP}" +%Y%m%d)" - LOG_TIME="$(date --date="${LOG_STAMP}" +%H%M%S)" - else - error "create_log: Invalid time ago (${6:-})" - fi - - if [[ ${INCLUDE_STAMP} -eq 1 ]]; then - LOG_NAME="$(${1} "${2}" "${3}" "${4}" "${5}" ${LOG_DATE} ${LOG_TIME})" - else - LOG_NAME="$(${1} "${2}" "${3}" "${4}" "${5}" "" "")" - fi - - mkdir -p ${TEMPDIR}/logs/${LOG_NAME} - echo log > ${TEMPDIR}/logs/${LOG_NAME}/log - - touch --date="${LOG_STAMP}" ${TEMPDIR}/logs/${LOG_NAME}/log ${TEMPDIR}/logs/${LOG_NAME} - - echo ${7} ${LOG_NAME} >> ${TEMPDIR}/assertions -} - -## -# prep_test - prepare a test directory -# -# Parameters: -# $1 - A-group age (1 - young, 0 - old) -# $2 - B-group age (1 - young, 0 - old) -# $3 - C-group age (1 - young, 0 - old) -# $4 - D-group age (1 - young, 0 - old) -# -function prep_test() { - local A="" - local B="" - local C="" - local D="" - - if [[ ${1:-1} -eq 0 ]]; then - A=20 - fi - if [[ ${2:-1} -eq 0 ]]; then - B=20 - fi - if [[ ${3:-1} -eq 0 ]]; then - C=20 - fi - if [[ ${4:-1} -eq 0 ]]; then - D=20 - fi - - create_log log_1_name certificate 0 HEAD centos-8 ${A}5_0_0_0 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_1_name certificate 0 HEAD rhel-8-y ${A}5_0_0_5 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_1_name certificate 0 HEAD rhel-x ${A}5_0_0_10 $(stay3 "${A}" "${B}" "${C}" A) - - create_log log_1_name certificate 1 3dbef8b centos-8 ${B}5_0_5_0 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_1_name certificate 1 3dbef8b rhel-8-y ${B}5_0_5_5 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_1_name certificate 1 3dbef8b rhel-x ${B}5_0_5_10 $(stay3 "${A}" "${B}" "${C}" B) - - create_log log_1_name certificate 15 0c2a97e centos-8 ${C}5_0_10_0 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_1_name certificate 15 0c2a97e rhel-8-y ${C}5_0_10_5 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_1_name certificate 15 0c2a97e rhel-x ${C}5_0_10_10 $(stay3 "${A}" "${B}" "${C}" C) - - create_log log_1_name network 127 2936b72 fedora-35 ${A}5_0_1_0 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_1_name network 127 2936b72 rhel-6 ${A}5_0_1_5 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_1_name network 127 2936b72 rhel-x ${A}5_0_1_10 $(stay3 "${A}" "${B}" "${C}" A) - - create_log log_1_name network 136 5480c71 fedora-35 ${B}5_0_6_0 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_1_name network 136 5480c71 rhel-6 ${B}5_0_6_5 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_1_name network 136 5480c71 rhel-x ${B}5_0_6_10 $(stay3 "${A}" "${B}" "${C}" B) - - create_log log_1_name network 201 c09573b fedora-35 ${C}5_0_11_0 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_1_name network 201 c09573b rhel-6 ${C}5_0_11_5 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_1_name network 201 c09573b rhel-x ${C}5_0_11_10 $(stay3 "${A}" "${B}" "${C}" C) - - create_log log_1_name timesync 17 ec8e4f4 centos-6 ${A}5_0_2_0 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_1_name timesync 17 ec8e4f4 fedora-34 ${A}5_0_2_5 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_1_name timesync 17 ec8e4f4 rhel-7 ${A}5_0_2_10 $(stay3 "${A}" "${B}" "${C}" A) - - create_log log_1_name timesync 22 41265d0 centos-6 ${B}5_0_7_0 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_1_name timesync 22 41265d0 fedora-34 ${B}5_0_7_5 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_1_name timesync 22 41265d0 rhel-7 ${B}5_0_7_10 $(stay3 "${A}" "${B}" "${C}" B) - - create_log log_1_name timesync 99 f5dae11 centos-6 ${C}5_0_12_0 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_1_name timesync 99 f5dae11 fedora-34 ${C}5_0_12_5 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_1_name timesync 99 f5dae11 rhel-7 ${C}5_0_12_10 $(stay3 "${A}" "${B}" "${C}" C) - - create_log log_2_name ad_integration 1 aeae773 "" ${A}5_0_3_0 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_2_name ad_integration 1 aeae773 CentOS-7-latest ${A}5_0_3_5 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_2_name ad_integration 1 aeae773 CentOS-Stream-8 ${A}5_0_3_10 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_2_name ad_integration 1 aeae773 Fedora-37 ${A}5_0_3_15 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_2_name ad_integration 1 aeae773 RHEL-6.10-updates-20201110.17 ${A}5_0_3_20 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_2_name ad_integration 1 aeae773 RHEL-9.2.0-20221212.0 ${A}5_0_3_25 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_2_name ad_integration 1 aeae773 RHEL-6.10-updates-20201210.18 ${A}5_0_3_30 $(stay "${A}") - create_log log_2_name ad_integration 1 aeae773 RHEL-9.2.1-20221221.1 ${A}5_0_3_35 $(stay "${A}") - - create_log log_2_name ad_integration 11 f1f12e2 "" ${B}5_0_8_0 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_2_name ad_integration 11 f1f12e2 CentOS-7-latest ${B}5_0_8_5 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_2_name ad_integration 11 f1f12e2 CentOS-Stream-8 ${B}5_0_8_10 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_2_name ad_integration 11 f1f12e2 Fedora-37 ${B}5_0_8_15 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_2_name ad_integration 11 f1f12e2 RHEL-6.10-updates-20201110.17 ${B}5_0_8_20 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_2_name ad_integration 11 f1f12e2 RHEL-9.2.0-20221212.0 ${B}5_0_8_25 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_2_name ad_integration 11 f1f12e2 RHEL-6.10-updates-20201210.18 ${B}5_0_8_30 $(stay "${B}") - create_log log_2_name ad_integration 11 f1f12e2 RHEL-9.2.1-20221221.1 ${B}5_0_8_35 $(stay "${B}") - - create_log log_2_name ad_integration 32 1148efe "" ${C}5_0_13_0 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_2_name ad_integration 32 1148efe CentOS-7-latest ${C}5_0_13_5 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_2_name ad_integration 32 1148efe CentOS-Stream-8 ${C}5_0_13_10 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_2_name ad_integration 32 1148efe Fedora-37 ${C}5_0_13_15 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_2_name ad_integration 32 1148efe RHEL-6.10-updates-20201110.17 ${C}5_0_13_20 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_2_name ad_integration 32 1148efe RHEL-9.2.0-20221212.0 ${C}5_0_13_25 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_2_name ad_integration 32 1148efe RHEL-6.10-updates-20201210.18 ${C}5_0_13_30 $(stay "${C}") - create_log log_2_name ad_integration 32 1148efe RHEL-9.2.1-20221221.1 ${C}5_0_13_35 $(stay "${C}") - - create_log log_2_name bootloader 2 264569a "" ${A}5_0_4_0 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_2_name bootloader 2 264569a CentOS-Stream-8 ${A}5_0_4_5 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_2_name bootloader 2 264569a Fedora-36 ${A}5_0_4_10 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_2_name bootloader 2 264569a RHEL-8.8.0-20221211.0 ${A}5_0_4_15 $(stay3 "${A}" "${B}" "${C}" A) - create_log -n log_2_name bootloader 2 264569a RHEL-9.2.0-20221212.0 ${A}5_0_4_20 $(stay3 "${A}" "${B}" "${C}" A) - create_log log_2_name bootloader 2 264569a RHEL-8.8.1-20221221.5 ${A}5_0_4_25 $(stay "${A}") - create_log -n log_2_name bootloader 2 264569a RHEL-9.2.2-20221222.11 ${A}5_0_4_30 $(stay "${A}") - - create_log log_2_name bootloader 21 d1f589b "" ${B}5_0_9_0 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_2_name bootloader 21 d1f589b CentOS-Stream-8 ${B}5_0_9_5 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_2_name bootloader 21 d1f589b Fedora-36 ${B}5_0_9_10 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_2_name bootloader 21 d1f589b RHEL-8.8.0-20221211.0 ${B}5_0_9_15 $(stay3 "${A}" "${B}" "${C}" B) - create_log -n log_2_name bootloader 21 d1f589b RHEL-9.2.0-20221212.0 ${B}5_0_9_20 $(stay3 "${A}" "${B}" "${C}" B) - create_log log_2_name bootloader 21 d1f589b RHEL-8.8.1-20221221.5 ${B}5_0_9_25 $(stay "${B}") - create_log -n log_2_name bootloader 21 d1f589b RHEL-9.2.2-20221222.11 ${B}5_0_9_30 $(stay "${B}") - - create_log log_2_name bootloader 82 bfa1e33 "" ${C}5_0_14_0 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_2_name bootloader 82 bfa1e33 CentOS-Stream-8 ${C}5_0_14_5 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_2_name bootloader 82 bfa1e33 Fedora-36 ${C}5_0_14_10 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_2_name bootloader 82 bfa1e33 RHEL-8.8.0-20221211.0 ${C}5_0_14_15 $(stay3 "${A}" "${B}" "${C}" C) - create_log -n log_2_name bootloader 82 bfa1e33 RHEL-9.2.0-20221212.0 ${C}5_0_14_20 $(stay3 "${A}" "${B}" "${C}" C) - create_log log_2_name bootloader 82 bfa1e33 RHEL-8.8.1-20221221.5 ${C}5_0_14_25 $(stay "${C}") - create_log -n log_2_name bootloader 82 bfa1e33 RHEL-9.2.2-20221222.11 ${C}5_0_14_30 $(stay "${C}") - - create_log -n log_3_name "" "" "" "" ${D}5_0_30_0 $(stay ${D}) - create_log log_4_name "" "" "" "" ${D}5_0_30_5 $(stay ${D}) -} - -## -# verify_results - verify the test results -# -function verify_results() { - while read PRESENT LOG_NAME; do - if [[ "${PRESENT}" -eq 0 && -d ${TEMPDIR}/logs/${LOG_NAME} ]]; then - failure "[FAIL] Log ${LOG_NAME} should be removed." - elif [[ "${PRESENT}" -eq 1 && ! -d ${TEMPDIR}/logs/${LOG_NAME} ]]; then - failure "[FAIL] Log ${LOG_NAME} should be present." - fi - done < ${TEMPDIR}/assertions -} - -## -# clean_test - remove test assets -# -function clean_test() { - rm -rf ${TEMPDIR}/logs ${TEMPDIR}/assertions -} - -## -# test_log_pruning - test log pruning script -# -# Parameters: -# see prep_test -# -function test_log_pruning() { - prep_test "$@" - ${HERE}/linuxsystemroles-logs-clean ${TEMPDIR}/logs >/dev/null - verify_results - clean_test -} - -test_log_pruning 0 0 0 0 -test_log_pruning 0 0 0 1 -test_log_pruning 0 0 1 0 -test_log_pruning 0 0 1 1 - -test_log_pruning 0 1 0 0 -test_log_pruning 0 1 0 1 -test_log_pruning 0 1 1 0 -test_log_pruning 0 1 1 1 - -test_log_pruning 1 0 0 0 -test_log_pruning 1 0 0 1 -test_log_pruning 1 0 1 0 -test_log_pruning 1 0 1 1 - -test_log_pruning 1 1 0 0 -test_log_pruning 1 1 0 1 -test_log_pruning 1 1 1 0 -test_log_pruning 1 1 1 1 - -[[ ${STATUS} -eq 0 ]] diff --git a/files/scripts/restart-broken-ipv6 b/files/scripts/restart-broken-ipv6 deleted file mode 100755 index 69253174cd..0000000000 --- a/files/scripts/restart-broken-ipv6 +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -ping6 -q -c 1 -w 2 2600:: >& /dev/null -if [ $? -ne 0 ]; -then - nmcli c up eth0 >& /dev/null -fi diff --git a/files/scripts/update-fullfiletimelist b/files/scripts/update-fullfiletimelist deleted file mode 100755 index 4dc23aecbc..0000000000 --- a/files/scripts/update-fullfiletimelist +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash - -# Note: this is only an example of how you'd call create-filelist. Edit to fit -# your requirements. Note that you must supply a valid path for the lockfile, -# and it must be outside of your repository unless you want that lockfile to -# show up in your file lists. - -# Takes a list of module names. Generates file lists for all of them and them -# moves them into place at once. If you are creating hardlinks between rsync -# modules, it is required that you update the file lists of both mirrors at the -# same time. Otherwise the clients may make separate copies of the files. - -# The directory where all of the modules live -# Or pass it with -t -TOPD=/srv/mirror/pub - -# The modules to process. Or pass them on the command line. -MODS=() - -# Path to the create-filelist program. -# Or specify it with -p. -CREATE=/usr/local/bin/create-filelist - -# These strings will be eval'ed later with $mod replaced by its value in -# context. -FILELIST=fullfilelist -TIMELIST='fullfiletimelist-$mod' -IMAGELIST='imagelist-$mod' - -usage () { - echo - echo "Usage: $0 [-l lockfile] [-p creator path] [-t top directory] module [module ...]" - echo - echo " -l: Path to the lock file" - echo " -p: Path to the create-filelist program" - echo " -t: Path to directory containing modules" - echo - echo "At least one module to process must be provided." - echo "All paths must be absolute." -} - -while [[ $# > 0 ]]; do - opt=$1 - case $opt in - -l) - LOCKFILE=$(realpath $2) - shift - ;; - -p) - CREATE=$(realpath $2) - shift - ;; - -t) - TOPD=$(realpath $2) - shift - ;; - -*) - (>&2 echo "Unknown option $opt."; usage) - exit 1 - ;; - *) # Remaining args are modules - MODS+=($opt) - ;; - esac - shift -done - -if [[ -z $LOCKFILE ]]; then - (>&2 echo "Must specify LOCKFILE, either by editing the source or via the -l option."; usage) - exit 2 -fi -if [[ ! -d $(dirname $LOCKFILE) ]]; then - (>&2 echo "Given directory $(dirname $LOCKFILE) does not exist."; usage) - exit 2 -fi -if [[ ! -f $CREATE ]]; then - (>&2 echo "Specified executable $CREATE does not exist."; usage) - exit 2 -fi - -if [[ ! -d $TOPD ]]; then - (>&2 echo "Provided directory $TOPD does not exist."; usage) - exit 2 -fi - -if [[ ${#MODS[@]} -eq 0 ]]; then - (>&2 echo "No modules specified"; usage) - exit 2 -fi - -tmpd=$(mktemp -d -t create-filelist.XXXXXXXXXX) -if [[ $? -ne 0 ]]; then - (>&2 echo "Creating temporary directory failed?") - exit 1 -fi -trap "rm -rf $tmpd" EXIT -cd $tmpd - -( - # We want to wait forever until we can do what we're asked - flock -x 9 - - # If you don't want to wait forever, try one of the following: - # flock -n 9 || exit 1 - Gives up immediately - # flock -w 120 9 || exit 1 - Waits 120 seconds and then gives up - # Don't change the '9', unless you change the last line of this script. - - for mod in ${MODS[@]}; do - currentfl=$TOPD/$mod/${FILELIST/'$mod'/$mod} - currenttl=$TOPD/$mod/${TIMELIST/'$mod'/$mod} - currentil=$TOPD/$mod/${IMAGELIST/'$mod'/$mod} - flname=$(basename $currentfl) - tlname=$(basename $currenttl) - ilname=$(basename $currentil) - - $CREATE -c -s -d $TOPD/$mod -f $flname -t $tlname -i $ilname - - # If a file list exists and doesn't differ from what we just generated, - # delete the latter. - if [[ -f $currentfl ]] && diff -q $currentfl $flname > /dev/null; then - rm -f $flname - fi - if [[ -f $currenttl ]] && diff -q $currenttl $tlname > /dev/null; then - rm -f $tlname - fi - if [[ -f $currentil ]] && diff -q $currentil $ilname > /dev/null; then - rm -f $ilname - fi - done - - # Now we have the new file lists but in a temporary directory which - # probably isn't on the same filesystem. Copy them to temporary files in - # the right place. - for mod in ${MODS[@]}; do - currentfl=$TOPD/$mod/${FILELIST/'$mod'/$mod} - currenttl=$TOPD/$mod/${TIMELIST/'$mod'/$mod} - currentil=$TOPD/$mod/${IMAGELIST/'$mod'/$mod} - flname=$(basename $currentfl) - fldir=$(dirname $currentfl) - tlname=$(basename $currenttl) - tldir=$(dirname $currenttl) - ilname=$(basename $currentil) - ildir=$(dirname $currentil) - - if [[ -f $flname ]]; then - tmpf=$(mktemp -p $fldir $flname.XXXXXXXXXX) - cp -p $flname $tmpf - chmod 644 $tmpf - mv $tmpf $currentfl - fi - if [[ -f $tlname ]]; then - tmpf=$(mktemp -p $tldir $tlname.XXXXXXXXXX) - cp -p $tlname $tmpf - chmod 644 $tmpf - mv $tmpf $currenttl - fi - if [[ -f $ilname ]]; then - tmpf=$(mktemp -p $ildir $ilname.XXXXXXXXXX) - cp -p $ilname $tmpf - chmod 644 $tmpf - mv $tmpf $currentil - fi - done - -) 9>$LOCKFILE diff --git a/files/sign/bridge.conf.j2 b/files/sign/bridge.conf.j2 new file mode 100644 index 0000000000..c1df21c029 --- /dev/null +++ b/files/sign/bridge.conf.j2 @@ -0,0 +1,29 @@ +# This is a configuration for the sigul bridge. + +[bridge] +# Nickname of the bridge's certificate in the NSS database specified below +bridge-cert-nickname: sign-bridge1 - Fedora Project +# Port on which the bridge expects client connections +client-listen-port: 44334 +# Port on which the bridge expects server connections +server-listen-port: 44333 +# A Fedora account system group required for access to the signing server. If +# empty, no Fedora account check is done. +required-fas-group: signers +# User name and password for an account on the Fedora account system that can +# be used to verify group memberships +fas-user-name: {{ fedoraDummyUser }} +fas-password: {{ fedoraDummyUserPassword }} + +[daemon] +# The user to run as +unix-user: sigul +# The group to run as +unix-group: sigul + +[nss] +# Path to a directory containing a NSS database +nss-dir: /var/lib/sigul +# Password for accessing the NSS database. If not specified, the bridge will +# ask on startup +; nss-password: diff --git a/files/sign/builder-rpms.repo b/files/sign/builder-rpms.repo new file mode 100644 index 0000000000..11c99fe188 --- /dev/null +++ b/files/sign/builder-rpms.repo @@ -0,0 +1,6 @@ +[builder-rpms] +name=Builder Packages from Fedora Infrastructure $releasever - $basearch +baseurl=http://infrastructure.fedoraproject.org/repo/builder-rpms/$releasever/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://infrastructure.fedoraproject.org/repo/RPM-GPG-KEY-INFRASTRUCTURE diff --git a/files/sign/server.conf b/files/sign/server.conf new file mode 100644 index 0000000000..812057b676 --- /dev/null +++ b/files/sign/server.conf @@ -0,0 +1,46 @@ +# This is a configuration for the sigul server. + +[server] +# Host name of the publically acessible bridge to clients +bridge-hostname: sign-bridge1 +# Port on which the bridge expects server connections +bridge-port: 44333 +# Maximum accepted size of payload stored on disk +max-file-payload-size: 2073741824 +# Maximum accepted size of payload stored in server's memory +max-memory-payload-size: 1048576 +# Nickname of the server's certificate in the NSS database specified below +server-cert-nickname: sign-vault1 - Fedora Project + +[database] +# Path to a directory containing a SQLite database +;database-path: /var/lib/sigul + +[gnupg] +# Path to a directory containing GPG configuration and keyrings +gnupg-home: /var/lib/sigul/gnupg +# Default primary key type for newly created keys +gnupg-key-type: RSA +# Default primary key length for newly created keys +gnupg-key-length: 4096 +# Default subkey type for newly created keys, empty for no subkey +gnupg-subkey-type: +# Default subkey length for newly created keys if gnupg-subkey-type is not empty +; gnupg-subkey-length: 2048 +# Default key usage flags for newly created keys +gnupg-key-usage: encrypt, sign +# Length of key passphrases used for newsly created keys +passphrase-length: 64 + +[daemon] +# The user to run as +unix-user: sigul +# The group to run as +unix-group: sigul + +[nss] +# Path to a directory containing a NSS database +nss-dir: /var/lib/sigul +# Password for accessing the NSS database. If not specified, the server will +# ask on startup +; nss-password is not specified by default diff --git a/files/trac/trac-vhost.conf b/files/trac/trac-vhost.conf new file mode 100644 index 0000000000..113ce3dff9 --- /dev/null +++ b/files/trac/trac-vhost.conf @@ -0,0 +1,10 @@ + + ServerName trac-dev.cloud.fedoraproject.org + WSGIScriptAlias / /srv/www/trac/trac.wsgi + + + WSGIProcessGroup %{GLOBAL} + Order deny,allow + Allow from all + + diff --git a/files/trac/trac.wsgi b/files/trac/trac.wsgi new file mode 100644 index 0000000000..2162930d9e --- /dev/null +++ b/files/trac/trac.wsgi @@ -0,0 +1,15 @@ +import __main__ +if hasattr(__main__, '__requires__'): + if isinstance(__main__.__requires__, basestring): + __main__.__requires__ = [__main__.__requires__] +else: + __main__.__requires__ = [] +__main__.__requires__.append('Trac') + +import os + +os.environ['TRAC_ENV_PARENT_DIR'] = '/srv/www/trac/projects' +os.environ['PYTHON_EGG_CACHE'] = '/var/cache/trac' + +import trac.web.main +application = trac.web.main.dispatch_request diff --git a/files/virthost-lists.j2 b/files/virthost-lists.j2 deleted file mode 100644 index 8d13ecffda..0000000000 --- a/files/virthost-lists.j2 +++ /dev/null @@ -1,6 +0,0 @@ -{% for key, value in virt_info.items() %} -{% if value and 'state' in value %} -{{inventory_hostname}}:{{key}}:{{value['state']}}:{{value['autostart']}}:{{value['nrVirtCpu']}}:{{value['memory']}} -{% else %} -{% endif %} -{% endfor %} diff --git a/files/virthost/99-bridge.rules b/files/virthost/99-bridge.rules deleted file mode 100644 index 5af690567c..0000000000 --- a/files/virthost/99-bridge.rules +++ /dev/null @@ -1 +0,0 @@ -ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge" diff --git a/files/virthost/libvirtd.conf.os b/files/virthost/libvirtd.conf.os deleted file mode 100644 index 151364ec26..0000000000 --- a/files/virthost/libvirtd.conf.os +++ /dev/null @@ -1,3 +0,0 @@ -unix_sock_group = "libvirt" -unix_sock_rw_perms = "0770" -auth_unix_rw = "none" diff --git a/files/zodbot/karma-to-cookies-db.py b/files/zodbot/karma-to-cookies-db.py deleted file mode 100755 index cf9c9896f1..0000000000 --- a/files/zodbot/karma-to-cookies-db.py +++ /dev/null @@ -1,71 +0,0 @@ -#!/usr/bin/env python3 - -import os -import shelve -from argparse import ArgumentParser - -import sqlalchemy as sa -from sqlalchemy.ext.declarative import declarative_base - - -Base = declarative_base() - - -class Cookie(Base): - __tablename__ = "cookies" - __table_args__ = ( - sa.Index("idx_cookies_to_user_release", "to_user", "release"), - ) - from_user = sa.Column(sa.String(254), nullable=False, primary_key=True) - to_user = sa.Column(sa.String(254), nullable=False, primary_key=True) - release = sa.Column(sa.String(63), nullable=False, primary_key=True) - value = sa.Column(sa.Integer, nullable=False, default=1) - date = sa.Column(sa.DateTime, nullable=False, server_default=sa.func.current_timestamp()) - - -def get_pg_url(): - with open(os.path.expanduser("~/.pgpass")) as fh: - for line in fh: - hostname, port, database, username, password = line.strip().split(":") - if username == "maubot": - return f"postgresql://{username}:{password}@{hostname}/{database}" - - -def parse_args(): - parser = ArgumentParser() - parser.add_argument("-i", "--instance", required=True, help="The maubot instance name") - parser.add_argument("karma_db", help="The Limnoria Karma DB") - # parser.add_argument("cookies_db", help="The Maubot Cookies DB") - return parser.parse_args() - - -def main(): - args = parse_args() - karma_data = shelve.open(args.karma_db, flag="r", protocol=2) - # engine = sa.create_engine(f"sqlite:///{args.cookies_db}") - engine = sa.create_engine(get_pg_url()) - Cookie.__table__.schema = f"mbp_{args.instance}" - # Base.metadata.create_all(engine) - Session = sa.orm.sessionmaker(bind=engine) - session = Session() - for mode, data in karma_data.items(): - direction, release = mode.split("-") - if direction != "forwards": - continue - if not release.startswith("f"): - continue - release = release[1:] # Only the number - print(release, len(data)) - for agent, gifts in data.items(): - for recip, value in gifts.items(): - cookie = Cookie(from_user=agent, to_user=recip, release=release, value=value) - session.add(cookie) - try: - session.commit() - except sa.exc.IntegrityError: - session.rollback() - continue - - -if __name__ == "__main__": - main() diff --git a/handlers/restart_services.yml b/handlers/restart_services.yml index cfdb02735f..41094e7478 100644 --- a/handlers/restart_services.yml +++ b/handlers/restart_services.yml @@ -1,190 +1,123 @@ ######################################## # Handlers for restarting services # ---- -- name: Reload systemd - ansible.builtin.command: systemctl daemon-reload -- name: Restart apache - ansible.builtin.command: /usr/local/bin/conditional-restart.sh httpd httpd +- name: restart auditd + action: service name=auditd state=restarted -- name: Reload apache +- name: restart apache + command: /usr/local/bin/conditional-restart.sh httpd httpd + +- name: reload apache action: service name=httpd state=reloaded -- name: Restart collectd +- name: restart collectd action: service name=collectd state=restarted -- name: Restart crond +- name: restart crond action: service name=crond state=restarted -- name: Restart fm-consumer@koji_sync_listener - action: service name=fm-consumer@koji_sync_listener state=restarted enabled=yes +- name: restart fedmsg-gateway + command: /usr/local/bin/conditional-restart.sh fedmsg-gateway fedmsg-gateway -- name: Reload httpd - ansible.builtin.command: /usr/local/bin/conditional-reload.sh httpd httpd +- name: restart fedmsg-hub + command: /usr/local/bin/conditional-restart.sh fedmsg-hub fedmsg-hub -- name: Restart iptables +- name: restart fedmsg-irc + command: /usr/local/bin/conditional-restart.sh fedmsg-irc fedmsg-irc + +- name: restart fedmsg-relay + command: /usr/local/bin/conditional-restart.sh fedmsg-relay fedmsg-relay + +- name: restart httpd + command: /usr/local/bin/conditional-restart.sh httpd httpd + +- name: reload httpd + action: service name=httpd state=reloaded + +- name: restart iptables action: service name=iptables state=restarted -- name: Restart nftables - action: service name=nftables state=restarted +- name: restart jenkins + action: service name=jenkins state=restarted -- name: Restart ip6tables - action: service name=ip6tables state=restarted +- name: restart kojid + action: service name=kojid state=restarted -- name: Restart libvirtd +- name: restart libvirtd action: service name=libvirtd state=restarted -- name: Restart virtnetworkd - action: service name=virtnetworkd state=restarted +- name: restart lighttpd + action: service name=lighttpd state=restarted -- name: Restart libvirtd.socket - action: service name=libvirtd.socket state=stopped - notify: Restart libvirtd - -- name: Restart mailman +- name: restart mailman action: service name=mailman state=restarted -- name: Restart named +- name: restart named action: service name=named state=restarted -- name: Restart ntpd +- name: restart nfs + action: service name=nfs state=restarted + +- name: restart nfslock + action: service name=nfslock state=restarted + +- name: restart ntpd action: service name=ntpd state=restarted -- name: Restart sshd +- name: restart openvpn + action: service name=openvpn state=restarted + +- name: restart openvpn 2 + action: service name=openvpn state=restarted + +- name: restart openvpn 6 + action: service name=openvpn state=restarted + +- name: restart openvpn 7 + action: service name=openvpn@openvpn state=restarted + +- name: restart postfix + action: service name=postfix state=restarted + +- name: restart rpcbind + action: service name=rpcbind state=restarted + +- name: restart rpcidmapd + action: service name=rpcidmapd state=restarted + +- name: restart rsyslog + action: service name=rsyslog state=restarted + +- name: restart sshd action: service name=sshd state=restarted -- name: Restart openvpn (Fedora) - when: ansible_distribution == "Fedora" - action: service name=openvpn-client@openvpn state=restarted - # notify: - # - Fix openvpn routing - -- name: Restart openvpn (RHEL7+) - when: ansible_distribution == "RedHat" and ansible_distribution_major_version|int >= 7 - action: service name=openvpn-client@openvpn state=restarted - # notify: - # - Fix openvpn routing - -- name: Fix openvpn routing - action: shell /etc/openvpn/fix-routes.sh - -- name: Restart xinetd +- name: restart xinetd action: service name=xinetd state=restarted - when: not inventory_hostname.startswith('proxy') -- name: Restart netapproute +- name: restart netapproute action: command /etc/sysconfig/network-scripts/ifup-routes eth1 -- name: Restart network - action: service name=network state=restarted +- name: restart unbound + action: service name=unbound state=restarted -- name: Rebuild postfix transport - ansible.builtin.command: /usr/sbin/postmap /etc/postfix/transport +- name: rebuild postfix transport + command: /usr/sbin/postmap /etc/postfix/transport -- name: Rebuild postfix bysender - ansible.builtin.command: /usr/sbin/postmap /etc/postfix/bysender +- name: restart glusterd + service: name=glusterd state=restarted -- name: Rebuild postfix tls_policy - ansible.builtin.command: /usr/sbin/postmap /etc/postfix/tls_policy +- name: restart supervisord + service: name=supervisord state=restarted -- name: Restart postfix - service: name=postfix state=restarted +- name: run rkhunter + command: rkhunter --propupd -- name: Reload proxyhttpd - ansible.builtin.command: /usr/local/bin/proxy-conditional-reload.sh httpd httpd - -- name: Run rkhunter - ansible.builtin.command: rkhunter --propupd - -- name: Restart moksha-hub +- name: restart moksha-hub service: name=moksha-hub state=restarted -- name: Restart dhcpd +- name: restart dhcpd service: name=dhcpd state=restarted -- name: Restart memcached +- name: restart memcached service: name=memcached state=restarted - -- name: Restart nagios - ansible.builtin.shell: nagios -v /etc/nagios/nagios.cfg && systemctl restart nagios - -- name: Restart bridge - ansible.builtin.shell: /usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge - -- name: Reload libvirtd - service: name=libvirtd state=reloaded - ignore_errors: true - when: ansible_virtualization_role == 'host' - -- name: Restart pagure_ev - service: name=pagure_ev state=restarted - -- name: Update ca-trust - ansible.builtin.command: /usr/bin/update-ca-trust - -- name: Restart stunnel - service: name=stunnel state=restarted - -- name: Restart mirrorlist-server - service: name=mirrorlist-server state=restarted - -- name: Restart NetworkManager - service: name=NetworkManager state=restarted - -- name: Reload NetworkManager-connections - ansible.builtin.command: nmcli c reload - -- name: Restart basset-worker - service: name=basset-worker state=restarted - -- name: Apply interface-changes - ansible.builtin.command: nmcli con up {{ item.split()[1] }} - async: 1 - poll: 0 - loop: "{{ if_uuid.stdout_lines|flatten(levels=1) }}" - when: item.split()[1] not in ansible_ifcfg_disabled - -- name: Flush journald tmpfiles to persistent store - ansible.builtin.command: pkill -f -USR1 systemd-journald - -- name: Restart idmapd - service: name=nfs-idmapd state=restarted - -- name: Restart buildmaster - service: name=buildmaster state=restarted - -- name: Restart rabbitmq - systemd: - name: rabbitmq-server - state: restarted - daemon_reload: yes - -- name: Restart chronyd - service: name=chronyd state=restarted - -- name: Restart kojira - systemd: - name: kojira - state: restarted - -- name: Restart haveged - service: name=haveged state=restarted - -- name: Restart obs-signd - service: name=signd state=restarted - -- name: Restart swap.swap - service: name="swap.swap" state=restarted - -- name: Restart varnish - service: name=varnish state=restarted - -- name: Reload varnish - service: name=varnish state=reload - -- name: Restart systemd-oomd - service: name=systemd-oomd state=reload - -- name: Restart debuginfod - service: name=debuginfod state=restarted diff --git a/handlers/semanage.yml b/handlers/semanage.yml new file mode 100644 index 0000000000..bb9db3f6a9 --- /dev/null +++ b/handlers/semanage.yml @@ -0,0 +1,8 @@ +- name: semanage dns80 + command: /usr/sbin/semanage port -m -t dns_port_t -p tcp 80 + +- name: semanage dns443 + command: /usr/sbin/semanage port -m -t dns_port_t -p tcp 443 + +- name: semanage dns8953 + command: /usr/sbin/semanage port -a -t dns_port_t -p tcp 8953 diff --git a/inventory/backups b/inventory/backups deleted file mode 100644 index f00d329c53..0000000000 --- a/inventory/backups +++ /dev/null @@ -1,20 +0,0 @@ -# -# This is the list of clients we backup with rdiff-backup. -# -[backup_clients] -copr-fe.aws.fedoraproject.org -copr-keygen.aws.fedoraproject.org -db01.iad2.fedoraproject.org -db03.iad2.fedoraproject.org -db-datanommer02.iad2.fedoraproject.org -db-fas01.iad2.fedoraproject.org -batcave01.iad2.fedoraproject.org -pagure02.fedoraproject.org -people01.fedoraproject.org -pkgs01.iad2.fedoraproject.org -log01.iad2.fedoraproject.org -db-openqa01.iad2.fedoraproject.org -db-koji01.iad2.fedoraproject.org -value02.iad2.fedoraproject.org -tang01.iad2.fedoraproject.org -ipa01.iad2.fedoraproject.org diff --git a/inventory/builders b/inventory/builders index 8e19db7c1b..f67429ae6e 100644 --- a/inventory/builders +++ b/inventory/builders @@ -1,280 +1,189 @@ + [buildvm] -buildvm-x86-01.iad2.fedoraproject.org -buildvm-x86-02.iad2.fedoraproject.org -buildvm-x86-03.iad2.fedoraproject.org -buildvm-x86-04.iad2.fedoraproject.org -buildvm-x86-05.iad2.fedoraproject.org -buildvm-x86-06.iad2.fedoraproject.org -buildvm-x86-07.iad2.fedoraproject.org -buildvm-x86-08.iad2.fedoraproject.org -buildvm-x86-09.iad2.fedoraproject.org -buildvm-x86-10.iad2.fedoraproject.org -buildvm-x86-11.iad2.fedoraproject.org -buildvm-x86-12.iad2.fedoraproject.org -buildvm-x86-13.iad2.fedoraproject.org -buildvm-x86-14.iad2.fedoraproject.org -buildvm-x86-15.iad2.fedoraproject.org -buildvm-x86-16.iad2.fedoraproject.org -buildvm-x86-17.iad2.fedoraproject.org -buildvm-x86-18.iad2.fedoraproject.org -buildvm-x86-19.iad2.fedoraproject.org -buildvm-x86-20.iad2.fedoraproject.org -buildvm-x86-21.iad2.fedoraproject.org -buildvm-x86-22.iad2.fedoraproject.org -buildvm-x86-23.iad2.fedoraproject.org -buildvm-x86-24.iad2.fedoraproject.org -buildvm-x86-25.iad2.fedoraproject.org -buildvm-x86-26.iad2.fedoraproject.org -buildvm-x86-27.iad2.fedoraproject.org -buildvm-x86-28.iad2.fedoraproject.org -buildvm-x86-29.iad2.fedoraproject.org -buildvm-x86-30.iad2.fedoraproject.org -buildvm-x86-31.iad2.fedoraproject.org -buildvm-x86-32.iad2.fedoraproject.org +buildvm-01.phx2.fedoraproject.org +buildvm-02.phx2.fedoraproject.org +buildvm-03.phx2.fedoraproject.org +buildvm-04.phx2.fedoraproject.org +buildvm-05.phx2.fedoraproject.org +buildvm-06.phx2.fedoraproject.org +buildvm-07.phx2.fedoraproject.org +buildvm-08.phx2.fedoraproject.org +buildvm-09.phx2.fedoraproject.org +buildvm-10.phx2.fedoraproject.org +buildvm-11.phx2.fedoraproject.org +buildvm-12.phx2.fedoraproject.org +buildvm-13.phx2.fedoraproject.org +buildvm-14.phx2.fedoraproject.org +buildvm-15.phx2.fedoraproject.org +buildvm-16.phx2.fedoraproject.org +buildvm-17.phx2.fedoraproject.org +buildvm-18.phx2.fedoraproject.org +buildvm-19.phx2.fedoraproject.org +buildvm-20.phx2.fedoraproject.org +buildvm-21.phx2.fedoraproject.org +buildvm-22.phx2.fedoraproject.org +buildvm-23.phx2.fedoraproject.org +buildvm-24.phx2.fedoraproject.org +buildvm-25.phx2.fedoraproject.org +buildvm-26.phx2.fedoraproject.org +buildvm-27.phx2.fedoraproject.org -[buildvm_stg] -buildvm-x86-01.stg.iad2.fedoraproject.org -buildvm-x86-02.stg.iad2.fedoraproject.org -buildvm-x86-03.stg.iad2.fedoraproject.org -buildvm-x86-04.stg.iad2.fedoraproject.org -buildvm-x86-05.stg.iad2.fedoraproject.org - -[buildvm_aarch64_stg] -buildvm-a64-01.stg.iad2.fedoraproject.org -buildvm-a64-02.stg.iad2.fedoraproject.org - -[buildvm_s390x_stg] -buildvm-s390x-01.stg.s390.fedoraproject.org - -[buildvm_ppc64le_stg] -buildvm-ppc64le-01.stg.iad2.fedoraproject.org -buildvm-ppc64le-02.stg.iad2.fedoraproject.org -buildvm-ppc64le-03.stg.iad2.fedoraproject.org -buildvm-ppc64le-04.stg.iad2.fedoraproject.org -buildvm-ppc64le-05.stg.iad2.fedoraproject.org - -[buildvm_aarch64] -buildvm-a64-01.iad2.fedoraproject.org -buildvm-a64-02.iad2.fedoraproject.org -buildvm-a64-03.iad2.fedoraproject.org -buildvm-a64-04.iad2.fedoraproject.org -buildvm-a64-05.iad2.fedoraproject.org -buildvm-a64-06.iad2.fedoraproject.org -buildvm-a64-07.iad2.fedoraproject.org -buildvm-a64-08.iad2.fedoraproject.org -buildvm-a64-09.iad2.fedoraproject.org -buildvm-a64-10.iad2.fedoraproject.org -buildvm-a64-11.iad2.fedoraproject.org -buildvm-a64-12.iad2.fedoraproject.org -buildvm-a64-13.iad2.fedoraproject.org -buildvm-a64-14.iad2.fedoraproject.org -buildvm-a64-15.iad2.fedoraproject.org -buildvm-a64-16.iad2.fedoraproject.org -buildvm-a64-17.iad2.fedoraproject.org -buildvm-a64-18.iad2.fedoraproject.org -buildvm-a64-19.iad2.fedoraproject.org -buildvm-a64-20.iad2.fedoraproject.org -buildvm-a64-21.iad2.fedoraproject.org -buildvm-a64-22.iad2.fedoraproject.org -buildvm-a64-23.iad2.fedoraproject.org -buildvm-a64-24.iad2.fedoraproject.org -buildvm-a64-25.iad2.fedoraproject.org -buildvm-a64-26.iad2.fedoraproject.org -buildvm-a64-27.iad2.fedoraproject.org -buildvm-a64-28.iad2.fedoraproject.org -buildvm-a64-29.iad2.fedoraproject.org -buildvm-a64-30.iad2.fedoraproject.org -buildvm-a64-31.iad2.fedoraproject.org -buildvm-a64-32.iad2.fedoraproject.org -buildvm-a64-33.iad2.fedoraproject.org -buildvm-a64-34.iad2.fedoraproject.org -buildvm-a64-35.iad2.fedoraproject.org -buildvm-a64-36.iad2.fedoraproject.org -buildvm-a64-37.iad2.fedoraproject.org -buildvm-a64-38.iad2.fedoraproject.org -buildvm-a64-39.iad2.fedoraproject.org -buildvm-a64-40.iad2.fedoraproject.org - -[buildvm_s390x] -buildvm-s390x-01.s390.fedoraproject.org -buildvm-s390x-02.s390.fedoraproject.org -buildvm-s390x-03.s390.fedoraproject.org -buildvm-s390x-04.s390.fedoraproject.org -buildvm-s390x-05.s390.fedoraproject.org -buildvm-s390x-06.s390.fedoraproject.org -buildvm-s390x-07.s390.fedoraproject.org -buildvm-s390x-08.s390.fedoraproject.org -buildvm-s390x-09.s390.fedoraproject.org -buildvm-s390x-10.s390.fedoraproject.org -buildvm-s390x-11.s390.fedoraproject.org -buildvm-s390x-12.s390.fedoraproject.org -buildvm-s390x-13.s390.fedoraproject.org -buildvm-s390x-14.s390.fedoraproject.org -buildvm-s390x-15.s390.fedoraproject.org -buildvm-s390x-16.s390.fedoraproject.org -buildvm-s390x-17.s390.fedoraproject.org -buildvm-s390x-18.s390.fedoraproject.org -buildvm-s390x-19.s390.fedoraproject.org -buildvm-s390x-20.s390.fedoraproject.org - -[bvmhost_s390x] -bvmhost-s390x-01.stg.s390.fedoraproject.org -bvmhost-s390x-01.s390.fedoraproject.org +[buildvm-stg] +buildvm-01.stg.phx2.fedoraproject.org [buildvmhost] -bvmhost-s390x-01.stg.s390.fedoraproject.org -bvmhost-s390x-01.s390.fedoraproject.org -# mt snow machines -bvmhost-a64-01.iad2.fedoraproject.org -bvmhost-a64-02.iad2.fedoraproject.org -bvmhost-a64-03.iad2.fedoraproject.org -bvmhost-a64-04.iad2.fedoraproject.org -# These are lenovo emags in IAD2 -bvmhost-a64-01.stg.iad2.fedoraproject.org -# ppc -bvmhost-p09-01.iad2.fedoraproject.org -bvmhost-p09-02.iad2.fedoraproject.org -bvmhost-p09-03.iad2.fedoraproject.org -bvmhost-p09-04.iad2.fedoraproject.org -bvmhost-p09-05.iad2.fedoraproject.org -bvmhost-p09-01.stg.iad2.fedoraproject.org +buildvmhost-10.phx2.fedoraproject.org +buildvmhost-11.phx2.fedoraproject.org +buildvmhost-12.phx2.fedoraproject.org + [buildhw] -# mt snow -buildhw-a64-03.iad2.fedoraproject.org -buildhw-a64-04.iad2.fedoraproject.org -buildhw-a64-05.iad2.fedoraproject.org -buildhw-a64-06.iad2.fedoraproject.org -# emags -buildhw-x86-01.iad2.fedoraproject.org -buildhw-x86-02.iad2.fedoraproject.org -buildhw-x86-03.iad2.fedoraproject.org -buildhw-x86-04.iad2.fedoraproject.org -buildhw-x86-05.iad2.fedoraproject.org -buildhw-x86-06.iad2.fedoraproject.org -buildhw-x86-07.iad2.fedoraproject.org -buildhw-x86-08.iad2.fedoraproject.org -buildhw-x86-09.iad2.fedoraproject.org -buildhw-x86-10.iad2.fedoraproject.org -buildhw-x86-11.iad2.fedoraproject.org -buildhw-x86-12.iad2.fedoraproject.org -buildhw-x86-13.iad2.fedoraproject.org -buildhw-x86-14.iad2.fedoraproject.org -buildhw-x86-15.iad2.fedoraproject.org -buildhw-x86-16.iad2.fedoraproject.org +buildhw-01.phx2.fedoraproject.org +buildhw-02.phx2.fedoraproject.org +buildhw-03.phx2.fedoraproject.org +buildhw-04.phx2.fedoraproject.org +buildhw-05.phx2.fedoraproject.org +buildhw-06.phx2.fedoraproject.org +buildhw-07.phx2.fedoraproject.org +buildhw-08.phx2.fedoraproject.org +buildhw-09.phx2.fedoraproject.org +buildhw-10.phx2.fedoraproject.org +buildhw-11.phx2.fedoraproject.org +buildhw-12.phx2.fedoraproject.org -# -# These are primary koji builders. -# -[buildvm_ppc64le] -buildvm-ppc64le-01.iad2.fedoraproject.org -buildvm-ppc64le-02.iad2.fedoraproject.org -buildvm-ppc64le-03.iad2.fedoraproject.org -buildvm-ppc64le-04.iad2.fedoraproject.org -buildvm-ppc64le-05.iad2.fedoraproject.org -buildvm-ppc64le-06.iad2.fedoraproject.org -buildvm-ppc64le-07.iad2.fedoraproject.org -buildvm-ppc64le-08.iad2.fedoraproject.org -buildvm-ppc64le-09.iad2.fedoraproject.org -buildvm-ppc64le-10.iad2.fedoraproject.org -buildvm-ppc64le-11.iad2.fedoraproject.org -buildvm-ppc64le-12.iad2.fedoraproject.org -buildvm-ppc64le-13.iad2.fedoraproject.org -buildvm-ppc64le-14.iad2.fedoraproject.org -buildvm-ppc64le-15.iad2.fedoraproject.org -buildvm-ppc64le-16.iad2.fedoraproject.org -buildvm-ppc64le-17.iad2.fedoraproject.org -buildvm-ppc64le-18.iad2.fedoraproject.org -buildvm-ppc64le-19.iad2.fedoraproject.org -buildvm-ppc64le-20.iad2.fedoraproject.org -buildvm-ppc64le-21.iad2.fedoraproject.org -buildvm-ppc64le-22.iad2.fedoraproject.org -buildvm-ppc64le-23.iad2.fedoraproject.org -buildvm-ppc64le-24.iad2.fedoraproject.org -buildvm-ppc64le-25.iad2.fedoraproject.org -buildvm-ppc64le-26.iad2.fedoraproject.org -buildvm-ppc64le-27.iad2.fedoraproject.org -buildvm-ppc64le-28.iad2.fedoraproject.org -buildvm-ppc64le-29.iad2.fedoraproject.org -buildvm-ppc64le-30.iad2.fedoraproject.org -buildvm-ppc64le-31.iad2.fedoraproject.org -buildvm-ppc64le-32.iad2.fedoraproject.org -buildvm-ppc64le-33.iad2.fedoraproject.org +[buildppc] +buildppc-01.phx2.fedoraproject.org +buildppc-02.phx2.fedoraproject.org [bkernel] -bkernel01.iad2.fedoraproject.org -bkernel02.iad2.fedoraproject.org +bkernel01.phx2.fedoraproject.org +bkernel02.phx2.fedoraproject.org -# These hosts get the runroot plugin installed. -# They should be added to their own 'compose' channel in the koji db -# .. and they should not appear in the default channel for builds. -[runroot] -buildvm-x86-01.iad2.fedoraproject.org -buildvm-x86-02.iad2.fedoraproject.org -buildvm-x86-03.iad2.fedoraproject.org -buildvm-a64-01.iad2.fedoraproject.org -buildvm-a64-02.iad2.fedoraproject.org -buildvm-a64-03.iad2.fedoraproject.org -buildvm-ppc64le-01.iad2.fedoraproject.org -buildvm-ppc64le-09.iad2.fedoraproject.org -buildvm-ppc64le-18.iad2.fedoraproject.org -buildvm-ppc64le-27.iad2.fedoraproject.org -buildvm-ppc64le-33.iad2.fedoraproject.org -buildvm-s390x-11.s390.fedoraproject.org -buildvm-s390x-12.s390.fedoraproject.org -buildvm-s390x-13.s390.fedoraproject.org -buildvm-a64-01.stg.iad2.fedoraproject.org -buildvm-ppc64le-01.stg.iad2.fedoraproject.org -buildvm-s390x-01.stg.s390.fedoraproject.org -buildvm-x86-01.stg.iad2.fedoraproject.org +[buildarm:children] +arm01 +arm02 +arm04 -# These are builders in the osbuild channel. -# This means they are used for osbuild jobs and need -# a special ipset to allow them to talk to the osbuild -# API endpoint. -[osbuild] -buildhw-x86-01.iad2.fedoraproject.org -buildhw-x86-02.iad2.fedoraproject.org -buildhw-x86-03.iad2.fedoraproject.org -buildhw-x86-04.iad2.fedoraproject.org -buildhw-x86-05.iad2.fedoraproject.org -buildhw-x86-06.iad2.fedoraproject.org -buildhw-x86-07.iad2.fedoraproject.org -buildhw-x86-08.iad2.fedoraproject.org -buildhw-x86-09.iad2.fedoraproject.org -buildhw-x86-10.iad2.fedoraproject.org -buildhw-x86-11.iad2.fedoraproject.org -buildhw-x86-12.iad2.fedoraproject.org -buildhw-x86-13.iad2.fedoraproject.org -buildhw-x86-14.iad2.fedoraproject.org -buildhw-x86-15.iad2.fedoraproject.org -buildhw-x86-16.iad2.fedoraproject.org -buildvm-x86-01.stg.iad2.fedoraproject.org -buildvm-x86-02.stg.iad2.fedoraproject.org -buildvm-x86-03.stg.iad2.fedoraproject.org -buildvm-x86-04.stg.iad2.fedoraproject.org -buildvm-x86-05.stg.iad2.fedoraproject.org +# +# These are secondary arch builders. +# +[arm01] +# 00 and 01 are in use as releng and retrace instances +#arm01-releng00.arm.fedoraproject.org +#arm01-retrace01.arm.fedoraproject.org +arm01-builder02.arm.fedoraproject.org +arm01-builder03.arm.fedoraproject.org +arm01-builder04.arm.fedoraproject.org +arm01-builder05.arm.fedoraproject.org +arm01-builder06.arm.fedoraproject.org +arm01-builder07.arm.fedoraproject.org +arm01-builder08.arm.fedoraproject.org +arm01-builder09.arm.fedoraproject.org +arm01-builder10.arm.fedoraproject.org +arm01-builder11.arm.fedoraproject.org +arm01-builder12.arm.fedoraproject.org +arm01-builder13.arm.fedoraproject.org +arm01-builder14.arm.fedoraproject.org +arm01-builder15.arm.fedoraproject.org +arm01-builder16.arm.fedoraproject.org +arm01-builder17.arm.fedoraproject.org +arm01-builder18.arm.fedoraproject.org +arm01-builder19.arm.fedoraproject.org +arm01-builder20.arm.fedoraproject.org +arm01-builder21.arm.fedoraproject.org +arm01-builder22.arm.fedoraproject.org +arm01-builder23.arm.fedoraproject.org -[buildvm_x86_riscv] -buildvm-x86-riscv01.iad2.fedoraproject.org -buildvm-x86-riscv02.iad2.fedoraproject.org +# +# These are primary arch builders. +# +[arm02] +arm02-builder00.arm.fedoraproject.org +arm02-builder01.arm.fedoraproject.org +arm02-builder02.arm.fedoraproject.org +arm02-builder03.arm.fedoraproject.org +arm02-builder04.arm.fedoraproject.org +arm02-builder05.arm.fedoraproject.org +arm02-builder06.arm.fedoraproject.org +arm02-builder07.arm.fedoraproject.org +arm02-builder08.arm.fedoraproject.org +arm02-builder09.arm.fedoraproject.org +arm02-builder10.arm.fedoraproject.org +arm02-builder11.arm.fedoraproject.org +arm02-builder12.arm.fedoraproject.org +arm02-builder13.arm.fedoraproject.org +arm02-builder14.arm.fedoraproject.org +arm02-builder15.arm.fedoraproject.org +arm02-builder16.arm.fedoraproject.org +arm02-builder17.arm.fedoraproject.org +arm02-builder18.arm.fedoraproject.org +arm02-builder19.arm.fedoraproject.org +arm02-builder20.arm.fedoraproject.org +arm02-builder21.arm.fedoraproject.org +arm02-builder22.arm.fedoraproject.org +arm02-builder23.arm.fedoraproject.org + +# +# These are misc +# +[arm03] +# These are in use as arm03-releng00 - 03 +#arm03-builder00.arm.fedoraproject.org +#arm03-builder01.arm.fedoraproject.org +#arm03-builder02.arm.fedoraproject.org +#arm03-builder03.arm.fedoraproject.org +# These are in use as arm03-qa00 - 03 +#arm03-builder04.arm.fedoraproject.org +#arm03-builder05.arm.fedoraproject.org +#arm03-builder06.arm.fedoraproject.org +#arm03-builder07.arm.fedoraproject.org +# These are in use as arm03-packager01-02 +#arm03-builder08.arm.fedoraproject.org +#arm03-builder09.arm.fedoraproject.org +# These are off currently +#arm03-builder10.arm.fedoraproject.org +#arm03-builder11.arm.fedoraproject.org +#arm03-builder12.arm.fedoraproject.org +#arm03-builder13.arm.fedoraproject.org +#arm03-builder14.arm.fedoraproject.org +#arm03-builder15.arm.fedoraproject.org +#arm03-builder16.arm.fedoraproject.org +#arm03-builder17.arm.fedoraproject.org +#arm03-builder18.arm.fedoraproject.org +#arm03-builder19.arm.fedoraproject.org +#arm03-builder20.arm.fedoraproject.org +#arm03-builder21.arm.fedoraproject.org +#arm03-builder22.arm.fedoraproject.org +#arm03-builder23.arm.fedoraproject.org + +[arm04] +arm04-builder00.arm.fedoraproject.org +arm04-builder01.arm.fedoraproject.org +arm04-builder02.arm.fedoraproject.org +arm04-builder03.arm.fedoraproject.org +arm04-builder04.arm.fedoraproject.org +arm04-builder05.arm.fedoraproject.org +arm04-builder06.arm.fedoraproject.org +arm04-builder07.arm.fedoraproject.org +arm04-builder08.arm.fedoraproject.org +arm04-builder09.arm.fedoraproject.org +arm04-builder10.arm.fedoraproject.org +arm04-builder11.arm.fedoraproject.org +arm04-builder12.arm.fedoraproject.org +arm04-builder13.arm.fedoraproject.org +arm04-builder14.arm.fedoraproject.org +arm04-builder15.arm.fedoraproject.org +arm04-builder16.arm.fedoraproject.org +arm04-builder17.arm.fedoraproject.org +arm04-builder18.arm.fedoraproject.org +arm04-builder19.arm.fedoraproject.org +arm04-builder20.arm.fedoraproject.org +arm04-builder21.arm.fedoraproject.org +arm04-builder22.arm.fedoraproject.org +arm04-builder23.arm.fedoraproject.org [builders:children] buildhw buildvm -buildvm_aarch64 -buildvm_ppc64le -buildvm_s390x -bkernel - -[builders_stg:children] -buildvm_stg -buildvm_ppc64le_stg -buildvm_aarch64_stg -buildvm_s390x_stg - -[buildvm_osbuild_ppc64le] -buildvm-ppc64le-osbuild01.iad2.fedoraproject.org - -[buildvm_osbuild_ppc64le_staging] -buildvm-ppc64le-osbuild02.iad2.fedoraproject.org +buildppc +buildarm diff --git a/inventory/cloud b/inventory/cloud deleted file mode 100644 index a72e02d2d3..0000000000 --- a/inventory/cloud +++ /dev/null @@ -1,53 +0,0 @@ -## -## New Community Hardware -## -#os-proxy01.fedorainfracloud.org -#os-proxy02.fedorainfracloud.org - -## COPR -#copr-vmhost01.fedorainfracloud.org - -[cloud_aws] -proxy09.fedoraproject.org -proxy30.fedoraproject.org -proxy31.fedoraproject.org -proxy32.fedoraproject.org -proxy33.fedoraproject.org -proxy34.fedoraproject.org -proxy35.fedoraproject.org -proxy36.fedoraproject.org -proxy37.fedoraproject.org -proxy38.fedoraproject.org -proxy39.fedoraproject.org -proxy40.fedoraproject.org -copr-be.aws.fedoraproject.org -#copr-be-temp.aws.fedoraproject.org -copr-be-dev.aws.fedoraproject.org -#copr-be-dev-temp.aws.fedoraproject.org -copr-dist-git.aws.fedoraproject.org -copr-dist-git-dev.aws.fedoraproject.org -copr-fe.aws.fedoraproject.org -copr-fe-dev.aws.fedoraproject.org -db.stg.aws.fedoraproject.org -copr-keygen.aws.fedoraproject.org -copr-keygen-dev.aws.fedoraproject.org -#copr-be-dev.cloud.fedoraproject.org -copr-dist-git-dev.fedorainfracloud.org -#copr-pulp.aws.fedoraproject.org -copr-pulp-dev.aws.fedoraproject.org -f40-test.fedorainfracloud.org -f41-test.fedorainfracloud.org -f42-test.fedorainfracloud.org -rawhide-test.fedorainfracloud.org -el9-test.fedorainfracloud.org -aarch64-test01.fedorainfracloud.org -aarch64-test02.fedorainfracloud.org -datanommer01.fedorainfracloud.org -# This is not in aws, but here is good enough for now -ppc64le-test.fedorainfracloud.org -ppc64le-test02.fedorainfracloud.org -logdetective01.fedorainfracloud.org -logdetective02.fedorainfracloud.org - -[cloud:children] -cloud_aws diff --git a/inventory/group_vars/aarch64_test b/inventory/group_vars/aarch64_test deleted file mode 100644 index c97a4b4852..0000000000 --- a/inventory/group_vars/aarch64_test +++ /dev/null @@ -1,5 +0,0 @@ ---- -freezes: false -host_group: cloud -sudoers: "{{ private }}/files/sudo/arm-packager-sudoers" -sudoers_main: nopasswd diff --git a/inventory/group_vars/all b/inventory/group_vars/all index ef7a845466..e654f674ba 100644 --- a/inventory/group_vars/all +++ b/inventory/group_vars/all @@ -1,255 +1,12 @@ --- -####### -# BEGIN: Ansible roles_path variables -# -# Background/reference about external repos pulled in: -# https://pagure.io/fedora-infrastructure/issue/5476 -# -# IPA settings -additional_host_keytabs: [] -ansible_base: /srv/web/infra -# Default to managing the network, we want to not do this on select -# hosts (like cloud nodes) -# List of interfaces to explicitly disable -ansible_ifcfg_disabled: [] -# on MOST infra systems, the interface connected to the infra network -# is eth0. but not on quite ALL systems. e.g. on s390 boxes it's enc900, -# on openqa-ppc64le-01.qa it's eth2 for some reason, and on qa01.qa and -# qa02.qa it's em3. currently this only affects whether GATEWAY, DOMAIN -# and DNS1/DNS2 lines are put into ifcfg-(device). -ansible_ifcfg_infra_net_devices: ['eth0', 'enc900'] -# -# Autodetect python version -# -ansible_python_interpreter: auto -# Set variable if we want to use our global iptables defaults -# Some things need to set their own. -baseiptables: True -# by default set become to false here We can override it as needed. -# Note that if become is true, you need to unset requiretty for -# ssh controlpersist to work. -become: false -br0_nm: 255.255.255.0 -br1_nm: 255.255.255.0 -# assume collectd apache -collectd_apache: true -# communishift project resource overrides -communishift_projects: - communishift-admins: - do_not_delete: true # Marked do not delete 2024-11-25 - communishift-eventbot: - name: communishift-eventbot - communishift-fedora-review-service: - name: communishift-fedora-review-service - do_not_delete: true # Marked do not delete 2024-10-21 - communishift-lightspeed-build: - name: communishift-lightspeed-build - communishift-log-detective: - name: communishift-log-detective - do_not_delete: true # Marked do not delete 2024-10-21 - memory_requests: 4Gi - memory_limits: 6Gi - storage_requests: 10Gi - communishift-mattdm: - name: communishift-mattdm - communishift-metrics: - name: communishift-metrics - communishift-openscanhub: - name: communishift-openscanhub - cpu_requests: 2 - memory_requests: 2Gi - cpu_limits: 2 - memory_limits: 4Gi - pods: 16 - communishift-planet: - name: communishift-planet - communishift-forgejo: - name: communishift-forgejo - communishift-gitlabce: - name: communishift-gitlabce - communishift-ocm: - name: communishift-ocm - communishift-weekly-bootc: - name: communishift-weekly-bootc - do_not_delete: true # Marked do not delete 2024-11-26. Needed until end of bootc initative. - communishift-fossology: - name: communishift-fossology - communishift-commops-analytics: - name: communishift-commops-analytics - communishift-commops-datanom: - name: communishift-commops-datanom -# true or false if we are or are not a copr build virthost. -# Default to false -copr_build_virthost: false -# assume createrepo is true and this builder has the koji nfs mount to do that -createrepo: True -# This vars get shoved into /etc/system_identification by the base role. -# Groups and individual hosts should override them with specific info. -custom6_rules: [] -custom_rules: [] -# most of our systems are in IAD2 -datacenter: iad2 - -# Datanommer -datanommer_db_hostname: db-datanommer02 -# By default, nodes don't backup any dbs on them unless they declare it. -dbs_to_backup: [] -# dnf-automatic-install.service mode default: security-only -dnf_automatic_type: security -dns: "10.3.163.33" -dns1: "10.3.163.33" -dns2: "10.3.163.34" -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -# env is staging or production, we default it to production here. -env: production -env_prefix: "" -env_short: prod -env_suffix: "" -# Default netmask. All of our iad2 nets are /24's. Almost all of our -# non-iad2 sites are less than a /24. -eth0_ipv4_nm: 24 -eth1_ip: 10.0.0.10 -eth1_nm: 255.255.255.0 -# END: Ansible roles_path variables -####### freezes: true -# defaults for hw installs -install_noc: none -ipa_admin_password: "{{ ipa_prod_admin_password }}" -ipa_realm: FEDORAPROJECT.ORG -ipa_server: ipa01.iad2.fedoraproject.org -ipa_server_nodes: - - ipa01.iad2.fedoraproject.org - - ipa02.iad2.fedoraproject.org - - ipa03.iad2.fedoraproject.org -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -# defaults for virt installs -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# most of our systems are 64bit. +# most of our systems are in phx2 +datacenter: phx2 + +# most of our systems are 64bit. # Used to install various nagios scripts and the like. libdir: /usr/lib64 -lvm_size: 20000 -mac_address: RANDOM -mac_address1: RANDOM -main_bridge: br0 -max_cpu: "{{ num_cpus * 5 }}" -max_mem_size: "{{ mem_size * 5 }}" -mem_size: 4096 -nagios_Can_Connect: true -# Nagios global variables -nagios_Check_Services: - dhcpd: false - httpd: false - mail: true - named: false - nrpe: true - ping: true - raid: false - sshd: true - swap: true -nat_rules: [] -# Do we want to use nftables instead of iptables -nftables: True -# nftables variants of custom*_rules -nft_custom6_rules: [] -nft_custom_rules: [] -nft_nat_rules: [] -# default network block device encryption settings for linux-system-roles/nbde_client -nbde: true -nbde_device: /dev/md2 -nbde_client_bindings: - - device: "{{ nbde_device }}" - encryption_password: "{{ nbde_password }}" - password_temporary: no - threshold: 1 - servers: - - http://tang01.iad2.fedoraproject.org - - http://tang02.iad2.fedoraproject.org -# usually we do not want to enable nested virt, only on some virthosts -nested: false -network_allow_restart: yes -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet - state: up -nfs_bridge: br1 -# nfs mount options, override at the group/host level -nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" -nm: 255.255.255.0 -# Most of our machines have manual resolv.conf files -# These settings are for machines where NM is supposed to control resolv.conf. -nrpe_check_postfix_queue_crit: 5 -# by default, the number of emails in queue before we whine -nrpe_check_postfix_queue_warn: 2 -nrpe_procs_crit: 300 -# by default the number of procs we allow before we whine -nrpe_procs_warn: 250 -num_cpus: 2 -# ocp4 is default now in some proxy roles -ocp4: true -# All the ocp production workers. -# This is used by the openvpn openshift app to make sure there's a vpn pod on each node. -ocp_nodes: - - worker01.ocp.iad2.fedoraproject.org - - worker02.ocp.iad2.fedoraproject.org - - worker03.ocp.iad2.fedoraproject.org - - worker04.ocp.iad2.fedoraproject.org - - worker05.ocp.iad2.fedoraproject.org - - worker06.ocp.iad2.fedoraproject.org -ocp_nodes_rdu3: - - worker01.ocp.rdu3.fedoraproject.org - - worker02.ocp.rdu3.fedoraproject.org - - worker03.ocp.rdu3.fedoraproject.org - - worker04.ocp.rdu3.fedoraproject.org - - worker05.ocp.rdu3.fedoraproject.org -ocp_wildcard_cert_file: wildcard-2024.apps.ocp.fedoraproject.org.cert -# This is the openshift wildcard cert for ocp -ocp_wildcard_cert_name: wildcard-2024.apps.ocp.fedoraproject.org -ocp_wildcard_int_file: wildcard-2024.apps.ocp.fedoraproject.org.intermediate.cert -ocp_wildcard_key_file: wildcard-2024.apps.ocp.fedoraproject.org.key -# rdu3 ocp cert while we are not yet moved -ocp_rdu3_wildcard_cert_file: wildcard-2025.apps.ocp-rdu3.fedoraproject.org.cert -ocp_rdu3_wildcard_cert_name: wildcard-2025.apps.ocp-rdu3.fedoraproject.org -ocp_rdu3_wildcard_int_file: wildcard-2025.apps.ocp-rdu3.fedoraproject.org.intermediate.cert -ocp_rdu3_wildcard_key_file: wildcard-2025.apps.ocp-rdu3.fedoraproject.org.key -# Path to the openshift-ansible checkout as external git repo brought into -# Fedora Infra -openshift_ansible: /srv/web/infra/openshift-ansible/ -postfix_group: "none" -# This is a list of services that need to wait for VPN to be up before getting started. -postvpnservices: [] -preferred_dc: iad2 -primary_auth_source: ipa -# -# Set a redirectmatch variable we can use to disable some redirectmatches -# like the prerelease to final ones. -# -redirectmatch_enabled: True -# default the root_auth_users to nothing. -# This should be set for cloud instances in their host or group vars. -root_auth_users: '' -# List of names under which the host is available -ssh_hostnames: [] -# This enables/disables the SSH "keyhelper" used by Pagure for verifying users' -# SSH keys from the Pagure database -sshd_keyhelper: false -# Normal default sshd port is 22 -sshd_port: 22 -tcp_ports: [] + # example of ports for default iptables # tcp_ports: [ 22, 80, 443 ] # udp_ports: [ 110, 1024, 2049 ] @@ -258,52 +15,52 @@ tcp_ports: [] # '-A INPUT -p tcp -m tcp --dport 8889 -j ACCEPT' ] # We default these to empty udp_ports: [] -# Most EL systems need default EPEL repos. -# Some systems (notably fed-cloud*) need to get their own -# EPEL files because EPEL overrides packages in their core repos. -use_default_epel: true -# -# The default virt-install works for rhel9 or fedora with 1 nic -# -virt_install_command: "{{ virt_install_command_one_nic }}" -virt_install_command_aarch64_one_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole -virt_install_command_aarch64_one_nic_unsafe: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads,discard=unmap --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole -virt_install_command_aarch64_two_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --network=bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address1 }} --autostart --noautoconsole --rng /dev/random -virt_install_command_one_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns }} nameserver=8.8.8.8 ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ eth0_ipv4_nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole --watchdog default --rng /dev/random --cpu host -virt_install_command_one_nic_unsafe: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads,discard=unmap --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns1 }} ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ eth0_ipv4_nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole --watchdog default --rng /dev/random --cpu host -virt_install_command_ppc64le_one_nic_unsafe: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads,discard=unmap --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ eth0_ipv4_nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole --watchdog default --rng /dev/random -virt_install_command_ppc64le_two_nic_unsafe: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads,discard=unmap --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --network=bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address1 }} --autostart --noautoconsole --watchdog default --rng /dev/random -virt_install_command_pxe_rhcos: virt-install -n {{ inventory_hostname }} --vcpus {{ num_cpus }},maxvcpus={{ num_cpus }} --memory {{ mem_size }} --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --nographics --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --hvm --accelerate --autostart --wait=-1 --extra-args "ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ nm }}:{{ inventory_hostname }}:enp1s0:none hostname={{ inventory_hostname }} nameserver={{ dns }} console=ttyS0 nomodeset rd.neednet=1 coreos.inst=yes coreos.inst.install_dev=vda coreos.live.rootfs_url={{ rhcos_install_rootfs_url }} coreos.inst.ignition_url={{ rhcos_ignition_file_url }}" --os-variant rhel9.5 --location {{ rhcos_install_url }} -virt_install_command_s390x_one_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole --rng /dev/random --cpu host -virt_install_command_s390x_one_nic_unsafe: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads,discard=unmap --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole --rng /dev/random --cpu host -virt_install_command_two_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --network=bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address1 }} --autostart --noautoconsole --watchdog default --rng /dev/random -virt_install_command_two_nic_unsafe: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads,discard=unmap --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --network bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address1 }} --autostart --noautoconsole --watchdog default --rng /dev/random -# assume vpn is false -vpn: False -# This is the wildcard certname for our proxies. It has a different name for -# the staging group and is used in the proxies.yml playbook. -wildcard_cert_name: wildcard-2024.fedoraproject.org -wildcard_crt_file: wildcard-2024.fedoraproject.org.cert -wildcard_int_file: wildcard-2024.fedoraproject.org.intermediate.cert -wildcard_key_file: wildcard-2024.fedoraproject.org.key -# -# say if we want the apache role dependency for mod_wsgi or not -# In some cases we want mod_wsgi and no apache (for python3 httpaio stuff) -# -wsgi_wants_apache: true -# set no x-forward header by default -x_forward: false -# +tcp_ports: [] +custom_rules: [] -# Template defaults are defined in the template macros. If we need a specific -# host to have different values for a macro, define it here. Use the macro name -# as it is in Zabbix so we can search for it easily. If you remove a key, -# Zabbix is *not* updated - set the value to "absent" instead. +# defaults for virt installs +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ +mem_size: 2048 +num_cpus: 2 +lvm_size: 20000 -# This is overriden at the host_var level, this is empty just so the var exists -zabbix_macros: {} +# default virt install command is for a single nic-device +# define in another group file for more nics (see buildvm) +#virt_install_command: /usr/sbin/virt-install -n {{ inventory_hostname }} -r {{ mem_size }} +# --disk {{ volgroup }}/{{ inventory_hostname }} +# --vcpus={{ num_cpus }} -l {{ ks_repo }} -x +# "ksdevice=eth0 ks={{ ks_url }} ip={{ eth0_ip }} netmask={{ nm }} +# gateway={{ gw }} dns={{ dns }} console=tty0 console=ttyS0 +# hostname={{ inventory_hostname }}" +# --network=bridge=br0 --autostart --noautoconsole -notes: | - Unspecified. - * What hosts/services does this rely on? - * What hosts/services rely on this? +virt_install_command: virt-install -n {{ inventory_hostname }} -r {{ mem_size }} + --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} + --vcpus={{ num_cpus }} -l {{ ks_repo }} -x + 'ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0 + hostname={{ inventory_hostname }} nameserver={{ dns }} + ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' + --network bridge=br0,model=virtio + --autostart --noautoconsole + +# By default, nodes get no fedmsg certs. They need to declare them explicitly. +fedmsg_certs: [] + +# By default, nodes don't backup any dbs on them unless they declare it. +dbs_to_backup: [] + +# by default the number of procs we allow before we whine +nrpe_procs_warn: 250 +nrpe_procs_crit: 300 + +# env is staging or production, we default it to production here. +env: production + +# nfs mount options, override at the group/host level +nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid" + +# by default set sudo to false here We can override it as needed. +# Note that if sudo is true, you need to unset requiretty for +# ssh controlpersist to work. +sudo: false diff --git a/inventory/group_vars/arm-packager b/inventory/group_vars/arm-packager new file mode 100644 index 0000000000..ae76668253 --- /dev/null +++ b/inventory/group_vars/arm-packager @@ -0,0 +1,6 @@ +--- +fas_client_groups: packager +freezes: false +sudoers: "{{ private }}/files/sudo/arm-packager-sudoers" +sudoers_main: nopasswd +host_group: cloud diff --git a/inventory/group_vars/arm-qa b/inventory/group_vars/arm-qa new file mode 100644 index 0000000000..8525c4f6b5 --- /dev/null +++ b/inventory/group_vars/arm-qa @@ -0,0 +1,7 @@ +--- +fas_client_groups: sysadmin-qa,arm-qa,qa +freezes: false +sudoers: "{{ private }}/files/sudo/arm-qa-sudoers" +sudoers_main: nopasswd +libdir: /usr/lib +host_group: cloud diff --git a/inventory/group_vars/arm-releng b/inventory/group_vars/arm-releng new file mode 100644 index 0000000000..758e7d70d3 --- /dev/null +++ b/inventory/group_vars/arm-releng @@ -0,0 +1,8 @@ +--- +fas_client_groups: sysadmin-releng +freezes: false +# +# These are 32bit +# +libdir: /usr/lib +sudoers: "{{ private }}/files/sudo/arm-releng-sudoers" diff --git a/inventory/group_vars/arm-retrace b/inventory/group_vars/arm-retrace new file mode 100644 index 0000000000..e2a2e88f9b --- /dev/null +++ b/inventory/group_vars/arm-retrace @@ -0,0 +1,10 @@ +--- +fas_client_groups: retrace +freezes: false +# +# These are 32bit +# +libdir: /usr/lib +sudoers: "{{ private }}/files/sudo/arm-retrace-sudoers" + +tcp_ports: [ 80 ] diff --git a/inventory/group_vars/ask b/inventory/group_vars/ask new file mode 100644 index 0000000000..32a9c645c9 --- /dev/null +++ b/inventory/group_vars/ask @@ -0,0 +1,23 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +tcp_ports: [ 80, 443, + # These 8 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-ask,fi-apprentice + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: askbot + owner: root + group: apache diff --git a/inventory/group_vars/ask-stg b/inventory/group_vars/ask-stg new file mode 100644 index 0000000000..32a9c645c9 --- /dev/null +++ b/inventory/group_vars/ask-stg @@ -0,0 +1,23 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +tcp_ports: [ 80, 443, + # These 8 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-ask,fi-apprentice + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: askbot + owner: root + group: apache diff --git a/inventory/group_vars/atomichw b/inventory/group_vars/atomichw new file mode 100644 index 0000000000..afe1c28fa8 --- /dev/null +++ b/inventory/group_vars/atomichw @@ -0,0 +1,9 @@ +--- +host_group: atomicbuilder +freezes: false +nrpe_procs_warn: 700 +nrpe_procs_crit: 800 + +fas_client_groups: atomic,sysadmin-atomic + +tcp_ports: [ 80, 443, 873 ] diff --git a/inventory/group_vars/autosign b/inventory/group_vars/autosign index 05d2675432..d1077c5bf3 100644 --- a/inventory/group_vars/autosign +++ b/inventory/group_vars/autosign @@ -1,32 +1,11 @@ --- -# Define resources for this group of hosts here. -ansible_ifcfg_allowlist: - - eth0 - - eth1 -# For the MOTD +# Define resources for this group of hosts here. +lvm_size: 30000 +mem_size: 2048 +num_cpus: 2 + # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file -# Make connections from signing bridges stateless, they break sigul connections -# https://bugzilla.redhat.com/show_bug.cgi?id=1283364 -custom_rules: ['-A INPUT --proto tcp --sport 44334 --source 10.3.169.120 -j ACCEPT'] -nft_custom_rules: ['add rule ip filter INPUT ip saddr 10.3.169.120 tcp sport 44334 counter accept'] +fas_client_groups: sysadmin-releng host_group: autosign -ipa_client_shell_groups: - - sysadmin-releng -ipa_client_sudo_groups: - - sysadmin-releng -ipa_host_group: autosign -ipa_host_group_desc: Hosts signing content automatically -lvm_size: 30000 -mem_size: 2048 -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" -num_cpus: 2 - -notes: | - Automatically sign Rawhide and Branched packages - - This host will run the robosignatory application which should automatically sign - builds. It listens to koji over fedora-messaging for notifications of new builds, - and then asks sigul, the signing server, to sign the rpms and store the new rpm - header back in Koji. diff --git a/inventory/group_vars/autosign_hardware b/inventory/group_vars/autosign_hardware deleted file mode 100644 index e7d8154757..0000000000 --- a/inventory/group_vars/autosign_hardware +++ /dev/null @@ -1,6 +0,0 @@ ---- -# Make connections from signing bridges stateless, they break sigul connections -# https://bugzilla.redhat.com/show_bug.cgi?id=1283364 -custom_rules: ['-A INPUT --proto tcp --sport 44334 --source 10.3.169.120 -j ACCEPT'] -nft_custom_rules: ['add rule ip filter INPUT ip saddr 10.3.169.120 tcp sport 44334 counter accept'] -host_group: autosign diff --git a/inventory/group_vars/backup b/inventory/group_vars/backup deleted file mode 100644 index 9b19481128..0000000000 --- a/inventory/group_vars/backup +++ /dev/null @@ -1,2 +0,0 @@ ---- -primary_auth_source: ipa diff --git a/inventory/group_vars/badges-backend b/inventory/group_vars/badges-backend new file mode 100644 index 0000000000..27ca02c31f --- /dev/null +++ b/inventory/group_vars/badges-backend @@ -0,0 +1,21 @@ +--- +lvm_size: 20000 +mem_size: 6144 +num_cpus: 2 +freezes: false + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 3000 ] + +fas_client_groups: sysadmin-noc,sysadmin-badges + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: fedbadges + owner: root + group: fedmsg diff --git a/inventory/group_vars/badges-backend-stg b/inventory/group_vars/badges-backend-stg new file mode 100644 index 0000000000..3addb61a2a --- /dev/null +++ b/inventory/group_vars/badges-backend-stg @@ -0,0 +1,21 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 3000 ] + +fas_client_groups: sysadmin-noc,sysadmin-badges + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: fedbadges + owner: root + group: fedmsg diff --git a/inventory/group_vars/badges-web b/inventory/group_vars/badges-web new file mode 100644 index 0000000000..c69bf1575c --- /dev/null +++ b/inventory/group_vars/badges-web @@ -0,0 +1,27 @@ +--- +lvm_size: 20000 +mem_size: 4096 +num_cpus: 2 +freezes: false + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-badges + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: tahrir + owner: root + group: tahrir diff --git a/inventory/group_vars/badges-web-stg b/inventory/group_vars/badges-web-stg new file mode 100644 index 0000000000..5f58d9c780 --- /dev/null +++ b/inventory/group_vars/badges-web-stg @@ -0,0 +1,27 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-badges + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: tahrir + owner: root + group: tahrir diff --git a/inventory/group_vars/bastion b/inventory/group_vars/bastion deleted file mode 100644 index a8d9506bbf..0000000000 --- a/inventory/group_vars/bastion +++ /dev/null @@ -1,73 +0,0 @@ ---- -# Define resources for this group of hosts here. -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should override them with specific info. -# -# drop incoming traffic from less trusted vpn hosts -# allow ntp from internal RH 10 nets -# -custom_rules: ['-A INPUT -s 192.168.100/24 -j REJECT --reject-with icmp-host-prohibited', '-A INPUT -s 10.0.0.0/8 -p udp -m udp --dport 123 -j ACCEPT'] -nft_block_rules: - - 'add rule ip filter INPUT ip saddr 192.168.100.0/24 counter reject with icmp type host-prohibited' - - 'add rule ip filter INPUT ip saddr 10.0.0.0/8 udp dport 123 counter accept' -# -# This host is externally reachable -# -external: true -# -# Set this to get fasclient cron to make the aliases file -# -fas_aliases: true -# -# Set this to get fasjson-client cron to make the aliases file -# -fasjson_aliases: false -fasjson_url: https://fasjson.fedoraproject.org/ -host_group: bastion -ipa_client_shell_groups: - - pungi-devel - - sysadmin-analysis - - sysadmin-dba - - sysadmin-eln - - sysadmin-ppc - - sysadmin-secondary - - sysadmin-spin - - sysadmin-troubleshoot - - sysadmin-qa - - sysadmin-kernel - - sysadmin-riscv -ipa_client_shell_groups_inherit_from: - - batcave -# allow a bunch of sysadmin groups here so they can access internal stuff -ipa_host_group: bastion -ipa_host_group_desc: Bastion hosts -lvm_size: 20000 -mem_size: 8192 -nagios_Check_Services: - mail: false - nrpe: true -nrpe_procs_crit: 1200 -# -# Sometimes there are lots of postfix processes -# -nrpe_procs_warn: 1100 -num_cpus: 4 -# -# This is a postfix gateway. This will pick up gateway postfix config in base -# -postfix_group: gateway -postfix_transport_filename: transports.gateway -primary_auth_source: ipa -# -# allow incoming openvpn and smtp -# -tcp_ports: [22, 1194] -udp_ports: [1194] - -notes: | - SSH proxy to access infrastructure not exposed to the web - - * Provides ssh access to all iad2/vpn connected servers. - * Bastion is the hub for all infrastructure's VPN connections. - * All incoming SMTP from iad2 and VPN, as well as outgoing SMTP, pass or are filtered here. - * Bastion does not accept any mail outside phx2/vpn. diff --git a/inventory/group_vars/bastion_stg b/inventory/group_vars/bastion_stg deleted file mode 100644 index 2338bb77c0..0000000000 --- a/inventory/group_vars/bastion_stg +++ /dev/null @@ -1,56 +0,0 @@ ---- -# Define resources for this group of hosts here. -bastion_ipa_client_shell_groups: - - pungi-devel - - sysadmin-analysis - - sysadmin-dba - - sysadmin-ppc - - sysadmin-secondary - - sysadmin-spin - - sysadmin-troubleshoot -# this only works if the `batcave_stg` group and at least one host in it is defined -# batcave_ipa_client_shell_groups: "{{ hostvars[groups['batcave_stg'][0]]['ipa_client_shell_groups'] | default([]) }}" -batcave_ipa_client_shell_groups: [] -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should override them with specific info. -# -# drop incoming traffic from less trusted vpn hosts -# allow ntp from internal RH 10 nets -# -custom_rules: ['-A INPUT -s 192.168.100/24 -j REJECT --reject-with icmp-host-prohibited', '-A INPUT -s 10.0.0.0/8 -p udp -m udp --dport 123 -j ACCEPT'] -nft_block_rules: - - 'add rule ip filter INPUT ip saddr 192.168.100.0/24 counter reject with icmp type host-prohibited' - - 'add rule ip filter INPUT ip saddr 10.0.0.0/8 udp dport 123 counter accept' -# -# Set this to get fasjson-client cron to make the aliases file -# -fasjson_aliases: true -ipa_client_shell_groups: "{{ (bastion_ipa_client_shell_groups + batcave_ipa_client_shell_groups) | sort | unique }}" -# -# allow a bunch of sysadmin groups here so they can access internal stuff -# -ipa_host_group: bastion -ipa_host_group_desc: Bastion hosts -lvm_size: 20000 -mem_size: 8192 -nagios_Check_Services: - mail: false - nrpe: true -nrpe_procs_crit: 1200 -# -# Sometimes there are lots of postfix processes -# -nrpe_procs_warn: 1100 -num_cpus: 4 -# -# allow incoming openvpn and smtp -# -tcp_ports: [22, 25, 1194] -udp_ports: [1194] - -notes: | - SSH proxy to access STAGING infrastructure not exposed to the web - * Provides ssh access to all iad2/vpn connected servers. - * Bastion is the hub for all infrastructure's VPN connections. - * All incoming SMTP from iad2 and VPN, as well as outgoing SMTP, pass or are filtered here. - * Bastion does not accept any mail outside phx2/vpn. diff --git a/inventory/group_vars/batcave b/inventory/group_vars/batcave deleted file mode 100644 index a80212a130..0000000000 --- a/inventory/group_vars/batcave +++ /dev/null @@ -1,69 +0,0 @@ ---- -ansible_base: /srv/web/infra -# For the MOTD -# Neeed for rsync from log01 for logs. -custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'] -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept' -# -# This host is externally reachable -# -external: true -freezes: true -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-ask - - sysadmin-badges - - sysadmin-bot - - sysadmin-centos - - sysadmin-cloud - - sysadmin-copr - - sysadmin-coreos - - sysadmin-cvs - - sysadmin-datanommer - - sysadmin-debuginfod - - sysadmin-koschei - - sysadmin-libravatar - - sysadmin-messaging - - sysadmin-noc - - sysadmin-osbuild - - sysadmin-openscanhub - - sysadmin-qa - - sysadmin-retrace - - sysadmin-releasemonitoring - - sysadmin-releng - - sysadmin-tools - - sysadmin-upstreamfirst - - sysadmin-veteran - - sysadmin-web -ipa_host_group: batcave -ipa_host_group_desc: The Bat Cave -lvm_size: 750000 -mem_size: 24576 -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 10 -primary_auth_source: ipa -tcp_ports: [80, 443, 8442, 8443] -vpn: true -nagios_Check_Services: - swap: false - -notes: | - Central management host for ansible - - From the batcave batman ventures out to fight crime and protect gotham city! - - batcave is the central management host for ansible. - It also is the infrastructure.fedoraproject.org website with various content. - It houses a number of infrastructure git repos. - - This host relies on: - * The virthost it's hosted on (virthost22) - - Things that rely on this host: - * Things that access rhel/fedora/infra rpm repos, including builders and infra hosts. - * If this host is down, ansible runs cannot be made to update other hosts. - * If this host is down, crime may go up in gotham city. diff --git a/inventory/group_vars/beaker b/inventory/group_vars/beaker new file mode 100644 index 0000000000..59c9a26b0b --- /dev/null +++ b/inventory/group_vars/beaker @@ -0,0 +1,13 @@ +--- +# common items for the releng-* boxes +lvm_size: 50000 +mem_size: 4096 +num_cpus: 2 +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, 8000 ] +udp_ports: [ 69 ] +fas_client_groups: sysadmin-qa +nrpe_procs_warn: 250 +nrpe_procs_crit: 300 diff --git a/inventory/group_vars/bkernel b/inventory/group_vars/bkernel index 9b95778e18..3d86bd862e 100644 --- a/inventory/group_vars/bkernel +++ b/inventory/group_vars/bkernel @@ -1,12 +1,2 @@ --- host_group: kojibuilder -# Both of these default to sysadmin-main in the ipa/client role -ipa_client_shell_groups: [] -ipa_client_sudo_groups: [] -ipa_host_group: kojibuilder-kernel -ipa_host_group_desc: Koji Build hosts for kernel builds -koji_hub_nfs: "fedora_koji" -koji_instance: "primary" -koji_server_url: "https://koji.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.fedoraproject.org/" -koji_weburl: "https://koji.fedoraproject.org/koji" diff --git a/inventory/group_vars/bodhi b/inventory/group_vars/bodhi new file mode 100644 index 0000000000..9909650ff8 --- /dev/null +++ b/inventory/group_vars/bodhi @@ -0,0 +1,30 @@ +--- +# Define resources for this group of hosts here. +jobrunner: false +epelmasher: false + +lvm_size: 40000 +mem_size: 4096 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: bodhi + owner: root + group: bodhi diff --git a/inventory/group_vars/bodhi-stg b/inventory/group_vars/bodhi-stg new file mode 100644 index 0000000000..9909650ff8 --- /dev/null +++ b/inventory/group_vars/bodhi-stg @@ -0,0 +1,30 @@ +--- +# Define resources for this group of hosts here. +jobrunner: false +epelmasher: false + +lvm_size: 40000 +mem_size: 4096 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: bodhi + owner: root + group: bodhi diff --git a/inventory/group_vars/bodhi_backend b/inventory/group_vars/bodhi_backend deleted file mode 100644 index 5e58673e3b..0000000000 --- a/inventory/group_vars/bodhi_backend +++ /dev/null @@ -1,30 +0,0 @@ ---- -# common items for the releng-* boxes -bodhi_message_queue_name: "bodhi{{ env_suffix }}_composer" -# Define the topics that our fedora-messaging queue should be subscribed to. -bodhi_message_routing_keys: - - "org.fedoraproject.*.bodhi.composer.start" -# Make connections from signing bridges stateless, they break sigul connections -# https://bugzilla.redhat.com/show_bug.cgi?id=1283364 -custom_rules: ['-A INPUT --proto tcp --sport 44334 --source 10.5.125.71 -j ACCEPT'] -nft_custom_rules: ['add rule ip filter INPUT ip saddr 10.5.125.71 tcp sport 44334 counter accept'] -host_group: bodhi2 -ipa_client_shell_groups: - - sysadmin-bodhi - - sysadmin-releng -ipa_client_sudo_groups: - - sysadmin-bodhi - - sysadmin-releng -ipa_host_group: bodhi -ipa_host_group_desc: Bodhi update service -lvm_size: 100000 -mem_size: 16384 -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" -nrpe_procs_crit: 1000 -# With 16 cpus, theres a bunch more kernel threads -nrpe_procs_warn: 900 -num_cpus: 16 -sudoers: "{{ private }}/files/sudo/00releng-sudoers" -# Do not use testing repositories on production -testing: False -virt_install_command: "{{ virt_install_command_two_nic }}" diff --git a/inventory/group_vars/bodhi_backend_stg b/inventory/group_vars/bodhi_backend_stg deleted file mode 100644 index c2d638f82c..0000000000 --- a/inventory/group_vars/bodhi_backend_stg +++ /dev/null @@ -1,48 +0,0 @@ ---- -# common items for the releng-* boxes -bodhi_message_queue_name: "bodhi{{ env_suffix }}_composer" -# Define the topics that our fedora-messaging queue should be subscribed to. -bodhi_message_routing_keys: - - "org.fedoraproject.*.bodhi.composer.start" -# For the MOTD -# Make connections from signing bridges stateless, they break sigul connections -# https://bugzilla.redhat.com/show_bug.cgi?id=1283364 -# this is sign-bridge01.iad2 ip 10.3.169.120 -custom_rules: ['-A INPUT --proto tcp --sport 44334 --source 10.3.169.120 -j ACCEPT'] -nft_custom_rules: ['add rule ip filter INPUT ip saddr 10.3.169.120 tcp sport 44334 counter accept'] -host_group: bodhi2 -ipa_client_shell_groups: - - sysadmin-bodhi - - sysadmin-releng -ipa_client_sudo_groups: - - sysadmin-bodhi - - sysadmin-releng -ipa_host_group: bodhi -ipa_host_group_desc: Bodhi update service -lvm_size: 100000 -mem_size: 4096 -nrpe_procs_crit: 1000 -# With 16 cpus, theres a bunch more kernel threads -nrpe_procs_warn: 900 -num_cpus: 2 -# Use the infra-testing repo -testing: True - -notes: | - Run the Bodhi masher. - - Check the bodhi masher docs/code for more detail on what it does: - https://github.com/fedora-infra/bodhi/blob/develop/bodhi/consumers/masher.py - - * This host relies on: - * db01 for its database, which is shares with the bodhi2 frontend nodes. - * An NFS mount of koji data in /mnt/koji/ - * The fedora messaging for triggering mashes. - * XMLRPC calls to koji for tagging and untagging updates. - * bugzilla for posting comments about status changes - * the wiki for getting information about QA "Test Cases" - * taksotron (resultsdb) for getting status-check results (gating updates). - - * No other systems rely directly on this host. Everything depends on it - indirectly for the creation of new updates repos (which get synced out to - the master mirror for distribution. diff --git a/inventory/group_vars/bugzilla2fedmsg b/inventory/group_vars/bugzilla2fedmsg new file mode 100644 index 0000000000..2d5358e221 --- /dev/null +++ b/inventory/group_vars/bugzilla2fedmsg @@ -0,0 +1,21 @@ +--- +lvm_size: 20000 +mem_size: 6144 +num_cpus: 2 +freezes: false + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 3000, 3001 ] + +fas_client_groups: sysadmin-noc,sysadmin-datanommer + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: bugzilla2fedmsg + owner: root + group: fedmsg diff --git a/inventory/group_vars/bugzilla2fedmsg-stg b/inventory/group_vars/bugzilla2fedmsg-stg new file mode 100644 index 0000000000..a7b0923c24 --- /dev/null +++ b/inventory/group_vars/bugzilla2fedmsg-stg @@ -0,0 +1,21 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 1 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 3000, 3001 ] + +fas_client_groups: sysadmin-noc,sysadmin-datanommer + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: bugzilla2fedmsg + owner: root + group: fedmsg diff --git a/inventory/group_vars/buildarm b/inventory/group_vars/buildarm new file mode 100644 index 0000000000..1132ab2dd1 --- /dev/null +++ b/inventory/group_vars/buildarm @@ -0,0 +1 @@ +host_group: kojibuilder diff --git a/inventory/group_vars/builders b/inventory/group_vars/builders deleted file mode 100644 index ae614adfdb..0000000000 --- a/inventory/group_vars/builders +++ /dev/null @@ -1,16 +0,0 @@ ---- -external: false -# nagios items -# We don't use nrpe to check any of the builders -# Nor do we check swap there. -ipa_client_shell_groups: - - sysadmin-releng -ipa_client_sudo_groups: - - sysadmin-releng -ipa_host_group: kojibuilder -ipa_host_group_desc: Koji Build hosts -nagios_Check_Services: - mail: false - nrpe: false - swap: false -primary_auth_source: ipa diff --git a/inventory/group_vars/builders_stg b/inventory/group_vars/builders_stg deleted file mode 100644 index ae614adfdb..0000000000 --- a/inventory/group_vars/builders_stg +++ /dev/null @@ -1,16 +0,0 @@ ---- -external: false -# nagios items -# We don't use nrpe to check any of the builders -# Nor do we check swap there. -ipa_client_shell_groups: - - sysadmin-releng -ipa_client_sudo_groups: - - sysadmin-releng -ipa_host_group: kojibuilder -ipa_host_group_desc: Koji Build hosts -nagios_Check_Services: - mail: false - nrpe: false - swap: false -primary_auth_source: ipa diff --git a/inventory/group_vars/buildhw b/inventory/group_vars/buildhw index 3d129dcc42..6ac646ea04 100644 --- a/inventory/group_vars/buildhw +++ b/inventory/group_vars/buildhw @@ -1,22 +1,3 @@ --- -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should ovveride them with specific info. - -docker_registry: "candidate-registry.fedoraproject.org" -freezes: true host_group: kojibuilder -koji_hub: "koji.fedoraproject.org/kojihub" -koji_hub_nfs: "fedora_koji" -koji_instance: "primary" -koji_root: "koji.fedoraproject.org/koji" -koji_server_url: "https://koji.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.fedoraproject.org/" -koji_weburl: "https://koji.fedoraproject.org/koji" -source_registry: "registry.fedoraproject.org" - -notes: | - Koji service employs a set of machines to build packages for the Fedora project. - - * Relies on koji-hub, Packages, PkgDB, apache, fedora messaging, fas, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new +freezes: true diff --git a/inventory/group_vars/buildvm b/inventory/group_vars/buildvm index e98179d82c..99fb48d75d 100644 --- a/inventory/group_vars/buildvm +++ b/inventory/group_vars/buildvm @@ -1,32 +1,25 @@ --- # common items for the buildvm-* koji builders -dns: 10.3.163.33 -docker_registry: "candidate-registry.fedoraproject.org" -eth0_ipv4_gw: 10.3.169.254 +volgroup: /dev/BuildGuests +lvm_size: 150000 +mem_size: 10240 +num_cpus: 4 +ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-20 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/x86_64/os/ +nm: 255.255.255.0 +gw: 10.5.125.254 +eth1_gw: 10.5.127.254 +dns: 10.5.126.21 +virt_install_command: /usr/sbin/virt-install -n {{ inventory_hostname }} -r {{ mem_size }} + --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} + --vcpus={{ num_cpus }} -l {{ ks_repo }} -x + "ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0 + hostname={{ inventory_hostname }} nameserver={{ dns }} + ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none + ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname }}-nfs:eth1:none" + --network=bridge=br0,model=virtio --network=bridge=br1,model=virtio + --autostart --noautoconsole + # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file host_group: kojibuilder -koji_hub: "koji.fedoraproject.org/kojihub" -koji_hub_nfs: "fedora_koji" -koji_instance: "primary" -koji_root: "koji.fedoraproject.org/koji" -koji_server_url: "https://koji.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.fedoraproject.org/" -koji_weburl: "https://koji.fedoraproject.org/koji" -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 262144 -max_mem_size: "{{ mem_size }}" -mem_size: 15360 -num_cpus: 6 -source_registry: "registry.fedoraproject.org" -virt_install_command: "{{ virt_install_command_one_nic_unsafe }}" -volgroup: /dev/BuildGuests - -notes: | - Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders. - - * VMs built on top of buildvmhost - * Relies on koji-hub, Packages, PkgDB, apache, fedora messaging, fas, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new diff --git a/inventory/group_vars/buildvm-stg b/inventory/group_vars/buildvm-stg new file mode 100644 index 0000000000..cb253eaa57 --- /dev/null +++ b/inventory/group_vars/buildvm-stg @@ -0,0 +1,24 @@ +--- +# common items for the buildvm-* koji builders +volgroup: /dev/vg_virthost16 +lvm_size: 150000 +mem_size: 10240 +num_cpus: 4 +ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-20 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/x86_64/os/ +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +virt_install_command: /usr/sbin/virt-install -n {{ inventory_hostname }} -r {{ mem_size }} + --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} + --vcpus={{ num_cpus }} -l {{ ks_repo }} -x + "ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0 + hostname={{ inventory_hostname }} nameserver={{ dns }} + ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none" + --network=bridge=br0,model=virtio --network=bridge=br1,model=virtio + --autostart --noautoconsole + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file +host_group: kojibuilder +datacenter: staging diff --git a/inventory/group_vars/buildvm_aarch64 b/inventory/group_vars/buildvm_aarch64 deleted file mode 100644 index 9bbfb04c3e..0000000000 --- a/inventory/group_vars/buildvm_aarch64 +++ /dev/null @@ -1,32 +0,0 @@ ---- -# common items for the buildvm-aarch64* koji builders -dns: 10.3.163.33 -docker_registry: "candidate-registry.fedoraproject.org" -eth0_ipv4_gw: 10.3.170.254 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -host_group: kojibuilder -koji_hub: "koji.fedoraproject.org/kojihub" -koji_hub_nfs: "fedora_koji" -koji_instance: "primary" -koji_root: "koji.fedoraproject.org/koji" -koji_server_url: "https://koji.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.fedoraproject.org/" -koji_weburl: "https://koji.fedoraproject.org/koji" -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/aarch64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 300000 -max_cpu: "{{ num_cpus }}" -max_mem_size: "{{ mem_size }}" -mem_size: 36864 -num_cpus: 12 -source_registry: "registry.fedoraproject.org" -virt_install_command: "{{ virt_install_command_aarch64_one_nic_unsafe }}" -volgroup: /dev/vg_guests - -notes: | - Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders. - * VMs built on top of buildvmhost - * Relies on koji-hub, Packages, PkgDB, apache, fedora messaging, fas, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new diff --git a/inventory/group_vars/buildvm_aarch64_stg b/inventory/group_vars/buildvm_aarch64_stg deleted file mode 100644 index 95a7af76fe..0000000000 --- a/inventory/group_vars/buildvm_aarch64_stg +++ /dev/null @@ -1,39 +0,0 @@ ---- -# common items for the buildvm-* koji builders -createrepo: True -datacenter: iad2 -dns: 10.3.163.33 -docker_registry: "candidate-registry.stg.fedoraproject.org" -eth0_ipv4_gw: 10.3.167.254 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -host_group: kojibuilder -koji_hub: "koji.stg.fedoraproject.org/kojihub" -koji_hub_nfs: "fedora_koji" -koji_instance: "primary" -koji_root: "koji.stg.fedoraproject.org/koji" -koji_server_url: "https://koji.stg.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.stg.fedoraproject.org/" -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should ovveride them with specific info. - -koji_weburl: "https://koji.stg.fedoraproject.org/koji" -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/aarch64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 140000 -max_cpu: "{{ num_cpus }}" -max_mem_size: "{{ mem_size }}" -mem_size: 40960 -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" -num_cpus: 5 -source_registry: "registry.stg.fedoraproject.org" -# this is to enable nested virt, which we need for some builds -virt_install_command: "{{ virt_install_command_aarch64_one_nic_unsafe }}" -volgroup: /dev/vg_guests - -notes: | - Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders (staging). - * VMs built on top of buildvmhost - * Relies on koji-hub, Packages, PkgDB, apache, fedora messaging, fas, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new diff --git a/inventory/group_vars/buildvm_osbuild_ppc64le b/inventory/group_vars/buildvm_osbuild_ppc64le deleted file mode 100644 index b6c847074e..0000000000 --- a/inventory/group_vars/buildvm_osbuild_ppc64le +++ /dev/null @@ -1,46 +0,0 @@ -# common variables for osbuild workers -datacenter: iad2 -dns: 10.3.163.33 -dns_search1: iad2.fedoraproject.org -dns_search2: fedoraproject.org -eth0_ipv4_gw: 10.3.171.254 -external: false -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/39/Server/ppc64le/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 102400 # 100 GB -main_bridge: br0 -max_mem_size: "{{ mem_size }}" -mem_size: 8192 # 8 GB -num_cpus: 2 -virt_install_command: "{{ virt_install_command_ppc64le_one_nic_unsafe }}" -volgroup: /dev/vg_guests - -# setup access to workers -ipa_server: ipa01.iad2.fedoraproject.org -ipa_host_group: osbuild -ipa_host_group_desc: osbuild Build vms -primary_auth_source: ipa -ipa_client_shell_groups: - - sysadmin-osbuild - - sysadmin-releng -ipa_client_sudo_groups: - - sysadmin-osbuild - - sysadmin-releng - -# osbuild worker variables -osbuild_worker_server_hostname: "api.openshift.com" -osbuild_worker_server_api_base_path: "/api/image-builder-worker/v1" -osbuild_worker_authentication_oauth_url: "https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token" -osbuild_worker_authentication_client_id: "ab28d581-164e-42ec-99d9-dff8e2020a51" -# the secret is turned into file in the playbook -osbuild_worker_authentication_client_secret: "{{ osbuild_worker_client_secret }}" -osbuild_worker_koji_instances: - - koji_host: "koji.fedoraproject.org" - krb_principal: "osbuild-automation-bot@FEDORAPROJECT.ORG" - krb_keytab_file: "{{ private }}/files/osbuild/worker_koji.keytab" - -notes: | - This group of VMs builds OS images via Koji using image builder for ppc64le architecture. - * Relies on koji-hub and image-builder-api (external). - * Produces automated builds of OS images for the architecture listed. Wokers can be scaled by adding new - virtual instances diff --git a/inventory/group_vars/buildvm_osbuild_ppc64le_staging b/inventory/group_vars/buildvm_osbuild_ppc64le_staging deleted file mode 100644 index 70d3791928..0000000000 --- a/inventory/group_vars/buildvm_osbuild_ppc64le_staging +++ /dev/null @@ -1,46 +0,0 @@ -# common variables for osbuild workers (staging) -datacenter: iad2 -dns: 10.3.163.33 -dns_search1: iad2.fedoraproject.org -dns_search2: fedoraproject.org -eth0_ipv4_gw: 10.3.171.254 -external: false -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/39/Server/ppc64le/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 102400 # 100 GB -main_bridge: br0 -max_mem_size: "{{ mem_size }}" -mem_size: 4096 # 4 GB -num_cpus: 2 -virt_install_command: "{{ virt_install_command_ppc64le_one_nic_unsafe }}" -volgroup: /dev/vg_guests - -# setup access to workers -ipa_server: ipa01.iad2.fedoraproject.org -ipa_host_group: osbuild -ipa_host_group_desc: osbuild Build vms -primary_auth_source: ipa -ipa_client_shell_groups: - - sysadmin-osbuild - - sysadmin-releng -ipa_client_sudo_groups: - - sysadmin-osbuild - - sysadmin-releng - -# osbuild worker variables -osbuild_worker_server_hostname: "api.stage.openshift.com" -osbuild_worker_server_api_base_path: "/api/image-builder-worker/v1" -osbuild_worker_authentication_oauth_url: "https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token" -osbuild_worker_authentication_client_id: "07120c6c-fd31-4735-bb2f-891439b0bf41" -# the secret is turned into file in the playbook -osbuild_worker_authentication_client_secret: "{{ osbuild_worker_stg_client_secret }}" -osbuild_worker_koji_instances: - - koji_host: "koji.stg.fedoraproject.org" - krb_principal: "osbuild-automation-bot@STG.FEDORAPROJECT.ORG" - krb_keytab_file: "{{ private }}/files/osbuild/worker_stg_koji.keytab" - -notes: | - This group of VMs builds OS images via Koji (staging) using image builder for ppc64le architecture. - * Relies on koji-hub and image-builder-api (external). - * Produces automated builds of OS images for the architecture listed. Wokers can be scaled by adding new - virtual instances diff --git a/inventory/group_vars/buildvm_ppc64le b/inventory/group_vars/buildvm_ppc64le deleted file mode 100644 index f15815b404..0000000000 --- a/inventory/group_vars/buildvm_ppc64le +++ /dev/null @@ -1,36 +0,0 @@ -# common items for the buildvm-* koji builders -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should ovveride them with specific info. -datacenter: iad2 -dns: 10.3.163.33 -eth0_ipv4_gw: 10.3.171.254 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -host_group: kojibuilder -ipa_server: ipa01.iad2.fedoraproject.org -koji_hub_nfs: "fedora_koji" -koji_instance: "primary" -koji_server_url: "https://koji.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.fedoraproject.org/" -koji_weburl: "https://koji.fedoraproject.org/koji" -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/41/Server/ppc64le/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 262144 -# -# The ppc virthosts have different bridge names for the main and nfs bridges. -# -main_bridge: br0 -max_mem_size: 20480 -mem_size: 20480 -num_cpus: 8 -virt_install_command: "{{ virt_install_command_ppc64le_one_nic_unsafe }}" - -volgroup: /dev/vg_virt_buildvm_ppc64le_iscsi - -notes: | - Koji service employs a set of virtual machines to build packages for the Fedora project. This group builds packages for ppcle architecture. - - * Relies on koji-hub, Packages, PkgDB, apache, fedora messaging, fas, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new - * virtual instances diff --git a/inventory/group_vars/buildvm_ppc64le_stg b/inventory/group_vars/buildvm_ppc64le_stg deleted file mode 100644 index 59609fbd35..0000000000 --- a/inventory/group_vars/buildvm_ppc64le_stg +++ /dev/null @@ -1,38 +0,0 @@ ---- -# common items for the buildvm-* koji builders -createrepo: True -datacenter: staging -dns: 10.3.163.33 -docker_registry: "candidate-registry.stg.fedoraproject.org" -eth0_ipv4_gw: 10.3.167.254 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -host_group: kojibuilder -koji_hub: "koji.stg.fedoraproject.org/kojihub" -koji_hub_nfs: "fedora_koji" -koji_instance: "primary" -koji_root: "koji.stg.fedoraproject.org/koji" -koji_server_url: "https://koji.stg.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.stg.fedoraproject.org/" -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should ovveride them with specific info. - -koji_weburl: "https://koji.stg.fedoraproject.org/koji" -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/41/Server/ppc64le/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 150000 -main_bridge: br0 -max_mem_size: "{{ mem_size }}" -mem_size: 10240 -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" -num_cpus: 4 -source_registry: "registry.stg.fedoraproject.org" -virt_install_command: "{{ virt_install_command_ppc64le_one_nic_unsafe }}" -volgroup: /dev/vg_guests - -notes: | - Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders (staging). - * VMs built on top of buildvmhost - * Relies on koji-hub, Packages, PkgDB, apache, fedora messaging, fas, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new diff --git a/inventory/group_vars/buildvm_s390x b/inventory/group_vars/buildvm_s390x deleted file mode 100644 index a233c7e63c..0000000000 --- a/inventory/group_vars/buildvm_s390x +++ /dev/null @@ -1,32 +0,0 @@ ---- -createrepo: False -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth0_ipv4_gw: 10.1.102.254 -external: false -has_ipv4: yes -host_group: kojibuilder -koji_hub_nfs: "fedora_koji" -koji_instance: "primary" -koji_server_url: "https://koji.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.fedoraproject.org/" -koji_weburl: "https://koji.fedoraproject.org/koji" -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/41/Server/s390x/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 128000 -main_bridge: br0 -mem_size: 25600 -num_cpus: 2 -varnish_group: s390kojipkgs -virt_install_command: "{{ virt_install_command_s390x_one_nic }}" -vmhost: bvmhost-s390x-01.s390.fedoraproject.org -volgroup: /dev/vg_guests - -notes: | - Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders. - * VMs built on top of a s390x LPAR - * Relies on koji-hub, Packages, PkgDB, apache, fedora messaging, fas, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new diff --git a/inventory/group_vars/buildvm_s390x_kvm b/inventory/group_vars/buildvm_s390x_kvm deleted file mode 100644 index f7e57a9d79..0000000000 --- a/inventory/group_vars/buildvm_s390x_kvm +++ /dev/null @@ -1,16 +0,0 @@ ---- -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth0_ipv4_gw: 10.16.0.254 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/41/Server/s390x/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 102400 -main_bridge: vmbr -max_mem_size: "{{ mem_size }}" -mem_size: 17408 -num_cpus: 3 -virt_install_command: "{{ virt_install_command_s390x_one_nic }}" -vmhost: buildvmhost-s390x-01.s390.fedoraproject.org -volgroup: /dev/fedora_linux_lpar_1 diff --git a/inventory/group_vars/buildvm_s390x_stg b/inventory/group_vars/buildvm_s390x_stg deleted file mode 100644 index cc82b54910..0000000000 --- a/inventory/group_vars/buildvm_s390x_stg +++ /dev/null @@ -1,18 +0,0 @@ ---- -createrepo: False -host_group: kojibuilder -koji_hub_nfs: "fedora_koji" -koji_server_url: "https://koji.stg.fedoraproject.org/kojihub" -koji_instance: "primary" -koji_topurl: "https://kojipkgs.stg.fedoraproject.org/" -koji_weburl: "https://koji.stg.fedoraproject.org/koji" -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/41/Server/s390x/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -virt_install_command: "{{ virt_install_command_s390x_one_nic_unsafe }}" - -notes: | - Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders. - * VMs built on top of a s390x LPAR - * Relies on koji-hub, Packages, PkgDB, apache, fedora messaging, fas, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new diff --git a/inventory/group_vars/buildvm_stg b/inventory/group_vars/buildvm_stg deleted file mode 100644 index ac766b92bc..0000000000 --- a/inventory/group_vars/buildvm_stg +++ /dev/null @@ -1,38 +0,0 @@ ---- -# common items for the buildvm-* koji builders -datacenter: iad2 -dns1: 10.3.163.33 -docker_registry: "candidate-registry.stg.fedoraproject.org" -eth0_ipv4_gw: 10.3.167.254 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -host_group: kojibuilder -ipa_server: ipa01.stg.iad2.fedoraproject.org -koji_hub: "koji.stg.fedoraproject.org/kojihub" -koji_hub_nfs: "fedora_koji" -koji_instance: "primary" -koji_root: "koji.stg.fedoraproject.org/koji" -koji_server_url: "https://koji.stg.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.stg.fedoraproject.org/" -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should ovveride them with specific info. - -koji_weburl: "https://koji.stg.fedoraproject.org/koji" -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 150000 -max_mem_size: "{{ mem_size }}" -mem_size: 10240 -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4" -num_cpus: 4 -resolvconf: "resolv.conf/iad2" -source_registry: "registry.fedoraproject.org" -virt_install_command: "{{ virt_install_command_one_nic_unsafe }}" -volgroup: /dev/vg_guests - -notes: | - Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders (staging). - * VMs built on top of buildvmhost - * Relies on koji-hub, Packages, PkgDB, apache, fedora messaging, fas, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new diff --git a/inventory/group_vars/buildvm_x86_riscv b/inventory/group_vars/buildvm_x86_riscv deleted file mode 100644 index 2620340822..0000000000 --- a/inventory/group_vars/buildvm_x86_riscv +++ /dev/null @@ -1,35 +0,0 @@ ---- -# common items for the buildvm-* koji builders -dns: 10.3.163.33 -eth0_ipv4_gw: 10.3.172.254 -external: false -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -host_group: kojibuilder -koji_hub: "riscv-koji.fedoraproject.org/kojihub" -koji_hub_nfs: "fedora_riscv_koji" -koji_instance: "secondary" -koji_root: "riscv-koji.fedoraproject.org/koji" -koji_server_url: "https://riscv-koji.fedoraproject.org/kojihub" -koji_topurl: "https://riscv-kojipkgs.fedoraproject.org/" -koji_weburl: "https://riscv-koji.fedoraproject.org/koji" -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 262144 -max_mem_size: "{{ mem_size }}" -mem_size: 15360 -nagios_Check_Services: - mail: false - nrpe: false - swap: false -num_cpus: 6 -virt_install_command: "{{ virt_install_command_one_nic_unsafe }}" -volgroup: /dev/vg_guests - -notes: | - Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders. - - * VMs built on top of buildvmhost - * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new diff --git a/inventory/group_vars/buildvmhost b/inventory/group_vars/buildvmhost deleted file mode 100644 index 5d4ef04aa5..0000000000 --- a/inventory/group_vars/buildvmhost +++ /dev/null @@ -1,15 +0,0 @@ ---- -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should ovveride them with specific info. -nested: True -nrpe_procs_crit: 1800 -nrpe_procs_warn: 1700 -virthost: true -nagios_Check_Services: - swap: false - -notes: | - Koji service employs a set of virtual machines to build packages for the Fedora project. This playbook is for the provisioning of a physical host for buildvm's. - * Relies on ansible, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Builder vm's are hosted on hosts created with this playbook. diff --git a/inventory/group_vars/busgateway b/inventory/group_vars/busgateway new file mode 100644 index 0000000000..e2415895e9 --- /dev/null +++ b/inventory/group_vars/busgateway @@ -0,0 +1,24 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 4096 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ + 3999, # The fedmsg-relay republishes here. Listeners need to connect. + 9941, # The fedmsg-relay listens here. Ephemeral producers connect. + 3998, # The fedmsg-relay listens here. VPN producers connect. + 9940, # The fedmsg-gateway republishes here. Proxies need to connect. + 9919, # The websocket server publishes here. Proxies need to connect. +] + +fas_client_groups: sysadmin-noc,sysadmin-datanommer + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin diff --git a/inventory/group_vars/busgateway-stg b/inventory/group_vars/busgateway-stg new file mode 100644 index 0000000000..a52f947b2e --- /dev/null +++ b/inventory/group_vars/busgateway-stg @@ -0,0 +1,23 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 1 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ + 3999, # The fedmsg-relay republishes here. Listeners need to connect. + 9941, # The fedmsg-relay listens here. Ephemeral producers connect. + 9940, # The fedmsg-gateway republishes here. Proxies need to connect. + 9919, # The websocket server publishes here. Proxies need to connect. +] + +fas_client_groups: sysadmin-noc,sysadmin-datanommer + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin diff --git a/inventory/group_vars/bvirthost b/inventory/group_vars/bvirthost index f2055e5cfe..d7aff060d9 100644 --- a/inventory/group_vars/bvirthost +++ b/inventory/group_vars/bvirthost @@ -1,7 +1,2 @@ --- -nagios_Check_Services: - swap: false -nested: true -nrpe_procs_crit: 1500 -nrpe_procs_warn: 1400 virthost: true diff --git a/inventory/group_vars/certgetter b/inventory/group_vars/certgetter deleted file mode 100644 index e07c67809f..0000000000 --- a/inventory/group_vars/certgetter +++ /dev/null @@ -1,14 +0,0 @@ ---- -# Define resources for this group of hosts here. -# Neeed for rsync from log01 for logs. -custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'] -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept' -lvm_size: 20000 -mem_size: 2048 -num_cpus: 2 -primary_auth_source: ipa -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [80, 443] diff --git a/inventory/group_vars/certgetter_stg b/inventory/group_vars/certgetter_stg deleted file mode 100644 index e573af21a8..0000000000 --- a/inventory/group_vars/certgetter_stg +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Define resources for this group of hosts here. -# Neeed for rsync from log01 for logs. -custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'] -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept' -lvm_size: 20000 -mem_size: 2048 -num_cpus: 2 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [80, 443] diff --git a/inventory/group_vars/checkcompose b/inventory/group_vars/checkcompose deleted file mode 100644 index 58b887763a..0000000000 --- a/inventory/group_vars/checkcompose +++ /dev/null @@ -1,15 +0,0 @@ -# This var should never be set for more than one machine -checkcompose_prod: true - -# The checkcompose settings below cause system(s) in this group to -# send out check-compose reports. This could cause duplicate reports -# if additional systems were added to this group. -checkcompose_emailfrom: rawhide@fedoraproject.org -checkcompose_emailto: "test-reports@lists.fedoraproject.org" -checkcompose_smtp: bastion.iad2.fedoraproject.org -checkcompose_subvariant_emails: - BaseOS: - error: ["yselkowitz@redhat.com", "aavraham@redhat.com"] - -checkcompose_greenwaveurl: https://greenwave.fedoraproject.org -checkcompose_url: "https://{{ external_hostname }}" diff --git a/inventory/group_vars/checkcompose_common b/inventory/group_vars/checkcompose_common deleted file mode 100644 index 788cbb3a0e..0000000000 --- a/inventory/group_vars/checkcompose_common +++ /dev/null @@ -1,24 +0,0 @@ -# we need this for our fedora-messaging consumer as it is not allowed -# to create queues on the infra AMQP broker, by broker config -checkcompose_amqp_passive: true - -# fedora-messaging email error reporting settings -checkcompose_amqp_mailto: ["adamwill@fedoraproject.org", "lruzicka@fedoraproject.org"] -checkcompose_amqp_smtp: bastion - -# fedora-messaging compose report sender settings -# we use the openQA rabbitmq account for this role as they run -# on the same server and it's convenient. this means it's also -# safe and appropriate to use variables defined in the openqa -# group_vars. if we ever split the roles up we will have to create -# a separate account with separate creds -checkcompose_amqp_username: "{{ openqa_amqp_this_username }}" -checkcompose_amqp_url: "{{ openqa_amqp_this_url }}" -checkcompose_amqp_cacert: "{{ openqa_amqp_this_cacertfile }}" -checkcompose_amqp_cert: "{{ openqa_amqp_this_certfile }}" -checkcompose_amqp_key: "{{ openqa_amqp_this_keyfile }}" -checkcompose_amqp_queue: "{{ checkcompose_amqp_username }}_checkcomp" -checkcompose_amqp_routing_keys: ["org.fedoraproject.{{ deployment_type }}.openqa.job.done"] - -checkcompose_env: "{{ openqa_env }}" -checkcompose_env_suffix: "{{ openqa_env_suffix }}" diff --git a/inventory/group_vars/checkcompose_stg b/inventory/group_vars/checkcompose_stg deleted file mode 100644 index 19a8f1a62c..0000000000 --- a/inventory/group_vars/checkcompose_stg +++ /dev/null @@ -1,3 +0,0 @@ -checkcompose_greenwaveurl: https://greenwave-web-greenwave.apps.ocp.stg.fedoraproject.org -checkcompose_prod: false -checkcompose_url: "https://{{ external_hostname }}" diff --git a/inventory/group_vars/cloud b/inventory/group_vars/cloud deleted file mode 100644 index 0caa1ef1f2..0000000000 --- a/inventory/group_vars/cloud +++ /dev/null @@ -1,6 +0,0 @@ ---- -datacenter: cloud -nagios_Check_Services: - mail: false - nrpe: false - swap: false diff --git a/inventory/group_vars/cloud_aws b/inventory/group_vars/cloud_aws deleted file mode 100644 index 260134bb25..0000000000 --- a/inventory/group_vars/cloud_aws +++ /dev/null @@ -1,18 +0,0 @@ -# For Fedora instances, we want to ssh as 'fedora', not as 'root' -#ansible_ssh_user: fedora -#ansible_become: true -#ansible_become_user: root -#ansible_become_method: sudo - -# Disable ethX ifcfg, let amazon handle these via DHCP. -datacenter: aws -nagios_Check_Services: - dhcpd: false - httpd: false - mail: false - named: false - nrpe: false - ping: false - raid: false - sshd: false - swap: false diff --git a/inventory/group_vars/cloud_hardware b/inventory/group_vars/cloud_hardware deleted file mode 100644 index f4b234ea16..0000000000 --- a/inventory/group_vars/cloud_hardware +++ /dev/null @@ -1,7 +0,0 @@ ---- -collectd_apache: false -freezes: false -nagios_Check_Services: - nrpe: true - swap: true -use_default_epel: false diff --git a/inventory/group_vars/colo_virt b/inventory/group_vars/colo_virt deleted file mode 100644 index 3e69a1fba4..0000000000 --- a/inventory/group_vars/colo_virt +++ /dev/null @@ -1,7 +0,0 @@ ---- -dns1: 8.8.8.8 -dns2: 8.8.4.4 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -virthost: true -vpn: true diff --git a/inventory/group_vars/copr_all_instances_aws b/inventory/group_vars/copr_all_instances_aws deleted file mode 100644 index 1c3b1c3cf6..0000000000 --- a/inventory/group_vars/copr_all_instances_aws +++ /dev/null @@ -1,16 +0,0 @@ -# Put here configuration for all copr instances (production, devel, ...) ---- -postfix_group: copr -postfix_maincf: postfix/main.cf/main.cf.copr_smtp_auth_relay -#TODO: tamplatize main.cf -smtp_auth_relay_host: smtp-auth-cc-rdu01.fedoraproject.org -smtp_auth_relay_user: copr@fedoraproject.org -smtp_auth_relay_password: "{{ copr_smtp_password }}" - -additional_known_hosts_cleanup: - copr-be-dev.aws.fedoraproject.org: - - copr-be-dev-temp.aws.fedoraproject.org - copr-be.aws.fedoraproject.org: - - copr-be-temp.aws.fedoraproject.org - -aws_ipv6_con: "cloud-init ens5" diff --git a/inventory/group_vars/copr_aws b/inventory/group_vars/copr_aws deleted file mode 100644 index d76a64d82d..0000000000 --- a/inventory/group_vars/copr_aws +++ /dev/null @@ -1,208 +0,0 @@ ---- -_forward_src: "forward" -aws_arch_subnets: - # Your requested instance type (a1.xlarge) is not supported in your requested Availability Zone (us-east-1a). - # Your requested instance type (a1.xlarge) is not supported in your requested Availability Zone (us-east-1d). - # Your requested instance type (a1.xlarge) is not supported in your requested Availability Zone (us-east-1f). - aarch64: - - subnet-0995f6a466849f4c3 - - subnet-08cadf5a14b530ac4 - - subnet-07b0b3168a353e3ee - x86_64: - - subnet-0995f6a466849f4c3 - - subnet-08cadf5a14b530ac4 - - subnet-07b0b3168a353e3ee - - subnet-09c74a3e6420a206b - - subnet-01d4e967ab5e78005 - - subnet-05437ac82d63b6ef5 -backend_base_url: "https://download.copr.fedorainfracloud.org" -builders: - # max|spawn_concurrently|prealloc - aws: - aarch64: [8, 2, 2] - x86_64: [20, 4, 1] - aws_spot: - aarch64: [30, 4, 3] - x86_64: [70, 8, 8] - ppc64le_hypervisor_01: - ppc64le: [15, 4, 15] - # There's the ppc64le-test machine, so keep 2 builders less. - ppc64le_hypervisor_02: - ppc64le: [13, 4, 13] - p09_hypervisor_01: - ppc64le: [31, 5, 31] - x86_hypervisor_01: - x86_64: [20, 4, 20] - x86_hypervisor_02: - x86_64: [20, 4, 20] - x86_hypervisor_03: - x86_64: [20, 4, 20] - x86_hypervisor_04: - x86_64: [20, 4, 20] - - ibm_cloud_us_east_hp: - s390x: [2, 1, 0] - - ibm_cloud_br_sao_1: - s390x: [3, 1, 1] - ibm_cloud_br_sao_2: - s390x: [3, 1, 1] - ibm_cloud_br_sao_3: - s390x: [3, 1, 1] - - ibm_cloud_eu_es_1: - s390x: [3, 1, 1] - ibm_cloud_eu_es_2: - s390x: [3, 1, 1] - ibm_cloud_eu_es_3: - s390x: [3, 1, 1] - -cloud_instance_types: - ibm_cloud: - s390x: mz2-2x16 - s390x_hp: bz2-16x64 - -ibm_cloud_regions: - eu_es: - name: eu-es - name_humans: Madrid, Spain - ssh_key: r050-cbd10ece-a28f-45c8-bc3a-15ecb9ff66d5 - vpc: r050-190b8bac-3bae-47cf-9be7-ac70fc54ccb9 - security_group: r050-cfc3db07-8cde-4807-9756-db91b242092a - images: "{{ copr_builder_images.ibm_cloud.eu_es }}" - br_sao: - name: br-sao - name_humans: Sao Paulo, Brazil - ssh_key: r042-4fb65a23-e7bd-440f-8d71-ff57b83a4152 - vpc: r042-c902f12d-556f-4334-95cb-d181ebb3d8ba - security_group: r042-22ef3881-fa20-4caa-9873-c8dc41c5dcb7 - images: "{{ copr_builder_images.ibm_cloud.br_sao }}" - -resalloc_pools: - - ibm_us_east: - images: "{{ copr_builder_images.ibm_cloud.us_east }}" - subnets: - - us-east-1:0757-df8209fd-e4e4-4659-bcca-b60c9eddfb35 - - us-east-2:0767-4cb7e11d-14db-48a8-9d1d-c59679112cd5 - - us-east-3:0777-bc697f15-4f13-4843-b338-d8950e3d23c0 - ssh_key: r014-fc1c1b90-5a7f-4cc6-a6d4-b273bd19be99 - vpc: r014-e90f14b0-a9c0-4c0b-bc81-207904b2d19e - security_group: r014-941706bd-062c-4d4c-9512-9a31b8f257d7 - - ibm_eu_es_1: - zone: eu-es-1 - subnet: 02w7-84eded83-3077-44c3-a84c-90c7afb7ff4f - region_config: "{{ ibm_cloud_regions.eu_es }}" - floating_ips: - - r050-957fb229-4001-426c-b03b-9ec73fbcfc01 - - r050-b395c059-8407-4b7a-bc31-332f1de0a8c7 - - r050-2e71b2bd-66a5-4c76-a158-cce17471dadd - - ibm_eu_es_2: - zone: eu-es-2 - subnet: 02x7-05de0643-b257-4500-9a14-648421b16738 - region_config: "{{ ibm_cloud_regions.eu_es }}" - floating_ips: - - r050-f0791af4-128d-48bb-8a3d-fad718003062 - - r050-350e120d-b91f-41aa-b600-66c63182fc66 - - r050-633ebce4-4e3b-4367-8c15-2c014ff39869 - - ibm_eu_es_3: - zone: eu-es-3 - subnet: 02y7-e32873a0-ad98-44d5-b49d-da49f731a914 - region_config: "{{ ibm_cloud_regions.eu_es }}" - floating_ips: - - r050-6390c1bf-a057-4c9c-b0ae-ac2b0ed591a7 - - r050-dca6a5f9-6fe0-4d1c-9217-3fd4357bf55d - - r050-5d7d0f7e-5fc0-4a45-8efd-09cf819ee00a - - ibm_br_sao_1: - zone: br-sao-1 - subnet: 02t7-1c0b186a-ca5e-44ea-bf2c-ca2f3122a9ff - region_config: "{{ ibm_cloud_regions.br_sao }}" - floating_ips: - - r042-c409079e-f2a2-44ff-a993-b09f21148296 - - r042-4196a36b-5fb5-462f-8f98-46d1320fb1d1 - - r042-f2724485-478e-4059-bf57-cc485aade9f5 - - ibm_br_sao_2: - zone: br-sao-2 - subnet: 02u7-75fa6c55-b65a-4d38-a011-15559c7171ce - region_config: "{{ ibm_cloud_regions.br_sao }}" - floating_ips: - - r042-b66c2a71-71e0-4120-a05b-662b02ebb357 - - r042-9e75ba4e-8005-4f36-9e4f-462ab0c93f7c - - r042-54f648f6-a5f8-4535-8b16-ef76743e7937 - - ibm_br_sao_3: - zone: br-sao-3 - subnet: 02v7-439195e6-2df0-4720-9696-76d0a63c352d - region_config: "{{ ibm_cloud_regions.br_sao }}" - floating_ips: - - r042-03e04fbd-04f4-48ad-826e-48c0c41beeff - - r042-0ebc5298-857c-4832-9ece-016baf74cdd0 - - r042-082eba49-2952-43a3-be23-ac202ad847fc - -copr_aws_region: us-east-1 -# don't forget to update ip in ./copr-keygen, due to custom firewall rules - -# eth0, eth1 -copr_backend_ips: ["52.44.175.77", "172.30.2.145"] - -copr_builder_fedora_version: 42 - -copr_builder_images: - aws: - # WARNING: when changing, always remove images N-2 and older - # n-1: aarch64: ami-0c3217e2af416bf2d - # n-1: x86_64: ami-0c430e4bc139d93ec - aarch64: ami-0b12d7f04cd8eb605 - x86_64: ami-0b230bd6612b2f249 - hypervisor: - # n-1: ppc64le: copr-builder-ppc64le-20241119_171239 - # n-1: x86_64: copr-builder-x86_64-20241119_172236 - ppc64le: copr-builder-ppc64le-20250604_082355 - x86_64: copr-builder-x86_64-20250522_185837 - ibm_cloud: - br_sao: # São Paulo - # n-1: s390x: r042-5e105a96-4a84-4c07-950b-9fd12d58c8a2 - s390x: r042-9060a649-d463-470b-ad1b-cb5243352117 - eu_es: # Madrid - # n-1: s390x: r050-053cfdb8-52eb-486d-b8b3-bc9cba2fbe56 - s390x: r050-eacdf1fc-ed2b-4994-a80d-12cdead6e6f1 - us_east: # Washington - # n-1: s390x: r014-9ba4feec-ce45-4401-acea-f123114685b5 - s390x: r014-c153ec34-99d1-4dc1-bc75-5724606e9ee9 - osuosl: - # n-1: ppc64le: copr-builder-ppc64le-20241119_171239 - ppc64le: copr-builder-ppc64le-20250604_082355 - -copr_messaging: true -datacenter: aws -devel: false -dist_git_base_url: "copr-dist-git.fedorainfracloud.org" -frontend_base_url: "https://copr.fedorainfracloud.org" -keygen_host: "54.83.48.73" -rpm_vendor_copr_name: Fedora Copr -root_auth_users: msuchy frostyx praiskup nikromen - -aws_cloudfront_distribution: E2PUZIRCXCOXTG - -nrpe_client_uid: 500 - -rsnapshot_push: - server_host: storinator01.rdu-cc.fedoraproject.org - backup_dir: /srv/nfs/copr-be - cases: - copr-be-copr-user: - user: copr - rsync_args: -H --relative /var/lib/copr/public_html --info=progress2 - command: rsnapshot_copr_backend - timing_plan: copr_be - # copr-backend's copr/resalloc pubkey - ssh_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCeTO0ddXuhDZYM9HyM0a47aeV2yIVWhTpddrQ7/RAIs99XyrsicQLABzmdMBfiZnP0FnHBF/e+2xEkT8hHJpX6bX81jjvs2bb8KP18Nh8vaXI3QospWrRygpu1tjzqZT0Llh4ZVFscum8TrMw4VWXclzdDw6x7csCBjSttqq8F3iTJtQ9XM9/5tCAAOzGBKJrsGKV1CNIrfUo5CSzY+IUVIr8XJ93IB2ZQVASK34T/49egmrWlNB32fqAbDMC+XNmobgn6gO33Yq5Ly7Dk4kqTUx2TEaqDkZfhsVu0YcwV81bmqsltRvpj6bIXrEoMeav7nbuqKcPLTxWEY/2icePF" - -deployment_type: prod - -pulp_content_url: "https://console.redhat.com/api/pulp-content/public-copr/" diff --git a/inventory/group_vars/copr_back_aws b/inventory/group_vars/copr_back_aws deleted file mode 100644 index ade4ed605f..0000000000 --- a/inventory/group_vars/copr_back_aws +++ /dev/null @@ -1,59 +0,0 @@ ---- -copr_machine_type: backend - -# what is the main backend service name -copr_backend_target: copr-backend.target - -# Copr vars -copr_hostbase: copr-be -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should override them with specific info. -description: copr dispatcher and repo server -do_sign: "true" -host_backup_targets: ['/var/lib/copr/public_html/results'] - -# consumed by roles/copr/certbot -letsencrypt: - certificates: - copr-be.cloud.fedoraproject.org: - challenge_dir: /var/lib/copr/public_html - domains: - - copr-be.cloud.fedoraproject.org - mail: coprteam@fedoraproject.org - - predefined_deploy_script: lighttpd - -# consumed by roles/messaging/base -messaging: - certificates: - - app_name: Copr build system - key: copr - username: copr - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.copr\..* - -nrpe_procs_crit: 2500 -nrpe_procs_warn: 2200 - -tcp_ports: [ - 22, 80, 443, - # node_exporter/prometheus - 9100, -] -services_disabled: false - -aws_ipv6_addr: "2600:1f18:8ee:ae00:d553:8ed5:d8b6:9f83/128" - -copr_backend_data_raid10_volumes: - - nvme-Amazon_Elastic_Block_Store_vol017b9ff832cb0fd97-part1 - - nvme-Amazon_Elastic_Block_Store_vol0188cd4fedb1e7c78-part1 - - nvme-Amazon_Elastic_Block_Store_vol025a19c2330fca7cd-part1 - - nvme-Amazon_Elastic_Block_Store_vol0e809c6ef1c11f2c9-part1 - -copr_backend_data_2_raid1_volumes: - - nvme-Amazon_Elastic_Block_Store_vol0f226a7163d28d8fd-part1 - - nvme-Amazon_Elastic_Block_Store_vol07293869d85a750b8-part1 - -notes: | - Provide the backend for copr (3rd party packages) - * Backend: Management of copr cloud infrastructure (OpenStack). - * Small frontend with copr's public stats diff --git a/inventory/group_vars/copr_back_dev_aws b/inventory/group_vars/copr_back_dev_aws deleted file mode 100644 index e6b8d38f34..0000000000 --- a/inventory/group_vars/copr_back_dev_aws +++ /dev/null @@ -1,54 +0,0 @@ ---- -copr_machine_type: backend - -_copr_be_conf: copr-be.conf-dev -# what is the main backend service name -copr_backend_target: copr-backend.target - -# Copr vars -copr_hostbase: copr-be-dev -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should override them with specific info. -description: copr dispatcher and repo server - dev instance -do_sign: "true" -# consumed by roles/copr/certbot -letsencrypt: - certificates: - copr-be-dev.cloud.fedoraproject.org: - challenge_dir: /var/lib/copr/public_html - domains: - - copr-be-dev.cloud.fedoraproject.org - mail: coprteam@fedoraproject.org - - predefined_deploy_script: lighttpd - -# consumed by roles/messaging/base -messaging: - certificates: - - app_name: Copr build system - key: copr - username: copr - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.copr\..* - -tcp_ports: [ - 22, 80, 443, - # node_exporter/prometheus - 9100, -] -services_disabled: false - -aws_ipv6_addr: "2600:1f18:8ee:ae00:6c8c:e094:1c5b:c2f9/128" - -copr_backend_data_raid10_volumes: - - nvme-Amazon_Elastic_Block_Store_vol00ee3a18d4b88bd2d-part1 - - nvme-Amazon_Elastic_Block_Store_vol01d7d16e5e447b3c4-part1 - - nvme-Amazon_Elastic_Block_Store_vol0860700f1b82314b5-part1 - - nvme-Amazon_Elastic_Block_Store_vol0ea433a88aef9c644-part1 - -copr_backend_data_2_raid1_volumes: - - nvme-Amazon_Elastic_Block_Store_vol0ce8220e998e2e32a-part1 - - nvme-Amazon_Elastic_Block_Store_vol0038e042c49987b82-part1 - -notes: | - Provide the testing environment of copr's backend - This host is the testing environment for the cloud infrastructure of copr's backend diff --git a/inventory/group_vars/copr_db_all b/inventory/group_vars/copr_db_all deleted file mode 100644 index 99edb1b097..0000000000 --- a/inventory/group_vars/copr_db_all +++ /dev/null @@ -1,6 +0,0 @@ ---- -tcp_ports: [22, 5432] - -notes: | - Provide the testing environment of copr's db - This host is the testing environment for copr's database diff --git a/inventory/group_vars/copr_dev_aws b/inventory/group_vars/copr_dev_aws deleted file mode 100644 index 5db3256160..0000000000 --- a/inventory/group_vars/copr_dev_aws +++ /dev/null @@ -1,174 +0,0 @@ ---- -env: staging - -_forward_src: "forward_dev" -aws_arch_subnets: - # Your requested instance type (a1.xlarge) is not supported in your requested Availability Zone (us-east-1a). - # Your requested instance type (a1.xlarge) is not supported in your requested Availability Zone (us-east-1d). - # Your requested instance type (a1.xlarge) is not supported in your requested Availability Zone (us-east-1f). - aarch64: - - subnet-0995f6a466849f4c3 - - subnet-08cadf5a14b530ac4 - - subnet-07b0b3168a353e3ee - x86_64: - - subnet-0995f6a466849f4c3 - - subnet-08cadf5a14b530ac4 - - subnet-07b0b3168a353e3ee - - subnet-09c74a3e6420a206b - - subnet-01d4e967ab5e78005 - - subnet-05437ac82d63b6ef5 -backend_base_url: "https://download.copr-dev.fedorainfracloud.org" - -builders: - # max|spawn_concurrently|prealloc - aws: - aarch64: [2, 0, 0] - x86_64: [4, 0, 0] - aws_spot: - aarch64: [5, 1, 1] - x86_64: [5, 1, 1] - ppc64le_hypervisor_01: - ppc64le: [2, 1, 1] - ppc64le_hypervisor_02: - ppc64le: [2, 1, 1] - p09_hypervisor_01: - ppc64le: [2, 1, 1] - x86_hypervisor_01: - x86_64: [2, 1, 1] - x86_hypervisor_02: - x86_64: [2, 1, 1] - x86_hypervisor_03: - x86_64: [2, 1, 1] - x86_hypervisor_04: - x86_64: [2, 1, 1] - - ibm_cloud_us_east_hp: - s390x: [1, 1, 0] - - ibm_cloud_br_sao_1: - s390x: [1, 1, 0] - ibm_cloud_br_sao_2: - s390x: [1, 1, 0] - ibm_cloud_br_sao_3: - s390x: [1, 1, 0] - - ibm_cloud_eu_es_1: - s390x: [1, 1, 0] - ibm_cloud_eu_es_2: - s390x: [1, 1, 0] - ibm_cloud_eu_es_3: - s390x: [1, 1, 0] - -cloud_instance_types: - ibm_cloud: - s390x: mz2-2x16 - s390x_hp: bz2-16x64 - -ibm_cloud_regions: - eu_es: - name: eu-es - name_humans: Madrid, Spain - ssh_key: r050-cbd10ece-a28f-45c8-bc3a-15ecb9ff66d5 - vpc: r050-190b8bac-3bae-47cf-9be7-ac70fc54ccb9 - security_group: r050-cfc3db07-8cde-4807-9756-db91b242092a - images: "{{ copr_builder_images.ibm_cloud.eu_es }}" - br_sao: - name: br-sao - name_humans: Sao Paulo, Brazil - ssh_key: r042-4fb65a23-e7bd-440f-8d71-ff57b83a4152 - vpc: r042-c902f12d-556f-4334-95cb-d181ebb3d8ba - security_group: r042-22ef3881-fa20-4caa-9873-c8dc41c5dcb7 - images: "{{ copr_builder_images.ibm_cloud.br_sao }}" - -resalloc_pools: - ibm_us_east: - images: "{{ copr_builder_images.ibm_cloud.us_east }}" - subnets: - - us-east-1:0757-df8209fd-e4e4-4659-bcca-b60c9eddfb35 - - us-east-2:0767-4cb7e11d-14db-48a8-9d1d-c59679112cd5 - - us-east-3:0777-bc697f15-4f13-4843-b338-d8950e3d23c0 - ssh_key: r014-fc1c1b90-5a7f-4cc6-a6d4-b273bd19be99 - vpc: r014-e90f14b0-a9c0-4c0b-bc81-207904b2d19e - security_group: r014-941706bd-062c-4d4c-9512-9a31b8f257d7 - - ibm_eu_es_1: - zone: eu-es-1 - subnet: 02w7-84eded83-3077-44c3-a84c-90c7afb7ff4f - region_config: "{{ ibm_cloud_regions.eu_es }}" - floating_ips: - - r050-c7f0c426-6842-4a68-91ca-72faf38d1fca - - ibm_eu_es_2: - zone: eu-es-2 - subnet: 02x7-05de0643-b257-4500-9a14-648421b16738 - region_config: "{{ ibm_cloud_regions.eu_es }}" - floating_ips: - - r050-97186457-f797-4d90-82bb-7f363453edb9 - - ibm_eu_es_3: - zone: eu-es-3 - subnet: 02y7-e32873a0-ad98-44d5-b49d-da49f731a914 - region_config: "{{ ibm_cloud_regions.eu_es }}" - floating_ips: - - r050-5c361f73-2663-406f-96c9-5274552e3206 - - ibm_br_sao_1: - zone: br-sao-1 - subnet: 02t7-1c0b186a-ca5e-44ea-bf2c-ca2f3122a9ff - region_config: "{{ ibm_cloud_regions.br_sao }}" - floating_ips: - - r042-ac2bf299-90e4-4804-91a1-f0a4168abdd0 - - ibm_br_sao_2: - zone: br-sao-2 - subnet: 02u7-75fa6c55-b65a-4d38-a011-15559c7171ce - region_config: "{{ ibm_cloud_regions.br_sao }}" - floating_ips: - - r042-b58c7ed2-8552-4310-bfcf-a5dbef36cdd5 - - ibm_br_sao_3: - zone: br-sao-3 - subnet: 02v7-439195e6-2df0-4720-9696-76d0a63c352d - region_config: "{{ ibm_cloud_regions.br_sao }}" - floating_ips: - - r042-e97d42a1-dede-4b4b-b663-c6fcef8a7a2b - -copr_aws_region: us-east-1 -# don't forget to update ip in ./copr-keygen-stg, due to custom firewall rules - -# eth0, eth1 -copr_backend_ips: ["18.208.10.131", "172.30.2.173"] - -copr_builder_fedora_version: 41 - -copr_builder_images: - aws: - aarch64: ami-0b12d7f04cd8eb605 - x86_64: ami-0b230bd6612b2f249 - hypervisor: - ppc64le: copr-builder-ppc64le-20250604_082355 - x86_64: copr-builder-x86_64-20250522_185837 - ibm_cloud: - br_sao: # São Paulo - s390x: r042-9060a649-d463-470b-ad1b-cb5243352117 - eu_es: # Madrid - s390x: r050-eacdf1fc-ed2b-4994-a80d-12cdead6e6f1 - us_east: # Washington - s390x: r014-c153ec34-99d1-4dc1-bc75-5724606e9ee9 - osuosl: - ppc64le: copr-builder-ppc64le-20250604_082355 - -copr_messaging: true -datacenter: aws -devel: true -dist_git_base_url: "copr-dist-git-dev.fedorainfracloud.org" -frontend_base_url: "https://copr.stg.fedoraproject.org" -keygen_host: "54.225.23.248" -rpm_vendor_copr_name: Fedora Copr (devel) -root_auth_users: msuchy frostyx praiskup nikromen - -aws_cloudfront_distribution: EX55ITR8LVMOH - -nrpe_client_uid: 500 - -pulp_content_url: "https://console.redhat.com/api/pulp-content/public-copr-stage/" diff --git a/inventory/group_vars/copr_dist_git_aws b/inventory/group_vars/copr_dist_git_aws deleted file mode 100644 index 0a90ee2dba..0000000000 --- a/inventory/group_vars/copr_dist_git_aws +++ /dev/null @@ -1,20 +0,0 @@ ---- -copr_machine_type: distgit - -freezes: false -# consumed by roles/copr/certbot -letsencrypt: - certificates: - copr-dist-git.fedorainfracloud.org: - challenge_dir: /var/www/html - domains: - - copr-dist-git.fedorainfracloud.org - mail: copr-devel@lists.fedorahosted.org - predefined_deploy_script: httpd -tcp_ports: [22, 80, 443, - # node_exporter/prometheus - 9100, -] -services_disabled: false - -aws_ipv6_addr: "2600:1f18:8ee:ae00:41cc:53dc:b87b:2d8c/128" diff --git a/inventory/group_vars/copr_dist_git_dev_aws b/inventory/group_vars/copr_dist_git_dev_aws deleted file mode 100644 index ffc4e5437c..0000000000 --- a/inventory/group_vars/copr_dist_git_dev_aws +++ /dev/null @@ -1,21 +0,0 @@ ---- -copr_machine_type: distgit - -devel: true -freezes: false -# consumed by roles/copr/certbot -letsencrypt: - certificates: - copr-dist-git-dev.fedorainfracloud.org: - challenge_dir: /var/www/html - domains: - - copr-dist-git-dev.fedorainfracloud.org - mail: copr-devel@lists.fedorahosted.org - predefined_deploy_script: httpd -tcp_ports: [22, 80, 443, - # node_exporter/prometheus - 9100, -] -services_disabled: false - -aws_ipv6_addr: "2600:1f18:8ee:ae00:691b:4103:dbcd:a64a/128" diff --git a/inventory/group_vars/copr_front_aws b/inventory/group_vars/copr_front_aws deleted file mode 100644 index f9e29f5545..0000000000 --- a/inventory/group_vars/copr_front_aws +++ /dev/null @@ -1,33 +0,0 @@ ---- -copr_machine_type: frontend - -copr_fe_homedir: /usr/share/copr/coprs_frontend -copr_frontend_public_hostname: "copr.fedorainfracloud.org" -copr_kerberos_auth_enabled: true -copr_messaging_queue: "a9b74258-21c6-4e79-ba65-9e858dc84a2b" -copr_pagure_events: - io.pagure.prod.pagure: "https://pagure.io/" - org.fedoraproject.prod.pagure: "https://src.fedoraproject.org/" -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should override them with specific info. -# consumed by roles/copr/certbot -letsencrypt: - certificates: - copr.fedorainfracloud.org: - challenge_dir: /var/www/html - domains: - - copr.fedorainfracloud.org - mail: copr-devel@lists.fedorahosted.org - predefined_deploy_script: httpd -tcp_ports: [22, 80, 443, - # node_exporter/prometheus - 9100, -] -services_disabled: false - -aws_ipv6_addr: "2600:1f18:8ee:ae00:9d1f:4737:93ce:6db/128" - -notes: | - Provide a publicly accessible frontend for 3rd party packages (copr) - This host provides the frontend part of copr only. - It's the point of contact between end users and the copr build system (backend, package singer) diff --git a/inventory/group_vars/copr_front_dev_aws b/inventory/group_vars/copr_front_dev_aws deleted file mode 100644 index afdd836455..0000000000 --- a/inventory/group_vars/copr_front_dev_aws +++ /dev/null @@ -1,40 +0,0 @@ ---- -copr_machine_type: frontend - -allowlist_emails: - - msuchy@redhat.com - - praiskup@redhat.com - - jkadlcik@redhat.com -copr_fe_homedir: /usr/share/copr/coprs_frontend -copr_frontend_public_hostname: "copr.stg.fedoraproject.org" -copr_kerberos_auth_enabled: true -copr_mbs_cli_login: Y29wcg==##vtvvikhcjncwkfkdcssv -copr_messaging_queue: "c8e11df7-e863-4ca4-99b9-d37c6663c7f7" -copr_pagure_events: - io.pagure.prod.pagure: "https://pagure.io/" - io.pagure.stg.pagure: "https://stg.pagure.io" - org.fedoraproject.prod.pagure: "https://src.fedoraproject.org/" -# consumed by roles/copr/certbot -letsencrypt: - certificates: - copr.stg.fedoraproject.org: - challenge_dir: /var/www/html - domains: - - copr.stg.fedoraproject.org - - copr-fe-dev.cloud.fedoraproject.org - - copr-fe-dev.aws.fedoraproject.org - mail: copr-devel@lists.fedorahosted.org - predefined_deploy_script: httpd -tcp_ports: [22, 80, 443, - # node_exporter/prometheus - 9100, - # testing httpd server, `copr-frontend run` - 5000, -] -services_disabled: false - -aws_ipv6_addr: "2600:1f18:8ee:ae00:66a:fd15:3f16:4092/128" - -notes: | - Provide the testing environment of copr's frontend - This host is the testing environment for copr's web interface diff --git a/inventory/group_vars/copr_hypervisor b/inventory/group_vars/copr_hypervisor deleted file mode 100644 index 3be2c99826..0000000000 --- a/inventory/group_vars/copr_hypervisor +++ /dev/null @@ -1,15 +0,0 @@ ---- -vpn: true -ipa_client_shell_groups: - - sysadmin-noc - - sysadmin-copr - -ipa_client_sudo_groups: - - sysadmin-copr - -ipa_host_group: copr-vmhost -ipa_host_group_desc: Copr hypervisors - -primary_auth_source: ipa - -nftables: false diff --git a/inventory/group_vars/copr_keygen_aws b/inventory/group_vars/copr_keygen_aws deleted file mode 100644 index 550c45af60..0000000000 --- a/inventory/group_vars/copr_keygen_aws +++ /dev/null @@ -1,23 +0,0 @@ ---- -copr_machine_type: keygen - -copr_hostbase: copr-keygen -# http + signd dest ports -custom_rules: - - '-A INPUT -p tcp -m tcp -s 52.44.175.77 --dport 80 -j ACCEPT' - - '-A INPUT -p tcp -m tcp -s 52.44.175.77 --dport 5167 -j ACCEPT' - - '-A INPUT -p tcp -m tcp -s 172.30.2.145 --dport 80 -j ACCEPT' - - '-A INPUT -p tcp -m tcp -s 172.30.2.145 --dport 5167 -j ACCEPT' -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 52.44.175.77 tcp dport 80 counter accept' - - 'add rule ip filter INPUT ip saddr 52.44.175.77 tcp dport 5167 counter accept' - - 'add rule ip filter INPUT ip saddr 172.30.2.145 tcp dport 80 counter accept' - - 'add rule ip filter INPUT ip saddr 172.30.2.145 tcp dport 5167 counter accept' -freezes: false -tcp_ports: [22, - # node_exporter/prometheus - 9100, -] -services_disabled: false - -aws_ipv6_addr: "2600:1f18:8ee:ae00:acef:63f0:530a:cdff/128" diff --git a/inventory/group_vars/copr_keygen_dev_aws b/inventory/group_vars/copr_keygen_dev_aws deleted file mode 100644 index 568d57b38a..0000000000 --- a/inventory/group_vars/copr_keygen_dev_aws +++ /dev/null @@ -1,23 +0,0 @@ ---- -copr_machine_type: keygen - -copr_hostbase: copr-keygen-dev -# http + signd dest ports -custom_rules: - - '-A INPUT -p tcp -m tcp -s 172.30.2.173 --dport 80 -j ACCEPT' - - '-A INPUT -p tcp -m tcp -s 172.30.2.173 --dport 5167 -j ACCEPT' - - '-A INPUT -p tcp -m tcp -s 18.208.10.131 --dport 80 -j ACCEPT' - - '-A INPUT -p tcp -m tcp -s 18.208.10.131 --dport 5167 -j ACCEPT' -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 172.30.2.173 tcp dport 80 counter accept' - - 'add rule ip filter INPUT ip saddr 172.30.2.173 tcp dport 5167 counter accept' - - 'add rule ip filter INPUT ip saddr 18.208.10.131 tcp dport 80 counter accept' - - 'add rule ip filter INPUT ip saddr 18.208.10.131 tcp dport 5167 counter accept' -freezes: false -tcp_ports: [22, - # node_exporter/prometheus - 9100, -] -services_disabled: false - -aws_ipv6_addr: "2600:1f18:8ee:ae00:3cbb:7920:d83:e607/128" diff --git a/inventory/group_vars/copr_pulp_aws b/inventory/group_vars/copr_pulp_aws deleted file mode 100644 index c5fdf92af8..0000000000 --- a/inventory/group_vars/copr_pulp_aws +++ /dev/null @@ -1,5 +0,0 @@ ---- -copr_machine_type: pulp - -services_disabled: false -aws_ipv6_addr: "" diff --git a/inventory/group_vars/copr_pulp_dev_aws b/inventory/group_vars/copr_pulp_dev_aws deleted file mode 100644 index 20c5e4dcc5..0000000000 --- a/inventory/group_vars/copr_pulp_dev_aws +++ /dev/null @@ -1,5 +0,0 @@ ---- -copr_machine_type: pulp - -services_disabled: true -aws_ipv6_addr: "2600:1f18:8ee:ae00:c607:4520:249f:6cc8" diff --git a/inventory/group_vars/darkserver b/inventory/group_vars/darkserver new file mode 100644 index 0000000000..3d8f2c30da --- /dev/null +++ b/inventory/group_vars/darkserver @@ -0,0 +1,2 @@ +--- +freezes: false diff --git a/inventory/group_vars/data_reports b/inventory/group_vars/data_reports deleted file mode 100644 index 4f609a2fc8..0000000000 --- a/inventory/group_vars/data_reports +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Define resources for this group of hosts here. -deployment_type: prod -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-veteran - - sysadmin-web -ipa_client_sudo_groups: - - sysadmin-web -ipa_host_group: datareports -ipa_host_group_desc: data reports -lvm_size: 30000 -max_mem_size: 8192 -mem_size: 8192 -num_cpus: 2 -primary_auth_source: ipa - -notes: | - for developing reports against datanommerdb - This vm is for creating reports whicl once automated will be moved elsewhere. diff --git a/inventory/group_vars/datagrepper b/inventory/group_vars/datagrepper new file mode 100644 index 0000000000..3788ee6b20 --- /dev/null +++ b/inventory/group_vars/datagrepper @@ -0,0 +1,16 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, 6996 ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-datanommer,fi-apprentice + +freezes: false diff --git a/inventory/group_vars/datagrepper-stg b/inventory/group_vars/datagrepper-stg new file mode 100644 index 0000000000..c5d3090734 --- /dev/null +++ b/inventory/group_vars/datagrepper-stg @@ -0,0 +1,16 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 1 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, 6996 ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-datanommer,fi-apprentice + +freezes: false diff --git a/inventory/group_vars/dbserver b/inventory/group_vars/dbserver deleted file mode 100644 index 42769283c2..0000000000 --- a/inventory/group_vars/dbserver +++ /dev/null @@ -1,9 +0,0 @@ ---- -ipa_client_shell_groups: - - sysadmin-dba - - sysadmin-noc - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-dba -ipa_host_group: dbserver -ipa_host_group_desc: Database server hosts diff --git a/inventory/group_vars/dbserver_stg b/inventory/group_vars/dbserver_stg deleted file mode 100644 index 42769283c2..0000000000 --- a/inventory/group_vars/dbserver_stg +++ /dev/null @@ -1,9 +0,0 @@ ---- -ipa_client_shell_groups: - - sysadmin-dba - - sysadmin-noc - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-dba -ipa_host_group: dbserver -ipa_host_group_desc: Database server hosts diff --git a/inventory/group_vars/debuginfod b/inventory/group_vars/debuginfod deleted file mode 100644 index 98b04a8187..0000000000 --- a/inventory/group_vars/debuginfod +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Define resources for this group of hosts here. - -deployment_type: prod -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-veteran - - sysadmin-debuginfod -ipa_client_sudo_groups: - - sysadmin-debuginfod -ipa_host_group: debuginfod -ipa_host_group_desc: debuginfod servers -lvm_size: 1000000 -max_mem_size: 131072 -mem_size: 24576 -num_cpus: 4 -primary_auth_source: ipa -tcp_ports: [8002] - -notes: | - Provides debuginfod services - This server provides a debuginfod server to allow downloading debuginfod diff --git a/inventory/group_vars/debuginfod_stg b/inventory/group_vars/debuginfod_stg deleted file mode 100644 index 9a5a968f49..0000000000 --- a/inventory/group_vars/debuginfod_stg +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Define resources for this group of hosts here. -deployment_type: stg -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-veteran - - sysadmin-debuginfod -ipa_client_sudo_groups: - - sysadmin-debuginfod -ipa_host_group: debuginfod -ipa_host_group_desc: debuginfod servers -lvm_size: 1000000 -max_mem_size: 32768 -mem_size: 24576 -num_cpus: 4 -primary_auth_source: ipa -tcp_ports: [8002] - -notes: | - Provides debuginfod services - This server provides a debuginfod server to allow downloading debuginfod diff --git a/inventory/group_vars/dell_fx_build b/inventory/group_vars/dell_fx_build deleted file mode 100644 index 778e23a15a..0000000000 --- a/inventory/group_vars/dell_fx_build +++ /dev/null @@ -1,14 +0,0 @@ ---- -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should ovveride them with specific info. - -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -virthost: true - -notes: | - Koji service employs a set of virtual machines to build packages for the Fedora project. This playbook is for the provisioning of a physical host for buildvm's. - - * Relies on ansible, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Builder vm's are hosted on hosts created with this playbook. diff --git a/inventory/group_vars/dhcp b/inventory/group_vars/dhcp new file mode 100644 index 0000000000..945cbb5c1f --- /dev/null +++ b/inventory/group_vars/dhcp @@ -0,0 +1,13 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 10000 +mem_size: 1024 +num_cpus: 1 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 68 ] +udp_ports: [ 69 ] + +fas_client_groups: sysadmin-noc,fi-apprentice diff --git a/inventory/group_vars/dns b/inventory/group_vars/dns deleted file mode 100644 index e7f73c27af..0000000000 --- a/inventory/group_vars/dns +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Define resources for this group of hosts here. -external: true -ipa_client_shell_groups: - - sysadmin-dns -ipa_client_sudo_groups: - - sysadmin-dns -ipa_host_group: dns -ipa_host_group_desc: DNS servers -lvm_size: 30000 -mem_size: 4096 -nagios_has_named: true -nrpe_procs_crit: 500 -nrpe_procs_warn: 300 -num_cpus: 2 -primary_auth_source: ipa -sudoers: "{{ private }}/files/sudo/sysadmin-dns" -tcp_ports: [53] -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -udp_ports: [53] - -notes: Domain Name Service diff --git a/inventory/group_vars/docs-backend b/inventory/group_vars/docs-backend new file mode 100644 index 0000000000..4a486f989f --- /dev/null +++ b/inventory/group_vars/docs-backend @@ -0,0 +1,9 @@ +--- +lvm_size: 50000 +mem_size: 1024 +num_cpus: 1 +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 873 ] +fas_client_groups: sysadmin-noc,sysadmin-docs diff --git a/inventory/group_vars/download b/inventory/group_vars/download deleted file mode 100644 index adac9c9b60..0000000000 --- a/inventory/group_vars/download +++ /dev/null @@ -1,107 +0,0 @@ ---- -dl_tier1: - - 10.0.0.0/8 # Red Hat Internal - - 103.147.22.36 # mirror.twds.com.tw - - 106.178.112.231 # repo.jing.rocks - - 128.171.104.148 # mirror.ancl.hawaii.edu. - - 129.101.198.59 # University of Idaho - - 129.21.171.98 # kirby.main.ad.rit.edu. - - 129.7.128.189 # pubmirror1.math.uh.edu. - - 129.7.128.190 # pubmirror2.math.uh.edu. - - 129.7.128.191 # pubmirror3.math.uh.edu. - - 130.225.254.116 # dotsrc.org - - 130.239.17.3 # its-ehm.its.umu.se. - - 137.138.120.188 # cern - - 137.138.148.168 # cern - - 140.247.173.57 # pool-computing-servers.seas.harvard.edu. - - 147.75.101.1 # ams.edge.kernel.org - - 147.75.197.195 # ewr.edge.kernel.org - - 147.75.69.165 # sjc.edge.kernel.org - - 147.75.95.133 # kernel.org apac - - 149.11.118.8/29 # Red Hat CZ - - 152.19.134.145 # vm6.fedora.ibiblio.org. - - 152.19.134.195 # vm15.fedora.ibiblio.org. - - 154.45.192.0/29 # Red Hat CZ New - - 173.203.19.52 # rackspace new infra - - 182.255.111.7 # dksn-k4.cdn.aarnet.edu.au. - - 188.184.97.103 # cern - - 188.184.104.133 # cern - - 188.184.116.38 # cern - - 195.220.108.108 # mandril.creatis.insa-lyon.fr. - - 198.129.224.34 # linux-src.es.net. - - 199.6.1.170 # isc.org - - 200.17.202.1/28 # ufpr.br - - 202.158.214.12 # bne-a-vms1.retain.aarnet.edu.au. - - 204.152.191.36 # isc.org - - 192.206.9.160 # University of Southern Indiana - - 208.96.144.68 # University of Southern Indiana - - 208.89.84.55 # Mirror.dst.ca - - 213.175.37.8/29 # ?? - - 66.187.233.206 # Red Hat BOS - - 71.19.151.18 # prgmr.com / nb.zone - - 72.4.120.222 # rackspace old infra - - 91.209.10.253 # Red Hat CZ New Newer - - 125.16.200.50 # Red Hat PNQ - - 139.178.88.99 # kernel.org - - 2405:a640::36 # mirror.twds.com.tw - - 2604:1380:45e3:2400::1 # kernel.org - - 2001:388:1:4066:225:90ff:fec7:777e # ?? - - 2001:4DE8:C0FD::/48 # ?? - - 2001:878:346::116 # dotsrc.org - - 2001:978:2:81::1:0/112 # ?? - - 240b:10:f00:1b00::226 # repo.jing.rocks - - 240b:10:f00:1b00::227 # repo.jing.rocks - - 2604:1380:3000:1500::1 # kernel.org apac - - 2620:52:3:1:dead:beef:cafe:fed1 # download-cc-rdu01's ipv6 address - - 2602:fc25:101:702::68 # University of Southern Indiana - - archive.linux.duke.edu # 152.3.102.53 - - 152.3.68.159 # new archive.linux.duke.edu - - auslistsdr01.us.dell.com # 143.166.224.62 - - auslistsprd01.us.dell.com # 143.166.82.43 - - download-ib01.fedoraproject.org # 152.19.134.145 - - download-cc-rdu01.fedoraproject.org # 8.43.85.72 - - fedora.c3sl.ufpr.br # 200.236.31.8 - - frisal.switch.ch # 130.59.113.36 - - ftp.heanet.ie # 193.1.193.64 - - ftp.linux.cz # 147.251.48.205 - - 2001:718:801:230::cd # ftp.linux.cz ipv6 address - - ftp.nrc.ca # 132.246.2.21 - - jobbot1.ibiblio.org # 152.19.134.30 - - elba.hrz.tu-chemnitz.de # 134.109.228.48 / 2001:638:911:b0e:134:109:228:48 - - korsika.hrz.tu-chemnitz.de # 134.109.228.166 / 2001:638:911:b0e:134:109:228:166 - - ftp.hrz.tu-chemnitz.de # 134.109.228.1 / 2001:638:911:b0e:134:109:228:1 - - lists.us.dell.com # 143.166.82.43 - - mirror.fcix.net # 23.152.160.16 / 2620:13b:0:1000::16 - - mirror.gtlib.gatech.edu # 128.61.111.11 - - mirror.hiwaay.net # 216.180.99.217 - - mirror.liquidtelecom.com # 197.155.77.1 - - mirror.twds.com.tw # 103.147.22.36 - - mirror.prgmr.com # 71.19.148.193 - - mirror.speedpartner.de # 91.184.32.5 - - mirrors.mit.edu # 18.7.29.125 - - mirrors.pdx.kernel.org # 198.145.21.9 / 2001:19d0:306:6:0:1994:3:14 - - mirrors.rit.edu # 129.21.171.72 - - mirrors.sfo.kernel.org # 149.20.37.36 / 2001:4f8:4:6f:0:1994:3:14 - - mirrors.xmission.com # 198.60.22.13 - - nrt.edge.kernel.org # 147.75.95.133 / 2604:1380:3000:1500::1 - - odysseus.fi.muni.cz # 147.251.48.205 - - odysseus.linux.cz # 147.251.48.205 - - rhlx01.hs-esslingen.de # 129.143.116.10 - - rsyncer.ftp.heanet.ie # 193.1.219.88 - - sagres.c3sl.ufpr.br # 200.236.31.1 - - scrye.com # 75.148.32.185 - - sfo-korg-mirror.kernel.org # 149.20.37.36 / 2001:4f8:4:6f:0:1994:3:14 - - sinclair.wpi.edu # 130.215.32.86 - - mirr-web-p-u01.wpi.edu # 130.215.32.92 / 2607:f5c0:8040:a081::80 - - solar-one.mit.edu # 18.7.29.123 - - speculum.rbc.ru # 80.68.250.217 - - torrent01.fedoraproject.org # 152.19.134.141 - - torrent02.fedoraproject.org # 152.19.134.148 - - ultra.linux.cz # 195.113.15.27 - - wpi.edu # 130.215.36.26 - - zaphod.gtlib.gatech.edu # 128.61.111.12 -ipa_host_group: download -ipa_host_group_desc: Download servers -nagios_Check_Services: - swap: false -primary_auth_source: ipa diff --git a/inventory/group_vars/download-ib b/inventory/group_vars/download-ib new file mode 100644 index 0000000000..5e4b8d1ffb --- /dev/null +++ b/inventory/group_vars/download-ib @@ -0,0 +1,7 @@ +--- +datacenter: ibiblio +tcp_ports: [80, 443, 873] +rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}" +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + diff --git a/inventory/group_vars/download-phx2 b/inventory/group_vars/download-phx2 new file mode 100644 index 0000000000..86384c4681 --- /dev/null +++ b/inventory/group_vars/download-phx2 @@ -0,0 +1,9 @@ +--- +datacenter: phx2 +tcp_ports: [80, 443, 873] +rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}" +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +# nfs mount options, overrides the all/default +nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,actimeo=600" diff --git a/inventory/group_vars/download-rdu2 b/inventory/group_vars/download-rdu2 new file mode 100644 index 0000000000..a9c5350867 --- /dev/null +++ b/inventory/group_vars/download-rdu2 @@ -0,0 +1,9 @@ +--- +datacenter: rdu +tcp_ports: [80, 443, 873] +rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}" +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +# nfs mount options, overrides the all/default +nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,actimeo=600" diff --git a/inventory/group_vars/download_iad2 b/inventory/group_vars/download_iad2 deleted file mode 100644 index bb5683e4db..0000000000 --- a/inventory/group_vars/download_iad2 +++ /dev/null @@ -1,15 +0,0 @@ ---- -blocked_ips: [] -datacenter: iad2 -dns: 10.3.163.33 -# -# This host is externally reachable -# -external: true -host_group: download-iad2 -# nfs mount options, overrides the all/default -nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,actimeo=600,nfsvers=4" -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}" -tcp_ports: [80, 443, 873] diff --git a/inventory/group_vars/download_ib b/inventory/group_vars/download_ib deleted file mode 100644 index 8a4e911480..0000000000 --- a/inventory/group_vars/download_ib +++ /dev/null @@ -1,6 +0,0 @@ ---- -datacenter: ibiblio -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}" -tcp_ports: [80, 443, 873] diff --git a/inventory/group_vars/elections b/inventory/group_vars/elections new file mode 100644 index 0000000000..f8692f3da3 --- /dev/null +++ b/inventory/group_vars/elections @@ -0,0 +1,26 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +tcp_ports: [ 80, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-web,fi-apprentice + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: fedora_elections + owner: root + group: apache + diff --git a/inventory/group_vars/elections-stg b/inventory/group_vars/elections-stg new file mode 100644 index 0000000000..5e9d939964 --- /dev/null +++ b/inventory/group_vars/elections-stg @@ -0,0 +1,25 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +tcp_ports: [ 80, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-web,fi-apprentice + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: fedora_elections + owner: root + group: apache + diff --git a/inventory/group_vars/fedimg b/inventory/group_vars/fedimg new file mode 100644 index 0000000000..1f850148a9 --- /dev/null +++ b/inventory/group_vars/fedimg @@ -0,0 +1,21 @@ +--- +lvm_size: 20000 +mem_size: 6144 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 3000 ] + +# TODO, restrict this down to just sysadmin-releng +fas_client_groups: sysadmin-datanommer,sysadmin-releng + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: fedimg + owner: root + group: fedmsg diff --git a/inventory/group_vars/fedimg-stg b/inventory/group_vars/fedimg-stg new file mode 100644 index 0000000000..1f850148a9 --- /dev/null +++ b/inventory/group_vars/fedimg-stg @@ -0,0 +1,21 @@ +--- +lvm_size: 20000 +mem_size: 6144 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 3000 ] + +# TODO, restrict this down to just sysadmin-releng +fas_client_groups: sysadmin-datanommer,sysadmin-releng + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: fedimg + owner: root + group: fedmsg diff --git a/inventory/group_vars/fedoauth b/inventory/group_vars/fedoauth new file mode 100644 index 0000000000..828c0859ff --- /dev/null +++ b/inventory/group_vars/fedoauth @@ -0,0 +1,15 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-main,sysadmin-accounts diff --git a/inventory/group_vars/fedoauth-stg b/inventory/group_vars/fedoauth-stg new file mode 100644 index 0000000000..828c0859ff --- /dev/null +++ b/inventory/group_vars/fedoauth-stg @@ -0,0 +1,15 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-main,sysadmin-accounts diff --git a/inventory/group_vars/fedocal b/inventory/group_vars/fedocal new file mode 100644 index 0000000000..a160ea27e2 --- /dev/null +++ b/inventory/group_vars/fedocal @@ -0,0 +1,27 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-web + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: fedocal + owner: root + group: apache diff --git a/inventory/group_vars/fedocal-stg b/inventory/group_vars/fedocal-stg new file mode 100644 index 0000000000..f11a49b63b --- /dev/null +++ b/inventory/group_vars/fedocal-stg @@ -0,0 +1,27 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-web + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: fedocal + owner: root + group: apache diff --git a/inventory/group_vars/fedora_nightlies b/inventory/group_vars/fedora_nightlies deleted file mode 100644 index 49a052b1cc..0000000000 --- a/inventory/group_vars/fedora_nightlies +++ /dev/null @@ -1,22 +0,0 @@ -# we need this for our fedora-messaging consumer as it is not allowed -# to create queues on the infra AMQP broker, by broker config -fedora_nightlies_amqp_passive: true - -# fedora-messaging email error reporting settings -fedora_nightlies_amqp_mailto: ["adamwill@fedoraproject.org"] -fedora_nightlies_amqp_smtp: bastion - -# fedora-messaging job scheduler settings -# we use the openQA rabbitmq account for this role as they run -# on the same server and it's convenient. this means it's also -# safe and appropriate to use variables defined in the openqa -# group_vars. if we ever split the roles up we will have to create -# a separate account with separate creds -fedora_nightlies_amqp_url: "{{ openqa_amqp_prod_url }}" -fedora_nightlies_amqp_cacert: "{{ openqa_amqp_prod_cacertfile }}" -fedora_nightlies_amqp_cert: "{{ openqa_amqp_prod_certfile }}" -fedora_nightlies_amqp_key: "{{ openqa_amqp_prod_keyfile }}" -fedora_nightlies_amqp_queue: "{{ openqa_amqp_prod_username }}_fedora_nightlies" -fedora_nightlies_amqp_routing_keys: ["org.fedoraproject.prod.openqa.job.done", "org.fedoraproject.prod.pungi.compose.status.change"] -fedora_nightlies_amqp_data_file: /usr/share/openqa/public/nightlies.json -fedora_nightlies_amqp_html_file: /usr/share/openqa/public/nightlies.html diff --git a/inventory/group_vars/flatpak_cache b/inventory/group_vars/flatpak_cache deleted file mode 100644 index 8c91ef0d30..0000000000 --- a/inventory/group_vars/flatpak_cache +++ /dev/null @@ -1,33 +0,0 @@ ---- -# For the MOTD -freezes: false -ipa_client_shell_groups: - - sysadmin-noc - - sysadmin-qa - - sysadmin-main -ipa_client_sudo_groups: - - sysadmin-noc - - sysadmin-qa - - sysadmin-main -ipa_host_group: flatpak_cache -lvm_size: 20000 -max_mem_size: 2048 -mem_size: 2048 -num_cpus: 2 -primary_auth_source: ipa -tcp_ports: [3128] - -notes: | - Centralized cache for any Flatpak requests from OpenQA - - This is to avoid slamming Flathub with requests during automated testing. - It hosts squid to cache anything under the flathub.org domain. - It is locked down to only allow requests from OpenQA. - - * This host relies on: - The virthost it's hosted on (qvmhost-x86-02) - - * Things that rely on this host: - Any requests using Flatpak from OpenQA. - - If this host is down, OpenQA hosts might fail. diff --git a/inventory/group_vars/gallery b/inventory/group_vars/gallery new file mode 100644 index 0000000000..55362234bd --- /dev/null +++ b/inventory/group_vars/gallery @@ -0,0 +1,10 @@ +--- +lvm_size: 20000 +mem_size: 4096 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443 ] +fas_client_groups: sysadmin-noc,sysadmin-gallery diff --git a/inventory/group_vars/gallery-stg b/inventory/group_vars/gallery-stg new file mode 100644 index 0000000000..cf68892be2 --- /dev/null +++ b/inventory/group_vars/gallery-stg @@ -0,0 +1,11 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 50000 +mem_size: 1024 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443 ] +fas_client_groups: sysadmin-noc,sysadmin-gallery diff --git a/inventory/group_vars/github2fedmsg b/inventory/group_vars/github2fedmsg new file mode 100644 index 0000000000..133ea41526 --- /dev/null +++ b/inventory/group_vars/github2fedmsg @@ -0,0 +1,27 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: github2fedmsg + owner: root + group: apache diff --git a/inventory/group_vars/github2fedmsg-stg b/inventory/group_vars/github2fedmsg-stg new file mode 100644 index 0000000000..3c0756a371 --- /dev/null +++ b/inventory/group_vars/github2fedmsg-stg @@ -0,0 +1,27 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 1 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: github2fedmsg + owner: root + group: apache diff --git a/inventory/group_vars/gnome_backups b/inventory/group_vars/gnome_backups deleted file mode 100644 index 9102eb87fe..0000000000 --- a/inventory/group_vars/gnome_backups +++ /dev/null @@ -1,6 +0,0 @@ -freezes: False -notes: | - GNOME Infrastructure Backups facility - Provides rdiff-backup based backups to all the GNOME Infrastructure machines and services - * This machine mainly relies on the Red Hat sponsored NetApp assigned - to the GNOME Project where all the backups do reside diff --git a/inventory/group_vars/hardware b/inventory/group_vars/hardware deleted file mode 100644 index 7610d508b9..0000000000 --- a/inventory/group_vars/hardware +++ /dev/null @@ -1,6 +0,0 @@ ---- -# -# Do not check swap on hardware machines. Recent rhel8 kernels favor filling swap up which causes a bunch of alerts. -# -nagios_Check_Services: - swap: false diff --git a/inventory/group_vars/iad2_production b/inventory/group_vars/iad2_production deleted file mode 100644 index 7817932469..0000000000 --- a/inventory/group_vars/iad2_production +++ /dev/null @@ -1,18 +0,0 @@ ---- -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet - mtu: 9000 diff --git a/inventory/group_vars/ipa b/inventory/group_vars/ipa deleted file mode 100644 index b69dca6de9..0000000000 --- a/inventory/group_vars/ipa +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Define resources for this group of hosts here. -custom_rules: ['-A INPUT -p udp -m udp -s 10.3.0.0/16 --dport 53 -j ACCEPT'] -nft_custom_rules: ['add rule ip filter INPUT ip saddr 10.3.0.0/16 udp dport 53 counter accept'] -host_backup_targets: ['/var/lib/ipa/backup', '/var/log/dirsrv/slapd-FEDORAPROJECT-ORG'] -ipa_client_shell_groups: - - sysadmin-accounts -ipa_client_sudo_groups: - - sysadmin-accounts -ipa_dm_password: "{{ ipa_prod_dm_password }}" -ipa_host_group: ipa -ipa_host_group_desc: IPA service -ipa_initial: false -ipa_ldap_socket: ldapi://%2fvar%2frun%2fslapd-FEDORAPROJECT-ORG.socket -lvm_size: 50000 -mem_size: 8192 -nrpe_procs_crit: 500 -nrpe_procs_warn: 300 -num_cpus: 8 -primary_auth_source: ipa -tcp_ports: [80, 88, 389, 443, 464, 636] -udp_ports: [88, 464] diff --git a/inventory/group_vars/ipa_stg b/inventory/group_vars/ipa_stg deleted file mode 100644 index 32e0ad7342..0000000000 --- a/inventory/group_vars/ipa_stg +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Define resources for this group of hosts here. -ipa_client_shell_groups: - - sysadmin-accounts -ipa_client_sudo_groups: - - sysadmin-accounts -ipa_dm_password: "{{ ipa_stg_dm_password }}" -ipa_host_group: ipa -ipa_host_group_desc: IPA service -ipa_ldap_socket: ldapi://%2fvar%2frun%2fslapd-STG-FEDORAPROJECT-ORG.socket -lvm_size: 50000 -mem_size: 8192 -nrpe_procs_crit: 500 -nrpe_procs_warn: 300 -num_cpus: 4 -tcp_ports: [80, 88, 389, 443, 464, 636] -udp_ports: [88, 464] diff --git a/inventory/group_vars/ipsilon b/inventory/group_vars/ipsilon deleted file mode 100644 index d32010d0ad..0000000000 --- a/inventory/group_vars/ipsilon +++ /dev/null @@ -1,15 +0,0 @@ ---- -# Define resources for this group of hosts here. -# Neeed for rsync from log01 for logs. -custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'] -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept' -ipa_host_group: ipsilon -ipa_host_group_desc: Ipsilon SSO application -lvm_size: 50000 -mem_size: 32768 -num_cpus: 2 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [80, 443] diff --git a/inventory/group_vars/ipsilon_stg b/inventory/group_vars/ipsilon_stg deleted file mode 100644 index c0b858465a..0000000000 --- a/inventory/group_vars/ipsilon_stg +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Define resources for this group of hosts here. -# Neeed for rsync from log01 for logs. -custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'] -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept' -ipa_host_group: ipsilon -ipa_host_group_desc: Ipsilon SSO application -ipa_client_shell_groups: - - sysadmin-noc -ipa_client_sudo_groups: - - sysadmin-noc -lvm_size: 20000 -mem_size: 4096 -num_cpus: 2 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -proxy_tcp_ports: [80, 443] diff --git a/inventory/group_vars/jenkins-cloud b/inventory/group_vars/jenkins-cloud new file mode 100644 index 0000000000..bbefeaf0a9 --- /dev/null +++ b/inventory/group_vars/jenkins-cloud @@ -0,0 +1,10 @@ +postfix_group: jenkins-cloud + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: root +- service: jenkins + owner: root + group: jenkins diff --git a/inventory/group_vars/kernel-qa b/inventory/group_vars/kernel-qa new file mode 100644 index 0000000000..39e618921d --- /dev/null +++ b/inventory/group_vars/kernel-qa @@ -0,0 +1,5 @@ +--- +freezes: true +resolvconf: "{{ files }}/resolv.conf/phx2" +fas_client_groups: sysadmin-kernel +sudoers: "{{ private }}/files/sudo/kernel-qa" diff --git a/inventory/group_vars/kernel_qa b/inventory/group_vars/kernel_qa deleted file mode 100644 index 0343a50700..0000000000 --- a/inventory/group_vars/kernel_qa +++ /dev/null @@ -1,11 +0,0 @@ ---- -custom_rules: ['-A INPUT -p tcp -m tcp -s 192.168.122.0/24 --dport 2049 -j ACCEPT'] -nft_custom_rules: ['add rule ip filter INPUT ip saddr 192.168.122.0/24 tcp dport 2049 counter accept'] -freezes: false -ipa_client_shell_groups: - - sysadmin-kernel -ipa_client_sudo_groups: - - sysadmin-kernel -ipa_host_group: kernel_qa -ipa_host_group_desc: kernel test machines -resolvconf: "{{ files }}/resolv.conf/iad2" diff --git a/inventory/group_vars/kerneltest b/inventory/group_vars/kerneltest new file mode 100644 index 0000000000..064983b7ae --- /dev/null +++ b/inventory/group_vars/kerneltest @@ -0,0 +1,27 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 1 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: kerneltest + owner: root + group: apache diff --git a/inventory/group_vars/kerneltest-stg b/inventory/group_vars/kerneltest-stg new file mode 100644 index 0000000000..064983b7ae --- /dev/null +++ b/inventory/group_vars/kerneltest-stg @@ -0,0 +1,27 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 1 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: kerneltest + owner: root + group: apache diff --git a/inventory/group_vars/keys b/inventory/group_vars/keys new file mode 100644 index 0000000000..c74e395048 --- /dev/null +++ b/inventory/group_vars/keys @@ -0,0 +1,10 @@ +--- +freezes: false +lvm_size: 40000 +mem_size: 4096 +num_cpus: 2 +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, 11370, 11371 ] +fas_client_groups: sysadmin-noc,sysadmin-keys diff --git a/inventory/group_vars/koji b/inventory/group_vars/koji deleted file mode 100644 index 9f9b351aee..0000000000 --- a/inventory/group_vars/koji +++ /dev/null @@ -1,30 +0,0 @@ ---- -# Define resources for this group of hosts here. -custom_rules: [ - # Needed for keepalived - '-A INPUT -d 224.0.0.0/8 -j ACCEPT', '-A INPUT -p vrrp -j ACCEPT'] -# Needed for keepalived -nft_custom_rules: - - 'add rule ip filter INPUT ip daddr 224.0.0.0/8 counter accept' - - 'add rule ip filter INPUT ip protocol vrrp counter accept' -docker_registry: "candidate-registry.fedoraproject.org" -ipa_client_shell_groups: - - sysadmin-releng -ipa_client_sudo_groups: - - sysadmin-releng -ipa_host_group: kojihub -ipa_host_group_desc: Koji Hub hosts -koji_hub: "koji.fedoraproject.org/kojihub" -koji_root: "koji.fedoraproject.org/koji" -lvm_size: 100000 -mem_size: 57344 -max_mem_size: 65536 -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4" -num_cpus: 16 -primary_auth_source: ipa -source_registry: "registry.fedoraproject.org" -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [80, 443, 111, 2049] -udp_ports: [111, 2049] -virt_install_command: "{{ virt_install_command_two_nic }}" diff --git a/inventory/group_vars/koji-stg b/inventory/group_vars/koji-stg new file mode 100644 index 0000000000..13e761972e --- /dev/null +++ b/inventory/group_vars/koji-stg @@ -0,0 +1,26 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 30000 +mem_size: 2048 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file +tcp_ports: [ 80, 443, 111, 2049, + # These 8 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007] + +udp_ports: [ 111, 2049 ] + +fas_client_groups: sysadmin-releng + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: koji + owner: root + group: apache + +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid" diff --git a/inventory/group_vars/koji_riscv b/inventory/group_vars/koji_riscv deleted file mode 100644 index 0f147d0c6e..0000000000 --- a/inventory/group_vars/koji_riscv +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Define resources for this group of hosts here. -docker_registry: "candidate-registry.fedoraproject.org" -external: true -ipa_client_shell_groups: - - sysadmin-riscv -ipa_client_sudo_groups: - - sysadmin-riscv -ipa_host_group: kojihub_riscv -ipa_host_group_desc: riscv Koji Hub hosts -koji_hub: "riscv-koji.fedoraproject.org/kojihub" -koji_root: "riscv-koji.fedoraproject.org/koji" -lvm_size: 100000 -mem_size: 32768 -max_mem_size: 65536 -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4" -num_cpus: 8 -primary_auth_source: ipa -source_registry: "registry.fedoraproject.org" -tcp_ports: [80, 443, 111, 2049] -udp_ports: [111, 2049] diff --git a/inventory/group_vars/koji_stg b/inventory/group_vars/koji_stg deleted file mode 100644 index eddc8f6d90..0000000000 --- a/inventory/group_vars/koji_stg +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Define resources for this group of hosts here. -docker_registry: "candidate-registry.stg.fedoraproject.org" -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-releng - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-releng -ipa_host_group: kojihub -ipa_host_group_desc: Koji Hub hosts -koji_hub: "koji.stg.fedoraproject.org/kojihub" -koji_root: "koji.stg.fedoraproject.org/koji" -koji_server_url: "https://koji.stg.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.fedoraproject.org/" -koji_weburl: "https://koji.stg.fedoraproject.org/koji" -lvm_size: 250000 -mem_size: 32768 -# NOTE -- staging mounts read-only -nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" -num_cpus: 8 -source_registry: "registry.stg.fedoraproject.org" -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [80, 443, 111, 2049] -udp_ports: [111, 2049] diff --git a/inventory/group_vars/kojipkgs b/inventory/group_vars/kojipkgs deleted file mode 100644 index 0b1c93f477..0000000000 --- a/inventory/group_vars/kojipkgs +++ /dev/null @@ -1,42 +0,0 @@ ---- -# Define resources for this group of hosts here. -# For the MOTD -custom_rules: [ - # Need for rsync from log01 for logs. - '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'] -# Need for rsync from log01 for logs. -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept' -ipa_client_shell_groups: - - sysadmin-noc - - sysadmin-releng - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-releng -ipa_host_group: kojipkgs -ipa_host_group_desc: Koji Packages hosts -lvm_size: 50000 -max_mem_size: 98304 -mem_size: 98304 -nagios_Check_Services: - swap: false -nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,lookupcache=positive,nfsvers=4" -num_cpus: 16 -primary_auth_source: ipa -tcp_ports: [80, 8080] -varnish_group: kojipkgs - -notes: | - Cache packages from koji for builders and others - - There are a few things running here: - * apache web server and varnish caching. - - This host relies on: - * koji nfs storage - * proxy01/10 to proxy requests to it. - Things that rely on this host: - * all koji builders/buildsystem - * koschei - * external users downloading packages from koji. diff --git a/inventory/group_vars/lockbox b/inventory/group_vars/lockbox new file mode 100644 index 0000000000..7c82a435ae --- /dev/null +++ b/inventory/group_vars/lockbox @@ -0,0 +1,9 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +tcp_ports: [ 443 ] + +fas_client_groups: sysadmin-noc,sysadmin-qa,fi-apprentice diff --git a/inventory/group_vars/logging b/inventory/group_vars/logging deleted file mode 100644 index bf5db51581..0000000000 --- a/inventory/group_vars/logging +++ /dev/null @@ -1,14 +0,0 @@ ---- -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-analysis - - sysadmin-logs - - sysadmin-noc - - sysadmin-osbuild - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-analysis - - sysadmin-logs -ipa_host_group: logging -ipa_host_group_desc: Logging hosts -primary_auth_source: ipa diff --git a/inventory/group_vars/mailman b/inventory/group_vars/mailman index 1ae4c707c1..d63c77fb71 100644 --- a/inventory/group_vars/mailman +++ b/inventory/group_vars/mailman @@ -1,67 +1,26 @@ --- # common items for the releng-* boxes -deployment_type: prod -ipa_client_shell_groups: - - sysadmin-tools -ipa_client_sudo_groups: - - sysadmin-tools -ipa_host_group: mailman -ipa_host_group_desc: Mailing list services -lvm_size: 950000 -# Used by the mailman role -mailman3_db_server: db01.iad2.fedoraproject.org -mailman3_domains: - - lists.fedoraproject.org - - lists.fedorahosted.org - - lists.pagure.io -mailman3_login: - facebook: - display_name: Facebook - provider: facebook - github: - display_name: GitHub - provider: github - gitlab: - display_name: GitLab - provider: gitlab - google: - display_name: Google - provider: google - stackexchange: - display_name: StackExchange - provider: stackexchange - twitter: - display_name: Twitter - provider: twitter - fedora: - display_name: Fedora - provider: fedora -max_mem_size: 32768 -mem_size: 32768 -nagios_Check_Services: - nrpe: true - swap: false -nrpe_check_postfix_queue_crit: 200 -# by default, the number of emails in queue before we whine -nrpe_check_postfix_queue_warn: 100 -nrpe_procs_crit: 500 -# Number of processes for nagios -nrpe_procs_warn: 300 -num_cpus: 4 +lvm_size: 250000 +mem_size: 4096 +num_cpus: 2 # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file +tcp_ports: [ 25, 80, 443, 3000, 3001 ] + +fas_client_groups: sysadmin-tools,sysadmin-main + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: mailman + owner: mailman + group: mailman + # Postfix main.cf postfix_group: mailman -primary_auth_source: ipa -tcp_ports: [25, 80, 443] -# mailman role variables -mailman3_rest_api_username: "{{ mailman_rest_api_user }}" -mailman3_rest_api_password: "{{ mailman_rest_api_pass }}" -mailman3_mailman_db_pass: "{{ mailman_mm_db_pass }}" -mailman3_hyperkitty_admin_db_pass: "{{ mailman_hk_admin_db_pass }}" -mailman3_hyperkitty_db_pass: "{{ mailman_hk_db_pass }}" -mailman3_hyperkitty_cookie_key: "{{ mailman_hk_cookie_key }}" -mailman3_hyperkitty_archiver_key: "{{ mailman_hk_archiver_key }}" -mailman3_smtp_port: 587 +# Used by the mailman role +mailman_dbserver: db01.phx2.fedoraproject.org diff --git a/inventory/group_vars/mailman-stg b/inventory/group_vars/mailman-stg new file mode 100644 index 0000000000..3c3202600a --- /dev/null +++ b/inventory/group_vars/mailman-stg @@ -0,0 +1,35 @@ +--- +# common items for the releng-* boxes +lvm_size: 250000 +mem_size: 4096 +num_cpus: 2 +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 25, 80, 443, 3000, 3001 ] +fas_client_groups: sysadmin-tools,sysadmin-main + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: mailman + owner: mailman + group: mailman + +# default virt install command is for a single nic-device +# define in another group file for more nics (see buildvm) +virt_install_command: /usr/sbin/virt-install -n {{ inventory_hostname }} -r {{ mem_size }} + --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} + --vcpus={{ num_cpus }} -l {{ ks_repo }} -x + "ksdevice=eth0 ks={{ ks_url }} ip={{ eth0_ip }} netmask={{ nm }} + gateway={{ gw }} dns={{ dns }} console=tty0 console=ttyS0 + hostname={{ inventory_hostname }}" + --network=bridge=br0 --autostart --noautoconsole + +# Postfix main.cf +postfix_group: mailman-stg + +# Used by the mailman role +mailman_dbserver: db02.stg.phx2.fedoraproject.org diff --git a/inventory/group_vars/mailman_stg b/inventory/group_vars/mailman_stg deleted file mode 100644 index a34d9cd5f7..0000000000 --- a/inventory/group_vars/mailman_stg +++ /dev/null @@ -1,67 +0,0 @@ ---- -# common items for the releng-* boxes -deployment_type: prod -ipa_client_shell_groups: - - sysadmin-tools -ipa_client_sudo_groups: - - sysadmin-tools -ipa_host_group: mailman -ipa_host_group_desc: Mailing list services -lvm_size: 350000 -# Used by the mailman role -mailman3_db_server: db01.stg.iad2.fedoraproject.org -mailman3_domains: - - lists.stg.fedoraproject.org - - lists.stg.fedorahosted.org - - lists.stg.pagure.io -mailman3_login: - facebook: - display_name: Facebook - provider: facebook - github: - display_name: GitHub - provider: github - gitlab: - display_name: GitLab - provider: gitlab - google: - display_name: Google - provider: google - stackexchange: - display_name: StackExchange - provider: stackexchange - twitter: - display_name: Twitter - provider: twitter - fedora: - display_name: Fedora - provider: fedora -max_mem_size: 32768 -mem_size: 32768 -nrpe_check_postfix_queue_crit: 50 -# by default, the number of emails in queue before we whine -nrpe_check_postfix_queue_warn: 20 -num_cpus: 4 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file - -# Postfix main.cf -postfix_group: mailman-stg -tcp_ports: [25, 80, 443] - -# mailman role variables -mailman3_log_level: debug -mailman3_rest_api_username: "{{ mailman_stg_rest_api_user }}" -mailman3_rest_api_password: "{{ mailman_stg_rest_api_pass }}" -mailman3_mailman_db_pass: "{{ mailman_mm_db_pass }}" -mailman3_hyperkitty_admin_db_pass: "{{ mailman_hk_admin_db_pass }}" -mailman3_hyperkitty_db_pass: "{{ mailman_hk_db_pass }}" -mailman3_hyperkitty_cookie_key: "{{ mailman_hk_cookie_key }}" -mailman3_hyperkitty_archiver_key: "{{ mailman_hk_stg_archiver_key }}" -mailman3_openidc_server_url: "https://id.stg.fedoraproject.org/" -mailman3_httpd_hostname: lists.stg.fedoraproject.org - -# Setting debug variables to 'true' disables mail sending -# If you want to enable it just set it to 'false' -mailman3_debug: true -mailman3_hyperkitty_debug: true diff --git a/inventory/group_vars/maintainer_test b/inventory/group_vars/maintainer_test deleted file mode 100644 index 7af238e11f..0000000000 --- a/inventory/group_vars/maintainer_test +++ /dev/null @@ -1,14 +0,0 @@ ---- -datacenter: aws -freezes: false -ipa_client_shell_groups: - - packager -ipa_client_sudo_nopasswd_groups: - - sysadmin-main - - packager -ipa_host_group: maintainer_test -ipa_host_group_desc: Test hosts for package maintainers -primary_auth_source: ipa -sudoers: "{{ private }}/files/sudo/arm-packager-sudoers" -sudoers_main: nopasswd -vpn: true diff --git a/inventory/group_vars/memcached b/inventory/group_vars/memcached index 36de6ce023..581a0248b4 100644 --- a/inventory/group_vars/memcached +++ b/inventory/group_vars/memcached @@ -1,18 +1,12 @@ --- -# Define resources for this group of hosts here. -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-veteran - - sysadmin-web -ipa_client_sudo_groups: - - sysadmin-web -ipa_host_group: memcached -ipa_host_group_desc: Distributed Memory Caching service -lvm_size: 20000 -mem_size: 8192 -num_cpus: 2 -primary_auth_source: ipa +# Define resources for this group of hosts here. +lvm_size: 10000 +mem_size: 1536 +num_cpus: 1 + # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file -tcp_ports: [11211] + +tcp_ports: [ 11211 ] + +fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-web diff --git a/inventory/group_vars/memcached_stg b/inventory/group_vars/memcached_stg deleted file mode 100644 index d23f6b5516..0000000000 --- a/inventory/group_vars/memcached_stg +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Define resources for this group of hosts here. -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-veteran - - sysadmin-web -ipa_client_sudo_groups: - - sysadmin-web -ipa_host_group: memcached -ipa_host_group_desc: Distributed Memory Caching service -lvm_size: 20000 -mem_size: 4096 -num_cpus: 1 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [11211] diff --git a/inventory/group_vars/mirrorlist b/inventory/group_vars/mirrorlist new file mode 100644 index 0000000000..fcef5123e9 --- /dev/null +++ b/inventory/group_vars/mirrorlist @@ -0,0 +1,14 @@ +--- +lvm_size: 20000 +mem_size: 4096 +num_cpus: 4 +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +custom_rules: [ '-A INPUT -p tcp -m tcp -s 192.168.0.0/16 --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.0/24 --dport 80 -j ACCEPT' ] +collectd_apache: true +fas_client_groups: sysadmin-noc,fi-apprentice +nrpe_procs_warn: 500 +nrpe_procs_crit: 600 +# By default run 45 wsgi procs +mirrorlist_procs: 45 diff --git a/inventory/group_vars/nagios b/inventory/group_vars/nagios deleted file mode 100644 index 71ec95643e..0000000000 --- a/inventory/group_vars/nagios +++ /dev/null @@ -1,150 +0,0 @@ ---- -deployment_type: prod -dns_external: - - ns-iad01.fedoraproject.org - - ns-iad02.fedoraproject.org - - ns02.fedoraproject.org - - ns05.fedoraproject.org -# When you have a group which comes up with empty members in all.cfg, it -# is because it contains all hosts which aren't pinganble. You may want -# to add that group to this list. Other items on this list are ones -# where it is an enormous group not needed. -# Exclude these ansible host groups in hostgroups/all.cfg -exclude_iad2_hostgroups: - - centos_ipa_client_stg - - zabbix_stg - - zabbix - - logdetective -#iad2_management_slowping: -# - ppc8-01-fsp.mgmt.fedoraproject.org -# - ppc8-02-fsp.mgmt.fedoraproject.org -# - ppc8-03-fsp.mgmt.fedoraproject.org -iad2_external: - - bastion01.fedoraproject.org - - bastion02.fedoraproject.org - - dl-iad01.fedoraproject.org - - dl-iad02.fedoraproject.org - - dl-iad03.fedoraproject.org - - dl-iad04.fedoraproject.org - - dl-iad05.fedoraproject.org - - infrastructure.fedoraproject.org - - koji.fedoraproject.org - - kojipkgs.fedoraproject.org - - ns-iad01.fedoraproject.org - - ns-iad02.fedoraproject.org - - pkgs.fedoraproject.org - - proxy01.fedoraproject.org - - proxy10.fedoraproject.org - - secondary01.fedoraproject.org -# -# This is a list of hosts which are in the IAD2 160 mgmt network -# we do not have them in ansible because it tries to connect -# and they don't do ansible -# -iad2_management_hosts: - - autosign02.mgmt.iad2.fedoraproject.org - - backup01.mgmt.iad2.fedoraproject.org - - bkernel01.mgmt.iad2.fedoraproject.org - - bkernel02.mgmt.iad2.fedoraproject.org - - bvmhost-a64-01.mgmt.iad2.fedoraproject.org. - - bvmhost-a64-02.mgmt.iad2.fedoraproject.org. - - bvmhost-a64-03.mgmt.iad2.fedoraproject.org. - - bvmhost-a64-04.mgmt.iad2.fedoraproject.org. - - bvmhost-p09-01.mgmt.iad2.fedoraproject.org. - - bvmhost-p09-02.mgmt.iad2.fedoraproject.org. - - bvmhost-p09-03.mgmt.iad2.fedoraproject.org. - - bvmhost-p09-04.mgmt.iad2.fedoraproject.org. - - bvmhost-x86-01.mgmt.iad2.fedoraproject.org - - bvmhost-x86-02.mgmt.iad2.fedoraproject.org - - bvmhost-x86-03.mgmt.iad2.fedoraproject.org - - bvmhost-x86-04.mgmt.iad2.fedoraproject.org - - bvmhost-x86-05.mgmt.iad2.fedoraproject.org - - bvmhost-x86-06.mgmt.iad2.fedoraproject.org - - bvmhost-x86-07.mgmt.iad2.fedoraproject.org - - dell-fx01-fc01.mgmt.iad2.fedoraproject.org - - dell-fx01-fc02.mgmt.iad2.fedoraproject.org - - dell-fx01-fc03.mgmt.iad2.fedoraproject.org - - dell-fx01-fc04.mgmt.iad2.fedoraproject.org - - dell-fx01-fc05.mgmt.iad2.fedoraproject.org - - dell-fx01-fc06.mgmt.iad2.fedoraproject.org - - dell-fx01-fc07.mgmt.iad2.fedoraproject.org - - dell-fx01-fc08.mgmt.iad2.fedoraproject.org - - dell-fx01.mgmt.iad2.fedoraproject.org - - dell-fx02-fc01.mgmt.iad2.fedoraproject.org - - dell-fx02-fc02.mgmt.iad2.fedoraproject.org - - dell-fx02-fc03.mgmt.iad2.fedoraproject.org - - dell-fx02-fc04.mgmt.iad2.fedoraproject.org - - dell-fx02-fc05.mgmt.iad2.fedoraproject.org - - dell-fx02-fc06.mgmt.iad2.fedoraproject.org - - dell-fx02-fc07.mgmt.iad2.fedoraproject.org - - dell-fx02-fc08.mgmt.iad2.fedoraproject.org - - dell-fx02.mgmt.iad2.fedoraproject.org - - openqa-a64-worker01.mgmt.iad2.fedoraproject.org - - openqa-a64-worker02.mgmt.iad2.fedoraproject.org - - openqa-a64-worker03.mgmt.iad2.fedoraproject.org - - openqa-p09-worker01.mgmt.iad2.fedoraproject.org - - openqa-p09-worker02.mgmt.iad2.fedoraproject.org - - openqa-x86-worker01.mgmt.iad2.fedoraproject.org - - openqa-x86-worker02.mgmt.iad2.fedoraproject.org - - openqa-x86-worker03.mgmt.iad2.fedoraproject.org - - openqa-x86-worker04.mgmt.iad2.fedoraproject.org - - openqa-x86-worker05.mgmt.iad2.fedoraproject.org - - openqa-x86-worker06.mgmt.iad2.fedoraproject.org - - qvmhost-x86-01.mgmt.iad2.fedoraproject.org - - qvmhost-x86-02.mgmt.iad2.fedoraproject.org - - sign-vault01.mgmt.iad2.fedoraproject.org - - sign-vault02.mgmt.iad2.fedoraproject.org - - vmhost-x86-01.mgmt.iad2.fedoraproject.org - - vmhost-x86-02.mgmt.iad2.fedoraproject.org - - vmhost-x86-03.mgmt.iad2.fedoraproject.org - - vmhost-x86-04.mgmt.iad2.fedoraproject.org - - vmhost-x86-05.mgmt.iad2.fedoraproject.org - - vmhost-x86-06.mgmt.iad2.fedoraproject.org - - vmhost-x86-08.mgmt.iad2.fedoraproject.org - - bvmhost-a64-01-stg.mgmt.iad2.fedoraproject.org - - bvmhost-x86-01-stg.mgmt.iad2.fedoraproject.org - - bvmhost-x86-02-stg.mgmt.iad2.fedoraproject.org - - bvmhost-x86-03-stg.mgmt.iad2.fedoraproject.org - - bvmhost-x86-05-stg.mgmt.iad2.fedoraproject.org - - vmhost-x86-01-stg.mgmt.iad2.fedoraproject.org - - vmhost-x86-02-stg.mgmt.iad2.fedoraproject.org - - vmhost-x86-05-stg.mgmt.iad2.fedoraproject.org - - vmhost-x86-06-stg.mgmt.iad2.fedoraproject.org - - vmhost-x86-07-stg.mgmt.iad2.fedoraproject.org - - vmhost-x86-08-stg.mgmt.iad2.fedoraproject.org - - vmhost-x86-09-stg.mgmt.iad2.fedoraproject.org - - vmhost-x86-11-stg.mgmt.iad2.fedoraproject.org - - vmhost-x86-12-stg.mgmt.iad2.fedoraproject.org - - worker01.mgmt.iad2.fedoraproject.org - - worker02.mgmt.iad2.fedoraproject.org - - worker03.mgmt.iad2.fedoraproject.org - - worker04.mgmt.iad2.fedoraproject.org - - worker05.mgmt.iad2.fedoraproject.org - - worker06.mgmt.iad2.fedoraproject.org - - worker01-stg.mgmt.iad2.fedoraproject.org - - worker02-stg.mgmt.iad2.fedoraproject.org - - worker03-stg.mgmt.iad2.fedoraproject.org - - worker04-stg.mgmt.iad2.fedoraproject.org - - worker05-stg.mgmt.iad2.fedoraproject.org -# -# These are management interfaces we only want -# to test ping against. No http/https -# -iad2_management_limited: - - opengear01.mgmt.iad2.fedoraproject.org -ipa_client_shell_groups: - - sysadmin-noc - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-noc -ipa_host_group: nagios -ipa_host_group_desc: Nagios Monitoring -lvm_size: 20000 -mem_size: 2048 -num_cpus: 2 -primary_auth_source: ipa -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [80, 443] - -notes: Monitoring system diff --git a/inventory/group_vars/nagios-phx b/inventory/group_vars/nagios-phx new file mode 100644 index 0000000000..70763e7920 --- /dev/null +++ b/inventory/group_vars/nagios-phx @@ -0,0 +1,11 @@ +--- +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443 ] + +fas_client_groups: sysadmin-noc diff --git a/inventory/group_vars/nfs_servers b/inventory/group_vars/nfs_servers deleted file mode 100644 index f1aa44b169..0000000000 --- a/inventory/group_vars/nfs_servers +++ /dev/null @@ -1,8 +0,0 @@ ---- -ipa_client_shell_groups: - - sysadmin-copr - - sysadmin-noc -ipa_client_sudo_groups: - - sysadmin-copr - - sysadmin-noc -ipa_host_group: vmhost-copr diff --git a/inventory/group_vars/noc_rdu_cc b/inventory/group_vars/noc_rdu_cc deleted file mode 100644 index 2c4d7ed7bd..0000000000 --- a/inventory/group_vars/noc_rdu_cc +++ /dev/null @@ -1,11 +0,0 @@ ---- -deployment_type: prod -ipa_client_shell_groups: - - sysadmin-noc - - sysadmin-veteran - - sysadmin-copr -ipa_client_sudo_groups: - - sysadmin-noc -ipa_host_group: NocRduCC -ipa_host_group_desc: Rdu CC noc -notes: dhcp and pxe server for rdu-cc diff --git a/inventory/group_vars/notifs b/inventory/group_vars/notifs deleted file mode 100644 index 5e5d8b3e1d..0000000000 --- a/inventory/group_vars/notifs +++ /dev/null @@ -1,11 +0,0 @@ ---- -ipa_client_shell_groups: - - sysadmin-datanommer - - sysadmin-noc - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-datanommer - - sysadmin-noc -ipa_host_group: notifs -ipa_host_group_desc: Fedora Notifications -primary_auth_source: ipa diff --git a/inventory/group_vars/notifs-backend b/inventory/group_vars/notifs-backend new file mode 100644 index 0000000000..f3b0cab943 --- /dev/null +++ b/inventory/group_vars/notifs-backend @@ -0,0 +1,21 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 3000, 3001, 3002, 3003 ] + +fas_client_groups: sysadmin-noc,sysadmin-datanommer + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: fmn + owner: root + group: fedmsg diff --git a/inventory/group_vars/notifs-backend-stg b/inventory/group_vars/notifs-backend-stg new file mode 100644 index 0000000000..6fa5d88c13 --- /dev/null +++ b/inventory/group_vars/notifs-backend-stg @@ -0,0 +1,21 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 3000, 3001, 3002, 3003 ] + +fas_client_groups: sysadmin-noc,sysadmin-datanommer + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: fmn + owner: root + group: fedmsg diff --git a/inventory/group_vars/notifs-web b/inventory/group_vars/notifs-web new file mode 100644 index 0000000000..56a3e692fb --- /dev/null +++ b/inventory/group_vars/notifs-web @@ -0,0 +1,24 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +fas_client_groups: sysadmin-noc,sysadmin-datanommer + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: fmn + owner: root + group: apache diff --git a/inventory/group_vars/notifs-web-stg b/inventory/group_vars/notifs-web-stg new file mode 100644 index 0000000000..56a3e692fb --- /dev/null +++ b/inventory/group_vars/notifs-web-stg @@ -0,0 +1,24 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +fas_client_groups: sysadmin-noc,sysadmin-datanommer + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: fmn + owner: root + group: apache diff --git a/inventory/group_vars/notifs_backend b/inventory/group_vars/notifs_backend deleted file mode 100644 index 5c8742d48d..0000000000 --- a/inventory/group_vars/notifs_backend +++ /dev/null @@ -1,11 +0,0 @@ ---- -# Define resources for this group of hosts here. -deployment_type: prod -# For performance measurement.. for now. This can be removed whenever. -lvm_size: 65536 -max_mem_size: "{{ mem_size }}" -mem_size: 24576 -num_cpus: 8 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [3000, 3001, 3002, 3003, 3004, 3005] diff --git a/inventory/group_vars/notifs_backend_stg b/inventory/group_vars/notifs_backend_stg deleted file mode 100644 index 4878a9dc8b..0000000000 --- a/inventory/group_vars/notifs_backend_stg +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Define resources for this group of hosts here. -deployment_type: stg -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-veteran - - sysadmin-web -ipa_client_sudo_groups: - - sysadmin-web -lvm_size: 20000 -max_mem_size: "{{ mem_size }}" -mem_size: 16384 -num_cpus: 4 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [3000, 3001, 3002, 3003, 3004] diff --git a/inventory/group_vars/notifs_stg b/inventory/group_vars/notifs_stg deleted file mode 100644 index 5585ae79a5..0000000000 --- a/inventory/group_vars/notifs_stg +++ /dev/null @@ -1,11 +0,0 @@ ---- -ipa_client_shell_groups: - - sysadmin-datanommer - - sysadmin-noc - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-datanommer - - sysadmin-noc - - sysadmin-veteran -ipa_host_group: notifs -ipa_host_group_desc: Fedora Notifications diff --git a/inventory/group_vars/notifs_web b/inventory/group_vars/notifs_web deleted file mode 100644 index efd729a89a..0000000000 --- a/inventory/group_vars/notifs_web +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Define resources for this group of hosts here. -deployment_type: prod -lvm_size: 20000 -mem_size: 1024 -num_cpus: 2 -tcp_ports: [80] -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -wsgi_fedmsg_service: fmn -wsgi_procs: 2 -wsgi_threads: 2 diff --git a/inventory/group_vars/notifs_web_stg b/inventory/group_vars/notifs_web_stg deleted file mode 100644 index f508695e0e..0000000000 --- a/inventory/group_vars/notifs_web_stg +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Define resources for this group of hosts here. -deployment_type: stg -lvm_size: 20000 -mem_size: 1024 -num_cpus: 2 -tcp_ports: [80] -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -wsgi_fedmsg_service: fmn -wsgi_procs: 2 -wsgi_threads: 2 diff --git a/inventory/group_vars/nuancier b/inventory/group_vars/nuancier new file mode 100644 index 0000000000..2327a34357 --- /dev/null +++ b/inventory/group_vars/nuancier @@ -0,0 +1,26 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, + # This port is required by gluster + 6996, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +fas_client_groups: sysadmin-noc,sysadmin-web + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: nuancier + owner: root + group: apache diff --git a/inventory/group_vars/nuancier-stg b/inventory/group_vars/nuancier-stg new file mode 100644 index 0000000000..a44616345b --- /dev/null +++ b/inventory/group_vars/nuancier-stg @@ -0,0 +1,26 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, + # This port is required by gluster + 6996, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +fas_client_groups: sysadmin-noc,sysadmin-web + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: nuancier + owner: root + group: apache diff --git a/inventory/group_vars/oci_registry b/inventory/group_vars/oci_registry deleted file mode 100644 index 78f30a0008..0000000000 --- a/inventory/group_vars/oci_registry +++ /dev/null @@ -1,10 +0,0 @@ ---- -ipa_client_shell_groups: - - sysadmin-releng -ipa_client_sudo_groups: - - sysadmin-releng -ipa_host_group: oci-registry -ipa_host_group_desc: OCI Registry service -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" -primary_auth_source: ipa -tcp_ports: [5000] diff --git a/inventory/group_vars/oci_registry_stg b/inventory/group_vars/oci_registry_stg deleted file mode 100644 index c572c30b13..0000000000 --- a/inventory/group_vars/oci_registry_stg +++ /dev/null @@ -1,9 +0,0 @@ ---- -ipa_client_shell_groups: - - sysadmin-releng -ipa_client_sudo_groups: - - sysadmin-releng -ipa_host_group: oci-registry -ipa_host_group_desc: OCI Registry service -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" -tcp_ports: [5000] diff --git a/inventory/group_vars/ocp b/inventory/group_vars/ocp deleted file mode 100644 index 10d31cce3d..0000000000 --- a/inventory/group_vars/ocp +++ /dev/null @@ -1,8 +0,0 @@ ---- -nagios_Check_Services: - mail: false - nrpe: false - swap: false -ocp4: true -rhcos_version: 4.18.17 -vpn: false diff --git a/inventory/group_vars/ocp_stg b/inventory/group_vars/ocp_stg deleted file mode 100644 index 8d5a086ae5..0000000000 --- a/inventory/group_vars/ocp_stg +++ /dev/null @@ -1,8 +0,0 @@ ---- -nagios_Check_Services: - mail: false - nrpe: false - swap: false -ocp4: true -rhcos_version: 4.8.2 -vpn: false diff --git a/inventory/group_vars/openqa b/inventory/group_vars/openqa deleted file mode 100644 index 1860fe506d..0000000000 --- a/inventory/group_vars/openqa +++ /dev/null @@ -1,34 +0,0 @@ -# this is to enable nested virt, which we need for disk image creation -deployment_type: prod -external_hostname: openqa.fedoraproject.org -freezes: false -# AMQP publisher/listener-related stuff -openqa_amqp_this_cacertfile: "{{ openqa_amqp_prod_cacertfile }}" -openqa_amqp_this_certfile: "{{ openqa_amqp_prod_certfile }}" -openqa_amqp_this_keyfile: "{{ openqa_amqp_prod_keyfile }}" -openqa_amqp_this_url: "{{ openqa_amqp_prod_url }}" -openqa_amqp_this_username: "{{ openqa_amqp_prod_username }}" -openqa_amqp_scheduler_queue: "{{ openqa_amqp_prod_username }}_scheduler" - -# auth stuff -openqa_auth_method: OAuth2 -openqa_oauth2_secret: "{{ openqa_prod_oidc_secret }}" - -openqa_compose_arches: x86_64,aarch64 -openqa_dbname: openqa -openqa_dbpassword: "{{ prod_openqa_dbpassword }}" -openqa_dbuser: openqa -openqa_env: production -openqa_env_suffix: -openqa_key: "{{ prod_openqa_apikey }}" -# all our workers need NFS access -openqa_nfs_workers: "{{ groups['openqa_workers'] }}" -openqa_resultsdb_url: https://resultsdb.fedoraproject.org/api/v2.0/ -openqa_resultsdb_user: "{{ prod_resultsdb_httpd_user }}" -openqa_resultsdb_password: "{{ prod_resultsdb_httpd_password }}" -openqa_secret: "{{ prod_openqa_apisecret }}" -openqa_update_arches: ['aarch64', 'x86_64'] -openqa_webapi_plugins: FedoraMessaging -openqa_wikitcms_hostname: fedoraproject.org -virt_install_command: "{{ virt_install_command_one_nic }} --cpu=host-passthrough,+vmx" -wikitcms_token: "{{ private }}/files/openidc/production/wikitcms.json" diff --git a/inventory/group_vars/openqa_all_common b/inventory/group_vars/openqa_all_common deleted file mode 100644 index 45a621e901..0000000000 --- a/inventory/group_vars/openqa_all_common +++ /dev/null @@ -1,9 +0,0 @@ -# here we keep variables that are used on all openQA boxes, servers -# and workers, prod and lab. - -# this is UID and GID of geekotest on the server (the user openQA -# runs as). The asset dirs are owned by this user and group. We also -# create geekotest on the workers with this GID and add _openqa-worker -# to that group, so os-autoinst can write to the asset dirs, which it -# needs to do when uncompressing compressed disk assets. -openqa_static_uid: 601 diff --git a/inventory/group_vars/openqa_hdds_workers b/inventory/group_vars/openqa_hdds_workers deleted file mode 100644 index f7aaf2b68e..0000000000 --- a/inventory/group_vars/openqa_hdds_workers +++ /dev/null @@ -1 +0,0 @@ -openqa_hdds_worker: true diff --git a/inventory/group_vars/openqa_lab b/inventory/group_vars/openqa_lab deleted file mode 100644 index f2344c7782..0000000000 --- a/inventory/group_vars/openqa_lab +++ /dev/null @@ -1,53 +0,0 @@ -# This setup is a bit out of the ordinary for a staging system. As the openqa -# scheduler needs up-to-date information from the wiki and koji, it doesn't -# work well as a proper staging host. -# -# We decided to keep it a pseudo-staging host that will get new versions of -# openqa first and will be a staging host for most intensive purposes but from -# a firewall rule POV, it will be a staging-friendly production host -# -# it should still be using the stg proxies and the external hostname will still -# be stg.fedoraproject.org - -# this is to enable nested virt, which we need for disk image creation -virt_install_command: "{{ virt_install_command_one_nic }} --cpu=host-passthrough,+vmx" - -deployment_type: stg -external_hostname: openqa.stg.fedoraproject.org -freezes: false - -# AMQP publisher/listener-related stuff -openqa_amqp_this_cacertfile: "{{ openqa_amqp_stg_cacertfile }}" -openqa_amqp_this_certfile: "{{ openqa_amqp_stg_certfile }}" -openqa_amqp_this_keyfile: "{{ openqa_amqp_stg_keyfile }}" -openqa_amqp_this_url: "{{ openqa_amqp_stg_url }}" -openqa_amqp_this_username: "{{ openqa_amqp_stg_username }}" -openqa_amqp_scheduler_queue: "{{ openqa_amqp_prod_username }}_scheduler_stg" - -# auth stuff -openqa_auth_method: OAuth2 -openqa_oauth2_secret: "{{ openqa_stg_oidc_secret }}" - -openqa_assetsize_updates_aarch64: 50 -openqa_assetsize_ppc: 300 -openqa_assetsize_updates_ppc: 100 -openqa_compose_arches: x86_64,aarch64,ppc64le -openqa_dbname: openqa-stg -openqa_dbpassword: "{{ stg_openqa_dbpassword }}" -openqa_dbuser: openqastg -openqa_env: staging -openqa_env_suffix: .stg -openqa_key: "{{ stg_openqa_apikey }}" -# all our workers need NFS access -openqa_nfs_workers: "{{ groups['openqa_lab_workers'] }}" -# install openQA from updates-testing - this is staging, we live -# ON THE EDGE (radical guitar riff) -openqa_repo: updates-testing -openqa_resultsdb_url: https://resultsdb.stg.fedoraproject.org/api/v2.0/ -openqa_resultsdb_user: "{{ stg_resultsdb_httpd_user }}" -openqa_resultsdb_password: "{{ stg_resultsdb_httpd_password }}" -openqa_secret: "{{ stg_openqa_apisecret }}" -openqa_update_arches: ['aarch64', 'x86_64', 'ppc64le'] -openqa_webapi_plugins: FedoraMessaging -openqa_wikitcms_hostname: stg.fedoraproject.org -wikitcms_token: "{{ private }}/files/openidc/staging/wikitcms.json" diff --git a/inventory/group_vars/openqa_lab_workers b/inventory/group_vars/openqa_lab_workers deleted file mode 100644 index b4dd1a7d6b..0000000000 --- a/inventory/group_vars/openqa_lab_workers +++ /dev/null @@ -1,29 +0,0 @@ -deployment_type: stg -freezes: false -gw: 10.3.174.254 -ipa_client_shell_groups: - - sysadmin-qa -ipa_client_sudo_groups: - - sysadmin-qa -ipa_host_group: openqa-lab-workers -ipa_host_group_desc: OpenQA Lab worker hosts -nftables: true -openqa_env: staging -openqa_env_prefix: stg- -# this is because openqa staging isn't really a staging host -# we don't want to set env_suffix to stg on it because that may -# break some other plays, but we do need the env suffix for the -# fedora-messaging bits, so let's make our own -openqa_env_suffix: .stg -openqa_hostname: openqa-lab01.iad2.fedoraproject.org -openqa_key: "{{ stg_openqa_apikey }}" -# we are all NFS workers for now at least -openqa_nfs_worker: true -# install openQA and os-autoinst from updates-testing - this is -# staging, we live ON THE EDGE (radical guitar riff) -openqa_repo: updates-testing -openqa_secret: "{{ stg_openqa_apisecret }}" -openqa_workers: 4 -primary_auth_source: ipa -# all worker hosts should be encrypted as of 2024-10 redeployment -openqa_nbde: true diff --git a/inventory/group_vars/openqa_onebox_test b/inventory/group_vars/openqa_onebox_test deleted file mode 100644 index 483d3611b0..0000000000 --- a/inventory/group_vars/openqa_onebox_test +++ /dev/null @@ -1,83 +0,0 @@ -# This setup is a bit out of the ordinary for a staging system. As the openqa -# scheduler needs up-to-date information from the wiki and koji, it doesn't -# work well as a proper staging host. -# -# We decided to keep it a pseudo-staging host that will get new versions of -# openqa first and will be a staging host for most intensive purposes but from -# a firewall rule POV, it will be a staging-friendly production host -# -# it should still be using the stg proxies and the external hostname will still -# be stg.fedoraproject.org - -# this is to enable nested virt, which we need for disk image creation -virt_install_command: "{{ virt_install_command_one_nic }} --cpu=host-passthrough,+vmx" - -deployment_type: stg -# this won't really work, there's not going to be any way to get at -# the webui from outside the box, but we gotta set it to something -external_hostname: openqa.oneboxtest.fedoraproject.org -freezes: false -gw: 10.3.174.254 - -# we need this bigger on stg to handle Rawhide updates, if we enable -# Rawhide update testing in prod we can just move this to servers_common -openqa_assetsize_updates: 260 -openqa_compose_arches: x86_64 -openqa_dbname: openqa-onebox -openqa_dbpassword: "{{ stg_openqa_dbpassword }}" -openqa_dbuser: openqastg -openqa_dbhost: localhost -openqa_dbhost_delegate: "{{ inventory_hostname }}" -openqa_env: staging -openqa_env_prefix: stg- -# this is because openqa staging isn't really a staging host -# we don't want to set env_suffix to stg on it because that may -# break some other plays, but we do need the env suffix for the -# fedora-messaging bits, so let's make our own -openqa_env_suffix: .stg -openqa_key: "{{ stg_openqa_apikey }}" -# install openQA from updates-testing - this is staging, we live -# ON THE EDGE (radical guitar riff) -openqa_repo: updates-testing -openqa_secret: "{{ stg_openqa_apisecret }}" -openqa_update_arches: ['x86_64'] - -# copied from openqa_servers_common, we don't want everything from there though -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-qa - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-qa -ipa_host_group: openqa-servers -ipa_host_group_desc: OpenQA servers -# we need this for all our fedora-messaging consumers as they are not -# allowed to create queues on the infra AMQP broker, by broker config -openqa_amqp_passive: true -openqa_amqp_publisher_exchange: "amq.topic" -openqa_amqp_publisher_cacertfile: "/etc/fedora-messaging/{{ openqa_env_prefix }}cacert.pem" -openqa_amqp_publisher_certfile: "/etc/pki/fedora-messaging/openqa{{ openqa_env_suffix }}-cert.pem" -openqa_amqp_publisher_keyfile: "/etc/pki/fedora-messaging/openqa{{ openqa_env_suffix }}-key.pem" -openqa_amqp_scheduler_cert: /etc/pki/fedora-messaging/openqa-cert.pem -openqa_amqp_scheduler_key: /etc/pki/fedora-messaging/openqa-key.pem -openqa_amqp_scheduler_queue: "openqa{{ openqa_env_suffix }}_scheduler" -openqa_amqp_scheduler_routing_keys: ["org.fedoraproject.prod.pungi.compose.status.change", "org.fedoraproject.prod.bodhi.update.status.testing.koji-build-group.build.complete", "org.fedoraproject.prod.coreos.build.state.change"] -openqa_amqp_scheduler_url: "amqps://openqa:@rabbitmq.fedoraproject.org/%2Fpubsub" -openqa_amqp_smtp: bastion -openqa_assetsize: 500 -openqa_email: adamwill@fedoraproject.org -openqa_fullname: Adam Williamson -openqa_hostname: localhost -openqa_nickname: adamwill -openqa_userid: http://adamwill.id.fedoraproject.org/ -primary_auth_source: ipa -# http and NFS -tcp_ports: [80, 2049] - -# from openqa_lab_workers -openqa_nfs_worker: false -openqa_workers: 4 - -# let's not do this -openqa_amqp_publisher_url: "" diff --git a/inventory/group_vars/openqa_servers_common b/inventory/group_vars/openqa_servers_common deleted file mode 100644 index d1820b5555..0000000000 --- a/inventory/group_vars/openqa_servers_common +++ /dev/null @@ -1,88 +0,0 @@ -## DO NOT SORT THIS FILE ALPHABETICALLY! IT IS ORGANIZED BY TOPIC AREA! - -# here we keep variables that are the same between prod and lab -# openQA servers. these are mostly things that are set as variables -# in the plays so we can change them over time and also so the plays -# can be used for non-infra deployments. -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-qa - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-qa -ipa_host_group: openqa-servers -ipa_host_group_desc: OpenQA servers - -# fedora-messaging email error reporting settings -openqa_amqp_mailto: ["adamwill@fedoraproject.org", "lruzicka@fedoraproject.org"] - -# fedora-messaging general settings -# we need this for all our fedora-messaging consumers as they are not -# allowed to create queues on the infra AMQP broker, by broker config -openqa_amqp_passive: true -openqa_amqp_publisher_exchange: "amq.topic" -openqa_amqp_smtp: bastion - -# fedora-messaging identity and certificate settings -openqa_amqp_prod_cacertfile: "/etc/fedora-messaging/cacert.pem" -openqa_amqp_prod_certfile: "/etc/pki/fedora-messaging/{{ openqa_amqp_prod_username }}-cert.pem" -openqa_amqp_prod_keyfile: "/etc/pki/fedora-messaging/{{ openqa_amqp_prod_username }}-key.pem" -openqa_amqp_prod_url: "amqps://{{ openqa_amqp_prod_username }}:@rabbitmq.fedoraproject.org/%2Fpubsub" -openqa_amqp_prod_username: "openqa" -openqa_amqp_stg_cacertfile: "/etc/fedora-messaging/stg-cacert.pem" -openqa_amqp_stg_certfile: "/etc/pki/fedora-messaging/{{ openqa_amqp_stg_username }}-cert.pem" -openqa_amqp_stg_keyfile: "/etc/pki/fedora-messaging/{{ openqa_amqp_stg_username }}-key.pem" -openqa_amqp_stg_url: "amqps://{{ openqa_amqp_stg_username }}:@rabbitmq.stg.fedoraproject.org/%2Fpubsub" -openqa_amqp_stg_username: "openqa.stg" - -# the "this" variables used hereafter are defined in the non-generic group_vars -# files as pointers back to the appropriate ones above. we have this setup -# because sometimes the stg deployment needs to listen on prod, -# so sometimes we use the "this" vars and sometimes we just use the prod ones. - -# fedora-messaging publisher settings (for openQA itself) -openqa_amqp_publisher_cacertfile: "{{ openqa_amqp_this_cacertfile }}" -openqa_amqp_publisher_certfile: "{{ openqa_amqp_this_certfile }}" -openqa_amqp_publisher_keyfile: "{{ openqa_amqp_this_keyfile }}" -openqa_amqp_publisher_prefix: org.fedoraproject.{{ deployment_type }} -openqa_amqp_publisher_url: "{{ openqa_amqp_this_url }}" - -# fedora-messaging job scheduler settings: most of these are the same -# for prod and stg as they use the same account to listen for prod -# messages on prod rabbitmq. Only the queue names differs. -openqa_amqp_scheduler_cert: "{{ openqa_amqp_prod_certfile }}" -openqa_amqp_scheduler_key: "{{ openqa_amqp_prod_keyfile }}" -openqa_amqp_scheduler_routing_keys: ["org.fedoraproject.prod.pungi.compose.status.change", "org.fedoraproject.prod.bodhi.update.status.testing.koji-build-group.build.complete", "org.fedoraproject.prod.coreos.build.state.change"] -openqa_amqp_scheduler_url: "{{ openqa_amqp_prod_url }}" - -# fedora-messaging reporter settings (for both wiki/resultsdb reporters) -openqa_amqp_reporter_cacert: "{{ openqa_amqp_this_cacertfile }}" -openqa_amqp_reporter_cert: "{{ openqa_amqp_this_certfile }}" -openqa_amqp_reporter_key: "{{ openqa_amqp_this_keyfile }}" -openqa_amqp_reporter_url: "{{ openqa_amqp_this_url }}" - -# fedora-messaging resultsdb reporter settings -openqa_amqp_resultsdb_reporter_queue: "{{ openqa_amqp_this_username }}_resultsdb_reporter" -openqa_amqp_resultsdb_reporter_routing_keys: - - "org.fedoraproject.{{ deployment_type }}.openqa.job.done" - - "org.fedoraproject.{{ deployment_type }}.openqa.job.create" - - "org.fedoraproject.{{ deployment_type }}.openqa.job.restart" - -# fedora-messaging wiki reporter settings -openqa_amqp_wiki_reporter_queue: "{{ openqa_amqp_this_username }}_wiki_reporter" -openqa_amqp_wiki_reporter_routing_keys: ["org.fedoraproject.{{ deployment_type }}.openqa.job.done"] - -openqa_assetsize: 500 -openqa_assetsize_aarch64: 350 -openqa_assetsize_updates: 250 -# stg and prod use the same database server -openqa_dbhost: db-openqa01.iad2.fedoraproject.org -openqa_email: adamwill@fedoraproject.org -openqa_fullname: Adam Williamson -openqa_hostname: localhost -openqa_nickname: adamwill -openqa_userid: http://adamwill.id.fedoraproject.org/ -primary_auth_source: ipa -# http and NFS -tcp_ports: [80, 2049] diff --git a/inventory/group_vars/openqa_tap12_workers b/inventory/group_vars/openqa_tap12_workers deleted file mode 100644 index c5a19cb7e5..0000000000 --- a/inventory/group_vars/openqa_tap12_workers +++ /dev/null @@ -1 +0,0 @@ -openqa_tap: tap,tap2 diff --git a/inventory/group_vars/openqa_tap1_workers b/inventory/group_vars/openqa_tap1_workers deleted file mode 100644 index 5ae0f2366f..0000000000 --- a/inventory/group_vars/openqa_tap1_workers +++ /dev/null @@ -1 +0,0 @@ -openqa_tap: tap diff --git a/inventory/group_vars/openqa_tap2_workers b/inventory/group_vars/openqa_tap2_workers deleted file mode 100644 index ce151e66c4..0000000000 --- a/inventory/group_vars/openqa_tap2_workers +++ /dev/null @@ -1 +0,0 @@ -openqa_tap: tap2 diff --git a/inventory/group_vars/openqa_tap_workers b/inventory/group_vars/openqa_tap_workers deleted file mode 100644 index ca322db3e0..0000000000 --- a/inventory/group_vars/openqa_tap_workers +++ /dev/null @@ -1,16 +0,0 @@ -# firewall rules to allow openQA openvswitch guests to communicate -# uses interface definition from host vars -custom_rules: ['-A FORWARD -i br0 -j ACCEPT', '-A FORWARD -m state -i {{ openqa_tap_iface }} -o br0 --state RELATED,ESTABLISHED -j ACCEPT', '-A INPUT -i br0 -j ACCEPT'] -nft_custom_rules: - - 'add rule ip filter FORWARD iifname "br0" counter accept' - - 'add rule ip filter FORWARD iifname "{{ openqa_tap_iface }}" oifname "br0" ct state related,established counter accept' - - 'add rule ip filter INPUT iifname "br0" counter accept' -# for iptables rules...maybe other stuff in future? both staging -# and prod workers are in this group -host_group: openqa-tap-workers -nat_rules: [ - # masquerade for openQA openvswitch workers to reach the outside - '-A POSTROUTING -o {{ openqa_tap_iface }} -j MASQUERADE'] -nft_nat_rules: [ - # masquerade for openQA openvswitch workers to reach the outside - 'add rule ip nat POSTROUTING oifname "{{ openqa_tap_iface }}" counter masquerade'] diff --git a/inventory/group_vars/openqa_workers b/inventory/group_vars/openqa_workers deleted file mode 100644 index 8543c80596..0000000000 --- a/inventory/group_vars/openqa_workers +++ /dev/null @@ -1,26 +0,0 @@ -deployment_type: prod -freezes: false -gw: 10.5.124.254 -ipa_client_shell_groups: - - sysadmin-qa -ipa_client_sudo_groups: - - sysadmin-qa -ipa_host_group: openqa-workers -ipa_host_group_desc: OpenQA worker hosts -nftables: true -openqa_env: production -openqa_env_prefix: -# this is because openqa staging isn't really a staging host -# we don't want to set env_suffix to stg on it because that may -# break some other plays, but we do need the env suffix for the -# fedora-messaging bits, so let's make our own -openqa_env_suffix: -openqa_hostname: openqa01.iad2.fedoraproject.org -openqa_key: "{{ prod_openqa_apikey }}" -# we are all NFS workers for now at least -openqa_nfs_worker: true -openqa_secret: "{{ prod_openqa_apisecret }}" -openqa_workers: 4 -primary_auth_source: ipa -# all worker hosts should be encrypted as of 2024-10 redeployment -openqa_nbde: true diff --git a/inventory/group_vars/openstack_compute b/inventory/group_vars/openstack_compute deleted file mode 100644 index be836c8918..0000000000 --- a/inventory/group_vars/openstack_compute +++ /dev/null @@ -1,5 +0,0 @@ ---- -baseiptables: False -host_group: openstack-compute -nrpe_procs_crit: 1200 -nrpe_procs_warn: 1100 diff --git a/inventory/group_vars/os_control b/inventory/group_vars/os_control deleted file mode 100644 index ed97d539c0..0000000000 --- a/inventory/group_vars/os_control +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/inventory/group_vars/os_control_stg b/inventory/group_vars/os_control_stg deleted file mode 100644 index ed97d539c0..0000000000 --- a/inventory/group_vars/os_control_stg +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/inventory/group_vars/os_proxies b/inventory/group_vars/os_proxies deleted file mode 100644 index 97579daf6a..0000000000 --- a/inventory/group_vars/os_proxies +++ /dev/null @@ -1,24 +0,0 @@ ---- -custom_rules: [ - # Needed for keepalived - '-A INPUT -d 224.0.0.0/8 -j ACCEPT', '-A INPUT -p vrrp -j ACCEPT', - # machinectl api - '-A INPUT -p tcp --dport 22623 --src 38.145.48.0/27 -j ACCEPT'] -nft_custom_rules: - # Needed for keepalived - - 'add rule ip filter INPUT ip daddr 224.0.0.0/8 counter accept' - - 'add rule ip filter INPUT ip protocol vrrp counter accept' - # machinectl api - - 'add rule ip filter INPUT ip saddr 38.145.48.0/27 tcp dport 22623 counter accept' -datacenter: cloud -host_group: cloud -lvm_size: 20000 -mem_size: 8192 -num_cpus: 4 -tcp_ports: [ - # For os routers - 80, 443, - # For ks8 api - 6443, - # For haproxy status - 8080] diff --git a/inventory/group_vars/packages b/inventory/group_vars/packages new file mode 100644 index 0000000000..6a058c0730 --- /dev/null +++ b/inventory/group_vars/packages @@ -0,0 +1,28 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 100000 +mem_size: 8192 +num_cpus: 4 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, + # This is for glusterd + 6996, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-web + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + +freezes: false diff --git a/inventory/group_vars/packages-stg b/inventory/group_vars/packages-stg new file mode 100644 index 0000000000..26676f13cc --- /dev/null +++ b/inventory/group_vars/packages-stg @@ -0,0 +1,24 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 80000 +mem_size: 4096 +num_cpus: 4 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-web + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin diff --git a/inventory/group_vars/pagure b/inventory/group_vars/pagure deleted file mode 100644 index 057dbea606..0000000000 --- a/inventory/group_vars/pagure +++ /dev/null @@ -1,79 +0,0 @@ ---- -# Define resources for this group of hosts here. -# Block some ips that are using too mauch resources -custom_rules: [ - '-A INPUT -s 81.69.171.38/32 -j REJECT', - '-A INPUT -s 175.24.248.206/32 -j REJECT', - '-A INPUT -s 47.76.209.138/32 -j REJECT', - '-A INPUT -s 47.76.99.127/32 -j REJECT' -] -nft_block_rules: - - 'add rule ip filter INPUT ip saddr 81.69.171.38 counter reject' - - 'add rule ip filter INPUT ip saddr 175.24.248.206 counter reject' - - 'add rule ip filter INPUT ip saddr 47.76.0.0/14 counter reject' - - 'add rule ip filter INPUT ip saddr 47.80.0.0/13 counter reject' - - 'add rule ip filter INPUT ip saddr 47.74.0.0/15 counter reject' - - 'add rule ip filter INPUT ip saddr 66.249.64.0/24 counter reject' - - 'add rule ip filter INPUT ip saddr 43.134.64.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.134.0.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.134.224.0/19 counter reject' - - 'add rule ip filter INPUT ip saddr 43.159.41.0/24 counter reject' - - 'add rule ip filter INPUT ip saddr 43.163.8.0/24 counter reject' - - 'add rule ip filter INPUT ip saddr 43.128.64.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.156.0.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.128.64.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.133.32.0/19 counter reject' - - 'add rule ip filter INPUT ip saddr 43.134.128.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.159.37.0/24 counter reject' - - 'add rule ip filter INPUT ip saddr 43.153.192.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.159.32.0/24 counter reject' - - 'add rule ip filter INPUT ip saddr 43.156.64.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.163.0.0/24 counter reject' - - 'add rule ip filter INPUT ip saddr 14.153.15.174 counter reject' - - 'add rule ip filter INPUT ip saddr 47.246.0.0/16 counter reject' - - 'add rule ip filter INPUT ip saddr 47.236.0.0/14 counter reject' - - 'add rule ip filter INPUT ip saddr 47.235.0.0/16 counter reject' - - 'add rule ip filter INPUT ip saddr 47.240.0.0/14 counter reject' - - 'add rule ip filter INPUT ip saddr 47.244.0.0/15 counter reject' -# For the MOTD -db_backup_dir: ['/backups'] -dbs_to_backup: ['pagure'] -env: pagure -freezes: true -host_backup_targets: ['/srv/git', '/var/www/releases'] -ipa_client_shell_groups: - - sysadmin-noc - - sysadmin-web - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-web -ipa_host_group: pagure -ipa_host_group_desc: Pagure GIT Forge -lvm_size: 750000 -max_mem_size: 131072 -mem_size: 65536 -num_cpus: 48 -postfix_group: vpn.pagure -primary_auth_source: ipa -sshd_config: ssh/sshd_config.pagure -sshd_keyhelper: true -stunnel_destination_port: :::8080 -stunnel_service: "eventsource" -stunnel_source_port: 8088 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [22, 25, 80, 443, 8442, 8443, 8444, 8445, - # Used for the eventsource - 8088] -vpn: true - -notes: | - Run the pagure instances for fedora - - There are a few things running here: - * The apache/mod_wsgi app for pagure - * This host relies on: - * A postgres db server running locally - - Things that rely on this host: - * nothing currently diff --git a/inventory/group_vars/pagure_stg b/inventory/group_vars/pagure_stg deleted file mode 100644 index efb93408a9..0000000000 --- a/inventory/group_vars/pagure_stg +++ /dev/null @@ -1,45 +0,0 @@ ---- -# Define resources for this group of hosts here. -# For the MOTD -env: pagure-staging -freezes: false -git_basepath: /srv/git/repositories -git_daemon_user: git -# Configuration for the git-daemon/server -git_group: git -git_port: 9418 -git_server: /usr/libexec/git-core/git-daemon -git_server_args: --export-all --syslog --inetd --verbose -ipa_client_shell_groups: - - sysadmin-noc - - sysadmin-web - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-web -ipa_host_group: pagure -ipa_host_group_desc: Pagure GIT Forge -lvm_size: 50000 -mem_size: 8192 -num_cpus: 4 -postfix_group: vpn.pagure-stg -sshd_config: ssh/sshd_config.pagure -sshd_keyhelper: true -stunnel_destination_port: 8080 -stunnel_service: "eventsource" -stunnel_source_port: :::8088 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [22, 25, 80, 443, 9418, - # Used for the eventsource server - 8088] -vpn: true - -notes: | - Run the pagure instances for fedora - - There are a few things running here: - * The apache/mod_wsgi app for pagure - * This host relies on: - * A postgres db server running locally - * Things that rely on this host: - * nothing currently diff --git a/inventory/group_vars/paste b/inventory/group_vars/paste new file mode 100644 index 0000000000..a336a39ca0 --- /dev/null +++ b/inventory/group_vars/paste @@ -0,0 +1,16 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, 8888 ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-paste,fi-apprentice +# This host doesn't freeze +freezes: false diff --git a/inventory/group_vars/paste-stg b/inventory/group_vars/paste-stg new file mode 100644 index 0000000000..a336a39ca0 --- /dev/null +++ b/inventory/group_vars/paste-stg @@ -0,0 +1,16 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, 8888 ] +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-paste,fi-apprentice +# This host doesn't freeze +freezes: false diff --git a/inventory/group_vars/people b/inventory/group_vars/people deleted file mode 100644 index 0d8398988a..0000000000 --- a/inventory/group_vars/people +++ /dev/null @@ -1,32 +0,0 @@ ---- -blocked_ips: [] -clamscan_mailto: admin@fedoraproject.org -clamscan_paths: - - /srv/ -# For the MOTD -# Neeed for rsync from log01 for logs. -custom_rules: ['-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'] -nft_custom_rules: ['add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept'] -git_basepath: / -git_daemon_user: nobody -git_port: 9418 -git_server: /usr/libexec/git-core/git-daemon -git_server_args: --export-all --syslog --inetd --verbose -# fedora-contributors is an umbrella group containing all others -ipa_client_shell_groups: - - fedora-contributor -ipa_client_sudo_groups: - - sysadmin-tools -ipa_host_group: people -ipa_host_group_desc: A place for people to host things -primary_auth_source: ipa -vpn: true - -notes: | - * Provide hosting space for Fedora contributors and Fedora Planet - * shell accounts and web space for fedora contributors - * web space for personal yum repos - * shared space for small group/personal git repos - - Please be aware that this is a shared server, and you should not upload Private/Secret SSH or GPG keys onto this system. - Any such keys found will be deleted. diff --git a/inventory/group_vars/persistent-cloud b/inventory/group_vars/persistent-cloud new file mode 100644 index 0000000000..954d613a97 --- /dev/null +++ b/inventory/group_vars/persistent-cloud @@ -0,0 +1,3 @@ +--- +freezes: false +datacenter: cloud diff --git a/inventory/group_vars/persistent_cloud b/inventory/group_vars/persistent_cloud deleted file mode 100644 index 8265770a2a..0000000000 --- a/inventory/group_vars/persistent_cloud +++ /dev/null @@ -1,3 +0,0 @@ ---- -datacenter: cloud -freezes: false diff --git a/inventory/group_vars/pkgdb b/inventory/group_vars/pkgdb new file mode 100644 index 0000000000..9f7bd215b9 --- /dev/null +++ b/inventory/group_vars/pkgdb @@ -0,0 +1,24 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +fas_client_groups: sysadmin-noc,sysadmin-web + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: pkgdb + owner: root + group: apache diff --git a/inventory/group_vars/pkgdb-stg b/inventory/group_vars/pkgdb-stg new file mode 100644 index 0000000000..03a9c830a2 --- /dev/null +++ b/inventory/group_vars/pkgdb-stg @@ -0,0 +1,24 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +fas_client_groups: sysadmin-noc,sysadmin-web + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: pkgdb + owner: root + group: apache diff --git a/inventory/group_vars/pkgs b/inventory/group_vars/pkgs deleted file mode 100644 index 000f4a3edb..0000000000 --- a/inventory/group_vars/pkgs +++ /dev/null @@ -1,47 +0,0 @@ ---- -clamscan_excludes: - - clamav- - - amavisd-new-2.3.3.tar.gz - - bro-20080804.tgz - - mailman- - - sagator- - - nicotine - - fwsnort-1.0.6.tar.gz - - psad-2.1.7.tar.bz2 - - pymilter- - - linkchecker- - - julia-0.3.7.tar.gz - - jbossws-cxf-5.1.5.Final.zip - - wss4j-2.1.5-source-release.zip - - python-impacket-0.9.14-67fc19e.tar.gz - - gdk-pixbuf- -clamscan_mailto: admin@fedoraproject.org -clamscan_paths: - - /srv/cache/lookaside/pkgs -# We have both celery (pagure_worker) and web thread wanting to send out fedmsg's. -# To make things easy on the listening side (so avoid contention of binding ports), let's set the pkgs boxes to active fedmsg. -# -# This host is externally reachable -# -external: true -ipa_client_shell_groups: - - packager - - sysadmin-cvs - - sysadmin-main - - sysadmin-noc - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-cvs - - sysadmin-main -ipa_host_group: pkgs -lvm_size: 500000 -max_mem_size: 32768 -mem_size: 32768 -num_cpus: 8 -pagure_static_uid: 600 -primary_auth_source: ipa -sshd_keyhelper: true -tcp_ports: [80, 443] -# There vars are used to configure mod_wsgi -wsgi_procs: 10 -wsgi_threads: 6 diff --git a/inventory/group_vars/pkgs_stg b/inventory/group_vars/pkgs_stg deleted file mode 100644 index cb6d74b002..0000000000 --- a/inventory/group_vars/pkgs_stg +++ /dev/null @@ -1,43 +0,0 @@ ---- -clamscan_excludes: - - clamav- - - amavisd-new-2.3.3.tar.gz - - bro-20080804.tgz - - mailman- - - sagator- - - nicotine - - fwsnort-1.0.6.tar.gz - - psad-2.1.7.tar.bz2 - - pymilter- - - linkchecker- - - julia-0.3.7.tar.gz -clamscan_mailto: admin@fedoraproject.org -clamscan_paths: - - /srv/cache/lookaside/pkgs -# We have both celery (pagure_worker) and web thread wanting to send out fedmsg's. -# To make things easy on the listening side (so avoid contention of binding ports), let's set the pkgs boxes to active fedmsg. -# -# This host is externally reachable -# -external: true -ipa_client_shell_groups: - - packager - - sysadmin-cvs - - sysadmin-main - - sysadmin-noc - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-cvs - - sysadmin-main -ipa_host_group: pkgs -lvm_size: 500000 -max_mem_size: 32768 -mem_size: 16384 -num_cpus: 8 -pagure_static_uid: 600 -# Configures ssh for git@ user -sshd_keyhelper: true -tcp_ports: [80, 443, 8444, 8443, 8445] -# There vars are used to configure mod_wsgi -wsgi_procs: 4 -wsgi_threads: 4 diff --git a/inventory/group_vars/postgresql-server b/inventory/group_vars/postgresql-server new file mode 100644 index 0000000000..c1b52cc4e8 --- /dev/null +++ b/inventory/group_vars/postgresql-server @@ -0,0 +1,10 @@ +--- +# common items for the releng-* boxes +lvm_size: 50000 +mem_size: 8192 +num_cpus: 4 +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80 ] +fas_client_groups: sysadmin-noc diff --git a/inventory/group_vars/proxies b/inventory/group_vars/proxies deleted file mode 100644 index d37a508a82..0000000000 --- a/inventory/group_vars/proxies +++ /dev/null @@ -1,166 +0,0 @@ ---- -# Define resources for this group of hosts here. -blocked_ip_v6: [] -blocked_ips: ['14.102.69.78', '104.219.54.236', '103.38.177.2', '110.172.140.98', '183.80.131.253', '113.190.178.137', '115.76.39.108', '116.109.31.204', '209.64.155.56'] -collectd_apache: true -# For the MOTD -custom_rules: [ - # Need for rsync from log01 for logs. - '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 209.132.181.102 --dport 873 -j ACCEPT', - # allow varnish from localhost - '-A INPUT -p tcp -m tcp -s 127.0.0.1 --dport 6081 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 127.0.0.1 --dport 6082 -j ACCEPT', - # also allow varnish from internal for purge requests - '-A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 6081 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.0/24 --dport 6081 -j ACCEPT', - '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.120 -j ACCEPT', - '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.121 -j ACCEPT', - '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.122 -j ACCEPT', - '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.123 -j ACCEPT', - '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.124 -j ACCEPT', - '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.125 -j ACCEPT', - '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.126 -j ACCEPT', - '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.65 -j ACCEPT', - '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.127 -j ACCEPT', - '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.128 -j ACCEPT', - '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.129 -j ACCEPT', - '-A INPUT -p tcp -m tcp --dport 22623 -s 10.16.163.120 -j ACCEPT', - '-A INPUT -p tcp -m tcp --dport 22623 -s 10.16.163.121 -j ACCEPT', - '-A INPUT -p tcp -m tcp --dport 22623 -s 10.16.163.122 -j ACCEPT', - '-A INPUT -p tcp -m tcp --dport 22623 -s 10.16.163.123 -j ACCEPT', - '-A INPUT -p tcp -m tcp --dport 22623 -s 10.16.163.124 -j ACCEPT', - '-A INPUT -p tcp -m tcp --dport 22623 -s 10.16.163.125 -j ACCEPT', - '-A INPUT -p tcp -m tcp --dport 22623 -s 10.16.163.126 -j ACCEPT', - '-A INPUT -p tcp -m tcp --dport 22623 -s 10.16.163.65 -j ACCEPT', - '-A INPUT -p tcp -m tcp --dport 22623 -s 10.16.163.127 -j ACCEPT', - '-A INPUT -p tcp -m tcp --dport 22623 -s 10.16.163.128 -j ACCEPT', - '-A INPUT -p tcp -m tcp --dport 22623 -s 10.16.163.129 -j ACCEPT'] -nft_block_rules: - - 'add rule ip filter INPUT ip saddr 81.69.171.38 counter reject' - - 'add rule ip filter INPUT ip saddr 175.24.248.206 counter reject' - - 'add rule ip filter INPUT ip saddr 47.76.0.0/14 counter reject' - - 'add rule ip filter INPUT ip saddr 47.80.0.0/13 counter reject' - - 'add rule ip filter INPUT ip saddr 47.74.0.0/15 counter reject' - - 'add rule ip filter INPUT ip saddr 66.249.64.0/24 counter reject' - - 'add rule ip filter INPUT ip saddr 43.134.64.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.134.0.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.134.224.0/19 counter reject' - - 'add rule ip filter INPUT ip saddr 43.159.41.0/24 counter reject' - - 'add rule ip filter INPUT ip saddr 43.163.8.0/24 counter reject' - - 'add rule ip filter INPUT ip saddr 43.128.64.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.156.0.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.128.64.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.133.32.0/19 counter reject' - - 'add rule ip filter INPUT ip saddr 43.134.128.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.159.37.0/24 counter reject' - - 'add rule ip filter INPUT ip saddr 43.153.192.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.159.32.0/24 counter reject' - - 'add rule ip filter INPUT ip saddr 43.156.64.0/18 counter reject' - - 'add rule ip filter INPUT ip saddr 43.163.0.0/24 counter reject' - - 'add rule ip filter INPUT ip saddr 14.153.15.174 counter reject' - - 'add rule ip filter INPUT ip saddr 47.246.0.0/16 counter reject' - - 'add rule ip filter INPUT ip saddr 47.236.0.0/14 counter reject' - - 'add rule ip filter INPUT ip saddr 47.235.0.0/16 counter reject' - - 'add rule ip filter INPUT ip saddr 47.240.0.0/14 counter reject' - - 'add rule ip filter INPUT ip saddr 47.244.0.0/15 counter reject' -nft_custom_rules: - # Need for rsync from log01 for logs. - - 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 209.132.181.102 tcp dport 873 counter accept' - # allow varnish from localhost - - 'add rule ip filter INPUT ip saddr 127.0.0.1 tcp dport 6081 counter accept' - - 'add rule ip filter INPUT ip saddr 127.0.0.1 tcp dport 6082 counter accept' - # also allow varnish from internal for purge requests - - 'add rule ip filter INPUT ip saddr 192.168.1.0/24 tcp dport 6081 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.0/24 tcp dport 6081 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.120 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.121 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.122 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.123 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.124 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.125 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.126 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.65 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.127 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.128 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.129 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.16.163.120 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.16.163.121 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.16.163.122 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.16.163.123 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.16.163.124 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.16.163.125 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.16.163.126 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.16.163.65 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.16.163.127 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.16.163.128 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.16.163.129 tcp dport 22623 counter accept' -external: true -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-veteran - - sysadmin-web -ipa_client_sudo_groups: - - sysadmin-web -ipa_host_group: proxies -ipa_host_group_desc: Proxies between internal hosts and the Internet -lvm_size: 100000 -# This is used in the httpd.conf to determine the value for serverlimit and -# maxrequestworkers. On 8gb proxies, 900 seems fine. But on 4gb proxies, this -# should be lowered in the host vars for that proxy. -maxrequestworkers: 2500 -mem_size: 8192 -nagios_Check_Services: - swap: false -num_cpus: 6 -ocp_masters: - #- bootstrap.ocp.iad2.fedoraproject.org - - ocp01.ocp.iad2.fedoraproject.org - - ocp02.ocp.iad2.fedoraproject.org - - ocp03.ocp.iad2.fedoraproject.org -# we override this here to point to the vpn endpoints of the ocp_nodes instead of -# The real internal hostnames. This is because proxies access them via vpn. -ocp_nodes: - - worker01.vpn.fedoraproject.org - - worker02.vpn.fedoraproject.org - - worker03.vpn.fedoraproject.org - - worker04.vpn.fedoraproject.org - - worker05.vpn.fedoraproject.org - - worker06.vpn.fedoraproject.org -# once vpn is up on rdu3 openshift we can switch this to use vpn -ocp_nodes_rdu3: - - worker01-rdu3.vpn.fedoraproject.org - - worker02-rdu3.vpn.fedoraproject.org - - worker03-rdu3.vpn.fedoraproject.org - - worker04-rdu3.vpn.fedoraproject.org - - worker05-rdu3.vpn.fedoraproject.org -postvpnservices: - - haproxy - - varnish -primary_auth_source: ipa -tcp_ports: [ - # For apache, generally. - 80, 443, - # This is for TCP krb5 - 1088, - # This is for RabbitMQ public access - 5671, - # openshift 4 api - 6443, - # This is for RabbitMQ internal-public access - 15671, - # This is for TOTP - 8443, -] -varnish_group: proxies -zabbix_templates: - - group: "proxies" # Ansible group - template: "external_hosts_http.json" # Template name in roles/zabbix/zabbix_templates/files/templatename.json - custom_template: true # Is the template official template bundled with Zabbix or one of our custom templates - hostgroup: "fedora external hosts" # Zabbix hostgroup - -notes: | - * Provides frontend (reverse) proxy for most web applications - * Using Apache -> haproxy, these hosts contact app servers and other various hosts to provide web applications at sites like - fedoraproject.org and admin.fedoraproject.org. - * The proxy servers are balanced via dns and geoIP and are spread all over the place. diff --git a/inventory/group_vars/proxies_stg b/inventory/group_vars/proxies_stg deleted file mode 100644 index 1b4fa4c307..0000000000 --- a/inventory/group_vars/proxies_stg +++ /dev/null @@ -1,84 +0,0 @@ ---- -# Define resources for this group of hosts here. -collectd_apache: true -# For the MOTD -custom_rules: [ - # Need for rsync from log01 for logs. - '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', - # allow varnish from localhost - '-A INPUT -p tcp -m tcp -s 127.0.0.1 --dport 6081 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 127.0.0.1 --dport 6082 -j ACCEPT', - # also allow varnish from internal for purge requests - '-A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 6081 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.0/24 --dport 6081 -j ACCEPT', - '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.115 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.116 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.117 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.118 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.119 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.120 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.121 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.122 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.123 -j ACCEPT'] -nft_custom_rules: - # Need for rsync from log01 for logs. - - 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept' - # allow varnish from localhost - - 'add rule ip filter INPUT ip saddr 127.0.0.1 tcp dport 6081 counter accept' - - 'add rule ip filter INPUT ip saddr 127.0.0.1 tcp dport 6082 counter accept' - # also allow varnish from internal for purge requests - - 'add rule ip filter INPUT ip saddr 192.168.1.0/24 tcp dport 6081 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.0/24 tcp dport 6081 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.166.115 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.166.116 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.166.117 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.166.118 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.166.119 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.166.120 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.166.121 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.166.122 tcp dport 22623 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.166.123 tcp dport 22623 counter accept' -external: true -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-veteran - - sysadmin-web -ipa_client_sudo_groups: - - sysadmin-web - - sysadmin-noc -ipa_host_group: proxies -ipa_host_group_desc: Proxies between internal hosts and the Internet -lvm_size: 100000 -# This is used in the httpd.conf to determine the value for serverlimit and -# maxrequestworkers. On 8gb proxies, 900 seems fine. But on 4gb proxies, this -# should be lowered in the host vars for that proxy. -maxrequestworkers: 900 -mem_size: 8192 -num_cpus: 2 -ocp_masters_stg: - # - bootstrap.ocp.stg.iad2.fedoraproject.org - - ocp01.ocp.stg.iad2.fedoraproject.org - - ocp02.ocp.stg.iad2.fedoraproject.org - - ocp03.ocp.stg.iad2.fedoraproject.org -ocp_nodes_stg: - - worker01.ocp.stg.iad2.fedoraproject.org - - worker02.ocp.stg.iad2.fedoraproject.org - - worker03.ocp.stg.iad2.fedoraproject.org - - worker04.ocp.stg.iad2.fedoraproject.org - - worker05.ocp.stg.iad2.fedoraproject.org -ocp_nodes_rdu3_stg: - - worker01.ocp.stg.rdu3.fedoraproject.org -tcp_ports: [ - # For apache, generally. - 80, 443, - # This is for TCP krb5 - 1088, - # This is for RabbitMQ public access - 5671, - # openshift 4 api - 6443, - # This is for RabbitMQ internal-public access - 15671, - # This is for TOTP - 8443, -] -varnish_group: proxies -zabbix_templates: "{{ [] }}" # For the moment we have no proxies external to IAD2, if this changes, put in the changes in the production group. - -notes: | - * Provides frontend (reverse) proxy for most web applications - * Using Apache -> haproxy, these hosts contact app servers and other various hosts to provide web applications - at sites like fedoraproject.org and admin.fedoraproject.org. - * The proxy servers are balanced via dns and geoIP and are spread all over the place. diff --git a/inventory/group_vars/qadevel b/inventory/group_vars/qadevel new file mode 100644 index 0000000000..64b9d921c4 --- /dev/null +++ b/inventory/group_vars/qadevel @@ -0,0 +1,20 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 40000 +mem_size: 8192 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +fas_client_groups: sysadmin-qa + +# default virt install command is for a single nic-device +# define in another group file for more nics (see buildvm) +virt_install_command: /usr/sbin/virt-install -n {{ inventory_hostname }} -r {{ mem_size }} + --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} + --vcpus={{ num_cpus }} -l {{ ks_repo }} -x + "ks={{ ks_url }} ip={{ eth0_ip }} netmask={{ nm }} + gateway={{ gw }} dns={{ dns }} console=tty0 console=ttyS0 + hostname={{ inventory_hostname }}" + --network=bridge=br0 --autostart --noautoconsole diff --git a/inventory/group_vars/qadevel-stg b/inventory/group_vars/qadevel-stg new file mode 100644 index 0000000000..9992ec58be --- /dev/null +++ b/inventory/group_vars/qadevel-stg @@ -0,0 +1,20 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 40000 +mem_size: 4096 +num_cpus: 1 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +fas_client_groups: sysadmin-qa + +# default virt install command is for a single nic-device +# define in another group file for more nics (see buildvm) +virt_install_command: /usr/sbin/virt-install -n {{ inventory_hostname }} -r {{ mem_size }} + --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} + --vcpus={{ num_cpus }} -l {{ ks_repo }} -x + "ks={{ ks_url }} ip={{ eth0_ip }} netmask={{ nm }} + gateway={{ gw }} dns={{ dns }} console=tty0 console=ttyS0 + hostname={{ inventory_hostname }}" + --network=bridge=br0 --autostart --noautoconsole diff --git a/inventory/group_vars/rabbitmq b/inventory/group_vars/rabbitmq deleted file mode 100644 index 7ccaa88de4..0000000000 --- a/inventory/group_vars/rabbitmq +++ /dev/null @@ -1,38 +0,0 @@ ---- -custom_rules: [ - # Neeed for rsync from log01 for logs. - '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', - # Inter-node traffic - '-A INPUT -p tcp -m tcp -s 10.3.163.78 --dport 25672 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.79 --dport 25672 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.80 --dport 25672 -j ACCEPT'] -nft_custom_rules: - # Neeed for rsync from log01 for logs. - - 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept' - # Inter-node traffic - - 'add rule ip filter INPUT ip saddr 10.3.163.78 tcp dport 25672 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.79 tcp dport 25672 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.80 tcp dport 25672 counter accept' -ipa_host_group: rabbitmq -ipa_host_group_desc: RabbitMQ service -ipa_shell_groups: - - sysadmin-messaging -ipa_client_sudo_groups: - - sysadmin-messaging -mem_size: 8192 -primary_auth_source: ipa -tcp_ports: [ - # https://www.rabbitmq.com/clustering.html#selinux-ports - # EPMD - 4369, - # AMQP - 5672, 5671, - # CLI tools - 35672, 35673, 35674, 35675, 35676, 35677, 35678, 35679, 35680, 35681, 35682, - # HTTP API - #15672, -] -zabbix_templates: - - group: "rabbitmq" # Ansible group - template: "RabbitMQ node by Zabbix agent" # Template name in roles/zabbix/zabbix_templates/files/templatename.json - custom_template: false # Is the template official template bundled with Zabbix or one of our custom templates - hostgroup: "fedora rabbitmq" # Zabbix hostgroup diff --git a/inventory/group_vars/rabbitmq_stg b/inventory/group_vars/rabbitmq_stg deleted file mode 100644 index 8b6a116d77..0000000000 --- a/inventory/group_vars/rabbitmq_stg +++ /dev/null @@ -1,45 +0,0 @@ ---- -custom_rules: [ - # Neeed for rsync from log01 for logs. - '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', - # Inter-node traffic - '-A INPUT -p tcp -m tcp -s 10.3.166.78 --dport 25672 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.166.79 --dport 25672 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.166.80 --dport 25672 -j ACCEPT'] -nft_custom_rules: - # Neeed for rsync from log01 for logs. - - 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept' - # Inter-node traffic - - 'add rule ip filter INPUT ip saddr 10.3.166.78 tcp dport 25672 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.166.79 tcp dport 25672 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.166.80 tcp dport 25672 counter accept' -datacenter: iad2 -ipa_host_group: rabbitmq -ipa_host_group_desc: RabbitMQ service -ipa_shell_groups: - - sysadmin-messaging -ipa_client_sudo_groups: - - sysadmin-messaging -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL8-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-8-iad2 -# Define resources for this group of hosts here. -lvm_size: 20000 -mem_size: 8192 -num_cpus: 2 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [ - # https://www.rabbitmq.com/clustering.html#selinux-ports - # EPMD - 4369, - # AMQP - 5672, 5671, - # CLI tools - 35672, 35673, 35674, 35675, 35676, 35677, 35678, 35679, 35680, 35681, 35682, - # HTTP API - #15672, -] -zabbix_templates: - - group: "rabbitmq_stg" # Ansible group - template: "RabbitMQ node by Zabbix agent" # Template name in roles/zabbix/zabbix_templates/files/templatename.json - custom_template: false # Is the template official template bundled with Zabbix or one of our custom templates - hostgroup: "fedora rabbitmq" # Zabbix hostgroup diff --git a/inventory/group_vars/releng b/inventory/group_vars/releng new file mode 100644 index 0000000000..82cd018cad --- /dev/null +++ b/inventory/group_vars/releng @@ -0,0 +1,38 @@ +--- +# common items for the releng-* boxes +lvm_size: 100000 +mem_size: 16384 +num_cpus: 16 +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +virt_install_command: virt-install -n {{ inventory_hostname }} -r {{ mem_size }} + --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} + --vcpus={{ num_cpus }} -l {{ ks_repo }} -x + "ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0 + hostname={{ inventory_hostname }} nameserver={{ dns }} + ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none + ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname }}-nfs:eth1:none" + --network=bridge=br0,model=virtio --network=bridge=br1,model=virtio + --autostart --noautoconsole + +# With 16 cpus, theres a bunch more kernel threads +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +host_group: releng + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: root +- service: bodhi + owner: root + group: masher + +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" diff --git a/inventory/group_vars/releng_compose b/inventory/group_vars/releng_compose deleted file mode 100644 index 7294c75be0..0000000000 --- a/inventory/group_vars/releng_compose +++ /dev/null @@ -1,36 +0,0 @@ ---- -# common items for the releng-* boxes -dns: 10.3.163.33 -freezes: true -host_group: releng -ipa_client_shell_groups: - - sysadmin-releng - - sysadmin-troubleshoot -ipa_client_sudo_groups: - - sysadmin-releng -ipa_host_group: releng-compose -ipa_host_group_desc: Hosts running composes -# for kojid config -koji_instance: "primary" -koji_server_url: "https://koji.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.fedoraproject.org/" -koji_weburl: "https://koji.fedoraproject.org/koji" -kojihub_scheme: https -kojihub_url: koji.fedoraproject.org/kojihub -# For the mock config -kojipkgs_url: kojipkgs.fedoraproject.org -lvm_size: 100000 -max_mem_size: "{{ mem_size }}" -mem_size: 131072 -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4" -nrpe_procs_crit: 1000 -# With 16 cpus, theres a bunch more kernel threads -nrpe_procs_warn: 900 -num_cpus: 16 -primary_auth_source: ipa -virt_install_command: "{{ virt_install_command_two_nic_unsafe }}" -zabbix_templates: - - group: "releng_compose" - template: "releng_compose_cronjobs.json" - custom_template: true # Is the template official template bundled with Zabbix or one of our custom templates - hostgroup: "fedora releng compose" diff --git a/inventory/group_vars/releng_compose_eln b/inventory/group_vars/releng_compose_eln deleted file mode 100644 index 622a3a88b4..0000000000 --- a/inventory/group_vars/releng_compose_eln +++ /dev/null @@ -1,30 +0,0 @@ ---- -# common items for the releng-* boxes -dns: 10.3.163.33 -external: false -host_group: releng_eln -ipa_client_shell_groups: - - sysadmin-eln -ipa_client_sudo_groups: - - sysadmin-eln -ipa_host_group: releng-compose-eln -ipa_host_group_desc: Hosts running composes for eln -# for kojid config -koji_server_url: "https://koji.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.fedoraproject.org/" -koji_weburl: "https://koji.fedoraproject.org/koji" -kojihub_scheme: https -kojihub_url: koji.fedoraproject.org/kojihub -# For the mock config -kojipkgs_url: kojipkgs.fedoraproject.org -lvm_size: 100000 -max_mem_size: "{{ mem_size }}" -mem_size: 131072 -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4" -nrpe_procs_crit: 1000 -# With 16 cpus, theres a bunch more kernel threads -nrpe_procs_warn: 900 -num_cpus: 16 -primary_auth_source: ipa -virt_install_command: "{{ virt_install_command_one_nic_unsafe }}" -zabbix_templates: "{{ [] }}" # Need to do some research on what exactly we're doing on this host before enabling any templates. diff --git a/inventory/group_vars/releng_compose_riscv b/inventory/group_vars/releng_compose_riscv deleted file mode 100644 index 9c07c1fc03..0000000000 --- a/inventory/group_vars/releng_compose_riscv +++ /dev/null @@ -1,31 +0,0 @@ ---- -# common items for the releng-* boxes -dns: 10.3.163.33 -external: false -host_group: releng_riscv -ipa_client_shell_groups: - - sysadmin-riscv -ipa_client_sudo_groups: - - sysadmin-riscv -ipa_host_group: releng-compose-riscv -ipa_host_group_desc: Hosts running composes for riscv -# for kojid config -koji_instance: secondary -koji_server_url: "https://riscv-koji.fedoraproject.org/kojihub" -koji_topurl: "https://riscv-kojipkgs.fedoraproject.org/" -koji_weburl: "https://riscv-koji.fedoraproject.org/koji" -kojihub_scheme: https -kojihub_url: riscv-koji.fedoraproject.org/kojihub -# For the mock config -kojipkgs_url: riscv-kojipkgs.fedoraproject.org -lvm_size: 100000 -max_mem_size: "{{ mem_size }}" -mem_size: 131072 -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4" -nrpe_procs_crit: 1000 -# With 16 cpus, theres a bunch more kernel threads -nrpe_procs_warn: 900 -num_cpus: 16 -primary_auth_source: ipa -virt_install_command: "{{ virt_install_command_one_nic_unsafe }}" -zabbix_templates: "{{ [] }}" # Need to do some research on what exactly we're doing on this host before enabling any templates. diff --git a/inventory/group_vars/releng_compose_stg b/inventory/group_vars/releng_compose_stg deleted file mode 100644 index 4f8c478ffb..0000000000 --- a/inventory/group_vars/releng_compose_stg +++ /dev/null @@ -1,15 +0,0 @@ ---- -ipa_client_shell_groups: - - sysadmin-releng -ipa_client_sudo_groups: - - sysadmin-releng -ipa_host_group: releng-compose -ipa_host_group_desc: Hosts running composes -koji_instance: "primary" -koji_server_url: "https://koji.stg.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.fedoraproject.org/" -koji_weburl: "https://koji.stg.fedoraproject.org/koji" -mem_size: 8192 -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" -num_cpus: 4 -zabbix_templates: "{{ [] }}" # We don't run composes in staging, but if this changes, consider putting in the configuration in the production group. diff --git a/inventory/group_vars/relvalconsumer b/inventory/group_vars/relvalconsumer deleted file mode 100644 index 0d8d554893..0000000000 --- a/inventory/group_vars/relvalconsumer +++ /dev/null @@ -1,12 +0,0 @@ -# we use the openQA rabbitmq account for this role as they run -# on the same server and it's convenient. this means it's also -# safe and appropriate to use variables defined in the openqa -# group_vars. if we ever split the roles up we will have to create -# a separate account with separate creds -relvalamiconsumer_amqp_queue: "{{ openqa_amqp_prod_username }}_relvalamiconsumer" -relvalconsumer_amqp_queue: "{{ openqa_amqp_prod_username }}_relvalconsumer" - -# This var should never be set for more than one machine -relvalconsumer_prod: true -# this one probably shouldn't either -relvalconsumer_bugzilla_api_key: "{{ prod_relvalconsumer_bugzilla_secret_api_key }}" diff --git a/inventory/group_vars/relvalconsumer_common b/inventory/group_vars/relvalconsumer_common deleted file mode 100644 index 4b9fc2f7da..0000000000 --- a/inventory/group_vars/relvalconsumer_common +++ /dev/null @@ -1,27 +0,0 @@ -# we need this for our fedora-messaging consumer as it is not allowed -# to create queues on the infra AMQP broker, by broker config -relvalconsumer_amqp_passive: true - -# fedora-messaging email error reporting settings -relvalconsumer_amqp_mailto: ["adamwill@fedoraproject.org", "lruzicka@fedoraproject.org"] -relvalconsumer_amqp_smtp: bastion - -# fedora-messaging relvalconsumer settings: most of these are the same -# for prod and stg as they both must listen for prod messages. Only -# the queue names differs (so is set in the non-common files). -# -# we use the openQA rabbitmq account for this role as they run -# on the same server and it's convenient. this means it's also -# safe and appropriate to use variables defined in the openqa -# group_vars. if we ever split the roles up we will have to create -# a separate account with separate creds -relvalconsumer_amqp_url: "{{ openqa_amqp_prod_url }}" -relvalconsumer_amqp_cacert: "{{ openqa_amqp_prod_cacertfile }}" -relvalconsumer_amqp_cert: "{{ openqa_amqp_prod_certfile }}" -relvalconsumer_amqp_key: "{{ openqa_amqp_prod_keyfile }}" -relvalconsumer_amqp_routing_keys: ["org.fedoraproject.prod.pungi.compose.status.change"] - -relvalamiconsumer_amqp_routing_keys: [ - "org.fedoraproject.prod.fedora_image_uploader.published.v1.aws", - "org.fedoraproject.prod.fedora_image_uploader.published.v1.aws.#" -] diff --git a/inventory/group_vars/relvalconsumer_test b/inventory/group_vars/relvalconsumer_test deleted file mode 100644 index df4cf2252f..0000000000 --- a/inventory/group_vars/relvalconsumer_test +++ /dev/null @@ -1,8 +0,0 @@ -# we use the openQA rabbitmq account for this role as they run -# on the same server and it's convenient. this means it's also -# safe and appropriate to use variables defined in the openqa -# group_vars. if we ever split the roles up we will have to create -# a separate account with separate creds -relvalamiconsumer_amqp_queue: "{{ openqa_amqp_prod_username }}_relvalamiconsumer.test" -relvalconsumer_amqp_queue: "{{ openqa_amqp_prod_username }}_relvalconsumer.test" -relvalconsumer_prod: false diff --git a/inventory/group_vars/repospanner_temp b/inventory/group_vars/repospanner_temp deleted file mode 100644 index 6d89b18f09..0000000000 --- a/inventory/group_vars/repospanner_temp +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Define resources for this group of hosts here. -# For the MOTD -custom_rules: ['-A INPUT -p tcp -m tcp -s 8.43.84.211 --dport 8443:8445 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 8.43.84.212 --dport 8443:8445 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 8.43.85.76 --dport 8443:8445 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 152.19.134.149 --dport 8443:8445 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 209.132.181.20 --dport 8443:8445 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 8.43.85.78 --dport 8443:8445 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 152.19.134.191 --dport 8443:8445 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 140.211.169.199 --dport 8443:8445 -j ACCEPT'] -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 8.43.84.211 tcp dport 8443-8445 counter accept' - - 'add rule ip filter INPUT ip saddr 8.43.84.212 tcp dport 8443-8445 counter accept' - - 'add rule ip filter INPUT ip saddr 8.43.85.76 tcp dport 8443-8445 counter accept' - - 'add rule ip filter INPUT ip saddr 152.19.134.149 tcp dport 8443-8445 counter accept' - - 'add rule ip filter INPUT ip saddr 209.132.181.20 tcp dport 8443-8445 counter accept' - - 'add rule ip filter INPUT ip saddr 8.43.85.78 tcp dport 8443-8445 counter accept' - - 'add rule ip filter INPUT ip saddr 152.19.134.191 tcp dport 8443-8445 counter accept' - - 'add rule ip filter INPUT ip saddr 140.211.169.199 tcp dport 8443-8445 counter accept' -lvm_size: 50000 -max_mem_size: 16348 -mem_size: 8192 -nagios_Check_Services: - mail: false - nrpe: false - ping: false - sshd: false - swap: false -num_cpus: 8 - -notes: repospanner git syncing host diff --git a/inventory/group_vars/resultsdb-dev b/inventory/group_vars/resultsdb-dev new file mode 100644 index 0000000000..652351c35f --- /dev/null +++ b/inventory/group_vars/resultsdb-dev @@ -0,0 +1,28 @@ +--- +# common items for the releng-* boxes +lvm_size: 50000 +mem_size: 4096 +num_cpus: 4 +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, "{{ resultsdb_db_port }}" ] +fas_client_groups: sysadmin-qa,sysadmin-main +nrpe_procs_warn: 250 +nrpe_procs_crit: 300 + +virt_install_command: /usr/sbin/virt-install -n {{ inventory_hostname }} -r {{ mem_size }} + --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} + --vcpus={{ num_cpus }} -l {{ ks_repo }} -x + "ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0 + hostname={{ inventory_hostname }} nameserver={{ dns }} + ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none" + --network=bridge=br0,model=virtio --autostart --noautoconsole + +resultsdb_db_host: db-qa01.qa.fedoraproject.org +resultsdb_db_port: 5432 +resultsdb_endpoint: '/resultsdb_api' +resultsdb_fe_endpoint: '/resultsdb' +resultsdb_db_name: resultsdb_dev +allowed_hosts: + - 10.5.124 diff --git a/inventory/group_vars/resultsdb-prod b/inventory/group_vars/resultsdb-prod new file mode 100644 index 0000000000..2201a7e339 --- /dev/null +++ b/inventory/group_vars/resultsdb-prod @@ -0,0 +1,29 @@ +--- +# common items for the releng-* boxes +lvm_size: 50000 +mem_size: 4096 +num_cpus: 4 +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, "{{ resultsdb_db_port }}" ] +fas_client_groups: sysadmin-qa +nrpe_procs_warn: 250 +nrpe_procs_crit: 300 + +virt_install_command: /usr/sbin/virt-install -n {{ inventory_hostname }} -r {{ mem_size }} + --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} + --vcpus={{ num_cpus }} -l {{ ks_repo }} -x + "ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0 + hostname={{ inventory_hostname }} nameserver={{ dns }} + ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none" + --network=bridge=br0,model=virtio --autostart --noautoconsole + +deployment_type: prod +resultsdb_db_host: db-qa01.qa.fedoraproject.org +resultsdb_db_port: 5432 +resultsdb_endpoint: '/resultsdb_api' +resultsdb_fe_endpoint: '/resultsdb' +resultsdb_db_name: resultsdb +allowed_hosts: + - 10.5.124 diff --git a/inventory/group_vars/resultsdb-stg b/inventory/group_vars/resultsdb-stg new file mode 100644 index 0000000000..f5ef63e4aa --- /dev/null +++ b/inventory/group_vars/resultsdb-stg @@ -0,0 +1,29 @@ +--- +# common items for the releng-* boxes +lvm_size: 50000 +mem_size: 4096 +num_cpus: 4 +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, "{{ resultsdb_db_port }}" ] +fas_client_groups: sysadmin-qa +nrpe_procs_warn: 250 +nrpe_procs_crit: 300 + +virt_install_command: /usr/sbin/virt-install -n {{ inventory_hostname }} -r {{ mem_size }} + --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} + --vcpus={{ num_cpus }} -l {{ ks_repo }} -x + "ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0 + hostname={{ inventory_hostname }} nameserver={{ dns }} + ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none" + --network=bridge=br0,model=virtio --autostart --noautoconsole + +deployment_type: stg +resultsdb_db_host: db-qa01.qa.fedoraproject.org +resultsdb_db_port: 5432 +resultsdb_endpoint: '/resultsdb_api' +resultsdb_fe_endpoint: '/resultsdb' +resultsdb_db_name: resultsdb_stg +allowed_hosts: + - 10.5.124 diff --git a/inventory/group_vars/retrace b/inventory/group_vars/retrace deleted file mode 100644 index 40975a18a6..0000000000 --- a/inventory/group_vars/retrace +++ /dev/null @@ -1,29 +0,0 @@ ---- -custom_rules: - - '-A INPUT -p tcp -m tcp -s 10.5.78.11 --dport 2049 -j ACCEPT' - - '-A INPUT -p tcp -m tcp -s 10.5.78.11 --dport 5432 -j ACCEPT' -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 10.5.78.11 tcp dport 2049 counter accept' - - 'add rule ip filter INPUT ip saddr 10.5.78.11 tcp dport 5432 counter accept' -env: production -freezes: false -ipa_client_shell_groups: - - retrace -ipa_client_sudo_groups: - - retrace -ipa_host_group: retrace -ipa_host_group_desc: Retrace servers -nrpe_procs_crit: 2000 -nrpe_procs_warn: 1800 -primary_auth_source: ipa -tcp_ports: [80, 443] -vpn: true - -notes: | - Provide a web interface and backend for ABRT Analytics and Retrace Server. - Three services run on this server: - * An Apache httpd serves the web interface and backed functionality for ABRT Analytics. - * The same server provides the HTTP endpoints for Retrace Server to allow remote retracing of crashes in Fedora. - * PostgreSQL server for ABRT Analytics. - - The retracing functionality relies on the debuginfod server (debuginfod.fedoraproject.org). diff --git a/inventory/group_vars/retrace_stg_aws b/inventory/group_vars/retrace_stg_aws deleted file mode 100644 index 312e147c94..0000000000 --- a/inventory/group_vars/retrace_stg_aws +++ /dev/null @@ -1,11 +0,0 @@ ---- -env: staging -nagios_Check_Services: - mail: false - nrpe: false - swap: false -root_auth_users: msuchy mfabik mzidek -sudoers: "{{ private }}/files/sudo/arm-retrace-sudoers" -tcp_ports: [22, 80, 443] -vpn: true -notes: Provide staging environment for ABRT Analytics and Retrace Server. diff --git a/inventory/group_vars/runroot b/inventory/group_vars/runroot deleted file mode 100644 index b4f070ea15..0000000000 --- a/inventory/group_vars/runroot +++ /dev/null @@ -1,6 +0,0 @@ ---- - -# We need to mount koji storage rw here so run_root can work. -# The rest of the group can be ro, it's only builders in the -# compose channel that need a rw mount -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" diff --git a/inventory/group_vars/secondary b/inventory/group_vars/secondary deleted file mode 100644 index ec8bd98cda..0000000000 --- a/inventory/group_vars/secondary +++ /dev/null @@ -1,25 +0,0 @@ ---- -datacenter: iad2 -host_group: secondary -ipa_client_shell_groups: - - alt-k12linux - - alt-sugar - - altvideos - - fi-apprentice - - hosted-content - - mips-content - - qa-deltaisos - - s390_content - - sysadmin-noc - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-noc -ipa_host_group: secondary -ipa_host_group_desc: Serve secondary arch and archived releases -# nfs mount options, overrides the all/default -nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,actimeo=600,nfsvers=3" -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -primary_auth_source: ipa -rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}" -tcp_ports: [80, 443, 873] diff --git a/inventory/group_vars/sign-bridge b/inventory/group_vars/sign-bridge new file mode 100644 index 0000000000..d58e1cccfc --- /dev/null +++ b/inventory/group_vars/sign-bridge @@ -0,0 +1,13 @@ +--- +freezes: true +postfix_group: sign +host_group: sign + +# Define resources for this group of hosts here. +lvm_size: 10000 +mem_size: 4096 +num_cpus: 4 + +tcp_ports: [ 44333, 44334 ] + +fas_client_groups: sysadmin-releng diff --git a/inventory/group_vars/sign-vault b/inventory/group_vars/sign-vault new file mode 100644 index 0000000000..61a827bf1d --- /dev/null +++ b/inventory/group_vars/sign-vault @@ -0,0 +1,4 @@ +--- +freezes: true +postfix_group: sign +host_group: sign diff --git a/inventory/group_vars/sign_bridge b/inventory/group_vars/sign_bridge deleted file mode 100644 index 415611410b..0000000000 --- a/inventory/group_vars/sign_bridge +++ /dev/null @@ -1,14 +0,0 @@ ---- -freezes: true -ipa_client_shell_groups: - - sysadmin-releng -ipa_client_sudo_groups: - - sysadmin-releng -ipa_host_group: sign-bridge -# Define resources for this group of hosts here. -lvm_size: 50000 -mem_size: 4096 -num_cpus: 4 -postfix_group: sign -primary_auth_source: ipa -tcp_ports: [44333, 44334] diff --git a/inventory/group_vars/sign_vault b/inventory/group_vars/sign_vault deleted file mode 100644 index 61d3daf2c6..0000000000 --- a/inventory/group_vars/sign_vault +++ /dev/null @@ -1,10 +0,0 @@ ---- -freezes: true -host_group: sign -nagios_Check_Services: - mail: false - nrpe: false - ping: true - sshd: false - swap: false -postfix_group: sign diff --git a/inventory/group_vars/smtp-mm b/inventory/group_vars/smtp-mm new file mode 100644 index 0000000000..510826f73d --- /dev/null +++ b/inventory/group_vars/smtp-mm @@ -0,0 +1,15 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 2048 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 25 ] + +fas_client_groups: sysadmin-noc,sysadmin-tools,fi-apprentice + +postfix_transport_filename: transports.mm-smtp +postfix_group: smtp-mm diff --git a/inventory/group_vars/smtp_auth b/inventory/group_vars/smtp_auth deleted file mode 100644 index d7ebaa2adf..0000000000 --- a/inventory/group_vars/smtp_auth +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Define resources for this group of hosts here. -ipa_client_shell_access: - - sysadmin-noc - - sysadmin-tools - - sysadmin-veteran -ipa_client_sudo_access: - - sysadmin-noc - - sysadmin-tools - - sysadmin-veteran -ipa_host_group: smtp_auth -ipa_host_group_desc: SMTP auth servers -lvm_size: 20000 -mem_size: 4096 -nagios_Check_Services: - mail: false - nrpe: true -num_cpus: 2 -postfix_group: smtp-auth -postfix_transport_filename: transports.smtp-auth -primary_auth_source: ipa -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [25, 587] -vpn: true diff --git a/inventory/group_vars/smtp_mm b/inventory/group_vars/smtp_mm deleted file mode 100644 index cbb3b69add..0000000000 --- a/inventory/group_vars/smtp_mm +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Define resources for this group of hosts here. -ipa_client_shell_access: - - fi-apprentice - - sysadmin-noc - - sysadmin-tools - - sysadmin-veteran -ipa_client_sudo_access: - - sysadmin-noc - - sysadmin-tools - - sysadmin-veteran -ipa_host_group: smtp_mm -ipa_host_group_desc: SMTP servers -lvm_size: 20000 -mem_size: 2048 -nagios_Check_Services: - mail: false - nrpe: true -num_cpus: 2 -postfix_group: smtp-mm -postfix_transport_filename: transports.smtp-mm -primary_auth_source: ipa -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [25] -vpn: true diff --git a/inventory/group_vars/staging b/inventory/group_vars/staging index 3e20b7a21e..c1cf3ff8f2 100644 --- a/inventory/group_vars/staging +++ b/inventory/group_vars/staging @@ -1,58 +1,4 @@ --- -datanommer_db_hostname: db-datanommer01 -deployment_type: stg -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -env: staging -env_prefix: stg. -env_short: stg -env_suffix: .stg -external: false freezes: false +env: staging host_group: staging -ipa_admin_password: "{{ ipa_stg_admin_password }}" -ipa_realm: STG.FEDORAPROJECT.ORG -# IPA details -ipa_server: ipa01.stg.iad2.fedoraproject.org -ipa_server_nodes: - - ipa01.stg.iad2.fedoraproject.org - - ipa02.stg.iad2.fedoraproject.org - - ipa03.stg.iad2.fedoraproject.org -mirrors_centos_org_cert_file: mirrors.stg.centos.org.cert -# This is the mirrors.stg.centos.org certs -mirrors_centos_org_cert_name: mirrors.stg.centos.org -mirrors_centos_org_key_file: mirrors.stg.centos.org.key -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet - mtu: 9000 -# Do we want to use nftables instead of iptables -nftables: true -ocp_wildcard_cert_file: wildcard-2024.apps.ocp.stg.fedoraproject.org.cert -# This is the openshift wildcard cert for ocp stg -ocp_wildcard_cert_name: wildcard-2024.apps.ocp.stg.fedoraproject.org -ocp_wildcard_int_file: wildcard-2024.apps.ocp.stg.fedoraproject.org.intermediate.cert -ocp_wildcard_key_file: wildcard-2024.apps.ocp.stg.fedoraproject.org.key -# RIP, FAS -primary_auth_source: ipa -SSLCertificateChainFile: wildcard-2025.stg.fedoraproject.org.intermediate.cert -wildcard_cert_file: wildcard-2025.stg.fedoraproject.org.cert -# This is the wildcard certname for our stg proxies. -wildcard_cert_name: wildcard-2025.stg.fedoraproject.org -wildcard_int_file: wildcard-2025.stg.fedoraproject.org.intermediate.cert -wildcard_key_file: wildcard-2025.stg.fedoraproject.org.key diff --git a/inventory/group_vars/summershum b/inventory/group_vars/summershum new file mode 100644 index 0000000000..d5b76e67a0 --- /dev/null +++ b/inventory/group_vars/summershum @@ -0,0 +1,21 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 3000 ] + +fas_client_groups: sysadmin-noc,sysadmin-badges + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: summershum + owner: root + group: fedmsg diff --git a/inventory/group_vars/summershum-stg b/inventory/group_vars/summershum-stg new file mode 100644 index 0000000000..d5b76e67a0 --- /dev/null +++ b/inventory/group_vars/summershum-stg @@ -0,0 +1,21 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 3000 ] + +fas_client_groups: sysadmin-noc,sysadmin-badges + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: summershum + owner: root + group: fedmsg diff --git a/inventory/group_vars/sundries b/inventory/group_vars/sundries index 608bd7d5e7..6a3697bfbc 100644 --- a/inventory/group_vars/sundries +++ b/inventory/group_vars/sundries @@ -1,27 +1,20 @@ --- -# Define resources for this group of hosts here. -deployment_type: prod -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-releng - - sysadmin-veteran - - sysadmin-web -ipa_client_sudo_groups: - - sysadmin-releng - - sysadmin-web -ipa_host_group: sundries -ipa_host_group_desc: Odds and ends -lvm_size: 50000 -# This gets overridden by whichever node we want to run special cronjobs. -master_sundries_node: False +# Define resources for this group of hosts here. +lvm_size: 30000 mem_size: 2048 -nrpe_procs_crit: 500 -nrpe_procs_warn: 300 num_cpus: 2 -primary_auth_source: ipa -# A host group for rsync config -rsync_group: sundries + # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file -tcp_ports: [80, 873] + +tcp_ports: [ 80, 873 ] +fas_client_groups: sysadmin-noc,fi-apprentice + +# This gets overridden by whichever node we want to run special cronjobs. +master_sundries_node: False + +# A host group for rsync config +rsync_group: sundries + +nrpe_procs_warn: 300 +nrpe_procs_crit: 500 diff --git a/inventory/group_vars/sundries-stg b/inventory/group_vars/sundries-stg new file mode 100644 index 0000000000..6a3697bfbc --- /dev/null +++ b/inventory/group_vars/sundries-stg @@ -0,0 +1,20 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 30000 +mem_size: 2048 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 873 ] +fas_client_groups: sysadmin-noc,fi-apprentice + +# This gets overridden by whichever node we want to run special cronjobs. +master_sundries_node: False + +# A host group for rsync config +rsync_group: sundries + +nrpe_procs_warn: 300 +nrpe_procs_crit: 500 diff --git a/inventory/group_vars/sundries_stg b/inventory/group_vars/sundries_stg deleted file mode 100644 index 322b6493a2..0000000000 --- a/inventory/group_vars/sundries_stg +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Define resources for this group of hosts here. -deployment_type: stg -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-releng - - sysadmin-veteran - - sysadmin-web -ipa_client_sudo_groups: - - sysadmin-releng - - sysadmin-web -ipa_host_group: sundries -ipa_host_group_desc: Odds and ends -lvm_size: 50000 -# This gets overridden by whichever node we want to run special cronjobs. -master_sundries_node: False -mem_size: 2048 -nrpe_procs_crit: 500 -nrpe_procs_warn: 300 -num_cpus: 2 -# A host group for rsync config -rsync_group: sundries-stg -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [80, 873] diff --git a/inventory/group_vars/tagger b/inventory/group_vars/tagger new file mode 100644 index 0000000000..ba48bc3a00 --- /dev/null +++ b/inventory/group_vars/tagger @@ -0,0 +1,27 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 4096 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: fedoratagger + owner: root + group: fedoratagger diff --git a/inventory/group_vars/tagger-stg b/inventory/group_vars/tagger-stg new file mode 100644 index 0000000000..a15d7cb41b --- /dev/null +++ b/inventory/group_vars/tagger-stg @@ -0,0 +1,27 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: fedoratagger + owner: root + group: fedoratagger diff --git a/inventory/group_vars/tang b/inventory/group_vars/tang deleted file mode 100644 index 2b5256557e..0000000000 --- a/inventory/group_vars/tang +++ /dev/null @@ -1,5 +0,0 @@ ---- -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -primary_auth_source: ipa -tcp_ports: [80] diff --git a/inventory/group_vars/taskotron b/inventory/group_vars/taskotron new file mode 100644 index 0000000000..1cb32799bc --- /dev/null +++ b/inventory/group_vars/taskotron @@ -0,0 +1,20 @@ +--- +# common items for the releng-* boxes +lvm_size: 50000 +mem_size: 4096 +num_cpus: 4 +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, 9989 ] +fas_client_groups: sysadmin-qa +nrpe_procs_warn: 250 +nrpe_procs_crit: 300 + +virt_install_command: /usr/sbin/virt-install -n {{ inventory_hostname }} -r {{ mem_size }} + --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} + --vcpus={{ num_cpus }} -l {{ ks_repo }} -x + "ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0 + hostname={{ inventory_hostname }} nameserver={{ dns }} + ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none" + --network=bridge=br0,model=virtio --autostart --noautoconsole diff --git a/inventory/group_vars/taskotron-dev b/inventory/group_vars/taskotron-dev new file mode 100644 index 0000000000..76b9b3e112 --- /dev/null +++ b/inventory/group_vars/taskotron-dev @@ -0,0 +1,36 @@ +--- +grokmirror_basedir: /var/lib/git/mirror +grokmirror_user: grokmirror +grokmirror_repos: + - { name: fedoraqa/rpmlint, url: 'https://bitbucket.org/fedoraqa/task-rpmlint.git'} + - { name: fedoraqa/depcheck, url: 'https://bitbucket.org/fedoraqa/task-depcheck.git'} + - { name: fedoraqa/examplelong, url: 'https://bitbucket.org/fedoraqa/task-examplelong.git'} + - { name: fedoraqa/examplebodhi, url: 'https://bitbucket.org/fedoraqa/task-examplebodhi.git'} + - { name: fedoraqa/upgradepath, url: 'https://bitbucket.org/fedoraqa/task-upgradepath.git'} +buildslave_ssh_pubkey: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqNpJlS14KKQQ8gAaXo0untJRccLJSrdUt/hWlpZ9Oad5KKYoRNznsGK3j9WCO4YDFXKGGxBrpqdyegPLO4J9zHmtlUPNfM4kbXVlVtIMGGKmBi9rQPNRpeclUpsjlo3uF9IqIIUSS1IMcx1X1oz60kmrAWO9+Z7mYs/AuCCeomlET3OU7paQYxL5Dgs2n6/IjhvoCitN9T9bBf91nLuRh+EtEbBL5ztZ1kVJxj5oTQN7iGKw2V0tW0MJ1WtnK2/j4v9MivnZPSPPKDysveNze2Vy9kioQACvrvjyHMIQrc+2YS/38D/fv7e4WhhuoOGT5Tip20PPspiCQRiSUBDN1 buildslave@taskotron-stg.fedoraproject.org' +settings_dir: /etc/taskotron +buildmaster_db_host: db-qa01.qa.fedoraproject.org +buildmaster_db_name: buildmaster_dev +buildmaster_template: taskotron.master.cfg.j2 +buildmaster_endpoint: taskmaster +buildslave_ssh_pubkey: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4EOTNfPIvIjCLNRYauVquS2LA8CZvCi6f87TASDZv4moFTv3mrCIdA3ycYLg+r+ODdPDjF9Cjpw1os/8L07XegTt9gAJVIpxzu3ZgQDkSQbx/hlDi+RG4EOIHL8nNJmu27dOVd1tb3k3aOkP5twO4uEq9RygrQBWMZTmOHdS/q8ZVUQG0d1sKv2J8EuBENgICjjIhhYvdvluu3G65jKxMgDbSXjkK6vZpbDbS2d6JI3VeLbVGlyFbHkTu7vH/vzTJZfOYgp0ZbvW9Wo3VSq/ia5qtrLKwRcBkpyCkP6uOQ14zqj4zJd/Hv7qhEcUhC8Jsb7d/Z6b3q5ID0s/9nuHdQ== buildslave@taskotron-dev01.qa.fedoraproject.org' +buildslave_port: 9989 +cgit_root_title: "Taskotron Dev Server Git Mirror" +buildmaster_dir: /home/buildmaster/master +buildslave_dir: /home/buildslave/slave +master_dir: /home/buildmaster/master +master_user: buildmaster +external_hostname: taskotron-dev.fedoraproject.org +resultsdb_url: http://resultsdb-dev01.qa.fedoraproject.org/resultsdb_api/api/v1.0 +resultsdb_frontend_url: http://resultsdb-dev01.qa.fedoraproject.org/resultsdb/ +resultsdb_external_url: https://taskotron-dev.fedoraproject.org/resultsdb_api/ +resultsdb_endpoint: resultsdb +resultsdb_api_endpoint: resultsdb_api +landingpage_title: "Taskotron Development" +deployment_type: dev +tcp_ports: [ 80, 443, "{{ buildslave_port }}" ] +fakefedorainfra_db_host: db-qa01.qa.fedoraproject.org +fakefedorainfra_db_name: dev_fakefedorainfra +fakefedorainfra_endpoint: fakefedorainfra +fakefedorainfra_url: https://taskotron-dev.fedoraproject.org/fakefedorainfra +taskotron_docs_url: https://docs.qadevel.cloud.fedoraproject.org/libtaskotron/latest/ diff --git a/inventory/group_vars/taskotron-dev-clients b/inventory/group_vars/taskotron-dev-clients new file mode 100644 index 0000000000..b384c6dab9 --- /dev/null +++ b/inventory/group_vars/taskotron-dev-clients @@ -0,0 +1,23 @@ +--- +lvm_size: 20000 +mem_size: 4096 +num_cpus: 2 + +slave_user: buildslave +taskotron_fas_user: taskotron +resultsdb_server: http://resultsdb-dev01.qa.fedoraproject.org/resultsdb_api/api/v1.0/ +bodhi_server: http://10.5.124.181/fakefedorainfra/bodhi/ +kojihub_url: http://koji.fedoraproject.org/kojihub +taskotron_master: http://taskotron-dev.fedoraproject.org/taskmaster/ +deployment_type: dev +slave_home: /home/buildslave/ +slave_dir: /home/buildslave/slave +slave_user: buildslave +buildmaster: 10.5.124.181 +buildslave_port: 9989 +tcp_ports: [ "{{ buildslave_port }}" ] +buildslave_private_sshkey_file: dev-buildslave-sshkey/dev_buildslave +buildslave_public_sshkey_file: dev-buildslave-sshkey/dev_buildslave.pub +taskotron_admin_email: taskotron-admin-members@fedoraproject.org +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" +buildmaster_pubkey: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK4M03mLIZ0Wf9CzoJtUfOV8pcSxYLSsd4zxaFovDIHZGZH3ifg5Ocwut6L6lBalR3iepa/9EuFvgosi90WM3iI=" diff --git a/inventory/group_vars/taskotron-prod b/inventory/group_vars/taskotron-prod new file mode 100644 index 0000000000..15516ab8ce --- /dev/null +++ b/inventory/group_vars/taskotron-prod @@ -0,0 +1,28 @@ +--- +grokmirror_basedir: /var/lib/git/mirror +grokmirror_user: grokmirror +grokmirror_repos: + - { name: fedoraqa/rpmlint, url: 'https://bitbucket.org/fedoraqa/task-rpmlint.git'} + - { name: fedoraqa/depcheck, url: 'https://bitbucket.org/fedoraqa/task-depcheck.git'} + - { name: fedoraqa/upgradepath, url: 'https://bitbucket.org/fedoraqa/task-upgradepath.git'} +settings_dir: /etc/taskotron +buildmaster_db_host: db-qa01.qa.fedoraproject.org +buildmaster_db_name: buildmaster +buildmaster_template: taskotron.master.cfg.j2 +buildmaster_endpoint: taskmaster +buildslave_ssh_pubkey: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3Fhg7qUJ1+3N2YficTWQGEPm5JYmqDE7JbnpTTjQixd51r36YJ93sMQV63UOPkVaqPHkzIETUuvWLa/fnDhyYEnLT8mSgCqGViyd93MHYFD+nIzL1OIewKPiVbBdmlDOABD+ROSkC/wAfqJMgleqdDonWC8R0Qo+Y2r4sLMF7dxdPdRe3+WIcvC5YqDUZN/2gfsZ2tnAakZ1sGcX0yPvnpF9FmtRfkNp60OK7NXMLGV7Tayhkib05rGHl0q5dK4/vxKKk/aNgIK7gE3XFF7f+S2PDjvH3q/yby2Z3Wkp61JpVl+RTGz/XKpejUSDkJyQkbIC5+QQFeei58RLDJhzLQ== tflink@lockbox01.phx2.fedoraproject.org' +buildslave_port: 9989 +cgit_root_title: "Taskotron Git Mirror" +buildmaster_dir: /home/buildmaster/master +buildslave_dir: /home/buildslave/slave +master_dir: /home/buildmaster/master +master_user: buildmaster +external_hostname: taskotron.fedoraproject.org +resultsdb_url: http://resultsdb01.qa.fedoraproject.org/resultsdb_api/api/v1.0 +resultsdb_frontend_url: http://resultsdb01.qa.fedoraproject.org/resultsdb +resultsdb_external_url: https://taskotron.fedoraproject.org/resultsdb/ +resultsdb_endpoint: resultsdb +landingpage_title: "Taskotron" +deployment_type: prod +tcp_ports: [ 80, 443, "{{ buildslave_port }}" ] +taskotron_docs_url: https://docs.qadevel.cloud.fedoraproject.org/libtaskotron/latest/ diff --git a/inventory/group_vars/taskotron-prod-clients b/inventory/group_vars/taskotron-prod-clients new file mode 100644 index 0000000000..a26b6f5ded --- /dev/null +++ b/inventory/group_vars/taskotron-prod-clients @@ -0,0 +1,23 @@ +--- +lvm_size: 20000 +mem_size: 4096 +num_cpus: 2 + +slave_user: buildslave +taskotron_fas_user: taskotron +resultsdb_server: http://resultsdb01.qa.fedoraproject.org/resultsdb_api/api/v1.0/ +bodhi_server: http://10.5.124.206/fakefedorainfra/bodhi/ +kojihub_url: http://koji.fedoraproject.org/kojihub +taskotron_master: https://taskotron.fedoraproject.org/taskmaster/ +deployment_type: prod +slave_home: /home/buildslave/ +slave_dir: /home/buildslave/slave +slave_user: buildslave +buildmaster: 10.5.124.206 +buildslave_port: 9989 +tcp_ports: [ "{{ buildslave_port }}" ] +buildslave_private_sshkey_file: prod-buildslave-sshkey/prod_buildslave +buildslave_public_sshkey_file: prod-buildslave-sshkey/prod_buildslave.pub +taskotron_admin_email: taskotron-admin-members@fedoraproject.org +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" +buildmaster_pubkey: 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBM5J0rmopyW96QyCVq5qyRmvsMIevnnPxXRNView1/vFI0ZkmQNeG6KYp0jmXsTDzPMeD4aC1nYIzyLp6OiMjvQ=' diff --git a/inventory/group_vars/taskotron-stg b/inventory/group_vars/taskotron-stg new file mode 100644 index 0000000000..ddfdc1320c --- /dev/null +++ b/inventory/group_vars/taskotron-stg @@ -0,0 +1,32 @@ +--- +grokmirror_basedir: /var/lib/git/mirror +grokmirror_user: grokmirror +grokmirror_repos: + - { name: fedoraqa/rpmlint, url: 'https://bitbucket.org/fedoraqa/task-rpmlint.git'} + - { name: fedoraqa/depcheck, url: 'https://bitbucket.org/fedoraqa/task-depcheck.git'} + - { name: fedoraqa/upgradepath, url: 'https://bitbucket.org/fedoraqa/task-upgradepath.git'} +settings_dir: /etc/taskotron +buildmaster_db_host: db-qa01.qa.fedoraproject.org +buildmaster_db_name: buildmaster_stg +buildmaster_template: taskotron.master.cfg.j2 +buildmaster_endpoint: taskmaster +buildslave_ssh_pubkey: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAm+ClC0VWMBbRvTAzI+1H9jCnlB0xU+8jOKzemq9AdGThysaMPJA1OHSfcLPFvkOUTEj+xLrL3RN+z/XLozJAonTgh0uJmsTKwM/o5v5vxwY5oFENVYfGAEdDrDBFua0zGPHikV7mWTocmiIyYP2BMnNL9ugBTQZex5HQ4BVj6nFySE3ChQxvKTCv7TzJc3OiZuEng6eGN3SWa6kbmBe7eX+Nurw/suF2IwB7if/oTg2P+92zluLCjv0ERiU/ROmiqjUUHmD31dMnA01fqh+I5EMjHc8GOCC9D9CkoKPhbcQRyg4UTw5FGLVu3fqqHm16XQa7Nenwl0n9t+n8qz8Gdw== buildslave@taskotron-stg01.qa.fedoraproject.org' +buildslave_port: 9989 +cgit_root_title: "Taskotron Stg Server Git Mirror" +buildmaster_dir: /home/buildmaster/master +buildslave_dir: /home/buildslave/slave +master_dir: /home/buildmaster/master +master_user: buildmaster +external_hostname: taskotron.stg.fedoraproject.org +resultsdb_url: http://resultsdb-stg01.qa.fedoraproject.org/resultsdb_api/api/v1.0 +resultsdb_frontend_url: http://resultsdb-stg01.qa.fedoraproject.org/ +resultsdb_external_url: https://taskotron.stg.fedoraproject.org/resultsdb/ +resultsdb_endpoint: resultsdb +landingpage_title: "Taskotron Staging" +deployment_type: stg +tcp_ports: [ 80, 443, "{{ buildslave_port }}" ] +fakefedorainfra_db_host: db-qa01.qa.fedoraproject.org +fakefedorainfra_db_name: fakefedorainfra_stg +fakefedorainfra_endpoint: fakefedorainfra +fakefedorainfra_url: https://taskotron.stg.fedoraproject.org/fakefedorainfra +taskotron_docs_url: https://docs.qadevel.cloud.fedoraproject.org/libtaskotron/latest/ diff --git a/inventory/group_vars/taskotron-stg-clients b/inventory/group_vars/taskotron-stg-clients new file mode 100644 index 0000000000..3ad236a5b4 --- /dev/null +++ b/inventory/group_vars/taskotron-stg-clients @@ -0,0 +1,23 @@ +--- +lvm_size: 20000 +mem_size: 4096 +num_cpus: 2 + +slave_user: buildslave +taskotron_fas_user: taskotron +resultsdb_server: http://resultsdb-stg01.qa.fedoraproject.org/resultsdb_api/api/v1.0/ +bodhi_server: http://10.5.124.232/fakefedorainfra/bodhi/ +kojihub_url: http://koji.fedoraproject.org/kojihub +taskotron_master: https://taskotron.stg.fedoraproject.org/taskmaster/ +deployment_type: stg +slave_home: /home/buildslave/ +slave_dir: /home/buildslave/slave +slave_user: buildslave +buildmaster: 10.5.124.232 +buildslave_port: 9989 +tcp_ports: [ "{{ buildslave_port }}" ] +buildslave_private_sshkey_file: stg-buildslave-sshkey/stg_buildslave +buildslave_public_sshkey_file: stg-buildslave-sshkey/stg_buildslave.pub +taskotron_admin_email: taskotron-admin-members@fedoraproject.org +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" +buildmaster_pubkey: 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJJ4xAImruf8x0ghwxfq0DM6S00pSoEhpI1VZiG2DT14xD+eMubFQcUMpoQ3IBs3eaatlwVr2qjM4EEBfds/1Zs=' diff --git a/inventory/group_vars/testcase_stats b/inventory/group_vars/testcase_stats deleted file mode 100644 index 595f8a7214..0000000000 --- a/inventory/group_vars/testcase_stats +++ /dev/null @@ -1 +0,0 @@ -testcase_stats_output_dir: /usr/share/openqa/public/testcase_stats diff --git a/inventory/group_vars/torrent b/inventory/group_vars/torrent deleted file mode 100644 index 2cf2d0cf42..0000000000 --- a/inventory/group_vars/torrent +++ /dev/null @@ -1,35 +0,0 @@ ---- -# Define resources for this group of hosts here. -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-veteran - - sysadmin-web - - torrent-cc - - torrentadmin -ipa_client_sudo_groups: - - sysadmin-web - - torrentadmin -ipa_host_group: torrent -ipa_host_group_desc: BitTorrent trackers -lvm_size: 1500000 -mem_size: 4096 -nrpe_procs_crit: 500 -nrpe_procs_warn: 300 -num_cpus: 2 -primary_auth_source: ipa -tcp_ports: [53, 80, 443, 873, "6881-6999"] -udp_ports: [53] - -notes: | - Torrent master server for Fedora distribution - torrent01 is the master torrent server for Fedora releases - This host relies on: - * The virthost it's hosted on (ibiblio05.fedoraproject.org) - * FAS to authenticate users - * VPN connectivity - - Things that rely on this host: - * If this host is down, Fedora will lose a release distribution channel - * The Apache that displays the torrent website - * This server also has opentracker+ running to gather statistics for our torrent diff --git a/inventory/group_vars/unbound b/inventory/group_vars/unbound new file mode 100644 index 0000000000..65cc771e6e --- /dev/null +++ b/inventory/group_vars/unbound @@ -0,0 +1,9 @@ +--- +lvm_size: 10000 +mem_size: 1024 +num_cpus: 2 + +tcp_ports: [ 80, 443 ] +custom_rules: [ '-A INPUT -p tcp -m tcp -s 209.132.184.0/24 --dport 53 -j ACCEPT', '-A INPUT -p udp -m udp -s 209.132.184.0/24 --dport 53 -j ACCEPT' ] + +fas_client_groups: sysadmin-dns diff --git a/inventory/group_vars/unbound-dns b/inventory/group_vars/unbound-dns new file mode 100644 index 0000000000..3d8f2c30da --- /dev/null +++ b/inventory/group_vars/unbound-dns @@ -0,0 +1,2 @@ +--- +freezes: false diff --git a/inventory/group_vars/value b/inventory/group_vars/value index 9210d77a6d..72d949a66b 100644 --- a/inventory/group_vars/value +++ b/inventory/group_vars/value @@ -1,44 +1,27 @@ --- -# Define resources for this group of hosts here. -# For the MOTD -custom_rules: [ - # Needed for rsync from log01 for logs. - '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', - # Needed to let nagios on noc01 and noc02 pipe alerts to zodbot here - '-A INPUT -p tcp -m tcp -s 10.3.163.10 --dport 5050 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.20 --dport 5050 -j ACCEPT', - # batcave01 also needs access to announce commits. - '-A INPUT -p tcp -m tcp -s 10.3.163.35 --dport 5050 -j ACCEPT'] -nft_custom_rules: - # Needed for rsync from log01 for logs. - - 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept' - # Needed to let nagios on noc01 and noc02 pipe alerts to zodbot here - - 'add rule ip filter INPUT ip saddr 10.3.163.10 tcp dport 5050 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.20 tcp dport 5050 counter accept' - # batcave01 also needs access to announce commits. - - 'add rule ip filter INPUT ip saddr 10.3.163.35 tcp dport 5050 counter accept' -deployment_type: prod -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-mote - - sysadmin-noc - - sysadmin-veteran - - sysadmin-web -ipa_client_sudo_groups: - - sysadmin-mote - - sysadmin-web -ipa_host_group: value -ipa_host_group_desc: "Value added: IRC bots, message logging, etc." +# Define resources for this group of hosts here. lvm_size: 30000 mem_size: 6144 num_cpus: 2 -primary_auth_source: ipa + # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file -tcp_ports: [80, 443] -notes: | - Hosts services which help facilitate communication over IRC and related mediums. - There are a couple things running here. - * zodbot, a supybot instance. See the zodbot SOP for more info. - * mote, a webapp running behind httpd that serves meetbot log files. +tcp_ports: [ 80, 443, 5050, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,fi-apprentice + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: supybot + owner: root + group: daemon diff --git a/inventory/group_vars/value-stg b/inventory/group_vars/value-stg new file mode 100644 index 0000000000..72d949a66b --- /dev/null +++ b/inventory/group_vars/value-stg @@ -0,0 +1,27 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 30000 +mem_size: 6144 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, 5050, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,fi-apprentice + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: supybot + owner: root + group: daemon diff --git a/inventory/group_vars/value_stg b/inventory/group_vars/value_stg deleted file mode 100644 index 166b76c433..0000000000 --- a/inventory/group_vars/value_stg +++ /dev/null @@ -1,45 +0,0 @@ ---- -# Define resources for this group of hosts here. -# For the MOTD -custom_rules: [ - # Neeed for rsync from log01 for logs. - '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', - # Needed to let nagios on noc01 and noc02 (noc01.stg) pipe alerts to zodbot here - '-A INPUT -p tcp -m tcp -s 10.3.163.10 --dport 5050 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.10 --dport 5050 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 152.19.134.192 --dport 5050 -j ACCEPT', - # batcave01 also needs access to announce commits. - '-A INPUT -p tcp -m tcp -s 10.3.163.35 --dport 5050 -j ACCEPT'] -nft_custom_rules: - # Neeed for rsync from log01 for logs. - - 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept' - # Needed to let nagios on noc01 and noc02 (noc01.stg) pipe alerts to zodbot here - - 'add rule ip filter INPUT ip saddr 10.3.163.10 tcp dport 5050 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.10 tcp dport 5050 counter accept' - - 'add rule ip filter INPUT ip saddr 152.19.134.192 tcp dport 5050 counter accept' - # batcave01 also needs access to announce commits. - - 'add rule ip filter INPUT ip saddr 10.3.163.35 tcp dport 5050 counter accept' -deployment_type: stg -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-mote - - sysadmin-noc - - sysadmin-veteran - - sysadmin-web -ipa_client_sudo_groups: - - sysadmin-mote - - sysadmin-web -ipa_host_group: value -ipa_host_group_desc: "Value added: IRC bots, message logging, etc." -lvm_size: 30000 -mem_size: 6144 -num_cpus: 2 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [80, 443] - -notes: | - Hosts staging services which help facilitate communication over IRC and related mediums. - There are a couple things running here. - * ursabot, a supybot instance. See the zodbot SOP for more info. - * fedmsg-irc, our staging fedmsg to IRC relay. 'journalctl -u fedmsg-irc' - * mote, a webapp running behind httpd that serves meetbot log files. diff --git a/inventory/group_vars/virthost b/inventory/group_vars/virthost index d87a060e4f..d7aff060d9 100644 --- a/inventory/group_vars/virthost +++ b/inventory/group_vars/virthost @@ -1,19 +1,2 @@ --- -# iscsi initiator for netapp iscsi volume -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should override them with specific info. -nagios_Check_Services: - raid: true -netapp_nfs01_iscsi_name: iqn.1992-08.com.netapp:sn.1573980325:vf.f88732f4-106e-11e2-bc86-00a098162a28 -# iscsi portal for netapp iscsi volume -netapp_nfs01_iscsi_portal: 10.5.88.36 -nrpe_procs_crit: 1500 -nrpe_procs_warn: 1400 -primary_auth_source: ipa virthost: true - -notes: | - Host guest virtual machines. - - Guests on this host will be inaccessible if the host is down. - This host will be required by any application with a virtual machine running on it, therefore, if this host is down those applications will be impacted. diff --git a/inventory/group_vars/virthost_comm b/inventory/group_vars/virthost_comm deleted file mode 100644 index 62426783b6..0000000000 --- a/inventory/group_vars/virthost_comm +++ /dev/null @@ -1,4 +0,0 @@ ---- -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -virthost: true diff --git a/inventory/group_vars/virthost_communishift b/inventory/group_vars/virthost_communishift deleted file mode 100644 index ea2d1d771c..0000000000 --- a/inventory/group_vars/virthost_communishift +++ /dev/null @@ -1,3 +0,0 @@ ---- -datacenter: cloud -virthost: true diff --git a/inventory/group_vars/wiki b/inventory/group_vars/wiki index 6e80764a73..f16944c851 100644 --- a/inventory/group_vars/wiki +++ b/inventory/group_vars/wiki @@ -1,31 +1,27 @@ --- -# Define resources for this group of hosts here. -deployment_type: prod -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-veteran - - sysadmin-web -ipa_client_sudo_groups: - - sysadmin-web -ipa_host_group: wiki -ipa_host_group_desc: Fedora Wiki +# Define resources for this group of hosts here. lvm_size: 30000 -max_mem_size: 8192 mem_size: 8192 -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" num_cpus: 4 -primary_auth_source: ipa -tcp_ports: [80] + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80 ] +fas_client_groups: sysadmin-noc,fi-apprentice + # mediawiki variables wikiname: "fp" wikipath: "wiki" -wikiver: "mediawiki" wpath: "w" -notes: | - - Provides our wiki - - There are multiple servers that this service requires. All proxy servers and Wiki 1 and 2. - - Wiki requires the proxy servers in order for traffic to pass to them - - If the Apache processes stop on wiki01 and wiki02 the wiki will not display - - The wiki also requires fas for log in purposes +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: mediawiki + owner: root + group: apache + +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid" diff --git a/inventory/group_vars/wiki-stg b/inventory/group_vars/wiki-stg new file mode 100644 index 0000000000..5950013e90 --- /dev/null +++ b/inventory/group_vars/wiki-stg @@ -0,0 +1,27 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 30000 +mem_size: 2048 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80 ] +fas_client_groups: sysadmin-noc,fi-apprentice + +# mediawiki variables +wikiname: "fp" +wikipath: "wiki" +wpath: "w" + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin +- service: mediawiki + owner: root + group: apache + +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid" diff --git a/inventory/group_vars/wiki_stg b/inventory/group_vars/wiki_stg deleted file mode 100644 index f87b60e28a..0000000000 --- a/inventory/group_vars/wiki_stg +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Define resources for this group of hosts here. -deployment_type: stg -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-veteran - - sysadmin-web -ipa_client_sudo_groups: - - sysadmin-web -ipa_host_group: wiki -ipa_host_group_desc: Fedora Wiki -lvm_size: 30000 -mem_size: 4096 -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" -num_cpus: 2 -tcp_ports: [80] -# mediawiki variables -wikiname: "fp" -wikipath: "wiki" -wikiver: "mediawiki" -wpath: "w" diff --git a/inventory/group_vars/zabbix b/inventory/group_vars/zabbix deleted file mode 100644 index 8205951367..0000000000 --- a/inventory/group_vars/zabbix +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Define resources for this group of hosts here. -# For the MOTD -deployment_type: stg -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-veteran - - sysadmin-web -ipa_client_sudo_groups: - - sysadmin-noc -ipa_host_group: zabbix -ipa_host_group_desc: Zabbix Network Monitoring -lvm_size: 100000 -mem_size: 24576 -nagios_Can_Connect: false -nagios_Check_Services: - ping: false -num_cpus: 4 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [80, 443] -notes: Test instanec for zabbix server diff --git a/inventory/group_vars/zabbix_stg b/inventory/group_vars/zabbix_stg deleted file mode 100644 index 45e8e6b26f..0000000000 --- a/inventory/group_vars/zabbix_stg +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Define resources for this group of hosts here. -# For the MOTD -deployment_type: stg -ipa_client_shell_groups: - - fi-apprentice - - sysadmin-noc - - sysadmin-veteran - - sysadmin-web -ipa_client_sudo_groups: - - sysadmin-noc -ipa_host_group: zabbix -ipa_host_group_desc: Zabbix Network Monitoring -lvm_size: 100000 -mem_size: 8192 -nagios_Can_Connect: false -nagios_Check_Services: - ping: false -num_cpus: 2 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -tcp_ports: [80, 443] -notes: Test instance for zabbix server -zabbix_stg_matrix_roomid: "!dODrizXNtqWjiylAyh:fedora.im" diff --git a/inventory/hardware b/inventory/hardware index b447af530e..a139d4a42c 100644 --- a/inventory/hardware +++ b/inventory/hardware @@ -1,158 +1,45 @@ [dells] -osuosl02.fedoraproject.org +download01.phx2.fedoraproject.org +download02.phx2.fedoraproject.org +download03.phx2.fedoraproject.org +download04.phx2.fedoraproject.org +download05.phx2.fedoraproject.org +virthost18.phx2.fedoraproject.org +virthost17.phx2.fedoraproject.org +virthost16.phx2.fedoraproject.org +virthost15.phx2.fedoraproject.org +virthost03.phx2.fedoraproject.org +virthost01.phx2.fedoraproject.org +bvirthost07.phx2.fedoraproject.org +ibiblio04.fedoraproject.org + +[ciscos] +virthost14.phx2.fedoraproject.org +virthost-comm02.qa.fedoraproject.org + +[cisco-ucs] +buildvmhost-10.phx2.fedoraproject.org +buildvmhost-11.phx2.fedoraproject.org +buildvmhost-12.phx2.fedoraproject.org +bvirthost06.phx2.fedoraproject.org +bvirthost08.phx2.fedoraproject.org +bvirthost09.phx2.fedoraproject.org +bvirthost10.phx2.fedoraproject.org +bvirthost11.phx2.fedoraproject.org + +[ibms] +virthost04.phx2.fedoraproject.org +virthost05.phx2.fedoraproject.org +virthost06.phx2.fedoraproject.org +virthost07.phx2.fedoraproject.org +virthost08.phx2.fedoraproject.org +virthost09.phx2.fedoraproject.org +virthost10.phx2.fedoraproject.org +virthost12.phx2.fedoraproject.org +virthost-comm01.qa.fedoraproject.org +bvirthost04.phx2.fedoraproject.org +ibiblio01.fedoraproject.org ibiblio02.fedoraproject.org -ibiblio05.fedoraproject.org -# ssh often disabled -#autosign02.iad2.fedoraproject.org -vmhost-x86-cc01.rdu-cc.fedoraproject.org -vmhost-x86-cc02.rdu-cc.fedoraproject.org -vmhost-x86-cc03.rdu-cc.fedoraproject.org -vmhost-x86-cc05.rdu-cc.fedoraproject.org -vmhost-x86-cc06.rdu-cc.fedoraproject.org -vmhost-x86-copr01.rdu-cc.fedoraproject.org -vmhost-x86-copr02.rdu-cc.fedoraproject.org -vmhost-x86-copr03.rdu-cc.fedoraproject.org -vmhost-x86-copr04.rdu-cc.fedoraproject.org -## Builders IAD -buildhw-x86-01.iad2.fedoraproject.org -buildhw-x86-02.iad2.fedoraproject.org -buildhw-x86-03.iad2.fedoraproject.org -buildhw-x86-04.iad2.fedoraproject.org -buildhw-x86-05.iad2.fedoraproject.org -buildhw-x86-06.iad2.fedoraproject.org -buildhw-x86-07.iad2.fedoraproject.org -buildhw-x86-08.iad2.fedoraproject.org -buildhw-x86-09.iad2.fedoraproject.org -buildhw-x86-10.iad2.fedoraproject.org -buildhw-x86-11.iad2.fedoraproject.org -buildhw-x86-12.iad2.fedoraproject.org -buildhw-x86-13.iad2.fedoraproject.org -buildhw-x86-14.iad2.fedoraproject.org -buildhw-x86-15.iad2.fedoraproject.org -buildhw-x86-16.iad2.fedoraproject.org -bvmhost-x86-01.iad2.fedoraproject.org -bvmhost-x86-02.iad2.fedoraproject.org -bvmhost-x86-03.iad2.fedoraproject.org -bvmhost-x86-04.iad2.fedoraproject.org -bvmhost-x86-05.iad2.fedoraproject.org -bvmhost-x86-06.iad2.fedoraproject.org -bvmhost-x86-07.iad2.fedoraproject.org -bvmhost-x86-01.stg.iad2.fedoraproject.org -bvmhost-x86-02.stg.iad2.fedoraproject.org -bvmhost-x86-03.stg.iad2.fedoraproject.org -bvmhost-x86-05.stg.iad2.fedoraproject.org -bvmhost-x86-01.rdu3.fedoraproject.org -bvmhost-x86-02.rdu3.fedoraproject.org -bvmhost-x86-03.rdu3.fedoraproject.org -bvmhost-x86-04.rdu3.fedoraproject.org -bvmhost-x86-05.rdu3.fedoraproject.org -bvmhost-x86-06.rdu3.fedoraproject.org -bvmhost-x86-01.stg.rdu3.fedoraproject.org -bvmhost-x86-02.stg.rdu3.fedoraproject.org -bvmhost-x86-03.stg.rdu3.fedoraproject.org -## -bkernel01.iad2.fedoraproject.org -bkernel02.iad2.fedoraproject.org -## QA -qvmhost-x86-01.iad2.fedoraproject.org -qvmhost-x86-02.iad2.fedoraproject.org -openqa-x86-worker01.iad2.fedoraproject.org -openqa-x86-worker02.iad2.fedoraproject.org -openqa-x86-worker03.iad2.fedoraproject.org -openqa-x86-worker04.iad2.fedoraproject.org -openqa-x86-worker05.iad2.fedoraproject.org -openqa-x86-worker06.iad2.fedoraproject.org -kernel02.iad2.fedoraproject.org -## Virt -vmhost-x86-01.iad2.fedoraproject.org -vmhost-x86-01.stg.iad2.fedoraproject.org -vmhost-x86-02.iad2.fedoraproject.org -vmhost-x86-02.stg.iad2.fedoraproject.org -vmhost-x86-03.iad2.fedoraproject.org -vmhost-x86-04.iad2.fedoraproject.org -vmhost-x86-05.iad2.fedoraproject.org -vmhost-x86-05.stg.iad2.fedoraproject.org -vmhost-x86-06.iad2.fedoraproject.org -vmhost-x86-06.stg.iad2.fedoraproject.org -vmhost-x86-07.stg.iad2.fedoraproject.org -vmhost-x86-08.stg.iad2.fedoraproject.org -vmhost-x86-08.iad2.fedoraproject.org -vmhost-x86-09.stg.iad2.fedoraproject.org -vmhost-x86-11.stg.iad2.fedoraproject.org -vmhost-x86-12.stg.iad2.fedoraproject.org -worker01.ocp.iad2.fedoraproject.org -worker02.ocp.iad2.fedoraproject.org -worker03.ocp.iad2.fedoraproject.org -worker04.ocp.iad2.fedoraproject.org -worker05.ocp.iad2.fedoraproject.org -worker06.ocp.iad2.fedoraproject.org -worker01.ocp.stg.iad2.fedoraproject.org -worker02.ocp.stg.iad2.fedoraproject.org -worker03.ocp.stg.iad2.fedoraproject.org -worker04.ocp.stg.iad2.fedoraproject.org -worker05.ocp.stg.iad2.fedoraproject.org -vmhost-x86-01.rdu3.fedoraproject.org -vmhost-x86-02.rdu3.fedoraproject.org -vmhost-x86-03.rdu3.fedoraproject.org -vmhost-x86-04.rdu3.fedoraproject.org -vmhost-x86-05.rdu3.fedoraproject.org -vmhost-x86-01.stg.rdu3.fedoraproject.org -vmhost-x86-02.stg.rdu3.fedoraproject.org -vmhost-x86-03.stg.rdu3.fedoraproject.org -vmhost-x86-04.stg.rdu3.fedoraproject.org -vmhost-x86-05.stg.rdu3.fedoraproject.org -sign-vault01.rdu3.fedoraproject.org - -[powerpc] -bvmhost-p09-01.iad2.fedoraproject.org -bvmhost-p09-01.stg.iad2.fedoraproject.org -bvmhost-p09-02.iad2.fedoraproject.org -bvmhost-p09-03.iad2.fedoraproject.org -bvmhost-p09-04.iad2.fedoraproject.org -bvmhost-p09-05.iad2.fedoraproject.org -openqa-p09-worker01.iad2.fedoraproject.org -openqa-p09-worker02.iad2.fedoraproject.org -vmhost-p08-copr01.rdu-cc.fedoraproject.org -vmhost-p08-copr02.rdu-cc.fedoraproject.org -vmhost-p09-copr01.rdu-cc.fedoraproject.org - -[appliedmicro] -bvmhost-a64-01.stg.iad2.fedoraproject.org -openqa-a64-worker01.iad2.fedoraproject.org -openqa-a64-worker02.iad2.fedoraproject.org -openqa-a64-worker03.iad2.fedoraproject.org -openqa-a64-worker05.iad2.fedoraproject.org -openqa-a64-worker06.iad2.fedoraproject.org - -[storinator] -storinator01.rdu-cc.fedoraproject.org - -[aarch64] -buildhw-a64-03.iad2.fedoraproject.org -buildhw-a64-04.iad2.fedoraproject.org -buildhw-a64-05.iad2.fedoraproject.org -buildhw-a64-06.iad2.fedoraproject.org -openqa-a64-worker01.iad2.fedoraproject.org -openqa-a64-worker02.iad2.fedoraproject.org -openqa-a64-worker03.iad2.fedoraproject.org -openqa-a64-worker05.iad2.fedoraproject.org -openqa-a64-worker06.iad2.fedoraproject.org - -[mtsnow] -bvmhost-a64-01.iad2.fedoraproject.org -bvmhost-a64-02.iad2.fedoraproject.org -bvmhost-a64-03.iad2.fedoraproject.org -bvmhost-a64-04.iad2.fedoraproject.org -buildhw-a64-03.iad2.fedoraproject.org -buildhw-a64-04.iad2.fedoraproject.org -buildhw-a64-05.iad2.fedoraproject.org -buildhw-a64-06.iad2.fedoraproject.org -openqa-a64-worker04.iad2.fedoraproject.org - -[hardware:children] -powerpc -dells -appliedmicro -storinator -aarch64 -mtsnow +ibiblio03.fedoraproject.org +osuosl01.fedoraproject.org +osuosl02.fedoraproject.org diff --git a/inventory/host_vars/209.132.184.137 b/inventory/host_vars/209.132.184.137 new file mode 100644 index 0000000000..e59135be6a --- /dev/null +++ b/inventory/host_vars/209.132.184.137 @@ -0,0 +1,10 @@ +--- +instance_type: m1.xlarge +image: "{{ el7b_qcow_id }}" +keypair: fedora-admin-20130801 +security_group: jenkins +zone: nova +hostbase: jenkins-el7b +public_ip: 209.132.184.137 +root_auth_users: pingou +description: jenkins el7b worker/slave diff --git a/inventory/host_vars/209.132.184.142 b/inventory/host_vars/209.132.184.142 new file mode 100644 index 0000000000..91a1977010 --- /dev/null +++ b/inventory/host_vars/209.132.184.142 @@ -0,0 +1,25 @@ +--- +instance_type: m1.xlarge +image: "{{ f20_qcow_id }}" +keypair: fedora-admin-20130801 +security_group: webserver +zone: nova +hostbase: copr-be- +public_ip: 209.132.184.142 +root_auth_users: bkabrda msuchy pingou msuchy sgallagh nb asamalik +description: copr dispatcher and repo server +volumes: ['-d /dev/vdc vol-00000028'] + +tcp_ports: [ 22, 80, 443, +# These 8 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007] + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: root +- service: copr + owner: root + group: copr + diff --git a/inventory/host_vars/209.132.184.143 b/inventory/host_vars/209.132.184.143 new file mode 100644 index 0000000000..49c3c5fcc1 --- /dev/null +++ b/inventory/host_vars/209.132.184.143 @@ -0,0 +1,11 @@ +--- +instance_type: m1.small +image: "{{ el6_qcow_id }}" +keypair: fedora-admin-20130801 +security_group: webserver +zone: nova +hostbase: artboard- +public_ip: 209.132.184.143 +root_auth_users: duffy kevin +description: artboard cloud instance for the fedora art group +volumes: ['-d /dev/vdb vol-00000009'] diff --git a/inventory/host_vars/209.132.184.144 b/inventory/host_vars/209.132.184.144 new file mode 100644 index 0000000000..b45f61445f --- /dev/null +++ b/inventory/host_vars/209.132.184.144 @@ -0,0 +1,11 @@ +--- +instance_type: m1.medium +image: "{{ f20_qcow_id }}" +keypair: fedora-admin-20130801 +security_group: webserver +zone: nova +hostbase: copr-fe- +public_ip: 209.132.184.144 +root_auth_users: bkabrda ryanlerch pingou msuchy sgallagh nb asamalik +description: copr frontend server +volumes: ['-d /dev/vdb vol-0000000f'] diff --git a/inventory/host_vars/209.132.184.146 b/inventory/host_vars/209.132.184.146 new file mode 100644 index 0000000000..277f62e562 --- /dev/null +++ b/inventory/host_vars/209.132.184.146 @@ -0,0 +1,11 @@ +--- +instance_type: m1.large +image: "{{ f20_qcow_id }}" +keypair: fedora-admin-20130801 +security_group: logstash +zone: nova +hostbase: logstash- +public_ip: 209.132.184.146 +root_auth_users: lmacken +description: cloud instance for developing/testing logstash +volumes: ['-d /dev/vdb vol-0000000d'] diff --git a/inventory/host_vars/209.132.184.147 b/inventory/host_vars/209.132.184.147 new file mode 100644 index 0000000000..6d2e867791 --- /dev/null +++ b/inventory/host_vars/209.132.184.147 @@ -0,0 +1,12 @@ +--- +instance_type: m1.small +image: "{{ el6_qcow_id }}" +keypair: fedora-admin-20130801 +security_group: webserver +zone: nova +hostbase: fedocal-dev- +public_ip: 209.132.184.147 +root_auth_users: pingou +description: fedocal dev server +volumes: ['-d /dev/vdb vol-00000010'] + diff --git a/inventory/host_vars/209.132.184.150 b/inventory/host_vars/209.132.184.150 new file mode 120000 index 0000000000..c3328866fa --- /dev/null +++ b/inventory/host_vars/209.132.184.150 @@ -0,0 +1 @@ +209.132.184.144 \ No newline at end of file diff --git a/inventory/host_vars/209.132.184.153 b/inventory/host_vars/209.132.184.153 new file mode 100644 index 0000000000..2bb37e4ccd --- /dev/null +++ b/inventory/host_vars/209.132.184.153 @@ -0,0 +1,11 @@ +--- +instance_type: m1.small +image: "{{ el6_qcow_id }}" +keypair: fedora-admin-20130801 +security_group: jenkins +zone: nova +hostbase: jenkins-master- +public_ip: 209.132.184.153 +root_auth_users: pingou puiterwijk +description: jenkins cloud master +volumes: ['-d /dev/vdb vol-00000011'] diff --git a/inventory/host_vars/209.132.184.157 b/inventory/host_vars/209.132.184.157 new file mode 100644 index 0000000000..0c661e4ac3 --- /dev/null +++ b/inventory/host_vars/209.132.184.157 @@ -0,0 +1,11 @@ +--- +instance_type: m1.large +image: "{{ f19_qcow_id }}" +keypair: fedora-admin-20130801 +security_group: webserver +zone: nova +hostbase: shogun-ca- +public_ip: 209.132.184.157 +root_auth_users: besser82 +description: shogun-ca instance, see ticket 4032, besser82 contact +volumes: ['-d /dev/vdb vol-00000026'] diff --git a/inventory/host_vars/209.132.184.158 b/inventory/host_vars/209.132.184.158 new file mode 100644 index 0000000000..ee690765e4 --- /dev/null +++ b/inventory/host_vars/209.132.184.158 @@ -0,0 +1,10 @@ +--- +instance_type: m1.xlarge +image: "{{ f19_qcow_id }}" +keypair: fedora-admin-20130801 +security_group: jenkins +zone: nova +hostbase: jenkins-f19 +public_ip: 209.132.184.158 +root_auth_users: pingou +description: jenkins f19 worker/slave diff --git a/inventory/host_vars/209.132.184.162 b/inventory/host_vars/209.132.184.162 new file mode 100644 index 0000000000..0bf91956f2 --- /dev/null +++ b/inventory/host_vars/209.132.184.162 @@ -0,0 +1,11 @@ +--- +instance_type: m1.small +image: "{{ el6_qcow_id }}" +keypair: fedora-admin-20130801 +security_group: webserver +zone: nova +hostbase: elections-dev- +public_ip: 209.132.184.162 +root_auth_users: toshio fchiulli +description: cloud instance for developing the next version of the elections app +volumes: ['-d /dev/vdb vol-0000000e'] diff --git a/inventory/host_vars/209.132.184.165 b/inventory/host_vars/209.132.184.165 new file mode 100644 index 0000000000..4281790b8d --- /dev/null +++ b/inventory/host_vars/209.132.184.165 @@ -0,0 +1,10 @@ +--- +instance_type: m1.large +image: "{{ el6_qcow_id }}" +keypair: fedora-admin-20130801 +security_group: jenkins +zone: nova +hostbase: jenkins-el6 +public_ip: 209.132.184.165 +root_auth_users: pingou +description: jenkins el6 worker/slave diff --git a/inventory/host_vars/209.132.184.166 b/inventory/host_vars/209.132.184.166 new file mode 100644 index 0000000000..2ac7e7f660 --- /dev/null +++ b/inventory/host_vars/209.132.184.166 @@ -0,0 +1,10 @@ +--- +instance_type: m1.large +image: "{{ f18_qcow_id }}" +keypair: fedora-admin-20130801 +security_group: jenkins +zone: nova +hostbase: jenkins-f18 +public_ip: 209.132.184.166 +root_auth_users: pingou +description: jenkins f18 worker/slave diff --git a/inventory/host_vars/209.132.184.209 b/inventory/host_vars/209.132.184.209 new file mode 100644 index 0000000000..8806cc02c1 --- /dev/null +++ b/inventory/host_vars/209.132.184.209 @@ -0,0 +1,10 @@ +--- +instance_type: m1.xlarge +image: "{{ f20_qcow_id }}" +keypair: fedora-admin-20130801 +security_group: jenkins +zone: nova +hostbase: jenkins-f20 +public_ip: 209.132.184.209 +root_auth_users: pingou +description: jenkins f20 worker/slave diff --git a/inventory/host_vars/aarch64-test01.fedorainfracloud.org b/inventory/host_vars/aarch64-test01.fedorainfracloud.org deleted file mode 100644 index 9c0bc32780..0000000000 --- a/inventory/host_vars/aarch64-test01.fedorainfracloud.org +++ /dev/null @@ -1,6 +0,0 @@ -datacenter: aws -inventory_hostname: "aarch64-test01.fedorainfracloud.org" -nagios_Check_Services: - swap: false -postfix_group: vpn -public_ip: 34.215.168.74 diff --git a/inventory/host_vars/aarch64-test02.fedorainfracloud.org b/inventory/host_vars/aarch64-test02.fedorainfracloud.org deleted file mode 100644 index fdae26c6e6..0000000000 --- a/inventory/host_vars/aarch64-test02.fedorainfracloud.org +++ /dev/null @@ -1,6 +0,0 @@ -datacenter: aws -inventory_hostname: "aarch64-test02.fedorainfracloud.org" -nagios_Check_Services: - swap: false -postfix_group: vpn -public_ip: 18.237.17.168 diff --git a/inventory/host_vars/ask01.phx2.fedoraproject.org b/inventory/host_vars/ask01.phx2.fedoraproject.org new file mode 100644 index 0000000000..7bf45af874 --- /dev/null +++ b/inventory/host_vars/ask01.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests00 +eth0_ip: 10.5.126.79 +vmhost: virthost06.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/ask01.stg.phx2.fedoraproject.org b/inventory/host_vars/ask01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..d0ff6bdbea --- /dev/null +++ b/inventory/host_vars/ask01.stg.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.80 +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/ask02.phx2.fedoraproject.org b/inventory/host_vars/ask02.phx2.fedoraproject.org new file mode 100644 index 0000000000..8ed13210c2 --- /dev/null +++ b/inventory/host_vars/ask02.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests00 +eth0_ip: 10.5.126.57 +vmhost: virthost14.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/autosign01.iad2.fedoraproject.org b/inventory/host_vars/autosign01.iad2.fedoraproject.org deleted file mode 100644 index a43f2308cd..0000000000 --- a/inventory/host_vars/autosign01.iad2.fedoraproject.org +++ /dev/null @@ -1,33 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eno1_ipv4: 10.3.169.28 -eno1_ipv4_gw: 10.3.169.254 -eno1_ipv4_nm: 24 -eno1_mac: "{{ mac1 }}" -external: false -has_ipv4: yes -mac1: ec:f4:bb:d2:85:48 -mac2: ec:f4:bb:d2:85:4a -mac3: ec:f4:bb:d2:85:4c -mac4: ec:f4:bb:d2:85:4d -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eno1_ipv4 }}/{{ eno1_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eno1_ipv4_gw }}" - mac: "{{ eno1_mac }}" - name: eno1 - state: up - type: ethernet diff --git a/inventory/host_vars/autosign01.phx2.fedoraproject.org b/inventory/host_vars/autosign01.phx2.fedoraproject.org new file mode 100644 index 0000000000..48845589a0 --- /dev/null +++ b/inventory/host_vars/autosign01.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_bvirthost08 +eth0_ip: 10.5.125.21 +vmhost: bvirthost08.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/autosign01.stg.iad2.fedoraproject.org b/inventory/host_vars/autosign01.stg.iad2.fedoraproject.org deleted file mode 100644 index bb8594c6b0..0000000000 --- a/inventory/host_vars/autosign01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,9 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.167.254 -eth0_ipv4_ip: 10.3.167.29 -external: false -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL8-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-8-iad2 -vmhost: bvmhost-x86-05.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/autosign02.iad2.fedoraproject.org b/inventory/host_vars/autosign02.iad2.fedoraproject.org deleted file mode 100644 index bafb339015..0000000000 --- a/inventory/host_vars/autosign02.iad2.fedoraproject.org +++ /dev/null @@ -1,33 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth1_ipv4: 10.3.169.47 -eth1_ipv4_gw: 10.3.169.254 -eth1_ipv4_nm: 24 -eth1_mac: "{{ mac3 }}" -external: false -has_ipv4: yes -mac1: C8:4B:D6:83:16:22 -mac2: C8:4B:D6:83:16:23 -mac3: 6C:FE:54:57:4D:80 -mac4: 6C:FE:54:57:4D:81 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth1_ipv4 }}/{{ eth1_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth1_ipv4_gw }}" - mac: "{{ eth1_mac }}" - name: eth1 - state: up - type: ethernet diff --git a/inventory/host_vars/backup01.iad2.fedoraproject.org b/inventory/host_vars/backup01.iad2.fedoraproject.org deleted file mode 100644 index e613d55ff2..0000000000 --- a/inventory/host_vars/backup01.iad2.fedoraproject.org +++ /dev/null @@ -1,34 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth0_ipv4: 10.3.163.40 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_nm: 24 -eth0_mac: "{{ mac0 }}" -grokmirror_topdir: /fedora_backups/grokmirror -has_ipv4: yes -mac0: 6c:fe:54:57:4d:00 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ eth0_mac }}" - name: eth0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -weblate_backup_topdir: /fedora_backups/misc/weblate diff --git a/inventory/host_vars/backup03.phx2.fedoraproject.org b/inventory/host_vars/backup03.phx2.fedoraproject.org new file mode 100644 index 0000000000..c4dfce6cfc --- /dev/null +++ b/inventory/host_vars/backup03.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +nrpe_procs_warn: 400 +nrpe_procs_crit: 500 +tcp_ports: ['9101', '9102', '9103'] diff --git a/inventory/host_vars/badges-backend01.phx2.fedoraproject.org b/inventory/host_vars/badges-backend01.phx2.fedoraproject.org new file mode 100644 index 0000000000..f8be3a7894 --- /dev/null +++ b/inventory/host_vars/badges-backend01.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests00 +eth0_ip: 10.5.126.100 +vmhost: virthost14.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/badges-backend01.stg.phx2.fedoraproject.org b/inventory/host_vars/badges-backend01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..16fa76ef47 --- /dev/null +++ b/inventory/host_vars/badges-backend01.stg.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.68 +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/badges-web01.phx2.fedoraproject.org b/inventory/host_vars/badges-web01.phx2.fedoraproject.org new file mode 100644 index 0000000000..19f44a7c1b --- /dev/null +++ b/inventory/host_vars/badges-web01.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests00 +eth0_ip: 10.5.126.101 +vmhost: virthost14.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/badges-web01.stg.phx2.fedoraproject.org b/inventory/host_vars/badges-web01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..cd4036c443 --- /dev/null +++ b/inventory/host_vars/badges-web01.stg.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.69 +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/badges-web02.phx2.fedoraproject.org b/inventory/host_vars/badges-web02.phx2.fedoraproject.org new file mode 100644 index 0000000000..5db61afc23 --- /dev/null +++ b/inventory/host_vars/badges-web02.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests00 +eth0_ip: 10.5.126.102 +vmhost: virthost15.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/bastion-comm01.qa.fedoraproject.org b/inventory/host_vars/bastion-comm01.qa.fedoraproject.org new file mode 100644 index 0000000000..3d8f2c30da --- /dev/null +++ b/inventory/host_vars/bastion-comm01.qa.fedoraproject.org @@ -0,0 +1,2 @@ +--- +freezes: false diff --git a/inventory/host_vars/bastion01.iad2.fedoraproject.org b/inventory/host_vars/bastion01.iad2.fedoraproject.org deleted file mode 100644 index 2bb109bb22..0000000000 --- a/inventory/host_vars/bastion01.iad2.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.31 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -ssh_hostnames: - - bastion.fedoraproject.org - - bastion01.fedoraproject.org -vmhost: vmhost-x86-01.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/bastion01.rdu3.fedoraproject.org b/inventory/host_vars/bastion01.rdu3.fedoraproject.org deleted file mode 100644 index 46cd5d9176..0000000000 --- a/inventory/host_vars/bastion01.rdu3.fedoraproject.org +++ /dev/null @@ -1,40 +0,0 @@ ---- -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "fedoraproject.org" -dns_search3: "iad2.fedoraproject.org" -eth0_ipv4_gw: 10.16.163.254 -eth0_ipv4_ip: 10.16.163.31 -eth0_ipv6_gw: 2620:52:6:1121::1 -eth0_ipv6_ip: 2620:52:6:1121:bead:cafe:feed:fed1 -eth0_ipv6_nm: 64 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet - state: up -ssh_hostnames: - - bastion.fedoraproject.org - - bastion01.fedoraproject.org - - bastion-rdu3.fedoraproject.org -vmhost: vmhost-x86-01.rdu3.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/bastion02.iad2.fedoraproject.org b/inventory/host_vars/bastion02.iad2.fedoraproject.org deleted file mode 100644 index 480c154abf..0000000000 --- a/inventory/host_vars/bastion02.iad2.fedoraproject.org +++ /dev/null @@ -1,12 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.32 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -ssh_hostnames: - - bastion.fedoraproject.org - - bastion02.fedoraproject.org -vmhost: vmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/batcave01.iad2.fedoraproject.org b/inventory/host_vars/batcave01.iad2.fedoraproject.org deleted file mode 100644 index 12a5ee4313..0000000000 --- a/inventory/host_vars/batcave01.iad2.fedoraproject.org +++ /dev/null @@ -1,18 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.35 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -sar_output_file: koji.json -#host_backup_targets: ['/git', '/mnt/fedora/app/attachments'] - -# GDPR SAR variables - koji -sar_script: /usr/local/bin/koji_sar.py -sar_script_user: root -# Add VPN host name as alt name for SSH cert. Useful when you need to -# SSH into batcave through VPN, like from bastion in a different DC. -ssh_hostnames: - - batcave01.vpn.fedoraproject.org -vmhost: vmhost-x86-01.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/beaker01.qa.fedoraproject.org b/inventory/host_vars/beaker01.qa.fedoraproject.org new file mode 100644 index 0000000000..6b455fbf83 --- /dev/null +++ b/inventory/host_vars/beaker01.qa.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/Guests00 +eth0_ip: 10.5.124.228 +vmhost: virthost-comm01.qa.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/bkernel01.iad2.fedoraproject.org b/inventory/host_vars/bkernel01.iad2.fedoraproject.org deleted file mode 100644 index da2d5146b1..0000000000 --- a/inventory/host_vars/bkernel01.iad2.fedoraproject.org +++ /dev/null @@ -1,29 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth0_ipv4_ip: 10.3.169.29 -eth0_ipv4_gw: 10.3.169.254 -eth0_mac: "{{ mac0 }}" -has_ipv4: yes -mac0: B4:45:06:FB:84:2E -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ eth0_mac }}" - name: eth0 - state: up - type: ethernet -resolvconf: "resolv.conf/iad2" diff --git a/inventory/host_vars/bkernel02.iad2.fedoraproject.org b/inventory/host_vars/bkernel02.iad2.fedoraproject.org deleted file mode 100644 index 0e6d582a2f..0000000000 --- a/inventory/host_vars/bkernel02.iad2.fedoraproject.org +++ /dev/null @@ -1,30 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth0_ipv4_ip: 10.3.169.30 -eth0_ipv4_gw: 10.3.169.254 -eth0_mac: "{{ mac0 }}" -external: false -has_ipv4: yes -mac0: b4:45:06:fb:83:4e -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ eth0_mac }}" - name: eth0 - state: up - type: ethernet -resolvconf: "resolv.conf/iad2" diff --git a/inventory/host_vars/blockerbugs-dev.cloud.fedoraproject.org b/inventory/host_vars/blockerbugs-dev.cloud.fedoraproject.org new file mode 100644 index 0000000000..929e97e161 --- /dev/null +++ b/inventory/host_vars/blockerbugs-dev.cloud.fedoraproject.org @@ -0,0 +1,13 @@ +--- +instance_type: m1.medium +image: "{{ el6_qcow_id }}" +keypair: fedora-admin +security_group: webserver +zone: nova +hostbase: blockerbugs-dev- +public_ip: 209.132.184.200 +root_auth_users: tflink mkrizek islamgulov +description: blockerbugs-dev +tcp_ports: ['22', '80', '443'] +volumes: ['-d /dev/vdb vol-00000021'] + diff --git a/inventory/host_vars/bodhi-backend01.iad2.fedoraproject.org b/inventory/host_vars/bodhi-backend01.iad2.fedoraproject.org deleted file mode 100644 index f32f9490eb..0000000000 --- a/inventory/host_vars/bodhi-backend01.iad2.fedoraproject.org +++ /dev/null @@ -1,20 +0,0 @@ ---- -# These set a config value, see roles/bodhi2/base/ -bodhi_masher_enabled: True -bodhi_signed_handler_enabled: False -bodhi_updates_handler_enabled: False -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.101 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -max_mem_size: 98304 -mem_size: 98304 -num_cpus: 30 -sar_output_file: bodhi.json -# GDPR SAR variables -sar_script: /usr/bin/bodhi-sar -sar_script_user: apache -virt_install_command: "{{ virt_install_command_one_nic }}" -vmhost: bvmhost-x86-04.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/bodhi-backend01.rdu3.fedoraproject.org b/inventory/host_vars/bodhi-backend01.rdu3.fedoraproject.org deleted file mode 100644 index fdc72f9818..0000000000 --- a/inventory/host_vars/bodhi-backend01.rdu3.fedoraproject.org +++ /dev/null @@ -1,23 +0,0 @@ ---- -# These set a config value, see roles/bodhi2/base/ -bodhi_masher_enabled: True -bodhi_signed_handler_enabled: False -bodhi_updates_handler_enabled: False -datacenter: rdu3 -dns: 10.16.163.33 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -eth0_ipv4_gw: 10.16.169.254 -eth0_ipv4_ip: 10.16.169.101 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -max_mem_size: 98304 -mem_size: 98304 -num_cpus: 30 -sar_output_file: bodhi.json -# GDPR SAR variables -sar_script: /usr/bin/bodhi-sar -sar_script_user: apache -virt_install_command: "{{ virt_install_command_one_nic }}" -vmhost: bvmhost-x86-01.rdu3.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/bodhi-backend01.stg.iad2.fedoraproject.org b/inventory/host_vars/bodhi-backend01.stg.iad2.fedoraproject.org deleted file mode 100644 index fb261806eb..0000000000 --- a/inventory/host_vars/bodhi-backend01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -# These are consumed by a task in roles/fedmsg/base/main.yml -eth0_ipv4_gw: 10.3.167.254 -eth0_ipv4_ip: 10.3.167.32 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -vmhost: bvmhost-x86-03.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/bodhi.dev.fedoraproject.org b/inventory/host_vars/bodhi.dev.fedoraproject.org new file mode 100644 index 0000000000..afa45a0fc2 --- /dev/null +++ b/inventory/host_vars/bodhi.dev.fedoraproject.org @@ -0,0 +1,11 @@ +--- +instance_type: m1.medium +image: "{{ el6_qcow_id }}" +keypair: fedora-admin-20130801 +security_group: webserver +zone: nova +hostbase: bodhi.dev +public_ip: 209.132.184.215 +root_auth_users: lmacken +description: bodhi2 dev instance +tcp_ports: ['22', '443'] diff --git a/inventory/host_vars/bodhi01.phx2.fedoraproject.org b/inventory/host_vars/bodhi01.phx2.fedoraproject.org new file mode 100644 index 0000000000..44886f2969 --- /dev/null +++ b/inventory/host_vars/bodhi01.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_virthost01 +eth0_ip: 10.5.126.110 +vmhost: virthost01.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/bodhi01.stg.phx2.fedoraproject.org b/inventory/host_vars/bodhi01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..0c22cb5f31 --- /dev/null +++ b/inventory/host_vars/bodhi01.stg.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.166 +vmhost: virthost10.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/bodhi02.phx2.fedoraproject.org b/inventory/host_vars/bodhi02.phx2.fedoraproject.org new file mode 100644 index 0000000000..4b965f5dee --- /dev/null +++ b/inventory/host_vars/bodhi02.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_virthost03 +eth0_ip: 10.5.126.165 +vmhost: virthost03.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/bootstrap.ocp.iad2.fedoraproject.org b/inventory/host_vars/bootstrap.ocp.iad2.fedoraproject.org deleted file mode 100644 index 2b0f855aee..0000000000 --- a/inventory/host_vars/bootstrap.ocp.iad2.fedoraproject.org +++ /dev/null @@ -1,47 +0,0 @@ ---- -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.163.126 -eth0_ipv4_gw: 10.3.163.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -lvm_size: 120g -mac0: "{{ ansible_default_ipv4.macaddress }}" -max_mem_size: 24576 -mem_size: 24576 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 4 -rhcos_ignition_file_url: "http://10.3.163.65/rhcos/bootstrap.ign" -rhcos_install_img_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.163.65/rhcos/" -virt_install_command: "{{ virt_install_command_pxe_rhcos }}" -vmhost: vmhost-x86-04.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/bootstrap.ocp.rdu3.fedoraproject.org b/inventory/host_vars/bootstrap.ocp.rdu3.fedoraproject.org deleted file mode 100644 index 22d18281d6..0000000000 --- a/inventory/host_vars/bootstrap.ocp.rdu3.fedoraproject.org +++ /dev/null @@ -1,47 +0,0 @@ ---- -datacenter: rdu3 -dns: 10.16.163.33 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4_ip: 10.16.163.126 -eth0_ipv4_gw: 10.16.163.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -lvm_size: 120g -mac0: "{{ ansible_default_ipv4.macaddress }}" -max_mem_size: 32768 -mem_size: 32768 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 6 -rhcos_ignition_file_url: "http://10.16.163.65/rhcos/bootstrap.ign" -rhcos_install_img_url: "http://10.16.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.16.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.16.163.65/rhcos/" -virt_install_command: "{{ virt_install_command_pxe_rhcos }}" -vmhost: vmhost-x86-03.rdu3.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/bootstrap.ocp.stg.iad2.fedoraproject.org b/inventory/host_vars/bootstrap.ocp.stg.iad2.fedoraproject.org deleted file mode 100644 index ac29f65e74..0000000000 --- a/inventory/host_vars/bootstrap.ocp.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,24 +0,0 @@ ---- -datacenter: iad2 -dns: "{{ dns1 }}" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.166.121 -eth0_ipv4_gw: 10.3.166.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -lvm_size: 120g -max_mem_size: 24576 -mem_size: 24576 -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 4 -rhcos_ignition_file_url: "http://10.3.166.50/rhcos/bootstrap.ign" -rhcos_install_img_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.166.50/rhcos/" -virt_install_command: "{{ virt_install_command_pxe_rhcos }}" -vmhost: vmhost-x86-05.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/branched-composer.phx2.fedoraproject.org b/inventory/host_vars/branched-composer.phx2.fedoraproject.org new file mode 100644 index 0000000000..51c4478456 --- /dev/null +++ b/inventory/host_vars/branched-composer.phx2.fedoraproject.org @@ -0,0 +1,5 @@ +--- +vmhost: bvirthost08.phx2.fedoraproject.org +eth0_ip: 10.5.125.66 +eth1_ip: 10.5.127.53 +volgroup: /dev/vg_bvirthost08 diff --git a/inventory/host_vars/bugzilla2fedmsg01.phx2.fedoraproject.org b/inventory/host_vars/bugzilla2fedmsg01.phx2.fedoraproject.org new file mode 100644 index 0000000000..f48a6a9625 --- /dev/null +++ b/inventory/host_vars/bugzilla2fedmsg01.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +volgroup: /dev/vg_virthost +vmhost: virthost17.phx2.fedoraproject.org +datacenter: phx2 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.126.249 diff --git a/inventory/host_vars/bugzilla2fedmsg01.stg.phx2.fedoraproject.org b/inventory/host_vars/bugzilla2fedmsg01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..ebe70e291b --- /dev/null +++ b/inventory/host_vars/bugzilla2fedmsg01.stg.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +volgroup: /dev/vg_virthost16 +vmhost: virthost16.phx2.fedoraproject.org +datacenter: phx2 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.126.84 diff --git a/inventory/host_vars/buildhw-a64-03.iad2.fedoraproject.org b/inventory/host_vars/buildhw-a64-03.iad2.fedoraproject.org deleted file mode 100644 index 92d41fd551..0000000000 --- a/inventory/host_vars/buildhw-a64-03.iad2.fedoraproject.org +++ /dev/null @@ -1,33 +0,0 @@ ---- -datacenter: iad2 -eth1_ip: 10.3.170.123 -eth1_ipv4_gw: 10.3.170.254 -gw: 10.3.170.254 -network_connections: - - autoconnect: no - mac: d8:5e:d3:8b:5f:70 - name: eth0 - type: ethernet - - autoconnect: no - mac: d8:5e:d3:8b:5f:71 - name: eth1 - type: ethernet - - autoconnect: yes - ip: - address: 10.3.170.123/24 - dhcp4: no - dns: - - 10.3.163.33 - - 10.3.163.34 - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: 10.3.170.254 - mac: 0c:42:a1:4a:0b:f4 - name: eth2 - state: up - type: ethernet - - autoconnect: no - mac: 0c:42:a1:4a:0b:f5 - name: eth3 - type: ethernet diff --git a/inventory/host_vars/buildhw-a64-04.iad2.fedoraproject.org b/inventory/host_vars/buildhw-a64-04.iad2.fedoraproject.org deleted file mode 100644 index 41c3b37d7a..0000000000 --- a/inventory/host_vars/buildhw-a64-04.iad2.fedoraproject.org +++ /dev/null @@ -1,33 +0,0 @@ ---- -datacenter: iad2 -eth1_ip: 10.3.170.124 -eth1_ipv4_gw: 10.3.170.254 -gw: 10.3.170.254 -network_connections: - - autoconnect: no - mac: d8:5e:d3:8b:5d:d8 - name: eth0 - type: ethernet - - autoconnect: no - mac: d8:5e:d3:8b:5d:d9 - name: eth1 - type: ethernet - - autoconnect: yes - ip: - address: 10.3.170.124/24 - dhcp4: no - dns: - - 10.3.163.33 - - 10.3.163.34 - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: 10.3.170.254 - mac: 0c:42:a1:49:9b:d0 - name: eth2 - state: up - type: ethernet - - autoconnect: no - mac: 0c:42:a1:49:9b:d1 - name: eth3 - type: ethernet diff --git a/inventory/host_vars/buildhw-a64-05.iad2.fedoraproject.org b/inventory/host_vars/buildhw-a64-05.iad2.fedoraproject.org deleted file mode 100644 index 9f96a47840..0000000000 --- a/inventory/host_vars/buildhw-a64-05.iad2.fedoraproject.org +++ /dev/null @@ -1,33 +0,0 @@ ---- -datacenter: iad2 -eth1_ip: 10.3.170.125 -eth1_ipv4_gw: 10.3.170.254 -gw: 10.3.170.254 -network_connections: - - autoconnect: no - mac: d8:5e:d3:8b:89:6c - name: eth0 - type: ethernet - - autoconnect: no - mac: d8:5e:d3:8b:89:6d - name: eth1 - type: ethernet - - autoconnect: yes - ip: - address: 10.3.170.125/24 - dhcp4: no - dns: - - 10.3.163.33 - - 10.3.163.34 - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: 10.3.170.254 - mac: 0c:42:a1:5a:00:b8 - name: eth2 - state: up - type: ethernet - - autoconnect: no - mac: 0c:42:a1:5a:00:b9 - name: eth3 - type: ethernet diff --git a/inventory/host_vars/buildhw-a64-06.iad2.fedoraproject.org b/inventory/host_vars/buildhw-a64-06.iad2.fedoraproject.org deleted file mode 100644 index f30f067e47..0000000000 --- a/inventory/host_vars/buildhw-a64-06.iad2.fedoraproject.org +++ /dev/null @@ -1,33 +0,0 @@ ---- -datacenter: iad2 -eth1_ip: 10.3.170.126 -eth1_ipv4_gw: 10.3.170.254 -gw: 10.3.170.254 -network_connections: - - autoconnect: no - mac: d8:5e:d3:8b:5f:38 - name: eth0 - type: ethernet - - autoconnect: no - mac: d8:5e:d3:8b:5f:39 - name: eth1 - type: ethernet - - autoconnect: yes - ip: - address: 10.3.170.126/24 - dhcp4: no - dns: - - 10.3.163.33 - - 10.3.163.34 - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: 10.3.170.254 - mac: 0c:42:a1:45:6c:fc - name: eth2 - state: up - type: ethernet - - autoconnect: no - mac: 0c:42:a1:45:6c:fd - name: eth3 - type: ethernet diff --git a/inventory/host_vars/buildhw-x86-01.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-01.iad2.fedoraproject.org deleted file mode 100644 index 93351897e2..0000000000 --- a/inventory/host_vars/buildhw-x86-01.iad2.fedoraproject.org +++ /dev/null @@ -1,30 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -eth0_ipv4: 10.3.169.31 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: 14:9e:cf:61:9e:61 -mac1: 14:9e:cf:61:9e:64 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet diff --git a/inventory/host_vars/buildhw-x86-02.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-02.iad2.fedoraproject.org deleted file mode 100644 index 15362138b1..0000000000 --- a/inventory/host_vars/buildhw-x86-02.iad2.fedoraproject.org +++ /dev/null @@ -1,34 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4: 10.3.169.32 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: 14:9e:cf:61:9f:4f -mac1: 14:9e:cf:61:9f:52 -network_connections: - - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - persistent_state: present - state: up - type: ethernet - - autoconnect: yes - mac: "{{ mac1 }}" - name: eth1 - persistent_state: present - state: down - type: ethernet diff --git a/inventory/host_vars/buildhw-x86-03.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-03.iad2.fedoraproject.org deleted file mode 100644 index 309250c182..0000000000 --- a/inventory/host_vars/buildhw-x86-03.iad2.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4: 10.3.169.33 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: 14:9e:cf:61:9e:c9 -mac1: 14:9e:cf:61:9e:cc -network_connections: - - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - autoconnect: yes - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet diff --git a/inventory/host_vars/buildhw-x86-04.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-04.iad2.fedoraproject.org deleted file mode 100644 index 80819a35c2..0000000000 --- a/inventory/host_vars/buildhw-x86-04.iad2.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4: 10.3.169.34 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: 14:9e:cf:61:a5:07 -mac1: 14:9e:cf:61:a5:0a -network_connections: - - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - autoconnect: yes - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet diff --git a/inventory/host_vars/buildhw-x86-05.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-05.iad2.fedoraproject.org deleted file mode 100644 index e65f5a0cc6..0000000000 --- a/inventory/host_vars/buildhw-x86-05.iad2.fedoraproject.org +++ /dev/null @@ -1,33 +0,0 @@ ---- -datacenter: iad2 -dns: 10.3.163.33 -dns1: 10.3.163.33 -eth0_ip: 10.3.169.35 -eth0_ipv4: 10.3.169.35 -eth0_ipv4_gw: 10.3.169.254 -eth1_off: true -gw: 10.3.169.254 -mac0: 14:9e:cf:61:9e:7b -mac1: 14:9e:cf:61:9e:7e -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet -nm: 255.255.255.0 diff --git a/inventory/host_vars/buildhw-x86-06.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-06.iad2.fedoraproject.org deleted file mode 100644 index 9cba3ef912..0000000000 --- a/inventory/host_vars/buildhw-x86-06.iad2.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4: 10.3.169.36 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: 14:9e:cf:61:a0:bd -mac1: 14:9e:cf:61:a0:c0 -network_connections: - - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - autoconnect: yes - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet diff --git a/inventory/host_vars/buildhw-x86-07.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-07.iad2.fedoraproject.org deleted file mode 100644 index 4b755380be..0000000000 --- a/inventory/host_vars/buildhw-x86-07.iad2.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4: 10.3.169.37 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: 14:9e:cf:61:9e:e3 -mac1: 14:9e:cf:61:9e:e6 -network_connections: - - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - autoconnect: yes - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet diff --git a/inventory/host_vars/buildhw-x86-08.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-08.iad2.fedoraproject.org deleted file mode 100644 index 51e17059e6..0000000000 --- a/inventory/host_vars/buildhw-x86-08.iad2.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4: 10.3.169.38 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: 14:9e:cf:61:a6:75 -mac1: 14:9e:cf:61:a6:78 -network_connections: - - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - autoconnect: yes - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet diff --git a/inventory/host_vars/buildhw-x86-09.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-09.iad2.fedoraproject.org deleted file mode 100644 index 415a2a7cf6..0000000000 --- a/inventory/host_vars/buildhw-x86-09.iad2.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4: 10.3.169.39 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: f8:ca:b8:f7:26:e1 -mac1: f8:ca:b8:f7:26:e4 -network_connections: - - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - autoconnect: yes - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet diff --git a/inventory/host_vars/buildhw-x86-10.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-10.iad2.fedoraproject.org deleted file mode 100644 index f8ddaf2826..0000000000 --- a/inventory/host_vars/buildhw-x86-10.iad2.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4: 10.3.169.40 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: f8:ca:b8:f7:27:cf -mac1: f8:ca:b8:f7:27:d2 -network_connections: - - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - autoconnect: yes - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet diff --git a/inventory/host_vars/buildhw-x86-11.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-11.iad2.fedoraproject.org deleted file mode 100644 index 41cf9f2dd6..0000000000 --- a/inventory/host_vars/buildhw-x86-11.iad2.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4: 10.3.169.41 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: f8:ca:b8:f7:27:63 -mac1: f8:ca:b8:f7:27:66 -network_connections: - - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - autoconnect: yes - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet diff --git a/inventory/host_vars/buildhw-x86-12.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-12.iad2.fedoraproject.org deleted file mode 100644 index ee35ca5168..0000000000 --- a/inventory/host_vars/buildhw-x86-12.iad2.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4: 10.3.169.42 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: f8:ca:b8:f7:2e:f5 -mac1: f8:ca:b8:f7:2e:f8 -network_connections: - - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - autoconnect: yes - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet diff --git a/inventory/host_vars/buildhw-x86-13.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-13.iad2.fedoraproject.org deleted file mode 100644 index 4efecb0a0f..0000000000 --- a/inventory/host_vars/buildhw-x86-13.iad2.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4: 10.3.169.43 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: f8:ca:b8:f7:27:49 -mac1: f8:ca:b8:f7:27:4c -network_connections: - - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - autoconnect: yes - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet diff --git a/inventory/host_vars/buildhw-x86-14.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-14.iad2.fedoraproject.org deleted file mode 100644 index 406210a081..0000000000 --- a/inventory/host_vars/buildhw-x86-14.iad2.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4: 10.3.169.44 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: f8:ca:b8:f7:2d:87 -mac1: f8:ca:b8:f7:2d:8a -network_connections: - - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - autoconnect: yes - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet diff --git a/inventory/host_vars/buildhw-x86-15.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-15.iad2.fedoraproject.org deleted file mode 100644 index b1eefdf863..0000000000 --- a/inventory/host_vars/buildhw-x86-15.iad2.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4: 10.3.169.45 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: f8:ca:b8:f7:26:fb -mac1: f8:ca:b8:f7:26:fe -network_connections: - - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - autoconnect: yes - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet diff --git a/inventory/host_vars/buildhw-x86-16.iad2.fedoraproject.org b/inventory/host_vars/buildhw-x86-16.iad2.fedoraproject.org deleted file mode 100644 index 08cc65044a..0000000000 --- a/inventory/host_vars/buildhw-x86-16.iad2.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -eth0_ipv4: 10.3.169.46 -eth0_ipv4_gw: 10.3.169.254 -has_ipv4: yes -has_ipv6: no -mac0: f8:ca:b8:f7:29:3d -mac1: f8:ca:b8:f7:29:40 -network_connections: - - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - mtu: 9000 - state: up - type: ethernet - - autoconnect: yes - mac: "{{ mac1 }}" - name: eth1 - state: down - type: ethernet diff --git a/inventory/host_vars/buildvm-01.phx2.fedoraproject.org b/inventory/host_vars/buildvm-01.phx2.fedoraproject.org new file mode 100644 index 0000000000..e205b72230 --- /dev/null +++ b/inventory/host_vars/buildvm-01.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-10.phx2.fedoraproject.org +eth0_ip: 10.5.125.98 +eth1_ip: 10.5.127.158 diff --git a/inventory/host_vars/buildvm-01.stg.phx2.fedoraproject.org b/inventory/host_vars/buildvm-01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..a686346c09 --- /dev/null +++ b/inventory/host_vars/buildvm-01.stg.phx2.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: virthost16.phx2.fedoraproject.org +eth0_ip: 10.5.126.14 diff --git a/inventory/host_vars/buildvm-02.phx2.fedoraproject.org b/inventory/host_vars/buildvm-02.phx2.fedoraproject.org new file mode 100644 index 0000000000..c6c069b992 --- /dev/null +++ b/inventory/host_vars/buildvm-02.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-10.phx2.fedoraproject.org +eth0_ip: 10.5.125.99 +eth1_ip: 10.5.127.159 diff --git a/inventory/host_vars/buildvm-03.phx2.fedoraproject.org b/inventory/host_vars/buildvm-03.phx2.fedoraproject.org new file mode 100644 index 0000000000..4bd899dc33 --- /dev/null +++ b/inventory/host_vars/buildvm-03.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-10.phx2.fedoraproject.org +eth0_ip: 10.5.125.100 +eth1_ip: 10.5.127.160 diff --git a/inventory/host_vars/buildvm-04.phx2.fedoraproject.org b/inventory/host_vars/buildvm-04.phx2.fedoraproject.org new file mode 100644 index 0000000000..2122422ff7 --- /dev/null +++ b/inventory/host_vars/buildvm-04.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-10.phx2.fedoraproject.org +eth0_ip: 10.5.125.101 +eth1_ip: 10.5.127.161 diff --git a/inventory/host_vars/buildvm-05.phx2.fedoraproject.org b/inventory/host_vars/buildvm-05.phx2.fedoraproject.org new file mode 100644 index 0000000000..a6a7c07519 --- /dev/null +++ b/inventory/host_vars/buildvm-05.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-10.phx2.fedoraproject.org +eth0_ip: 10.5.125.102 +eth1_ip: 10.5.127.162 diff --git a/inventory/host_vars/buildvm-06.phx2.fedoraproject.org b/inventory/host_vars/buildvm-06.phx2.fedoraproject.org new file mode 100644 index 0000000000..cb3bd6680f --- /dev/null +++ b/inventory/host_vars/buildvm-06.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-10.phx2.fedoraproject.org +eth0_ip: 10.5.125.103 +eth1_ip: 10.5.127.163 diff --git a/inventory/host_vars/buildvm-07.phx2.fedoraproject.org b/inventory/host_vars/buildvm-07.phx2.fedoraproject.org new file mode 100644 index 0000000000..4db80e669b --- /dev/null +++ b/inventory/host_vars/buildvm-07.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-10.phx2.fedoraproject.org +eth0_ip: 10.5.125.104 +eth1_ip: 10.5.127.164 diff --git a/inventory/host_vars/buildvm-08.phx2.fedoraproject.org b/inventory/host_vars/buildvm-08.phx2.fedoraproject.org new file mode 100644 index 0000000000..2c61a45176 --- /dev/null +++ b/inventory/host_vars/buildvm-08.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-10.phx2.fedoraproject.org +eth0_ip: 10.5.125.105 +eth1_ip: 10.5.127.165 diff --git a/inventory/host_vars/buildvm-09.phx2.fedoraproject.org b/inventory/host_vars/buildvm-09.phx2.fedoraproject.org new file mode 100644 index 0000000000..0ee7d97631 --- /dev/null +++ b/inventory/host_vars/buildvm-09.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-10.phx2.fedoraproject.org +eth0_ip: 10.5.125.106 +eth1_ip: 10.5.127.166 diff --git a/inventory/host_vars/buildvm-10.phx2.fedoraproject.org b/inventory/host_vars/buildvm-10.phx2.fedoraproject.org new file mode 100644 index 0000000000..b1cae63f3b --- /dev/null +++ b/inventory/host_vars/buildvm-10.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-11.phx2.fedoraproject.org +eth0_ip: 10.5.125.107 +eth1_ip: 10.5.127.167 diff --git a/inventory/host_vars/buildvm-11.phx2.fedoraproject.org b/inventory/host_vars/buildvm-11.phx2.fedoraproject.org new file mode 100644 index 0000000000..7911113ea5 --- /dev/null +++ b/inventory/host_vars/buildvm-11.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-11.phx2.fedoraproject.org +eth0_ip: 10.5.125.108 +eth1_ip: 10.5.127.168 diff --git a/inventory/host_vars/buildvm-12.phx2.fedoraproject.org b/inventory/host_vars/buildvm-12.phx2.fedoraproject.org new file mode 100644 index 0000000000..5324dff556 --- /dev/null +++ b/inventory/host_vars/buildvm-12.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-11.phx2.fedoraproject.org +eth0_ip: 10.5.125.109 +eth1_ip: 10.5.127.169 diff --git a/inventory/host_vars/buildvm-13.phx2.fedoraproject.org b/inventory/host_vars/buildvm-13.phx2.fedoraproject.org new file mode 100644 index 0000000000..605b54b85e --- /dev/null +++ b/inventory/host_vars/buildvm-13.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-11.phx2.fedoraproject.org +eth0_ip: 10.5.125.110 +eth1_ip: 10.5.127.170 diff --git a/inventory/host_vars/buildvm-14.phx2.fedoraproject.org b/inventory/host_vars/buildvm-14.phx2.fedoraproject.org new file mode 100644 index 0000000000..a5e0e1cc86 --- /dev/null +++ b/inventory/host_vars/buildvm-14.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-11.phx2.fedoraproject.org +eth0_ip: 10.5.125.111 +eth1_ip: 10.5.127.171 diff --git a/inventory/host_vars/buildvm-15.phx2.fedoraproject.org b/inventory/host_vars/buildvm-15.phx2.fedoraproject.org new file mode 100644 index 0000000000..cf5501a2d7 --- /dev/null +++ b/inventory/host_vars/buildvm-15.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-11.phx2.fedoraproject.org +eth0_ip: 10.5.125.112 +eth1_ip: 10.5.127.172 diff --git a/inventory/host_vars/buildvm-16.phx2.fedoraproject.org b/inventory/host_vars/buildvm-16.phx2.fedoraproject.org new file mode 100644 index 0000000000..c75344011f --- /dev/null +++ b/inventory/host_vars/buildvm-16.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-11.phx2.fedoraproject.org +eth0_ip: 10.5.125.113 +eth1_ip: 10.5.127.173 diff --git a/inventory/host_vars/buildvm-17.phx2.fedoraproject.org b/inventory/host_vars/buildvm-17.phx2.fedoraproject.org new file mode 100644 index 0000000000..3f1dca242d --- /dev/null +++ b/inventory/host_vars/buildvm-17.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-11.phx2.fedoraproject.org +eth0_ip: 10.5.125.140 +eth1_ip: 10.5.127.174 diff --git a/inventory/host_vars/buildvm-18.phx2.fedoraproject.org b/inventory/host_vars/buildvm-18.phx2.fedoraproject.org new file mode 100644 index 0000000000..f3ed46083b --- /dev/null +++ b/inventory/host_vars/buildvm-18.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-11.phx2.fedoraproject.org +eth0_ip: 10.5.125.141 +eth1_ip: 10.5.127.175 diff --git a/inventory/host_vars/buildvm-19.phx2.fedoraproject.org b/inventory/host_vars/buildvm-19.phx2.fedoraproject.org new file mode 100644 index 0000000000..22d856f32a --- /dev/null +++ b/inventory/host_vars/buildvm-19.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-12.phx2.fedoraproject.org +eth0_ip: 10.5.125.142 +eth1_ip: 10.5.127.176 diff --git a/inventory/host_vars/buildvm-20.phx2.fedoraproject.org b/inventory/host_vars/buildvm-20.phx2.fedoraproject.org new file mode 100644 index 0000000000..37947f9009 --- /dev/null +++ b/inventory/host_vars/buildvm-20.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-12.phx2.fedoraproject.org +eth0_ip: 10.5.125.143 +eth1_ip: 10.5.127.177 diff --git a/inventory/host_vars/buildvm-21.phx2.fedoraproject.org b/inventory/host_vars/buildvm-21.phx2.fedoraproject.org new file mode 100644 index 0000000000..3557b72cc9 --- /dev/null +++ b/inventory/host_vars/buildvm-21.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-12.phx2.fedoraproject.org +eth0_ip: 10.5.125.144 +eth1_ip: 10.5.127.178 diff --git a/inventory/host_vars/buildvm-22.phx2.fedoraproject.org b/inventory/host_vars/buildvm-22.phx2.fedoraproject.org new file mode 100644 index 0000000000..03c7db1ff1 --- /dev/null +++ b/inventory/host_vars/buildvm-22.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-12.phx2.fedoraproject.org +eth0_ip: 10.5.125.145 +eth1_ip: 10.5.127.179 diff --git a/inventory/host_vars/buildvm-23.phx2.fedoraproject.org b/inventory/host_vars/buildvm-23.phx2.fedoraproject.org new file mode 100644 index 0000000000..ee737c5bd6 --- /dev/null +++ b/inventory/host_vars/buildvm-23.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-12.phx2.fedoraproject.org +eth0_ip: 10.5.125.146 +eth1_ip: 10.5.127.180 diff --git a/inventory/host_vars/buildvm-24.phx2.fedoraproject.org b/inventory/host_vars/buildvm-24.phx2.fedoraproject.org new file mode 100644 index 0000000000..0141fac705 --- /dev/null +++ b/inventory/host_vars/buildvm-24.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-12.phx2.fedoraproject.org +eth0_ip: 10.5.125.147 +eth1_ip: 10.5.127.181 diff --git a/inventory/host_vars/buildvm-25.phx2.fedoraproject.org b/inventory/host_vars/buildvm-25.phx2.fedoraproject.org new file mode 100644 index 0000000000..9c0b206303 --- /dev/null +++ b/inventory/host_vars/buildvm-25.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-12.phx2.fedoraproject.org +eth0_ip: 10.5.125.148 +eth1_ip: 10.5.127.182 diff --git a/inventory/host_vars/buildvm-26.phx2.fedoraproject.org b/inventory/host_vars/buildvm-26.phx2.fedoraproject.org new file mode 100644 index 0000000000..d216ab2911 --- /dev/null +++ b/inventory/host_vars/buildvm-26.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-12.phx2.fedoraproject.org +eth0_ip: 10.5.125.149 +eth1_ip: 10.5.127.183 diff --git a/inventory/host_vars/buildvm-27.phx2.fedoraproject.org b/inventory/host_vars/buildvm-27.phx2.fedoraproject.org new file mode 100644 index 0000000000..1f336ed2ee --- /dev/null +++ b/inventory/host_vars/buildvm-27.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +--- +vmhost: buildvmhost-12.phx2.fedoraproject.org +eth0_ip: 10.5.125.150 +eth1_ip: 10.5.127.184 diff --git a/inventory/host_vars/buildvm-a64-01.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-01.iad2.fedoraproject.org deleted file mode 100644 index 547ed6fc44..0000000000 --- a/inventory/host_vars/buildvm-a64-01.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.91 -vmhost: bvmhost-a64-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-01.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-01.stg.iad2.fedoraproject.org deleted file mode 100644 index 5e0485156e..0000000000 --- a/inventory/host_vars/buildvm-a64-01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.167.45 -vmhost: bvmhost-a64-01.stg.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-02.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-02.iad2.fedoraproject.org deleted file mode 100644 index 35f51def37..0000000000 --- a/inventory/host_vars/buildvm-a64-02.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.92 -vmhost: bvmhost-a64-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-02.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-02.stg.iad2.fedoraproject.org deleted file mode 100644 index 29a616c73b..0000000000 --- a/inventory/host_vars/buildvm-a64-02.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.167.52 -vmhost: bvmhost-a64-01.stg.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-03.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-03.iad2.fedoraproject.org deleted file mode 100644 index 94f0a0ec55..0000000000 --- a/inventory/host_vars/buildvm-a64-03.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.93 -vmhost: bvmhost-a64-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-04.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-04.iad2.fedoraproject.org deleted file mode 100644 index 1ff276a6d0..0000000000 --- a/inventory/host_vars/buildvm-a64-04.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.94 -vmhost: bvmhost-a64-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-05.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-05.iad2.fedoraproject.org deleted file mode 100644 index 5addd8d6fe..0000000000 --- a/inventory/host_vars/buildvm-a64-05.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.95 -vmhost: bvmhost-a64-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-06.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-06.iad2.fedoraproject.org deleted file mode 100644 index 31227aef2a..0000000000 --- a/inventory/host_vars/buildvm-a64-06.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.96 -vmhost: bvmhost-a64-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-07.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-07.iad2.fedoraproject.org deleted file mode 100644 index c6f84c9704..0000000000 --- a/inventory/host_vars/buildvm-a64-07.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.97 -vmhost: bvmhost-a64-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-08.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-08.iad2.fedoraproject.org deleted file mode 100644 index 63c47ee6fd..0000000000 --- a/inventory/host_vars/buildvm-a64-08.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.98 -vmhost: bvmhost-a64-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-09.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-09.iad2.fedoraproject.org deleted file mode 100644 index 907dd05400..0000000000 --- a/inventory/host_vars/buildvm-a64-09.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.99 -vmhost: bvmhost-a64-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-10.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-10.iad2.fedoraproject.org deleted file mode 100644 index d1926fdcc5..0000000000 --- a/inventory/host_vars/buildvm-a64-10.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.100 -vmhost: bvmhost-a64-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-11.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-11.iad2.fedoraproject.org deleted file mode 100644 index dc50d580a4..0000000000 --- a/inventory/host_vars/buildvm-a64-11.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.101 -vmhost: bvmhost-a64-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-12.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-12.iad2.fedoraproject.org deleted file mode 100644 index 82f032360e..0000000000 --- a/inventory/host_vars/buildvm-a64-12.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.102 -vmhost: bvmhost-a64-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-13.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-13.iad2.fedoraproject.org deleted file mode 100644 index abcf11f03e..0000000000 --- a/inventory/host_vars/buildvm-a64-13.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.103 -vmhost: bvmhost-a64-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-14.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-14.iad2.fedoraproject.org deleted file mode 100644 index 5073edf903..0000000000 --- a/inventory/host_vars/buildvm-a64-14.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.104 -vmhost: bvmhost-a64-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-15.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-15.iad2.fedoraproject.org deleted file mode 100644 index 6077561350..0000000000 --- a/inventory/host_vars/buildvm-a64-15.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.105 -vmhost: bvmhost-a64-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-16.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-16.iad2.fedoraproject.org deleted file mode 100644 index 4399c954f0..0000000000 --- a/inventory/host_vars/buildvm-a64-16.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.106 -vmhost: bvmhost-a64-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-17.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-17.iad2.fedoraproject.org deleted file mode 100644 index ca795f79bb..0000000000 --- a/inventory/host_vars/buildvm-a64-17.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.107 -vmhost: bvmhost-a64-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-18.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-18.iad2.fedoraproject.org deleted file mode 100644 index 89509770d0..0000000000 --- a/inventory/host_vars/buildvm-a64-18.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.108 -vmhost: bvmhost-a64-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-19.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-19.iad2.fedoraproject.org deleted file mode 100644 index a64eeed244..0000000000 --- a/inventory/host_vars/buildvm-a64-19.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.109 -vmhost: bvmhost-a64-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-20.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-20.iad2.fedoraproject.org deleted file mode 100644 index c805ab185e..0000000000 --- a/inventory/host_vars/buildvm-a64-20.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.110 -vmhost: bvmhost-a64-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-21.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-21.iad2.fedoraproject.org deleted file mode 100644 index 0c22ef804a..0000000000 --- a/inventory/host_vars/buildvm-a64-21.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.111 -vmhost: bvmhost-a64-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-22.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-22.iad2.fedoraproject.org deleted file mode 100644 index c8703975fd..0000000000 --- a/inventory/host_vars/buildvm-a64-22.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.112 -vmhost: bvmhost-a64-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-23.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-23.iad2.fedoraproject.org deleted file mode 100644 index 4bead1814d..0000000000 --- a/inventory/host_vars/buildvm-a64-23.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.113 -vmhost: bvmhost-a64-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-24.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-24.iad2.fedoraproject.org deleted file mode 100644 index 6e1218afa3..0000000000 --- a/inventory/host_vars/buildvm-a64-24.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.114 -vmhost: bvmhost-a64-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-25.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-25.iad2.fedoraproject.org deleted file mode 100644 index c7fa5875a2..0000000000 --- a/inventory/host_vars/buildvm-a64-25.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.115 -vmhost: bvmhost-a64-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-26.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-26.iad2.fedoraproject.org deleted file mode 100644 index f3496508f9..0000000000 --- a/inventory/host_vars/buildvm-a64-26.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.116 -vmhost: bvmhost-a64-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-27.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-27.iad2.fedoraproject.org deleted file mode 100644 index 05fc6bc911..0000000000 --- a/inventory/host_vars/buildvm-a64-27.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.117 -vmhost: bvmhost-a64-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-28.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-28.iad2.fedoraproject.org deleted file mode 100644 index 9b83fd32d8..0000000000 --- a/inventory/host_vars/buildvm-a64-28.iad2.fedoraproject.org +++ /dev/null @@ -1,3 +0,0 @@ ---- -eth0_ipv4_ip: 10.3.170.118 -vmhost: bvmhost-a64-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-29.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-29.iad2.fedoraproject.org deleted file mode 100644 index 56df06665f..0000000000 --- a/inventory/host_vars/buildvm-a64-29.iad2.fedoraproject.org +++ /dev/null @@ -1,3 +0,0 @@ ---- -eth0_ipv4_ip: 10.3.170.119 -vmhost: bvmhost-a64-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-30.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-30.iad2.fedoraproject.org deleted file mode 100644 index 604935c460..0000000000 --- a/inventory/host_vars/buildvm-a64-30.iad2.fedoraproject.org +++ /dev/null @@ -1,3 +0,0 @@ ---- -eth0_ipv4_ip: 10.3.170.120 -vmhost: bvmhost-a64-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-31.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-31.iad2.fedoraproject.org deleted file mode 100644 index b105cb9a27..0000000000 --- a/inventory/host_vars/buildvm-a64-31.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.141 -vmhost: bvmhost-a64-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-32.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-32.iad2.fedoraproject.org deleted file mode 100644 index a4cfaeb00c..0000000000 --- a/inventory/host_vars/buildvm-a64-32.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.142 -vmhost: bvmhost-a64-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-33.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-33.iad2.fedoraproject.org deleted file mode 100644 index 092363da86..0000000000 --- a/inventory/host_vars/buildvm-a64-33.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.143 -vmhost: bvmhost-a64-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-34.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-34.iad2.fedoraproject.org deleted file mode 100644 index 0f9f6c243d..0000000000 --- a/inventory/host_vars/buildvm-a64-34.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.164 -vmhost: bvmhost-a64-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-35.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-35.iad2.fedoraproject.org deleted file mode 100644 index d00bb68df9..0000000000 --- a/inventory/host_vars/buildvm-a64-35.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.165 -vmhost: bvmhost-a64-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-36.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-36.iad2.fedoraproject.org deleted file mode 100644 index c2f51768d8..0000000000 --- a/inventory/host_vars/buildvm-a64-36.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.166 -vmhost: bvmhost-a64-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-37.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-37.iad2.fedoraproject.org deleted file mode 100644 index 090ba50298..0000000000 --- a/inventory/host_vars/buildvm-a64-37.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.167 -vmhost: bvmhost-a64-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-38.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-38.iad2.fedoraproject.org deleted file mode 100644 index ecaa4919d3..0000000000 --- a/inventory/host_vars/buildvm-a64-38.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.168 -vmhost: bvmhost-a64-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-39.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-39.iad2.fedoraproject.org deleted file mode 100644 index 31cbc4d03e..0000000000 --- a/inventory/host_vars/buildvm-a64-39.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.169 -vmhost: bvmhost-a64-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-a64-40.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-40.iad2.fedoraproject.org deleted file mode 100644 index bf74adf3a7..0000000000 --- a/inventory/host_vars/buildvm-a64-40.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.170.170 -vmhost: bvmhost-a64-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-01.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-01.iad2.fedoraproject.org deleted file mode 100644 index fa37b91f97..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-01.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.41 -vmhost: bvmhost-p09-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-01.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-01.stg.iad2.fedoraproject.org deleted file mode 100644 index 9b57e1837c..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.167.47 -vmhost: bvmhost-p09-01.stg.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-02.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-02.iad2.fedoraproject.org deleted file mode 100644 index 32639b5acc..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-02.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.42 -vmhost: bvmhost-p09-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-02.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-02.stg.iad2.fedoraproject.org deleted file mode 100644 index 138df5dd92..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-02.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.167.48 -vmhost: bvmhost-p09-01.stg.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-03.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-03.iad2.fedoraproject.org deleted file mode 100644 index dab353088c..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-03.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.43 -vmhost: bvmhost-p09-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-03.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-03.stg.iad2.fedoraproject.org deleted file mode 100644 index d039b3ddc9..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-03.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.167.49 -vmhost: bvmhost-p09-01.stg.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-04.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-04.iad2.fedoraproject.org deleted file mode 100644 index 30b99e5466..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-04.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.44 -vmhost: bvmhost-p09-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-04.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-04.stg.iad2.fedoraproject.org deleted file mode 100644 index 522cda42a6..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-04.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.167.50 -vmhost: bvmhost-p09-01.stg.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-05.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-05.iad2.fedoraproject.org deleted file mode 100644 index 8b03aef715..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-05.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.45 -vmhost: bvmhost-p09-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-05.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-05.stg.iad2.fedoraproject.org deleted file mode 100644 index 48b48f1203..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-05.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,5 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.167.51 -lvm_size: 135000 -vmhost: bvmhost-p09-01.stg.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-06.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-06.iad2.fedoraproject.org deleted file mode 100644 index 9a21cdee17..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-06.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.46 -vmhost: bvmhost-p09-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-07.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-07.iad2.fedoraproject.org deleted file mode 100644 index b93581d69a..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-07.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.47 -vmhost: bvmhost-p09-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-08.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-08.iad2.fedoraproject.org deleted file mode 100644 index 52e805b139..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-08.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.48 -vmhost: bvmhost-p09-01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-09.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-09.iad2.fedoraproject.org deleted file mode 100644 index 004fecc12e..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-09.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.49 -vmhost: bvmhost-p09-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-10.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-10.iad2.fedoraproject.org deleted file mode 100644 index d8d5c06a2e..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-10.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.50 -vmhost: bvmhost-p09-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-11.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-11.iad2.fedoraproject.org deleted file mode 100644 index 6c68ccc659..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-11.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.51 -vmhost: bvmhost-p09-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-12.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-12.iad2.fedoraproject.org deleted file mode 100644 index 3e3bd99711..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-12.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.52 -vmhost: bvmhost-p09-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-13.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-13.iad2.fedoraproject.org deleted file mode 100644 index 81dbf95072..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-13.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.53 -vmhost: bvmhost-p09-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-14.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-14.iad2.fedoraproject.org deleted file mode 100644 index a73fea36ea..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-14.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.54 -vmhost: bvmhost-p09-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-15.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-15.iad2.fedoraproject.org deleted file mode 100644 index 9567400ff1..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-15.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.55 -vmhost: bvmhost-p09-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-16.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-16.iad2.fedoraproject.org deleted file mode 100644 index 8cbd4af77d..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-16.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.56 -vmhost: bvmhost-p09-02.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-17.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-17.iad2.fedoraproject.org deleted file mode 100644 index 2d3feddb8e..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-17.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.57 -vmhost: bvmhost-p09-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-18.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-18.iad2.fedoraproject.org deleted file mode 100644 index 2ba48dca3e..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-18.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.58 -vmhost: bvmhost-p09-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-19.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-19.iad2.fedoraproject.org deleted file mode 100644 index 2e6d6cc328..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-19.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.59 -vmhost: bvmhost-p09-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-20.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-20.iad2.fedoraproject.org deleted file mode 100644 index df852b3179..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-20.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.60 -vmhost: bvmhost-p09-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-21.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-21.iad2.fedoraproject.org deleted file mode 100644 index d96251767d..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-21.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.61 -vmhost: bvmhost-p09-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-22.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-22.iad2.fedoraproject.org deleted file mode 100644 index 9685b0b51b..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-22.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.62 -vmhost: bvmhost-p09-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-23.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-23.iad2.fedoraproject.org deleted file mode 100644 index 65c1843a6b..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-23.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.63 -vmhost: bvmhost-p09-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-24.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-24.iad2.fedoraproject.org deleted file mode 100644 index 349376f459..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-24.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.64 -vmhost: bvmhost-p09-03.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-25.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-25.iad2.fedoraproject.org deleted file mode 100644 index 7dfb729dd0..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-25.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.65 -vmhost: bvmhost-p09-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-26.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-26.iad2.fedoraproject.org deleted file mode 100644 index 2fcb366ec4..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-26.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.66 -vmhost: bvmhost-p09-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-27.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-27.iad2.fedoraproject.org deleted file mode 100644 index ee25d50be7..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-27.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.67 -vmhost: bvmhost-p09-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-28.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-28.iad2.fedoraproject.org deleted file mode 100644 index 08bdb1e2e8..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-28.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.68 -vmhost: bvmhost-p09-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-29.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-29.iad2.fedoraproject.org deleted file mode 100644 index 357a6c3f4f..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-29.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.69 -vmhost: bvmhost-p09-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-30.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-30.iad2.fedoraproject.org deleted file mode 100644 index 2ce21a944d..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-30.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.70 -vmhost: bvmhost-p09-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-31.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-31.iad2.fedoraproject.org deleted file mode 100644 index 5e57f49b6a..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-31.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.71 -vmhost: bvmhost-p09-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-32.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-32.iad2.fedoraproject.org deleted file mode 100644 index 136be89a51..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-32.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.72 -vmhost: bvmhost-p09-04.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-33.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-33.iad2.fedoraproject.org deleted file mode 100644 index 47c6833805..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-33.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.73 -vmhost: bvmhost-p09-05.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-osbuild01.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-osbuild01.iad2.fedoraproject.org deleted file mode 100644 index f3920137c2..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-osbuild01.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.38 -vmhost: bvmhost-p09-05.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-ppc64le-osbuild02.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-osbuild02.iad2.fedoraproject.org deleted file mode 100644 index 1891252f46..0000000000 --- a/inventory/host_vars/buildvm-ppc64le-osbuild02.iad2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.171.39 -vmhost: bvmhost-p09-05.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-s390x-01.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-01.s390.fedoraproject.org deleted file mode 100644 index ffb859e1aa..0000000000 --- a/inventory/host_vars/buildvm-s390x-01.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.11 diff --git a/inventory/host_vars/buildvm-s390x-01.stg.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-01.stg.s390.fedoraproject.org deleted file mode 100644 index a50b4ef86c..0000000000 --- a/inventory/host_vars/buildvm-s390x-01.stg.s390.fedoraproject.org +++ /dev/null @@ -1,3 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.50 -varnish_group: s390kojipkgs diff --git a/inventory/host_vars/buildvm-s390x-02.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-02.s390.fedoraproject.org deleted file mode 100644 index e26ff17162..0000000000 --- a/inventory/host_vars/buildvm-s390x-02.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.12 diff --git a/inventory/host_vars/buildvm-s390x-03.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-03.s390.fedoraproject.org deleted file mode 100644 index 813f8ff27a..0000000000 --- a/inventory/host_vars/buildvm-s390x-03.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.13 diff --git a/inventory/host_vars/buildvm-s390x-04.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-04.s390.fedoraproject.org deleted file mode 100644 index d815d4cfbd..0000000000 --- a/inventory/host_vars/buildvm-s390x-04.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.14 diff --git a/inventory/host_vars/buildvm-s390x-05.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-05.s390.fedoraproject.org deleted file mode 100644 index 77f00e20c7..0000000000 --- a/inventory/host_vars/buildvm-s390x-05.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.15 diff --git a/inventory/host_vars/buildvm-s390x-06.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-06.s390.fedoraproject.org deleted file mode 100644 index 24793bfef0..0000000000 --- a/inventory/host_vars/buildvm-s390x-06.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.16 diff --git a/inventory/host_vars/buildvm-s390x-07.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-07.s390.fedoraproject.org deleted file mode 100644 index 37e7d88fd9..0000000000 --- a/inventory/host_vars/buildvm-s390x-07.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.17 diff --git a/inventory/host_vars/buildvm-s390x-08.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-08.s390.fedoraproject.org deleted file mode 100644 index 8b0268655a..0000000000 --- a/inventory/host_vars/buildvm-s390x-08.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.18 diff --git a/inventory/host_vars/buildvm-s390x-09.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-09.s390.fedoraproject.org deleted file mode 100644 index 3ba9f1b3ac..0000000000 --- a/inventory/host_vars/buildvm-s390x-09.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.19 diff --git a/inventory/host_vars/buildvm-s390x-10.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-10.s390.fedoraproject.org deleted file mode 100644 index ac505d3867..0000000000 --- a/inventory/host_vars/buildvm-s390x-10.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.20 diff --git a/inventory/host_vars/buildvm-s390x-11.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-11.s390.fedoraproject.org deleted file mode 100644 index 53393a4afc..0000000000 --- a/inventory/host_vars/buildvm-s390x-11.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.21 diff --git a/inventory/host_vars/buildvm-s390x-12.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-12.s390.fedoraproject.org deleted file mode 100644 index 75d67bf958..0000000000 --- a/inventory/host_vars/buildvm-s390x-12.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.22 diff --git a/inventory/host_vars/buildvm-s390x-13.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-13.s390.fedoraproject.org deleted file mode 100644 index 5206ee3c1d..0000000000 --- a/inventory/host_vars/buildvm-s390x-13.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.23 diff --git a/inventory/host_vars/buildvm-s390x-14.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-14.s390.fedoraproject.org deleted file mode 100644 index 223df04a1a..0000000000 --- a/inventory/host_vars/buildvm-s390x-14.s390.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.24 -tcp_ports: [ - # allow incoming varnish requests to varnish cache - 80 -] -varnish_group: s390kojipkgs diff --git a/inventory/host_vars/buildvm-s390x-15.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-15.s390.fedoraproject.org deleted file mode 100644 index a96fae3d9c..0000000000 --- a/inventory/host_vars/buildvm-s390x-15.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.25 diff --git a/inventory/host_vars/buildvm-s390x-16.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-16.s390.fedoraproject.org deleted file mode 100644 index 3448a0b6e4..0000000000 --- a/inventory/host_vars/buildvm-s390x-16.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.26 diff --git a/inventory/host_vars/buildvm-s390x-17.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-17.s390.fedoraproject.org deleted file mode 100644 index dc6ab7ac1b..0000000000 --- a/inventory/host_vars/buildvm-s390x-17.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.27 diff --git a/inventory/host_vars/buildvm-s390x-18.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-18.s390.fedoraproject.org deleted file mode 100644 index 221dda957f..0000000000 --- a/inventory/host_vars/buildvm-s390x-18.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.28 diff --git a/inventory/host_vars/buildvm-s390x-19.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-19.s390.fedoraproject.org deleted file mode 100644 index b4a4849ded..0000000000 --- a/inventory/host_vars/buildvm-s390x-19.s390.fedoraproject.org +++ /dev/null @@ -1,2 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.29 diff --git a/inventory/host_vars/buildvm-s390x-20.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-20.s390.fedoraproject.org deleted file mode 100644 index 7aa4ef93c3..0000000000 --- a/inventory/host_vars/buildvm-s390x-20.s390.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -eth0_ipv4_ip: 10.1.102.30 -mem_size: 51200 -num_cpus: 3 diff --git a/inventory/host_vars/buildvm-x86-01.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-01.iad2.fedoraproject.org deleted file mode 100644 index 69f785c3b9..0000000000 --- a/inventory/host_vars/buildvm-x86-01.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.51 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-01.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-01.stg.iad2.fedoraproject.org deleted file mode 100644 index aaafbbd0ea..0000000000 --- a/inventory/host_vars/buildvm-x86-01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,3 +0,0 @@ ---- -eth0_ipv4_ip: 10.3.167.21 -vmhost: bvmhost-x86-03.stg.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-02.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-02.iad2.fedoraproject.org deleted file mode 100644 index e9d5a23380..0000000000 --- a/inventory/host_vars/buildvm-x86-02.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.52 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-02.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-02.stg.iad2.fedoraproject.org deleted file mode 100644 index f617e239bd..0000000000 --- a/inventory/host_vars/buildvm-x86-02.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,3 +0,0 @@ ---- -eth0_ipv4_ip: 10.3.167.22 -vmhost: bvmhost-x86-03.stg.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-03.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-03.iad2.fedoraproject.org deleted file mode 100644 index e77ca2c96f..0000000000 --- a/inventory/host_vars/buildvm-x86-03.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.53 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-03.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-03.stg.iad2.fedoraproject.org deleted file mode 100644 index 18b07f6a9b..0000000000 --- a/inventory/host_vars/buildvm-x86-03.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,3 +0,0 @@ ---- -eth0_ipv4_ip: 10.3.167.23 -vmhost: bvmhost-x86-03.stg.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-04.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-04.iad2.fedoraproject.org deleted file mode 100644 index 3dfcc221a8..0000000000 --- a/inventory/host_vars/buildvm-x86-04.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.54 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-04.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-04.stg.iad2.fedoraproject.org deleted file mode 100644 index 4ced4f3ee0..0000000000 --- a/inventory/host_vars/buildvm-x86-04.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,3 +0,0 @@ ---- -eth0_ipv4_ip: 10.3.167.24 -vmhost: bvmhost-x86-03.stg.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-05.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-05.iad2.fedoraproject.org deleted file mode 100644 index 13c6fa6f7c..0000000000 --- a/inventory/host_vars/buildvm-x86-05.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.55 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-05.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-05.stg.iad2.fedoraproject.org deleted file mode 100644 index 125b32cf9b..0000000000 --- a/inventory/host_vars/buildvm-x86-05.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,3 +0,0 @@ ---- -eth0_ipv4_ip: 10.3.167.25 -vmhost: bvmhost-x86-03.stg.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-06.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-06.iad2.fedoraproject.org deleted file mode 100644 index a0c35f4622..0000000000 --- a/inventory/host_vars/buildvm-x86-06.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.56 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-07.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-07.iad2.fedoraproject.org deleted file mode 100644 index b7e552746e..0000000000 --- a/inventory/host_vars/buildvm-x86-07.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.57 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-08.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-08.iad2.fedoraproject.org deleted file mode 100644 index 51b7c85e61..0000000000 --- a/inventory/host_vars/buildvm-x86-08.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.58 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-09.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-09.iad2.fedoraproject.org deleted file mode 100644 index 4519bfbd2f..0000000000 --- a/inventory/host_vars/buildvm-x86-09.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.59 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-10.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-10.iad2.fedoraproject.org deleted file mode 100644 index fb176d570e..0000000000 --- a/inventory/host_vars/buildvm-x86-10.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.60 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-11.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-11.iad2.fedoraproject.org deleted file mode 100644 index e4affb1aca..0000000000 --- a/inventory/host_vars/buildvm-x86-11.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.61 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-12.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-12.iad2.fedoraproject.org deleted file mode 100644 index c221e15ab3..0000000000 --- a/inventory/host_vars/buildvm-x86-12.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.62 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-13.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-13.iad2.fedoraproject.org deleted file mode 100644 index 4cf885ea04..0000000000 --- a/inventory/host_vars/buildvm-x86-13.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.63 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-14.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-14.iad2.fedoraproject.org deleted file mode 100644 index 9240993850..0000000000 --- a/inventory/host_vars/buildvm-x86-14.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.64 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-15.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-15.iad2.fedoraproject.org deleted file mode 100644 index cb47a6e690..0000000000 --- a/inventory/host_vars/buildvm-x86-15.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.65 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-16.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-16.iad2.fedoraproject.org deleted file mode 100644 index 9f82fbd196..0000000000 --- a/inventory/host_vars/buildvm-x86-16.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.66 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-06.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-17.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-17.iad2.fedoraproject.org deleted file mode 100644 index 73451ed5b7..0000000000 --- a/inventory/host_vars/buildvm-x86-17.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.67 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-18.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-18.iad2.fedoraproject.org deleted file mode 100644 index e931375f5e..0000000000 --- a/inventory/host_vars/buildvm-x86-18.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.68 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-19.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-19.iad2.fedoraproject.org deleted file mode 100644 index dd4cde5231..0000000000 --- a/inventory/host_vars/buildvm-x86-19.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.69 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-20.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-20.iad2.fedoraproject.org deleted file mode 100644 index 5cb11f01ce..0000000000 --- a/inventory/host_vars/buildvm-x86-20.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.70 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-21.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-21.iad2.fedoraproject.org deleted file mode 100644 index f4a2e026e1..0000000000 --- a/inventory/host_vars/buildvm-x86-21.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.71 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-22.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-22.iad2.fedoraproject.org deleted file mode 100644 index b404245fb8..0000000000 --- a/inventory/host_vars/buildvm-x86-22.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.72 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-23.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-23.iad2.fedoraproject.org deleted file mode 100644 index c69be60f71..0000000000 --- a/inventory/host_vars/buildvm-x86-23.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.73 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-24.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-24.iad2.fedoraproject.org deleted file mode 100644 index f2e81ab200..0000000000 --- a/inventory/host_vars/buildvm-x86-24.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.74 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-25.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-25.iad2.fedoraproject.org deleted file mode 100644 index 482729dbc4..0000000000 --- a/inventory/host_vars/buildvm-x86-25.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.75 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-26.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-26.iad2.fedoraproject.org deleted file mode 100644 index 3437e2fa19..0000000000 --- a/inventory/host_vars/buildvm-x86-26.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.76 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-27.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-27.iad2.fedoraproject.org deleted file mode 100644 index e964ed86bf..0000000000 --- a/inventory/host_vars/buildvm-x86-27.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.77 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-28.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-28.iad2.fedoraproject.org deleted file mode 100644 index 47c5283bec..0000000000 --- a/inventory/host_vars/buildvm-x86-28.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.78 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-29.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-29.iad2.fedoraproject.org deleted file mode 100644 index 565d6b8b70..0000000000 --- a/inventory/host_vars/buildvm-x86-29.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.79 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-30.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-30.iad2.fedoraproject.org deleted file mode 100644 index d79b256497..0000000000 --- a/inventory/host_vars/buildvm-x86-30.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.80 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-31.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-31.iad2.fedoraproject.org deleted file mode 100644 index 23be3d6c36..0000000000 --- a/inventory/host_vars/buildvm-x86-31.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.81 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-32.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-32.iad2.fedoraproject.org deleted file mode 100644 index f730063097..0000000000 --- a/inventory/host_vars/buildvm-x86-32.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.82 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-07.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-riscv01.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-riscv01.iad2.fedoraproject.org deleted file mode 100644 index 329a37e638..0000000000 --- a/inventory/host_vars/buildvm-x86-riscv01.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.172.254 -eth0_ipv4_ip: 10.3.172.23 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-riscv01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvm-x86-riscv02.iad2.fedoraproject.org b/inventory/host_vars/buildvm-x86-riscv02.iad2.fedoraproject.org deleted file mode 100644 index 61297c1a6f..0000000000 --- a/inventory/host_vars/buildvm-x86-riscv02.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.172.254 -eth0_ipv4_ip: 10.3.172.24 -ipa_server: ipa01.iad2.fedoraproject.org -resolvconf: "resolv.conf/iad2" -vmhost: bvmhost-x86-riscv01.iad2.fedoraproject.org diff --git a/inventory/host_vars/buildvmhost-10.phx2.fedoraproject.org b/inventory/host_vars/buildvmhost-10.phx2.fedoraproject.org new file mode 100644 index 0000000000..9ad754d39d --- /dev/null +++ b/inventory/host_vars/buildvmhost-10.phx2.fedoraproject.org @@ -0,0 +1,5 @@ +--- +# iscsi initiator for netapp iscsi volume +netapp_nfs01_iscsi_name: iqn.1992-08.com.netapp:sn.1573980325:vf.f88732f4-106e-11e2-bc86-00a098162a28 +# iscsi portal for netapp iscsi volume +netapp_nfs01_iscsi_portal: 10.5.88.36 diff --git a/inventory/host_vars/busgateway01.iad2.fedoraproject.org b/inventory/host_vars/busgateway01.iad2.fedoraproject.org deleted file mode 100644 index 1e1a93f15b..0000000000 --- a/inventory/host_vars/busgateway01.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.46 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-iad2 -vmhost: vmhost-x86-05.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/busgateway01.phx2.fedoraproject.org b/inventory/host_vars/busgateway01.phx2.fedoraproject.org new file mode 100644 index 0000000000..54d52625b7 --- /dev/null +++ b/inventory/host_vars/busgateway01.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.126.64 + +volgroup: /dev/vg_virthost09 +vmhost: virthost09.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/busgateway01.stg.iad2.fedoraproject.org b/inventory/host_vars/busgateway01.stg.iad2.fedoraproject.org deleted file mode 100644 index 02e982ba93..0000000000 --- a/inventory/host_vars/busgateway01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.38 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-iad2 -vmhost: vmhost-x86-09.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/busgateway01.stg.phx2.fedoraproject.org b/inventory/host_vars/busgateway01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..f170b732e7 --- /dev/null +++ b/inventory/host_vars/busgateway01.stg.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.126.62 + +volgroup: /dev/vg_virthost16 +vmhost: virthost16.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/bvirthost06.phx2.fedoraproject.org b/inventory/host_vars/bvirthost06.phx2.fedoraproject.org new file mode 100644 index 0000000000..d34cfdb7b6 --- /dev/null +++ b/inventory/host_vars/bvirthost06.phx2.fedoraproject.org @@ -0,0 +1,3 @@ +--- +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 diff --git a/inventory/host_vars/bvirthost07.phx2.fedoraproject.org b/inventory/host_vars/bvirthost07.phx2.fedoraproject.org new file mode 100644 index 0000000000..d34cfdb7b6 --- /dev/null +++ b/inventory/host_vars/bvirthost07.phx2.fedoraproject.org @@ -0,0 +1,3 @@ +--- +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 diff --git a/inventory/host_vars/bvirthost08.phx2.fedoraproject.org b/inventory/host_vars/bvirthost08.phx2.fedoraproject.org new file mode 100644 index 0000000000..d34cfdb7b6 --- /dev/null +++ b/inventory/host_vars/bvirthost08.phx2.fedoraproject.org @@ -0,0 +1,3 @@ +--- +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 diff --git a/inventory/host_vars/bvirthost09.phx2.fedoraproject.org b/inventory/host_vars/bvirthost09.phx2.fedoraproject.org new file mode 100644 index 0000000000..d34cfdb7b6 --- /dev/null +++ b/inventory/host_vars/bvirthost09.phx2.fedoraproject.org @@ -0,0 +1,3 @@ +--- +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 diff --git a/inventory/host_vars/bvirthost10.phx2.fedoraproject.org b/inventory/host_vars/bvirthost10.phx2.fedoraproject.org new file mode 100644 index 0000000000..d34cfdb7b6 --- /dev/null +++ b/inventory/host_vars/bvirthost10.phx2.fedoraproject.org @@ -0,0 +1,3 @@ +--- +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 diff --git a/inventory/host_vars/bvirthost11.phx2.fedoraproject.org b/inventory/host_vars/bvirthost11.phx2.fedoraproject.org new file mode 100644 index 0000000000..d34cfdb7b6 --- /dev/null +++ b/inventory/host_vars/bvirthost11.phx2.fedoraproject.org @@ -0,0 +1,3 @@ +--- +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 diff --git a/inventory/host_vars/bvmhost-a64-01.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-a64-01.iad2.fedoraproject.org deleted file mode 100644 index 048e64cc4d..0000000000 --- a/inventory/host_vars/bvmhost-a64-01.iad2.fedoraproject.org +++ /dev/null @@ -1,37 +0,0 @@ ---- -br0_ipv4: 10.3.170.11 -br0_ipv4_gw: 10.3.170.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: 0c:42:a1:52:1a:dc -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 4500 -nrpe_procs_warn: 4000 diff --git a/inventory/host_vars/bvmhost-a64-01.stg.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-a64-01.stg.iad2.fedoraproject.org deleted file mode 100644 index 1d9d85c1d5..0000000000 --- a/inventory/host_vars/bvmhost-a64-01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,39 +0,0 @@ ---- -br0_ipv4: 10.3.167.16 -br0_ipv4_gw: 10.3.167.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -has_ipv4: yes -mac1: 0c:42:a1:c2:5d:a6 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 3500 -nrpe_procs_warn: 3000 diff --git a/inventory/host_vars/bvmhost-a64-02.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-a64-02.iad2.fedoraproject.org deleted file mode 100644 index 19480c4033..0000000000 --- a/inventory/host_vars/bvmhost-a64-02.iad2.fedoraproject.org +++ /dev/null @@ -1,37 +0,0 @@ ---- -br0_ipv4: 10.3.170.12 -br0_ipv4_gw: 10.3.170.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: 04:3f:72:d7:7a:a6 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 4500 -nrpe_procs_warn: 4000 diff --git a/inventory/host_vars/bvmhost-a64-03.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-a64-03.iad2.fedoraproject.org deleted file mode 100644 index 89d8871520..0000000000 --- a/inventory/host_vars/bvmhost-a64-03.iad2.fedoraproject.org +++ /dev/null @@ -1,37 +0,0 @@ ---- -br0_ipv4: 10.3.170.13 -br0_ipv4_gw: 10.3.170.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: b8:ce:f6:04:74:d8 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 4500 -nrpe_procs_warn: 4000 diff --git a/inventory/host_vars/bvmhost-a64-04.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-a64-04.iad2.fedoraproject.org deleted file mode 100644 index 14ab92de1f..0000000000 --- a/inventory/host_vars/bvmhost-a64-04.iad2.fedoraproject.org +++ /dev/null @@ -1,37 +0,0 @@ ---- -br0_ipv4: 10.3.170.14 -br0_ipv4_gw: 10.3.170.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: 04:3f:72:d7:7f:f7 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 4500 -nrpe_procs_warn: 4000 diff --git a/inventory/host_vars/bvmhost-a64-osbs-01.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-a64-osbs-01.iad2.fedoraproject.org deleted file mode 100644 index a74ee86e21..0000000000 --- a/inventory/host_vars/bvmhost-a64-osbs-01.iad2.fedoraproject.org +++ /dev/null @@ -1,35 +0,0 @@ ---- -br0_ipv4: 10.3.170.21 -br0_ipv4_gw: 10.3.170.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: 50:6b:4b:6a:b7:f0 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-p09-01.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-p09-01.iad2.fedoraproject.org deleted file mode 100644 index 2d20c6a926..0000000000 --- a/inventory/host_vars/bvmhost-p09-01.iad2.fedoraproject.org +++ /dev/null @@ -1,37 +0,0 @@ ---- -br0_ipv4: 10.3.171.15 -br0_ipv4_gw: 10.3.171.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: 40:a6:b7:18:8a:38 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 13000 -nrpe_procs_warn: 12000 diff --git a/inventory/host_vars/bvmhost-p09-01.stg.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-p09-01.stg.iad2.fedoraproject.org deleted file mode 100644 index 1b077f2a14..0000000000 --- a/inventory/host_vars/bvmhost-p09-01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,39 +0,0 @@ ---- -br0_ipv4: 10.3.167.19 -br0_ipv4_gw: 10.3.167.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac3 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -has_ipv4: yes -mac3: b8:ce:f6:88:9a:de -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 13000 -nrpe_procs_warn: 12000 diff --git a/inventory/host_vars/bvmhost-p09-02.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-p09-02.iad2.fedoraproject.org deleted file mode 100644 index 97a84810f5..0000000000 --- a/inventory/host_vars/bvmhost-p09-02.iad2.fedoraproject.org +++ /dev/null @@ -1,38 +0,0 @@ ---- -br0_ipv4: 10.3.171.16 -br0_ipv4_gw: 10.3.171.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac2 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: ac:1f:6b:56:e9:11 -mac2: 40:a6:b7:18:86:b4 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 13000 -nrpe_procs_warn: 12000 diff --git a/inventory/host_vars/bvmhost-p09-03.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-p09-03.iad2.fedoraproject.org deleted file mode 100644 index 1736145892..0000000000 --- a/inventory/host_vars/bvmhost-p09-03.iad2.fedoraproject.org +++ /dev/null @@ -1,37 +0,0 @@ ---- -br0_ipv4: 10.3.171.17 -br0_ipv4_gw: 10.3.171.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: 40:a6:b7:18:85:74 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 13000 -nrpe_procs_warn: 12000 diff --git a/inventory/host_vars/bvmhost-p09-04.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-p09-04.iad2.fedoraproject.org deleted file mode 100644 index 24f37c00ef..0000000000 --- a/inventory/host_vars/bvmhost-p09-04.iad2.fedoraproject.org +++ /dev/null @@ -1,39 +0,0 @@ ---- -br0_ipv4_ip: 10.3.171.18 -br0_ipv4_gw: 10.3.171.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac2 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: 40:a6:b7:18:85:74 -mac2: 40:a6:b7:18:86:c8 -nbde: false -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4_ip }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 13000 -nrpe_procs_warn: 12000 diff --git a/inventory/host_vars/bvmhost-p09-05.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-p09-05.iad2.fedoraproject.org deleted file mode 100644 index 1bc5bc9f36..0000000000 --- a/inventory/host_vars/bvmhost-p09-05.iad2.fedoraproject.org +++ /dev/null @@ -1,38 +0,0 @@ ---- -br0_ipv4: 10.3.171.21 -br0_ipv4_gw: 10.3.171.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac2 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -has_ipv4: yes -mac2: b8:ce:f6:c5:ff:66 -nbde: false -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 13000 -nrpe_procs_warn: 12000 diff --git a/inventory/host_vars/bvmhost-s390x-01.s390.fedoraproject.org b/inventory/host_vars/bvmhost-s390x-01.s390.fedoraproject.org deleted file mode 100644 index 1333237e0d..0000000000 --- a/inventory/host_vars/bvmhost-s390x-01.s390.fedoraproject.org +++ /dev/null @@ -1,5 +0,0 @@ ---- -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: iad2.fedoraproject.org -nbde: false diff --git a/inventory/host_vars/bvmhost-s390x-01.stg.s390.fedoraproject.org b/inventory/host_vars/bvmhost-s390x-01.stg.s390.fedoraproject.org deleted file mode 100644 index 1333237e0d..0000000000 --- a/inventory/host_vars/bvmhost-s390x-01.stg.s390.fedoraproject.org +++ /dev/null @@ -1,5 +0,0 @@ ---- -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: iad2.fedoraproject.org -nbde: false diff --git a/inventory/host_vars/bvmhost-x86-01.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-x86-01.iad2.fedoraproject.org deleted file mode 100644 index d9c0a7ea8a..0000000000 --- a/inventory/host_vars/bvmhost-x86-01.iad2.fedoraproject.org +++ /dev/null @@ -1,35 +0,0 @@ ---- -br0_ipv4: 10.3.169.11 -br0_ipv4_gw: 10.3.169.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:b1:05:54 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-01.rdu3.fedoraproject.org b/inventory/host_vars/bvmhost-x86-01.rdu3.fedoraproject.org deleted file mode 100644 index 8381c37fd9..0000000000 --- a/inventory/host_vars/bvmhost-x86-01.rdu3.fedoraproject.org +++ /dev/null @@ -1,56 +0,0 @@ ---- -br0_ipv4: 10.16.169.11 -br0_ipv4_gw: 10.16.169.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "fedoraproject.org" -dns_search3: "iad2.fedoraproject.org" -has_ipv4: yes -mac0: C4:CB:E1:E1:57:0A -mac1: C4:CB:E1:E1:57:0B -mac2: C4:70:BD:A4:09:84 -mac3: C4:70:BD:A4:09:85 -network_connections: - # Bridge profile - - name: br0 - state: up - type: bridge - mtu: 9000 - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - # Bond profile - - name: bond0 - type: bond - interface_name: bond0 - mtu: 9000 - controller: br0 - bond: - mode: 802.3ad - # Port profile for the 1st Ethernet device - - name: bond0-port1 - mac: "{{ mac2 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 - # Port profile for the 2nd Ethernet device - - name: bond0-port2 - mac: "{{ mac3 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-01.stg.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-x86-01.stg.iad2.fedoraproject.org deleted file mode 100644 index a362963f62..0000000000 --- a/inventory/host_vars/bvmhost-x86-01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,40 +0,0 @@ ---- -br0_ipv4: 10.3.167.11 -br0_ipv4_gw: 10.3.167.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac3 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -has_ipv4: yes -mac1: 24:6e:96:b1:56:24 -mac2: 24:6e:96:b1:56:25 -mac3: 24:6e:96:b1:56:20 -mac4: 24:6e:96:b1:56:22 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-01.stg.rdu3.fedoraproject.org b/inventory/host_vars/bvmhost-x86-01.stg.rdu3.fedoraproject.org deleted file mode 100644 index d48032014e..0000000000 --- a/inventory/host_vars/bvmhost-x86-01.stg.rdu3.fedoraproject.org +++ /dev/null @@ -1,56 +0,0 @@ ---- -br0_ipv4: 10.16.167.11 -br0_ipv4_gw: 10.16.167.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "fedoraproject.org" -dns_search3: "iad2.fedoraproject.org" -has_ipv4: yes -mac1: c4:cb:e1:e1:60:16 -mac2: c4:cb:e1:e1:60:17 -mac3: c4:70:bd:a4:0b:a0 -mac4: c4:70:bd:a4:0b:a1 -network_connections: - # Bridge profile - - name: br0 - state: up - type: bridge - mtu: 9000 - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - # Bond profile - - name: bond0 - type: bond - interface_name: bond0 - mtu: 9000 - controller: br0 - bond: - mode: 802.3ad - # Port profile for the 1st Ethernet device - - name: bond0-port1 - mac: "{{ mac2 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 - # Port profile for the 2nd Ethernet device - - name: bond0-port2 - mac: "{{ mac3 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-02.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-x86-02.iad2.fedoraproject.org deleted file mode 100644 index 1072dbbc70..0000000000 --- a/inventory/host_vars/bvmhost-x86-02.iad2.fedoraproject.org +++ /dev/null @@ -1,38 +0,0 @@ ---- -br0_ipv4: 10.3.169.12 -br0_ipv4_gw: 10.3.169.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:b1:69:fe -mac2: e4:43:4b:b1:6a:00 -mac3: e4:43:4b:b1:6a:1e -mac4: e4:43:4b:b1:6a:1f -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-02.rdu3.fedoraproject.org b/inventory/host_vars/bvmhost-x86-02.rdu3.fedoraproject.org deleted file mode 100644 index cb4b7d58aa..0000000000 --- a/inventory/host_vars/bvmhost-x86-02.rdu3.fedoraproject.org +++ /dev/null @@ -1,56 +0,0 @@ ---- -br0_ipv4: 10.16.169.12 -br0_ipv4_gw: 10.16.169.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "fedoraproject.org" -dns_search3: "iad2.fedoraproject.org" -has_ipv4: yes -mac0: c4:cb:e1:e1:5f:c8 -mac1: c4:cb:e1:e1:5f:c9 -mac2: c4:70:bd:aa:5d:04 -mac3: c4:70:bd:aa:5d:05 -network_connections: - # Bridge profile - - name: br0 - state: up - type: bridge - mtu: 9000 - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - # Bond profile - - name: bond0 - type: bond - interface_name: bond0 - mtu: 9000 - controller: br0 - bond: - mode: 802.3ad - # Port profile for the 1st Ethernet device - - name: bond0-port1 - mac: "{{ mac2 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 - # Port profile for the 2nd Ethernet device - - name: bond0-port2 - mac: "{{ mac3 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-02.stg.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-x86-02.stg.iad2.fedoraproject.org deleted file mode 100644 index 21446110de..0000000000 --- a/inventory/host_vars/bvmhost-x86-02.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,40 +0,0 @@ ---- -br0_ipv4: 10.3.167.12 -br0_ipv4_gw: 10.3.167.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac3 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -has_ipv4: yes -mac1: C8:4B:D6:88:FB:C6 -mac2: C8:4B:D6:88:FB:C7 -mac3: 6C:FE:54:57:5F:48 -mac4: 6C:FE:54:57:5F:49 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-02.stg.rdu3.fedoraproject.org b/inventory/host_vars/bvmhost-x86-02.stg.rdu3.fedoraproject.org deleted file mode 100644 index 7694a0f1f1..0000000000 --- a/inventory/host_vars/bvmhost-x86-02.stg.rdu3.fedoraproject.org +++ /dev/null @@ -1,56 +0,0 @@ ---- -br0_ipv4: 10.16.167.12 -br0_ipv4_gw: 10.16.167.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "fedoraproject.org" -dns_search3: "iad2.fedoraproject.org" -has_ipv4: yes -mac1: c4:cb:e1:e1:56:fe -mac2: c4:cb:e1:e1:56:ff -mac3: c4:70:bd:aa:5c:3e -mac4: c4:70:bd:aa:5c:3f -network_connections: - # Bridge profile - - name: br0 - state: up - type: bridge - mtu: 9000 - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - # Bond profile - - name: bond0 - type: bond - interface_name: bond0 - mtu: 9000 - controller: br0 - bond: - mode: 802.3ad - # Port profile for the 1st Ethernet device - - name: bond0-port1 - mac: "{{ mac2 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 - # Port profile for the 2nd Ethernet device - - name: bond0-port2 - mac: "{{ mac3 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-03.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-x86-03.iad2.fedoraproject.org deleted file mode 100644 index c7704ccf6b..0000000000 --- a/inventory/host_vars/bvmhost-x86-03.iad2.fedoraproject.org +++ /dev/null @@ -1,38 +0,0 @@ ---- -br0_ipv4: 10.3.169.13 -br0_ipv4_gw: 10.3.169.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:b1:62:64 -mac2: e4:43:4b:b1:62:66 -mac3: e4:43:4b:b1:62:84 -mac4: e4:43:4b:b1:62:85 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-03.rdu3.fedoraproject.org b/inventory/host_vars/bvmhost-x86-03.rdu3.fedoraproject.org deleted file mode 100644 index f4e7ec648e..0000000000 --- a/inventory/host_vars/bvmhost-x86-03.rdu3.fedoraproject.org +++ /dev/null @@ -1,56 +0,0 @@ ---- -br0_ipv4: 10.16.169.13 -br0_ipv4_gw: 10.16.169.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "fedoraproject.org" -dns_search3: "iad2.fedoraproject.org" -has_ipv4: yes -mac0: c4:cb:e1:e1:61:52 -mac1: c4:cb:e1:e1:61:53 -mac2: c4:70:bd:c8:cf:96 -mac3: c4:70:bd:c8:cf:97 -network_connections: - # Bridge profile - - name: br0 - state: up - type: bridge - mtu: 9000 - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - # Bond profile - - name: bond0 - type: bond - interface_name: bond0 - mtu: 9000 - controller: br0 - bond: - mode: 802.3ad - # Port profile for the 1st Ethernet device - - name: bond0-port1 - mac: "{{ mac2 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 - # Port profile for the 2nd Ethernet device - - name: bond0-port2 - mac: "{{ mac3 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-03.stg.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-x86-03.stg.iad2.fedoraproject.org deleted file mode 100644 index f8d2ad4730..0000000000 --- a/inventory/host_vars/bvmhost-x86-03.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,40 +0,0 @@ ---- -br0_ipv4: 10.3.167.13 -br0_ipv4_gw: 10.3.167.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac3 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -has_ipv4: yes -mac1: 24:6e:96:b1:c7:f4 -mac2: 24:6e:96:b1:c7:f5 -mac3: 24:6e:96:b1:c7:f0 -mac4: 24:6e:96:b1:c7:f2 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-03.stg.rdu3.fedoraproject.org b/inventory/host_vars/bvmhost-x86-03.stg.rdu3.fedoraproject.org deleted file mode 100644 index d0d80d7b07..0000000000 --- a/inventory/host_vars/bvmhost-x86-03.stg.rdu3.fedoraproject.org +++ /dev/null @@ -1,56 +0,0 @@ ---- -br0_ipv4: 10.16.167.13 -br0_ipv4_gw: 10.16.167.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "fedoraproject.org" -dns_search3: "iad2.fedoraproject.org" -has_ipv4: yes -mac1: c4:cb:e1:e1:60:0c -mac2: c4:cb:e1:e1:60:0d -mac3: c4:70:bd:b7:7c:76 -mac4: c4:70:bd:b7:7c:77 -network_connections: - # Bridge profile - - name: br0 - state: up - type: bridge - mtu: 9000 - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - # Bond profile - - name: bond0 - type: bond - interface_name: bond0 - mtu: 9000 - controller: br0 - bond: - mode: 802.3ad - # Port profile for the 1st Ethernet device - - name: bond0-port1 - mac: "{{ mac2 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 - # Port profile for the 2nd Ethernet device - - name: bond0-port2 - mac: "{{ mac3 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-04.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-x86-04.iad2.fedoraproject.org deleted file mode 100644 index 25e9694583..0000000000 --- a/inventory/host_vars/bvmhost-x86-04.iad2.fedoraproject.org +++ /dev/null @@ -1,38 +0,0 @@ ---- -br0_ipv4: 10.3.169.14 -br0_ipv4_gw: 10.3.169.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:b1:03:30 -mac2: e4:43:4b:b1:03:32 -mac3: e4:43:4b:b1:03:50 -mac4: e4:43:4b:b1:03:51 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-04.rdu3.fedoraproject.org b/inventory/host_vars/bvmhost-x86-04.rdu3.fedoraproject.org deleted file mode 100644 index 0d970bdc1b..0000000000 --- a/inventory/host_vars/bvmhost-x86-04.rdu3.fedoraproject.org +++ /dev/null @@ -1,56 +0,0 @@ ---- -br0_ipv4: 10.16.169.14 -br0_ipv4_gw: 10.16.169.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "fedoraproject.org" -dns_search3: "iad2.fedoraproject.org" -has_ipv4: yes -mac0: c4:cb:e1:e1:60:0a -mac1: c4:cb:e1:e1:60:0b -mac2: c4:70:bd:c8:cf:fc -mac3: c4:70:bd:c8:cf:fd -network_connections: - # Bridge profile - - name: br0 - state: up - type: bridge - mtu: 9000 - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - # Bond profile - - name: bond0 - type: bond - interface_name: bond0 - mtu: 9000 - controller: br0 - bond: - mode: 802.3ad - # Port profile for the 1st Ethernet device - - name: bond0-port1 - mac: "{{ mac2 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 - # Port profile for the 2nd Ethernet device - - name: bond0-port2 - mac: "{{ mac3 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-05.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-x86-05.iad2.fedoraproject.org deleted file mode 100644 index 5d0729d65b..0000000000 --- a/inventory/host_vars/bvmhost-x86-05.iad2.fedoraproject.org +++ /dev/null @@ -1,38 +0,0 @@ ---- -br0_ipv4: 10.3.169.15 -br0_ipv4_gw: 10.3.169.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:ae:44:ee -mac2: e4:43:4b:ae:44:f0 -mac3: e4:43:4b:ae:45:0e -mac4: e4:43:4b:ae:45:0f -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-05.rdu3.fedoraproject.org b/inventory/host_vars/bvmhost-x86-05.rdu3.fedoraproject.org deleted file mode 100644 index 4f88ca2934..0000000000 --- a/inventory/host_vars/bvmhost-x86-05.rdu3.fedoraproject.org +++ /dev/null @@ -1,56 +0,0 @@ ---- -br0_ipv4: 10.16.169.15 -br0_ipv4_gw: 10.16.169.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "fedoraproject.org" -dns_search3: "iad2.fedoraproject.org" -has_ipv4: yes -mac0: c4:cb:e1:e1:60:fc -mac1: c4:cb:e1:e1:60:fd -mac2: c4:70:bd:a4:0c:0c -mac3: c4:70:bd:a4:0c:0d -network_connections: - # Bridge profile - - name: br0 - state: up - type: bridge - mtu: 9000 - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - # Bond profile - - name: bond0 - type: bond - interface_name: bond0 - mtu: 9000 - controller: br0 - bond: - mode: 802.3ad - # Port profile for the 1st Ethernet device - - name: bond0-port1 - mac: "{{ mac2 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 - # Port profile for the 2nd Ethernet device - - name: bond0-port2 - mac: "{{ mac3 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-05.stg.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-x86-05.stg.iad2.fedoraproject.org deleted file mode 100644 index 45dc1d7fdd..0000000000 --- a/inventory/host_vars/bvmhost-x86-05.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,44 +0,0 @@ ---- -# This virthost only has stg instances, so it doesn't freeze -br0_ipv4: 10.3.167.17 -br0_ipv4_gw: 10.3.167.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -freezes: false -has_ipv4: yes -mac1: E4:43:4B:F7:AC:CC -mac2: E4:43:4B:F7:AC:CE -mac3: E4:43:4B:F7:AC:EC -mac4: E4:43:4B:F7:AC:ED -mgmt_ipv4: 10.3.160.157 -mgmt_mac: "2c:ea:7f:f3:58:4e" -nested: true -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-06.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-x86-06.iad2.fedoraproject.org deleted file mode 100644 index 34aac0271f..0000000000 --- a/inventory/host_vars/bvmhost-x86-06.iad2.fedoraproject.org +++ /dev/null @@ -1,38 +0,0 @@ ---- -br0_ipv4: 10.3.169.16 -br0_ipv4_gw: 10.3.169.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:ac:e1:54 -mac2: e4:43:4b:ac:e1:56 -mac3: e4:43:4b:ac:e1:74 -mac4: e4:43:4b:ac:e1:75 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-06.rdu3.fedoraproject.org b/inventory/host_vars/bvmhost-x86-06.rdu3.fedoraproject.org deleted file mode 100644 index 1b61150986..0000000000 --- a/inventory/host_vars/bvmhost-x86-06.rdu3.fedoraproject.org +++ /dev/null @@ -1,56 +0,0 @@ ---- -br0_ipv4: 10.16.169.16 -br0_ipv4_gw: 10.16.169.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "fedoraproject.org" -dns_search3: "iad2.fedoraproject.org" -has_ipv4: yes -mac0: c4:cb:e1:e1:59:e6 -mac1: c4:cb:e1:e1:59:e7 -mac2: c4:70:bd:c8:cf:ea -mac3: c4:70:bd:c8:cf:eb -network_connections: - # Bridge profile - - name: br0 - state: up - type: bridge - mtu: 9000 - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - # Bond profile - - name: bond0 - type: bond - interface_name: bond0 - mtu: 9000 - controller: br0 - bond: - mode: 802.3ad - # Port profile for the 1st Ethernet device - - name: bond0-port1 - mac: "{{ mac2 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 - # Port profile for the 2nd Ethernet device - - name: bond0-port2 - mac: "{{ mac3 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-07.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-x86-07.iad2.fedoraproject.org deleted file mode 100644 index a6a23dc4ac..0000000000 --- a/inventory/host_vars/bvmhost-x86-07.iad2.fedoraproject.org +++ /dev/null @@ -1,38 +0,0 @@ ---- -br0_ipv4: 10.3.169.17 -br0_ipv4_gw: 10.3.169.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:b1:2b:52 -mac2: e4:43:4b:b1:2b:54 -mac3: e4:43:4b:b1:2b:72 -mac4: e4:43:4b:b1:2b:73 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-08.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-x86-08.iad2.fedoraproject.org deleted file mode 100644 index 7e921186f2..0000000000 --- a/inventory/host_vars/bvmhost-x86-08.iad2.fedoraproject.org +++ /dev/null @@ -1,46 +0,0 @@ ---- -br0_ipv4: 10.3.169.18 -br0_ipv4_gw: 10.3.169.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac2 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:24:19:96 -mac2: e4:43:4b:24:19:76 -mac3: e4:43:4b:24:19:97 -mac4: e4:43:4b:24:19:78 -nbde_client_bindings: - - device: /dev/md126 - encryption_password: "{{ nbde_password }}" - password_temporary: no - threshold: 1 - servers: - - http://tang01.iad2.fedoraproject.org - - http://tang02.iad2.fedoraproject.org -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/bvmhost-x86-riscv01.iad2.fedoraproject.org b/inventory/host_vars/bvmhost-x86-riscv01.iad2.fedoraproject.org deleted file mode 100644 index 6b4094e9ca..0000000000 --- a/inventory/host_vars/bvmhost-x86-riscv01.iad2.fedoraproject.org +++ /dev/null @@ -1,36 +0,0 @@ ---- -br0_ipv4: 10.3.172.11 -br0_ipv4_gw: 10.3.172.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac2 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: 20:3a:43:03:d0:4c -mac2: 20:3a:43:03:d0:4d -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/centos-ipa-client01.stg.iad2.fedoraproject.org b/inventory/host_vars/centos-ipa-client01.stg.iad2.fedoraproject.org deleted file mode 100644 index 33e6eb3aea..0000000000 --- a/inventory/host_vars/centos-ipa-client01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.42 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL8-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-8-iad2 -nagios_Can_Connect: false -nagios_Check_Services: - mail: false - nrpe: false - ping: false - sshd: false - swap: false -vmhost: vmhost-x86-11.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/centos-ipa-client02.stg.iad2.fedoraproject.org b/inventory/host_vars/centos-ipa-client02.stg.iad2.fedoraproject.org deleted file mode 100644 index b50694529c..0000000000 --- a/inventory/host_vars/centos-ipa-client02.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.43 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL8-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-8-iad2 -nagios_Can_Connect: false -nagios_Check_Services: - mail: false - nrpe: false - ping: false - sshd: false - swap: false -vmhost: vmhost-x86-12.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/centos-ipa-client03.stg.iad2.fedoraproject.org b/inventory/host_vars/centos-ipa-client03.stg.iad2.fedoraproject.org deleted file mode 100644 index a7aab9a507..0000000000 --- a/inventory/host_vars/centos-ipa-client03.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.81 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -nagios_Can_Connect: false -nagios_Check_Services: - mail: false - nrpe: false - ping: false - sshd: false - swap: false -vmhost: vmhost-x86-11.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/centos-ipa-client04.stg.iad2.fedoraproject.org b/inventory/host_vars/centos-ipa-client04.stg.iad2.fedoraproject.org deleted file mode 100644 index 64ca207a55..0000000000 --- a/inventory/host_vars/centos-ipa-client04.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.82 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -nagios_Can_Connect: false -nagios_Check_Services: - mail: false - nrpe: false - ping: false - sshd: false - swap: false -vmhost: vmhost-x86-11.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/certgetter01.iad2.fedoraproject.org b/inventory/host_vars/certgetter01.iad2.fedoraproject.org deleted file mode 100644 index 81cda7a0a4..0000000000 --- a/inventory/host_vars/certgetter01.iad2.fedoraproject.org +++ /dev/null @@ -1,9 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.47 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -mem_size: 4096 -vmhost: vmhost-x86-04.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/collab04.vpn.fedoraproject.org b/inventory/host_vars/collab04.vpn.fedoraproject.org new file mode 100644 index 0000000000..fbc0826155 --- /dev/null +++ b/inventory/host_vars/collab04.vpn.fedoraproject.org @@ -0,0 +1,2 @@ +--- +host_backup_targets: ['/srv'] diff --git a/inventory/host_vars/coloamer01.fedoraproject.org b/inventory/host_vars/coloamer01.fedoraproject.org new file mode 100644 index 0000000000..2e16f2825b --- /dev/null +++ b/inventory/host_vars/coloamer01.fedoraproject.org @@ -0,0 +1,4 @@ +--- +datacenter: coloamer +virthost: true +postfix_group: vpn diff --git a/inventory/host_vars/compose-branched01.iad2.fedoraproject.org b/inventory/host_vars/compose-branched01.iad2.fedoraproject.org deleted file mode 100644 index 8628a5a0ee..0000000000 --- a/inventory/host_vars/compose-branched01.iad2.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.121 -freezes: true -koji_hub_nfs: "fedora_koji" -kojihub_scheme: https -kojihub_url: koji.fedoraproject.org/kojihub -kojipkgs_url: kojipkgs.fedoraproject.org -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -virt_install_command: "{{ virt_install_command_one_nic_unsafe }}" -vmhost: bvmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/compose-eln01.iad2.fedoraproject.org b/inventory/host_vars/compose-eln01.iad2.fedoraproject.org deleted file mode 100644 index f9be347dea..0000000000 --- a/inventory/host_vars/compose-eln01.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.125 -# eln is never frozen, the compose box should not be so we can make needed changes -freezes: false -koji_hub_nfs: "fedora_koji" -koji_instance: "primary" -kojihub_scheme: https -kojihub_url: koji.fedoraproject.org/kojihub -kojipkgs_url: kojipkgs.fedoraproject.org -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -virt_install_command: "{{ virt_install_command_one_nic_unsafe }}" -vmhost: bvmhost-x86-05.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/compose-iot01.iad2.fedoraproject.org b/inventory/host_vars/compose-iot01.iad2.fedoraproject.org deleted file mode 100644 index f1303923b1..0000000000 --- a/inventory/host_vars/compose-iot01.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.122 -# This VM is the compose host for IoT Edition -freezes: false -koji_hub_nfs: "fedora_koji" -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/38/Everything/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -main_bridge: br0 -mem_size: 32768 -sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers" -virt_install_command: "{{ virt_install_command_one_nic }}" -vmhost: bvmhost-x86-03.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/compose-rawhide01.iad2.fedoraproject.org b/inventory/host_vars/compose-rawhide01.iad2.fedoraproject.org deleted file mode 100644 index 682d82b2d7..0000000000 --- a/inventory/host_vars/compose-rawhide01.iad2.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.123 -# rawhide is never frozen, the compose box should not be so we can make needed changes -freezes: false -koji_hub_nfs: "fedora_koji" -kojihub_scheme: https -kojihub_url: koji.fedoraproject.org/kojihub -kojipkgs_url: kojipkgs.fedoraproject.org -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -virt_install_command: "{{ virt_install_command_one_nic_unsafe }}" -vmhost: bvmhost-x86-03.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/compose-x86-01.iad2.fedoraproject.org b/inventory/host_vars/compose-x86-01.iad2.fedoraproject.org deleted file mode 100644 index fd4cdcf338..0000000000 --- a/inventory/host_vars/compose-x86-01.iad2.fedoraproject.org +++ /dev/null @@ -1,17 +0,0 @@ -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.124 -koji_hub_nfs: "fedora_koji" -kojihub_scheme: https -kojihub_url: koji.fedoraproject.org/kojihub -kojipkgs_url: kojipkgs.fedoraproject.org -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -# -# These are 64bit -# -libdir: /usr/lib64 -lvm_size: 250000 -virt_install_command: "{{ virt_install_command_one_nic_unsafe }}" -vmhost: bvmhost-x86-04.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/compose-x86-01.stg.iad2.fedoraproject.org b/inventory/host_vars/compose-x86-01.stg.iad2.fedoraproject.org deleted file mode 100644 index 23f2cdd6c0..0000000000 --- a/inventory/host_vars/compose-x86-01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,11 +0,0 @@ -datacenter: staging -eth0_ipv4_gw: 10.3.167.254 -eth0_ipv4_ip: 10.3.167.33 -koji_hub_nfs: "fedora_koji" -kojihub_scheme: http -kojihub_url: koji.stg.fedoraproject.org/kojihub -kojipkgs_url: kojipkgs.fedoraproject.org -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/development/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -vmhost: bvmhost-x86-03.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/compose-x86-riscv01.iad2.fedoraproject.org b/inventory/host_vars/compose-x86-riscv01.iad2.fedoraproject.org deleted file mode 100644 index 54c1b21b46..0000000000 --- a/inventory/host_vars/compose-x86-riscv01.iad2.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ -datacenter: iad2 -eth0_ipv4_gw: 10.3.172.254 -eth0_ipv4_ip: 10.3.172.22 -# eln is never frozen, the compose box should not be so we can make needed changes -freezes: false -koji_hub_nfs: "fedora_riscv_koji" -kojihub_scheme: https -kojihub_url: riscv-koji.fedoraproject.org/kojihub -kojipkgs_url: riscv-kojipkgs.fedoraproject.org -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -virt_install_command: "{{ virt_install_command_one_nic_unsafe }}" -vmhost: bvmhost-x86-riscv01.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/copr-be-dev-temp.aws.fedoraproject.org b/inventory/host_vars/copr-be-dev-temp.aws.fedoraproject.org deleted file mode 100644 index bbb1f5e14b..0000000000 --- a/inventory/host_vars/copr-be-dev-temp.aws.fedoraproject.org +++ /dev/null @@ -1,11 +0,0 @@ ---- -nagios_Check_Services: - dhcpd: false - httpd: false - mail: false - named: false - nrpe: false - ping: false - raid: false - sshd: false - swap: false diff --git a/inventory/host_vars/copr-be-dev.aws.fedoraproject.org b/inventory/host_vars/copr-be-dev.aws.fedoraproject.org deleted file mode 100644 index 70ce904b4a..0000000000 --- a/inventory/host_vars/copr-be-dev.aws.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ -hostbase: copr-be-dev- -nagios_Check_Services: - dhcpd: false - httpd: false - mail: false - named: false - nrpe: true - ping: false - raid: false - sshd: false - swap: false -public_ip: 18.208.10.131 -swap_file_path: /swap -swap_file_size_mb: 16000 diff --git a/inventory/host_vars/copr-be-dev.cloud.fedoraproject.org b/inventory/host_vars/copr-be-dev.cloud.fedoraproject.org new file mode 100644 index 0000000000..452768d388 --- /dev/null +++ b/inventory/host_vars/copr-be-dev.cloud.fedoraproject.org @@ -0,0 +1,11 @@ +--- +instance_type: m1.xlarge +image: "{{ f20_qcow_id }}" +keypair: fedora-admin-20130801 +security_group: webserver +zone: nova +hostbase: copr-be-dev- +public_ip: 209.132.184.179 +root_auth_users: bkabrda msuchy tradej pingou +description: copr dispatcher and repo server - dev instance +tcp_ports: ['22', '80', '443'] diff --git a/inventory/host_vars/copr-be.aws.fedoraproject.org b/inventory/host_vars/copr-be.aws.fedoraproject.org deleted file mode 100644 index 2e7a61631f..0000000000 --- a/inventory/host_vars/copr-be.aws.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ -hostbase: copr-be- -nagios_Check_Services: - dhcpd: false - httpd: true - mail: false - named: false - nrpe: true - ping: false - raid: false - sshd: false - swap: false -public_ip: 52.44.175.77 -swap_file_path: /swap -swap_file_size_mb: 16384 diff --git a/inventory/host_vars/copr-dist-git-dev.aws.fedoraproject.org b/inventory/host_vars/copr-dist-git-dev.aws.fedoraproject.org deleted file mode 100644 index 50238d1a56..0000000000 --- a/inventory/host_vars/copr-dist-git-dev.aws.fedoraproject.org +++ /dev/null @@ -1,26 +0,0 @@ ---- -ansible_become: yes -ansible_become_user: root -ansible_ssh_user: fedora -# Copr vars -copr_hostbase: copr-dist-git-dev -description: copr dist git - dev instance -#instance_type: t3a.medium -#image: "{{ fedora31_x86_64 }}" -#keypair: fedora-admin-20130801 -hostbase: copr-dist-git-dev- -inventory_hostname: "copr-dist-git-dev.aws.fedoraproject.org" -inventory_instance_name: copr-dist-git-dev -nagios_Check_Services: - dhcpd: false - httpd: false - mail: false - named: false - nrpe: true - ping: false - raid: false - sshd: false - swap: false -public_ip: 54.243.51.13 -swap_file_path: /swap -swap_file_size_mb: 2048 diff --git a/inventory/host_vars/copr-dist-git.aws.fedoraproject.org b/inventory/host_vars/copr-dist-git.aws.fedoraproject.org deleted file mode 100644 index 3f07e7b80a..0000000000 --- a/inventory/host_vars/copr-dist-git.aws.fedoraproject.org +++ /dev/null @@ -1,27 +0,0 @@ ---- -ansible_become: yes -ansible_become_user: root -ansible_ssh_user: fedora -# Copr vars -copr_hostbase: copr-dist-git -description: copr dist git - prod instance -swap_file_size_mb: 50000 -swap_file_path: /swap - -#instance_type: t3a.medium -#image: "{{ fedora31_x86_64 }}" -#keypair: fedora-admin-20130801 -hostbase: copr-dist-git -inventory_hostname: "copr-dist-git.aws.fedoraproject.org" -inventory_instance_name: copr-dist-git -nagios_Check_Services: - dhcpd: false - httpd: false - mail: false - named: false - nrpe: true - ping: false - raid: false - sshd: false - swap: false -public_ip: 3.89.184.181 diff --git a/inventory/host_vars/copr-fe-dev.aws.fedoraproject.org b/inventory/host_vars/copr-fe-dev.aws.fedoraproject.org deleted file mode 100644 index d6abf754ce..0000000000 --- a/inventory/host_vars/copr-fe-dev.aws.fedoraproject.org +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copr vars -copr_hostbase: copr-fe-dev -description: copr frontend - dev instance -hostbase: copr-fe-dev- -inventory_hostname: "copr-fe-dev.aws.fedoraproject.org" -inventory_instance_name: copr-fe-dev -nagios_Check_Services: - dhcpd: false - httpd: false - mail: false - named: false - nrpe: true - ping: false - raid: false - sshd: false - swap: false -principal_alias: "HTTP/copr.stg.fedoraproject.org@STG.FEDORAPROJECT.ORG" -public_ip: 18.208.24.211 -swap_file_path: /swap -swap_file_size_mb: 4096 diff --git a/inventory/host_vars/copr-fe-dev.cloud.fedoraproject.org b/inventory/host_vars/copr-fe-dev.cloud.fedoraproject.org new file mode 100644 index 0000000000..a191d537ee --- /dev/null +++ b/inventory/host_vars/copr-fe-dev.cloud.fedoraproject.org @@ -0,0 +1,11 @@ +--- +instance_type: m1.medium +image: "{{ f20_qcow_id }}" +keypair: fedora-admin-20130801 +security_group: webserver +zone: nova +hostbase: copr-fe-dev- +public_ip: 209.132.184.183 +root_auth_users: bkabrda ryanlerch pingou msuchy tradej asamalik +description: copr frontend server - dev instance +tcp_ports: ['22', '80', '443'] diff --git a/inventory/host_vars/copr-fe.aws.fedoraproject.org b/inventory/host_vars/copr-fe.aws.fedoraproject.org deleted file mode 100644 index 2fd0d981ec..0000000000 --- a/inventory/host_vars/copr-fe.aws.fedoraproject.org +++ /dev/null @@ -1,30 +0,0 @@ ---- -# this overrides vars/Fedora.yml -base_pkgs_erase: ['PackageKit*', 'sendmail', 'at'] -# Copr vars -copr_hostbase: copr-fe -db_backup_dir: ['/backups'] -# dbs to be backed up on this host -dbs_to_backup: - - coprdb -description: copr frontend server - prod instance -hostbase: copr-fe- -inventory_hostname: "copr-fe.aws.fedoraproject.org" -inventory_instance_name: copr-fe -nagios_Check_Services: - dhcpd: false - httpd: false - mail: false - named: false - nrpe: true - ping: false - raid: false - sshd: false - swap: false -public_ip: 3.225.109.36 -sar_output_file: copr.json -# GDPR SAR variables -sar_script: /usr/share/copr/coprs_frontend/run/copr-gdpr-sar.sh -sar_script_user: copr-fe -swap_file_path: /swap -swap_file_size_mb: 8192 diff --git a/inventory/host_vars/copr-keygen-dev.aws.fedoraproject.org b/inventory/host_vars/copr-keygen-dev.aws.fedoraproject.org deleted file mode 100644 index 9ba3b08a03..0000000000 --- a/inventory/host_vars/copr-keygen-dev.aws.fedoraproject.org +++ /dev/null @@ -1,23 +0,0 @@ ---- -ansible_become: yes -ansible_become_user: root -ansible_ssh_user: fedora -#volumes: [ {volume_id: '9e2b4c55-9ec3-4508-af46-a40f3a5bd982', device: '/dev/vdc'} ] -description: copr key gen and sign host - dev instance -#instance_type: t3a.small -#image: "{{ fedora31_x86_64 }}" -#keypair: fedora-admin-20130801 -hostbase: copr-keygen-dev- -inventory_hostname: "copr-keygen-dev.aws.fedoraproject.org" -inventory_instance_name: copr-keygen-dev -nagios_Check_Services: - dhcpd: false - httpd: false - mail: false - named: false - nrpe: true - ping: false - raid: false - sshd: false - swap: false -public_ip: 54.225.23.248 diff --git a/inventory/host_vars/copr-keygen.aws.fedoraproject.org b/inventory/host_vars/copr-keygen.aws.fedoraproject.org deleted file mode 100644 index 4cbd3dfbd3..0000000000 --- a/inventory/host_vars/copr-keygen.aws.fedoraproject.org +++ /dev/null @@ -1,23 +0,0 @@ ---- -ansible_become: yes -ansible_become_user: root -ansible_ssh_user: fedora -db_backup_dir: ['/backup'] -description: copr key gen and sign host - prod instance -#instance_type: t3a.small -#image: "{{ fedora31_x86_64 }}" -#keypair: fedora-admin-20130801 -hostbase: copr-keygen-dev- -inventory_hostname: "copr-keygen.aws.fedoraproject.org" -inventory_instance_name: copr-keygen -nagios_Check_Services: - dhcpd: false - httpd: false - mail: false - named: false - nrpe: true - ping: false - raid: false - sshd: true - swap: false -public_ip: 54.83.48.73 diff --git a/inventory/host_vars/copr-pulp-dev.aws.fedoraproject.org b/inventory/host_vars/copr-pulp-dev.aws.fedoraproject.org deleted file mode 100644 index 482c4394e6..0000000000 --- a/inventory/host_vars/copr-pulp-dev.aws.fedoraproject.org +++ /dev/null @@ -1,22 +0,0 @@ -hostbase: copr-pulp-dev- -nagios_Check_Services: - dhcpd: false - httpd: false - mail: false - named: false - nrpe: true - ping: false - raid: false - sshd: false - swap: true -public_ip: 44.206.10.188 -swap_file_path: /swap -swap_file_size_mb: 8096 - -tcp_ports: [ - 22, - # PULP API - 24817, -] - -aws_ipv6_con: "System eth0" diff --git a/inventory/host_vars/copr-pulp.aws.fedoraproject.org b/inventory/host_vars/copr-pulp.aws.fedoraproject.org deleted file mode 100644 index 16eba8df35..0000000000 --- a/inventory/host_vars/copr-pulp.aws.fedoraproject.org +++ /dev/null @@ -1,18 +0,0 @@ -hostbase: copr-pulp- -# This instance is not yet started -nagios_Can_Connect: false -# nagios_Check_Services: -# dhcpd: false -# httpd: true -# mail: false -# named: false -# nrpe: true -# ping: false -# raid: false -# sshd: false -# swap: false -public_ip: TODO -swap_file_path: /swap -swap_file_size_mb: 8096 - -aws_ipv6_con: "System eth0" diff --git a/inventory/host_vars/data-reports01.iad2.fedoraproject.org b/inventory/host_vars/data-reports01.iad2.fedoraproject.org deleted file mode 100644 index decf5d8616..0000000000 --- a/inventory/host_vars/data-reports01.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.113 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/37/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -vmhost: vmhost-x86-05.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/datagrepper01.phx2.fedoraproject.org b/inventory/host_vars/datagrepper01.phx2.fedoraproject.org new file mode 100644 index 0000000000..6cbd8341f7 --- /dev/null +++ b/inventory/host_vars/datagrepper01.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +volgroup: /dev/vg_guests00 +vmhost: virthost14.phx2.fedoraproject.org +datacenter: phx2 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.126.18 diff --git a/inventory/host_vars/datagrepper01.stg.phx2.fedoraproject.org b/inventory/host_vars/datagrepper01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..132562746a --- /dev/null +++ b/inventory/host_vars/datagrepper01.stg.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +volgroup: /dev/vg_guests +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.126.67 diff --git a/inventory/host_vars/datagrepper02.phx2.fedoraproject.org b/inventory/host_vars/datagrepper02.phx2.fedoraproject.org new file mode 100644 index 0000000000..144a85d7a8 --- /dev/null +++ b/inventory/host_vars/datagrepper02.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +volgroup: /dev/vg_guests00 +vmhost: virthost07.phx2.fedoraproject.org +datacenter: phx2 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +eth0_ip: 10.5.126.19 diff --git a/inventory/host_vars/db-aarch64.qa.fedoraproject.org b/inventory/host_vars/db-aarch64.qa.fedoraproject.org new file mode 100644 index 0000000000..187eec761e --- /dev/null +++ b/inventory/host_vars/db-aarch64.qa.fedoraproject.org @@ -0,0 +1,11 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/VirtGuests +eth0_ip: 10.5.124.148 +vmhost: virthost-comm02.qa.fedoraproject.org +datacenter: phx2 +is_kojidb: True diff --git a/inventory/host_vars/db-datanommer01.phx2.fedoraproject.org b/inventory/host_vars/db-datanommer01.phx2.fedoraproject.org new file mode 100644 index 0000000000..5f02aeefbe --- /dev/null +++ b/inventory/host_vars/db-datanommer01.phx2.fedoraproject.org @@ -0,0 +1,27 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests00 +eth0_ip: 10.5.126.109 +vmhost: virthost14.phx2.fedoraproject.org +datacenter: phx2 + +# This is a generic list, monitored by collectd +databases: +- datanommer + +# This is a more strict list, to be made publicly available +dbs_to_backup: +- datanommer + +host_backup_targets: ['/backups'] + +# These are normally group variables, but in this case db servers are often different +lvm_size: 300000 +mem_size: 8192 +num_cpus: 2 +tcp_ports: [ 5432, 443 ] +fas_client_groups: sysadmin-dba,sysadmin-noc diff --git a/inventory/host_vars/db-datanommer01.stg.iad2.fedoraproject.org b/inventory/host_vars/db-datanommer01.stg.iad2.fedoraproject.org deleted file mode 100644 index 4274421eb4..0000000000 --- a/inventory/host_vars/db-datanommer01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,26 +0,0 @@ ---- -# This is a generic list, monitored by collectd -databases: - - datanommer -datacenter: iad2 -effective_cache_size: "12GB" -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.59 -# kernel SHMMAX value -kernel_shmmax: 68719476736 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# These are normally group variables, but in this case db servers are often different -lvm_size: 1000000 -max_mem_size: 98304 -mem_size: 65536 -num_cpus: 8 -sar_huge: true -sar_output_file: datagrepper.csv -# GDPR SAR variables - datanommer/datagrepper -sar_script: /usr/local/bin/datagrepper_sar.py -sar_script_user: root -shared_buffers: "4GB" -tcp_ports: [5432, 443] -vmhost: vmhost-x86-01.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/db-datanommer02.iad2.fedoraproject.org b/inventory/host_vars/db-datanommer02.iad2.fedoraproject.org deleted file mode 100644 index cdc9fcfee7..0000000000 --- a/inventory/host_vars/db-datanommer02.iad2.fedoraproject.org +++ /dev/null @@ -1,37 +0,0 @@ ---- -# This is a generic list, monitored by collectd -databases: - - datanommer -datacenter: iad2 -db_backup_dir: ['/backups'] -# This is a more strict list, to be made publicly available -dbs_to_backup: - - datanommer2 -effective_cache_size: "12GB" -eth0_ipv4: "{{eth0_ip}}" -eth0_ipv4_gw: "10.3.163.254" -eth0_ipv4_ip: 10.3.163.111 -# kernel SHMMAX value -kernel_shmmax: 68719476736 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# These are normally group variables, but in this case db servers are often different -lvm_size: 2000g -max_cpu: "{{ num_cpus * 2 }}" -max_mem_size: "{{ mem_size * 2 }}" -max_parallel_workers: 6 -max_parallel_workers_per_gather: 4 -max_worker_processes: 8 -mem_size: 32768 -nagios_Check_Services: - swap: false -num_cpus: 16 -sar_huge: true -sar_output_file: datagrepper.csv -# GDPR SAR variables - datanommer/datagrepper -sar_script: /usr/local/bin/datagrepper_sar.py -sar_script_user: root -shared_buffers: "4GB" -tcp_ports: [5432, 443] -vmhost: vmhost-x86-08.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/db-fas01.iad2.fedoraproject.org b/inventory/host_vars/db-fas01.iad2.fedoraproject.org deleted file mode 100644 index 56b71d8c94..0000000000 --- a/inventory/host_vars/db-fas01.iad2.fedoraproject.org +++ /dev/null @@ -1,52 +0,0 @@ ---- -# -# Only allow postgresql access from the frontend nodes and hosted. -# -custom_rules: [ - # Openshift nodes (egress policy will block connection from non-authorized projects) - '-A INPUT -p tcp -m tcp -s 10.3.163.69 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.70 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.71 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.72 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.73 --dport 5432 -j ACCEPT', - # noc01 needs to connect to check the db - '-A INPUT -p tcp -m tcp -s 10.3.163.10 --dport 5432 -j ACCEPT', - # Ipsilon VMs - '-A INPUT -p tcp -m tcp -s 10.3.163.105 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.106 --dport 5432 -j ACCEPT'] -nft_custom_rules: - # Openshift nodes (egress policy will block connection from non-authorized projects) - - 'add rule ip filter INPUT ip saddr 10.3.163.69 tcp dport 5432 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.70 tcp dport 5432 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.71 tcp dport 5432 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.72 tcp dport 5432 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.73 tcp dport 5432 counter accept' - # noc01 needs to connect to check the db - - 'add rule ip filter INPUT ip saddr 10.3.163.10 tcp dport 5432 counter accept' - # Ipsilon VMs - - 'add rule ip filter INPUT ip saddr 10.3.163.105 tcp dport 5432 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.106 tcp dport 5432 counter accept' -# This is a generic list, monitored by collectd -databases: - - fas2 - - ipsilon -datacenter: iad2 -db_backup_dir: ['/backups'] -# This is a more strict list, to be made publicly available -dbs_to_backup: - - fas2 - - ipsilon -effective_cache_size: "6GB" -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.42 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# These are normally group variables, but in this case db servers are often different -lvm_size: 100000 -max_stack_depth: "4MB" -mem_size: 16384 -nrpe_procs_crit: 800 -# -# Large updates pushes cause lots of db threads doing the tag moves, so up this from default. -# -nrpe_procs_warn: 600 -num_cpus: 8 -shared_buffers: "2GB" -temp_buffers: "8MB" -vmhost: vmhost-x86-08.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/db-fas01.stg.iad2.fedoraproject.org b/inventory/host_vars/db-fas01.stg.iad2.fedoraproject.org deleted file mode 100644 index fb4a35e62e..0000000000 --- a/inventory/host_vars/db-fas01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,42 +0,0 @@ ---- -# -# Only allow postgresql access from the frontend node and ipsilon01.stg and -# fas3-01.stg and openshift -# -custom_rules: - # - '-A INPUT -p tcp -m tcp -s 10.5.128.129 --dport 5432 -j ACCEPT' - # - '-A INPUT -p tcp -m tcp -s 10.5.128.137 --dport 5432 -j ACCEPT' - # - '-A INPUT -p tcp -m tcp -s 10.5.128.82 --dport 5432 -j ACCEPT' - # - '-A INPUT -p tcp -m tcp -s 10.5.128.104 --dport 5432 -j ACCEPT' - # - '-A INPUT -p tcp -m tcp -s 10.5.128.105 --dport 5432 -j ACCEPT' - # - '-A INPUT -p tcp -m tcp -s 10.5.128.106 --dport 5432 -j ACCEPT' - # - '-A INPUT -p tcp -m tcp -s 10.5.128.107 --dport 5432 -j ACCEPT' - # TODO: lock it down more - - '-A INPUT -p tcp -m tcp -s 10.3.166.0/24 --dport 5432 -j ACCEPT' -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 10.3.166.0/24 tcp dport 5432 counter accept' -# This is a generic list, monitored by collectd -databases: - - fas2 -datacenter: iad2 -db_backup_dir: ['/backups'] -# This is a more strict list, to be made publicly available -dbs_to_backup: - - fas2 -effective_cache_size: "3GB" -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.34 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# These are normally group variables, but in this case db servers are often different -lvm_size: 30000 -mem_size: 4096 -nrpe_procs_crit: 500 -# -# Large updates pushes cause lots of db threads doing the tag moves, so up this from default. -# -nrpe_procs_warn: 400 -num_cpus: 2 -shared_buffers: "1GB" -vmhost: vmhost-x86-01.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/db-koji01.iad2.fedoraproject.org b/inventory/host_vars/db-koji01.iad2.fedoraproject.org deleted file mode 100644 index df0956741c..0000000000 --- a/inventory/host_vars/db-koji01.iad2.fedoraproject.org +++ /dev/null @@ -1,49 +0,0 @@ ---- -# -# Only allow postgresql access from the frontend node. -# -custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.169.104 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.169.105 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.169.10 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.10 --dport 5432 -j ACCEPT'] -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 10.3.169.104 tcp dport 5432 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.169.105 tcp dport 5432 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.169.10 tcp dport 5432 counter accept' - - 'add rule ip filter INPUT ip saddr 10.3.163.10 tcp dport 5432 counter accept' -# This is a generic list, monitored by collectd -databases: - - koji -datacenter: iad2 -db_backup_dir: ['/backups'] -# This is a more strict list, to be made publicly available -dbs_to_backup: - - koji -effective_cache_size: "100GB" -effective_io_concurrency: 20 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.103 -# kernel SHMMAX value -kernel_shmmax: 68719476736 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# These are normally group variables, but in this case db servers are often different -lvm_size: 1750000 -max_cpu: 96 -max_mem_size: 327680 -max_parallel_maintenance_workers: 4 -max_parallel_workers: 40 -max_parallel_workers_per_gather: 10 -max_stack_depth: "6MB" -max_worker_processes: 60 -mem_size: 262140 -nagios_Check_Services: - swap: false -nrpe_procs_crit: 700 -# -# Large updates pushes cause lots of db threads doing the tag moves, so up this from default. -# -nrpe_procs_warn: 600 -num_cpus: 64 -shared_buffers: "64GB" -swap: false -temp_buffers: "192MB" -vmhost: bvmhost-x86-01.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/db-koji01.stg.iad2.fedoraproject.org b/inventory/host_vars/db-koji01.stg.iad2.fedoraproject.org deleted file mode 100644 index ce0b5904f4..0000000000 --- a/inventory/host_vars/db-koji01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,30 +0,0 @@ ---- -# -# Only allow postgresql access from the frontend node. -# -custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.167.64 --dport 5432 -j ACCEPT'] -nft_custom_rules: ['add rule ip filter INPUT ip saddr 10.3.167.64 tcp dport 5432 counter accept'] -# This is a generic list, monitored by collectd -databases: - - koji -datacenter: iad2 -effective_cache_size: "12GB" -eth0_ipv4_gw: 10.3.167.254 -eth0_ipv4_ip: 10.3.167.65 -# kernel SHMMAX value -kernel_shmmax: 68719476736 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# These are normally group variables, but in this case db servers are often different -lvm_size: 2000000 -max_mem_size: "{{ mem_size }}" -mem_size: 65536 -nrpe_procs_crit: 700 -# -# Large updates pushes cause lots of db threads doing the tag moves, so up this from default. -# -nrpe_procs_warn: 600 -num_cpus: 16 -shared_buffers: "4GB" -vmhost: bvmhost-x86-02.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/db-openqa01.iad2.fedoraproject.org b/inventory/host_vars/db-openqa01.iad2.fedoraproject.org deleted file mode 100644 index f1c095ab64..0000000000 --- a/inventory/host_vars/db-openqa01.iad2.fedoraproject.org +++ /dev/null @@ -1,31 +0,0 @@ ---- -# This is a generic list, monitored by collectd -databases: - - postgres - - openqa -datacenter: iad2 -db_backup_dir: ['/backups'] -# This is a more strict list, to be made publicly available -dbs_to_backup: - - postgres - # these names are also stored as host vars 'openqa_dbname', - # make sure to keep in sync - - openqa - - openqa-stg -effective_cache_size: "6GB" -eth0_ipv4_gw: 10.3.174.254 -eth0_ipv4_ip: 10.3.174.51 -host_backup_targets: ['/backups'] -# kernel SHMMAX value -kernel_shmmax: 68719476736 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# These are normally group variables, but in this case db servers are often different -lvm_size: 300000 -mem_size: 16384 -num_cpus: 10 -shared_buffers: "2GB" -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -tcp_ports: [5432, 443, 3306] -vmhost: qvmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/db-qa01.qa.fedoraproject.org b/inventory/host_vars/db-qa01.qa.fedoraproject.org new file mode 100644 index 0000000000..a943195408 --- /dev/null +++ b/inventory/host_vars/db-qa01.qa.fedoraproject.org @@ -0,0 +1,36 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/VirtGuests +eth0_ip: 10.5.124.144 +vmhost: virthost-comm02.qa.fedoraproject.org +datacenter: phx2 + +# This is a generic list, monitored by collectd +databases: +- postgres + +# This is a more strict list, to be made publicly available +dbs_to_backup: +- postgres +- buildmaster +- buildmaster_dev +- buildmaster_stg +- fakefedorainfra +- fakefedorainfra_stg +- dev_fakefedorainfra +- resultsdb +- resultsdb_stg +- resultsdb_dev + +host_backup_targets: ['/backups'] + +# These are normally group variables, but in this case db servers are often different +lvm_size: 300000 +mem_size: 8192 +num_cpus: 2 +tcp_ports: [ 5432, 443 ] +fas_client_groups: sysadmin-qa,sysadmin-noc diff --git a/inventory/host_vars/db-riscv-koji01.iad2.fedoraproject.org b/inventory/host_vars/db-riscv-koji01.iad2.fedoraproject.org deleted file mode 100644 index f03422a3ce..0000000000 --- a/inventory/host_vars/db-riscv-koji01.iad2.fedoraproject.org +++ /dev/null @@ -1,31 +0,0 @@ ---- -# This is a generic list, monitored by collectd -custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.172.21 --dport 5432 -j ACCEPT'] -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 10.3.172.21 tcp dport 5432 counter accept' -databases: - - koji -datacenter: iad2 -db_backup_dir: ['/backups'] -dbs_to_backup: - - koji -dns1: 10.3.163.33 -effective_cache_size: "6GB" -eth0_ipv4_gw: 10.3.172.254 -eth0_ipv4_ip: 10.3.172.20 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# These are normally group variables, but in this case db servers are often different -lvm_size: 100000 -max_stack_depth: "4MB" -mem_size: 16384 -nrpe_procs_crit: 800 -# -# Large updates pushes cause lots of db threads doing the tag moves, so up this from default. -# -nrpe_procs_warn: 600 -num_cpus: 8 -shared_buffers: "2GB" -temp_buffers: "8MB" -vmhost: bvmhost-x86-riscv01.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/db.stg.aws.fedoraproject.org b/inventory/host_vars/db.stg.aws.fedoraproject.org deleted file mode 100644 index daaa7d354d..0000000000 --- a/inventory/host_vars/db.stg.aws.fedoraproject.org +++ /dev/null @@ -1,38 +0,0 @@ ---- -ansible_become: yes -ansible_become_user: root -ansible_user: ec2-user -root_auth_users: msuchy -# This is a generic list, monitored by collectd -databases: - - coprdb -db_backup_dir: ['/backups'] -# Should be 0.25 of memory -#shared_buffers: "16GB" -# Should be 0.80 of memory -#effective_cache_size: "50GB" -#max_stack_depth: "6MB" - -# This is a more strict list of databases to backup every day -dbs_to_backup: - - coprdb -description: copr database - staging instance -hostbase: db-stg-aws -inventory_hostname: "db.stg.aws.fedoraproject.org" -inventory_instance_name: db_stg_aws - -# This instance is stopped for now (not enough time to finish) -nagios_Can_Connect: false -nagios_Check_Services: - dhcpd: false - httpd: false - mail: false - named: false - nrpe: false - ping: false - raid: false - sshd: false - swap: false -public_ip: 184.73.23.234 -swap_file_path: /swap -swap_file_size_mb: 4096 diff --git a/inventory/host_vars/db01.iad2.fedoraproject.org b/inventory/host_vars/db01.iad2.fedoraproject.org deleted file mode 100644 index 9407754b08..0000000000 --- a/inventory/host_vars/db01.iad2.fedoraproject.org +++ /dev/null @@ -1,77 +0,0 @@ ---- -# -# We should narrow this down at some point -# -custom_rules: ['-A INPUT -p tcp -m tcp --dport 5432 -j ACCEPT'] -nft_custom_rules: ['add rule ip filter INPUT tcp dport 5432 counter accept'] -# This is a generic list, monitored by collectd -databases: - - anitya - - blockerbugs - - bodhi2 - - elections - - fedocal - - hyperkitty - - kerneltest - - koschei - - mailman - - mirrormanager2 - - notifications - - pagure - - resultsdb - - tahrir - - testdays - - testdays_resultsdb - - transtats - - waiverdb - - webhook2fedmsg - - zezere -datacenter: iad2 -db_backup_dir: ['/backups'] -# This is a more strict list of databases to backup every day -dbs_to_backup: - - anitya - - blockerbugs - - bodhi2 - - elections - - fedocal - - hyperkitty - - kerneltest - - koschei - - mailman - - mirrormanager2 - - notifications - - pagure - - resultsdb - - tahrir - - testdays - - testdays_resultsdb - - transtats - - waiverdb - - webhook2fedmsg - - zezere -# Should be 0.80 of memory -effective_cache_size: "50GB" -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.41 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# These are normally group variables, but in this case db servers are often different -lvm_size: 1500000 -max_cpu: "{{ num_cpus }}" -max_mem_size: "{{ mem_size * 2 }}" -max_stack_depth: "6MB" -max_worker_processes: 12 -mem_size: 65536 -nagios_Check_Services: - swap: false -nrpe_procs_crit: 900 -# -# db01 handles lots of apps, could have many procs if they are busy. -# -nrpe_procs_warn: 800 -num_cpus: 48 -# Should be 0.25 of memory -shared_buffers: "24GB" -vmhost: vmhost-x86-08.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/db01.phx2.fedoraproject.org b/inventory/host_vars/db01.phx2.fedoraproject.org new file mode 100644 index 0000000000..149ad66fbd --- /dev/null +++ b/inventory/host_vars/db01.phx2.fedoraproject.org @@ -0,0 +1,2 @@ +--- +host_backup_targets: ['/backups'] diff --git a/inventory/host_vars/db01.stg.iad2.fedoraproject.org b/inventory/host_vars/db01.stg.iad2.fedoraproject.org deleted file mode 100644 index 305dc448db..0000000000 --- a/inventory/host_vars/db01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,36 +0,0 @@ ---- -# -# We should narrow this down at some point -# -custom_rules: ['-A INPUT -p tcp -m tcp --dport 5432 -j ACCEPT'] -nft_custom_rules: ['add rule ip filter INPUT tcp dport 5432 counter accept'] -# This is a generic list, monitored by collectd -databases: - - askfedora - - blockerbugs - - bodhi - - elections - - fedocal - - kerneltest - - mailman - - mirrormanager - - notifications - - tahrir -datacenter: iad2 -effective_cache_size: "12GB" -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.32 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# These are normally group variables, but in this case db servers are often different -lvm_size: 500000 -mem_size: 16384 -nrpe_procs_crit: 900 -# -# db01 handles lots of apps, could have many procs if they are busy. -# -nrpe_procs_warn: 800 -num_cpus: 4 -shared_buffers: "4GB" -vmhost: vmhost-x86-09.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/db03.iad2.fedoraproject.org b/inventory/host_vars/db03.iad2.fedoraproject.org deleted file mode 100644 index 701c8bfc26..0000000000 --- a/inventory/host_vars/db03.iad2.fedoraproject.org +++ /dev/null @@ -1,26 +0,0 @@ ---- -# This is a generic list, monitored by collectd -databases: - - mysql - - fpo-mediawiki -datacenter: iad2 -db_backup_dir: ['/backups'] -# This is a more strict list of db to backup to /backups -dbs_to_backup: - - fpo-mediawiki -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.44 -extra_enablerepos: '' -# kernel SHMMAX value -kernel_shmmax: 68719476736 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# These are normally group variables, but in this case db servers are often different -lvm_size: 500000 -mariadb_root_password: "{{ db03_mysql_root_password }}" -mem_size: 16384 -num_cpus: 8 -shared_buffers: "4GB" -tcp_ports: [5432, 443, 3306] -vmhost: vmhost-x86-08.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/db03.stg.iad2.fedoraproject.org b/inventory/host_vars/db03.stg.iad2.fedoraproject.org deleted file mode 100644 index 620760f4fa..0000000000 --- a/inventory/host_vars/db03.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,24 +0,0 @@ ---- -# This is a generic list, monitored by collectd -databases: - - postgres -datacenter: iad2 -db_backup_dir: ['/backups'] -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.35 -extra_enablerepos: '' -# kernel SHMMAX value -kernel_shmmax: 68719476736 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# These are normally group variables, but in this case db servers are often different -lvm_size: 500000 -# This is a more strict list, to be made publicly available -#dbs_to_backup: -mariadb_root_password: "{{ db03_stg_mysql_root_password }}" -mem_size: 16384 -num_cpus: 4 -shared_buffers: "4GB" -tcp_ports: [5432, 443, 3306] -vmhost: vmhost-x86-01.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/debuginfod01.iad2.fedoraproject.org b/inventory/host_vars/debuginfod01.iad2.fedoraproject.org deleted file mode 100644 index ae46af24f8..0000000000 --- a/inventory/host_vars/debuginfod01.iad2.fedoraproject.org +++ /dev/null @@ -1,11 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.109 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -sar_script_user: root -virt_install_command: "{{ virt_install_command_one_nic }}" -vmhost: vmhost-x86-06.iad2.fedoraproject.org -volgroup: /dev/vg_guests -dnf_automatic_type: default diff --git a/inventory/host_vars/debuginfod01.stg.iad2.fedoraproject.org b/inventory/host_vars/debuginfod01.stg.iad2.fedoraproject.org deleted file mode 100644 index 49dcd5e2ab..0000000000 --- a/inventory/host_vars/debuginfod01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,9 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.62 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -vmhost: vmhost-x86-08.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests -dnf_automatic_type: default diff --git a/inventory/host_vars/dedicatedsolutions01.fedoraproject.org b/inventory/host_vars/dedicatedsolutions01.fedoraproject.org deleted file mode 100644 index 8ff0ebd623..0000000000 --- a/inventory/host_vars/dedicatedsolutions01.fedoraproject.org +++ /dev/null @@ -1,44 +0,0 @@ ---- -br0_ipv4: 67.219.144.66 -br0_ipv4_gw: 67.219.144.65 -br0_ipv4_nm: 29 -br0_ipv6: "2604:1580:fe00:0:dead:beef:cafe:fe01" -br0_ipv6_gw: "2604:1580:fe00::1" -br0_ipv6_nm: 64 -br0_port0_mac: "{{ mac1 }}" -datacenter: dedicatedsolutions -dns1: 8.8.8.8 -dns2: 8.8.4.4 -dns_search1: "vpn.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -has_ipv6: yes -mac1: d8:d3:85:b8:d9:00 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - gateway6: "{{ br0_ipv6_gw }}" - name: br0 - state: up - type: bridge - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -postfix_group: vpn -virthost: true -vpn: true diff --git a/inventory/host_vars/dhcp01.phx2.fedoraproject.org b/inventory/host_vars/dhcp01.phx2.fedoraproject.org new file mode 100644 index 0000000000..f5a239b677 --- /dev/null +++ b/inventory/host_vars/dhcp01.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_bvirthost09 +vmhost: bvirthost09.phx2.fedoraproject.org +datacenter: phx2 + +eth0_ip: 10.5.125.43 diff --git a/inventory/host_vars/dl01.iad2.fedoraproject.org b/inventory/host_vars/dl01.iad2.fedoraproject.org deleted file mode 100644 index e5e163448e..0000000000 --- a/inventory/host_vars/dl01.iad2.fedoraproject.org +++ /dev/null @@ -1,18 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.49 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -lvm_size: 20000 -max_mem_size: 20480 -mem_size: 16384 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -public_hostname: dl-iad01.fedoraproject.org -tcp_ports: [80, 443, 873] -virt_install_command: "{{ virt_install_command_one_nic }}" -vmhost: vmhost-x86-03.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/dl02.iad2.fedoraproject.org b/inventory/host_vars/dl02.iad2.fedoraproject.org deleted file mode 100644 index 9cc1f327b5..0000000000 --- a/inventory/host_vars/dl02.iad2.fedoraproject.org +++ /dev/null @@ -1,19 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.50 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -lvm_size: 20000 -main_bridge: br0 -max_mem_size: 20480 -mem_size: 16384 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -public_hostname: dl-iad01.fedoraproject.org -tcp_ports: [80, 443, 873] -virt_install_command: "{{ virt_install_command_one_nic }}" -vmhost: vmhost-x86-04.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/dl03.iad2.fedoraproject.org b/inventory/host_vars/dl03.iad2.fedoraproject.org deleted file mode 100644 index fc8e647225..0000000000 --- a/inventory/host_vars/dl03.iad2.fedoraproject.org +++ /dev/null @@ -1,19 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.51 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -lvm_size: 20000 -main_bridge: br0 -max_mem_size: 20480 -mem_size: 16384 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -public_hostname: dl-iad01.fedoraproject.org -tcp_ports: [80, 443, 873] -virt_install_command: "{{ virt_install_command_one_nic }}" -vmhost: vmhost-x86-05.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/dl04.iad2.fedoraproject.org b/inventory/host_vars/dl04.iad2.fedoraproject.org deleted file mode 100644 index 70195402a3..0000000000 --- a/inventory/host_vars/dl04.iad2.fedoraproject.org +++ /dev/null @@ -1,19 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.85 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -lvm_size: 20000 -main_bridge: br0 -max_mem_size: 20480 -mem_size: 16384 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -public_hostname: dl-iad01.fedoraproject.org -tcp_ports: [80, 443, 873] -virt_install_command: "{{ virt_install_command_one_nic }}" -vmhost: vmhost-x86-06.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/dl05.iad2.fedoraproject.org b/inventory/host_vars/dl05.iad2.fedoraproject.org deleted file mode 100644 index eb7e51a6e8..0000000000 --- a/inventory/host_vars/dl05.iad2.fedoraproject.org +++ /dev/null @@ -1,17 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.84 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -lvm_size: 20000 -main_bridge: br0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -public_hostname: dl-iad01.fedoraproject.org -tcp_ports: [80, 443, 873] -virt_install_command: "{{ virt_install_command_one_nic }}" -vmhost: vmhost-x86-01.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/docs-backend01.phx2.fedoraproject.org b/inventory/host_vars/docs-backend01.phx2.fedoraproject.org new file mode 100644 index 0000000000..1141381d86 --- /dev/null +++ b/inventory/host_vars/docs-backend01.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests00 +eth0_ip: 10.5.126.45 +vmhost: virthost14.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/download-cc-rdu01.fedoraproject.org b/inventory/host_vars/download-cc-rdu01.fedoraproject.org deleted file mode 100644 index 0364c37ca1..0000000000 --- a/inventory/host_vars/download-cc-rdu01.fedoraproject.org +++ /dev/null @@ -1,47 +0,0 @@ ---- -datacenter: rdu-cc -dns1: 8.8.8.8 -dns2: 8.8.4.4 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -eth0_ipv4_gw: 8.43.85.254 -eth0_ipv4_ip: 8.43.85.72 -eth0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -eth0_ipv6_ip: "2620:52:3:1:dead:beef:cafe:fed1" -eth0_ipv6_nm: 64 -eth0_nm: 255.255.255.0 -has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -lvm_size: 50000 -mac_address: "52:54:00:30:a6:43" -max_mem_size: 49152 -mem_size: 32768 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ mac_address }}" - name: eth0 - type: ethernet -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -postfix_group: vpn -public_hostname: download-cc-rdu01.fedoraproject.org -rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}" -tcp_ports: [80, 443, 873] -vmhost: vmhost-x86-cc03.rdu-cc.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/download-ib01.fedoraproject.org b/inventory/host_vars/download-ib01.fedoraproject.org deleted file mode 100644 index 2295d9cb1e..0000000000 --- a/inventory/host_vars/download-ib01.fedoraproject.org +++ /dev/null @@ -1,47 +0,0 @@ ---- -datacenter: ibiblio -dns1: 152.2.21.1 -dns2: 152.2.253.100 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -eth0_ipv4_ip: 152.19.134.145 -eth0_ipv4_gw: 152.19.134.129 -eth0_ipv4_nm: 25 -eth0_ipv6_ip: "2600:2701:4000:5211:dead:beef:00fe:fed6" -eth0_ipv6_gw: "2600:2701:4000:5211::1" -eth0_ipv6_nm: 104 -has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -lvm_size: 150000 -max_mem_size: 49152 -mem_size: 32768 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - - 2001:4860:4860::8888 - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -postfix_group: vpn -public_hostname: download-ib01.fedoraproject.org -rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}" -tcp_ports: [80, 443, 873] -vmhost: ibiblio02.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/download-ib02.fedoraproject.org b/inventory/host_vars/download-ib02.fedoraproject.org new file mode 100644 index 0000000000..a6b6d5aa42 --- /dev/null +++ b/inventory/host_vars/download-ib02.fedoraproject.org @@ -0,0 +1,28 @@ +--- +nm: 255.255.255.128 +gw: 152.19.134.129 +dns: 8.8.8.8 +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_ibiblio04 +eth0_ip: 152.19.134.195 +vmhost: ibiblio04.fedoraproject.org +datacenter: ibiblio +postfix_group: vpn + +tcp_ports: [80, 443, 873] +rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}" +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 20000 +mem_size: 8192 +num_cpus: 4 + +virt_install_command: /usr/sbin/virt-install -n {{ inventory_hostname }} -r {{ mem_size }} + --disk {{ volgroup }}/{{ inventory_hostname }} + --vcpus={{ num_cpus }} -l {{ ks_repo }} -x + "ksdevice=eth0 ks={{ ks_url }} ip={{ eth0_ip }} netmask={{ nm }} + gateway={{ gw }} dns={{ dns }} console=tty0 console=ttyS0 + hostname={{ inventory_hostname }}" + --network=bridge=br0 --autostart --noautoconsole diff --git a/inventory/host_vars/el9-test.fedorainfracloud.org b/inventory/host_vars/el9-test.fedorainfracloud.org deleted file mode 100644 index 27f27e21d5..0000000000 --- a/inventory/host_vars/el9-test.fedorainfracloud.org +++ /dev/null @@ -1,3 +0,0 @@ -datacenter: aws -inventory_hostname: "el9-test.fedorainfracloud.org" -baseiptables: False diff --git a/inventory/host_vars/elections01.phx2.fedoraproject.org b/inventory/host_vars/elections01.phx2.fedoraproject.org new file mode 100644 index 0000000000..ba22a47a9c --- /dev/null +++ b/inventory/host_vars/elections01.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests00 +eth0_ip: 10.5.126.107 +vmhost: virthost07.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/elections01.stg.phx2.fedoraproject.org b/inventory/host_vars/elections01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..783d242319 --- /dev/null +++ b/inventory/host_vars/elections01.stg.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.105 +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/elections02.phx2.fedoraproject.org b/inventory/host_vars/elections02.phx2.fedoraproject.org new file mode 100644 index 0000000000..990903bdb6 --- /dev/null +++ b/inventory/host_vars/elections02.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests00 +eth0_ip: 10.5.126.108 +vmhost: virthost14.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/f40-test.fedorainfracloud.org b/inventory/host_vars/f40-test.fedorainfracloud.org deleted file mode 100644 index 017148ac49..0000000000 --- a/inventory/host_vars/f40-test.fedorainfracloud.org +++ /dev/null @@ -1,2 +0,0 @@ -datacenter: aws -inventory_hostname: "f40-test.fedorainfracloud.org" diff --git a/inventory/host_vars/f41-test.fedorainfracloud.org b/inventory/host_vars/f41-test.fedorainfracloud.org deleted file mode 100644 index cafa287d01..0000000000 --- a/inventory/host_vars/f41-test.fedorainfracloud.org +++ /dev/null @@ -1,2 +0,0 @@ -datacenter: aws -inventory_hostname: "f41-test.fedorainfracloud.org" diff --git a/inventory/host_vars/f42-test.fedorainfracloud.org b/inventory/host_vars/f42-test.fedorainfracloud.org deleted file mode 100644 index 4bf302a411..0000000000 --- a/inventory/host_vars/f42-test.fedorainfracloud.org +++ /dev/null @@ -1,2 +0,0 @@ -datacenter: aws -inventory_hostname: "f42-test.fedorainfracloud.org" diff --git a/inventory/host_vars/fakefas01.fedoraproject.org b/inventory/host_vars/fakefas01.fedoraproject.org new file mode 100644 index 0000000000..3d8f2c30da --- /dev/null +++ b/inventory/host_vars/fakefas01.fedoraproject.org @@ -0,0 +1,2 @@ +--- +freezes: false diff --git a/inventory/host_vars/fedimg01.phx2.fedoraproject.org b/inventory/host_vars/fedimg01.phx2.fedoraproject.org new file mode 100644 index 0000000000..0f81807a18 --- /dev/null +++ b/inventory/host_vars/fedimg01.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +datacenter: phx2 + +vmhost: virthost14.phx2.fedoraproject.org +volgroup: /dev/vg_guests00 + +eth0_ip: 10.5.126.10 diff --git a/inventory/host_vars/fedimg01.stg.phx2.fedoraproject.org b/inventory/host_vars/fedimg01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..59b1d9d2ec --- /dev/null +++ b/inventory/host_vars/fedimg01.stg.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +datacenter: phx2 + +volgroup: /dev/vg_guests +vmhost: virthost12.phx2.fedoraproject.org + +eth0_ip: 10.5.126.9 diff --git a/inventory/host_vars/fedoauth01.phx2.fedoraproject.org b/inventory/host_vars/fedoauth01.phx2.fedoraproject.org new file mode 100644 index 0000000000..591d045bf3 --- /dev/null +++ b/inventory/host_vars/fedoauth01.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests00 +eth0_ip: 10.5.126.240 +vmhost: virthost07.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/fedoauth01.stg.phx2.fedoraproject.org b/inventory/host_vars/fedoauth01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..6a91e2973c --- /dev/null +++ b/inventory/host_vars/fedoauth01.stg.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.28 +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/fedoauth02.phx2.fedoraproject.org b/inventory/host_vars/fedoauth02.phx2.fedoraproject.org new file mode 100644 index 0000000000..3a8cc1d508 --- /dev/null +++ b/inventory/host_vars/fedoauth02.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.241 +vmhost: virthost09.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/fedocal01.phx2.fedoraproject.org b/inventory/host_vars/fedocal01.phx2.fedoraproject.org new file mode 100644 index 0000000000..9e512d0879 --- /dev/null +++ b/inventory/host_vars/fedocal01.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.55 +vmhost: virthost09.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/fedocal01.stg.phx2.fedoraproject.org b/inventory/host_vars/fedocal01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..0f4f847588 --- /dev/null +++ b/inventory/host_vars/fedocal01.stg.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.66 +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/fedocal02.phx2.fedoraproject.org b/inventory/host_vars/fedocal02.phx2.fedoraproject.org new file mode 100644 index 0000000000..2527e1935b --- /dev/null +++ b/inventory/host_vars/fedocal02.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests00 +eth0_ip: 10.5.126.56 +vmhost: virthost14.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/flatpak-cache01.iad2.fedoraproject.org b/inventory/host_vars/flatpak-cache01.iad2.fedoraproject.org deleted file mode 100644 index 5216bddb57..0000000000 --- a/inventory/host_vars/flatpak-cache01.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_ip: 10.3.174.70 -eth0_ipv4_gw: 10.3.174.254 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: qvmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests \ No newline at end of file diff --git a/inventory/host_vars/gallery01.stg.phx2.fedoraproject.org b/inventory/host_vars/gallery01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..5fdc82c64f --- /dev/null +++ b/inventory/host_vars/gallery01.stg.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.70 +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/github2fedmsg01.iad2.fedoraproject.org b/inventory/host_vars/github2fedmsg01.iad2.fedoraproject.org deleted file mode 100644 index 91c4e7d61c..0000000000 --- a/inventory/host_vars/github2fedmsg01.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.53 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-iad2 -vmhost: vmhost-x86-03.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/github2fedmsg01.phx2.fedoraproject.org b/inventory/host_vars/github2fedmsg01.phx2.fedoraproject.org new file mode 100644 index 0000000000..14661e1e39 --- /dev/null +++ b/inventory/host_vars/github2fedmsg01.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests00 +vmhost: virthost14.phx2.fedoraproject.org +datacenter: phx2 + +eth0_ip: 10.5.126.195 diff --git a/inventory/host_vars/github2fedmsg01.stg.phx2.fedoraproject.org b/inventory/host_vars/github2fedmsg01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..d6a60c0d36 --- /dev/null +++ b/inventory/host_vars/github2fedmsg01.stg.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_virthost16 +vmhost: virthost16.phx2.fedoraproject.org +datacenter: phx2 + +eth0_ip: 10.5.126.167 diff --git a/inventory/host_vars/hosted-lists01.fedoraproject.org b/inventory/host_vars/hosted-lists01.fedoraproject.org new file mode 100644 index 0000000000..0c147cba11 --- /dev/null +++ b/inventory/host_vars/hosted-lists01.fedoraproject.org @@ -0,0 +1,3 @@ +--- +freezes: false +datacenter: internetx diff --git a/inventory/host_vars/hosted-lists01.vpn.fedoraproject.org b/inventory/host_vars/hosted-lists01.vpn.fedoraproject.org new file mode 100644 index 0000000000..fbc0826155 --- /dev/null +++ b/inventory/host_vars/hosted-lists01.vpn.fedoraproject.org @@ -0,0 +1,2 @@ +--- +host_backup_targets: ['/srv'] diff --git a/inventory/host_vars/hosted04.vpn.fedoraproject.org b/inventory/host_vars/hosted04.vpn.fedoraproject.org new file mode 100644 index 0000000000..fbc0826155 --- /dev/null +++ b/inventory/host_vars/hosted04.vpn.fedoraproject.org @@ -0,0 +1,2 @@ +--- +host_backup_targets: ['/srv'] diff --git a/inventory/host_vars/hrf.cloud.fedoraproject.org b/inventory/host_vars/hrf.cloud.fedoraproject.org new file mode 100644 index 0000000000..a76c48354f --- /dev/null +++ b/inventory/host_vars/hrf.cloud.fedoraproject.org @@ -0,0 +1,10 @@ +--- +instance_type: m1.small +image: "{{ el6_qcow_id }}" +keypair: fedora-admin-20130801 +security_group: webserver +zone: nova +hostbase: hrf- +public_ip: 209.132.184.156 +root_auth_users: codeblock +description: "hrf instance (https://github.com/fedora-infra/hrf)" diff --git a/inventory/host_vars/ibiblio02.fedoraproject.org b/inventory/host_vars/ibiblio02.fedoraproject.org deleted file mode 100644 index 6c61b6e9af..0000000000 --- a/inventory/host_vars/ibiblio02.fedoraproject.org +++ /dev/null @@ -1,46 +0,0 @@ ---- -br0_ipv4: 152.19.134.169 -br0_ipv4_gw: 152.19.134.129 -br0_ipv4_nm: 25 -br0_ipv6: 2610:28:3090:3001:dead:beef:cafe:fe02 -br0_ipv6_gw: 2600:2701:4000:5211::1 -br0_ipv6_nm: 104 -br0_port0_mac: '{{ mac0 }}' -datacenter: ibiblio -dns1: 152.2.21.1 -dns2: 8.8.8.8 -dns_search1: fedoraproject.org -dns_search2: vpn.fedoraproject.org -has_ipv4: true -has_ipv6: true -mac0: 6c:fe:54:5d:ff:7c -network_connections: - - autoconnect: true - name: br0 - state: up - type: bridge - mtu: 9000 - ip: - address: - - '{{ br0_ipv4 }}/{{ br0_ipv4_nm }}' - - '{{ br0_ipv6 }}/{{ br0_ipv6_nm }}' - dhcp4: false - dns: - - '{{ dns1 }}' - dns_search: - - '{{ dns_search1 }}' - - '{{ dns_search2 }}' - gateway4: '{{ br0_ipv4_gw }}' - gateway6: '{{ br0_ipv6_gw }}' - - name: br0-port0 - autoconnect: true - mac: "{{ br0_port0_mac }}" - master: br0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 1300 -nrpe_procs_warn: 1250 -postfix_group: vpn -vpn: true -notes: "vhost at ibiblio" diff --git a/inventory/host_vars/ibiblio04.fedoraproject.org b/inventory/host_vars/ibiblio04.fedoraproject.org new file mode 100644 index 0000000000..c81416a178 --- /dev/null +++ b/inventory/host_vars/ibiblio04.fedoraproject.org @@ -0,0 +1,7 @@ +--- +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 +datacenter: ibiblio +nm: 255.255.255.128 +gw: 152.19.134.129 +dns: 152.2.21.1 diff --git a/inventory/host_vars/ibiblio05.fedoraproject.org b/inventory/host_vars/ibiblio05.fedoraproject.org deleted file mode 100644 index d5970b0e7f..0000000000 --- a/inventory/host_vars/ibiblio05.fedoraproject.org +++ /dev/null @@ -1,41 +0,0 @@ ---- -br0_ipv4: 152.19.134.137 -br0_ipv4_gw: 152.19.134.129 -br0_ipv4_nm: 25 -br0_ipv6: 2600:2701:4000:5211:dead:beef:00fe:fe05 -br0_ipv6_gw: 2600:2701:4000:5211::1 -br0_ipv6_nm: 104 -br0_port0_mac: '{{ mac0 }}' -datacenter: ibiblio -dns1: 152.2.21.1 -dns_search1: fedoraproject.org -dns_search2: vpn.fedoraproject.org -has_ipv4: true -has_ipv6: true -mac0: ec:f4:bb:e1:58:22 -network_connections: - - autoconnect: true - ip: - address: - - '{{ br0_ipv4 }}/{{ br0_ipv4_nm }}' - - '{{ br0_ipv6 }}/{{ br0_ipv6_nm }}' - dhcp4: false - dns: - - '{{ dns1 }}' - dns_search: - - '{{ dns_search1 }}' - - '{{ dns_search2 }}' - gateway4: '{{ br0_ipv4_gw }}' - gateway6: '{{ br0_ipv6_gw }}' - name: br0 - state: up - type: bridge - - mac: '{{ br0_port0_mac }}' - master: br0 - name: br0-port0 - state: up - type: ethernet -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -postfix_group: vpn -vpn: true diff --git a/inventory/host_vars/internetx02.fedoraproject.org b/inventory/host_vars/internetx02.fedoraproject.org deleted file mode 100644 index 5200348f61..0000000000 --- a/inventory/host_vars/internetx02.fedoraproject.org +++ /dev/null @@ -1,42 +0,0 @@ ---- -br0_ipv4: 85.236.55.5 -br0_ipv4_gw: 85.236.55.1 -br0_ipv4_nm: 28 -br0_ipv6: 2001:4178:2:1269::15 -br0_ipv6_gw: 2001:4178:2:1269::1 -br0_ipv6_nm: 64 -br0_port0_mac: '{{ mac0 }}' -datacenter: internetx -dns1: 8.8.8.8 -dns_search1: fedoraproject.org -dns_search2: vpn.fedoraproject.org -has_ipv4: true -has_ipv6: true -mac0: 50:9a:4c:6d:b0:9a -network_connections: - - autoconnect: true - ip: - address: - - '{{ br0_ipv4 }}/{{ br0_ipv4_nm }}' - - '{{ br0_ipv6 }}/{{ br0_ipv6_nm }}' - dhcp4: false - dns: - - '{{ dns1 }}' - dns_search: - - '{{ dns_search1 }}' - - '{{ dns_search2 }}' - gateway4: '{{ br0_ipv4_gw }}' - gateway6: '{{ br0_ipv6_gw }}' - name: br0 - state: up - type: bridge - - mac: '{{ br0_port0_mac }}' - master: br0 - name: br0-port0 - state: up - type: ethernet -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -postfix_group: vpn -virthost: true -vpn: true diff --git a/inventory/host_vars/ipa01.iad2.fedoraproject.org b/inventory/host_vars/ipa01.iad2.fedoraproject.org deleted file mode 100644 index dbd6f4aa1f..0000000000 --- a/inventory/host_vars/ipa01.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.54 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/ipa01.stg.iad2.fedoraproject.org b/inventory/host_vars/ipa01.stg.iad2.fedoraproject.org deleted file mode 100644 index d63b8f7af6..0000000000 --- a/inventory/host_vars/ipa01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,10 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.21 -## REMEMBER ONLY SET THIS TO TRUE WHEN WIPING SYSTEM TO MINIMUM -ipa_initial: false -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-11.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/ipa01.stg.rdu3.fedoraproject.org b/inventory/host_vars/ipa01.stg.rdu3.fedoraproject.org deleted file mode 100644 index 8be7626880..0000000000 --- a/inventory/host_vars/ipa01.stg.rdu3.fedoraproject.org +++ /dev/null @@ -1,10 +0,0 @@ ---- -datacenter: rdu3 -eth0_ipv4_gw: 10.16.166.254 -eth0_ipv4_ip: 10.16.166.21 -## REMEMBER ONLY SET THIS TO TRUE WHEN WIPING SYSTEM TO MINIMUM -ipa_initial: false -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-01.stg.rdu3.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/ipa02.iad2.fedoraproject.org b/inventory/host_vars/ipa02.iad2.fedoraproject.org deleted file mode 100644 index 5ce367ec13..0000000000 --- a/inventory/host_vars/ipa02.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.55 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-03.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/ipa02.stg.iad2.fedoraproject.org b/inventory/host_vars/ipa02.stg.iad2.fedoraproject.org deleted file mode 100644 index 5b678b0c89..0000000000 --- a/inventory/host_vars/ipa02.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.63 -## REMEMBER ONLY SET THIS TO TRUE WHEN WIPING SYSTEM TO MINIMUM -ipa_initial: false -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-02.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests - -# see group_vars/zabbix_stg for details -zabbix_macros: - VFS.DEV.READ.AWAIT.WARN: 30 - VFS.DEV.WRITE.AWAIT.WARN: 30 diff --git a/inventory/host_vars/ipa02.stg.rdu3.fedoraproject.org b/inventory/host_vars/ipa02.stg.rdu3.fedoraproject.org deleted file mode 100644 index fe1627cd9e..0000000000 --- a/inventory/host_vars/ipa02.stg.rdu3.fedoraproject.org +++ /dev/null @@ -1,10 +0,0 @@ ---- -datacenter: rdu3 -eth0_ipv4_gw: 10.16.166.254 -eth0_ipv4_ip: 10.16.166.63 -## REMEMBER ONLY SET THIS TO TRUE WHEN WIPING SYSTEM TO MINIMUM -ipa_initial: false -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-01.stg.rdu3.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/ipa03.iad2.fedoraproject.org b/inventory/host_vars/ipa03.iad2.fedoraproject.org deleted file mode 100644 index c5beb6b8aa..0000000000 --- a/inventory/host_vars/ipa03.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.104 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-06.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/ipa03.stg.iad2.fedoraproject.org b/inventory/host_vars/ipa03.stg.iad2.fedoraproject.org deleted file mode 100644 index ad4e0ac293..0000000000 --- a/inventory/host_vars/ipa03.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.68 -## REMEMBER ONLY SET THIS TO TRUE WHEN WIPING SYSTEM TO MINIMUM -ipa_initial: false -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-02.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests - -# see group_vars/zabbix_stg for details -zabbix_macros: - VFS.DEV.READ.AWAIT.WARN: 30 - VFS.DEV.WRITE.AWAIT.WARN: 30 diff --git a/inventory/host_vars/ipa03.stg.rdu3.fedoraproject.org b/inventory/host_vars/ipa03.stg.rdu3.fedoraproject.org deleted file mode 100644 index 9d4817400f..0000000000 --- a/inventory/host_vars/ipa03.stg.rdu3.fedoraproject.org +++ /dev/null @@ -1,10 +0,0 @@ ---- -datacenter: rdu3 -eth0_ipv4_gw: 10.16.166.254 -eth0_ipv4_ip: 10.16.166.68 -## REMEMBER ONLY SET THIS TO TRUE WHEN WIPING SYSTEM TO MINIMUM -ipa_initial: false -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-01.stg.rdu3.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/ipsilon01.iad2.fedoraproject.org b/inventory/host_vars/ipsilon01.iad2.fedoraproject.org deleted file mode 100644 index 07217d66e4..0000000000 --- a/inventory/host_vars/ipsilon01.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.105 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -vmhost: vmhost-x86-04.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/ipsilon01.stg.iad2.fedoraproject.org b/inventory/host_vars/ipsilon01.stg.iad2.fedoraproject.org deleted file mode 100644 index b262291b0c..0000000000 --- a/inventory/host_vars/ipsilon01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.30 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -vmhost: vmhost-x86-11.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/ipsilon02.iad2.fedoraproject.org b/inventory/host_vars/ipsilon02.iad2.fedoraproject.org deleted file mode 100644 index 632e7fae2c..0000000000 --- a/inventory/host_vars/ipsilon02.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.106 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -vmhost: vmhost-x86-06.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/jenkins.cloud.fedoraproject.org b/inventory/host_vars/jenkins.cloud.fedoraproject.org new file mode 100644 index 0000000000..df29f7da60 --- /dev/null +++ b/inventory/host_vars/jenkins.cloud.fedoraproject.org @@ -0,0 +1,11 @@ +--- +instance_type: m1.small +image: "{{ el6_qcow_id }}" +hkeypair: fedora-admin-20130801 +security_group: jenkins +zone: nova +hostbase: jenkins-master- +public_ip: 209.132.184.153 +root_auth_users: pingou +description: jenkins cloud master +volumes: ['-d /dev/vdb vol-00000011', '-d /dev/vdc vol-0000002b'] diff --git a/inventory/host_vars/kernel01.iad2.fedoraproject.org b/inventory/host_vars/kernel01.iad2.fedoraproject.org deleted file mode 100644 index c4bac059f5..0000000000 --- a/inventory/host_vars/kernel01.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -dns: 10.3.163.33 -eth0_ip: 10.3.174.129 -gw: 10.3.174.254 -nm: 255.255.255.0 -resolvconf: "resolv.conf/iad2" diff --git a/inventory/host_vars/kernel02.iad2.fedoraproject.org b/inventory/host_vars/kernel02.iad2.fedoraproject.org deleted file mode 100644 index 655277e39c..0000000000 --- a/inventory/host_vars/kernel02.iad2.fedoraproject.org +++ /dev/null @@ -1,7 +0,0 @@ ---- -datacenter: iad2 -dns: 10.3.163.33 -eth0_ipv4_ip: 10.3.174.130 -eth0_ipv4_gw: 10.3.174.254 -eth0_ipv4_nm: 24 -resolvconf: "resolv.conf/iad2" diff --git a/inventory/host_vars/kerneltest01.phx2.fedoraproject.org b/inventory/host_vars/kerneltest01.phx2.fedoraproject.org new file mode 100644 index 0000000000..cc2a215967 --- /dev/null +++ b/inventory/host_vars/kerneltest01.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost +vmhost: virthost17.phx2.fedoraproject.org +datacenter: phx2 + +eth0_ip: 10.5.126.136 diff --git a/inventory/host_vars/kerneltest01.stg.phx2.fedoraproject.org b/inventory/host_vars/kerneltest01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..6ddd8e7474 --- /dev/null +++ b/inventory/host_vars/kerneltest01.stg.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost16 +vmhost: virthost16.phx2.fedoraproject.org +datacenter: phx2 + +eth0_ip: 10.5.126.77 diff --git a/inventory/host_vars/keys01.fedoraproject.org b/inventory/host_vars/keys01.fedoraproject.org new file mode 100644 index 0000000000..4b08a8b2f1 --- /dev/null +++ b/inventory/host_vars/keys01.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.240 +gw: 80.239.156.209 +dns: 213.248.76.210 +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/VolGroup00 +eth0_ip: 80.239.156.219 +vmhost: telia01.fedoraproject.org +datacenter: telia diff --git a/inventory/host_vars/keys02.fedoraproject.org b/inventory/host_vars/keys02.fedoraproject.org new file mode 100644 index 0000000000..c030c0c28b --- /dev/null +++ b/inventory/host_vars/keys02.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.128 +gw: 140.211.169.193 +dns: 140.211.166.130 +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 140.211.169.202 +vmhost: osuosl03.fedoraproject.org +datacenter: osuosl diff --git a/inventory/host_vars/koji01.iad2.fedoraproject.org b/inventory/host_vars/koji01.iad2.fedoraproject.org deleted file mode 100644 index 72a8ed2fbd..0000000000 --- a/inventory/host_vars/koji01.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.104 -koji_instance: primary -koji_server_url: "https://koji.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.fedoraproject.org/" -koji_weburl: "https://koji.fedoraproject.org/koji" -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -virt_install_command: "{{ virt_install_command_one_nic }}" -vmhost: bvmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/koji01.stg.iad2.fedoraproject.org b/inventory/host_vars/koji01.stg.iad2.fedoraproject.org deleted file mode 100644 index 8ea341b38e..0000000000 --- a/inventory/host_vars/koji01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.167.254 -eth0_ipv4_ip: 10.3.167.64 -koji_instance: primary -koji_server_url: "https://koji.stg.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.stg.fedoraproject.org/" -koji_weburl: "https://koji.stg.fedoraproject.org/koji" -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 1.5t -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -vmhost: bvmhost-x86-01.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/koji01.stg.phx2.fedoraproject.org b/inventory/host_vars/koji01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..1f9693e872 --- /dev/null +++ b/inventory/host_vars/koji01.stg.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.87 +vmhost: virthost10.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/koji02.iad2.fedoraproject.org b/inventory/host_vars/koji02.iad2.fedoraproject.org deleted file mode 100644 index a0f572b4a5..0000000000 --- a/inventory/host_vars/koji02.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.105 -koji_instance: primary -koji_server_url: "https://koji.fedoraproject.org/kojihub" -koji_topurl: "https://kojipkgs.fedoraproject.org/" -koji_weburl: "https://koji.fedoraproject.org/koji" -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -virt_install_command: "{{ virt_install_command_one_nic }}" -vmhost: bvmhost-x86-03.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/kojipkgs01.iad2.fedoraproject.org b/inventory/host_vars/kojipkgs01.iad2.fedoraproject.org deleted file mode 100644 index d647cf2feb..0000000000 --- a/inventory/host_vars/kojipkgs01.iad2.fedoraproject.org +++ /dev/null @@ -1,11 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.106 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -virt_install_command: "{{ virt_install_command_one_nic }}" -vmhost: bvmhost-x86-04.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/kojipkgs02.iad2.fedoraproject.org b/inventory/host_vars/kojipkgs02.iad2.fedoraproject.org deleted file mode 100644 index 1db6b1751e..0000000000 --- a/inventory/host_vars/kojipkgs02.iad2.fedoraproject.org +++ /dev/null @@ -1,11 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.107 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -virt_install_command: "{{ virt_install_command_one_nic }}" -vmhost: bvmhost-x86-05.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/koschei.cloud.fedoraproject.org b/inventory/host_vars/koschei.cloud.fedoraproject.org new file mode 100644 index 0000000000..75447eb56a --- /dev/null +++ b/inventory/host_vars/koschei.cloud.fedoraproject.org @@ -0,0 +1,11 @@ +instance_type: m1.small +image: ami-00000042 +keypair: fedora-admin-20130801 +security_group: webserver +zone: fedoracloud +hostbase: koschei +public_ip: 209.132.184.151 +# users/groups who should have root ssh access +root_auth_users: mizdebsk msimacek +description: Koschei - ticket 4449 +volumes: ['-d /dev/vdb vol-0000002c'] diff --git a/inventory/host_vars/lists-dev.cloud.fedoraproject.org b/inventory/host_vars/lists-dev.cloud.fedoraproject.org new file mode 100644 index 0000000000..bea082d83a --- /dev/null +++ b/inventory/host_vars/lists-dev.cloud.fedoraproject.org @@ -0,0 +1,11 @@ +--- +instance_type: m1.large +image: "{{ f19_qcow_id }}" +keypair: fedora-admin-20130801 +security_group: smtpserver +zone: nova +hostbase: lists-dev- +public_ip: 209.132.184.145 +root_auth_users: abompard +description: lists-dev instance to further test hyperkitty and mailman3 +volumes: ['-d /dev/vdb vol-0000000c'] diff --git a/inventory/host_vars/lockbox-comm01.qa.fedoraproject.org b/inventory/host_vars/lockbox-comm01.qa.fedoraproject.org new file mode 100644 index 0000000000..218eeb0d5d --- /dev/null +++ b/inventory/host_vars/lockbox-comm01.qa.fedoraproject.org @@ -0,0 +1,15 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.124.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/Guests00 +eth0_ip: 10.5.124.210 +vmhost: virthost-comm01.qa.fedoraproject.org +datacenter: phx2 +gitrepos: + - {name: private, path: 'local'} +ansible_base: /srv/ansible/ + +tcp_ports: [ 80 ] diff --git a/inventory/host_vars/lockbox01.phx2.fedoraproject.org b/inventory/host_vars/lockbox01.phx2.fedoraproject.org new file mode 100644 index 0000000000..7a27ef001a --- /dev/null +++ b/inventory/host_vars/lockbox01.phx2.fedoraproject.org @@ -0,0 +1,2 @@ +--- +host_backup_targets: ['/git', '/mnt/fedora/app/attachments'] diff --git a/inventory/host_vars/log01.iad2.fedoraproject.org b/inventory/host_vars/log01.iad2.fedoraproject.org deleted file mode 100644 index d9fce8e2b0..0000000000 --- a/inventory/host_vars/log01.iad2.fedoraproject.org +++ /dev/null @@ -1,18 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.39 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL8-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-8-ext -lvm_size: 1048576 -mem_size: 16384 -#host_backup_targets: ['/var/log'] -nagios_Check_Services: - swap: false -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 16 -tcp_ports: [80, 443, 514, 6514] -udp_ports: [514, 25826] -vmhost: vmhost-x86-03.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/log01.phx2.fedoraproject.org b/inventory/host_vars/log01.phx2.fedoraproject.org new file mode 100644 index 0000000000..3e00341209 --- /dev/null +++ b/inventory/host_vars/log01.phx2.fedoraproject.org @@ -0,0 +1,22 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost +eth0_ip: 10.5.126.13 +vmhost: virthost18.phx2.fedoraproject.org +datacenter: phx2 + +tcp_ports: [ 80, 443, 514, 6514 ] +udp_ports: [ 514, 25826 ] +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 32768 +mem_size: 16384 +num_cpus: 16 + +host_backup_targets: ['/var/log'] diff --git a/inventory/host_vars/log01.rdu3.fedoraproject.org b/inventory/host_vars/log01.rdu3.fedoraproject.org deleted file mode 100644 index dcbc6997ed..0000000000 --- a/inventory/host_vars/log01.rdu3.fedoraproject.org +++ /dev/null @@ -1,23 +0,0 @@ ---- -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "vpn.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ipv4_gw: 10.16.163.254 -eth0_ipv4_ip: 10.16.163.39 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -lvm_size: 1536000 -mem_size: 16384 -#host_backup_targets: ['/var/log'] -nagios_Check_Services: - swap: false -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 16 -tcp_ports: [80, 443, 514, 6514] -udp_ports: [514, 25826] -vmhost: vmhost-x86-03.rdu3.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/logdetective01.fedorainfracloud.org b/inventory/host_vars/logdetective01.fedorainfracloud.org deleted file mode 100644 index 423d8d3b64..0000000000 --- a/inventory/host_vars/logdetective01.fedorainfracloud.org +++ /dev/null @@ -1,24 +0,0 @@ ---- -ansible_ssh_user: fedora -ansible_python_interpreter: /usr/bin/python3 -csi_primary_contact: "msuchy (mirek), ttomecek" -csi_purpose: Development machine for Logdetective -csi_relationship: | - - Training of models for Logdetective -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should override them with specific info. -# See http://infrastructure.fedoraproject.org/csi/security-policy/ -csi_security_category: Low -description: Machine for developers of Logdetective - -drive_device: 38e6c8c2-5747-47bf-b3d2-9f0dea371edc - -datacenter: aws -devel: false -root_auth_users: msuchy frostyx praiskup nikromen ttomecek jpodivin sgallagh mmassari - -nrpe_client_uid: 500 - -tcp_ports: [ - 22, 80, 443, -] diff --git a/inventory/host_vars/logdetective02.fedorainfracloud.org b/inventory/host_vars/logdetective02.fedorainfracloud.org deleted file mode 100644 index a699f66c63..0000000000 --- a/inventory/host_vars/logdetective02.fedorainfracloud.org +++ /dev/null @@ -1,29 +0,0 @@ ---- -ansible_ssh_user: fedora -ansible_python_interpreter: /usr/bin/python3 -csi_primary_contact: "msuchy (mirek), ttomecek" -csi_purpose: Development machine for Logdetective 02 - training -csi_relationship: | - - Training of models for Logdetective -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should override them with specific info. -# See http://infrastructure.fedoraproject.org/csi/security-policy/ -csi_security_category: Low -description: Machine for developers of Logdetective - -drive_device: c62e20b2-3388-459f-87ff-aa937d6a9318 - -datacenter: aws -devel: false -root_auth_users: msuchy frostyx praiskup nikromen ttomecek jpodivin sgallagh mmassari - -nagios_Can_Connect: false -nagios_Check_Services: - ping: false - nrpe: false - -nrpe_client_uid: 500 - -tcp_ports: [ - 22, 80, 443, -] diff --git a/inventory/host_vars/mailman01.iad2.fedoraproject.org b/inventory/host_vars/mailman01.iad2.fedoraproject.org deleted file mode 100644 index dd8b6b44de..0000000000 --- a/inventory/host_vars/mailman01.iad2.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.57 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -lvm_size: 1500000 -sar_output_file: mailinglists.json -# GDPR SAR variables -sar_script: /srv/webui/bin/mailman-sar.py -sar_script_user: mailman -vmhost: vmhost-x86-08.iad2.fedoraproject.org -volgroup: /dev/vg_guests -num_cpus: 8 diff --git a/inventory/host_vars/mailman01.phx2.fedoraproject.org b/inventory/host_vars/mailman01.phx2.fedoraproject.org new file mode 100644 index 0000000000..bf386f8b7a --- /dev/null +++ b/inventory/host_vars/mailman01.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost +eth0_ip: 10.5.126.36 +vmhost: virthost17.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/mailman01.stg.iad2.fedoraproject.org b/inventory/host_vars/mailman01.stg.iad2.fedoraproject.org deleted file mode 100644 index d0878cf2f5..0000000000 --- a/inventory/host_vars/mailman01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.40 -external: false -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-09.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests -sar_output_file: mailinglists.json -# GDPR SAR variables -sar_script: /srv/webui/bin/mailman-sar.py -sar_script_user: mailman diff --git a/inventory/host_vars/mailman01.stg.phx2.fedoraproject.org b/inventory/host_vars/mailman01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..3c73954012 --- /dev/null +++ b/inventory/host_vars/mailman01.stg.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-19 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/19/Fedora/x86_64/os/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.58 +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/mailman02.phx2.fedoraproject.org b/inventory/host_vars/mailman02.phx2.fedoraproject.org new file mode 100644 index 0000000000..ac825731b1 --- /dev/null +++ b/inventory/host_vars/mailman02.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost +eth0_ip: 10.5.126.37 +vmhost: virthost18.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/memcached01.phx2.fedoraproject.org b/inventory/host_vars/memcached01.phx2.fedoraproject.org new file mode 100644 index 0000000000..501bbcfe60 --- /dev/null +++ b/inventory/host_vars/memcached01.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost +vmhost: virthost17.phx2.fedoraproject.org +datacenter: phx2 + +eth0_ip: 10.5.126.176 diff --git a/inventory/host_vars/memcached02.iad2.fedoraproject.org b/inventory/host_vars/memcached02.iad2.fedoraproject.org deleted file mode 100644 index 73573360e2..0000000000 --- a/inventory/host_vars/memcached02.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.130 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-03.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/memcached02.phx2.fedoraproject.org b/inventory/host_vars/memcached02.phx2.fedoraproject.org new file mode 100644 index 0000000000..060e381997 --- /dev/null +++ b/inventory/host_vars/memcached02.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost +vmhost: virthost18.phx2.fedoraproject.org +datacenter: phx2 + +eth0_ip: 10.5.126.177 diff --git a/inventory/host_vars/memcached02.stg.iad2.fedoraproject.org b/inventory/host_vars/memcached02.stg.iad2.fedoraproject.org deleted file mode 100644 index 23f10011af..0000000000 --- a/inventory/host_vars/memcached02.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.77 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-05.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/mirrorlist-ibiblio.fedoraproject.org b/inventory/host_vars/mirrorlist-ibiblio.fedoraproject.org new file mode 100644 index 0000000000..0ff64f12e2 --- /dev/null +++ b/inventory/host_vars/mirrorlist-ibiblio.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.128 +gw: 152.19.134.129 +dns: 152.2.21.1 +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_ibiblio04 +eth0_ip: 152.19.134.194 +vmhost: ibiblio04.fedoraproject.org +datacenter: ibiblio diff --git a/inventory/host_vars/mirrorlist-osuosl.fedoraproject.org b/inventory/host_vars/mirrorlist-osuosl.fedoraproject.org new file mode 100644 index 0000000000..b622b6a75d --- /dev/null +++ b/inventory/host_vars/mirrorlist-osuosl.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.192 +gw: 140.211.169.193 +dns: 140.211.166.130 +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests00 +eth0_ip: 140.211.169.228 +vmhost: osuosl02.fedoraproject.org +datacenter: osuosl diff --git a/inventory/host_vars/mirrorlist-phx2.phx2.fedoraproject.org b/inventory/host_vars/mirrorlist-phx2.phx2.fedoraproject.org new file mode 100644 index 0000000000..1cdfee77fd --- /dev/null +++ b/inventory/host_vars/mirrorlist-phx2.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests00 +eth0_ip: 10.5.126.50 +vmhost: virthost14.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/mirrorlist-serverbeach.fedoraproject.org b/inventory/host_vars/mirrorlist-serverbeach.fedoraproject.org new file mode 100644 index 0000000000..84567bc5a1 --- /dev/null +++ b/inventory/host_vars/mirrorlist-serverbeach.fedoraproject.org @@ -0,0 +1,24 @@ +--- +nm: 255.255.255.0 +gw: 192.168.122.1 +dns: 66.135.45.92 +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_host +eth0_ip: 192.168.122.2 +vmhost: serverbeach10.fedoraproject.org +datacenter: serverbeach + +# This uses a different virt-install due to wacky serverbeach network/setup +virt_install_command: /usr/sbin/virt-install -n {{ inventory_hostname }} -r {{ mem_size }} + --disk {{ volgroup }}/{{ inventory_hostname }} + --vcpus={{ num_cpus }} -l {{ ks_repo }} -x + "ksdevice=eth0 ks={{ ks_url }} ip={{ eth0_ip }} netmask={{ nm }} + gateway={{ gw }} dns={{ dns }} console=tty0 console=ttyS0 + hostname={{ inventory_hostname }}" + --autostart --noautoconsole + +# +# For some reason this instance can't do the full 45 procs without issues. +# +mirrorlist_procs: 25 diff --git a/inventory/host_vars/mm3test.fedoraproject.org b/inventory/host_vars/mm3test.fedoraproject.org new file mode 100644 index 0000000000..b4c8e03414 --- /dev/null +++ b/inventory/host_vars/mm3test.fedoraproject.org @@ -0,0 +1,3 @@ +--- +freezes: false +datacenter: ibiblio diff --git a/inventory/host_vars/noc-cc01.rdu-cc.fedoraproject.org b/inventory/host_vars/noc-cc01.rdu-cc.fedoraproject.org deleted file mode 100644 index d88ea5d23b..0000000000 --- a/inventory/host_vars/noc-cc01.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,49 +0,0 @@ ---- -datacenter: rdu-cc -dns1: 8.8.8.8 -dns2: 8.8.4.4 -eth0_ipv4: 8.43.85.50 -eth0_ipv4_gw: 8.43.85.254 -eth0_ipv4_nm: 23 -eth1_ipv4: 172.23.1.3 -eth1_ipv4_nm: 24 -freezes: false -has_ipv4: yes -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -lvm_size: 20000 -mac0: 52:54:00:83:bf:28 -mac1: 52:54:00:1c:14:e6 -mem_size: 8192 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - vpn.fedoraproject.org - - fedoraproject.org - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - type: ethernet - - autoconnect: yes - ip: - address: - - "{{ eth1_ipv4 }}/{{ eth1_ipv4_nm }}" - dhcp4: no - mac: "{{ mac1 }}" - name: eth1 - type: ethernet -num_cpus: 4 -public_hostname: noc-cc01.rdu-cc.fedoraproject.org -tcp_ports: ['67', '68'] -udp_ports: ['67', '68', '69'] -virt_install_command: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns1 }} ip={{ eth0_ipv4 }}::{{ eth0_ipv4_gw }}:{{ eth0_ipv4_nm }}:{{ inventory_hostname }}:eth0:none ip={{ eth1_ipv4 }}:::{{ eth1_ipv4_nm }}:{{ inventory_hostname_short }}-mgmt:eth1:none' --network bridge=br0,model=virtio,mac={{ mac_address }} --network=bridge=br1,model=virtio,mac={{ mac_address }} --autostart --noautoconsole --watchdog default --rng /dev/random -vmhost: vmhost-x86-cc03.rdu-cc.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/noc01.iad2.fedoraproject.org b/inventory/host_vars/noc01.iad2.fedoraproject.org deleted file mode 100644 index 93a7b5194e..0000000000 --- a/inventory/host_vars/noc01.iad2.fedoraproject.org +++ /dev/null @@ -1,27 +0,0 @@ ---- -custom_rules: [ - '-A INPUT -p tcp -m tcp -s 192.168.1.20 --dport 5666 -j ACCEPT', - # needed to allow rsync from log01 - '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' - ] -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 192.168.1.20 tcp dport 5666 counter accept' - # needed to allow rsync from log01 - - 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept' -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.10 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# Define resources for this group of hosts here. -lvm_size: 20000 -mem_size: 8192 -nagios_location: 'iad2_internal' -nagios_srcdir: 'nagios' -num_cpus: 4 -tcp_ports: ['22', '80', '443', '67', '68'] -udp_ports: ['67', '68', '69'] -vmhost: vmhost-x86-04.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/noc01.phx2.fedoraproject.org b/inventory/host_vars/noc01.phx2.fedoraproject.org new file mode 100644 index 0000000000..73b10dccb7 --- /dev/null +++ b/inventory/host_vars/noc01.phx2.fedoraproject.org @@ -0,0 +1,16 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_virthost +vmhost: virthost17.phx2.fedoraproject.org +datacenter: phx2 + +tcp_ports: ['22', '80', '443', '67', '68'] +udp_ports: ['67','68','69'] +custom_rules: [ '-A INPUT -p tcp -m tcp -s 192.168.1.20 --dport 5666 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +eth0_ip: 10.5.126.41 diff --git a/inventory/host_vars/noc01.rdu3.fedoraproject.org b/inventory/host_vars/noc01.rdu3.fedoraproject.org deleted file mode 100644 index 4ec5ee8fa3..0000000000 --- a/inventory/host_vars/noc01.rdu3.fedoraproject.org +++ /dev/null @@ -1,27 +0,0 @@ ---- -custom_rules: [ - '-A INPUT -p tcp -m tcp -s 192.168.1.20 --dport 5666 -j ACCEPT', - # needed to allow rsync from log01 - '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' - ] -nft_custom_rules: - - 'add rule ip filter INPUT ip saddr 192.168.1.20 tcp dport 5666 counter accept' - # needed to allow rsync from log01 - - 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept' - - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept' -datacenter: rdu3 -eth0_ipv4_gw: 10.16.163.254 -eth0_ipv4_ip: 10.16.163.10 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# Define resources for this group of hosts here. -lvm_size: 20000 -mem_size: 8192 -nagios_location: 'rdu3_internal' -nagios_srcdir: 'nagios' -num_cpus: 4 -tcp_ports: ['22', '80', '443', '67', '68'] -udp_ports: ['67', '68', '69'] -vmhost: vmhost-x86-01.rdu3.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/noc02.fedoraproject.org b/inventory/host_vars/noc02.fedoraproject.org index 57cfb5f145..8136376faf 100644 --- a/inventory/host_vars/noc02.fedoraproject.org +++ b/inventory/host_vars/noc02.fedoraproject.org @@ -1,55 +1,11 @@ --- -csi_relationship: | - noc02 is the external monitoring nagios instance. - - * This host relies on: - - the virthost it's hosted on (ibiblio04.fedoraproject.org) - - FAS to authenticate users - - VPN connectivity - - * Things that rely on this host: - - Infrastructure team to be awair of the infra status. operations control process will be affected - - if this host is down, it will be difficult to know the status of infra and provide reactive/proactive support +nm: 255.255.255.128 +gw: 152.19.134.129 +dns: 152.2.21.1 +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_ibiblio04 +eth0_ip: 152.19.134.192 +vmhost: ibiblio04.fedoraproject.org datacenter: ibiblio -dns1: 152.2.21.1 -dns2: 152.2.253.100 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -eth0_ipv4_ip: 152.19.134.192 -eth0_ipv4_gw: 152.19.134.129 -eth0_ipv4_nm: 25 -eth0_ipv6_ip: "2600:2701:4000:5211:dead:beef:00fe:fed9" -eth0_ipv6_gw: "2600:2701:4000:5211::1" -eth0_ipv6_nm: 104 -has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -nagios_location: 'external' -nagios_srcdir: 'nagios' -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - - 2001:4860:4860::8888 - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet postfix_group: vpn -postfix_maincf: "postfix/main.cf/main.cf.noc02.fedoraproject.org" -postfix_mastercf: "postfix/master.cf/master.cf.noc02.fedoraproject.org" -postfix_transport_filename: transports.noc02.fedoraproject.org -vmhost: ibiblio02.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true -notes: "This is an external nagios server located outside of PHX. It monitors our user websites/applications (fedoraproject.org, FAS, PackageDB, Bodhi/Updates)." diff --git a/inventory/host_vars/notifs-backend01.phx2.fedoraproject.org b/inventory/host_vars/notifs-backend01.phx2.fedoraproject.org new file mode 100644 index 0000000000..cfcc97757f --- /dev/null +++ b/inventory/host_vars/notifs-backend01.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ + +eth0_ip: 10.5.126.168 + +volgroup: /dev/vg_virthost09 +vmhost: virthost09.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/notifs-backend01.stg.phx2.fedoraproject.org b/inventory/host_vars/notifs-backend01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..49807a8480 --- /dev/null +++ b/inventory/host_vars/notifs-backend01.stg.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ + +eth0_ip: 10.5.126.75 + +volgroup: /dev/vg_virthost16 +vmhost: virthost16.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/notifs-web01.phx2.fedoraproject.org b/inventory/host_vars/notifs-web01.phx2.fedoraproject.org new file mode 100644 index 0000000000..416dc7e424 --- /dev/null +++ b/inventory/host_vars/notifs-web01.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ + +eth0_ip: 10.5.126.103 + +volgroup: /dev/vg_virthost04 +vmhost: virthost04.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/notifs-web01.stg.phx2.fedoraproject.org b/inventory/host_vars/notifs-web01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..e5052a0cf8 --- /dev/null +++ b/inventory/host_vars/notifs-web01.stg.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ + +eth0_ip: 10.5.126.48 + +volgroup: /dev/vg_virthost16 +vmhost: virthost16.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/notifs-web02.phx2.fedoraproject.org b/inventory/host_vars/notifs-web02.phx2.fedoraproject.org new file mode 100644 index 0000000000..e384071ea6 --- /dev/null +++ b/inventory/host_vars/notifs-web02.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ + +eth0_ip: 10.5.126.119 + +volgroup: /dev/vg_virthost06 +vmhost: virthost06.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/notifs-web02.stg.phx2.fedoraproject.org b/inventory/host_vars/notifs-web02.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..1b36edb5b4 --- /dev/null +++ b/inventory/host_vars/notifs-web02.stg.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ + +eth0_ip: 10.5.126.51 + +volgroup: /dev/vg_virthost10 +vmhost: virthost10.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/ns01.iad2.fedoraproject.org b/inventory/host_vars/ns01.iad2.fedoraproject.org deleted file mode 100644 index 11f2829a68..0000000000 --- a/inventory/host_vars/ns01.iad2.fedoraproject.org +++ /dev/null @@ -1,12 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.33 -# -# This host is externally reachable -# -external: true -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-01.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/ns01.rdu3.fedoraproject.org b/inventory/host_vars/ns01.rdu3.fedoraproject.org deleted file mode 100644 index 1d469f4a4a..0000000000 --- a/inventory/host_vars/ns01.rdu3.fedoraproject.org +++ /dev/null @@ -1,17 +0,0 @@ ---- -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "fedoraproject.org" -dns_search3: "iad2.fedoraproject.org" -eth0_ipv4_gw: 10.16.163.254 -eth0_ipv4_ip: 10.16.163.33 -# -# This host is externally reachable -# -external: true -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-01.rdu3.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/ns02.fedoraproject.org b/inventory/host_vars/ns02.fedoraproject.org deleted file mode 100644 index b561bf8741..0000000000 --- a/inventory/host_vars/ns02.fedoraproject.org +++ /dev/null @@ -1,51 +0,0 @@ ---- -csi_relationship: |2 - ns02 is a master dns server. - It serves about every domain under fedoraproject, fedo*, as well as others, both forward and reverse. - - * This host relies on: - - The virthost it's hosted on (ibiblio05.fedoraproject.org) - - batcave for dns git and keys - - connectivity to maxmind to create geoIP dns acl - - * Things that rely on this host: - - The Internet/Community to resolve everything related to fedora and reverse-IP for allocated subnets - - If this host is down, dns queries will slow down by the portion of this host to the total name servers responsible for the same domain set. - - secodary/slave dns servers -datacenter: ibiblio -dns1: 152.2.21.1 -dns2: 152.2.253.100 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -eth0_ipv4_ip: 152.19.134.139 -eth0_ipv4_gw: 152.19.134.129 -eth0_ipv4_nm: 25 -eth0_ipv6_ip: "2600:2701:4000:5211:dead:beef:00fe:fed7" -eth0_ipv6_gw: "2600:2701:4000:5211::1" -eth0_ipv6_nm: 104 -has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - - 2001:4860:4860::8888 - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet -postfix_group: vpn -vmhost: ibiblio05.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/ns02.iad2.fedoraproject.org b/inventory/host_vars/ns02.iad2.fedoraproject.org deleted file mode 100644 index 0d399c5448..0000000000 --- a/inventory/host_vars/ns02.iad2.fedoraproject.org +++ /dev/null @@ -1,12 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.34 -# -# This host is externally reachable -# -external: true -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/ns05.fedoraproject.org b/inventory/host_vars/ns05.fedoraproject.org deleted file mode 100644 index bfd991cfde..0000000000 --- a/inventory/host_vars/ns05.fedoraproject.org +++ /dev/null @@ -1,51 +0,0 @@ ---- -csi_relationship: | - ns05 is a master dns server. - It serves about every domain under fedoraproject, fedo*, as well as others, both forward and reverse. - - * This host relies on: - - The virthost it's hosted on (internetx02.fedoraproject.org) - - batcave for dns git and keys - - connectivity to maxmind to create geoIP dns acl - - * Things that rely on this host: - - The Internet/Community to resolve everything related to fedora and reverse-IP for allocated subnets - - If this host is down, dns queries will slow down by the portion of this host to the total name servers responsible for the same domain set. - - secodary/slave dns servers -datacenter: internetx -dns1: 62.116.130.3 -dns2: 8.8.8.8 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -eth0_ipv4_gw: 85.236.55.1 -eth0_ipv4_ip: 85.236.55.10 -eth0_ipv4_nm: 28 -eth0_ipv6_gw: "2001:4178:2:1269::1" -eth0_ipv6_ip: "2001:4178:2:1269:dead:beef:cafe:fed5" -eth0_ipv6_nm: 64 -eth0_nm: 255.255.255.240 -has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet -postfix_group: vpn -vmhost: internetx02.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/nuancier01.phx2.fedoraproject.org b/inventory/host_vars/nuancier01.phx2.fedoraproject.org new file mode 100644 index 0000000000..ff7a0fb7f2 --- /dev/null +++ b/inventory/host_vars/nuancier01.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests00 +eth0_ip: 10.5.126.231 +vmhost: virthost07.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/nuancier01.stg.phx2.fedoraproject.org b/inventory/host_vars/nuancier01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..903f19b324 --- /dev/null +++ b/inventory/host_vars/nuancier01.stg.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.202 +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/nuancier02.phx2.fedoraproject.org b/inventory/host_vars/nuancier02.phx2.fedoraproject.org new file mode 100644 index 0000000000..44d6131e3c --- /dev/null +++ b/inventory/host_vars/nuancier02.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.232 +vmhost: virthost09.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/nuancier02.stg.phx2.fedoraproject.org b/inventory/host_vars/nuancier02.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..58d98a12e3 --- /dev/null +++ b/inventory/host_vars/nuancier02.stg.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.203 +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/oci-candidate-registry01.iad2.fedoraproject.org b/inventory/host_vars/oci-candidate-registry01.iad2.fedoraproject.org deleted file mode 100644 index fae8211a60..0000000000 --- a/inventory/host_vars/oci-candidate-registry01.iad2.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.102 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 50g -max_mem_size: 16384 -mem_size: 16384 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 4 -vmhost: bvmhost-x86-01.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/oci-candidate-registry01.stg.iad2.fedoraproject.org b/inventory/host_vars/oci-candidate-registry01.stg.iad2.fedoraproject.org deleted file mode 100644 index 2cf1972518..0000000000 --- a/inventory/host_vars/oci-candidate-registry01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.167.254 -eth0_ipv4_ip: 10.3.167.34 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 120g -max_mem_size: 16384 -mem_size: 8192 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 4 -vmhost: bvmhost-x86-01.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/oci-registry01.iad2.fedoraproject.org b/inventory/host_vars/oci-registry01.iad2.fedoraproject.org deleted file mode 100644 index fda6d6f7da..0000000000 --- a/inventory/host_vars/oci-registry01.iad2.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.119 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 120g -max_mem_size: 16384 -mem_size: 16384 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 4 -vmhost: bvmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/oci-registry01.stg.iad2.fedoraproject.org b/inventory/host_vars/oci-registry01.stg.iad2.fedoraproject.org deleted file mode 100644 index 88bcb9328b..0000000000 --- a/inventory/host_vars/oci-registry01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.167.254 -eth0_ipv4_ip: 10.3.167.35 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 120g -max_mem_size: 16384 -mem_size: 8192 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 4 -vmhost: bvmhost-x86-03.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/oci-registry02.iad2.fedoraproject.org b/inventory/host_vars/oci-registry02.iad2.fedoraproject.org deleted file mode 100644 index e563327d0a..0000000000 --- a/inventory/host_vars/oci-registry02.iad2.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.127 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 120g -max_mem_size: 16384 -mem_size: 16384 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 4 -vmhost: bvmhost-x86-03.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/ocp01.ocp.iad2.fedoraproject.org b/inventory/host_vars/ocp01.ocp.iad2.fedoraproject.org deleted file mode 100644 index 39031f30cb..0000000000 --- a/inventory/host_vars/ocp01.ocp.iad2.fedoraproject.org +++ /dev/null @@ -1,47 +0,0 @@ ---- -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.163.120 -eth0_ipv4_gw: 10.3.163.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -lvm_size: 120g -mac0: "{{ ansible_default_ipv4.macaddress }}" -max_mem_size: 24576 -mem_size: 24576 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 4 -rhcos_ignition_file_url: "http://10.3.163.65/rhcos/controlplane.ign" -rhcos_install_img_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.163.65/rhcos/" -virt_install_command: "{{ virt_install_command_pxe_rhcos }}" -vmhost: vmhost-x86-04.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/ocp01.ocp.rdu3.fedoraproject.org b/inventory/host_vars/ocp01.ocp.rdu3.fedoraproject.org deleted file mode 100644 index 2c354e3976..0000000000 --- a/inventory/host_vars/ocp01.ocp.rdu3.fedoraproject.org +++ /dev/null @@ -1,47 +0,0 @@ ---- -datacenter: rdu3 -dns: 10.16.163.33 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4_ip: 10.16.163.120 -eth0_ipv4_gw: 10.16.163.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -lvm_size: 120g -mac0: "{{ ansible_default_ipv4.macaddress }}" -max_mem_size: 32768 -mem_size: 32768 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 6 -rhcos_ignition_file_url: "http://10.16.163.65/rhcos/controlplane.ign" -rhcos_install_img_url: "http://10.16.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.16.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.16.163.65/rhcos/" -virt_install_command: "{{ virt_install_command_pxe_rhcos }}" -vmhost: vmhost-x86-04.rdu3.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/ocp01.ocp.stg.iad2.fedoraproject.org b/inventory/host_vars/ocp01.ocp.stg.iad2.fedoraproject.org deleted file mode 100644 index 61d3594e80..0000000000 --- a/inventory/host_vars/ocp01.ocp.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,48 +0,0 @@ ---- -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.166.115 -eth0_ipv4_gw: 10.3.166.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -lvm_size: 120g -mac0: "{{ ansible_default_ipv4.macaddress }}" -max_mem_size: 24576 -mem_size: 24576 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 4 -rhcos_ignition_file_url: "http://10.3.166.50/rhcos/controlplane.ign" -rhcos_install_img_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.166.50/rhcos/" -virt_install_command: "{{ virt_install_command_pxe_rhcos }}" -vmhost: vmhost-x86-05.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/ocp02.ocp.iad2.fedoraproject.org b/inventory/host_vars/ocp02.ocp.iad2.fedoraproject.org deleted file mode 100644 index b3fce22cde..0000000000 --- a/inventory/host_vars/ocp02.ocp.iad2.fedoraproject.org +++ /dev/null @@ -1,47 +0,0 @@ ---- -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.163.121 -eth0_ipv4_gw: 10.3.163.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -lvm_size: 120g -mac0: "{{ ansible_default_ipv4.macaddress }}" -max_mem_size: 24576 -mem_size: 24576 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 4 -rhcos_ignition_file_url: "http://10.3.163.65/rhcos/controlplane.ign" -rhcos_install_img_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.163.65/rhcos/" -virt_install_command: "{{ virt_install_command_pxe_rhcos }}" -vmhost: vmhost-x86-05.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/ocp02.ocp.rdu3.fedoraproject.org b/inventory/host_vars/ocp02.ocp.rdu3.fedoraproject.org deleted file mode 100644 index aa171adc03..0000000000 --- a/inventory/host_vars/ocp02.ocp.rdu3.fedoraproject.org +++ /dev/null @@ -1,47 +0,0 @@ ---- -datacenter: rdu3 -dns: 10.16.163.33 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4_ip: 10.16.163.121 -eth0_ipv4_gw: 10.16.163.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -lvm_size: 120g -mac0: "{{ ansible_default_ipv4.macaddress }}" -max_mem_size: 32768 -mem_size: 32768 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 6 -rhcos_ignition_file_url: "http://10.16.163.65/rhcos/controlplane.ign" -rhcos_install_img_url: "http://10.16.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.16.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.16.163.65/rhcos/" -virt_install_command: "{{ virt_install_command_pxe_rhcos }}" -vmhost: vmhost-x86-05.rdu3.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/ocp02.ocp.stg.iad2.fedoraproject.org b/inventory/host_vars/ocp02.ocp.stg.iad2.fedoraproject.org deleted file mode 100644 index 85aa73a633..0000000000 --- a/inventory/host_vars/ocp02.ocp.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,48 +0,0 @@ ---- -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.166.116 -eth0_ipv4_gw: 10.3.166.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -lvm_size: 120g -mac0: "{{ ansible_default_ipv4.macaddress }}" -max_mem_size: 24576 -mem_size: 24576 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 4 -rhcos_ignition_file_url: "http://10.3.166.50/rhcos/controlplane.ign" -rhcos_install_img_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.166.50/rhcos/" -virt_install_command: "{{ virt_install_command_pxe_rhcos }}" -vmhost: vmhost-x86-06.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/ocp03.ocp.iad2.fedoraproject.org b/inventory/host_vars/ocp03.ocp.iad2.fedoraproject.org deleted file mode 100644 index 7c4ffa9ea9..0000000000 --- a/inventory/host_vars/ocp03.ocp.iad2.fedoraproject.org +++ /dev/null @@ -1,47 +0,0 @@ ---- -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.163.122 -eth0_ipv4_gw: 10.3.163.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -lvm_size: 120g -mac0: "{{ ansible_default_ipv4.macaddress }}" -max_mem_size: 24576 -mem_size: 24576 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 4 -rhcos_ignition_file_url: "http://10.3.163.65/rhcos/controlplane.ign" -rhcos_install_img_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.163.65/rhcos/" -virt_install_command: "{{ virt_install_command_pxe_rhcos }}" -vmhost: vmhost-x86-06.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/ocp03.ocp.rdu3.fedoraproject.org b/inventory/host_vars/ocp03.ocp.rdu3.fedoraproject.org deleted file mode 100644 index f28ab5b15e..0000000000 --- a/inventory/host_vars/ocp03.ocp.rdu3.fedoraproject.org +++ /dev/null @@ -1,47 +0,0 @@ ---- -datacenter: rdu3 -dns: 10.16.163.33 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4_ip: 10.16.163.122 -eth0_ipv4_gw: 10.16.163.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -lvm_size: 120g -mac0: "{{ ansible_default_ipv4.macaddress }}" -max_mem_size: 32768 -mem_size: 32768 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 6 -rhcos_ignition_file_url: "http://10.16.163.65/rhcos/controlplane.ign" -rhcos_install_img_url: "http://10.16.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.16.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.16.163.65/rhcos/" -virt_install_command: "{{ virt_install_command_pxe_rhcos }}" -vmhost: vmhost-x86-03.rdu3.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/ocp03.ocp.stg.iad2.fedoraproject.org b/inventory/host_vars/ocp03.ocp.stg.iad2.fedoraproject.org deleted file mode 100644 index 0cbeb435cd..0000000000 --- a/inventory/host_vars/ocp03.ocp.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,48 +0,0 @@ ---- -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.166.117 -eth0_ipv4_gw: 10.3.166.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -lvm_size: 120g -mac0: "{{ ansible_default_ipv4.macaddress }}" -max_mem_size: 24576 -mem_size: 24576 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 4 -rhcos_ignition_file_url: "http://10.3.166.50/rhcos/controlplane.ign" -rhcos_install_img_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.166.50/rhcos/" -virt_install_command: "{{ virt_install_command_pxe_rhcos }}" -vmhost: vmhost-x86-07.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/openqa-a64-worker01.iad2.fedoraproject.org b/inventory/host_vars/openqa-a64-worker01.iad2.fedoraproject.org deleted file mode 100644 index 766e84d4c4..0000000000 --- a/inventory/host_vars/openqa-a64-worker01.iad2.fedoraproject.org +++ /dev/null @@ -1,64 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -enP2p1s0_mac: "{{ mac1 }}" -enp1s0_ipv4: 10.3.174.61 -enp1s0_ipv4_gw: 10.3.174.254 -enp1s0_ipv4_nm: 24 -enp1s0_mac: "{{ mac2 }}" -enp1s0d1_mac: "{{ mac3 }}" -freezes: false -# enP2p1s0 is disabled/nothing -# enp1s0 is active network -# enp1s0d1 is disabled/nothing -# NOTE network configuration beyond the scope of linux-system-roles on -# this host is performed by the openqa/worker role - -has_ipv4: yes -mac1: 68:05:ca:8e:9b:86 -mac2: 50:6b:4b:6a:b6:20 -mac3: 50:6b:4b:6a:b6:21 -network_connections: - - autoconnect: no - mac: "{{ enP2p1s0_mac }}" - name: enP2p1s0 - state: down - type: ethernet - - autoconnect: yes - ip: - address: - - "{{ enp1s0_ipv4 }}/{{ enp1s0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ enp1s0_ipv4_gw }}" - mac: "{{ enp1s0_mac }}" - name: enp1s0 - state: up - type: ethernet - - autoconnect: no - mac: "{{ enp1s0d1_mac }}" - name: enp1s0d1 - state: down - type: ethernet -nrpe_procs_crit: 300 -nrpe_procs_warn: 250 -openqa_rngd: false -openqa_tap_iface: enp1s0 -# this is a powerful machine, can handle more openQA workers -openqa_workers: 15 -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -# firewall ports for server->worker websockets connections -# this port is 'QEMUPORT plus 1' -# QEMUPORT is: -# $ENV{QEMUPORT} = ($options{instance}) * 10 + 20002; -# so for worker 1 it's 20012, for worker 2 it's 20022, etc etc -tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153'] -nbde_device: /dev/sda3 diff --git a/inventory/host_vars/openqa-a64-worker02.iad2.fedoraproject.org b/inventory/host_vars/openqa-a64-worker02.iad2.fedoraproject.org deleted file mode 100644 index 0a773e7529..0000000000 --- a/inventory/host_vars/openqa-a64-worker02.iad2.fedoraproject.org +++ /dev/null @@ -1,64 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -enP2p1s0_mac: "{{ mac1 }}" -enp1s0_ipv4: 10.3.174.62 -enp1s0_ipv4_gw: 10.3.174.254 -enp1s0_ipv4_nm: 24 -enp1s0_mac: "{{ mac2 }}" -enp1s0d1_mac: "{{ mac3 }}" -freezes: false -# enP2p1s0 is disabled/nothing -# enp1s0 is active network -# enp1s0d1 is disabled/nothing -# NOTE network configuration beyond the scope of linux-system-roles on -# this host is performed by the openqa/worker role - -has_ipv4: yes -mac1: 00:1b:21:e0:6a:72 -mac2: 50:6b:4b:7f:a8:b0 -mac3: 50:6b:4b:7f:a8:b1 -network_connections: - - autoconnect: no - mac: "{{ enP2p1s0_mac }}" - name: enP2p1s0 - state: down - type: ethernet - - autoconnect: yes - ip: - address: - - "{{ enp1s0_ipv4 }}/{{ enp1s0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ enp1s0_ipv4_gw }}" - mac: "{{ enp1s0_mac }}" - name: enp1s0 - state: up - type: ethernet - - autoconnect: no - mac: "{{ enp1s0d1_mac }}" - name: enp1s0d1 - state: down - type: ethernet -nrpe_procs_crit: 300 -nrpe_procs_warn: 250 -openqa_rngd: false -openqa_tap_iface: enp1s0 -# this is a powerful machine, can handle more openQA workers -openqa_workers: 15 -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -# firewall ports for server->worker websockets connections -# this port is 'QEMUPORT plus 1' -# QEMUPORT is: -# $ENV{QEMUPORT} = ($options{instance}) * 10 + 20002; -# so for worker 1 it's 20012, for worker 2 it's 20022, etc etc -tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153'] -nbde_device: /dev/sda3 diff --git a/inventory/host_vars/openqa-a64-worker03.iad2.fedoraproject.org b/inventory/host_vars/openqa-a64-worker03.iad2.fedoraproject.org deleted file mode 100644 index 6f5ef6b6a5..0000000000 --- a/inventory/host_vars/openqa-a64-worker03.iad2.fedoraproject.org +++ /dev/null @@ -1,64 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -enP2p1s0_mac: "{{ mac1 }}" -enp1s0_ipv4: 10.3.174.63 -enp1s0_ipv4_gw: 10.3.174.254 -enp1s0_ipv4_nm: 24 -enp1s0_mac: "{{ mac2 }}" -enp1s0d1_mac: "{{ mac3 }}" -freezes: false -# enP2p1s0 is disabled/nothing -# enp1s0 is active network -# enp1s0d1 is disabled/nothing -# NOTE network configuration beyond the scope of linux-system-roles on -# this host is performed by the openqa/worker role - -has_ipv4: yes -mac1: 00:1b:21:e0:6e:5b -mac2: 50:6b:4b:7f:98:30 -mac3: 50:6b:4b:7f:98:31 -network_connections: - - autoconnect: no - mac: "{{ enP2p1s0_mac }}" - name: enP2p1s0 - state: down - type: ethernet - - autoconnect: yes - ip: - address: - - "{{ enp1s0_ipv4 }}/{{ enp1s0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ enp1s0_ipv4_gw }}" - mac: "{{ enp1s0_mac }}" - name: enp1s0 - state: up - type: ethernet - - autoconnect: no - mac: "{{ enp1s0d1_mac }}" - name: enp1s0d1 - state: down - type: ethernet -nrpe_procs_crit: 300 -nrpe_procs_warn: 250 -openqa_rngd: false -openqa_tap_iface: enp1s0 -# this is a powerful machine, can handle more openQA workers -openqa_workers: 15 -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -# firewall ports for server->worker websockets connections -# this port is 'QEMUPORT plus 1' -# QEMUPORT is: -# $ENV{QEMUPORT} = ($options{instance}) * 10 + 20002; -# so for worker 1 it's 20012, for worker 2 it's 20022, etc etc -tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153'] -nbde_device: /dev/sda3 diff --git a/inventory/host_vars/openqa-a64-worker04.iad2.fedoraproject.org b/inventory/host_vars/openqa-a64-worker04.iad2.fedoraproject.org deleted file mode 100644 index d06fb6876f..0000000000 --- a/inventory/host_vars/openqa-a64-worker04.iad2.fedoraproject.org +++ /dev/null @@ -1,74 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eno1_mac: "{{ mac1 }}" -eno2_mac: "{{ mac2 }}" -enP1p1s0f0np0_mac: "{{ mac3 }}" -enP1p1s0f1np1_mac: "{{ mac4 }}" -enP1p1s0f0np0_ipv4: 10.3.174.64 -enP1p1s0f0np0_ipv4_gw: 10.3.174.254 -enP1p1s0f0np0_ipv4_nm: 24 -freezes: false -# eno1 is disabled/nothing -# eno2 is disabled/nothing -# enP1p1s0f0np0 is active network -# enP1p1s0f1np1 is disabled/nothing -# NOTE network configuration beyond the scope of linux-system-roles on -# this host is performed by the openqa/worker role - -has_ipv4: yes -mac1: d8:5e:d3:8b:73:d6 -mac2: d8:5e:d3:8b:73:d7 -mac3: 0c:42:a1:5a:08:b0 -mac4: 0c:42:a1:5a:08:b1 -network_connections: - - autoconnect: no - mac: "{{ eno1_mac }}" - name: eno1 - state: down - type: ethernet - - autoconnect: no - mac: "{{ eno2_mac }}" - name: eno2 - state: down - type: ethernet - - autoconnect: yes - ip: - address: - - "{{ enP1p1s0f0np0_ipv4 }}/{{ enP1p1s0f0np0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ enP1p1s0f0np0_ipv4_gw }}" - mac: "{{ enP1p1s0f0np0_mac }}" - name: enP1p1s0f0np0 - state: up - type: ethernet - - autoconnect: no - mac: "{{ enP1p1s0f1np1_mac }}" - name: enP1p1s0f1np1 - state: down - type: ethernet -nrpe_procs_crit: 300 -nrpe_procs_warn: 250 -openqa_rngd: false -openqa_tap_iface: enP1p1s0f0np0 -# this is a powerful machine, but storage kinda limits how many workers -# we can safely run at once -openqa_workers: 25 -# also means we need to bump the load average threshold -openqa_critical_threshold: 100 -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -# firewall ports for server->worker websockets connections -# this port is 'QEMUPORT plus 1' -# QEMUPORT is: -# $ENV{QEMUPORT} = ($options{instance}) * 10 + 20002; -# so for worker 1 it's 20012, for worker 2 it's 20022, etc etc -tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153', '20163', '20173', '20183', '20193', '20203', '20213', '20223', '20233', '20243', '20253', '20263', '20273', '20283', '20293', '20303', '20313', '20323', '20333', '20343', '20353'] diff --git a/inventory/host_vars/openqa-a64-worker05.iad2.fedoraproject.org b/inventory/host_vars/openqa-a64-worker05.iad2.fedoraproject.org deleted file mode 100644 index 2fe486dab8..0000000000 --- a/inventory/host_vars/openqa-a64-worker05.iad2.fedoraproject.org +++ /dev/null @@ -1,64 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -enP2p1s0_mac: "{{ mac1 }}" -enp1s0_ipv4: 10.3.174.65 -enp1s0_ipv4_gw: 10.3.174.254 -enp1s0_ipv4_nm: 24 -enp1s0_mac: "{{ mac2 }}" -enp1s0d1_mac: "{{ mac3 }}" -freezes: false -# enP2p1s0 is disabled/nothing -# enp1s0 is active network -# enp1s0d1 is disabled/nothing -# NOTE network configuration beyond the scope of linux-system-roles on -# this host is performed by the openqa/worker role - -has_ipv4: yes -mac1: 68:05:ca:8a:f0:29 -mac2: 50:6b:4b:6a:eb:b0 -mac3: 50:6b:4b:6a:eb:b1 -network_connections: - - autoconnect: no - mac: "{{ enP2p1s0_mac }}" - name: enP2p1s0 - state: down - type: ethernet - - autoconnect: yes - ip: - address: - - "{{ enp1s0_ipv4 }}/{{ enp1s0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ enp1s0_ipv4_gw }}" - mac: "{{ enp1s0_mac }}" - name: enp1s0 - state: up - type: ethernet - - autoconnect: no - mac: "{{ enp1s0d1_mac }}" - name: enp1s0d1 - state: down - type: ethernet -nrpe_procs_crit: 300 -nrpe_procs_warn: 250 -openqa_rngd: false -openqa_tap_iface: enp1s0 -# this is a moderately powerful machine (16c/32t, I think) -openqa_workers: 15 -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -# firewall ports for server->worker websockets connections -# this port is 'QEMUPORT plus 1' -# QEMUPORT is: -# $ENV{QEMUPORT} = ($options{instance}) * 10 + 20002; -# so for worker 1 it's 20012, for worker 2 it's 20022, etc etc -tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153'] -nbde_device: /dev/sda3 diff --git a/inventory/host_vars/openqa-a64-worker06.iad2.fedoraproject.org b/inventory/host_vars/openqa-a64-worker06.iad2.fedoraproject.org deleted file mode 100644 index 460286f9dc..0000000000 --- a/inventory/host_vars/openqa-a64-worker06.iad2.fedoraproject.org +++ /dev/null @@ -1,64 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -enP2p1s0_mac: "{{ mac1 }}" -enp1s0_ipv4: 10.3.174.66 -enp1s0_ipv4_gw: 10.3.174.254 -enp1s0_ipv4_nm: 24 -enp1s0_mac: "{{ mac2 }}" -enp1s0d1_mac: "{{ mac3 }}" -freezes: false -# enP2p1s0 is disabled/nothing -# enp1s0 is active network -# enp1s0d1 is disabled/nothing -# NOTE network configuration beyond the scope of linux-system-roles on -# this host is performed by the openqa/worker role - -has_ipv4: yes -mac1: 68:05:ca:8e:98:c7 -mac2: 50:6b:4b:6a:c4:90 -mac3: 50:6b:4b:6a:c4:91 -network_connections: - - autoconnect: no - mac: "{{ enP2p1s0_mac }}" - name: enP2p1s0 - state: down - type: ethernet - - autoconnect: yes - ip: - address: - - "{{ enp1s0_ipv4 }}/{{ enp1s0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ enp1s0_ipv4_gw }}" - mac: "{{ enp1s0_mac }}" - name: enp1s0 - state: up - type: ethernet - - autoconnect: no - mac: "{{ enp1s0d1_mac }}" - name: enp1s0d1 - state: down - type: ethernet -nrpe_procs_crit: 300 -nrpe_procs_warn: 250 -openqa_rngd: false -openqa_tap_iface: enp1s0 -# this is a moderately powerful machine (16c/32t, I think) -openqa_workers: 15 -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -# firewall ports for server->worker websockets connections -# this port is 'QEMUPORT plus 1' -# QEMUPORT is: -# $ENV{QEMUPORT} = ($options{instance}) * 10 + 20002; -# so for worker 1 it's 20012, for worker 2 it's 20022, etc etc -tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153'] -nbde_device: /dev/sda3 diff --git a/inventory/host_vars/openqa-lab01.iad2.fedoraproject.org b/inventory/host_vars/openqa-lab01.iad2.fedoraproject.org deleted file mode 100644 index e4cf0ca4e3..0000000000 --- a/inventory/host_vars/openqa-lab01.iad2.fedoraproject.org +++ /dev/null @@ -1,24 +0,0 @@ ---- -############################################################ -# networking -############################################################ -datacenter: iad2 -eth0_ipv4_gw: 10.3.174.254 -eth0_ipv4_ip: 10.3.174.57 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/32/Server/x86_64/os/ -############################################################ -# install -############################################################ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora-32-iad2 -############################################################ -# virtual machine -############################################################ -lvm_size: 1750000 -max_cpu: 60 -max_mem_size: 383216 -mem_size: 262144 -nrpe_procs_crit: 1200 -nrpe_procs_warn: 1000 -num_cpus: 60 -vmhost: qvmhost-x86-01.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/openqa-p09-worker01.iad2.fedoraproject.org b/inventory/host_vars/openqa-p09-worker01.iad2.fedoraproject.org deleted file mode 100644 index b211a5dc04..0000000000 --- a/inventory/host_vars/openqa-p09-worker01.iad2.fedoraproject.org +++ /dev/null @@ -1,59 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -enp1s0f0np0_ipv4: 10.3.174.42 -enp1s0f0np0_ipv4_gw: 10.3.174.254 -enp1s0f0np0_ipv4_nm: 24 -enp1s0f0np0_mac: "{{ mac1 }}" -enp1s0f1np1_mac: "{{ mac2 }}" -freezes: false -# enp1s0f0np0 is default network -# enp1s0f1np1 is disabled/nothing -# NOTE network configuration beyond the scope of linux-system-roles on -# this host is performed by the openqa/worker role - -has_ipv4: yes -mac1: 40:a6:b7:18:87:24 -mac2: 40:a6:b7:18:87:25 -mac3: ac:1f:6b:56:e5:90 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ enp1s0f0np0_ipv4 }}/{{ enp1s0f0np0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ enp1s0f0np0_ipv4_gw }}" - mac: "{{ enp1s0f0np0_mac }}" - name: enp1s0f0np0 - state: up - type: ethernet - - autoconnect: no - mac: "{{ enp1s0f1np1_mac }}" - name: enp1s0f1np1 - state: down - type: ethernet -nrpe_procs_crit: 300 -nrpe_procs_warn: 250 -# has an HW RNG, so let's have rngd -openqa_rngd: true -openqa_tap_iface: enp1s0f0np0 -# this is a powerful machine, can handle more openQA workers -openqa_workers: 15 -# also means we need to bump the load average threshold -openqa_critical_threshold: 70 -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -# firewall ports for server->worker websockets connections -# this port is 'QEMUPORT plus 1' -# QEMUPORT is: -# $ENV{QEMUPORT} = ($options{instance}) * 10 + 20002; -# so for worker 1 it's 20012, for worker 2 it's 20022, etc etc -tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153'] diff --git a/inventory/host_vars/openqa-p09-worker02.iad2.fedoraproject.org b/inventory/host_vars/openqa-p09-worker02.iad2.fedoraproject.org deleted file mode 100644 index 7cdde21001..0000000000 --- a/inventory/host_vars/openqa-p09-worker02.iad2.fedoraproject.org +++ /dev/null @@ -1,64 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -enp1s0f0np0_ipv4: 10.3.174.43 -enp1s0f0np0_ipv4_gw: 10.3.174.254 -enp1s0f0np0_ipv4_nm: 24 -enp1s0f0np0_mac: "{{ mac1 }}" -enp1s0f1np1_mac: "{{ mac2 }}" -enP2p1s0f0np0_mac: "{{ mac3 }}" -freezes: false -# enp1s0f0np0 is default network -# enp1s0f1np1 is disabled/nothing -# enP2p1s0f0np0 is disabled/nothing - -has_ipv4: yes -mac1: 40:a6:b7:18:86:b8 -mac2: 40:a6:b7:18:86:b9 -mac3: ac:1f:6b:59:70:6e -network_connections: - - autoconnect: yes - ip: - address: - - "{{ enp1s0f0np0_ipv4 }}/{{ enp1s0f0np0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ enp1s0f0np0_ipv4_gw }}" - mac: "{{ enp1s0f0np0_mac }}" - name: enp1s0f0np0 - state: up - type: ethernet - - autoconnect: no - mac: "{{ enp1s0f1np1_mac }}" - name: enp1s0f1np1 - state: down - type: ethernet - - autoconnect: no - mac: "{{ enP2p1s0f0np0_mac }}" - name: enP2p1s0f0np0 - state: down - type: ethernet -nrpe_procs_crit: 300 -nrpe_procs_warn: 250 -# has an HW RNG, so let's have rngd -openqa_rngd: true -openqa_tap_iface: enp1s0f0np0 -# this is a powerful machine, can handle more openQA workers -openqa_workers: 15 -# also means we need to bump the load average threshold -openqa_critical_threshold: 70 -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -# firewall ports for server->worker websockets connections -# this port is 'QEMUPORT plus 1' -# QEMUPORT is: -# $ENV{QEMUPORT} = ($options{instance}) * 10 + 20002; -# so for worker 1 it's 20012, for worker 2 it's 20022, etc etc -tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153'] diff --git a/inventory/host_vars/openqa-x86-worker01.iad2.fedoraproject.org b/inventory/host_vars/openqa-x86-worker01.iad2.fedoraproject.org deleted file mode 100644 index 127db7d315..0000000000 --- a/inventory/host_vars/openqa-x86-worker01.iad2.fedoraproject.org +++ /dev/null @@ -1,74 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eno1np0_ipv4: 10.3.174.21 -eno1np0_ipv4_gw: 10.3.174.254 -eno1np0_ipv4_nm: 24 -eno1np0_mac: "{{ mac1 }}" -eno2np1_mac: "{{ mac2 }}" -eno3_mac: "{{ mac3 }}" -eno4_mac: "{{ mac4 }}" -freezes: false -# eno1np0 is default network -# eno2np1 is disabled/nothing -# eno3 is disabled/nothing -# eno4 is disabled/nothing -# NOTE network configuration beyond the scope of linux-system-roles on -# this host is performed by the openqa/worker role - -has_ipv4: yes -mac1: e4:43:4b:a7:98:66 -mac2: e4:43:4b:a7:98:68 -mac3: e4:43:4b:a7:98:86 -mac4: e4:43:4b:a7:98:87 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eno1np0_ipv4 }}/{{ eno1np0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eno1np0_ipv4_gw }}" - mac: "{{ eno1np0_mac }}" - name: eno1np0 - state: up - type: ethernet - - autoconnect: no - mac: "{{ eno2np1_mac }}" - name: eno2np1 - state: down - type: ethernet - - autoconnect: no - mac: "{{ eno3_mac }}" - name: eno3 - state: down - type: ethernet - - autoconnect: no - mac: "{{ eno4_mac }}" - name: eno4 - state: down - type: ethernet -nrpe_procs_crit: 1600 -nrpe_procs_warn: 1400 -# Has a hardware RNG -openqa_rngd: true -openqa_tap_iface: eno1np0 -# this is a powerful machine, can handle more openQA workers -openqa_workers: 30 -# also means we need to bump the load average threshold -openqa_critical_threshold: 60 -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -# firewall ports for server->worker websockets connections -# this port is 'QEMUPORT plus 1' -# QEMUPORT is: -# $ENV{QEMUPORT} = ($options{instance}) * 10 + 20002; -# so for worker 1 it's 20012, for worker 2 it's 20022, etc etc -tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153', '20163', '20173', '20183', '20193', '20203', '20213', '20223', '20233', '20243', '20253', '20263', '20273', '20283', '20293', '20303'] diff --git a/inventory/host_vars/openqa-x86-worker02.iad2.fedoraproject.org b/inventory/host_vars/openqa-x86-worker02.iad2.fedoraproject.org deleted file mode 100644 index 2e88656587..0000000000 --- a/inventory/host_vars/openqa-x86-worker02.iad2.fedoraproject.org +++ /dev/null @@ -1,74 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eno1np0_ipv4: 10.3.174.22 -eno1np0_ipv4_gw: 10.3.174.254 -eno1np0_ipv4_nm: 24 -eno1np0_mac: "{{ mac1 }}" -eno2np1_mac: "{{ mac2 }}" -eno3_mac: "{{ mac3 }}" -eno4_mac: "{{ mac4 }}" -freezes: false -# eno1np0 is default network -# eno2np1 is disabled/nothing -# eno3 is disabled/nothing -# eno4 is disabled/nothing -# NOTE network configuration beyond the scope of linux-system-roles on -# this host is performed by the openqa/worker role - -has_ipv4: yes -mac1: e4:43:4b:23:e8:cc -mac2: e4:43:4b:23:e8:ce -mac3: e4:43:4b:23:e8:ec -mac4: e4:43:4b:23:e8:ed -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eno1np0_ipv4 }}/{{ eno1np0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eno1np0_ipv4_gw }}" - mac: "{{ eno1np0_mac }}" - name: eno1np0 - state: up - type: ethernet - - autoconnect: no - mac: "{{ eno2np1_mac }}" - name: eno2np1 - state: down - type: ethernet - - autoconnect: no - mac: "{{ eno3_mac }}" - name: eno3 - state: down - type: ethernet - - autoconnect: no - mac: "{{ eno4_mac }}" - name: eno4 - state: down - type: ethernet -nrpe_procs_crit: 1600 -nrpe_procs_warn: 1400 -# Has a hardware RNG -openqa_rngd: true -openqa_tap_iface: eno1np0 -# this is a powerful machine, can handle more openQA workers -openqa_workers: 30 -# also means we need to bump the load average threshold -openqa_critical_threshold: 60 -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -# firewall ports for server->worker websockets connections -# this port is 'QEMUPORT plus 1' -# QEMUPORT is: -# $ENV{QEMUPORT} = ($options{instance}) * 10 + 20002; -# so for worker 1 it's 20012, for worker 2 it's 20022, etc etc -tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153', '20163', '20173', '20183', '20193', '20203', '20213', '20223', '20233', '20243', '20253', '20263', '20273', '20283', '20293', '20303'] diff --git a/inventory/host_vars/openqa-x86-worker03.iad2.fedoraproject.org b/inventory/host_vars/openqa-x86-worker03.iad2.fedoraproject.org deleted file mode 100644 index d363cd825d..0000000000 --- a/inventory/host_vars/openqa-x86-worker03.iad2.fedoraproject.org +++ /dev/null @@ -1,71 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eno1_ipv4: 10.3.174.23 -eno1_ipv4_gw: 10.3.174.254 -eno1_ipv4_nm: 24 -eno1_mac: "{{ mac1 }}" -eno2_mac: "{{ mac2 }}" -eno3_mac: "{{ mac3 }}" -eno4_mac: "{{ mac4 }}" -freezes: false -# eno1 is default network -# eno2 is disabled/nothing -# eno3 is disabled/nothing -# eno4 is disabled/nothing - -has_ipv4: yes -mac1: 24:6e:96:b0:e0:78 -mac2: 24:6e:96:b0:e0:7a -mac3: 24:6e:96:b0:e0:7c -mac4: 24:6e:96:b0:e0:7d -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eno1_ipv4 }}/{{ eno1_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eno1_ipv4_gw }}" - mac: "{{ eno1_mac }}" - name: eno1 - state: up - type: ethernet - - autoconnect: no - mac: "{{ eno2_mac }}" - name: eno2 - state: down - type: ethernet - - autoconnect: no - mac: "{{ eno3_mac }}" - name: eno3 - state: down - type: ethernet - - autoconnect: no - mac: "{{ eno4_mac }}" - name: eno4 - state: down - type: ethernet -nrpe_procs_crit: 1600 -nrpe_procs_warn: 1400 -# Has a hardware RNG -openqa_rngd: true -# this machines has 24 CPUs, 22 is our "just under one worker per -# CPU" rule-of-thumb, but it seems to be running out of memory so -# cut to 20 -openqa_workers: 20 -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -# firewall ports for server->worker websockets connections -# this port is 'QEMUPORT plus 1' -# QEMUPORT is: -# $ENV{QEMUPORT} = ($options{instance}) * 10 + 20002; -# so for worker 1 it's 20012, for worker 2 it's 20022, etc etc -tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153', '20163', '20173', '20183', '20193', '20203', '20213', '20223'] diff --git a/inventory/host_vars/openqa-x86-worker04.iad2.fedoraproject.org b/inventory/host_vars/openqa-x86-worker04.iad2.fedoraproject.org deleted file mode 100644 index 818d66516e..0000000000 --- a/inventory/host_vars/openqa-x86-worker04.iad2.fedoraproject.org +++ /dev/null @@ -1,74 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eno1np0_ipv4: 10.3.174.24 -eno1np0_ipv4_gw: 10.3.174.254 -eno1np0_ipv4_nm: 24 -eno1np0_mac: "{{ mac1 }}" -eno2np1_mac: "{{ mac2 }}" -eno3_mac: "{{ mac3 }}" -eno4_mac: "{{ mac4 }}" -freezes: false -# eno1np0 is default network -# eno2np1 is disabled/nothing -# eno3 is disabled/nothing -# eno4 is disabled/nothing -# NOTE network configuration beyond the scope of linux-system-roles on -# this host is performed by the openqa/worker role - -has_ipv4: yes -mac1: e4:43:4b:24:10:aa -mac2: e4:43:4b:24:10:ca -mac3: e4:43:4b:24:10:ac -mac4: e4:43:4b:24:10:cb -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eno1np0_ipv4 }}/{{ eno1np0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eno1np0_ipv4_gw }}" - mac: "{{ eno1np0_mac }}" - name: eno1np0 - state: up - type: ethernet - - autoconnect: no - mac: "{{ eno2np1_mac }}" - name: eno2np1 - state: down - type: ethernet - - autoconnect: no - mac: "{{ eno3_mac }}" - name: eno3 - state: down - type: ethernet - - autoconnect: no - mac: "{{ eno4_mac }}" - name: eno4 - state: down - type: ethernet -nrpe_procs_crit: 1600 -nrpe_procs_warn: 1400 -# Has a hardware RNG -openqa_rngd: true -openqa_tap_iface: eno1np0 -# this is a powerful machine, can handle more openQA workers -openqa_workers: 30 -# also means we need to bump the load average threshold -openqa_critical_threshold: 60 -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -# firewall ports for server->worker websockets connections -# this port is 'QEMUPORT plus 1' -# QEMUPORT is: -# $ENV{QEMUPORT} = ($options{instance}) * 10 + 20002; -# so for worker 1 it's 20012, for worker 2 it's 20022, etc etc -tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153', '20163', '20173', '20183', '20193', '20203', '20213', '20223', '20233', '20243', '20253', '20263', '20273', '20283', '20293', '20303'] diff --git a/inventory/host_vars/openqa-x86-worker05.iad2.fedoraproject.org b/inventory/host_vars/openqa-x86-worker05.iad2.fedoraproject.org deleted file mode 100644 index c5275759e4..0000000000 --- a/inventory/host_vars/openqa-x86-worker05.iad2.fedoraproject.org +++ /dev/null @@ -1,71 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eno1_ipv4: 10.3.174.25 -eno1_ipv4_gw: 10.3.174.254 -eno1_ipv4_nm: 24 -eno1_mac: "{{ mac1 }}" -eno2_mac: "{{ mac2 }}" -eno3_mac: "{{ mac3 }}" -eno4_mac: "{{ mac4 }}" -freezes: false -# eno1 is default network -# een2 is disabled/nothing -# eno3 is disabled/nothing -# eno4 is disabled/nothing - -has_ipv4: yes -mac1: 24:6e:96:b1:4c:70 -mac2: 24:6e:96:b1:4c:72 -mac3: 24:6e:96:b1:4c:74 -mac4: 24:6e:96:b1:4c:75 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eno1_ipv4 }}/{{ eno1_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eno1_ipv4_gw }}" - mac: "{{ eno1_mac }}" - name: eno1 - state: up - type: ethernet - - autoconnect: no - mac: "{{ eno2_mac }}" - name: eno2 - state: down - type: ethernet - - autoconnect: no - mac: "{{ eno3_mac }}" - name: eno3 - state: down - type: ethernet - - autoconnect: no - mac: "{{ eno4_mac }}" - name: eno4 - state: down - type: ethernet -nrpe_procs_crit: 1600 -nrpe_procs_warn: 1400 -# Has a hardware RNG -openqa_rngd: true -openqa_tap_iface: eno1 -# xeon e5-2683v4, 32 physical CPUs -openqa_workers: 30 -openqa_critical_threshold: 60 -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -# firewall ports for server->worker websockets connections -# this port is 'QEMUPORT plus 1' -# QEMUPORT is: -# $ENV{QEMUPORT} = ($options{instance}) * 10 + 20002; -# so for worker 1 it's 20012, for worker 2 it's 20022, etc etc -tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153', '20163', '20173', '20183', '20193', '20203', '20213', '20223', '20233', '20243', '20253', '20263', '20273', '20283', '20293', '20303'] diff --git a/inventory/host_vars/openqa-x86-worker06.iad2.fedoraproject.org b/inventory/host_vars/openqa-x86-worker06.iad2.fedoraproject.org deleted file mode 100644 index af3b7937c9..0000000000 --- a/inventory/host_vars/openqa-x86-worker06.iad2.fedoraproject.org +++ /dev/null @@ -1,71 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eno1_ipv4: 10.3.174.26 -eno1_ipv4_gw: 10.3.174.254 -eno1_ipv4_nm: 24 -eno1_mac: "{{ mac1 }}" -eno2_mac: "{{ mac2 }}" -eno3_mac: "{{ mac3 }}" -eno4_mac: "{{ mac4 }}" -freezes: false -# eno1 is default network -# eno2 is disabled/nothing -# eno3 is disabled/nothing -# eno4 is disabled/nothing - -has_ipv4: yes -mac1: 24:6e:96:b1:c8:00 -mac2: 24:6e:96:b1:c8:02 -mac3: 24:6e:96:b1:c8:04 -mac4: 24:6e:96:b1:c8:05 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eno1_ipv4 }}/{{ eno1_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eno1_ipv4_gw }}" - mac: "{{ eno1_mac }}" - name: eno1 - state: up - type: ethernet - - autoconnect: no - mac: "{{ eno2_mac }}" - name: eno2 - state: down - type: ethernet - - autoconnect: no - mac: "{{ eno3_mac }}" - name: eno3 - state: down - type: ethernet - - autoconnect: no - mac: "{{ eno4_mac }}" - name: eno4 - state: down - type: ethernet -nrpe_procs_crit: 1600 -nrpe_procs_warn: 1400 -# Has a hardware RNG -openqa_rngd: true -# this is a powerful machine, can handle more openQA workers -openqa_workers: 30 -# also means we need to bump the load average threshold -openqa_critical_threshold: 60 -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -# firewall ports for server->worker websockets connections -# this port is 'QEMUPORT plus 1' -# QEMUPORT is: -# $ENV{QEMUPORT} = ($options{instance}) * 10 + 20002; -# so for worker 1 it's 20012, for worker 2 it's 20022, etc etc -tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153', '20163', '20173', '20183', '20193', '20203', '20213', '20223', '20233', '20243', '20253', '20263', '20273', '20283', '20293', '20303'] diff --git a/inventory/host_vars/openqa01.iad2.fedoraproject.org b/inventory/host_vars/openqa01.iad2.fedoraproject.org deleted file mode 100644 index f78cca432e..0000000000 --- a/inventory/host_vars/openqa01.iad2.fedoraproject.org +++ /dev/null @@ -1,22 +0,0 @@ ---- -############################################################ -# networking -############################################################ -datacenter: iad2 -eth0_ipv4_gw: 10.3.174.254 -eth0_ipv4_ip: 10.3.174.52 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/32/Server/x86_64/os/ -############################################################ -# install -############################################################ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora-32-iad2 -############################################################ -# virtual machine -############################################################ -lvm_size: 800000 -mem_size: 16384 -nrpe_procs_crit: 300 -nrpe_procs_warn: 250 -num_cpus: 8 -vmhost: qvmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/os-control01.iad2.fedoraproject.org b/inventory/host_vars/os-control01.iad2.fedoraproject.org deleted file mode 100644 index f8ef0617dc..0000000000 --- a/inventory/host_vars/os-control01.iad2.fedoraproject.org +++ /dev/null @@ -1,18 +0,0 @@ ---- -baseiptables: true -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.65 -external: false -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -lvm_size: 120g -max_mem_size: 16384 -mem_size: 16384 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 4 -resolvconf: "resolv.conf/iad2" -vmhost: vmhost-x86-01.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/os-control01.rdu3.fedoraproject.org b/inventory/host_vars/os-control01.rdu3.fedoraproject.org deleted file mode 100644 index 1143cb3c39..0000000000 --- a/inventory/host_vars/os-control01.rdu3.fedoraproject.org +++ /dev/null @@ -1,19 +0,0 @@ ---- -datacenter: rdu3 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "vpn.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ipv4_gw: 10.16.163.254 -eth0_ipv4_ip: 10.16.163.65 -external: false -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -lvm_size: 120g -max_mem_size: 16384 -mem_size: 16384 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 4 -vmhost: vmhost-x86-01.rdu3.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/os-control01.stg.iad2.fedoraproject.org b/inventory/host_vars/os-control01.stg.iad2.fedoraproject.org deleted file mode 100644 index ecde750846..0000000000 --- a/inventory/host_vars/os-control01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,11 +0,0 @@ ---- -baseiptables: true -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.50 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -lvm_size: 100g -mem_size: 4096 -vmhost: vmhost-x86-11.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/os-control01.stg.rdu3.fedoraproject.org b/inventory/host_vars/os-control01.stg.rdu3.fedoraproject.org deleted file mode 100644 index d5e7c020d2..0000000000 --- a/inventory/host_vars/os-control01.stg.rdu3.fedoraproject.org +++ /dev/null @@ -1,16 +0,0 @@ ---- -datacenter: rdu3 -dns: 10.16.163.33 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "vpn.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ipv4_gw: 10.16.166.254 -eth0_ipv4_ip: 10.16.166.50 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -lvm_size: 100g -mem_size: 4096 -vmhost: vmhost-x86-01.stg.rdu3.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/os-proxy01.fedorainfracloud.org b/inventory/host_vars/os-proxy01.fedorainfracloud.org deleted file mode 100644 index 61a5f41d3c..0000000000 --- a/inventory/host_vars/os-proxy01.fedorainfracloud.org +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Keepalived variables for app.os -dns1: 8.8.8.8 -eth0_ipv4_gw: 38.145.49.254 -eth0_ipv4_ip: 38.145.48.42 -eth0_ipv4_nm: 23 -keepalived2_interface: eth0 -keepalived2_ipaddress: 38.145.48.41 -keepalived2_priority: 50 -keepalived2_routerid: 25 -# Keepalived variables for os -keepalived_interface: eth0 -keepalived_ipaddress: 38.145.48.40 -keepalived_priority: 100 -keepalived_routerid: 20 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/29/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora-29-ext -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 4 -vmhost: virthost-os01.fedorainfracloud.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/os-proxy02.fedorainfracloud.org b/inventory/host_vars/os-proxy02.fedorainfracloud.org deleted file mode 100644 index f6c5f425ad..0000000000 --- a/inventory/host_vars/os-proxy02.fedorainfracloud.org +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Keepalived variables for app.os -dns1: 8.8.8.8 -eth0_ipv4_gw: 38.145.49.254 -eth0_ipv4_ip: 38.145.48.43 -eth0_ipv4_nm: 23 -keepalived2_interface: eth0 -keepalived2_ipaddress: 38.145.48.41 -keepalived2_priority: 100 -keepalived2_routerid: 25 -# Keepalived variables for os -keepalived_interface: eth0 -keepalived_ipaddress: 38.145.48.40 -keepalived_priority: 50 -keepalived_routerid: 20 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/31/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora-31-ext -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 4 -vmhost: virthost-os03.fedorainfracloud.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/osuosl02.fedoraproject.org b/inventory/host_vars/osuosl02.fedoraproject.org deleted file mode 100644 index f6b26e058c..0000000000 --- a/inventory/host_vars/osuosl02.fedoraproject.org +++ /dev/null @@ -1,33 +0,0 @@ ---- -br0_ipv4_ip: 140.211.169.195 -br0_ipv4_gw: 140.211.169.193 -br0_ipv4_nm: 26 -br0_port0_mac: '{{ mac0 }}' -datacenter: osuosl -dns1: 8.8.8.8 -dns_search1: vpn.fedoraproject.org -dns_search2: vpn.fedoraproject.org -has_ipv4: true -mac0: "C8:4B:D6:AF:2A:3B" -network_connections: - - autoconnect: true - ip: - address: - - '{{ br0_ipv4_ip }}/{{ br0_ipv4_nm }}' - dhcp4: false - dns: - - '{{ dns1 }}' - dns_search: - - '{{ dns_search1 }}' - gateway4: '{{ br0_ipv4_gw }}' - name: br0 - state: up - type: bridge - - mac: '{{ br0_port0_mac }}' - master: br0 - name: br0-port0 - state: up - type: ethernet -nrpe_procs_crit: 2500 -nrpe_procs_warn: 2000 -virthost: true diff --git a/inventory/host_vars/osuosl03.fedoraproject.org b/inventory/host_vars/osuosl03.fedoraproject.org new file mode 100644 index 0000000000..e264442e48 --- /dev/null +++ b/inventory/host_vars/osuosl03.fedoraproject.org @@ -0,0 +1,3 @@ +--- +datacenter: osuosl +virthost: true diff --git a/inventory/host_vars/packages03.phx2.fedoraproject.org b/inventory/host_vars/packages03.phx2.fedoraproject.org new file mode 100644 index 0000000000..fb8b137ca2 --- /dev/null +++ b/inventory/host_vars/packages03.phx2.fedoraproject.org @@ -0,0 +1,15 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +eth0_ip: 10.5.126.43 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ + +volgroup: /dev/vg_virthost01 +vmhost: virthost01.phx2.fedoraproject.org +datacenter: phx2 + +install_packages_indexer: True diff --git a/inventory/host_vars/packages03.stg.phx2.fedoraproject.org b/inventory/host_vars/packages03.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..dbc6f91bbf --- /dev/null +++ b/inventory/host_vars/packages03.stg.phx2.fedoraproject.org @@ -0,0 +1,15 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +eth0_ip: 10.5.126.42 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ + +volgroup: /dev/vg_guests +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 + +install_packages_indexer: True diff --git a/inventory/host_vars/packages04.phx2.fedoraproject.org b/inventory/host_vars/packages04.phx2.fedoraproject.org new file mode 100644 index 0000000000..5c95597859 --- /dev/null +++ b/inventory/host_vars/packages04.phx2.fedoraproject.org @@ -0,0 +1,15 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +eth0_ip: 10.5.126.44 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ + +volgroup: /dev/vg_virthost03 +vmhost: virthost03.phx2.fedoraproject.org +datacenter: phx2 + +install_packages_indexer: False diff --git a/inventory/host_vars/pagure-stg01.fedoraproject.org b/inventory/host_vars/pagure-stg01.fedoraproject.org deleted file mode 100644 index c7711b9e01..0000000000 --- a/inventory/host_vars/pagure-stg01.fedoraproject.org +++ /dev/null @@ -1,46 +0,0 @@ ---- -datacenter: rdu-cc -dns1: 8.8.8.8 -dns2: 8.8.4.4 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -effective_cache_size: "6GB" -eth0_ipv4_gw: 8.43.85.254 -eth0_ipv4_ip: 8.43.85.77 -eth0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -eth0_ipv6_ip: "2620:52:3:1:dead:beef:cafe:fed3" -eth0_ipv6_nm: 64 -eth0_nm: 255.255.255.0 -has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL8-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-8-ext -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet -# DB host: -pagure_db_host: 127.0.0.1 -# -# PostgreSQL configuration -# -shared_buffers: "2GB" -ssh_hostnames: - - stg.pagure.io -vmhost: vmhost-x86-cc01.rdu-cc.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/pagure02.fedoraproject.org b/inventory/host_vars/pagure02.fedoraproject.org deleted file mode 100644 index 99288bb0cd..0000000000 --- a/inventory/host_vars/pagure02.fedoraproject.org +++ /dev/null @@ -1,52 +0,0 @@ ---- -datacenter: rdu-cc -dns1: 8.8.8.8 -dns2: 1.0.0.1 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -effective_cache_size: 1 -eth0_ipv4_gw: 8.43.85.254 -eth0_ipv4_ip: 8.43.85.76 -eth0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -eth0_ipv6_ip: "2620:52:3:1:dead:beef:cafe:fed8" -eth0_ipv6_nm: 64 -eth0_nm: 255.255.255.0 -has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL8-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-8-ext -max_stack_depth: "4MB" -nagios_Check_Services: - swap: false -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet -# DB used: -pagure_db_host: 127.0.0.1 -sar_output_file: pagure.json -# GDPR SAR variables - datanommer/datagrepper -sar_script: /usr/local/bin/pagure_sar.py -sar_script_user: git -# -# PostgreSQL configuration -# -shared_buffers: "512MB" -ssh_hostnames: - - pagure.io -temp_buffers: "8MB" -vmhost: vmhost-x86-cc01.rdu-cc.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/paste01.phx2.fedoraproject.org b/inventory/host_vars/paste01.phx2.fedoraproject.org new file mode 100644 index 0000000000..f9dd1b403d --- /dev/null +++ b/inventory/host_vars/paste01.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests00 +eth0_ip: 10.5.126.59 +vmhost: virthost15.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/paste01.stg.phx2.fedoraproject.org b/inventory/host_vars/paste01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..aea0bc141d --- /dev/null +++ b/inventory/host_vars/paste01.stg.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_virthost16 +eth0_ip: 10.5.126.61 +vmhost: virthost16.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/paste02.phx2.fedoraproject.org b/inventory/host_vars/paste02.phx2.fedoraproject.org new file mode 100644 index 0000000000..a39c9b679e --- /dev/null +++ b/inventory/host_vars/paste02.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_virthost +eth0_ip: 10.5.126.17 +vmhost: virthost18.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/people01.fedoraproject.org b/inventory/host_vars/people01.fedoraproject.org deleted file mode 100644 index d00f8b358c..0000000000 --- a/inventory/host_vars/people01.fedoraproject.org +++ /dev/null @@ -1,54 +0,0 @@ ---- -datacenter: ibiblio -dns1: 152.2.21.1 -dns2: 152.2.253.100 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -eth0_ipv4_ip: 152.19.134.196 -eth0_ipv4_gw: 152.19.134.129 -eth0_ipv4_nm: 25 -eth0_ipv6_ip: "2600:2701:4000:5211:dead:beef:00a7:9475" -eth0_ipv6_gw: "2600:2701:4000:5211::1" -eth0_ipv6_nm: 104 -freezes: false -#host_backup_targets: ['/srv/web'] - -has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-people -lvm_size: 2t -mem_size: 8192 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - - 2001:4860:4860::8888 - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 4 -postfix_group: vpn -rsyncd_conf: "rsyncd.conf.people01.fedoraproject.org" -sar_output_file: "fedora_people.xml" -# GDPR SAR vars -sar_script: "/usr/bin/tree /home/fedora/$SAR_USERNAME -DFgXfpsu --timefmt %Y-%m-%dT%H:%M:%SZ" -sar_script_user: "root" -ssh_hostnames: - - fedorapeople.org -tcp_ports: [80, 443, 9418, 873] -vmhost: ibiblio02.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/people03.fedoraproject.org b/inventory/host_vars/people03.fedoraproject.org new file mode 100644 index 0000000000..2aed120946 --- /dev/null +++ b/inventory/host_vars/people03.fedoraproject.org @@ -0,0 +1,4 @@ +--- +freezes: false +datacenter: ibiblio +host_backup_targets: ['/srv/web'] diff --git a/inventory/host_vars/pkgdb01.phx2.fedoraproject.org b/inventory/host_vars/pkgdb01.phx2.fedoraproject.org new file mode 100644 index 0000000000..175c2a6d9d --- /dev/null +++ b/inventory/host_vars/pkgdb01.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_virthost01 +eth0_ip: 10.5.126.15 +vmhost: virthost01.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/pkgdb01.stg.phx2.fedoraproject.org b/inventory/host_vars/pkgdb01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..b1f855da31 --- /dev/null +++ b/inventory/host_vars/pkgdb01.stg.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.20 +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/pkgdb02.phx2.fedoraproject.org b/inventory/host_vars/pkgdb02.phx2.fedoraproject.org new file mode 100644 index 0000000000..7eacd82a05 --- /dev/null +++ b/inventory/host_vars/pkgdb02.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_virthost03 +eth0_ip: 10.5.126.16 +vmhost: virthost03.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/pkgs01.iad2.fedoraproject.org b/inventory/host_vars/pkgs01.iad2.fedoraproject.org deleted file mode 100644 index 60c67ccd7d..0000000000 --- a/inventory/host_vars/pkgs01.iad2.fedoraproject.org +++ /dev/null @@ -1,27 +0,0 @@ ---- -additional_host_keytabs: - - pkgs.fedoraproject.org -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.116 -host_backup_targets: ['/srv/cache/lookaside'] -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL8-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-8-iad2 -mem_size: 32768 -nagios_Check_Services: - swap: false -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" -nrpe_procs_crit: 600 -nrpe_procs_warn: 500 -num_cpus: 16 -# DB used by pagure -pagure_db_host: db01.iad2.fedoraproject.org -sar_output_file: dist_git.json -# GDPR SAR variables - dist_dit -sar_script: /usr/local/bin/pagure_sar.py -sar_script_user: root -ssh_hostnames: - - pkgs.fedoraproject.org -swap: false -vmhost: bvmhost-x86-05.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/pkgs01.phx2.fedoraproject.org b/inventory/host_vars/pkgs01.phx2.fedoraproject.org new file mode 100644 index 0000000000..fbc0826155 --- /dev/null +++ b/inventory/host_vars/pkgs01.phx2.fedoraproject.org @@ -0,0 +1,2 @@ +--- +host_backup_targets: ['/srv'] diff --git a/inventory/host_vars/pkgs01.stg.iad2.fedoraproject.org b/inventory/host_vars/pkgs01.stg.iad2.fedoraproject.org deleted file mode 100644 index 01532ce763..0000000000 --- a/inventory/host_vars/pkgs01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ ---- -# temp fix to get htis box working -baseiptables: False -datacenter: iad2 -eth0_ipv4_gw: 10.3.167.254 -eth0_ipv4_ip: 10.3.167.74 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL8-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-8-iad2 -# DB used by pagure -pagure_db_host: db01.stg.iad2.fedoraproject.org -ssh_hostnames: - - pkgs.stg.fedoraproject.org -vmhost: bvmhost-x86-03.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/ppc64le-test.fedorainfracloud.org b/inventory/host_vars/ppc64le-test.fedorainfracloud.org deleted file mode 100644 index 191cc20db8..0000000000 --- a/inventory/host_vars/ppc64le-test.fedorainfracloud.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -nagios_Can_Connect: false -nagios_Check_Services: - nrpe: false diff --git a/inventory/host_vars/ppc64le-test02.fedorainfracloud.org b/inventory/host_vars/ppc64le-test02.fedorainfracloud.org deleted file mode 100644 index 522544f4c6..0000000000 --- a/inventory/host_vars/ppc64le-test02.fedorainfracloud.org +++ /dev/null @@ -1,29 +0,0 @@ ---- -dns1: 140.211.166.130 -dns2: 140.211.166.131 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -eth0_ipv4_gw: 140.211.11.1 -eth0_ipv4_ip: 140.211.11.244 -eth0_ipv4_nm: 24 -mac0: fa:16:3e:3e:db:69 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - type: ethernet - state: up -nagios_Can_Connect: false -nagios_Check_Services: - nrpe: false diff --git a/inventory/host_vars/proxy01.iad2.fedoraproject.org b/inventory/host_vars/proxy01.iad2.fedoraproject.org deleted file mode 100644 index 281651d542..0000000000 --- a/inventory/host_vars/proxy01.iad2.fedoraproject.org +++ /dev/null @@ -1,47 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "vpn.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ipv4: 10.3.163.74 -eth0_ipv4_gw: 10.3.163.254 -# -# This host is externally reachable -# -external: true -freezes: true -has_ipv4: yes -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 100000 -mac0: 52:54:00:76:9f:85 -mem_size: 32768 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -# This is consumed by the roles/fedora-web/main role -sponsor: redhat -vmhost: vmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/proxy01.rdu3.fedoraproject.org b/inventory/host_vars/proxy01.rdu3.fedoraproject.org deleted file mode 100644 index 7d2d374872..0000000000 --- a/inventory/host_vars/proxy01.rdu3.fedoraproject.org +++ /dev/null @@ -1,46 +0,0 @@ ---- -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "vpn.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ipv4_ip: 10.16.163.74 -eth0_ipv4_gw: 10.16.163.254 -# -# This host is externally reachable -# -external: true -freezes: true -has_ipv4: yes -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 100000 -mem_size: 32768 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -# This is consumed by the roles/fedora-web/main role -sponsor: redhat -vmhost: vmhost-x86-01.rdu3.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/proxy01.stg.iad2.fedoraproject.org b/inventory/host_vars/proxy01.stg.iad2.fedoraproject.org deleted file mode 100644 index 0d6ed8a61c..0000000000 --- a/inventory/host_vars/proxy01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.74 -external: true -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -# This is consumed by the roles/fedora-web/main role -sponsor: redhat -vmhost: vmhost-x86-02.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/proxy02.fedoraproject.org b/inventory/host_vars/proxy02.fedoraproject.org deleted file mode 100644 index e0dda7ec12..0000000000 --- a/inventory/host_vars/proxy02.fedoraproject.org +++ /dev/null @@ -1,48 +0,0 @@ ---- -datacenter: internetx -dns1: 8.8.8.8 -dns2: 8.8.4.4 -dns_search1: "vpn.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth0_ipv4_ip: 85.236.55.6 -eth0_ipv4_gw: 85.236.55.1 -eth0_ipv4_nm: 28 -eth0_ipv6_ip: "2001:4178:2:1269::fed2" -eth0_ipv6_gw: "2001:4178:2:1269::1" -eth0_ipv6_nm: 64 -freezes: true -has_ipv4: yes -has_ipv6: true -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -max_mem_size: 65536 -mem_size: 24576 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - - 2001:4860:4860::8888 - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 4 -postfix_group: vpn -public_hostname: proxy02.fedoraproject.org -# This is consumed by the roles/fedora-web/main role -sponsor: internetx -vmhost: internetx02.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/proxy02.stg.iad2.fedoraproject.org b/inventory/host_vars/proxy02.stg.iad2.fedoraproject.org deleted file mode 100644 index f5827aea4b..0000000000 --- a/inventory/host_vars/proxy02.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.75 -external: true -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -# This is consumed by the roles/fedora-web/main role -sponsor: redhat -vmhost: vmhost-x86-09.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/proxy03.fedoraproject.org b/inventory/host_vars/proxy03.fedoraproject.org deleted file mode 100644 index f7922daa49..0000000000 --- a/inventory/host_vars/proxy03.fedoraproject.org +++ /dev/null @@ -1,48 +0,0 @@ ---- -datacenter: rdu-cc -dns1: 8.8.8.8 -dns2: 8.8.4.4 -dns_search1: "vpn.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth0_ipv4: 8.43.85.73 -eth0_ipv4_gw: 8.43.85.254 -eth0_ipv6: "2620:52:3:1:dead:beef:cafe:fed6" -eth0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -eth0_ipv6_nm: 64 -freezes: true -has_ipv4: yes -has_ipv6: true -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -mac0: "52:54:00:c1:18:c6" -max_mem_size: 32768 -mem_size: 16384 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6 }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - - 2001:4860:4860::8888 - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ mac0 }}" - name: eth0 - type: ethernet -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -postfix_group: vpn -public_hostname: proxy03.fedoraproject.org -# This is consumed by the roles/fedora-web/main role -sponsor: redhat -vmhost: vmhost-x86-cc01.rdu-cc.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/proxy04.fedoraproject.org b/inventory/host_vars/proxy04.fedoraproject.org deleted file mode 100644 index c104df18bb..0000000000 --- a/inventory/host_vars/proxy04.fedoraproject.org +++ /dev/null @@ -1,48 +0,0 @@ ---- -datacenter: ibiblio -dns1: 152.2.21.1 -dns2: 152.2.153.100 -dns_search1: "vpn.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth0_ipv4_ip: 152.19.134.142 -eth0_ipv4_gw: 152.19.134.129 -eth0_ipv4_nm: 25 -eth0_ipv6_ip: "2600:2701:4000:5211:dead:beef:00fe:fed3" -eth0_ipv6_gw: "2600:2701:4000:5211::1" -eth0_ipv6_nm: 104 -freezes: true -has_ipv4: yes -has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -max_mem_size: 20000 -mem_size: 16384 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - - 2001:4860:4860::8888 - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - name: eth0 - mac: "{{ ansible_default_ipv4.macaddress }}" - type: ethernet -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -postfix_group: vpn -public_hostname: proxy04.fedoraproject.org -# This is consumed by the roles/fedora-web/main role -sponsor: ibiblio -vmhost: ibiblio02.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/proxy05.fedoraproject.org b/inventory/host_vars/proxy05.fedoraproject.org deleted file mode 100644 index 5466c48f99..0000000000 --- a/inventory/host_vars/proxy05.fedoraproject.org +++ /dev/null @@ -1,45 +0,0 @@ ---- -datacenter: host1plus -dns1: 8.8.8.8 -dns2: 8.8.4.4 -dns_search1: "vpn.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth0_ipv4: 185.141.165.254 -eth0_ipv4_gw: 185.141.164.1 -eth0_ipv4_nm: 23 -freezes: true -has_ipv4: yes -mac0: "06:5b:86:00:06:60" -nagios_Check_Services: - dhcpd: false - httpd: true - named: false - nrpe: true - sshd: true - swap: false -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - type: ethernet -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -postfix_group: vpn -public_hostname: proxy05.fedoraproject.org -# This is now a cloud instance provided by host1plus -# vmhost: none - -# This is consumed by the roles/fedora-web/main role -sponsor: host1plus -vpn: true diff --git a/inventory/host_vars/proxy06.fedoraproject.org b/inventory/host_vars/proxy06.fedoraproject.org deleted file mode 100644 index 1f6a3cfc3a..0000000000 --- a/inventory/host_vars/proxy06.fedoraproject.org +++ /dev/null @@ -1,48 +0,0 @@ ---- -datacenter: osuosl -dns1: 8.8.8.8 -dns2: 8.8.4.4 -dns_search1: "vpn.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth0_ipv4_ip: 140.211.169.196 -eth0_ipv4_gw: 140.211.169.193 -eth0_ipv4_nm: 26 -eth0_ipv6_ip: "2605:bc80:3010:600:dead:beef:cafe:fed9" -eth0_ipv6_gw: "2605:bc80:3010:600::1" -eth0_ipv6_nm: 64 -freezes: true -has_ipv4: yes -has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -max_mem_size: 40000 -mem_size: 32768 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - - 2001:4860:4860::8888 - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -postfix_group: vpn -public_hostname: proxy06.fedoraproject.org -# This is consumed by the roles/fedora-web/main role -sponsor: osuosl -vmhost: osuosl02.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/proxy07.fedoraproject.org b/inventory/host_vars/proxy07.fedoraproject.org deleted file mode 100644 index 854d879276..0000000000 --- a/inventory/host_vars/proxy07.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -datacenter: bodhost -dns: 8.8.8.8 -dns1: 8.8.8.8 -dns2: 8.8.4.4 -eth0_ip: 174.141.234.172 -eth0_nm: 255.255.255.0 -gw: 174.141.234.1 -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -postfix_group: vpn -# This is consumed by the roles/fedora-web/main role -sponsor: bodhost -vpn: true diff --git a/inventory/host_vars/proxy09.fedoraproject.org b/inventory/host_vars/proxy09.fedoraproject.org deleted file mode 100644 index ddd3fc56af..0000000000 --- a/inventory/host_vars/proxy09.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Skipping all the network stuff. Amazon does that all via DHCP. - -# This is consumed by the roles/fedora-web/main role -datacenter: aws -nagios_Check_Services: - swap: false -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -postfix_group: vpn -public_ip: 35.81.0.97 -sponsor: amazon -vpn: true diff --git a/inventory/host_vars/proxy10.iad2.fedoraproject.org b/inventory/host_vars/proxy10.iad2.fedoraproject.org deleted file mode 100644 index 3298242f7e..0000000000 --- a/inventory/host_vars/proxy10.iad2.fedoraproject.org +++ /dev/null @@ -1,47 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "vpn.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ipv4: 10.3.163.75 -eth0_ipv4_gw: 10.3.163.254 -# -# This host is externally reachable -# -external: true -freezes: true -has_ipv4: yes -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 100000 -mac0: 52:54:00:55:8d:ca -mem_size: 32768 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -# This is consumed by the roles/fedora-web/main role -sponsor: redhat -vmhost: vmhost-x86-05.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/proxy10.rdu3.fedoraproject.org b/inventory/host_vars/proxy10.rdu3.fedoraproject.org deleted file mode 100644 index ab424a6a54..0000000000 --- a/inventory/host_vars/proxy10.rdu3.fedoraproject.org +++ /dev/null @@ -1,46 +0,0 @@ ---- -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "vpn.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ipv4_ip: 10.16.163.75 -eth0_ipv4_gw: 10.16.163.254 -# -# This host is externally reachable -# -external: true -freezes: true -has_ipv4: yes -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -lvm_size: 100000 -mem_size: 32768 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -# This is consumed by the roles/fedora-web/main role -sponsor: redhat -vmhost: vmhost-x86-05.rdu3.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/proxy101.iad2.fedoraproject.org b/inventory/host_vars/proxy101.iad2.fedoraproject.org deleted file mode 100644 index c5c28c169c..0000000000 --- a/inventory/host_vars/proxy101.iad2.fedoraproject.org +++ /dev/null @@ -1,41 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "vpn.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ipv4: 10.3.163.76 -eth0_ipv4_gw: 10.3.163.254 -freezes: true -has_ipv4: yes -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -mac0: 52:54:00:1F:48:0A -mem_size: 16384 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -# This is consumed by the roles/fedora-web/main role -sponsor: redhat -vmhost: vmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/proxy101.rdu3.fedoraproject.org b/inventory/host_vars/proxy101.rdu3.fedoraproject.org deleted file mode 100644 index fe01275f9d..0000000000 --- a/inventory/host_vars/proxy101.rdu3.fedoraproject.org +++ /dev/null @@ -1,41 +0,0 @@ ---- -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "vpn.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ipv4_ip: 10.16.163.76 -eth0_ipv4_gw: 10.16.163.254 -freezes: true -has_ipv4: yes -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -mac0: "{{ ansible_default_ipv4.macaddress }}" -mem_size: 16384 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -# This is consumed by the roles/fedora-web/main role -sponsor: redhat -vmhost: vmhost-x86-02.rdu3.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/proxy11.fedoraproject.org b/inventory/host_vars/proxy11.fedoraproject.org deleted file mode 100644 index 225c7a211b..0000000000 --- a/inventory/host_vars/proxy11.fedoraproject.org +++ /dev/null @@ -1,48 +0,0 @@ ---- -datacenter: dedicatedsolutions -dns1: 8.8.8.8 -dns2: 8.8.4.4 -dns_search1: "vpn.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth0_ipv4_ip: 67.219.144.68 -eth0_ipv4_gw: 67.219.144.65 -eth0_ipv4_nm: 28 -eth0_ipv6_ip: "2604:1580:fe00:0:dead:beef:cafe:fed1" -eth0_ipv6_gw: "2604:1580:fe00::1" -eth0_ipv6_nm: 64 -freezes: true -has_ipv4: yes -has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -max_mem_size: 32768 -mem_size: 32768 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - - 2001:4860:4860::8888 - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 16 -postfix_group: vpn -public_hostname: proxy11.fedoraproject.org -# This is consumed by the roles/fedora-web/main role -sponsor: dedicatedsolutions -vmhost: dedicatedsolutions01.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/proxy110.iad2.fedoraproject.org b/inventory/host_vars/proxy110.iad2.fedoraproject.org deleted file mode 100644 index 5923b78435..0000000000 --- a/inventory/host_vars/proxy110.iad2.fedoraproject.org +++ /dev/null @@ -1,41 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "vpn.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ipv4: 10.3.163.77 -eth0_ipv4_gw: 10.3.163.254 -freezes: true -has_ipv4: yes -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -mac0: 52:54:00:04:49:7a -mem_size: 16384 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -# This is consumed by the roles/fedora-web/main role -sponsor: redhat -vmhost: vmhost-x86-06.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/proxy110.rdu3.fedoraproject.org b/inventory/host_vars/proxy110.rdu3.fedoraproject.org deleted file mode 100644 index 2d6af4e7e7..0000000000 --- a/inventory/host_vars/proxy110.rdu3.fedoraproject.org +++ /dev/null @@ -1,41 +0,0 @@ ---- -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "vpn.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ipv4_ip: 10.16.163.77 -eth0_ipv4_gw: 10.16.163.254 -freezes: true -has_ipv4: yes -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -mac0: "{{ ansible_default_ipv4.macaddress }}" -mem_size: 16384 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet - mtu: 9000 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -# This is consumed by the roles/fedora-web/main role -sponsor: redhat -vmhost: vmhost-x86-02.rdu3.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/proxy12.fedoraproject.org b/inventory/host_vars/proxy12.fedoraproject.org deleted file mode 100644 index 43eaab4a31..0000000000 --- a/inventory/host_vars/proxy12.fedoraproject.org +++ /dev/null @@ -1,49 +0,0 @@ ---- -datacenter: ibiblio -dns1: 152.2.21.1 -dns2: 152.2.153.100 -dns_search1: "vpn.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth0_ipv4: 152.19.134.198 -eth0_ipv4_gw: 152.19.134.129 -eth0_ipv4_nm: 25 -eth0_ipv6: "2600:2701:4000:5211:dead:beef:00da:bbd8" -eth0_ipv6_gw: "2600:2701:4000:5211::1" -eth0_ipv6_nm: 104 -freezes: true -has_ipv4: yes -has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -mac0: "52:54:00:84:5d:9f" -max_mem_size: 20000 -mem_size: 16384 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6 }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - - 2001:4860:4860::8888 - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ mac0 }}" - name: eth0 - type: ethernet -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -postfix_group: vpn -public_hostname: proxy12.fedoraproject.org -# This is consumed by the roles/fedora-web/main role -sponsor: ibiblio -vmhost: ibiblio05.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/proxy14.fedoraproject.org b/inventory/host_vars/proxy14.fedoraproject.org deleted file mode 100644 index 2316da9c9e..0000000000 --- a/inventory/host_vars/proxy14.fedoraproject.org +++ /dev/null @@ -1,48 +0,0 @@ ---- -datacenter: rdu-cc -dns: 8.8.8.8 -dns1: 8.8.8.8 -dns2: 8.8.4.4 -dns_search1: "vpn.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth0_ipv4_ip: 8.43.85.67 -eth0_ipv4_gw: 8.43.85.254 -eth0_ipv6_ip: "2620:52:3:1:dead:beef:cafe:fed7" -eth0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -eth0_ipv6_nm: 64 -freezes: true -has_ipv4: yes -has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -max_mem_size: 32768 -mem_size: 32768 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - - 2001:4860:4860::8888 - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 8 -postfix_group: vpn -public_hostname: proxy14.fedoraproject.org -# This is consumed by the roles/fedora-web/main role -sponsor: redhat -vmhost: vmhost-x86-cc03.rdu-cc.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/proxy30.fedoraproject.org b/inventory/host_vars/proxy30.fedoraproject.org deleted file mode 100644 index 1772e256de..0000000000 --- a/inventory/host_vars/proxy30.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Skipping all the network stuff. Amazon does that all via DHCP. - -# This is consumed by the roles/fedora-web/main role -datacenter: aws -nagios_Check_Services: - swap: false -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -postfix_group: vpn -public_ip: 13.250.126.156 -sponsor: amazon -vpn: true diff --git a/inventory/host_vars/proxy31.fedoraproject.org b/inventory/host_vars/proxy31.fedoraproject.org deleted file mode 100644 index d458ac3722..0000000000 --- a/inventory/host_vars/proxy31.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Skipping all the network stuff. Amazon does that all via DHCP. - -# This is consumed by the roles/fedora-web/main role -datacenter: aws -nagios_Check_Services: - swap: false -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -postfix_group: vpn -public_ip: 13.125.120.8 -sponsor: amazon -vpn: true diff --git a/inventory/host_vars/proxy32.fedoraproject.org b/inventory/host_vars/proxy32.fedoraproject.org deleted file mode 100644 index 41a584539e..0000000000 --- a/inventory/host_vars/proxy32.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Skipping all the network stuff. Amazon does that all via DHCP. - -# This is consumed by the roles/fedora-web/main role -datacenter: aws -nagios_Check_Services: - swap: false -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -postfix_group: vpn -public_ip: 18.185.136.17 -sponsor: amazon -vpn: true diff --git a/inventory/host_vars/proxy33.fedoraproject.org b/inventory/host_vars/proxy33.fedoraproject.org deleted file mode 100644 index 250eab4ee1..0000000000 --- a/inventory/host_vars/proxy33.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Skipping all the network stuff. Amazon does that all via DHCP. - -# This is consumed by the roles/fedora-web/main role -datacenter: aws -nagios_Check_Services: - swap: false -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -postfix_group: vpn -public_ip: 13.246.137.48 -sponsor: amazon -vpn: true diff --git a/inventory/host_vars/proxy34.fedoraproject.org b/inventory/host_vars/proxy34.fedoraproject.org deleted file mode 100644 index b0fe3ef6ba..0000000000 --- a/inventory/host_vars/proxy34.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Skipping all the network stuff. Amazon does that all via DHCP. - -# This is consumed by the roles/fedora-web/main role -datacenter: aws -nagios_Check_Services: - swap: false -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -postfix_group: vpn -public_ip: 18.230.149.104 -sponsor: amazon -vpn: true diff --git a/inventory/host_vars/proxy35.fedoraproject.org b/inventory/host_vars/proxy35.fedoraproject.org deleted file mode 100644 index 03dbe02f51..0000000000 --- a/inventory/host_vars/proxy35.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Skipping all the network stuff. Amazon does that all via DHCP. - -# This is consumed by the roles/fedora-web/main role -datacenter: aws -nagios_Check_Services: - swap: false -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -postfix_group: vpn -public_ip: 18.133.140.134 -sponsor: amazon -vpn: true diff --git a/inventory/host_vars/proxy36.fedoraproject.org b/inventory/host_vars/proxy36.fedoraproject.org deleted file mode 100644 index 7590bbc701..0000000000 --- a/inventory/host_vars/proxy36.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Skipping all the network stuff. Amazon does that all via DHCP. - -# This is consumed by the roles/fedora-web/main role -datacenter: aws -nagios_Check_Services: - swap: false -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -postfix_group: vpn -public_ip: 18.159.254.57 -sponsor: amazon -vpn: true diff --git a/inventory/host_vars/proxy37.fedoraproject.org b/inventory/host_vars/proxy37.fedoraproject.org deleted file mode 100644 index 7d2bd7393b..0000000000 --- a/inventory/host_vars/proxy37.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Skipping all the network stuff. Amazon does that all via DHCP. - -# This is consumed by the roles/fedora-web/main role -datacenter: aws -nagios_Check_Services: - swap: false -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -postfix_group: vpn -public_ip: 13.233.183.170 -sponsor: amazon -vpn: true diff --git a/inventory/host_vars/proxy38.fedoraproject.org b/inventory/host_vars/proxy38.fedoraproject.org deleted file mode 100644 index 8f12c87b23..0000000000 --- a/inventory/host_vars/proxy38.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Skipping all the network stuff. Amazon does that all via DHCP. - -# This is consumed by the roles/fedora-web/main role -datacenter: aws -nagios_Check_Services: - swap: false -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -postfix_group: vpn -public_ip: 13.212.21.54 -sponsor: amazon -vpn: true diff --git a/inventory/host_vars/proxy39.fedoraproject.org b/inventory/host_vars/proxy39.fedoraproject.org deleted file mode 100644 index e270857cf7..0000000000 --- a/inventory/host_vars/proxy39.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Skipping all the network stuff. Amazon does that all via DHCP. - -# This is consumed by the roles/fedora-web/main role -datacenter: aws -nagios_Check_Services: - swap: false -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -postfix_group: vpn -public_ip: 13.245.77.95 -sponsor: amazon -vpn: true diff --git a/inventory/host_vars/proxy40.fedoraproject.org b/inventory/host_vars/proxy40.fedoraproject.org deleted file mode 100644 index 5948d517b1..0000000000 --- a/inventory/host_vars/proxy40.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Skipping all the network stuff. Amazon does that all via DHCP. - -# This is consumed by the roles/fedora-web/main role -datacenter: aws -nagios_Check_Services: - swap: false -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -postfix_group: vpn -public_ip: 15.228.51.95 -sponsor: amazon -vpn: true diff --git a/inventory/host_vars/qa04.qa.fedoraproject.org b/inventory/host_vars/qa04.qa.fedoraproject.org new file mode 100644 index 0000000000..2afe24a829 --- /dev/null +++ b/inventory/host_vars/qa04.qa.fedoraproject.org @@ -0,0 +1,4 @@ +--- +freezes: false +fas_client_groups: sysadmin-qa,sysadmin-main +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" diff --git a/inventory/host_vars/qa05.qa.fedoraproject.org b/inventory/host_vars/qa05.qa.fedoraproject.org new file mode 100644 index 0000000000..2afe24a829 --- /dev/null +++ b/inventory/host_vars/qa05.qa.fedoraproject.org @@ -0,0 +1,4 @@ +--- +freezes: false +fas_client_groups: sysadmin-qa,sysadmin-main +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" diff --git a/inventory/host_vars/qa06.qa.fedoraproject.org b/inventory/host_vars/qa06.qa.fedoraproject.org new file mode 100644 index 0000000000..2afe24a829 --- /dev/null +++ b/inventory/host_vars/qa06.qa.fedoraproject.org @@ -0,0 +1,4 @@ +--- +freezes: false +fas_client_groups: sysadmin-qa,sysadmin-main +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" diff --git a/inventory/host_vars/qa07.qa.fedoraproject.org b/inventory/host_vars/qa07.qa.fedoraproject.org new file mode 100644 index 0000000000..2afe24a829 --- /dev/null +++ b/inventory/host_vars/qa07.qa.fedoraproject.org @@ -0,0 +1,4 @@ +--- +freezes: false +fas_client_groups: sysadmin-qa,sysadmin-main +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" diff --git a/inventory/host_vars/qadevel-stg.qa.fedoraproject.org b/inventory/host_vars/qadevel-stg.qa.fedoraproject.org new file mode 100644 index 0000000000..1096be1889 --- /dev/null +++ b/inventory/host_vars/qadevel-stg.qa.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-20 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/x86_64/os/ +volgroup: /dev/Guests00 +eth0_ip: 10.5.124.181 +vmhost: virthost-comm01.qa.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/qadevel.cloud.fedoraproject.org b/inventory/host_vars/qadevel.cloud.fedoraproject.org new file mode 100644 index 0000000000..6bf9e9dadb --- /dev/null +++ b/inventory/host_vars/qadevel.cloud.fedoraproject.org @@ -0,0 +1,2 @@ +--- +host_backup_targets: ['/var/lib/phabricator/files', '/srv/backup'] diff --git a/inventory/host_vars/qadevel.qa.fedoraproject.org b/inventory/host_vars/qadevel.qa.fedoraproject.org new file mode 100644 index 0000000000..6efb4b5d79 --- /dev/null +++ b/inventory/host_vars/qadevel.qa.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-20 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/x86_64/os/ +volgroup: /dev/Guests00 +eth0_ip: 10.5.124.180 +vmhost: virthost-comm01.qa.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/qvmhost-x86-01.iad2.fedoraproject.org b/inventory/host_vars/qvmhost-x86-01.iad2.fedoraproject.org deleted file mode 100644 index 7e287dfa2d..0000000000 --- a/inventory/host_vars/qvmhost-x86-01.iad2.fedoraproject.org +++ /dev/null @@ -1,35 +0,0 @@ ---- -br0_dev: eno1 -br0_gw: 10.3.174.254 -br0_ip: 10.3.174.11 -br0_nm: 255.255.255.0 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns: 10.3.163.33 -mac1: e4:43:4b:a8:c1:fe -mac2: e4:43:4b:a8:c2:00 -mac3: e4:43:4b:a8:c2:1e -mac4: e4:43:4b:a8:c2:1f -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ip }}/24" - dhcp4: no - dns: - - 10.3.163.33 - - 10.3.163.34 - dns_search: - - iad2.fedoraproject.org - - fedoraproject.org - gateway4: "{{ br0_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/qvmhost-x86-02.iad2.fedoraproject.org b/inventory/host_vars/qvmhost-x86-02.iad2.fedoraproject.org deleted file mode 100644 index 8180ab7e52..0000000000 --- a/inventory/host_vars/qvmhost-x86-02.iad2.fedoraproject.org +++ /dev/null @@ -1,38 +0,0 @@ ---- -br0_dev: eno1 -br0_gw: 10.3.174.254 -br0_ip: 10.3.174.12 -br0_nm: 255.255.255.0 -br0_port0_mac: '{{ mac1 }}' -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.33 -dns_search1: iad2.fedoraproject.org -dns_search2: fedoraproject.org -mac1: e4:43:4b:a8:b3:0e -mac2: e4:43:4b:a8:b3:10 -mac3: e4:43:4b:a8:b3:2e -mac4: e4:43:4b:a8:b3:2f -network_connections: - - autoconnect: true - ip: - address: - - '{{ br0_ip }}/24' - dhcp4: false - dns: - - '{{ dns1 }}' - - '{{ dns2 }}' - dns_search: - - '{{ dns_search1 }}' - - '{{ dns_search2 }}' - gateway4: '{{ br0_gw }}' - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: '{{ br0_port0_mac }}' - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/rabbitmq01.iad2.fedoraproject.org b/inventory/host_vars/rabbitmq01.iad2.fedoraproject.org deleted file mode 100644 index 347e4abdf3..0000000000 --- a/inventory/host_vars/rabbitmq01.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.78 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL8-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-8-iad2 -vmhost: vmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/rabbitmq01.stg.iad2.fedoraproject.org b/inventory/host_vars/rabbitmq01.stg.iad2.fedoraproject.org deleted file mode 100644 index 7199ef871c..0000000000 --- a/inventory/host_vars/rabbitmq01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,5 +0,0 @@ ---- -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.78 -vmhost: vmhost-x86-09.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/rabbitmq02.iad2.fedoraproject.org b/inventory/host_vars/rabbitmq02.iad2.fedoraproject.org deleted file mode 100644 index a5b55e2106..0000000000 --- a/inventory/host_vars/rabbitmq02.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.79 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL8-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-8-iad2 -vmhost: vmhost-x86-03.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/rabbitmq02.stg.iad2.fedoraproject.org b/inventory/host_vars/rabbitmq02.stg.iad2.fedoraproject.org deleted file mode 100644 index 689a996c6d..0000000000 --- a/inventory/host_vars/rabbitmq02.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,5 +0,0 @@ ---- -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.79 -vmhost: vmhost-x86-12.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/rabbitmq03.iad2.fedoraproject.org b/inventory/host_vars/rabbitmq03.iad2.fedoraproject.org deleted file mode 100644 index 26ba89cd6f..0000000000 --- a/inventory/host_vars/rabbitmq03.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.80 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL8-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-8-iad2 -vmhost: vmhost-x86-04.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/rabbitmq03.stg.iad2.fedoraproject.org b/inventory/host_vars/rabbitmq03.stg.iad2.fedoraproject.org deleted file mode 100644 index dc4b792be2..0000000000 --- a/inventory/host_vars/rabbitmq03.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,5 +0,0 @@ ---- -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.80 -vmhost: vmhost-x86-05.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/rawhide-composer.phx2.fedoraproject.org b/inventory/host_vars/rawhide-composer.phx2.fedoraproject.org new file mode 100644 index 0000000000..dbdc7ac344 --- /dev/null +++ b/inventory/host_vars/rawhide-composer.phx2.fedoraproject.org @@ -0,0 +1,4 @@ +vmhost: bvirthost06.phx2.fedoraproject.org +eth0_ip: 10.5.125.69 +eth1_ip: 10.5.127.54 +volgroup: /dev/vg_bvirthost06 diff --git a/inventory/host_vars/rawhide-test.fedorainfracloud.org b/inventory/host_vars/rawhide-test.fedorainfracloud.org deleted file mode 100644 index 150458175a..0000000000 --- a/inventory/host_vars/rawhide-test.fedorainfracloud.org +++ /dev/null @@ -1,2 +0,0 @@ -datacenter: aws -inventory_hostname: "rawhide-test.fedorainfracloud.org" diff --git a/inventory/host_vars/resultsdb-dev01.qa.fedoraproject.org b/inventory/host_vars/resultsdb-dev01.qa.fedoraproject.org new file mode 100644 index 0000000000..ddad2eacc8 --- /dev/null +++ b/inventory/host_vars/resultsdb-dev01.qa.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-20 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/x86_64/os/ +volgroup: /dev/VirtGuests +eth0_ip: 10.5.124.205 +vmhost: virthost-comm02.qa.fedoraproject.org +datacenter: phx2 + +deployment_type: dev diff --git a/inventory/host_vars/resultsdb-stg01.qa.fedoraproject.org b/inventory/host_vars/resultsdb-stg01.qa.fedoraproject.org new file mode 100644 index 0000000000..0849ad2c7b --- /dev/null +++ b/inventory/host_vars/resultsdb-stg01.qa.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-20 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/x86_64/os/ +volgroup: /dev/VirtGuests +eth0_ip: 10.5.124.147 +vmhost: virthost-comm02.qa.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/resultsdb01.qa.fedoraproject.org b/inventory/host_vars/resultsdb01.qa.fedoraproject.org new file mode 100644 index 0000000000..835737919b --- /dev/null +++ b/inventory/host_vars/resultsdb01.qa.fedoraproject.org @@ -0,0 +1,11 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-20 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/x86_64/os/ +volgroup: /dev/VirtGuests +eth0_ip: 10.5.124.207 +vmhost: virthost-comm02.qa.fedoraproject.org +datacenter: phx2 +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" diff --git a/inventory/host_vars/retrace03.rdu-cc.fedoraproject.org b/inventory/host_vars/retrace03.rdu-cc.fedoraproject.org deleted file mode 100644 index 81ada2bfcd..0000000000 --- a/inventory/host_vars/retrace03.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,150 +0,0 @@ ---- -datacenter: rdu-cc -# Clean-up packages of following EOLed operating systems -dns1: 8.8.8.8 -dns2: 8.8.4.4 -dns_search1: fedoraproject.org -eol_opsys: - - { opsys: Fedora, release: '38' } -# When not empty, the array should have the following form: -# - { opsys: "Fedora", release: "36" } -eth2_ipv4_ip: 8.43.85.61 -eth2_ipv4_gw: 8.43.85.254 -eth2_ipv4_nm: 23 -eth2_ipv6_ip: "2620:52:3:1:dead:beef:cafe:c005" -eth2_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -eth2_ipv6_nm: 64 -has_ipv6: yes - -# List of supported operating systems -faf_opsys_list: - - fedora - - centos -faf_repos: - # Fedora 42 repositories ------------------------------------------------ - - arch: src - name: fedora-42-source - opsys: Fedora 42 - url: - - http://dl01.fedoraproject.org/pub/fedora/linux/releases/42/Everything/source/tree/ - - http://dl01.fedoraproject.org/pub/fedora/linux/development/42/Everything/source/tree/ - - arch: x86_64 - name: fedora-42-x86_64 - opsys: Fedora 42 - url: - - http://dl01.fedoraproject.org/pub/fedora/linux/releases/42/Everything/x86_64/os/ - - http://dl01.fedoraproject.org/pub/fedora/linux/development/42/Everything/x86_64/os/ - - arch: x86_64 - name: fedora-42-x86_64-debug - opsys: Fedora 42 - url: - - http://dl01.fedoraproject.org/pub/fedora/linux/releases/42/Everything/x86_64/debug/tree/ - - http://dl01.fedoraproject.org/pub/fedora/linux/development/42/Everything/x86_64/debug/tree/ - - arch: x86_64 - name: fedora-42-x86_64-updates - opsys: Fedora 42 - url: - - http://dl01.fedoraproject.org/pub/fedora/linux/updates/42/Everything/x86_64/ - - arch: x86_64 - name: fedora-42-x86_64-updates-debug - opsys: Fedora 42 - url: - - http://dl01.fedoraproject.org/pub/fedora/linux/updates/42/Everything/x86_64/debug/ - - arch: x86_64 - name: fedora-42-x86_64-testing - opsys: Fedora 42 - url: - - http://dl01.fedoraproject.org/pub/fedora/linux/updates/testing/42/Everything/x86_64/ - - arch: x86_64 - name: fedora-42-x86_64-testing-debug - opsys: Fedora 42 - url: - - http://dl01.fedoraproject.org/pub/fedora/linux/updates/testing/42/Everything/x86_64/debug/ - # Fedora 41 repositories ------------------------------------------------ - - arch: src - name: fedora-41-source - opsys: Fedora 41 - url: - - http://dl01.fedoraproject.org/pub/fedora/linux/releases/41/Everything/source/tree/ - - http://dl01.fedoraproject.org/pub/fedora/linux/development/41/Everything/source/tree/ - - arch: x86_64 - name: fedora-41-x86_64 - opsys: Fedora 41 - url: - - http://dl01.fedoraproject.org/pub/fedora/linux/releases/41/Everything/x86_64/os/ - - http://dl01.fedoraproject.org/pub/fedora/linux/development/41/Everything/x86_64/os/ - - arch: x86_64 - name: fedora-41-x86_64-debug - opsys: Fedora 41 - url: - - http://dl01.fedoraproject.org/pub/fedora/linux/releases/41/Everything/x86_64/debug/tree/ - - http://dl01.fedoraproject.org/pub/fedora/linux/development/41/Everything/x86_64/debug/tree/ - - arch: x86_64 - name: fedora-41-x86_64-updates - opsys: Fedora 41 - url: - - http://dl01.fedoraproject.org/pub/fedora/linux/updates/41/Everything/x86_64/ - - arch: x86_64 - name: fedora-41-x86_64-updates-debug - opsys: Fedora 41 - url: - - http://dl01.fedoraproject.org/pub/fedora/linux/updates/41/Everything/x86_64/debug/ - - arch: x86_64 - name: fedora-41-x86_64-testing - opsys: Fedora 41 - url: - - http://dl01.fedoraproject.org/pub/fedora/linux/updates/testing/41/Everything/x86_64/ - - arch: x86_64 - name: fedora-41-x86_64-testing-debug - opsys: Fedora 41 - url: - - http://dl01.fedoraproject.org/pub/fedora/linux/updates/testing/41/Everything/x86_64/debug/ -faf_server_name: retrace.fedoraproject.org/faf -# consumed by roles/copr/certbot -has_ipv4: true -letsencrypt: - certificates: - retrace03.rdu-cc.fedoraproject.org: - challenge_dir: /var/www/html - domains: - - retrace03.rdu-cc.fedoraproject.org - - retrace.fedoraproject.org - mail: msuchy@redhat.com - predefined_deploy_script: httpd -mac0: f4:02:70:fa:79:84 -nagios_Check_Services: - dhcpd: false - httpd: false - named: false - nrpe: true - sshd: true - swap: false -network_connections: - - autoconnect: true - ip: - address: - - '{{ eth2_ipv4_ip }}/{{ eth2_ipv4_nm }}' - - '{{ eth2_ipv6_ip }}/{{ eth2_ipv6_nm }}' - dhcp4: false - dns: - - '{{ dns1 }}' - - '{{ dns2 }}' - dns_search: - - '{{ dns_search1 }}' - gateway4: '{{ eth2_ipv4_gw }}' - gateway6: '{{ eth2_ipv6_gw }}' - mac: '{{ mac0 }}' - name: eth2 - state: up - type: ethernet -public_hostname: retrace03.rdu-cc.fedoraproject.org -rs_internal_arch_list: -- source -- x86_64 -rs_internal_centos_vers: [7, 8] -rs_internal_fedora_vers: [41, 42, rawhide] -rs_internal_fedora_vers_removed: [30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40] -rs_use_faf_packages: true -sar_output_file: faf.json -sar_script: /usr/bin/faf sar -sar_script_user: faf diff --git a/inventory/host_vars/riscv-koji01.iad2.fedoraproject.org b/inventory/host_vars/riscv-koji01.iad2.fedoraproject.org deleted file mode 100644 index de61355f9b..0000000000 --- a/inventory/host_vars/riscv-koji01.iad2.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.172.254 -eth0_ipv4_ip: 10.3.172.21 -koji_instance: secondary -koji_server_url: "https://riscv-koji.fedoraproject.org/kojihub" -koji_topurl: "https://riscv-koji.fedoraproject.org/" -koji_weburl: "https://riscv-koji.fedoraproject.org/koji" -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -vmhost: bvmhost-x86-riscv01.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/secondary01.iad2.fedoraproject.org b/inventory/host_vars/secondary01.iad2.fedoraproject.org deleted file mode 100644 index e16ab6b445..0000000000 --- a/inventory/host_vars/secondary01.iad2.fedoraproject.org +++ /dev/null @@ -1,16 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.86 -# -# This host is externally reachable -# -external: true -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -lvm_size: 40000 -mem_size: 10240 -num_cpus: 4 -public_hostname: secondary01.fedoraproject.org -vmhost: vmhost-x86-03.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/serverbeach07.fedoraproject.org b/inventory/host_vars/serverbeach07.fedoraproject.org new file mode 100644 index 0000000000..331d8c93a2 --- /dev/null +++ b/inventory/host_vars/serverbeach07.fedoraproject.org @@ -0,0 +1,5 @@ +--- +datacenter: serverbeach +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 +postfix_group: vpn diff --git a/inventory/host_vars/sign-bridge01.iad2.fedoraproject.org b/inventory/host_vars/sign-bridge01.iad2.fedoraproject.org deleted file mode 100644 index 43cb311dc7..0000000000 --- a/inventory/host_vars/sign-bridge01.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.120 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: bvmhost-x86-03.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/sign-bridge01.phx2.fedoraproject.org b/inventory/host_vars/sign-bridge01.phx2.fedoraproject.org new file mode 100644 index 0000000000..a43311f567 --- /dev/null +++ b/inventory/host_vars/sign-bridge01.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.125.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_bvirthost06 +vmhost: bvirthost06.phx2.fedoraproject.org +datacenter: phx2 + +eth0_ip: 10.5.125.71 diff --git a/inventory/host_vars/sign-bridge01.rdu3.fedoraproject.org b/inventory/host_vars/sign-bridge01.rdu3.fedoraproject.org deleted file mode 100644 index 9d181210ce..0000000000 --- a/inventory/host_vars/sign-bridge01.rdu3.fedoraproject.org +++ /dev/null @@ -1,11 +0,0 @@ ---- -datacenter: rdu3 -dns: 10.16.163.33 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -eth0_ipv4_gw: 10.16.169.254 -eth0_ipv4_ip: 10.16.169.120 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: bvmhost-x86-01.rdu3.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/sign-bridge01.stg.iad2.fedoraproject.org b/inventory/host_vars/sign-bridge01.stg.iad2.fedoraproject.org deleted file mode 100644 index 8c102826fb..0000000000 --- a/inventory/host_vars/sign-bridge01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.167.254 -eth0_ipv4_ip: 10.3.167.27 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: bvmhost-x86-05.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/sign-vault01.iad2.fedoraproject.org b/inventory/host_vars/sign-vault01.iad2.fedoraproject.org deleted file mode 100644 index 8550e75b53..0000000000 --- a/inventory/host_vars/sign-vault01.iad2.fedoraproject.org +++ /dev/null @@ -1,6 +0,0 @@ ---- -br0_dev: eno1 -br0_gw: 10.3.169.254 -br0_ip: 10.3.169.26 -br0_nm: 255.255.255.0 -dns: 10.3.163.33 diff --git a/inventory/host_vars/sign-vault01.rdu3.fedoraproject.org b/inventory/host_vars/sign-vault01.rdu3.fedoraproject.org deleted file mode 100644 index 266e95048d..0000000000 --- a/inventory/host_vars/sign-vault01.rdu3.fedoraproject.org +++ /dev/null @@ -1,55 +0,0 @@ ---- -br0_ipv4: 10.16.169.26 -br0_ipv4_gw: 10.16.169.254 -br0_ipv4_nm: 24 -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "fedoraproject.org" -dns_search3: "iad2.fedoraproject.org" -has_ipv4: yes -mac0: c4:cb:e1:e1:5f:ec -mac1: c4:cb:e1:e1:5f:ed -mac2: c4:70:bd:c8:ce:ca -mac3: c4:70:bd:c8:ce:cb -network_connections: - # Bridge profile - - name: br0 - state: up - type: bridge - mtu: 9000 - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - # Bond profile - - name: bond0 - type: bond - interface_name: bond0 - mtu: 9000 - controller: br0 - bond: - mode: 802.3ad - # Port profile for the 1st Ethernet device - - name: bond0-port1 - mac: "{{ mac2 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 - # Port profile for the 2nd Ethernet device - - name: bond0-port2 - mac: "{{ mac3 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 diff --git a/inventory/host_vars/sign-vault01.stg.iad2.fedoraproject.org b/inventory/host_vars/sign-vault01.stg.iad2.fedoraproject.org deleted file mode 100644 index b5b11aac60..0000000000 --- a/inventory/host_vars/sign-vault01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,9 +0,0 @@ ---- -datacenter: staging -eth0_ipv4_gw: 10.3.167.254 -eth0_ipv4_ip: 10.3.167.28 -external: false -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: bvmhost-x86-05.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/sign-vault02.iad2.fedoraproject.org b/inventory/host_vars/sign-vault02.iad2.fedoraproject.org deleted file mode 100644 index cbd43666a4..0000000000 --- a/inventory/host_vars/sign-vault02.iad2.fedoraproject.org +++ /dev/null @@ -1,31 +0,0 @@ ---- -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -eth1_ipv4_ip: 10.3.169.27 -eth1_ipv4_gw: 10.3.169.254 -eth1_ipv4_nm: 24 -eth1_mac: "{{ mac0 }}" -external: false -has_ipv4: yes -mac0: B4:45:06:FB:8B:3E -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth1_ipv4_ip }}/{{ eth1_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth1_ipv4_gw }}" - mac: "{{ eth1_mac }}" - name: eth1 - state: up - type: ethernet -resolvconf: "resolv.conf/iad2" diff --git a/inventory/host_vars/smtp-auth-cc-rdu01.fedoraproject.org b/inventory/host_vars/smtp-auth-cc-rdu01.fedoraproject.org deleted file mode 100644 index 4212e5ca02..0000000000 --- a/inventory/host_vars/smtp-auth-cc-rdu01.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ ---- -datacenter: rdu-cc -dns1: 1.1.1.1 -dns2: 1.0.0.1 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -eth0_ipv4_gw: 8.43.85.254 -eth0_ipv4_ip: 8.43.85.71 -eth0_nm: 255.255.255.0 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -vmhost: vmhost-x86-cc01.rdu-cc.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/smtp-mm-cc-rdu01.fedoraproject.org b/inventory/host_vars/smtp-mm-cc-rdu01.fedoraproject.org deleted file mode 100644 index 42e1cdeee9..0000000000 --- a/inventory/host_vars/smtp-mm-cc-rdu01.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ ---- -datacenter: rdu-cc -dns1: 8.8.8.8 -dns2: 8.8.4.4 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -eth0_ipv4_gw: 8.43.85.254 -eth0_ipv4_ip: 8.43.85.70 -eth0_nm: 255.255.255.0 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-cc03.rdu-cc.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/smtp-mm-coloamer01.fedoraproject.org b/inventory/host_vars/smtp-mm-coloamer01.fedoraproject.org new file mode 100644 index 0000000000..9378af6fcb --- /dev/null +++ b/inventory/host_vars/smtp-mm-coloamer01.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.248 +gw: 67.203.2.65 +dns: 66.152.162.14 +ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext +ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_coloamer01 +eth0_ip: 67.203.2.69 +vmhost: coloamer01.fedoraproject.org +datacenter: coloamer diff --git a/inventory/host_vars/smtp-mm-ib01.fedoraproject.org b/inventory/host_vars/smtp-mm-ib01.fedoraproject.org index 26b5ed4c3a..00fcdf7c91 100644 --- a/inventory/host_vars/smtp-mm-ib01.fedoraproject.org +++ b/inventory/host_vars/smtp-mm-ib01.fedoraproject.org @@ -1,36 +1,10 @@ --- -datacenter: ibiblio -dns1: 152.2.21.1 -dns2: 152.2.253.100 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -eth0_ipv4_ip: 152.19.134.143 -eth0_ipv4_gw: 152.19.134.129 -eth0_ipv4_nm: 25 -eth0_ipv6_ip: "2600:2701:4000:5211:dead:beef:0058:5c17" -eth0_ipv6_gw: "2600:2701:4000:5211::1" -eth0_ipv6_nm: 104 -has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - - 2001:4860:4860::8888 - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet +nm: 255.255.255.128 +gw: 152.19.134.129 +dns: 152.2.21.1 152.2.253.100 +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/VirtGuests00 +eth0_ip: 152.19.134.143 vmhost: ibiblio02.fedoraproject.org -volgroup: /dev/vg_guests +datacenter: ibiblio diff --git a/inventory/host_vars/smtp-mm-osuosl01.fedoraproject.org b/inventory/host_vars/smtp-mm-osuosl01.fedoraproject.org deleted file mode 100644 index d80cbb639d..0000000000 --- a/inventory/host_vars/smtp-mm-osuosl01.fedoraproject.org +++ /dev/null @@ -1,37 +0,0 @@ ---- -datacenter: osuosl -dns1: 8.8.8.8 -dns: "{{ dns1 }}" -dns2: 8.8.4.4 -eth0_ipv4_gw: 140.211.169.193 -eth0_ipv4_ip: 140.211.169.205 -eth0_ipv4_nm: 25 -eth0_ipv6_ip: "2605:bc80:3010:600:dead:beef:cafe:fedb" -eth0_ipv6_gw: "2605:bc80:3010:600::1" -eth0_ipv6_nm: 64 -has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -mem_size: 4096 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - - 2001:4860:4860::8888 - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet -vmhost: osuosl02.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/smtp-mm-tummy01.fedoraproject.org b/inventory/host_vars/smtp-mm-tummy01.fedoraproject.org new file mode 100644 index 0000000000..c2e99d75a6 --- /dev/null +++ b/inventory/host_vars/smtp-mm-tummy01.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.240 +gw: 66.35.62.174 +dns: 198.49.126.1 66.35.36.133 +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/VolGroup00 +eth0_ip: 66.35.62.164 +vmhost: tummy01.fedoraproject.org +datacenter: tummy diff --git a/inventory/host_vars/smtp_host_vars b/inventory/host_vars/smtp_host_vars new file mode 100644 index 0000000000..69303166fc --- /dev/null +++ b/inventory/host_vars/smtp_host_vars @@ -0,0 +1,30 @@ +--- +nm: 255.255.255.128 +gw: 152.19.134.129 +dns: 152.2.21.1 152.2.253.100 +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/ibiblio01_vg +eth0_ip: 152.19.134.143 +vmhost: ibiblio01.fedoraproject.org +datacenter: ibiblio +--- +nm: 255.255.255.240 +gw: 80.239.156.209 +dns: 213.248.76.210 152.3.182.5 +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/GuestVolGroup00 +eth0_ip: 80.239.156.217 +vmhost: telia01.fedoraproject.org +datacenter: telia +--- +nm: 255.255.255.240 +gw: 66.35.62.174 +dns: 198.49.126.1 66.35.36.133 +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/GuestVolGroup00 +eth0_ip: 66.35.62.164 +vmhost: tummy01.fedoraproject.org +datacenter: tummy diff --git a/inventory/host_vars/storinator01.rdu-cc.fedoraproject.org b/inventory/host_vars/storinator01.rdu-cc.fedoraproject.org deleted file mode 100644 index 670814005c..0000000000 --- a/inventory/host_vars/storinator01.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,44 +0,0 @@ ---- -# this box is not currently mission critical -datacenter: rdu-cc -dns1: 8.8.8.8 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -eth0_ipv4: 8.43.85.62 -eth0_ipv4_gw: 8.43.85.254 -eth0_ipv4_nm: 23 -eth2_ipv4: 172.23.5.25 -eth2_ipv4_nm: 24 -freezes: false -has_ipv4: true -has_ipv6: false -mac0: ac:1f:6b:b0:6a:12 -mac1: ac:1f:6b:ac:67:ec -network_connections: - - autoconnect: true - ip: - address: - - '{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}' - dhcp4: false - dns: - - '{{ dns1 }}' - dns_search: - - '{{ dns_search1 }}' - - '{{ dns_search2 }}' - gateway4: '{{ eth0_ipv4_gw }}' - mac: '{{ mac0 }}' - name: eth0 - state: up - type: ethernet - - autoconnect: false - mac: '{{ mac1 }}' - name: eth2 - type: ethernet -# this box mounts a large share from the netapp to store combined http -# logs from the proxies. -nfs_mount_opts: rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -tcp_ports_eth2: [111, 2049] -udp_ports_eth2: [111, 2049] -vpn: true diff --git a/inventory/host_vars/summershum01.phx2.fedoraproject.org b/inventory/host_vars/summershum01.phx2.fedoraproject.org new file mode 100644 index 0000000000..bda4da4161 --- /dev/null +++ b/inventory/host_vars/summershum01.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ + +eth0_ip: 10.5.126.205 + +volgroup: /dev/vg_virthost01 +vmhost: virthost01.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/summershum01.stg.phx2.fedoraproject.org b/inventory/host_vars/summershum01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..1f7f645022 --- /dev/null +++ b/inventory/host_vars/summershum01.stg.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ + +eth0_ip: 10.5.126.209 + +volgroup: /dev/vg_virthost10 +vmhost: virthost10.phx2.fedoraproject.org + +datacenter: phx2 diff --git a/inventory/host_vars/sundries01.iad2.fedoraproject.org b/inventory/host_vars/sundries01.iad2.fedoraproject.org deleted file mode 100644 index 9b5bb47261..0000000000 --- a/inventory/host_vars/sundries01.iad2.fedoraproject.org +++ /dev/null @@ -1,12 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.81 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# This overrides a group var and lets the playbook know that we should -# install special cron jobs here. -master_sundries_node: True -virt_install_command: "{{ virt_install_command_one_nic }}" -vmhost: vmhost-x86-03.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/sundries01.phx2.fedoraproject.org b/inventory/host_vars/sundries01.phx2.fedoraproject.org new file mode 100644 index 0000000000..8bca9054bf --- /dev/null +++ b/inventory/host_vars/sundries01.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_virthost03 +eth0_ip: 10.5.126.38 +vmhost: virthost03.phx2.fedoraproject.org +datacenter: phx2 + +# This overrides a group var and lets the playbook know that we should +# install special cron jobs here. +master_sundries_node: True diff --git a/inventory/host_vars/sundries01.stg.iad2.fedoraproject.org b/inventory/host_vars/sundries01.stg.iad2.fedoraproject.org deleted file mode 100644 index ba52bead66..0000000000 --- a/inventory/host_vars/sundries01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,12 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.33 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# This overrides a group var and lets the playbook know that we should -# install special cron jobs here. -master_sundries_node: True -mirrorlist_procs: 45 -vmhost: vmhost-x86-02.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/sundries01.stg.phx2.fedoraproject.org b/inventory/host_vars/sundries01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..b9743786d9 --- /dev/null +++ b/inventory/host_vars/sundries01.stg.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.24 +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 +# This overrides a group var and lets the playbook know that we should +# install special cron jobs here. +master_sundries_node: True diff --git a/inventory/host_vars/sundries02.iad2.fedoraproject.org b/inventory/host_vars/sundries02.iad2.fedoraproject.org deleted file mode 100644 index eee3d68034..0000000000 --- a/inventory/host_vars/sundries02.iad2.fedoraproject.org +++ /dev/null @@ -1,12 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.101 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# This overrides a group var and lets the playbook know that we should -# install special cron jobs here. -master_sundries_node: True -virt_install_command: "{{ virt_install_command_one_nic }}" -vmhost: vmhost-x86-05.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/sundries02.phx2.fedoraproject.org b/inventory/host_vars/sundries02.phx2.fedoraproject.org new file mode 100644 index 0000000000..42c34a5846 --- /dev/null +++ b/inventory/host_vars/sundries02.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_virthost01 +eth0_ip: 10.5.126.40 +vmhost: virthost01.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/sundries02.stg.iad2.fedoraproject.org b/inventory/host_vars/sundries02.stg.iad2.fedoraproject.org deleted file mode 100644 index cff4d799ac..0000000000 --- a/inventory/host_vars/sundries02.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,12 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.71 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# This overrides a group var and lets the playbook know that we should -# install special cron jobs here. -master_sundries_node: True -mirrorlist_procs: 45 -vmhost: vmhost-x86-02.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/tagger01.phx2.fedoraproject.org b/inventory/host_vars/tagger01.phx2.fedoraproject.org new file mode 100644 index 0000000000..71243c42f6 --- /dev/null +++ b/inventory/host_vars/tagger01.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ + +install_tagger_cron: true + +volgroup: /dev/vg_virthost01 +vmhost: virthost01.phx2.fedoraproject.org +eth0_ip: 10.5.126.212 +datacenter: phx2 diff --git a/inventory/host_vars/tagger01.stg.phx2.fedoraproject.org b/inventory/host_vars/tagger01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..186a7bf95f --- /dev/null +++ b/inventory/host_vars/tagger01.stg.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ + +install_tagger_cron: true + +volgroup: /dev/vg_virthost16 +eth0_ip: 10.5.126.220 +vmhost: virthost16.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/tagger02.phx2.fedoraproject.org b/inventory/host_vars/tagger02.phx2.fedoraproject.org new file mode 100644 index 0000000000..6151fc2e6d --- /dev/null +++ b/inventory/host_vars/tagger02.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ + +install_tagger_cron: false + +volgroup: /dev/vg_virthost03 +vmhost: virthost03.phx2.fedoraproject.org +eth0_ip: 10.5.126.214 +datacenter: phx2 diff --git a/inventory/host_vars/tang01.iad2.fedoraproject.org b/inventory/host_vars/tang01.iad2.fedoraproject.org deleted file mode 100644 index 01423a5caa..0000000000 --- a/inventory/host_vars/tang01.iad2.fedoraproject.org +++ /dev/null @@ -1,12 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.37 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# Define resources for this group of hosts here. -lvm_size: 20000 -mem_size: 4096 -num_cpus: 2 -vmhost: vmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/tang01.rdu3.fedoraproject.org b/inventory/host_vars/tang01.rdu3.fedoraproject.org deleted file mode 100644 index d340773f8c..0000000000 --- a/inventory/host_vars/tang01.rdu3.fedoraproject.org +++ /dev/null @@ -1,17 +0,0 @@ ---- -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "fedoraproject.org" -dns_search3: "iad2.fedoraproject.org" -eth0_ipv4_gw: 10.16.163.254 -eth0_ipv4_ip: 10.16.163.37 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# Define resources for this group of hosts here. -lvm_size: 20000 -mem_size: 4096 -num_cpus: 2 -vmhost: vmhost-x86-01.rdu3.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/tang02.iad2.fedoraproject.org b/inventory/host_vars/tang02.iad2.fedoraproject.org deleted file mode 100644 index 6d1d7a431d..0000000000 --- a/inventory/host_vars/tang02.iad2.fedoraproject.org +++ /dev/null @@ -1,12 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.38 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -# Define resources for this group of hosts here. -lvm_size: 20000 -mem_size: 4096 -num_cpus: 2 -vmhost: vmhost-x86-03.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/taskotron-client11.qa.fedoraproject.org b/inventory/host_vars/taskotron-client11.qa.fedoraproject.org new file mode 100644 index 0000000000..5c1d165b69 --- /dev/null +++ b/inventory/host_vars/taskotron-client11.qa.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-20 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/x86_64/os/ +volgroup: /dev/vmstore +eth0_ip: 10.5.124.169 +vmhost: qa04.qa.fedoraproject.org +datacenter: phx2 + +short_hostname: taskotron-client11.qa +buildslave_name: taskotron-client11 +fas_client_groups: sysadmin-qa,sysadmin-main diff --git a/inventory/host_vars/taskotron-client12.qa.fedoraproject.org b/inventory/host_vars/taskotron-client12.qa.fedoraproject.org new file mode 100644 index 0000000000..b51d5d4a2e --- /dev/null +++ b/inventory/host_vars/taskotron-client12.qa.fedoraproject.org @@ -0,0 +1,15 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-20 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/i386/os/ +volgroup: /dev/vmstore +eth0_ip: 10.5.124.170 +vmhost: qa04.qa.fedoraproject.org +datacenter: phx2 +libdir: /usr/lib + +short_hostname: taskotron-client12.qa +buildslave_name: taskotron-client12 +fas_client_groups: sysadmin-qa,sysadmin-main diff --git a/inventory/host_vars/taskotron-client13.qa.fedoraproject.org b/inventory/host_vars/taskotron-client13.qa.fedoraproject.org new file mode 100644 index 0000000000..1de19bad19 --- /dev/null +++ b/inventory/host_vars/taskotron-client13.qa.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-20 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/x86_64/os/ +volgroup: /dev/vmstore +eth0_ip: 10.5.124.192 +vmhost: qa04.qa.fedoraproject.org +datacenter: phx2 + +short_hostname: taskotron-client13.qa +buildslave_name: taskotron-client13 +fas_client_groups: sysadmin-qa,sysadmin-main diff --git a/inventory/host_vars/taskotron-client14.qa.fedoraproject.org b/inventory/host_vars/taskotron-client14.qa.fedoraproject.org new file mode 100644 index 0000000000..4e4de3338a --- /dev/null +++ b/inventory/host_vars/taskotron-client14.qa.fedoraproject.org @@ -0,0 +1,15 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-20 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/i386/os/ +volgroup: /dev/vmstore +eth0_ip: 10.5.124.193 +vmhost: qa04.qa.fedoraproject.org +datacenter: phx2 +libdir: /usr/lib + +short_hostname: taskotron-client14.qa +buildslave_name: taskotron-client14 +fas_client_groups: sysadmin-qa,sysadmin-main diff --git a/inventory/host_vars/taskotron-client19.qa.fedoraproject.org b/inventory/host_vars/taskotron-client19.qa.fedoraproject.org new file mode 100644 index 0000000000..e60596aaa3 --- /dev/null +++ b/inventory/host_vars/taskotron-client19.qa.fedoraproject.org @@ -0,0 +1,15 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-20 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/i386/os/ +volgroup: /dev/vmstore +eth0_ip: 10.5.124.198 +vmhost: qa05.qa.fedoraproject.org +datacenter: phx2 +libdir: /usr/lib + +short_hostname: taskotron-client19.qa +buildslave_name: taskotron-client19 +fas_client_groups: sysadmin-qa,sysadmin-main diff --git a/inventory/host_vars/taskotron-client20.qa.fedoraproject.org b/inventory/host_vars/taskotron-client20.qa.fedoraproject.org new file mode 100644 index 0000000000..cc506b210b --- /dev/null +++ b/inventory/host_vars/taskotron-client20.qa.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-20 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/x86_64/os/ +volgroup: /dev/vmstore +eth0_ip: 10.5.124.199 +vmhost: qa05.qa.fedoraproject.org +datacenter: phx2 + +short_hostname: taskotron-client20.qa +buildslave_name: taskotron-client20 +fas_client_groups: sysadmin-qa,sysadmin-main diff --git a/inventory/host_vars/taskotron-client21.qa.fedoraproject.org b/inventory/host_vars/taskotron-client21.qa.fedoraproject.org new file mode 100644 index 0000000000..e381b3d5cc --- /dev/null +++ b/inventory/host_vars/taskotron-client21.qa.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-20 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/x86_64/os/ +volgroup: /dev/vmstore +eth0_ip: 10.5.124.200 +vmhost: qa05.qa.fedoraproject.org +datacenter: phx2 + +short_hostname: taskotron-client21.qa +buildslave_name: taskotron-client21 +fas_client_groups: sysadmin-qa,sysadmin-main diff --git a/inventory/host_vars/taskotron-client22.qa.fedoraproject.org b/inventory/host_vars/taskotron-client22.qa.fedoraproject.org new file mode 100644 index 0000000000..b1bf98814a --- /dev/null +++ b/inventory/host_vars/taskotron-client22.qa.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-20 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/x86_64/os/ +volgroup: /dev/vmstore +eth0_ip: 10.5.124.183 +vmhost: qa06.qa.fedoraproject.org +datacenter: phx2 + +short_hostname: taskotron-client22.qa +buildslave_name: taskotron-client22 +fas_client_groups: sysadmin-qa,sysadmin-main diff --git a/inventory/host_vars/taskotron-client23.qa.fedoraproject.org b/inventory/host_vars/taskotron-client23.qa.fedoraproject.org new file mode 100644 index 0000000000..265827b26f --- /dev/null +++ b/inventory/host_vars/taskotron-client23.qa.fedoraproject.org @@ -0,0 +1,15 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-20 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/i386/os/ +volgroup: /dev/vmstore +eth0_ip: 10.5.124.184 +vmhost: qa06.qa.fedoraproject.org +datacenter: phx2 +libdir: /usr/lib + +short_hostname: taskotron-client23.qa +buildslave_name: taskotron-client23 +fas_client_groups: sysadmin-qa,sysadmin-main diff --git a/inventory/host_vars/taskotron-client24.qa.fedoraproject.org b/inventory/host_vars/taskotron-client24.qa.fedoraproject.org new file mode 100644 index 0000000000..4b8f46e5f4 --- /dev/null +++ b/inventory/host_vars/taskotron-client24.qa.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-20 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/x86_64/os/ +volgroup: /dev/vmstore +eth0_ip: 10.5.124.185 +vmhost: qa06.qa.fedoraproject.org +datacenter: phx2 + +short_hostname: taskotron-client24.qa +buildslave_name: taskotron-client24 +fas_client_groups: sysadmin-qa,sysadmin-main diff --git a/inventory/host_vars/taskotron-client25.qa.fedoraproject.org b/inventory/host_vars/taskotron-client25.qa.fedoraproject.org new file mode 100644 index 0000000000..4ade9b6498 --- /dev/null +++ b/inventory/host_vars/taskotron-client25.qa.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-20 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/x86_64/os/ +volgroup: /dev/vmstore +eth0_ip: 10.5.124.186 +vmhost: qa06.qa.fedoraproject.org +datacenter: phx2 + +short_hostname: taskotron-client25.qa +buildslave_name: taskotron-client25 +fas_client_groups: sysadmin-qa,sysadmin-main diff --git a/inventory/host_vars/taskotron-client26.qa.fedoraproject.org b/inventory/host_vars/taskotron-client26.qa.fedoraproject.org new file mode 100644 index 0000000000..105f843c14 --- /dev/null +++ b/inventory/host_vars/taskotron-client26.qa.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-20 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/x86_64/os/ +volgroup: /dev/vmstore +eth0_ip: 10.5.124.187 +vmhost: qa07.qa.fedoraproject.org +datacenter: phx2 + +short_hostname: taskotron-client26.qa +buildslave_name: taskotron-client26 +fas_client_groups: sysadmin-qa,sysadmin-main diff --git a/inventory/host_vars/taskotron-client27.qa.fedoraproject.org b/inventory/host_vars/taskotron-client27.qa.fedoraproject.org new file mode 100644 index 0000000000..1a7edad472 --- /dev/null +++ b/inventory/host_vars/taskotron-client27.qa.fedoraproject.org @@ -0,0 +1,15 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-20 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/i386/os/ +volgroup: /dev/vmstore +eth0_ip: 10.5.124.188 +vmhost: qa07.qa.fedoraproject.org +datacenter: phx2 +libdir: /usr/lib + +short_hostname: taskotron-client27.qa +buildslave_name: taskotron-client27 +fas_client_groups: sysadmin-qa,sysadmin-main diff --git a/inventory/host_vars/taskotron-client28.qa.fedoraproject.org b/inventory/host_vars/taskotron-client28.qa.fedoraproject.org new file mode 100644 index 0000000000..a70bcc1da5 --- /dev/null +++ b/inventory/host_vars/taskotron-client28.qa.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-20 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/x86_64/os/ +volgroup: /dev/vmstore +eth0_ip: 10.5.124.189 +vmhost: qa07.qa.fedoraproject.org +datacenter: phx2 + +short_hostname: taskotron-client28.qa +buildslave_name: taskotron-client28 +fas_client_groups: sysadmin-qa,sysadmin-main diff --git a/inventory/host_vars/taskotron-client29.qa.fedoraproject.org b/inventory/host_vars/taskotron-client29.qa.fedoraproject.org new file mode 100644 index 0000000000..783c615033 --- /dev/null +++ b/inventory/host_vars/taskotron-client29.qa.fedoraproject.org @@ -0,0 +1,15 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-20 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/i386/os/ +volgroup: /dev/vmstore +eth0_ip: 10.5.124.190 +vmhost: qa07.qa.fedoraproject.org +datacenter: phx2 +libdir: /usr/lib + +short_hostname: taskotron-client29.qa +buildslave_name: taskotron-client29 +fas_client_groups: sysadmin-qa,sysadmin-main diff --git a/inventory/host_vars/taskotron-dev01.qa.fedoraproject.org b/inventory/host_vars/taskotron-dev01.qa.fedoraproject.org new file mode 100644 index 0000000000..638584a92e --- /dev/null +++ b/inventory/host_vars/taskotron-dev01.qa.fedoraproject.org @@ -0,0 +1,35 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-20 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/x86_64/os/ +volgroup: /dev/Guests00 +eth0_ip: 10.5.124.181 +vmhost: virthost-comm01.qa.fedoraproject.org +datacenter: phx2 + +# default virt install command is for a single nic-device +# define in another group file for more nics (see buildvm) +virt_install_command: /usr/sbin/virt-install -n {{ inventory_hostname }} -r {{ mem_size }} + --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} + --vcpus={{ num_cpus }} -l {{ ks_repo }} -x + "ks={{ ks_url }} ip={{ eth0_ip }} netmask={{ nm }} + gateway={{ gw }} dns={{ dns }} console=tty0 console=ttyS0 + hostname={{ inventory_hostname }}" + --network=bridge=br0 --autostart --noautoconsole + +public_hostname: taskotron-dev.fedoraproject.org +fake_fedorainfra_endpoint: fakefedorainfra +buildmaster: 10.5.124.181 +buildslaves: + - taskotron-client26 + - taskotron-client27 + - taskotron-client28 + - taskotron-client29 +i386_buildslaves: + - taskotron-client27 + - taskotron-client29 +x86_64_buildslaves: + - taskotron-client26 + - taskotron-client28 diff --git a/inventory/host_vars/taskotron-stg01.qa.fedoraproject.org b/inventory/host_vars/taskotron-stg01.qa.fedoraproject.org new file mode 100644 index 0000000000..e5af2c2246 --- /dev/null +++ b/inventory/host_vars/taskotron-stg01.qa.fedoraproject.org @@ -0,0 +1,43 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-20 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/x86_64/os/ +volgroup: /dev/Guests00 +eth0_ip: 10.5.124.232 +vmhost: virthost-comm01.qa.fedoraproject.org +datacenter: phx2 +fas_client_groups: sysadmin-qa,sysadmin-main + +# default virt install command is for a single nic-device +# define in another group file for more nics (see buildvm) +virt_install_command: /usr/sbin/virt-install -n {{ inventory_hostname }} -r {{ mem_size }} + --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} + --vcpus={{ num_cpus }} -l {{ ks_repo }} -x + "ks={{ ks_url }} ip={{ eth0_ip }} netmask={{ nm }} + gateway={{ gw }} dns={{ dns }} console=tty0 console=ttyS0 + hostname={{ inventory_hostname }}" + --network=bridge=br0 --autostart --noautoconsole + +public_hostname: taskotron.stg.fedoraproject.org +fake_fedorainfra_endpoint: fakefedorainfra +buildmaster: 10.5.124.232 + +buildslaves: + - taskotron-client11 + - taskotron-client12 + - taskotron-client13 + - taskotron-client14 + - taskotron-client19 + - taskotron-client20 + - taskotron-client21 +i386_buildslaves: + - taskotron-client12 + - taskotron-client14 + - taskotron-client19 +x86_64_buildslaves: + - taskotron-client11 + - taskotron-client13 + - taskotron-client20 + - taskotron-client21 diff --git a/inventory/host_vars/taskotron01.qa.fedoraproject.org b/inventory/host_vars/taskotron01.qa.fedoraproject.org new file mode 100644 index 0000000000..78438de2d9 --- /dev/null +++ b/inventory/host_vars/taskotron01.qa.fedoraproject.org @@ -0,0 +1,38 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-20 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/x86_64/os/ +volgroup: /dev/VirtGuests +eth0_ip: 10.5.124.206 +vmhost: virthost-comm02.qa.fedoraproject.org +datacenter: phx2 +fas_client_groups: sysadmin-qa,sysadmin-main +sudoers: "{{ private }}/files/sudo/qavirt-sudoers" + +# default virt install command is for a single nic-device +# define in another group file for more nics (see buildvm) +virt_install_command: /usr/sbin/virt-install -n {{ inventory_hostname }} -r {{ mem_size }} + --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} + --vcpus={{ num_cpus }} -l {{ ks_repo }} -x + "ks={{ ks_url }} ip={{ eth0_ip }} netmask={{ nm }} + gateway={{ gw }} dns={{ dns }} console=tty0 console=ttyS0 + hostname={{ inventory_hostname }}" + --network=bridge=br0 --autostart --noautoconsole + +public_hostname: taskotron.fedoraproject.org +fake_fedorainfra_endpoint: fakefedorainfra +buildmaster: 10.5.124.206 + +buildslaves: + - taskotron-client22 + - taskotron-client23 + - taskotron-client24 + - taskotron-client25 +i386_buildslaves: + - taskotron-client23 +x86_64_buildslaves: + - taskotron-client22 + - taskotron-client24 + - taskotron-client25 diff --git a/inventory/host_vars/torrent01.fedoraproject.org b/inventory/host_vars/torrent01.fedoraproject.org deleted file mode 100644 index a595bdf0d8..0000000000 --- a/inventory/host_vars/torrent01.fedoraproject.org +++ /dev/null @@ -1,50 +0,0 @@ ---- -csi_relationship: | - torrent01 is the master torrent server for Fedora releases - - * This host relies on: - - the virthost it's hosted on (ibiblio02.fedoraproject.org) - - FAS to authenticate users - - VPN connectivity - - * Things that rely on this host: - - if this host is down, Fedora will lose a release distribution channel -datacenter: ibiblio -dns1: 152.2.21.1 -dns2: 152.2.253.100 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -eth0_ipv4_ip: 152.19.134.141 -eth0_ipv4_gw: 152.19.134.129 -eth0_ipv4_nm: 25 -eth0_ipv6_ip: "2600:2701:4000:5211:dead:beef:00fe:fed5" -eth0_ipv6_gw: "2600:2701:4000:5211::1" -eth0_ipv6_nm: 104 -has_ipv6: yes -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}" - - "{{ eth0_ipv6_ip }}/{{ eth0_ipv6_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - - 2001:4860:4860::8888 - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ eth0_ipv4_gw }}" - gateway6: "{{ eth0_ipv6_gw }}" - mac: "{{ ansible_default_ipv4.macaddress }}" - name: eth0 - type: ethernet -postfix_group: vpn -ssh_hostnames: - - torrent.fedoraproject.org -vmhost: ibiblio02.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/unbound-ib01.fedoraproject.org b/inventory/host_vars/unbound-ib01.fedoraproject.org new file mode 100644 index 0000000000..9a392c71e7 --- /dev/null +++ b/inventory/host_vars/unbound-ib01.fedoraproject.org @@ -0,0 +1,11 @@ +--- +nm: 255.255.255.128 +gw: 152.19.134.129 +dns: 152.2.21.1 +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_ibiblio04 +eth0_ip: 152.19.134.150 +vmhost: ibiblio04.fedoraproject.org +datacenter: ibiblio +postfix_group: vpn diff --git a/inventory/host_vars/unbound-osuosl01.fedoraproject.org b/inventory/host_vars/unbound-osuosl01.fedoraproject.org new file mode 100644 index 0000000000..bd8febffc9 --- /dev/null +++ b/inventory/host_vars/unbound-osuosl01.fedoraproject.org @@ -0,0 +1,11 @@ +--- +nm: 255.255.255.128 +gw: 140.211.169.193 +dns: 140.211.166.130 +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 140.211.169.201 +vmhost: osuosl03.fedoraproject.org +datacenter: osuosl +postfix_group: vpn diff --git a/inventory/host_vars/unbound-telia01.fedoraproject.org b/inventory/host_vars/unbound-telia01.fedoraproject.org new file mode 100644 index 0000000000..eff1ba2a92 --- /dev/null +++ b/inventory/host_vars/unbound-telia01.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.240 +gw: 80.239.156.209 +dns: 213.248.76.210 +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/VolGroup00 +eth0_ip: 80.239.156.220 +vmhost: telia01.fedoraproject.org +datacenter: telia diff --git a/inventory/host_vars/unbound-tummy01.fedoraproject.org b/inventory/host_vars/unbound-tummy01.fedoraproject.org new file mode 100644 index 0000000000..36bf45031b --- /dev/null +++ b/inventory/host_vars/unbound-tummy01.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.240 +gw: 66.35.62.174 +dns: 198.49.126.1 66.35.36.133 +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/VolGroup00 +eth0_ip: 66.35.62.163 +vmhost: tummy01.fedoraproject.org +datacenter: tummy diff --git a/inventory/host_vars/value01.phx2.fedoraproject.org b/inventory/host_vars/value01.phx2.fedoraproject.org new file mode 100644 index 0000000000..958f483d86 --- /dev/null +++ b/inventory/host_vars/value01.phx2.fedoraproject.org @@ -0,0 +1,13 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_virthost03 +eth0_ip: 10.5.126.49 +vmhost: virthost03.phx2.fedoraproject.org +datacenter: phx2 + +host_backup_targets: ['/srv'] +host_backup_targets: ['/var/lib/zodbot'] diff --git a/inventory/host_vars/value01.stg.phx2.fedoraproject.org b/inventory/host_vars/value01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..81e4235e8f --- /dev/null +++ b/inventory/host_vars/value01.stg.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.91 +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/value02.iad2.fedoraproject.org b/inventory/host_vars/value02.iad2.fedoraproject.org deleted file mode 100644 index 5320c23267..0000000000 --- a/inventory/host_vars/value02.iad2.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.110 -host_backup_targets: ['/srv', '/var/lib/zodbot'] -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL8-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-8-iad2 -sar_output_file: meetbot.json -# GDPR SAR variables - meetbot -sar_script: /usr/local/bin/meetbot_sar.py -sar_script_user: root -vmhost: vmhost-x86-04.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/value02.stg.iad2.fedoraproject.org b/inventory/host_vars/value02.stg.iad2.fedoraproject.org deleted file mode 100644 index 6ba7340c8d..0000000000 --- a/inventory/host_vars/value02.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,9 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.64 -eth0_nm: 255.255.255.0 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL8-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-8-iad2 -vmhost: vmhost-x86-06.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/virthost-comm01.qa.fedoraproject.org b/inventory/host_vars/virthost-comm01.qa.fedoraproject.org new file mode 100644 index 0000000000..3d8f2c30da --- /dev/null +++ b/inventory/host_vars/virthost-comm01.qa.fedoraproject.org @@ -0,0 +1,2 @@ +--- +freezes: false diff --git a/inventory/host_vars/virthost-comm02.qa.fedoraproject.org b/inventory/host_vars/virthost-comm02.qa.fedoraproject.org new file mode 100644 index 0000000000..3296ee3fe4 --- /dev/null +++ b/inventory/host_vars/virthost-comm02.qa.fedoraproject.org @@ -0,0 +1,4 @@ +--- +freezes: falses +nrpe_procs_warn: 700 +nrpe_procs_crit: 800 diff --git a/inventory/host_vars/virthost01.phx2.fedoraproject.org b/inventory/host_vars/virthost01.phx2.fedoraproject.org new file mode 100644 index 0000000000..a6da5790e6 --- /dev/null +++ b/inventory/host_vars/virthost01.phx2.fedoraproject.org @@ -0,0 +1,8 @@ +--- +# iscsi initiator for netapp iscsi volume +netapp_nfs01_iscsi_name: iqn.1992-08.com.netapp:sn.1573980325:vf.f88732f4-106e-11e2-bc86-00a098162a28 +# iscsi portal for netapp iscsi volume +netapp_nfs01_iscsi_portal: 10.5.88.36 + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 diff --git a/inventory/host_vars/virthost03.phx2.fedoraproject.org b/inventory/host_vars/virthost03.phx2.fedoraproject.org new file mode 100644 index 0000000000..a6da5790e6 --- /dev/null +++ b/inventory/host_vars/virthost03.phx2.fedoraproject.org @@ -0,0 +1,8 @@ +--- +# iscsi initiator for netapp iscsi volume +netapp_nfs01_iscsi_name: iqn.1992-08.com.netapp:sn.1573980325:vf.f88732f4-106e-11e2-bc86-00a098162a28 +# iscsi portal for netapp iscsi volume +netapp_nfs01_iscsi_portal: 10.5.88.36 + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 diff --git a/inventory/host_vars/virthost10.phx2.fedoraproject.org b/inventory/host_vars/virthost10.phx2.fedoraproject.org new file mode 100644 index 0000000000..3d8f2c30da --- /dev/null +++ b/inventory/host_vars/virthost10.phx2.fedoraproject.org @@ -0,0 +1,2 @@ +--- +freezes: false diff --git a/inventory/host_vars/virthost11.phx2.fedoraproject.org b/inventory/host_vars/virthost11.phx2.fedoraproject.org new file mode 100644 index 0000000000..3d8f2c30da --- /dev/null +++ b/inventory/host_vars/virthost11.phx2.fedoraproject.org @@ -0,0 +1,2 @@ +--- +freezes: false diff --git a/inventory/host_vars/virthost12.phx2.fedoraproject.org b/inventory/host_vars/virthost12.phx2.fedoraproject.org new file mode 100644 index 0000000000..3d8f2c30da --- /dev/null +++ b/inventory/host_vars/virthost12.phx2.fedoraproject.org @@ -0,0 +1,2 @@ +--- +freezes: false diff --git a/inventory/host_vars/virthost15.phx2.fedoraproject.org b/inventory/host_vars/virthost15.phx2.fedoraproject.org new file mode 100644 index 0000000000..d34cfdb7b6 --- /dev/null +++ b/inventory/host_vars/virthost15.phx2.fedoraproject.org @@ -0,0 +1,3 @@ +--- +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 diff --git a/inventory/host_vars/virthost16.phx2.fedoraproject.org b/inventory/host_vars/virthost16.phx2.fedoraproject.org new file mode 100644 index 0000000000..d34cfdb7b6 --- /dev/null +++ b/inventory/host_vars/virthost16.phx2.fedoraproject.org @@ -0,0 +1,3 @@ +--- +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 diff --git a/inventory/host_vars/virthost17.phx2.fedoraproject.org b/inventory/host_vars/virthost17.phx2.fedoraproject.org new file mode 100644 index 0000000000..d34cfdb7b6 --- /dev/null +++ b/inventory/host_vars/virthost17.phx2.fedoraproject.org @@ -0,0 +1,3 @@ +--- +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 diff --git a/inventory/host_vars/virthost18.phx2.fedoraproject.org b/inventory/host_vars/virthost18.phx2.fedoraproject.org new file mode 100644 index 0000000000..d34cfdb7b6 --- /dev/null +++ b/inventory/host_vars/virthost18.phx2.fedoraproject.org @@ -0,0 +1,3 @@ +--- +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 diff --git a/inventory/host_vars/vmhost-p08-copr01.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-p08-copr01.rdu-cc.fedoraproject.org deleted file mode 100644 index c205d16f82..0000000000 --- a/inventory/host_vars/vmhost-p08-copr01.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,62 +0,0 @@ ---- -br0_ipv4: 8.43.85.55 -br0_ipv4_gw: "{{ gw }}" -br0_ipv4_nm: 24 -br0_ipv6: "2620:52:3:1:dead:beef:cafe:c007" -br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -br0_ipv6_nm: 64 -br0_port0_mac: "{{ mac4 }}" -br1_ipv4: 172.23.5.101 -br1_ipv4_nm: 24 -br1_port0_mac: "{{ mac0 }}" -datacenter: rdu-cc -dns: 8.8.8.8 -gw: 8.43.85.254 -has_ipv4: yes -has_ipv6: yes -mac0: "40:f2:e9:5d:52:70" -mac1: "40:f2:e9:5d:52:71" -mac2: "40:f2:e9:5d:52:72" -mac3: "40:f2:e9:5d:52:73" -mac4: "40:f2:e9:5d:50:f8" -mac5: "40:f2:e9:5d:50:f9" -mac6: "40:f2:e9:5d:50:fa" -mac7: "40:f2:e9:5d:50:fb" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}" - dhcp4: no - dns: - - 8.8.8.8 - - 8.8.4.4 - - 2001:4860:4860::8888 - dns_search: - - fedoraproject.org - - vpn.fedoraproject.org - - rdu-cc.fedoraproject.org - gateway4: "{{ br0_ipv4_gw }}" - gateway6: "{{ br0_ipv6_gw }}" - name: br0 - state: up - type: bridge - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - - autoconnect: yes - ip: - address: - - "{{ br1_ipv4 }}/{{ br1_ipv4_nm }}" - dhcp4: no - name: br1 - state: up - type: bridge - - mac: "{{ br1_port0_mac }}" - master: br1 - name: br1-port0 - state: up - type: ethernet diff --git a/inventory/host_vars/vmhost-p08-copr02.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-p08-copr02.rdu-cc.fedoraproject.org deleted file mode 100644 index 3d40861df0..0000000000 --- a/inventory/host_vars/vmhost-p08-copr02.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,62 +0,0 @@ ---- -br0_ipv4: 8.43.85.54 -br0_ipv4_gw: "{{ gw }}" -br0_ipv4_nm: 24 -br0_ipv6: "2620:52:3:1:dead:beef:cafe:c008" -br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -br0_ipv6_nm: 64 -br0_port0_mac: "{{ mac4 }}" -br1_ipv4: 172.23.5.117 -br1_ipv4_nm: 24 -br1_port0_mac: "{{ mac0 }}" -datacenter: rdu-cc -dns: 8.8.8.8 -gw: 8.43.85.254 -has_ipv4: yes -has_ipv6: yes -mac0: "40:f2:e9:5d:53:64" -mac1: "40:f2:e9:5d:53:65" -mac2: "40:f2:e9:5d:53:66" -mac3: "40:f2:e9:5d:53:67" -mac4: "40:f2:e9:5d:53:5c" -mac5: "40:f2:e9:5d:53:5d" -mac6: "40:f2:e9:5d:53:5e" -mac7: "40:f2:e9:5d:53:5f" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}" - dhcp4: no - dns: - - 8.8.8.8 - - 8.8.4.4 - - 2001:4860:4860::8888 - dns_search: - - fedoraproject.org - - vpn.fedoraproject.org - - rdu-cc.fedoraproject.org - gateway4: "{{ br0_ipv4_gw }}" - gateway6: "{{ br0_ipv6_gw }}" - name: br0 - state: up - type: bridge - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - - autoconnect: yes - ip: - address: - - "{{ br1_ipv4 }}/{{ br1_ipv4_nm }}" - dhcp4: no - name: br1 - state: up - type: bridge - - mac: "{{ br1_port0_mac }}" - master: br1 - name: br1-port0 - state: up - type: ethernet diff --git a/inventory/host_vars/vmhost-p09-copr01.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-p09-copr01.rdu-cc.fedoraproject.org deleted file mode 100644 index dc09d03d34..0000000000 --- a/inventory/host_vars/vmhost-p09-copr01.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,60 +0,0 @@ ---- -br0_ipv4: 8.43.85.78 -br0_ipv4_gw: "{{ gw }}" -br0_ipv4_nm: 24 -br0_ipv6: "2620:52:3:1:dead:beef:cafe:c009" -br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -br0_ipv6_nm: 64 -br0_port0_mac: "{{ mac2 }}" -br1_ipv4: 172.23.5.185 -br1_ipv4_nm: 24 -br1_port0_mac: "{{ mac0 }}" -datacenter: rdu-cc -dns: 8.8.8.8 -gw: 8.43.85.254 -has_ipv4: yes -has_ipv6: yes -mac0: "08:94:ef:81:d0:aa" -mac1: "08:94:ef:81:d0:ab" -mac2: "b8:ce:f6:c6:00:c6" -mac3: "b8:ce:f6:c6:00:c7" -mac4: "b8:ce:f6:c6:00:d0" -mac5: "b8:ce:f6:c6:00:d1" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}" - dhcp4: no - dns: - - 8.8.8.8 - - 8.8.4.4 - - 2001:4860:4860::8888 - dns_search: - - fedoraproject.org - - vpn.fedoraproject.org - - rdu-cc.fedoraproject.org - gateway4: "{{ br0_ipv4_gw }}" - gateway6: "{{ br0_ipv6_gw }}" - name: br0 - state: up - type: bridge - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - - autoconnect: yes - ip: - address: - - "{{ br1_ipv4 }}/{{ br1_ipv4_nm }}" - dhcp4: no - name: br1 - state: up - type: bridge - - mac: "{{ br1_port0_mac }}" - master: br1 - name: br1-port0 - state: up - type: ethernet diff --git a/inventory/host_vars/vmhost-x86-01.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-01.iad2.fedoraproject.org deleted file mode 100644 index a6ba5958b2..0000000000 --- a/inventory/host_vars/vmhost-x86-01.iad2.fedoraproject.org +++ /dev/null @@ -1,35 +0,0 @@ ---- -br0_ipv4: 10.3.163.11 -br0_ipv4_gw: 10.3.163.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:b1:70:88 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-01.rdu3.fedoraproject.org b/inventory/host_vars/vmhost-x86-01.rdu3.fedoraproject.org deleted file mode 100644 index fb11de59d8..0000000000 --- a/inventory/host_vars/vmhost-x86-01.rdu3.fedoraproject.org +++ /dev/null @@ -1,56 +0,0 @@ ---- -br0_ipv4: 10.16.163.11 -br0_ipv4_gw: 10.16.163.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "fedoraproject.org" -dns_search3: "iad2.fedoraproject.org" -has_ipv4: yes -mac0: c4:cb:e1:e1:57:0e -mac1: c4:cb:e1:e1:57:0f -mac2: c4:70:bd:c8:cc:60 -mac3: c4:70:bd:c8:cc:61 -network_connections: - # Bridge profile - - name: br0 - state: up - type: bridge - mtu: 9000 - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - # Bond profile - - name: bond0 - type: bond - interface_name: bond0 - mtu: 9000 - controller: br0 - bond: - mode: 802.3ad - # Port profile for the 1st Ethernet device - - name: bond0-port1 - mac: "{{ mac2 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 - # Port profile for the 2nd Ethernet device - - name: bond0-port2 - mac: "{{ mac3 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-01.stg.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-01.stg.iad2.fedoraproject.org deleted file mode 100644 index e3496bd8b8..0000000000 --- a/inventory/host_vars/vmhost-x86-01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,42 +0,0 @@ ---- -# This virthost only has stg instances, so it doesn't freeze -br0_ipv4_ip: 10.3.166.11 -br0_ipv4_gw: 10.3.166.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac3 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -freezes: false -has_ipv4: yes -mac1: a8:3c:a5:36:2c:2c -mac2: a8:3c:a5:36:2c:2d -mac3: 6c:fe:54:88:f0:d4 -mac4: 6c:fe:54:88:f0:d5 -nested: true -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4_ip }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-01.stg.rdu3.fedoraproject.org b/inventory/host_vars/vmhost-x86-01.stg.rdu3.fedoraproject.org deleted file mode 100644 index a8f924fb30..0000000000 --- a/inventory/host_vars/vmhost-x86-01.stg.rdu3.fedoraproject.org +++ /dev/null @@ -1,56 +0,0 @@ ---- -br0_ipv4: 10.16.166.11 -br0_ipv4_gw: 10.16.166.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "fedoraproject.org" -dns_search3: "iad2.fedoraproject.org" -has_ipv4: yes -mac0: c4:cb:e1:e1:71:5a -mac1: c4:cb:e1:e1:71:5b -mac2: c4:70:bd:aa:71:14 -mac3: c4:70:bd:aa:71:15 -network_connections: - # Bridge profile - - name: br0 - state: up - type: bridge - mtu: 9000 - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - # Bond profile - - name: bond0 - type: bond - interface_name: bond0 - mtu: 9000 - controller: br0 - bond: - mode: 802.3ad - # Port profile for the 1st Ethernet device - - name: bond0-port1 - mac: "{{ mac2 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 - # Port profile for the 2nd Ethernet device - - name: bond0-port2 - mac: "{{ mac3 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-02.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-02.iad2.fedoraproject.org deleted file mode 100644 index 66d34ac874..0000000000 --- a/inventory/host_vars/vmhost-x86-02.iad2.fedoraproject.org +++ /dev/null @@ -1,35 +0,0 @@ ---- -br0_ipv4: 10.3.163.12 -br0_ipv4_gw: 10.3.163.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:ba:e8:44 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-02.rdu3.fedoraproject.org b/inventory/host_vars/vmhost-x86-02.rdu3.fedoraproject.org deleted file mode 100644 index 977d355c78..0000000000 --- a/inventory/host_vars/vmhost-x86-02.rdu3.fedoraproject.org +++ /dev/null @@ -1,56 +0,0 @@ ---- -br0_ipv4: 10.16.163.12 -br0_ipv4_gw: 10.16.163.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "fedoraproject.org" -dns_search3: "iad2.fedoraproject.org" -has_ipv4: yes -mac0: c4:cb:e1:e1:60:2a -mac1: c4:cb:e1:e1:60:2b -mac2: c4:70:bd:b7:7b:fe -mac3: c4:70:bd:b7:7b:ff -network_connections: - # Bridge profile - - name: br0 - state: up - type: bridge - mtu: 9000 - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - # Bond profile - - name: bond0 - type: bond - interface_name: bond0 - mtu: 9000 - controller: br0 - bond: - mode: 802.3ad - # Port profile for the 1st Ethernet device - - name: bond0-port1 - mac: "{{ mac2 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 - # Port profile for the 2nd Ethernet device - - name: bond0-port2 - mac: "{{ mac3 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-02.stg.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-02.stg.iad2.fedoraproject.org deleted file mode 100644 index 7b16f1e58e..0000000000 --- a/inventory/host_vars/vmhost-x86-02.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,42 +0,0 @@ ---- -# This virthost only has stg instances, so it doesn't freeze -br0_ipv4: 10.3.166.12 -br0_ipv4_gw: 10.3.166.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac3 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -freezes: false -has_ipv4: yes -mac1: 24:6e:96:13:ed:dc -mac2: 24:6e:96:13:ed:dd -mac3: 24:6e:96:13:ed:d8 -mac4: 24:6e:96:13:ed:da -nested: true -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-02.stg.rdu3.fedoraproject.org b/inventory/host_vars/vmhost-x86-02.stg.rdu3.fedoraproject.org deleted file mode 100644 index 7b8ee7c8bc..0000000000 --- a/inventory/host_vars/vmhost-x86-02.stg.rdu3.fedoraproject.org +++ /dev/null @@ -1,56 +0,0 @@ ---- -br0_ipv4: 10.16.166.12 -br0_ipv4_gw: 10.16.166.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "fedoraproject.org" -dns_search3: "iad2.fedoraproject.org" -has_ipv4: yes -mac0: c4:cb:e1:e1:6e:96 -mac1: c4:cb:e1:e1:6e:97 -mac2: c4:70:bd:aa:69:ca -mac3: c4:70:bd:aa:69:cb -network_connections: - # Bridge profile - - name: br0 - state: up - type: bridge - mtu: 9000 - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - # Bond profile - - name: bond0 - type: bond - interface_name: bond0 - mtu: 9000 - controller: br0 - bond: - mode: 802.3ad - # Port profile for the 1st Ethernet device - - name: bond0-port1 - mac: "{{ mac2 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 - # Port profile for the 2nd Ethernet device - - name: bond0-port2 - mac: "{{ mac3 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-03.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-03.iad2.fedoraproject.org deleted file mode 100644 index f9cd50b608..0000000000 --- a/inventory/host_vars/vmhost-x86-03.iad2.fedoraproject.org +++ /dev/null @@ -1,35 +0,0 @@ ---- -br0_ipv4: 10.3.163.13 -br0_ipv4_gw: 10.3.163.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:b1:28:cc -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-03.rdu3.fedoraproject.org b/inventory/host_vars/vmhost-x86-03.rdu3.fedoraproject.org deleted file mode 100644 index b0c9c6d050..0000000000 --- a/inventory/host_vars/vmhost-x86-03.rdu3.fedoraproject.org +++ /dev/null @@ -1,56 +0,0 @@ ---- -br0_ipv4: 10.16.163.13 -br0_ipv4_gw: 10.16.163.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "fedoraproject.org" -dns_search3: "iad2.fedoraproject.org" -has_ipv4: yes -mac0: c4:cb:e1:e1:6e:9a -mac1: c4:cb:e1:e1:6e:9b -mac2: c4:70:bd:aa:6a:c6 -mac3: c4:70:bd:aa:6a:c7 -network_connections: - # Bridge profile - - name: br0 - state: up - type: bridge - mtu: 9000 - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - # Bond profile - - name: bond0 - type: bond - interface_name: bond0 - mtu: 9000 - controller: br0 - bond: - mode: 802.3ad - # Port profile for the 1st Ethernet device - - name: bond0-port1 - mac: "{{ mac2 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 - # Port profile for the 2nd Ethernet device - - name: bond0-port2 - mac: "{{ mac3 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-03.stg.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-03.stg.iad2.fedoraproject.org deleted file mode 100644 index 1f80e84d95..0000000000 --- a/inventory/host_vars/vmhost-x86-03.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,42 +0,0 @@ ---- -# This virthost only has stg instances, so it doesn't freeze -br0_ipv4: 10.3.166.13 -br0_ipv4_gw: 10.3.166.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac3 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -freezes: false -has_ipv4: yes -mac1: 24:6e:96:05:d9:fc -mac2: 24:6e:96:05:d9:fd -mac3: 24:6e:96:05:d9:f8 -mac4: 24:6e:96:05:d9:fa -nested: true -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-03.stg.rdu3.fedoraproject.org b/inventory/host_vars/vmhost-x86-03.stg.rdu3.fedoraproject.org deleted file mode 100644 index 3370321bc6..0000000000 --- a/inventory/host_vars/vmhost-x86-03.stg.rdu3.fedoraproject.org +++ /dev/null @@ -1,56 +0,0 @@ ---- -br0_ipv4: 10.16.166.13 -br0_ipv4_gw: 10.16.166.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "fedoraproject.org" -dns_search3: "iad2.fedoraproject.org" -has_ipv4: yes -mac0: c4:cb:e1:e1:70:5e -mac1: c4:cb:e1:e1:70:5f -mac2: c4:70:bd:aa:6a:72 -mac3: c4:70:bd:aa:6a:73 -network_connections: - # Bridge profile - - name: br0 - state: up - type: bridge - mtu: 9000 - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - # Bond profile - - name: bond0 - type: bond - interface_name: bond0 - mtu: 9000 - controller: br0 - bond: - mode: 802.3ad - # Port profile for the 1st Ethernet device - - name: bond0-port1 - mac: "{{ mac2 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 - # Port profile for the 2nd Ethernet device - - name: bond0-port2 - mac: "{{ mac3 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-04.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-04.iad2.fedoraproject.org deleted file mode 100644 index c97fda30e4..0000000000 --- a/inventory/host_vars/vmhost-x86-04.iad2.fedoraproject.org +++ /dev/null @@ -1,35 +0,0 @@ ---- -br0_ipv4: 10.3.163.14 -br0_ipv4_gw: 10.3.163.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:b1:62:a8 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-04.rdu3.fedoraproject.org b/inventory/host_vars/vmhost-x86-04.rdu3.fedoraproject.org deleted file mode 100644 index 97491dd815..0000000000 --- a/inventory/host_vars/vmhost-x86-04.rdu3.fedoraproject.org +++ /dev/null @@ -1,56 +0,0 @@ ---- -br0_ipv4: 10.16.163.14 -br0_ipv4_gw: 10.16.163.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "fedoraproject.org" -dns_search3: "iad2.fedoraproject.org" -has_ipv4: yes -mac0: c4:cb:e1:e1:70:64 -mac1: c4:cb:e1:e1:70:65 -mac2: c4:70:bd:aa:6a:9c -mac3: c4:70:bd:aa:6a:9d -network_connections: - # Bridge profile - - name: br0 - state: up - type: bridge - mtu: 9000 - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - # Bond profile - - name: bond0 - type: bond - interface_name: bond0 - mtu: 9000 - controller: br0 - bond: - mode: 802.3ad - # Port profile for the 1st Ethernet device - - name: bond0-port1 - mac: "{{ mac2 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 - # Port profile for the 2nd Ethernet device - - name: bond0-port2 - mac: "{{ mac3 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-04.stg.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-04.stg.iad2.fedoraproject.org deleted file mode 100644 index f15bde066b..0000000000 --- a/inventory/host_vars/vmhost-x86-04.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,42 +0,0 @@ ---- -# This virthost only has stg instances, so it doesn't freeze -br0_ipv4: 10.3.166.14 -br0_ipv4_gw: 10.3.166.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac3 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -freezes: false -has_ipv4: yes -mac1: 24:6e:96:05:d7:84 -mac2: 24:6e:96:05:d7:85 -mac3: 24:6e:96:05:d7:80 -mac4: 24:6e:96:05:d7:82 -nested: true -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-04.stg.rdu3.fedoraproject.org b/inventory/host_vars/vmhost-x86-04.stg.rdu3.fedoraproject.org deleted file mode 100644 index e28a9ff9e8..0000000000 --- a/inventory/host_vars/vmhost-x86-04.stg.rdu3.fedoraproject.org +++ /dev/null @@ -1,56 +0,0 @@ ---- -br0_ipv4: 10.16.166.14 -br0_ipv4_gw: 10.16.166.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "fedoraproject.org" -dns_search3: "iad2.fedoraproject.org" -has_ipv4: yes -mac0: c4:cb:e1:e1:70:60 -mac1: c4:cb:e1:e1:70:61 -mac2: c4:70:bd:aa:6a:ae -mac3: c4:70:bd:aa:6a:af -network_connections: - # Bridge profile - - name: br0 - state: up - type: bridge - mtu: 9000 - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - # Bond profile - - name: bond0 - type: bond - interface_name: bond0 - mtu: 9000 - controller: br0 - bond: - mode: 802.3ad - # Port profile for the 1st Ethernet device - - name: bond0-port1 - mac: "{{ mac2 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 - # Port profile for the 2nd Ethernet device - - name: bond0-port2 - mac: "{{ mac3 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-05.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-05.iad2.fedoraproject.org deleted file mode 100644 index 485f9392a4..0000000000 --- a/inventory/host_vars/vmhost-x86-05.iad2.fedoraproject.org +++ /dev/null @@ -1,35 +0,0 @@ ---- -br0_ipv4: 10.3.163.15 -br0_ipv4_gw: 10.3.163.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:ae:4b:b8 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-05.rdu3.fedoraproject.org b/inventory/host_vars/vmhost-x86-05.rdu3.fedoraproject.org deleted file mode 100644 index 546c66bceb..0000000000 --- a/inventory/host_vars/vmhost-x86-05.rdu3.fedoraproject.org +++ /dev/null @@ -1,56 +0,0 @@ ---- -br0_ipv4: 10.16.163.15 -br0_ipv4_gw: 10.16.163.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "fedoraproject.org" -dns_search3: "iad2.fedoraproject.org" -has_ipv4: yes -mac0: c4:cb:e1:e1:71:6c -mac1: c4:cb:e1:e1:71:6d -mac2: c4:70:bd:aa:70:24 -mac3: c4:70:bd:aa:70:25 -network_connections: - # Bridge profile - - name: br0 - state: up - type: bridge - mtu: 9000 - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - # Bond profile - - name: bond0 - type: bond - interface_name: bond0 - mtu: 9000 - controller: br0 - bond: - mode: 802.3ad - # Port profile for the 1st Ethernet device - - name: bond0-port1 - mac: "{{ mac2 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 - # Port profile for the 2nd Ethernet device - - name: bond0-port2 - mac: "{{ mac3 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-05.stg.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-05.stg.iad2.fedoraproject.org deleted file mode 100644 index f06fde022b..0000000000 --- a/inventory/host_vars/vmhost-x86-05.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,44 +0,0 @@ ---- -# This virthost only has stg instances, so it doesn't freeze -br0_ipv4: 10.3.166.15 -br0_ipv4_gw: 10.3.166.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac5 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -freezes: false -has_ipv4: yes -mac1: 18:66:da:f7:7a:58 -mac2: 18:66:da:f7:7a:59 -mac3: 18:66:da:f7:7a:5a -mac4: 18:66:da:f7:7a:5b -mac5: a0:36:9f:de:88:28 -mac6: a0:36:9f:de:88:2a -nested: true -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-05.stg.rdu3.fedoraproject.org b/inventory/host_vars/vmhost-x86-05.stg.rdu3.fedoraproject.org deleted file mode 100644 index 0cdecb406a..0000000000 --- a/inventory/host_vars/vmhost-x86-05.stg.rdu3.fedoraproject.org +++ /dev/null @@ -1,56 +0,0 @@ ---- -br0_ipv4: 10.16.166.15 -br0_ipv4_gw: 10.16.166.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: rdu3 -dns1: 10.16.163.33 -dns2: 10.16.163.34 -dns_search1: "rdu3.fedoraproject.org" -dns_search2: "fedoraproject.org" -dns_search3: "iad2.fedoraproject.org" -has_ipv4: yes -mac0: c4:cb:e1:e1:71:66 -mac1: c4:cb:e1:e1:71:67 -mac2: c4:70:bd:aa:71:2c -mac3: c4:70:bd:aa:71:2d -network_connections: - # Bridge profile - - name: br0 - state: up - type: bridge - mtu: 9000 - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - # Bond profile - - name: bond0 - type: bond - interface_name: bond0 - mtu: 9000 - controller: br0 - bond: - mode: 802.3ad - # Port profile for the 1st Ethernet device - - name: bond0-port1 - mac: "{{ mac2 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 - # Port profile for the 2nd Ethernet device - - name: bond0-port2 - mac: "{{ mac3 }}" - type: ethernet - controller: bond0 - state: up - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-06.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-06.iad2.fedoraproject.org deleted file mode 100644 index 4393a75ca3..0000000000 --- a/inventory/host_vars/vmhost-x86-06.iad2.fedoraproject.org +++ /dev/null @@ -1,35 +0,0 @@ ---- -br0_ipv4: 10.3.163.16 -br0_ipv4_gw: 10.3.163.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:b1:28:ee -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-06.stg.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-06.stg.iad2.fedoraproject.org deleted file mode 100644 index 545cbd85e9..0000000000 --- a/inventory/host_vars/vmhost-x86-06.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,44 +0,0 @@ ---- -# This virthost only has stg instances, so it doesn't freeze -br0_ipv4: 10.3.166.16 -br0_ipv4_gw: 10.3.166.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac5 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -freezes: false -has_ipv4: yes -mac1: 18:66:da:f7:61:58 -mac2: 18:66:da:f7:61:59 -mac3: 18:66:da:f7:61:5a -mac4: 18:66:da:f7:61:5b -mac5: a0:36:9f:de:85:bc -mac6: a0:36:9f:de:85:be -nested: true -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-07.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-07.iad2.fedoraproject.org deleted file mode 100644 index 7f99f772c5..0000000000 --- a/inventory/host_vars/vmhost-x86-07.iad2.fedoraproject.org +++ /dev/null @@ -1,35 +0,0 @@ ---- -br0_ipv4: 10.3.163.17 -br0_ipv4_gw: 10.3.163.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: e4:43:4b:22:ce:ca -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-07.stg.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-07.stg.iad2.fedoraproject.org deleted file mode 100644 index aec491cc93..0000000000 --- a/inventory/host_vars/vmhost-x86-07.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,44 +0,0 @@ ---- -# This virthost only has stg instances, so it doesn't freeze -br0_ipv4: 10.3.166.17 -br0_ipv4_gw: 10.3.166.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac4 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -freezes: false -has_ipv4: yes -mac1: 80:18:44:de:4d:fc -mac2: 80:18:44:de:4d:fd -mac3: 80:18:44:de:4d:fe -mac4: a0:36:9f:f1:83:e0 -mac5: 80:18:44:de:4d:ff -mac6: a0:36:9f:f1:83:e2 -nested: true -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-08.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-08.iad2.fedoraproject.org deleted file mode 100644 index 52f59c0f79..0000000000 --- a/inventory/host_vars/vmhost-x86-08.iad2.fedoraproject.org +++ /dev/null @@ -1,36 +0,0 @@ ---- -br0_ipv4_ip: 10.3.163.28 -br0_ipv4_gw: 10.3.163.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac1: 6c:fe:54:88:ec:34 -nbde: false -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4_ip }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-08.stg.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-08.stg.iad2.fedoraproject.org deleted file mode 100644 index 7327947715..0000000000 --- a/inventory/host_vars/vmhost-x86-08.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,42 +0,0 @@ ---- -# This virthost only has stg instances, so it doesn't freeze -br0_ipv4: 10.3.166.18 -br0_ipv4_gw: 10.3.166.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac3 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -freezes: false -has_ipv4: yes -mac1: 24:6e:96:c1:6e:bc -mac2: 24:6e:96:c1:6e:bd -mac3: 24:6e:96:c1:6e:b8 -mac4: 24:6e:96:c1:6e:ba -nested: true -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-09.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-09.iad2.fedoraproject.org deleted file mode 100644 index 3efaac7822..0000000000 --- a/inventory/host_vars/vmhost-x86-09.iad2.fedoraproject.org +++ /dev/null @@ -1,36 +0,0 @@ ---- -br0_ipv4: 10.3.163.29 -br0_ipv4_gw: 10.3.163.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac2 }}" -datacenter: iad2 -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search2: "fedoraproject.org" -has_ipv4: yes -mac2: 24:6e:96:b1:61:c0 -nbde: false -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-09.stg.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-09.stg.iad2.fedoraproject.org deleted file mode 100644 index f10eb9cfca..0000000000 --- a/inventory/host_vars/vmhost-x86-09.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,42 +0,0 @@ ---- -# This virthost only has stg instances, so it doesn't freeze -br0_ipv4: 10.3.166.19 -br0_ipv4_gw: 10.3.166.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac4 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -freezes: false -has_ipv4: yes -mac1: C8:4B:D6:89:F7:5C -mac2: C8:4B:D6:89:F7:5D -mac3: 6C:FE:54:57:80:2C -mac4: 6C:FE:54:57:80:2D -nested: true -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-11.stg.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-11.stg.iad2.fedoraproject.org deleted file mode 100644 index 2323ea4706..0000000000 --- a/inventory/host_vars/vmhost-x86-11.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,44 +0,0 @@ ---- -# This virthost only has stg instances, so it doesn't freeze -br0_ipv4: 10.3.166.28 -br0_ipv4_gw: 10.3.166.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -freezes: false -has_ipv4: yes -mac1: E4:43:4B:F7:B7:B8 -mac2: E4:43:4B:F7:B7:BA -mac3: E4:43:4B:F7:B7:D8 -mac4: E4:43:4B:F7:B7:D9 -mgmt_ipv4: 10.3.160.46 -mgmt_mac: 2c:ea:7f:f3:6c:be -nested: true -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-12.stg.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-12.stg.iad2.fedoraproject.org deleted file mode 100644 index 4ee1b00ee6..0000000000 --- a/inventory/host_vars/vmhost-x86-12.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,44 +0,0 @@ ---- -# This virthost only has stg instances, so it doesn't freeze -br0_ipv4: 10.3.166.29 -br0_ipv4_gw: 10.3.166.254 -br0_ipv4_nm: 24 -br0_port0_mac: "{{ mac1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -freezes: false -has_ipv4: yes -mac1: E4:43:4B:F7:AD:10 -mac2: E4:43:4B:F7:AD:12 -mac3: E4:43:4B:F7:AD:30 -mac4: E4:43:4B:F7:AD:31 -mgmt_ipv4: 10.3.160.47 -mgmt_mac: 2c:ea:7f:f3:82:fc -nested: true -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ br0_ipv4_gw }}" - name: br0 - state: up - type: bridge - mtu: 9000 - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - mtu: 9000 diff --git a/inventory/host_vars/vmhost-x86-cc01.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-x86-cc01.rdu-cc.fedoraproject.org deleted file mode 100644 index 073c5a2d03..0000000000 --- a/inventory/host_vars/vmhost-x86-cc01.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,60 +0,0 @@ ---- -br0_dev: eth0 -br0_ipv4_ip: 8.43.85.65 -br0_ipv4_gw: 8.43.85.254 -br0_ipv4_nm: 24 -br0_port0_mac: '{{ mac0 }}' -br1_ipv4: 172.23.1.14 -br1_ipv4_gw: 172.23.1.254 -br1_ipv4_nm: 24 -br1_port0_mac: '{{ mac2 }}' -datacenter: rdu-cc -dns1: 8.8.8.8 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -mac0: c8:4b:d6:af:2f:ef -mac2: c8:4b:d6:af:2f:f0 -network_connections: - - autoconnect: true - ip: - address: - - '{{ br0_ipv4_ip }}/{{ br0_ipv4_nm }}' - dhcp4: false - dns: - - '{{ dns1 }}' - dns_search: - - '{{ dns_search1 }}' - - '{{ dns_search2 }}' - gateway4: '{{ br0_ipv4_gw }}' - name: br0 - state: up - type: bridge - - mac: '{{ br0_port0_mac }}' - master: br0 - name: br0-port0 - state: up - type: ethernet - - autoconnect: true - ip: - address: - - '{{ br1_ipv4 }}/{{ br1_ipv4_nm }}' - dhcp4: false - dns: - - '{{ dns1 }}' - - '{{ dns2 }}' - dns_search: - - '{{ dns_search1 }}' - gateway4: '{{ br1_ipv4_gw }}' - auto_gateway: false - name: br1 - state: up - type: bridge - - mac: '{{ br1_port0_mac }}' - master: br1 - name: br1-port0 - state: up - type: ethernet -nrpe_procs_crit: 1700 -nrpe_procs_warn: 1500 -postfix_group: vpn -vpn: true diff --git a/inventory/host_vars/vmhost-x86-cc02.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-x86-cc02.rdu-cc.fedoraproject.org deleted file mode 100644 index 0de807cbb1..0000000000 --- a/inventory/host_vars/vmhost-x86-cc02.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -br0_ipv4: 8.43.85.66 -br0_ipv4_gw: 8.43.85.254 -br0_ipv4_nm: 24 -br0_port0_mac: '{{ mac0 }}' -datacenter: rdu-cc -dns1: 8.8.8.8 -dns_search1: fedoraproject.org -mac0: 24:6e:96:d5:a4:0a -network_connections: - - autoconnect: true - ip: - address: - - '{{ br0_ipv4 }}/{{ br0_ipv4_nm }}' - dhcp4: false - dns: - - '{{ dns1 }}' - dns_search: - - '{{ dns_search1 }}' - gateway4: '{{ br0_ipv4_gw }}' - name: br0 - state: up - type: bridge - - mac: '{{ br0_port0_mac }}' - master: br0 - name: br0-port0 - state: up - type: ethernet -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -postfix_group: vpn -vpn: true diff --git a/inventory/host_vars/vmhost-x86-cc03.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-x86-cc03.rdu-cc.fedoraproject.org deleted file mode 100644 index 5d263b41ef..0000000000 --- a/inventory/host_vars/vmhost-x86-cc03.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,61 +0,0 @@ ---- -br0_ipv4: 8.43.85.64 -br0_ipv4_gw: 8.43.85.254 -br0_ipv4_nm: 24 -br0_port0_mac: '{{ mac0 }}' -br1_ipv4: 172.23.1.13 -br1_ipv4_gw: 172.23.1.254 -br1_ipv4_nm: 24 -br1_port0_mac: '{{ mac2 }}' -datacenter: rdu-cc -dns1: 8.8.8.8 -dns2: 8.8.4.4 -dns_search1: vpn.fedoraproject.org -dns_search2: fedoraproject.org -mac0: C8:4B:D6:98:5D:74 -mac2: c8:4b:d6:98:5d:75 -network_connections: - - autoconnect: true - ip: - address: - - '{{ br0_ipv4 }}/{{ br0_ipv4_nm }}' - dhcp4: false - dns: - - '{{ dns1 }}' - - '{{ dns2 }}' - dns_search: - - '{{ dns_search1 }}' - - '{{ dns_search2 }}' - gateway4: '{{ br0_ipv4_gw }}' - name: br0 - state: up - type: bridge - - mac: '{{ br0_port0_mac }}' - master: br0 - name: br0-port0 - state: up - type: ethernet - - autoconnect: true - ip: - address: - - '{{ br1_ipv4 }}/{{ br1_ipv4_nm }}' - dhcp4: false - dns: - - '{{ dns1 }}' - - '{{ dns2 }}' - dns_search: - - '{{ dns_search1 }}' - gateway4: '{{ br1_ipv4_gw }}' - auto_gateway: false - name: br1 - state: up - type: bridge - - mac: '{{ br1_port0_mac }}' - master: br1 - name: br1-port0 - state: up - type: ethernet -nrpe_procs_crit: 2000 -nrpe_procs_warn: 1500 -postfix_group: vpn -vpn: true diff --git a/inventory/host_vars/vmhost-x86-cc05.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-x86-cc05.rdu-cc.fedoraproject.org deleted file mode 100644 index 480f2247d5..0000000000 --- a/inventory/host_vars/vmhost-x86-cc05.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,63 +0,0 @@ ---- -br0_ipv4: 8.43.85.84 -br0_ipv4_gw: "{{ gw }}" -br0_ipv4_nm: 24 -br0_ipv6: "2620:52:3:1:dead:beef:cafe:f005" -br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -br0_ipv6_nm: 64 -br0_port0_mac: "{{ mac0 }}" -br1_ipv4: 172.23.1.1 -br1_ipv4_nm: 24 -br1_port0_mac: "{{ mac1 }}" -datacenter: rdu-cc -dns: 8.8.8.8 -freezes: false -gw: 8.43.85.254 -has_ipv4: yes -has_ipv6: yes -mac0: "ec:f4:bb:d2:97:7c" -mac1: "ec:f4:bb:d2:97:7d" -mac2: "ec:f4:bb:d2:97:78" -mac3: "ec:f4:bb:d2:97:7a" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}" - dhcp4: no - dns: - - 8.8.8.8 - - 8.8.4.4 - - 2001:4860:4860::8888 - dns_search: - - vpn.fedoraproject.org - - fedoraproject.org - - rdu-cc.fedoraproject.org - gateway4: "{{ br0_ipv4_gw }}" - gateway6: "{{ br0_ipv6_gw }}" - name: br0 - state: up - type: bridge - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - - autoconnect: yes - ip: - address: - - "{{ br1_ipv4 }}/{{ br1_ipv4_nm }}" - dhcp4: no - name: br1 - state: up - type: bridge - - mac: "{{ br1_port0_mac }}" - master: br1 - name: br1-port0 - state: up - type: ethernet -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -postfix_group: cloud -vpn: true diff --git a/inventory/host_vars/vmhost-x86-cc06.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-x86-cc06.rdu-cc.fedoraproject.org deleted file mode 100644 index 412668c19c..0000000000 --- a/inventory/host_vars/vmhost-x86-cc06.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,79 +0,0 @@ ---- -br0_ipv4: 8.43.85.85 -br0_ipv4_gw: "{{ gw }}" -br0_ipv4_nm: 24 -br0_ipv6: "2620:52:3:1:dead:beef:cafe:f006" -br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -br0_ipv6_nm: 64 -br0_port0_mac: "{{ mac0 }}" -br1_ipv4: 172.23.1.2 -br1_ipv4_nm: 24 -br1_port0_mac: "{{ mac1 }}" -br2_ipv4: 172.23.5.2 -br2_ipv4_nm: 24 -br2_port0_mac: "{{ mac2 }}" -datacenter: rdu-cc -dns: 8.8.8.8 -freezes: false -gw: 8.43.85.254 -has_ipv4: yes -has_ipv6: yes -mac0: "ec:f4:bb:cd:aa:a4" -mac1: "ec:f4:bb:cd:aa:a5" -mac2: "ec:f4:bb:cd:aa:a0" -mac3: "ec:f4:bb:cd:aa:a2" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}" - dhcp4: no - dns: - - 8.8.8.8 - - 8.8.4.4 - - 2001:4860:4860::8888 - dns_search: - - vpn.fedoraproject.org - - fedoraproject.org - - rdu-cc.fedoraproject.org - gateway4: "{{ br0_ipv4_gw }}" - gateway6: "{{ br0_ipv6_gw }}" - name: br0 - state: up - type: bridge - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet - - autoconnect: yes - ip: - address: - - "{{ br1_ipv4 }}/{{ br1_ipv4_nm }}" - dhcp4: no - name: br1 - state: up - type: bridge - - mac: "{{ br1_port0_mac }}" - master: br1 - name: br1-port0 - state: up - type: ethernet - - autoconnect: yes - ip: - address: - - "{{ br2_ipv4 }}/{{ br2_ipv4_nm }}" - dhcp4: no - name: br2 - state: up - type: bridge - - mac: "{{ br2_port0_mac }}" - master: br2 - name: br2-port0 - state: up - type: ethernet -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -postfix_group: cloud -vpn: true diff --git a/inventory/host_vars/vmhost-x86-copr01.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-x86-copr01.rdu-cc.fedoraproject.org deleted file mode 100644 index 3df7e11aae..0000000000 --- a/inventory/host_vars/vmhost-x86-copr01.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,46 +0,0 @@ ---- -br0_ipv4: 8.43.85.57 -br0_ipv4_gw: "{{ gw }}" -br0_ipv4_nm: 24 -br0_ipv6: "2620:52:3:1:dead:beef:cafe:c001" -br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -br0_ipv6_nm: 64 -br0_port0_mac: "{{ mac0 }}" -datacenter: rdu-cc -dns: 8.8.8.8 -gw: 8.43.85.254 -has_ipv4: yes -has_ipv6: yes -mac0: "f4:02:70:d0:05:00" -mac1: "f4:02:70:d0:05:01" -mac2: "00:62:0b:c5:82:60" -mac3: "00:62:0b:c5:82:61" -mac4: "b4:96:91:63:3b:e8" -mac5: "b4:96:91:63:3b:e9" -mac6: "b4:96:91:63:3b:ea" -mac7: "b4:96:91:63:3b:eb" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}" - dhcp4: no - dns: - - 8.8.8.8 - - 8.8.4.4 - - 2001:4860:4860::8888 - dns_search: - - fedoraproject.org - - vpn.fedoraproject.org - - rdu-cc.fedoraproject.org - gateway4: "{{ br0_ipv4_gw }}" - gateway6: "{{ br0_ipv6_gw }}" - name: br0 - state: up - type: bridge - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet diff --git a/inventory/host_vars/vmhost-x86-copr02.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-x86-copr02.rdu-cc.fedoraproject.org deleted file mode 100644 index 0f52f8b92f..0000000000 --- a/inventory/host_vars/vmhost-x86-copr02.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,44 +0,0 @@ ---- -br0_ipv4: 8.43.85.58 -br0_ipv4_gw: "{{ gw }}" -br0_ipv4_nm: 24 -br0_ipv6: "2620:52:3:1:dead:beef:cafe:c002" -br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -br0_ipv6_nm: 64 -br0_port0_mac: "{{ mac0 }}" -datacenter: rdu-cc -dns: 8.8.8.8 -gw: 8.43.85.254 -has_ipv4: yes -has_ipv6: yes -mac0: "c4:cb:e1:b3:5c:78" -mac1: "c4:cb:e1:b3:5c:79" -mac2: "b4:96:91:63:3b:9c" -mac3: "b4:96:91:63:3b:9d" -mac4: "b4:96:91:63:3b:9e" -mac5: "b4:96:91:63:3b:9f" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}" - dhcp4: no - dns: - - 8.8.8.8 - - 8.8.4.4 - - 2001:4860:4860::8888 - dns_search: - - fedoraproject.org - - vpn.fedoraproject.org - - rdu-cc.fedoraproject.org - gateway4: "{{ br0_ipv4_gw }}" - gateway6: "{{ br0_ipv6_gw }}" - name: br0 - state: up - type: bridge - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet diff --git a/inventory/host_vars/vmhost-x86-copr03.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-x86-copr03.rdu-cc.fedoraproject.org deleted file mode 100644 index 7722445067..0000000000 --- a/inventory/host_vars/vmhost-x86-copr03.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,46 +0,0 @@ ---- -br0_ipv4: 8.43.85.59 -br0_ipv4_gw: "{{ gw }}" -br0_ipv4_nm: 24 -br0_ipv6: "2620:52:3:1:dead:beef:cafe:c003" -br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -br0_ipv6_nm: 64 -br0_port0_mac: "{{ mac0 }}" -datacenter: rdu-cc -dns: 8.8.8.8 -gw: 8.43.85.254 -has_ipv4: yes -has_ipv6: yes -mac0: "f4:02:70:d3:42:48" -mac1: "f4:02:70:d3:42:49" -mac2: "b0:26:28:d1:dd:c0" -mac3: "b0:26:28:d1:dd:c1" -mac4: "b4:96:91:63:3b:50" -mac5: "b4:96:91:63:3b:51" -mac6: "b4:96:91:63:3b:52" -mac7: "b4:96:91:63:3b:53" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}" - dhcp4: no - dns: - - 8.8.8.8 - - 8.8.4.4 - - 2001:4860:4860::8888 - dns_search: - - fedoraproject.org - - vpn.fedoraproject.org - - rdu-cc.fedoraproject.org - gateway4: "{{ br0_ipv4_gw }}" - gateway6: "{{ br0_ipv6_gw }}" - name: br0 - state: up - type: bridge - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet diff --git a/inventory/host_vars/vmhost-x86-copr04.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-x86-copr04.rdu-cc.fedoraproject.org deleted file mode 100644 index 2b0d24b6bd..0000000000 --- a/inventory/host_vars/vmhost-x86-copr04.rdu-cc.fedoraproject.org +++ /dev/null @@ -1,46 +0,0 @@ ---- -br0_ipv4: 8.43.85.60 -br0_ipv4_gw: "{{ gw }}" -br0_ipv4_nm: 24 -br0_ipv6: "2620:52:3:1:dead:beef:cafe:c004" -br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -br0_ipv6_nm: 64 -br0_port0_mac: "{{ mac0 }}" -datacenter: rdu-cc -dns: 8.8.8.8 -gw: 8.43.85.254 -has_ipv4: yes -has_ipv6: yes -mac0: "70:b5:e8:d0:a4:06" -mac1: "70:b5:e8:d0:a4:07" -mac2: "b0:26:28:d1:e0:f0" -mac3: "b0:26:28:d1:e0:f1" -mac4: "b4:96:91:63:3a:a0" -mac5: "b4:96:91:63:3a:a1" -mac6: "b4:96:91:63:3a:a2" -mac7: "b4:96:91:63:3a:a3" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" - - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}" - dhcp4: no - dns: - - 8.8.8.8 - - 8.8.4.4 - - 2001:4860:4860::8888 - dns_search: - - fedoraproject.org - - vpn.fedoraproject.org - - rdu-cc.fedoraproject.org - gateway4: "{{ br0_ipv4_gw }}" - gateway6: "{{ br0_ipv6_gw }}" - name: br0 - state: up - type: bridge - - mac: "{{ br0_port0_mac }}" - master: br0 - name: br0-port0 - state: up - type: ethernet diff --git a/inventory/host_vars/wiki01.iad2.fedoraproject.org b/inventory/host_vars/wiki01.iad2.fedoraproject.org deleted file mode 100644 index 9167a6af62..0000000000 --- a/inventory/host_vars/wiki01.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.83 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -vmhost: vmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/wiki01.phx2.fedoraproject.org b/inventory/host_vars/wiki01.phx2.fedoraproject.org new file mode 100644 index 0000000000..901d71bb6b --- /dev/null +++ b/inventory/host_vars/wiki01.phx2.fedoraproject.org @@ -0,0 +1,11 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_virthost03 +eth0_ip: 10.5.126.63 +eth1_ip: 10.5.127.43 +vmhost: virthost03.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/wiki01.stg.iad2.fedoraproject.org b/inventory/host_vars/wiki01.stg.iad2.fedoraproject.org deleted file mode 100644 index ad1c395801..0000000000 --- a/inventory/host_vars/wiki01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.24 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -vmhost: vmhost-x86-07.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/wiki01.stg.phx2.fedoraproject.org b/inventory/host_vars/wiki01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..80eae8af74 --- /dev/null +++ b/inventory/host_vars/wiki01.stg.phx2.fedoraproject.org @@ -0,0 +1,11 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.60 +eth1_ip: 10.5.127.42 +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/wiki02.iad2.fedoraproject.org b/inventory/host_vars/wiki02.iad2.fedoraproject.org deleted file mode 100644 index 30fac28220..0000000000 --- a/inventory/host_vars/wiki02.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.102 -ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/42/Server/x86_64/os/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora -vmhost: vmhost-x86-06.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/wiki02.phx2.fedoraproject.org b/inventory/host_vars/wiki02.phx2.fedoraproject.org new file mode 100644 index 0000000000..a1d626e2d9 --- /dev/null +++ b/inventory/host_vars/wiki02.phx2.fedoraproject.org @@ -0,0 +1,11 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_virthost01 +eth0_ip: 10.5.126.73 +eth1_ip: 10.5.127.44 +vmhost: virthost01.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/worker01.ocp.iad2.fedoraproject.org b/inventory/host_vars/worker01.ocp.iad2.fedoraproject.org deleted file mode 100644 index c4c1ae4720..0000000000 --- a/inventory/host_vars/worker01.ocp.iad2.fedoraproject.org +++ /dev/null @@ -1,45 +0,0 @@ ---- -arch: x86_64 -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.163.123 -eth0_ipv4_gw: 10.3.163.254 -freezes: true -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -install_dev: /dev/sda -mac0: "68:05:CA:CE:A3:C9" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -pxe_bootdev: eno34 -rhcos_ignition_file_url: "http://10.3.163.65/rhcos/worker.ign" -rhcos_initrd_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-initramfs.x86_64.img" -rhcos_install_img_url: "http://10.3.163.165/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.163.65/rhcos/" -rhcos_kernel_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-kernel.x86_64" -vpn: true diff --git a/inventory/host_vars/worker01.ocp.stg.iad2.fedoraproject.org b/inventory/host_vars/worker01.ocp.stg.iad2.fedoraproject.org deleted file mode 100644 index 86824e03f8..0000000000 --- a/inventory/host_vars/worker01.ocp.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,46 +0,0 @@ ---- -arch: x86_64 -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.166.118 -eth0_ipv4_gw: 10.3.166.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -install_dev: /dev/sda -mac0: "68:05:CA:CE:A2:AC" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -pxe_bootdev: eno1 -rhcos_ignition_file_url: "http://10.3.166.50/rhcos/worker.ign" -rhcos_initrd_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-initramfs.x86_64.img" -rhcos_install_img_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.166.50/rhcos/" -rhcos_kernel_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-kernel.x86_64" -vpn: true diff --git a/inventory/host_vars/worker02.ocp.iad2.fedoraproject.org b/inventory/host_vars/worker02.ocp.iad2.fedoraproject.org deleted file mode 100644 index 4dc18fd9e6..0000000000 --- a/inventory/host_vars/worker02.ocp.iad2.fedoraproject.org +++ /dev/null @@ -1,45 +0,0 @@ ---- -arch: x86_64 -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.163.124 -eth0_ipv4_gw: 10.3.163.254 -freezes: true -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -install_dev: /dev/sda -mac0: "68:05:CA:CE:A2:90" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -pxe_bootdev: eno33 -rhcos_ignition_file_url: "http://10.3.163.65/rhcos/worker.ign" -rhcos_initrd_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-initramfs.x86_64.img" -rhcos_install_img_url: "http://10.3.163.165/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.163.65/rhcos/" -rhcos_kernel_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-kernel.x86_64" -vpn: true diff --git a/inventory/host_vars/worker02.ocp.stg.iad2.fedoraproject.org b/inventory/host_vars/worker02.ocp.stg.iad2.fedoraproject.org deleted file mode 100644 index 7eaa05016b..0000000000 --- a/inventory/host_vars/worker02.ocp.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,46 +0,0 @@ ---- -arch: x86_64 -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.166.119 -eth0_ipv4_gw: 10.3.166.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -install_dev: /dev/sda -mac0: "68:05:CA:CE:A3:24" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -pxe_bootdev: eno1 -rhcos_ignition_file_url: "http://10.3.166.50/rhcos/worker.ign" -rhcos_initrd_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-initramfs.x86_64.img" -rhcos_install_img_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.166.50/rhcos/" -rhcos_kernel_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-kernel.x86_64" -vpn: true diff --git a/inventory/host_vars/worker03.ocp.iad2.fedoraproject.org b/inventory/host_vars/worker03.ocp.iad2.fedoraproject.org deleted file mode 100644 index 3d3c053440..0000000000 --- a/inventory/host_vars/worker03.ocp.iad2.fedoraproject.org +++ /dev/null @@ -1,45 +0,0 @@ ---- -arch: x86_64 -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.163.125 -eth0_ipv4_gw: 10.3.163.254 -freezes: true -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -install_dev: /dev/sda -mac0: "68:05:CA:CE:A7:4C" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -pxe_bootdev: eno33 -rhcos_ignition_file_url: "http://10.3.163.65/rhcos/worker.ign" -rhcos_initrd_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-initramfs.x86_64.img" -rhcos_install_img_url: "http://10.3.163.165/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.163.65/rhcos/" -rhcos_kernel_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-kernel.x86_64" -vpn: true diff --git a/inventory/host_vars/worker03.ocp.stg.iad2.fedoraproject.org b/inventory/host_vars/worker03.ocp.stg.iad2.fedoraproject.org deleted file mode 100644 index 70910cf34e..0000000000 --- a/inventory/host_vars/worker03.ocp.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,46 +0,0 @@ ---- -arch: x86_64 -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.166.120 -eth0_ipv4_gw: 10.3.166.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -install_dev: /dev/sda -mac0: "68:05:CA:CE:A5:10" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -pxe_bootdev: eno1 -rhcos_ignition_file_url: "http://10.3.166.50/rhcos/worker.ign" -rhcos_initrd_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-initramfs.x86_64.img" -rhcos_install_img_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.166.50/rhcos/" -rhcos_kernel_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-kernel.x86_64" -vpn: true diff --git a/inventory/host_vars/worker04.ocp.iad2.fedoraproject.org b/inventory/host_vars/worker04.ocp.iad2.fedoraproject.org deleted file mode 100644 index b92f7107f7..0000000000 --- a/inventory/host_vars/worker04.ocp.iad2.fedoraproject.org +++ /dev/null @@ -1,45 +0,0 @@ ---- -arch: x86_64 -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.163.127 -eth0_ipv4_gw: 10.3.163.254 -freezes: true -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -install_dev: /dev/sda -mac0: "24:6E:96:B0:E0:78" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -pxe_bootdev: eno34 -rhcos_ignition_file_url: "http://10.3.163.65/rhcos/worker.ign" -rhcos_initrd_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-initramfs.x86_64.img" -rhcos_install_img_url: "http://10.3.163.165/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.163.65/rhcos/" -rhcos_kernel_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-kernel.x86_64" -vpn: true diff --git a/inventory/host_vars/worker04.ocp.stg.iad2.fedoraproject.org b/inventory/host_vars/worker04.ocp.stg.iad2.fedoraproject.org deleted file mode 100644 index 798b054772..0000000000 --- a/inventory/host_vars/worker04.ocp.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,48 +0,0 @@ ---- -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.166.122 -eth0_ipv4_gw: 10.3.166.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -lvm_size: 120g -mac0: "{{ ansible_default_ipv4.macaddress }}" -max_mem_size: 16384 -mem_size: 16384 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 4 -rhcos_ignition_file_url: "http://10.3.166.50/rhcos/worker.ign" -rhcos_install_img_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.166.50/rhcos/" -virt_install_command: "{{ virt_install_command_pxe_rhcos }}" -vmhost: vmhost-x86-06.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/worker05.ocp.iad2.fedoraproject.org b/inventory/host_vars/worker05.ocp.iad2.fedoraproject.org deleted file mode 100644 index 941abed8b9..0000000000 --- a/inventory/host_vars/worker05.ocp.iad2.fedoraproject.org +++ /dev/null @@ -1,45 +0,0 @@ ---- -arch: x86_64 -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.163.128 -eth0_ipv4_gw: 10.3.163.254 -freezes: true -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -install_dev: /dev/sda -mac0: "24:6E:96:B1:4C:70" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -pxe_bootdev: eno34 -rhcos_ignition_file_url: "http://10.3.163.65/rhcos/worker.ign" -rhcos_initrd_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-initramfs.x86_64.img" -rhcos_install_img_url: "http://10.3.163.165/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.163.65/rhcos/" -rhcos_kernel_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-kernel.x86_64" -vpn: true diff --git a/inventory/host_vars/worker05.ocp.stg.iad2.fedoraproject.org b/inventory/host_vars/worker05.ocp.stg.iad2.fedoraproject.org deleted file mode 100644 index 0f76eb6f63..0000000000 --- a/inventory/host_vars/worker05.ocp.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,48 +0,0 @@ ---- -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "stg.iad2.fedoraproject.org" -dns_search2: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.166.123 -eth0_ipv4_gw: 10.3.166.254 -freezes: false -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -lvm_size: 120g -mac0: "{{ ansible_default_ipv4.macaddress }}" -max_mem_size: 16384 -mem_size: 16384 -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -num_cpus: 4 -rhcos_ignition_file_url: "http://10.3.166.50/rhcos/worker.ign" -rhcos_install_img_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.166.50/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.166.50/rhcos/" -virt_install_command: "{{ virt_install_command_pxe_rhcos }}" -vmhost: vmhost-x86-07.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: true diff --git a/inventory/host_vars/worker06.ocp.iad2.fedoraproject.org b/inventory/host_vars/worker06.ocp.iad2.fedoraproject.org deleted file mode 100644 index 82ebf86618..0000000000 --- a/inventory/host_vars/worker06.ocp.iad2.fedoraproject.org +++ /dev/null @@ -1,45 +0,0 @@ ---- -arch: x86_64 -datacenter: iad2 -dns: "{{ dns1 }}" -dns1: 10.3.163.33 -dns2: 10.3.163.34 -dns_search1: "iad2.fedoraproject.org" -dns_search3: "fedoraproject.org" -eth0_ip: "{{eth0_ipv4}}" -eth0_ipv4: 10.3.163.129 -eth0_ipv4_gw: 10.3.163.254 -freezes: true -gw: "{{ eth0_ipv4_gw }}" -has_ipv4: yes -install_dev: /dev/sda -mac0: "24:6E:96:B1:5E:B0" -network_connections: - - autoconnect: yes - ip: - address: - - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" - dhcp4: no - dns: - - "{{ dns1 }}" - - "{{ dns2 }}" - dns_search: - - "{{ dns_search1 }}" - - "{{ dns_search2 }}" - - "{{ dns_search3 }}" - gateway4: "{{ eth0_ipv4_gw }}" - mac: "{{ mac0 }}" - name: eth0 - state: up - type: ethernet -nm: 255.255.255.0 -nrpe_procs_crit: 1400 -nrpe_procs_warn: 1200 -pxe_bootdev: eno34 -rhcos_ignition_file_url: "http://10.3.163.65/rhcos/worker.ign" -rhcos_initrd_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-initramfs.x86_64.img" -rhcos_install_img_url: "http://10.3.163.165/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz" -rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img" -rhcos_install_url: "http://10.3.163.65/rhcos/" -rhcos_kernel_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-kernel.x86_64" -vpn: true diff --git a/inventory/host_vars/zabbix01.iad2.fedoraproject.org b/inventory/host_vars/zabbix01.iad2.fedoraproject.org deleted file mode 100644 index 9b0d4dda5c..0000000000 --- a/inventory/host_vars/zabbix01.iad2.fedoraproject.org +++ /dev/null @@ -1,9 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.198 -eth0_nm: 255.255.255.0 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-05.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/zabbix01.stg.iad2.fedoraproject.org b/inventory/host_vars/zabbix01.stg.iad2.fedoraproject.org deleted file mode 100644 index 15be434116..0000000000 --- a/inventory/host_vars/zabbix01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,9 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.61 -eth0_nm: 255.255.255.0 -ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ -ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel -vmhost: vmhost-x86-07.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/inventory b/inventory/inventory index 4640fb94fe..78323e4bc0 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -1,757 +1,643 @@ -[rabbitmq] -rabbitmq01.iad2.fedoraproject.org -rabbitmq02.iad2.fedoraproject.org -rabbitmq03.iad2.fedoraproject.org +# dummies until the multiple inventory group import issue is fixed in +# ansible +[builders] +[bkernel] +[buildvmhost] -[rabbitmq_stg] -rabbitmq01.stg.iad2.fedoraproject.org -rabbitmq02.stg.iad2.fedoraproject.org -rabbitmq03.stg.iad2.fedoraproject.org +[beaker] +beaker01.qa.fedoraproject.org -[releng_compose] -compose-branched01.iad2.fedoraproject.org -compose-iot01.iad2.fedoraproject.org -compose-rawhide01.iad2.fedoraproject.org -compose-x86-01.iad2.fedoraproject.org +[qadevel] +qadevel.qa.fedoraproject.org -[releng_compose_eln] -compose-eln01.iad2.fedoraproject.org +[qadevel-stg] +qadevel-stg.qa.fedoraproject.org -[releng_compose_riscv] -compose-x86-riscv01.iad2.fedoraproject.org +[arm-packager] +arm03-packager00.cloud.fedoraproject.org +arm03-packager01.cloud.fedoraproject.org -[releng_compose_stg] -compose-x86-01.stg.iad2.fedoraproject.org +[arm-qa] +arm03-qa00.cloud.fedoraproject.org +arm03-qa01.cloud.fedoraproject.org -[retrace] -retrace03.rdu-cc.fedoraproject.org +[arm-releng] +arm01-releng00.arm.fedoraproject.org +compose-x86-02.phx2.fedoraproject.org -[gdpr_delete] +[arm-retrace] +arm01-retrace01.arm.fedoraproject.org -[certgetter] -certgetter01.iad2.fedoraproject.org +[app-stg] +app01.stg.phx2.fedoraproject.org + +[ask] +ask01.phx2.fedoraproject.org +ask02.phx2.fedoraproject.org + +[ask-stg] +ask01.stg.phx2.fedoraproject.org + +[atomichw] +atomic01.qa.fedoraproject.org [backup] -backup01.iad2.fedoraproject.org +backup02.fedoraproject.org +backup03.phx2.fedoraproject.org -[basset] +# +# This is the list of clients we backup with rdiff-backup. +# +[backup_clients] +collab04.vpn.fedoraproject.org +db01.phx2.fedoraproject.org +db-datanommer01.phx2.fedoraproject.org +hosted04.vpn.fedoraproject.org +hosted-lists01.vpn.fedoraproject.org +lockbox01.phx2.fedoraproject.org +people03.vpn.fedoraproject.org +pkgs01.phx2.fedoraproject.org +log01.phx2.fedoraproject.org +qadevel.cloud.fedoraproject.org +db-qa01.qa.fedoraproject.org -[basset_stg] -# basset01.stg.iad2.fedoraproject.org +[badges-backend] +badges-backend01.phx2.fedoraproject.org + +[badges-backend-stg] +badges-backend01.stg.phx2.fedoraproject.org + +[badges-web] +badges-web01.phx2.fedoraproject.org +badges-web02.phx2.fedoraproject.org + +[badges-web-stg] +badges-web01.stg.phx2.fedoraproject.org + +[bapp] +bapp02.phx2.fedoraproject.org [bastion] -bastion01.iad2.fedoraproject.org -bastion02.iad2.fedoraproject.org -bastion01.rdu3.fedoraproject.org +bastion01.phx2.fedoraproject.org +bastion02.phx2.fedoraproject.org +bastion-comm01.qa.fedoraproject.org -[bastion_stg] -# bastion01.stg.iad2.fedoraproject.org +[blockerbugs] +blockerbugs01.phx2.fedoraproject.org +blockerbugs02.phx2.fedoraproject.org -[bastion_iad2] -bastion01.iad2.fedoraproject.org -bastion02.iad2.fedoraproject.org +[blockerbugs-stg] +blockerbugs01.stg.phx2.fedoraproject.org +blockerbugs-dev.cloud.fedoraproject.org -[bastion_rdu3] -bastion01.rdu3.fedoraproject.org +[bodhi] +bodhi01.phx2.fedoraproject.org +bodhi02.phx2.fedoraproject.org -[centos_ipa_client_stg] -centos-ipa-client01.stg.iad2.fedoraproject.org -centos-ipa-client02.stg.iad2.fedoraproject.org -centos-ipa-client03.stg.iad2.fedoraproject.org -centos-ipa-client04.stg.iad2.fedoraproject.org +[bodhi-stg] +bodhi01.stg.phx2.fedoraproject.org -#[data_reports] -#data-reports01.iad2.fedoraproject.org +[bugzilla2fedmsg] +bugzilla2fedmsg01.phx2.fedoraproject.org + +[bugzilla2fedmsg-stg] +bugzilla2fedmsg01.stg.phx2.fedoraproject.org [bvirthost] -# bvirthost01.stg.iad2.fedoraproject.org -bvmhost-x86-01.iad2.fedoraproject.org -bvmhost-x86-02.iad2.fedoraproject.org -bvmhost-x86-03.iad2.fedoraproject.org -bvmhost-x86-04.iad2.fedoraproject.org -bvmhost-x86-05.iad2.fedoraproject.org -bvmhost-x86-06.iad2.fedoraproject.org -bvmhost-x86-07.iad2.fedoraproject.org -bvmhost-x86-01.stg.iad2.fedoraproject.org -bvmhost-x86-02.stg.iad2.fedoraproject.org -bvmhost-x86-03.stg.iad2.fedoraproject.org -bvmhost-x86-05.stg.iad2.fedoraproject.org -bvmhost-x86-riscv01.iad2.fedoraproject.org -bvmhost-x86-01.rdu3.fedoraproject.org -bvmhost-x86-02.rdu3.fedoraproject.org -bvmhost-x86-03.rdu3.fedoraproject.org -bvmhost-x86-04.rdu3.fedoraproject.org -bvmhost-x86-05.rdu3.fedoraproject.org -bvmhost-x86-06.rdu3.fedoraproject.org -bvmhost-x86-01.stg.rdu3.fedoraproject.org -bvmhost-x86-02.stg.rdu3.fedoraproject.org -bvmhost-x86-03.stg.rdu3.fedoraproject.org +bvirthost04.phx2.fedoraproject.org +bvirthost06.phx2.fedoraproject.org +bvirthost07.phx2.fedoraproject.org +bvirthost08.phx2.fedoraproject.org +bvirthost09.phx2.fedoraproject.org +bvirthost10.phx2.fedoraproject.org +bvirthost11.phx2.fedoraproject.org -[colo_virt] -dedicatedsolutions01.fedoraproject.org +[colo-virt] +bodhost01.fedoraproject.org +coloamer01.fedoraproject.org +ibiblio01.fedoraproject.org ibiblio02.fedoraproject.org -ibiblio05.fedoraproject.org -internetx02.fedoraproject.org +ibiblio03.fedoraproject.org +ibiblio04.fedoraproject.org +internetx01.fedoraproject.org +osuosl01.fedoraproject.org osuosl02.fedoraproject.org -vmhost-x86-cc01.rdu-cc.fedoraproject.org -vmhost-x86-cc02.rdu-cc.fedoraproject.org -vmhost-x86-cc03.rdu-cc.fedoraproject.org -vmhost-x86-cc06.rdu-cc.fedoraproject.org -vmhost-x86-cc05.rdu-cc.fedoraproject.org +osuosl03.fedoraproject.org +serverbeach06.fedoraproject.org +serverbeach07.fedoraproject.org +serverbeach08.fedoraproject.org +serverbeach09.fedoraproject.org +serverbeach10.fedoraproject.org +telia01.fedoraproject.org +tummy01.fedoraproject.org -[ibiblio_virt] -ibiblio02.fedoraproject.org -ibiblio05.fedoraproject.org +[datagrepper] +datagrepper01.phx2.fedoraproject.org +datagrepper02.phx2.fedoraproject.org -[flatpak_cache] -flatpak-cache01.iad2.fedoraproject.org +[datagrepper-stg] +datagrepper01.stg.phx2.fedoraproject.org + +[docs-backend] +docs-backend01.phx2.fedoraproject.org + +[fedimg] +fedimg01.phx2.fedoraproject.org + +[fedimg-stg] +fedimg01.stg.phx2.fedoraproject.org + +[busgateway] +busgateway01.phx2.fedoraproject.org + +[busgateway-stg] +busgateway01.stg.phx2.fedoraproject.org + +# This is a list of hosts that have a fedmsg-hub running, for convenience +[fedmsg-hubs] +badges-backend01.phx2.fedoraproject.org +bugzilla2fedmsg01.phx2.fedoraproject.org +busgateway01.phx2.fedoraproject.org +fedimg01.phx2.fedoraproject.org +notifs-backend01.phx2.fedoraproject.org +pkgs01.phx2.fedoraproject.org +summershum01.phx2.fedoraproject.org + +[fedmsg-hubs-stg] +badges-backend01.stg.phx2.fedoraproject.org +bugzilla2fedmsg01.stg.phx2.fedoraproject.org +busgateway01.stg.phx2.fedoraproject.org +fedimg01.stg.phx2.fedoraproject.org +notifs-backend01.stg.phx2.fedoraproject.org +pkgs01.stg.phx2.fedoraproject.org +summershum01.stg.phx2.fedoraproject.org + +[fedocal] +fedocal01.phx2.fedoraproject.org +fedocal02.phx2.fedoraproject.org + +[fedocal-stg] +fedocal01.stg.phx2.fedoraproject.org + +[gallery-stg] +gallery01.stg.phx2.fedoraproject.org + +[github2fedmsg] +github2fedmsg01.phx2.fedoraproject.org + +[github2fedmsg-stg] +github2fedmsg01.stg.phx2.fedoraproject.org [mailman] -mailman01.iad2.fedoraproject.org +mailman01.phx2.fedoraproject.org +mailman02.phx2.fedoraproject.org -[mailman_stg] -mailman01.stg.iad2.fedoraproject.org +[mailman-stg] +mailman01.stg.phx2.fedoraproject.org -[bodhi_backend] -# This one handles the mashing/releng stuff -bodhi-backend01.iad2.fedoraproject.org -bodhi-backend01.rdu3.fedoraproject.org +[collab] +collab03.fedoraproject.org +collab04.fedoraproject.org -[bodhi_backend_stg] -bodhi-backend01.stg.iad2.fedoraproject.org +[releng] +branched-composer.phx2.fedoraproject.org +rawhide-composer.phx2.fedoraproject.org +releng04.phx2.fedoraproject.org +relepel01.phx2.fedoraproject.org -[sign_bridge] -sign-bridge01.iad2.fedoraproject.org -sign-bridge01.stg.iad2.fedoraproject.org -sign-bridge01.rdu3.fedoraproject.org +# sign servers don't listen to ssh by default. +[sign-bridge] +sign-bridge01.phx2.fedoraproject.org # -# sign vault servers don't listen to ssh by default. -# -[sign_vault] -sign-vault01.stg.iad2.fedoraproject.org -sign-vault01.iad2.fedoraproject.org -sign-vault02.iad2.fedoraproject.org -sign-vault01.rdu3.fedoraproject.org +#[sign-vault] +#sign-vault03.phx2.fedoraproject.org +#sign-vault04.phx2.fedoraproject.org [autosign] -autosign02.iad2.fedoraproject.org +autosign01.phx2.fedoraproject.org -[autosign_stg] -autosign01.stg.iad2.fedoraproject.org +[releng-stg] +releng01.stg.phx2.fedoraproject.org + +[darkserver] +darkserver01.phx2.fedoraproject.org [dbserver] -db01.iad2.fedoraproject.org -db03.iad2.fedoraproject.org -db-fas01.iad2.fedoraproject.org -db-datanommer02.iad2.fedoraproject.org -db-koji01.iad2.fedoraproject.org -db-openqa01.iad2.fedoraproject.org -db-riscv-koji01.iad2.fedoraproject.org +db01.phx2.fedoraproject.org +db04.phx2.fedoraproject.org +db05.phx2.fedoraproject.org +db-fas01.phx2.fedoraproject.org +db-datanommer01.phx2.fedoraproject.org -[dbserver_stg] -db-fas01.stg.iad2.fedoraproject.org -db01.stg.iad2.fedoraproject.org -db03.stg.iad2.fedoraproject.org -db-datanommer01.stg.iad2.fedoraproject.org -db-koji01.stg.iad2.fedoraproject.org -db.stg.aws.fedoraproject.org +[dbserver-stg] +db-fas01.stg.phx2.fedoraproject.org +db02.stg.phx2.fedoraproject.org +db-qa01.qa.fedoraproject.org -[datanommer_dbserver] -db-datanommer02.iad2.fedoraproject.org +[dev] +qa01.dev.fedoraproject.org -[datanommer_dbserver_stg] -db-datanommer01.stg.iad2.fedoraproject.org +[download-phx2] +download01.phx2.fedoraproject.org +download02.phx2.fedoraproject.org +download03.phx2.fedoraproject.org +download04.phx2.fedoraproject.org +download05.phx2.fedoraproject.org -# clients that talk to the main postgres servers -[postgres_clients] +[download-ibiblio] +download-ib02.fedoraproject.org -# clients that talk to the main postgres stg servers -[postgres_clients_stg] -bodhi-backend01.stg.iad2.fedoraproject.org -koji01.stg.iad2.fedoraproject.org - -[download_iad2] -dl01.iad2.fedoraproject.org -dl02.iad2.fedoraproject.org -dl03.iad2.fedoraproject.org -dl04.iad2.fedoraproject.org -dl05.iad2.fedoraproject.org - -[download_ibiblio] -download-ib01.fedoraproject.org - -[download_cc_rdu] -download-cc-rdu01.fedoraproject.org - -[download_tier1] -dl04.iad2.fedoraproject.org -dl05.iad2.fedoraproject.org +[download-rdu2] +download-rdu01.fedoraproject.org +download-rdu02.fedoraproject.org +download-rdu03.fedoraproject.org [download:children] -download_ibiblio -download_cc_rdu -download_iad2 +download-phx2 +download-ibiblio +download-rdu2 + + +[elections] +elections01.phx2.fedoraproject.org +elections02.phx2.fedoraproject.org + +[elections-stg] +elections01.stg.phx2.fedoraproject.org [fas] -# fas01.phx2.fedoraproject.org +fakefas01.fedoraproject.org +fas01.phx2.fedoraproject.org +fas02.phx2.fedoraproject.org +fas03.phx2.fedoraproject.org -[fas_stg] -# fas01.stg.iad2.fedoraproject.org +[fas-stg] +fas01.stg.phx2.fedoraproject.org -[kernel_qa] -kernel02.iad2.fedoraproject.org +[hyperkitty-stg] +lists-dev.cloud.fedoraproject.org + +[hosted] +hosted03.fedoraproject.org +hosted04.fedoraproject.org +hosted-lists01.fedoraproject.org + +[kerneltest] +kerneltest01.phx2.fedoraproject.org +#kerneltest02.phx2.fedoraproject.org + +[kerneltest-stg] +kerneltest01.stg.phx2.fedoraproject.org + +[kernel-qa] +kernel01.qa.fedoraproject.org +kernel02.qa.fedoraproject.org + +[keys] +keys01.fedoraproject.org +keys02.fedoraproject.org [koji] -koji01.iad2.fedoraproject.org -koji02.iad2.fedoraproject.org +koji03.phx2.fedoraproject.org +koji04.phx2.fedoraproject.org +kojipkgs02.phx2.fedoraproject.org -[koji_riscv] -riscv-koji01.iad2.fedoraproject.org - -[koji_stg] -koji01.stg.iad2.fedoraproject.org - -[kojipkgs] -kojipkgs01.iad2.fedoraproject.org -kojipkgs02.iad2.fedoraproject.org +[koji-stg] +koji01.stg.phx2.fedoraproject.org [infracore] -batcave01.iad2.fedoraproject.org -log01.iad2.fedoraproject.org -noc01.iad2.fedoraproject.org +lockbox01.phx2.fedoraproject.org +log01.phx2.fedoraproject.org +noc01.phx2.fedoraproject.org noc02.fedoraproject.org -noc-cc01.rdu-cc.fedoraproject.org -[logging] -log01.iad2.fedoraproject.org -log01.rdu3.fedoraproject.org +[dhcp] +dhcp01.phx2.fedoraproject.org -[batcave] -batcave01.iad2.fedoraproject.org -#batcave13.rdu2.fedoraproject.org - -[batcave_iad2] -batcave01.iad2.fedoraproject.org - -[ipa] -ipa01.iad2.fedoraproject.org -ipa02.iad2.fedoraproject.org -ipa03.iad2.fedoraproject.org - -[ipa_stg] -ipa01.stg.iad2.fedoraproject.org -ipa02.stg.iad2.fedoraproject.org -ipa03.stg.iad2.fedoraproject.org -ipa01.stg.rdu3.fedoraproject.org -ipa02.stg.rdu3.fedoraproject.org -ipa03.stg.rdu3.fedoraproject.org - -[ipsilon_stg] -ipsilon01.stg.iad2.fedoraproject.org - -[ipsilon] -ipsilon01.iad2.fedoraproject.org -ipsilon02.iad2.fedoraproject.org +[lockbox] +lockbox-comm01.qa.fedoraproject.org [nagios] -noc01.iad2.fedoraproject.org +noc01.phx2.fedoraproject.org noc02.fedoraproject.org -noc01.rdu3.fedoraproject.org -[nagios_iad2] -noc01.iad2.fedoraproject.org +[notifs-backend] +notifs-backend01.phx2.fedoraproject.org -[nagios_rdu3] -noc01.rdu3.fedoraproject.org +[notifs-backend-stg] +notifs-backend01.stg.phx2.fedoraproject.org -[noc_rdu_cc] -noc-cc01.rdu-cc.fedoraproject.org +[notifs-web] +notifs-web01.phx2.fedoraproject.org +notifs-web02.phx2.fedoraproject.org + +[notifs-web-stg] +notifs-web01.stg.phx2.fedoraproject.org +notifs-web02.stg.phx2.fedoraproject.org + +[nuancier] +nuancier01.phx2.fedoraproject.org +nuancier02.phx2.fedoraproject.org + +[nuancier-stg] +nuancier01.stg.phx2.fedoraproject.org +nuancier02.stg.phx2.fedoraproject.org + +[fedoauth] +fedoauth01.phx2.fedoraproject.org +fedoauth02.phx2.fedoraproject.org + +[fedoauth-stg] +fedoauth01.stg.phx2.fedoraproject.org [memcached] -memcached02.iad2.fedoraproject.org +memcached01.phx2.fedoraproject.org +memcached02.phx2.fedoraproject.org -[memcached_stg] -memcached02.stg.iad2.fedoraproject.org +[mirrorlist] +mirrorlist-osuosl.fedoraproject.org +mirrorlist-ibiblio.fedoraproject.org +mirrorlist-phx2.phx2.fedoraproject.org +mirrorlist-serverbeach.fedoraproject.org -[mirrorlist_proxies] -proxy01.iad2.fedoraproject.org -proxy02.fedoraproject.org -proxy03.fedoraproject.org -proxy04.fedoraproject.org -proxy05.fedoraproject.org -proxy06.fedoraproject.org -#proxy07.fedoraproject.org -#proxy08.fedoraproject.org -proxy09.fedoraproject.org -proxy10.iad2.fedoraproject.org -proxy11.fedoraproject.org -proxy12.fedoraproject.org -#proxy13.fedoraproject.org -proxy14.fedoraproject.org -proxy30.fedoraproject.org -proxy31.fedoraproject.org -proxy32.fedoraproject.org -proxy33.fedoraproject.org -proxy34.fedoraproject.org -proxy35.fedoraproject.org -proxy36.fedoraproject.org -proxy37.fedoraproject.org -proxy38.fedoraproject.org -proxy39.fedoraproject.org -proxy40.fedoraproject.org -proxy101.iad2.fedoraproject.org -proxy110.iad2.fedoraproject.org - -[people] -people01.fedoraproject.org - -[qahardware] - -[tang] -tang01.iad2.fedoraproject.org -tang02.iad2.fedoraproject.org -tang01.rdu3.fedoraproject.org - -[torrent] -torrent01.fedoraproject.org - -[secondary] -secondary01.iad2.fedoraproject.org +[other] +people03.fedoraproject.org +secondary01.phx2.fedoraproject.org +torrent02.fedoraproject.org [dns] -ns01.iad2.fedoraproject.org -ns02.iad2.fedoraproject.org ns02.fedoraproject.org +ns03.phx2.fedoraproject.org +ns04.phx2.fedoraproject.org ns05.fedoraproject.org -#ns13.rdu2.fedoraproject.org -ns01.rdu3.fedoraproject.org - -[dns_iad2] -ns01.iad2.fedoraproject.org -ns02.iad2.fedoraproject.org - -[dns_rdu3] -ns01.rdu3.fedoraproject.org - -[openqa] -openqa01.iad2.fedoraproject.org - -[openqa_workers] -# xeon gold 5218 (best) -openqa-x86-worker01.iad2.fedoraproject.org -# xeon gold 6130 (second best) -openqa-x86-worker02.iad2.fedoraproject.org -# swapped from lab as 03 is kinda poorly -# xeon e5-2683v4 (third best) -openqa-x86-worker06.iad2.fedoraproject.org -# 2023 newer, more powerful box -openqa-a64-worker04.iad2.fedoraproject.org -# older emags. they're helping! they're helping! -openqa-a64-worker05.iad2.fedoraproject.org -openqa-a64-worker06.iad2.fedoraproject.org - -# openqa-lab and openqa-lab-workers are pseudo-stg, see group_vars/openqa-stg for more details -[openqa_lab] -openqa-lab01.iad2.fedoraproject.org - -[openqa_lab_workers] -# old, busted emags -# this seems to have some broken RAM so it's powered off -openqa-a64-worker01.iad2.fedoraproject.org -openqa-a64-worker02.iad2.fedoraproject.org -openqa-a64-worker03.iad2.fedoraproject.org -openqa-p09-worker01.iad2.fedoraproject.org -openqa-p09-worker02.iad2.fedoraproject.org -# xeon gold 6130 (second best) -openqa-x86-worker04.iad2.fedoraproject.org -# xeon e5-2683v4 (third best) -openqa-x86-worker05.iad2.fedoraproject.org -# prod used to have 01, 02, 03 and lab had 04, 05, 06 which was nice -# and clean, but 03 is weaker hardware and seems to be struggling -# lately, so we swapped 03 and 06 to give prod the best hw -# xeon e5-2680 (worst) -openqa-x86-worker03.iad2.fedoraproject.org - -# the workers that can run networked jobs. each server should have *one* of these per arch -# per tap worker class defined in os-autoinst-distri-fedora (currently there are two -# classes; the purpose of multiple classes is to split the load of tap jobs across -# multiple workers) -[openqa_tap1_workers] -# prod -openqa-x86-worker01.iad2.fedoraproject.org -openqa-a64-worker04.iad2.fedoraproject.org -# lab -openqa-x86-worker04.iad2.fedoraproject.org -openqa-a64-worker03.iad2.fedoraproject.org -openqa-p09-worker01.iad2.fedoraproject.org -[openqa_tap2_workers] -# prod -openqa-x86-worker02.iad2.fedoraproject.org -openqa-a64-worker05.iad2.fedoraproject.org -# lab -openqa-x86-worker05.iad2.fedoraproject.org -openqa-a64-worker02.iad2.fedoraproject.org -openqa-p09-worker02.iad2.fedoraproject.org - -# the workers that run createhdds to create the base disk images. Again, -# only one per arch per instance should be present. -[openqa_hdds_workers] -# prod -openqa-x86-worker01.iad2.fedoraproject.org -openqa-a64-worker04.iad2.fedoraproject.org -# lab -openqa-x86-worker04.iad2.fedoraproject.org -openqa-a64-worker03.iad2.fedoraproject.org -openqa-p09-worker01.iad2.fedoraproject.org - -# common group for variables shared between all openQA boxes -[openqa_all_common:children] -openqa -openqa_lab -openqa_workers -openqa_lab_workers - -# common group for variables shared between prod and stg servers -[openqa_servers_common:children] -openqa -openqa_lab - -# common group for all tap workers -[openqa_tap_workers:children] -openqa_tap1_workers -openqa_tap2_workers +ns-sb01.fedoraproject.org [packages] +packages03.phx2.fedoraproject.org +packages04.phx2.fedoraproject.org -[packages_stg] -# packages03.stg.iad2.fedoraproject.org +[packages-stg] +packages03.stg.phx2.fedoraproject.org + +[paste] +paste01.phx2.fedoraproject.org +paste02.phx2.fedoraproject.org + +[paste-stg] +paste01.stg.phx2.fedoraproject.org + +[pkgdb] +pkgdb01.phx2.fedoraproject.org +pkgdb02.phx2.fedoraproject.org + +[pkgdb-stg] +pkgdb01.stg.phx2.fedoraproject.org [pkgs] -pkgs01.iad2.fedoraproject.org +pkgs01.phx2.fedoraproject.org -[pkgs_stg] -pkgs01.stg.iad2.fedoraproject.org +[pkgs-stg] +pkgs01.stg.phx2.fedoraproject.org -[proxies_external] -proxy01.iad2.fedoraproject.org -proxy01.rdu3.fedoraproject.org +[proxies] +proxy01.phx2.fedoraproject.org proxy02.fedoraproject.org proxy03.fedoraproject.org proxy04.fedoraproject.org -proxy05.fedoraproject.org proxy06.fedoraproject.org -#proxy07.fedoraproject.org -#proxy08.fedoraproject.org +proxy07.fedoraproject.org +proxy08.fedoraproject.org proxy09.fedoraproject.org -proxy10.iad2.fedoraproject.org -proxy10.rdu3.fedoraproject.org -proxy11.fedoraproject.org -proxy12.fedoraproject.org -#proxy13.fedoraproject.org -proxy14.fedoraproject.org -proxy30.fedoraproject.org -proxy31.fedoraproject.org -proxy32.fedoraproject.org -proxy33.fedoraproject.org -proxy34.fedoraproject.org -proxy35.fedoraproject.org -proxy36.fedoraproject.org -proxy37.fedoraproject.org -proxy38.fedoraproject.org -proxy39.fedoraproject.org -proxy40.fedoraproject.org -[proxies_internal] -proxy101.iad2.fedoraproject.org -proxy110.iad2.fedoraproject.org -proxy101.rdu3.fedoraproject.org -proxy110.rdu3.fedoraproject.org +[proxies-stg] +proxy01.stg.phx2.fedoraproject.org -[proxies_ocp4] -proxy01.iad2.fedoraproject.org -proxy10.iad2.fedoraproject.org +[qa] +qa01.dev.fedoraproject.org -[proxies_iad2] -proxy01.iad2.fedoraproject.org -proxy10.iad2.fedoraproject.org -proxy101.iad2.fedoraproject.org -proxy110.iad2.fedoraproject.org +[resultsdb:children] +resultsdb-dev +resultsdb-stg +resultsdb-prod -[proxies_rdu3] -proxy01.rdu3.fedoraproject.org -proxy10.rdu3.fedoraproject.org -proxy101.rdu3.fedoraproject.org -proxy110.rdu3.fedoraproject.org +[resultsdb-stg] +resultsdb-stg01.qa.fedoraproject.org -[proxies:children] -proxies_external -proxies_internal +[resultsdb-dev] +resultsdb-dev01.qa.fedoraproject.org -[proxies_stg] -proxy01.stg.iad2.fedoraproject.org -proxy02.stg.iad2.fedoraproject.org +[resultsdb-prod] +resultsdb01.qa.fedoraproject.org -[relvalconsumer_common] -openqa01.iad2.fedoraproject.org -openqa-lab01.iad2.fedoraproject.org - -# This group should only ever contain *ONE* system -[relvalconsumer] -openqa01.iad2.fedoraproject.org - -[relvalconsumer_test] -openqa-lab01.iad2.fedoraproject.org - -[checkcompose_common] -openqa01.iad2.fedoraproject.org -#openqa-lab01.iad2.fedoraproject.org - -# This group should only ever contain *ONE* system -[checkcompose] -openqa01.iad2.fedoraproject.org - -[checkcompose_stg] -#openqa-lab01.iad2.fedoraproject.org - -[fedora_nightlies] -openqa01.iad2.fedoraproject.org - -[testcase_stats] -openqa01.iad2.fedoraproject.org - -[smtp_mm] +[smtp-mm] smtp-mm-ib01.fedoraproject.org -smtp-mm-osuosl01.fedoraproject.org -smtp-mm-cc-rdu01.fedoraproject.org +smtp-mm-coloamer01.fedoraproject.org +smtp-mm-tummy01.fedoraproject.org -[smtp_auth] -smtp-auth-cc-rdu01.fedoraproject.org - -[zabbix] -zabbix01.iad2.fedoraproject.org - -[zabbix_stg] -zabbix01.stg.iad2.fedoraproject.org - -[spare] # -# All staging hosts should be in this group too. +# All staging hosts should be in this group too. # [staging] -autosign01.stg.iad2.fedoraproject.org -# basset01.stg.iad2.fedoraproject.org -bodhi-backend01.stg.iad2.fedoraproject.org -bvmhost-x86-01.stg.iad2.fedoraproject.org -bvmhost-x86-02.stg.iad2.fedoraproject.org -bvmhost-x86-03.stg.iad2.fedoraproject.org -bvmhost-x86-05.stg.iad2.fedoraproject.org -bvmhost-p09-01.stg.iad2.fedoraproject.org -bvmhost-s390x-01.stg.s390.fedoraproject.org -bvmhost-a64-01.stg.iad2.fedoraproject.org -bvmhost-x86-01.stg.rdu3.fedoraproject.org -bvmhost-x86-02.stg.rdu3.fedoraproject.org -bvmhost-x86-03.stg.rdu3.fedoraproject.org -buildvm-a64-01.stg.iad2.fedoraproject.org -buildvm-a64-02.stg.iad2.fedoraproject.org -buildvm-ppc64le-01.stg.iad2.fedoraproject.org -buildvm-ppc64le-02.stg.iad2.fedoraproject.org -buildvm-ppc64le-03.stg.iad2.fedoraproject.org -buildvm-ppc64le-04.stg.iad2.fedoraproject.org -buildvm-ppc64le-05.stg.iad2.fedoraproject.org -buildvm-s390x-01.stg.s390.fedoraproject.org -buildvm-x86-01.stg.iad2.fedoraproject.org -buildvm-x86-02.stg.iad2.fedoraproject.org -buildvm-x86-03.stg.iad2.fedoraproject.org -buildvm-x86-04.stg.iad2.fedoraproject.org -buildvm-x86-05.stg.iad2.fedoraproject.org -compose-x86-01.stg.iad2.fedoraproject.org -copr-be-dev.aws.fedoraproject.org -#copr-be-dev-temp.aws.fedoraproject.org -copr-dist-git-dev.aws.fedoraproject.org -copr-fe-dev.aws.fedoraproject.org -copr-keygen-dev.aws.fedoraproject.org -copr-pulp-dev.aws.fedoraproject.org -db-datanommer01.stg.iad2.fedoraproject.org -db-fas01.stg.iad2.fedoraproject.org -db-koji01.stg.iad2.fedoraproject.org -db01.stg.iad2.fedoraproject.org -db03.stg.iad2.fedoraproject.org -db.stg.aws.fedoraproject.org -debuginfod01.stg.iad2.fedoraproject.org -oci-candidate-registry01.stg.iad2.fedoraproject.org -oci-registry01.stg.iad2.fedoraproject.org -ipa01.stg.iad2.fedoraproject.org -ipa02.stg.iad2.fedoraproject.org -ipa03.stg.iad2.fedoraproject.org -ipa01.stg.rdu3.fedoraproject.org -ipa02.stg.rdu3.fedoraproject.org -ipa03.stg.rdu3.fedoraproject.org -ipsilon01.stg.iad2.fedoraproject.org -koji01.stg.iad2.fedoraproject.org -mailman01.stg.iad2.fedoraproject.org -memcached02.stg.iad2.fedoraproject.org -os-control01.stg.iad2.fedoraproject.org -pkgs01.stg.iad2.fedoraproject.org -proxy01.stg.iad2.fedoraproject.org -proxy02.stg.iad2.fedoraproject.org -rabbitmq01.stg.iad2.fedoraproject.org -rabbitmq02.stg.iad2.fedoraproject.org -rabbitmq03.stg.iad2.fedoraproject.org -sign-bridge01.stg.iad2.fedoraproject.org -sign-vault01.stg.iad2.fedoraproject.org -sundries01.stg.iad2.fedoraproject.org -sundries02.stg.iad2.fedoraproject.org -value02.stg.iad2.fedoraproject.org -vmhost-x86-01.stg.iad2.fedoraproject.org -vmhost-x86-02.stg.iad2.fedoraproject.org -vmhost-x86-05.stg.iad2.fedoraproject.org -vmhost-x86-06.stg.iad2.fedoraproject.org -vmhost-x86-07.stg.iad2.fedoraproject.org -vmhost-x86-08.stg.iad2.fedoraproject.org -vmhost-x86-09.stg.iad2.fedoraproject.org -vmhost-x86-11.stg.iad2.fedoraproject.org -vmhost-x86-12.stg.iad2.fedoraproject.org -vmhost-x86-01.stg.rdu3.fedoraproject.org -vmhost-x86-02.stg.rdu3.fedoraproject.org -vmhost-x86-03.stg.rdu3.fedoraproject.org -vmhost-x86-04.stg.rdu3.fedoraproject.org -vmhost-x86-05.stg.rdu3.fedoraproject.org -wiki01.stg.iad2.fedoraproject.org -zabbix01.stg.iad2.fedoraproject.org +app01.stg.phx2.fedoraproject.org +ask01.stg.phx2.fedoraproject.org +badges-backend01.stg.phx2.fedoraproject.org +badges-web01.stg.phx2.fedoraproject.org +blockerbugs01.stg.phx2.fedoraproject.org +bodhi01.stg.phx2.fedoraproject.org +bugzilla2fedmsg01.stg.phx2.fedoraproject.org +busgateway01.stg.phx2.fedoraproject.org +datagrepper01.stg.phx2.fedoraproject.org +db02.stg.phx2.fedoraproject.org +db-fas01.stg.phx2.fedoraproject.org +elections01.stg.phx2.fedoraproject.org +fas01.stg.phx2.fedoraproject.org +fedimg01.stg.phx2.fedoraproject.org +fedoauth01.stg.phx2.fedoraproject.org +fedocal01.stg.phx2.fedoraproject.org +github2fedmsg01.stg.phx2.fedoraproject.org +gallery01.stg.phx2.fedoraproject.org +kerneltest01.stg.phx2.fedoraproject.org +koji01.stg.phx2.fedoraproject.org +mailman01.stg.phx2.fedoraproject.org +notifs-backend01.stg.phx2.fedoraproject.org +notifs-web01.stg.phx2.fedoraproject.org +notifs-web02.stg.phx2.fedoraproject.org +nuancier01.stg.phx2.fedoraproject.org +nuancier02.stg.phx2.fedoraproject.org +packages03.stg.phx2.fedoraproject.org +paste01.stg.phx2.fedoraproject.org +pkgdb01.stg.phx2.fedoraproject.org +pkgs01.stg.phx2.fedoraproject.org +proxy01.stg.phx2.fedoraproject.org +releng01.stg.phx2.fedoraproject.org +summershum01.stg.phx2.fedoraproject.org +sundries01.stg.phx2.fedoraproject.org +tagger01.stg.phx2.fedoraproject.org +# until we sort some firewall rules, this host is not in stg. +#taskotron-stg01.qa.fedoraproject.org +value01.stg.phx2.fedoraproject.org +wiki01.stg.phx2.fedoraproject.org -# This is a list of hosts that are a little "friendly" with staging. -# They are exempted from the iptables wall between staging and prod. -# For instance, staging needs to send collectd logs to log01 and smtp mail data -# to bastion (both of which are prod boxen). -[staging_friendly] -noc01.iad2.fedoraproject.org -bastion01.iad2.fedoraproject.org -bastion01.rdu3.fedoraproject.org -bastion02.iad2.fedoraproject.org -batcave01.iad2.fedoraproject.org -certgetter01.iad2.fedoraproject.org -db-openqa01.iad2.fedoraproject.org -dl01.iad2.fedoraproject.org -dl02.iad2.fedoraproject.org -dl03.iad2.fedoraproject.org -dl04.iad2.fedoraproject.org -dl05.iad2.fedoraproject.org -log01.iad2.fedoraproject.org -log01.rdu3.fedoraproject.org -ns01.iad2.fedoraproject.org -ns02.iad2.fedoraproject.org -#openqa-lab01.iad2.fedoraproject.org -openqa-lab01.iad2.fedoraproject.org -proxy01.iad2.fedoraproject.org -proxy01.rdu3.fedoraproject.org -proxy101.iad2.fedoraproject.org -proxy101.rdu3.fedoraproject.org -proxy10.iad2.fedoraproject.org -proxy10.rdu3.fedoraproject.org -proxy110.iad2.fedoraproject.org -proxy110.rdu3.fedoraproject.org -tang01.iad2.fedoraproject.org -tang02.iad2.fedoraproject.org -tang01.rdu3.fedoraproject.org -ns01.rdu3.fedoraproject.org +[summershum] +summershum01.phx2.fedoraproject.org + +[summershum-stg] +summershum01.stg.phx2.fedoraproject.org [sundries] -sundries01.iad2.fedoraproject.org -sundries02.iad2.fedoraproject.org +sundries01.phx2.fedoraproject.org +sundries02.phx2.fedoraproject.org -[sundries_stg] -sundries01.stg.iad2.fedoraproject.org -sundries02.stg.iad2.fedoraproject.org +[sundries-stg] +sundries01.stg.phx2.fedoraproject.org + +[tagger] +tagger01.phx2.fedoraproject.org +tagger02.phx2.fedoraproject.org + +[tagger-stg] +tagger01.stg.phx2.fedoraproject.org + +[taskotron:children] +taskotron-dev +taskotron-stg +taskotron-prod + +[taskotron-dev] +taskotron-dev01.qa.fedoraproject.org + +[taskotron-dev-clients] +taskotron-client26.qa.fedoraproject.org +taskotron-client27.qa.fedoraproject.org +taskotron-client28.qa.fedoraproject.org +taskotron-client29.qa.fedoraproject.org + +[taskotron-stg] +taskotron-stg01.qa.fedoraproject.org + +[taskotron-stg-clients] +taskotron-client11.qa.fedoraproject.org +taskotron-client12.qa.fedoraproject.org +taskotron-client13.qa.fedoraproject.org +taskotron-client14.qa.fedoraproject.org +taskotron-client19.qa.fedoraproject.org +taskotron-client20.qa.fedoraproject.org +taskotron-client21.qa.fedoraproject.org + +[taskotron-prod] +taskotron01.qa.fedoraproject.org + +[taskotron-prod-clients] +taskotron-client22.qa.fedoraproject.org +taskotron-client23.qa.fedoraproject.org +taskotron-client24.qa.fedoraproject.org +taskotron-client25.qa.fedoraproject.org + +[unbound] +unbound-ib01.fedoraproject.org +unbound-telia01.fedoraproject.org +unbound-tummy01.fedoraproject.org +unbound-osuosl01.fedoraproject.org [value] -value02.iad2.fedoraproject.org +value01.phx2.fedoraproject.org -[value_stg] -value02.stg.iad2.fedoraproject.org +[value-stg] +value01.stg.phx2.fedoraproject.org [virthost] -vmhost-x86-01.stg.iad2.fedoraproject.org -vmhost-x86-02.stg.iad2.fedoraproject.org -vmhost-x86-05.stg.iad2.fedoraproject.org -vmhost-x86-06.stg.iad2.fedoraproject.org -vmhost-x86-07.stg.iad2.fedoraproject.org -vmhost-x86-08.stg.iad2.fedoraproject.org -vmhost-x86-09.stg.iad2.fedoraproject.org -vmhost-x86-11.stg.iad2.fedoraproject.org -vmhost-x86-12.stg.iad2.fedoraproject.org -vmhost-x86-01.iad2.fedoraproject.org -vmhost-x86-02.iad2.fedoraproject.org -vmhost-x86-03.iad2.fedoraproject.org -vmhost-x86-04.iad2.fedoraproject.org -vmhost-x86-05.iad2.fedoraproject.org -vmhost-x86-06.iad2.fedoraproject.org -vmhost-x86-08.iad2.fedoraproject.org -qvmhost-x86-01.iad2.fedoraproject.org -qvmhost-x86-02.iad2.fedoraproject.org -vmhost-x86-01.rdu3.fedoraproject.org -vmhost-x86-02.rdu3.fedoraproject.org -vmhost-x86-03.rdu3.fedoraproject.org -vmhost-x86-04.rdu3.fedoraproject.org -vmhost-x86-05.rdu3.fedoraproject.org -vmhost-x86-01.stg.rdu3.fedoraproject.org -vmhost-x86-02.stg.rdu3.fedoraproject.org -vmhost-x86-03.stg.rdu3.fedoraproject.org -vmhost-x86-04.stg.rdu3.fedoraproject.org -vmhost-x86-05.stg.rdu3.fedoraproject.org +virthost01.phx2.fedoraproject.org +virthost03.phx2.fedoraproject.org +virthost04.phx2.fedoraproject.org +virthost05.phx2.fedoraproject.org +virthost06.phx2.fedoraproject.org +virthost07.phx2.fedoraproject.org +virthost08.phx2.fedoraproject.org +virthost09.phx2.fedoraproject.org +virthost10.phx2.fedoraproject.org +virthost12.phx2.fedoraproject.org +virthost14.phx2.fedoraproject.org +virthost15.phx2.fedoraproject.org +virthost16.phx2.fedoraproject.org +virthost17.phx2.fedoraproject.org +virthost18.phx2.fedoraproject.org +virthost-comm01.qa.fedoraproject.org +virthost-comm02.qa.fedoraproject.org +qa04.qa.fedoraproject.org +qa05.qa.fedoraproject.org +qa06.qa.fedoraproject.org +qa07.qa.fedoraproject.org - -#[virthost_cloud] -#virthost-aarch64-os01.fedorainfracloud.org -#virthost-aarch64-os02.fedorainfracloud.org -#virthost-cloud01.fedorainfracloud.org -#virthost-os01.fedorainfracloud.org -#virthost-os02.fedorainfracloud.org -#virthost-os03.fedorainfracloud.org -#storinator01.fedorainfracloud.org -#cloudvmhost-aarch64-01.fedorainfracloud.org - - -[wiki_stg] -wiki01.stg.iad2.fedoraproject.org +[wiki-stg] +wiki01.stg.phx2.fedoraproject.org [wiki] -wiki01.iad2.fedoraproject.org -wiki02.iad2.fedoraproject.org +wiki01.phx2.fedoraproject.org +wiki02.phx2.fedoraproject.org -#[cloud_hardware] -#virthost-aarch64-os01.fedorainfracloud.org -#virthost-aarch64-os02.fedorainfracloud.org -#virthost-cloud01.fedorainfracloud.org -#copr-vmhost01.fedorainfracloud.org +[persistent-cloud] +#fedocal.dev.fedoraproject.org +209.132.184.147 +#copr-fe.cloud.fedoraproject.org +209.132.184.144 +209.132.184.150 +#artboard.cloud.fedoraproject.org +209.132.184.143 +#logstash-dev.cloud.fedoraproject.org +209.132.184.146 +# copr-be.cloud.fedoraproject.org on openstack +209.132.184.142 +#elections-dev +209.132.184.162 +# copr dev instances +copr-be-dev.cloud.fedoraproject.org +copr-fe-dev.cloud.fedoraproject.org +#hrf +hrf.cloud.fedoraproject.org +#shogun-ca.cloud.fedoraproject.org +209.132.184.157 +# bodhi.dev.fedoraproject.org +bodhi.dev.fedoraproject.org +# Koschei instance - ticket 4449 +koschei.cloud.fedoraproject.org -[maintainer_test] -f40-test.fedorainfracloud.org -f41-test.fedorainfracloud.org -f42-test.fedorainfracloud.org -rawhide-test.fedorainfracloud.org -el9-test.fedorainfracloud.org -ppc64le-test.fedorainfracloud.org -ppc64le-test02.fedorainfracloud.org -aarch64-test01.fedorainfracloud.org -aarch64-test02.fedorainfracloud.org +[jenkins-slaves] +# EL-6 builder +209.132.184.165 +# F19 builder +209.132.184.158 +# F20 builder +209.132.184.209 +# RHEL7beta builder +209.132.184.137 -#[aarch64_test] -#aarch64-test01.fedorainfracloud.org -#aarch64-test02.fedorainfracloud.org +[jenkins-cloud] +209.132.184.153 +#jenkins.cloud.fedoraproject.org + + +[jenkins-cloud:children] +jenkins-slaves [osuosl] +fakefas01.fedoraproject.org proxy06.fedoraproject.org +qa01.dev.fedoraproject.org [groupa:children] download bvirthost packages # not yet created +#pkgdb koji +releng dbserver +bapp [groupa] -secondary01.iad2.fedoraproject.org +torrent02.fedoraproject.org +secondary01.phx2.fedoraproject.org [groupb:children] @@ -761,308 +647,29 @@ dns bastion backup infracore -smtp_mm +hosted +collab +smtp-mm memcached virthost -colo_virt +colo-virt [groupc:children] value +qa +unbound +dev staging builders bkernel buildvmhost [groupc] -people01.fedoraproject.org +people03.fedoraproject.org [virtservers:children] -colo_virt +colo-virt virthost bvirthost buildvmhost -#virthost_cloud -[logdetective] -logdetective01.fedorainfracloud.org -logdetective02.fedorainfracloud.org - -[copr_front_aws] -copr-fe.aws.fedoraproject.org - -[copr_back_aws] -copr-be.aws.fedoraproject.org -#copr-be-temp.aws.fedoraproject.org birthday=yes - -[copr_dist_git_aws] -copr-dist-git.aws.fedoraproject.org - -[copr_front_dev_aws] -# stg machine in AWS -copr-fe-dev.aws.fedoraproject.org - -[copr_back_dev_aws] -copr-be-dev.aws.fedoraproject.org -#copr-be-dev-temp.aws.fedoraproject.org birthday=true - -[copr_keygen_aws] -copr-keygen.aws.fedoraproject.org - -[copr_keygen_dev_aws] -copr-keygen-dev.aws.fedoraproject.org - -[copr_dist_git_dev_aws] -copr-dist-git-dev.aws.fedoraproject.org - -[copr_pulp_aws] -#copr-pulp.aws.fedoraproject.org birthday=yes - -[copr_pulp_dev_aws] -copr-pulp-dev.aws.fedoraproject.org - -[copr_aws:children] -copr_front_aws -copr_back_aws -copr_dist_git_aws -copr_keygen_aws -copr_pulp_aws - -[copr_dev_aws:children] -copr_front_dev_aws -copr_back_dev_aws -copr_dist_git_dev_aws -copr_keygen_dev_aws -db_stg_aws -copr_pulp_dev_aws - -[copr_all_instances_aws:children] -copr_aws -copr_dev_aws - -[copr_hypervisor] -vmhost-x86-copr01.rdu-cc.fedoraproject.org -vmhost-x86-copr02.rdu-cc.fedoraproject.org -vmhost-x86-copr03.rdu-cc.fedoraproject.org -vmhost-x86-copr04.rdu-cc.fedoraproject.org -vmhost-p08-copr01.rdu-cc.fedoraproject.org -vmhost-p08-copr02.rdu-cc.fedoraproject.org -vmhost-p09-copr01.rdu-cc.fedoraproject.org - -[db_stg_aws] -db.stg.aws.fedoraproject.org - -[debuginfod] -debuginfod01.iad2.fedoraproject.org - -[debuginfod_stg] -debuginfod01.stg.iad2.fedoraproject.org - -[pagure] -pagure02.fedoraproject.org - -[pagure_stg] -pagure-stg01.fedoraproject.org - -[ocp:children] -os_control -ocp_controlplane -ocp_workers -ocp_boostrap - -[ocp_vms:children] -ocp_boostrap -ocp_controlplane - -[ocp_controlplane] -#ocp01.ocp.iad2.fedoraproject.org -#ocp02.ocp.iad2.fedoraproject.org -#ocp03.ocp.iad2.fedoraproject.org -ocp01.ocp.rdu3.fedoraproject.org -ocp02.ocp.rdu3.fedoraproject.org -ocp03.ocp.rdu3.fedoraproject.org - -[ocp_workers] -worker01.ocp.iad2.fedoraproject.org -worker02.ocp.iad2.fedoraproject.org -worker03.ocp.iad2.fedoraproject.org -worker04.ocp.iad2.fedoraproject.org -worker05.ocp.iad2.fedoraproject.org -worker06.ocp.iad2.fedoraproject.org - -[ocp_boostrap] -bootstrap.ocp.rdu3.fedoraproject.org - -[ocp_stg:children] -os_control_stg -ocp_controlplane_stg -ocp_workers_stg -#ocp_boostrap_stg - -[ocp_vms_stg:children] -#ocp_boostrap_stg -ocp_controlplane_stg - -[ocp_controlplane_stg] -ocp01.ocp.stg.iad2.fedoraproject.org -ocp02.ocp.stg.iad2.fedoraproject.org -ocp03.ocp.stg.iad2.fedoraproject.org - -[ocp_workers_stg] -worker01.ocp.stg.iad2.fedoraproject.org -worker02.ocp.stg.iad2.fedoraproject.org -worker03.ocp.stg.iad2.fedoraproject.org -worker04.ocp.stg.iad2.fedoraproject.org -worker05.ocp.stg.iad2.fedoraproject.org - -#[ocp_boostrap_stg] -#bootstrap.ocp.stg.iad2.fedoraproject.org - -[os_control_stg] -os-control01.stg.iad2.fedoraproject.org -os-control01.stg.rdu3.fedoraproject.org - -[os_control] -os-control01.iad2.fedoraproject.org -os-control01.rdu3.fedoraproject.org - -# registries -[oci_registry] -oci-registry01.iad2.fedoraproject.org -oci-registry02.iad2.fedoraproject.org -oci-candidate-registry01.iad2.fedoraproject.org - -[oci_registry_stg] -oci-registry01.stg.iad2.fedoraproject.org -oci-candidate-registry01.stg.iad2.fedoraproject.org - -## Not the candidate just the top registry -[moby_registry] -oci-registry01.iad2.fedoraproject.org - -## Not the candidate just the top registry -[moby_registry_stg] -oci-registry01.stg.iad2.fedoraproject.org - -[webservers:children] -proxies -ipa -fas - -# -# Hosts in this group have zombie processes for various reasons -# and we want to not alert on those, so to the client nrpe.conf uses -# this group to denote those. -# -[zombie_infested] -# anon git via systemd socket seems to get zombies from time to time -# Ansible from time to time in large runs has zombie threads -pkgs01.iad2.fedoraproject.org -batcave01.iad2.fedoraproject.org -# bodhi-backend01 gets zombies right at the end of pushes -bodhi-backend01.iad2.fedoraproject.org - -[sar] -bodhi-backend01.iad2.fedoraproject.org -bodhi-backend01.rdu3.fedoraproject.org -mailman01.iad2.fedoraproject.org -people01.fedoraproject.org -pagure02.fedoraproject.org -pkgs01.iad2.fedoraproject.org -#wiki01.iad2.fedoraproject.org - -[nfs_servers] -storinator01.rdu-cc.fedoraproject.org - -# communishift -- community openshift -# [virthost_communishift] -# virthost-os01.fedorainfracloud.org -# virthost-os02.fedorainfracloud.org -# virthost-os03.fedorainfracloud.org -# os-storage-node12.fedorainfracloud.org -# os-storage-node13.fedorainfracloud.org -# os-storage-node14.fedorainfracloud.org -# virthost-ppc64le-os01.fedorainfracloud.org -# virthost-aarch64-os01.fedorainfracloud.org -# virthost-aarch64-os02.fedorainfracloud.org - -# [os_proxies] -# os-proxy01.fedorainfracloud.org -# os-proxy02.fedorainfracloud.org - -# -# These are hosts and groups that do not use linux-system-roles/network for configuring network -# The cloud_aws hosts have network all setup by cloud-init and/or provider. -# The ibiblio hosts are using port bonding. Someday we need to configure it via linux-sys-roles. -# -[no_linux_system_roles:children] -cloud_aws -buildvm_s390x_stg -bvmhost_s390x - -[iad2:children] -iad2_production -iad2_staging - -[iad2_production:children] -backup -bastion_iad2 -batcave_iad2 -bodhi_backend -buildhw -buildvm -buildvm_aarch64 -buildvm_ppc64le -bkernel -bvirthost -certgetter -dbserver -debuginfod -dns_iad2 -download_iad2 -flatpak_cache -ipa -ipsilon -koji -kojipkgs -logging -mailman -memcached -nagios_iad2 -oci_registry -openqa -openqa_lab -openqa_lab_workers -openqa_workers -pkgs -proxies_iad2 -qahardware -rabbitmq -releng_compose -secondary -sundries -tang -value -virthost -wiki - -[iad2_staging:children] -bastion_stg -bodhi_backend_stg -buildvm_stg -buildvm_ppc64le_stg -buildvm_aarch64_stg -dbserver_stg -debuginfod_stg -ipa_stg -ipsilon_stg -koji_stg -memcached_stg -oci_registry_stg -pkgs_stg -proxies_stg -rabbitmq_stg -releng_compose_stg -sundries_stg -value_stg -wiki_stg -zabbix_stg diff --git a/inventory/zzz-inventory.config b/inventory/zzz-inventory.config deleted file mode 100644 index bc661631da..0000000000 --- a/inventory/zzz-inventory.config +++ /dev/null @@ -1,19 +0,0 @@ -plugin: constructed -strict: False -compose: -groups: - iad2: ('iad2.fedoraproject.org' in ansible_domain) - iad2_guests: ('iad2.fedoraproject.org' in ansible_domain and 'guest' in ansible_virtualization_role) - iad2_hosts: ('iad2.fedoraproject.org' in ansible_domain and 'host' in ansible_virtualization_role) -keyed_groups: - - prefix: distro - key: ansible_distribution - - - prefix: vmhost - key: vmhost - - - prefix: datacenter - key: datacenter - - - prefix: virt - key: ansible_virtualization_role diff --git a/library/delete_old_oci_images.py b/library/delete_old_oci_images.py deleted file mode 100644 index 981c5da8cd..0000000000 --- a/library/delete_old_oci_images.py +++ /dev/null @@ -1,171 +0,0 @@ -#!/usr/bin/python3 -# -*- coding: utf-8 -*- -# -# delete_old_oci_images.py - Ansible module that returns old images from a container registry -# -# Copyright (C) 2019 Red Hat, Inc. -# SPDX-License-Identifier: GPL-2.0+ -# -DOCUMENTATION = """ ---- -author: - - "Clément Verna " -module: delete_old_oci_images -short_description: Check for old OCI images in a registry and delete them. -description: - - Look for OCI images tag in a registry that are older than "days". - - Delete the OCI images tag from these old images. -options: - registry: - description: - - URL of the registry to use. - required: False - default: "https://candidate-registry.fedoraproject.org" - days: - description: - - Number of days used to check if we want to delete or keep and image tag. - required: True - username: - description: - - Username uses to login against the registry. - required: True - password: - description: - - Password used to login against the registry. - required: True -""" - -EXAMPLES = """ -- delete_old_oci_images: - days: 30 - username: "{{ secret_username }}" - password: "{{ secret_password }}" - -- delete_old_oci_images: - registry: "https://candidate-registry.stg.fedoraproject.org" - days: 10 - username: "{{ secret_stg_username }}" - password: "{{ secret_stg_password }}" -""" - -from ansible.module_utils.basic import * -from datetime import datetime, timedelta - - -def main(): - """ - Ensure that images that are at least 'days' old are deleted - from the registry. - """ - module_args = dict( - registry=dict( - type="str", required=False, default="https://candidate-registry.fedoraproject.org" - ), - days=dict(type="int", required=True), - username=dict(type="str", required=True), - password=dict(type="str", required=True, no_log=True), - ) - - module = AnsibleModule(argument_spec=module_args, supports_check_mode=True) - - try: - import requests - - headers = { - "Accept": "application/vnd.docker.distribution.manifest.v2+json,"\ - "application/vnd.oci.image.index.v1+json,"\ - "application/vnd.oci.image.manifest.v1+json,"\ - "application/vnd.docker.distribution.manifest.list.v2+json"\ - } - except ImportError: - module.fail_json(msg="the requests python module not found on the target system") - - result = {"failed": False, "stdout_lines": []} - check_mode = module.check_mode - registry = module.params["registry"] - days = module.params["days"] - username = module.params["username"] - password = module.params["password"] - - # Prepare the requests session - s = requests.Session() - - # Retry in case of failed connection - adapter = requests.adapters.HTTPAdapter(max_retries=5) - s.mount("http://", adapter) - s.mount("https://", adapter) - - # Set the correct headers - s.headers.update(headers) - # Set the authentication - s.auth = (username, password) - - # Get the list of repositories in the registry (Assume we have less than 500) - resp = s.get("{}/v2/_catalog?n=500".format(registry)) - if not resp.ok: - module.fail_json( - msg="Failed to get the list of images on the {}".format(registry), failed=True - ) - - repositories = resp.json().get("repositories") - - # For each repository found get all the tags - for repo in repositories: - resp = s.get("{}/v2/{}/tags/list".format(registry, repo)) - if not resp.ok: - result["stdout_lines"].append("Failed to get the list of tags for {}".format(repo)) - - image = resp.json() - # Log the repositories that don't have any tags - if image["tags"] is None: - result["stdout_lines"].append("{} does not have any tags".format(repo)) - continue - # For each tag get the maninfest - for tag in image["tags"]: - resp = s.get("{}/v2/{}/manifests/{}".format(registry, repo, tag)) - if not resp.ok: - result["stdout_lines"].append( - "Failed to get the manifest for {}:{}".format(repo, tag) - ) - - # For each tag get the blobs - config = resp.json().get("config") - if config is not None: - digest = config.get("digest") - resp = s.get("{}/v2/{}/blobs/{}".format(registry, repo, digest)) - if not resp.ok: - result["stdout_lines"].append( - "Failed to get the blob for {}:{}".format(repo, digest) - ) - - # Find when a blob was created - age = resp.json().get("created") - if age is None: - result["stdout_lines"].append( - "Could not get date for {}:{} -- skipping".format(repo, digest) - ) - continue - # Check if the blob is older than "days" - if datetime.strptime(age[:10], "%Y-%m-%d") <= datetime.now() - timedelta(days=days): - if not check_mode: - # Delete the tag - resp = s.get("{}/v2/{}/manifests/{}".format(registry, repo, tag)) - digest = resp.headers["Docker-Content-Digest"] - resp = s.delete("{}/v2/{}/manifests/{}".format(registry, repo, digest)) - if resp.ok: - result["changed"] = True - else: - module.fail_json( - msg="Failed to delete {}:{} with the error : {}".format( - repo, tag, resp.text - ), - failed=True, - ) - else: - result["stdout_lines"].append("would delete {}:{}".format(repo, tag)) - result["changed"] = True - - module.exit_json(**result) - - -main() diff --git a/library/python3_fact.py b/library/python3_fact.py deleted file mode 100644 index 0d9c569a1b..0000000000 --- a/library/python3_fact.py +++ /dev/null @@ -1,85 +0,0 @@ -#!/usr/bin/env python - -import json -from subprocess import check_output - -from ansible.module_utils.basic import AnsibleModule - - -DOCUMENTATION = r''' ---- -module: python3_fact - -short_description: Add Ansible facts about the Python3 installation - -# If this is part of a collection, you need to use semantic versioning, -# i.e. the version is of the form "2.5.0" and not "2.4". -version_added: "1.0.0" - -description: Ansible facts will be added about the following Python3 - -author: - - Aurelien Bompard (@abompard) -''' - -EXAMPLES = r''' -# In ansible.cfg - -facts_modules = smart, python3_fact - -# Ansible facts dump: - -$ ansible -m debug -a var=ansible_facts hostname -"ansible_facts": { - ... - "python3": { - "sitelib": "/usr/lib/python3.11/site-packages" - }, - ... -} -''' - -RETURN = r''' -sitelib: - description: The full path to the site-packages directory. - type: str - returned: always - sample: '/usr/lib/python3.11/site-packages' -''' - -PYCODE = """ -from json import dumps -from sysconfig import get_path, get_scheme_names -from sys import version_info -scheme = "rpm_prefix" if "rpm_prefix" in get_scheme_names() else "posix_prefix" -print(dumps({ - "sitelib": get_path("purelib", scheme), - "sitearch": get_path("platlib", scheme), - "version": f"{version_info.major}.{version_info.minor}", -})) -""" - - - -def run_module(): - module = AnsibleModule( - argument_spec={}, - supports_check_mode=True - ) - try: - output = check_output([ - "python3", "-c", - PYCODE, - ]) - except OSError: - module.exit_json(changed=False, ansible_facts=dict()) - else: - module.exit_json(changed=False, ansible_facts=dict(python3=json.loads(output.strip()))) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/library/virt_boot b/library/virt_boot deleted file mode 100755 index 6280297e14..0000000000 --- a/library/virt_boot +++ /dev/null @@ -1,299 +0,0 @@ -#!/usr/bin/python3 -# -*- coding: utf-8 -*- - -# (c) 2012, Jeroen Hoekx -# -# This file is part of Ansible -# -# Ansible is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Ansible is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -DOCUMENTATION = ''' ---- -author: Jeroen Hoekx -module: virt_boot -short_description: Define libvirt boot parameters -description: - - "This module configures the boot order or boot media of a libvirt virtual - machine. A guest can be configured to boot from network, hard disk, floppy, - cdrom or a direct kernel boot. Specific media can be attached for cdrom, - floppy and direct kernel boot." - - This module requires the libvirt module. -version_added: "0.8" -options: - domain: - description: - - The name of the libvirt domain. - required: true - boot: - description: - - "Specify the boot order of the virtual machine. This is a comma-separated - list of: I(fd), I(hd), I(cdrom) and I(network)." - required: false - bootmenu: - choices: [ "yes", "no" ] - description: - - Enable or disable the boot menu. - required: false - kernel: - description: - - The path of the kernel to boot. - required: false - initrd: - description: - - The path of the initrd to boot. - required: false - cmdline: - description: - - The command line to boot the kernel with. - required: false - device: - default: hdc - description: - - The libvirt device name of the cdrom/floppy. - required: false - image: - description: - - The image to connect to the cdrom/floppy device. - required: false - start: - choices: [ "yes", "no" ] - default: yes - description: - - Start the guest after configuration. - required: false -examples: - - description: Boot from a cdrom image. - code: virt_boot domain=archrear image=/srv/rear/archrear/rear-archrear.iso boot=cdrom - - description: Boot from the local disk. - code: virt_boot domain=archrear boot=hd - - description: Boot a specific kernel with a special command line. - code: virt_boot domain=archrear kernel={{ storage }}/kernel-archrear initrd={{ storage }}/initramfs-archrear.img cmdline="root=/dev/ram0 vga=normal rw" - - description: Boot from the harddisk and if that fails from the network. - code: virt_boot domain=archrear boot=hd,network - - description: Enable the boot menu. - code: virt_boot domain=archrear bootmenu=yes -requirements: [ "libvirt" ] -notes: - - Run this on the libvirt host. - - I(kernel) and I(boot) are mutually exclusive. - - This module does not change a running system. A shutdown/restart is required. -''' - -import sys - -try: - import xml.etree.ElementTree as ET - from xml.etree.ElementTree import SubElement -except ImportError: - try: - import elementtree.ElementTree as ET - from elementtree.ElementTree import SubElement - except ImportError: - print("failed=True msg='ElementTree python module unavailable'") - -try: - import libvirt -except ImportError: - print("failed=True msg='libvirt python module unavailable'") - sys.exit(1) - -from ansible.module_utils.basic import AnsibleModule - -def get_disk(doc, device): - for disk in doc.findall('.//disk'): - target = disk.find('target') - if target is not None: - if target.get('dev','') == device: - return disk - -def attach_disk(domain, doc, device, image): - disk = get_disk(doc, device) - if disk is not None: - source = disk.find('source') - if source is not None and source.get('file') == image: - return False - - xml = ''' - - - - '''.format(path=image, dev=device) - domain.updateDeviceFlags(xml, libvirt.VIR_DOMAIN_AFFECT_CONFIG) - return True - -def detach_disk(domain, doc, device): - disk = get_disk(doc, device) - if disk is not None: - source = disk.find('source') - if source is not None and 'file' in source.attrib: - del source.attrib['file'] - domain.updateDeviceFlags(ET.tostring(disk).decode('utf-8'), libvirt.VIR_DOMAIN_AFFECT_CONFIG) - return True - return False - -def main(): - - module = AnsibleModule( - argument_spec = dict( - domain=dict(required=True, aliases=['guest']), - boot=dict(), - bootmenu=dict(type='bool'), - kernel=dict(), - initrd=dict(), - cmdline=dict(), - device=dict(default='hdc'), - image=dict(), - start=dict(type='bool', default='yes'), - ), - required_one_of = [['boot','kernel','image','bootmenu']], - mutually_exclusive = [['boot','kernel']] - ) - - params = module.params - - domain_name = params['domain'] - - bootmenu = module.boolean(params['bootmenu']) - - boot = params['boot'] - kernel = params['kernel'] - initrd = params['initrd'] - cmdline = params['cmdline'] - - device = params['device'] - image = params['image'] - - start = module.boolean(params['start']) - - changed = False - - conn = libvirt.open("qemu:///system") - domain = conn.lookupByName(domain_name) - - doc = ET.fromstring( domain.XMLDesc(libvirt.VIR_DOMAIN_XML_INACTIVE) ) - - ### Connect image - if image: - changed = changed or attach_disk(domain, doc, device, image) - if not boot and not kernel: - module.exit_json(changed=changed, image=image, device=device) - else: - changed = changed or detach_disk(domain, doc, device) - - if changed: - doc = ET.fromstring( domain.XMLDesc(libvirt.VIR_DOMAIN_XML_INACTIVE) ) - - ### Boot ordering - os = doc.find('os') - boot_list = os.findall('boot') - kernel_el = os.find('kernel') - initrd_el = os.find('initrd') - cmdline_el = os.find('cmdline') - - ### traditional boot - if boot: - if kernel_el is not None: - changed = True - os.remove(kernel_el) - if initrd_el is not None: - changed = True - os.remove(initrd_el) - if cmdline_el is not None: - changed = True - os.remove(cmdline_el) - - items = boot.split(',') - if boot_list: - needs_change = False - if len(items) == len(boot_list): - for (boot_el, dev) in zip(boot_list, items): - if boot_el.get('dev') != dev: - needs_change = True - else: - needs_change = True - - if needs_change: - changed = True - for boot_el in boot_list: - os.remove(boot_el) - for item in items: - boot_el = SubElement(os, 'boot') - boot_el.set('dev', item) - else: - changed = True - for item in items: - boot_el = SubElement(os, 'boot') - boot_el.set('dev', item) - ### direct kernel boot - elif kernel: - if boot_list: - ### libvirt alwas adds boot=hd using direct kernel boot - if not (len(boot_list)==1 and boot_list[0].get('dev')=='hd'): - changed = True - for boot_el in boot_list: - os.remove(boot_el) - - if kernel_el is not None: - if kernel_el.text != kernel: - changed = True - kernel_el.text = kernel - else: - changed = True - kernel_el = SubElement(os, 'kernel') - kernel_el.text = kernel - - if initrd_el is not None: - if initrd_el.text != initrd: - changed = True - initrd_el.text = initrd - else: - changed = True - initrd_el = SubElement(os, 'initrd') - initrd_el.text = initrd - - if cmdline_el is not None: - if cmdline_el.text != cmdline: - changed = True - cmdline_el.text = cmdline - else: - changed = True - cmdline_el = SubElement(os, 'cmdline') - cmdline_el.text = cmdline - - ### Enable/disable bootmenu - bootmenu_el = os.find('bootmenu') - if bootmenu and bootmenu_el is not None: - bootmenu_enabled = bootmenu_el.get('enable') - if bootmenu_enabled != 'yes': - changed = True - bootmenu_el.set('enable', 'yes') - elif bootmenu: - bootmenu_el = SubElement(os, 'bootmenu') - bootmenu_el.set('enable', 'yes') - changed = True - elif bootmenu_el is not None: - os.remove(bootmenu_el) - changed = True - - ### save back - conn.defineXML( ET.tostring(doc).decode('utf-8') ) - - if start and not domain.isActive(): - changed = True - domain.create() - - module.exit_json(changed=changed) - -if __name__ == '__main__': - main() diff --git a/main.yml b/main.yml deleted file mode 100644 index fd069e6685..0000000000 --- a/main.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -## -## This is the master playbook. It includes all the other playbooks. -## Usually you would call it with a -t tagname to only run a specific tag -## over all machines. -## -## some common ones: -## -t apache -> run when tasks/apache.yml changes. -## -## -## -## group playbooks -## -- import_playbook: /srv/web/infra/ansible/playbooks/groups/backup-server.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/bastion.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/batcave.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/bodhi-backend.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/buildhw.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/buildvm.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/certgetter.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/copr-backend.yml -# - import_playbook: /srv/web/infra/ansible/playbooks/groups/copr-db.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/copr-dist-git.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/copr-frontend.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/copr-hypervisor.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/copr-keygen.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/debuginfod.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/dns.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/download.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/flatpak-cache.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/ipa.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/ipsilon.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/koji-hub.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/kojipkgs.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/logserver.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/mailman.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/maintainer-test.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/mariadb-server.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/memcached.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/nfs-servers.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/noc.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/os-control.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/oci-registry.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/openqa-workers.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/openqa.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/pagure.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/people.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/pkgs.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/postgresql-server.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/proxies.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/rabbitmq.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/releng-compose.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/retrace.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/secondary.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/sign-bridge.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/smtp-mm.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/smtp-auth.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/sundries.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/tang.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/torrent.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/value.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/virthost.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/wiki.yml - -# -# host playbooks -# - -- import_playbook: /srv/web/infra/ansible/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml diff --git a/master.yml b/master.yml new file mode 100644 index 0000000000..cb2114343a --- /dev/null +++ b/master.yml @@ -0,0 +1,93 @@ +--- +# +# This is the master playbook. It includes all the other playbooks. +# Usually you would call it with a -t tagname to only run a specific tag +# over all machines. +# +# some common ones: +# -t fedmsgconfig -> runs fedmsg/base config over all playbooks +# -t apache -> run when tasks/apache.yml changes. +# + +# +# group playbooks +# +- include: /srv/web/infra/ansible/playbooks/groups/arm-packager.yml +- include: /srv/web/infra/ansible/playbooks/groups/arm-qa.yml +- include: /srv/web/infra/ansible/playbooks/groups/arm-releng.yml +- include: /srv/web/infra/ansible/playbooks/groups/arm-retrace.yml +- include: /srv/web/infra/ansible/playbooks/groups/ask.yml +- include: /srv/web/infra/ansible/playbooks/groups/atomic.yml +- include: /srv/web/infra/ansible/playbooks/groups/autosign.yml +- include: /srv/web/infra/ansible/playbooks/groups/backup-server.yml +- include: /srv/web/infra/ansible/playbooks/groups/badges-backend.yml +- include: /srv/web/infra/ansible/playbooks/groups/badges-web.yml +- include: /srv/web/infra/ansible/playbooks/groups/beaker.yml +- include: /srv/web/infra/ansible/playbooks/groups/bodhi.yml +- include: /srv/web/infra/ansible/playbooks/groups/bugzilla2fedmsg.yml +- include: /srv/web/infra/ansible/playbooks/groups/buildhw.yml +- include: /srv/web/infra/ansible/playbooks/groups/buildvm.yml +- include: /srv/web/infra/ansible/playbooks/groups/busgateway.yml +- include: /srv/web/infra/ansible/playbooks/groups/composers.yml +- include: /srv/web/infra/ansible/playbooks/groups/datagrepper.yml +- include: /srv/web/infra/ansible/playbooks/groups/dhcp.yml +- include: /srv/web/infra/ansible/playbooks/groups/docs-backend.yml +- include: /srv/web/infra/ansible/playbooks/groups/download.yml +- include: /srv/web/infra/ansible/playbooks/groups/elections.yml +- include: /srv/web/infra/ansible/playbooks/groups/fedimg.yml +- include: /srv/web/infra/ansible/playbooks/groups/fedoauth.yml +- include: /srv/web/infra/ansible/playbooks/groups/fedocal.yml +- include: /srv/web/infra/ansible/playbooks/groups/gallery.yml +- include: /srv/web/infra/ansible/playbooks/groups/github2fedmsg.yml +- include: /srv/web/infra/ansible/playbooks/groups/jenkins-cloud.yml +- include: /srv/web/infra/ansible/playbooks/groups/kerneltest.yml +- include: /srv/web/infra/ansible/playbooks/groups/keyserver.yml +- include: /srv/web/infra/ansible/playbooks/groups/koji-hub.yml +- include: /srv/web/infra/ansible/playbooks/groups/lockbox.yml +- include: /srv/web/infra/ansible/playbooks/groups/mailman.yml +- include: /srv/web/infra/ansible/playbooks/groups/mirrorlist.yml +- include: /srv/web/infra/ansible/playbooks/groups/memcached.yml +- include: /srv/web/infra/ansible/playbooks/groups/noc.yml +- include: /srv/web/infra/ansible/playbooks/groups/notifs-backend.yml +- include: /srv/web/infra/ansible/playbooks/groups/notifs-web.yml +- include: /srv/web/infra/ansible/playbooks/groups/nuancier.yml +- include: /srv/web/infra/ansible/playbooks/groups/packages.yml +- include: /srv/web/infra/ansible/playbooks/groups/paste.yml +- include: /srv/web/infra/ansible/playbooks/groups/pkgdb.yml +- include: /srv/web/infra/ansible/playbooks/groups/postgresl-server.yml +- include: /srv/web/infra/ansible/playbooks/groups/resultsdb-prod.yml +- include: /srv/web/infra/ansible/playbooks/groups/resultsdb-dev.yml +- include: /srv/web/infra/ansible/playbooks/groups/resultsdb-stg.yml +- include: /srv/web/infra/ansible/playbooks/groups/smtp-mm.yml +- include: /srv/web/infra/ansible/playbooks/groups/summershum.yml +- include: /srv/web/infra/ansible/playbooks/groups/sundries.yml +- include: /srv/web/infra/ansible/playbooks/groups/tagger.yml +- include: /srv/web/infra/ansible/playbooks/groups/taskotron-prod.yml +- include: /srv/web/infra/ansible/playbooks/groups/taskotron-prod-clients.yml +- include: /srv/web/infra/ansible/playbooks/groups/taskotron-dev.yml +- include: /srv/web/infra/ansible/playbooks/groups/taskotron-dev-clients.yml +- include: /srv/web/infra/ansible/playbooks/groups/taskotron-stg.yml +- include: /srv/web/infra/ansible/playbooks/groups/taskotron-stg-clients.yml +- include: /srv/web/infra/ansible/playbooks/groups/unbound.yml +- include: /srv/web/infra/ansible/playbooks/groups/value.yml +- include: /srv/web/infra/ansible/playbooks/groups/virthost.yml +- include: /srv/web/infra/ansible/playbooks/groups/wiki.yml + +# +# host playbooks +# + +- include: /srv/web/infra/ansible/playbooks/hosts/artboard.cloud.fedoraproject.org.yml +- include: /srv/web/infra/ansible/playbooks/hosts/blockerbugs-dev.cloud.fedoraproject.org.yml +- include: /srv/web/infra/ansible/playbooks/hosts/bodhi.dev.fedoraproject.org.yml +- include: /srv/web/infra/ansible/playbooks/hosts/copr-be.cloud.fedoraproject.org.yml +- include: /srv/web/infra/ansible/playbooks/hosts/copr-be-dev.cloud.fedoraproject.org.yml +- include: /srv/web/infra/ansible/playbooks/hosts/copr-fe.cloud.fedoraproject.org.yml +- include: /srv/web/infra/ansible/playbooks/hosts/copr-fe-dev.cloud.fedoraproject.org.yml +- include: /srv/web/infra/ansible/playbooks/hosts/elections-dev.cloud.fedoraproject.org.yml +- include: /srv/web/infra/ansible/playbooks/hosts/fedocal.dev.fedoraproject.org.yml +- include: /srv/web/infra/ansible/playbooks/hosts/hrf.cloud.fedoraproject.org.yml +- include: /srv/web/infra/ansible/playbooks/hosts/lists-dev.cloud.fedoraproject.org.yml +- include: /srv/web/infra/ansible/playbooks/hosts/logserver.yml +- include: /srv/web/infra/ansible/playbooks/hosts/logstash-dev.cloud.fedoraproject.org.yml +- include: /srv/web/infra/ansible/playbooks/hosts/shogun-ca.cloud.fedoraproject.org.yml diff --git a/playbooks/check-for-nonvirt-updates.yml b/playbooks/check-for-nonvirt-updates.yml deleted file mode 100644 index 1195bbc0f3..0000000000 --- a/playbooks/check-for-nonvirt-updates.yml +++ /dev/null @@ -1,62 +0,0 @@ -# -# simple playbook to check all hosts and see how many updates they have pending. -# It could be a lot faster if we didn't gather facts, but we need that for yum vs dnf checking -# -# If you want a pretty sorted list, you need to post process the output here with something -# like: -# -# time ansible-playbook check-for-updates.yml | grep msg\": | awk -F: '{print $2}' | sort -# - ---- -- name: Check for updates (EL) - hosts: virt_host:&distro_RedHat - gather_facts: false - - tasks: - - - name: Check for updates (yum) - yum: list=updates update_cache=true - register: yumoutput - - - debug: msg="{{ inventory_hostname}} {{ yumoutput.results|length }}" - -- name: Check for updates (Fedora) - hosts: virt_host:&distro_Fedora - gather_facts: false - - tasks: - - - name: Check for updates (dnf) - dnf: list=updates - register: dnfoutput - - - debug: msg="{{ inventory_hostname}} {{ dnfoutput.results|length }}" - -# -# For some reason ansible detects aarch64/armv7 hosts as virt type "NA" -# - -- name: Check for updates (aarch64/armv7) EL - hosts: virt_NA:&distro_RedHat - gather_facts: false - - tasks: - - - name: Check for updates (yum) - yum: list=updates update_cache=true - register: yumoutput - - - debug: msg="{{ inventory_hostname}} {{ yumoutput.results|length }}" - -- name: Check for updates (aarch64/armv7) Fedora - hosts: virt_NA:&distro_Fedora - gather_facts: false - - tasks: - - - name: Check for updates (dnf) - dnf: list=updates - register: dnfoutput - - - debug: msg="{{ inventory_hostname}} {{ dnfoutput.results|length }}" diff --git a/playbooks/check-for-updates.yml b/playbooks/check-for-updates.yml deleted file mode 100644 index f1f554d39c..0000000000 --- a/playbooks/check-for-updates.yml +++ /dev/null @@ -1,43 +0,0 @@ -# -# simple playbook to check all hosts and see how many updates they have pending. -# It could be a lot faster if we didn't gather facts, but we need that for yum vs dnf checking -# -# If you want a pretty sorted list, you need to post process the output here with something -# like: -# -# time ansible-playbook check-for-updates.yml | grep msg\": | awk -F: '{print $2}' | sort -# - ---- -- name: Check for updates - hosts: distro_RedHat:distro_CentOS:!ocp*:!worker* - gather_facts: false - - tasks: - - - name: Check for updates (yum) - yum: list=updates update_cache=true - register: yumoutput - - - debug: msg="{{ inventory_hostname}} {{ yumoutput.results|length }}" - when: yumoutput.results|length > 0 - -- name: Check for updates - hosts: distro_Fedora:!ocp*:!worker* - gather_facts: false - - tasks: - -# -# We use the command module here because the real module can't expire -# - - - name: Make dnf recheck for new metadata from repos - ansible.builtin.command: dnf clean expire-cache - - - name: Check for updates (dnf) - dnf: list=updates - register: dnfoutput - - - debug: msg="{{ inventory_hostname}} {{ dnfoutput.results|length }}" - when: dnfoutput.results|length > 0 diff --git a/playbooks/check-host.yml b/playbooks/check-host.yml deleted file mode 100644 index b09d1337ba..0000000000 --- a/playbooks/check-host.yml +++ /dev/null @@ -1,302 +0,0 @@ -# tags defined: [check], services, updates, restart, fileverify, iptables, selinux -# for the fix part, I guess its better to include the role(s) for particular host that brings the system -# to the desired state in terms of: services, updates, file verification, iptables, nftables, and selinux ---- -- hosts: "{{ target }}" - user: root - vars: - - datadir_prfx_path: "/var/tmp/ansible-chk-host/" - - tasks: - - - name: Create temp dir for collecting info - ansible.builtin.shell: mktemp -d - register: temp_dir - changed_when: false - - - name: Get list of active loaded services with systemctl - ansible.builtin.shell: '/bin/systemctl -t service --no-legend | egrep "loaded active" | tr -s " " | cut -d " " -f1' - changed_when: false - when: ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora' - register: loaded_active_services_systemctl - tags: - - check - - services - - - name: Get list of active loaded services with systemctl - ansible.builtin.shell: '/bin/systemctl -t service --no-legend | egrep "loaded active" | tr -s " " | cut -d " " -f1' - changed_when: false - when: ansible_distribution_major_version|int > 6 and ansible_distribution == 'RedHat' - register: loaded_active_services_systemctl - tags: - - check - - services - - - name: Get list of inactive loaded services with systemctl - ansible.builtin.shell: '/bin/systemctl -t service --no-legend | egrep -v "loaded active" | tr -s " " | cut -d " " -f1' - changed_when: false - when: ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora' - register: loaded_inactive_services_systemctl - tags: - - check - - services - - - name: Get list of inactive loaded services with systemctl - ansible.builtin.shell: '/bin/systemctl -t service --no-legend | egrep -v "loaded active" | tr -s " " | cut -d " " -f1' - changed_when: false - when: ansible_distribution_major_version|int > 6 and ansible_distribution == 'RedHat' - register: loaded_inactive_services_systemctl - tags: - - check - - services - - - - name: Get list of enabled services with chkconfig at current runlevel - ansible.builtin.shell: "chkconfig | grep \"`runlevel | cut -d ' ' -f 2`:on\" | awk '{print $1}'" - changed_when: false - when: ansible_distribution_major_version|int <= 6 and ansible_distribution == 'RedHat' - register: enabled_services_chkconfig - tags: - - check - - services - - - name: Get list of disabled services with chkconfig at current runlevel - ansible.builtin.shell: "chkconfig | grep \"`runlevel | cut -d ' ' -f 2`:off\" | awk '{print $1}'" - changed_when: false - when: ansible_distribution_major_version|int <= 6 and ansible_distribution == 'RedHat' - register: disabled_services_chkconfig - tags: - - check - - services - - - - name: Output enabled service list chkconfig - ansible.builtin.shell: echo {{enabled_services_chkconfig.stdout_lines}} >> {{temp_dir.stdout}}/eservices - when: enabled_services_chkconfig is defined and enabled_services_chkconfig.rc == 0 - changed_when: false - tags: - - check - - services - - - name: Output disabled loaded service list chkconfig - ansible.builtin.shell: echo {{disabled_services_chkconfig.stdout_lines}} >> {{temp_dir.stdout}}/dservices - when: disabled_services_chkconfig is defined and disabled_services_chkconfig.rc == 0 - changed_when: false - tags: - - check - - services - - - - name: Output loaded active service list systemctl - ansible.builtin.shell: echo {{loaded_active_services_systemctl.stdout_lines}} >> {{temp_dir.stdout}}/laservices - when: loaded_active_services_systemctl is defined and loaded_active_services_systemctl.rc == 0 - changed_when: false - tags: - - check - - services - - - name: Output loaded inactive service list systemctl - ansible.builtin.shell: echo {{loaded_inactive_services_systemctl.stdout_lines}} >> {{temp_dir.stdout}}/liservices - when: loaded_inactive_services_systemctl is defined and loaded_inactive_services_systemctl.rc == 0 - changed_when: false - tags: - - check - - services - - - name: Check for pending updates -# script: {{ scripts }}/needs-updates --host {{ inventory_hostname }} - script: needs-updates --host {{ inventory_hostname }} - register: list_update - delegate_to: 127.0.0.1 - changed_when: false - tags: - - check - - updates - - - name: Show pending updates - ansible.builtin.shell: echo {{list_update.stdout_lines}} >> {{temp_dir.stdout}}/pending_updates - changed_when: false - tags: - - check - - updates - - - name: Get processes that need restarting - ansible.builtin.shell: needs-restarting - register: needs_restarting - changed_when: false - tags: - - check - - restart - - - name: Show processes that need restarting - ansible.builtin.shell: echo {{needs_restarting.stdout_lines}} >> {{temp_dir.stdout}}/needing_restart - changed_when: false - tags: - - check - - restart - - - name: Get locally changed files from the rpm package - ansible.builtin.shell: rpm_tmp_var=`mktemp` && ! rpm -Va 2>/dev/null > $rpm_tmp_var && [[ -s $rpm_tmp_var ]] && echo $rpm_tmp_var warn=no - register: localchanges - changed_when: false - tags: - - check - - fileverify - - - name: Get locally changed files (excluding config files) - ansible.builtin.command: "egrep -v ' c /' {{ localchanges.stdout }}" - register: rpm_va_nc - changed_when: false - when: localchanges is defined and localchanges.stdout != "" - tags: - - check - - fileverify - - - name: Show locally changed files (excluding config files) - ansible.builtin.shell: echo {{rpm_va_nc.stdout_lines}} >> {{temp_dir.stdout}}/local_changed - when: rpm_va_nc.stdout != "" - changed_when: false - tags: - - check - - fileverify - - - name: 'Whitelist - Get locally changed files (config files)' - ansible.builtin.command: "egrep ' c /' {{ localchanges.stdout }}" - register: rpm_va_c - when: localchanges is defined and localchanges.stdout != "" - changed_when: false - tags: - - check - - fileverify - - - name: 'Whitelist - Show locally changed files (config files)' - ansible.builtin.shell: echo {{rpm_va_c.stdout_lines}} >> {{temp_dir.stdout}}/local_config_changed - changed_when: false - when: rpm_va_c.stdout != "" - tags: - - check - - fileverify - - - name: Check if using iptables - ansible.builtin.shell: /sbin/iptables -S - register: iptablesn - changed_when: false - tags: - - check - - iptables - - - name: Check if using nftables - ansible.builtin.shell: /sbin/nft list ruleset - register: nftablesn - changed_when: false - tags: - - check - - iptables - - - name: Show iptables rules - ansible.builtin.shell: echo "{{iptablesn.stdout_lines}}" >> {{ temp_dir.stdout }}/iptables - changed_when: false - tags: - - check - - iptables - - - name: Show nftables rules - ansible.builtin.shell: echo "{{nftablesn.stdout_lines}}" >> {{ temp_dir.stdout }}/nftables - changed_when: false - tags: - - check - - iptables - - - name: Show current SELinux status - ansible.builtin.shell: echo "SELinux is {{ ansible_selinux.status }} for this System" >> {{temp_dir.stdout}}/selinux - changed_when: false - tags: - - check - - selinux - - - name: Show Boot SELinux mode - ansible.builtin.shell: echo "SELinux boots to {{ ansible_selinux.config_mode }} mode " >> {{temp_dir.stdout}}/selinux - when: ansible_selinux.status != "disabled" - changed_when: false - tags: - - check - - selinux - - - name: Show Current SELinux mode - ansible.builtin.shell: echo "SELinux currently is in {{ ansible_selinux.mode }} mode" >> {{temp_dir.stdout}}/selinux - when: ansible_selinux.status != "disabled" - changed_when: false - tags: - - check - - selinux - - - name: Match current SELinux status with boot status - ansible.builtin.shell: echo "SElinux Current and Boot modes are in sync" >> {{temp_dir.stdout}}/selinux - when: ansible_selinux.status != "disabled" and ansible_selinux.config_mode == ansible_selinux.mode - changed_when: false - tags: - - check - - selinux - - - - name: MisMatch current SELinux status with boot status - ansible.builtin.shell: echo "SElinux Current and Boot modes are NOT in sync" >> {{temp_dir.stdout}}/selinux - when: ansible_selinux.status != "disabled" and ansible_selinux.config_mode != ansible_selinux.mode - changed_when: false - tags: - - check - - selinux - - - name: Resolve last persisted dir - if one is present - local_action: shell ls -d -1 {{datadir_prfx_path}}/{{inventory_hostname}}-* 2>/dev/null | sort -r | head -1 - register: last_dir - changed_when: false - ignore_errors: true - - - name: Get file list - ansible.builtin.shell: ls -1 {{temp_dir.stdout}}/* - register: file_list - changed_when: false - - - name: Get timestamp - ansible.builtin.shell: "date +%Y-%m-%d-%H-%M-%S" - register: timestamp - changed_when: false - - - name: Create persisting-state directory - local_action: file path=/{{datadir_prfx_path}}/{{inventory_hostname}}-{{timestamp.stdout}} state=directory - changed_when: false - - - name: Fetch file list - fetch: src={{item}} dest=/{{datadir_prfx_path}}/{{inventory_hostname}}-{{timestamp.stdout}}/ flat=true - with_items: "{{file_list.stdout_lines}}" - changed_when: false - - - - name: Diff the new files with last ones presisted - local_action: shell for file in {{datadir_prfx_path}}/{{inventory_hostname}}-{{timestamp.stdout}}/*; do filename=$(basename $file); diff {{datadir_prfx_path}}/{{inventory_hostname}}-{{timestamp.stdout}}/$filename {{last_dir.stdout.strip(':')}}/$filename; done - ignore_errors: true - changed_when: false - register: file_diff - when: last_dir is defined and last_dir.stdout != "" - - - name: Display diff - debug: var=file_diff.stdout_lines - ignore_errors: true - changed_when: false - when: file_diff is defined - -# clean up: can also be put as handlers - - - name: Clean remote temp dir - ansible.builtin.file: path={{temp_dir.stdout}} state=absent - changed_when: false - - - name: Clean rpm temp file - ansible.builtin.file: path={{localchanges.stdout}} state=absent - changed_when: false - - -# handlers: -# - import_tasks: "{{ handlers_path }}/restart_services.yml" -# - import_tasks: "restart_services.yml" diff --git a/playbooks/checks_log_failed_services.yml b/playbooks/checks_log_failed_services.yml deleted file mode 100644 index fc3726d4cb..0000000000 --- a/playbooks/checks_log_failed_services.yml +++ /dev/null @@ -1,23 +0,0 @@ -# -# This playbook lets you safely display systemd logs for failed services - ---- -- hosts: mirrorlist_proxies - gather_facts: false - - tasks: - - name: Listing failed units - ansible.builtin.shell: systemctl list-units --state failed --no-legend | awk '{ print $1 }' - register: listing_failed - - - name: Check log with journalctl - ansible.builtin.shell: journalctl -lru {{ item }} -n 50 - register: display_log - with_items: "{{ listing_failed.stdout_lines[0:] }}" - - - debug: var=listing_failed.stdout_lines[0:] - - - name: Display log - debug: var=display_log.stdout_lines - ignore_errors: true - when: display_log is defined diff --git a/playbooks/clear_memcached.yml b/playbooks/clear_memcached.yml index 7ca2061284..fe913c3656 100644 --- a/playbooks/clear_memcached.yml +++ b/playbooks/clear_memcached.yml @@ -1,8 +1,7 @@ ---- -- name: Clear memcache - hosts: memcached:memcached-stg +- name: clear memcache + hosts: memcached serial: 1 tasks: - - name: Clear memcache - ansible.builtin.command: echo flush_all | nc localhost 11211 + - name: clear memcache + command: echo flush_all | nc localhost 11211 diff --git a/playbooks/clear_varnish.yml b/playbooks/clear_varnish.yml index a05601734d..671468e3b6 100644 --- a/playbooks/clear_varnish.yml +++ b/playbooks/clear_varnish.yml @@ -1,9 +1,8 @@ ---- -- name: Clear varnish cache +- name: clear varnish cache hosts: proxies user: root serial: 1 tasks: - - name: Clear varnish - ansible.builtin.command: varnishadm -S /etc/varnish/secret -T 127.0.0.1:6082 ban req.url == . + - name: clear varnish + command: varnishadm -T 127.0.0.1:6082 url.purge . diff --git a/playbooks/cloud_prep.yml b/playbooks/cloud_prep.yml new file mode 100644 index 0000000000..6bf0213d81 --- /dev/null +++ b/playbooks/cloud_prep.yml @@ -0,0 +1,14 @@ +# restricted to run on cloud instances only +- hosts: 209.132.184.* + user: root + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/cloud_setup_basic.yml" + + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/death_to_postfix.yml b/playbooks/death_to_postfix.yml index e380b78c29..1ca1007ffe 100644 --- a/playbooks/death_to_postfix.yml +++ b/playbooks/death_to_postfix.yml @@ -1,22 +1,21 @@ -# requires --extra-vars="target='host1:host2:group'" +# requires --extra-vars="target='host1;host2;group'" # thanks threebean on this. ---- -- name: Kills postfix which has been left around alive after update. +- name: kills postfix which has been left around alive after update. hosts: "{{ target }}" user: root tasks: - - name: Try to stop postfix cleanly. - service: name=postfix state=stopped - - # This doesn't really remove the pid file.. but we say it does so ansible only runs it if the pid file is there.. - - name: Really kill postfix master process - ansible.builtin.command: pkill -u root master removes=/var/spool/postfix/pid/master.pid - - - name: Clean up old pid lock file. - ansible.builtin.command: rm /var/spool/postfix/pid/master.pid removes=/var/spool/postfix/pid/master.pid - - - name: Try to start postfix cleanly - service: name=postfix state=started + - name: Try to stop postfix cleanly. + service: name=postfix state=stopped + + # This doesn't really remove the pid file.. but we say it does so ansible only runs it if the pid file is there.. + - name: Really kill postfix master process + command: pkill -u root master removes=/var/spool/postfix/pid/master.pid + + - name: Clean up old pid lock file. + command: rm /var/spool/postfix/pid/master.pid removes=/var/spool/postfix/pid/master.pid + + - name: Try to start postfix cleanly + service: name=postfix state=started diff --git a/playbooks/destroy_cloud_inst.yml b/playbooks/destroy_cloud_inst.yml new file mode 100644 index 0000000000..a36103441e --- /dev/null +++ b/playbooks/destroy_cloud_inst.yml @@ -0,0 +1,27 @@ +#DIE DIE DIE +# there is no way this could work so fail +# +# only works with -e target= +# requires --extra-vars="target=hostspec" + +- name: destroy the cloud instance + hosts: "{{ target }}" + user: root + gather_facts: false + + tasks: + - name: fail if the host/ip is not up + local_action: wait_for host={{ inventory_hostname }} port=22 delay=0 timeout=10 + when: inventory_hostname not in result.list_vms + + - name: pause for 30s before doing it + pause: seconds=30 prompt="Destroying vm now {{ target }}, abort if this is wrong" + + - name: find the instance id from the builder + action: command curl -s http://169.254.169.254/latest/meta-data/instance-id + register: instanceid + + - name: destroy the vm + action: command /usr/sbin/halt -p + + diff --git a/playbooks/destroy_virt_inst.yml b/playbooks/destroy_virt_inst.yml index 0cd6de5dc2..f16cd2c56f 100644 --- a/playbooks/destroy_virt_inst.yml +++ b/playbooks/destroy_virt_inst.yml @@ -9,38 +9,30 @@ # requires --extra-vars="target=hostspec" ---- -- name: Destroy and undefine vm +- name: destroy and undefine vm hosts: "{{ target }}" user: root gather_facts: false tasks: - - name: Get vm list on the vmhost + - name: get vm list on the vmhost delegate_to: "{{ vmhost }}" virt: command=list_vms register: result - - name: Fail if the host is not already defined/existent + - name: fail if the host is not already defined/existent local_action: fail msg="host does not exist on {{ vmhost }}" when: inventory_hostname not in result.list_vms - - name: Schedule 30m host downtime in nagios - nagios: action=downtime minutes=60 service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org - ignore_errors: true - - - name: Pause for 30s before doing it - pause: seconds=30 prompt="Destroying (and lvremove for) vm now {{ target }}, abort if this is wrong" - - - name: Destroy the vm - virt: name={{ inventory_hostname }} command=destroy + - name: pause for 30s before doing it + pause: seconds=30 prompt="Destroying vm now {{ target }}, abort if this is wrong" + + - name: destroy the vm + action: virt name={{ inventory_hostname }} command=destroy delegate_to: "{{ vmhost }}" - - name: Undefine the vm - virt: name={{ inventory_hostname }} command=undefine + - name: undefine the vm + action: virt name={{ inventory_hostname }} command=undefine delegate_to: "{{ vmhost }}" - - name: Destroy the lv - ansible.builtin.command: /sbin/lvremove -f {{volgroup}}/{{inventory_hostname}} - delegate_to: "{{ vmhost }}" + diff --git a/playbooks/el6_temp_instance.yml b/playbooks/el6_temp_instance.yml new file mode 100644 index 0000000000..6b1a4d1c2f --- /dev/null +++ b/playbooks/el6_temp_instance.yml @@ -0,0 +1,40 @@ +# setup a transient el6 instance +# optionally can take --extra-vars="hostbase=hostnamebase root_auth_users='user1 user2 user3'" +# +# You might need to run it with `-c paramiko` for it to finish cleanly + +- name: check/create instance + hosts: lockbox01.phx2.fedoraproject.org + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + + vars: + - keypair: fedora-admin-20130801 + - image: "{{ el6_qcow_id }}" + - instance_type: m1.small + - security_group: default + + tasks: + - include: "{{ tasks }}/transient_cloud.yml" + +- name: provision instance + hosts: tmp_just_created + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/growroot_cloud.yml" + - include: "{{ tasks }}/cloud_setup_basic.yml" + + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/el7_temp_instance.yml b/playbooks/el7_temp_instance.yml new file mode 100644 index 0000000000..6b611b444d --- /dev/null +++ b/playbooks/el7_temp_instance.yml @@ -0,0 +1,53 @@ +# setup a transient fedora instance +# optionally can take --extra-vars="hostbase=hostnamebase root_auth_users='user1 user2 user3'" + +- name: check/create instance + hosts: lockbox01.phx2.fedoraproject.org + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + vars: + - keypair: fedora-admin-20130801 + - image: "{{ el7_qcow_id }}" + - instance_type: m1.small + - security_group: default + + tasks: + - include: "{{ tasks }}/transient_cloud.yml" + +- name: provision instance + hosts: tmp_just_created + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: install cloud-utils + yum: pkg=cloud-utils state=installed + + - name: growpart /dev/vda1 partition (/) to full size + action: command growpart /dev/vda 1 + register: growpart + always_run: true + changed_when: "growpart.rc != 1" + failed_when: growpart.rc == 2 + + - name: resize the /dev/vda 1 fs + action: command xfs_growfs /dev/vda1 + when: growpart.rc == 0 + +# - name: put the mbr back - b/c the resize breaks booting otherwise +# action: shell cat /usr/share/syslinux/mbr.bin > /dev/vda +# when: growpart.rc == 0 + + + - include: "{{ tasks }}/cloud_setup_basic.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/f19_temp_instance.yml b/playbooks/f19_temp_instance.yml new file mode 100644 index 0000000000..6b03344596 --- /dev/null +++ b/playbooks/f19_temp_instance.yml @@ -0,0 +1,52 @@ +# setup a transient fedora instance +# optionally can take --extra-vars="hostbase=hostnamebase root_auth_users='user1 user2 user3'" + +- name: check/create instance + hosts: lockbox01.phx2.fedoraproject.org + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + vars: + - keypair: fedora-admin-20130801 + - image: "{{ f19_qcow_id }}" + - instance_type: m1.small + - security_group: default + + tasks: + - include: "{{ tasks }}/transient_cloud.yml" + +- name: provision instance + hosts: tmp_just_created + user: fedora + gather_facts: True + sudo: yes + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: growpart /dev/vda1 partition (/) to full size + action: command growpart /dev/vda 1 + register: growpart + always_run: true + changed_when: "growpart.rc != 1" + failed_when: growpart.rc == 2 + + - name: resize the /dev/vda 1 fs + action: command resize2fs /dev/vda1 + when: growpart.rc == 0 + + - name: put the mbr back - b/c the resize breaks booting otherwise + action: shell cat /usr/share/syslinux/mbr.bin > /dev/vda + when: growpart.rc == 0 + + + - include: "{{ tasks }}/cloud_setup_basic.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/f20_temp_instance.yml b/playbooks/f20_temp_instance.yml new file mode 100644 index 0000000000..e74232bbab --- /dev/null +++ b/playbooks/f20_temp_instance.yml @@ -0,0 +1,52 @@ +# setup a transient fedora instance +# optionally can take --extra-vars="hostbase=hostnamebase root_auth_users='user1 user2 user3'" + +- name: check/create instance + hosts: lockbox01.phx2.fedoraproject.org + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + vars: + - keypair: fedora-admin-20130801 + - image: "{{ f20_qcow_id }}" + - instance_type: m1.small + - security_group: default + + tasks: + - include: "{{ tasks }}/transient_cloud.yml" + +- name: provision instance + hosts: tmp_just_created + user: fedora + gather_facts: True + sudo: yes + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: growpart /dev/vda1 partition (/) to full size + action: command growpart /dev/vda 1 + register: growpart + always_run: true + changed_when: "growpart.rc != 1" + failed_when: growpart.rc == 2 + + - name: resize the /dev/vda 1 fs + action: command resize2fs /dev/vda1 + when: growpart.rc == 0 + + - name: put the mbr back - b/c the resize breaks booting otherwise + action: shell cat /usr/share/syslinux/mbr.bin > /dev/vda + when: growpart.rc == 0 + + + - include: "{{ tasks }}/cloud_setup_basic.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/fedmsgupdate.yml b/playbooks/fedmsgupdate.yml new file mode 100644 index 0000000000..6987f18d24 --- /dev/null +++ b/playbooks/fedmsgupdate.yml @@ -0,0 +1,27 @@ +--- +# +# Use this playbook to run over all the playbooks that have fedmsg.d in them. +# +# Call it with -t fedmsgdupdate to only run that one play. +# +- include: /srv/web/infra/ansible/playbooks/hosts/copr-be.cloud.fedoraproject.org.yml +- include: /srv/web/infra/ansible/playbooks/groups/ask.yml +- include: /srv/web/infra/ansible/playbooks/groups/bodhi.yml +- include: /srv/web/infra/ansible/playbooks/groups/badges-backend.yml +- include: /srv/web/infra/ansible/playbooks/groups/badges-web.yml +- include: /srv/web/infra/ansible/playbooks/groups/elections.yml +- include: /srv/web/infra/ansible/playbooks/groups/fedocal.yml +- include: /srv/web/infra/ansible/playbooks/groups/gallery.yml +- include: /srv/web/infra/ansible/playbooks/groups/keyserver.yml +- include: /srv/web/infra/ansible/playbooks/groups/koji-hub.yml +- include: /srv/web/infra/ansible/playbooks/groups/mailman.yml +- include: /srv/web/infra/ansible/playbooks/groups/notifs-backend.yml +- include: /srv/web/infra/ansible/playbooks/groups/notifs-web.yml +- include: /srv/web/infra/ansible/playbooks/groups/nuancier.yml +- include: /srv/web/infra/ansible/playbooks/groups/packages.yml +- include: /srv/web/infra/ansible/playbooks/groups/pkgdb.yml +- include: /srv/web/infra/ansible/playbooks/groups/releng.yml +- include: /srv/web/infra/ansible/playbooks/groups/summershum.yml +- include: /srv/web/infra/ansible/playbooks/groups/tagger.yml +- include: /srv/web/infra/ansible/playbooks/groups/wiki.yml +- include: /srv/web/infra/ansible/playbooks/groups/value.yml diff --git a/playbooks/fedora_temp_instance.yml b/playbooks/fedora_temp_instance.yml new file mode 100644 index 0000000000..5197e9c1b5 --- /dev/null +++ b/playbooks/fedora_temp_instance.yml @@ -0,0 +1,36 @@ +# setup a transient fedora instance +# optionally can take --extra-vars="hostbase=hostnamebase root_auth_users='user1 user2 user3'" + +- name: check/create instance + hosts: lockbox01.phx2.fedoraproject.org + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + vars: + - keypair: fedora-admin-20130801 + - image: "{{ f18_qcow_id }}" + - instance_type: m1.small + - security_group: default + + tasks: + - include: "{{ tasks }}/transient_cloud.yml" + +- name: provision instance + hosts: tmp_just_created + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/growroot_cloud.yml" + - include: "{{ tasks }}/cloud_setup_basic.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/fedorahosted_fedmsg_git.yml b/playbooks/fedorahosted_fedmsg_git.yml new file mode 100644 index 0000000000..163cfbfed6 --- /dev/null +++ b/playbooks/fedorahosted_fedmsg_git.yml @@ -0,0 +1,49 @@ +# requires --extra-vars "{'repos': ['yokan.git', 'yumex.git']}" + +- name: Install the fedmsg hook into a number of fedorahosted git repos + hosts: hosted03.fedoraproject.org + user: root + + vars: + prefix: /srv/git/ + chained: /hooks/post-receive-chained.d + fedmsg_hook: /usr/local/share/git/hooks/post-receive-fedorahosted-fedmsg + chained_hook: /usr/share/git-core/post-receive-chained + + tasks: + + # First -- a sanity check. We want this to fail and stop the playbook if + # someone typoed and reponame. The "command" here claims that it "creates" a + # file. That is not actually true, but it tells ansible to not bother running + # the command *if* that creates= file is already present. Its a hackaround to + # make this task idempotent. + - name: make sure the git repos exist in the first place + command: /bin/ls {{ prefix }}{{ item }} creates={{ prefix }}{{ item }} + with_items: "{{ repos }}" + + - name: ensure there is a post-receive-chained.d/ directory + file: > + state=directory + path="{{ prefix }}{{ item }}{{ chained }}/" + with_items: "{{ repos }}" + + - name: move the old post-receive email hook into the chained dir + command: > + /bin/mv "{{ prefix }}{{ item }}/hooks/post-receive" "{{ prefix }}{{ item }}{{ chained }}/post-receive-email" + removes="{{ prefix }}{{ item }}/hooks/post-receive" + creates="{{ prefix }}{{ item }}{{ chained }}/post-receive-email" + with_items: "{{ repos }}" + + - name: symlink the fedmsg hook into the chained dir + file: > + path="{{ prefix }}{{ item }}{{ chained }}/post-receive-fedmsg" + src={{ fedmsg_hook }} + state=link + with_items: "{{ repos }}" + + - name: symlink in the chained hook redirector + file: > + path="{{ prefix }}{{ item }}/hooks/post-receive" + src={{ chained_hook }} + state=link + with_items: "{{ repos }}" diff --git a/playbooks/groups/arm-packager.yml b/playbooks/groups/arm-packager.yml new file mode 100644 index 0000000000..64b69d17bc --- /dev/null +++ b/playbooks/groups/arm-packager.yml @@ -0,0 +1,28 @@ + +- name: Setup arm-packager hosts + hosts: arm-packager + user: root + gather_facts: True + tags: + - arm-packager + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - denyhosts + - hosts + - fas_client + - sudo + + tasks: + # this is how you include other task lists + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/motd.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/arm-qa.yml b/playbooks/groups/arm-qa.yml new file mode 100644 index 0000000000..5935790a78 --- /dev/null +++ b/playbooks/groups/arm-qa.yml @@ -0,0 +1,28 @@ + +- name: Setup arm-qa hosts + hosts: arm-qa + user: root + gather_facts: True + tags: + - arm-qa + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - denyhosts + - hosts + - fas_client + - sudo + + tasks: + # this is how you include other task lists + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/motd.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/arm-releng.yml b/playbooks/groups/arm-releng.yml new file mode 100644 index 0000000000..288b77cc42 --- /dev/null +++ b/playbooks/groups/arm-releng.yml @@ -0,0 +1,31 @@ + +- name: Setup arm-releng hosts + hosts: arm-releng + user: root + gather_facts: True + tags: + - arm-releng + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - hosts + - fas_client + - rkhunter + - denyhosts + - nagios_client + - sudo + - releng + + tasks: + # this is how you include other task lists + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/common_scripts.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/arm-retrace.yml b/playbooks/groups/arm-retrace.yml new file mode 100644 index 0000000000..29617a4af1 --- /dev/null +++ b/playbooks/groups/arm-retrace.yml @@ -0,0 +1,30 @@ + +- name: Setup arm-retrace hosts + hosts: arm-retrace + user: root + gather_facts: True + tags: + - arm-retrace + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - hosts + - fas_client + - rkhunter + - denyhosts + - nagios_client + - sudo + + tasks: + # this is how you include other task lists + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/common_scripts.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/ask.yml b/playbooks/groups/ask.yml new file mode 100644 index 0000000000..b9c38cccb1 --- /dev/null +++ b/playbooks/groups/ask.yml @@ -0,0 +1,53 @@ +- name: make ask + hosts: ask-stg:ask + user: root + gather_facts: False + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + - include: "{{ tasks }}/accelerate_prep.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: ask-stg:ask + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - denyhosts + - nagios_client + - hosts + - fas_client + - collectd/base + - ask + - fedmsg/base + - rsyncd + - sudo + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/openvpn_client.yml" + when: env != "staging" + - include: "{{ tasks }}/apache.yml" + - include: "{{ tasks }}/mod_wsgi.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/atomic.yml b/playbooks/groups/atomic.yml new file mode 100644 index 0000000000..0ce77bf71b --- /dev/null +++ b/playbooks/groups/atomic.yml @@ -0,0 +1,27 @@ +# +# I am guessing that this box will be like other hw boxes. +# + +- name: Build an atomic server. + hosts: atomic01.qa.fedoraproject.org + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - hosts + - fas_client + - sudo + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/autosign.yml b/playbooks/groups/autosign.yml new file mode 100644 index 0000000000..e12949d82c --- /dev/null +++ b/playbooks/groups/autosign.yml @@ -0,0 +1,51 @@ +# create a new autosign server +# +# This server looks for rawhide builds and requests they be signed. +# + +- name: make autosign server + hosts: autosign + user: root + gather_facts: False + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: autosign + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - { role: denyhosts, when: ansible_distribution_major_version != '7' } + - nagios_client + - hosts + - fas_client + - collectd/base + - autosigner + - sudo + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/backup-server.yml b/playbooks/groups/backup-server.yml index 26d3f8433e..6347ecc794 100644 --- a/playbooks/groups/backup-server.yml +++ b/playbooks/groups/backup-server.yml @@ -3,40 +3,80 @@ # NOTE: make sure there is room/space for this instance on the buildvmhost # NOTE: most of these vars_path come from group_vars/backup_server or from hostvars ---- -- name: Make backup server system - hosts: backup +- name: make backup server system + hosts: backup03.phx2.fedoraproject.org user: root - gather_facts: true + gather_facts: True + accelerate: "{{ accelerated }}" - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - rkhunter + - denyhosts - nagios_client - hosts - - openvpn/client - - ipa/client + - fas_client - sudo - - collectd/base - - { role: nfs/client, - mnt_dir: '/fedora_backups', - nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3", - nfs_src_dir: 'fedora_backups' } - - grokmirror_mirror - - weblate-backup - - {role: linux-system-roles.nbde_client, tags: ['nbde_client']} - - serial-console - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" tasks: - - import_tasks: "{{ tasks_path }}/rdiff_backup_server.yml" + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/rdiff_backup_server.yml" + + - name: Create GNOME backup user + user: name=gnomebackup state=present home=/fedora_backups/gnome/ createhome=yes shell=/sbin/nologin + + - name: Add a Directory for the Excludes list for each of the backed up GNOME machines + file: dest=/fedora/backups/gnome/excludes owner=gnomebackup group=gnomebackup state=directory + + - name: Install the GNOME SSH configuration file + copy: src="{{ files }}/gnome/ssh_config" dest=/usr/local/etc/gnome_ssh_config mode=0600 owner=gnomebackup + + - name: Install GNOME backup key + copy: src="{{ private }}/files/gnome/backup_id.rsa" dest=/usr/local/etc/gnome_backup_id.rsa mode=0600 owner=gnomebackup + + - name: Install GNOME backup script + copy: src="{{ files }}/gnome/backup.sh" dest=/usr/local/bin/gnome_backup mode=0700 owner=gnomebackup + + - name: Schedule the GNOME backup script + cron: name="Backup" hour=5 minute=0 job="(cd /fedora_backups/gnome/; /usr/local/bin/lock-wrapper gnomebackup /usr/local/bin/gnome_backup)" user=gnomebackup + + - name: Add a Directory for each of the GNOME machines + file: dest=/fedora_backups/gnome/{{ item }} owner=gnomebackup group=gnomebackup state=directory + with_items: + - signal.gnome.org + - webapps2.gnome.org + - clutter.gnome.org + - blogs.gnome.org + - view.gnome.org + - puppet.gnome.org + - extensions.gnome.org + - chooser.gnome.org + - git.gnome.org + - webapps.gnome.org + - socket.gnome.org + - bugzilla-web.gnome.org + - progress.gnome.org + - clipboard.gnome.org + - drawable.gnome.org + - vbox.gnome.org + - cloud-ssh.gnome.org + - bastion.gnome.org + - spinner.gnome.org + - master.gnome.org + - live.gnome.org + - combobox.gnome.org + - restaurant.gnome.org + - expander.gnome.org + - accelerator.gnome.org + - range.gnome.org + - pentagon.gimp.org handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/badges-backend.yml b/playbooks/groups/badges-backend.yml new file mode 100644 index 0000000000..8cc71c5b04 --- /dev/null +++ b/playbooks/groups/badges-backend.yml @@ -0,0 +1,73 @@ +# create a new badges-backend server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- name: make badges-backend server + hosts: badges-backend;badges-backend-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + - include: "{{ tasks }}/accelerate_prep.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: dole out the generic configuration + hosts: badges-backend;badges-backend-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - denyhosts + - nagios_client + - hosts + - fas_client + - collectd/base + - fedmsg/base + - sudo + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/openvpn_client.yml" + when: env != "staging" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: dole out the service-specific config + hosts: badges-backend;badges-backend-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + roles: + - fedmsg/hub + - badges/backend + - role: collectd/fedmsg-service + process: fedmsg-hub + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/badges-web.yml b/playbooks/groups/badges-web.yml new file mode 100644 index 0000000000..4f3325b62e --- /dev/null +++ b/playbooks/groups/badges-web.yml @@ -0,0 +1,57 @@ +# create a new badges-web server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/badges-web* or from hostvars + +- name: make badges-web server + hosts: badges-web;badges-web-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + - include: "{{ tasks }}/accelerate_prep.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: badges-web;badges-web-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - denyhosts + - nagios_client + - hosts + - fas_client + - collectd/base + - badges/frontend + - fedmsg/base + - rsyncd + - sudo + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/openvpn_client.yml" + when: env != "staging" + - include: "{{ tasks }}/apache.yml" + - include: "{{ tasks }}/mod_wsgi.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/bastion.yml b/playbooks/groups/bastion.yml deleted file mode 100644 index 8b591cee41..0000000000 --- a/playbooks/groups/bastion.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "bastion" - -- name: Make the boxen be real for real - hosts: bastion - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - rkhunter - - { role: openvpn/server, when: datacenter == 'iad2' } - - ipa/client - - nagios_client - - hosts - - sudo - - collectd/base - - packager_alias - - opendkim - - fasjson - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/batcave.yml b/playbooks/groups/batcave.yml deleted file mode 100644 index 383b126603..0000000000 --- a/playbooks/groups/batcave.yml +++ /dev/null @@ -1,67 +0,0 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "batcave" - -- name: Make the box be real - hosts: batcave - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - rkhunter - - nagios_client - - hosts - - openvpn/client - - ipa/client - - ansible-server - - sudo - - collectd/base - - role: git/hooks - - rsyncd - - apache - - httpd/mod_ssl - - role: httpd/certificate - certname: "{{wildcard_cert_name}}" - SSLCertificateChainFile: "{{wildcard_int_file}}" - - role: rabbit/user - user_name: "batcave{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(ansible|git|infragit|logger)\..* - - role: rabbit/queue - queue_username: "mirror_pagure_ansible{{ env_suffix }}" - queue_name: "mirror_pagure_ansible{{ env_suffix }}" - queue_routing_keys: - - "io.pagure.*.pagure.git.receive" - queue_thresholds: - warning: 10 - critical: 100 - user_sent_topics: ^$ - - role: rabbit/queue - queue_username: "mirror_pagure_ansible{{ env_suffix }}" - queue_name: "mirror_pagure_ansible{{ env_suffix }}_13" - queue_routing_keys: - - "io.pagure.*.pagure.git.receive" - queue_thresholds: - warning: 10 - critical: 100 - user_sent_topics: ^$ - when: datacenter != 'iad2' - - batcave - - role: grobisplitter - when: datacenter == 'iad2' - - { role: nfs/client, when: inventory_hostname.startswith('batcave'), mnt_dir: '/srv/web/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' } - - { role: nfs/client, when: inventory_hostname.startswith('batcave01'), mnt_dir: '/mnt/fedora/app', nfs_src_dir: 'fedora_app/app' } - - { role: mirror_pagure_ansible, tags: ['mirror_pagure_ansible'] } - - kickstarts - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/beaker.yml b/playbooks/groups/beaker.yml new file mode 100644 index 0000000000..1efbe5ed03 --- /dev/null +++ b/playbooks/groups/beaker.yml @@ -0,0 +1,48 @@ +# create a new beaker server +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- name: make beaker server + hosts: beaker + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: beaker + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - denyhosts + - nagios_client + - hosts + - fas_client + - collectd/base + - sudo + + tasks: + # this is how you include other task lists + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/bodhi-backend.yml b/playbooks/groups/bodhi-backend.yml deleted file mode 100644 index 686e6c8c93..0000000000 --- a/playbooks/groups/bodhi-backend.yml +++ /dev/null @@ -1,133 +0,0 @@ -# create a new bodhi-backend system -# -# This group makes bodhi-backend servers. -# They are used by releng to push updates with bodhi. -# They also run some misc releng scripts. -# - ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "bodhi_backend:bodhi_backend_stg" - -# Once the instance exists, configure it. - -- name: Make bodhi-backend server system - hosts: bodhi_backend:bodhi_backend_stg - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/web/infra/ansible/vars/all/00-FedoraCycleNumber.yaml" - - "/srv/web/infra/ansible/vars/all/FedoraBranched.yaml" - - "/srv/web/infra/ansible/vars/all/FedoraBranchedNumber.yaml" - - "/srv/web/infra/ansible/vars/all/FedoraRawhideNumber.yaml" - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - include_vars: /srv/web/infra/ansible/vars/apps/bodhi.yml - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - base - - nagios_client - - zabbix/zabbix_agent - - collectd/base - - hosts - - ipa/client - - sudo - - rkhunter - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji' - nfs_src_dir: 'fedora_koji' - - - { role: bodhi2/backend, when: datacenter != 'rdu3' } - - - role: nfs/client - mnt_dir: '/mnt/koji/ostree' - nfs_src_dir: 'fedora_ostree_content/ostree' - when: env != 'staging' and datacenter == 'iad2' - - - role: nfs/client - mnt_dir: '/mnt/koji/compose/ostree' - nfs_src_dir: 'fedora_ostree_content/compose/ostree' - when: env != 'staging' and datacenter == 'iad2' - - - role: nfs/client - mnt_dir: '/mnt/koji/ostree' - nfs_src_dir: 'fedora_ostree_content_stg/ostree' - when: env == 'staging' and datacenter == 'iad2' - - - role: nfs/client - mnt_dir: '/mnt/koji/compose/ostree' - nfs_src_dir: 'fedora_ostree_content_stg/compose/ostree' - when: env == 'staging' and datacenter == 'iad2' - - # In staging, we mount fedora_koji as read only (see nfs_mount_opts) - - role: nfs/client - mnt_dir: '/mnt/fedora_koji_prod' - nfs_src_dir: 'fedora_koji' - when: env == 'staging' and datacenter == 'iad2' - - - role: nfs/client - mnt_dir: '/pub/' - nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub/' - when: datacenter == 'iad2' - - - role: nfs/client - mnt_dir: '/pub/archive' - nfs_src_dir: 'fedora_ftp_archive' - when: datacenter == 'iad2' - - - role: keytab/service - owner_user: apache - owner_group: apache - service: bodhi - host: "bodhi{{ env_suffix }}.fedoraproject.org" - when: datacenter == 'iad2' - - - role: push-container-registry - cert_dest_dir: "/etc/docker/certs.d/registry{{ env_suffix }}.fedoraproject.org" - cert_src: "{{private}}/files/docker-registry/{{env}}/pki/issued/containerstable.crt" - key_src: "{{private}}/files/docker-registry/{{env}}/pki/private/containerstable.key" - certs_group: apache - when: datacenter == 'iad2' - - - role: rabbit/queue - queue_username: "bodhi{{ env_suffix }}" - queue_name: "bodhi{{ env_suffix }}_composer" - queue_routing_keys: "{{ bodhi_message_routing_keys }}" - queue_thresholds: - warning: 10 - critical: 100 - user_sent_topics: "{{ bodhi_sent_topics }}" - when: datacenter == 'iad2' - - - role: rabbit/queue - queue_username: "bodhi{{ env_suffix }}" - queue_name: "bodhi{{ env_suffix }}_koji_sync_listener{{ env_suffix }}" - queue_routing_keys: - - "io.pagure.*.pagure.issue.edit" - queue_thresholds: - warning: 10 - critical: 100 - # We have to repeat this line for now (only the last one counts) - user_sent_topics: "{{ bodhi_sent_topics }}" - when: datacenter == 'iad2' - - tasks: - - name: Create secondary volume dir for stg bodhi - ansible.builtin.file: dest=/mnt/koji/vol state=directory owner=apache group=apache mode=0755 - tags: bodhi - when: env == 'staging' and datacenter == 'iad2' - - name: Create symlink for stg/prod secondary volume - ansible.builtin.file: src=/mnt/fedora_koji_prod/koji dest=/mnt/koji/vol/prod state=link - tags: bodhi - when: env == 'staging' and datacenter == 'iad2' - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/bodhi.yml b/playbooks/groups/bodhi.yml new file mode 100644 index 0000000000..e19e9568b1 --- /dev/null +++ b/playbooks/groups/bodhi.yml @@ -0,0 +1,53 @@ +- name: make bodhi + hosts: bodhi:bodhi-stg #machines: bodhi01, bodhi02, releng04, relepel01 + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: bodhi:bodhi-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - denyhosts + - nagios_client + - hosts + - fas_client + - collectd/base + - { role: bodhi/base, when: "inventory_hostname.startswith('bodhi01') or inventory_hostname.startswith('bodhi02')" } + - { role: bodhi/masher, jobrunner: true, when: "inventory_hostname.startswith('releng04')" } + - { role: bodhi/masher, epelmasher: true, when: "inventory_hostname.startswith('relepel01')" } + - fedmsg/base + - rsyncd + - sudo + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/apache.yml" + - include: "{{ tasks }}/openvpn_client.yml" + when: env != "staging" + - include: "{{ tasks }}/mod_wsgi.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/bugzilla2fedmsg.yml b/playbooks/groups/bugzilla2fedmsg.yml new file mode 100644 index 0000000000..07d43c9bfb --- /dev/null +++ b/playbooks/groups/bugzilla2fedmsg.yml @@ -0,0 +1,69 @@ +# create a new bugzilla2fedmsg server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- name: make bugzilla2fedmsg server + hosts: bugzilla2fedmsg;bugzilla2fedmsg-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: dole out the generic configuration + hosts: bugzilla2fedmsg;bugzilla2fedmsg-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - sudo + - collectd/base + - fedmsg/base + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: dole out the service-specific config + hosts: bugzilla2fedmsg;bugzilla2fedmsg-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + roles: + - bugzilla2fedmsg + # This is going to be way different + #- role: collectd/fedmsg-service + # process: fedmsg-hub + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/build-kcs.yml b/playbooks/groups/build-kcs.yml deleted file mode 100644 index d34b108087..0000000000 --- a/playbooks/groups/build-kcs.yml +++ /dev/null @@ -1,29 +0,0 @@ -# This playbook is meant to call out the roles for any configuration -# issues to get a Kojid cloud scheduled builder in place. -# Creation of the system is done by a different process so is not -# covered by this playbook. - ---- -- name: Enable an ephemeral builder - hosts: build_x86_kcs:build_x86_kcs_stg - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - tasks: - - name: Make a keytab dir - ansible.builtin.file: dest="/etc/kojid-cloud-scheduler/" state=directory - - roles: - - role: keytab/service - kt_location: /etc/kojid-cloud-scheduler/kojid-cloud-scheduler.keytab - hostname: "{{ inventory_hostname }}" - service: compile diff --git a/playbooks/groups/buildhw.yml b/playbooks/groups/buildhw.yml index e2f73f4c39..bb74ab85ba 100644 --- a/playbooks/groups/buildhw.yml +++ b/playbooks/groups/buildhw.yml @@ -1,95 +1,26 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/happy_birthday.yml" - vars: - myhosts: "buildhw:bkernel" +# create a new koji builder on raw hw +# NOTE: should be used with --limit most of the time +# NOTE: most of these vars_path come from group_vars/buildhw or from hostvars - name: make koji builder(s) on raw hw - hosts: buildhw:bkernel - remote_user: root - gather_facts: true + hosts: buildhw;buildppc;buildarm:bkernel + user: root + gather_facts: True - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - - name: override nbde_client-network-flush to work around bug - ansible.builtin.copy: - src: "{{ files }}/common/nbde_client-network-flush" - dest: /usr/bin/nbde_client-network-flush - owner: root - group: root - mode: 755 - - - name: tell NetworkManager we don't want any auto connections - ansible.builtin.copy: - src: "{{ files }}/common/noautodefault.conf" - dest: /etc/NetworkManager/conf.d/noautodefault.conf - owner: root - group: root - mode: 644 + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - - { role: nfs/client, mnt_dir: '/mnt/fedora_koji', nfs_src_dir: "{{ koji_hub_nfs }}", when: koji_hub_nfs is defined } - - role: nfs/client - mnt_dir: '/mnt/koji/ostree' - nfs_src_dir: 'fedora_ostree_content/ostree' - when: env != 'staging' and 'runroot' in group_names - - - role: nfs/client - mnt_dir: '/mnt/koji/compose/ostree' - nfs_src_dir: 'fedora_ostree_content/compose/ostree' - when: env != 'staging' and 'runroot' in group_names - - - role: nfs/client - mnt_dir: '/mnt/koji/ostree' - nfs_src_dir: 'fedora_ostree_content/ostree' - when: env != 'staging' and 'runroot' in group_names - - - role: nfs/client - mnt_dir: '/mnt/koji/compose/ostree' - nfs_src_dir: 'fedora_ostree_content/compose/ostree' - when: env != 'staging' and 'runroot' in group_names - - - role: nfs/client - mnt_dir: '/mnt/koji/ostree' - nfs_src_dir: 'fedora_ostree_content_stg/ostree' - when: env == 'staging' and 'runroot' in group_names - - - role: nfs/client - mnt_dir: '/mnt/koji/compose/ostree' - nfs_src_dir: 'fedora_ostree_content_stg/compose/ostree' - when: env == 'staging' and 'runroot' in group_names - + - { role: nfs/client, when: inventory_hostname.startswith('build') , mnt_dir: '/mnt/fedora_koji', nfs_src_dir: 'fedora_koji' } - koji_builder - { role: bkernel, when: inventory_hostname.startswith('bkernel') } - - { role: linux-system-roles.nbde_client, when: "inventory_hostname.startswith(('bkernel', 'buildhw'))" } - - { role: serial-console, when: "inventory_hostname.startswith(('bkernel', 'buildhw-x86'))" } - hosts - - ipa/client - - { role: sudo, when: not inventory_hostname.startswith('bkernel') } - - role: keytab/service - kt_location: /etc/kojid/kojid.keytab - service: compile - # push built Flatpaks to candidate registry - - role: login-registry - candidate_registry: "candidate-registry.fedoraproject.org" - candidate_registry_osbs_username: "{{candidate_registry_osbs_prod_username}}" - candidate_registry_osbs_password: "{{candidate_registry_osbs_prod_password}}" - when: env == "production" - - role: login-registry - candidate_registry: "candidate-registry.stg.fedoraproject.org" - candidate_registry_osbs_username: "{{candidate_registry_osbs_stg_username}}" - candidate_registry_osbs_password: "{{candidate_registry_osbs_stg_password}}" - when: env == "staging" tasks: - - name: make sure kojid is running - service: name=kojid state=started enabled=yes + - include: "{{ tasks }}/yumrepos.yml" handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/buildvm-osbuild.yml b/playbooks/groups/buildvm-osbuild.yml deleted file mode 100644 index 82178c1800..0000000000 --- a/playbooks/groups/buildvm-osbuild.yml +++ /dev/null @@ -1,61 +0,0 @@ -# create a new osbuild worker - ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "buildvm_osbuild_ppc64le:buildvm_osbuild_ppc64le_staging" - -- name: Make osbuild-worker - hosts: buildvm_osbuild_ppc64le:buildvm_osbuild_ppc64le_staging - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "{{ private }}/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - base - - hosts - - ipa/client - - sudo - - nagios_client - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - name: Set up osbuild worker - block: - - name: Create temporary file for client secret - local_action: ansible.builtin.tempfile state="file" prefix="osbuild_" - # never report this as changed to make the playbook idempotent - changed_when: false - register: client_secret_tempfile - - - name: Put secret into the temporary file - local_action: ansible.builtin.copy - content="{{ osbuild_worker_authentication_client_secret }}" - dest="{{ client_secret_tempfile.path }}" - mode="440" - # never report this as changed to make the playbook idempotent - changed_when: false - - - name: Import role to configure osbuild-worker - ansible.builtin.import_role: - name: ansible-osbuild-worker - vars: - # rest of the vars are set in the appropriate group_vars - osbuild_worker_authentication_client_secret_file: "{{ client_secret_tempfile.path }}" - - always: - - name: Remove temporary file with client secret - local_action: ansible.builtin.file path="{{ client_secret_tempfile.path }}" state=absent - # never report this as changed to make the playbook idempotent - changed_when: false - when: client_secret_tempfile is defined and client_secret_tempfile.path is defined diff --git a/playbooks/groups/buildvm.yml b/playbooks/groups/buildvm.yml index a0f4b629de..b9b1c228f3 100644 --- a/playbooks/groups/buildvm.yml +++ b/playbooks/groups/buildvm.yml @@ -1,138 +1,48 @@ -# create a new koji builder +# create a new koji builder # NOTE: should be used with --limit most of the time # NOTE: make sure there is room/space for this builder on the buildvmhost # NOTE: most of these vars_path come from group_vars/buildvm or from hostvars ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "buildvm:buildvm_stg:buildvm_aarch64:buildvm_ppc64le:buildvm_ppc64le_stg:buildvm_aarch64_stg:buildvm_s390x:buildvm_x86_riscv" - -- name: Make koji builder(s) - hosts: buildvm:buildvm_stg:buildvm_aarch64:buildvm_ppc64le:buildvm_ppc64le_stg:buildvm_aarch64_stg:buildvm_s390x:buildvm_s390x_stg:buildvm_x86_riscv +- name: make buildvm + hosts: buildvm:buildvm-stg user: root - gather_facts: true + gather_facts: False + accelerate: "{{ accelerated }}" vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - base - - hosts - - { - role: nfs/client, - mnt_dir: "/mnt/fedora_koji", - nfs_src_dir: "{{ koji_hub_nfs }}", - when: "env == 'staging' or createrepo or 'runroot' in group_names and not inventory_hostname.startswith('buildvm-s390x')", - } - - ipa/client - - role: sudo - when: not inventory_hostname.startswith('bkernel') and env == 'production' - - koji_builder - - role: nfs/client - mnt_dir: '/mnt/koji/ostree' - nfs_src_dir: 'fedora_ostree_content/ostree' - when: env != 'staging' and 'runroot' in group_names and not inventory_hostname.startswith('buildvm-s390x') - - - role: nfs/client - mnt_dir: '/mnt/koji/compose/ostree' - nfs_src_dir: 'fedora_ostree_content/compose/ostree' - when: env != 'staging' and 'runroot' in group_names and not inventory_hostname.startswith('buildvm-s390x') - - - role: nfs/client - mnt_dir: '/mnt/koji/ostree' - nfs_src_dir: 'fedora_ostree_content_stg/ostree' - when: env == 'staging' and 'runroot' in group_names and not inventory_hostname.startswith('buildvm-s390x') - - - role: nfs/client - mnt_dir: '/mnt/koji/compose/ostree' - nfs_src_dir: 'fedora_ostree_content_stg/compose/ostree' - when: env == 'staging' and 'runroot' in group_names and not inventory_hostname.startswith('buildvm-s390x') - - - role: keytab/service - kt_location: /etc/kojid/kojid.keytab - service: compile - when: koji_instance != 'secondary' - - role: keytab/service - kt_location: /etc/kojid/kojid.keytab - service: compile-riscv - when: koji_instance == 'secondary' - - role: btrfs - btrfs_balance_period: weekly - # push built Flatpaks to candidate registry - - role: login-registry - candidate_registry: "candidate-registry.fedoraproject.org" - candidate_registry_osbs_username: "{{candidate_registry_osbs_prod_username}}" - candidate_registry_osbs_password: "{{candidate_registry_osbs_prod_password}}" - when: env == "production" and koji_instance != 'secondary' - - role: login-registry - candidate_registry: "candidate-registry.stg.fedoraproject.org" - candidate_registry_osbs_username: "{{candidate_registry_osbs_stg_username}}" - candidate_registry_osbs_password: "{{candidate_registry_osbs_stg_password}}" - when: env == "staging" and koji_instance != 'secondary' - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: Configure varnish cache - hosts: buildvm-s390x-01.stg.s390.fedoraproject.org:buildvm-s390x-14.s390.fedoraproject.org - tags: - - varnish - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - varnish - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: Configure sshfs on buildvm-s390x - hosts: buildvm-s390x-11.s390.fedoraproject.org:buildvm-s390x-12.s390.fedoraproject.org:buildvm-s390x-13.s390.fedoraproject.org - tags: - - sshfs - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - - name: Put sshfs key in place - ansible.builtin.copy: - src="{{ private }}/files/releng/sshkeys/primary-s390x-sshfs{{ '-staging' if env == 'staging' else '' }}" - dest="/etc/primary-s390x-sshfs" - owner=root group=root mode=0600 - tags: - - sshfs - - - name: Install sshfs - ansible.builtin.package: name=sshfs - state=present - tags: - - sshfs - - - name: Add /mnt/fedora_koji sshfs - mount: path="/mnt/fedora_koji" - state=present - fstype=fuse.sshfs - src="root@koji01{{ env_suffix }}.iad2.fedoraproject.org:/mnt/fedora_koji" - opts="noauto,_netdev,ServerAliveInterval=20,IdentityFile=/etc/primary-s390x-sshfs" - tags: - - sshfs + - include: "{{ tasks }}/virt_instance_create.yml" handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" + - include: "{{ handlers }}/restart_services.yml" + +- name: make koji builder(s) + hosts: buildvm:buildvm-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - hosts + - { role: nfs/client, when: not inventory_hostname.startswith('arm'), mnt_dir: '/mnt/fedora_koji', nfs_src_dir: 'fedora_koji' } + - { role: nfs/client, when: datacenter == 'staging', mnt_dir: '/mnt/koji', nfs_src_dir: '/mnt/koji' } + - koji_builder + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + + - name: make sure kojid is running + action: service name=kojid state=running + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/busgateway.yml b/playbooks/groups/busgateway.yml new file mode 100644 index 0000000000..2c7afd25e6 --- /dev/null +++ b/playbooks/groups/busgateway.yml @@ -0,0 +1,75 @@ +- name: make busgateway server + hosts: busgateway;busgateway-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + - include: "{{ tasks }}/accelerate_prep.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: dole out the generic configuration + hosts: busgateway;busgateway-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - { role: denyhosts, when: ansible_distribution_major_version != '7' } + - nagios_client + - hosts + - fas_client + - collectd/base + - fedmsg/base + - sudo + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/openvpn_client_7.yml" + when: env != "staging" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: dole out the service-specific config + hosts: busgateway;busgateway-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + roles: + - role: fedmsg/hub + enable_websocket_server: True + - role: fedmsg/datanommer + - role: fedmsg/relay + - role: fedmsg/gateway + - role: collectd/fedmsg-service + process: fedmsg-hub + - role: collectd/fedmsg-service + process: fedmsg-relay + - role: collectd/fedmsg-service + process: fedmsg-gateway + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/centos-ipa-client.yml b/playbooks/groups/centos-ipa-client.yml deleted file mode 100644 index db9794228c..0000000000 --- a/playbooks/groups/centos-ipa-client.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "centos_ipa_client_stg" - -- name: Make the boxes be realen - hosts: centos_ipa_client_stg - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - hosts - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/certgetter.yml b/playbooks/groups/certgetter.yml deleted file mode 100644 index df1452195e..0000000000 --- a/playbooks/groups/certgetter.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "certgetter" - -- name: Make the box be real - hosts: certgetter - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - rkhunter - - nagios_client - - hosts - - { role: openvpn/client, - when: env != "staging" } - - ipa/client - - rsyncd - - sudo - - apache - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - tasks: - - name: make sure certbot is installed - ansible.builtin.package: name=certbot state=installed - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/composers.yml b/playbooks/groups/composers.yml new file mode 100644 index 0000000000..8dcac4347d --- /dev/null +++ b/playbooks/groups/composers.yml @@ -0,0 +1,52 @@ +# create a new releng system +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this instance on the buildvmhost +# NOTE: most of these vars_path come from group_vars/releng or from hostvars + +- name: make releng systems + hosts: branched-composer.phx2.fedoraproject.org:rawhide-composer.phx2.fedoraproject.org + user: root + gather_facts: False + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +# Once the instance exists, configure it. + +- name: make releng server system + hosts: branched-composer.phx2.fedoraproject.org:rawhide-composer.phx2.fedoraproject.org + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - nagios_client + - collectd/base + - hosts + - builder_repo + - { role: nfs/client, mnt_dir: '/pub/fedora', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub/fedora' } + - { role: nfs/client, mnt_dir: '/mnt/fedora_koji', nfs_src_dir: 'fedora_koji' } + - releng + - fedmsg/base + + tasks: + - include: "{{ tasks }}/motd.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + diff --git a/playbooks/groups/copr-backend.yml b/playbooks/groups/copr-backend.yml deleted file mode 100644 index c3cddcded1..0000000000 --- a/playbooks/groups/copr-backend.yml +++ /dev/null @@ -1,67 +0,0 @@ ---- -- name: Check/create instance - hosts: copr_back_dev_aws:copr_back_aws - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - # - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" - # when: datacenter != 'aws' - - - import_tasks: "{{ tasks_path }}/aws_cloud.yml" - when: datacenter == 'aws' - - - import_tasks: "{{ tasks_path }}/swap.yml" - when: - - datacenter == 'aws' - - swap_file_size_mb is defined - -- name: Cloud basic setup - hosts: copr_back_dev_aws:copr_back_aws - user: root - gather_facts: true - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - - tasks: - - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" - -# this should be set to ansible_hostname -# - name: "set hostname (required by some services, at least postfix need it)" -# hostname: name="{{copr_hostbase}}.cloud.fedoraproject.org" -# when: env != 'production' - -- name: Provision instance - hosts: copr_back_dev_aws:copr_back_aws - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - # Roles are run first, before tasks, regardless of where you place them here. - roles: - - copr/pre - - base - - nagios_client - - copr/backend - - role: messaging/base - when: copr_messaging - - role: rsnapshot-push - when: env == "production" - - role: log-detective-backup - when: env == "production" diff --git a/playbooks/groups/copr-dist-git.yml b/playbooks/groups/copr-dist-git.yml deleted file mode 100644 index 4e64344d76..0000000000 --- a/playbooks/groups/copr-dist-git.yml +++ /dev/null @@ -1,59 +0,0 @@ ---- -- name: Check/create instance - hosts: copr_dist_git_dev_aws:copr_dist_git_aws - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - # - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" - # when: datacenter != 'aws' - - - import_tasks: "{{ tasks_path }}/aws_cloud.yml" - when: datacenter == 'aws' - -- name: Cloud basic setup - hosts: copr_dist_git_dev_aws:copr_dist_git_aws - user: root - gather_facts: true - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - tasks: - - import_tasks: "{{ tasks_path }}/swap.yml" - when: - - datacenter == 'aws' - - swap_file_size_mb is defined - - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" - - name: Set hostname (required by some services, at least postfix need it) - hostname: name="{{copr_hostbase}}.fedorainfracloud.org" - when: datacenter != "aws" - -- name: Provision instance - hosts: copr_dist_git_dev_aws:copr_dist_git_aws - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - copr/pre - - base - - nagios_client - - copr/dist_git - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/copr-frontend.yml b/playbooks/groups/copr-frontend.yml deleted file mode 100644 index 2c9714d09e..0000000000 --- a/playbooks/groups/copr-frontend.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -- name: Check/create instance - hosts: copr_front_dev_aws:copr_front_aws - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - # - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" - # when: datacenter != "aws" - - - import_tasks: "{{ tasks_path }}/aws_cloud.yml" - when: datacenter == "aws" - tags: always - - - import_tasks: "{{ tasks_path }}/swap.yml" - when: - - datacenter == 'aws' - - swap_file_size_mb is defined - -- name: Cloud basic setup - hosts: copr_front_dev_aws:copr_front_aws - gather_facts: true - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - tasks: - - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" - - name: Set hostname (required by some services, at least postfix need it) - hostname: name="{{copr_hostbase}}.cloud.fedoraproject.org" - when: datacenter != "aws" - -- name: Provision instance - hosts: copr_front_dev_aws:copr_front_aws - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - copr/pre - - base - - nagios_client - - copr/frontend diff --git a/playbooks/groups/copr-hypervisor.yml b/playbooks/groups/copr-hypervisor.yml deleted file mode 100644 index c4470938dc..0000000000 --- a/playbooks/groups/copr-hypervisor.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- name: Setup copr hypervisor hosts - hosts: copr_hypervisor - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "{{ private }}/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - include_role: name=copr/reboot - tags: always - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - tasks: - - import_role: name=base - - import_role: name=hosts - - import_role: name=rkhunter - - import_role: name=nagios_client - - import_role: name=openvpn/client - - import_role: name=ipa/client - - import_role: name=copr/hypervisor - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/copr-keygen.yml b/playbooks/groups/copr-keygen.yml deleted file mode 100644 index c68fb80a2f..0000000000 --- a/playbooks/groups/copr-keygen.yml +++ /dev/null @@ -1,59 +0,0 @@ ---- -- name: Check/create instance - hosts: copr_keygen_dev_aws:copr_keygen_aws - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - # - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" - # when: datacenter != 'aws' - - - import_tasks: "{{ tasks_path }}/aws_cloud.yml" - when: datacenter == 'aws' - - - - name: Gather facts - setup: - check_mode: no - ignore_errors: true - register: facts - - name: Install python2 and dnf stuff - raw: dnf -y install python-dnf libselinux-python yum - when: facts is failed - -- name: Cloud basic setup - hosts: copr_keygen_dev_aws:copr_keygen_aws - gather_facts: true - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - tasks: - - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" - - name: Set hostname (required by some services, at least postfix need it) - hostname: name="{{copr_hostbase}}.cloud.fedoraproject.org" - when: datacenter != "aws" - -- name: Provision instance - hosts: copr_keygen_dev_aws:copr_keygen_aws - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - copr/pre - - base - - nagios_client - - copr/keygen diff --git a/playbooks/groups/data-reports.yml b/playbooks/groups/data-reports.yml deleted file mode 100644 index 012f7b9f8d..0000000000 --- a/playbooks/groups/data-reports.yml +++ /dev/null @@ -1,32 +0,0 @@ -# create a data-reports vm -# - ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "data_reports" - -- name: Make the box be real - hosts: data_reports - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - base - - rkhunter - - nagios_client - - hosts - - ipa/client - - collectd/base - - sudo - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/datagrepper.yml b/playbooks/groups/datagrepper.yml new file mode 100644 index 0000000000..010886c9d8 --- /dev/null +++ b/playbooks/groups/datagrepper.yml @@ -0,0 +1,122 @@ +# create a new datagrepper server + +- name: make datagrepper server + hosts: datagrepper;datagrepper-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + - include: "{{ tasks }}/accelerate_prep.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: datagrepper;datagrepper-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - { role: denyhosts, when: ansible_distribution_major_version != '7' } + - nagios_client + - hosts + - fas_client + - collectd/base + - fedmsg/base + - rsyncd + - sudo + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/openvpn_client_7.yml" + when: env != "staging" + - include: "{{ tasks }}/apache.yml" + - include: "{{ tasks }}/mod_wsgi.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: dole out the service-specific config + hosts: datagrepper;datagrepper-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - datagrepper + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +# The gluster work here can be omitted for now. It is used by a feature of +# datagrepper that is partially in place, but not yet functional. +# +#- name: set up gluster server on prod +# hosts: datagrepper;datagrepper-stg +# user: root +# gather_facts: True +# accelerate: "{{ accelerated }}" +# +# vars_files: +# - /srv/web/infra/ansible/vars/global.yml +# - "{{ private }}/vars.yml" +# - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml +# +# roles: +# - role: gluster/server +# name: gluster +# username: "{{ datagrepperglusterusername }}" +# password: "{{ datagrepperglusterpassword }}" +# owner: root +# group: root +# datadir: /srv/glusterfs/datagrepper +# +# handlers: +# - include: "{{ handlers }}/restart_services.yml" +# +#- name: set up gluster client on prod +# hosts: datagrepper;datagrepper-stg +# user: root +# gather_facts: True +# accelerate: "{{ accelerated }}" +# +# vars_files: +# - /srv/web/infra/ansible/vars/global.yml +# - "{{ private }}/vars.yml" +# - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml +# +# roles: +# - role: gluster/client +# name: gluster +# servers: +# - datagrepper01.phx2.fedoraproject.org +# - datagrepper02.phx2.fedoraproject.org +# username: "{{ datagrepperglusterusername }}" +# password: "{{ datagrepperglusterpassword }}" +# owner: apache +# group: apache +# mountdir: /var/cache/datagrepper +# +# handlers: +# - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/db.aws.yml b/playbooks/groups/db.aws.yml deleted file mode 100644 index 94de62a16f..0000000000 --- a/playbooks/groups/db.aws.yml +++ /dev/null @@ -1,76 +0,0 @@ -# database server system in AWS for machines hosted in AWS -# NOTE: most of these vars_path come from group_vars/backup_server or from hostvars - -# Once the instance exists, configure it. - ---- -- name: Check/create instance - hosts: db.stg.aws.fedoraproject.org - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - import_tasks: "{{ tasks_path }}/aws_cloud.yml" - when: datacenter == 'aws' - - - import_tasks: "{{ tasks_path }}/swap.yml" - when: - - datacenter == 'aws' - - swap_file_size_mb is defined - -- name: Cloud basic setup - hosts: db.stg.aws.fedoraproject.org - user: root - gather_facts: true - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - tasks: - - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" - -- name: Configure server - hosts: db.stg.aws.fedoraproject.org - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - dnf: - name: - - langpacks-en - - glibc-all-langpacks - state: latest - - ansible.builtin.systemd_service: - daemon_reload: true - - roles: - - base - - rkhunter - # - {role: ipa/client, when: env == "staging"} - # - nagios_client - # - zabbix/zabbix_agent - - hosts - - postgresql_server - # - collectd/base - # - collectd/postgres # This requires a 'databases' var to be set in host_vars - - sudo - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/debuginfod.yml b/playbooks/groups/debuginfod.yml deleted file mode 100644 index 1d997367b0..0000000000 --- a/playbooks/groups/debuginfod.yml +++ /dev/null @@ -1,80 +0,0 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "debuginfod:debuginfod_stg" - -- name: Make the box be real - hosts: debuginfod:debuginfod_stg - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - base - - rkhunter - - nagios_client - - zabbix/zabbix_agent - - hosts - - ipa/client - - collectd/base - - - role: nfs/client - mount_stg: true - mnt_dir: '/mnt/fedora_koji_prod' - nfs_src_dir: "fedora_koji" - - tasks: - - name: install debuginfod - ansible.builtin.package: name=elfutils-debuginfod state=present - tags: debuginfod - - - name: Install sqlite for diagnostics - ansible.builtin.package: name=sqlite state=present - tags: debuginfod - - - name: Install sqlite-analyzer for diagnostics - ansible.builtin.package: name=sqlite-analyzer state=present - tags: debuginfod - - - name: Install sqlite for diagnostics - ansible.builtin.package: name=sqlite state=present - tags: debuginfod - - - name: Install rsync for data backups - ansible.builtin.package: name=rsync state=present - tags: debuginfod - - - name: Install debuginfod configuration - ansible.builtin.copy: src="{{ files }}/debuginfod/sysconfig.debuginfod" dest=/etc/sysconfig/debuginfod owner=root group=root mode=644 - tags: debuginfod - notify: - - Restart debuginfod - - - name: Ensure systemd drop-in directory exists - ansible.builtin.file: > - dest=/etc/systemd/system/debuginfod.service.d - state=directory - tags: debuginfod - - - name: Install debuginfod systemd drop-in - tags: debuginfod - ansible.builtin.copy: src="{{ files }}/debuginfod/debuginfod.service.d" dest=/etc/systemd/system/debuginfod.service.d/override.conf owner=root group=root mode=644 - notify: - - Restart debuginfod - - - name: Ensure debuginfod is enabled and started - service: - name: debuginfod - state: started - enabled: yes - tags: debuginfod - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/dhcp.yml b/playbooks/groups/dhcp.yml new file mode 100644 index 0000000000..6b2a3ccde4 --- /dev/null +++ b/playbooks/groups/dhcp.yml @@ -0,0 +1,48 @@ +- name: make dhcp server + hosts: dhcp + user: root + gather_facts: False + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + - include: "{{ tasks }}/accelerate_prep.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: dhcp + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - sudo + - dhcp_server + - tftp_server + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + - include: "{{ handlers }}/semanage.yml" diff --git a/playbooks/groups/dns.yml b/playbooks/groups/dns.yml deleted file mode 100644 index f086fdea8b..0000000000 --- a/playbooks/groups/dns.yml +++ /dev/null @@ -1,36 +0,0 @@ -# create a new dns server - ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "dns" - -- name: Make the box be real - hosts: dns - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - hosts - - rkhunter - - nagios_client - - { role: openvpn/client, - when: datacenter != 'iad2' and datacenter != 'rdu3' } - - ipa/client - - collectd/base - - collectd/bind - - rsyncd - - sudo - - dns - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/docs-backend.yml b/playbooks/groups/docs-backend.yml new file mode 100644 index 0000000000..2f492b476d --- /dev/null +++ b/playbooks/groups/docs-backend.yml @@ -0,0 +1,68 @@ +- name: make docs-backend server + hosts: docs-backend + user: root + gather_facts: False + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: docs-backend + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - denyhosts + - nagios_client + - hosts + - fas_client + - collectd/base + - yum-cron + - sudo + + tasks: + # this is how you include other task lists + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/openvpn_client.yml" + when: env != "staging" + # we want httpd for now, to examine the product directly + - include: "{{ tasks }}/apache.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: setup publican web + hosts: docs-backend + user: root + gather_facts: True + accelerate: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: publican_webhost, kojitag: "el6-docs", publican_brand: "fedora", site_title: "Fedora Documentation", site_host: "http://docs.fedoraproject.org" } + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/download.yml b/playbooks/groups/download.yml index e3b957a9a3..c9c40148a0 100644 --- a/playbooks/groups/download.yml +++ b/playbooks/groups/download.yml @@ -1,90 +1,83 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "download_ibiblio:download_cc_rdu:download_iad2" +- name: make secondary download virt + hosts: download-ibiblio + user: root + + gather_facts: False + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + - name: Download servers hosts: download user: root - gather_facts: false + gather_facts: False + accelerate: "{{ accelerated }}" vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: + - include: "{{ tasks }}/accelerate_prep.yml" handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" + - include: "{{ handlers }}/restart_services.yml" -- name: Post-initial-steps +- name: post-initial-steps hosts: download user: root - gather_facts: true + gather_facts: True + accelerate: "{{ accelerated }}" vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" roles: - base - rkhunter + - { role: denyhosts, when: ansible_distribution_major_version != '7' } - nagios_client - hosts - - { role: openvpn/client, when: vpn == True } - - ipa/client + - fas_client - collectd/base - - apache - download + - { role: mod_limitipconn, when: ansible_distribution_major_version != '7'} - rsyncd - - { role: nfs/client, when: datacenter == "iad2" or datacenter == "rdu", mnt_dir: '/srv/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' } - - { role: nfs/client, when: datacenter == "iad2" or datacenter == "rdu", mnt_dir: '/srv/pub/archive', nfs_src_dir: 'fedora_ftp_archive' } - - { role: nfs/client, when: datacenter == "iad2", mnt_dir: '/mnt/fedora_koji', nfs_src_dir: 'fedora_koji' } # needed for internal sync + - { role: nfs/client, when: datacenter == "phx2", mnt_dir: '/srv/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' } + - { role: nfs/client, when: datacenter == "rdu", mnt_dir: '/srv/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' } - sudo - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - tasks: - - name: put in script for syncing fedora on download-ib01 - ansible.builtin.copy: src="{{ files }}/download/sync-up-downloads.sh.ib01" dest=/usr/local/bin/sync-up-downloads owner=root group=root mode=755 - when: inventory_hostname == 'download-ib01.fedoraproject.org' - - name: Put in script for syncing fedora-alt on download-ib01 - ansible.builtin.copy: src="{{ files }}/download/sync-up-other.sh.ib01" dest=/usr/local/bin/sync-up-other owner=root group=root mode=755 - when: inventory_hostname == 'download-ib01.fedoraproject.org' - - name: Put in script for syncing centos on download-ib01 - ansible.builtin.copy: src="{{ files }}/download/sync-up-centos.sh.ib01" dest=/usr/local/bin/sync-up-centos owner=root group=root mode=755 - when: inventory_hostname == 'download-ib01.fedoraproject.org' - - name: Put in cron job for syncing - ansible.builtin.copy: src="{{ files }}/download/download-sync.cron.ib01" dest=/etc/cron.d/download-sync owner=root group=root mode=644 - when: inventory_hostname == 'download-ib01.fedoraproject.org' - - name: Put in last sync scrypt for download-ib01 - ansible.builtin.copy: src="{{ files}}/download/last-sync" dest=/usr/local/bin/last-sync mode=0755 - when: inventory_hostname == 'download-ib01.fedoraproject.org' - - name: Install bc so last-sync works. - ansible.builtin.package: name=bc state=present - when: inventory_hostname == 'download-ib01.fedoraproject.org' - - - name: Put in script for syncing on download-cc-rdu01 - ansible.builtin.copy: src="{{ files }}/download/sync-up-downloads.sh.cc-rdu01" dest=/usr/local/bin/sync-up-downloads owner=root group=root mode=755 - when: inventory_hostname == 'download-cc-rdu01.fedoraproject.org' - - name: Put in script for syncing centos on download-cc-rdu01 - ansible.builtin.copy: src="{{ files }}/download/sync-up-centos.sh.cc-rdu01" dest=/usr/local/bin/sync-up-centos owner=root group=root mode=755 - when: inventory_hostname == 'download-cc-rdu01.fedoraproject.org' - - name: Put in cron job for syncing on download-cc-rdu01 - ansible.builtin.copy: src="{{ files }}/download/download-sync.cron.cc-rdu01" dest=/etc/cron.d/download-sync owner=root group=root mode=644 - when: inventory_hostname == 'download-cc-rdu01.fedoraproject.org' - - name: Put in last sync scrypt for download-cc-rdu01 - ansible.builtin.copy: src="{{ files}}/download/last-sync" dest=/usr/local/bin/last-sync mode=0755 - when: inventory_hostname == 'download-cc-rdu01.fedoraproject.org' - - - name: Make a mnt/koji link - ansible.builtin.file: state=link src=/mnt/fedora_koji/koji dest=/mnt/koji - when: datacenter == "iad2" + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + when: env != "staging" + - include: "{{ tasks }}/apache.yml" + - include: "{{ tasks }}/openvpn_client.yml" + when: datacenter != 'phx2' and ansible_distribution_major_version != '7' + - include: "{{ tasks }}/openvpn_client_7.yml" + when: datacenter != 'phx2' and ansible_distribution_major_version == '7' + - name: put in script for syncing + action: copy src="{{ files }}/download/sync-up-downloads.sh" dest=/usr/local/bin/sync-up-downloads owner=root group=root mode=755 + when: datacenter == 'ibiblio' + - name: put in cron job for syncing + action: copy src="{{ files }}/download/download-sync.cron" dest=/etc/cron.d/download-sync owner=root group=root mode=644 + when: datacenter == 'ibiblio' handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" + - include: "{{ handlers }}/restart_services.yml" + diff --git a/playbooks/groups/elections.yml b/playbooks/groups/elections.yml new file mode 100644 index 0000000000..cd2ea01399 --- /dev/null +++ b/playbooks/groups/elections.yml @@ -0,0 +1,84 @@ +- name: make elections + hosts: elections;elections-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + - include: "{{ tasks }}/accelerate_prep.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: elections;elections-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - denyhosts + - nagios_client + - hosts + - fas_client + - rsyncd + - sudo + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/openvpn_client.yml" + when: env != "staging" + - include: "{{ tasks }}/apache.yml" + - include: "{{ tasks }}/mod_wsgi.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: set up fedmsg on elections + hosts: elections;elections-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - fedmsg/base + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: deploy elections itself + hosts: elections;elections-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - elections + + handlers: + - include: "{{ handlers }}/restart_services.yml" + diff --git a/playbooks/groups/fedimg.yml b/playbooks/groups/fedimg.yml new file mode 100644 index 0000000000..78162f356e --- /dev/null +++ b/playbooks/groups/fedimg.yml @@ -0,0 +1,66 @@ +- name: make fedimg server + hosts: fedimg;fedimg-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + - include: "{{ tasks }}/accelerate_prep.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: dole out the generic configuration + hosts: fedimg;fedimg-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - { role: denyhosts, when: ansible_distribution_major_version != '7' } + - nagios_client + - hosts + - fas_client + - collectd/base + - fedmsg/base + - sudo + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: dole out the service-specific config + hosts: fedimg;fedimg-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + roles: + - fedmsg/hub + #- fedimg + #- role: collectd/fedmsg-service + # process: fedmsg-hub + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/fedoauth.yml b/playbooks/groups/fedoauth.yml new file mode 100644 index 0000000000..eb91bffb25 --- /dev/null +++ b/playbooks/groups/fedoauth.yml @@ -0,0 +1,71 @@ +# create a new FedOAuth server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/fedoauth* or from hostvars + +- name: make fedoauth + hosts: fedoauth-stg:fedoauth + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + - include: "{{ tasks }}/accelerate_prep.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: fedoauth-stg:fedoauth + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - denyhosts + - nagios_client + - hosts + - fas_client + - rsyncd + - sudo + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/openvpn_client.yml" + when: env != "staging" + - include: "{{ tasks }}/apache.yml" + - include: "{{ tasks }}/mod_wsgi.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: deploy fedoauth itself + hosts: fedoauth-stg:fedoauth + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - fedoauth + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/fedocal.yml b/playbooks/groups/fedocal.yml new file mode 100644 index 0000000000..a54343947a --- /dev/null +++ b/playbooks/groups/fedocal.yml @@ -0,0 +1,88 @@ +# create a new fedocal server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/fedocal* or from hostvars + +- name: make fedocal + hosts: fedocal-stg;fedocal + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + - include: "{{ tasks }}/accelerate_prep.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: fedocal-stg;fedocal + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - denyhosts + - nagios_client + - hosts + - fas_client + - rsyncd + - sudo + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/openvpn_client.yml" + when: env != "staging" + - include: "{{ tasks }}/apache.yml" + - include: "{{ tasks }}/mod_wsgi.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: set up fedmsg + hosts: fedocal-stg;fedocal + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - fedmsg/base + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: deploy fedocal itself + hosts: fedocal-stg;fedocal + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - fedocal + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/flatpak-cache.yml b/playbooks/groups/flatpak-cache.yml deleted file mode 100644 index 9a4745391a..0000000000 --- a/playbooks/groups/flatpak-cache.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "flatpak_cache" - -- name: Make the box be real - hosts: flatpak_cache - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - rkhunter - - nagios_client - - zabbix/zabbix_agent - - ipa/client - - collectd/base - - sudo - - flatpak-cache - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/gallery.yml b/playbooks/groups/gallery.yml new file mode 100644 index 0000000000..ef70dbee78 --- /dev/null +++ b/playbooks/groups/gallery.yml @@ -0,0 +1,68 @@ +# create a new gallery server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/gallery-web* or from hostvars + +- name: make gallery server + hosts: gallery-stg + user: root + gather_facts: False + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: gallery-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - denyhosts + - nagios_client + - hosts + - fas_client + - fedmsg/base + - sudo + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/apache.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: deploy gallery itself + hosts: gallery-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - gallery + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/github2fedmsg.yml b/playbooks/groups/github2fedmsg.yml new file mode 100644 index 0000000000..863c367423 --- /dev/null +++ b/playbooks/groups/github2fedmsg.yml @@ -0,0 +1,73 @@ +# create a new github2fedmsg server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/github2fedmsg* or from hostvars + +- name: make github2fedmsg server + hosts: github2fedmsg;github2fedmsg-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + - include: "{{ tasks }}/accelerate_prep.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: github2fedmsg;github2fedmsg-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - denyhosts + - nagios_client + - hosts + - fas_client + - collectd/base + - rsyncd + - sudo + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/openvpn_client.yml" + when: env != "staging" + - include: "{{ tasks }}/apache.yml" + - include: "{{ tasks }}/mod_wsgi.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: deploy service-specific config + hosts: github2fedmsg;github2fedmsg-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + handlers: + - include: "{{ handlers }}/restart_services.yml" + + roles: + - github2fedmsg + - fedmsg/base diff --git a/playbooks/groups/ipa.yml b/playbooks/groups/ipa.yml deleted file mode 100644 index e8598c441d..0000000000 --- a/playbooks/groups/ipa.yml +++ /dev/null @@ -1,110 +0,0 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "ipa:ipa_stg" - -- name: Make the box be real - hosts: ipa:ipa_stg - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - rkhunter - - nagios_client - - zabbix/zabbix_agent - - collectd/base - - hosts - - {role: openvpn/client, - when: env != "staging"} - - ipa/client - - rsyncd - - sudo - # Set up for fedora-messaging - - role: rabbit/user - user_name: "ipa{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.ipa\..* - when: inventory_hostname.startswith('ipa01') - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: Deploy ipa itself - hosts: ipa:ipa_stg - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - "{{ vars_path }}/{{ ansible_distribution }}.yml" - - roles: - - ipa/server - - role: keytab/service - owner_user: apache - owner_group: apache - service: HTTP - host: "id{{env_suffix}}.fedoraproject.org" - notify: - - Combine IPA http keytabs - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - name: Combine IPA keytabs - ansible.builtin.shell: printf "%b" "read_kt /etc/httpd/conf/ipa.keytab\nread_kt /etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab\nwrite_kt /etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab.combined" | ktutil - changed_when: false - tags: - - krb5 - - ipa/server - - name: Set owner and permissions on combined keytab - ansible.builtin.file: path="/etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab.combined" - owner=apache - group=apache - mode=0600 - tags: - - krb5 - - ipa/server - # original: /etc/httpd/conf/ipa.keytab - # - name: Make IPA HTTP use the combined keytab - # lineinfile: dest=/etc/httpd/conf.d/ipa.conf - # regexp='GssapiCredStore keytab:' - # line=' GssapiCredStore keytab:/etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab.combined' - # tags: - # - krb5 - # - ipa/server - # - config - # - name: Make IPA HTTP use the id.fp.o client keytab - # lineinfile: dest=/etc/httpd/conf.d/ipa.conf - # regexp='GssapiCredStore client_keytab:' - # line=' GssapiCredStore client_keytab:/etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab' - # tags: - # - krb5 - # - ipa/server - # - config - -- name: Do base role once more to revert any resolvconf changes - hosts: ipa:ipa_stg - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - "{{ vars_path }}/{{ ansible_distribution }}.yml" - - roles: - - base - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/ipsilon.yml b/playbooks/groups/ipsilon.yml deleted file mode 100644 index 8c95c4344a..0000000000 --- a/playbooks/groups/ipsilon.yml +++ /dev/null @@ -1,104 +0,0 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "ipsilon:ipsilon_stg" - - -- name: Make the box be real - hosts: ipsilon:ipsilon_stg - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - vars: - ipsilon_db_host: "db-fas01{{ env_suffix }}.iad2.fedoraproject.org" - - roles: - - base - - rkhunter - - nagios_client - - zabbix/zabbix_agent - - hosts - - rsyncd - - sudo - - collectd/base - - {role: openvpn/client, - when: env != "staging"} - - mod_wsgi - - role: keytab/service - owner_user: apache - owner_group: apache - service: HTTP - host: "id{{ env_suffix }}.fedoraproject.org" - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: Deploy ipsilon itself - hosts: ipsilon:ipsilon_stg - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - "{{ vars_path }}/{{ ansible_distribution }}.yml" - - vars: - ipsilon_db_host: "db-fas01{{ env_suffix }}.iad2.fedoraproject.org" - - roles: - - ipsilon - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - -# This next block configures IPA, it only needs to be run on one member of the cluster. -# Run it after setting up Ipsilon because the host need to be declared in IPA already. -- name: Setup IPA - hosts: ipa[0]:ipa_stg[0] - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Add the ipsilon HBAC service in IPA - ipahbacsvc: - name: ipsilon - description: Ipsilon authentication service - ipaadmin_password: "{{ ipa_admin_password }}" - tags: - - ipsilon - - - name: Allow login through ipsilon - ipahbacrule: - name: ipsilon - description: Login through ipsilon - hbacsvc: - - ipsilon - usercategory: all - host: "{{ (env == 'production')|ternary(groups['ipsilon'], groups['ipsilon_stg']) }}" - ipaadmin_password: "{{ ipa_admin_password }}" - tags: - - ipsilon - - - name: Allow login through ipsilon for the CentOS instance - ipahbacrule: - name: ipsilon - action: member - host: "{{ (env == 'production')|ternary('ipsilon.iad2.centos.org', 'ipsilon.stg.iad2.centos.org') }}" - ipaadmin_password: "{{ ipa_admin_password }}" - tags: - - ipsilon diff --git a/playbooks/groups/jenkins-cloud.yml b/playbooks/groups/jenkins-cloud.yml new file mode 100644 index 0000000000..ddfeaa81c5 --- /dev/null +++ b/playbooks/groups/jenkins-cloud.yml @@ -0,0 +1,480 @@ +- name: check/create instance for jenkins-master + hosts: jenkins-cloud # 209.132.184.153 + user: root + gather_facts: False + tags: + - jenkins_master + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + + tasks: + - include: "{{ tasks }}/persistent_cloud.yml" + - include: "{{ tasks }}/growroot_cloud.yml" + +- name: provision master + hosts: 209.132.184.153 + user: root + gather_facts: True + tags: + - jenkins_master + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + - resolvconf: resolv.conf/jenkins-cloud + + roles: + - base + + tasks: + - include: "{{ tasks }}/cloud_setup_basic.yml" + + - name: make the jenkins path + action: file state=directory path=/var/lib/jenkins + + - name: mount our persistent space + action: mount name=/var/lib/jenkins src='LABEL=jenkins' fstype=ext4 state=mounted + + - name: poke firewall holes + action: command lokkit {{ item }} + with_items: + - --service=ssh + - --service=https + - --service=http + + - name: install pkgs for jenkins + action: yum state=installed pkg={{ item }} + with_items: + - vim + - dejavu-s\* + - fontconfig + - java-1.6.0-openjdk + - httpd + - openssh-clients + - git + tags: + - packages + + - name: add jenkins proxy config file for apache + action: copy src="{{ files }}/jenkins/master/jenkins-apache.conf" dest=/etc/httpd/conf.d/jenkins-apache.conf owner=root group=root mode=0644 + notify: + - restart httpd + tags: + - config + + - name: enable apache + action: service name=httpd state=running enabled=true + + - name: add jenkins upstream repo + action: copy src="{{ files }}/jenkins/master/jenkins.repo" dest=/etc/yum.repos.d/jenkins.repo owner=root group=root + tags: + - config + + - name: import jenkins upstream gpg key + action: copy src="{{ files }}/jenkins/master/jenkins-ci.org.key" dest=/etc/pki/rpm-gpg/RPM-GPG-KEY-jenkins-ci.org owner=root group=root + tags: + - config + + - name: install pkgs for jenkins + action: yum state=installed pkg={{ item }} + with_items: + - jenkins + tags: + - packages + + - name: set the hostname to jenkins-osversion + action: command hostname jenkins-master-{{ dist_tag }} + tags: + - config + + - name: make sure jenkins is stopped + action: service name=jenkins state=stopped + + - name: clean any previous plugin deployments + action: file state=absent path=/var/lib/jenkins/plugins + + - name: mkdir dir for jenkins data + action: file state=directory path=/var/lib/jenkins/plugins/ owner=jenkins group=jenkins + + - name: Download jenkins plugins + get_url: url=https://updates.jenkins-ci.org/download/plugins/{{ item.name }}/{{ item.version }}/{{ item.name }}.hpi + dest=/var/lib/jenkins/plugins/{{ item.name }}.hpi + sha256sum={{ item.sha }} + with_items: + - name: bazaar + version: 1.22 + sha: d7ff0987c96e2a694257ecf897ceee376908c5f94abfd1d5efc32482e4d54141 + - name: chucknorris + version: 0.5 + sha: bd9df0507008255ad2ed046368d10a4d039a6cbcfefb53c71c1768cc0dcbf65b + - name: cobertura + version: 1.9.3 + sha: 3db93d70486b80a904a74ce40b0ac6a7812d1f522f820d0e5d7b538401bc2946 + - name: cvs + version: 2.11 + sha: 7c917bc824019a81d54472c525e4d724dfb4ae10b59bf64e692a2fc59fcd33cc + - name: external-monitor-job + version: 1.2 + sha: 8dd2644271d0138839490342833e9ff7f82772038f673f5ac6220193c587747d + - name: git + version: 2.2.1 + sha: 4ba2185688a8e1ffdce43916448ff3a25a8ef845feebb3c95f47a0bb65e11252 + - name: git-client + version: 1.8.0 + sha: 091df903bf1ed2b0c531714199ff8bb9225deaa2096520753554a39f2557d9e8 + - name: instant-messaging + version: 1.28 + sha: 0b84561fd72cb80d89c5c57548fe8b7270d448f66361dedd07e227fb1bd44f03 + - name: ldap + version: 1.8 + sha: 491905ec3675b6a5acf2098722c121732801fd6210e6ff54bc99d213b5b8ee58 + - name: maven-plugin + version: 2.2 + sha: b373d99ffbdec45375fcf00be329d7b5029ab195f5b48d2d7518c776ed4bf1b8 + - name: mercurial + version: '1.50' + sha: 934a6bd38e2109b97c915d80fdb6abc74a8ef4aff882b94ef0b1a274919ea407 + - name: openid + version: 1.8 + sha: fed09c7da7762323cf55c3b725493622a4a2460eab8622230497e35914ac9d7e + - name: python + version: 1.2 + sha: e3358a945f21b84a8156237b0d621815a7822322e1180ae1e66d10798aaf1f56 + - name: scm-api + version: 0.2 + sha: cc856d8dc8b951cf9a195baa2bf7bbff0d12368534a6b973e43e2909141eff3f + - name: ssh-agent + version: 1.4.1 + sha: ae8227bf219e96a4d76f36dc6d6e652ddd0209e8d9c4cf4483a07858d707ce6e + - name: subversion + version: 2.2 + sha: 221ed61c8e4ef959bb316ea93d188e19c8f980edac0f1e45a6cd8d7e13808b51 + - name: translation + version: 1.11 + sha: 4d88b8d74ade119cef76827bd385693447fa68fa18fd1bfc8806aff9d931f00e + - name: violations + version: 0.7.11 + sha: f8eacb53eb01f83f3702009a41cef89e520a72933671ac1ee9154d88bde2d67a + - name: xunit + version: 1.84 + sha: d06679ec0f3e2540615109789219404d602c98beda7be555dda7732a463c096b + - name: multiple-scms + version: 0.3 + sha: e79d7e855ffe0ad060d11ae1ce0b39f68e7fa031c6e831f60fe33e5ddb3392ac + - name: credentials + version: 1.9.4 + sha: 2fedc41d977a166c1addd82cd0cc9b73cffd34b97f7c0756bad7dc198ccd98de + - name: mailer + version: 1.8 + sha: fb9c6d471c2fea97fc2ccb64bfac18f77c847e740bcc2d5a4de31c35e851728a + notify: + - restart jenkins + tags: + - config + + - name: Download additional jenkins plugins (from the maven repo) + get_url: url=http://maven.jenkins-ci.org/content/repositories/releases/org/jvnet/hudson/plugins/{{ item.name }}/{{ item.version }}/{{ item.name }}-{{ item.version }}.hpi + dest=/var/lib/jenkins/plugins/{{ item.name }}.hpi + sha256sum={{ item.sha }} + with_items: + - name: warnings + version: 4.39 + sha: 7652b7ed8971de932f46323aa8e0ddee2bcf4f14839296481ae79590e09f7606 + notify: + - restart jenkins + tags: + - config + + - name: import jenkins configuration files + action: copy src={{ item }} owner=jenkins group=jenkins dest=/var/lib/jenkins/ backup=yes + with_fileglob: + - "{{ files }}/jenkins/master/*.xml" + tags: + - config + + - name: add jenkins ssh priv key so it can connect to clients + action: copy src="{{ private }}/files/jenkins/ssh/jenkins_master" dest=/var/tmp/jenkins_master_id_rsa mode=600 owner=jenkins group=jenkins + tags: + - config + + - name: add jenkins credentials it can connect to clients + action: copy src="{{ private }}/files/jenkins/ssh/credentials.xml" dest=/var/lib/jenkins/ + tags: + - config + + - name: start jenkins itself + action: service name=jenkins state=running + + - name: wait for a dir to exist - this is just ugly + shell: while `true`; do [ -d /var/lib/jenkins/plugins/openid/WEB-INF/lib/ ] && break; sleep 5; done + async: 1800 + poll: 20 + + - name: jenkins hotfix big file + copy: src={{ item }} dest=/var/lib/jenkins/plugins/openid/WEB-INF/lib/ group=jenkins mode=655 + with_fileglob: + - "{{ bigfiles }}/hotfixes/jenkins/openid/*.jar" + notify: + - restart jenkins + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: setup fedmsg for the master (after jenkins has been installed) + hosts: 209.132.184.153 + user: root + gather_facts: True + tags: + - jenkins_master + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - role: fedmsg/base + fedmsg_fqdn: jenkins.cloud.fedoraproject.org + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +################################################### +# jenkins slaves + +- name: check/create instance for jenkins-slaves + hosts: jenkins-slaves + user: root + gather_facts: False + tags: + - jenkins_workers + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + vars: + - keypair: fedora-admin-20130801 + - security_group: default + + tasks: + - include: "{{ tasks }}/persistent_cloud.yml" + - include: "{{ tasks }}/growroot_cloud.yml" + +- name: provision workers + hosts: jenkins-slaves + user: root + gather_facts: True + tags: + - jenkins_workers + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/cloud_setup_basic.yml" + + - name: add jenkins repos + action: copy src={{ item }} dest=/etc/yum.repos.d/ owner=root group=root + with_fileglob: + - "{{ files }}/jenkins/slaves/*.repo" + tags: + - config + - packages + + - name: install pkgs for jenkins + action: yum state=installed pkg={{ item }} + with_items: + - vim + - java-1.7.0-openjdk + - java-1.7.0-openjdk-devel + - subversion + - bzr + - git + - rpmlint + - rpmdevtools + - mercurial + - mock + - gcc + - gcc-c++ + - libjpeg-turbo-devel + - python-bugzilla + - python-pip + - python-virtualenv + - python-coverage + - pylint + - python-argparse + - python-nose + - python-BeautifulSoup + - python-fedora + - python-unittest2 + - python-pep8 + - python-psycopg2 + - postgresql-devel # Required to install python-psycopg2 w/in a venv + - docbook-style-xsl # Required by gimp-help-2 + - make # Required by gimp-help-2 + - automake # Required by gimp-help-2 + - libcurl-devel # Required by blockerbugs + - python-formencode # Required by javapackages-tools + - asciidoc # Required by javapackages-tools + - xmlto # Required by javapackages-tools + - pycairo-devel # Required by dogtail + - packagedb-cli # Required by FedoraReview + tags: + - packages + + - name: install packages not (yet) available on el7 builder + action: yum state=installed pkg={{ item }} + with_items: + - python-straight-plugin + - pyflakes # Requested by user rholy (ticket #4175) + - dia # Required by javapackages-tools ticket #4279 + when: ansible_distribution_version != "7.0" + tags: + - packages + + - name: install pkgs for jenkins for fedora systems + action: yum state=installed pkg={{ item }} + when: is_fedora is defined + with_items: + - python3 + - python-nose-cover3 + - python3-nose-cover3 + - sbt + - glibc.i686 + - glibc-devel.i686 + - libstdc++.i686 + - zlib-devel.i686 + - ncurses-devel.i686 + - libX11-devel.i686 + - libXrender.i686 + - libXrandr.i686 + - nspr-devel ## Requested by 389-ds-base + - nss-devel + - svrcore-devel + - openldap-devel + - libdb-devel + - cyrus-sasl-devel + - icu + - libicu-devel + - gcc-c++ + - net-snmp-devel + - lm_sensors-devel + - bzip2-devel + - zlib-devel + - openssl-devel + - tcp_wrappers + - pam-devel + - systemd-units + - policycoreutils-python + - openldap-clients + - perl-Mozilla-LDAP + - nss-tools + - cyrus-sasl-gssapi + - cyrus-sasl-md5 + - libdb-utils + - systemd-units + - perl-Socket + - perl-NetAddr-IP + - pcre-devel ## End of request list for 389-ds-base + - maven # Required by xmvn https://fedorahosted.org/fedora-infrastructure/ticket/4054 + - gtk3-devel # Required by dogtail + - glib2-devel # Required by Cockpit + - libgudev1-devel + - json-glib-devel + - gobject-introspection-devel + - libudisks2-devel + - NetworkManager-glib-devel + - systemd-devel + - accountsservice-devel + - pam-devel + - autoconf + - libtool + - intltool + - jsl + - python-scss + - gtk-doc + - krb5-devel + - sshpass + - perl-Locale-PO + - perl-JSON + - glib-networking + - realmd + - udisks2 + - mdadm + - lvm2 + - sshpass # End requires for Cockpit + - tito # Requested by msrb for javapackages-tools and xmvn (ticket#4113) + - pyflakes # Requested by user rholy (ticket #4175) + - devscripts-minimal # Required by FedoraReview + tags: + - packages + + - name: drop current android SDK + when: is_fedora is defined + action: file state=absent path=/var/android + + - name: mkdir dir for android SDK + when: is_fedora is defined + action: file state=directory path=/var/android owner=jenkins_slave group=jenkins_slave + + - name: copy android SDK + when: is_fedora is defined + action: copy src="{{ bigfiles }}/jenkins/android-sdk-with-platform-17.tar.gz" dest=/var/android/ owner=jenkins_slave group=jenkins_slave + + - name: extract android SDK + when: is_fedora is defined + command: tar -xvf /var/android/android-sdk-with-platform-17.tar.gz --owner=jenkins_slave --group=jenkins_slave -C /var/android/ + + - name: make /var/android belong to jenkins_slave + when: is_fedora is defined + action: file path=/var/android state=directory recurse=true owner=jenkins_slave group=jenkins_slave + + - name: delete sdk archive + when: is_fedora is defined + action: file state=absent path=/var/android/android-sdk-with-platform-17.tar.gz + + - name: set the hostname to jenkins-osversion + action: command hostname jenkins-{{ dist_tag }} + tags: + - config + + - name: setup jenkins_slave user + action: user name=jenkins_slave state=present createhome=yes system=no + tags: + - jenkinsuser + + - name: setup jenkins_slave ssh key + action: authorized_key user=jenkins_slave key="{{ item }}" + with_file: + - "{{ private }}/files/jenkins/ssh/jenkins_master.pub" + + - name: jenkins_slave to mock group + action: user name=jenkins_slave groups=mock + + - name: add .gitconfig for jenkins_slave user + action: copy src="{{ files }}/jenkins/gitconfig" dest=/home/jenkins_slave/.gitconfig owner=jenkins_slave group=jenkins_slave mode=664 + tags: + - config + + - name: template sshd_config + copy: src="{{ item }}" dest=/etc/ssh/sshd_config mode=0600 owner=root group=root + with_first_found: + - "{{ files }}/jenkins/sshd_config_slave.{{ ansible_distribution }}" + - "{{ files }}/jenkins/sshd_config_slave" + notify: + - restart sshd + tags: + - config + + - name: mkdir dir for jenkins data + action: file state=directory path=/mnt/jenkins owner=jenkins_slave group=jenkins_slave + + handlers: + - include: "{{ handlers }}/restart_services.yml" + diff --git a/playbooks/groups/kerneltest.yml b/playbooks/groups/kerneltest.yml new file mode 100644 index 0000000000..5c5ab7f39a --- /dev/null +++ b/playbooks/groups/kerneltest.yml @@ -0,0 +1,72 @@ +# create a new kerneltest server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/kerneltest* or from hostvars + +- name: make kerneltest server + hosts: kerneltest-stg:kerneltest + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + - include: "{{ tasks }}/accelerate_prep.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: kerneltest-stg:kerneltest + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - rsyncd + - sudo + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/openvpn_client_7.yml" + when: env != "staging" + - include: "{{ tasks }}/apache.yml" + - include: "{{ tasks }}/mod_wsgi.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: deploy service-specific config + hosts: kerneltest-stg:kerneltest + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + handlers: + - include: "{{ handlers }}/restart_services.yml" + + roles: + - kerneltest + - fedmsg/base diff --git a/playbooks/groups/keyserver.yml b/playbooks/groups/keyserver.yml new file mode 100644 index 0000000000..e28bab1be7 --- /dev/null +++ b/playbooks/groups/keyserver.yml @@ -0,0 +1,57 @@ +# create a new sks keyserver +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/gallery-web* or from hostvars + +- name: make sks keyserver + hosts: keys + user: root + gather_facts: False + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: keys + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - { role: denyhosts, when: ansible_distribution_major_version != '7' } + - nagios_client + - hosts + - fas_client + - fedmsg/base + - keyserver + - sudo + - collectd/base + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/openvpn_client.yml" + when: ansible_distribution_major_version != '7' + - include: "{{ tasks }}/openvpn_client_7.yml" + when: ansible_distribution_major_version == '7' + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/apache.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/koji-hub.yml b/playbooks/groups/koji-hub.yml index df75a2bfda..a750ec71d4 100644 --- a/playbooks/groups/koji-hub.yml +++ b/playbooks/groups/koji-hub.yml @@ -2,180 +2,52 @@ # NOTE: should be used with --limit most of the time # NOTE: most of these vars_path come from group_vars/koji-hub or from hostvars ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "koji_stg:koji:koji_riscv" - -# Once the instance exists, configure it. - -- name: Make koji_hub server system - hosts: koji_stg:koji:koji_riscv +- name: make koji hub + hosts: koji-stg user: root - gather_facts: true + gather_facts: False vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - tags: always - - import_tasks: "{{ tasks_path }}/yumrepos.yml" + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +# Once the instance exists, configure it. + +- name: make koji_hub server system + hosts: koji-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - rkhunter + - denyhosts - nagios_client - - zabbix/zabbix_agent - hosts - - ipa/client + - fas_client - collectd/base - - apache - - mod_wsgi - - role: keytab/service - service: kojira - host: "koji{{env_suffix}}.fedoraproject.org" - when: koji_instance != 'secondary' - - role: keytab/service - service: kojira - host: "riscv-koji{{env_suffix}}.fedoraproject.org" - when: koji_instance == 'secondary' - - role: keytab/service - service: koji-gc - owner_user: apache - host: "koji{{env_suffix}}.fedoraproject.org" - when: koji_instance != 'secondary' - - role: keytab/service - service: koji-gc - owner_user: apache - host: "riscv-koji{{env_suffix}}.fedoraproject.org" - when: koji_instance == 'secondary' + - fedmsg/base + - { role: koji_builder, when: env == "staging" } + - { role: nfs/server, when: env == "staging" } - koji_hub - - role: keytab/service - service: HTTP - owner_user: apache - host: "koji{{env_suffix}}.fedoraproject.org" - when: koji_instance != 'secondary' - - role: keytab/service - service: HTTP - owner_user: apache - host: "riscv-koji{{env_suffix}}.fedoraproject.org" - when: koji_instance == 'secondary' - - {role: nfs/server, when: env == "staging"} - - # production nfs mounts from netapp - - role: nfs/client - mnt_dir: '/mnt/fedora_koji' - nfs_src_dir: 'fedora_koji' - when: env == 'production' and inventory_hostname.startswith('koji') - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive00' - nfs_src_dir: 'fedora_koji_archive00' - when: env == 'production' and inventory_hostname.startswith('koji') - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive01' - nfs_src_dir: 'fedora_koji_archive01' - when: env == 'production' and inventory_hostname.startswith('koji') - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive02' - nfs_src_dir: 'fedora_koji_archive02' - when: env == 'production' and inventory_hostname.startswith('koji') - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive03' - nfs_src_dir: 'fedora_koji_archive03' - when: env == 'production' and inventory_hostname.startswith('koji') - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive04' - nfs_src_dir: 'fedora_koji_archive04' - when: env == 'production' and inventory_hostname.startswith('koji') - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive05' - nfs_src_dir: 'fedora_koji_archive05' - when: env == 'production' and inventory_hostname.startswith('koji') - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive06' - nfs_src_dir: 'fedora_koji_archive06' - when: env == 'production' and inventory_hostname.startswith('koji') - - - role: nfs/client - mnt_dir: '/mnt/koji/ostree' - nfs_src_dir: 'fedora_ostree_content/ostree' - mount_stg: true - when: env == 'production' and inventory_hostname.startswith('koji') - - - role: nfs/client - mnt_dir: '/mnt/koji/compose/ostree' - mount_stg: true - nfs_src_dir: 'fedora_ostree_content/compose/ostree' - when: env == 'production' and inventory_hostname.startswith('koji') - - # In staging, we mount fedora_koji as read only (see nfs_mount_opts) - - role: nfs/client - mnt_dir: '/mnt/fedora_koji_prod' - nfs_src_dir: 'fedora_koji' - when: env == 'staging' and inventory_hostname.startswith('koji') - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/' - mount_stg: true - nfs_src_dir: 'fedora_riscv_koji' - when: inventory_hostname.startswith('riscv') - - - role: nfs/client - mnt_dir: '/mnt/koji/ostree' - nfs_src_dir: 'fedora_ostree_content/ostree' - mount_stg: true - when: env == 'staging' - - - role: nfs/client - mnt_dir: '/mnt/koji/compose/ostree' - mount_stg: true - nfs_src_dir: 'fedora_ostree_content/compose/ostree' - when: env == 'staging' - - sudo - - role: rabbit/user - user_name: "koji{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.buildsys\..* - when: koji_instance != 'secondary' - - - role: rabbit/user - user_name: "riscv-koji{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.buildsys\..* - when: koji_instance == 'secondary' - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: Configure sshfs target on koji01 - hosts: koji01.iad2.fedoraproject.org:koji01.stg.iad2.fedoraproject.org - tags: - - sshfs - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - - name: Put public sshfs key in place - authorized_key: user="root" - key="{{ lookup('file', '{{ private }}/files/releng/sshkeys/primary-s390x-sshfs' + '-staging.pub' if env == 'staging' else '{{ private }}/files/releng/sshkeys/primary-s390x-sshfs.pub') }}" - state=present - key_options='command="internal-sftp",from="{{ '10.16.0.28,10.16.0.26,10.16.0.27,10.1.102.21,10.1.102.22,10.1.102.23' }}",restrict' - tags: - - sshfs + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/kojipkgs.yml b/playbooks/groups/kojipkgs.yml deleted file mode 100644 index 7e149ed905..0000000000 --- a/playbooks/groups/kojipkgs.yml +++ /dev/null @@ -1,72 +0,0 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "kojipkgs" - -- name: Make the boxen be real for real - hosts: kojipkgs - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - base - - rkhunter - - nagios_client - - hosts - - ipa/client - - sudo - - collectd/base - - apache - - role: nfs/client - mnt_dir: '/mnt/fedora_koji' - nfs_src_dir: 'fedora_koji' - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive00' - nfs_src_dir: 'fedora_koji_archive00' - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive01' - nfs_src_dir: 'fedora_koji_archive01' - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive02' - nfs_src_dir: 'fedora_koji_archive02' - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive03' - nfs_src_dir: 'fedora_koji_archive03' - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive04' - nfs_src_dir: 'fedora_koji_archive04' - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive05' - nfs_src_dir: 'fedora_koji_archive05' - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive06' - nfs_src_dir: 'fedora_koji_archive06' - - role: nfs/client - mnt_dir: '/mnt/fedora_app/app' - nfs_src_dir: 'fedora_app/app' - - role: nfs/client - mnt_dir: '/pub' - nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' - - role: nfs/client - mnt_dir: '/mnt/koji/ostree' - nfs_src_dir: 'fedora_ostree_content/ostree' - mount_stg: true - when: datacenter == 'iad2' - - role: nfs/client - mnt_dir: '/mnt/koji/compose/ostree' - mount_stg: true - nfs_src_dir: 'fedora_ostree_content/compose/ostree' - when: datacenter == 'iad2' - - role: kojipkgs - - role: varnish - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/lockbox.yml b/playbooks/groups/lockbox.yml new file mode 100644 index 0000000000..d9dacc9f3d --- /dev/null +++ b/playbooks/groups/lockbox.yml @@ -0,0 +1,74 @@ +- name: make lockbox + hosts: lockbox + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: lockbox + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - denyhosts + - nagios_client + - hosts + - fas_client + - ansible-server + - sudo + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + + +- name: configure lockbox + hosts: lockbox + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: install needed packages + yum: pkg={{ item }} state=installed + with_items: + - httpd + + - name: create directories for local git repos + file: path=/srv/git/{{ item.path }} state=directory owner=root group=root mode=1775 + with_items: gitrepos + + - name: initialize git repos + command: chdir=/srv/git/{{ item.path }} creates={{ item.path }}/HEAD git init --bare + with_items: gitrepos + + - name: create ansible base working directory + file: path=/srv/ansible state=directory owner=root group=root mode=1775 + + - name: create directory for serving kickstarts + file: path=/var/www/html/ks state=directory owner=apache group=apache mode=1755 diff --git a/playbooks/groups/logdetective.yml b/playbooks/groups/logdetective.yml deleted file mode 100644 index 30245f8d0c..0000000000 --- a/playbooks/groups/logdetective.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -- name: Check/create instance - hosts: logdetective - user: root - gather_facts: false - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - import_tasks: "{{ tasks_path }}/aws_cloud.yml" - when: datacenter == 'aws' - - - import_tasks: "{{ tasks_path }}/swap.yml" - when: - - datacenter == 'aws' - - swap_file_size_mb is defined - -- name: Provision instance - hosts: logdetective - become: true - become_user: root - gather_facts: true - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - # Roles are run first, before tasks, regardless of where you place them here. - roles: - - base - - logdetective - - nagios_client diff --git a/playbooks/groups/logserver.yml b/playbooks/groups/logserver.yml deleted file mode 100644 index 33f66fc451..0000000000 --- a/playbooks/groups/logserver.yml +++ /dev/null @@ -1,106 +0,0 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "logging" - -- name: Make the box be real - hosts: logging - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - rkhunter - - nagios_client - - zabbix/zabbix_agent - - hosts - - openvpn/client - - ipa/client - - apache - - collectd/base - - collectd/server - - sudo - - web-data-analysis - - role: keytab/service - owner_user: apache - owner_group: apache - service: HTTP - host: "admin.fedoraproject.org" - when: env == "production" - # Set up for fedora-messaging - - role: rabbit/user - user_name: "logging{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.logging\.stats\..* - - logging - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - - tasks: - -# -# We exclude some dirs from restorecon on updates on logservers as they are very large -# and it takes a long long time to run restorecon over them. -# - - name: Exclude some directories from selinux relabeling on updates - ansible.builtin.copy: src="{{ files }}/logserver/fixfiles_exclude_dirs" dest=/etc/selinux/fixfiles_exclude_dirs owner=root mode=0644 - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: Cloud Image stats - hosts: log01.iad2.fedoraproject.org - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - cloudstats - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: Dole out the service-specific config - hosts: log01.iad2.fedoraproject.org - user: root - gather_facts: true - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - roles: - - role: nfs/client - mnt_dir: '/mnt/fedora_stats' - nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" - nfs_src_dir: 'fedora_stats' - - geoip - - tasks: - - name: Install needed packages - ansible.builtin.package: name={{ item }} state=present - with_items: - - httpd - - httpd-tools - - mod_ssl - - rsync - - emacs-nox - - git - - bc - - gnuplot - - mod_auth_gssapi - - - name: Set domain_can_mmap_files so collectd works - seboolean: name=domain_can_mmap_files state=yes persistent=yes diff --git a/playbooks/groups/mailman.yml b/playbooks/groups/mailman.yml index bd8398d8c2..ad2787f8ed 100644 --- a/playbooks/groups/mailman.yml +++ b/playbooks/groups/mailman.yml @@ -1,122 +1,147 @@ ---- # create a new mailman server # NOTE: make sure there is room/space for this server on the vmhost # NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "mailman:mailman_stg" - -- name: Make the box be real - hosts: mailman_stg:mailman +- name: make mailman server + hosts: mailman-stg:mailman user: root - gather_facts: true + gather_facts: False + accelerate: "{{ accelerated }}" vars_files: - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + - include: "{{ tasks }}/accelerate_prep.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: mailman-stg:mailman + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" roles: - base - rkhunter + - { role: denyhosts, when: ansible_distribution_major_version != '7' } - nagios_client - hosts - - {role: openvpn/client, - when: env != "staging"} - - ipa/client + - fas_client - collectd/base + - yum-cron - sudo - - spamassassin - - mod_wsgi - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" + tasks: + # this is how you include other task lists + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/apache.yml" + - include: "{{ tasks }}/mod_wsgi.yml" + - include: "{{ tasks }}/openvpn_client_7.yml" + when: env != "staging" handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" + - include: "{{ handlers }}/restart_services.yml" # # Database setup # -- name: Prepare setting up the database - hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org +- name: prepare setting up the database + hosts: db02.stg.phx2.fedoraproject.org:db01.phx2.fedoraproject.org gather_facts: no user: root tasks: - - name: Install psycopg2 for the postgresql ansible modules - ansible.builtin.package: name=python3-psycopg2 state=present + - name: install psycopg2 for the postgresql ansible modules + yum: pkg=python-psycopg2 state=installed tags: - packages -- name: Setup the database - hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org +- name: setup the database + hosts: db02.stg.phx2.fedoraproject.org:db01.phx2.fedoraproject.org gather_facts: no - become: yes - become_user: postgres + sudo: yes + sudo_user: postgres vars_files: - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" + - "{{ private }}/vars.yml" - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" tasks: # mailman auto-updates its schema, there can only be one admin user - - name: Mailman DB user + - name: mailman DB user postgresql_user: name=mailmanadmin password={{ mailman_mm_db_pass }} - - name: Hyperkitty DB admin user + - name: hyperkitty DB admin user postgresql_user: name=hyperkittyadmin password={{ mailman_hk_admin_db_pass }} - - name: Hyperkitty DB user + - name: hyperkitty DB user postgresql_user: name=hyperkittyapp password={{ mailman_hk_db_pass }} - - name: Databases creation + - name: kittystore DB admin user + postgresql_user: name=kittystoreadmin password={{ mailman_ks_admin_db_pass }} + - name: kittystore DB user + postgresql_user: name=kittystoreapp password={{ mailman_ks_db_pass }} + - name: databases creation postgresql_db: name={{ item }} owner="{{ item }}admin" encoding=UTF-8 with_items: - mailman - hyperkitty - - name: Test database creation + - kittystore + - name: test database creation postgresql_db: name=test_hyperkitty owner=hyperkittyadmin encoding=UTF-8 # Real MM/HK-specific work -- name: Setup mailman and hyperkitty - hosts: mailman_stg:mailman +- name: setup mailman and hyperkitty + hosts: mailman-stg:mailman user: root - gather_facts: true + gather_facts: True vars_files: - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" + - "{{ private }}/vars.yml" - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" roles: - - role: mailman3 - # Set up for fedora-messaging - - role: rabbit/user - user_name: "mailman{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.mailman\..* + - role: mailman + mailman_mm_db_pass: "{{ mailman_mm_db_pass }}" + mailman_hk_admin_db_pass: "{{ mailman_hk_admin_db_pass }}" + mailman_hk_db_pass: "{{ mailman_hk_db_pass }}" + mailman_ks_admin_db_pass: "{{ mailman_ks_admin_db_pass }}" + mailman_ks_db_pass: "{{ mailman_ks_db_pass }}" + - fedmsg/base tasks: - - name: Install more needed packages - ansible.builtin.package: - state: present - name: - - tar + - name: install more needed packages + yum: pkg={{ item }} state=installed + with_items: + - tar + - mailman # transition from mailman2.1 tags: - packages -# - name: Easy access to the postgresql databases -# ansible.builtin.template: src=$files/mailman/pgpass.j2 dest=/root/.pgpass -# owner=root group=root mode=0600 + #- name: easy access to the postgresql databases + # template: src=$files/mailman/pgpass.j2 dest=/root/.pgpass + # owner=root group=root mode=0600 - - name: Start services + - name: start services service: state=started enabled=yes name={{ item }} with_items: - httpd - mailman3 - postfix - when: inventory_hostname.startswith('mailman01.iad2') handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/maintainer-test.yml b/playbooks/groups/maintainer-test.yml deleted file mode 100644 index b5afd50123..0000000000 --- a/playbooks/groups/maintainer-test.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -- name: Setup maintainer test hosts - hosts: maintainer_test - gather_facts: true - tags: - - maintainer-test - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - base - - rkhunter - - hosts - - nagios_client - - openvpn/client - - ipa/client - - tasks: - # this is how you include other task lists - - name: Install packager tools (dnf) - dnf: state=present pkg={{ item }} - with_items: - - fedora-packager - when: ansible_distribution == 'Fedora' - tags: - - packages - - - name: Allow packagers to use mock - ansible.builtin.copy: dest=/etc/pam.d/mock src="{{ files }}/common/mock" - tags: - - config - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/mariadb-server.yml b/playbooks/groups/mariadb-server.yml deleted file mode 100644 index ef821e4b20..0000000000 --- a/playbooks/groups/mariadb-server.yml +++ /dev/null @@ -1,37 +0,0 @@ -# create a new mariadb database server system -# NOTE: should be used with --limit most of the time -# NOTE: most of these vars_path come from group_vars/backup_server or from hostvars - ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "db03.stg.iad2.fedoraproject.org:db03.iad2.fedoraproject.org" - -# Once the instance exists, configure it. - -- name: Configure mariadb server system - hosts: db03.stg.iad2.fedoraproject.org:db03.iad2.fedoraproject.org - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - rkhunter - - ipa/client - - nagios_client - - hosts - - mariadb_server - - collectd/base - - sudo - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" -# TODO: add iscsi task - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/memcached.yml b/playbooks/groups/memcached.yml index 2e95877949..55771c3d71 100644 --- a/playbooks/groups/memcached.yml +++ b/playbooks/groups/memcached.yml @@ -1,32 +1,47 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "memcached:memcached_stg" - -- name: Make the box be real - hosts: memcached:memcached_stg +- name: make memcached server + hosts: memcached user: root - gather_facts: true + gather_facts: False + accelerate: "{{ accelerated }}" vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + - include: "{{ tasks }}/accelerate_prep.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: memcached + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - rkhunter - nagios_client - - zabbix/zabbix_agent - hosts - - ipa/client + - fas_client - collectd/base - - collectd/memcached - sudo - memcached - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" + - include: "{{ handlers }}/restart_services.yml" + - include: "{{ handlers }}/semanage.yml" diff --git a/playbooks/groups/mirrorlist.yml b/playbooks/groups/mirrorlist.yml new file mode 100644 index 0000000000..1c3f471ed5 --- /dev/null +++ b/playbooks/groups/mirrorlist.yml @@ -0,0 +1,57 @@ +# create a new mirrorlist server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- name: make mirrorlist app server + hosts: mirrorlist + user: root + gather_facts: False + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: mirrorlist + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - denyhosts + - nagios_client + - geoip + - hosts + - fas_client + - collectd/base + - mirrorlist + - sudo + + tasks: + # this is how you include other task lists + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/openvpn_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/apache.yml" + - include: "{{ tasks }}/mod_wsgi.yml" + + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/nfs-servers.yml b/playbooks/groups/nfs-servers.yml deleted file mode 100644 index 7579a85234..0000000000 --- a/playbooks/groups/nfs-servers.yml +++ /dev/null @@ -1,84 +0,0 @@ -# This is a basic playbook - ---- -- name: Dole out the basic configuration - hosts: nfs_servers - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - base - - rkhunter - - hosts - - ipa/client - - nagios_client - - collectd/base - - sudo - - openvpn/client - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -## This should be in a different playbook. -- name: Deal with drive items on storinator01 - hosts: storinator01.rdu-cc.fedoraproject.org - user: root - gather_facts: true - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - name: Create top level directory - ansible.builtin.file: path=/srv/nfs state=directory owner=root group=root - tags: - - drives - - copr - - - name: Create copr-be storage - lvol: vg=VG_nfs lv=copr-be size=30t shrink=no - tags: - - drives - - copr - - - name: Create FS for copr-be - filesystem: fstype=xfs dev=/dev/VG_nfs/copr-be - tags: - - drives - - copr - - - name: Create copr-be tree directory - ansible.builtin.file: path=/srv/nfs/copr-be state=directory owner=root group=root - tags: - - drives - - copr - - - name: Mount copr-be tree directory - mount: name=/srv/nfs/copr-be src=/dev/mapper/VG_nfs-copr--be fstype=xfs state=mounted - tags: - - drives - - copr - -- name: Deal with NFS - hosts: storinator01.rdu-cc.fedoraproject.org - user: root - gather_facts: true - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - roles: - - nfs/server diff --git a/playbooks/groups/noc.yml b/playbooks/groups/noc.yml index b71fd268bc..7d27d6ad91 100644 --- a/playbooks/groups/noc.yml +++ b/playbooks/groups/noc.yml @@ -1,74 +1,71 @@ -# This is a basic playbook ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "nagios" - -- name: Make the box be real +- name: make nagios/noc server hosts: nagios user: root - gather_facts: true + gather_facts: False - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + - include: "{{ tasks }}/accelerate_prep.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: nagios + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - rkhunter + - { role: denyhosts, when: ansible_distribution_major_version != '7' } - nagios_client - hosts - - { role: openvpn/client, when: env != "staging" and datacenter != 'rdu3' } - - ipa/client + - fas_client - collectd/base - - { role: rsyncd, when: datacenter == 'iad2' or datacenter == 'rdu3' } + - { role: rsyncd, when: datacenter == 'phx2' } - sudo - - apache - # - mod_wsgi - - role: keytab/service - owner_user: apache - owner_group: apache - service: HTTP - host: "nagios{{env_suffix}}.fedoraproject.org" - when: datacenter == 'iad2' - - role: keytab/service - owner_user: apache - owner_group: apache - service: HTTP - host: "nagios-external{{env_suffix}}.fedoraproject.org" - when: datacenter == 'ibiblio' - - { role: letsencrypt, site_name: 'nagios-external.fedoraproject.org', when: inventory_hostname.startswith('noc02') } - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: Deploy service-specific config (just for production) - hosts: nagios - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - roles: - - { role: dhcp_server, when: datacenter == 'iad2' or datacenter == 'rdu3' } - - { role: tftp_server, when: datacenter == 'iad2' or datacenter == 'rdu3' } - - { role: nagios_server, when: datacenter == 'iad2' or datacenter == 'ibiblio' } tasks: - - name: Install some packages which arent in playbooks - ansible.builtin.package: - state: present - name: - - nmap - - tcpdump - - ipmitool + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/openvpn_client_7.yml" + when: env != "staging" + - include: "{{ tasks }}/apache.yml" + - include: "{{ tasks }}/mod_wsgi.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: deploy service-specific config + hosts: nagios + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/nagios.{{ inventory_hostname_short }}.yml + + handlers: + - include: "{{ handlers }}/restart_services.yml" + + roles: + - { role: dhcp_server, when: datacenter == 'phx2' } + - { role: tftp_server, when: datacenter == 'phx2' } + - nagios_server + - fedmsg/base diff --git a/playbooks/groups/notifs-backend.yml b/playbooks/groups/notifs-backend.yml new file mode 100644 index 0000000000..2df81cf49d --- /dev/null +++ b/playbooks/groups/notifs-backend.yml @@ -0,0 +1,75 @@ +# create a new notifs-backend server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- name: make notifs-backend server + hosts: notifs-backend;notifs-backend-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + - include: "{{ tasks }}/accelerate_prep.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: dole out the generic configuration + hosts: notifs-backend;notifs-backend-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - denyhosts + - nagios_client + - hosts + - fas_client + - collectd/base + - fedmsg/base + - sudo + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + # The proxies don't actually need to talk to these hosts so we won't bother + # putting them on the vpn. + #- include: "{{ tasks }}/openvpn_client.yml" + # when: env != "staging" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: dole out the service-specific config + hosts: notifs-backend;notifs-backend-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + roles: + - fedmsg/hub + - notifs/backend + - role: collectd/fedmsg-service + process: fedmsg-hub + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/notifs-web.yml b/playbooks/groups/notifs-web.yml new file mode 100644 index 0000000000..87d682e115 --- /dev/null +++ b/playbooks/groups/notifs-web.yml @@ -0,0 +1,56 @@ +# create a new notifs-web server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/notifs-web* or from hostvars + +- name: make notifs-web server + hosts: notifs-web;notifs-web-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + - include: "{{ tasks }}/accelerate_prep.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: notifs-web;notifs-web-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - denyhosts + - nagios_client + - hosts + - fas_client + - collectd/base + - fedmsg/base + - notifs/frontend + - sudo + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/openvpn_client.yml" + when: env != "staging" + - include: "{{ tasks }}/apache.yml" + - include: "{{ tasks }}/mod_wsgi.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/nuancier.yml b/playbooks/groups/nuancier.yml new file mode 100644 index 0000000000..2eac1cd970 --- /dev/null +++ b/playbooks/groups/nuancier.yml @@ -0,0 +1,150 @@ +# create a new nuancier server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/nuancier* or from hostvars + +- name: make nuancier + hosts: nuancier;nuancier-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + - include: "{{ tasks }}/accelerate_prep.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: nuancier;nuancier-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - denyhosts + - nagios_client + - hosts + - fas_client + - collectd/base + - sudo + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/openvpn_client.yml" + when: env != "staging" + - include: "{{ tasks }}/apache.yml" + - include: "{{ tasks }}/mod_wsgi.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: set up fedmsg + hosts: nuancier;nuancier-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - fedmsg/base + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: set up gluster on stg + hosts: nuancier-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - role: gluster/server + name: gluster + username: "{{ nuancier_gluster_username }}" + password: "{{ nuancier_gluster_password }}" + owner: root + group: root + datadir: /srv/glusterfs/nuancier-stg + + - role: gluster/client + name: gluster + servers: + - nuancier01.stg.phx2.fedoraproject.org + - nuancier02.stg.phx2.fedoraproject.org + username: "{{ nuancier_gluster_username }}" + password: "{{ nuancier_gluster_password }}" + owner: apache + group: root + mountdir: /var/cache/nuancier + +- name: set up gluster on prod + hosts: nuancier + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - role: gluster/server + name: gluster + username: "{{ nuancier_gluster_username }}" + password: "{{ nuancier_gluster_password }}" + owner: root + group: root + datadir: /srv/glusterfs/nuancier + + - role: gluster/client + name: gluster + servers: + - nuancier01.phx2.fedoraproject.org + - nuancier02.phx2.fedoraproject.org + username: "{{ nuancier_gluster_username }}" + password: "{{ nuancier_gluster_password }}" + owner: apache + group: root + mountdir: /var/cache/nuancier + +- name: deploy nuancier itself + hosts: nuancier;nuancier-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - nuancier + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/oci-registry.yml b/playbooks/groups/oci-registry.yml deleted file mode 100644 index 3907a80149..0000000000 --- a/playbooks/groups/oci-registry.yml +++ /dev/null @@ -1,102 +0,0 @@ -# create an osbs server ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "oci_registry:oci_registry_stg" - -- name: Make the box be real - hosts: oci_registry:oci_registry_stg - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - rkhunter - - nagios_client - - zabbix/zabbix_agent - - hosts - - { role: openvpn/client, - when: env != "staging" } - - ipa/client - - collectd/base - - rsyncd - - sudo - - role: nfs/client - mnt_dir: '/srv/registry' - nfs_src_dir: "oci_registry" - when: inventory_hostname.startswith(('oci-registry01.iad2', 'oci-registry02.iad2')) - - - role: nfs/client - mnt_dir: '/srv/registry' - nfs_src_dir: "oci_candidate_registry" - when: inventory_hostname.startswith(('oci-candidate-registry01.iad2')) - - pre_tasks: - - name: Create /srv/registry on staging since it does not use NFS - ansible.builtin.file: - path: /srv/registry - state: directory - owner: root - group: root - mode: "0755" - when: "env == 'staging'" - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: Setup docker distribution registry - hosts: oci_registry:oci_registry_stg - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - - # NOTE: tls is disabled for docker-distribution because we are listening only - # on localhost and all external connections will be through httpd which - # will be SSL enabled. - roles: - - { - role: docker-distribution, - conf_path: "/etc/docker-distribution/registry/config.yml", - tls: { - enabled: false, - }, - log: { - fields: { - service: "registry" - } - }, - storage: { - filesystem: { - rootdirectory: "/srv/registry" - } - }, - http: { - addr: ":5000" - } - } - - # Setup compose-x86-01 push docker images to registry - - { - role: login-registry, - candidate_registry: "candidate-registry.stg.fedoraproject.org", - candidate_registry_osbs_username: "{{candidate_registry_osbs_stg_username}}", - candidate_registry_osbs_password: "{{candidate_registry_osbs_stg_password}}", - when: env == "staging", - delegate_to: "compose-x86-01.{{ datacenter }}.fedoraproject.org" - } - - { - role: login-registry, - candidate_registry: "candidate-registry.fedoraproject.org", - candidate_registry_osbs_username: "{{candidate_registry_osbs_prod_username}}", - candidate_registry_osbs_password: "{{candidate_registry_osbs_prod_password}}", - when: env == "production", - delegate_to: "compose-x86-01.{{ datacenter }}.fedoraproject.org" - } diff --git a/playbooks/groups/openqa-onebox-test.yml b/playbooks/groups/openqa-onebox-test.yml deleted file mode 100644 index 21a41f19c2..0000000000 --- a/playbooks/groups/openqa-onebox-test.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -- name: Setup base openQA host - hosts: openqa_onebox_test - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - { role: base, tags: ['base'] } - - { role: rkhunter, tags: ['rkhunter'] } - - { role: nagios_client, tags: ['nagios_client'] } - - { role: hosts, tags: ['hosts']} - - ipa/client - - { role: collectd/base, tags: ['collectd_base'] } - - { role: sudo, tags: ['sudo'] } - - apache - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: Configure openQA - hosts: openqa_onebox_test - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - -# we need this box to be its own pgsql server... - roles: - - { role: postgresql_server, tags: ['postgresql_server'] } - - { role: openqa/server, tags: ['openqa_server'] } - - { role: openqa/dispatcher, tags: ['openqa_dispatcher'] } - - { role: openqa/worker, tags: ['openqa_worker'] } - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/openqa-workers.yml b/playbooks/groups/openqa-workers.yml deleted file mode 100644 index d0a38af163..0000000000 --- a/playbooks/groups/openqa-workers.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -- name: configure openQA workers - hosts: openqa_workers:openqa_lab_workers - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - { role: base, tags: ['base'] } - - { role: rkhunter, tags: ['rkhunter'] } - - { role: nagios_client, tags: ['nagios_client'] } - - { role: hosts, tags: ['hosts']} - - { role: ipa/client, tags: ['ipa_client']} - - { role: collectd/base, tags: ['collectd_base'] } - - { role: sudo, tags: ['sudo'] } - - { role: openqa/worker, tags: ['openqa_worker'] } - - { role: linux-system-roles.nbde_client, tags: ['nbde_client'], when: openqa_nbde|bool } - - apache - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/openqa.yml b/playbooks/groups/openqa.yml deleted file mode 100644 index 1acd63aad4..0000000000 --- a/playbooks/groups/openqa.yml +++ /dev/null @@ -1,214 +0,0 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "openqa:openqa_lab" - -- name: Setup base openQA host - hosts: openqa:openqa_lab - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - { role: base, tags: ['base'] } - - { role: rkhunter, tags: ['rkhunter'] } - - { role: nagios_client, tags: ['nagios_client'] } - - { role: hosts, tags: ['hosts']} - - ipa/client - - { role: collectd/base, tags: ['collectd_base'] } - - { role: sudo, tags: ['sudo'] } - - apache - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: Configure fedora-messaging queues on openQA servers - hosts: openqa:openqa_lab - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - # we must always make sure the prod user exists, as stg uses the - # prod account to listen to things on prod. **NOTE**: this is lazy - # and bad practice, but we've evaluated it and it doesn't really - # cause any significant security risk, it just means someone with - # root on openqa.stg could access the rabbitmq creds for the prod - # user and impersonate prod openqa on the message bus, which is - # not a huge deal. fixing it would be kinda tedious. - - role: rabbit/user - user_name: "{{ openqa_amqp_prod_username }}" - user_publish_only: false - user_sent_topics: ^org\.fedoraproject\.prod\.(openqa|ci)\..* - vars: - env: "production" - env_suffix: "" - tags: ['rabbit'] - - - role: rabbit/user - user_name: "{{ openqa_amqp_stg_username }}" - user_publish_only: false - user_sent_topics: ^org\.fedoraproject\.stg\.(openqa|ci)\..* - vars: - env: "staging" - env_suffix: ".stg" - tags: ['rabbit'] - when: "deployment_type == 'stg'" - - - role: rabbit/queue - queue_name: "{{ openqa_amqp_scheduler_queue }}" - queue_routing_keys: "{{ openqa_amqp_scheduler_routing_keys }}" - vars: - # yes, even the staging scheduler listens to production, it - # has to or else it wouldn't schedule any jobs - env: "production" - env_suffix: "" - tags: ['rabbit'] - - - role: rabbit/queue - queue_name: "{{ openqa_amqp_resultsdb_reporter_queue }}" - queue_routing_keys: "{{ openqa_amqp_resultsdb_reporter_routing_keys }}" - vars: - # this role does listen on stg, as it listens out for jobs - # from openqa stg - env: "{{ openqa_env }}" - env_suffix: "{{ openqa_env_suffix }}" - tags: ['rabbit'] - - - role: rabbit/queue - queue_name: "{{ openqa_amqp_wiki_reporter_queue }}" - queue_routing_keys: "{{ openqa_amqp_wiki_reporter_routing_keys }}" - vars: - # this role does listen on stg, as it listens out for jobs - # from openqa stg - env: "{{ openqa_env }}" - env_suffix: "{{ openqa_env_suffix }}" - tags: ['rabbit'] - - # relvalconsumer queue - - role: rabbit/queue - queue_name: "{{ relvalconsumer_amqp_queue }}" - vars: - # yes, even the staging relvalconsumer listens to production, - # it has to because composes don't happen in stg - env: "production" - env_suffix: "" - tags: ['rabbit'] - when: "relvalconsumer_amqp_queue is defined" - - # relvalamiconsumer queue - - role: rabbit/queue - queue_name: "{{ relvalamiconsumer_amqp_queue }}" - queue_routing_keys: "{{ relvalamiconsumer_amqp_routing_keys }}" - vars: - # yes, even the staging updater listens to production, it - # has to as we never publish fedimg.image.publish on stg - env: "production" - env_suffix: "" - tags: ['rabbit'] - when: "relvalamiconsumer_amqp_queue is defined" - - # check-compose queue - - role: rabbit/queue - queue_name: "{{ checkcompose_amqp_queue }}" - queue_routing_keys: "{{ checkcompose_amqp_routing_keys }}" - vars: - # this role does listen on stg, as it listens out for jobs - # from openqa stg - env: "{{ checkcompose_env }}" - env_suffix: "{{ checkcompose_env_suffix }}" - tags: ['rabbit'] - when: "checkcompose_amqp_queue is defined" - - # fedora_nightlies queue - - role: rabbit/queue - queue_name: "{{ fedora_nightlies_amqp_queue }}" - queue_routing_keys: "{{ fedora_nightlies_amqp_routing_keys }}" - vars: - # this role listens on prod as it listens for composes - env: "production" - env_suffix: "" - tags: ['rabbit'] - when: "fedora_nightlies_amqp_queue is defined" - -- name: Set up openQA server data NFS mounts (staging) - hosts: openqa_lab - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: nfs/client - mnt_dir: '/var/lib/openqa/testresults' - nfs_src_dir: 'fedora_openqa_lab/testresults' - nfs_mount_opts: 'rw,bg,nfsvers=3' - tags: ['nfs_client'] - - role: nfs/client - mnt_dir: '/var/lib/openqa/images' - nfs_src_dir: 'fedora_openqa_lab/images' - nfs_mount_opts: 'rw,bg,nfsvers=3' - tags: ['nfs_client'] - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: Set up openQA server data NFS mounts (prod) - hosts: openqa - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: nfs/client - mnt_dir: '/var/lib/openqa/testresults' - nfs_src_dir: 'fedora_openqa/testresults' - nfs_mount_opts: 'rw,bg,nfsvers=3' - tags: ['nfs_client'] - - role: nfs/client - mnt_dir: '/var/lib/openqa/images' - nfs_src_dir: 'fedora_openqa/images' - nfs_mount_opts: 'rw,bg,nfsvers=3' - tags: ['nfs_client'] - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: Configure openQA - hosts: openqa:openqa_lab - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - -# relvalconsumer isn't particularly related to openQA in any way, we -# just put that role on these boxes. There's nowhere more obviously -# correct for it, really. Ditto fedora_nightlies and testcase_stats - roles: - - { role: openqa/server, tags: ['openqa_server'] } - - { role: openqa/dispatcher, tags: ['openqa_dispatcher'] } - - { role: check-compose, tags: ['check-compose'], when: "checkcompose_amqp_queue is defined" } - - { role: relvalconsumer, tags: ['relvalconsumer'], when: "relvalconsumer_amqp_queue is defined" } - - { role: fedora_nightlies, tags: ['fedora_nightlies'], when: "fedora_nightlies_amqp_queue is defined" } - - { role: testcase_stats, tags: ['testcase_stats'], when: "testcase_stats_output_dir is defined" } - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/os-control.yml b/playbooks/groups/os-control.yml deleted file mode 100644 index 392ff21c52..0000000000 --- a/playbooks/groups/os-control.yml +++ /dev/null @@ -1,77 +0,0 @@ -# This is a basic playbook ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "os_control:os_control_stg" - -- name: Make the box be real - hosts: os_control:os_control_stg - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - rkhunter - - nagios_client - - hosts - - ipa/client - - rsyncd - - sudo - - tasks: - - - name: Install unzip - ansible.builtin.package: - name: unzip - state: present - - - name: Install tar - ansible.builtin.package: - name: tar - state: present - - - name: Create the directories to hold the templates - ansible.builtin.file: - path: "/etc/openshift_apps" - state: directory - owner: root - group: root - mode: "0770" - - - name: Install helm if not exists - unarchive: - src: https://get.helm.sh/helm-v3.17.0-linux-amd64.tar.gz - dest: /usr/local/bin - extra_opts: "--strip-components=1" - owner: root - group: root - mode: 0755 - remote_src: true - args: - creates: /usr/local/bin/helm - - - name: Copy oc rpm - ansible.builtin.copy: - src: /srv/web/infra/bigfiles/openshiftboot/oc-client/oc-client.rpm - dest: /root/oc-client.rpm - - - name: Make sure oc-client is installed - dnf: - name: /root/oc-client.rpm - state: installed - - - name: Copy the jobs-summary script - ansible.builtin.copy: - src: "{{ files }}/scripts/jobs-summary" - dest: /usr/local/bin/jobs-summary - mode: "0755" - - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/os-proxies.yml b/playbooks/groups/os-proxies.yml deleted file mode 100644 index 7f081a5d84..0000000000 --- a/playbooks/groups/os-proxies.yml +++ /dev/null @@ -1,41 +0,0 @@ -# create a new proxy server - ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "os_proxies" - -- name: Make the box be real - hosts: os_proxies - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - base - - ipa/client - - rkhunter - - nagios_client - - sudo - - keepalived - - tasks: - - name: install haproxy - ansible.builtin.package: name=haproxy state=present - - - name: Install haproxy config - ansible.builtin.copy: src="{{ files }}/communishift/haproxy.cfg" dest=/etc/haproxy/haproxy.cfg - - - name: Turn on certain selinux booleans so haproxy can bind to ports - seboolean: name=haproxy_connect_any state=true persistent=true - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/packages.yml b/playbooks/groups/packages.yml new file mode 100644 index 0000000000..569d80cd1a --- /dev/null +++ b/playbooks/groups/packages.yml @@ -0,0 +1,123 @@ +# create a new packages server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/packages* or from hostvars + +- name: make packages server + hosts: packages;packages-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + - include: "{{ tasks }}/accelerate_prep.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: packages;packages-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - denyhosts + - nagios_client + - hosts + - fas_client + - collectd/base + - rsyncd + - sudo + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/openvpn_client.yml" + when: env != "staging" + - include: "{{ tasks }}/apache.yml" + - include: "{{ tasks }}/mod_wsgi.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: set up gluster server on prod + hosts: packages + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - role: gluster/server + name: gluster + username: "{{ packagesglusterusername }}" + password: "{{ packagesglusterpassword }}" + owner: root + group: root + datadir: /srv/glusterfs/packages + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: set up gluster client on prod + hosts: packages + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - role: gluster/client + name: gluster + servers: + - packages03.phx2.fedoraproject.org + - packages04.phx2.fedoraproject.org + username: "{{ packagesglusterusername }}" + password: "{{ packagesglusterpassword }}" + owner: apache + group: apache + mountdir: /var/cache/fedoracommunity + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: dole out the service specific config + hosts: packages;packages-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - fedmsg/base + - packages + - collectd/fcomm-queue + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/pagure.yml b/playbooks/groups/pagure.yml deleted file mode 100644 index 6a6549b4bc..0000000000 --- a/playbooks/groups/pagure.yml +++ /dev/null @@ -1,77 +0,0 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "pagure:pagure_stg" - -- name: Make the boxen be real for real - hosts: pagure:pagure_stg - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - rkhunter - - nagios_client - - zabbix/zabbix_agent - - hosts - - openvpn/client - - ipa/client - - sudo - - collectd/base - - postgresql_server - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: Deploy pagure itself - hosts: pagure:pagure_stg - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - "{{ vars_path }}/{{ ansible_distribution }}.yml" - - roles: - - # - # use letsencrypt to get ssl certs - # - - role: letsencrypt - site_name: "stg.pagure.io" - certbot_bundlehost: pagure-stg01.fedoraproject.org - server_aliases: - - stg.pagure.io - - docs.stg.pagure.org - - releases.stg.pagure.org - - stg.pagure.org - tags: - - pagure.io - when: env == "staging" - - - role: letsencrypt - site_name: "pagure.io" - certbot_bundlehost: pagure02.fedoraproject.org - server_aliases: - - docs.pagure.org - - lists.pagure.io - - pagure.org - - releases.pagure.org - - www.pagure.io - tags: - - pagure.io - when: env != "staging" - - - pagure - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/paste.yml b/playbooks/groups/paste.yml new file mode 100644 index 0000000000..611b3d4954 --- /dev/null +++ b/playbooks/groups/paste.yml @@ -0,0 +1,51 @@ +- name: make paste + hosts: paste-stg:paste + user: root + gather_facts: False + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + - include: "{{ tasks }}/accelerate_prep.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: paste-stg:paste + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - denyhosts + - nagios_client + - hosts + - fas_client + - collectd/base + - paste + - rsyncd + - sudo + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/openvpn_client.yml" + when: env != "staging" + - include: "{{ tasks }}/apache.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/people.yml b/playbooks/groups/people.yml deleted file mode 100644 index 0eba7ebe94..0000000000 --- a/playbooks/groups/people.yml +++ /dev/null @@ -1,88 +0,0 @@ ---- -# Create a people server -# -# -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "people" - -- name: Make the box be real - hosts: people - user: root - gather_facts: yes - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - - name: Mount project volume - mount: > - name=/project - src=/dev/mapper/vg_vm-project - fstype=xfs - opts="noatime,noexec,nosuid,nodev" - passno=0 - dump=0 - state=mounted - tags: - - mount - - - name: Mount srv volume - mount: > - name=/srv - src=/dev/mapper/vg_vm-srv - fstype=xfs - opts="usrquota,gqnoenforce,noatime,noexec,nosuid,nodev" - passno=0 - dump=0 - state=mounted - tags: - - mount - - - name: Create /srv/home directory - ansible.builtin.file: path=/srv/home state=directory owner=root group=root - - - name: Bind mount home volume - mount: > - name=/home - src=/srv/home - fstype=none - opts=bind - passno=0 - dump=0 - state=mounted - tags: - - mount - - roles: - - base - - collectd/base - - role: openvpn/client - when: env != "staging" - - ipa/client - - hosts - - nagios_client - - rkhunter - - rsyncd - - sudo - - cgit/base - - cgit/clean_lock_cron - - cgit/make_pkgs_list - - clamav - - git/server - - - role: apache - - - role: httpd/certificate - certname: wildcard-2024.fedorapeople.org - SSLCertificateChainFile: wildcard-2024.fedorapeople.org.intermediate.cert - - - people - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/pkgdb.yml b/playbooks/groups/pkgdb.yml new file mode 100644 index 0000000000..4bc0ab3c53 --- /dev/null +++ b/playbooks/groups/pkgdb.yml @@ -0,0 +1,88 @@ +# create a new pkgdb server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/pkgdb* or from hostvars + +- name: make pkgdb + hosts: pkgdb-stg;pkgdb + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + - include: "{{ tasks }}/accelerate_prep.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: pkgdb-stg;pkgdb + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - denyhosts + - nagios_client + - hosts + - fas_client + - collectd/base + - sudo + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/openvpn_client.yml" + when: env != "staging" + - include: "{{ tasks }}/apache.yml" + - include: "{{ tasks }}/mod_wsgi.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: set up fedmsg on pkgdb + hosts: pkgdb-stg;pkgdb + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - fedmsg/base + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: deploy pkgdb itself + hosts: pkgdb-stg;pkgdb + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - pkgdb2 + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/pkgs.yml b/playbooks/groups/pkgs.yml deleted file mode 100644 index e457dce7ab..0000000000 --- a/playbooks/groups/pkgs.yml +++ /dev/null @@ -1,99 +0,0 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "pkgs_stg:pkgs" - -- name: Make the box be real - hosts: pkgs_stg:pkgs - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - hosts - - rkhunter - - nagios_client - - zabbix/zabbix_agent - - ipa/client - - collectd/base - - sudo - - apache - - tasks: - - name: Copy keytab - ansible.builtin.copy: src={{private}}/files/keytabs/{{env}}/pkgs - dest=/etc/httpd.keytab - owner=apache group=apache mode=0600 - tags: - - krb5 - - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: Setup users on pkgs - hosts: pkgs_stg:pkgs - user: root - gather_facts: true - - tasks: - - name: Setup pagure user - tags: pagure-user - user: - name: pagure - uid: "{{ pagure_static_uid }}" - shell: /sbin/nologin - comment: "Pagure User" - when: env == "staging" - ## The above should be deleted when we rebuild pkgs02 in future. - -- name: Setup dist-git on the box - hosts: pkgs_stg:pkgs - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - {role: git/make_checkout_seed, when: env != "staging"} - - git/hooks - - git/checks - - clamav - - { - role: nfs/client, - when: env != "staging", - mnt_dir: '/srv/cache/lookaside', - nfs_src_dir: - 'fedora_sourcecache', - nfs_mount_opts='rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3' # yamllint disable-line rule:commas rule:indentation - } - - { - role: nfs/client, - when: env == "staging" and inventory_hostname.startswith('pkgs01'), - mount_stg: true, - mnt_dir: '/srv/cache/lookaside_prod', - nfs_src_dir: - 'fedora_sourcecache', - nfs_mount_opts='ro,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3' # yamllint disable-line rule:commas rule:indentation - } - - role: distgit/pagure - - role: distgit - tags: distgit - - {role: hosts, when: env == "staging"} - # Set up for fedora-messaging - - role: rabbit/user - user_name: "pagure{{ env_suffix }}" - user_sent_topics: - ^(io\.pagure\.{{ env_short }}|org\.fedoraproject\.{{ env_short }}\.(pagure|git|logger))\..* - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/postgresl-server.yml b/playbooks/groups/postgresl-server.yml new file mode 100644 index 0000000000..55397798a0 --- /dev/null +++ b/playbooks/groups/postgresl-server.yml @@ -0,0 +1,55 @@ +# create a new database server system +# NOTE: should be used with --limit most of the time +# NOTE: most of these vars_path come from group_vars/backup_server or from hostvars + +- name: make postgresql-server instance + hosts: db-datanommer01.phx2.fedoraproject.org:db-qa01.qa.fedoraproject.org + user: root + gather_facts: False + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +# Once the instance exists, configure it. + +- name: configure postgresql server system + hosts: db-datanommer01.phx2.fedoraproject.org:db-qa01.qa.fedoraproject.org + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - denyhosts + - nagios_client + - hosts + - fas_client + - postgresql_server + - collectd/base + - collectd/postgres # This requires a 'databases' var to be set in host_vars + - sudo + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + +# TODO: add iscsi task + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/postgresql-server.yml b/playbooks/groups/postgresql-server.yml deleted file mode 100644 index ae9edd8a65..0000000000 --- a/playbooks/groups/postgresql-server.yml +++ /dev/null @@ -1,41 +0,0 @@ -# create a new database server system -# NOTE: should be used with --limit most of the time -# NOTE: most of these vars_path come from group_vars/backup_server or from hostvars - ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "db-fas01.stg.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org:db-koji01.stg.iad2.fedoraproject.org:db-fas01.iad2.fedoraproject.org:db01.iad2.fedoraproject.org:db-koji01.iad2.fedoraproject.org:db-openqa01.iad2.fedoraproject.org:db-datanommer01.stg.iad2.fedoraproject.org:db-datanommer02.iad2.fedoraproject.org:db-riscv-koji01.iad2.fedoraproject.org" - -# Once the instance exists, configure it. - -- name: Configure postgresql server system - hosts: db-fas01.stg.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org:db-koji01.stg.iad2.fedoraproject.org:db-fas01.iad2.fedoraproject.org:db01.iad2.fedoraproject.org:db-koji01.iad2.fedoraproject.org:db-openqa01.iad2.fedoraproject.org:db-datanommer01.stg.iad2.fedoraproject.org:db-datanommer02.iad2.fedoraproject.org:db-riscv-koji01.iad2.fedoraproject.org - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - base - - rkhunter - - ipa/client - - nagios_client - - zabbix/zabbix_agent - - hosts - - postgresql_server - - collectd/base - - collectd/postgres # This requires a 'databases' var to be set in host_vars - - sudo - -# TODO: add iscsi task - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/proxies.yml b/playbooks/groups/proxies.yml deleted file mode 100644 index 986ab686d6..0000000000 --- a/playbooks/groups/proxies.yml +++ /dev/null @@ -1,156 +0,0 @@ -# create a new proxy server - ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "proxies:proxies_stg:!proxy05.fedoraproject.org:!cloud_aws" - -- name: Make the box be real - hosts: proxies_stg:proxies - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - base - - {role: openvpn/client, - when: env != "staging"} - - ipa/client - - rkhunter - - nagios_client - - zabbix/zabbix_agent - - zabbix/zabbix_templates - - collectd/base - - sudo - - rsyncd - - {role: mirrormanager/mirrorlist_proxy, - when: env == "staging" or "'mirrorlist_proxy' in group_names"} - - apache -# when: env == "staging" - - tasks: - - # You might think we would want these tasks_path on the proxy nodes, but they - # actually deliver a configuration that our proxy-specific roles below then go - # and overwrite... so, let's just leave them out. - # - import_tasks: "{{ tasks_path }}/apache.yml" - # - import_tasks: "{{ tasks_path }}/mod_wsgi.yml" - - - name: Ensure nf_conntrack module is loaded before tuning ip_conntrack_max - ansible.builtin.copy: - content: | - nf_conntrack - dest: /etc/modules-load.d/nf_conntrack.conf - owner: root - group: root - mode: "0644" - - - name: Set ip_conntrack_max to a high value as the proxies deal with lots of connections - sysctl: name=net.nf_conntrack_max value=26214400 state=present sysctl_set=yes reload=yes - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - - # TODO - # - # - fedora-web::build (bapp0*) - # - fedora-docs::build (bapp0*) - # - review-stats::build (bapp0*) - # - ## TBD - # - sysctl ip_conntrack_max bits - do we still need this on rhel9 or fedora? - # - semanage ports.. we're likely going to need one for every app. - # - sebooleans.. let's try running first, see what gets blocked, and then - # selectively enable where semanage port fails - # - ## Not going to do - # - smolt::proxy -- note going to do this. smolt is dead. long live smolt. - # - domainnotarget stuff - only smolt used this - - -- name: Set up the proxy basics - hosts: proxies_stg:proxies - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - pre_tasks: - - roles: - - httpd/mod_ssl - - httpd/proxy - - varnish - # - # Re-run hosts here so things are ok for the haproxy check - # - - hosts - - tasks: - -# After setting up the "basics" of the proxy hosts above, here below we break -# out the proxy-specific configuration into a couple different sub-playbooks. -# Othewise, this file would be unbearably long. - -- import_playbook: /srv/web/infra/ansible/playbooks/include/proxies-certificates.yml -- import_playbook: /srv/web/infra/ansible/playbooks/include/proxies-websites.yml -- import_playbook: /srv/web/infra/ansible/playbooks/include/proxies-fedorahosted.yml -- import_playbook: /srv/web/infra/ansible/playbooks/include/proxies-fedora-web.yml -- import_playbook: /srv/web/infra/ansible/playbooks/include/proxies-haproxy.yml -- import_playbook: /srv/web/infra/ansible/playbooks/include/proxies-reverseproxy.yml -- import_playbook: /srv/web/infra/ansible/playbooks/include/proxies-rewrites.yml -- import_playbook: /srv/web/infra/ansible/playbooks/include/proxies-redirects.yml -- import_playbook: /srv/web/infra/ansible/playbooks/include/proxies-miscellaneous.yml - -- name: Make sure we are deployed fully - hosts: proxies_stg:proxies - strategy: free - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - pre_tasks: - # - # If this is an initial deployment, we need the initial ticketkey - # If it's not, doesn't hurt to copy it over again - # - - name: Deploy ticket key - ansible.builtin.copy: src=/root/ticketkey_{{env}}.tkey dest=/etc/httpd/ticketkey_{{env}}.tkey - owner=root group=root mode=0600 - notify: - - Reload proxyhttpd - - # - # If this is an initial deployment, make sure docs are synced over. - # Do not count these as changed ever - # - - name: Make sure docs are synced. This could take a very very very logtime to finish - ansible.builtin.shell: /usr/local/bin/lock-wrapper docs-sync "/usr/local/bin/docs-rsync" >& /dev/null - changed_when: false - ignore_errors: true - - - name: Make sure selinux contexts are right on srv - ansible.builtin.command: restorecon -R /srv - changed_when: false diff --git a/playbooks/groups/rabbitmq.yml b/playbooks/groups/rabbitmq.yml deleted file mode 100644 index 3c15690b9e..0000000000 --- a/playbooks/groups/rabbitmq.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "rabbitmq:rabbitmq_stg" - -- name: Make the box be real - hosts: rabbitmq:rabbitmq_stg - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - base - - rkhunter - - nagios_client - - zabbix/zabbix_agent - - zabbix/zabbix_templates - - hosts - - ipa/client - - collectd/base - # RabbitMQ statistics are cluster-wide, only collect them on one member - - role: collectd/rabbitmq - when: inventory_hostname.startswith('rabbitmq03.iad2') - - rsyncd - - sudo - - rabbitmq_cluster - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/releng-compose.yml b/playbooks/groups/releng-compose.yml deleted file mode 100644 index 9a0042c4aa..0000000000 --- a/playbooks/groups/releng-compose.yml +++ /dev/null @@ -1,261 +0,0 @@ -# create a new releng system -# NOTE: should be used with --limit most of the time -# NOTE: make sure there is room/space for this instance on the buildvmhost -# NOTE: most of these vars_path come from group_vars/releng or from hostvars - ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "releng_compose:releng_compose_stg:releng_compose_eln:releng_compose_riscv" - -- name: Setup releng compose hosts - hosts: releng_compose:releng_compose_stg:releng_compose_eln:releng_compose_riscv - user: root - gather_facts: true - tags: - - releng-compose - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/web/infra/ansible/vars/all/00-FedoraCycleNumber.yaml" - - "/srv/web/infra/ansible/vars/all/FedoraBranched.yaml" - - "/srv/web/infra/ansible/vars/all/FedoraBranchedNumber.yaml" - - "/srv/web/infra/ansible/vars/all/FedoraPreviousCycleNumber.yaml" - - "/srv/web/infra/ansible/vars/all/FedoraPreviousPrevious.yaml" - - "/srv/web/infra/ansible/vars/all/FedoraPreviousPreviousCycleNumber.yaml" - - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - base - - hosts - - ipa/client - - rkhunter - - nagios_client - - zabbix/zabbix_agent - - zabbix/zabbix_templates - - collectd/base - - sudo - - role: keytab/service - service: compose - host: "compose-x86-01.stg.iad2.fedoraproject.org" - when: env == "staging" - - role: keytab/service - service: compose - host: "koji{{env_suffix}}.fedoraproject.org" - owner_group: releng-team - when: env == "staging" or koji_instance == "primary" - - role: keytab/service - service: compose - host: "riscv-koji.fedoraproject.org" - owner_group: sysadmin-riscv - when: koji_instance == "secondary" - - role: keytab/service - service: mash - host: "koji{{env_suffix}}.fedoraproject.org" - when: env == "staging" or koji_instance == "primary" - - role: releng - tags: - - releng - -# production composer nfs mounts - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji' - nfs_src_dir: "{{ koji_hub_nfs }}" - when: "'releng_compose' or 'releng_compose_eln' in group_names" - - role: nfs/client - mnt_dir: '/mnt/koji/ostree' - nfs_src_dir: 'fedora_ostree_content/ostree' - when: "'releng_compose' in group_names" - - role: nfs/client - mnt_dir: '/mnt/koji/compose/ostree' - nfs_src_dir: 'fedora_ostree_content/compose/ostree' - when: "'releng_compose' in group_names" - - role: nfs/client - mnt_dir: '/mnt/koji/ostree' - nfs_src_dir: 'fedora_ostree_content/ostree' - when: "'releng_compose' in group_names" - - role: nfs/client - mnt_dir: '/mnt/koji/compose/ostree' - nfs_src_dir: 'fedora_ostree_content/compose/ostree' - when: "'releng_compose' in group_names" - - role: nfs/client - mnt_dir: '/pub' - nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' - when: "'releng_compose' in group_names and koji_instance != 'secondary'" - - role: nfs/client - mnt_dir: '/mnt/fedora_riscv_koji' - nfs_src_dir: "{{ koji_hub_nfs }}" - when: "'releng_compose_riscv' in group_names" - -# staging composer nfs mounts - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji_prod' - nfs_src_dir: "{{ koji_hub_nfs }}" - mount_stg: true - nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" - when: "'releng_compose_stg' in group_names" - - role: nfs/client - mnt_dir: '/mnt/fedora_koji_prod/koji/ostree' - nfs_src_dir: 'fedora_ostree_content/ostree' - mount_stg: true - nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" - when: "'releng_compose_stg' in group_names" - - role: nfs/client - mnt_dir: '/mnt/fedora_koji_prod/koji/compose/ostree' - nfs_src_dir: 'fedora_ostree_content/compose/ostree' - mount_stg: true - nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" - when: "'releng_compose_stg' in group_names" - - - role: nfs/client - mnt_dir: '/srv/fedora_ftp_archive' - nfs_src_dir: 'fedora_ftp_archive' - when: inventory_hostname.startswith('compose-rawhide') -# -# mount archive volumes on composer so we can run the archiving script there. -# - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive00' - nfs_src_dir: '/fedora_koji_archive00' - when: "'releng_compose' in group_names" - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive01' - nfs_src_dir: '/fedora_koji_archive01' - when: "'releng_compose' in group_names" - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive02' - nfs_src_dir: '/fedora_koji_archive02' - when: "'releng_compose' in group_names" - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive03' - nfs_src_dir: '/fedora_koji_archive03' - when: "'releng_compose' in group_names" - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive04' - nfs_src_dir: '/fedora_koji_archive04' - when: "'releng_compose' in group_names" - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive05' - nfs_src_dir: '/fedora_koji_archive05' - when: "'releng_compose' in group_names" - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive06' - nfs_src_dir: '/fedora_koji_archive06' - when: "'releng_compose' in group_names" - - - role: rabbit/user - user_name: "pungi{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(pungi|compose|logger)\..* - when: koji_instance == "production" or env == "staging" - - - { - role: "push-container-registry", - cert_dest_dir: "/etc/docker/certs.d/registry.stg.fedoraproject.org", - cert_src: "{{private}}/files/docker-registry/staging/pki/issued/containerstable.crt", - key_src: "{{private}}/files/docker-registry/staging/pki/private/containerstable.key", - when: env == "staging" - } - - { - role: "push-container-registry", - cert_dest_dir: "/etc/docker/certs.d/registry.fedoraproject.org", - cert_src: "{{private}}/files/docker-registry/{{env}}/pki/issued/containerstable.crt", - key_src: "{{private}}/files/docker-registry/{{env}}/pki/private/containerstable.key", - when: env == "production" - } - - { - role: login-registry, - candidate_registry: "candidate-registry.stg.fedoraproject.org", - candidate_registry_osbs_username: "{{candidate_registry_osbs_stg_username}}", - candidate_registry_osbs_password: "{{candidate_registry_osbs_stg_password}}", - when: env == "staging" - } - - { - role: login-registry, - candidate_registry: "candidate-registry.fedoraproject.org", - candidate_registry_osbs_username: "{{candidate_registry_osbs_prod_username}}", - candidate_registry_osbs_password: "{{candidate_registry_osbs_prod_password}}", - when: env == "production" - } - - { - role: login-registry, - candidate_registry: "quay.io", - candidate_registry_osbs_username: "{{quay_io_username}}", - candidate_registry_osbs_password: "{{quay_io_password}}", - when: env == "production" - } - - - tasks: - # this is how you include other task lists - - name: install skopeo and buildah for container management - ansible.builtin.package: - name: - - skopeo - - buildah - tags: - - containerrebuild - - - name: Install ansible for container automated rebuilds - ansible.builtin.package: - name: - - ansible - - python3-dockerfile-parse - tags: - - containerrebuild - - - name: Set releng user keytab - ansible.builtin.copy: - src: "{{private}}/files/keytabs/{{env}}/releng" - dest: /etc/krb5.releng.keytab - owner: root - group: "releng-team" - mode: "0640" - tags: - - containerrebuild - - - name: Copy releng ssh key for rebuild fedpkg/distgit pushes - ansible.builtin.copy: - src: "{{private}}/files/releng/sshkeys/container-rebuild-{{env}}" - dest: /etc/pki/releng - owner: root - group: "releng-team" - mode: "0600" - tags: - - containerrebuild - - - name: Place relengpush script for automatic rebuilds - ansible.builtin.copy: - src: "{{files}}/releng/relengpush" - dest: "/usr/local/bin/relengpush" - owner: root - group: "releng-team" - mode: "0750" - tags: - - containerrebuild - - - name: Place relengpush int script for automatic rebuilds - ansible.builtin.copy: - src: "{{files}}/releng/relengpush-int" - dest: "/usr/local/bin/relengpush-int" - owner: root - group: "releng-team" - mode: "0750" - tags: - - containerrebuild - - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/resultsdb-dev.yml b/playbooks/groups/resultsdb-dev.yml new file mode 100644 index 0000000000..33dac1c069 --- /dev/null +++ b/playbooks/groups/resultsdb-dev.yml @@ -0,0 +1,71 @@ +--- +# create a new resultsdb dev server +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- name: make resultsdb staging + hosts: resultsdb-dev + user: root + gather_facts: False + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: resultsdb-dev + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: base, tags:['base'] } + - { role: rkhunter, tags:['rkhunter'] } + - { role: nagios_client, tags:['nagios_client'] } + - hosts + - { role: fas_client, tags:['fas_client'] } + - { role: collectd/base, tags:['collectd_base'] } + - { role: yum-cron, tags:['yumcron'] } + - { role: sudo, tags:['sudo'] } + + tasks: + # this is how you include other task lists + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/apache.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: configure resultsdb + hosts: resultsdb-dev + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: taskotron/resultsdb-backend, tags: ['resultsdb-be'] } + - { role: taskotron/resultsdb-frontend, tags: ['resultsdb-fe'] } + + handlers: + - include: "{{ handlers }}/restart_services.yml" + diff --git a/playbooks/groups/resultsdb-prod.yml b/playbooks/groups/resultsdb-prod.yml new file mode 100644 index 0000000000..ed0923ec73 --- /dev/null +++ b/playbooks/groups/resultsdb-prod.yml @@ -0,0 +1,72 @@ +--- +# create a new resultsdb production server +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- name: make resultsdb production + hosts: resultsdb-prod + user: root + gather_facts: False + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: resultsdb-prod + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: base, tags:['base'] } + - { role: rkhunter, tags:['rkhunter'] } + - { role: nagios_client, tags:['nagios_client'] } + - hosts + - { role: fas_client, tags:['fas_client'] } + - { role: collectd/base, tags:['collectd_base'] } + - { role: yum-cron, tags:['yumcron'] } + - { role: sudo, tags:['sudo'] } + + tasks: + # this is how you include other task lists + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/apache.yml" + - include: "{{ tasks }}/openvpn_client_7.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: configure resultsdb production + hosts: resultsdb-prod + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: taskotron/resultsdb-backend, tags: ['resultsdb-be'] } + - { role: taskotron/resultsdb-frontend, tags: ['resultsdb-fe'] } + + handlers: + - include: "{{ handlers }}/restart_services.yml" + diff --git a/playbooks/groups/resultsdb-stg.yml b/playbooks/groups/resultsdb-stg.yml new file mode 100644 index 0000000000..c4fc52cf09 --- /dev/null +++ b/playbooks/groups/resultsdb-stg.yml @@ -0,0 +1,55 @@ +--- +# create a new resultsdb staging server +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- name: make resultsdb staging + hosts: resultsdb-stg + user: root + gather_facts: False + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: resultsdb-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: base, tags:['base'] } + - { role: rkhunter, tags:['rkhunter'] } + - { role: nagios_client, tags:['nagios_client'] } + - hosts + - { role: fas_client, tags:['fas_client'] } + - { role: collectd/base, tags:['collectd_base'] } + - { role: yum-cron, tags:['yumcron'] } + - { role: sudo, tags:['sudo'] } + - { role: taskotron/resultsdb-backend, tags: ['resultsdb-be'] } + - { role: taskotron/resultsdb-frontend, tags: ['resultsdb-fe'] } + + tasks: + # this is how you include other task lists + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + + diff --git a/playbooks/groups/retrace.yml b/playbooks/groups/retrace.yml deleted file mode 100644 index 95e0ea5493..0000000000 --- a/playbooks/groups/retrace.yml +++ /dev/null @@ -1,127 +0,0 @@ ---- -- name: AWS setup - hosts: retrace_stg_aws - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "{{ private }}/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - import_tasks: "{{ tasks_path }}/aws_cloud.yml" - - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" - - -# fedora-messaging setup -- name: Setup RabbitMQ - hosts: rabbitmq[0]:rabbitmq_stg[0] - user: root - gather_facts: false - tags: rabbitmq - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: rabbit/queue - queue_username: "faf{{ env_suffix }}" - queue_name: faf - queue_routing_keys: - - "org.fedoraproject.*.faf.report.threshold1" - - "org.fedoraproject.*.faf.report.threshold10" - - "org.fedoraproject.*.faf.report.threshold100" - - "org.fedoraproject.*.faf.report.threshold1000" - - "org.fedoraproject.*.faf.report.threshold1000" - - "org.fedoraproject.*.faf.report.threshold10000" - - "org.fedoraproject.*.faf.report.threshold100000" - - "org.fedoraproject.*.faf.report.threshold1000000" - - "org.fedoraproject.*.faf.problem.threshold1" - - "org.fedoraproject.*.faf.problem.threshold10" - - "org.fedoraproject.*.faf.problem.threshold100" - - "org.fedoraproject.*.faf.problem.threshold1000" - - "org.fedoraproject.*.faf.problem.threshold1000" - - "org.fedoraproject.*.faf.problem.threshold10000" - - "org.fedoraproject.*.faf.problem.threshold100000" - - "org.fedoraproject.*.faf.problem.threshold1000000" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.faf\..* - -- name: Setup retrace hosts - hosts: retrace,retrace_stg - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "{{ private }}/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - when: datacenter != 'aws' - - tasks: - - import_role: name=base - - import_role: name=hosts - - import_role: name=openvpn/client - - import_role: name=ipa/client - when: env != 'staging' - - import_role: name=rkhunter - - import_role: name=nagios_client - - import_role: name=sudo - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: Setup FAF server - hosts: retrace,retrace_stg - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "{{ private }}/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - import_role: name=abrt/faf-pre - - import_role: name=abrt/faf - vars: - faf_web_on_root: false - faf_admin_mail: msuchy@redhat.com - faf_web_openid_privileged_teams: "provenpackager,proventesters" - faf_web_secret_key: "{{fedora_faf_web_secret_key}}" - faf_spool_dir: /srv/faf/ - - import_role: name=abrt/faf-post - -- name: Setup retrace server - hosts: retrace,retrace_stg - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "{{ private }}/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - import_role: name=abrt/retrace-pre - - import_role: name=abrt/retrace - vars: - rs_require_gpg_check: false - rs_max_parallel_tasks: 12 - rs_max_packed_size: 1024 - rs_max_unpacked_size: 1280 - rs_min_storage_left: 1280 - rs_delete_task_after: 8 - rs_delete_failed_task_after: 1 - rs_repo_dir: /srv/retrace/repos - rs_save_dir: /srv/retrace/tasks - rs_faf_link_dir: /srv/retrace/hardlink-local - hostname: "{{ public_hostname }}" - faf_spool_dir: /srv/faf - faf_fedmsg_ca_cert: /etc/fedora-messaging/faf/ca.crt - faf_fedmsg_keyfile: /etc/fedora-messaging/faf/faf.key - faf_fedmsg_certfile: /etc/fedora-messaging/faf/faf.crt - - import_role: name=abrt/retrace-post diff --git a/playbooks/groups/secondary.yml b/playbooks/groups/secondary.yml deleted file mode 100644 index d12b8ab02c..0000000000 --- a/playbooks/groups/secondary.yml +++ /dev/null @@ -1,91 +0,0 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "secondary" - -- name: Setup secondary arch download server - hosts: secondary - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" - - roles: - - base - - rkhunter - - nagios_client - - hosts - - ipa/client - - collectd/base - - download - - rsyncd - - sudo - - { role: nfs/client, - mnt_dir: '/srv/pub/archive', - nfs_src_dir: 'fedora_ftp_archive' } - - { role: nfs/client, - mnt_dir: '/srv/pub/alt', - nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3", - nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub/alt' } - - { role: nfs/client, - mnt_dir: '/srv/pub/fedora-secondary', - nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3", - nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub/fedora-secondary' } - - - role: apache - - - role: httpd/mod_ssl - - - role: httpd/certificate - certname: "{{wildcard_cert_name}}" - SSLCertificateChainFile: "{{wildcard_int_file}}" - - - role: httpd/website - vars: - - site_name: secondary.fedoraproject.org - - cert_name: "{{wildcard_cert_name}}" - server_aliases: - - archive.fedoraproject.org - - archives.fedoraproject.org - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - tasks: - - name: Install some misc packages needed for various tasks - ansible.builtin.package: - state: present - name: - - createrepo - - koji - - python3-productmd - - isomd5sum - - - name: Add create-filelist script from quick-fedora-mirror - ansible.builtin.copy: src="{{ files }}/scripts/create-filelist.py2" dest=/usr/local/bin/create-filelist mode=0755 - - - name: Add cron script to update fullfiletimelist - ansible.builtin.copy: src="{{ files }}/scripts/update-fullfiletimelist" dest=/usr/local/bin/update-fullfiletimelist mode=0755 - - - name: Add cron script to prune old logs at /srv/pub/alt/linuxsystemroles/logs - ansible.builtin.copy: src="{{ files }}/scripts/linuxsystemroles-logs-clean" dest=/usr/local/bin/linuxsystemroles-logs-clean mode=0755 - - - name: Update fullfiletimelist job - cron: name="update-fullfiletimelist" hour="*/2" minute="55" user="root" - job="/usr/local/bin/lock-wrapper update-fullfiletimelist '/usr/local/bin/update-fullfiletimelist -l /tmp/update-fullfiletimelist.lock -t /srv/pub alt'" - cron_file=update-fullfiletimelist - - - name: Prune old logs at /srv/pub/alt/linuxsystemroles/logs - cron: name="linuxsystemroles-logs-clean" hour="0" minute="15" user="root" - job="/usr/local/bin/linuxsystemroles-logs-clean /srv/pub/alt/linuxsystemroles/logs >/dev/null" - cron_file=linuxsystemroles-logs-clean - - - name: Set MAILTO for the previous cron job - cron: env=true name=MAILTO value="systemroles-owner@lists.fedorahosted.org" - cron_file=linuxsystemroles-logs-clean user=root - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/sign-bridge.yml b/playbooks/groups/sign-bridge.yml deleted file mode 100644 index dd955b3a1e..0000000000 --- a/playbooks/groups/sign-bridge.yml +++ /dev/null @@ -1,41 +0,0 @@ -# provision a new sign server. -# NOTE: this assumes the boxes are already up and are accessible -# NOTE: most of these vars_path come from group_vars/sign or from hostvars -# -# FURTHER NOTE: some of These machines run day to day with sshd disabled/off. -# Access is via management interface only. This playbook does initial setup. -# Please check with rel-eng before doing anything here. - ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "sign_bridge" - -- name: Configure sign bridge server - hosts: sign_bridge - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - rkhunter - - hosts - - ipa/client - - sudo - - nagios_client - - sigul/bridge - - role: keytab/service - service: sigul - owner_user: sigul - owner_group: sigul - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/smtp-auth.yml b/playbooks/groups/smtp-auth.yml deleted file mode 100644 index 8a4b9fb566..0000000000 --- a/playbooks/groups/smtp-auth.yml +++ /dev/null @@ -1,33 +0,0 @@ -# create smtp auth servers - ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "smtp_auth" - -- name: Make the box be real - hosts: smtp_auth - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - rkhunter - - nagios_client - - hosts - - { role: openvpn/client, - when: env != "staging" } - - ipa/client - - collectd/base - - sudo - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/smtp-mm.yml b/playbooks/groups/smtp-mm.yml index c1fb394985..e6c352a22b 100644 --- a/playbooks/groups/smtp-mm.yml +++ b/playbooks/groups/smtp-mm.yml @@ -1,33 +1,50 @@ # create smtp servers ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "smtp_mm" - -- name: Make the box be real - hosts: smtp_mm +- name: make smtp server + hosts: smtp-mm user: root - gather_facts: true + gather_facts: False - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: smtp-mm + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - rkhunter + - { role: denyhosts, when: ansible_distribution_major_version != '7' } - nagios_client - hosts - - { role: openvpn/client, - when: env != "staging" } - - ipa/client + - fas_client - collectd/base - sudo - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/openvpn_client.yml" + when: ansible_distribution_major_version != '7' + - include: "{{ tasks }}/openvpn_client_7.yml" + when: ansible_distribution_major_version == '7' handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/summershum.yml b/playbooks/groups/summershum.yml new file mode 100644 index 0000000000..2e7e24a918 --- /dev/null +++ b/playbooks/groups/summershum.yml @@ -0,0 +1,91 @@ +# create a new summershum server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- name: make summershum server + hosts: summershum;summershum-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + - include: "{{ tasks }}/accelerate_prep.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: dole out the generic configuration + hosts: summershum;summershum-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - denyhosts + - nagios_client + - collectd/base + - hosts + - fas_client + - sudo + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + # The proxies don't actually need to talk to these hosts so we won't bother + # putting them on the vpn. + #- include: "{{ tasks }}/openvpn_client.yml" + # when: env != "staging" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: set up fedmsg basics + hosts: summershum;summershum-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - fedmsg/base + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: dole out the service-specific config + hosts: summershum;summershum-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + roles: + - fedmsg/hub + - summershum + - role: collectd/fedmsg-service + process: fedmsg-hub + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/sundries.yml b/playbooks/groups/sundries.yml index 8a9ece9937..1170995557 100644 --- a/playbooks/groups/sundries.yml +++ b/playbooks/groups/sundries.yml @@ -1,93 +1,66 @@ # create a new sundries server # -# These servers run a number of smaller apps that don't merit their own instances. ---- +# These servers run a number of smaller apps that don't merit their own instances. +# -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "sundries:sundries_stg" - -- name: Make the box be real - hosts: sundries:sundries_stg +- name: make sundries server + hosts: sundries;sundries-stg user: root - gather_facts: true + gather_facts: False + accelerate: "{{ accelerated }}" - vars_files: - - "/srv/web/infra/ansible/vars/global.yml" - - "/srv/private/ansible/vars.yml" - - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: sundries;sundries-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - rkhunter + - denyhosts - nagios_client - hosts - - { - role: openvpn/client, - when: env != "staging" - } - - ipa/client + - fas_client - collectd/base - - mod_wsgi - geoip - - geoip-city-wsgi/app - - role: easyfix/gather - when: master_sundries_node|bool - - role: bz_review_report - when: master_sundries_node|bool and env != "staging" + - geoip-city-wsgi + - role: koji_reminder + when: master_sundries_node + - role: easyfix + when: master_sundries_node + - role: fedora_owner_change + when: master_sundries_node and env != "staging" - rsyncd + - mirrormanager/frontend - freemedia - sudo - pager_server - - role: fedora-web/build - when: master_sundries_node|bool - - role: fedora-web/translation - when: master_sundries_node|bool - - role: fedora-budget/build - when: master_sundries_node|bool - - role: fedora-docs/build - when: master_sundries_node|bool - - role: fedora-docs/translation - when: master_sundries_node|bool - - role: developer/build - when: master_sundries_node|bool - - role: fedoraloveskde/build - when: master_sundries_node|bool - - role: rabbit/user - user_name: "sundries{{ env_suffix }}" - user_sent_topics: ^$ - when: master_sundries_node|bool and deployment_type == "stg" - - role: nfs/client - mnt_dir: '/srv/docs' - nfs_src_dir: 'openshift_{{ env_short }}_docs' - mount_stg: true - - role: nfs/client - mnt_dir: '/srv/websites' - nfs_src_dir: 'openshift_{{ env_short }}_websites' - mount_stg: true - - role: nfs/client - mnt_dir: '/srv/web/review-stats' - nfs_src_dir: 'openshift_{{ env_short }}_reviewstats' - mount_stg: true - - role: nfs/client - mnt_dir: '/srv/web/registry-index' - nfs_src_dir: 'flatpak-indexer-storage-stg' - mount_stg: true - when: master_sundries_node|bool and env == "staging" - - role: nfs/client - mnt_dir: '/srv/web/registry-index' - nfs_src_dir: 'flatpak-indexer-storage' - mount_stg: true - when: master_sundries_node|bool and env != "staging" - - role: nfs/client - mnt_dir: '/srv/web/codecs.fedoraproject.org' - nfs_src_dir: 'openshift_prod_codecs' - mount_stg: false - nfs_mount_opts: 'rw,bg,nfsvers=4' - when: master_sundries_node|bool and env != "staging" - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/apache.yml" + - include: "{{ tasks }}/mod_wsgi.yml" + - include: "{{ tasks }}/openvpn_client.yml" + when: env != "staging" handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/tagger.yml b/playbooks/groups/tagger.yml new file mode 100644 index 0000000000..e6a143e253 --- /dev/null +++ b/playbooks/groups/tagger.yml @@ -0,0 +1,91 @@ +# create a new tagger server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/tagger* or from hostvars + +- name: make tagger server + hosts: tagger;tagger-stg + user: root + gather_facts: False + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + - include: "{{ tasks }}/accelerate_prep.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: tagger;tagger-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - denyhosts + - nagios_client + - hosts + - fas_client + - collectd/base + - rsyncd + - sudo + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/openvpn_client.yml" + when: env != "staging" + - include: "{{ tasks }}/apache.yml" + - include: "{{ tasks }}/mod_wsgi.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: dole out the service specific config + hosts: tagger;tagger-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - tagger + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +# This comes last because it relies on a group created by the tagger role. +- name: setup fedmsg + hosts: tagger;tagger-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - fedmsg/base + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/tang.yml b/playbooks/groups/tang.yml deleted file mode 100644 index e7e086f112..0000000000 --- a/playbooks/groups/tang.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "tang" - -- name: Make the box be real - hosts: tang - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - base - - rkhunter - - nagios_client - - hosts - - ipa/client - - rsyncd - - sudo - - tang - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/taskotron-dev-clients.yml b/playbooks/groups/taskotron-dev-clients.yml new file mode 100644 index 0000000000..6938e35294 --- /dev/null +++ b/playbooks/groups/taskotron-dev-clients.yml @@ -0,0 +1,68 @@ +--- +# create a taskotron dev clients +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- name: make taskotron-dev clients + hosts: taskotron-dev-clients + user: root + gather_facts: False + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: taskotron-dev-clients + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: base, tags:['base'] } + - { role: rkhunter, tags:['rkhunter'] } + - { role: nagios_client, tags:['nagios_client'] } + - hosts + - { role: fas_client, tags:['fas_client'] } + - { role: collectd/base, tags:['collectd_base'] } + - { role: yum-cron, tags:['yumcron'] } + - { role: sudo, tags:['sudo'] } + + tasks: + # this is how you include other task lists + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: configure taskotron clients + hosts: taskotron-dev-clients + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: taskotron/buildslave, tags: ['buildslave'] } + - { role: taskotron/taskotron-client, tags: ['taskotronclient'] } + - { role: taskotron/buildslave-configure, tags: ['buildslaveconfigure'] } + diff --git a/playbooks/groups/taskotron-dev.yml b/playbooks/groups/taskotron-dev.yml new file mode 100644 index 0000000000..e207f4a4cf --- /dev/null +++ b/playbooks/groups/taskotron-dev.yml @@ -0,0 +1,105 @@ +--- +# create a new taskotron dev server +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- name: make resultsdb staging + hosts: taskotron-dev + user: root + gather_facts: False + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: taskotron-dev + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: base, tags:['base'] } + - { role: rkhunter, tags:['rkhunter'] } + - { role: nagios_client, tags:['nagios_client'] } + - hosts + - { role: fas_client, tags:['fas_client'] } + - { role: collectd/base, tags:['collectd_base'] } + - { role: yum-cron, tags:['yumcron'] } + - { role: sudo, tags:['sudo'] } + + tasks: + # this is how you include other task lists + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/apache.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: configure taskotron master + hosts: taskotron-dev + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: taskotron/grokmirror, tags: ['grokmirror'] } +# - { role: taskotron/cgit, tags: ['cgit'] } + - { role: taskotron/buildmaster, tags: ['buildmaster'] } + - { role: taskotron/buildmaster-configure, tags: ['buildmasterconfig'] } + - { role: taskotron/taskotron-trigger, tags: ['trigger'] } + - { role: taskotron/taskotron-frontend, tags: ['frontend'] } + - { role: taskotron/taskotron-proxy, tags: ['taskotronproxy'] } + - { role: taskotron/fake_fedorainfra, tags: ['fakefedorainfra'] } + - { role: taskotron/ssl-taskotron, tags: ['ssltaskotron'] } + + handlers: + - include: "{{ handlers }}/restart_services.yml" + + +############################################################ +# buildbot master setup +# +# Since the buildmaster runs as non-root, do the config as +# the appropriate non-root user +############################################################ + +# all the bits needed for this are not in this repo yet +#- name: buildbot master setup +# hosts: taskotron-dev +# sudo: yes +# sudo_user: "{{ master_user }}" +# tags: +# - buildmasterconfig +# +# # this eventually needs to differentiate between staging and production cedrts +# vars_files: +# - /srv/web/infra/ansible/vars/global.yml +# - "{{ private }}/vars.yml" +# - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml +# +# tasks: +# - include: "{{ tasks }}/buildmaster-config.yml" +# +# handlers: +# - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/taskotron-prod-clients.yml b/playbooks/groups/taskotron-prod-clients.yml new file mode 100644 index 0000000000..17fdb33d76 --- /dev/null +++ b/playbooks/groups/taskotron-prod-clients.yml @@ -0,0 +1,68 @@ +--- +# create taskotron prod clients +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- name: make taskotron-prod clients + hosts: taskotron-prod-clients + user: root + gather_facts: False + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: taskotron-prod-clients + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: base, tags:['base'] } + - { role: rkhunter, tags:['rkhunter'] } + - { role: nagios_client, tags:['nagios_client'] } + - hosts + - { role: fas_client, tags:['fas_client'] } + - { role: collectd/base, tags:['collectd_base'] } + - { role: yum-cron, tags:['yumcron'] } + - { role: sudo, tags:['sudo'] } + + tasks: + # this is how you include other task lists + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: configure taskotron clients + hosts: taskotron-prod-clients + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: taskotron/buildslave, tags: ['buildslave'] } + - { role: taskotron/taskotron-client, tags: ['taskotronclient'] } + - { role: taskotron/buildslave-configure, tags: ['buildslaveconfigure'] } + diff --git a/playbooks/groups/taskotron-prod.yml b/playbooks/groups/taskotron-prod.yml new file mode 100644 index 0000000000..6c1d8026b1 --- /dev/null +++ b/playbooks/groups/taskotron-prod.yml @@ -0,0 +1,75 @@ +--- +# create a new taskotron production server +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- name: make taskotron production + hosts: taskotron-prod + user: root + gather_facts: False + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: taskotron-prod + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: base, tags:['base'] } + - { role: rkhunter, tags:['rkhunter'] } + - { role: nagios_client, tags:['nagios_client'] } + - hosts + - { role: fas_client, tags:['fas_client'] } + - { role: collectd/base, tags:['collectd_base'] } + - { role: yum-cron, tags:['yumcron'] } + - { role: sudo, tags:['sudo'] } + + tasks: + # this is how you include other task lists + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/apache.yml" + - include: "{{ tasks }}/openvpn_client_7.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: configure taskotron master + hosts: taskotron-prod + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: taskotron/grokmirror, tags: ['grokmirror'] } +# - { role: taskotron/cgit, tags: ['cgit'] } + - { role: taskotron/buildmaster, tags: ['buildmaster'] } + - { role: taskotron/buildmaster-configure, tags: ['buildmasterconfig'] } + - { role: taskotron/taskotron-trigger, tags: ['trigger'] } + - { role: taskotron/taskotron-frontend, tags: ['frontend'] } + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/taskotron-stg-clients.yml b/playbooks/groups/taskotron-stg-clients.yml new file mode 100644 index 0000000000..054316ac84 --- /dev/null +++ b/playbooks/groups/taskotron-stg-clients.yml @@ -0,0 +1,68 @@ +--- +# create taskotron stg clients +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- name: make taskotron-stg clients + hosts: taskotron-stg-clients + user: root + gather_facts: False + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: taskotron-stg-clients + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: base, tags:['base'] } + - { role: rkhunter, tags:['rkhunter'] } + - { role: nagios_client, tags:['nagios_client'] } + - hosts + - { role: fas_client, tags:['fas_client'] } + - { role: collectd/base, tags:['collectd_base'] } + - { role: yum-cron, tags:['yumcron'] } + - { role: sudo, tags:['sudo'] } + + tasks: + # this is how you include other task lists + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: configure taskotron clients + hosts: taskotron-stg-clients + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: taskotron/buildslave, tags: ['buildslave'] } + - { role: taskotron/taskotron-client, tags: ['taskotronclient'] } + - { role: taskotron/buildslave-configure, tags: ['buildslaveconfigure'] } + diff --git a/playbooks/groups/taskotron-stg.yml b/playbooks/groups/taskotron-stg.yml new file mode 100644 index 0000000000..649a64abe1 --- /dev/null +++ b/playbooks/groups/taskotron-stg.yml @@ -0,0 +1,75 @@ +--- +# create a new taskotron dev server +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- name: make resultsdb staging + hosts: taskotron-stg + user: root + gather_facts: False + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: taskotron-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: base, tags:['base'] } + - { role: rkhunter, tags:['rkhunter'] } + - { role: nagios_client, tags:['nagios_client'] } + - hosts + - { role: fas_client, tags:['fas_client'] } + - { role: collectd/base, tags:['collectd_base'] } + - { role: yum-cron, tags:['yumcron'] } + - { role: sudo, tags:['sudo'] } + + tasks: + # this is how you include other task lists + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/apache.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: configure taskotron master + hosts: taskotron-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: taskotron/grokmirror, tags: ['grokmirror'] } +# - { role: taskotron/cgit, tags: ['cgit'] } + - { role: taskotron/buildmaster, tags: ['buildmaster'] } + - { role: taskotron/buildmaster-configure, tags: ['buildmasterconfig'] } + - { role: taskotron/taskotron-trigger, tags: ['trigger'] } + - { role: taskotron/taskotron-frontend, tags: ['frontend'] } + - { role: taskotron/fake_fedorainfra, tags: ['fakefedorainfra'] } + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/taskotron.yml b/playbooks/groups/taskotron.yml new file mode 100644 index 0000000000..11824c1113 --- /dev/null +++ b/playbooks/groups/taskotron.yml @@ -0,0 +1,50 @@ +# create a new taskotron server +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- name: make taskotron server + hosts: taskotron + user: root + gather_facts: False + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: taskotron + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - yum-cron + - sudo + + tasks: + # this is how you include other task lists + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/torrent.yml b/playbooks/groups/torrent.yml deleted file mode 100644 index 83d9aabf96..0000000000 --- a/playbooks/groups/torrent.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "torrent" - -- name: Make the box be real - hosts: torrent - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - hosts - - rkhunter - - nagios_client - - openvpn/client - - ipa/client - - collectd/base - - rsyncd - - sudo - - torrent - - apache - - - role: httpd/mod_ssl - - - role: httpd/certificate - certname: "{{wildcard_cert_name}}" - SSLCertificateChainFile: "{{wildcard_int_file}}" - - - {role: httpd/website, vars: {site_name: torrent.fedoraproject.org, cert_name: "{{wildcard_cert_name}}", sslonly: true}} - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/unbound.yml b/playbooks/groups/unbound.yml new file mode 100644 index 0000000000..635af15de0 --- /dev/null +++ b/playbooks/groups/unbound.yml @@ -0,0 +1,51 @@ +- name: make unbound + hosts: unbound + user: root + gather_facts: False + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + - include: "{{ tasks }}/accelerate_prep.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: unbound + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - unbound + - sudo + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/openvpn_client.yml" + when: ansible_distribution_major_version != '7' + - include: "{{ tasks }}/openvpn_client_7.yml" + when: ansible_distribution_major_version == '7' + + handlers: + - include: "{{ handlers }}/restart_services.yml" + - include: "{{ handlers }}/semanage.yml" diff --git a/playbooks/groups/value.yml b/playbooks/groups/value.yml index f05ac1c033..ae15b63fe3 100644 --- a/playbooks/groups/value.yml +++ b/playbooks/groups/value.yml @@ -1,50 +1,55 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "value:value_stg" - -- name: Make the box be real - hosts: value:value_stg +- name: make value add servers + hosts: value:value-stg user: root - gather_facts: true + gather_facts: False + accelerate: "{{ accelerated }}" vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + - include: "{{ tasks }}/accelerate_prep.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: value:value-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - rkhunter + - denyhosts - nagios_client - - zabbix/zabbix_agent - hosts - - {role: openvpn/client, - when: env != "staging"} - - ipa/client - - {role: keytab/service, - owner_user: daemon, - owner_group: daemon, - service: ursabot, - when: inventory_hostname.startswith('value02.stg')} - - {role: keytab/service, - owner_user: daemon, - owner_group: daemon, - service: zodbot, - when: inventory_hostname.startswith('value02.iad2')} + - fas_client - collectd/base - - apache + - fedmsg/base + - fedmsg/irc - supybot - sudo - rsyncd - - {role: nfs/client, - nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3", - mnt_dir: '/srv/', - nfs_src_dir: 'fedora_value_{{env_short}}', - mount_stg: true } + - role: collectd/fedmsg-service + process: fedmsg-irc - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/openvpn_client.yml" + when: env != "staging" + - include: "{{ tasks }}/apache.yml" handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/virthost.yml b/playbooks/groups/virthost.yml index a7997f339c..4c3195354f 100644 --- a/playbooks/groups/virthost.yml +++ b/playbooks/groups/virthost.yml @@ -2,55 +2,37 @@ # NOTE: should be used with --limit most of the time # NOTE: most of these vars_path come from group_vars/backup_server or from hostvars ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/happy_birthday.yml" - vars: - myhosts: "virthost:bvirthost:buildvmhost:colo_virt" - - name: make virthost server system - hosts: virthost:bvirthost:buildvmhost:colo_virt + hosts: virthost15.phx2.fedoraproject.org:bvirthost07.phx2.fedoraproject.org:buildvmhost-10.phx2.fedoraproject.org:buildvmhost-11.phx2.fedoraproject.org:buildvmhost-12.phx2.fedoraproject.org:virthost01.phx2.fedoraproject.org:virthost03.phx2.fedoraproject.org:ibiblio04.fedoraproject.org:bvirthost06.phx2.fedoraproject.org:bvirthost08.phx2.fedoraproject.org:bvirthost09.phx2.fedoraproject.org:bvirthost10.phx2.fedoraproject.org:bvirthost11.phx2.fedoraproject.org:virthost16.phx2.fedoraproject.org:virthost17.phx2.fedoraproject.org:virthost18.phx2.fedoraproject.org:serverbeach07.fedoraproject.org:qa07.qa.fedoraproject.org:coloamer01.fedoraproject.org:qa04.qa.fedoraproject.org:qa05.qa.fedoraproject.org:osuosl03.fedoraproject.org:qa06.qa.fedoraproject.org user: root - gather_facts: true + accelerate: "{{ accelerated }}" + gather_facts: True - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - - name: override nbde_client-network-flush to work around bug - ansible.builtin.copy: - src: "{{ files }}/common/nbde_client-network-flush" - dest: /usr/bin/nbde_client-network-flush - owner: root - group: root - mode: 755 - - - name: tell NetworkManager we don't want any auto connections - ansible.builtin.copy: - src: "{{ files }}/common/noautodefault.conf" - dest: /etc/NetworkManager/conf.d/noautodefault.conf - owner: root - group: root - mode: 644 + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - - {role: rkhunter, when: ansible_distribution_major_version|int < 10} - - {role: nagios_client, when: ansible_distribution_major_version|int < 10} - - {role: zabbix/zabbix_agent, when: ansible_distribution_major_version|int < 10} + - rkhunter + - { role: denyhosts, when: ansible_distribution_major_version != '7' } + - nagios_client - hosts - - {role: openvpn/client, when: vpn|bool} - - ipa/client - - {role: collectd/base, when: ansible_distribution_major_version|int < 10} - - {role: iscsi_client, when: "inventory_hostname.startswith(('bvmhost-x86-06', 'bvmhost-x86-07', 'bvmhost-p09')) and datacenter == 'iad2'"} + - fas_client + - collectd/base + - { role: iscsi_client, when: datacenter == "phx2" } - sudo - - virthost - - {role: linux-system-roles.nbde_client, tags: ['nbde_client'], when: datacenter == 'iad2' and nbde|bool} - - {role: serial-console, when: datacenter == 'iad2' and ansible_architecture != 's390x'} + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/openvpn_client.yml" + when: ansible_distribution_major_version != '7' and datacenter != 'phx2' + - include: "{{ tasks }}/openvpn_client_7.yml" + when: ansible_distribution_major_version == '7' and datacenter != 'phx2' + - include: "{{ tasks }}/virthost.yml" handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/wiki.yml b/playbooks/groups/wiki.yml index f40ee25648..c263264174 100644 --- a/playbooks/groups/wiki.yml +++ b/playbooks/groups/wiki.yml @@ -3,44 +3,55 @@ # These servers run mediawiki for the main fedora wiki instance. # ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "wiki:wiki_stg" - -- name: Make the box be real - hosts: wiki:wiki_stg +- name: make wiki server + hosts: wiki:wiki-stg user: root - gather_facts: true + gather_facts: False + accelerate: "{{ accelerated }}" - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: wiki:wiki-stg + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - rkhunter + - denyhosts - nagios_client - - zabbix/zabbix_agent - hosts - - { role: openvpn/client, - when: env != "staging" } - - ipa/client + - fas_client - collectd/base - - apache - # Set up for fedora-messaging - - role: rabbit/user - user_name: "mediawiki{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(wiki|logger)\..* - when: inventory_hostname.startswith('wiki01') - - { role: nfs/client, when: env == "staging", mnt_dir: '/mnt/web/attachments', nfs_src_dir: 'fedora_app_staging/app/attachments', mount_stg: true } - - { role: nfs/client, when: env != "staging", mnt_dir: '/mnt/web/attachments', nfs_src_dir: 'fedora_app/app/attachments' } + - fedmsg/base + - { role: nfs/client, when: env == "staging", mnt_dir: '/mnt/web/attachments', nfs_src_dir: 'fedora_app_staging/app/attachments' } + - { role: nfs/client, when: env != "staging", mnt_dir: '/mnt/web/attachments', nfs_src_dir: 'fedora_app/app/attachments' } - mediawiki - sudo + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/apache.yml" + - include: "{{ tasks }}/openvpn_client.yml" + when: env != "staging" + handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/zabbix.yml b/playbooks/groups/zabbix.yml deleted file mode 100644 index 0b17c0a020..0000000000 --- a/playbooks/groups/zabbix.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "zabbix_stg:zabbix" - -- name: Make the box be real - hosts: zabbix_stg:zabbix - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - rkhunter - - hosts - - ipa/client - - collectd/base - - sudo - - zabbix/zabbix_server - - { role: openvpn/client, when: env != "staging" } - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - tasks: - - name: Sync sysadmin-noc membership to the zabbix server - include_role: - name: zabbix/zabbix_server - tasks_from: sync_sysadmin_noc - apply: - tags: - - sync_users - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/host_reboot.yml b/playbooks/host_reboot.yml index c51a81a899..cb55d45bc3 100644 --- a/playbooks/host_reboot.yml +++ b/playbooks/host_reboot.yml @@ -1,22 +1,45 @@ # requires --extra-vars="target=hostspec" ---- -- name: Reboot hosts +- name: reboot hosts hosts: "{{ target }}" - gather_facts: false + gather_facts: False user: root serial: 1 tasks: - - name: Tell nagios to shush - nagios: action=downtime minutes=60 service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org + - name: tell nagios to shush + nagios: action=downtime minutes=60 service=host host={{ inventory_hostname }} + delegate_to: noc01.phx2.fedoraproject.org ignore_errors: true - - name: Reboot the host - reboot: reboot_timeout=1800 + - name: reboot the virthost + command: /sbin/reboot + + - name: wait for host to come back - up to 6 minutes + local_action: wait_for host={{ target }} port=22 delay=120 timeout=420 + + + # - name: see if it needs to be rebooted + # action: command /usr/local/bin/needs-reboot.py + # register: needsreboot + + # - name: tell nagios to shush + # action: nagios action=silence host=${inventory_hostname_short} + # delegate_to: noc01.phx2.fedoraproject.org + # when:"'yes' in needsreboot.stdout" + + # - name: reboot the host + # action: command /sbin/reboot + # when:"'yes' in needsreboot.stdout" + + # - name: wait for host to come back - up to 6 minutes + # local_action: wait_for host=${inventory_hostname} port=22 delay=30 timeout=420 + # when:"'yes' in needsreboot.stdout" + + # - name: tell nagios to unshush + # action: nagios action=unsilence host=${inventory_hostname_short} + # delegate_to: noc01.phx2.fedoraproject.org + # when:"'yes' in needsreboot.stdout" + + - - name: Tell nagios to unshush - nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org - ignore_errors: true diff --git a/playbooks/host_update.yml b/playbooks/host_update.yml index 6a6cb9905a..fdb13c5f56 100644 --- a/playbooks/host_update.yml +++ b/playbooks/host_update.yml @@ -3,51 +3,32 @@ # requires --extra-vars="target=somehostname yumcommand=update" ---- - -- name: Update the system +- name: update the system hosts: "{{ target }}" - gather_facts: true + accelerate: "{{ accelerated }}" + gather_facts: false + user: root + + tasks: + - name: expire-caches + command: yum clean expire-cache + + - name: yum -y {{ yumcommand }} + command: yum -y {{ yumcommand }} + async: 7200 + poll: 30 + +- name: run rkhunter if installed + hosts: "{{ target }}" + accelerate: "{{ accelerated }}" user: root tasks: - - - name: Apply updates - ansible.builtin.package: - state: latest - name: "*" - update_cache: true - async: 7200 - poll: 30 - when: package_excludes is not defined - - - debug: - msg: - - '!!!!!!!!!!!!!!!!!!! host {{ inventory_hostname }} has EXCLUDES OF {{ package_excludes }} !!!!!!!!!!!!!' - - '!!!!!!!!!!!!!!!!!!! DANGER DANGER DANGER ^ CHECK THAT EXCLUDES ARE STILL NEEDED ^ !!!!!!!!!!!!!!!!!!!!' - when: package_excludes is defined - changed_when: true - - - name: Apply updates with excludes - ansible.builtin.package: - state: latest - name: "*" - update_cache: true - exclude: "{{ package_excludes }}" - async: 7200 - poll: 30 - when: package_excludes is defined - -- name: Run rkhunter if installed - hosts: "{{ target }}" - user: root - - tasks: - - name: Check for rkhunter - ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter + - name: check for rkhunter + command: /usr/bin/test -f /usr/bin/rkhunter register: rkhunter ignore_errors: true - - - name: Run rkhunter --propupd - ansible.builtin.command: /usr/bin/rkhunter --propupd - when: rkhunter is success + + - name: run rkhunter --propupd + command: /usr/bin/rkhunter --propupd + when: rkhunter|success diff --git a/playbooks/hosts/artboard.cloud.fedoraproject.org.yml b/playbooks/hosts/artboard.cloud.fedoraproject.org.yml new file mode 100644 index 0000000000..0b5c63020c --- /dev/null +++ b/playbooks/hosts/artboard.cloud.fedoraproject.org.yml @@ -0,0 +1,78 @@ +- name: check/create instance + hosts: 209.132.184.143 + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + + tasks: + - include: "{{ tasks }}/persistent_cloud.yml" + - include: "{{ tasks }}/growroot_cloud.yml" + +- name: provision instance + hosts: 209.132.184.143 + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/cloud_setup_basic.yml" + - include: "{{ tasks }}/postfix_basic.yml" + + - name: mount up disk of persistent storage + action: mount name=/srv/persist src='LABEL=artboard' fstype=ext4 state=mounted + + # open up ports (22, 80, 443) + - name: poke holes in the firewall + action: command lokkit {{ item }} + with_items: + - --service=ssh + - --service=https + - --service=http + + # packages needed + - name: add packages + action: yum state=present name={{ item }} + with_items: + - rsync + - openssh-clients + - httpd + - httpd-tools + - php + - php-gd + - php-mysql + - cronie-noanacron + + # packages needed to be gone + - name: erase packages + action: yum state=absent name={{ item }} + with_items: + - cronie-anacron + + - name: artboard backup thing + action: copy src="{{ files }}/artboard/artboard-backup" dest=/etc/cron.daily/artboard-backup mode=0755 + + - name: make artboard subdir + action: file path=/srv/persist/artboard mode=0755 state=directory + + - name: link artboard into /var/www/html + action: file state=link src=/srv/persist/artboard path=/var/www/html/artboard + + - name: add apache confs + action: copy src="{{ files }}/artboard/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}" backup=true + with_items: + - artboard.conf + - redirect.conf + notify: restart httpd + + - name: startup apache + action: service name=httpd state=started + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/hosts/blockerbugs-dev.cloud.fedoraproject.org.yml b/playbooks/hosts/blockerbugs-dev.cloud.fedoraproject.org.yml new file mode 100644 index 0000000000..4ccca843f6 --- /dev/null +++ b/playbooks/hosts/blockerbugs-dev.cloud.fedoraproject.org.yml @@ -0,0 +1,34 @@ +- name: check/create instance + hosts: blockerbugs-dev.cloud.fedoraproject.org + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + + tasks: + - include: "{{ tasks }}/persistent_cloud.yml" + - include: "{{ tasks }}/growroot_cloud.yml" + +- name: provision instance + hosts: blockerbugs-dev.cloud.fedoraproject.org + user: root + gather_facts: True + vars: + - tcp_ports: [22, 80, 443] + - udp_ports: [] + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/cloud_setup_basic.yml" + - include: "{{ tasks }}/iptables.yml" + - name: mount up blockerbugs-dev to /srv/persistent + mount: name=/srv/persistent src='LABEL=blockerbugs-dev' fstype=ext4 state=mounted + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/hosts/bodhi.dev.fedoraproject.org.yml b/playbooks/hosts/bodhi.dev.fedoraproject.org.yml new file mode 100644 index 0000000000..5d47fbef8e --- /dev/null +++ b/playbooks/hosts/bodhi.dev.fedoraproject.org.yml @@ -0,0 +1,38 @@ +- name: check/create instance + hosts: bodhi.dev.fedoraproject.org + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + + tasks: + - include: "{{ tasks }}/persistent_cloud.yml" + - include: "{{ tasks }}/growroot_cloud.yml" + +- name: provision instance + hosts: bodhi.dev.fedoraproject.org + user: root + gather_facts: True + vars: + - tcp_ports: [22, 443] + - udp_ports: [] + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/cloud_setup_basic.yml" + - include: "{{ tasks }}/postfix_basic.yml" + + # open up tcp ports + - name: poke holes in the firewall + action: command lokkit -p '{{ item }}:tcp' + with_items: + - "{{ tcp_ports }}" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/hosts/cloud-noc01.fedorainfracloud.org.yml b/playbooks/hosts/cloud-noc01.fedorainfracloud.org.yml deleted file mode 100644 index 303c2a2d65..0000000000 --- a/playbooks/hosts/cloud-noc01.fedorainfracloud.org.yml +++ /dev/null @@ -1,60 +0,0 @@ -# This is a basic playbook - ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "cloud-noc01.fedorainfracloud.org" - -- name: Make cloud noc hardware - hosts: cloud-noc01.fedorainfracloud.org - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - rkhunter - - nagios_client - - hosts - - collectd/base - - sudo - - dhcp_server - - tftp_server - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - tasks: - - - name: Check if ntpd port is already known by selinux - ansible.builtin.shell: semanage port -l | grep ntp - register: ntp_selinux_port - check_mode: no - changed_when: false - failed_when: false - tags: - - config - - selinux - - - name: Allow alternate ntpd port - ansible.builtin.command: semanage port -a -t ntp_port_t -p tcp 124 - when: '"124" not in ntp_selinux_port' - failed_when: false - tags: - - config - - selinux - - - name: Allow alternate ntpd port - ansible.builtin.command: semanage port -a -t ntp_port_t -p udp 124 - when: '"124" not in ntp_selinux_port' - failed_when: false - tags: - - config - - selinux - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/hosts/copr-be-dev.cloud.fedoraproject.org.yml b/playbooks/hosts/copr-be-dev.cloud.fedoraproject.org.yml new file mode 100644 index 0000000000..896a2a8d11 --- /dev/null +++ b/playbooks/hosts/copr-be-dev.cloud.fedoraproject.org.yml @@ -0,0 +1,155 @@ +- name: check/create instance + hosts: copr-be-dev.cloud.fedoraproject.org + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + + # Roles are run first, before tasks, regardless of where you place them here. + roles: + - fedmsg/base + + tasks: + - include: "{{ tasks }}/persistent_cloud.yml" + - include: "{{ tasks }}/growroot_cloud.yml" + - include: "{{ tasks }}/common_scripts.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: provision instance + hosts: copr-be-dev.cloud.fedoraproject.org + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/cloud_setup_basic.yml" + - include: "{{ tasks }}/iptables.yml" + + - name: copy copr.repo + action: copy src="{{ files }}/copr/fe/yum/copr.repo" dest=/etc/yum.repos.d/copr.repo + + - name: set the hostname + shell: hostname copr-be-dev.cloud.fedoraproject.org + + # packages needed + - name: add packages for copr-be + action: yum state=present name={{ item }} + with_items: + - copr-selinux + - copr-backend + - git + - screen + + + - name: make copr dirs + file: state=directory path={{ item }} + with_items: + - /var/lib/copr/jobs + - /var/lib/copr/public_html/results + + - name: Umask results + action: command /usr/bin/umask 0000 + + - name: setup dirs there + action: file state=directory path="/home/copr/{{ item }}" owner=copr group=copr mode=0700 + with_items: + - cloud + - .ssh + + - name: add copr-buildsys keys to copr user path + action: copy src={{ item }} dest=/home/copr/cloud/ owner=copr group=copr mode=0600 + with_fileglob: + - "{{ private }}/files/openstack/copr-copr/*" + + - name: setup privkey for copr user + action: copy src="{{ private }}/files/copr/buildsys.priv" dest=/home/copr/.ssh/id_rsa owner=copr group=copr mode=600 + + - name: setup copr user ssh config file + action: copy src="{{ files }}/copr/ssh_config" dest=/home/copr/.ssh/config owner=copr group=copr mode=600 + + - name: create empty known_hosts + action: copy src=/dev/null dest=/home/copr/.ssh/known_hosts owner=copr group=copr mode=600 + + - name: replace bashrc for copr user + action: copy src="{{ files }}/copr/copr_bashrc" dest=/home/copr/.bashrc owner=copr group=copr mode=600 + + - name: auth_key so we can login to localhost as the copr user from the copr user + action: authorized_key user=copr key="{{ item }}" + with_file: + - "{{ files }}/copr/provision/files/buildsys.pub" + + - name: copy .boto file + action: copy src="{{ files }}/copr/boto" dest=/home/copr/.boto owner=copr group=copr + + # setup webserver + - name: add config for copr-repo path + action: copy src="{{ files }}/copr/lighttpd/lighttpd.conf" dest=/etc/lighttpd/lighttpd.conf owner=root group=root mode=0644 + notify: + - restart lighttpd + + # mime default to text/plain and enable dirlisting for indexes + - name: update lighttpd configs + action: copy src="{{ files }}/copr/lighttpd/{{ item }}" dest="/etc/lighttpd/conf.d/{{ item }}" owner=root group=root mode=0644 + with_items: + - dirlisting.conf + - mime.conf + notify: + - restart lighttpd + + - name: start webserver + action: service state=running enabled=yes name=lighttpd + + # setup dirs for the ansible execution off of provisioning + - name: dirs from provision + action: file state=directory path="/home/copr/provision/{{ item }}" owner=copr group=copr + with_items: + - action_plugins + - library + - files + - files/mock + tags: + - provision_config + + - name: put ansible.cfg for all this into /etc/ansible/ on the system + action: copy src="{{ files }}/copr/provision/ansible.cfg" dest=/etc/ansible/ansible.cfg + tags: + - provision_config + + - name: put some files into the provision subdir + action: copy src="{{ files }}/copr/provision/{{ item }}" dest="/home/copr/provision/{{ item }}" + with_items: + - inventory + - builderpb.yml + - terminatepb.yml + tags: + - provision_config + + - name: put files into the files subdir off of provisioning + action: copy src={{ item }} dest=/home/copr/provision/files/ + with_fileglob: + - "{{ files }}/copr/provision/files/*" + tags: + - provision_config + + # ansible lacks a recurse - so we need this until then + - name: put files into the files/mock subdir off of provisioning + action: copy src={{ item }} dest=/home/copr/provision/files/mock + with_fileglob: + - "{{ files }}/copr/provision/files/mock/*" + tags: + - provision_config + + - name: copy copr-be.conf + action: copy src="{{ files }}/copr/copr-be.conf-dev" dest=/etc/copr/copr-be.conf + + handlers: + - include: "{{ handlers }}/restart_services.yml" + diff --git a/playbooks/hosts/copr-be.cloud.fedoraproject.org.yml b/playbooks/hosts/copr-be.cloud.fedoraproject.org.yml new file mode 100644 index 0000000000..5ea1109469 --- /dev/null +++ b/playbooks/hosts/copr-be.cloud.fedoraproject.org.yml @@ -0,0 +1,215 @@ +- name: check/create instance + hosts: 209.132.184.142 + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + + tasks: + - include: "{{ tasks }}/persistent_cloud.yml" + - include: "{{ tasks }}/growroot_cloud.yml" + +- name: provision instance + hosts: 209.132.184.142 + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + # Roles are run first, before tasks, regardless of where you place them here. + roles: + - fedmsg/base + + tasks: + - include: "{{ tasks }}/cloud_setup_basic.yml" + - include: "{{ tasks }}/iptables.yml" + - include: "{{ tasks }}/common_scripts.yml" + + - name: prepare mount point + action: file state=directory path=/var/lib/copr/public_html + + - name: mount up disk of copr repo + action: mount name=/var/lib/copr/public_html src='LABEL=copr-repo' fstype=ext4 state=mounted + + - name: mount /tmp/ + action: mount name=/tmp src='tmpfs' fstype=tmpfs state=mounted + + # We cannot use repo pointing to ourselfs :( + #- name: copy copr.repo + # action: copy src=$files/copr/fe/yum/copr.repo dest=/etc/yum.repos.d/copr.repo + + - name: set the hostname + shell: hostname copr-be.cloud.fedoraproject.org + + - name: copy .forward file + action: copy src="{{ files }}/copr/forward" dest=/root/.forward owner=root group=root + + - name: deploy /etc/hosts file + action: copy src="{{ files }}/copr/hosts" dest=/etc/hosts owner=root group=root mode=644 + + # packages needed + - name: add packages for copr-be + action: yum state=present name={{ item }} + with_items: + - copr-selinux + - copr-backend + - git + - screen + - fail2ban + - system-config-firewall-base + - python-novaclient + + + - name: make copr dirs + file: state=directory path={{ item }} + with_items: + - /var/lib/copr/jobs + - /var/lib/copr/public_html/results + + - name: Umask results + action: command /usr/bin/umask 0000 chdir=/var/lib/copr/public_html/results + + - name: setup dirs there + action: file state=directory path="/home/copr/{{ item }}" owner=copr group=copr mode=0700 + with_items: + - cloud + - .ssh + + - name: add copr-buildsys keys to copr user path + action: copy src={{ item }} dest=/home/copr/cloud/ owner=copr group=copr mode=0600 + with_fileglob: + - "{{ private }}/files/openstack/copr-copr/*" + + - name: setup privkey for copr user + action: copy src="{{ private }}/files/copr/buildsys.priv" dest=/home/copr/.ssh/id_rsa owner=copr group=copr mode=600 + + - name: setup copr user ssh config file + action: copy src="{{ files }}/copr/ssh_config" dest=/home/copr/.ssh/config owner=copr group=copr mode=600 + + - name: create empty known_hosts + action: copy src=/dev/null dest=/home/copr/.ssh/known_hosts owner=copr group=copr mode=600 + + - name: replace bashrc for copr user + action: copy src="{{ files }}/copr/copr_bashrc" dest=/home/copr/.bashrc owner=copr group=copr mode=600 + + - name: auth_key so we can login to localhost as the copr user from the copr user + action: authorized_key user=copr key="{{ item }}" + with_file: + - "{{ files }}/copr/provision/files/buildsys.pub" + + - name: copy keystonerc + action: template src="{{ files }}/copr/keystonerc" dest=/root/ owner=root group=root mode=600 + + - name: copy .boto file + action: copy src="{{ files }}/copr/boto" dest=/home/copr/.boto owner=copr group=copr + + # setup webserver + - name: add config for copr-repo path + action: copy src="{{ files }}/copr/lighttpd/lighttpd.conf" dest=/etc/lighttpd/lighttpd.conf owner=root group=root mode=0644 + notify: + - restart lighttpd + + - name: copy httpd ssl certificates + action: copy src="{{ puppet_private }}/httpd/{{ item }}" dest="/etc/lighttpd/{{ item }}" owner=root group=root mode=0600 + with_items: + - copr-be.fedoraproject.org.key + - copr-be.fedoraproject.org.crt + notify: + - concate ssl certs + tags: + - config + + - name: copy httpd ssl certificates (CAcert) + action: copy src="{{ files }}/copr/DigiCertCA.crt" dest="/etc/lighttpd/" owner=root group=root mode=0600 + tags: + - config + notify: + - restart lighttpd + + # mime default to text/plain and enable dirlisting for indexes + - name: update lighttpd configs + action: copy src="{{ files }}/copr/lighttpd/{{ item }}" dest="/etc/lighttpd/conf.d/{{ item }}" owner=root group=root mode=0644 + with_items: + - dirlisting.conf + - mime.conf + notify: + - restart lighttpd + + - name: start webserver + service: state=running enabled=yes name=lighttpd + + - name: start fail2ban + service: state=running enabled=yes name=fail2ban + + # setup dirs for the ansible execution off of provisioning + - name: dirs from provision + action: file state=directory path="/home/copr/provision/{{ item }}" owner=copr group=copr + with_items: + - action_plugins + - library + - files + - files/mock + tags: + - provision_config + + - name: put ansible.cfg for all this into /etc/ansible/ on the system + action: copy src="{{ files }}/copr/provision/ansible.cfg" dest=/etc/ansible/ansible.cfg + tags: + - provision_config + + + - name: put some files into the provision subdir + action: template src="{{ files }}/copr/provision/{{ item }}" dest="/home/copr/provision/{{ item }}" + with_items: + - inventory + # - builderpb.yml + - terminatepb.yml + tags: + - provision_config + + - name: put files into the files subdir off of provisioning + action: copy src={{ item }} dest=/home/copr/provision/files/ + with_fileglob: + - "{{ files }}/copr/provision/files/*" + tags: + - provision_config + + # ansible lacks a recurse - so we need this until then + - name: put files into the files/mock subdir off of provisioning + action: copy src={{ item }} dest=/home/copr/provision/files/mock + with_fileglob: + - "{{ files }}/copr/provision/files/mock/*" + tags: + - provision_config + + - name: copy copr-be.conf + template: src="{{ files }}/copr/copr-be.conf" dest=/etc/copr/copr-be.conf owner=root group=copr mode=640 + notify: + - restart copr-backend + tags: + - config + + - name: copy delete-forgotten-instances.pl + action: copy src="{{ files }}/copr/delete-forgotten-instances.pl" dest=/home/copr/delete-forgotten-instances.pl mode=755 + + - name: copy delete-forgotten-instances.cron + action: copy src="{{ files }}/copr/delete-forgotten-instances.cron" dest=/etc/cron.daily/delete-forgotten-instances owner=root group=root mode=755 + + handlers: + - include: "{{ handlers }}/restart_services.yml" + - name: concate ssl certs + action: shell "cat /etc/lighttpd/copr-be.fedoraproject.org.key /etc/lighttpd/copr-be.fedoraproject.org.crt > /etc/lighttpd/copr-be.fedoraproject.org.pem" + notify: + - chmod_key + - restart lighttpd + - name: chmod_key + action: file path=/etc/lighttpd/copr-be.fedoraproject.org.pem owner=root group=root mode=0600 + - name: restart copr-backend + service: name=copr-backend state=restarted + - name: restart lighttpd + service: name=lighttpd state=restarted diff --git a/playbooks/hosts/copr-fe-dev.cloud.fedoraproject.org.yml b/playbooks/hosts/copr-fe-dev.cloud.fedoraproject.org.yml new file mode 100644 index 0000000000..970e56b914 --- /dev/null +++ b/playbooks/hosts/copr-fe-dev.cloud.fedoraproject.org.yml @@ -0,0 +1,106 @@ +- name: check/create instance + hosts: copr-fe-dev.cloud.fedoraproject.org + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + + tasks: + - include: "{{ tasks }}/persistent_cloud.yml" + - include: "{{ tasks }}/growroot_cloud.yml" + +- name: provision instance + hosts: copr-fe-dev.cloud.fedoraproject.org + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/cloud_setup_basic.yml" + - include: "{{ tasks }}/postfix_basic.yml" + - include: "{{ tasks }}/iptables.yml" + + - name: copy copr.repo + action: copy src="{{ files }}/copr/fe/yum/copr.repo" dest=/etc/yum.repos.d/copr.repo + + - name: set the hostname + shell: hostname copr-fe-dev.cloud.fedoraproject.org + + - name: copy .forward file + action: copy src="{{ files }}/copr/forward-dev" dest=/root/.forward owner=root group=root + + - name: deploy /etc/hosts file + action: copy src="{{ files }}/copr/hosts" dest=/etc/hosts owner=root group=root mode=644 + + - name: install copr-fe pkgs + action: yum state=latest pkg={{ item }} + with_items: + - copr-frontend + - copr-selinux + - postgresql-server + - bash-completion + - fail2ban + - mod_ssl + - system-config-firewall-base + tags: + - packages + + - name: install copr configs + template: src="{{ files }}/copr/fe/copr.conf" dest=/etc/copr/copr.conf mode=600 + notify: + - restart httpd + tags: + - config + + - name: copy apache files to conf.d + action: copy src="{{ files }}/copr/fe/httpd/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}" + with_items: + - coprs.conf + - welcome.conf + + - name: copy pg_hba.conf + action: copy src="{{ files }}/copr/fe/pg/pg_hba.conf" dest=/var/lib/pgsql/data/pg_hba.conf owner=postgres group=postgres mode=0600 + + # open up ports (22, 80, 443) + - name: poke holes in the firewall + action: command lokkit {{ item }} + with_items: + - --service=ssh + - --service=https + - --service=http + + - name: copy httpd ssl certificates (crt) + action: copy src="{{ puppet_private }}/httpd/copr-fe.fedoraproject.org.crt" dest="/etc/pki/tls/certs/" owner=root group=root mode=0600 + tags: + - config + + - name: copy httpd ssl certificates (key) + action: copy src="{{ puppet_private }}/httpd/copr-fe.fedoraproject.org.key" dest="/etc/pki/tls/private/" owner=root group=root mode=0600 + tags: + - config + + - lineinfile: dest=/etc/httpd/conf.d/coprs.conf regexp="SSLCertificateFile " insertafter="^#SSLCertificateFile " line="SSLCertificateFile /etc/pki/tls/certs/copr-fe.fedoraproject.org.crt" + notify: + - restart httpd + + - lineinfile: dest=/etc/httpd/conf.d/coprs.conf regexp="SSLCertificateKeyFile " insertafter="^#SSLCertificateKeyFile " line="SSLCertificateKeyFile /etc/pki/tls/private/copr-fe.fedoraproject.org.key" + notify: + - restart httpd + + - name: enable services + action: service state=running enabled=yes name={{ item }} + with_items: + - httpd + - postgresql + - fail2ban + + handlers: + - name: restart httpd + service: name=httpd state=restarted + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/hosts/copr-fe.cloud.fedoraproject.org.yml b/playbooks/hosts/copr-fe.cloud.fedoraproject.org.yml new file mode 100644 index 0000000000..4ea95482d0 --- /dev/null +++ b/playbooks/hosts/copr-fe.cloud.fedoraproject.org.yml @@ -0,0 +1,121 @@ +- name: check/create instance + hosts: 209.132.184.144 + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + + tasks: + - include: "{{ tasks }}/persistent_cloud.yml" + - include: "{{ tasks }}/growroot_cloud.yml" + +- name: provision instance + hosts: 209.132.184.144 + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/cloud_setup_basic.yml" + - include: "{{ tasks }}/postfix_basic.yml" + + - name: mount up disk of copr fe + action: mount name=/srv/copr-fe src='LABEL=copr-fe' fstype=ext4 state=mounted + - include: "{{ tasks }}/iptables.yml" + + - name: mount up bind mount for postgres + action: mount src=/srv/copr-fe/pgsqldb name=/var/lib/pgsql fstype=auto opts=bind state=mounted + + - name: deploy /etc/hosts file + action: copy src="{{ files }}/copr/hosts" dest=/etc/hosts owner=root group=root mode=644 + + - name: copy copr.repo + action: copy src={{ files }}/copr/fe/yum/copr.repo dest=/etc/yum.repos.d/copr.repo + + - name: set the hostname + shell: hostname copr-fe.cloud.fedoraproject.org + + - name: copy .forward file + action: copy src="{{ files }}/copr/forward" dest=/root/.forward owner=root group=root + + - name: install copr-fe pkgs + action: yum state=latest pkg={{ item }} + with_items: + - copr-frontend + - copr-selinux + - postgresql-server + - bash-completion + - fail2ban + - mod_ssl + - system-config-firewall-base + tags: + - packages + + - name: install copr configs + template: src="{{ files }}/copr/fe/copr.conf" dest=/etc/copr/copr.conf mode=600 + notify: + - restart httpd + tags: + - config + + - name: copy apache files to conf.d + action: copy src="{{ files }}/copr/fe/httpd/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}" + with_items: + - coprs.conf + - welcome.conf + + - name: copy pg_hba.conf + action: copy src="{{ files }}/copr/fe/pg/pg_hba.conf" dest=/var/lib/pgsql/data/pg_hba.conf owner=postgres group=postgres mode=0600 + + # open up ports (22, 80, 443) + - name: poke holes in the firewall + action: command lokkit {{ item }} + with_items: + - --service=ssh + - --service=https + - --service=http + + - name: copy httpd ssl certificates (crt) + action: copy src="{{ puppet_private }}/httpd/copr-fe.fedoraproject.org.crt" dest="/etc/pki/tls/certs/" owner=root group=root mode=0600 + tags: + - config + + - name: copy httpd ssl certificates (key) + action: copy src="{{ puppet_private }}/httpd/copr-fe.fedoraproject.org.key" dest="/etc/pki/tls/private/" owner=root group=root mode=0600 + tags: + - config + + - name: copy httpd ssl certificates (CAcert) + action: copy src="{{ files }}/copr/DigiCertCA.crt" dest="/etc/pki/tls/certs/" owner=root group=root mode=0600 + tags: + - config + + - lineinfile: dest=/etc/httpd/conf.d/coprs.conf regexp="SSLCertificateFile " insertafter="^#SSLCertificateFile " line="SSLCertificateFile /etc/pki/tls/certs/copr-fe.fedoraproject.org.crt" + notify: + - restart httpd + + - lineinfile: dest=/etc/httpd/conf.d/coprs.conf regexp="SSLCertificateKeyFile " insertafter="^#SSLCertificateKeyFile " line="SSLCertificateKeyFile /etc/pki/tls/private/copr-fe.fedoraproject.org.key" + notify: + - restart httpd + + - lineinfile: dest=/etc/httpd/conf.d/coprs.conf regexp="SSLCertificateChainFile " insertafter="SSLCertificateKeyFile " line="SSLCertificateChainFile /etc/pki/tls/certs/DigiCertCA.crt" + notify: + - restart httpd + + - name: enable services + action: service state=running enabled=yes name={{ item }} + with_items: + - httpd + - postgresql + - fail2ban + + handlers: + - name: restart httpd + service: name=httpd state=restarted + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/hosts/elections-dev.cloud.fedoraproject.org.yml b/playbooks/hosts/elections-dev.cloud.fedoraproject.org.yml new file mode 100644 index 0000000000..b5b1744143 --- /dev/null +++ b/playbooks/hosts/elections-dev.cloud.fedoraproject.org.yml @@ -0,0 +1,56 @@ +- name: check/create instance + hosts: 209.132.184.162 + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + + tasks: + - include: "{{ tasks }}/persistent_cloud.yml" + - include: "{{ tasks }}/growroot_cloud.yml" + +- name: provision instance + hosts: 209.132.184.162 + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/cloud_setup_basic.yml" + + - name: mount up disk of persistent storage + action: mount name=/srv/persist src='LABEL=elections' fstype=ext4 state=mounted + + # open up ports (22, 80, 443) + - name: poke holes in the firewall + action: command lokkit {{ item }} + with_items: + - --service=ssh + - --service=https + - --service=http + + # packages needed + - name: add packages for repo + action: yum state=present name={{ item }} + with_items: + - rsync + - openssh-clients + - httpd + - httpd-tools + - cronie-noanacron + - postgresql-server + - python-psycopg2 + - python-sqlalchemy0.7 + - python-flask + + - name: startup apache + action: service name=httpd state=started + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/hosts/fedocal.dev.fedoraproject.org.yml b/playbooks/hosts/fedocal.dev.fedoraproject.org.yml new file mode 100644 index 0000000000..4791ff8330 --- /dev/null +++ b/playbooks/hosts/fedocal.dev.fedoraproject.org.yml @@ -0,0 +1,69 @@ +- name: check/create instance + hosts: 209.132.184.147 + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + + tasks: + - include: "{{ tasks }}/persistent_cloud.yml" + - include: "{{ tasks }}/growroot_cloud.yml" + +- name: provision instance + hosts: 209.132.184.147 + user: root + gather_facts: True + vars: + - tcp_ports: [22, 80, 443] + - udp_ports: [] + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/cloud_setup_basic.yml" + - include: "{{ tasks }}/postfix_basic.yml" + + # packages needed + - name: add packages for repo + action: yum state=present name={{ item }} + with_items: + - euca2ools + - rsync + - openssh-clients + - system-config-firewall-base + + - name: install dependencies of fedocal + action: yum state=installed pkg={{ item }} + with_items: + - mod_wsgi + - mod_ssl + - python-flask + - python-flask-wtf + - mysql-server + - MySQL-python + - python-sqlalchemy + - python-kitchen + - python-fedora + - python-vobject + - pytz + - python-alembic + - python-fedora-flask + tags: + - packages + + - name: mount up disk of fedocal persistent storage + action: mount name=/srv/persist src='LABEL=fedocal.dev' fstype=ext4 state=mounted + + # open up tcp ports + - name: poke holes in the firewall + action: command lokkit -p '{{ item }}:tcp' + with_items: + - "{{ tcp_ports }}" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/hosts/hrf.cloud.fedoraproject.org.yml b/playbooks/hosts/hrf.cloud.fedoraproject.org.yml new file mode 100644 index 0000000000..d34ba13be7 --- /dev/null +++ b/playbooks/hosts/hrf.cloud.fedoraproject.org.yml @@ -0,0 +1,59 @@ +- name: check/create instance + hosts: hrf.cloud.fedoraproject.org + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + + tasks: + - include: "{{ tasks }}/persistent_cloud.yml" + +- name: provision instance + hosts: hrf.cloud.fedoraproject.org + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/cloud_setup_basic.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: deploy hrf + hosts: hrf.cloud.fedoraproject.org + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: install deps + yum: state=present name={{ item }} + with_items: + - httpd + - python-flask + - python-fedmsg-meta-fedora-infrastructure + - fedmsg + - mod_wsgi + - htop # not a dep, but handy + - git + - fail2ban + + - name: enable fail2ban and start it + shell: chkconfig fail2ban on && service fail2ban start + + - name: clone the flask repo + git: repo=git://github.com/fedora-infra/hrf.git dest=/srv/www/hrf + + - name: enable port 80 + command: lokkit -p '80:tcp' diff --git a/playbooks/hosts/koschei.cloud.fedoraproject.org.yml b/playbooks/hosts/koschei.cloud.fedoraproject.org.yml new file mode 100644 index 0000000000..62ee25f279 --- /dev/null +++ b/playbooks/hosts/koschei.cloud.fedoraproject.org.yml @@ -0,0 +1,31 @@ +- name: check/create instance + hosts: koschei.cloud.fedoraproject.org + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + + tasks: + - include: "{{ tasks }}/persistent_cloud.yml" + +- name: provision instance + hosts: koschei.cloud.fedoraproject.org + gather_facts: True + user: fedora + sudo: yes + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + + - include: "{{ tasks }}/growroot_cloud.yml" + - include: "{{ tasks }}/cloud_setup_basic.yml" + - include: "{{ tasks }}/postfix_basic.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/hosts/lists-dev.cloud.fedoraproject.org.yml b/playbooks/hosts/lists-dev.cloud.fedoraproject.org.yml new file mode 100644 index 0000000000..04bd39a7ef --- /dev/null +++ b/playbooks/hosts/lists-dev.cloud.fedoraproject.org.yml @@ -0,0 +1,167 @@ +- name: check/create instance + hosts: lists-dev.cloud.fedoraproject.org + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + + tasks: + - include: "{{ tasks }}/persistent_cloud.yml" + +- name: provisions basics onto system/setup paths + hosts: lists-dev.cloud.fedoraproject.org + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + - mailman_vardir: /srv/persist/mailman + + roles: + - sudo + - hosts + + tasks: + - include: "{{ tasks }}/cloud_setup_basic.yml" + - include: "{{ tasks }}/postfix_basic.yml" + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/apache.yml" + - include: "{{ tasks }}/mod_wsgi.yml" + + - name: mount up disk of persistent storage + action: mount name=/srv/persist src='LABEL=lists-dev' fstype=ext4 state=mounted + + - name: selinux status + selinux: policy=targeted state=enforcing + + # /srv/persist + - name: mount up bind mount for postgres + action: mount src=/srv/persist/pgsqldb name=/var/lib/pgsql fstype=auto opts=bind state=mounted + - name: mount up bind mount for mailman + action: mount src=/srv/persist/mailman name=/var/lib/mailman3 fstype=auto opts=bind state=mounted + + - name: get the repo file + get_url: url=http://repos.fedorapeople.org/repos/abompard/hyperkitty/hyperkitty.repo + dest=/etc/yum.repos.d/hyperkitty.repo mode=0444 + + # open up ports (22, 80, 443, 25) + - name: poke holes in the firewall + command: lokkit {{ item }} + with_items: + - --service=ssh + - --service=https + - --service=http + - --service=smtp + + # Database + - name: initialize postgresql + command: /usr/bin/postgresql-setup initdb + creates=/var/lib/pgsql/data/postgresql.conf + - name: copy pg_hba.conf + copy: src="{{ files }}/lists-dev/pg_hba.conf" dest=/var/lib/pgsql/data/pg_hba.conf + owner=postgres group=postgres + notify: + - restart postgresql + - name: start postgresql + service: state=started name=postgresql + + handlers: + - include: "{{ handlers }}/restart_services.yml" + - name: restart postgresql + service: name=postgresql state=restarted + + + +- name: setup db users/passwords for hyperkitty + hosts: hyperkitty-stg + gather_facts: no + sudo: yes + sudo_user: postgres + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + vars: + - mailman_vardir: /srv/persist/mailman + + + tasks: + # mailman auto-updates its schema, there can only be one admin user + - name: mailman DB user + postgresql_user: name=mailmanadmin password={{ lists_dev_mm_db_pass }} + - name: hyperkitty DB admin user + postgresql_user: name=hyperkittyadmin password={{ lists_dev_hk_db_pass }} + - name: hyperkitty DB user + postgresql_user: name=hyperkittyapp password={{ lists_dev_hk_db_pass }} + - name: kittystore DB admin user + postgresql_user: name=kittystoreadmin password={{ lists_dev_ks_db_pass }} + - name: kittystore DB user + postgresql_user: name=kittystoreapp password={{ lists_dev_ks_db_pass }} + - name: databases creation + postgresql_db: name={{ item }} owner="{{ item }}admin" encoding=UTF-8 + with_items: + - mailman + - hyperkitty + - kittystore + +- name: setup mailman and hyperkitty + hosts: hyperkitty-stg + gather_facts: no + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - role: mailman + mailman_dbserver: localhost + mailman_mm_db_pass: "{{ lists_dev_mm_db_pass }}" + mailman_hk_admin_db_pass: "{{ lists_dev_hk_db_pass }}" + mailman_hk_db_pass: "{{ lists_dev_hk_db_pass }}" + mailman_ks_admin_db_pass: "{{ lists_dev_ks_db_pass }}" + mailman_ks_db_pass: "{{ lists_dev_ks_db_pass }}" + - collectd/base + + tasks: + + - name: install more needed packages + yum: pkg={{ item }} state=installed + with_items: + - tar + - mailman # transition from mailman2.1 + - vim + - tmux + - patch + tags: + - packages + + #- name: easy access to the postgresql databases + # template: src="{{ files }}/lists-dev/pgpass.j2" dest=/root/.pgpass + # owner=root group=root mode=0600 + + - name: send root mail to abompard + lineinfile: dest=/etc/aliases regexp='^root:' line="root:abompard@fedoraproject.org" + notify: + - reload aliases + + + # Start services + - name: start services + service: state=started enabled=yes name={{ item }} + with_items: + - httpd + - postgresql + - mailman3 + - postfix + + + handlers: + - include: "{{ handlers }}/restart_services.yml" + - name: reload aliases + command: newaliases diff --git a/playbooks/hosts/logserver.yml b/playbooks/hosts/logserver.yml new file mode 100644 index 0000000000..ce7d2fef28 --- /dev/null +++ b/playbooks/hosts/logserver.yml @@ -0,0 +1,50 @@ +- name: make logs server + hosts: log01.phx2.fedoraproject.org + user: root + gather_facts: False + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + - include: "{{ tasks }}/accelerate_prep.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: log01.phx2.fedoraproject.org + user: root + gather_facts: True + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - collectd/server + - sudo + - epylog + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/apache.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/openvpn_client_7.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + - include: "{{ handlers }}/semanage.yml" diff --git a/playbooks/hosts/logstash-dev.cloud.fedoraproject.org.yml b/playbooks/hosts/logstash-dev.cloud.fedoraproject.org.yml new file mode 100644 index 0000000000..914b922439 --- /dev/null +++ b/playbooks/hosts/logstash-dev.cloud.fedoraproject.org.yml @@ -0,0 +1,44 @@ +- name: check/create instance + hosts: 209.132.184.146 + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + + tasks: + - include: "{{ tasks }}/persistent_cloud.yml" + - include: "{{ tasks }}/growroot_cloud.yml" + +- name: provision instance + hosts: 209.132.184.146 + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/cloud_setup_basic.yml" + + # packages needed + - name: add packages for repo + action: yum state=present name={{ item }} + with_items: + - rsync + - openssh-clients + - httpd + - httpd-tools + - cronie-noanacron + + + - name: mount up disk of persistent storage + action: mount name=/srv/persist src='LABEL=logstash01' fstype=ext4 state=mounted + tags: + - mount_disk + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml b/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml deleted file mode 100644 index 9d806ab7da..0000000000 --- a/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml +++ /dev/null @@ -1,69 +0,0 @@ -# This is a basic playbook - ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "noc-cc01.rdu-cc.fedoraproject.org" - -- name: Make cloud noc hardware - hosts: noc-cc01.rdu-cc.fedoraproject.org - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - rkhunter - - nagios_client - - hosts - - openvpn/client - - ipa/client - - collectd/base - - sudo - - dhcp_server - - tftp_server - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - tasks: - - name: install some packages which arent in playbooks - ansible.builtin.package: - state: present - name: - - nmap - - tcpdump - - dhcp-server - - - name: Check if ntpd port is already known by selinux - ansible.builtin.shell: semanage port -l | grep ntp - register: ntp_selinux_port - check_mode: no - changed_when: false - failed_when: false - tags: - - config - - selinux - - - name: Allow alternate ntpd port - ansible.builtin.command: semanage port -a -t ntp_port_t -p tcp 124 - when: '"124" not in ntp_selinux_port' - failed_when: false - tags: - - config - - selinux - - - name: Allow alternate ntpd port - ansible.builtin.command: semanage port -a -t ntp_port_t -p udp 124 - when: '"124" not in ntp_selinux_port' - failed_when: false - tags: - - config - - selinux - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/hosts/shogun-ca.cloud.fedoraproject.org.yml b/playbooks/hosts/shogun-ca.cloud.fedoraproject.org.yml new file mode 100644 index 0000000000..6fd9f51696 --- /dev/null +++ b/playbooks/hosts/shogun-ca.cloud.fedoraproject.org.yml @@ -0,0 +1,29 @@ +- name: check/create instance + hosts: 209.132.184.157 + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + + tasks: + - include: "{{ tasks }}/persistent_cloud.yml" + - include: "{{ tasks }}/growroot_cloud.yml" + +- name: provision instance + hosts: 209.132.184.157 + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/cloud_setup_basic.yml" + - include: "{{ tasks }}/postfix_basic.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/include/happy_birthday.yml b/playbooks/include/happy_birthday.yml deleted file mode 100644 index 0d4d99d048..0000000000 --- a/playbooks/include/happy_birthday.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Handle ssh keys on a hosts birthday (new hw machine) - hosts: "{{ myhosts }}" - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - import_tasks: "{{ tasks_path }}/happy_birthday.yml" - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/include/proxies-certificates.yml b/playbooks/include/proxies-certificates.yml deleted file mode 100644 index 2d7b20abb2..0000000000 --- a/playbooks/include/proxies-certificates.yml +++ /dev/null @@ -1,79 +0,0 @@ ---- -- name: Set up those proxy certificates. Good gravy.. - hosts: proxies_stg:proxies - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - roles: - - - role: httpd/mod_ssl - - - role: httpd/certificate - certname: wildcard-2024.fedoraproject.org - SSLCertificateChainFile: wildcard-2024.fedoraproject.org.intermediate.cert - - - role: httpd/certificate - certname: wildcard-2024.fedoraproject.org - SSLCertificateChainFile: wildcard-2024.fedoraproject.org.intermediate.cert - - - role: httpd/certificate - certname: wildcard-2024.id.fedoraproject.org - SSLCertificateChainFile: wildcard-2024.id.fedoraproject.org.intermediate.cert - tags: - - id.fedoraproject.org - - - role: httpd/certificate - certname: wildcard-2025.stg.fedoraproject.org - SSLCertificateChainFile: wildcard-2025.stg.fedoraproject.org.intermediate.cert - when: env == "staging" - - - role: httpd/certificate - certname: wildcard-2025.stg.fedoraproject.org - SSLCertificateChainFile: wildcard-2025.stg.fedoraproject.org.intermediate.cert - when: env == "staging" - - - role: httpd/certificate - certname: wildcard-2024.apps.ocp.stg.fedoraproject.org - SSLCertificateChainFile: wildcard-2024.apps.ocp.stg.fedoraproject.org.intermediate.cert - when: env == "staging" - tags: - - apps.ocp.stg.fedoraproject.org - - - role: httpd/certificate - certname: wildcard-2024.apps.ocp.fedoraproject.org - SSLCertificateChainFile: wildcard-2024.apps.ocp.fedoraproject.org.intermediate.cert - tags: - - apps.ocp.fedoraproject.org - - - role: httpd/certificate - certname: wildcard-2025.apps.ocp-rdu3.fedoraproject.org - SSLCertificateChainFile: wildcard-2025.apps.ocp-rdu3.fedoraproject.org.intermediate.cert - tags: - - apps.ocp-rdu3.fedoraproject.org - - - role: httpd/certificate - certname: getfedora.org - SSLCertificateChainFile: getfedora.org.intermediate.cert - tags: - - getfedora.org - - - role: httpd/certificate - certname: qa.stg.fedoraproject.org - SSLCertificateChainFile: qa.stg.fedoraproject.org.intermediate.cert - when: env == "staging" - - - role: httpd/certificate - certname: qa.fedoraproject.org - SSLCertificateChainFile: qa.fedoraproject.org.intermediate.cert - - # - role: httpd/certificate - # certname: secondary.koji.fedoraproject.org.letsencrypt - # SSLCertificateChainFile: secondary.koji.fedoraproject.org.letsencrypt.intermediate.crt diff --git a/playbooks/include/proxies-fedora-web.yml b/playbooks/include/proxies-fedora-web.yml deleted file mode 100644 index 3dd7043df7..0000000000 --- a/playbooks/include/proxies-fedora-web.yml +++ /dev/null @@ -1,62 +0,0 @@ ---- -- name: Set up all that fedora-web goodness. What a wonder! - hosts: proxies_stg:proxies - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - roles: - - - role: fedora-web/main - website: fedoraproject.org - - role: fedora-web/start - website: start.fedoraproject.org - - role: fedora-web/mirrors - website: mirrors.fedoraproject.org - - role: fedora-web/community - website: fedoracommunity.org - - role: fedora-web/getfedora - website: getfedora.org - - role: fedora-web/flocktofedora - website: flocktofedora.org - - role: fedora-web/labs - website: labs.fedoraproject.org - - role: fedora-web/iot - website: iot.fedoraproject.org - - role: fedora-web/registry - website: registry.fedoraproject.org - - role: fedora-web/ostree - website: ostree.fedoraproject.org - - role: fedora-web/candidate-registry - website: candidate-registry.fedoraproject.org - - role: fedora-web/codecs - website: codecs.fedoraproject.org - - role: fedora-web/alt - website: alt.fedoraproject.org - - role: fedora-web/src - website: src.fedoraproject.org - - role: fedora-web/ols - website: ols.fedoraproject.org - - # Some other static content, not strictly part of "fedora-web" goes below here - - role: fedora-budget/proxy - website: budget.fedoraproject.org - - - role: fedora-docs/proxy - website: docs.fedoraproject.org - - - role: developer/website - website: developer.fedoraproject.org - - - role: fedoraloveskde/website - website: fedoraloveskde.org - - - role: fedora-web/fedora.im - website: fedora.im diff --git a/playbooks/include/proxies-fedorahosted.yml b/playbooks/include/proxies-fedorahosted.yml deleted file mode 100644 index 04615b316c..0000000000 --- a/playbooks/include/proxies-fedorahosted.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -- name: Fedorahosted. No more on our servers, but still in our hearts... - hosts: proxies_stg:proxies - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - name: Ensure directories exists - ansible.builtin.file: - path: "{{ item }}" - state: directory - mode: '0755' - loop: - - '/etc/httpd/conf.d/fedorahosted.org' - - '/etc/httpd/conf.d/git.fedorahosted.org' - - - name: Install special fedorahosted-redirects.conf with fedorahosted redirects - ansible.builtin.copy: src={{ files }}/httpd/fedorahosted-redirects.conf dest=/etc/httpd/conf.d/fedorahosted.org/fedorahosted-redirects.conf - - - name: Install special git.fedorahosted-redirects.conf with git.fedorahosted redirects - ansible.builtin.copy: src={{ files }}/httpd/git.fedorahosted-redirects.conf dest=/etc/httpd/conf.d/git.fedorahosted.org/fedorahosted-redirects.conf diff --git a/playbooks/include/proxies-haproxy.yml b/playbooks/include/proxies-haproxy.yml deleted file mode 100644 index bef04e47e8..0000000000 --- a/playbooks/include/proxies-haproxy.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Set up all the haproxy stuff. - hosts: proxies_stg:proxies - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - roles: - - # The base haproxy role that sets it all up - - role: haproxy - - # And an additional apache rewrite so we can access the web stats - - role: haproxy/rewrite - website: admin.fedoraproject.org - path: /haproxy diff --git a/playbooks/include/proxies-miscellaneous.yml b/playbooks/include/proxies-miscellaneous.yml deleted file mode 100644 index 5bd1965fa3..0000000000 --- a/playbooks/include/proxies-miscellaneous.yml +++ /dev/null @@ -1,53 +0,0 @@ ---- -- name: Set up all the other proxy stuff -- miscellaneous - hosts: proxies_stg:proxies - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - # We retired this in favor of PDC - # https://lists.fedoraproject.org/archives/list/rel-eng@lists.fedoraproject.org/thread/LOWVTF6WTS43LNPWDEISLXUELXAH5YXR/#LOWVTF6WTS43LNPWDEISLXUELXAH5YXR - - ansible.builtin.file: - dest=/etc/httpd/conf.d/apps.fedoraproject.org/fedora-releng-dash.conf - state=absent - tags: releng-dash - notify: Reload proxyhttpd - - roles: - - - role: httpd/mime-type - website: fedoraproject.org - mimetype: image/vnd.microsoft.icon - extensions: - - .ico - - - role: httpd/fingerprints - website: admin.fedoraproject.org - - - role: easyfix/proxy - website: fedoraproject.org - path: /easyfix - - - role: review-stats/proxy - website: fedoraproject.org - path: /PackageReviewStatus - - - role: apps-fp-o - website: apps.fedoraproject.org - path: / - - - role: pkgdb-proxy - tags: - - pkgdb2 - - - role: security.txt - tags: - - security.txt diff --git a/playbooks/include/proxies-redirects.yml b/playbooks/include/proxies-redirects.yml deleted file mode 100644 index 66cf82d613..0000000000 --- a/playbooks/include/proxies-redirects.yml +++ /dev/null @@ -1,937 +0,0 @@ ---- -- name: Set up those proxy redirects. Wow! - hosts: proxies_stg:proxies - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - roles: - - # An exceptional rewrite for bugz.fp.o - - role: packages3/bugz.fp.o - website: bugz.fedoraproject.org - tags: - - bugz - - # A special rewrite for cgit - - role: httpd/redirect - shortname: cgit - website: src.fedoraproject.org - tags: - - cgit - - # Various app redirects - - role: httpd/redirect - shortname: neuro - website: neuro.fedoraproject.org - path: / - target: https://docs.fedoraproject.org/en-US/neurofedora/overview/ - tags: - - neuro - - - role: httpd/redirect - shortname: community - website: admin.fedoraproject.org - path: /community - target: https://apps.fedoraproject.org/packages - - - role: httpd/redirect - shortname: packages - website: apps.fedoraproject.org - path: /packages - target: https://packages.fedoraproject.org/ - - - role: httpd/redirect - shortname: koschei - website: apps.fedoraproject.org - path: /koschei - target: "https://koschei{{env_suffix}}.fedoraproject.org" - tags: koschei - - - role: httpd/redirect - shortname: mdapi - website: apps.fedoraproject.org - path: /mdapi - target: "https://mdapi{{env_suffix}}.fedoraproject.org" - tags: mdapi - - - role: httpd/redirect - shortname: nagios - website: admin.fedoraproject.org - path: /nagios - target: https://nagios.fedoraproject.org/nagios/ - - - role: httpd/redirect - shortname: docs - website: fedoraproject.org - path: /docs - target: https://docs.fedoraproject.org/ - - - role: httpd/redirect - shortname: people-fp-o - website: people.fedoraproject.org - target: https://fedorapeople.org/ - - - role: httpd/redirect - shortname: fas - website: fas.fedoraproject.org - target: https://accounts.fedoraproject.org/ - - - role: httpd/redirect - shortname: oldfas - website: admin.fedoraproject.org - path: /accounts/ - target: https:/accounts.fedoraproject.org/ - - - role: httpd/redirectmatch - shortname: askbot-to-ask - website: askbot.fedoraproject.org - regex: ^.* - target: https://ask.fedoraproject.org/t/askbot-fedoraproject-org-archives-are-going-away/16118 - - - role: httpd/redirectmatch - shortname: codecs - website: codecs.fedoraproject.org - regex: ^.*/(.*openh264.*.rpm$) - target: http://ciscobinary.openh264.org/$1 - - - role: httpd/redirect - shortname: jenkins - website: jenkins.fedorainfracloud.org - target: https://jenkins-fedora-infra.apps.ci.centos.org/ - tags: jenkins - - - role: httpd/redirect - shortname: testdays-fic - website: testdays.fedorainfracloud.org - target: https://testdays.fedoraproject.org/ - tags: testdays-fic - - - role: httpd/redirectmatch - shortname: fpaste - website: fpaste.org - regex: /(.*)$ - target: https://paste.centos.org/$1 - - - role: httpd/redirectmatch - shortname: modernpaste - website: paste.fedoraproject.org - regex: /(.*)$ - target: https://paste.centos.org/$1 - - - role: httpd/redirectmatch - shortname: elections - website: admin.fedoraproject.org - regex: /voting - target: https://elections.fedoraproject.org/ - - - role: httpd/redirectmatch - shortname: calendar - website: apps.fedoraproject.org - regex: /calendar$1 - target: https://calendar.fedoraproject.org/$1 - - - role: httpd/redirectmatch - shortname: mailman - website: admin.fedoraproject.org - regex: /mailman/(.*)$ - target: https://lists.fedoraproject.org/mailman/$1 - - - role: httpd/redirectmatch - shortname: mailman-pipermail - website: admin.fedoraproject.org - regex: /pipermail/(.*)$ - target: https://lists.fedoraproject.org/pipermail/$1 - - - role: httpd/redirectmatch - shortname: 00-bodhi2-cutover-users - website: admin.fedoraproject.org - regex: /updates/user/(.*)$ - target: https://bodhi.fedoraproject.org/users/$1 - - - role: httpd/redirectmatch - shortname: 01-bodhi2-cutover-comments-list - website: admin.fedoraproject.org - regex: /updates/comments$ - target: https://bodhi.fedoraproject.org/comments/ - - # This one is sub-optimal, but we have no way to map /mine to /$username - - role: httpd/redirectmatch - shortname: 02-bodhi2-mine-fallback - website: admin.fedoraproject.org - regex: /updates/mine$ - target: https://bodhi.fedoraproject.org/ - - # This is similar to /mine. Ideally, we would redirect to - # /overrides/?user=$USERNAME, but we can't get that username afaik. - - role: httpd/redirectmatch - shortname: 03-bodhi2-cutover-overrides-list - website: admin.fedoraproject.org - regex: /updates/override/list$ - target: https://bodhi.fedoraproject.org/overrides/ - - - role: httpd/redirectmatch - shortname: 04-bodhi2-new-update-gotcha - website: admin.fedoraproject.org - regex: /updates/new/*$ - target: https://bodhi.fedoraproject.org/updates/new - - - role: httpd/redirectmatch - shortname: 05-bodhi2-api-version - website: admin.fedoraproject.org - regex: /updates/api_version$ - target: https://bodhi.fedoraproject.org/api_version - - - role: httpd/redirectmatch - shortname: 06-bodhi2-login - website: admin.fedoraproject.org - regex: /updates/login$ - target: https://bodhi.fedoraproject.org/login - - - role: httpd/redirectmatch - shortname: 07-bodhi2-logout - website: admin.fedoraproject.org - regex: /updates/logout$ - target: https://bodhi.fedoraproject.org/logout - - - role: httpd/redirectmatch - shortname: 08-bodhi2-rss - website: admin.fedoraproject.org - regex: /updates/rss/rss2\.0 - target: https://bodhi.fedoraproject.org/updates - - - role: httpd/redirectmatch - shortname: 09-bodhi2-old-search-new-search - website: admin.fedoraproject.org - regex: /updates/search/(.+)$ - target: https://bodhi.fedoraproject.org/updates/?like=$1 - - - role: httpd/redirectmatch - shortname: 89-bodhi2-icon - website: admin.fedoraproject.org - regex: /updates/static/images/bodhi-icon-48.png$ - target: https://apps.fedoraproject.org/img/icons/bodhi.png - - - role: httpd/redirectmatch - shortname: 90-bodhi2-cutover-updates - website: admin.fedoraproject.org - regex: /updates/(.+)$ - target: https://bodhi.fedoraproject.org/updates/$1 - - - role: httpd/redirectmatch - shortname: 91-bodhi2-cutover-baseline - website: admin.fedoraproject.org - regex: /updates/*$ - target: https://bodhi.fedoraproject.org/ - - # See https://github.com/fedora-infra/bodhi/issues/476 - - role: httpd/redirectmatch - shortname: send-user-to-users - website: bodhi.fedoraproject.org - regex: /user/(.*)$ - target: https://bodhi.fedoraproject.org/users/$1 - - - role: httpd/redirect - shortname: get-fedora - website: get.fedoraproject.org - target: https://fedoraproject.org/ - tags: - - fedoraproject.org - - - role: httpd/redirect - shortname: main-fedoraproject - website: getfedora.org - target: https://fedoraproject.org/ - tags: - - fedoraproject.org - - - role: httpd/redirect - shortname: fedoraproject-fedoragpg - website: fedoraproject.org - path: /static/fedora.gpg - target: https://fedoraproject.org/fedora.gpg - tags: - - fedoraproject.org - - # ARM redirect - - role: httpd/redirect - shortname: arm-fedoraproject - website: arm.fedoraproject.org - target: https://fedoraproject.org/ - tags: - - fedoraproject.org - - - role: httpd/redirect - shortname: flocktofedora - website: flocktofedora.net - target: https://flocktofedora.org/ - - - role: httpd/redirect - shortname: fedoramy - website: fedora.my - target: http://www.fedora.my/ - - - role: httpd/redirect - shortname: copr - website: copr.fedoraproject.org - target: https://copr.fedorainfracloud.org/ - when: env != "staging" - tags: copr - - - role: httpd/redirect - shortname: join-fedora - website: join.fedoraproject.org - target: https://docs.fedoraproject.org/en-US/project/join - tags: join-fedora - - - role: httpd/redirect - shortname: get-help - website: help.fedoraproject.org - target: https://ask.fedoraproject.org - tags: ask-fedora - - # This is just a redirect to developer, to make it easier for people to get - # here from Red Hat's developers.redhat.com (ticket #5216). - - role: httpd/redirect - shortname: developers - website: developers.fedoraproject.org - target: https://developer.fedoraproject.org/ - - # Redirect fudcon.fedoraproject.org to flocktofedora.org - - role: httpd/redirect - shortname: fudcon - website: fudcon.fedoraproject.org - path: /index.html - target: https://flocktofedora.org/ - - - role: httpd/redirect - shortname: code-of-conduct - website: fedoraproject.org - path: /code-of-conduct - target: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ - - -# -# When there is no prerelease we redirect the prerelease urls -# back to the main release. -# This should be disabled when there is a prerelease - - - role: httpd/redirectmatch - shortname: prerelease-to-final-alt-1 - website: alt.fedoraproject.org - regex: /prerelease.*$ - target: https://alt.stg.fedoraproject.org/$1 - redirectmatch_enabled: true - when: env == 'staging' - -# end staging - - - role: httpd/redirectmatch - shortname: prerelease-to-final-alt-1 - website: alt.fedoraproject.org - regex: /prerelease.*$ - target: https://alt.fedoraproject.org/$1 - redirectmatch_enabled: false - when: env != 'staging' - -# end of prod prerelease - - - role: httpd/redirect - shortname: store - website: store.fedoraproject.org - target: "https://redhat.corpmerchandise.com/ProductList.aspx?did=20588" - - # Fonts on the wiki - - role: httpd/redirect - shortname: fonts-wiki - website: fonts.fedoraproject.org - target: https://fedoraproject.org/wiki/Category:Fonts_SIG - - # Releng - - role: httpd/redirect - shortname: nightly - website: nightly.fedoraproject.org - target: https://openqa.fedoraproject.org/nightlies.html - tags: - - nightly - - # We retired releng-dash in favor of PDC - # https://lists.fedoraproject.org/archives/list/rel-eng@lists.fedoraproject.org/thread/LOWVTF6WTS43LNPWDEISLXUELXAH5YXR/#LOWVTF6WTS43LNPWDEISLXUELXAH5YXR - - role: httpd/redirect - shortname: releng-dash - website: apps.fedoraproject.org - path: /releng-dash - target: https://pdc.fedoraproject.org/ - - - # Send fp.com to fp.org - - role: httpd/redirect - shortname: site - website: fedoraproject.com - target: https://fedoraproject.org/ - tags: - - fedoraproject.org - - # Fedora start page - - role: httpd/redirect - shortname: site - website: start.fedoraproject.org - target: https://fedoraproject.org/start - tags: - - fedoraproject.org - - # Planet/people convenience - - role: httpd/redirect - shortname: infofeed - website: fedoraproject.org - path: /infofeed - target: http://fedoraplanet.org/infofeed - - - role: httpd/redirect - shortname: people - website: fedoraproject.org - path: /people - target: http://fedoraplanet.org/ - - - role: httpd/redirect - shortname: fedorapeople - website: fedoraproject.org - path: /fedorapeople - target: http://fedoraplanet.org/ - - - role: httpd/redirect - shortname: planet.fedoraproject.org - website: planet.fedoraproject.org - target: http://fedoraplanet.org/ - - # QA - # - role: httpd/redirect - # shortname: qa - # website: qa.fedoraproject.org - # target: https://fedoraproject.org/wiki/QA - # when: env != 'staging' - - # Various community sites - - role: httpd/redirect - shortname: it-fedoracommunity-redirect - website: it.fedoracommunity.org - target: http://www.fedoraonline.it/ - - - role: httpd/redirect - shortname: uk-fedoracommunity-redirect - website: uk.fedoracommunity.org - target: http://www.fedora-uk.org/ - - - role: httpd/redirect - shortname: tw-fedoracommunity-redirect - website: tw.fedoracommunity.org - target: https://fedora-tw.org/ - - # Spins - - role: httpd/redirect - shortname: kde - website: kde.fedoraproject.org - target: https://fedoraproject.org/kde - tags: - - fedoraproject.org - - - role: httpd/redirectmatch - shortname: spins - website: spins.fedoraproject.org - regex: ^.* - target: https://fedoraproject.org/spins - tags: - - fedoraproject.org - - # Labs - - role: httpd/redirectmatch - shortname: labs - website: labs.fedoraproject.org - regex: ^.* - target: https://fedoraproject.org/labs - tags: - - fedoraproject.org - - # Flock - - role: httpd/redirectmatch - shortname: flock - website: flocktofedora.org - regex: ^.* - target: https://fedoraproject.org/flock/2025 - tags: - - fedoraproject.org - - # Various sites that we are friends with - - role: httpd/redirect - shortname: port389 - website: port389.org - target: https://directory.fedoraproject.org - - # comment out 2020-02-05 .. this has been broken for 2 years - # - role: httpd/redirect - # shortname: k12linux - # website: k12linux.org - # target: https://fedorahosted.org/k12linux/ - - - role: httpd/redirect - shortname: dogtagpki - website: pki.fedoraproject.org - target: http://dogtagpki.org - - # all of this goes to one place the graveyard. - - - role: httpd/redirect - shortname: boot - website: boot.fedoraproject.org - target: https://fedoraproject.org/wiki/Infrastructure/graveyard - - # Cloudy bits - - role: httpd/redirect - shortname: cloud-front-page - website: cloud.fedoraproject.org - target: https://fedoraproject.org/cloud - tags: - - fedoraproject.org - - - role: httpd/redirectmatch - shortname: redirect-cloudstart - website: redirect.fedoraproject.org - regex: /(console\.aws\.amazon\.com/ec2/v2/home.*)$ - target: https://$1 - - ## Cloud image redirects - - # Redirects/pointers for fedora 25 BASE cloud images - - role: httpd/redirect - shortname: cloud-base-64bit-25 - website: cloud.fedoraproject.org - path: /fedora-25.x86_64.qcow2 - target: https://download.fedoraproject.org/pub/fedora/linux/releases/25/CloudImages/x86_64/images/Fedora-Cloud-Base-25-1.3.x86_64.qcow2 - - - role: httpd/redirect - shortname: cloud-base-64bit-25-raw - website: cloud.fedoraproject.org - path: /fedora-25.x86_64.raw.xz - target: https://download.fedoraproject.org/pub/fedora/linux/releases/25/CloudImages/x86_64/images/Fedora-Cloud-Base-25-1.3.x86_64.raw.xz - - # Redirects/pointers for fedora 24 BASE cloud images - - role: httpd/redirect - shortname: cloud-base-64bit-24 - website: cloud.fedoraproject.org - path: /fedora-24.x86_64.qcow2 - target: https://download.fedoraproject.org/pub/fedora/linux/releases/24/CloudImages/x86_64/images/Fedora-Cloud-Base-24-1.2.x86_64.qcow2 - - - role: httpd/redirect - shortname: cloud-base-64bit-24-raw - website: cloud.fedoraproject.org - path: /fedora-24.x86_64.raw.xz - target: https://download.fedoraproject.org/pub/fedora/linux/releases/24/CloudImages/x86_64/images/Fedora-Cloud-Base-24-1.2.x86_64.raw.xz - - # Redirects/pointers for fedora 23 BASE cloud images - - role: httpd/redirect - shortname: cloud-base-64bit-23 - website: cloud.fedoraproject.org - path: /fedora-23.x86_64.qcow2 - target: https://download.fedoraproject.org/pub/fedora/linux/releases/23/Cloud/x86_64/Images/Fedora-Cloud-Base-23-20151030.x86_64.qcow2 - - - role: httpd/redirect - shortname: cloud-base-64bit-23-raw - website: cloud.fedoraproject.org - path: /fedora-23.x86_64.raw.xz - target: https://download.fedoraproject.org/pub/fedora/linux/releases/23/Cloud/x86_64/Images/Fedora-Cloud-Base-23-20151030.x86_64.raw.xz - - - role: httpd/redirect - shortname: cloud-base-32bit-23-raw - website: cloud.fedoraproject.org - path: /fedora-23.i386.raw.xz - target: https://download.fedoraproject.org/pub/fedora/linux/releases/23/Cloud/i386/Images/Fedora-Cloud-Base-23-20151030.i386.raw.xz - - - role: httpd/redirect - shortname: cloud-base-32bit-23 - website: cloud.fedoraproject.org - path: /fedora-23.i386.qcow2 - target: https://download.fedoraproject.org/pub/fedora/linux/releases/23/Cloud/i386/Images/Fedora-Cloud-Base-23-20151030.i386.qcow2 - - # Redirects/pointers for fedora 23 ATOMIC cloud images - - role: httpd/redirect - shortname: cloud-atomic-64bit-23 - website: cloud.fedoraproject.org - path: /fedora-atomic-23.x86_64.qcow2 - target: https://download.fedoraproject.org/pub/fedora/linux/releases/23/Cloud/x86_64/Images/Fedora-Cloud-Atomic-23-20151030.x86_64.qcow2 - - - role: httpd/redirect - shortname: cloud-atomic-64bit-23-raw - website: cloud.fedoraproject.org - path: /fedora-atomic-23.x86_64.raw.xz - target: https://download.fedoraproject.org/pub/fedora/linux/releases/23/Cloud/x86_64/Images/Fedora-Cloud-Atomic-23-20151030.x86_64.raw.xz - - # Redirects/pointers for fedora 22 BASE cloud images - - role: httpd/redirect - shortname: cloud-base-64bit-22 - website: cloud.fedoraproject.org - path: /fedora-22.x86_64.qcow2 - target: https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/Images/Fedora-Cloud-Base-22-20150521.x86_64.qcow2 - - - role: httpd/redirect - shortname: cloud-base-64bit-22-raw - website: cloud.fedoraproject.org - path: /fedora-22.x86_64.raw.xz - target: https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/Images/Fedora-Cloud-Base-22-20150521.x86_64.raw.xz - - - role: httpd/redirect - shortname: cloud-base-32bit-22-raw - website: cloud.fedoraproject.org - path: /fedora-22.i386.raw.xz - target: https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/i386/Images/Fedora-Cloud-Base-22-20150521.i386.raw.xz - - - role: httpd/redirect - shortname: cloud-base-32bit-22 - website: cloud.fedoraproject.org - path: /fedora-22.i386.qcow2 - target: https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/i386/Images/Fedora-Cloud-Base-22-20150521.i386.qcow2 - - # Redirects/pointers for fedora 22 ATOMIC cloud images - - role: httpd/redirect - shortname: cloud-atomic-64bit-22 - website: cloud.fedoraproject.org - path: /fedora-atomic-22.x86_64.qcow2 - target: https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/Images/Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2 - - - role: httpd/redirect - shortname: cloud-atomic-64bit-22-raw - website: cloud.fedoraproject.org - path: /fedora-atomic-22.x86_64.raw.xz - target: https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/Images/Fedora-Cloud-Atomic-22-20150521.x86_64.raw.xz - - # Redirects/pointers for fedora 21 BASE cloud images - - role: httpd/redirect - shortname: cloud-base-64bit-21 - website: cloud.fedoraproject.org - path: /fedora-21.x86_64.qcow2 - target: https://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/x86_64/Fedora-Cloud-Base-20141203-21.x86_64.qcow2 - - - role: httpd/redirect - shortname: cloud-base-64bit-21-raw - website: cloud.fedoraproject.org - path: /fedora-21.x86_64.raw.xz - target: https://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/x86_64/Fedora-Cloud-Base-20141203-21.x86_64.raw.xz - - - role: httpd/redirect - shortname: cloud-base-32bit-21-raw - website: cloud.fedoraproject.org - path: /fedora-21.i386.raw.xz - target: https://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/i386/Fedora-Cloud-Base-20141203-21.i386.raw.xz - - - role: httpd/redirect - shortname: cloud-base-32bit-21 - website: cloud.fedoraproject.org - path: /fedora-21.i386.qcow2 - target: https://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/i386/Fedora-Cloud-Base-20141203-21.i386.qcow2 - - # Redirects/pointers for fedora 21 ATOMIC cloud images - - role: httpd/redirect - shortname: cloud-atomic-64bit-21 - website: cloud.fedoraproject.org - path: /fedora-atomic-21.x86_64.qcow2 - target: https://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/x86_64/Fedora-Cloud-Atomic-20141203-21.x86_64.qcow2 - - - role: httpd/redirect - shortname: cloud-atomic-64bit-21-raw - website: cloud.fedoraproject.org - path: /fedora-atomic-21.x86_64.raw.xz - target: https://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/x86_64/Fedora-Cloud-Atomic-20141203-21.x86_64.raw.xz - - # Except, there are no 32bit atomic images atm. - # - role: httpd/redirect - # shortname: cloud-atomic-32bit-21-raw - # website: cloud.fedoraproject.org - # path: /fedora-atomic-21.i386.raw.xz - # target: https://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/i386/Fedora-Cloud-Atomic-20141203-21.i386.raw.xz - - # - role: httpd/redirect - # shortname: cloud-atomic-32bit-21 - # website: cloud.fedoraproject.org - # path: /fedora-atomic-21.i386.qcow2 - # target: https://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/i386/Fedora-Cloud-Atomic-20141203-21.i386.qcow2 - - # Redirects/pointers for fedora 20 cloud images - - role: httpd/redirect - shortname: cloud-64bit-20 - website: cloud.fedoraproject.org - path: /fedora-20.x86_64.qcow2 - target: https://download.fedoraproject.org/pub/fedora/linux/updates/20/Images/x86_64/Fedora-x86_64-20-20140407-sda.qcow2 - - - role: httpd/redirect - shortname: cloud-32bit-20 - website: cloud.fedoraproject.org - path: /fedora-20.i386.qcow2 - target: https://download.fedoraproject.org/pub/fedora/linux/updates/20/Images/i386/Fedora-i386-20-20140407-sda.qcow2 - - - role: httpd/redirect - shortname: cloud-64bit-20-raw - website: cloud.fedoraproject.org - path: /fedora-20.x86_64.raw.xz - target: https://download.fedoraproject.org/pub/fedora/linux/updates/20/Images/x86_64/Fedora-x86_64-20-20140407-sda.raw.xz - - - role: httpd/redirect - shortname: cloud-32bit-20-raw - website: cloud.fedoraproject.org - path: /fedora-20.i386.raw.xz - target: https://download.fedoraproject.org/pub/fedora/linux/updates/20/Images/i386/Fedora-i386-20-20140407-sda.raw.xz - - # Redirects/pointers for fedora 19 cloud images - - role: httpd/redirect - shortname: cloud-64bit-19 - website: cloud.fedoraproject.org - path: /fedora-19.x86_64.qcow2 - target: https://download.fedoraproject.org/pub/fedora/linux/updates/19/Images/x86_64/Fedora-x86_64-19-20140407-sda.qcow2 - - - role: httpd/redirect - shortname: cloud-32bit-19 - website: cloud.fedoraproject.org - path: /fedora-19.i386.qcow2 - target: https://download.fedoraproject.org/pub/fedora/linux/updates/19/Images/i386/Fedora-i386-19-20140407-sda.qcow2 - - # Redirects/pointers for latest fedora cloud images. - - role: httpd/redirect - shortname: cloud-64bit-latest - website: cloud.fedoraproject.org - path: /fedora-latest.x86_64.qcow2 - target: https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/Images/Fedora-Cloud-Base-22-20150521.x86_64.qcow2 - - - role: httpd/redirect - shortname: cloud-32bit-latest - website: cloud.fedoraproject.org - path: /fedora-latest.i386.qcow2 - target: https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/i386/Images/Fedora-Cloud-Base-22-20150521.i386.qcow2 - - - role: httpd/redirect - shortname: cloud-atomic-64bit-latest - website: cloud.fedoraproject.org - path: /fedora-atomic-latest.x86_64.qcow2 - target: https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/Images/Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2 - - # Askbeta redirect - - role: httpd/redirect - shortname: askbeta - website: askbeta.fedoraproject.org - path: / - target: https://ask.fedoraproject.org - tags: - - askbeta.fedoraproject.org - - # iot redirect - - role: httpd/redirect - shortname: 01-iot - website: "iot.fedoraproject.org" - path: / - target: https://fedoraproject.org/iot - tags: - - iot.fedoraproject.org - - fedoraproject.org - - # coreos redirects - - role: httpd/redirect - shortname: 01-coreos - website: "coreos.fedoraproject.org" - path: / - target: https://fedoraproject.org/coreos - tags: - - coreos.fedoraproject.org - - fedoraproject.org - - - role: httpd/redirect - shortname: 00-coreosfaq - website: "coreos.fedoraproject.org" - path: /blogs/faq.html - target: https://docs.fedoraproject.org/en-US/fedora-coreos/faq - tags: - - coreos.fedoraproject.org - - - role: httpd/redirect - shortname: 00-coreosbuild - website: "builds.coreos{{ env_suffix }}.fedoraproject.org" - path: / - target: https://builds.coreos.fedoraproject.org/browser - tags: - - builds.coreos.fedoraproject.org - - # redirects for Taskotron decomissioning - - role: httpd/redirect - shortname: taskotron-landing - website: taskotron.fedoraproject.org - path: / - target: https://fedoraproject.org/wiki/Taskotron - - - role: httpd/redirect - shortname: taskotron-execdb - website: taskotron.fedoraproject.org - path: /execdb/ - target: https://fedoraproject.org/wiki/Taskotron - tags: - - taskotron - - - role: httpd/redirect - shortname: taskotron-buildmaster - website: taskotron.fedoraproject.org - path: /taskmaster/ - target: https://fedoraproject.org/wiki/Taskotron - tags: - - taskotron - - - role: httpd/redirectmatch - shortname: taskotron - website: taskotron.fedoraproject.org - regex: ^(.*) - target: https://resultsdb.fedoraproject.org/$1 - when: env != 'staging' - tags: - - taskotron - - - role: httpd/redirectmatch - shortname: taskotron-stg - website: taskotron.stg.fedoraproject.org - regex: ^/resultsdb_api/(.*) - target: https://resultsdb.stg.fedoraproject.org/$1 - when: env == 'staging' - tags: - - taskotron - - # fedora calendar redirect - - role: httpd/redirect - shortname: fedcalendar - website: apps.fedoraproject.org - path: /calendar - target: https://calendar.fedoraproject.org - - - role: httpd/redirect - shortname: fmn - website: apps.fedoraproject.org - path: /notifications - target: https://notifications.fedoraproject.org - tags: - - fmn - - - role: httpd/redirectmatch - shortname: 00-silverblue-redirect - website: silverblue.fedoraproject.org - regex: ^.* - target: https://fedoraproject.org/silverblue - tags: - - silverblue - - - role: httpd/redirectmatch - shortname: 00-kinoite-redirect - website: kinoite.fedoraproject.org - regex: ^.* - target: https://fedoraproject.org/kinoite - tags: - - kinoite - - - role: httpd/redirectmatch - shortname: 00-directory-redirect - website: directory.fedoraproject.org - regex: ^/(.*) - target: https://www.port389.org/$1 - tags: - - directory - - - role: httpd/redirectmatch - shortname: 00-podcast-redirect - website: podcast.fedoraproject.org - regex: ^.* - target: https://fedoraproject.fireside.fm - tags: - - podcast - - - role: httpd/redirectmatch - shortname: 00-docs-dei - website: "docs.fedoraproject.org" - regex: ^/en-US/diversity-inclusion/(.*)$ - target: https://docs.fedoraproject.org/en-US/dei/$1 - tags: - - docs - - - role: httpd/redirectmatch - shortname: 00-cloud-redirect - website: alt.fedoraproject.org - regex: ^.*/cloud - target: https://fedoraproject.org/cloud/ - tags: - - cloud - - - role: httpd/redirectmatch - shortname: 00-discussion-redirect - website: discussions.fedoraproject.org - regex: ^.* - target: https://discussion.fedoraproject.org - tags: - - discussion - - - role: httpd/redirect - shortname: kerneltest - website: apps.fedoraproject.org - path: /kerneltest - target: "https://kerneltest{{env_suffix}}.fedoraproject.org" - tags: kerneltest - - - role: httpd/redirect - shortname: epel.io - website: epel.io - target: https://docs.fedoraproject.org/en-US/epel - tags: - - epel.io - - - role: httpd/redirect - shortname: 00-old-pdc - website: pdc.fedoraproject.org - target: https://fedoraproject.org/wiki/Infrastructure/pdc-retirement - tags: - - pdc - - - role: httpd/redirectmatch - shortname: 00-old-odcs-repo - website: odcs.fedoraproject.org - regex: ^/composes/production/latest-Fedora-ELN/compose/(.*)$ - target: https://dl.fedoraproject.org/pub/eln/1/$1 - tags: - - odcs - - - role: httpd/redirect - shortname: 01-old-odcs - website: odcs.fedoraproject.org - target: https://dl.fedoraproject.org/pub/eln/1 - tags: - - odcs - - - role: httpd/redirect - shortname: bugs - website: "bugs{{env_suffix}}.fedoraproject.org" - target: https://docs.fedoraproject.org/en-US/quick-docs/bugzilla-file-a-bug - tags: - - bugs - - - role: httpd/redirectmatch - shortname: 00-cpe-to-cle - website: "docs.fedoraproject.org" - regex: ^/en-US/cpe/(.*)$ - target: https://docs.fedoraproject.org/en-US/cle/$1 - tags: - - cle - - docs - - # old registry.fedoraproject.org web interface - - role: httpd/redirectmatch - shortname: reg-server - website: registry.fedoraproject.org - regex: ^/(index\.html|repo(.*))$ - target: https://quay.io/organization/fedora/ - tags: - - registry diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml deleted file mode 100644 index e7f4e91149..0000000000 --- a/playbooks/include/proxies-reverseproxy.yml +++ /dev/null @@ -1,982 +0,0 @@ ---- -- name: Set up those ProxyPassReverse statements. Somebody get me a cup of coffee.. - hosts: proxies_stg:proxies - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - vars: - - varnish_url: http://localhost:6081 - - pre_tasks: - - - name: Remove some crusty files from bygone eras - ansible.builtin.file: dest=/etc/httpd/conf.d/{{item}} state=absent - with_items: - - meetbot.fedoraproject.org/reversepassproxy.conf - - meetbot.fedoraproject.org/meetbot.conf - notify: - - Reload proxyhttpd - tags: - - httpd - - httpd/reverseproxy - - - roles: - - - role: httpd/reverseproxy - website: copr.fedoraproject.org - destname: coprapi - when: env != "staging" - tags: copr - - - role: httpd/reverseproxy - website: copr.fedoraproject.org - destname: copr - proxyurl: http://localhost:10070 - keephost: true - when: env == "staging" - tags: copr - - - role: httpd/reverseproxy - website: nagios.fedoraproject.org - destname: nagios - remotepath: / - proxyurl: http://noc01.{{ datacenter }}.fedoraproject.org - - - role: httpd/reverseproxy - website: zabbix.fedoraproject.org - destname: zabbix - remotepath: / - proxyurl: http://localhost:10068 - keephost: true - header_scheme: true - when: env == "production" - tags: zabbix - - - role: httpd/reverseproxy - website: zabbix.stg.fedoraproject.org - destname: zabbix - remotepath: / - proxyurl: http://localhost:10068 - keephost: true - header_scheme: true - when: env == "staging" - tags: zabbix - - - role: httpd/reverseproxy - website: lists.fedoraproject.org - destname: mailman3 - localpath: / - remotepath: / - header_scheme: true - keephost: true - proxyurl: "{{ varnish_url }}" - tags: lists.fedoraproject.org - - - role: httpd/reverseproxy - website: lists.fedorahosted.org - destname: mailman3 - localpath: / - remotepath: / - header_scheme: true - keephost: true - proxyurl: "{{ varnish_url }}" - - - role: httpd/reverseproxy - website: lists.pagure.io - destname: mailman3 - localpath: / - remotepath: / - header_scheme: true - keephost: true - proxyurl: "{{ varnish_url }}" - - # The place for the raw originals - - role: httpd/reverseproxy - website: meetbot-raw.fedoraproject.org - destname: meetbot - remotepath: /meetbot/ - # Talk directly to the app server, not haproxy - proxyurl: http://value02 - when: env != "staging" - - # The place for the fancy mote view - - role: httpd/reverseproxy - website: meetbot.fedoraproject.org - destname: mote - balancer_name: app-os - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: mote - - # The place for the raw originals - - role: httpd/reverseproxy - website: meetbot-raw.fedoraproject.org - destname: meetbot - remotepath: /meetbot/ - # Talk directly to the app server, not haproxy - proxyurl: http://value02 - when: env == "staging" - - - role: httpd/reverseproxy - website: apps.fedoraproject.org - destname: fedora-notifications - localpath: /notifications-old - remotepath: /notifications-old - header_scheme: true - proxyurl: http://localhost:10036 - tags: - - fmn - - - role: httpd/reverseproxy - website: "notifications{{ env_suffix }}.fedoraproject.org" - destname: fmn - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - keephost: true - ocp4: true - tags: - - fmn - - - role: httpd/reverseproxy - website: ask.fedoraproject.org - destname: askbot - proxyurl: "{{ varnish_url }}" - - - role: httpd/reverseproxy - website: "accounts{{ env_suffix }}.fedoraproject.org" - destname: noggin - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - keephost: true - ocp4: true - tags: - - noggin - - - role: httpd/reverseproxy - website: "fasjson{{ env_suffix }}.fedoraproject.org" - destname: fasjson - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - keephost: true - ocp4: true - tags: - - fasjson - - - role: httpd/reverseproxy - website: "id{{ env_suffix }}.fedoraproject.org" - destname: id - proxyurl: http://localhost:10020 - keephost: true - header_scheme: true - tags: - - id.fedoraproject.org - - - role: httpd/reverseproxy - website: "sso{{ env_suffix }}.fedoraproject.org" - destname: id - proxyurl: http://localhost:10020 - keephost: true - tags: - - sso.fedoraproject.org - - - role: httpd/reverseproxy - website: "username.id{{ env_suffix }}.fedoraproject.org" - destname: usernameid - proxyurl: http://localhost:10020 - keephost: true - tags: - - id.fedoraproject.org - - - role: httpd/reverseproxy - website: "id{{ env_suffix }}.fedoraproject.org" - destname: 00-kdcproxy - remotepath: /KdcProxy - localpath: /KdcProxy - proxyurl: http://localhost:10053 - tags: - - id.fedoraproject.org - - - role: httpd/reverseproxy - website: "id{{ env_suffix }}.fedoraproject.org" - destname: 00-ipa - remotepath: /ipa - localpath: /ipa - proxyurl: http://localhost:10061 - tags: - - id.fedoraproject.org - - - role: httpd/reverseproxy - website: apps.fedoraproject.org - destname: datagrepper - remotepath: /datagrepper - localpath: /datagrepper - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: - - datagrepper - - - role: httpd/reverseproxy - website: "badges.fedoraproject.org" - destname: badges - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - keephost: true - ocp4: true - tags: - - badges - - - role: httpd/reverseproxy - website: kerneltest.fedoraproject.org - destname: kerneltest - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - header_scheme: true - tags: kerneltest - - - role: httpd/reverseproxy - website: qa.fedoraproject.org - destname: blockerbugs - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - keephost: true - ocp4: true - remotepath: /blockerbugs - localpath: /blockerbugs - tags: blockerbugs - when: env == "staging" - - - role: httpd/reverseproxy - website: qa.fedoraproject.org - destname: qa-landingpage - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - keephost: true - ocp4: true - tags: qa-landingpage - - - role: httpd/reverseproxy - website: qa.fedoraproject.org - destname: blockerbugs - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - keephost: true - ocp4: true - remotepath: /blockerbugs - localpath: /blockerbugs - tags: blockerbugs - when: env != "staging" - - - - role: httpd/reverseproxy - website: fedoraproject.org - destname: fp-wiki - wpath: /w - wikipath: /wiki - proxyurl: "{{ varnish_url }}" - - - role: httpd/reverseproxy - website: bodhi.fedoraproject.org - destname: bodhi - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - keephost: true - ocp4: true - tags: bodhi - when: env == "staging" - - role: httpd/reverseproxy - website: bodhi.fedoraproject.org - destname: bodhi - balancer_name: apps-ocp - targettype: openshift - balancer_members: "{{ocp_nodes}}" - ocp4: true - keephost: true - tags: bodhi - when: env != "staging" - -# -# fedora core os routes -# These point to openshift -# - - role: httpd/reverseproxy - website: "updates.coreos{{ env_suffix }}.fedoraproject.org" - destname: cincinnati - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - ocp4: true - targettype: openshift - keephost: true - tags: - - updates.coreos.fedoraproject.org - when: env != "staging" - - - role: httpd/reverseproxy - website: "status.updates.coreos{{ env_suffix }}.fedoraproject.org" - destname: cincinnati - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - ocp4: true - targettype: openshift - keephost: true - tags: - - updates.coreos.fedoraproject.org - when: env != "staging" - - - role: httpd/reverseproxy - website: "raw-updates.coreos{{ env_suffix }}.fedoraproject.org" - destname: cincinnati - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - ocp4: true - targettype: openshift - keephost: true - tags: - - updates.coreos.fedoraproject.org - when: env != "staging" - - - role: httpd/reverseproxy - website: "status.raw-updates.coreos{{ env_suffix }}.fedoraproject.org" - destname: cincinnati - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - ocp4: true - targettype: openshift - keephost: true - tags: - - updates.coreos.fedoraproject.org - when: env != "staging" - - - role: httpd/reverseproxy - website: "updates.coreos{{ env_suffix }}.fedoraproject.org" - destname: cincinnati - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - ocp4: true - targettype: openshift - keephost: true - tags: - - updates.coreos.fedoraproject.org - when: env == "staging" - - - role: httpd/reverseproxy - website: "status.updates.coreos{{ env_suffix }}.fedoraproject.org" - destname: cincinnati - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - ocp4: true - targettype: openshift - keephost: true - tags: - - updates.coreos.fedoraproject.org - when: env == "staging" - - - role: httpd/reverseproxy - website: "raw-updates.coreos{{ env_suffix }}.fedoraproject.org" - destname: cincinnati - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - ocp4: true - targettype: openshift - keephost: true - tags: - - updates.coreos.fedoraproject.org - when: env == "staging" - - - role: httpd/reverseproxy - website: "status.raw-updates.coreos{{ env_suffix }}.fedoraproject.org" - destname: cincinnati - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - ocp4: true - targettype: openshift - keephost: true - tags: - - updates.coreos.fedoraproject.org - when: env == "staging" - - -# -# end coreos -# - - - role: httpd/reverseproxy - website: transtats.fedoraproject.org - destname: transtats - balancer_name: app-os - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: transtats - - - role: httpd/reverseproxy - website: "mirrormanager{{ env_suffix }}.fedoraproject.org" - destname: mirrormanager - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - keephost: true - ocp4: true - tags: - - mirrormanager - - - role: httpd/reverseproxy - website: admin.fedoraproject.org - destname: mirrormanager-old - remotepath: /mirrormanager - localpath: /mirrormanager - proxyurl: "{{ varnish_url }}" - tags: - - mirrormanager - - - role: httpd/reverseproxy - website: mirrors.fedoraproject.org - destname: mirrormanager-mirrorlist - proxyurl: http://localhost:10002 - - - role: httpd/reverseproxy - website: mirrors.centos.org - destname: mirrormanager-mirrorlist - proxyurl: http://localhost:10002 - tags: mirrors.centos.org - when: env != "staging" - - - role: httpd/reverseproxy - website: mirrors.stg.centos.org - destname: mirrormanager-mirrorlist - proxyurl: http://localhost:10002 - tags: mirrors.stg.centos.org - when: env == "staging" - - - role: httpd/reverseproxy - website: download.fedoraproject.org - destname: mirrormanager-redirector - proxyurl: http://localhost:10002 - - - role: httpd/reverseproxy - website: koschei.fedoraproject.org - destname: koschei - balancer_name: app-os - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: koschei - - - role: httpd/reverseproxy - website: openqa.fedoraproject.org - destname: openqa - balancer_name: openqa - balancer_members: ['openqa01:80'] - http_not_https_yes_this_is_insecure_and_i_feel_bad: true - when: env == "production" - tags: openqa - - - role: httpd/reverseproxy - website: openqa.fedoraproject.org - destname: openqa - balancer_name: openqa-stg - balancer_members: ['openqa-lab01.iad2.fedoraproject.org:80'] - http_not_https_yes_this_is_insecure_and_i_feel_bad: true - when: env == "staging" - - - role: httpd/reverseproxy - website: admin.fedoraproject.org - destname: yk-val - remotepath: /yk-val/verify - localpath: /yk-val/verify - proxyurl: http://localhost:10004 - - - role: httpd/reverseproxy - website: admin.fedoraproject.org - destname: pager - remotepath: /pager - localpath: /pager - # Talk directly to the app server, not haproxy - proxyurl: http://sundries01 - - - role: httpd/reverseproxy - website: admin.fedoraproject.org - destname: awstats - remotepath: /awstats - localpath: /awstats - # Talk directly to the app server, not haproxy - proxyurl: http://log01 - - - role: httpd/reverseproxy - website: admin.fedoraproject.org - destname: maps - remotepath: /maps - localpath: /maps - # Talk directly to the app server, not haproxy - proxyurl: http://log01 - - - role: httpd/reverseproxy - website: fedoraproject.org - destname: freemedia - remotepath: /freemedia - localpath: /freemedia - proxyurl: http://localhost:10011 - - - role: httpd/reverseproxy - website: admin.fedoraproject.org - destname: collectd - localpath: /collectd - remotepath: /collectd - # Talk directly to the app server, not haproxy - proxyurl: http://log01 - tags: data-analysis - - - role: httpd/reverseproxy - website: data-analysis.fedoraproject.org - destname: data-analysis - remotepath: / - localpath: / - proxyurl: http://log01 - tags: data-analysis - - ### staging entries for resultsdb and resultsdb_frontend - - role: httpd/reverseproxy - website: resultsdb.stg.fedoraproject.org - destname: zz-resultsdb-resultsdb - localpath: / - remotepath: / - balancer_name: resultsdb-stg - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - when: env == "staging" - tags: resultsdb - - ### production entries for resultsdb and resultsdb_frontend - - role: httpd/reverseproxy - website: resultsdb.fedoraproject.org - destname: zz-resultsdb-resultsdb - localpath: / - remotepath: / - balancer_name: resultsdb - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - when: env != "staging" - tags: resultsdb - - # This one gets its own role (instead of httpd/reverseproxy) so that it can - # copy in some silly static resources (globe.png, index.html) - - role: geoip-city-wsgi/proxy - website: geoip.fedoraproject.org - proxyurl: http://localhost:10029 - - - role: httpd/reverseproxy - website: src.fedoraproject.org - destname: git - proxyurl: http://localhost:10057 - header_scheme: true - keephost: true - - - role: httpd/reverseproxy - website: registry.fedoraproject.org - destname: registry-fedora - # proxyurl in this one is totally ignored, because Docker. - # (turns out it uses PATCH requests that Varnish cannot deal with) - proxyurl: "{{ varnish_url }}" - tags: - - registry - - - role: httpd/reverseproxy - website: candidate-registry.fedoraproject.org - destname: candidate-registry - proxyurl: http://localhost:10054 - - - role: httpd/reverseproxy - website: retrace.fedoraproject.org - destname: retrace - proxyurl: http://localhost:10049 - when: env == "staging" - - - role: httpd/reverseproxy - website: faf.fedoraproject.org - destname: faf - proxyurl: http://localhost:10050 - when: env == "staging" - - - role: httpd/reverseproxy - website: apps.fedoraproject.org - destname: pps - remotepath: /pps - localpath: /pps - proxyurl: http://localhost:10051 - when: env == "staging" - - - role: httpd/reverseproxy - website: koji.fedoraproject.org - destname: koji - keephost: true - balancer_name: koji - balancer_members: - - "koji01.{{ datacenter }}.fedoraproject.org" - - "koji02.{{ datacenter }}.fedoraproject.org" - http_not_https_yes_this_is_insecure_and_i_feel_bad: true - when: env == "production" - - - role: httpd/reverseproxy - website: koji.fedoraproject.org - destname: koji - keephost: true - balancer_name: koji - balancer_members: - - "koji01.stg.{{ datacenter }}.fedoraproject.org" - http_not_https_yes_this_is_insecure_and_i_feel_bad: true - when: env == "staging" - - - role: httpd/reverseproxy - website: riscv-koji.fedoraproject.org - destname: koji - keephost: true - ocp4: false - balancer_name: riscv-koji - balancer_members: - - "riscv-koji01.{{ datacenter }}.fedoraproject.org" - http_not_https_yes_this_is_insecure_and_i_feel_bad: true - tags: - - riscv-koji - - - role: httpd/reverseproxy - website: riscv-kojipkgs.fedoraproject.org - destname: riscv-kojipkgs - keephost: true - balancer_name: riscv-kojipkgs - ocp4: false - balancer_members: - - "riscv-koji01.{{ datacenter }}.fedoraproject.org" - http_not_https_yes_this_is_insecure_and_i_feel_bad: true - tags: - - riscv-koji - - - role: httpd/reverseproxy - website: kojipkgs.fedoraproject.org - destname: kojipkgs - proxyurl: http://localhost:10062 - keephost: true - - - role: httpd/reverseproxy - website: "ocp{{ env_suffix }}.fedoraproject.org" - destname: ocp - balancer_name: ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: - - ocp.stg.fedoraproject.org - when: env == "staging" - - - role: httpd/reverseproxy - website: "apps.ocp{{ env_suffix }}.fedoraproject.org" - destname: apps.ocp - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: - - apps.ocp.stg.fedoraproject.org - when: env == "staging" - - - role: httpd/reverseproxy - website: "ocp{{ env_suffix }}.fedoraproject.org" - destname: ocp - balancer_name: ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: - - ocp.fedoraproject.org - when: env == "production" - - - role: httpd/reverseproxy - website: "apps.ocp{{ env_suffix }}.fedoraproject.org" - destname: apps.ocp - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: - - apps.ocp.fedoraproject.org - when: env == "production" - - - role: httpd/reverseproxy - website: "ocp-rdu3{{ env_suffix }}.fedoraproject.org" - destname: ocp-rdu3 - balancer_name: ocp-rdu3 - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_rdu3_stg, ocp_nodes_rdu3) }}" - targettype: openshift - ocp4_rdu3: true - ocp4: false - keephost: true - tags: - - ocp-rdu3.fedoraproject.org - when: env == "production" and datacenter == "rdu3" - - - role: httpd/reverseproxy - website: "apps.ocp-rdu3{{ env_suffix }}.fedoraproject.org" - destname: apps-ocp-rdu3 - balancer_name: apps-ocp-rdu3 - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_rdu3_stg, ocp_nodes_rdu3) }}" - targettype: openshift - ocp4_rdu3: true - ocp4: false - keephost: true - tags: - - apps.ocp-rdu3.fedoraproject.org - when: env == "production" and datacenter == "rdu3" - - - role: httpd/reverseproxy - website: "provision{{ env_suffix }}.fedoraproject.org" - destname: zezere - balancer_name: app-os - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: - - zezere - - - role: httpd/reverseproxy - website: greenwave.fedoraproject.org - destname: greenwave - balancer_name: app-os - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: greenwave - - - role: httpd/reverseproxy - website: waiverdb.fedoraproject.org - destname: waiverdb - balancer_name: app-os - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: waiverdb - - - role: httpd/reverseproxy - website: elections.fedoraproject.org - destname: elections - balancer_name: app-os - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: elections - header_scheme: true - - - role: httpd/reverseproxy - website: calendar.fedoraproject.org - destname: calendar - balancer_name: app-os - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - header_scheme: true - tags: calendar - - - role: httpd/reverseproxy - website: mdapi.fedoraproject.org - destname: mdapi - balancer_name: app-os - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: mdapi - - - role: httpd/reverseproxy - website: release-monitoring.org - destname: release-monitoring - balancer_name: apps-ocp - balancer_members: "{{ocp_nodes}}" - targettype: openshift - ocp4: true - keephost: true - tags: release-montoring.org - when: env == "production" - - - role: httpd/reverseproxy - website: stg.release-monitoring.org - destname: stg.release-monitoring - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: release-montoring.org - when: env == "staging" - - - role: httpd/reverseproxy - website: whatcanidoforfedora.org - destname: whatcanidoforfedora - balancer_name: app-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: whatcanidoforfedora.org - - - role: httpd/reverseproxy - website: testdays.fedoraproject.org - destname: testdays - balancer_name: app-os - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: testdays - - - role: httpd/reverseproxy - website: packager-dashboard.fedoraproject.org - destname: packager-dashboard - balancer_name: app-os - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: packager-dashboard - - - role: httpd/reverseproxy - website: "languages{{ env_suffix }}.fedoraproject.org" - destname: languages - balancer_name: app-os - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: - - languages - - - role: httpd/reverseproxy - website: debuginfod.fedoraproject.org - destname: debuginfod - # manage non-trivial reverse-proxy specs in template - proxyurl: http://debuginfod01:8002 - proxyopts: "connectiontimeout=600 timeout=600 keepalive=on nocanon" - tags: - - debuginfod - - - role: httpd/reverseproxy - website: packages.fedoraproject.org - destname: fedora-packages-static - balancer_name: app-os - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: - - fedora-packages-static - - - role: httpd/reverseproxy - website: "discourse2fedmsg{{ env_suffix }}.fedoraproject.org" - destname: discourse2fedmsg - balancer_name: app-os - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: discourse2fedmsg - - - role: httpd/reverseproxy - website: ipsilon-project.org - destname: ipsilon-website - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - ocp4: true - keephost: true - tags: ipsilon-website - - - role: httpd/reverseproxy - website: awx.fedoraproject.org - destname: awx - balancer_name: app-ocp - balancer_members: "{{ ocp_nodes }}" - targettype: openshift - ocp4: true - keephost: true - tags: - - awx - when: env == "production" - - - role: httpd/reverseproxy - website: "openscanhub{{ env_suffix }}.fedoraproject.org" - destname: openscanhub - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - keephost: true - ocp4: true - tags: openscanhub - - - role: httpd/reverseproxy - website: "kanban.qa{{ env_suffix }}.fedoraproject.org" - destname: kanban - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - keephost: true - ocp4: true - tags: - - kanban - - - role: httpd/reverseproxy - website: "fedoraplanet.org" - destname: fedoraplanet - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - keephost: true - ocp4: true - tags: - - fedoraplanet - - - role: httpd/reverseproxy - website: "webhook{{ env_suffix }}.fedoraproject.org" - destname: webhook2fedmsg - balancer_name: apps-ocp - balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" - targettype: openshift - keephost: true - ocp4: true - tags: - - webhook2fedmsg diff --git a/playbooks/include/proxies-rewrites.yml b/playbooks/include/proxies-rewrites.yml deleted file mode 100644 index 66205f3f67..0000000000 --- a/playbooks/include/proxies-rewrites.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -- name: Set up some domain rewrites. - hosts: proxies_stg:proxies - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - roles: - - - role: httpd/domainrewrite - destname: keys - website: keys.fedoraproject.org - path: ^.*$ - status: 301,QSD - target: https://fedoraproject.org/wiki/Infrastructure/graveyard - tags: keys - - - role: httpd/domainrewrite - destname: admin - website: admin.fedoraproject.org - target: https://apps.fedoraproject.org/ - - - role: httpd/domainrewrite - destname: apache-status - website: admin.fedoraproject.org - path: /status - - - role: httpd/domainrewrite - destname: 00-apps - website: apps.fedoraproject.org - path: ^/favicon.ico$ - status: 301 - target: https://fedoraproject.org/favicon.ico - - - role: httpd/domainrewrite - destname: 00-docs - website: docs.fedoraproject.org - path: ^/favicon.ico$ - status: 301 - target: https://fedoraproject.org/favicon.ico - - - role: httpd/domainrewrite - destname: 00-registry-icon - website: registry.fedoraproject.org - path: ^/favicon.ico$ - status: 301 - target: https://fedoraproject.org/favicon.ico diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml deleted file mode 100644 index 4fe4995eef..0000000000 --- a/playbooks/include/proxies-websites.yml +++ /dev/null @@ -1,1254 +0,0 @@ ---- -- name: Set up those proxy websites. My, my.. - hosts: proxies_stg:proxies - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - name: Create /srv/web/ for all the goodies. - ansible.builtin.file: dest=/srv/web state=directory owner=root group=root mode=0755 - tags: - - httpd - - httpd/website - - - name: Check the selinux context of webdir - ansible.builtin.command: matchpathcon /srv/web - register: webdir - check_mode: no - changed_when: "1 != 1" - tags: - - config - - selinux - - httpd - - httpd/website - - - name: /srv/web file contexts - ansible.builtin.command: semanage fcontext -a -t httpd_sys_content_t "/srv/web(/.*)?" - when: webdir.stdout.find('httpd_sys_content_t') == -1 - tags: - - config - - selinux - - httpd - - httpd/website - - roles: - - - role: httpd/website - site_name: fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - server_aliases: - - stg.fedoraproject.org - - localhost - - www.fedoraproject.org - - hotspot-nocache.fedoraproject.org - - # This is for all the other domains we own - # that redirect to https://fedoraproject.org - - role: httpd/website - site_name: fedoraproject.com - cert_name: "{{wildcard_cert_name}}" - server_aliases: - - epel.io - - fedp.org - - fedora.asia - - fedora.com.my - - fedora.cr - - fedora.events - - fedora.me - - fedora.mobi - - fedora.my - - fedora.org - - fedora.org.cn - - fedora.pe - - fedora.pt - - fedora.redhat.com - - fedora.software - - fedora.tk - - fedora.us - - fedora.wiki - - fedoralinux.com - - fedoralinux.net - - fedoralinux.org - - fedoraproject.asia - - fedoraproject.cn - - fedoraproject.co.uk - - fedoraproject.com - - fedoraproject.com.cn - - fedoraproject.com.gr - - fedoraproject.com.my - - fedoraproject.cz - - fedoraproject.eu - - fedoraproject.gr - - fedoraproject.info - - fedoraproject.net - - fedoraproject.net.cn - - fedoraproject.org.uk - - fedoraproject.pe - - fedoraproject.su - - projectofedora.org - - proyectofedora.org - - www.fedora.asia - - www.fedora.com.my - - www.fedora.cr - - www.fedora.events - - www.fedora.me - - www.fedora.mobi - - www.fedora.org - - www.fedora.org.cn - - www.fedora.pe - - www.fedora.pt - - www.fedora.redhat.com - - www.fedora.software - - www.fedora.tk - - www.fedora.us - - www.fedora.wiki - - www.fedoralinux.com - - www.fedoralinux.net - - www.fedoralinux.org - - www.fedoraproject.asia - - www.fedoraproject.cn - - www.fedoraproject.co.uk - - www.fedoraproject.com - - www.fedoraproject.com.cn - - www.fedoraproject.com.gr - - www.fedoraproject.com.my - - www.fedoraproject.cz - - www.fedoraproject.eu - - www.fedoraproject.gr - - www.fedoraproject.info - - www.fedoraproject.net - - www.fedoraproject.net.cn - - www.fedoraproject.org.uk - - www.fedoraproject.pe - - www.fedoraproject.su - - www.projectofedora.org - - www.getfedora.com - - getfedora.com - - fedoraplayground.org - - fedoraplayground.com - - - role: httpd/website - site_name: admin.fedoraproject.org - server_aliases: [admin.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: cloud.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: mirrors.fedoraproject.org - server_aliases: - - mirrors.stg.fedoraproject.org - - fedoramirror.net - - www.fedoramirror.net - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: mirrors.centos.org - sslonly: true - certbot: true - tags: mirrors.centos.org - when: env != "staging" - - - role: httpd/website - site_name: mirrors.stg.centos.org - sslonly: true - certbot: true - tags: mirrors.stg.centos.org - when: env == "staging" - - - role: httpd/website - site_name: "mirrormanager{{ env_suffix }}.fedoraproject.org" - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - mirrormanager - - - role: httpd/website - site_name: src.fedoraproject.org - server_aliases: [src.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - sslonly: true - use_h2: true - tags: src.fedoraproject.org - - - role: httpd/website - site_name: download.fedoraproject.org - server_aliases: - - download01.fedoraproject.org - - download02.fedoraproject.org - - download03.fedoraproject.org - - download04.fedoraproject.org - - download05.fedoraproject.org - - download06.fedoraproject.org - - download07.fedoraproject.org - - download08.fedoraproject.org - - download09.fedoraproject.org - - download10.fedoraproject.org - - download.stg.fedoraproject.org - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: translate.fedoraproject.org - server_aliases: [translate.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: pki.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: spins.fedoraproject.org - server_aliases: - - spins.stg.fedoraproject.org - - spins-test.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: labs.fedoraproject.org - server_aliases: - - labs.stg.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: arm.fedoraproject.org - server_aliases: - - arm.stg.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: iot.fedoraproject.org - server_aliases: - - iot.stg.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: budget.fedoraproject.org - server_aliases: - - budget.stg.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: boot.fedoraproject.org - server_aliases: [boot.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: keys.fedoraproject.org - server_aliases: [keys.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: testdays.fedoraproject.org - server_aliases: [testdays.qa.fedoraproject.org, testdays.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: testdays - - - role: httpd/website - site_name: packager-dashboard.fedoraproject.org - server_aliases: [packager-dashboard.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: packager-dashboard - - - role: httpd/website - site_name: smolts.org - ssl: false - server_aliases: - - smolt.fedoraproject.org - - stg.smolts.org - - www.smolts.org - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: docs.fedoraproject.org - server_aliases: - - doc.fedoraproject.org - - docs.stg.fedoraproject.org - sslonly: true - gzip: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: bodhi.fedoraproject.org - sslonly: true - server_aliases: [bodhi.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: "accounts{{ env_suffix }}.fedoraproject.org" - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - noggin - - - role: httpd/website - site_name: "fasjson{{ env_suffix }}.fedoraproject.org" - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - fasjson - - - role: httpd/website - site_name: "coreos{{ env_suffix }}.fedoraproject.org" - sslonly: true - certbot: true - tags: - - coreos.fedoraproject.org - when: env == "staging" - - - role: httpd/website - site_name: "updates.coreos{{ env_suffix }}.fedoraproject.org" - sslonly: true - certbot: true - tags: - - updates.coreos.fedoraproject.org - - - role: httpd/website - site_name: "status.updates.coreos{{ env_suffix }}.fedoraproject.org" - sslonly: true - certbot: true - tags: - - status.updates.coreos.fedoraproject.org - - - role: httpd/website - site_name: "raw-updates.coreos{{ env_suffix }}.fedoraproject.org" - sslonly: true - certbot: true - tags: - - raw-updates.coreos.fedoraproject.org - - - role: httpd/website - site_name: "status.raw-updates.coreos{{ env_suffix }}.fedoraproject.org" - sslonly: true - certbot: true - tags: - - status.raw-updates.coreos.fedoraproject.org - - - role: httpd/website - site_name: "builds.coreos{{ env_suffix }}.fedoraproject.org" - sslonly: true - certbot: false - cert_name: "{{wildcard_cert_name}}" - tags: - - builds.coreos.fedoraproject.org - - - role: httpd/website - site_name: ostree.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: ostree - - - role: httpd/website - site_name: flocktofedora.org - server_aliases: - - flocktofedora.org - - www.flocktofedora.org - ssl: true - sslonly: true - certbot: true - when: env == "production" - tags: - - flocktofedora.org - - - role: httpd/website - site_name: flocktofedora.net - server_aliases: - - flocktofedora.com - - www.flocktofedora.net - - www.flocktofedora.com - ssl: false - - - role: httpd/website - site_name: fedora.my - server_aliases: - - fedora.my - ssl: false - - - role: httpd/website - site_name: copr.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: copr - - - role: httpd/website - site_name: bugz.fedoraproject.org - server_aliases: [bugz.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: fas.fedoraproject.org - server_aliases: - - fas.stg.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: fedoracommunity.org - server_aliases: - - www.fedoracommunity.org - - stg.fedoracommunity.org - # - fedoraproject.community - # - fedora.community - # - www.fedora.community - # - www.fedoraproject.community - sslonly: true - certbot: true - tags: fedoracommunity - - - role: httpd/website - site_name: get.fedoraproject.org - server_aliases: [get.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: help.fedoraproject.org - server_aliases: [help.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: it.fedoracommunity.org - server_aliases: [it.fedoracommunity.org] - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: uk.fedoracommunity.org - server_aliases: - - uk.fedoracommunity.org - - www.uk.fedoracommunity.org - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: tw.fedoracommunity.org - server_aliases: - - tw.fedoracommunity.org - - www.tw.fedoracommunity.org - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: people.fedoraproject.org - server_aliases: [people.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: join.fedoraproject.org - server_aliases: [join.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: l10n.fedoraproject.org - server_aliases: [l10n.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: start.fedoraproject.org - server_aliases: [start.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - start.fedoraproject.org - - - role: httpd/website - site_name: kde.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: nightly.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: store.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: port389.org - server_aliases: - - www.port389.org - - 389tcp.org - - www.389tcp.org - ssl: false - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: transtats.fedoraproject.org - sslonly: true - server_aliases: [transtats.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - tags: - - transtats - - - role: httpd/website - site_name: whatcanidoforfedora.org - server_aliases: - - www.whatcanidoforfedora.org - - stg.whatcanidoforfedora.org - ssl: true - sslonly: true - certbot: true - tags: - - whatcanidoforfedora.org - - - role: httpd/website - site_name: k12linux.org - server_aliases: - - www.k12linux.org - ssl: false - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: fonts.fedoraproject.org - server_aliases: [fonts.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: meetbot.fedoraproject.org - server_aliases: [meetbot.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: meetbot-raw.fedoraproject.org - server_aliases: [meetbot-raw.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: fudcon.fedoraproject.org - server_aliases: [fudcon.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: ask.fedoraproject.org - server_aliases: [ask.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: askbot.fedoraproject.org - server_aliases: [askbot.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: badges.fedoraproject.org - server_aliases: [badges.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - badges - - - role: httpd/website - site_name: paste.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: coreos.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - when: env == "production" - tags: - - coreos.fedoraproject.org - - - role: httpd/website - site_name: awx.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - awx -# -# Make a website here so we can redirect it to paste.fedoraproject.org -# -# - role: httpd/website -# site_name: fpaste.org -# certbot: true -# server_aliases: -# - www.fpaste.org -# tags: -# - fpaste.org -# when: env == "production" - - - role: httpd/website - site_name: koji.fedoraproject.org - sslonly: true - server_aliases: - - koji.stg.fedoraproject.org - - kojipkgs.stg.fedoraproject.org - - buildsys.fedoraproject.org - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: kojipkgs.fedoraproject.org - sslonly: true - server_aliases: - - kojipkgs01.fedoraproject.org - - kojipkgs02.fedoraproject.org - cert_name: "{{wildcard_cert_name}}" - use_h2: false - tags: - - kojipkgs.fedoraproject.org - - - role: httpd/website - site_name: apps.fedoraproject.org - server_aliases: [apps.stg.fedoraproject.org] - sslonly: true - gzip: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: "notifications{{ env_suffix }}.fedoraproject.org" - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - fmn - - - role: httpd/website - site_name: pdc.fedoraproject.org - server_aliases: [pdc.stg.fedoraproject.org] - sslonly: true - gzip: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: developer.fedoraproject.org - server_aliases: [developer.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - # This is just a redirect to developer, to make it easier for people to get - # here from Red Hat's developers.redhat.com (ticket #5216). - - role: httpd/website - site_name: developers.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: fedoraloveskde.org - server_aliases: [stg.fedoraloveskde.org] - sslonly: true - certbot: true - tags: - - fedoraloveskde - - - role: httpd/website - site_name: "provision{{ env_suffix }}.fedoraproject.org" - # Zezere needs non-HTTPS for netboot - sslonly: false - cert_name: "{{wildcard_cert_name}}" - tags: - - zezere - - - role: httpd/website - site_name: ocp.stg.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - # The Connection and Upgrade headers don't work for h2 - # So non-h2 is needed to fix websockets. - use_h2: false - tags: - - ocp.stg.fedoraproject.org - when: env == "staging" - - - role: httpd/website - site_name: apps.ocp.stg.fedoraproject.org - server_aliases: ["*.apps.ocp.stg.fedoraproject.org", api.apps.ocp.stg.fedoraproject.org] - sslonly: true - cert_name: "{{ocp_wildcard_cert_name}}" - SSLCertificateChainFile: "{{ocp_wildcard_int_file}}" - # The Connection and Upgrade headers don't work for h2 - # So non-h2 is needed to fix websockets. - use_h2: false - tags: - - apps.ocp.stg.fedoraproject.org - when: env == "staging" - - - role: httpd/website - site_name: ocp.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - # The Connection and Upgrade headers don't work for h2 - # So non-h2 is needed to fix websockets. - use_h2: false - tags: - - ocp.fedoraproject.org - when: env == "production" - - - role: httpd/website - site_name: apps.ocp.fedoraproject.org - server_aliases: ["*.apps.ocp.fedoraproject.org", api.apps.ocp.fedoraproject.org] - sslonly: true - cert_name: "{{ocp_wildcard_cert_name}}" - SSLCertificateChainFile: "{{ocp_wildcard_int_file}}" - # The Connection and Upgrade headers don't work for h2 - # So non-h2 is needed to fix websockets. - use_h2: false - tags: - - apps.ocp.fedoraproject.org - when: env == "production" - - - role: httpd/website - site_name: ocp-rdu3.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - # The Connection and Upgrade headers don't work for h2 - # So non-h2 is needed to fix websockets. - use_h2: false - tags: - - ocp-rdu3.fedoraproject.org - when: env == "production" and datacenter == "rdu3" - - - role: httpd/website - site_name: apps.ocp-rdu3.fedoraproject.org - server_aliases: ["*.apps.ocp-rdu3.fedoraproject.org", api.apps.ocp-rdu3.fedoraproject.org] - sslonly: true - cert_name: "{{ocp_rdu3_wildcard_cert_name}}" - SSLCertificateChainFile: "{{ocp_rdu3_wildcard_int_file}}" - # The Connection and Upgrade headers don't work for h2 - # So non-h2 is needed to fix websockets. - use_h2: false - tags: - - apps.ocp-rdu3.fedoraproject.org - when: env == "production" and datacenter == "rdu3" - - - role: httpd/website - site_name: registry.fedoraproject.org - server_aliases: [registry.stg.fedoraproject.org registry-no-cdn.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: candidate-registry.fedoraproject.org - server_aliases: [candidate-registry.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: retrace.fedoraproject.org - server_aliases: [retrace.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - when: env == "staging" - - - role: httpd/website - site_name: faf.fedoraproject.org - server_aliases: [faf.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - when: env == "staging" - - - role: httpd/website - site_name: alt.fedoraproject.org - server_aliases: - - alt.stg.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - # Kinda silly that we have two entries here, one for prod and one for stg. - # This is inherited from our puppet setup -- we can collapse them as soon as - # is convenient. -- threebean - - role: httpd/website - site_name: taskotron.fedoraproject.org - server_aliases: [taskotron.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: taskotron.stg.fedoraproject.org - server_aliases: [taskotron.stg.fedoraproject.org] - # Set this explicitly to stg here.. as per the original puppet config. - SSLCertificateChainFile: wildcard-2025.stg.fedoraproject.org.intermediate.cert - sslonly: true - cert_name: "{{wildcard_cert_name}}" - when: env == "staging" - - - role: httpd/website - site_name: resultsdb.stg.fedoraproject.org - server_aliases: [resultsdb.stg.fedoraproject.org] - # Set this explicitly to stg here.. as per the original puppet config. - SSLCertificateChainFile: wildcard-2025.stg.fedoraproject.org.intermediate.cert - sslonly: true - cert_name: "{{wildcard_cert_name}}" - when: env == "staging" - tags: resultsdb - - - role: httpd/website - site_name: resultsdb.fedoraproject.org - server_aliases: [resultsdb.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - when: env != "staging" - tags: resultsdb - - - role: httpd/website - site_name: lists.fedoraproject.org - server_aliases: [lists.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: lists.fedoraproject.org - - - role: httpd/website - site_name: lists.fedorahosted.org - server_aliases: - - lists.stg.fedorahosted.org - sslonly: true - certbot: true - tags: fedorahosted - - - role: httpd/website - site_name: "id{{ env_suffix }}.fedoraproject.org" - sslonly: true - cert_name: "{{wildcard_cert_name}}" - stssubdomains: false - tags: - - id.fedoraproject.org - - - role: httpd/website - site_name: "sso{{ env_suffix }}.fedoraproject.org" - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - sso.fedoraproject.org - - - role: httpd/website - site_name: username.id.fedoraproject.org - server_aliases: - - "*.id.fedoraproject.org" - # Must not be sslonly, because example.id.fedoraproject.org must be reachable - # via plain http for openid identity support - sslonly: false - cert_name: wildcard-2024.id.fedoraproject.org - SSLCertificateChainFile: wildcard-2024.id.fedoraproject.org.intermediate.cert - tags: - - id.fedoraproject.org - when: env == "production" - - - role: httpd/website - site_name: username.id.stg.fedoraproject.org - server_aliases: - - "*.id.stg.fedoraproject.org" - # Must not be sslonly, because example.id.fedoraproject.org must be reachable - # via plain http for openid identity support - sslonly: false - cert_name: "{{wildcard_cert_name}}" - SSLCertificateChainFile: wildcard-2025.stg.fedoraproject.org.intermediate.cert - tags: - - id.fedoraproject.org - when: env == "staging" - - - role: httpd/website - site_name: getfedora.org - server_aliases: [stg.getfedora.org] - sslonly: true - cert_name: getfedora.org - SSLCertificateChainFile: getfedora.org.intermediate.cert - tags: - - getfedora.org - - - role: httpd/website - site_name: qa.fedoraproject.org - server_aliases: [qa.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - sslonly: true - - - role: httpd/website - site_name: openqa.fedoraproject.org - cert_name: "{{wildcard_cert_name}}" - server_aliases: [openqa.stg.fedoraproject.org] - sslonly: true - - - role: httpd/website - site_name: redirect.fedoraproject.org - server_aliases: [redirect.stg.fedoraproject.org] - sslonly: true - gzip: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: geoip.fedoraproject.org - server_aliases: [geoip.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: codecs.fedoraproject.org - server_aliases: [codecs.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: jenkins.fedorainfracloud.org - cert_name: jenkins.fedorainfracloud.org - certbot: true - when: env == "production" - - - role: httpd/website - site_name: testdays.fedorainfracloud.org - cert_name: testdays.fedorainfracloud.org - certbot: true - when: env == "production" - tags: testdays-fic - - - role: httpd/website - site_name: data-analysis.fedoraproject.org - server_aliases: [data-analysis.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: data-analysis - - - role: httpd/website - site_name: nagios.fedoraproject.org - server_aliases: [nagios.stg.fedoraproject.org] - SSLCertificateChainFile: wildcard-2024.fedoraproject.org.intermediate.cert - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: zabbix.fedoraproject.org - sslonly: true - # server_aliases: [zabbix.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - tags: zabbix - - - role: httpd/website - site_name: zabbix.stg.fedoraproject.org - sslonly: true - # server_aliases: [zabbix.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - tags: zabbix - when: env == "staging" - - - role: httpd/website - site_name: odcs.fedoraproject.org - sslonly: true - server_aliases: [odcs.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - tags: odcs - - - role: httpd/website - site_name: greenwave.fedoraproject.org - sslonly: true - server_aliases: [greenwave.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: koschei.fedoraproject.org - sslonly: true - server_aliases: [koschei.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - tags: koschei - - - role: httpd/website - site_name: waiverdb.fedoraproject.org - sslonly: true - server_aliases: [waiverdb.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: silverblue.fedoraproject.org - sslonly: true - server_aliases: [silverblue.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: kinoite.fedoraproject.org - sslonly: true - server_aliases: [kinoite.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - tags: - - kinoite - - - role: httpd/website - site_name: release-monitoring.org - sslonly: true - certbot: true - tags: - - release-monitoring.org - when: env == "production" - - - role: httpd/website - site_name: stg.release-monitoring.org - sslonly: true - certbot: true - tags: - - release-monitoring.org - when: env == "staging" - - - role: httpd/website - site_name: lists.pagure.io - sslonly: true - certbot: true - tags: - - lists.pagure.io - when: env == "production" - - - role: httpd/website - site_name: "languages{{ env_suffix }}.fedoraproject.org" - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: languages - - - role: httpd/website - site_name: neuro.fedoraproject.org - sslonly: true - server_aliases: [neuro.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - tags: neuro - - - role: httpd/website - site_name: elections.fedoraproject.org - sslonly: true - server_aliases: [elections.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - tags: elections - - - role: httpd/website - site_name: wallpapers.fedoraproject.org - sslonly: true - server_aliases: [wallpapers.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - tags: wallpapers - - - role: httpd/website - site_name: mdapi.fedoraproject.org - sslonly: true - server_aliases: [mdapi.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - tags: mdapi - - - role: httpd/website - site_name: debuginfod.fedoraproject.org - sslonly: true - server_aliases: [debuginfod.stg.fedoraproject.org] - x_forward: true - cert_name: "{{wildcard_cert_name}}" - gzip: true - tags: debuginfod - - - role: httpd/website - site_name: calendar.fedoraproject.org - sslonly: true - server_aliases: [calendar.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - tags: calendar - - - role: httpd/website - site_name: kerneltest.fedoraproject.org - sslonly: true - server_aliases: [kerneltest.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - tags: kerneltest - - - role: httpd/website - site_name: podcast.fedoraproject.org - sslonly: true - server_aliases: [podcast.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - tags: - - podcast - -# fedorahosted is retired. We have the site here so we can redirect it. - - - role: httpd/website - site_name: fedorahosted.org - sslonly: true - server_aliases: - - git.fedorahosted.org - - bzr.fedorahosted.org - - hg.fedorahosted.org - - svn.fedorahosted.org - certbot: true - tags: fedorahosted - when: env == "production" - -# planet.fedoraproject.org is not to be used, it's fedoraplanet.org -# We only have it here so we can redirect it with the correct cert - - - role: httpd/website - site_name: planet.fedoraproject.org - cert_name: "{{wildcard_cert_name}}" - -# pkgs.fp.o will be an alias of src.fp.o once we get everyone over to https -# git push/pull. For now, we just want a cert via the certbot system. - - - role: httpd/website - site_name: pkgs.fedoraproject.org - ssl: true - sslonly: true - certbot: true - certbot_addhost: pkgs01.iad2.fedoraproject.org - tags: - - pkgs.fedoraproject.org - when: env == "production" and "iad2" in inventory_hostname - - - role: httpd/website - site_name: pkgs.stg.fedoraproject.org - ssl: true - sslonly: true - certbot: true - certbot_addhost: pkgs01.stg.iad2.fedoraproject.org - tags: - - pkgs.fedoraproject.org - when: env == "staging" and "iad2" in inventory_hostname - -# Askbeta -> ask redirects - - role: httpd/website - site_name: askbeta.fedoraproject.org - ssl: true - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - askbeta.fedoraproject.org - - -# -# We setup this site for old ols papers -# This used to be on fedorapeople.org, but a new 'ols' user showed up, so -# that no longer works. -# - - role: httpd/website - site_name: ols.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: packages.fedoraproject.org - server_aliases: [packages.stg.fedoraproject.org] - sslonly: true - cert_name: "{{wildcard_cert_name}}" - - - role: httpd/website - site_name: "discourse2fedmsg{{ env_suffix }}.fedoraproject.org" - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: discourse2fedmsg - - - role: httpd/website - site_name: fedora.im - server_aliases: [stg.fedora.im] - sslonly: true - certbot: true - tags: - - fedora.im - - - role: httpd/website - site_name: ipsilon-project.org - cert_name: ipsilon-project.org - server_aliases: - - ipsilon-project.org - - www.ipsilon-project.org - ssl: true - sslonly: true - certbot: true - tags: - - ipsilon-website - - - role: httpd/website - site_name: directory.fedoraproject.org - ssl: true - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - directory - - - role: httpd/website - site_name: discussions.fedoraproject.org - ssl: true - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - discussion - - - role: httpd/website - site_name: "openscanhub{{ env_suffix }}.fedoraproject.org" - ssl: true - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - openscanhub - - - role: httpd/website - site_name: "kanban.qa{{ env_suffix }}.fedoraproject.org" - ssl: true - sslonly: true - certbot: true - tags: - - kanban - - - role: httpd/website - site_name: "epel.io" - ssl: true - sslonly: true - certbot: true - tags: - - epel.io - - - role: httpd/website - site_name: "fedoraplanet.org" - server_aliases: - - stg.fedoraplanet.org - ssl: true - sslonly: true - certbot: true - tags: - - fedoraplanet.org - - - role: httpd/website - site_name: "webhook{{ env_suffix }}.fedoraproject.org" - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - webhook2fedmsg - - - role: httpd/website - site_name: "bugs{{ env_suffix }}.fedoraproject.org" - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - bugs - - - role: httpd/website - site_name: riscv-koji.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - riscv-koji - - - role: httpd/website - site_name: riscv-kojipkgs.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - tags: - - riscv-koji - diff --git a/playbooks/include/virt-create.yml b/playbooks/include/virt-create.yml deleted file mode 100644 index 0eccb2cb0f..0000000000 --- a/playbooks/include/virt-create.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: Make the virtual instance - hosts: "{{ myhosts }}" - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - import_tasks: "{{ tasks_path }}/virt_instance_create.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/list-vms-per-host.yml b/playbooks/list-vms-per-host.yml deleted file mode 100644 index 1a956f9a86..0000000000 --- a/playbooks/list-vms-per-host.yml +++ /dev/null @@ -1,20 +0,0 @@ -# -# This playbook runs once per hour on batcave01 and generates a list of vms on virthosts -# ---- -- hosts: virtservers - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" - - tasks: - - - virt: command=info - register: virt_info - - - ansible.builtin.template: src={{files}}/virthost-lists.j2 dest=/tmp/virthost-lists.out - delegate_to: localhost diff --git a/playbooks/manual/autosign.yml b/playbooks/manual/autosign.yml deleted file mode 100644 index 11737da175..0000000000 --- a/playbooks/manual/autosign.yml +++ /dev/null @@ -1,89 +0,0 @@ -# create a new autosign server -# -# FURTHER NOTE: some of These machines run day to day with sshd disabled/off. -# Access is via management interface only. This playbook does initial setup. -# Please check with rel-eng before doing anything here. - ---- -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "autosign_stg" - -- name: Make the box be real - hosts: autosign:autosign_stg - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - basessh - - rkhunter - - nagios_client - - {role: zabbix/zabbix_agent, when: env == "staging"} - - hosts - - ipa/client - - collectd/base - - sudo - - role: nfs/client - mnt_dir: '/mnt/fedora_koji' - nfs_src_dir: 'fedora_koji' - when: env != 'staging' - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/ostree' - nfs_src_dir: 'fedora_ostree_content/ostree' - when: env != 'staging' and datacenter == 'iad2' - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/compose/ostree' - nfs_src_dir: 'fedora_ostree_content/compose/ostree' - when: env != 'staging' and datacenter == 'iad2' - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/ostree' - nfs_src_dir: 'fedora_ostree_content/ostree' - when: env != 'staging' and datacenter == 'iad2' - - - role: nfs/client - mnt_dir: '/mnt/fedora_koji/koji/compose/ostree' - nfs_src_dir: 'fedora_ostree_content/compose/ostree' - when: env != 'staging' and datacenter == 'iad2' - -# - role: nfs/client -# mnt_dir: '/mnt/fedora_koji/koji/ostree' -# nfs_src_dir: 'fedora_ostree_content/ostree' -# when: env == 'staging' -# -# - role: nfs/client -# mnt_dir: '/mnt/fedora_koji/koji/compose/ostree' -# nfs_src_dir: 'fedora_ostree_content/compose/ostree' -# when: env == 'staging' - - - role: rabbit/queue - queue_username: "robosignatory{{ env_suffix }}" - queue_name: "robosignatory{{ env_suffix }}" - queue_max_priority: 5 - queue_routing_keys: - - "org.fedoraproject.*.pungi.compose.ostree" - - "org.fedoraproject.*.coreos.build.request.artifacts-sign" - - "org.fedoraproject.*.coreos.build.request.ostree-sign" - - "org.fedoraproject.*.buildsys.tag" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(robosignatory|coreos)\..*\.finished$ - - robosignatory - - role: keytab/service - service: autosign - owner_user: robosignatory - owner_group: robosignatory - - - {role: linux-system-roles.nbde_client, when: datacenter == 'iad2' and env != 'staging' } - - {role: serial-console, when: datacenter == 'iad2'} - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/manual/centosci-keytab.yml b/playbooks/manual/centosci-keytab.yml deleted file mode 100644 index 0623b03ab3..0000000000 --- a/playbooks/manual/centosci-keytab.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- hosts: localhost - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Centos CI Keytab Creation Role - include_role: - name: centosci-keytab - tasks_from: main diff --git a/playbooks/manual/communishift.yml b/playbooks/manual/communishift.yml deleted file mode 100644 index aa07922ac3..0000000000 --- a/playbooks/manual/communishift.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -- hosts: localhost - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Configure the communishift virtualenv - ansible.builtin.pip: - name: "{{ communishift_package }}" - with_items: "{{ communishift_package_list }}" - loop_control: - loop_var: communishift_package - - - name: Communishift Role - include_role: - name: communishift - tasks_from: deploy-communishift-authorization-operator - apply: - tags: - - deploy-operators - - - name: Communishift Role - with_items: "{{ communishift_projects }}" - include_role: - name: communishift - tasks_from: main - apply: - tags: - - create_efs - loop: "{{ lookup('dict', communishift_projects) }}" - vars: - communishift_package_list: - - kubernetes - - boto3 diff --git a/playbooks/manual/communishift_send_email_notifications.yml b/playbooks/manual/communishift_send_email_notifications.yml deleted file mode 100644 index 6f599fdfc0..0000000000 --- a/playbooks/manual/communishift_send_email_notifications.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -- hosts: localhost - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Configure the communishift virtualenv - ansible.builtin.pip: - name: "{{ communishift_package }}" - with_items: "{{ communishift_package_list }}" - loop_control: - loop_var: communishift_package - - - name: Communishift Retrieve FASJSON data - include_role: - name: communishift - tasks_from: retrieve-communishift-admin-data - - - name: Communishift Cluster Cleanup Tasks - with_items: "{{ communishift_projects }}" - include_role: - name: communishift - tasks_from: cleanup-administration-tasks - apply: - tags: - - cleanup-administration-tasks - loop: "{{ lookup('dict', communishift_projects) }}" - - vars: - communishift_package_list: - - kubernetes - - boto3 diff --git a/playbooks/manual/copr/_generic_tasks.yml b/playbooks/manual/copr/_generic_tasks.yml deleted file mode 100644 index 07a6bcc013..0000000000 --- a/playbooks/manual/copr/_generic_tasks.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: Detect package versions - package_facts: manager=auto diff --git a/playbooks/manual/copr/copr-backend-upgrade.yml b/playbooks/manual/copr/copr-backend-upgrade.yml deleted file mode 100644 index afee40a906..0000000000 --- a/playbooks/manual/copr/copr-backend-upgrade.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- name: Upgrade copr backend - hosts: copr_back_dev_aws:copr_back_aws - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Generic upgrade tasks for copr servers - import_tasks: _generic_tasks.yml - - - name: Upgrade copr-backend packages - dnf: - state: latest - name: - - copr-backend - - copr-cli # copr-ping cron job needs this - - copr-selinux - - python3-copr - - python3-copr-common - - python3-copr-messaging - - prunerepo - update_cache: true - - - name: Upgrade createrepo_c from updates-testing, when needed - dnf: state=latest - name=createrepo_c - enablerepo=updates-testing - when: ansible_facts.packages['createrepo_c'][0].version is version('0.15.5', '<') - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/manual/copr/copr-dist-git-upgrade.yml b/playbooks/manual/copr/copr-dist-git-upgrade.yml deleted file mode 100644 index 6495d98cd0..0000000000 --- a/playbooks/manual/copr/copr-dist-git-upgrade.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -- name: Upgrade copr distgit - hosts: copr_dist_git_dev_aws:copr_dist_git_aws - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Generic upgrade tasks for copr servers - import_tasks: _generic_tasks.yml - - - name: Upgrade copr-distgit packages - dnf: - state: latest - name: - - dist-git - - dist-git-selinux - - copr-dist-git - - copr-selinux - - python3-copr - - python3-copr-common - update_cache: true - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/manual/copr/copr-frontend-upgrade.yml b/playbooks/manual/copr/copr-frontend-upgrade.yml deleted file mode 100644 index 81e4cf2c02..0000000000 --- a/playbooks/manual/copr/copr-frontend-upgrade.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -- name: Upgrade copr frontend - hosts: copr_front_dev_aws:copr_front_aws - user: root - gather_facts: true - - vars: - cache_file: /var/lib/copr/.ansible-copr-frontend-version - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Generic upgrade tasks for copr servers - import_tasks: _generic_tasks.yml - - - name: Check for copr-frontend update - ansible.builtin.shell: dnf clean all ; dnf check-update copr-frontend - register: frontend_has_update - changed_when: "frontend_has_update.rc != 0" - failed_when: false - - - name: Make httpd stopped - service: name=httpd state=stopped - register: httpd_stopped - when: frontend_has_update.changed - - - name: Upgrade copr-frontend packages - ansible.builtin.shell: dnf update -y copr-frontend copr-frontend-fedora copr-selinux python3-copr-common - when: frontend_has_update.changed - - - name: Upgrade db to head, logs in /var/log/copr-frontend/migrations.log - ansible.builtin.shell: alembic-3 upgrade head &> /var/log/copr-frontend/migrations.log - become: yes - become_user: copr-fe - args: - chdir: /usr/share/copr/coprs_frontend/ - when: frontend_has_update.changed - - - name: Make httpd started - service: name=httpd state=started - when: httpd_stopped.changed - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/manual/copr/copr-keygen-upgrade.yml b/playbooks/manual/copr/copr-keygen-upgrade.yml deleted file mode 100644 index 30989b0321..0000000000 --- a/playbooks/manual/copr/copr-keygen-upgrade.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: Upgrade copr keygen - hosts: copr_keygen_dev_aws:copr_keygen_aws - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Generic upgrade tasks for copr servers - import_tasks: _generic_tasks.yml - - - name: Upgrade copr-keygen packages - dnf: - state: latest - name: - - copr-keygen - - copr-selinux - - python3-copr-common - update_cache: true - notify: - - Restart haveged - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/manual/fas-readonly/fas-readonly.sql b/playbooks/manual/fas-readonly/fas-readonly.sql deleted file mode 100644 index 492d3347b7..0000000000 --- a/playbooks/manual/fas-readonly/fas-readonly.sql +++ /dev/null @@ -1,25 +0,0 @@ --- --- Make fas read only --- - - -REVOKE ALL PRIVILEGES on people from fas; -GRANT SELECT on people to fas; - --- This needs to stay so that people can still login. -GRANT update (last_seen) on people to fas; - -REVOKE ALL PRIVILEGES on groups from fas; -GRANT SELECT on groups to fas; - -REVOKE ALL PRIVILEGES on group_roles from fas; -GRANT SELECT on group_roles to fas; - -REVOKE ALL PRIVILEGES on person_roles from fas; -GRANT SELECT on person_roles to fas; - -REVOKE ALL PRIVILEGES on person_roles_fpca from fas; -GRANT SELECT on person_roles_fpca to fas; - -REVOKE ALL PRIVILEGES on bugzilla_queue from fas; -GRANT SELECT on bugzilla_queue to fas; diff --git a/playbooks/manual/fas-readonly/fas-readonly.yml b/playbooks/manual/fas-readonly/fas-readonly.yml deleted file mode 100644 index e6550b4e51..0000000000 --- a/playbooks/manual/fas-readonly/fas-readonly.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: Change fas db to readonly for most actions - hosts: db-fas01.iad2.fedoraproject.org:db-fas01.stg.iad2.fedoraproject.org - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - tasks: - - name: Copy the sql script to file - ansible.builtin.template: src=fas-readonly.sql dest=/var/lib/pgsql/fas-readonly.sql - - - name: Change permissions for relevant tables in the fas db - ansible.builtin.shell: psql -1 -v ON_ERROR_STOP=1 fas2 {{ hostvars['localhost']['sar_tmp_dir'] }}/{{ sar_output_file }}" - delegate_to: localhost - when: "sar_huge is defined and sar_huge" - -- name: Gather SAR data - openshift apps - hosts: os_masters[0] - tasks: - - include_tasks: sar_openshift.yml - loop: "{{ lookup('dict', sar_openshift, wantlist=True) }}" - -- name: Create the archive - hosts: localhost - tasks: - - name: "Create the archive" - block: - # Generate a private tarball of the files from each service. - - ansible.builtin.shell: "umask 0077 && tar --transform \"s:^:{{ sar_fas_user }}_{{ sar_email }}/:\" -czf {{ sar_tmp_dir }}/{{ sar_fas_user }}_{{ sar_email }}.tar.gz *" - args: - chdir: "{{ sar_tmp_dir }}" - # Move the tarball into the desired pick up location. - - ansible.builtin.command: "mv {{ sar_tmp_dir }}/{{ sar_fas_user }}_{{ sar_email }}.tar.gz {{ sar_tar_output_path }}" - always: - # Let's clean up our temporary directory. - - ansible.builtin.command: "rm -r {{ sar_tmp_dir }}" diff --git a/playbooks/manual/gdpr/sar_openshift.yml b/playbooks/manual/gdpr/sar_openshift.yml deleted file mode 100644 index d9fbc553e6..0000000000 --- a/playbooks/manual/gdpr/sar_openshift.yml +++ /dev/null @@ -1,16 +0,0 @@ -# Retrieve GDPR data from single openshift app. -# Get the correct pod ---- -- name: Retrieve the id of the running container/pod - ansible.builtin.shell: "oc get -n {{ item.value.openshift_namespace }} -o name -l app={{ item.value.openshift_pod }} pods | cut -f 2 -d '/'" - register: pod_id -# Run the SAR script -- name: Run oc exec in container to extract the data - ansible.builtin.command: "oc -n {{ item.value.openshift_namespace }} rsh {{ pod_id.stdout }} bash -c 'SAR_USERNAME={{ sar_fas_user }} SAR_EMAIL={{ sar_email }} {{ item.value.sar_script }}'" - register: sar_data -# Store the result on disk -- name: Copy the output data locally - ansible.builtin.copy: - content: "{{ sar_data['stdout'] }}" - dest: "{{ hostvars['localhost']['sar_tmp_dir'] }}/{{ item.value.sar_output_file }}" - delegate_to: localhost diff --git a/playbooks/manual/get-system-packages.yml b/playbooks/manual/get-system-packages.yml deleted file mode 100644 index cf0e245b0a..0000000000 --- a/playbooks/manual/get-system-packages.yml +++ /dev/null @@ -1,21 +0,0 @@ -# -# A playbook to get all the rpms installed on a set of systems. -# - ---- -- name: Get installed packages - hosts: builders:releng-compose:data-analysis01.iad2.fedoraproject.org - gather_facts: true - user: root - - tasks: - - - name: RPM_output - ansible.builtin.shell: "/usr/bin/rpm -qa" - register: rpm_output - args: - warn: false # set warn=false to prevent warning - - - - debug: var=rpm_output.stdout_lines -# when: rpm_output is defined and rpm_output.results|length > 0 diff --git a/playbooks/manual/history_undo.yml b/playbooks/manual/history_undo.yml index 931f947c64..f1704d291f 100644 --- a/playbooks/manual/history_undo.yml +++ b/playbooks/manual/history_undo.yml @@ -1,4 +1,4 @@ -# requires --extra-vars="target='host1:host2:group etc' package='somepackage'" +# requires --extra-vars="target='host1;host2;group etc' package='somepackage'" # # This playbook searches through the yum history for the latest transaction # involving a particular package. Once it finds it, it will undo that @@ -8,32 +8,31 @@ # all the virthosts. If you run this once, it will undo those transactions. If # you run it again, it will undo that previous *undo*. ---- - name: Find and undo the latest yum transaction involving a $PACKAGE hosts: "{{ target }}" user: root tasks: - - name: Find the ID of the last yum transaction - ansible.builtin.shell: yum history package {{ package }} | sed -n 3p | awk -F "|" '{ print $1 }' | tr -d ' ' + - name: find the ID of the last yum transaction + shell: yum history package {{ package }} | sed -n 3p | awk -F "|" '{ print $1 }' | tr -d ' ' register: transaction_id # If transaction_id.stderr == "", then that means that the $PACKAGE we're - # looking for was never installed: it does not appear in the yum history. + # looking for was never installed; it does not appear in the yum history. - debug: var=transaction_id.stdout when: transaction_id.stderr == "" - - name: Get info on that transaction - ansible.builtin.command: yum history info {{ transaction_id.stdout }} + - name: get info on that transaction + command: yum history info {{ transaction_id.stdout }} register: transaction_info when: transaction_id.stderr == "" - debug: var=transaction_info.stdout_lines when: transaction_id.stderr == "" - # - pause: seconds=30 prompt="Undoing that yum transaction. Abort if this is wrong." + #- pause: seconds=30 prompt="Undoing that yum transaction. Abort if this is wrong." # when: transaction_id.stderr == "" - name: Okay.. undo that transaction now - ansible.builtin.command: yum -y history undo {{ transaction_id.stdout }} + command: yum -y history undo {{ transaction_id.stdout }} when: transaction_id.stderr == "" diff --git a/playbooks/manual/import-irc-cookies-to-matrix.yml b/playbooks/manual/import-irc-cookies-to-matrix.yml deleted file mode 100644 index 5f6c3c42ac..0000000000 --- a/playbooks/manual/import-irc-cookies-to-matrix.yml +++ /dev/null @@ -1,41 +0,0 @@ -# This playbook imports the cookies given on IRC to the Matrix Zodbot - ---- -- name: Import the cookies - hosts: value02.iad2.fedoraproject.org:value02.stg.iad2.fedoraproject.org - user: root - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - - name: Add the pgpass file - ansible.builtin.copy: - content: | - db01{{ env_suffix }}.iad2.fedoraproject.org:*:maubot:maubot:{{ (env == 'production')|ternary(maubot_prod_db_password, maubot_stg_db_password) }} - dest: /root/.pgpass - owner: root - group: root - mode: "0400" - - - name: Install the required package - dnf: - state: installed - name: python3-psycopg2 - - - name: Install the import script - ansible.builtin.copy: - src: "{{ files }}/zodbot/karma-to-cookies-db.py" - dest: /usr/local/bin/karma-to-cookies-db - mode: "0755" - - - name: Run the import script - ansible.builtin.command: - argv: - - /usr/local/bin/karma-to-cookies-db - - -i - - zodbot{% if env == "staging" %}-stg{% endif %}-fedora - - /var/lib/{{ (env == 'production')|ternary('zodbot', 'ursabot') }}/data/karma.db diff --git a/playbooks/manual/kernel-qa.yml b/playbooks/manual/kernel-qa.yml index 42de1b3ceb..88791012ee 100644 --- a/playbooks/manual/kernel-qa.yml +++ b/playbooks/manual/kernel-qa.yml @@ -2,24 +2,31 @@ # NOTE: this assumes the kernel-qa boxes are already up and are accessible # NOTE: most of these vars_path come from group_vars/kernel-qa or from hostvars ---- -- name: Make kernel-qa - hosts: kernel_qa +- name: make kernel-qa + hosts: kernel-qa user: root - gather_facts: true + gather_facts: True - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - rkhunter + - denyhosts - nagios_client - - ipa/client + - fas_client - sudo - - hosts + + tasks: + # this is how you include other task lists + - include: "{{ tasks }}/hosts.yml" + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/manual/liberate-5099.yml b/playbooks/manual/liberate-5099.yml new file mode 100644 index 0000000000..6d0dc791c6 --- /dev/null +++ b/playbooks/manual/liberate-5099.yml @@ -0,0 +1,14 @@ +# requires --extra-vars="target='host1;host2;group etc' + +- name: Find whatever is running on port 5099 and storm its figurative bastille. + hosts: "{{ target }}" + user: root + + tasks: + - name: find the PID of whatever is on port 5099 + command: lsof -i :5099 -t + register: offenders + + - name: salt the earth + command: "kill {{ item }}" + with_items: "{{ offenders.stdout_lines }}" diff --git a/playbooks/manual/mirrormanager/emergency-expire-repo.yml b/playbooks/manual/mirrormanager/emergency-expire-repo.yml deleted file mode 100644 index c388f294ea..0000000000 --- a/playbooks/manual/mirrormanager/emergency-expire-repo.yml +++ /dev/null @@ -1,38 +0,0 @@ -# This playbook forces an update of the mirrorlist cache in MirrorManager - -# Usage: -# --extra-vars="product='EPEL' version='7'" -# product => The product name in MirrorManager's DB. Currently one of: -# "Fedora", "EPEL" or "RHEL" -# version => The version that must be expired and updated. - ---- -- name: Run the emergency-expire-repo script - hosts: os_control[0]:os_control_stg[0] - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/vars/apps/mirrormanager.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - pre_tasks: - - name: Validate the product {{ product }} - assert: - that: - - product is defined - - product in ["Fedora", "EPEL", "RHEL"] - fail_msg: "The 'product' variable is not set correctly" - - name: Validate the version {{ version }} - assert: - that: - - version is defined - fail_msg: "The 'version' variable is not defined" - - roles: - - role: openshift/job - job_app: mirrormanager - job_name: emergency-expire-repo-{{ product|lower|replace(" ", "-") }}-{{ version|lower|replace(" ", "-") }} - job_command: "/opt/app-root/bin/mm2_emergency-expire-repo {{ product }} {{ version }} && bash /opt/scripts/update-mirrorlist-cache.sh" diff --git a/playbooks/manual/mirrormanager/move-devel-to-release.yml b/playbooks/manual/mirrormanager/move-devel-to-release.yml deleted file mode 100644 index d5ac99013e..0000000000 --- a/playbooks/manual/mirrormanager/move-devel-to-release.yml +++ /dev/null @@ -1,35 +0,0 @@ -# This playbook moves a branched version to a released version in MirrorManager's DB - ---- -- name: Run the move-devel-to-release script - hosts: os_control[0]:os_control_stg[0] - user: root - vars: - version: "{{ FedoraCycleNumber }}" - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/vars/apps/mirrormanager.yml - - /srv/web/infra/ansible/vars/all/00-FedoraCycleNumber.yaml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - pre_tasks: - - name: Validate the version {{ version }} - assert: - that: - - version is defined - fail_msg: "The 'version' variable is not defined" - - roles: - - - role: openshift/job - job_app: mirrormanager - job_name: move-devel-to-release-fedora-linux-{{ version|lower|replace(" ", "-") }} - job_command: "/opt/app-root/bin/mm2_move-devel-to-release --version {{ version }} --category 'Fedora Linux'" - - - role: openshift/job - job_app: mirrormanager - job_name: move-devel-to-release-fedora-secondary-{{ version|lower|replace(" ", "-") }} - job_command: "/opt/app-root/bin/mm2_move-devel-to-release --version {{ version }} --category 'Fedora Secondary Arches'" diff --git a/playbooks/manual/mirrormanager/move-to-archive.yml b/playbooks/manual/mirrormanager/move-to-archive.yml deleted file mode 100644 index 404504c6a9..0000000000 --- a/playbooks/manual/mirrormanager/move-to-archive.yml +++ /dev/null @@ -1,38 +0,0 @@ -# This playbook moves a distro version to the archive in MirrorManager's DB - -# Usage: -# --extra-vars="product='EPEL' version='7'" -# product => The product name in MirrorManager's DB. Currently one of: -# "Fedora", "EPEL" or "RHEL" -# version => The version that must be archived. - ---- -- name: Run the move-to-archive script - hosts: os_control[0]:os_control_stg[0] - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/vars/apps/mirrormanager.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - pre_tasks: - - name: Validate the product {{ product }} - assert: - that: - - product is defined - - product in ["Fedora", "EPEL", "RHEL"] - fail_msg: "The 'product' variable is not set correctly" - - name: Validate the version {{ version }} - assert: - that: - - version is defined - fail_msg: "The 'version' variable is not defined" - - roles: - - role: openshift/job - job_app: mirrormanager - job_name: move-to-archive-{{ product|lower|replace(" ", "-") }}-{{ version|lower|replace(" ", "-") }} - job_command: "/opt/app-root/bin/mm2_move-to-archive --product {{ product }} --version {{ version }}" diff --git a/playbooks/manual/nagios/shush-fmn.yml b/playbooks/manual/nagios/shush-fmn.yml deleted file mode 100644 index 51812190c2..0000000000 --- a/playbooks/manual/nagios/shush-fmn.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: Be quiet please... - hosts: notifs_backend:notifs_backend_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Tell nagios to shush. - nagios: action=downtime minutes=15 service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org - ignore_errors: true diff --git a/playbooks/manual/noggin-deployment/create-full-backup.yml b/playbooks/manual/noggin-deployment/create-full-backup.yml deleted file mode 100644 index 7195200530..0000000000 --- a/playbooks/manual/noggin-deployment/create-full-backup.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: Backup IPA data for testing - hosts: ipa_stg - # vars_files: - # - /srv/web/infra/ansible/vars/global.yml - # - "/srv/private/ansible/vars.yml" - # - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - tasks: - - name: Create backup of FreeIPA server data - ansible.builtin.command: ipa-backup - - - name: Make the latest backup available under a fixed name - ansible.builtin.shell: - cmd: ln -snf $(ls -1t ipa-full* | head -n 1) ipa-full-latest - chdir: /var/lib/ipa/backup diff --git a/playbooks/manual/noggin-deployment/fix-home-fedora-ownerships.yml b/playbooks/manual/noggin-deployment/fix-home-fedora-ownerships.yml deleted file mode 100644 index b55d22c413..0000000000 --- a/playbooks/manual/noggin-deployment/fix-home-fedora-ownerships.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -- name: Fix ownership of home directories in /home/fedora - hosts: all - user: root - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Check if /home/fedora exists - stat: - path: /home/fedora - follow: yes - register: home_fedora_res - - - name: Copy the script to the host - ansible.builtin.copy: - src: "{{ files }}/scripts/fix-home-fedora-ownerships.sh" - dest: /usr/local/sbin/fix-home-fedora-ownerships.sh - mode: "0755" - changed_when: false - when: home_fedora_res.stat.isdir - - - name: Fix ownership of home directories in /home/fedora - # assumes that directory name == user name - ansible.builtin.shell: - chdir: /home/fedora - cmd: /usr/local/sbin/fix-home-fedora-ownerships.sh - register: chown_res - changed_when: "'fixing ownership:' in chown_res.stdout" - when: home_fedora_res.stat.isdir - - - name: Delete the script from the host - ansible.builtin.file: - path: /usr/local/sbin/fix-home-fedora-ownerships.sh - state: absent - changed_when: false - when: home_fedora_res.stat.isdir diff --git a/playbooks/manual/noggin-deployment/reenroll-ipa-client.yml b/playbooks/manual/noggin-deployment/reenroll-ipa-client.yml deleted file mode 100644 index e3299df31a..0000000000 --- a/playbooks/manual/noggin-deployment/reenroll-ipa-client.yml +++ /dev/null @@ -1,71 +0,0 @@ ---- - -# Reenroll IPA clients if their IPA server was reinstalled. -# -# Limited to staging hosts (because the staging IPA server was reinstalled lately) to avoid breakage -# in prod. - -- name: Reenroll IPA client - hosts: staging - user: root - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tags: - - ipa/client - - reenroll - - tasks: - - # Preparation - - - name: Install packages - ansible.builtin.package: - name: - - freeipa-client - - krb5-workstation - state: present - - # Checks - - - name: Check if the host can obtain a Kerberos ticket - ansible.builtin.command: kinit -kt /etc/krb5.keytab - ignore_errors: yes - changed_when: no - register: kinit_res - when: ipa_server is defined - - - name: Ping the IPA server - ansible.builtin.command: ipa ping - ignore_errors: yes - changed_when: no - register: ipa_ping_res - when: ipa_server is defined and kinit_res.rc == 0 - - - name: Do the things, or don't - set_fact: - do_the_things: >- - ( - ipa_server is defined - and (kinit_res.rc != 0 or (ipa_ping_res.rc | default(0)) != 0) - ) | bool - - # Do the things - - - name: Unenroll IPA client - ansible.builtin.command: ipa-client-install --uninstall --unattended - when: do_the_things - - - name: Apply the ipa/client role - include_role: - name: ipa/client - when: do_the_things - -- name: Fix ownership of directories in /home/fedora - import_playbook: fix-home-fedora-ownerships.yml - when: do_the_things - tags: - - fix-ownership diff --git a/playbooks/manual/noggin-deployment/restore-latest-backup.yml b/playbooks/manual/noggin-deployment/restore-latest-backup.yml deleted file mode 100644 index 79f6d62435..0000000000 --- a/playbooks/manual/noggin-deployment/restore-latest-backup.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Restore latest IPA backup for testing - hosts: ipa_stg - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - # - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - tasks: - - name: Restore latest backup of FreeIPA server data - ansible.builtin.command: ipa-restore /var/lib/ipa/backup/ipa-full-latest -p {{ ipa_admin_password }} diff --git a/playbooks/manual/noggin-deployment/uninstall_ipa_client.yml b/playbooks/manual/noggin-deployment/uninstall_ipa_client.yml deleted file mode 100644 index 11e4584713..0000000000 --- a/playbooks/manual/noggin-deployment/uninstall_ipa_client.yml +++ /dev/null @@ -1,85 +0,0 @@ ---- -- name: Uninstall IPA client - hosts: bodhi_backend_stg:bugzilla2fedmsg_stg:ipsilon_stg:buildvm_stg:buildvm_ppc64le_stg:buildvm_aarch64_stg:buildvm_armv7_stg:buildvm_s390x_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Uninstall IPA client - ansible.builtin.command: ipa-client-install --uninstall --unattended - ignore_errors: yes - -- import_playbook: "/srv/web/infra/ansible/playbooks/groups/bodhi-backend.yml" -- import_playbook: "/srv/web/infra/ansible/playbooks/groups/bugzilla2fedmsg.yml" -- import_playbook: "/srv/web/infra/ansible/playbooks/groups/ipsilon.yml" -- import_playbook: "/srv/web/infra/ansible/playbooks/groups/buildvm.yml" - - -- name: Remove keytab in OpenShift - hosts: os_master_stg[0] - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - vars: - - keytabs: - - app: elections - key: service.keytab - secret_name: elections-keytab - - app: fasjson - key: http - secret_name: fasjson-keytab-http - - app: ipsilon - key: service.keytab - secret_name: ipsilon-keytab - - app: bodhi - key: koji-keytab - secret_name: bodhi-keytab - - app: coreos-koji-tagger - key: koji-keytab - secret_name: coreos-koji-tagger-keytab - - app: koschei - secret_name: keytab - key: krb5.keytab - - app: simple-koji-ci - key: simple-koji-ci-keytab - secret_name: simple-koji-ci-keytab - - app: sso - key: sso-keytab - secret_name: sso-keytab - - app: the-new-hotness - key: koji-keytab - secret_name: the-new-hotness-keytab - - tasks: - - name: Remove keytab - ansible.builtin.file: - path: "/etc/openshift_apps/{{item.app}}/{{item.key}}.kt" - state: absent - loop: "{{keytabs}}" - - - name: Remove keytab secret - ansible.builtin.command: oc -n {{item.app}} delete secret {{item.secret_name}} - register: delete_out - failed_when: "delete_out.rc != 0 and 'NotFound' not in delete_out.stderr" - changed_when: "delete_out.rc == 0 and 'secret \"{{item.secret_name}}\" deleted' in delete_out.stdout" - loop: "{{keytabs}}" - -- import_playbook: "/srv/web/infra/ansible/playbooks/openshift-apps/elections.yml" -- import_playbook: "/srv/web/infra/ansible/playbooks/openshift-apps/fasjson.yml" -- import_playbook: "/srv/web/infra/ansible/playbooks/openshift-apps/ipsilon.yml" -- import_playbook: "/srv/web/infra/ansible/playbooks/openshift-apps/bodhi.yml" -- import_playbook: "/srv/web/infra/ansible/playbooks/openshift-apps/coreos-koji-tagger.yml" -- import_playbook: "/srv/web/infra/ansible/playbooks/openshift-apps/koschei.yml" -- import_playbook: "/srv/web/infra/ansible/playbooks/openshift-apps/message-tagging-service.yml" -- import_playbook: "/srv/web/infra/ansible/playbooks/openshift-apps/monitor_gating.yml" -- import_playbook: "/srv/web/infra/ansible/playbooks/openshift-apps/sso.yml" -- import_playbook: "/srv/web/infra/ansible/playbooks/openshift-apps/the-new-hotness.yml" - -# No keytab, but the CA cert needs to be updated -- import_playbook: "/srv/web/infra/ansible/playbooks/openshift-apps/noggin.yml" -- import_playbook: "/srv/web/infra/ansible/playbooks/openshift-apps/noggin-centos.yml" diff --git a/playbooks/manual/oci-registry-prune.yml b/playbooks/manual/oci-registry-prune.yml deleted file mode 100644 index d6affeac75..0000000000 --- a/playbooks/manual/oci-registry-prune.yml +++ /dev/null @@ -1,49 +0,0 @@ -# This playbook search for old OCI images on the candidate registries -# and deletes them. -# Once the images tags are deleted the garbage collection is run on the -# registry hosts. - ---- -- name: Prune 30 days old OCI images from candidate-registry - hosts: oci-candidate-registry01.iad2.fedoraproject.org:oci-candidate-registry01.stg.iad2.fedoraproject.org - gather_facts: false - user: root - - vars: - - ansible_python_interpreter: "/usr/bin/python3" - - vars_files: - - "/srv/private/ansible/vars.yml" - - tasks: - - - name: Find and Delete 30 days old OCI images - delete_old_oci_images: - days: 30 - username: "{{candidate_registry_osbs_prod_username}}" - password: "{{candidate_registry_osbs_prod_password}}" - delegate_to: compose-x86-01.iad2.fedoraproject.org - when: env == "production" - register: prod_output - - - debug: var=prod_output.stdout_lines - - - name: Run registry garbage collection to reclaim disk space - ansible.builtin.command: "registry garbage-collect /etc/docker-distribution/registry/config.yml" - when: env == "production" - - - name: Find and Delete 30 days old OCI images (stg) - delete_old_oci_images: - registry: "https://candidate-registry.stg.fedoraproject.org" - days: 30 - username: "{{candidate_registry_osbs_stg_username}}" - password: "{{candidate_registry_osbs_stg_password}}" - delegate_to: compose-x86-01.iad2.fedoraproject.org - when: env == "staging" - register: stg_output - - - debug: var=stg_output.stdout_lines - - - name: Run registry garbage collection to reclaim disk space (stg) - ansible.builtin.command: "registry garbage-collect /etc/docker-distribution/registry/config.yml" - when: env == "staging" diff --git a/playbooks/manual/ocp4-place-ignitionfiles.yml b/playbooks/manual/ocp4-place-ignitionfiles.yml deleted file mode 100644 index d69397f9ba..0000000000 --- a/playbooks/manual/ocp4-place-ignitionfiles.yml +++ /dev/null @@ -1,108 +0,0 @@ ---- -# This playbook is an ad-hoc task used to deploy kvm nodes for OCP4 -# It used the following variables, declared through inventory (group/host vars): -# rhcos_version: 4.5.6 # upstream version to fetch from mirror.openshift.com in local httpd dir for deployment -# rhcos_install_img_url: # Where to grab rhcos install http:////rhcos/rhcos-4.3.8-x86_64-metal.x86_64.raw.gz -# rhcos_ignition_file_url: # where to find ignition file http:///config/rhcos/bootstrap.ign #to be modified based on group or host level, for bootstrap, master, etc -# rhcos_install_url: #where kernel/initrd.img and .treeinfo are to be found, internal -# kvm_guest_vcpus: -# kvm_guest_memory: -# kvm_guest_disk_size: #in GiB, not to be added, so example: 120 -# kvm_host_bridge: # which defined bridged to use for the guest vnic -# kvm_guest_vnic: ens3 -# ip: -# nameservers: -# - 192.168.1.1 -# - 192.168.2.2 -# gateway -# deploy_host: # http server serving ignition files -- hosts: os_control_stg:os_control:ocp_controlplane_stg:ocp_controlplane:ocp_bootstrap:ocp_boostrap_stg:ocp_vms_stg:ocp_vms - user: root - gather_facts: false - - tasks: - - block: - - name: == OCP KVM provisioning == Ensuring we have needed httpd dir - ansible.builtin.file: - path: "/var/www/html/rhcos" - state: directory - mode: "0755" - - name: == OCP KVM provisioning == Importing generated Ignition files - ansible.builtin.template: - src: "/srv/web/infra/bigfiles/openshiftboot/{{ env }}/{{ item }}" - dest: "/var/www/html/rhcos/{{ item }}" - mode: "0755" - with_items: - - bootstrap.ign - - controlplane.ign - - worker.ign - - name: == OCP KVM provisioning == Creating treeinfo for virt-install --location - ansible.builtin.template: - src: "/srv/web/infra/bigfiles/openshiftboot/ocp-treeinfo.j2" - dest: "/var/www/html/rhcos/.treeinfo" - mode: "0644" - - name: == OCP KVM provisioning == Copy kubeadmin config files to bastion - ansible.builtin.copy: - src: "/srv/web/infra/bigfiles/openshiftboot/{{ env }}/auth/" - dest: "/root/ocp4/ocp-{{env}}/" - - name: == OCP KVM provisioning == Downloading RHCOS deploy files - get_url: - dest: /var/www/html/rhcos/ - mode: "0755" - url: "https://mirror.openshift.com/pub/openshift-v4/x86_64/dependencies/rhcos/latest/{{ item }}" -# run_once: true - ignore_errors: true - with_items: - - "rhcos-live-initramfs.x86_64.img" - - "rhcos-live-rootfs.x86_64.img" - - "rhcos-metal.x86_64.raw.gz" - - "rhcos-live-kernel-x86_64" - - name: == OCP KVM provisioning == Ensuring symlink for correct version {{ rhcos_version }} - ansible.builtin.file: - state: link - src: "/var/www/html/rhcos/rhcos-metal.x86_64.raw.gz" - dest: "/var/www/html/rhcos/rhcos-metal.raw" - tags: - - ignition - - repo - when: inventory_hostname in groups['os_control_stg'] or inventory_hostname in groups['os_control'] - - - name: == OCP KVM provisioning == Downloading RHCOS deploy files - get_url: - dest: /srv/web/infra/bigfiles/tftpboot/rhcos/ - mode: "0755" - url: "https://mirror.openshift.com/pub/openshift-v4/x86_64/dependencies/rhcos/latest/{{ item }}" - run_once: true - ignore_errors: true - with_items: - - "rhcos-live-initramfs.x86_64.img" - - "rhcos-live-kernel-x86_64" - delegate_to: 127.0.0.1 - tags: - - ignition - - repo - - - name: == OCP KVM provisioning == Checking OCP Virtual Guest exist[s] - virt: - name: "{{ inventory_hostname }}" - state: running - ignore_errors: yes - delegate_to: "{{ vmhost }}" - register: vm_exists - tags: - - kvm_deploy - when: inventory_hostname in groups['ocp_vms_stg'] or inventory_hostname in groups['ocp_vms'] - - block: - - name: Ensure the lv for the guest is made - lvol: lv={{ inventory_hostname }} vg={{ volgroup }} size={{ lvm_size }} state=present - delegate_to: "{{ vmhost }}" - tags: - - kvm_deploy - when: inventory_hostname in groups['ocp_vms_stg'] or inventory_hostname in groups['ocp_vms'] - - name: == OCP KVM provisioning == Deploying the OCP Virtual Guest[s] - ansible.builtin.command: "{{ virt_install_command }}" - delegate_to: "{{ vmhost }}" - tags: - - kvm_deploy - when: inventory_hostname in groups['ocp_vms_stg'] or inventory_hostname in groups['ocp_vms'] - when: vm_exists is failed diff --git a/playbooks/manual/ocp4-sysadmin-openshift.yml b/playbooks/manual/ocp4-sysadmin-openshift.yml deleted file mode 100644 index af83788b65..0000000000 --- a/playbooks/manual/ocp4-sysadmin-openshift.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- hosts: os_control_stg:os_control - gather_facts: false - - roles: - - role: openshift/sysadmin-openshift - sysadmin_openshift_appowners: - - darknao - - dkirwan - - jrichardson - - kevin - - lenkaseg - - siddharthvipul1 - - t0xic0der - - ryanlerch - - james diff --git a/playbooks/manual/openqa-restart-workers.yml b/playbooks/manual/openqa-restart-workers.yml deleted file mode 100644 index fe55eb7b41..0000000000 --- a/playbooks/manual/openqa-restart-workers.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: Restart worker services on openQA worker hosts (production) - hosts: openqa_workers:openqa_lab_workers - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - name: Restart all the worker services - service: name=openqa-worker@{{ item }} state=restarted - with_sequence: "count={{ openqa_workers }}" diff --git a/playbooks/manual/qadevel.yml b/playbooks/manual/qadevel.yml index 478ba35b19..cdf14e71e2 100644 --- a/playbooks/manual/qadevel.yml +++ b/playbooks/manual/qadevel.yml @@ -1,48 +1,49 @@ # create a new qadevel server # -# This server looks for rawhide builds and requests they be signed. +# This server looks for rawhide builds and requests they be signed. # ---- -- name: Make qadevel server - hosts: qadevel:qadevel_stg +- name: make qadevel server + hosts: qadevel;qadevel-stg user: root - gather_facts: false + gather_facts: False + accelerate: "{{ accelerated }}" - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - - import_tasks: "{{ tasks_path }}/virt_instance_create.yml" + - include: "{{ tasks }}/virt_instance_create.yml" handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" + - include: "{{ handlers }}/restart_services.yml" -- name: Make the box be real - hosts: qadevel:qadevel_stg +- name: make the box be real + hosts: qadevel;qadevel-stg user: root - gather_facts: true + gather_facts: True + accelerate: "{{ accelerated }}" - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - rkhunter - nagios_client + - fas_client - collectd/base - sudo - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - tasks: - - import_tasks: "{{ tasks_path }}/hosts.yml" - - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - include: "{{ tasks }}/hosts.yml" + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/manual/rabbit/delete-queue.yml b/playbooks/manual/rabbit/delete-queue.yml deleted file mode 100644 index 63271eab9d..0000000000 --- a/playbooks/manual/rabbit/delete-queue.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Remove a RabbitMQ queue -# -# Required parameter: -# - queue_name (str): the name of the queue to delete. -# - vhost (str): the name of the RabbitMQ virtual host -# -# Use --extra-vars to define them. - ---- -- assert: - that: - - "queue_name is defined" - fail_msg: "You must define queue_name" - -- assert: - that: - - "vhost is defined" - fail_msg: "You must define vhost" - -- name: Create the queue in RabbitMQ - hosts: rabbitmq_stg[0]:rabbitmq[0] - rabbitmq_queue: - name: "{{ queue_name }}" - vhost: "{{ vhost }}" - state: absent - login_user: admin - login_password: "{{ (env == 'production')|ternary(rabbitmq_admin_password_production, rabbitmq_admin_password_staging) }}" diff --git a/playbooks/manual/rebuild-fedora-packages-search-index.yml b/playbooks/manual/rebuild-fedora-packages-search-index.yml new file mode 100644 index 0000000000..14aef500b2 --- /dev/null +++ b/playbooks/manual/rebuild-fedora-packages-search-index.yml @@ -0,0 +1,74 @@ +# Nuke and rebuild the xapian search index for fedora-packages +# +# "install_packages_indexer" is a host_var that instructs this to only run on +# one of the multiple packages nodes. The cache that this rebuilds is shared +# between nodes with gluster. + +- name: nuke xapian search index + hosts: packages;packages-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + vars: + cache_root: /var/cache/fedoracommunity + + tasks: + - name: pause for 30s before nuking xapian search index + pause: seconds=30 prompt="Destroying xapian index. Abort?" + when: install_packages_indexer + + - name: Nuke the old xapian search index + file: path={{cache_root}}/packages/xapian state=absent + when: install_packages_indexer + + - name: Recreate some structure for the search index + file: > + path={{cache_root}}/{{item}} + state=directory + owner=apache + group=apache + mode=0755 + with_items: + - packages + - rpm_cache + - git.fedoraproject.org + - packages/icons + - packages/xapian + - packages/xapian/search + - packages/xapian/versionmap + - packages/tmp + - packages/tmp/icons + - packages/tmp/rpms + - packages/tmp/search + - packages/tmp/versionmap + - packages/tmp/var + - packages/tmp/yum-cache + when: install_packages_indexer + +- name: Rebuild that search idex that we just destroyed + hosts: packages;packages-stg + user: root + sudo: apache + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: Pull in the list of packages from pkgdb. Go get a snack. + command: /usr/bin/fcomm-index-packages -p /var/cache/fedoracommunity/packages/tmp -y /etc/fedoracommunity/yum-repo.conf --index-db-dest /var/cache/fedoracommunity/packages/xapian --icons-dest /var/cache/fedoracommunity/packages/icons --tagger-url https://apps.fedoraproject.org/tagger/api/v1/tag/export/ --pkgdb-url https://admin.fedoraproject.org/pkgdb + async: 10000 + poll: 60 + when: install_packages_indexer + - name: Pull in all the latest builds from koji. Go get another snack. + command: /usr/bin/fcomm-index-latest-builds -p /var/cache/fedoracommunity/packages/xapian --koji-url http://koji.fedoraproject.org/kojihub --action init + async: 20000 + poll: 60 + when: install_packages_indexer diff --git a/playbooks/manual/rebuild/hotspot.txt b/playbooks/manual/rebuild/hotspot.txt deleted file mode 100644 index d86bac9de5..0000000000 --- a/playbooks/manual/rebuild/hotspot.txt +++ /dev/null @@ -1 +0,0 @@ -OK diff --git a/playbooks/manual/rebuild/hotspot.yml b/playbooks/manual/rebuild/hotspot.yml deleted file mode 100644 index 70ceded4cd..0000000000 --- a/playbooks/manual/rebuild/hotspot.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: Put a hotspot.txt file in place. - hosts: proxies:proxies_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - ansible.builtin.file: dest=/srv/web/fedoraproject.org/static/ state=directory - - ansible.builtin.copy: - src: hotspot.txt - dest: /srv/web/fedoraproject.org/static/hotspot.txt diff --git a/playbooks/manual/rebuild/mote.yml b/playbooks/manual/rebuild/mote.yml deleted file mode 100644 index 0fcc0c5f14..0000000000 --- a/playbooks/manual/rebuild/mote.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: Nuke the mote cache and restart the services to rebuild it. - hosts: value:value_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - ansible.builtin.file: dest=/var/cache/httpd/mote/cache.json state=absent - - service: name="httpd" state=restarted - - service: name="mote-updater" state=restarted diff --git a/playbooks/manual/rebuild/websites.yml b/playbooks/manual/rebuild/websites.yml deleted file mode 100644 index 5e992fee8a..0000000000 --- a/playbooks/manual/rebuild/websites.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -- name: Force a rebuild of website content on the backend builder - hosts: sundries01* - user: root - become: true - become_user: apache - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Run syncStatic (this takes a while)... - ansible.builtin.command: /usr/local/bin/lock-wrapper syncStatic /usr/local/bin/syncStatic - -- name: Tell the proxies to sync that freshness - hosts: proxies:proxies_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Rsync each site in to place - ansible.builtin.command: /usr/bin/rsync --delete -a --no-owner --no-group sundries01::{{item}}/ /srv/web/{{item}}/ - with_items: - - getfedora.org - - fedoracommunity.org - - developer.fedoraproject.org - - fedoraproject.org - - labs.fedoraproject.org - - mirrors.fedoraproject.org - - start.fedoraproject.org - - budget.fedoraproject.org diff --git a/playbooks/manual/releng/koji-release-tags.yml b/playbooks/manual/releng/koji-release-tags.yml deleted file mode 100644 index d9df250ea2..0000000000 --- a/playbooks/manual/releng/koji-release-tags.yml +++ /dev/null @@ -1,227 +0,0 @@ ---- -- name: Create the release tags in koji. - hosts: compose-x86-01.stg.iad2.fedoraproject.org - gather_facts: no - vars_files: - - /srv/web/infra/ansible/vars/all/00-FedoraCycleNumber.yaml - - /srv/web/infra/ansible/vars/all/FedoraBranched.yaml - - /srv/web/infra/ansible/vars/all/FedoraBranchedNumber.yaml - - /srv/web/infra/ansible/vars/all/FedoraRawhideNumber.yaml - vars: - - appliance_build: [appliance-tools, bash, coreutils, grub, parted, perl, policycoreutils, selinux-policy, shadow-utils, sssd-client] - - build: [bash, bzip2, coreutils, cpio, diffutils, fedora-release, findutils, gawk, glibc-minimal-langpack, grep, gzip, info, patch, redhat-rpm-config, rpm-build, sed, shadow-utils, tar, unzip, util-linux, which, xz] - - livecd_build: [bash, coreutils, fedora-logos, fedora-release, livecd-tools, policycoreutils, python-dbus, sed, selinux-policy-targeted, shadow-utils, squashfs-tools, sssd-client, tar, unzip, util-linux, which, yum] - - livemedia_build: [bash, coreutils, glibc-all-langpacks, lorax-lmc-novirt, selinux-policy-targeted, shadow-utils, util-linux] - - srpm_build: [bash, fedora-release, fedpkg-minimal, glibc-minimal-langpack, gnupg2, redhat-rpm-config, rpm-build, shadow-utils] - - release: f{{FedoraBranchedNumber}} - collections: - - ktdreyer.koji_ansible - - pre_tasks: - - name: copy the koji.conf file with the correct variables - ansible.builtin.template: - src: koji.conf.j2 - dest: /etc/koji.conf - owner: root - group: root - mode: "0644" - - tasks: - - name: create the main koji tag for {{release}} - koji_tag: - koji: koji - name: "{{release}}" - state: present - perm: autosign - groups: - appliance-build: "{{appliance_build}}" - build: "{{build}}" - livecd-build: "{{livecd_build}}" - livemedia-build: "{{livemedia_build}}" - srpm-build: "{{srpm_build}}" - extra: - mock.package_manager: dnf - mock.new_chroot: 0 - tags: rpm - - - name: create the {{release}} tags - koji_tag: - koji: koji - name: "{{ item.name }}" - state: present - perm: "{{ item.perm }}" - arches: "{{item.arches}}" - inheritance: - - parent: "{{ item.parent }}" - priority: 0 - loop: - - {name: "{{release}}-updates", perm: admin, parent: "{{release}}", arches: ""} - - {name: "{{release}}-updates-testing", perm: admin, parent: "{{release}}", arches: ""} - - {name: "{{release}}-updates-pending", perm: admin, parent: "{{release}}", arches: ""} - - {name: "{{release}}-override", perm: fedora-override, parent: "{{release}}", arches: ""} - - {name: "{{release}}-updates-candidate", perm: '', parent: "{{release}}", arches: ""} - - {name: "{{release}}-compose", perm: '', parent: "{{release}}", arches: ""} - - {name: "{{release}}-updates-testing-pending", perm: 'autosign', parent: "{{release}}-updates-testing", arches: ""} - - {name: "{{release}}-signing-pending", perm: 'autosign', parent: "{{release}}-updates-testing-pending", arches: ""} - - {name: "{{release}}-pending", perm: '', parent: "{{release}}-updates", arches: ""} - - {name: "{{release}}-build", perm: 'admin', parent: "{{release}}-override", arches: "armv7hl i686 x86_64 aarch64 ppc64le s390x"} - tags: rpm - - - name: create the main infra tags - koji_tag: - koji: koji - name: "{{ item.name }}" - state: present - perm: "{{ item.perm }}" - inheritance: - - parent: "{{ item.parent }}" - priority: 0 - extra: - tag2distrepo.enabled: "true" - tag2distrepo.keys: 47dd8ef9 - loop: - - {name: "{{release}}-infra", perm: 'infra', parent: "{{release}}-build", arches: ""} - - {name: "{{release}}-infra-stg", perm: 'infra', parent: "{{release}}-infra", arches: ""} - tags: infra - - - name: create the other infra tags - koji_tag: - koji: koji - name: "{{ item.name }}" - state: present - perm: "{{ item.perm }}" - inheritance: - - parent: "{{ item.parent }}" - priority: 0 - loop: - - {name: "{{release}}-infra-candidate", perm: 'infra', parent: "{{release}}-infra-stg", arches: ""} - - {name: "{{release}}-infra-build", perm: 'infra', parent: "{{release}}-infra-stg", arches: ""} - tags: infra - - - - name: create the container tag - koji_tag: - koji: koji - name: "{{release}}-container" - state: present - tags: container - - - - name: create the container build tag - koji_tag: - koji: koji - name: "{{release}}-container-build" - state: present - arches: "x86_64" - inheritance: - - parent: "{{release}}-container" - priority: 0 - tags: container - - - name: create the openh264 tags - koji_tag: - koji: koji - name: "{{release}}-openh264" - state: present - inheritance: - - parent: "{{release}}" - priority: 0 - loop: - - {name: "{{release}}-container-build", perm: '', parent: "{{release}}-container", arches: "x86_64"} - tags: openh264 - - - - name: create the main coreos tag - koji_tag: - koji: koji - name: "{{release}}-coreos-continuous" - state: present - arches: "x86_64 aarch64 ppc64le s390x" - extra: - tag2distrepo.enabled: "true" - tags: coreos - - - name: create the coreos-pool tag - koji_tag: - koji: koji - name: "coreos-pool" - state: present - arches: "x86_64 aarch64 ppc64le s390x" - extra: - tag2distrepo.keys: "429476b4 cfc659b9 3c3359c4 12c944d0" - tags: coreos - - - name: create the other coreos tags - koji_tag: - koji: koji - name: "{{release}}-coreos-signing-pending" - state: present - arches: "x86_64 aarch64 ppc64le s390x" - inheritance: - - parent: "coreos-pool" - priority: 0 - extra: - tag2distrepo.enabled: "true" - tags: coreos - - - - name: create the {{release}} target - koji_target: - koji: koji - name: "{{release}}" - build_tag: "{{release}}-build" - dest_tag: "{{release}}-updates-candidate" - tags: rpm - - - - name: create the {{release}}-candidate target - koji_target: - koji: koji - name: "{{release}}-candidate" - build_tag: "{{release}}-build" - dest_tag: "{{release}}-updates-candidate" - tags: rpm - - - - name: create the {{release}}-infra target - koji_target: - koji: koji - name: "{{release}}-infra" - build_tag: "{{release}}-infra-build" - dest_tag: "{{release}}-infra-candidate" - tags: infra - - - - name: create the {{release}}-container-candidate target - koji_target: - koji: koji - name: "{{release}}-container-candidate" - build_tag: "{{release}}-container-build" - dest_tag: "{{release}}-container-updates-candidate" - tags: container - - - - name: create the rawhide target - koji_target: - koji: koji - name: "rawhide" - build_tag: "f{{FedoraRawhideNumber}}-build" - dest_tag: "f{{FedoraRawhideNumber}}-updates-candidate" - tags: rawhide - - - name: create the rawhide container target - koji_target: - koji: koji - name: "rawhide-container-candidate" - build_tag: "f{{FedoraRawhideNumber}}-container-build" - dest_tag: "f{{FedoraRawhideNumber}}-container" - tags: rawhide - - - - name: Change the rawhide tag inheritance - koji_tag_inheritance: - koji: koji - parent_tag: "f{{FedoraRawhideNumber}}" - child_tag: rawhide - priority: 0 - tags: rawhide diff --git a/playbooks/manual/releng/templates/koji.conf.j2 b/playbooks/manual/releng/templates/koji.conf.j2 deleted file mode 100644 index 18e63c4776..0000000000 --- a/playbooks/manual/releng/templates/koji.conf.j2 +++ /dev/null @@ -1,39 +0,0 @@ -[koji] -;configuration for koji cli tool -;url of XMLRPC server -server = https://koji{{env_suffix}}.fedoraproject.org/kojihub - -;url of web interface -weburl = https://koji{{env_suffix}}.fedoraproject.org/koji - -topurl = https://kojipkgs{{env_suffix}}.fedoraproject.org/ - -;configuration for Kerberos authentication -authtype = kerberos -krb_rdns = false - -;the service name of the principal being used by the hub -krbservice = compose - -;the principal to auth as for automated clients -{% if env == "staging" %} -principal = compose/koji.stg.fedoraproject.org@STG.FEDORAPROJECT.ORG -krb_server_realm = STG.FEDORAPROJECT.ORG -keytab = /etc/krb5.compose_koji.stg.iad2.fedoraproject.org.keytab -{% else %} -principal = compose/koji.fedoraproject.org@FEDORAPROJECT.ORG -krb_server_realm = FEDORAPROJECT.ORG -keytab = /etc/krb5.compose_koji.iad2.fedoraproject.org.keytab -{%endif%} - -;enable to lookup dns canonical hostname for krb auth -;krb_canon_host = no - -;[not_implemented_yet] -;enabled plugins for CLI, runroot and save_failed_tree are available -;plugins = -; runroot plugin is enabled by default in fedora -plugins = runroot - -; use the fast upload feature of koji by default -use_fast_upload = yes diff --git a/playbooks/manual/remote_delldrive.yml b/playbooks/manual/remote_delldrive.yml deleted file mode 100644 index 6e4961a2e8..0000000000 --- a/playbooks/manual/remote_delldrive.yml +++ /dev/null @@ -1,22 +0,0 @@ -# Call with, for example: -e 'target=ibiblio04.fedoraproject.org mgmt=ibiblio04-mgmt.fedoraproject.org' ---- -- name: Do a remote drive check - hosts: "{{target}}" - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Copy script over to {{target}} - ansible.builtin.copy: src={{private}}/scripts/drivestatus.py dest=/root/drivestatus.py - - - name: Run it for {{mgmt}} - ansible.builtin.shell: python /root/drivestatus.py {{mgmt}} - register: out - - - name: Remove it - ansible.builtin.file: path=/root/drivestatus.py state=absent - - - debug: var=out.stdout_lines diff --git a/playbooks/manual/restart-fedmsg-services.yml b/playbooks/manual/restart-fedmsg-services.yml new file mode 100644 index 0000000000..bbab41c620 --- /dev/null +++ b/playbooks/manual/restart-fedmsg-services.yml @@ -0,0 +1,62 @@ +# Restart fedmsg services +# +# The grande list of "what is running and where" is maintained here manually. +# By running this playbook, you're not actually guaranteed that all services +# everywhere will be restarted. As stuff changes over time, this playbook will +# need to be periodically updated with new things. + +- name: restart fedmsg-gateway instances + hosts: busgateway;busgateway-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: bounce the fedmsg-gateway service + service: name=fedmsg-gateway state=restarted + +- name: restart fedmsg-relay instances + hosts: busgateway;busgateway-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: bounce the fedmsg-relay service + service: name=fedmsg-relay state=restarted + +- name: restart fedmsg-irc instances + hosts: value;value-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: bounce the fedmsg-irc service + service: name=fedmsg-irc state=restarted + +- name: restart fedmsg-hub instances + hosts: fedmsg-hubs;fedmsg-hubs-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: bounce the fedmsg-hub service + service: name=fedmsg-hub state=restarted diff --git a/playbooks/manual/restart-pagure.yml b/playbooks/manual/restart-pagure.yml deleted file mode 100644 index 65e2c70170..0000000000 --- a/playbooks/manual/restart-pagure.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -- name: Reload the frontend - hosts: pagure:pagure_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - debug: msg="Karate Chop!" - - - name: Reload apache... - service: name="httpd" state=reloaded - - post_tasks: - - name: Tell nagios to unshush w.r.t. apache - nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org - ignore_errors: true diff --git a/playbooks/manual/riscv-keytabs.yml b/playbooks/manual/riscv-keytabs.yml deleted file mode 100644 index d8f05b6407..0000000000 --- a/playbooks/manual/riscv-keytabs.yml +++ /dev/null @@ -1,66 +0,0 @@ -- name: make some keytabs - hosts: riscv-koji01.iad2.fedoraproject.org - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - - name: create directory to store keytabs - ansible.builtin.file: - state: directory - path: /etc/builder-keytabs - mode: "700" - owner: root - group: root - - - name: make all the keytabs for builders - include_role: - name: keytab/service - vars: - kt_location: "/etc/builder-keytabs/{{ item }}.keytab" - service: compile-riscv - host: "{{ item }}" - with_items: - - buildhw-riscv-01.fedoraproject.org - - buildhw-riscv-02.fedoraproject.org - - buildhw-riscv-03.fedoraproject.org - - buildhw-riscv-04.fedoraproject.org - - buildhw-riscv-05.fedoraproject.org - - buildhw-riscv-06.fedoraproject.org - - buildhw-riscv-07.fedoraproject.org - - buildhw-riscv-08.fedoraproject.org - - buildhw-riscv-09.fedoraproject.org - - buildhw-riscv-10.fedoraproject.org - - buildhw-riscv-11.fedoraproject.org - - buildhw-riscv-12.fedoraproject.org - - buildhw-riscv-13.fedoraproject.org - - buildhw-riscv-14.fedoraproject.org - - buildhw-riscv-15.fedoraproject.org - - buildhw-riscv-16.fedoraproject.org - - buildhw-riscv-17.fedoraproject.org - - buildhw-riscv-18.fedoraproject.org - - buildhw-riscv-19.fedoraproject.org - - buildhw-riscv-20.fedoraproject.org - - buildhw-riscv-21.fedoraproject.org - - buildhw-riscv-22.fedoraproject.org - - buildhw-riscv-23.fedoraproject.org - - buildhw-riscv-24.fedoraproject.org - - buildhw-riscv-25.fedoraproject.org - - buildhw-riscv-26.fedoraproject.org - - buildhw-riscv-27.fedoraproject.org - - buildhw-riscv-28.fedoraproject.org - - buildhw-riscv-29.fedoraproject.org - - buildhw-riscv-30.fedoraproject.org - - buildhw-riscv-31.fedoraproject.org - - buildhw-riscv-32.fedoraproject.org - - buildhw-riscv-33.fedoraproject.org - - buildhw-riscv-34.fedoraproject.org - - buildhw-riscv-35.fedoraproject.org - - buildhw-riscv-36.fedoraproject.org - - buildhw-riscv-37.fedoraproject.org - - buildhw-riscv-38.fedoraproject.org - - buildhw-riscv-39.fedoraproject.org - - buildhw-riscv-40.fedoraproject.org diff --git a/playbooks/manual/sign-and-import.yml b/playbooks/manual/sign-and-import.yml deleted file mode 100644 index 479d157238..0000000000 --- a/playbooks/manual/sign-and-import.yml +++ /dev/null @@ -1,81 +0,0 @@ -# This playbook takes new rpms specified with a fileglob, signs them, and adds -# them to the infrastructure repo. -# -# To push to infra-testing: -# requires --extra-vars="rpmdir='/home/fedora/ralph/rpms/' testing=True rhel=6" -# -# To push to infra: -# requires --extra-vars="rpmdir='/home/fedora/ralph/rpms/' rhel=6" -# -# To push to fedora 20: -# requires --extra-vars="rpmdir='/home/fedora/ralph/rpms/' rhel=20" -# - -# TODO -- grab rpms from koji build/task ids beforehand? -# TODO -- other arches than x86_64? - ---- -- name: Batch sign and import a directory full of rpms - user: root - hosts: localhost - connection: local - - # Toggle this variable to import to the testing repo as opposed to the staging - # repo. Since we're in freeze right now, we'll default to the testing repo. - # It would be nice to be able to toggle this from the command line. - vars: - - repodir: /mnt/fedora/app/fi-repo/{% if testing %}testing/{% endif %}{{ rhel }} - - testing: false - - tasks: - - fail: msg="Please use the infra tags from now on" - when: no_use_infratags is not defined - - - fail: msg="Please specify rhel version with rhel=6/7" - when: rhel is not defined - - - name: Fail if no rpmdir provided - fail: msg="No rpmdir provided" - when: rpmdir is not defined - # TODO -- I'd also like to fail if rpmdir does not exist. - # TODO -- I'd also like to fail if there are no *.rpm files in there. - - - name: Sign all the rpms with our gpg key - ansible.builtin.shell: /bin/rpm --resign {{ rpmdir }}/*.rpm - - - name: Make a directory where we store the rpms afterwards - ansible.builtin.file: path={{ rpmdir }}-old state=directory - - - name: Copy the source rpms to the SRPMS dir of {{ repodir }} - ansible.builtin.copy: src={{ item }} dest={{ repodir }}/SRPMS/ - with_fileglob: - - "{{ rpmdir }}/*.src.rpm" - - - name: Move processed srpms out to {{ rpmdir }}-old - ansible.builtin.command: /bin/mv {{ item }} {{ rpmdir }}-old/ - when: not testing - with_fileglob: - - "{{ rpmdir }}/*.src.rpm" - - - name: Copy the binary rpms to the x86_64 dir of {{ repodir }} - ansible.builtin.copy: src={{ item }} dest={{ repodir }}/x86_64/ - with_fileglob: - - "{{ rpmdir }}/*.rpm" - - - name: Copy the binary rpms to the i386 dir of {{ repodir }} - ansible.builtin.copy: src={{ item }} dest={{ repodir }}/i386/ - with_fileglob: - - "{{ rpmdir }}/*.rpm" - - - name: Move processed rpms out to {{ rpmdir }}-old - ansible.builtin.command: /bin/mv {{ item }} {{ rpmdir }}-old/ - when: not testing - with_fileglob: - - "{{ rpmdir }}/*.rpm" - - - name: Run createrepo on each repo - ansible.builtin.command: createrepo --update {{ repodir }}/{{ item }}/ - with_items: - - SRPMS - - x86_64 - - i386 diff --git a/playbooks/manual/sign-bridge.yml b/playbooks/manual/sign-bridge.yml new file mode 100644 index 0000000000..5b055c20e4 --- /dev/null +++ b/playbooks/manual/sign-bridge.yml @@ -0,0 +1,51 @@ +# provision a new sign server. +# NOTE: this assumes the boxes are already up and are accessible +# NOTE: most of these vars_path come from group_vars/sign or from hostvars +# +# FURTHER NOTE: some of These machines run day to day with sshd disabled/off. +# Access is via management interface only. This playbook does initial setup. +# Please check with rel-eng before doing anything here. + +- name: make sign-bridge server vm + hosts: sign-bridge + user: root + gather_facts: False + accelerate: "{{ accelerated }}" + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + - include: "{{ tasks }}/accelerate_prep.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: configure sign bridge server + hosts: sign-bridge + user: root + gather_facts: true + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - hosts + - fas_client + - sudo + + tasks: + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/sign_setup.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/manual/sign-vault.yml b/playbooks/manual/sign-vault.yml index cd677f9c11..2f44185744 100644 --- a/playbooks/manual/sign-vault.yml +++ b/playbooks/manual/sign-vault.yml @@ -2,47 +2,28 @@ # NOTE: this assumes the boxes are already up and are accessible # NOTE: most of these vars_path come from group_vars/sign or from hostvars # -# FURTHER NOTE: some of These machines run day to day with sshd disabled/off. -# Access is via management interface only. This playbook does initial setup. -# Please check with rel-eng before doing anything here. +# FURTHER NOTE: some of These machines run day to day with sshd disabled/off. +# Access is via management interface only. This playbook does initial setup. +# Please check with rel-eng before doing anything here. ---- -- name: Make sign-vault server vm (secondary and stg only) - hosts: sign-vault01.stg.iad2.fedoraproject.org - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - import_tasks: "{{ tasks_path }}/virt_instance_create.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: Make sign vault server - hosts: sign_vault +- name: make sign vault server + hosts: sign-vault user: root gather_facts: true - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - base - rkhunter - - { role: linux-system-roles.nbde_client, when: datacenter == 'iad2' } - - { role: serial-console, when: datacenter == 'iad2'} - - sigul/server - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - import_tasks: "{{ tasks_path }}/yumrepos.yml" + tasks: + - include: "{{ tasks }}/serialgetty.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/sign_setup.yml" handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/manual/staging-sync/badges.yml b/playbooks/manual/staging-sync/badges.yml deleted file mode 100644 index 1d90ef3580..0000000000 --- a/playbooks/manual/staging-sync/badges.yml +++ /dev/null @@ -1,58 +0,0 @@ -# This playbook syncs the production badges instance with staging. ---- -- name: Bring staging services down - hosts: os-control01.stg.iad2.fedoraproject.org - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - ansible.builtin.command: oc -n badges scale dc/frontend --replicas=0 - - ansible.builtin.command: oc -n badges scale dc/consumer --replicas=0 - -# Here's the meaty part in the middle -- name: Drop and re-create the staging db entirely - hosts: db01.stg.iad2.fedoraproject.org - user: root - become: yes - become_user: postgres - become_method: sudo - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/vars/apps/badges.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - ansible.builtin.copy: - src: /srv/web/infra/db-dumps/{{ badges_db_name }}.dump.xz - dest: /var/tmp/{{ badges_db_name }}.dump.xz - owner: postgres - group: postgres - - ansible.builtin.command: unxz /var/tmp/{{ badges_db_name }}.dump.xz - args: - creates: /var/tmp/{{ badges_db_name }}.dump - - ansible.builtin.command: dropdb {{ badges_db_name }} - - ansible.builtin.command: createdb -O {{ tahrirDBUser }} {{ badges_db_name }} - - name: Import the prod db. - ansible.builtin.shell: cat /var/tmp/{{ badges_db_name }}.dump | psql {{ badges_db_name }} - - ansible.builtin.file: path=/var/tmp/{{ badges_db_name }}.dump state=absent - - name: rename prod users to staging users - ansible.builtin.shell: psql -v ON_ERROR_STOP=1 {{ badges_db_name }} <<< "UPDATE persons SET email = REPLACE(email, '@fedoraproject.org', '@stg.fedoraproject.org')" - -- name: Bring staging services up - hosts: os-control01.stg.iad2.fedoraproject.org - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - ansible.builtin.command: oc -n badges scale dc/frontend --replicas=1 - - ansible.builtin.command: oc -n badges scale dc/consumer --replicas=1 diff --git a/playbooks/manual/staging-sync/bodhi.yml b/playbooks/manual/staging-sync/bodhi.yml deleted file mode 100644 index 515384b7c6..0000000000 --- a/playbooks/manual/staging-sync/bodhi.yml +++ /dev/null @@ -1,110 +0,0 @@ -# This playbook syncs the production bodhi instance with staging. ---- -- name: Bring staging services down (httpd) - hosts: bodhi2_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - service: name=httpd state=stopped - -- name: Bring staging services down (OpenShift web services) - hosts: os-control01.stg.iad2.fedoraproject.org - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - ansible.builtin.command: oc -n bodhi scale dc/bodhi-web --replicas=0 - - ansible.builtin.command: oc -n bodhi scale dc/bodhi-consumer --replicas=0 - - ansible.builtin.command: oc -n bodhi scale dc/bodhi-celery --replicas=0 - -- name: Bring staging services down (messaging) - hosts: bodhi_backend_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - service: - name: "{{ item }}" - state: stopped - with_items: - - fm-consumer@config.service - - bodhi-celery - -# Here's the meaty part in the middle -- name: Drop and re-create the staging db entirely - hosts: db01.stg.iad2.fedoraproject.org - user: root - become: yes - become_user: postgres - become_method: sudo - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - ansible.builtin.copy: - src: /srv/web/infra/db-dumps/bodhi2.dump.xz - dest: /var/tmp/bodhi2.dump.xz - owner: postgres - group: postgres - - ansible.builtin.command: unxz /var/tmp/bodhi2.dump.xz - creates=/var/tmp/bodhi2.dump - - ansible.builtin.command: dropdb bodhi2 - - ansible.builtin.command: createdb -O bodhi2 bodhi2 - - name: Import the prod db. - ansible.builtin.shell: cat /var/tmp/bodhi2.dump | psql bodhi2 - - ansible.builtin.file: path=/var/tmp/bodhi2.dump state=absent - -- name: Bring staging services up (OpenShift web services) - hosts: os-control01.stg.iad2.fedoraproject.org - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - ansible.builtin.command: oc -n bodhi scale dc/bodhi-web --replicas=1 - - ansible.builtin.command: oc -n bodhi scale dc/bodhi-consumer --replicas=1 - - ansible.builtin.command: oc -n bodhi scale dc/bodhi-celery --replicas=1 - -- name: Bring staging services up (httpd) - hosts: bodhi2_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - service: name=httpd state=started - -- name: Bring staging services up (messaging) - hosts: bodhi_backend_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - service: - name: "{{ item }}" - state: stopped - with_items: - - fm-consumer@config.service - - bodhi-celery diff --git a/playbooks/manual/staging-sync/db-sync.yml b/playbooks/manual/staging-sync/db-sync.yml deleted file mode 100644 index f8287ad4fb..0000000000 --- a/playbooks/manual/staging-sync/db-sync.yml +++ /dev/null @@ -1,141 +0,0 @@ -# This playbook tries to be a generic solution to sync databases from prod to -# stg - -# Usage: -# --extra-vars="dbhost='db01' server='pkgdb01.stg' db='pkgdb2'" -# dbhost => The hostname for the database server (db01, db02...), the -# .iad2.fedoraproject.org part is automatically added. -# Since this playbook syncs from stg to prod only, it is assumed you -# are migrating from dbX to dbX.stg) -# server => The application server where apache will be turned off during the -# sync. /!\ it should be the *stg* server, not prod (the one you want -# to load the new DB for) -# Can be a full hostname (foo01.iad2.fp.o) or a group (foo-stg) or an -# emptry string (''), for example if the app is running in openshift. -# db => The database name on both database server (must be the same) - ---- -- name: Dump the prod db out - hosts: "{{ dbhost }}.iad2.fedoraproject.org" - user: root - become: yes - become_user: postgres - become_method: sudo - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - name: Dumping the production db. This might take a minute. Go out to the lobby! - ansible.builtin.shell: pg_dump -C {{ db }} |xz -c > /var/tmp/{{ db }}.dump.xz - - # Get the dump from `from` in the batcave - - name: Export the dump from the dbhost in prod to batcave - fetch: - src: /var/tmp/{{ db }}.dump.xz - dest: /var/tmp/ - flat: yes - -- name: Bring staging services down - hosts: "{{ server or 'batcave01.iad2.fedoraproject.org' }}" - user: root - any_errors_fatal: false - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - name: Stop apache - service: name=httpd state=stopped - when: (server is defined) and (server|length > 0) - -- name: Drop and re-create the staging db entirely - hosts: "{{ dbhost }}.stg.iad2.fedoraproject.org" - user: root - become: yes - become_user: postgres - become_method: sudo - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - # push dump to stg from batcave - - name: Push the DB dump from batcave to the dbhost in stg - ansible.builtin.copy: - src: /var/tmp/{{ db }}.dump.xz - dest: /var/tmp/{{ db }}.dump.xz - - - name: Unpack the archive - ansible.builtin.command: unxz /var/tmp/{{ db }}.dump.xz - creates=/var/tmp/{{ db }}.dump - - - name: Drop the postgresql database in staging - ansible.builtin.command: dropdb {{ db }} - ignore_errors: yes - - - name: Create the postgresql database in staging - ansible.builtin.command: createdb {{ db }} - - - name: Import the prod db. This will take quite a while. Go get a snack! - ansible.builtin.shell: cat /var/tmp/{{ db }}.dump | psql {{ db }} - -- name: Bring staging services up - hosts: "{{ server or 'batcave01.iad2.fedoraproject.org' }}" - user: root - any_errors_fatal: false - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - name: Restart apache - service: name=httpd state=started - when: (server is defined) and (server|length > 0) - -- name: Remove the prod db dump now that we are done - hosts: "{{ dbhost }}.iad2.fedoraproject.org" - user: root - become: yes - become_user: postgres - become_method: sudo - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - name: Remove the db dump on the prod server - ansible.builtin.command: rm -f /var/tmp/{{ db }}.dump.xz - -- name: Remove the prod db dump on batcave - hosts: batcave01.iad2.fedoraproject.org - user: root - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - name: Remove the DB dump from batcave - ansible.builtin.command: rm -f /var/tmp/{{ db }}.dump.xz diff --git a/playbooks/manual/staging-sync/koji.yml b/playbooks/manual/staging-sync/koji.yml deleted file mode 100644 index cabb4edaaa..0000000000 --- a/playbooks/manual/staging-sync/koji.yml +++ /dev/null @@ -1,171 +0,0 @@ -# This playbook syncs the production koji instance with staging and manages all -# the steps we need to keep our setup intact. -# -# For a description of what we're doing, see -# https://lists.fedoraproject.org/pipermail/infrastructure/2015-June/016377.html -# For a description of the koji 'secondary volumes' feature, see -# https://lists.fedoraproject.org/pipermail/buildsys/2012-May/003892.html -# For a description of the sql migration we do, see -# https://lists.fedoraproject.org/pipermail/buildsys/2015-June/004779.html - - ---- -- name: Bring staging services down - hosts: koji_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - service: name=httpd state=stopped - - service: name=kojira state=stopped - - -- name: Drop and re-create the staging db entirely - hosts: db-koji01.stg.iad2.fedoraproject.org - user: root - become: yes - become_user: postgres - become_method: sudo - tags: - - db-sync - vars: - - builder_groups: - - name: buildvm_stg - arches: i386 x86_64 - extra_channels: - - container - - createrepo - - livemedia - - name: buildvm_aarch64_stg - arches: aarch64 - - name: buildvm_ppc64le_stg - arches: ppc64le - - name: buildvm_s390x_stg - arches: s390x - # Users allowed to use content generators, only in staging - - cg_users: - - user_name: obudai - cg_name: osbuild - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - ansible.builtin.template: src=templates/koji-reset-staging.sql dest=/var/lib/pgsql/koji-reset-staging.sql - tags: - - db-sync-script - - - postgresql_user: name=koji password={{ kojiPassword }} - when: env != "staging" - - postgresql_user: name=koji password={{ kojiStgPassword }} - when: env == "staging" - - postgresql_user: name=backup - - postgresql_db: name=koji state=absent -# buildroot_listing is excluded from the sync to save some time -# TODO: install mbuffer on db-koji.stg - - name: Import the prod db. This will take quite a while. Go get a snack! - ansible.builtin.shell: > - curl -s -S https://infrastructure.fedoraproject.org/infra/db-dumps/koji.dump.xz | - mbuffer -q -s 8M -m 128M -l /tmp/mbuffer-curl-to-xz.log | - xzcat | - mbuffer -q -s 16M -m 256M -l /tmp/mbuffer-xz-to-sed.log | - sed '/COPY buildroot_listing /,/\./d' | - mbuffer -q -s 16M -m 512M -l /tmp/mbuffer-sed-to-psql.log | - psql -v ON_ERROR_STOP=1 - - name: Repoint all the prod rpm entries at the secondary volume (and other stuff) - ansible.builtin.shell: psql -1 -v ON_ERROR_STOP=1 koji alter database koji rename to koji_save_YYYYMMDD; --- => alter database koji-new rename to koji; --- [reset koji-test fs] --- [unset kojihub ServerOffline setting] - - --- wipe obsolete table that only causes problems with the sync, could --- even be dropped entirely (together with imageinfo table). -select now() as time, 'wiping imageinfo listings' as msg; -delete from imageinfo_listing; - --- bump sequences (not strictly needed anymore) -select now() as time, 'bumping sequences' as msg; -alter sequence task_id_seq restart with 140000000; -alter sequence repo_id_seq restart with 140000000; -alter sequence imageinfo_id_seq restart with 14000000; - --- truncate sessions -select now() as time, 'truncating sessions' as msg; -truncate table sessions; - --- cancel any open tasks -select now() as time, 'canceling open tasks' as msg; -update task set state=3 where state in (0,1,4); - --- cancel any builds in progress -select now() as time, 'canceling builds in progress' as msg; -update build set state=4, completion_time=now() where state=0; - --- set prod volume - only for complete builds; failed, canceled and --- deleted ones should stay on default (staging) volume so that when --- they are resubmitted or imported in staging, koji won't try to put --- them on prod volume (and fall because of read-only filesystem) -select now() as time, 'setting up prod volume' as msg; -insert into volume(name) values('prod'); -update build set volume_id=(select id from volume where name='prod') where volume_id=0 and state=1; - --- delete files from incomplete builds to keep DB in sync with --- filesystem; these builds are on default (staging) volume and their --- files are not there; keeping rpminfo's ma -delete from archive_rpm_components where rpm_id in (select id from rpminfo where build_id in (select id from build where state<>1)); -delete from image_listing where rpm_id in (select id from rpminfo where build_id in (select id from build where state<>1)); -delete from buildroot_listing where rpm_id in (select id from rpminfo where build_id in (select id from build where state<>1)); -delete from rpminfo where build_id in (select id from build where state<>1); - --- expire any active buildroots -select now() as time, 'expiring active buildroots' as msg; -update standard_buildroot set state=3, retire_event=get_event() where state=0; - --- enable/disable hosts -update host_config set enabled=False where active; - --- fix host_channels -truncate host_channels; - --- expire all the repos -select now() as time, 'expiring repos' as msg; -update repo set state = 3 where state in (0, 1, 2); - - --- add our staging builders, dynamically pulled from ansible inventory - -{% for group in builder_groups %} -{% for host in groups[group.name] %} -select now() as time, 'adding staging host {{ host }}' as msg; -delete from host_config where host_id in (select id from host where name='{{host}}'); -delete from host where name='{{ host }}'; -delete from user_krb_principals where user_id = (select id from users where name ='{{ host }}'); -delete from users where name='{{ host }}'; -insert into users (name, status, usertype) values ('{{ host }}', 0, 1); -insert into user_krb_principals (user_id, krb_principal) values ( - (select id from users where name ='{{ host }}'), 'compile/{{ host }}@STG.FEDORAPROJECT.ORG'); -insert into host (user_id, name) values ( - (select id from users where name='{{host}}'), '{{host}}'); -insert into host_config (host_id, arches, creator_id) values ( - (select id from host where name='{{host}}'), '{{ group.arches }}', 2045); -{% for channel in [ 'default', 'osbuild', 'appliance', 'vm', 'secure-boot', 'compose', 'eclipse', 'images', 'image'] + group.extra_channels|default([]) %} -insert into host_channels (host_id, channel_id, creator_id) values ( - (select id from host where name='{{host}}'), (select id from channels where name='{{channel}}'), 2045); -{% endfor %} -{% endfor %} -{% endfor %} - --- Add some people to be admins, only in staging. Feel free to grow this list.. - -{% for username in ['mizdebsk', 'psabata', 'jkaluza', 'fivaldi'] %} -select now() as time, 'adding staging admin {{username}}' as msg; -insert into users (name, usertype, status) values ('{{username}}', 0, 0) on conflict do nothing; -insert into user_perms (user_id, perm_id, active, creator_id) values ( - (select id from users where name='{{username}}'), - (select id from permissions where name='admin'), - True, - (select id from users where name='{{username}}')); -{% endfor %} - --- Allow some users to use content generators, only in staging. -{% for cg_user in cg_users %} -insert into cg_users (cg_id, user_id, creator_id) values ( - (select id from content_generator where name='{{ cg_user.cg_name }}'), - (select id from users where name='{{ cg_user.user_name }}'), - (select id from users where name='{{ cg_user.user_name }}')); -{% endfor %} - --- Fix krb principals for some users -{% for user_id, principal in [('3445', 'compose/koji.stg.fedoraproject.org'), - ('3199', 'koschei/koschei-backend01.stg.iad2.fedoraproject.org'), - ('3139', 'hotness/hotness01.stg.iad2.fedoraproject.org'), - ('3538', 'osbs/osbs.stg.fedoraproject.org'), - ('428', 'bodhi/bodhi.stg.fedoraproject.org'), - ('3638', 'autosign/autosign01.stg.iad2.fedoraproject.org'), - ('129', 'kojira/koji.stg.fedoraproject.org')] %} -update user_krb_principals set krb_principal='{{principal}}@STG.FEDORAPROJECT.ORG' where user_id='{{user_id}}'; -{% endfor %} -update user_krb_principals set krb_principal=replace(krb_principal, '@FEDORAPROJECT.ORG', '@STG.FEDORAPROJECT.ORG'); - --- TODO fix kojipkgs url in external repos diff --git a/playbooks/manual/sync-hosts.yml b/playbooks/manual/sync-hosts.yml deleted file mode 100644 index 38a1581c67..0000000000 --- a/playbooks/manual/sync-hosts.yml +++ /dev/null @@ -1,29 +0,0 @@ -# Synchronizes files in /tmp/staging between remote hosts -# The following variables need to be supplied with the -# --extra-vars flag for the playbook to work: -# 'remote_src_host', 'remote_dest_host' -# -# Example: -# ansible-playbook sync-hosts.yml --extra-vars \ -# "remote_src_host=bodhi-backend01.iad2.fedoraproject.org \ -# remote_dest_host=sundries01.iad2.fedoraproject.org" ---- -- hosts: localhost - user: root - - tasks: - - - name: copy files from remote_src_host to control node - run_once: yes - fetch: - src: /tmp/staging - dest: /tmp/staging - flat: yes - validate_checksum: yes - when: "{{ inventory_hostname == 'remote_src_host' }}" - - - name: copy files from control node to remote_dest_host - ansible.builtin.copy: - src: /tmp/staging - dest: /tmp/staging - when: "{{ inventory_hostname == 'remote_dest_host' }}" diff --git a/playbooks/manual/update-aliases.yml b/playbooks/manual/update-aliases.yml deleted file mode 100644 index 2e5e19aa95..0000000000 --- a/playbooks/manual/update-aliases.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- name: Run fasjson playbook on bastion for alias changes - hosts: bastion - user: root - gather_facts: true - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - { role: fasjson, when: env != "staging" } diff --git a/playbooks/manual/update-firmware.yml b/playbooks/manual/update-firmware.yml deleted file mode 100644 index e3da09f3f2..0000000000 --- a/playbooks/manual/update-firmware.yml +++ /dev/null @@ -1,112 +0,0 @@ -# This playbook upgrades the firmwares on our different boxes -##################### WARNING ################################## -# !!!DO NOT STOP THIS PLAYBOOK ONCE STARTED!!! # -# Given its very nature with firmware upgrades,this playbook # -# should NOT EVER be terminated after starting!!! # -# Even if it failed on some servers, do NOT abort the run! # -# When you do so, you risk bricking the servers it was still # -# working on!! # -##################### WARNING ################################## -# - ---- -- name: Show warning - hosts: localhost - tasks: - - pause: prompt="DO NOT ABORT THIS PLAYBOOK, IT WILL TAKE LONG! Press enter to confirm" - - pause: prompt="Giving you time to read the above warnings..." minutes=5 - - pause: prompt="Hit enter one more time to confirm..." - -- name: Copy and apply firmware upgrades - hosts: all - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - vars: - - updates: - - dirname: Dell-R520 - vendor: "Dell Inc." - product: "PowerEdge R520" - files: - - iDRAC-with-Lifecycle-Controller_Firmware_VV01T_LN_2.21.21.21_A00.BIN - - R520_BIOS_35C9T_LN_2.4.2.BIN - - dirname: Dell-R630 - vendor: "Dell Inc." - product: "PowerEdge R630" - files: - - iDRAC-with-Lifecycle-Controller_Firmware_1X82C_LN_2.21.21.21_A00.BIN - - BIOS_1RMMP_LN_1.5.4.BIN - - dirname: Dell-R720xd - vendor: "Dell Inc." - product: "PowerEdge R720xd" - files: - - iDRAC-with-Lifecycle-Controller_Firmware_VV01T_LN_2.21.21.21_A00.BIN - - BIOS_MKCTM_LN_2.5.2.BIN - - tasks: - - name: Create drop place for upgrades - check_mode: no - when: ansible_virtualization_role == "host" - ansible.builtin.file: path=/root/firmware-upgrades state=directory - - - name: Check which updates to copy - check_mode: no - stat: path=/root/firmware-upgrades/{{ item.1}}.applied - register: is_applied_results - when: item.0.vendor == ansible_system_vendor and item.0.product == ansible_product_name - with_subelements: - - "{{ updates }}" - - "{{ files }}" - - - name: Copy updates - check_mode: no - ansible.builtin.copy: src={{ bigfiles }}/firmware/{{ item.item.0.dirname }}/{{ item.item.1}} - dest=/root/firmware-upgrades/ - mode=0700 - register: copy_results - when: "'stat' in item and not item.stat.exists" - with_items: "{{is_applied_results.results}}" - - - # Dell updates here - - name: Check Dell updates - check_mode: no - ansible.builtin.command: /root/firmware-upgrades/{{ item.item.1}} -qc - register: check_results - failed_when: "'System(s) supported by this package' in check_results.stdout" - changed_when: "'is the same' not in check_results.stdout" - when: "ansible_system_vendor == 'Dell Inc.' and 'stat' in item and not item.stat.exists" - with_items: "{{is_applied_results.results}}" - - - name: Apply Dell updates - ansible.builtin.command: /root/firmware-upgrades/{{ item.item.item.1}} -q - register: update_results - failed_when: "'System(s) supported by this package:' in update_results.stdout" - changed_when: "'should be restarted' in update_results.stdout or 'completed successfully' in update_results.stdout" - when: ansible_system_vendor == "Dell Inc." and item.changed - with_items: "{{check_results.results}}" - - # Note: IBM updates were considered, but IBM does not allow checking of - # downloaded firmware packages: at the moment of writing they do not - # publish a GPG signature or checksums of downloaded files. (2016-01-21) - - - # Generic stuff continues here - - name: Mark updates as done - ansible.builtin.file: path=/root/firmware-upgrades/{{ item.item.1 }}.applied - state=touch owner=root mode=644 - when: "'stat' in item and not item.stat.exists" - with_items: "{{is_applied_results.results}}" - - # We are cleaning up all files we copied, regardless of update result - - name: Delete update files - check_mode: no - ansible.builtin.file: path=/root/firmware-upgrades/{{ item.item.1 }} - state=absent - when: "'stat' in item and not item.stat.exists" - with_items: "{{is_applied_results.results}}" diff --git a/playbooks/manual/update-packages.yml b/playbooks/manual/update-packages.yml deleted file mode 100644 index 5718d0081d..0000000000 --- a/playbooks/manual/update-packages.yml +++ /dev/null @@ -1,41 +0,0 @@ -# requires --extra-vars="target='host1:host2:group etc' package='python-tahrir'" -# -# Alternatively, you could update a group of packages like -# --extra-vars="target='host1:host2' package='python-t*'" -# -# To update from testing, adjust as follow: -# --extra-vars="target='host1:host2' package='python-t*' testing=True" - ---- -- name: Push packages out - hosts: "{{target}}" - user: root - - vars: - testing: false - - tasks: - - - name: Yum update {{ package }} from main repo - yum: name="{{ package }}" state=latest update_cache=yes - when: not testing and ansible_distribution_major_version|int < 8 and ansible_distribution == 'RedHat' - - - name: Yum update {{ package }} from testing repo - yum: name="{{ package }}" state=latest enablerepo=infrastructure-tags-stg update_cache=yes - when: testing and ansible_distribution_major_version|int < 8 and ansible_distribution == 'RedHat' - - - name: Dnf clean all (since we can't do it when updating) - ansible.builtin.command: dnf clean all - when: not testing and ansible_distribution_major_version|int > 21 and ansible_distribution == 'Fedora' - - - name: Dnf update {{ package }} from main repo - dnf: name="{{ package }}" state=latest - when: not testing and ansible_distribution_major_version|int > 21 and ansible_distribution == 'Fedora' - - - name: Dnf clean all (since we can't do it when updating) - ansible.builtin.command: dnf clean all --enablerepo=infrastructure-tags-stg - when: testing and ansible_distribution_major_version|int > 21 and ansible_distribution == 'Fedora' - - - name: Dnf update {{ package }} from testing repo - dnf: name="{{ package }}" state=latest enablerepo=infrastructure-tags-stg - when: testing and ansible_distribution_major_version|int > 21 and ansible_distribution == 'Fedora' diff --git a/playbooks/manual/upgrade/bodhi.yml b/playbooks/manual/upgrade/bodhi.yml deleted file mode 100644 index 75c9eb3fd7..0000000000 --- a/playbooks/manual/upgrade/bodhi.yml +++ /dev/null @@ -1,175 +0,0 @@ ---- -- name: Check to see if a compose is going on before we do anything... - hosts: bodhi_backend:bodhi_backend_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - include_vars: /srv/web/infra/ansible/vars/apps/bodhi.yml - - name: Check for running composes - ansible.builtin.shell: "curl https://bodhi{{env_suffix}}.fedoraproject.org/composes/" - register: composes - - - name: Fail if we found that a compose was in progress - fail: - msg: "There are composes in progress." - any_errors_fatal: true - when: "composes.stdout != '{\"composes\": []}' and env != 'staging'" - -- name: Push packages out - hosts: bodhi_backend:bodhi_backend_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - name: Update bodhi-server packages from main repo - dnf: - name: - - bodhi-server - - bodhi-composer - state: latest - update_cache: true - - name: Update bodhi-server packages from testing repo - dnf: - name: - - bodhi-server - - bodhi-composer - state: latest - enablerepo: infrastructure-tags-stg - update_cache: true - when: testing - -- name: Find out if there are migrations to run - hosts: bodhi_backend:bodhi_backend_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Find out what the current migration version is - ansible.builtin.command: /usr/bin/alembic-3 -c /etc/bodhi/alembic.ini current - register: current_migration_version - -- name: Stop the front end if there are migrations to run - hosts: os_control[0]:os_control_stg[0] - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - pre_tasks: - - name: Tell nagios to shush w.r.t. the frontend - nagios: action=downtime minutes=15 service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org - ignore_errors: true - - tasks: - - set_fact: - # This will be a bool that indicates whether we need to run migrations or not. - migrations: "'(head)' not in hostvars['bodhi-backend01{{ env_suffix }}.iad2.fedoraproject.org']['current_migration_version'].stdout" - - name: Scale down to 0 pods - ansible.builtin.command: oc -n bodhi scale dc/bodhi-web --replicas=0 - when: migrations - -- name: Verify the backends, stop them, and then upgrade the db - hosts: bodhi_backend:bodhi_backend_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - pre_tasks: - - name: Tell nagios to shush w.r.t. the backend - nagios: action=downtime minutes=15 service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org - ignore_errors: true - - roles: - - bodhi2/backend - - tasks: - - name: Stop the backend services - service: - name: "{{ item }}" - state: stopped - with_items: - - fm-consumer@config.service - - bodhi-celery - - - name: Upgrade the database - ansible.builtin.command: /usr/bin/alembic-3 -c /etc/bodhi/alembic.ini upgrade head - args: - chdir: /usr/share/bodhi/ - - - name: Start the backend services - service: - name: "{{ item }}" - state: started - with_items: - - fm-consumer@config.service - - bodhi-celery - - post_tasks: - - name: Tell nagios to unshush w.r.t. the backend - nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org - ignore_errors: true - -- name: Restart the frontend - hosts: os_control[0]:os_control_stg[0] - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - include_vars: /srv/web/infra/ansible/vars/apps/bodhi.yml - - name: Scale up pods - ansible.builtin.command: oc -n bodhi scale dc/bodhi-web --replicas={{ bodhi_openshift_pods }} - when: env != "staging" - - name: Scale up pods - ansible.builtin.command: oc -n bodhi scale dc/bodhi-web --replicas={{ bodhi_openshift_pods }} - when: env == "staging" - # Redeploy the build config as it may request a newer version in the Dockerfile - # Only do it on prod because staging tracks a branch - - import_role: - name: openshift/object - vars: - object_app: bodhi - object_template: buildconfig.yml - object_objectname: buildconfig.yml - when: env != "staging" - # Start a build with the new buildconfig - # Only do it on prod because staging builds are triggered by Github's webhook - - import_role: - name: openshift/start-build - vars: - start_build_app: bodhi - start_build_buildname: bodhi-base - when: env != "staging" - - post_tasks: - - name: Tell nagios to unshush w.r.t. the frontend - nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org - ignore_errors: true diff --git a/playbooks/manual/upgrade/bugzilla2fedmsg.yml b/playbooks/manual/upgrade/bugzilla2fedmsg.yml deleted file mode 100644 index 53454ed6de..0000000000 --- a/playbooks/manual/upgrade/bugzilla2fedmsg.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -- name: Push packages out - hosts: bugzilla2fedmsg:bugzilla2fedmsg_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - vars: - testing: false - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - name: Clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} - ansible.builtin.command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} - check_mode: no - - name: Update bugzilla2fedmsg packages from main repo - ansible.builtin.package: name="python-bugzilla2fedmsg" state=latest - when: not testing - - name: Update bugzilla2fedmsg packages from testing repo - yum: name="python-bugzilla2fedmsg" state=latest enablerepo=infrastructure-tags-stg - when: testing - -- name: Verify the backend and restart it - hosts: bugzilla2fedmsg:bugzilla2fedmsg_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - pre_tasks: - - name: Tell nagios to shush - nagios: action=downtime minutes=60 service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org - ignore_errors: true - - roles: - - bugzilla2fedmsg - - post_tasks: - - service: name="moksha-hub" state=restarted - - name: Tell nagios to unshush - nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org - ignore_errors: true diff --git a/playbooks/manual/upgrade/datagrepper.yml b/playbooks/manual/upgrade/datagrepper.yml deleted file mode 100644 index 3fd178980d..0000000000 --- a/playbooks/manual/upgrade/datagrepper.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -- name: Push packages out - hosts: datagrepper:datagrepper_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - vars: - testing: false - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - name: Clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} - ansible.builtin.command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} - check_mode: no - - name: Yum update datagrepper packages from main repo - ansible.builtin.package: name="datagrepper" state=latest - when: not testing - - name: Yum update datagrepper packages from testing repo - ansible.builtin.package: name="datagrepper" state=latest enablerepo=infrastructure-tags-stg - when: testing - -- name: Verify the config and restart it - hosts: datagrepper:datagrepper_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - pre_tasks: - - name: Tell nagios to shush - nagios: action=downtime minutes=60 service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org - ignore_errors: true - - roles: - - datagrepper - - post_tasks: - - service: name="httpd" state=restarted - - - name: Tell nagios to unshush - nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org - ignore_errors: true diff --git a/playbooks/manual/upgrade/datanommer.yml b/playbooks/manual/upgrade/datanommer.yml deleted file mode 100644 index e1a25b8883..0000000000 --- a/playbooks/manual/upgrade/datanommer.yml +++ /dev/null @@ -1,112 +0,0 @@ ---- -- name: Verify the badges backend and stop it - hosts: - - badges_backend - - badges_backend_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - pre_tasks: - - name: tell nagios to shush - nagios: action=downtime minutes=120 service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org - ignore_errors: true - roles: - - badges/backend - tasks: - - service: name="fedmsg-hub" state=stopped - -- name: Stop datagrepper - hosts: - - os_masters[0] - - os_masters_stg[0] - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - tasks: - - name: Scale down datagrepper to 0 pods - ansible.builtin.command: oc -n datagrepper scale dc/datagrepper --replicas=0 - -- name: Stop datanommer - hosts: - - os_masters[0] - - os_masters_stg[0] - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - tasks: - - name: Scale down datanommer to 0 pods - ansible.builtin.command: oc -n datanommer scale dc/datanommer --replicas=0 - -- name: Upgrade the database - role: openshift/object - object_app: datanommer - object_template: job.yml.j2 - object_objectname: job.yml - -- name: Wait for the db-upgrade completion - ansible.builtin.command: oc get jobs/db-upgrade -o jsonpath='{@.status.succeeded}' - register: status - until: status.stdout | int == 1 - retries: 5 - delay: 30 - -- name: Delete the job in case it finished - role: openshift/object-delete - object_delete_app: datanommer - object_delete_objecttype: job - object_delete_objectname: db-upgrade - when: status.stdout | int == 1 - -- name: Start the datanommer again - hosts: - - os_masters[0] - - os_masters_stg[0] - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - tasks: - - name: Scale up datanommer pods - ansible.builtin.command: oc -n datanommer scale dc/db-datanommer --replicas=1 - -- name: Start the datagrepper again - hosts: - - os_masters[0] - - os_masters_stg[0] - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - tasks: - - name: Scale up datagrepper pods - ansible.builtin.command: oc -n datagrepper scale dc/datagrepper --replicas=1 - -- name: Restart the last backend piece (badges) - hosts: - - badges-backend - - badges-backend-stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - post_tasks: - - name: tell nagios to unshush - nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org - ignore_errors: true diff --git a/playbooks/manual/upgrade/koji.yml b/playbooks/manual/upgrade/koji.yml deleted file mode 100644 index 0296f97b6f..0000000000 --- a/playbooks/manual/upgrade/koji.yml +++ /dev/null @@ -1,108 +0,0 @@ -# How to run this playbook: -# -# $ sudo -i ansible-playbook /srv/web/infra/ansible/playbooks/manual/upgrade/koji.yml \ -# -l \*.stg.\* \ -# -e db_upgrade_file=/usr/share/doc/koji-1.13.0/docs/schema-upgrade-1.12-1.13.sql -# -# The above command will run the playbook and (-l) limit the run to only staging -# nodes. The extra var db_upgrade_file is passed in which tells the playbook to -# run that script on the database after bringing down the koji hubs. -# -# Steps (from nirik in #fedora-releng) -# 1) make outage ticket -# 2) get reviewed -# 3) send to devel-announce -# 4) take down koji01/02 httpds -# 5) upgrade database -# 6) update hubs -# 7) update all builders -# 8) restart -# -# TODO: -# - stop and restart kojira on koji02 -# - kill any koji-gc processes -# - nagios outage stuff didn't seem to work as well as we would want last time. - ---- -- name: Preliminary tasks - hosts: koji:koji_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Ask admin if an outage ticket was created. - pause: seconds=30 prompt="Did you file an outage ticket before running this?" - - name: Ask admin if an outage ticket was reviewed. - pause: seconds=30 prompt="Did you have someone review that outage ticket? This is koji we're talking about here..." - - name: Ask admin if an outage ticket was announced. - pause: seconds=30 prompt="Did you send the outage announcement to devel-announce? People need to know." - - - name: Ask admin if no db upgrade script is ok. - pause: seconds=30 prompt="You didn't specify a db_upgrade_file extra-var. Are you sure there is no db upgrade required?" - when: db_upgrade_file is undefined - - - name: Tell nagios that everything is fine - nagios: action=downtime minutes=30 service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org - ignore_errors: true - - - name: Stop httpd on the koji-hubs. - service: name="httpd" state=stopped - -- name: Run commands on the database host. - # Note that the hosts are used explicitly here to choose only the "primary". - # We don't want to run upgrades on both pgbdr nodes at the same time. - # ... is anything special needed to upgrade pgbdr nodes? - hosts: db-koji01.iad2.fedoraproject.org:db-koji01.stg.iad2.fedoraproject.org - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Install the koji package, to get the upgrade script. - # Note that "latest" here might as well be "present". The package shouldn't - # be present in the first place. In any case, if it is erroneously present, - # then we really do want the latest version. - ansible.builtin.package: name=koji state=latest update_cache=yes - when: db_upgrade_file is defined - - name: Execute the db upgrade script - ansible.builtin.shell: psql koji < {{db_upgrade_file}} - become: true - become_user: postgres - when: db_upgrade_file is defined - - name: Remove the package, since we no longer need the script. - ansible.builtin.package: name=koji state=absent - when: db_upgrade_file is defined - -- name: Update and restart the koji hubs before we touch the builders - hosts: koji:koji_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - tasks: - - ansible.builtin.package: name=koji-hub state=latest update_cache=yes - - name: Restart httpd on the koji-hubs. - service: name="httpd" state=started - - name: Unsilence nagios - nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org - ignore_errors: true - -- name: Update and restart the koji builders, now that we're done with the hubs - hosts: builders:builders_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - tasks: - - ansible.builtin.package: name=koji-builder state=latest update_cache=yes - - name: Restart all the builders. so many. - service: name="kojid" state=restarted diff --git a/playbooks/manual/upgrade/koschei-full.yml b/playbooks/manual/upgrade/koschei-full.yml deleted file mode 100644 index 4d11c486f7..0000000000 --- a/playbooks/manual/upgrade/koschei-full.yml +++ /dev/null @@ -1,55 +0,0 @@ -# This playbook can be used to update running Koschei instance to -# latest upstream version. It causes user-visible downtime, but -# unlike koschei-rolling.yml, it works even in case when there are -# database migrations to apply. - ---- -- name: Perform full Koschei update - hosts: os_control[0]:os_control_stg[0] - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/roles/openshift-apps/koschei/vars/main.yml - - /srv/web/infra/ansible/roles/openshift-apps/koschei/vars/{{ env }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - name: Delete all jobs - ansible.builtin.shell: oc -n koschei delete job --all - - - name: Pause all deployments - ansible.builtin.shell: oc -n koschei rollout pause deploy - - - name: Delete all replica sets - ansible.builtin.shell: oc -n koschei delete rs --all - - - name: Delete all pods - ansible.builtin.shell: oc -n koschei delete pod --all - - - name: Import upstream image into OpenShift - include_role: name=openshift/import-image - vars: - import_image_app: "{{ app }}" - import_image_imagestreamname: koschei - - - name: Run database migrations - include_role: name=openshift-apps/koschei/job - vars: - job_app: "{{ app }}" - job_name: db-migrate - job_command: "koschei-admin alembic upgrade head" - - # Since everything is stopped and users are seeing downtime anyway, - # we may as well want to vacuum the DB to improve performance. - - name: Vacuum database - include_role: name=openshift-apps/koschei/job - vars: - job_app: "{{ app }}" - job_name: db-vacuum - job_command: "koschei-admin psql <<<'VACUUM FULL ANALYZE'" - - - name: Resume all deployments - ansible.builtin.shell: oc -n koschei rollout resume deploy diff --git a/playbooks/manual/upgrade/koschei-rolling.yml b/playbooks/manual/upgrade/koschei-rolling.yml deleted file mode 100644 index 8f729621d6..0000000000 --- a/playbooks/manual/upgrade/koschei-rolling.yml +++ /dev/null @@ -1,26 +0,0 @@ -# This playbook can be used to update running Koschei instance to -# latest upstream version without causing user-visible outage, as long -# as updated version has identical database schema. - ---- -- name: Perform Koschei rolling update - hosts: os_control[0]:os_control_stg[0] - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/roles/openshift-apps/koschei/vars/main.yml - - /srv/web/infra/ansible/roles/openshift-apps/koschei/vars/{{ env }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - name: Import upstream image into OpenShift - include_role: name=openshift/import-image - vars: - import_image_app: "{{ app }}" - import_image_imagestreamname: koschei - - - name: Restart all deployments - ansible.builtin.shell: oc -n koschei rollout restart deploy diff --git a/playbooks/manual/upgrade/mote.yml b/playbooks/manual/upgrade/mote.yml deleted file mode 100644 index 876d724b6d..0000000000 --- a/playbooks/manual/upgrade/mote.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -- name: Push packages out - hosts: value:value_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - vars: - testing: false - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - name: Clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} - ansible.builtin.command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} - check_mode: no - - name: Update mote packages from main repo - ansible.builtin.package: name="mote" state=latest - when: not testing - - name: Update mote packages from testing repo - yum: name="mote" state=latest enablerepo=infrastructure-tags-stg - when: testing - -- name: Verify the config and restart it - hosts: value:value_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - pre_tasks: - - name: Tell nagios to shush - nagios: action=downtime minutes=60 service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org - ignore_errors: true - - roles: - - mote - - post_tasks: - - service: name="httpd" state=restarted - - service: name="mote-updater" state=restarted - - name: Tell nagios to unshush - nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org - ignore_errors: true diff --git a/playbooks/manual/upgrade/pagure.yml b/playbooks/manual/upgrade/pagure.yml deleted file mode 100644 index 89f58417b4..0000000000 --- a/playbooks/manual/upgrade/pagure.yml +++ /dev/null @@ -1,124 +0,0 @@ -# Utility playbook to upgrade pagure in stg and prod. -# You can use it to update stg by simply calling ``-l pagure_stg`` to your -# ansible command. -# To specify that you want to use the testing repo specify ``-e "testing=True"`` -# to your ansible command. - -# Main task to upgrade pagure ---- -- name: Upgrade pagure - hosts: pagure:pagure_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - vars: - testing: false - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - pre_tasks: - - name: Tell nagios to shush w.r.t. the frontend - nagios: - action=downtime - minutes=15 - service=host - host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org - ignore_errors: true - -## -## To do here. Call a play which can set status to say pagure is down. -## - - tasks: - - name: Yum update pagure packages from main repo - yum: name="pagure*" - state=latest - update_cache=yes - when: not testing - - - name: Yum update pagure* packages from testing repo - yum: name="pagure*" - state=latest - enablerepo=infrastructure-tags-stg - update_cache=yes - when: testing - - # This is needed so the alembic will work. - - name: Stop the general pagure workers - service: - name: "{{ item }}" - state: stopped - with_items: - - httpd - - pagure_ev - - pagure_gitolite_worker - - pagure_logcom - - pagure_milter - - pagure_webhook - - pagure_worker - - - name: Stop the specific workers on pagure.io - service: - name: "{{ item }}" - state: stopped - with_items: - - pagure_ci - - pagure_fast_worker - - pagure_loadjson - - pagure_logcom - - pagure_medium_worker - - pagure_mirror - - pagure_slow_worker - when: inventory_hostname.startswith('pagure') - - - name: Upgrade the database - ansible.builtin.command: /usr/bin/alembic -c /etc/pagure/alembic.ini upgrade head - args: - chdir: /etc/pagure/ - environment: - PAGURE_CONFIG: /etc/pagure/pagure.cfg - - post_tasks: - - - name: Start the general pagure workers - service: - name: "{{ item }}" - state: started - with_items: - - httpd - - pagure_ev - - pagure_gitolite_worker - - pagure_logcom - - pagure_milter - - pagure_webhook - - pagure_worker - - - name: Start_pagure_workers on pagure servers - service: - name: "{{ item }}" - state: started - with_items: - - pagure_ci - - pagure_fast_worker - - pagure_loadjson - - pagure_logcom - - pagure_medium_worker - - pagure_mirror - - pagure_slow_worker - when: inventory_hostname.startswith('pagure') - -## -## ToDo: Put in an include to pull in setting status back -## - - - - name: Tell nagios to unshush w.r.t. the frontend - nagios: - action=unsilence - service=host - host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org - ignore_errors: true diff --git a/playbooks/openshift-apps/application-monitoring.yml b/playbooks/openshift-apps/application-monitoring.yml deleted file mode 100644 index 973076cb8a..0000000000 --- a/playbooks/openshift-apps/application-monitoring.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -- name: Make the app be real - hosts: os_masters_stg[0] # only in staging for the ARC deployment - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - # oc new-project application-monitoring - - role: openshift/project - project_app: application-monitoring - project_description: Hosts the application monitoring operator - project_appowners: - - asaleh - - siddharthvipul1 - - post_tasks: - - name: Apply node labels - ansible.builtin.command: oc label --overwrite namespace application-monitoring monitoring-key=cpe - - - name: Apply node labels for bodhi POC - ansible.builtin.command: oc label --overwrite namespace bodhi monitoring-key=cpe - - - name: Make other pods available to the application-monitoring project - ansible.builtin.command: oc adm pod-network make-projects-global application-monitoring - - - name: Copy files - ansible.builtin.copy: - src: "{{ roles_path }}/openshift-apps/application-monitoring/files/ dest=/etc/openshift_apps/application-monitoring/" - - - name: Prometheus CRDs - ansible.builtin.command: oc -n application-monitoring apply -f /etc/openshift_apps/application-monitoring/prometheus-operator/example/prometheus-operator-crd/ - - - name: Prometheus CRD RBAC - ansible.builtin.command: oc -n application-monitoring apply -f /etc/openshift_apps/application-monitoring/prometheus-operator/example/rbac/prometheus-operator-crd/ - - - name: Prometheus Operator RBAC - ansible.builtin.command: oc -n application-monitoring apply -f /etc/openshift_apps/application-monitoring/prometheus-operator/example/rbac/prometheus-operator/ - - - name: Prometheus RBAC - ansible.builtin.command: oc -n application-monitoring apply -f /etc/openshift_apps/application-monitoring/prometheus-operator/example/rbac/prometheus/ diff --git a/playbooks/openshift-apps/asknot.yml b/playbooks/openshift-apps/asknot.yml deleted file mode 100644 index 08d7eefcfe..0000000000 --- a/playbooks/openshift-apps/asknot.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control_stg:os_control - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: asknot - project_description: What can I do for Fedora - project_appowners: - - zlopez - - kevin - - - role: openshift/object - object_app: asknot - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: asknot - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/start-build - start_build_app: asknot - start_build_buildname: asknot-build - start_build_objectname: asknot-build - tags: - - never - - build - - - role: openshift/object - object_app: asknot - object_file: service.yml - object_objectname: service.yml - - - role: openshift/route - route_app: asknot - route_name: asknot - route_host: "stg.whatcanidoforfedora.org" - route_serviceport: 8080-tcp - route_servicename: asknot - when: env == "staging" - - - role: openshift/route - route_app: asknot - route_name: asknot - route_host: "whatcanidoforfedora.org" - route_serviceport: 8080-tcp - route_servicename: asknot - when: env == "production" - - - role: openshift/object - object_app: asknot - object_file: deploymentconfig.yml - object_objectname: deploymentconfig.yml - - - role: openshift/rollout - rollout_app: asknot - rollout_dcname: asknot - tags: - - never - - rollout diff --git a/playbooks/openshift-apps/awx.yml b/playbooks/openshift-apps/awx.yml deleted file mode 100644 index a18531bf9a..0000000000 --- a/playbooks/openshift-apps/awx.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -- name: Make the app be real - hosts: localhost - connection: local - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - module_defaults: - group/awx.awx.controller: - controller_host: awx.fedoraproject.org - controller_username: "{{ awx_admin_username }}" - controller_password: "{{ awx_admin_password }}" - - roles: - - role: awx/controller diff --git a/playbooks/openshift-apps/badges.yml b/playbooks/openshift-apps/badges.yml deleted file mode 100644 index f537e8d14f..0000000000 --- a/playbooks/openshift-apps/badges.yml +++ /dev/null @@ -1,219 +0,0 @@ -# -# Badges (fedbadges & Tahrir) -# - ---- -- name: Setup the database - hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/vars/apps/badges.yml - - tasks: - - name: DB user - community.postgresql.postgresql_user: - name: "{{ tahrirDBUser }}" - password: "{{ (env == 'production') | ternary(tahrirDBPassword, tahrirstgDBPassword) }}" - - name: Database creation - community.postgresql.postgresql_db: - name: "{{ badges_db_name }}" - owner: "{{ tahrirDBUser }}" - encoding: UTF-8 - -- name: Give access to the datanommer DB - hosts: datanommer_dbserver:datanommer_dbserver_stg - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/vars/apps/badges.yml - - tasks: - - name: DB user - community.postgresql.postgresql_user: - name: "{{ tahrirDBUser }}" - password: "{{ (env == 'production') | ternary(tahrirDBPassword, tahrirstgDBPassword) }}" - - name: Grant the db user read only access to datanommer2 - community.postgresql.postgresql_privs: - database: datanommer2 - privs: SELECT - objs: ALL_IN_SCHEMA - roles: "{{ tahrirDBUser }}" - -- name: Make the app be real - hosts: os_control_stg:os_control - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/vars/apps/badges.yml - - roles: - - role: rabbit/user - user_name: "tahrir{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.badges\..* - tags: - - config - - fedora-messaging - - rabbitmq_cluster - - role: rabbit/queue - queue_username: "fedbadges{{ env_suffix }}" - queue_name: "fedbadges{{ env_suffix }}" - queue_routing_keys: - # The badges queue is subscribed to everything - - "#" - queue_thresholds: - warning: 20000 - critical: 25000 - # It sends a message when a badge is awarded - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.badges\..* - tags: - - config - - fedora-messaging - - rabbitmq_cluster - - - role: openshift/project - project_app: badges - project_description: "Badges" - project_appowners: - - abompard - - nphilipp - - ryanlerch - tags: - - apply-appowners - - - role: openshift/object - object_app: badges - object_file: imagestream.yml - object_objectname: imagestream.yml - - - role: openshift/object - object_app: badges - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: badges - object_template: secrets.yml.j2 - object_objectname: secrets.yml - - - role: openshift/object - object_app: badges - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: badges - object_file: service.yml - object_objectname: service.yml - - - role: openshift/object - object_app: badges - object_file: storage.yml - object_objectname: storage.yml - - # Routes - - role: openshift/route - route_app: badges - route_name: frontend - route_host: "badges{{ env_suffix }}.fedoraproject.org" - route_servicename: frontend - route_serviceport: web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - - role: openshift/route - route_app: badges - route_name: frontend-openshift - route_host: "badges.apps.ocp{{ env_suffix }}.fedoraproject.org" - route_servicename: frontend - route_serviceport: web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - - # Fedora Messaging - - role: openshift/secret-file - secret_file_app: badges - secret_file_secret_name: fedora-messaging-ca - secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - role: openshift/secret-file - secret_file_app: badges - secret_file_secret_name: fedora-messaging-crt - secret_file_key: fedbadges-cert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/fedbadges{{env_suffix}}.crt" - - role: openshift/secret-file - secret_file_app: badges - secret_file_secret_name: fedora-messaging-key - secret_file_key: fedbadges-key.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/fedbadges{{env_suffix}}.key" - - - role: openshift/secret-file - secret_file_app: badges - secret_file_secret_name: tahrir-fedora-messaging-crt - secret_file_key: tahrir-cert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/tahrir{{env_suffix}}.crt" - - role: openshift/secret-file - secret_file_app: badges - secret_file_secret_name: tahrir-fedora-messaging-key - secret_file_key: tahrir-key.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/tahrir{{env_suffix}}.key" - - # FASJSON access - - role: openshift/ipa-client - ipa_client_app: badges - - role: openshift/keytab - keytab_app: badges - keytab_key: fedbadges.keytab - keytab_secret_name: fedbadges-keytab - keytab_service: fedbadges - - # Deployment config - - role: openshift/object - object_app: badges - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - # Cron jobs - - role: openshift/object - object_app: badges - object_template: cron-award.yml.j2 - object_objectname: cron-award.yml - - role: openshift/object - object_app: badges - object_template: cron-update-rules.yml.j2 - object_objectname: cron-update-rules.yml - - - role: openshift/start-build - start_build_app: badges - start_build_buildname: "{{ dcname }}" - loop: - - fedbadges - - tahrir - loop_control: - loop_var: dcname - tags: - - never - - build - - - role: openshift/rollout - rollout_app: badges - rollout_dcname: "{{ dcname }}" - loop: - - fedbadges - - tahrir - loop_control: - loop_var: dcname - tags: - - never - - rollout diff --git a/playbooks/openshift-apps/blockerbugs.yml b/playbooks/openshift-apps/blockerbugs.yml deleted file mode 100644 index 1d9da805a9..0000000000 --- a/playbooks/openshift-apps/blockerbugs.yml +++ /dev/null @@ -1,150 +0,0 @@ ---- -- name: Prepare setting up the database - hosts: db01.stg.iad2.fedoraproject.org:db01.iad2.fedoraproject.org - gather_facts: no - user: root - - tasks: - - name: Install psycopg2 for the postgresql ansible modules - ansible.builtin.package: - name: python3-psycopg2 - state: present - tags: - - packages - -- name: Setup the database - hosts: db01.stg.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" - - tasks: - - name: Create the database user - community.postgresql.postgresql_user: - name: "{{ stg_blockerbugs_db_user }}" - password: "{{ stg_blockerbugs_db_password }}" - - name: Create the database itself - community.postgresql.postgresql_db: - name: "blockerbugs" - owner: "{{ stg_blockerbugs_db_user }}" - encoding: UTF-8 - - name: Test the database creation - community.postgresql.postgresql_db: - name: "blockerbugs" - owner: "{{ stg_blockerbugs_db_user }}" - encoding: UTF-8 - -- name: Setup the database - hosts: db01.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" - - tasks: - - name: Create the database user - community.postgresql.postgresql_user: - name: "{{ prod_blockerbugs_db_user }}" - password: "{{ prod_blockerbugs_db_password }}" - - name: Create the database itself - community.postgresql.postgresql_db: - name: "blockerbugs" - owner: "{{ prod_blockerbugs_db_user }}" - encoding: UTF-8 - - name: Test the database creation - community.postgresql.postgresql_db: - name: "blockerbugs" - owner: "{{ prod_blockerbugs_db_user }}" - encoding: UTF-8 - -- name: Make the app be real - hosts: os_control_stg[0]:os_control[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: blockerbugs - project_description: Blockerbugs - project_appowners: - - frantisekz - - jskladan - - adamwill - - lbrabec - - kparal - project_alert_users: - - frantisekz - tags: - - appowners - - - role: openshift/object - object_app: blockerbugs - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: blockerbugs - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - - role: openshift/object - object_app: blockerbugs - object_template: deployment.yml.j2 - object_objectname: deployment.yml - - - role: openshift/object - object_app: blockerbugs - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: blockerbugs - object_file: service.yml - object_objectname: service.yml - - - role: openshift/object - object_app: blockerbugs - object_template: secret.yml.j2 - object_objectname: secret.yml - - - role: openshift/object - object_app: blockerbugs - object_template: cron.yml.j2 - object_objectname: cron.yml - - - role: openshift/route - route_app: blockerbugs - route_name: blockerbugs - route_host: "qa{{ env_suffix }}.fedoraproject.org" - route_path: "/blockerbugs" - route_serviceport: 8080-tcp - route_servicename: blockerbugs - - - role: openshift/route - route_app: blockerbugs - route_name: qa-landing - route_host: "qa{{ env_suffix }}.fedoraproject.org" - route_serviceport: 8080-tcp - route_servicename: qa-landing - route_annotations: - haproxy.router.openshift.io/set-forwarded-headers: append - - - role: openshift/start-build - start_build_app: blockerbugs - start_build_buildname: blockerbugs-build - start_build_objectname: blockerbugs-build - tags: - - never - - build diff --git a/playbooks/openshift-apps/bodhi.yml b/playbooks/openshift-apps/bodhi.yml deleted file mode 100644 index 0465964280..0000000000 --- a/playbooks/openshift-apps/bodhi.yml +++ /dev/null @@ -1,197 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - vars: - - bodhi_message_queue_name: "bodhi{{ env_suffix }}" - - bodhi_message_routing_keys: - - "org.fedoraproject.*.bodhi.update.edit" - - "org.fedoraproject.*.bodhi.update.request.testing" - - "org.fedoraproject.*.buildsys.tag" - - "org.fedoraproject.*.resultsdb.result.new" - - "org.fedoraproject.*.waiverdb.waiver.new" - - ocp4: true - - pre_tasks: - - name: Include Global Variables - ansible.builtin.include_vars: - dir: /srv/web/infra/ansible/vars/all/ - ignore_files: README - - name: Include Bodhi Variables - ansible.builtin.include_vars: /srv/web/infra/ansible/vars/apps/bodhi.yml - - name: Set bodhi_version fact - ansible.builtin.set_fact: - args: - bodhi_version: "{{ bodhi_version }}" - - roles: - - role: rabbit/queue - queue_username: "bodhi{{ env_suffix }}" - queue_name: "{{ bodhi_message_queue_name }}" - queue_routing_keys: "{{ bodhi_message_routing_keys }}" - queue_thresholds: - warning: 10 - critical: 100 - user_sent_topics: "{{ bodhi_sent_topics }}" - - - role: openshift/project - project_app: bodhi - project_description: bodhi - project_appowners: - - abompard - - mattia - - patrikp - - lenkaseg - - kevin - - amedvede - tags: - - apply-appowners - when: env == "production" - - role: openshift/project - project_app: bodhi - project_description: bodhi - project_appowners: - - abompard - - ryanlerch - - mattia - - humaton - - patrikp - - lenkaseg - - kevin - - amedvede - tags: - - apply-appowners - when: env == "staging" - - role: openshift/object - object_app: bodhi - object_file: pvc.yml - object_objectname: pvc.yml - - role: openshift/keytab - keytab_app: bodhi - keytab_key: koji-keytab - keytab_secret_name: bodhi-keytab - keytab_service: bodhi - keytab_host: "bodhi{{ env_suffix }}.fedoraproject.org" - - role: openshift/secret-file - secret_file_app: bodhi - secret_file_secret_name: bodhi-fedora-messaging-ca - secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - role: openshift/secret-file - secret_file_app: bodhi - secret_file_secret_name: bodhi-fedora-messaging-crt - secret_file_key: bodhi-cert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/bodhi{{env_suffix}}.crt" - - role: openshift/secret-file - secret_file_app: bodhi - secret_file_secret_name: bodhi-fedora-messaging-key - secret_file_key: bodhi-key.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/bodhi{{env_suffix}}.key" - - role: openshift/object - object_app: bodhi - object_template: imagestreams-tagged.yml.j2 - object_objectname: imagestreams.yml - - role: openshift/imagestream - imagestream_app: bodhi - imagestream_imagename: bodhi-base - - role: openshift/object - object_app: bodhi - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - role: openshift/start-build - start_build_app: bodhi - start_build_buildname: bodhi-base - tags: - - never - - build - - role: openshift/object - object_app: bodhi - object_template_fullpath: "{{roles_path}}/bodhi2/base/templates/configmap.yml.j2" - object_objectname: configmap.yml - - role: openshift/object - object_app: bodhi - object_file: service.yml - object_objectname: service.yml - - role: openshift/object - object_app: bodhi - object_file: servicemonitor.yml - object_objectname: servicemonitor.yml - when: env != "production" - - role: openshift/object - object_app: bodhi - object_file: podmonitor.yml - object_objectname: podmonitor.yml - when: env != "production" - - role: openshift/route - route_app: bodhi - route_name: bodhi-web - route_host: "bodhi{{ env_suffix }}.fedoraproject.org" - route_serviceport: web - route_servicename: bodhi-web - route_annotations: - haproxy.router.openshift.io/timeout: 180s - - role: openshift/object - object_app: bodhi - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - role: openshift/object - object_app: bodhi - object_template: critpathcron.yml.j2 - object_objectname: critpathcron.yml - - role: openshift/imagestream - imagestream_app: bodhi - imagestream_imagename: bodhi-critpathcron - - role: openshift/rollout - rollout_app: bodhi - rollout_dcname: bodhi-web - tags: - - never - - rollout - - role: openshift/rollout - rollout_app: bodhi - rollout_dcname: bodhi-consumer - tags: - - never - - rollout - - role: openshift/rollout - rollout_app: bodhi - rollout_dcname: bodhi-celery - tags: - - never - - rollout - - post_tasks: - - name: Scale up pods - ansible.builtin.command: oc -n bodhi scale dc/bodhi-consumer --replicas={{ bodhi_openshift_pods }} - when: env == "production" - - name: Scale up pods - ansible.builtin.command: oc -n bodhi scale dc/bodhi-celery --replicas={{ bodhi_openshift_pods }} - when: env == "production" - - name: Scale up pods - ansible.builtin.command: oc -n bodhi scale dc/bodhi-web --replicas=2 - when: env == "production" - - name: Scale up pods - ansible.builtin.command: oc -n bodhi scale dc/bodhi-consumer --replicas={{ bodhi_openshift_pods }} - when: env == "staging" - - name: Scale up pods - ansible.builtin.command: oc -n bodhi scale dc/bodhi-celery --replicas={{ bodhi_openshift_pods }} - when: env == "staging" - - name: Scale up pods - ansible.builtin.command: oc -n bodhi scale dc/bodhi-web --replicas={{ bodhi_openshift_pods }} - when: env == "staging" - - name: Set the timeout to the openshift route - ansible.builtin.command: "oc -n bodhi annotate route bodhi-web --overwrite haproxy.router.openshift.io/timeout=180s" - tags: - - route-timeout - - name: Trigger critpath cronjob - ansible.builtin.command: "oc -n bodhi create job critpathcron-manual-{{ lookup('pipe', 'date +%s') }} --from=cronjob/fedora-bodhi-critpathcron" - tags: - - never - - critpathcron diff --git a/playbooks/openshift-apps/bugzilla2fedmsg.yml b/playbooks/openshift-apps/bugzilla2fedmsg.yml deleted file mode 100644 index d1b832df66..0000000000 --- a/playbooks/openshift-apps/bugzilla2fedmsg.yml +++ /dev/null @@ -1,85 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - - role: rabbit/user - user_name: "bugzilla2fedmsg{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.bugzilla\..* - - - role: openshift/project - project_app: bugzilla2fedmsg - project_description: bugzilla2fedmsg - project_appowners: - - abompard - - kevin - tags: - - apply-appowners - - # Fedora Messaging secrets - - role: openshift/secret-file - secret_file_app: bugzilla2fedmsg - secret_file_secret_name: fedora-messaging-ca - secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - - role: openshift/secret-file - secret_file_app: bugzilla2fedmsg - secret_file_secret_name: fedora-messaging-crt - secret_file_key: bugzilla2fedmsg-cert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/bugzilla2fedmsg{{env_suffix}}.crt" - - - role: openshift/secret-file - secret_file_app: bugzilla2fedmsg - secret_file_secret_name: fedora-messaging-key - secret_file_key: bugzilla2fedmsg-key.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/bugzilla2fedmsg{{env_suffix}}.key" - - # STOMP secrets - - role: openshift/secret-file - secret_file_app: bugzilla2fedmsg - secret_file_secret_name: stomp-crt - secret_file_key: msg-client-fedora-prod.crt - secret_file_privatefile: "bugzilla2fedmsg/msg-client-fedora-prod.crt" - - - role: openshift/secret-file - secret_file_app: bugzilla2fedmsg - secret_file_secret_name: stomp-key - secret_file_key: msg-client-fedora-prod.key - secret_file_privatefile: "bugzilla2fedmsg/msg-client-fedora-prod.key" - - # FASJSON access - - role: openshift/ipa-client - ipa_client_app: bugzilla2fedmsg - - role: openshift/keytab - keytab_app: bugzilla2fedmsg - keytab_key: service.keytab - keytab_secret_name: keytab - keytab_service: bugzilla2fedmsg - - - role: openshift/imagestream - imagestream_app: bugzilla2fedmsg - imagestream_imagename: bugzilla2fedmsg - - - role: openshift/object - object_app: bugzilla2fedmsg - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: bugzilla2fedmsg - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: bugzilla2fedmsg - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml diff --git a/playbooks/openshift-apps/cloud-image-uploader.yml b/playbooks/openshift-apps/cloud-image-uploader.yml deleted file mode 100644 index 93e3e377ab..0000000000 --- a/playbooks/openshift-apps/cloud-image-uploader.yml +++ /dev/null @@ -1,168 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: rabbit/user - user_name: "cloud-image-uploader{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fedora_image_uploader\..* - - - role: rabbit/queue - queue_username: "cloud-image-uploader{{ env_suffix }}" - queue_name: "cloud-image-uploader{{ env_suffix }}-aws" - queue_routing_keys: - - "org.fedoraproject.*.pungi.compose.status.change" - queue_thresholds: - warning: 25 - critical: 50 - - - role: rabbit/queue - queue_username: "cloud-image-uploader{{ env_suffix }}" - queue_name: "cloud-image-uploader{{ env_suffix }}-azure" - queue_routing_keys: - - "org.fedoraproject.*.pungi.compose.status.change" - queue_thresholds: - warning: 25 - critical: 50 - - - role: rabbit/queue - queue_username: "cloud-image-uploader{{ env_suffix }}" - queue_name: "cloud-image-uploader{{ env_suffix }}-containers" - queue_routing_keys: - - "org.fedoraproject.*.pungi.compose.status.change" - queue_thresholds: - warning: 25 - critical: 50 - - - role: rabbit/queue - queue_username: "cloud-image-uploader{{ env_suffix }}" - queue_name: "cloud-image-uploader{{ env_suffix }}-gcp" - queue_routing_keys: - - "org.fedoraproject.*.pungi.compose.status.change" - queue_thresholds: - warning: 25 - critical: 50 - - - role: openshift/project - project_app: cloud-image-uploader - project_description: AMQP consumer that uploads Cloud images to cloud providers - project_appowners: - - jcline - - - role: openshift/object - object_app: cloud-image-uploader - object_file: imagestream.yml - object_objectname: imagestream.yml - - - role: openshift/object - object_app: cloud-image-uploader - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: cloud-image-uploader - object_template: configmap.yml.j2 - object_objectname: configmap.yml - vars: - azure_image_regions: - - "australiaeast" - - "brazilsouth" - - "canadacentral" - - "centralindia" - - "centralus" - - "eastasia" - - "eastus" - - "eastus2" - - "francecentral" - - "germanywestcentral" - - "israelcentral" - - "italynorth" - - "japaneast" - - "koreacentral" - - "mexicocentral" - - "northeurope" - - "norwayeast" - - "polandcentral" - - "qatarcentral" - - "southafricanorth" - - "southcentralus" - - "southeastasia" - - "spaincentral" - - "swedencentral" - - "switzerlandnorth" - - "uaenorth" - - "uksouth" - - "westeurope" - - "westus2" - - "westus3" - - - role: openshift/secret-file - secret_file_app: cloud-image-uploader - secret_file_secret_name: cloud-image-uploader-fedora-messaging-key - secret_file_key: cloud-image-uploader.key - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/cloud-image-uploader{{env_suffix}}.key" - - - role: openshift/secret-file - secret_file_app: cloud-image-uploader - secret_file_secret_name: cloud-image-uploader-fedora-messaging-crt - secret_file_key: cloud-image-uploader.crt - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/cloud-image-uploader{{env_suffix}}.crt" - - - role: openshift/secret-file - secret_file_app: cloud-image-uploader - secret_file_secret_name: cloud-image-uploader-fedora-messaging-ca - secret_file_key: cloud-image-uploader.ca - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - - role: openshift/secret-file - secret_file_app: cloud-image-uploader - secret_file_secret_name: registry-fedoraproject-cert - secret_file_key: registry-fedoraproject.cert - secret_file_privatefile: "docker-registry/{{env}}/pki/issued/containerstable.crt" - - - role: openshift/secret-file - secret_file_app: cloud-image-uploader - secret_file_secret_name: registry-fedoraproject-key - secret_file_key: registry-fedoraproject.key - secret_file_privatefile: "docker-registry/{{env}}/pki/private/containerstable.key" - - - role: openshift/secret-file - secret_file_app: cloud-image-uploader - secret_file_secret_name: cloud-image-uploader-google-cloud-key - secret_file_key: google_cloud_image_uploader.json - secret_file_privatefile: "gcp/{{env}}/image_uploader.json" - - - role: openshift/object - object_app: cloud-image-uploader - object_template: secret.yml.j2 - object_objectname: secret.yml - - - role: openshift/object - object_app: cloud-image-uploader - object_template: aws-secrets.yml.j2 - object_objectname: aws-secrets.yml - - - role: openshift/object - object_app: cloud-image-uploader - object_template: container-secrets.yml.j2 - object_objectname: container-secrets.yml - - - role: openshift/start-build - start_build_app: cloud-image-uploader - start_build_buildname: cloud-image-uploader-build - start_build_objectname: cloud-image-uploader-build - tags: - - never - - build - - - role: openshift/object - object_app: cloud-image-uploader - object_template: deployment.yml.j2 - object_objectname: deployment.yml diff --git a/playbooks/openshift-apps/compose-tracker.yml b/playbooks/openshift-apps/compose-tracker.yml deleted file mode 100644 index 996a537ca9..0000000000 --- a/playbooks/openshift-apps/compose-tracker.yml +++ /dev/null @@ -1,66 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: compose-tracker - project_description: Opens issues for failed Composes against https://pagure.io/releng/failed-composes/ - project_appowners: - - dustymabe - - mizdebsk - - humaton - tags: - - appowner - - - role: openshift/object - object_app: compose-tracker - object_template: secret.yml.j2 - object_objectname: secret.yml - - - role: openshift/object - object_app: compose-tracker - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: compose-tracker - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/start-build - start_build_app: compose-tracker - start_build_buildname: compose-tracker-build - start_build_objectname: compose-tracker-build - tags: - - never - - build - - - role: openshift/object - object_app: compose-tracker - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - - role: openshift/rollout - rollout_app: compose-tracker - rollout_dcname: compose-tracker - tags: - - never - - rollout - - ############################################### - # actions to delete the project from OpenShift - ############################################### - # to run: sudo rbac-playbook -l os_control_stg[0] -t delete openshift-apps/compose-tracker.yml - - role: openshift/object-delete - object_delete_app: compose-tracker - object_delete_objecttype: project - object_delete_objectname: compose-tracker - tags: [never, delete] diff --git a/playbooks/openshift-apps/coreos-ci.yml b/playbooks/openshift-apps/coreos-ci.yml deleted file mode 100644 index dafd197f1a..0000000000 --- a/playbooks/openshift-apps/coreos-ci.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control:os_control_stg - user: root - gather_facts: false - - ############################################ - # actions to create the project in OpenShift - ############################################ - # to run: sudo rbac-playbook -l os_control_stg openshift-apps/coreos-ci.yml - roles: - - role: openshift-apps/coreos-ci - project_name: coreos-ci - project_description: CoreOS CI Infrastructure - appowners: - - aaradhak - - dustymabe - - jbtrystram - - jlebon - - kevin - - marmijo - - ravanelli - - walters - - ############################################### - # actions to delete the project from OpenShift - ############################################### - # to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/coreos-ci.yml - - role: openshift/object-delete - object_delete_app: coreos-ci - object_delete_objecttype: project - object_delete_objectname: coreos-ci - tags: [never, delete] diff --git a/playbooks/openshift-apps/coreos-cincinnati.yml b/playbooks/openshift-apps/coreos-cincinnati.yml deleted file mode 100644 index bbbe7e77f6..0000000000 --- a/playbooks/openshift-apps/coreos-cincinnati.yml +++ /dev/null @@ -1,111 +0,0 @@ ---- -- name: Provision CoreOS Cincinnati backend - hosts: os_control:os_control_stg - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/roles/openshift-apps/coreos-cincinnati/vars/{{ env }}.yml - - pre_tasks: - - name: Include Global Variables - ansible.builtin.include_vars: - dir: /srv/web/infra/ansible/vars/all/ - ignore_files: README - - ############################################ - # actions to create the project in OpenShift - ############################################ - # to run: sudo rbac-playbook -l os_control_stg openshift-apps/coreos-cincinnati.yml - roles: - - role: openshift/project - project_app: coreos-cincinnati - project_description: Fedora CoreOS Cincinnati backend - project_appowners: - - c4rt0 - - dustymabe - - jbtrystram - - jlebon - - marmijo - - siosm - - - role: openshift/object - object_app: coreos-cincinnati - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: coreos-cincinnati - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/start-build - start_build_app: coreos-cincinnati - start_build_buildname: coreos-cincinnati-build - start_build_objectname: coreos-cincinnati-build - - - role: openshift/object - object_app: coreos-cincinnati - object_template: config-stub.yml.j2 - object_objectname: config-stub.yml - - - role: openshift/object - object_app: coreos-cincinnati - object_template: deployment.yml.j2 - object_objectname: deployment.yml - - - role: openshift/rollout - rollout_app: coreos-cincinnati - rollout_dcname: coreos-cincinnati - tags: [never, rollout] - - - role: openshift/object - object_app: coreos-cincinnati - object_template: service.yml.j2 - object_objectname: service.yml - - - role: openshift/object - object_app: coreos-cincinnati - object_template: servicemonitor.yml.j2 - object_objectname: servicemonitor.yml - - - role: openshift/route - route_app: coreos-cincinnati - route_name: coreos-updates - route_host: "updates.coreos{{ env_suffix }}.fedoraproject.org" - route_serviceport: coreos-cincinnati-updates - route_servicename: coreos-cincinnati - - - role: openshift/route - route_app: coreos-cincinnati - route_name: coreos-updates-status - route_host: "status.updates.coreos{{ env_suffix }}.fedoraproject.org" - route_serviceport: coreos-cincinnati-updates-status - route_servicename: coreos-cincinnati - - - role: openshift/route - route_app: coreos-cincinnati - route_name: coreos-updates-raw - route_host: "raw-updates.coreos{{ env_suffix }}.fedoraproject.org" - route_serviceport: coreos-cincinnati-raw-updates - route_servicename: coreos-cincinnati - - - role: openshift/route - route_app: coreos-cincinnati - route_name: coreos-updates-raw-status - route_host: "status.raw-updates.coreos{{ env_suffix }}.fedoraproject.org" - route_serviceport: coreos-cincinnati-raw-updates-status - route_servicename: coreos-cincinnati - - ############################################### - # actions to delete the project from OpenShift - ############################################### - # to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/coreos-cincinnati.yml - - role: openshift/object-delete - object_delete_app: coreos-cincinnati - object_delete_objecttype: project - object_delete_objectname: coreos-cincinnati - tags: [never, delete] diff --git a/playbooks/openshift-apps/coreos-koji-tagger.yml b/playbooks/openshift-apps/coreos-koji-tagger.yml deleted file mode 100644 index c91277cdc9..0000000000 --- a/playbooks/openshift-apps/coreos-koji-tagger.yml +++ /dev/null @@ -1,74 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control:os_control_stg - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - ############################################ - # actions to create the project in OpenShift - ############################################ - # to run: sudo rbac-playbook -l os_control_stg openshift-apps/coreos-koji-tagger.yml - roles: - - role: openshift/project - project_app: coreos-koji-tagger - project_description: Tags builds into koji tags within Fedora's Koji instance - project_appowners: - - c4rt0 - - dustymabe - - jlebon - - marmijo - - mizdebsk - - walters - - # Create a keytab. The default username will be like: - # coreos-koji-tagger/coreos-koji-tagger.fedoraproject.org@FEDORAPROJECT.ORG - - role: openshift/keytab - keytab_app: coreos-koji-tagger - keytab_key: koji-keytab - keytab_secret_name: coreos-koji-tagger-keytab - keytab_service: coreos-koji-tagger - keytab_host: "coreos-koji-tagger{{ env_suffix }}.fedoraproject.org" - - # Copy in a kerberos config that is unique to fedora infra - - role: openshift/object - object_app: coreos-koji-tagger - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: coreos-koji-tagger - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: coreos-koji-tagger - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/start-build - start_build_app: coreos-koji-tagger - start_build_buildname: coreos-koji-tagger-build - start_build_objectname: coreos-koji-tagger-build - tags: - - never - - build - - - role: openshift/object - object_app: coreos-koji-tagger - object_template: deployment.yml.j2 - object_objectname: deployment.yml - - ############################################### - # actions to delete the project from OpenShift - ############################################### - # to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/coreos-koji-tagger.yml - - role: openshift/object-delete - object_delete_app: coreos-koji-tagger - object_delete_objecttype: project - object_delete_objectname: coreos-koji-tagger - tags: [never, delete] diff --git a/playbooks/openshift-apps/coreos-ostree-importer.yml b/playbooks/openshift-apps/coreos-ostree-importer.yml deleted file mode 100644 index 24ab7829d3..0000000000 --- a/playbooks/openshift-apps/coreos-ostree-importer.yml +++ /dev/null @@ -1,108 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control:os_control_stg - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - vars: - fedora_messaging_username: "coreos-ostree-importer{{ env_suffix }}" - fedora_messaging_queue_name: "coreos-ostree-importer{{ env_suffix }}" - fedora_messaging_ca_file: "coreos-ostree-importer-fedora-messaging-cacert.pem" - fedora_messaging_cert_file: "coreos-ostree-importer-fedora-messaging-cert.pem" - fedora_messaging_key_file: "coreos-ostree-importer-fedora-messaging-key.pem" - - # Set the fedora_messaging_routing_keys var based on the environment - pre_tasks: - - name: Set the fedora_messaging_routing_keys var - ansible.builtin.set_fact: - fedora_messaging_routing_keys: - - "org.fedoraproject.stg.coreos.build.request.ostree-import" - when: env == 'staging' - - name: Set the fedora_messaging_routing_keys var - ansible.builtin.set_fact: - fedora_messaging_routing_keys: - - "org.fedoraproject.prod.coreos.build.request.ostree-import" - when: env != 'staging' - - ############################################ - # actions to create the project in OpenShift - ############################################ - # to run: sudo rbac-playbook -l os_control_stg openshift-apps/coreos-ostree-importer.yml - roles: - - role: openshift/project - project_app: coreos-ostree-importer - project_description: Imports OSTree commits into Fedora from the Fedora CoreOS pipeline - project_appowners: - - c4rt0 - - dustymabe - - jlebon - - kevin - - marmijo - - # Fedora Messaging User/Queue information - - role: rabbit/queue - queue_username: "{{ fedora_messaging_username }}" - queue_name: "{{ fedora_messaging_queue_name }}" - queue_routing_keys: "{{ fedora_messaging_routing_keys }}" - queue_thresholds: - warning: 10 - critical: 100 - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.coreos\..* - - # Fedora Messaging secrets - - role: openshift/secret-file - secret_file_app: coreos-ostree-importer - secret_file_secret_name: fedora-messaging-ca - secret_file_key: "{{ fedora_messaging_ca_file }}" - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - role: openshift/secret-file - secret_file_app: coreos-ostree-importer - secret_file_secret_name: fedora-messaging-crt - secret_file_key: "{{ fedora_messaging_cert_file }}" - secret_file_privatefile: "rabbitmq/{{env}}/pki.new/issued/coreos-ostree-importer{{env_suffix}}.crt" - - role: openshift/secret-file - secret_file_app: coreos-ostree-importer - secret_file_secret_name: fedora-messaging-key - secret_file_key: "{{ fedora_messaging_key_file }}" - secret_file_privatefile: "rabbitmq/{{env}}/pki.new/private/coreos-ostree-importer{{env_suffix}}.key" - - # Fedora Messaging config - - role: openshift/object - object_app: coreos-ostree-importer - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: coreos-ostree-importer - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: coreos-ostree-importer - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: coreos-ostree-importer - object_template: deployment.yml.j2 - object_objectname: deployment.yml - - - role: openshift/object - object_app: coreos-ostree-importer - object_template: pvc.yml.j2 - object_objectname: pvc.yml - - ############################################### - # actions to delete the project from OpenShift - ############################################### - # to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/coreos-ostree-importer.yml - - role: openshift/object-delete - object_delete_app: coreos-ostree-importer - object_delete_objecttype: project - object_delete_objectname: coreos-ostree-importer - tags: [never, delete] diff --git a/playbooks/openshift-apps/custom-error-pages.yml b/playbooks/openshift-apps/custom-error-pages.yml deleted file mode 100644 index 18085adcf5..0000000000 --- a/playbooks/openshift-apps/custom-error-pages.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - name: Create project directory - ansible.builtin.file: - path: /etc/openshift_apps/openshift-config - state: directory - owner: root - group: root - mode: "0750" - - roles: - - role: openshift/object - object_app: openshift-config - object_objectname: error-code-pages.yml - object_template: error-code-pages.yml.j2 - - post_tasks: - - name: Patch ingress controller with custom error pages - ansible.builtin.command: oc patch -n openshift-ingress-operator ingresscontroller/default --patch '{"spec":{"httpErrorCodePages":{"name":"fedora-error-code-pages"}}}' --type=merge diff --git a/playbooks/openshift-apps/datagrepper.yml b/playbooks/openshift-apps/datagrepper.yml deleted file mode 100644 index 8361daaec1..0000000000 --- a/playbooks/openshift-apps/datagrepper.yml +++ /dev/null @@ -1,115 +0,0 @@ ---- -- name: Give access to the datanommer DB - hosts: datanommer_dbserver:datanommer_dbserver_stg - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/vars/apps/badges.yml - - tasks: - - name: DB user - community.postgresql.postgresql_user: - name: datagrepper - password: "{{ (env == 'production') | ternary(datagrepper_prod_db_password, datagrepper_stg_db_password) }}" - - name: Grant the db user read only access to datanommer2 - community.postgresql.postgresql_privs: - database: datanommer2 - privs: SELECT - objs: ALL_IN_SCHEMA - roles: datagrepper - - -- name: Make the app be real - hosts: os_control_stg[0]:os_control[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - vars: - - roles: - - - role: openshift/project - project_app: datagrepper - project_description: "Query the message history" - project_appowners: - - abompard - - ryanlerch - - kevin - tags: - - apply-appowners - when: env == "production" - - role: openshift/project - project_app: datagrepper - project_description: "Query the message history" - project_appowners: - - abompard - - ryanlerch - - james02135 - - lenkaseg - - kevin - tags: - - apply-appowners - when: env == "staging" - - - role: openshift/object - object_app: datagrepper - object_file: imagestream.yml - object_objectname: imagestream.yml - - - role: openshift/object - object_app: datagrepper - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: datagrepper - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: datagrepper - object_template: service.yml.j2 - object_objectname: service.yml - - - role: openshift/route - route_app: datagrepper - route_name: datagrepper - route_host: "apps{{ env_suffix }}.fedoraproject.org" - route_path: "/datagrepper" - route_serviceport: web - route_servicename: datagrepper-web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - - - role: openshift/object - object_app: datagrepper - object_template: secret-webhook.yml.j2 - object_objectname: secret-webhook.yml - - - role: openshift/object - object_app: datagrepper - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - # - role: openshift/start-build - # start_build_app: datagrepper - # start_build_buildname: datagrepper - # tags: - # - never - # - build - - # - role: openshift/rollout - # rollout_app: datagrepper - # rollout_dcname: datagrepper - # tags: - # - never - # - rollout diff --git a/playbooks/openshift-apps/datanommer.yml b/playbooks/openshift-apps/datanommer.yml deleted file mode 100644 index 693a381df8..0000000000 --- a/playbooks/openshift-apps/datanommer.yml +++ /dev/null @@ -1,84 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control_stg[0]:os_control[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: rabbit/queue - queue_username: "datanommer{{ env_suffix }}" - queue_name: "datanommer{{ env_suffix }}" - queue_routing_keys: - - "#" - queue_thresholds: - warning: 50 - critical: 500 - # Datanommer does not publish messages - user_sent_topics: ^$ - - - role: openshift/project - project_app: datanommer - project_description: "Fedora messaging consumer" - project_appowners: - - abompard - - ryanlerch - - james02135 - - lenkaseg - - kevin - tags: - - apply-appowners - when: env == "production" - - - role: openshift/project - project_app: datanommer - project_description: "Fedora messaging consumer" - project_appowners: - - abompard - - ryanlerch - - james02135 - - lenkaseg - - kevin - tags: - - apply-appowners - when: env == "staging" - - - role: openshift/secret-file - secret_file_app: datanommer - secret_file_secret_name: fedora-messaging-ca - secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - role: openshift/secret-file - secret_file_app: datanommer - secret_file_secret_name: fedora-messaging-crt - secret_file_key: datanommer-cert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/datanommer{{env_suffix}}.crt" - - role: openshift/secret-file - secret_file_app: datanommer - secret_file_secret_name: fedora-messaging-key - secret_file_key: datanommer-key.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/datanommer{{env_suffix}}.key" - - - role: openshift/object - object_app: datanommer - object_file: imagestream.yml - object_objectname: imagestream.yml - - - role: openshift/object - object_app: datanommer - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: datanommer - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: datanommer - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml diff --git a/playbooks/openshift-apps/discourse2fedmsg.yml b/playbooks/openshift-apps/discourse2fedmsg.yml deleted file mode 100644 index c2c60a1ca6..0000000000 --- a/playbooks/openshift-apps/discourse2fedmsg.yml +++ /dev/null @@ -1,86 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: rabbit/user - user_name: "discourse2fedmsg{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.discourse\..* - - - role: openshift/project - project_app: discourse2fedmsg - project_description: "Relay Discourse webhooks to Fedora Messaging" - project_appowners: - - ryanlerch - - abompard - - kevin - tags: - - apply-appowners - - - role: openshift/secret-file - secret_file_app: discourse2fedmsg - secret_file_secret_name: fedora-messaging-ca - secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - role: openshift/secret-file - secret_file_app: discourse2fedmsg - secret_file_secret_name: fedora-messaging-crt - secret_file_key: discourse2fedmsg-cert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/discourse2fedmsg{{env_suffix}}.crt" - - role: openshift/secret-file - secret_file_app: discourse2fedmsg - secret_file_secret_name: fedora-messaging-key - secret_file_key: discourse2fedmsg-key.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/discourse2fedmsg{{env_suffix}}.key" - - - role: openshift/imagestream - imagestream_app: discourse2fedmsg - imagestream_imagename: discourse2fedmsg - - - role: openshift/object - object_app: discourse2fedmsg - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: discourse2fedmsg - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: discourse2fedmsg - object_file: service.yml - object_objectname: service.yml - - - role: openshift/route - route_app: discourse2fedmsg - route_name: discourse2fedmsg - route_host: "discourse2fedmsg{{ env_suffix }}.fedoraproject.org" - route_serviceport: web - route_servicename: discourse2fedmsg-web - - - role: openshift/object - object_app: discourse2fedmsg - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - # - role: openshift/start-build - # start_build_app: discourse2fedmsg - # start_build_buildname: discourse2fedmsg - # tags: - # - never - # - build - - # - role: openshift/rollout - # rollout_app: discourse2fedmsg - # rollout_dcname: discourse2fedmsg - # tags: - # - never - # - rollout diff --git a/playbooks/openshift-apps/docsbuilding.yml b/playbooks/openshift-apps/docsbuilding.yml deleted file mode 100644 index dbdb1a465d..0000000000 --- a/playbooks/openshift-apps/docsbuilding.yml +++ /dev/null @@ -1,80 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: docsbuilding - project_description: Documentation building - project_alerting: true - project_appowners: - - asamalik - - jibecfed - - dustymabe - - darknao - - pbokoc - project_alert_users: - - darknao - - pbokoc - - kevin - tags: - - apply-appowners - - appowners - - - role: openshift/imagestream - imagestream_app: docsbuilding - imagestream_imagename: builder - - - role: openshift/object - object_app: docsbuilding - object_objectname: buildconfig.yml - object_template: buildconfig.yml.j2 - - - role: openshift/start-build - start_build_app: docsbuilding - start_build_buildname: builder-build - tags: - - never - - build - - - role: openshift/object - object_app: docsbuilding - object_template: cron.yml.j2 - object_objectname: cron.yml - tags: - - deploy-cronjob - - - role: openshift/object - object_app: docsbuilding - object_template: cron-translated.yml.j2 - object_objectname: cron-translated.yml - tags: - - deploy-cronjob - - - role: openshift/object - object_app: docsbuilding - object_file: pvc.yml - object_objectname: pvc.yml - - - ############################################### - # actions to delete the project from OpenShift - ############################################### - # to run: sudo rbac-playbook -l os_masters_stg[0] -t delete openshift-apps/docsbuilding.yml - - role: openshift/object-delete - object_delete_app: docsbuilding - object_delete_objecttype: cronjob - object_delete_objectname: cron - tags: [never, delete] - - role: openshift/object-delete - object_delete_app: docsbuilding - object_delete_objecttype: cronjob - object_delete_objectname: cron-translated - tags: [never, delete] diff --git a/playbooks/openshift-apps/docstranslation.yml b/playbooks/openshift-apps/docstranslation.yml deleted file mode 100644 index 1d7539f8fc..0000000000 --- a/playbooks/openshift-apps/docstranslation.yml +++ /dev/null @@ -1,96 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - vars: - ssh_key_path: "{{ private }}/files/docstranslation/id_rsa_docstrans_{{ env_short }}" - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Define Project - ansible.builtin.include_role: - name: openshift/project - vars: - project_app: docstranslation - project_description: Documentation translation - project_appowners: - - asamalik - - darknao - - jibecfed - - misc - tags: - - apply-appowners - - - name: Define imagestream - ansible.builtin.include_role: - name: openshift/imagestream - vars: - imagestream_app: docstranslation - imagestream_imagename: builder - - - name: Define buildconfig - ansible.builtin.include_role: - name: openshift/object - vars: - object_app: docstranslation - object_objectname: buildconfig.yml - object_template: buildconfig.yml.j2 - - - name: Start build - ansible.builtin.include_role: - name: openshift/start-build - vars: - start_build_app: docstranslation - start_build_buildname: docstranslation-build - tags: - - never - - build - - - name: Define secrets - ansible.builtin.include_role: - name: openshift/object - vars: - object_app: docstranslation - object_objectname: secrets.yml - object_template: secrets.yml.j2 - tags: - - deploy-secrets - - - name: Define configMap - ansible.builtin.include_role: - name: openshift/object - vars: - object_app: docstranslation - object_objectname: configmap.yml - object_template: configmap.yml.j2 - tags: - - deploy-config - - - name: Define cron job - ansible.builtin.include_role: - name: openshift/object - vars: - object_app: docstranslation - object_template: cron.yml.j2 - object_objectname: cron.yml - tags: - - deploy-cronjob - -############################################### -# actions to delete the project from OpenShift -############################################### -# to run: sudo rbac-playbook -l os_masters_stg[0] -t delete openshift-apps/docstranslation.yml - - name: Delete project - ansible.builtin.include_role: - name: openshift/object-delete - vars: - object_delete_app: docstranslation - object_delete_objecttype: project - object_delete_objectname: docstranslation - tags: - - never - - delete diff --git a/playbooks/openshift-apps/easyfix.yml b/playbooks/openshift-apps/easyfix.yml deleted file mode 100644 index 7bfcbc31a8..0000000000 --- a/playbooks/openshift-apps/easyfix.yml +++ /dev/null @@ -1,71 +0,0 @@ -# -# Fedora Project easyfixes -# ---- -- name: Make the app be real - # hosts: os_control_stg:os_control - hosts: os_control_stg - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - vars: - - roles: - - role: openshift/project - project_app: easyfix - project_description: "Easyfixes" - project_appowners: - - abompard - tags: - - apply-appowners - - - role: openshift/object - object_app: easyfix - object_file: imagestream.yml - object_objectname: imagestream.yml - - - role: openshift/object - object_app: easyfix - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: easyfix - object_file: storage.yml - object_objectname: storage.yml - - - role: openshift/object - object_app: easyfix - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: easyfix - object_file: service.yml - object_objectname: service.yml - - # Routes - - role: openshift/route - route_app: easyfix - route_name: web - route_host: "easyfix.apps.ocp{{ env_suffix }}.fedoraproject.org" - route_servicename: web - route_serviceport: web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - - - role: openshift/object - object_app: easyfix - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - # Cron jobs - - role: openshift/object - object_app: easyfix - object_template: cron.yml.j2 - object_objectname: cron.yml diff --git a/playbooks/openshift-apps/elections.yml b/playbooks/openshift-apps/elections.yml deleted file mode 100644 index 1c5b14e9ee..0000000000 --- a/playbooks/openshift-apps/elections.yml +++ /dev/null @@ -1,121 +0,0 @@ ---- -- name: Setup the database - hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Elections DB user - community.postgresql.postgresql_user: - name: "{{ elections_db_user }}" - password: "{{ (env == 'production') | ternary(elections_db_pass, elections_stg_db_pass) }}" - - name: Elections database creation - community.postgresql.postgresql_db: - name: "{{ elections_db_name }}" - owner: "{{ elections_db_user }}" - encoding: UTF-8 - - -- name: Make the app be real - hosts: os_control_stg[0]:os_control[0] - user: root - gather_facts: false - vars: - elections_oidc_overwrite_redirect_uri: >- - https://elections{{ env_suffix }}.fedoraproject.org/oidc_callback - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: rabbit/user - user_name: "elections{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fedora_elections\..* - - - role: openshift/project - project_app: elections - project_description: Fedora Elections apps - project_appowners: - - bcotton - tags: - - appowners - - - role: openshift/keytab - keytab_app: elections - keytab_key: service.keytab - keytab_secret_name: elections-keytab - keytab_service: HTTP - keytab_host: "elections{{ env_suffix }}.fedoraproject.org" - - - role: openshift/ipa-client - ipa_client_app: elections - - - role: openshift/object - object_app: elections - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: elections - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/secret-file - secret_file_app: elections - secret_file_secret_name: elections-fedora-messaging-key - secret_file_key: elections.key - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/elections{{env_suffix}}.key" - - - role: openshift/secret-file - secret_file_app: elections - secret_file_secret_name: elections-fedora-messaging-crt - secret_file_key: elections.crt - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/elections{{env_suffix}}.crt" - - - role: openshift/secret-file - secret_file_app: elections - secret_file_secret_name: elections-fedora-messaging-ca - secret_file_key: elections.ca - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - - role: openshift/object - object_app: elections - object_template: secret.yml.j2 - object_objectname: secret.yml - - - role: openshift/object - object_app: elections - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/start-build - start_build_app: elections - start_build_buildname: elections-build - start_build_objectname: elections-build - tags: - - never - - build - - - role: openshift/object - object_app: elections - object_file: service.yml - object_objectname: service.yml - - - role: openshift/route - route_app: elections - route_name: elections - route_host: "elections{{ env_suffix }}.fedoraproject.org" - route_serviceport: 8000-tcp - route_servicename: elections - - - role: openshift/object - object_app: elections - object_file: deploymentconfig.yml - object_objectname: deploymentconfig.yml diff --git a/playbooks/openshift-apps/fasjson.yml b/playbooks/openshift-apps/fasjson.yml deleted file mode 100644 index 69ebb93e3f..0000000000 --- a/playbooks/openshift-apps/fasjson.yml +++ /dev/null @@ -1,125 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - vars: - - roles: - - role: openshift/project - project_app: fasjson - project_description: "Accounts API" - project_appowners: - - abompard - - nils - - ryanlerch - - kevin - tags: - - apply-appowners - when: env == "production" - - role: openshift/project - project_app: fasjson - project_description: "Accounts API" - project_appowners: - - abompard - - nils - - ryanlerch - - kevin - tags: - - apply-appowners - when: env == "staging" - - # Declare the service in IPA - - role: ipa/service - host: "fasjson{{ env_suffix }}.fedoraproject.org" - service: HTTP - - # Setup kerberos delegation - - role: ipa/servicedelegationtarget - targetname: ipa-http - members: - - { host: "{{ ipa_server }}", service: "HTTP" } - - role: ipa/servicedelegationrule - rulename: fasjson - members: - - { host: "fasjson{{ env_suffix }}.fedoraproject.org", service: "HTTP" } - targets: - - ipa-http - - ipa-ldap - # The ipa-ldap delegation target is declared during IPA installation - - # Keytabs - - role: openshift/keytab - keytab_app: fasjson - keytab_key: http - keytab_secret_name: fasjson-keytab-http - keytab_service: HTTP - keytab_host: "fasjson{{ env_suffix }}.fedoraproject.org" - - # Session secret key - - role: openshift/secret-file - secret_file_app: fasjson - secret_file_secret_name: session-key - secret_file_key: session.key - secret_file_privatefile: "fasjson/session.{{env}}.key" - - - role: openshift/imagestream - imagestream_app: fasjson - imagestream_imagename: fasjson - - - role: openshift/object - object_app: fasjson - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: fasjson - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/ipa-client - ipa_client_app: fasjson - - - role: openshift/object - object_app: fasjson - object_file: service.yml - object_objectname: service.yml - - - role: openshift/route - route_app: fasjson - route_name: fasjson - route_host: "fasjson{{ env_suffix }}.fedoraproject.org" - route_serviceport: web - route_servicename: fasjson-web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - - - role: openshift/object - object_app: fasjson - object_template: secret-webhook.yml.j2 - object_objectname: secret-webhook.yml - - - role: openshift/object - object_app: fasjson - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - # - role: openshift/start-build - # start_build_app: fasjson - # start_build_buildname: fasjson - # tags: - # - never - # - build - - # - role: openshift/rollout - # rollout_app: noggin - # rollout_dcname: noggin - # tags: - # - never - # - rollout diff --git a/playbooks/openshift-apps/fedocal.yml b/playbooks/openshift-apps/fedocal.yml deleted file mode 100644 index 240d37ccca..0000000000 --- a/playbooks/openshift-apps/fedocal.yml +++ /dev/null @@ -1,90 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control_stg[0],os_control[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: rabbit/user - user_name: "fedocal{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fedocal\..* - - - role: openshift/project - project_app: fedocal - project_description: Fedora calendar apps - project_appowners: - - kevin - - - role: openshift/object - object_app: fedocal - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: fedocal - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/secret-file - secret_file_app: fedocal - secret_file_secret_name: fedocal-fedora-messaging-key - secret_file_key: fedocal.key - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/fedocal{{env_suffix}}.key" - - - role: openshift/secret-file - secret_file_app: fedocal - secret_file_secret_name: fedocal-fedora-messaging-crt - secret_file_key: fedocal.crt - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/fedocal{{env_suffix}}.crt" - - - role: openshift/secret-file - secret_file_app: fedocal - secret_file_secret_name: fedocal-fedora-messaging-ca - secret_file_key: fedocal.ca - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - - role: openshift/object - object_app: fedocal - object_template: secret.yml.j2 - object_objectname: secret.yml - - - role: openshift/object - object_app: fedocal - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/start-build - start_build_app: fedocal - start_build_buildname: fedocal-build - start_build_objectname: fedocal-build - tags: - - never - - build - - - role: openshift/object - object_app: fedocal - object_file: service.yml - object_objectname: service.yml - - - role: openshift/route - route_app: fedocal - route_name: fedocal - route_host: "calendar{{ env_suffix }}.fedoraproject.org" - route_serviceport: 8080-tcp - route_servicename: fedocal - - - role: openshift/object - object_app: fedocal - object_file: deploymentconfig.yml - object_objectname: deploymentconfig.yml - - - role: openshift/object - object_app: fedocal - object_file: cron.yml - object_objectname: cron.yml - when: env != 'staging' diff --git a/playbooks/openshift-apps/fedora-coreos-pipeline.yml b/playbooks/openshift-apps/fedora-coreos-pipeline.yml deleted file mode 100644 index 10765a2b23..0000000000 --- a/playbooks/openshift-apps/fedora-coreos-pipeline.yml +++ /dev/null @@ -1,65 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control:os_control_stg - user: root - gather_facts: false - - ############################################ - # actions to create the project in OpenShift - ############################################ - # to run: sudo rbac-playbook -l os_control_stg openshift-apps/fedora-coreos-pipeline.yml - roles: - - role: openshift-apps/fedora-coreos-pipeline - project_name: fedora-coreos-pipeline - project_description: Fedora CoreOS Pipeline - appowners: - - aaradhak - - azukku - - c4rt0 - - cverna - - dustymabe - - gursewak - - hhei - - jbtrystram - - jcapitao - - jlebon - - jmarrero - - jschinta - - kevin - - lravicha - - lsm5 - - luyang - - madhu-7 - - marmijo - - mnguyen - - mtarsel - - poorna - - ravanelli - - shilpi-das1 - - siosm - - spresti - - sumantrom - - tlbueno - - walters - - ydesouza - - pragyan-poudyal - - bipinbn - - rchandar - alert_users: - - aaradhak - - dustymabe - - gursewak - - jlebon - - marmijo - - ravanelli - - tlbueno - - ############################################### - # actions to delete the project from OpenShift - ############################################### - # to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/fedora-coreos-pipeline.yml - - role: openshift/object-delete - object_delete_app: fedora-coreos-pipeline - object_delete_objecttype: project - object_delete_objectname: fedora-coreos-pipeline - tags: [never, delete] diff --git a/playbooks/openshift-apps/fedora-ostree-pruner.yml b/playbooks/openshift-apps/fedora-ostree-pruner.yml deleted file mode 100644 index 260d3f4d0d..0000000000 --- a/playbooks/openshift-apps/fedora-ostree-pruner.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control:os_control_stg - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - ############################################ - # actions to create the project in OpenShift - ############################################ - # to run: sudo rbac-playbook -l os_control_stg openshift-apps/fedora-ostree-pruner.yml - roles: - - role: openshift/project - project_app: fedora-ostree-pruner - project_description: Prunes OSTree repositories based on policy - project_appowners: - - aaradhak - - c4rt0 - - dustymabe - - jlebon - - kevin - - marmijo - - - role: openshift/object - object_app: fedora-ostree-pruner - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: fedora-ostree-pruner - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: fedora-ostree-pruner - object_template: deployment.yml.j2 - object_objectname: deployment.yml - - - role: openshift/object - object_app: fedora-ostree-pruner - object_template: pvc.yml.j2 - object_objectname: pvc.yml - - ############################################### - # actions to delete the project from OpenShift - ############################################### - # to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/fedora-ostree-pruner.yml - - role: openshift/object-delete - object_delete_app: fedora-ostree-pruner - object_delete_objecttype: project - object_delete_objectname: fedora-ostree-pruner - tags: [never, delete] diff --git a/playbooks/openshift-apps/fedora-packages-static.yml b/playbooks/openshift-apps/fedora-packages-static.yml deleted file mode 100644 index 18526437af..0000000000 --- a/playbooks/openshift-apps/fedora-packages-static.yml +++ /dev/null @@ -1,80 +0,0 @@ ---- -- name: Make fedora-packages-static - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: fedora-packages-static - project_description: Fedora fedora-packages-static apps - project_appowners: - - mymindstorm - - kevin - - - role: openshift/object - object_app: fedora-packages-static - object_file: imagestream.yml - object_objectname: imagestream.yml - - - role: openshift/object - object_app: fedora-packages-static - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: fedora-packages-static - object_template: storage.yml.j2 - object_objectname: storage.yml - - - role: openshift/object - object_app: fedora-packages-static - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/start-build - start_build_app: fedora-packages-static - start_build_buildname: fedora-packages-static-build - start_build_objectname: fedora-packages-static-build - tags: - - never - - build - - - role: openshift/object - object_app: fedora-packages-static - object_file: service.yml - object_objectname: service.yml - - - role: openshift/route - route_app: fedora-packages-static - route_name: fedora-packages-static - route_host: "packages{{ env_suffix }}.fedoraproject.org" - route_serviceport: 8080-tcp - route_servicename: fedora-packages-static - - - role: openshift/object - object_app: fedora-packages-static - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - -############################################### -# actions to delete the project from OpenShift -############################################### -# to run: sudo rbac-playbook -l staging -t delete openshift-apps/fedora-packages-static.yml - - role: openshift/object-delete - object_delete_app: fedora-packages-static - object_delete_objecttype: project - object_delete_objectname: fedora-packages-static - tags: [never, delete] - - # to run: sudo rbac-playbook -l staging -t deletesolr openshift-apps/fedora-packages-static.yml - - role: openshift/object-delete - object_delete_app: solr - object_delete_objecttype: project - object_delete_objectname: solr - tags: [never, deletesolr] diff --git a/playbooks/openshift-apps/firmitas.yml b/playbooks/openshift-apps/firmitas.yml deleted file mode 100644 index d99437154b..0000000000 --- a/playbooks/openshift-apps/firmitas.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control_stg:os_control - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Firmitas Role - ansible.builtin.include_role: - name: openshift-apps/firmitas - tasks_from: main diff --git a/playbooks/openshift-apps/flask-oidc-dev.yml b/playbooks/openshift-apps/flask-oidc-dev.yml deleted file mode 100644 index 11e81db5cc..0000000000 --- a/playbooks/openshift-apps/flask-oidc-dev.yml +++ /dev/null @@ -1,73 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control_stg:os_control - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - vars: - - roles: - - role: openshift/project - project_app: flask-oidc-dev - project_description: "Authentication testing" - project_appowners: - - abompard - - dkirwan - - jamricha - - sidharthvipul - tags: - - apply-appowners - - - role: openshift/imagestream - imagestream_app: flask-oidc-dev - imagestream_imagename: flask-oidc-dev - - - role: openshift/object - object_app: flask-oidc-dev - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: flask-oidc-dev - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: flask-oidc-dev - object_file: service.yml - object_objectname: service.yml - - # - role: openshift/route - # route_app: test-auth - # route_name: test-auth - # route_host: "admin{{ env_suffix }}.fedoraproject.org" - # route_path: "/test-auth" - # route_serviceport: web - # route_servicename: test-auth - # route_annotations: - # haproxy.router.openshift.io/timeout: 5m - - - role: openshift/route - route_app: flask-oidc-dev - route_name: flask-oidc-dev - route_host: "app-flask-oidc-dev.apps.ocp{{ env_suffix }}.fedoraproject.org" - route_serviceport: web - route_servicename: flask-oidc-dev - route_annotations: - haproxy.router.openshift.io/timeout: 5m - when: ocp4 - - - role: openshift/object - object_app: flask-oidc-dev - object_template: secret-webhook.yml.j2 - object_objectname: secret-webhook.yml - - - role: openshift/object - object_app: flask-oidc-dev - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml diff --git a/playbooks/openshift-apps/flatpak-indexer.yml b/playbooks/openshift-apps/flatpak-indexer.yml deleted file mode 100644 index 7a61fd982e..0000000000 --- a/playbooks/openshift-apps/flatpak-indexer.yml +++ /dev/null @@ -1,64 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/roles/openshift-apps/flatpak-indexer/vars/{{ env }}.yml - - roles: - - role: openshift/project - project_app: flatpak-indexer - project_description: Fedora Flatpak Indexer apps - project_appowners: - - otaylor - - kevin - - kalev - - yselkowitz - - - role: openshift/object - object_app: flatpak-indexer - object_template: secret.yml.j2 - object_objectname: secret.yml - - - role: openshift/object - object_app: flatpak-indexer - object_file: imagestream.yml - object_objectname: imagestream.yml - - - role: openshift/object - object_app: flatpak-indexer - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: flatpak-indexer - object_template: storage.yml.j2 - object_objectname: storage.yml - - - role: openshift/object - object_app: flatpak-indexer - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/start-build - start_build_app: flatpak-indexer - # This will trigger the main build via a imageChange trigger - start_build_buildname: flatpak-indexer-tardiff-build - tags: - - never - - build - - - role: openshift/object - object_app: flatpak-indexer - object_file: service.yml - object_objectname: service.yml - - - role: openshift/object - object_app: flatpak-indexer - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml diff --git a/playbooks/openshift-apps/fmn.yml b/playbooks/openshift-apps/fmn.yml deleted file mode 100644 index 8ada26e242..0000000000 --- a/playbooks/openshift-apps/fmn.yml +++ /dev/null @@ -1,221 +0,0 @@ -# -# Fedora Messaging Notifications (FMN) -# - ---- -- name: Setup the database - hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: FMN DB user - community.postgresql.postgresql_user: - name: fmn - password: "{{ (env == 'production') | ternary(fmn_prod_db_password, fmn_stg_db_password) }}" - - name: FMN database creation - community.postgresql.postgresql_db: - name: fmn - owner: fmn - encoding: UTF-8 - -- name: Setup RabbitMQ - hosts: rabbitmq[0]:rabbitmq_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: rabbit/queue - queue_username: "fmn{{ env_suffix }}" - queue_name: "fmn{{ env_suffix }}" - queue_routing_keys: - # The FMN queue is subscribed to everything - - "#" - queue_thresholds: - warning: 20000 - critical: 25000 - # FMN sends messages when a rule is changed, to invalidate its cache - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fmn\..* - tags: - - config - - fedora-messaging - - rabbitmq_cluster - - # FMN also has an internal VHost for communication between the consumer - # (which listens to the Fedora Messaging bus on /pubsub) and the senders - # (which send messages to the various destinations such as email, IRC, - # Matrix). - - role: rabbit/vhost - vhost: /fmn - tags: - - config - - fedora-messaging - - rabbitmq_cluster - - tasks: - - name: Grant the fmn user access to the fmn vhost - community.rabbitmq.rabbitmq_user: - user: "fmn{{ env_suffix }}" - vhost: /fmn - configure_priv: .* - read_priv: .* - write_priv: .* - # We have to repeat the topic permissions here until this is fixed: - # https://github.com/ansible-collections/community.rabbitmq/issues/156 - topic_permissions: - - vhost: /pubsub - read_priv: .* - write_priv: ^org\.fedoraproject\.{{ env_short }}\.fmn\..* - tags: - - config - - fedora-messaging - - rabbitmq_cluster - - - name: Create the sending queues in the fmn vhost - community.rabbitmq.rabbitmq_queue: - name: "{{ item }}" - vhost: /fmn - auto_delete: no - durable: yes - # message_ttl: 300000 - state: present - login_user: admin - login_password: "{{ (env == 'production') | ternary(rabbitmq_admin_password_production, rabbitmq_admin_password_staging) }}" - with_items: - - email - - irc - - matrix - tags: - - config - - fedora-messaging - - rabbitmq_cluster - -- name: Make the app be real - hosts: os_control_stg:os_control - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - vars: - - roles: - - role: openshift/project - project_app: fmn - project_description: "Fedora Messaging Notifications" - project_appowners: - - abompard - - ryanlerch - - nphilipp - tags: - - apply-appowners - - - role: openshift/object - object_app: fmn - object_file: imagestream.yml - object_objectname: imagestream.yml - - - role: openshift/object - object_app: fmn - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: fmn - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: fmn - object_file: service.yml - object_objectname: service.yml - - # Routes - - role: openshift/route - route_app: fmn - route_name: frontend - route_host: "notifications{{ env_suffix }}.fedoraproject.org" - route_servicename: frontend - route_serviceport: web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - - role: openshift/route - route_app: fmn - route_name: api - route_host: "fmn-api.apps.ocp{{ env_suffix }}.fedoraproject.org" - route_servicename: api - route_serviceport: web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - # Sendria is an email sink for testing, to avoid sending actual emails. - - role: openshift/route - route_app: fmn - route_name: sendria - route_host: "fmn-email.apps.ocp{{ env_suffix }}.fedoraproject.org" - route_servicename: sendria - route_serviceport: web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - when: env == "staging" - - # Secrets - - role: openshift/object - object_app: fmn - object_template: secrets.yml.j2 - object_objectname: secrets.yml - - - role: openshift/object - object_app: fmn - object_template: secret-webhook.yml.j2 - object_objectname: secret-webhook.yml - - # Fedora Messaging - - role: openshift/secret-file - secret_file_app: fmn - secret_file_secret_name: fedora-messaging-ca - secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - role: openshift/secret-file - secret_file_app: fmn - secret_file_secret_name: fedora-messaging-crt - secret_file_key: fmn-cert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/fmn{{env_suffix}}.crt" - - role: openshift/secret-file - secret_file_app: fmn - secret_file_secret_name: fedora-messaging-key - secret_file_key: fmn-key.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/fmn{{env_suffix}}.key" - - # Deployment config - - role: openshift/object - object_app: fmn - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - # FASJSON access - - role: openshift/ipa-client - ipa_client_app: fmn - - role: openshift/keytab - keytab_app: fmn - keytab_key: service.keytab - keytab_secret_name: keytab - keytab_service: fmn - - # Cron jobs - - role: openshift/object - object_app: fmn - object_template: cron.yml.j2 - object_objectname: cron.yml diff --git a/playbooks/openshift-apps/forgejo.yml b/playbooks/openshift-apps/forgejo.yml deleted file mode 100644 index 73ef4af398..0000000000 --- a/playbooks/openshift-apps/forgejo.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control_stg #:os_control - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Forgejo Role - ansible.builtin.include_role: - name: openshift-apps/forgejo - tasks_from: main diff --git a/playbooks/openshift-apps/greenwave.yml b/playbooks/openshift-apps/greenwave.yml deleted file mode 100644 index 7461f9530a..0000000000 --- a/playbooks/openshift-apps/greenwave.yml +++ /dev/null @@ -1,120 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - "/srv/web/infra/ansible/vars/all/00-FedoraCycleNumber.yaml" - - "/srv/web/infra/ansible/vars/all/FedoraBranched.yaml" - - "/srv/web/infra/ansible/vars/all/FedoraBranchedNumber.yaml" - - "/srv/web/infra/ansible/vars/all/FedoraPreviousCycleNumber.yaml" - - "/srv/web/infra/ansible/vars/all/FedoraPreviousPrevious.yaml" - - "/srv/web/infra/ansible/vars/all/FedoraPreviousPreviousCycleNumber.yaml" - - "/srv/web/infra/ansible/vars/all/FedoraRawhideNumber.yaml" - - - roles: - - role: openshift/project - project_app: greenwave - project_description: greenwave - project_appowners: - - lholecek - - vmaljulin - - kevin - tags: - - apply-appowners - - - role: rabbit/user - user_name: greenwave{{ env_suffix }} - user_queue_name: greenwave{{ env_suffix }} - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.greenwave\..* - - - role: openshift/secret-file - secret_file_app: greenwave - secret_file_secret_name: greenwave-fedora-messaging-key - secret_file_key: greenwave.key - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/greenwave{{env_suffix}}.key" - - - role: openshift/secret-file - secret_file_app: greenwave - secret_file_secret_name: greenwave-fedora-messaging-crt - secret_file_key: greenwave.crt - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/greenwave{{env_suffix}}.crt" - - - role: openshift/secret-file - secret_file_app: greenwave - secret_file_secret_name: greenwave-fedora-messaging-ca - secret_file_key: greenwave.ca - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - - role: openshift/object - object_app: greenwave - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: greenwave - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: greenwave - object_file: service.yml - object_objectname: service.yml - - - role: openshift/route - route_app: greenwave - route_name: web-pretty - route_host: "greenwave{{ env_suffix }}.fedoraproject.org" - route_serviceport: web - route_servicename: greenwave-web - - # TODO -- someday retire this old route in favor of the pretty one above. - - role: openshift/object - object_app: greenwave - object_file: route.yml - object_objectname: route.yml - - - role: openshift/object - object_app: greenwave - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - tags: - - apply-deploymentconfig - - - role: openshift/rollout - rollout_app: greenwave - rollout_dcname: greenwave-web - tags: - - never - - rollout - - - role: openshift/rollout - rollout_app: greenwave - rollout_dcname: greenwave-fedmsg-consumers - tags: - - never - - rollout - -- name: Change the route haproxy default timeout - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Set the timeout to the openshift route - ansible.builtin.command: "oc -n greenwave annotate route {{ item }} --overwrite haproxy.router.openshift.io/timeout=750s" - with_items: - - greenwave-web - - web-pretty - tags: - - route-timeout diff --git a/playbooks/openshift-apps/ipsilon-website.yml b/playbooks/openshift-apps/ipsilon-website.yml deleted file mode 100644 index 1b94e6fa16..0000000000 --- a/playbooks/openshift-apps/ipsilon-website.yml +++ /dev/null @@ -1,58 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control_stg[0]:os_control[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - vars: - - roles: - - role: openshift/project - project_app: ipsilon-website - project_description: "ipsilon-project.org" - project_appowners: - - abompard - tags: - - apply-appowners - - - role: openshift/imagestream - imagestream_app: ipsilon-website - imagestream_imagename: ipsilon-website - - - role: openshift/object - object_app: ipsilon-website - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: ipsilon-website - object_file: service.yml - object_objectname: service.yml - - - role: openshift/route - route_app: ipsilon-website - route_name: web-internal - route_host: "ipsilon-website.apps.ocp{{ env_suffix }}.fedoraproject.org" - route_serviceport: web - route_servicename: web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - - - role: openshift/route - route_app: ipsilon-website - route_name: web - route_host: "ipsilon-project.org" - route_serviceport: web - route_servicename: web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - - - role: openshift/object - object_app: ipsilon-website - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml diff --git a/playbooks/openshift-apps/kanban.yml b/playbooks/openshift-apps/kanban.yml deleted file mode 100644 index b9e35ead9f..0000000000 --- a/playbooks/openshift-apps/kanban.yml +++ /dev/null @@ -1,134 +0,0 @@ ---- -- name: Prepare setting up the database - hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org - gather_facts: no - user: root - - tasks: - - name: Install psycopg2 for the postgresql ansible modules - ansible.builtin.package: - name: python3-psycopg2 - state: present - tags: - - packages - -- name: Setup PROD database - hosts: db01.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" - - tasks: - - name: Create the database user - community.postgresql.postgresql_user: - name: "{{ kanban_db_user }}" - password: "{{ kanban_db_pass }}" - - name: Create the database itself - community.postgresql.postgresql_db: - name: "{{ kanban_db_name }}" - owner: "{{ kanban_db_user }}" - encoding: UTF-8 - - name: Test the database creation - community.postgresql.postgresql_db: - name: "{{ kanban_db_name }}" - owner: "{{ kanban_db_user }}" - encoding: UTF-8 - -- name: Setup STG database - hosts: db01.stg.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" - - tasks: - - name: Create the database user - community.postgresql.postgresql_user: - name: "{{ kanban_db_user }}" - password: "{{ kanban_db_pass_stg }}" - - name: Create the database itself - community.postgresql.postgresql_db: - name: "{{ kanban_db_name }}" - owner: "{{ kanban_db_user }}" - encoding: UTF-8 - - name: Test the database creation - community.postgresql.postgresql_db: - name: "{{ kanban_db_name }}" - owner: "{{ kanban_db_user }}" - encoding: UTF-8 - -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: kanban - project_description: kanban - project_appowners: - - frantisekz - - jskladan - - lbrabec - - kparal - project_alert_users: - - frantisekz - tags: - - apply-appowners - - - role: openshift/object - object_app: kanban - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: kanban - object_template: deployment.yml.j2 - object_objectname: deployment.yml - - - role: openshift/object - object_app: kanban - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: kanban - object_file: service.yml - object_objectname: service.yml - - - role: openshift/object - object_app: kanban - object_template: secret.yml.j2 - object_objectname: secret.yml - - - role: openshift/object - object_app: kanban - object_template: cron.yml.j2 - object_objectname: cron.yml - - - role: openshift/route - route_app: kanban - route_name: kanban - route_host: "kanban.qa{{ env_suffix }}.fedoraproject.org" - route_serviceport: 8080-tcp - route_servicename: kanban-web - - - role: openshift/start-build - start_build_app: kanban - start_build_buildname: kanban-build - start_build_objectname: kanban-build - tags: - - never - - build diff --git a/playbooks/openshift-apps/kerneltest.yml b/playbooks/openshift-apps/kerneltest.yml deleted file mode 100644 index f0ffbfcae1..0000000000 --- a/playbooks/openshift-apps/kerneltest.yml +++ /dev/null @@ -1,111 +0,0 @@ ---- -- name: Setup the database - hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Kerneltest DB user - community.postgresql.postgresql_user: - name: "{{ (env == 'production') | ternary(kerneltest_db_user, kerneltest_stg_db_user) }}" - password: "{{ (env == 'production') | ternary(kerneltest_db_pass, kerneltest_stg_db_pass) }}" - - name: Kerneltest database creation - community.postgresql.postgresql_db: - name: "{{ kerneltest_db_name }}" - owner: "{{ (env == 'production') | ternary(kerneltest_db_user, kerneltest_stg_db_user) }}" - encoding: UTF-8 - - -- name: Make the app be real - hosts: os_control_stg:os_control - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - name: Include Global Variables - ansible.builtin.include_vars: - dir: /srv/web/infra/ansible/vars/all/ - ignore_files: README - - - roles: - - role: rabbit/user - user_name: "kerneltest{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.kerneltest\..* - - - role: openshift/project - project_app: kerneltest - project_description: kerneltest - project_appowners: - - pingou - - ryanlerch - tags: - - apply-appowners - - - role: openshift/secret-file - secret_file_app: kerneltest - secret_file_secret_name: fedora-messaging-ca - secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - role: openshift/secret-file - secret_file_app: kerneltest - secret_file_secret_name: fedora-messaging-crt - secret_file_key: kerneltest-cert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/kerneltest{{env_suffix}}.crt" - - role: openshift/secret-file - secret_file_app: kerneltest - secret_file_secret_name: fedora-messaging-key - secret_file_key: kerneltest-key.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/kerneltest{{env_suffix}}.key" - - - role: openshift/object - object_app: kerneltest - object_file: imagestream.yml - object_objectname: imagestream.yml - - - role: openshift/object - object_app: kerneltest - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: kerneltest - object_file: storage.yml - object_objectname: storage.yml - - - role: openshift/object - object_app: kerneltest - object_file: service.yml - object_objectname: service.yml - - - role: openshift/object - object_app: kerneltest - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/ipa-client - ipa_client_app: kerneltest - - - role: openshift/route - route_app: kerneltest - route_name: kerneltest - route_host: "kerneltest{{ env_suffix }}.fedoraproject.org" - route_serviceport: web - route_servicename: kerneltest-web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - - - role: openshift/object - object_app: kerneltest - object_file: deploymentconfig.yml - object_objectname: deploymentconfig.yml diff --git a/playbooks/openshift-apps/koschei.yml b/playbooks/openshift-apps/koschei.yml deleted file mode 100644 index aaa5256994..0000000000 --- a/playbooks/openshift-apps/koschei.yml +++ /dev/null @@ -1,88 +0,0 @@ ---- -- name: Provision koschei - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/roles/openshift-apps/koschei/vars/main.yml - - /srv/web/infra/ansible/roles/openshift-apps/koschei/vars/{{ env }}.yml - - roles: - - role: rabbit/queue - queue_username: "{{ app }}{{ env_suffix }}" - queue_name: "{{ app }}{{ env_suffix }}" - queue_routing_keys: [] - queue_message_ttl: 60000 - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(koschei|ci)\..* - - - role: openshift/project - project_app: "{{ app }}" - project_description: "{{ description }}" - - - role: openshift/keytab - keytab_app: "{{ app }}" - keytab_secret_name: keytab - keytab_key: krb5.keytab - keytab_service: koschei - keytab_host: "koschei-backend01{{ env_suffix }}.iad2.fedoraproject.org" - - - role: openshift/route - route_app: "{{ app }}" - route_name: frontend - route_host: "koschei{{ env_suffix }}.fedoraproject.org" - route_serviceport: web - route_servicename: frontend - route_annotations: - haproxy.router.openshift.io/set-forwarded-headers: append - haproxy.router.openshift.io/timeout: 180s - - tasks: - - name: Apply objects - ansible.builtin.include_role: - name: openshift/object - vars: - object_app: "{{ app }}" - object_template: "{{ item }}.yml" - object_objectname: "{{ item }}.yml" - with_items: - - imagestream - - frontend-config - - backend-config - - admin-config - - admin-deployment - - frontend-deployment - - frontend-service - - - name: Apply Deployment - ansible.builtin.include_role: - name: openshift/object - vars: - object_app: "{{ app }}" - object_template: backend-deployment.yml - object_objectname: "{{ item.name }}-deployment.yml" - object_service: "{{ item.name }}" - object_min_cpu: "{{ item.cpu[0] }}" - object_max_cpu: "{{ item.cpu[1] }}" - object_min_mem: "{{ item.memory[0] }}" - object_max_mem: "{{ item.memory[1] }}" - with_items: "{{ koschei_backend_services }}" - loop_control: - label: "{{ item.name }}" - - - name: Apply CronJob - ansible.builtin.include_role: - name: openshift/object - vars: - object_app: "{{ app }}" - object_template: cronjob.yml - object_objectname: "{{ item.name }}-cronjob.yml" - object_name: "{{ item.name }}" - object_schedule: "{{ item.schedule }}" - object_command: "{{ item.command }}" - with_items: "{{ koschei_cron_jobs }}" - loop_control: - label: "{{ item.name }}" diff --git a/playbooks/openshift-apps/languages.yml b/playbooks/openshift-apps/languages.yml deleted file mode 100644 index bb9c990a4d..0000000000 --- a/playbooks/openshift-apps/languages.yml +++ /dev/null @@ -1,103 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: languages - project_description: Localization measurement and tooling - project_appowners: - - darknao - - jibecfed - - - role: openshift/object - object_app: languages - object_objectname: imagestream.yml - object_template: imagestream.yml.j2 - - - role: openshift/object - object_app: languages - object_objectname: buildconfig.yml - object_template: buildconfig.yml.j2 - - - role: openshift/start-build - start_build_app: languages - start_build_buildname: build-latest - tags: - - never - - build - - - role: openshift/object - object_app: languages - object_template: service.yml.j2 - object_objectname: service.yml - - - role: openshift/route - route_app: languages - route_name: languages - route_host: "languages{{ env_suffix }}.fedoraproject.org" - route_serviceport: web - route_servicename: web - - - role: openshift/object - object_app: languages - object_template: pvc.yml.j2 - object_objectname: pvc.yml - - - role: openshift/object - object_app: languages - object_template: deployment.yml.j2 - object_objectname: deployment.yml - - - role: openshift/object - object_app: languages - object_template: cron.yml.j2 - object_objectname: cron.yml - -############################################### -# actions to delete the project from OpenShift -############################################### -# to run: sudo rbac-playbook -l os_masters_stg[0] -t delete openshift-apps/languages.yml - - role: openshift/object-delete - object_delete_app: languages - object_delete_objecttype: project - object_delete_objectname: languages - tags: - - never - - delete - - post_tasks: - - name: Run initial f.10 import - ansible.builtin.command: "oc -n languages create job stats-10-{{ lookup('pipe', 'date +%s') }}-init --from=cronjob/stats-10" - tags: - - never - - init - - f10 - - - name: Run initial f.20 import - ansible.builtin.command: "oc -n languages create job stats-20-{{ lookup('pipe', 'date +%s') }}-init --from=cronjob/stats-20" - tags: - - never - - init - - f20 - - - name: Run initial f.30 import - ansible.builtin.command: "oc -n languages create job stats-30-{{ lookup('pipe', 'date +%s') }}-init --from=cronjob/stats-30" - tags: - - never - - init - - f30 - - - name: Run initial f.latest import - ansible.builtin.command: "oc -n languages create job stats-latest-{{ lookup('pipe', 'date +%s') }}-init --from=cronjob/stats-latest" - tags: - - never - - init - - latest diff --git a/playbooks/openshift-apps/maubot.yml b/playbooks/openshift-apps/maubot.yml deleted file mode 100644 index 003d71c5f7..0000000000 --- a/playbooks/openshift-apps/maubot.yml +++ /dev/null @@ -1,126 +0,0 @@ ---- -- name: Setup the database - hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Maubot DB user - community.postgresql.postgresql_user: - name: maubot - password: "{{ (env == 'production') | ternary(maubot_prod_db_password, maubot_stg_db_password) }}" - - name: Maubot database creation - community.postgresql.postgresql_db: - name: maubot - owner: maubot - encoding: UTF-8 - -- name: Make the app be real - hosts: os_control_stg:os_control - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: rabbit/user - user_name: "maubot{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(meetbot|maubot)\..* - - - role: openshift/project - project_app: maubot - project_description: Maubot - project_appowners: - - ryanlerch - - kevin - - - role: openshift/keytab - keytab_app: maubot - keytab_key: service.keytab - keytab_secret_name: maubot-keytab - keytab_service: HTTP - keytab_host: "maubot.apps.ocp{{env_suffix}}.fedoraproject.org" - - - role: openshift/ipa-client - ipa_client_app: maubot - - - role: openshift/object - object_app: maubot - object_file: imagestream.yml - object_objectname: imagestream.yml - - - role: openshift/object - object_app: maubot - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: maubot - object_template: meetbot-logs-volume.yml.j2 - object_objectname: meetbot-logs-volume.yml - - - role: openshift/object - object_app: maubot - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/secret-file - secret_file_app: maubot - secret_file_secret_name: maubot-fedora-messaging-key - secret_file_key: maubot.key - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/maubot{{env_suffix}}.key" - - - role: openshift/secret-file - secret_file_app: maubot - secret_file_secret_name: maubot-fedora-messaging-crt - secret_file_key: maubot.crt - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/maubot{{env_suffix}}.crt" - - - role: openshift/secret-file - secret_file_app: maubot - secret_file_secret_name: maubot-fedora-messaging-ca - secret_file_key: maubot.ca - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - - role: openshift/start-build - start_build_app: maubot - start_build_buildname: maubot-build - start_build_objectname: maubot-build - tags: - - never - - build - - - role: openshift/object - object_app: maubot - object_file: service.yml - object_objectname: service.yml - - - role: openshift/route - route_app: maubot - route_name: maubot - route_host: "maubot.apps.ocp{{ env_suffix }}.fedoraproject.org" - route_serviceport: maubot - route_servicename: maubot - - - role: openshift/object - object_app: maubot - object_file: deployment.yml - object_objectname: deployment.yml - - ############################################### - # actions to delete the project from OpenShift - ############################################### - # to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/maubot.yml - - role: openshift/object-delete - object_delete_app: maubot - object_delete_objecttype: project - object_delete_objectname: maubot - tags: [never, delete] diff --git a/playbooks/openshift-apps/mdapi.yml b/playbooks/openshift-apps/mdapi.yml deleted file mode 100644 index b0902cd9e5..0000000000 --- a/playbooks/openshift-apps/mdapi.yml +++ /dev/null @@ -1,99 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control_stg[0]:os_control[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: rabbit/user - user_name: "mdapi{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.mdapi\..* - - - role: openshift/project - project_app: mdapi - project_description: mdapi is a small API exposing the metadata contained in different RPM repositories. - project_appowners: - - t0xic0der - - kevin - - - role: openshift/object - object_app: mdapi - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: mdapi - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: mdapi - object_file: storage.yml - object_objectname: storage.yml - - - role: openshift/object - object_app: mdapi - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/secret-file - secret_file_app: mdapi - secret_file_secret_name: mdapi-fedora-messaging-key - secret_file_key: mdapi.key - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/mdapi{{env_suffix}}.key" - - - role: openshift/secret-file - secret_file_app: mdapi - secret_file_secret_name: mdapi-fedora-messaging-crt - secret_file_key: mdapi.crt - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/mdapi{{env_suffix}}.crt" - - - role: openshift/secret-file - secret_file_app: mdapi - secret_file_secret_name: mdapi-fedora-messaging-ca - secret_file_key: mdapi.ca - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - - role: openshift/object - object_app: mdapi - object_file: cron.yml - object_objectname: cron.yml - tags: - - cron-job - - - role: openshift/start-build - start_build_app: mdapi - start_build_buildname: mdapi-build - start_build_objectname: mdapi-build - tags: - - never - - build - - - role: openshift/object - object_app: mdapi - object_file: service.yml - object_objectname: service.yml - - - role: openshift/route - route_app: mdapi - route_name: mdapi - route_host: "mdapi{{env_suffix}}.fedoraproject.org" - route_serviceport: 8080-tcp - route_servicename: mdapi - - - role: openshift/object - object_app: mdapi - object_file: deploymentconfig.yml - object_objectname: deploymentconfig.yml - - - role: openshift/rollout - rollout_app: mdapi - rollout_dcname: mdapi - tags: - - never - - rollout diff --git a/playbooks/openshift-apps/mirrormanager.yml b/playbooks/openshift-apps/mirrormanager.yml deleted file mode 100644 index 54781e6e71..0000000000 --- a/playbooks/openshift-apps/mirrormanager.yml +++ /dev/null @@ -1,179 +0,0 @@ -# -# MirrorManager -# - ---- -- name: Setup the database - hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/vars/apps/mirrormanager.yml - - tasks: - - name: DB user - community.postgresql.postgresql_user: - name: "{{ (env == 'production') | ternary(mirrormanager_db_user, mirrormanager_stg_db_user) }}" - password: "{{ (env == 'production') | ternary(mirrormanager_db_pass, mirrormanager_stg_db_pass) }}" - - name: FMN database creation - community.postgresql.postgresql_db: - name: "{{ (env == 'production') | ternary(mirrormanager_db_name, mirrormanager_stg_db_name) }}" - owner: "{{ (env == 'production') | ternary(mirrormanager_db_user, mirrormanager_stg_db_user) }}" - encoding: UTF-8 - -- name: Make the app be real - hosts: os_control_stg:os_control - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/vars/apps/mirrormanager.yml - - roles: - - role: rabbit/user - user_name: "mirrormanager{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.mirrormanager\..* - tags: - - config - - fedora-messaging - - rabbitmq_cluster - - - role: openshift/project - project_app: mirrormanager - project_description: "MirrorManager" - project_appowners: - - abompard - - nphilipp - - adrian - project_allow_pod_creation: true - tags: - - apply-appowners - - - role: openshift/object - object_app: mirrormanager - object_file: imagestream.yml - object_objectname: imagestream.yml - - - role: openshift/object - object_app: mirrormanager - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: mirrormanager - object_file: storage.yml - object_objectname: storage.yml - - - role: openshift/object - object_app: mirrormanager - object_template: secrets.yml.j2 - object_objectname: secrets.yml - - - role: openshift/object - object_app: mirrormanager - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: mirrormanager - object_file: service.yml - object_objectname: service.yml - - # Routes - - role: openshift/route - route_app: mirrormanager - route_name: frontend - route_host: "{{ mirrormanager_hostname }}" - route_servicename: frontend - route_serviceport: web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - - - role: openshift/route - route_app: mirrormanager - route_name: frontend-openshift - route_host: "mirrormanager.apps.ocp{{ env_suffix }}.fedoraproject.org" - route_servicename: frontend - route_serviceport: web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - when: mirrormanager_hostname != "mirrormanager.apps.ocp{}.fedoraproject.org".format(env_suffix) - - # SSH key to get the access logs - - role: openshift/secret-file - secret_file_app: mirrormanager - secret_file_secret_name: ssh-mirrorlist-proxies-key - secret_file_key: ssh_mirrorlist_proxies.key - secret_file_privatefile: "mirrormanager/id_rsa" - - # Fedora Messaging - - role: openshift/secret-file - secret_file_app: mirrormanager - secret_file_secret_name: fedora-messaging-ca - secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - role: openshift/secret-file - secret_file_app: mirrormanager - secret_file_secret_name: fedora-messaging-crt - secret_file_key: cert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/mirrormanager{{env_suffix}}.crt" - - role: openshift/secret-file - secret_file_app: mirrormanager - secret_file_secret_name: fedora-messaging-key - secret_file_key: key.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/mirrormanager{{env_suffix}}.key" - - # Deployment config - - role: openshift/object - object_app: mirrormanager - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - # Cron jobs - - role: openshift/object - object_app: mirrormanager - object_template: cron-crawler.yml.j2 - object_objectname: cron-crawler.yml - when: env == "production" - - role: openshift/object - object_app: mirrormanager - object_template: cron-propagation.yml.j2 - object_objectname: cron-propagation.yml - when: env == "production" - - role: openshift/object - object_app: mirrormanager - object_template: cron-accesses.yml.j2 - object_objectname: cron-accesses.yml - - role: openshift/object - object_app: mirrormanager - object_template: cron-mirrorlist-cache.yml.j2 - object_objectname: cron-mirrorlist-cache.yml - - role: openshift/object - object_app: mirrormanager - object_template: cron-geoip.yml.j2 - object_objectname: cron-geoip.yml - - role: openshift/object - object_app: mirrormanager - object_template: cron-primary-mirror.yml.j2 - object_objectname: cron-primary-mirror.yml - - - role: openshift/start-build - start_build_app: mirrormanager - start_build_buildname: mm - tags: - - never - - build - - - role: openshift/rollout - rollout_app: mirrormanager - rollout_dcname: frontend - tags: - - never - - rollout diff --git a/playbooks/openshift-apps/mote.yml b/playbooks/openshift-apps/mote.yml deleted file mode 100644 index 7c66a4c00a..0000000000 --- a/playbooks/openshift-apps/mote.yml +++ /dev/null @@ -1,114 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: mote - project_description: Mote v2 - project_appowners: - - darknao - - t0xic0der - - ryanlerch - tags: - - appowners - - - role: openshift/imagestream - imagestream_app: mote - imagename: mote - - - role: openshift/object - object_app: mote - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: mote - object_template: mote-dc.yml.j2 - object_objectname: mote-dc.yml - - - role: openshift/object - object_app: mote - object_template: mote-worker-dc.yml.j2 - object_objectname: mote-worker-dc.yml - - - role: openshift/object - object_app: mote - object_template: fedmsg-dc.yml.j2 - object_objectname: fedmsg-dc.yml - - - role: openshift/object - object_app: mote - object_template: redis-is.yml.j2 - object_objectname: redis-is.yml - - - role: openshift/object - object_app: mote - object_template: redis-dc.yml.j2 - object_objectname: redis-dc.yml - - - role: openshift/object - object_app: mote - object_template: redis-svc.yml.j2 - object_objectname: redis-svc.yml - - - role: openshift/object - object_app: mote - object_template: mote-svc.yml.j2 - object_objectname: mote-svc.yml - - - role: openshift/object - object_app: mote - object_template: mote-cm.yml.j2 - object_objectname: mote-cm.yml - - - role: openshift/object - object_app: mote - object_template: secret.yml.j2 - object_objectname: secret.yml - - - role: openshift/object - object_app: mote - object_template: fedmsg-cm.yml.j2 - object_objectname: fedmsg-cm.yml - - - role: openshift/object - object_app: mote - object_template: pvc.yml.j2 - object_objectname: pvc.yml - - - role: openshift/route - route_app: mote - route_name: mote - route_serviceport: mote-tcp - route_servicename: mote - route_host: "meetbot{{ env_suffix }}.fedoraproject.org" - route_annotations: - haproxy.router.openshift.io/set-forwarded-headers: append - - - role: openshift/start-build - start_build_app: mote - start_build_buildname: mote - start_build_objectname: mote - tags: - - never - - build - -# -############################################### -# actions to delete the project from OpenShift -############################################### -# to run: sudo rbac-playbook -l os_control_stg[0] -t delete openshift-apps/mote.yml - - role: openshift/object-delete - object_delete_app: mote - object_delete_objecttype: project - object_delete_objectname: mote - tags: - - never - - delete diff --git a/playbooks/openshift-apps/noggin-centos.yml b/playbooks/openshift-apps/noggin-centos.yml deleted file mode 100644 index 4c1314007e..0000000000 --- a/playbooks/openshift-apps/noggin-centos.yml +++ /dev/null @@ -1,121 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - vars: - - roles: - - role: rabbit/user - user_name: "noggin{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fas\..* - - - role: openshift/project - project_app: noggin-centos - project_description: "Self-service account portal" - project_appowners: - - abompard - - nils - - ryanlerch - tags: - - apply-appowners - when: env == "production" - - role: openshift/project - project_app: noggin-centos - project_description: "Self-service account portal" - project_appowners: - - abompard - - nils - - ryanlerch - tags: - - apply-appowners - when: env == "staging" - - - role: openshift/secret-file - secret_file_app: noggin-centos - secret_file_secret_name: fedora-messaging-ca - secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - role: openshift/secret-file - secret_file_app: noggin-centos - secret_file_secret_name: fedora-messaging-crt - secret_file_key: noggin-cert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/noggin{{env_suffix}}.crt" - - role: openshift/secret-file - secret_file_app: noggin-centos - secret_file_secret_name: fedora-messaging-key - secret_file_key: noggin-key.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/noggin{{env_suffix}}.key" - - - role: openshift/imagestream - imagestream_app: noggin-centos - imagestream_imagename: noggin - - - role: openshift/object - object_app: noggin - object_os_app: noggin-centos - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: noggin - object_os_app: noggin-centos - object_template: configmap.yml.j2 - object_objectname: configmap.yml - noggin_theme: centos - - - role: openshift/ipa-client - ipa_client_app: noggin-centos - - - role: openshift/object - object_app: noggin - object_os_app: noggin-centos - object_template: service.yml.j2 - object_objectname: service.yml - - - role: openshift/route - route_app: noggin-centos - route_name: noggin - route_host: "accounts{{ env_suffix }}.centos.org" - route_serviceport: web - route_servicename: noggin-web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - - - role: openshift/object - object_app: noggin - object_os_app: noggin-centos - object_template: secrets.yml.j2 - object_objectname: secrets.yml - - - role: openshift/object - object_app: noggin - object_os_app: noggin-centos - object_template: secret-webhook.yml.j2 - object_objectname: secret-webhook.yml - - - role: openshift/object - object_app: noggin - object_os_app: noggin-centos - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - - role: openshift/start-build - start_build_app: noggin-centos - start_build_buildname: noggin - tags: - - never - - build - - - role: openshift/rollout - rollout_app: noggin-centos - rollout_dcname: noggin - tags: - - never - - rollout diff --git a/playbooks/openshift-apps/noggin.yml b/playbooks/openshift-apps/noggin.yml deleted file mode 100644 index 54b84bb6dc..0000000000 --- a/playbooks/openshift-apps/noggin.yml +++ /dev/null @@ -1,116 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - vars: - - roles: - - role: rabbit/user - user_name: "noggin{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.fas\..* - - - role: openshift/project - project_app: noggin - project_description: "Self-service account portal" - project_appowners: - - abompard - - nils - - ryanlerch - tags: - - apply-appowners - when: env == "production" - - role: openshift/project - project_app: noggin - project_description: "Self-service account portal" - project_appowners: - - abompard - - nils - - ryanlerch - tags: - - apply-appowners - when: env == "staging" - - - role: openshift/secret-file - secret_file_app: noggin - secret_file_secret_name: fedora-messaging-ca - secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - role: openshift/secret-file - secret_file_app: noggin - secret_file_secret_name: fedora-messaging-crt - secret_file_key: noggin-cert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/noggin{{env_suffix}}.crt" - - role: openshift/secret-file - secret_file_app: noggin - secret_file_secret_name: fedora-messaging-key - secret_file_key: noggin-key.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/noggin{{env_suffix}}.key" - - - role: openshift/imagestream - imagestream_app: noggin - imagestream_imagename: noggin - - - role: openshift/object - object_app: noggin - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: noggin - object_template: configmap.yml.j2 - object_objectname: configmap.yml - noggin_theme: fas - - - role: openshift/ipa-client - ipa_client_app: noggin - - - role: openshift/object - object_app: noggin - object_template: service.yml.j2 - object_objectname: service.yml - - - role: openshift/route - route_app: noggin - route_name: noggin - route_host: "accounts{{ env_suffix }}.fedoraproject.org" - route_serviceport: web - route_servicename: noggin-web - route_annotations: - haproxy.router.openshift.io/timeout: 5m - haproxy.router.openshift.io/set-forwarded-headers: append - - - role: openshift/object - object_app: noggin - object_template: secrets.yml.j2 - object_objectname: secrets.yml - - - role: openshift/object - object_app: noggin - object_template: secret-webhook.yml.j2 - object_objectname: secret-webhook.yml - - - role: openshift/object - object_app: noggin - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - - role: openshift/start-build - start_build_app: noggin - start_build_buildname: noggin - tags: - - never - - build - - - role: openshift/rollout - rollout_app: noggin - rollout_dcname: noggin - tags: - - never - - rollout diff --git a/playbooks/openshift-apps/openscanhub.yml b/playbooks/openshift-apps/openscanhub.yml deleted file mode 100644 index 41007c08e6..0000000000 --- a/playbooks/openshift-apps/openscanhub.yml +++ /dev/null @@ -1,176 +0,0 @@ ---- -- name: OpenScanHub - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - vars: - - ocp4: true - - openscanhub_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.openscanhub\..* - - pre_tasks: - - name: Include Global Variables - ansible.builtin.include_vars: - dir: /srv/web/infra/ansible/vars/all/ - ignore_files: README - - roles: - - role: openshift/project - project_app: openscanhub - project_description: openscanhub - project_appowners: - - praiskup - - svashisht - - kevin - - zlopez - tags: - - apply-appowners - when: env == "production" - - role: openshift/project - project_app: openscanhub - project_description: openscanhub - project_appowners: - - praiskup - - svashisht - - kevin - - zlopez - tags: - - apply-appowners - when: env == "staging" - - role: openshift/object - object_app: openscanhub - object_template: pvc-var-lib-osh.yml.j2 - object_objectname: pvc-var-lib-osh - - role: openshift/object - object_app: openscanhub - object_template: settings-local-configmap.yml.j2 - object_objectname: settings-local-configmap - - role: openshift/object - object_app: openscanhub - object_template: osh-hub-httpd-configmap.yml.j2 - object_objectname: osh-hub-httpd-configmap - - role: openshift/keytab - keytab_app: openscanhub - keytab_key: service.keytab - keytab_secret_name: openscanhub-keytab - keytab_service: HTTP - keytab_host: "openscanhub.stg.fedoraproject.org" - when: env == "staging" - - role: openshift/keytab - keytab_app: openscanhub - keytab_key: service.keytab - keytab_secret_name: openscanhub-keytab - keytab_service: HTTP - keytab_host: "openscanhub.fedoraproject.org" - when: env == "production" - - role: openshift/object - object_app: openscanhub - object_template: deployment-fedora-osh-hub.yml.j2 - object_objectname: deployment-fedora-osh-hub - - role: openshift/object - object_app: openscanhub - object_template: route-fedora-osh-hub.yml.j2 - object_objectname: route-fedora-osh-hub - - role: openshift/object - object_app: openscanhub - object_file: service-fedora-osh-hub.yml - object_objectname: service-fedora-osh-hub - - # Configurations for redis. - - role: openshift/object - object_app: openscanhub - object_template: pvc-var-lib-redis-data.yml.j2 - object_objectname: pvc-var-lib-redis-data - - role: openshift/object - object_app: openscanhub - object_file: deployment-redis.yml - object_objectname: deployment-redis - - role: openshift/object - object_app: openscanhub - object_file: route-redis.yml - object_objectname: route-redis - - role: openshift/object - object_app: openscanhub - object_file: service-redis.yml - object_objectname: service-redis - - # Configurations for resalloc-server. - - role: openshift/object - object_app: openscanhub - object_template: etc-resallocserver-server-configmap.yml.j2 - object_objectname: etc-resallocserver-server-configmap - - role: openshift/object - object_app: openscanhub - object_template: etc-resallocserver-pools-configmap.yml.j2 - object_objectname: etc-resallocserver-pools-configmap - - role: openshift/object - object_app: openscanhub - object_template: vm-provisioning-configmap.yml.j2 - object_objectname: vm-provisioning-configmap - - role: openshift/object - object_app: openscanhub - object_template: aws-credentials-configmap.yml.j2 - object_objectname: aws-credentials-configmap - - role: openshift/object - object_app: openscanhub - object_template: aws-openscanhub-key.yml.j2 - object_objectname: aws-openscanhub-key - - role: openshift/object - object_app: openscanhub - object_template: deployment-resalloc-server.yml.j2 - object_objectname: deployment-resalloc-server - - role: openshift/object - object_app: openscanhub - object_template: route-resalloc-server.yml.j2 - object_objectname: route-resalloc-server - - role: openshift/object - object_app: openscanhub - object_template: service-resalloc-server.yml.j2 - object_objectname: service-resalloc-server - - # Configurations for Fedora messaging - - role: rabbit/user - user_name: "openscanhub{{ env_suffix }}" - user_sent_topics: "{{ openscanhub_sent_topics }}" - - - role: rabbit/queue - queue_username: "openscanhub{{ env_suffix }}" - queue_name: "openscanhub{{ env_suffix }}" - queue_routing_keys: "org.fedoraproject.*.openscanhub.scan.started" - queue_thresholds: - warning: 10 - critical: 100 - user_sent_topics: "{{ openscanhub_sent_topics }}" - - - role: openshift/secret-file - secret_file_app: openscanhub - secret_file_secret_name: openscanhub-fedora-messaging-ca - secret_file_key: fedora-messaging-openscanhub-ca.crt - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - role: openshift/secret-file - secret_file_app: openscanhub - secret_file_secret_name: openscanhub-fedora-messaging-key - secret_file_key: fedora-messaging-openscanhub.key - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/openscanhub{{env_suffix}}.key" - - role: openshift/secret-file - secret_file_app: openscanhub - secret_file_secret_name: openscanhub-fedora-messaging-cert - secret_file_key: fedora-messaging-openscanhub.crt - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/openscanhub{{env_suffix}}.crt" - - role: openshift/object - object_app: openscanhub - object_template: fedora-messaging-configmap.yml.j2 - object_objectname: fedora-messaging-configmap - - # sudo rbac-playbook -l staging -t delete openshift-apps/openscanhub.yml - - role: openshift/object-delete - object_delete_app: openscanhub - object_delete_objecttype: project - object_delete_objectname: openscanhub - tags: [never, delete] - when: env == "staging" diff --git a/playbooks/openshift-apps/openvpn.yml b/playbooks/openshift-apps/openvpn.yml deleted file mode 100644 index 5630439720..0000000000 --- a/playbooks/openshift-apps/openvpn.yml +++ /dev/null @@ -1,87 +0,0 @@ ---- -- name: Make the app be real - # We don't have any VPN set up on stg - hosts: os_control[0]:os-control01.rdu3.fedoraproject.org - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - vars: - - roles: - - role: openshift/project - project_app: openvpn - project_description: Openvpn Client - project_appowners: - - kevin - tags: - - apply-appowners - - - role: openshift/object - object_app: openvpn - object_objectname: imagestream.yml - object_template: imagestream.yml.j2 - - - role: openshift/object - object_app: openvpn - object_objectname: buildconfig.yml - object_template: buildconfig.yml.j2 - - - role: openshift/object - object_app: openvpn - object_template: serviceaccount.yml.j2 - object_objectname: serviceaccount.yml - - - role: openshift/object - object_app: openvpn - object_template: scc.yml.j2 - object_objectname: scc.yml - - - role: openshift/object - object_app: openvpn - object_template: scc_role.yml.j2 - object_objectname: scc_role.yml - - - role: openshift/object - object_app: openvpn - object_template: scc_rolebinding.yml.j2 - object_objectname: scc_rolebinding.yml - - # load openVPN client certs for each node in ocp_nodes into ocp secret - # expect certs to be generated in {{private}}/files/vpn/pki/issued/ - - role: openshift/object - object_app: openvpn - object_template: secrets.yml.j2 - object_objectname: secrets.yml - - - role: openshift/object - object_app: openvpn - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: openvpn - object_template: deployment.yml.j2 - object_objectname: deployment.yml - - - role: openshift/start-build - start_build_app: openvpn - start_build_buildname: openvpn - tags: - - never - - build - -############################################### -# actions to delete the project from OpenShift -############################################### -# to run: sudo rbac-playbook -l os_masters_stg[0] -t delete openshift-apps/openvpn.yml - - role: openshift/object-delete - object_delete_app: openvpn - object_delete_objecttype: project - object_delete_objectname: openvpn - tags: - - never - - delete diff --git a/playbooks/openshift-apps/oraculum.yml b/playbooks/openshift-apps/oraculum.yml deleted file mode 100644 index 0e44e6ea6c..0000000000 --- a/playbooks/openshift-apps/oraculum.yml +++ /dev/null @@ -1,138 +0,0 @@ ---- -- name: Prepare setting up the database - hosts: db01.stg.iad2.fedoraproject.org:db01.iad2.fedoraproject.org - gather_facts: no - user: root - - tasks: - - name: Install psycopg2 for the postgresql ansible modules - ansible.builtin.package: - name: python3-psycopg2 - state: present - tags: - - packages - -- name: Setup the database - hosts: db01.stg.iad2.fedoraproject.org:db01.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" - - tasks: - - name: Create the database user - community.postgresql.postgresql_user: - name: "{{ oraculum_db_user }}" - password: "{{ oraculum_db_pass }}" - - name: Create the database itself - community.postgresql.postgresql_db: - name: "{{ oraculum_db_name }}" - owner: "{{ oraculum_db_user }}" - encoding: UTF-8 - - name: Test the database creation - community.postgresql.postgresql_db: - name: "{{ oraculum_db_name }}" - owner: "{{ oraculum_db_user }}" - encoding: UTF-8 - -- name: Make the app be real - hosts: os_control_stg[0]:os_control[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: oraculum - project_description: Packager Dashboard - project_appowners: - - frantisekz - - jskladan - - lbrabec - - kparal - tags: - - appowners - - - role: openshift/object - object_app: oraculum - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: oraculum - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - - role: openshift/object - object_app: oraculum - object_template: deployment.yml.j2 - object_objectname: deployment.yml - - - role: openshift/object - object_app: oraculum - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: oraculum - object_file: service.yml - object_objectname: service.yml - - - role: openshift/object - object_app: oraculum - object_template: secret.yml.j2 - object_objectname: secret.yml - - - role: openshift/route - route_app: oraculum - route_name: oraculum-api - route_host: "packager-dashboard{{ env_suffix }}.fedoraproject.org" - route_path: "/api" - route_serviceport: 8080-tcp - route_servicename: oraculum-api-endpoint - route_annotations: - haproxy.router.openshift.io/set-forwarded-headers: append - - - role: openshift/route - route_app: oraculum - route_name: oraculum-oidc-callback - route_host: "packager-dashboard{{ env_suffix }}.fedoraproject.org" - route_path: "/oidc_callback" - route_serviceport: 8080-tcp - route_servicename: oraculum-api-endpoint - route_annotations: - haproxy.router.openshift.io/set-forwarded-headers: append - - - role: openshift/route - route_app: oraculum - route_name: oraculum-flower - route_host: "packager-dashboard{{ env_suffix }}.fedoraproject.org" - route_path: "/_flower" - route_serviceport: 8080-tcp - route_servicename: oraculum-flower - route_annotations: - haproxy.router.openshift.io/set-forwarded-headers: append - - - role: openshift/route - route_app: oraculum - route_name: oraculum-frontend - route_host: "packager-dashboard{{ env_suffix }}.fedoraproject.org" - route_serviceport: 8080-tcp - route_servicename: oraculum-frontend - route_annotations: - haproxy.router.openshift.io/set-forwarded-headers: append - - - role: openshift/start-build - start_build_app: oraculum - start_build_buildname: packager-dashboard-build - start_build_objectname: packager-dashboard-build - tags: - - never - - build diff --git a/playbooks/openshift-apps/planet.yml b/playbooks/openshift-apps/planet.yml deleted file mode 100644 index e6860d8f94..0000000000 --- a/playbooks/openshift-apps/planet.yml +++ /dev/null @@ -1,105 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: planet - project_description: "Fedora Planet" - project_appowners: - - phsmoura - - kevin - tags: - - apply-appowners - - # Keytabs - - role: openshift/keytab - keytab_app: planet - keytab_key: http - keytab_secret_name: planet-keytab-http - keytab_service: HTTP - keytab_host: "{{env_prefix}}fedoraplanet.org" - - - role: openshift/imagestream - imagestream_app: planet - imagestream_imagename: planet - - - role: openshift/object - object_app: planet - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: planet - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/ipa-client - ipa_client_app: planet - - - role: openshift/object - object_app: planet - object_file: service.yml - object_objectname: service.yml - - - role: openshift/object - object_app: planet - object_file: pvc.yml - object_objectname: pvc.yml - - - role: openshift/route - route_app: planet - route_name: planet-ocp - route_host: "planet.apps.ocp{{env_suffix}}.fedoraproject.org" - route_serviceport: web - route_servicename: planet - route_annotations: - haproxy.router.openshift.io/timeout: 5m - - - role: openshift/route - route_app: planet - route_name: planet - route_host: "{{env_prefix}}fedoraplanet.org" - route_serviceport: web - route_servicename: planet - route_annotations: - haproxy.router.openshift.io/timeout: 5m - - - role: openshift/object - object_app: planet - object_template: deployment.yml.j2 - object_objectname: deployment.yml - - - role: openshift/object - object_app: planet - object_template: cronjob.yml.j2 - object_objectname: cronjob.yml - - - role: openshift/secret-file - secret_file_app: planet - secret_file_secret_name: planet-fedora-messaging-ca - secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - - role: openshift/secret-file - secret_file_app: planet - secret_file_secret_name: planet-fedora-messaging-crt - secret_file_key: planet-cert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/planet{{env_suffix}}.crt" - - - role: openshift/secret-file - secret_file_app: planet - secret_file_secret_name: planet-fedora-messaging-key - secret_file_key: planet-key.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/planet{{env_suffix}}.key" - - - role: rabbit/user - user_name: "planet{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.planet\..* diff --git a/playbooks/openshift-apps/poddlers.yml b/playbooks/openshift-apps/poddlers.yml deleted file mode 100644 index f99eef7103..0000000000 --- a/playbooks/openshift-apps/poddlers.yml +++ /dev/null @@ -1,123 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/vars/apps/poddlers.yml - - pre_tasks: - - name: Setup Rabbit User - ansible.builtin.include_role: - name: rabbit/user - vars: - user_name: toddlers{{ env_suffix }} - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.toddlers\..* - - - name: Setup Rabbit Queue - ansible.builtin.include_role: - name: rabbit/queue - vars: - queue_username: toddlers{{ env_suffix }} - queue_name: toddlers{{ env_suffix }}-{{ item.name }} - queue_routing_keys: "{{ item.topics }}" - queue_thresholds: - warning: 10 - critical: 100 - loop: "{{ poddlers_toddlers }}" - when: "item.replicas|default(1) > 0" - - roles: - - role: openshift/project - project_app: poddlers - project_description: Small fedora-messaging toddlers that keep running around in pods. - project_appowners: - - abompard - - zlopez - - kevin - - amedvede - - jnsamyak - - nphilipp - - lenkaseg - - jnsamyak - tags: - - appowners - - # Keytabs - - role: openshift/keytab - keytab_app: poddlers - keytab_key: service.keytab - keytab_secret_name: keytab - keytab_service: toddlers - - role: openshift/keytab - keytab_app: poddlers - keytab_key: sync-group.keytab - keytab_secret_name: sync-group-keytab - keytab_service: toddlers-sync-group - - - role: openshift/ipa-client - ipa_client_app: poddlers - - - role: openshift/object - object_app: poddlers - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/secret-file - secret_file_app: poddlers - secret_file_secret_name: toddlers-fedora-messaging-key - secret_file_key: toddlers.key - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/toddlers{{env_suffix}}.key" - - - role: openshift/secret-file - secret_file_app: poddlers - secret_file_secret_name: toddlers-fedora-messaging-crt - secret_file_key: toddlers.crt - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/toddlers{{env_suffix}}.crt" - - - role: openshift/secret-file - secret_file_app: poddlers - secret_file_secret_name: toddlers-fedora-messaging-ca - secret_file_key: toddlers.ca - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - - role: openshift/object - object_app: poddlers - object_template: secrets.yml.j2 - object_objectname: secrets.yml - - - role: openshift/object - object_app: poddlers - object_template: cron-playtime.yml.j2 - object_objectname: cron-playtime.yml - tags: - - cron-job - - - role: openshift/object - object_app: poddlers - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - - role: openshift/object - object_app: poddlers - object_file: imagestream.yml - object_objectname: imagestream.yml - - - role: openshift/start-build - start_build_app: poddlers - start_build_buildname: toddlers - tags: - - never - - build - - - role: openshift/rollout - rollout_app: poddlers - rollout_dcname: "{{ item.name }}" - loop: "{{ poddlers_toddlers }}" - tags: - - never - - rollout diff --git a/playbooks/openshift-apps/release-monitoring.yml b/playbooks/openshift-apps/release-monitoring.yml deleted file mode 100644 index ed52cacda3..0000000000 --- a/playbooks/openshift-apps/release-monitoring.yml +++ /dev/null @@ -1,72 +0,0 @@ -# Deploy the app ---- -- name: Make the app be real - hosts: os_control_stg[0]:os_control[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: rabbit/user - user_name: "anitya{{ env_suffix }}" - user_sent_topics: ^org\.release-monitoring\.{{ env_short }}\.anitya\..* - - role: openshift/project - project_app: release-monitoring - project_description: release-monitoring - project_appowners: - - zlopez - - role: openshift/secret-file - secret_file_app: release-monitoring - secret_file_secret_name: release-monitoring-fedora-messaging-ca - secret_file_key: fedora-messaging-release-monitoring-ca.crt - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - role: openshift/secret-file - secret_file_app: release-monitoring - secret_file_secret_name: release-monitoring-fedora-messaging-key - secret_file_key: fedora-messaging-release-monitoring.key - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/anitya{{env_suffix}}.key" - - role: openshift/secret-file - secret_file_app: release-monitoring - secret_file_secret_name: release-monitoring-fedora-messaging-cert - secret_file_key: fedora-messaging-release-monitoring.crt - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/anitya{{env_suffix}}.crt" - - role: openshift/object - object_app: release-monitoring - object_file: imagestream.yml - object_objectname: imagestream.yml - - role: openshift/object - object_app: release-monitoring - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - role: openshift/start-build - start_build_app: release-monitoring - start_build_buildname: release-monitoring-web-build - tags: - - never - - build - - role: openshift/object - object_app: release-monitoring - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - role: openshift/object - object_app: release-monitoring - object_file: service.yml - object_objectname: service.yml - - role: openshift/object - object_app: release-monitoring - object_template: route.yml.j2 - object_objectname: route.yml - - role: openshift/object - object_app: release-monitoring - object_file: deploymentconfig.yml - object_objectname: deploymentconfig.yml - - role: openshift/rollout - rollout_app: release-monitoring - rollout_dcname: release-monitoring-web - tags: - - never - - rollout diff --git a/playbooks/openshift-apps/resultsdb-ci-listener.yml b/playbooks/openshift-apps/resultsdb-ci-listener.yml deleted file mode 100644 index 3ee5c5ba36..0000000000 --- a/playbooks/openshift-apps/resultsdb-ci-listener.yml +++ /dev/null @@ -1,85 +0,0 @@ -# -# ResultsDB CI Listener -# ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: rabbit/queue - queue_username: "resultsdb{{ env_suffix }}_ci_listener" - queue_name: "resultsdb{{ env_suffix }}_ci_listener" - queue_routing_keys: - - 'org.centos.*.ci.pipeline.allpackages-build.complete' - - 'org.centos.*.ci.pipeline.allpackages-build.image.complete' - - 'org.centos.*.ci.pipeline.allpackages-build.package.test.functional.complete' - - 'org.centos.*.ci.pipeline.allpackages-build.package.complete' - - 'org.centos.*.ci.pipeline.allpackages-build.package.ignored' - - 'org.centos.*.ci.koji-build.test.queued' - - 'org.centos.*.ci.koji-build.test.running' - - 'org.centos.*.ci.koji-build.test.complete' - - 'org.centos.*.ci.koji-build.test.error' - user_sent_topics: ^$ - - # The openshift/project role breaks if the project already exists: - # https://pagure.io/fedora-infrastructure/issue/6404 - - role: openshift/project - project_app: resultsdb-ci-listener - project_description: resultsdb-ci-listener - project_appowners: - - lholecek - - vmaljulin - - lrossett - - kevin - - gwmngilfen - tags: - - apply-appowners - - - role: openshift/secret-file - secret_file_app: resultsdb-ci-listener - secret_file_secret_name: resultsdb-ci-listener-fedora-messaging-key - secret_file_key: resultsdb-ci-listener.key - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/resultsdb{{env_suffix}}_ci_listener.key" - - - role: openshift/secret-file - secret_file_app: resultsdb-ci-listener - secret_file_secret_name: resultsdb-ci-listener-fedora-messaging-crt - secret_file_key: resultsdb-ci-listener.crt - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/resultsdb{{env_suffix}}_ci_listener.crt" - - - role: openshift/secret-file - secret_file_app: resultsdb-ci-listener - secret_file_secret_name: resultsdb-ci-listener-fedora-messaging-ca - secret_file_key: resultsdb-ci-listener.ca - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - - role: openshift/imagestream - imagestream_app: resultsdb-ci-listener - imagestream_imagename: resultsdb-ci-listener - - - role: openshift/object - object_app: resultsdb-ci-listener - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: resultsdb-ci-listener - object_template: secrets.yml.j2 - object_objectname: secrets.yml - - - role: openshift/object - object_app: resultsdb-ci-listener - object_template: configmaps.yml.j2 - object_objectname: configmaps.yml - - - role: openshift/object - object_app: resultsdb-ci-listener - object_template: deploymentconfigs.yml.j2 - object_objectname: deploymentconfigs.yml diff --git a/playbooks/openshift-apps/resultsdb.yml b/playbooks/openshift-apps/resultsdb.yml deleted file mode 100644 index e6a5bbce0d..0000000000 --- a/playbooks/openshift-apps/resultsdb.yml +++ /dev/null @@ -1,154 +0,0 @@ ---- -- name: Setup the database - hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Resultsdb DB user - prod - community.postgresql.postgresql_user: - name: "resultsdb" - password: "{{ prod_resultsdb_db_password }}" - when: env != 'staging' - - name: Resultsdb DB user - staging - community.postgresql.postgresql_user: - name: "resultsdb" - password: "{{ stg_resultsdb_db_password }}" - when: env == 'staging' - - name: Resultsdb database creation - community.postgresql.postgresql_db: - name: "resultsdb" - owner: "resultsdb" - encoding: UTF-8 - - -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: no - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - /srv/web/infra/ansible/roles/openshift-apps/resultsdb/vars/main.yml - - roles: - - role: rabbit/user - user_name: "resultsdb{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.resultsdb\..* - - # The openshift/project role breaks if the project already exists: - # https://pagure.io/fedora-infrastructure/issue/6404 - - role: openshift/project - project_app: resultsdb - project_description: resultsdb - project_appowners: - - lholecek - - vmaljulin - - lrossett - - kevin - tags: - - apply-appowners - - - role: openshift/secret-file - secret_file_app: resultsdb - secret_file_secret_name: resultsdb-fedora-messaging-key - secret_file_key: resultsdb.key - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/resultsdb{{env_suffix}}.key" - - - role: openshift/secret-file - secret_file_app: resultsdb - secret_file_secret_name: resultsdb-fedora-messaging-crt - secret_file_key: resultsdb.crt - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/resultsdb{{env_suffix}}.crt" - - - role: openshift/secret-file - secret_file_app: resultsdb - secret_file_secret_name: resultsdb-fedora-messaging-ca - secret_file_key: resultsdb.ca - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - # backend objects - - role: openshift/object - object_app: resultsdb - object_template: backend/secrets.yml.j2 - object_objectname: backend-secrets.yml - - - role: openshift/object - object_app: resultsdb - object_template: backend/configmaps.yml.j2 - object_objectname: backend-configmaps.yml - - - role: openshift/object - object_app: resultsdb - object_template: backend/imagestream.yml.j2 - object_objectname: backend-imagestream.yml - - - role: openshift/object - object_app: resultsdb - object_template: backend/deploymentconfigs.yml.j2 - object_objectname: backend-deploymentconfigs.yml - - - role: openshift/object - object_app: resultsdb - object_template: backend/services.yml.j2 - object_objectname: backend-services.yml - - - role: openshift/route - route_app: resultsdb - route_name: resultsdb-api - route_host: "resultsdb{{ env_suffix }}.fedoraproject.org" - route_serviceport: api - route_servicename: resultsdb-api - route_path: /api - - # frontend objects - - role: openshift/object - object_app: resultsdb - object_template: frontend/secrets.yml.j2 - object_objectname: frontend-secrets.yml - - - role: openshift/object - object_app: resultsdb - object_template: frontend/configmaps.yml.j2 - object_objectname: frontend-configmaps.yml - - - role: openshift/object - object_app: resultsdb - object_template: frontend/deploymentconfigs.yml.j2 - object_objectname: frontend-deploymentconfigs.yml - - - role: openshift/object - object_app: resultsdb - object_template: frontend/services.yml.j2 - object_objectname: frontend-services.yml - - - role: openshift/route - route_app: resultsdb - route_name: resultsdb-web - route_host: "resultsdb{{ env_suffix }}.fedoraproject.org" - route_serviceport: web - route_servicename: resultsdb-frontend - route_path: / - - # rollouts - - role: openshift/rollout - rollout_app: resultsdb - rollout_dcname: "resultsdb-api" - failed_when: false - tags: - - never - - rollout - - - role: openshift/rollout - rollout_app: resultsdb - rollout_dcname: "resultsdb-frontend" - failed_when: false - tags: - - never - - rollout diff --git a/playbooks/openshift-apps/review-stats.yml b/playbooks/openshift-apps/review-stats.yml deleted file mode 100644 index b8d97bb9ae..0000000000 --- a/playbooks/openshift-apps/review-stats.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control_stg[0]:os_control[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: review-stats - project_description: Generate HTML with statistics about Fedora review tickets - project_appowners: - - mattia - - kevin - tags: - - apply-appowners - - role: openshift/imagestream - imagestream_app: review-stats - imagestream_imagename: builder - - role: openshift/object - object_app: review-stats - object_objectname: buildconfig.yml - object_template: buildconfig.yml.j2 - - role: openshift/object - object_app: review-stats - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - role: openshift/object - object_app: review-stats - object_template: pvc.yml.j2 - object_objectname: pvc.yml - - role: openshift/start-build - start_build_app: review-stats - start_build_buildname: builder-build - tags: - - never - - build - - role: openshift/object - object_app: review-stats - object_template: cron.yml.j2 - object_objectname: cron.yml - tags: - - deploy-cronjob diff --git a/playbooks/openshift-apps/test-auth.yml b/playbooks/openshift-apps/test-auth.yml deleted file mode 100644 index 0662024741..0000000000 --- a/playbooks/openshift-apps/test-auth.yml +++ /dev/null @@ -1,68 +0,0 @@ ---- -- name: Make the app be real - hosts: os_masters[0]:os_masters_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - vars: - - roles: - - role: openshift/project - project_app: test-auth - project_description: "Authentication testing" - project_appowners: - - abompard - tags: - - apply-appowners - - - role: openshift/imagestream - imagestream_app: test-auth - imagestream_imagename: test-auth - - - role: openshift/object - object_app: test-auth - object_template: buildconfig.yml - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: test-auth - object_template: configmap.yml - object_objectname: configmap.yml - - - role: openshift/object - object_app: test-auth - object_file: service.yml - object_objectname: service.yml - - # - role: openshift/route - # route_app: test-auth - # route_name: test-auth - # route_host: "admin{{ env_suffix }}.fedoraproject.org" - # route_path: "/test-auth" - # route_serviceport: web - # route_servicename: test-auth - # route_annotations: - # haproxy.router.openshift.io/timeout: 5m - - role: openshift/route - route_app: test-auth - route_name: test-auth - route_host: "test-auth.apps.ocp{{ env_suffix }}.fedoraproject.org" - route_serviceport: web - route_servicename: test-auth - route_annotations: - haproxy.router.openshift.io/timeout: 5m - - - role: openshift/object - object_app: test-auth - object_template: secret-webhook.yml - object_objectname: secret-webhook.yml - - - role: openshift/object - object_app: test-auth - object_template: deploymentconfig.yml - object_objectname: deploymentconfig.yml diff --git a/playbooks/openshift-apps/testdays.yml b/playbooks/openshift-apps/testdays.yml deleted file mode 100644 index 20bff1692c..0000000000 --- a/playbooks/openshift-apps/testdays.yml +++ /dev/null @@ -1,115 +0,0 @@ ---- -- name: Prepare setting up the database - hosts: db01.stg.iad2.fedoraproject.org:db01.iad2.fedoraproject.org - gather_facts: no - user: root - - tasks: - - name: Install psycopg2 for the postgresql ansible modules - ansible.builtin.package: - name: python3-psycopg2 - state: present - tags: - - packages - -- name: Setup the database - hosts: db01.stg.iad2.fedoraproject.org:db01.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" - - tasks: - - name: Create the database user - community.postgresql.postgresql_user: - name: "{{ testdays_db_user }}" - password: "{{ testdays_db_pass }}" - - name: Create the database itself - community.postgresql.postgresql_db: - name: "{{ testdays_db_name }}" - owner: "{{ testdays_db_user }}" - encoding: UTF-8 - - name: Test the database creation - community.postgresql.postgresql_db: - name: "{{ testdays_db_name }}" - owner: "{{ testdays_db_user }}" - encoding: UTF-8 - - name: Create the database user (resultsdb) - community.postgresql.postgresql_user: - name: "{{ resultsdb_testdays_db_user }}" - password: "{{ resultsdb_testdays_db_pass }}" - - name: Create the database itself (resultsdb) - community.postgresql.postgresql_db: - name: "{{ resultsdb_testdays_db_name }}" - owner: "{{ resultsdb_testdays_db_user }}" - encoding: UTF-8 - - name: Test the database creation (resultsdb) - community.postgresql.postgresql_db: - name: "{{ resultsdb_testdays_db_name }}" - owner: "{{ resultsdb_testdays_db_user }}" - encoding: UTF-8 - -- name: Make the app be real - hosts: os_control_stg[0]:os_control[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: testdays - project_description: The Fedora QE testdays application - project_appowners: - - frantisekz - - jskladan - - lbrabec - - kparal - tags: - - appowners - - - role: openshift/object - object_app: testdays - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: testdays - object_template: deployment.yml.j2 - object_objectname: deployment.yml - - - role: openshift/object - object_app: testdays - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: testdays - object_template: secret.yml.j2 - object_objectname: secret.yml - - - role: openshift/object - object_app: testdays - object_file: service.yml - object_objectname: service.yml - - - role: openshift/route - route_app: testdays - route_name: testdays - route_host: "testdays{{ env_suffix }}.fedoraproject.org" - route_serviceport: 8080-tcp - route_servicename: testdays - - - role: openshift/start-build - start_build_app: testdays - start_build_buildname: testdays-build - start_build_objectname: testdays-build - tags: - - never - - build diff --git a/playbooks/openshift-apps/the-new-hotness.yml b/playbooks/openshift-apps/the-new-hotness.yml deleted file mode 100644 index 5cbef45b8c..0000000000 --- a/playbooks/openshift-apps/the-new-hotness.yml +++ /dev/null @@ -1,104 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control_stg[0]:os_control[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: rabbit/queue - queue_username: the-new-hotness{{ env_suffix }} - queue_name: the-new-hotness{{ env_suffix }} - queue_routing_keys: - - "org.release-monitoring.*.anitya.project.version.update.v2" - - "org.release-monitoring.*.anitya.project.version.update" - - "org.release-monitoring.*.anitya.project.map.new" - - "org.fedoraproject.*.buildsys.task.state.change" - queue_thresholds: - warning: 10 - critical: 100 - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.hotness\..* - - - role: openshift/project - project_app: the-new-hotness - project_description: Fedora-messaging consumer that listens to the-new-hotness.org and files bugzilla bugs in response. - project_appowners: - - zlopez - - - role: openshift/keytab - keytab_app: the-new-hotness - keytab_key: koji-keytab - keytab_secret_name: the-new-hotness-keytab - keytab_service: the-new-hotness - keytab_host: "release-monitoring.org" - when: env == "production" - - - role: openshift/keytab - keytab_app: the-new-hotness - keytab_key: koji-keytab - keytab_secret_name: the-new-hotness-keytab - keytab_service: the-new-hotness - keytab_host: "stg.release-monitoring.org" - when: env == "staging" - - - role: openshift/secret-file - secret_file_app: the-new-hotness - secret_file_secret_name: the-new-hotness-fedora-messaging-ca - secret_file_key: fedora-messaging-the-new-hotness-ca.crt - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - - role: openshift/secret-file - secret_file_app: the-new-hotness - secret_file_secret_name: the-new-hotness-fedora-messaging-key - secret_file_key: fedora-messaging-the-new-hotness.key - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/the-new-hotness{{env_suffix}}.key" - - - role: openshift/secret-file - secret_file_app: the-new-hotness - secret_file_secret_name: the-new-hotness-fedora-messaging-cert - secret_file_key: fedora-messaging-the-new-hotness.crt - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/the-new-hotness{{env_suffix}}.crt" - - - role: openshift/object - object_app: the-new-hotness - object_file: imagestream.yml - object_objectname: imagestream.yml - - - role: openshift/object - object_app: the-new-hotness - object_file: service.yml - object_objectname: service.yml - - - role: openshift/object - object_app: the-new-hotness - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: the-new-hotness - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/start-build - start_build_app: the-new-hotness - start_build_buildname: the-new-hotness-build - start_build_objectname: the-new-hotness-build - tags: - - never - - build - - - role: openshift/object - object_app: the-new-hotness - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - - role: openshift/rollout - rollout_app: the-new-hotness - rollout_dcname: the-new-hotness - tags: - - never - - rollout diff --git a/playbooks/openshift-apps/transtats.yml b/playbooks/openshift-apps/transtats.yml deleted file mode 100644 index d6213dcaa3..0000000000 --- a/playbooks/openshift-apps/transtats.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: transtats - project_description: transtats - project_appowners: - - suanand - - role: openshift/object - object_app: transtats - object_objectname: secret.yml - object_template: secret.yml.j2 - - role: openshift/imagestream - imagestream_app: transtats - imagestream_imagename: transtats - - role: openshift/object - object_app: transtats - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - role: openshift/start-build - start_build_app: transtats - start_build_buildname: transtats-build - tags: - - never - - build - - role: openshift/object - object_app: transtats - object_file: service.yml - object_objectname: service.yml - - role: openshift/route - route_app: transtats - route_name: transtats-web - route_host: transtats{{ env_suffix }}.fedoraproject.org - route_serviceport: web - route_servicename: transtats-web - route_annotations: - haproxy.router.openshift.io/timeout: 8m - - role: openshift/object - object_app: transtats - object_file: deploymentconfig.yml - object_objectname: deploymentconfig.yml - - role: openshift/rollout - rollout_app: transtats - rollout_dcname: transtats-web - tags: - - never - - rollout diff --git a/playbooks/openshift-apps/waiverdb.yml b/playbooks/openshift-apps/waiverdb.yml deleted file mode 100644 index ef95e34350..0000000000 --- a/playbooks/openshift-apps/waiverdb.yml +++ /dev/null @@ -1,132 +0,0 @@ ---- -- name: Setup the database - hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Waiverdb DB user - prod - community.postgresql.postgresql_user: - name: "waiverdb" - password: "{{ prod_waiverdb_db_password }}" - when: env != 'staging' - - name: Waiverdb DB user - staging - community.postgresql.postgresql_user: - name: "waiverdb" - password: "{{ stg_waiverdb_db_password }}" - when: env == 'staging' - - name: Waiverdb database creation - community.postgresql.postgresql_db: - name: "waiverdb" - owner: "waiverdb" - encoding: UTF-8 - - -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - vars: - waiverdb_oidc_overwrite_redirect_uri: >- - https://waiverdb{{ env_suffix }}.fedoraproject.org/oidc_callback - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: rabbit/user - user_name: "waiverdb{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.waiverdb\..* - - # The openshift/project role breaks if the project already exists: - # https://pagure.io/fedora-infrastructure/issue/6404 - - role: openshift/project - project_app: waiverdb - project_description: waiverdb - project_appowners: - - lholecek - - vmaljulin - - kevin - tags: - - apply-appowners - - - role: openshift/object - object_app: waiverdb - object_template: secret.yml.j2 - object_objectname: secret.yml - - - role: openshift/secret-file - secret_file_app: waiverdb - secret_file_secret_name: waiverdb-fedora-messaging-key - secret_file_key: waiverdb.key - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/waiverdb{{env_suffix}}.key" - - - role: openshift/secret-file - secret_file_app: waiverdb - secret_file_secret_name: waiverdb-fedora-messaging-crt - secret_file_key: waiverdb.crt - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/waiverdb{{env_suffix}}.crt" - - - role: openshift/secret-file - secret_file_app: waiverdb - secret_file_secret_name: waiverdb-fedora-messaging-ca - secret_file_key: waiverdb.ca - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - - role: openshift/object - object_app: waiverdb - object_template: imagestream.yml.j2 - object_objectname: imagestream.yml - - - role: openshift/object - object_app: waiverdb - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: waiverdb - object_file: service.yml - object_objectname: service.yml - - - role: openshift/route - route_app: waiverdb - route_name: web-pretty - route_host: "waiverdb{{ env_suffix }}.fedoraproject.org" - route_serviceport: web - route_servicename: waiverdb-web - - # TODO -- someday retire this old route in favor of the pretty one above. - - role: openshift/object - object_app: waiverdb - object_file: route.yml - object_objectname: route.yml - - - role: openshift/object - object_app: waiverdb - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - # Remove no longer needed intermediate image build - - role: openshift/object-delete - object_delete_app: waiverdb - object_delete_objecttype: buildconfig - object_delete_objectname: waiverdb-docker-build - - - role: openshift/object-delete - object_delete_app: waiverdb - object_delete_objecttype: imagestream - object_delete_objectname: waiverdb-upstream - - - role: openshift/rollout - rollout_app: waiverdb - rollout_dcname: waiverdb-web - tags: - - never - - rollout diff --git a/playbooks/openshift-apps/webhook2fedmsg.yml b/playbooks/openshift-apps/webhook2fedmsg.yml deleted file mode 100644 index 6f3b195dbc..0000000000 --- a/playbooks/openshift-apps/webhook2fedmsg.yml +++ /dev/null @@ -1,128 +0,0 @@ -# -# Webhook to Fedora Messaging -# ---- -- name: Setup the database - hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Webhook2fedmsg DB user - community.postgresql.postgresql_user: - name: webhook2fedmsg - password: "{{ (env == 'production') | ternary(webhook2fedmsg_prod_db_password, webhook2fedmsg_stg_db_password) }}" - - name: Webhook2fedmsg database creation - community.postgresql.postgresql_db: - name: webhook2fedmsg - owner: webhook2fedmsg - encoding: UTF-8 - -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: rabbit/user - user_name: "webhook2fedmsg{{ env_suffix }}" - user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(github|discourse|forgejo)\..* - - - role: openshift/project - project_app: webhook2fedmsg - project_description: "Relay webhooks to Fedora Messaging" - project_appowners: - - ryanlerch - - abompard - - t0xic0der - - kevin - tags: - - apply-appowners - - - role: openshift/secret-file - secret_file_app: webhook2fedmsg - secret_file_secret_name: fedora-messaging-ca - secret_file_key: cacert.pem - secret_file_privatefile: "rabbitmq/{{env}}/ca-combined.crt" - - role: openshift/secret-file - secret_file_app: webhook2fedmsg - secret_file_secret_name: fedora-messaging-crt - secret_file_key: webhook2fedmsg-cert.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/issued/webhook2fedmsg{{env_suffix}}.crt" - - role: openshift/secret-file - secret_file_app: webhook2fedmsg - secret_file_secret_name: fedora-messaging-key - secret_file_key: webhook2fedmsg-key.pem - secret_file_privatefile: "rabbitmq/{{env}}/pki/private/webhook2fedmsg{{env_suffix}}.key" - - - role: openshift/imagestream - imagestream_app: webhook2fedmsg - imagestream_imagename: webhook2fedmsg - - - role: openshift/object - object_app: webhook2fedmsg - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/object - object_app: webhook2fedmsg - object_template: configmap.yml.j2 - object_objectname: configmap.yml - - - role: openshift/object - object_app: webhook2fedmsg - object_file: service.yml - object_objectname: service.yml - - # Routes - - role: openshift/route - route_app: webhook2fedmsg - route_name: web - route_host: "webhook{{ env_suffix }}.fedoraproject.org" - route_serviceport: web - route_servicename: web - - role: openshift/route - route_app: webhook2fedmsg - route_name: web-alt - route_host: "webhook2fedmsg.apps.ocp{{env_suffix}}.fedoraproject.org" - route_serviceport: web - route_servicename: web - - # FASJSON access - - role: openshift/ipa-client - ipa_client_app: webhook2fedmsg - - role: openshift/keytab - keytab_app: webhook2fedmsg - keytab_key: service.keytab - keytab_secret_name: keytab - keytab_service: webhook2fedmsg - - # Deployment config - - role: openshift/object - object_app: webhook2fedmsg - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - # - role: openshift/start-build - # start_build_app: webhook2fedmsg - # start_build_buildname: webhook2fedmsg - # tags: - # - never - # - build - - # - role: openshift/rollout - # rollout_app: webhook2fedmsg - # rollout_dcname: webhook2fedmsg - # tags: - # - never - # - rollout diff --git a/playbooks/openshift-apps/websites.yml b/playbooks/openshift-apps/websites.yml deleted file mode 100644 index 5d93747eaf..0000000000 --- a/playbooks/openshift-apps/websites.yml +++ /dev/null @@ -1,74 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - vars: - ssh_key_path: "{{ private }}/files/websites/id_rsa_web_trans_{{ env_short }}" - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: websites - project_description: Fedora websites building - project_alerting: true - project_appowners: - - ryanlerch - - darknao - - kevin - - # legacy websites - - role: openshift/object - object_app: websites - object_file: pvc.yml - object_objectname: pvc.yml - - - role: openshift/imagestream - imagestream_app: websites - imagestream_imagename: fedora-websites - - - role: openshift/object - object_app: websites - object_template: fedora-websites-bc.yml.j2 - object_objectname: fedora-websites-bc.yml - - - role: openshift/start-build - start_build_app: websites - start_build_buildname: fedora-websites - start_build_objectname: fedora-websites - tags: - - never - - build - - - role: openshift/object - object_app: websites - object_template: fedora-websites-cron.yml.j2 - object_objectname: fedora-websites-cron.yml - - # New websites 3.0 - - role: openshift/imagestream - imagestream_app: websites - imagestream_imagename: builder - - - role: openshift/object - object_app: websites - object_template: buildconfig.yml.j2 - object_objectname: buildconfig.yml - - - role: openshift/start-build - start_build_app: websites - start_build_buildname: websites-build - start_build_objectname: websites-build - - - role: openshift/object - object_app: websites - object_file: obc.yml - object_objectname: obc.yml - - - role: openshift/object - object_app: websites - object_template: deployment.yml.j2 - object_objectname: deployment.yml diff --git a/playbooks/openshift-apps/zezere.yml b/playbooks/openshift-apps/zezere.yml deleted file mode 100644 index 6b46c6131e..0000000000 --- a/playbooks/openshift-apps/zezere.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -- name: Make the app be real - hosts: os_control[0]:os_control_stg[0] - user: root - gather_facts: false - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - project_app: zezere - project_description: Zezere provisioning service - project_appowners: - - pbrobinson - - role: openshift/imagestream - imagestream_app: zezere - imagestream_imagename: zezere - - role: openshift/object - object_app: zezere - object_objectname: buildconfig.yml - object_file: buildconfig.yml - - role: openshift/start-build - start_build_app: zezere - start_build_buildname: zezere-build - tags: - - never - - build - - role: openshift/object - object_app: zezere - object_file: service.yml - object_objectname: service.yml - - role: openshift/route - route_app: zezere - route_name: zezere - route_host: "provision{{ env_suffix }}.fedoraproject.org" - route_servicename: zezere - route_serviceport: 8080 - route_annotations: - haproxy.router.openshift.io/set-forwarded-headers: append - - role: openshift/object - object_app: zezere - object_template: secret.yml.j2 - object_objectname: secret.yml - - role: openshift/object - object_app: zezere - object_template: deploymentconfig.yml.j2 - object_objectname: deploymentconfig.yml - - role: openshift/rollout - rollout_app: zezere - rollout_dcname: zezere - tags: - - never - - rollout diff --git a/playbooks/rdiff-backup.yml b/playbooks/rdiff-backup.yml index 1cddf6b974..9accda60b1 100644 --- a/playbooks/rdiff-backup.yml +++ b/playbooks/rdiff-backup.yml @@ -3,15 +3,14 @@ # Since rdiff-backup doesn't have its own built-in-scheduler # this seemed like an obvious cheat ---- -- name: Rdiff-backup +- name: rdiff-backup hosts: backup_clients user: root - gather_facts: false + gather_facts: False serial: 10 # host_backup_targets set in host_vars or group_vars # global_backup_targets can be defined in vars, group_vars/all or anywhere - # take the 'echo' out below for it to actually run + # take the 'echo' out below for it to actually run # FIXME - see how this copes with timeouts # FIXME - storing/reporting results and output? # FIXME - coping with errors? @@ -20,17 +19,12 @@ - global_backup_targets: ['/etc', '/home'] tasks: - - name: Run rdiff-backup hitting all the global targets - local_action: "shell rdiff-backup --remote-schema 'ssh -p {{ ansible_port|default(22) }} -C %s rdiff-backup --server' --create-full-path --print-statistics {{ inventory_hostname }}::{{ item }} /fedora_backups/{{ inventory_hostname }}/`basename {{ item }}` | mail -r sysadmin-backup-members@fedoraproject.org -s 'rdiff-backup: {{ inventory_hostname }}:{{ item }}' sysadmin-backup-members@fedoraproject.org" - with_items: '{{ global_backup_targets }}' + - name: run rdiff-backup hitting all the global targets + local_action: "shell rdiff-backup --create-full-path --print-statistics {{ inventory_hostname }}::{{ item }} /fedora_backups/{{ inventory_hostname }}/`basename {{ item }}` | mail -r sysadmin-backup-members@fedoraproject.org -s 'rdiff-backup: {{ inventory_hostname }}:{{ item }}' sysadmin-backup-members@fedoraproject.org" + with_items: global_backup_targets when: global_backup_targets is defined - - name: Copy new database dumps into the backup server database dir - local_action: "shell rsync -a {{ inventory_hostname }}:{{ item }}/ /fedora_backups/databases/{{ inventory_hostname }}/" - with_items: '{{ db_backup_dir }}' - when: db_backup_dir is defined - - - name: Run rdiff-backup hitting all the host targets - local_action: "shell rdiff-backup --remote-schema 'ssh -p {{ ansible_port|default(22) }} -C %s rdiff-backup --server' --exclude='**git-seed*' --exclude='**git_seed' --exclude='**.snapshot' --create-full-path --print-statistics {{ inventory_hostname }}::{{ item }} /fedora_backups/{{ inventory_hostname }}/`basename {{ item }}` | mail -r sysadmin-backup-members@fedoraproject.org -s 'rdiff-backup: {{ inventory_hostname }}:{{ item }}' sysadmin-backup-members@fedoraproject.org" - with_items: '{{ host_backup_targets }}' + - name: run rdiff-backup hitting all the host targets + local_action: "shell rdiff-backup --exclude='**git-seed*' --exclude='**git_seed' --exclude='**.snapshot' --create-full-path --print-statistics {{ inventory_hostname }}::{{ item }} /fedora_backups/{{ inventory_hostname }}/`basename {{ item }}` | mail -r sysadmin-backup-members@fedoraproject.org -s 'rdiff-backup: {{ inventory_hostname }}:{{ item }}' sysadmin-backup-members@fedoraproject.org" + with_items: host_backup_targets when: host_backup_targets is defined diff --git a/playbooks/restart_unbound.yml b/playbooks/restart_unbound.yml new file mode 100644 index 0000000000..55b36a180d --- /dev/null +++ b/playbooks/restart_unbound.yml @@ -0,0 +1,17 @@ +# This playboook restarts unbound on a host +# +# requires --extra-vars="target=somevhostname" +# + +- name: find instances + hosts: "{{ target }}" + accelerate: "{{ accelerated }}" + gather_facts: False + user: root + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/restart_unbound.yml" diff --git a/playbooks/restart_when_failed.yml b/playbooks/restart_when_failed.yml deleted file mode 100644 index 1a016a95e3..0000000000 --- a/playbooks/restart_when_failed.yml +++ /dev/null @@ -1,32 +0,0 @@ -# This playbook lets you safely display systemd logs for failed services -# and then restart it - ---- -- hosts: mirrorlist_proxies - gather_facts: false - - tasks: - - name: Listing failed units - ansible.builtin.shell: systemctl list-units --state failed --no-legend | awk '{ print $1 }' - register: listing_failed - - - name: Check log with journalctl - ansible.builtin.shell: journalctl -lru {{ item }} -n 50 - register: display_log - with_items: "{{ listing_failed.stdout_lines[0:] }}" - - - debug: var=listing_failed.stdout_lines[0:] - - - name: Display log - debug: var=display_log.stdout_lines - ignore_errors: true - when: display_log is defined - - - name: Restart failed service - systemd: - name: "{{ item }}" - state: restarted - with_items: "{{ listing_failed.stdout_lines[0:] }}" - register: restart_service - - - debug: var=restart_service.stdout_lines diff --git a/playbooks/rkhunter_only.yml b/playbooks/rkhunter_only.yml index c703f2fd15..b1911cfe1c 100644 --- a/playbooks/rkhunter_only.yml +++ b/playbooks/rkhunter_only.yml @@ -1,16 +1,20 @@ -# requires --extra-vars="target='host1:host2:group etc'" +# requires --extra-vars="target='host1;host2;group etc'" ---- -- name: Run rkhunter for times when rkhunter didn't seem to run. +- name: run rkhunter for times when rkhunter didn't seem to run. hosts: "{{ target }}" user: root tasks: - - name: Check for rkhunter - ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter + - name: check for rkhunter + command: /usr/bin/test -f /usr/bin/rkhunter register: rkhunter ignore_errors: true + + - name: run rkhunter --propupd + command: /usr/bin/rkhunter --propupd + when: rkhunter|success + + + + - - name: Run rkhunter --propupd - ansible.builtin.command: /usr/bin/rkhunter --propupd - when: rkhunter is success diff --git a/playbooks/rkhunter_update.yml b/playbooks/rkhunter_update.yml index 46d58ecc22..eb59fb609c 100644 --- a/playbooks/rkhunter_update.yml +++ b/playbooks/rkhunter_update.yml @@ -1,24 +1,28 @@ -# requires --extra-vars="target='host1:host2:group etc' yumcommand=update'" +# requires --extra-vars="target='host1;host2;group etc' yumcommand=update'" ---- -- name: Update all run rkhunter if installed +- name: update all run rkhunter if installed hosts: "{{ target }}" user: root tasks: - - name: Expire-caches - ansible.builtin.command: yum clean expire-cache - - - name: Yum -y {{ yumcommand }} - ansible.builtin.command: yum -y {{ yumcommand }} + - name: expire-caches + command: yum clean expire-cache + + - name: yum -y {{ yumcommand }} + command: yum -y {{ yumcommand }} async: 7200 poll: 15 - - name: Check for rkhunter - ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter + - name: check for rkhunter + command: /usr/bin/test -f /usr/bin/rkhunter register: rkhunter ignore_errors: true + + - name: run rkhunter --propupd + command: /usr/bin/rkhunter --propupd + when: rkhunter|success + + + + - - name: Run rkhunter --propupd - ansible.builtin.command: /usr/bin/rkhunter --propupd - when: rkhunter is success diff --git a/playbooks/set_root_auth_keys.yml b/playbooks/set_root_auth_keys.yml index 128d5bedac..ba487f52e0 100644 --- a/playbooks/set_root_auth_keys.yml +++ b/playbooks/set_root_auth_keys.yml @@ -1,19 +1,18 @@ # optionally can take --extra-vars="hostbase=hostnamebase root_auth_users='user1 user2 user3'" ---- - name: set auth keys hosts: "{{ target }}" user: root - gather_facts: false + gather_facts: False - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml vars: - - root_auth_users: '' + - root_auth_users: '' tasks: - - name: add root keys for sysadmin-main and other allowed users - action: authorized_key user=root key={{ item }} - with_lines: - - "{{ auth_keys_from_fas}} @sysadmin-main {{ root_auth_users }}" + - name: add root keys for sysadmin-main and other allowed users + action: authorized_key user=root key={{ item }} + with_lines: + - "{{ auth_keys_from_fas}} @sysadmin-main {{ root_auth_users }}" diff --git a/playbooks/sign_and_import.yml b/playbooks/sign_and_import.yml new file mode 100644 index 0000000000..93cefe97a2 --- /dev/null +++ b/playbooks/sign_and_import.yml @@ -0,0 +1,73 @@ +# This playbook takes new rpms specified with a fileglob, signs them, and adds +# them to the infrastructure repo. +# +# To push to infra-testing: +# requires --extra-vars="rpmdir='/home/fedora/ralph/rpms/' testing=True rhel=6" +# +# To push to infra: +# requires --extra-vars="rpmdir='/home/fedora/ralph/rpms/' rhel=6" + +# TODO -- grab rpms from koji build/task ids beforehand? +# TODO -- other arches than x86_64? + +- name: batch sign and import a directory full of rpms + user: root + hosts: lockbox01.phx2.fedoraproject.org + connection: local + + # Toggle this variable to import to the testing repo as opposed to the staging + # repo. Since we're in freeze right now, we'll default to the testing repo. + # It would be nice to be able to toggle this from the command line. + vars: + - repodir: /mnt/fedora/app/fi-repo/{% if testing %}testing/{% endif %}{{ rhel }} + - testing: False + + tasks: + - fail: msg="Please specify rhel version with rhel=6/7" + when: rhel is not defined + + - name: Fail if no rpmdir provided + fail: msg="No rpmdir provided" + when: rpmdir is not defined + # TODO -- I'd also like to fail if rpmdir does not exist. + # TODO -- I'd also like to fail if there are no *.rpm files in there. + + - name: sign all the rpms with our gpg key + shell: /bin/rpm --resign {{ rpmdir }}/*.rpm + + - name: make a directory where we store the rpms afterwards + file: path={{ rpmdir }}-old state=directory + + - name: copy the source rpms to the SRPMS dir of {{ repodir }} + copy: src={{ item }} dest={{ repodir }}/SRPMS/ + with_fileglob: + - "{{ rpmdir }}/*.src.rpm" + + - name: move processed srpms out to {{ rpmdir }}-old + command: /bin/mv {{ item }} {{ rpmdir }}-old/ + when: not testing + with_fileglob: + - "{{ rpmdir }}/*.src.rpm" + + - name: copy the binary rpms to the x86_64 dir of {{ repodir }} + copy: src={{ item }} dest={{ repodir }}/x86_64/ + with_fileglob: + - "{{ rpmdir }}/*.rpm" + + - name: copy the binary rpms to the i386 dir of {{ repodir }} + copy: src={{ item }} dest={{ repodir }}/i386/ + with_fileglob: + - "{{ rpmdir }}/*.rpm" + + - name: move processed rpms out to {{ rpmdir }}-old + command: /bin/mv {{ item }} {{ rpmdir }}-old/ + when: not testing + with_fileglob: + - "{{ rpmdir }}/*.rpm" + + - name: Run createrepo on each repo + command: createrepo --update {{ repodir }}/{{ item }}/ + with_items: + - SRPMS + - x86_64 + - i386 diff --git a/playbooks/ssh_host_keys.yml b/playbooks/ssh_host_keys.yml index 2f11a98441..44d8479c79 100644 --- a/playbooks/ssh_host_keys.yml +++ b/playbooks/ssh_host_keys.yml @@ -1,17 +1,16 @@ ---- - hosts: all - become: false + sudo: False vars: keyfile: /tmp/known_hosts tasks: - name: Add short name to file - local_action: shell ssh-keyscan -p {{ansible_port|default(22)}} -H {{inventory_hostname}} 2> /dev/null >> {{keyfile}} - ignore_errors: true + local_action: shell ssh-keyscan -p {{ansible_ssh_port|default(22)}} -H {{inventory_hostname}} 2> /dev/null >> {{keyfile}} + ignore_errors: True - name: Add FQDN to file - local_action: shell ssh-keyscan -p {{ansible_port|default(22)}} -H {{ansible_fqdn}} 2> /dev/null >> {{keyfile}} - ignore_errors: true + local_action: shell ssh-keyscan -p {{ansible_ssh_port|default(22)}} -H {{ansible_fqdn}} 2> /dev/null >> {{keyfile}} + ignore_errors: True - name: Add IPv4 to file - local_action: shell ssh-keyscan -p {{ansible_port|default(22)}} -H {{ansible_default_ipv4.address}} 2> /dev/null >> {{keyfile}} - ignore_errors: true + local_action: shell ssh-keyscan -p {{ansible_ssh_port|default(22)}} -H {{ansible_default_ipv4.address}} 2> /dev/null >> {{keyfile}} + ignore_errors: True diff --git a/playbooks/transient_post_provision.yml b/playbooks/transient_post_provision.yml new file mode 100644 index 0000000000..e80e50d0f0 --- /dev/null +++ b/playbooks/transient_post_provision.yml @@ -0,0 +1,25 @@ +- name: add to group + hosts: lockbox01.phx2.fedoraproject.org + user: root + gather_facts: False + + tasks: + - name: add it to the special group + local_action: add_host hostname={{ target }} groupname=tmp_just_created + +- name: provision instance + hosts: tmp_just_created + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/growroot_cloud.yml" + - include: "{{ tasks }}/cloud_setup_basic.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/universe_update.yml b/playbooks/universe_update.yml deleted file mode 100644 index c51207d48f..0000000000 --- a/playbooks/universe_update.yml +++ /dev/null @@ -1,66 +0,0 @@ -# -# This playboook updates every host in inventory -# - ---- -- name: Set downtime - hosts: all - gather_facts: false - user: root - serial: 1 - - tasks: - - - name: Silence nagios completely - nagios: action=silence - delegate_to: noc01.iad2.fedoraproject.org - ignore_errors: true - failed_when: no - when: nonagios is not defined or not "true" in nonagios - -- name: Update the world - hosts: all - gather_facts: true - user: root - - tasks: - - - name: Apply updates - ansible.builtin.package: - state: latest - name: "*" - update_cache: true - async: 7200 - poll: 30 - when: package_excludes is not defined - - - debug: - msg: - - '!!!!!!!!!!!!!!!!!!! host {{ inventory_hostname }} has EXCLUDES OF {{ package_excludes }} !!!!!!!!!!!!!' - - '!!!!!!!!!!!!!!!!!!! DANGER DANGER DANGER ^ CHECK THAT EXCLUDES ARE STILL NEEDED ^ !!!!!!!!!!!!!!!!!!!!' - when: package_excludes is defined - changed_when: true - - - name: Apply updates with excludes - ansible.builtin.package: - state: latest - name: "*" - update_cache: true - exclude: "{{ package_excludes }}" - async: 7200 - poll: 30 - when: package_excludes is defined - -- name: Run rkhunter if installed - hosts: all - user: root - - tasks: - - name: Check for rkhunter - ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter - register: rkhunter - ignore_errors: true - - - name: Run rkhunter --propupd - ansible.builtin.command: /usr/bin/rkhunter --propupd - when: rkhunter is success diff --git a/playbooks/update-proxy-dns.yml b/playbooks/update-proxy-dns.yml deleted file mode 100644 index ed2e5c5396..0000000000 --- a/playbooks/update-proxy-dns.yml +++ /dev/null @@ -1,65 +0,0 @@ -# Must be called with --extra-vars. requires: -# - proxies -- which proxies to change -# - status -- what to do. must be either 'enable' or 'disable' -# - userstring -- the git commit userstring for the dns repo - ---- -- name: Either take a proxy out of dns or put it back in - hosts: "{{ proxies }}" - user: root - serial: 1 - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - vars: - - userstring: "Ansible update-proxy-dns.yml " - - tasks: - - name: Make up a tempdir.. - local_action: command mktemp -p /var/tmp -d dns-checkout.XXXXXXXX - register: tmp - when: nodns is not defined or not "true" in nodns - - - name: Clone the dns repo into /var/tmp/dns-checkout..... - local_action: git repo=/srv/git/dns/ dest={{tmp.stdout}} - when: nodns is not defined or not "true" in nodns - - - name: Run zone-template (fedoraproject.org) - local_action: command {{tmp.stdout}}/zone-template {{tmp.stdout}}/fedoraproject.org.cfg {{status}} {{inventory_hostname}} chdir={{tmp.stdout}} - when: nodns is not defined or not "true" in nodns - - - name: Run zone-template (getfedora.org) - local_action: command {{tmp.stdout}}/zone-template {{tmp.stdout}}/getfedora.org.cfg {{status}} {{inventory_hostname}} chdir={{tmp.stdout}} - when: nodns is not defined or not "true" in nodns - - - name: Commit once - local_action: command git commit -a -m '{{status}} {{inventory_hostname}}' --author '{{userstring}}' chdir={{tmp.stdout}} - when: nodns is not defined or not "true" in nodns - - - name: Do domains - local_action: command {{tmp.stdout}}/do-domains chdir={{tmp.stdout}} - when: nodns is not defined or not "true" in nodns - - - name: Commit second time - local_action: command git commit -a -m 'done build' --author '{{userstring}}' chdir={{tmp.stdout}} - when: nodns is not defined or not "true" in nodns - - - name: Push our changes back - local_action: command git push chdir={{tmp.stdout}} - when: nodns is not defined or not "true" in nodns - - - name: Destroy our temporary clone of /git/dns/ in /var/tmp/dns-checkout.... - local_action: file dest={{tmp.stdout}} state=absent - when: nodns is not defined or not "true" in nodns - - - name: Run update-dns on each nameserver - ansible.builtin.command: /usr/local/bin/update-dns - delegate_to: "{{item}}" - with_items: "{{groups.dns}}" - when: nodns is not defined or not "true" in nodns - - - name: Wait for dns to percolate (1 minute) - pause: minutes=1 - when: nodns is not defined or not "true" in nodns diff --git a/playbooks/update_dns.yml b/playbooks/update_dns.yml index caa4186411..d5d9253b55 100644 --- a/playbooks/update_dns.yml +++ b/playbooks/update_dns.yml @@ -1,9 +1,8 @@ ---- -- name: Push dns changes out +- name: push dns changes out hosts: dns user: root tasks: - - name: Push dns changes out - ansible.builtin.command: /usr/local/bin/update-dns + - name: push dns changes out + command: /usr/local/bin/update-dns diff --git a/playbooks/update_packages.yml b/playbooks/update_packages.yml new file mode 100644 index 0000000000..4d5dcbab69 --- /dev/null +++ b/playbooks/update_packages.yml @@ -0,0 +1,23 @@ +# requires --extra-vars="target='host1;host2;group etc' package='python-tahrir'" +# +# Alternatively, you could update a group of packages like +# --extra-vars="target='host1;host2' package='python-t*'" +# +# To update from testing, adjust as follow: +# --extra-vars="target='host1;host2' package='python-t*' testing=True" + +- name: push packages out + hosts: "{{ target }}" + user: root + + vars: + testing: False + + tasks: + + - name: clean all metadata {% if testing %}(with infrastructure-testing on){% endif %} + command: yum clean all {% if testing %} --enablerepo=infrastructure-testing {% endif %} + always_run: yes + + - name: yum update {{ package }} {% if testing %}(with infrastructure-testing on){% endif %} + yum: name={{ package }} state=latest {% if testing %}enablerepo=infrastructure-testing{% endif %} diff --git a/playbooks/update_ticketkey.yml b/playbooks/update_ticketkey.yml deleted file mode 100644 index 592823f790..0000000000 --- a/playbooks/update_ticketkey.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -- name: make a new ssl ticketkey - hosts: batcave01.iad2.fedoraproject.org - user: root - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - name: create new production ticket key - ansible.builtin.command: /usr/local/bin/generate_ticketkey /root/ticketkey_production.tkey fpprod - - - name: create new staging ticket key - ansible.builtin.command: /usr/local/bin/generate_ticketkey /root/ticketkey_staging.tkey fpstag - -- name: Push out new ticket key - hosts: proxies:proxies_stg - user: root - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - - name: deploy ticket key - ansible.builtin.copy: src=/root/ticketkey_{{env}}.tkey dest=/etc/httpd/ticketkey_{{env}}.tkey - owner=root group=root mode=0600 - notify: - - Reload proxyhttpd diff --git a/playbooks/vhost_halt_guests.yml b/playbooks/vhost_halt_guests.yml index e6ad857328..d888b6d8c9 100644 --- a/playbooks/vhost_halt_guests.yml +++ b/playbooks/vhost_halt_guests.yml @@ -1,6 +1,6 @@ # requires --extra-vars="vhost=somevhost fqdn" -# General overview: +#General overview: # talk to the vhost # get back list of instances # add each of their hostnames to an addhoc group @@ -19,35 +19,34 @@ # across multiple plays ---- -- name: Find instances +- name: find instances hosts: "{{ vhost }}" user: root tasks: - - name: Get list of guests - virt: command=list_vms + - name: get list of guests + action: virt command=list_vms register: vmlist - - name: Add them to myvms_new group + - name: add them to myvms_new group local_action: add_host hostname={{ item }} groupname=myvms_new with_items: "{{ vmlist.list_vms }}" -- name: Halt instances +- name: halt instances hosts: myvms_new user: root serial: 1 tasks: - - name: Tell nagios to shush - nagios: action=silence host={{ inventory_hostname_short }} - delegate_to: noc01.iad2.fedoraproject.org + - name: tell nagios to shush + action: nagios action=silence host={{ inventory_hostname_short }} + delegate_to: noc01.phx2.fedoraproject.org - - name: Echo-y - ansible.builtin.command: /sbin/halt -p + - name: echo-y + action: command /sbin/halt -p ignore_errors: true # if one of them is down we don't care - - name: Wait for them to die + - name: wait for them to die local_action: wait_for port=22 delay=30 timeout=300 state=stopped host={{ inventory_hostname }} diff --git a/playbooks/vhost_poweroff.yml b/playbooks/vhost_poweroff.yml deleted file mode 100644 index c4bca9497b..0000000000 --- a/playbooks/vhost_poweroff.yml +++ /dev/null @@ -1,64 +0,0 @@ -# -# This playbook lets you safely reboot a virthost and all it's guests. -# -# requires --extra-vars="target=somevhost fqdn" - -# General overview: -# talk to the vhost -# get back list of instances -# add each of their hostnames to an addhoc group -# halt each of them in a second play -# wait for them to die -# third play, reboot the vhost -# wait for vhost to come back - -# TODO: Figure out how to compare virt info pre and post boot. - ---- -- name: Find instances - hosts: "{{ target }}" - gather_facts: false - user: root - - tasks: - - name: Get list of guests - virt: command=list_vms - register: vmlist - -# - name: Get info on guests (prereboot) -# virt: command=info -# register: vminfo_pre - - - name: Add them to myvms_new group - local_action: add_host hostname={{ item }} groupname=myvms_new - with_items: "{{ vmlist.list_vms }}" - -- name: Halt instances - hosts: myvms_new - user: root - gather_facts: false - serial: 1 - - tasks: - - name: Halt the vm instances - to poweroff - ansible.builtin.command: /sbin/shutdown -h 1 - ignore_errors: true - # if one of them is down we don't care - -- name: Wait for the whole set to die. - hosts: myvms_new - gather_facts: false - user: root - - tasks: - - name: Wait for them to die - local_action: wait_for port=22 delay=30 timeout=300 state=stopped host={{ inventory_hostname }} - -- name: Reboot vhost - hosts: "{{ target }}" - gather_facts: false - user: root - - tasks: - - name: Halt the virthost - ansible.builtin.command: /sbin/shutdown -h 1 diff --git a/playbooks/vhost_reboot.yml b/playbooks/vhost_reboot.yml index 0396573a4e..7012421a44 100644 --- a/playbooks/vhost_reboot.yml +++ b/playbooks/vhost_reboot.yml @@ -1,10 +1,9 @@ # -# This playbook lets you safely reboot a virthost and all it's guests. -# +# This playbook lets you safely reboot a virthost and all it's guests. +# # requires --extra-vars="target=somevhost fqdn" -# Might add nodns=true or nonagios=true to the extra vars -# General overview: +#General overview: # talk to the vhost # get back list of instances # add each of their hostnames to an addhoc group @@ -13,22 +12,16 @@ # third play, reboot the vhost # wait for vhost to come back -# TODO: Figure out how to compare virt info pre and post boot. +# TODO: Figure out how to compare virt info pre and post boot. ---- - name: find instances - vars_prompt: - - name: target - prompt: What is the target vhost (to reboot) - private: false - # Use a simple regexp to ignore spaces people might accidentally paste. - hosts: "{{ target | regex_search('[-a-z0-9.]+')}}" - gather_facts: false + hosts: "{{ target }}" + gather_facts: False user: root tasks: - name: get list of guests - virt: command=list_vms state=running + virt: command=list_vms register: vmlist # - name: get info on guests (prereboot) @@ -37,42 +30,35 @@ - name: add them to myvms_new group local_action: add_host hostname={{ item }} groupname=myvms_new - with_items: "{{ vmlist.list_vms }}" - - - name: add the vmhost to target group - # Use a simple regexp to ignore spaces people might accidentally paste. - local_action: add_host hostname={{ target | regex_search('[-a-z0-9.]+') }} groupname=target - -# Call out to another playbook. Disable any proxies that may live here -- name: update proxy dns if needed - import_playbook: update-proxy-dns.yml - vars: - status: enable - proxies: myvms_new:&proxies - when: nodns is not defined or not "true" in nodns + with_items: vmlist.list_vms - name: halt instances hosts: myvms_new user: root - gather_facts: false + gather_facts: False serial: 1 tasks: - - name: schedule regular host downtime - nagios: action=downtime minutes=30 service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org + nagios: action=downtime minutes=30 service=host host={{ inventory_hostname_short }} + delegate_to: noc01.phx2.fedoraproject.org ignore_errors: true - when: nonagios is not defined or not nonagios + when: inventory_hostname.find('.stg.') == -1 - - name: shutdown vms - virt: command=shutdown name={{ inventory_hostname }} + - name: schedule stg host downtime + nagios: action=downtime minutes=30 service=host host={{ inventory_hostname_short }}.stg + delegate_to: noc01.phx2.fedoraproject.org ignore_errors: true - delegate_to: "{{ hostvars[groups['target'][0]]['ansible_fqdn'] }}" + when: inventory_hostname.find('.stg.') != -1 + + - name: halt the vm instances - to poweroff + command: /sbin/shutdown -h 1 + ignore_errors: true + # if one of them is down we don't care - name: wait for the whole set to die. hosts: myvms_new - gather_facts: false + gather_facts: False user: root tasks: @@ -80,69 +66,50 @@ local_action: wait_for port=22 delay=30 timeout=300 state=stopped host={{ inventory_hostname }} - name: reboot vhost - hosts: "target" - gather_facts: false + hosts: "{{ target }}" + gather_facts: False user: root tasks: - name: tell nagios to shush - nagios: action=downtime minutes=60 service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org + nagios: action=downtime minutes=60 service=host host={{ inventory_hostname }} + delegate_to: noc01.phx2.fedoraproject.org ignore_errors: true - when: nonagios is not defined or not nonagios - # With drive firmware and sometimes needed to poke things, make this 30m - name: reboot the virthost - reboot: reboot_timeout=1800 + command: /sbin/shutdown -r 1 + + - name: wait for virthost to come back - up to 15 minutes + local_action: wait_for host={{ target }} port=22 delay=120 timeout=900 search_regex=OpenSSH - name: wait for libvirtd to come back on the virthost - wait_for: path=/run/libvirt/libvirt-sock state=present + wait_for: path=/var/run/libvirtd.pid state=present - name: look up vmlist virt: command=list_vms register: newvmlist - - name: add them to myvms_postreboot group - local_action: add_host hostname={{ item }} groupname=myvms_postreboot - with_items: "{{ newvmlist.list_vms }}" + - name: sync time + command: ntpdate -u 66.187.233.4 -# - name: sync time -# ansible.builtin.command: ntpdate -u 1.rhel.pool.ntp.org + - name: serverbeach hosts need a special iptables config + command: /root/fix-iptables.sh + when: inventory_hostname_short.startswith('serverbeach') - - name: tell nagios to unshush - nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org - ignore_errors: true - when: nonagios is not defined or not nonagios - -- name: post reboot tasks - hosts: myvms_postreboot +- name: Fix unbound if necessary + # intersection - hosts that are in our dynamic group and also in unbound-dns + hosts: "myvms_new:&unbound" + accelerate: "{{ accelerated }}" user: root - gather_facts: false - serial: 1 + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - - - name: Wait for host to come back (ipa or rabbitmq) - local_action: wait_for port=22 delay=30 timeout=300 state=started host={{ inventory_hostname }} - when: inventory_hostname.startswith(('ipa', 'rabbitmq')) - - - name: restart gssproxy if we rebooted a ipa server - service: name=gssproxy state=restarted - when: inventory_hostname.startswith('ipa') - - - name: restart rabbitmq if we rebooted a rabbit server - service: name=rabbitmq-server state=restarted - when: inventory_hostname.startswith('rabbitmq') - -# Call out to that dns playbook. Put proxies back in now that they're back -- name: update proxy dns if needed - import_playbook: update-proxy-dns.yml - vars: - status: enable - proxies: myvms_new:&proxies - when: nodns is not defined or not nodns + - include: "{{ tasks }}/restart_unbound.yml" # - name: get info on guests (postreboot) # virt: command=info # register: vminfo_post + diff --git a/playbooks/vhost_update.yml b/playbooks/vhost_update.yml index 6a7267ecf1..b430e26d35 100644 --- a/playbooks/vhost_update.yml +++ b/playbooks/vhost_update.yml @@ -1,94 +1,49 @@ -# This playboook updates a virthost and all it's guests. +# This playboook updates a virthost and all it's guests. # # requires --extra-vars="target=somevhostname yumcommand=update" -# Might add nodns=true or nonagios=true at extra-vars # ---- -- name: Find instances - vars_prompt: - - name: target - prompt: What is the target vhost (to upgrade) - private: false - # Use a simple regexp to ignore spaces people might accidentally paste. - hosts: "{{ target | regex_search('[-a-z0-9.]+')}}" - gather_facts: false +- name: find instances + hosts: "{{ target }}" + accelerate: "{{ accelerated }}" + gather_facts: False user: root tasks: - - name: Get list of guests + - name: get list of guests virt: command=list_vms register: vmlist - - name: Add them to myvms_new group + - name: add them to myvms_new group local_action: add_host hostname={{ item }} groupname=myvms_new - with_items: '{{vmlist.list_vms}}' + with_items: vmlist.list_vms - - name: Add the vmhost to target group - # Use a simple regexp to ignore spaces people might accidentally paste. - local_action: add_host hostname={{ target | regex_search('[-a-z0-9.]+') }} groupname=target - -# Call out to another playbook. Disable any proxies that may live here -# - include_playbook: update-proxy-dns.yml status=disable proxies=myvms_new:&proxies - -- name: Set downtime - hosts: "target:myvms_new" - gather_facts: false - user: root - serial: 1 - - tasks: - - - name: Schedule regular host downtime - nagios: action=downtime minutes=30 service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org - ignore_errors: true - failed_when: no - when: nonagios is not defined or not "true" in nonagios - -- name: Update the system - hosts: "target:myvms_new" - gather_facts: true +- name: update the system + hosts: "{{ target }}:myvms_new" + accelerate: "{{ accelerated }}" + gather_facts: False user: root tasks: - - - name: Apply updates - ansible.builtin.package: - state: latest - name: "*" - update_cache: true + - name: expire-caches + command: yum clean expire-cache + + - name: yum -y {{ yumcommand }} + command: yum -y {{ yumcommand }} async: 7200 poll: 30 - when: package_excludes is not defined - - debug: - msg: - - '!!!!!!!!!!!!!!!!!!! host {{ inventory_hostname }} has EXCLUDES OF {{ package_excludes }} !!!!!!!!!!!!!' - - '!!!!!!!!!!!!!!!!!!! DANGER DANGER DANGER ^ CHECK THAT EXCLUDES ARE STILL NEEDED ^ !!!!!!!!!!!!!!!!!!!!' - when: package_excludes is defined - changed_when: true - - - name: Apply updates with excludes - ansible.builtin.package: - state: latest - name: "*" - update_cache: true - exclude: "{{ package_excludes }}" - async: 7200 - poll: 30 - when: package_excludes is defined - -- name: Run rkhunter if installed - hosts: "target:myvms_new" +- name: run rkhunter if installed + hosts: "{{ target }}:myvms_new" + accelerate: "{{ accelerated }}" user: root tasks: - - name: Check for rkhunter - ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter + - name: check for rkhunter + command: /usr/bin/test -f /usr/bin/rkhunter register: rkhunter ignore_errors: true - - - name: Run rkhunter --propupd - ansible.builtin.command: /usr/bin/rkhunter --propupd - when: rkhunter is success + + - name: run rkhunter --propupd + command: /usr/bin/rkhunter --propupd + when: rkhunter|success diff --git a/playbooks/vhost_update_reboot.yml b/playbooks/vhost_update_reboot.yml deleted file mode 100644 index 991c3297be..0000000000 --- a/playbooks/vhost_update_reboot.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- import_playbook: /srv/web/infra/ansible/playbooks/vhost_update.yml -- import_playbook: /srv/web/infra/ansible/playbooks/vhost_reboot.yml diff --git a/roles/README b/roles/README index 67869a090d..e701682478 100644 --- a/roles/README +++ b/roles/README @@ -1 +1,2 @@ + Space for our ansible roles - ansible 1.2 and above only diff --git a/roles/abrt/faf-post/defaults/main.yml b/roles/abrt/faf-post/defaults/main.yml deleted file mode 100644 index f16bf90d57..0000000000 --- a/roles/abrt/faf-post/defaults/main.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# +n = greater; -n = less; n = exactly n days -archive_age: '+14' - -# Delete deferred reports -deferred_age: '+7' - -# Directory for saving FAF database backups. -faf_backup_dir: /srv/faf/db-backup - -# Delete FAF database backups older than this period. -faf_old_backup_age: '+7' diff --git a/roles/abrt/faf-post/handlers/main.yml b/roles/abrt/faf-post/handlers/main.yml deleted file mode 100644 index f910578967..0000000000 --- a/roles/abrt/faf-post/handlers/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Restart httpd - service: name=httpd state=restarted - -- name: Restart postgresql - service: name=postgresql - state=restarted diff --git a/roles/abrt/faf-post/tasks/cron.yml b/roles/abrt/faf-post/tasks/cron.yml deleted file mode 100644 index b074c0a45d..0000000000 --- a/roles/abrt/faf-post/tasks/cron.yml +++ /dev/null @@ -1,97 +0,0 @@ ---- -- name: Cron jobs for production machines - block: - - name: Backup database daily - cron: - name: "backup database" - user: faf - job: >- - ( pg_dump --format=custom --file={{ faf_backup_dir }}/backup-$(date '+\%F').dump faf ) - >> /var/log/faf/db_backup.log 2>&1 - special_time: daily - state: present - - - name: Delete old database backups - cron: - name: "delete old database backups" - user: faf - job: "find {{ faf_backup_dir }} -mtime {{ faf_old_backup_age }} -type f -delete" - special_time: daily - state: present - - - name: Pull associates - cron: - name: "cron for pull associates" - user: faf - job: "faf pull-associates -o fedora >> /var/log/faf/pull-associates.log 2>&1" - special_time: daily - state: present - - - name: Koops_to_xorg.py - cron: - name: "koops_to_xorg.py" - user: faf - job: "/etc/faf/koops_to_xorg.py >> /var/log/faf/koops-to-xorg.log 2>&1" - special_time: daily - state: present - - - name: Job for probable fixes in active Fedora releases - cron: - name: "cron for probable fixes for f{{ item }}" - user: faf - job: >- - faf mark-probably-fixed -o fedora --opsys-release {{ item }} - >> /var/log/faf/mark-probably-fixed-f{{ item }}.log 2>&1 - special_time: daily - state: present - loop: "{{ rs_internal_fedora_vers }}" - - - name: Remove job for probable fixes in removed Fedora releases - cron: - name: "cron for probable fixes for f{{ item }}" - user: faf - job: "faf mark-probably-fixed -o fedora --opsys-release {{ item }} >> /var/log/faf/mark-probably-fixed-f{{ item }}.log 2>&1" - special_time: daily - state: absent - loop: "{{ rs_internal_fedora_vers_removed }}" - - - name: Update BZ bugs fedora - cron: - name: "cron for update BZ bugs fedora" - user: faf - job: "faf update-bugs -db fedora-bugzilla >> /var/log/faf/update-bugs.log 2>&1" - special_time: daily - state: present - - - name: Update BZ bugs centos - cron: - name: "cron for update BZ bugs centos" - user: faf - job: "faf update-bugs -db centos-mantisbt >> /var/log/faf/update-bugs-centos.log 2>&1" - special_time: daily - state: present - - - name: Attach BZ bugs centos - cron: - name: "cron for attach BZ bugs centos" - user: faf - job: "faf attach-centos-bugs >> /var/log/faf/attach-centos-bugs.log 2>&1" - special_time: daily - state: present - - - name: Archive reports and attachments - cron: - name: "faf archive reports and attachments" - user: faf - job: "faf archive-reports -d >> /var/log/faf/archive-reports.log 2>&1" - special_time: daily - state: present - when: env != 'staging' - -- name: Cron job for deleting old archives - cron: - name: "rotate_faf_archives" - user: faf - job: "find '/srv/faf/reports/archive/' -type f -name '*.tar.xz' -mtime '{{archive_age}}' -delete" - special_time: daily - state: present diff --git a/roles/abrt/faf-post/tasks/main.yml b/roles/abrt/faf-post/tasks/main.yml deleted file mode 100644 index 33c120dc6d..0000000000 --- a/roles/abrt/faf-post/tasks/main.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- import_tasks: opsys_and_releases.yml - -- import_tasks: repositories.yml - -- name: Ensure directory for FAF database backups exists - ansible.builtin.file: - path: "{{ faf_backup_dir }}" - state: directory - owner: faf - group: faf - mode: "0750" - when: env != 'staging' - -- import_tasks: cron.yml - tags: cron -... diff --git a/roles/abrt/faf-post/tasks/opsys_and_releases.yml b/roles/abrt/faf-post/tasks/opsys_and_releases.yml deleted file mode 100644 index f49a6b9a05..0000000000 --- a/roles/abrt/faf-post/tasks/opsys_and_releases.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: Add CentOS opsys releases - loop: "{{ rs_internal_centos_vers }}" - ansible.builtin.shell: > - faf releaseadd -o centos --opsys-release {{ item }} -s ACTIVE - become: yes - become_user: faf - register: result - failed_when: result.rc != 0 and 'already defined' not in result.stderr - -- name: Add Fedora opsys releases - loop: "{{ rs_internal_fedora_vers }}" - ansible.builtin.shell: > - faf releaseadd -o fedora --opsys-release {{ item }} -s ACTIVE - become: yes - become_user: faf - register: result - failed_when: result.rc != 0 and 'already defined' not in result.stderr -... diff --git a/roles/abrt/faf-post/tasks/repositories.yml b/roles/abrt/faf-post/tasks/repositories.yml deleted file mode 100644 index c06fbfcb5b..0000000000 --- a/roles/abrt/faf-post/tasks/repositories.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -- name: Add Fedora package repositories - loop: "{{ faf_repos }}" - ansible.builtin.shell: > - faf repoadd --nogpgcheck "{{ item.name }}" dnf "{{ item.url | join('" "') }}" - become: yes - become_user: faf - register: result - failed_when: result.rc != 0 and 'already defined' not in result.stderr - tags: add_repo - -- name: Assign repositories to Fedora releases - loop: "{{ faf_repos }}" - ansible.builtin.command: "faf repoassign '{{ item.name }}' '{{ item.opsys }}' '{{ item.arch }}'" - become: yes - become_user: faf - tags: add_repo - -- name: List repositories of EOL Fedora releases - loop: "{{ rs_internal_fedora_vers_removed }}" - ansible.builtin.shell: "faf repolist | grep fedora-{{ item }} || true" - become: yes - become_user: faf - register: eol_repolist - changed_when: eol_repolist.stdout - -- name: Remove repositories of EOL Fedora releases - loop: "{{ eol_repolist.results | map(attribute='stdout_lines') | flatten }}" - ansible.builtin.command: "faf repodel '{{ item }}'" - become: yes - become_user: faf - ignore_errors: yes - -- name: Clean up packages from EOL Fedora releases - loop: "{{ rs_internal_fedora_vers_removed }}" - ansible.builtin.command: "faf cleanup-packages Fedora '{{ item }}'" - become: yes - become_user: faf - ignore_errors: yes -... diff --git a/roles/abrt/faf-pre/defaults/main.yml b/roles/abrt/faf-pre/defaults/main.yml deleted file mode 100644 index ed97d539c0..0000000000 --- a/roles/abrt/faf-pre/defaults/main.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/roles/abrt/faf-pre/files/group_abrt-faf-el7-epel-7.repo b/roles/abrt/faf-pre/files/group_abrt-faf-el7-epel-7.repo deleted file mode 100644 index ec4e5fa897..0000000000 --- a/roles/abrt/faf-pre/files/group_abrt-faf-el7-epel-7.repo +++ /dev/null @@ -1,10 +0,0 @@ -[group_abrt-faf-el7] -name=Copr repo for faf-el7 owned by @abrt -baseurl=https://copr-be.cloud.fedoraproject.org/results/@abrt/faf-el7/epel-7-$basearch/ -type=rpm-md -skip_if_unavailable=True -gpgcheck=1 -gpgkey=https://copr-be.cloud.fedoraproject.org/results/@abrt/faf-el7/pubkey.gpg -repo_gpgcheck=0 -enabled=1 -enabled_metadata=1 diff --git a/roles/abrt/faf-pre/handlers/main.yml b/roles/abrt/faf-pre/handlers/main.yml deleted file mode 100644 index b201220162..0000000000 --- a/roles/abrt/faf-pre/handlers/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Restart httpd - service: - name: httpd - state: restarted - -- name: Restart postgresql - service: - name: postgresql - state: restarted diff --git a/roles/abrt/faf-pre/tasks/install.yml b/roles/abrt/faf-pre/tasks/install.yml deleted file mode 100644 index 49d83ea3b3..0000000000 --- a/roles/abrt/faf-pre/tasks/install.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -- name: Install postgresql packages - ansible.builtin.package: - state: present - name: - - python3-psycopg2 - - postgresql-server - - postgresql - - pg-semver - -- name: Install ssl packages for https - ansible.builtin.package: - state: present - name: - - openssl - - mod_ssl - -- name: Memcached rhel - ansible.builtin.package: - state: present - name: - - memcached - - python3-memcached - when: ansible_distribution == "RedHat" and faf_web_cache_type == "memcached" - -- name: Memcached fedora - ansible.builtin.package: - state: present - name: - - libmemcached - - memcached - - zlib - - python3-pylibmc - when: ansible_distribution == "Fedora" and faf_web_cache_type == "memcached" diff --git a/roles/abrt/faf-pre/tasks/main.yml b/roles/abrt/faf-pre/tasks/main.yml deleted file mode 100644 index 8c2c585196..0000000000 --- a/roles/abrt/faf-pre/tasks/main.yml +++ /dev/null @@ -1,104 +0,0 @@ ---- -# Install additional packages -- import_tasks: install.yml - -# Create database for faf -- import_tasks: setup_db.yml - -- import_tasks: ssl.yml - -# Allow https and start httpd -- import_tasks: services.yml - -- name: Create a directory /srv/faf - ansible.builtin.file: - path: /srv/faf - state: directory - owner: faf - group: faf - -- name: Create folders where we place certs for fedora-messaging - ansible.builtin.file: path=/etc/fedora-messaging/faf owner=root group=root mode=0755 state=directory - -- name: Install certs for fedora-messaging - ansible.builtin.copy: src={{ item.src }} - dest=/etc/fedora-messaging/faf/{{ item.dest }} - owner={{ item.owner }} group=root mode={{ item.mode }} - loop: - - { src: "{{private}}/files/rabbitmq/{{env}}/ca-combined.crt", - dest: "ca.crt", - owner: faf, - mode: "0644" - } - - { src: "{{private}}/files/rabbitmq/{{env}}/pki/private/faf{{env_suffix}}.key", - dest: "faf.key", - owner: faf, - mode: "600" - } - - { src: "{{private}}/files/rabbitmq/{{env}}/pki/issued/faf{{env_suffix}}.crt", - dest: "faf.crt", - owner: faf, - mode: "0644" - } - -# landing page -- name: Install abrt-server-info-page - ansible.builtin.package: - name: abrt-server-info-page - state: latest - -- name: Configure ADMINS - lineinfile: - dest: /usr/lib/python3.6/site-packages/abrt-server-info-page/config.py - regexp: 'ADMINS =' - line: ' ADMINS = "infrastructure@lists.fedoraproject.org"' - notify: Restart httpd - -- name: Configure MORE_FAF - lineinfile: - dest: /usr/lib/python3.6/site-packages/abrt-server-info-page/config.py - regexp: 'MORE_FAF =' - line: ' MORE_FAF = "https://github.com/abrt/faf/"' - notify: Restart httpd - -- name: Configure MORE_RS - lineinfile: - dest: /usr/lib/python3.6/site-packages/abrt-server-info-page/config.py - regexp: 'MORE_RS =' - line: ' MORE_RS = "https://github.com/abrt/retrace-server"' - notify: Restart httpd - -- name: Configure MORE_ABRT - lineinfile: - dest: /usr/lib/python3.6/site-packages/abrt-server-info-page/config.py - regexp: 'MORE_ABRT =' - line: ' MORE_ABRT = "https://github.com/abrt/abrt/"' - notify: Restart httpd - -- name: Configure MORE_GABRT - lineinfile: - dest: /usr/lib/python3.6/site-packages/abrt-server-info-page/config.py - regexp: 'MORE_GABRT =' - line: ' MORE_GABRT = "https://github.com/abrt/gnome-abrt/"' - notify: Restart httpd - -- name: Configure MORE_LR - lineinfile: - dest: /usr/lib/python3.6/site-packages/abrt-server-info-page/config.py - regexp: 'MORE_LR =' - line: ' MORE_LR = "https://github.com/abrt/libreport/"' - notify: Restart httpd - -- name: Configure MORE_SATYR - lineinfile: - dest: /usr/lib/python3.6/site-packages/abrt-server-info-page/config.py - regexp: 'MORE_SATYR =' - line: ' MORE_SATYR = "https://github.com/abrt/satyr/"' - notify: Restart httpd - -- name: Configure URL_FOR_FAF - lineinfile: - dest: /usr/lib/python3.6/site-packages/abrt-server-info-page/config.py - regexp: 'URL_FOR_FAF =' - line: ' URL_FOR_FAF = "https://{{ faf_server_name }}"' - notify: Restart httpd diff --git a/roles/abrt/faf-pre/tasks/services.yml b/roles/abrt/faf-pre/tasks/services.yml deleted file mode 100644 index 06ae10d07e..0000000000 --- a/roles/abrt/faf-pre/tasks/services.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: Start and enable httpd - service: - name: httpd - state: started - enabled: yes - -- name: Start and enable memcached - service: - name: memcached - state: started - enabled: yes - when: faf_web_cache_type == "memcached" - -- name: Turn off selinux - selinux: - state: permissive - policy: targeted diff --git a/roles/abrt/faf-pre/tasks/setup_db.yml b/roles/abrt/faf-pre/tasks/setup_db.yml deleted file mode 100644 index 1491e35d30..0000000000 --- a/roles/abrt/faf-pre/tasks/setup_db.yml +++ /dev/null @@ -1,101 +0,0 @@ ---- -- name: Ensure PostgreSQL database is initialized. - ansible.builtin.command: "postgresql-setup --initdb --unit postgresql" - args: - creates: "/var/lib/pgsql/data/PG_VERSION" - -- name: Set max_connections for PostgreSQL - lineinfile: - path: /var/lib/pgsql/data/postgresql.conf - regexp: '^max_connections =' - line: 'max_connections = 150' - notify: Restart postgresql - -- name: Set shared_buffers for PostgreSQL - lineinfile: - path: /var/lib/pgsql/data/postgresql.conf - regexp: '^shared_buffers =' - line: 'shared_buffers = 25536MB' - notify: Restart postgresql - -- name: Set effective_cache_size for PostgreSQL - lineinfile: - path: /var/lib/pgsql/data/postgresql.conf - regexp: '^effective_cache_size =' - line: 'effective_cache_size = 50608MB' - notify: Restart postgresql - -- name: Set work_mem for PostgreSQL - lineinfile: - path: /var/lib/pgsql/data/postgresql.conf - regexp: '^work_mem =' - line: 'work_mem = 6MB' - notify: Restart postgresql - -- name: Set maintenance_work_mem for PostgreSQL - lineinfile: - path: /var/lib/pgsql/data/postgresql.conf - regexp: '^maintenance_work_mem =' - line: 'maintenance_work_mem = 2GB' - notify: Restart postgresql - -- name: Set checkpoint_completion_target for PostgreSQL - lineinfile: - path: /var/lib/pgsql/data/postgresql.conf - regexp: '^checkpoint_completion_target =' - line: 'checkpoint_completion_target = 0.9' - notify: Restart postgresql - -- name: Set wal_buffers for PostgreSQL - lineinfile: - path: /var/lib/pgsql/data/postgresql.conf - regexp: '^wal_buffers =' - line: 'wal_buffers = -1' - notify: Restart postgresql - -- name: Set default_statistics_target for PostgreSQL - lineinfile: - path: /var/lib/pgsql/data/postgresql.conf - regexp: '^default_statistics_target =' - line: 'default_statistics_target = 100' - notify: Restart postgresql - -- name: Drop faf database - postgresql_db: - name: faf - owner: postgres - state: absent - when: faf_recreate_database|bool - -- name: Start service postgresql - service: - name: postgresql - state: started - enabled: yes - become: true - -- name: Pgsql create db faf - postgresql_db: - name: faf - owner: postgres - state: present - become: true - become_user: postgres - -- name: Pgsql create user faf - postgresql_user: - db: faf - name: faf - priv: ALL - role_attr_flags: SUPERUSER - state: present - become: true - become_user: postgres - -- name: Create extension for faf - postgresql_ext: - name: semver - db: faf - state: present - become: true - become_user: postgres diff --git a/roles/abrt/faf-pre/tasks/ssl.yml b/roles/abrt/faf-pre/tasks/ssl.yml deleted file mode 100644 index 44f1463103..0000000000 --- a/roles/abrt/faf-pre/tasks/ssl.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: Check whether we need to initialize letsencrypt first - stat: path="/etc/letsencrypt/live/{{ item.key }}" - register: le_stat_checks - with_dict: "{{ letsencrypt.certificates }}" - when: - - letsencrypt is defined - -- name: Stop httpd when letsencrypt has not been run - service: - name: httpd - state: stopped - when: - - letsencrypt is defined - - not item.stat.exists - with_items: "{{ le_stat_checks.results }}" - - -- name: Install letsencrypt ssl certificates for dev - include_role: name=copr/certbot - tags: - - config - -- name: Install retrace ssl vhost - ansible.builtin.template: src="httpd/retrace_ssl.conf.j2" dest="/etc/httpd/conf.d/retrace_ssl.conf" - when: letsencrypt is defined - tags: - - config diff --git a/roles/abrt/faf-pre/templates/httpd/retrace_ssl.conf.j2 b/roles/abrt/faf-pre/templates/httpd/retrace_ssl.conf.j2 deleted file mode 100644 index 6870d39190..0000000000 --- a/roles/abrt/faf-pre/templates/httpd/retrace_ssl.conf.j2 +++ /dev/null @@ -1,15 +0,0 @@ - - SSLEngine on - SSLProtocol {{ ssl_protocols }} - # Use secure TLSv1.1 and TLSv1.2 ciphers - SSLCipherSuite {{ ssl_ciphers }} - SSLHonorCipherOrder on - Header always add Strict-Transport-Security "max-age=31536000; preload" - - SSLCertificateFile /etc/letsencrypt/live/{{ public_hostname }}/cert.pem - SSLCertificateKeyFile /etc/letsencrypt/live/{{ public_hostname }}/privkey.pem - SSLCertificateChainFile /etc/letsencrypt/live/{{ public_hostname }}/fullchain.pem - - ServerName {{ public_hostname }} - - diff --git a/roles/abrt/faf/.ansible-lint b/roles/abrt/faf/.ansible-lint deleted file mode 100644 index c82bf3ad37..0000000000 --- a/roles/abrt/faf/.ansible-lint +++ /dev/null @@ -1,3 +0,0 @@ -# We have a task explicitly for updating all FAF packages. -skip_list: - - 403 diff --git a/roles/abrt/faf/.github/workflows/ansible-lint.yml b/roles/abrt/faf/.github/workflows/ansible-lint.yml deleted file mode 100644 index 274f858610..0000000000 --- a/roles/abrt/faf/.github/workflows/ansible-lint.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -name: Check Ansible Role - -on: # yamllint disable-line rule:truthy - push: - branches: [master] - pull_request: - branches: [master] - -jobs: - lint: - # The GitHub-hosted runners don’t do Fedora - runs-on: ubuntu-latest - - steps: - - name: Check out sources - uses: actions/checkout@v2 - - # This can be pinned to a specific tag after something newer than v4.1.0.post0 materializes. - # https://github.com/ansible/ansible-lint-action/commit/91db49755c0e720d9eac9d3a481c227d3d14faf6 - - name: Lint - uses: ansible/ansible-lint-action@master - with: - targets: ./ diff --git a/roles/abrt/faf/LICENSE.bsd b/roles/abrt/faf/LICENSE.bsd deleted file mode 100644 index 2f17068367..0000000000 --- a/roles/abrt/faf/LICENSE.bsd +++ /dev/null @@ -1,25 +0,0 @@ -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, and the entire permission notice in its entirety, - including the disclaimer of warranties. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. The name of the author may not be used to endorse or promote - products derived from this software without specific prior - written permission. - -THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF -WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE -LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT -OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE -USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH -DAMAGE. diff --git a/roles/abrt/faf/README.rst b/roles/abrt/faf/README.rst deleted file mode 100644 index 4f80b781d5..0000000000 --- a/roles/abrt/faf/README.rst +++ /dev/null @@ -1,17 +0,0 @@ -ansible-role-faf ----------------- - -Role for deploying `faf `_. - -See `defaults/main.yml `_ -for the complete list of configuration variables. - -License -======= - -BSD - -Author -====== - -Richard Marko diff --git a/roles/abrt/faf/defaults/main.yml b/roles/abrt/faf/defaults/main.yml deleted file mode 100644 index a9b2bbec64..0000000000 --- a/roles/abrt/faf/defaults/main.yml +++ /dev/null @@ -1,245 +0,0 @@ ---- - -########################### -# features configuration # -########################### - -faf_with_bugtrackers: true -faf_with_celery: true -faf_with_fedmsg: false -faf_with_solutionfinders: true -faf_with_symboltransfer: false -faf_with_web: true -faf_python_version: "python3.6" - -# dangerous, delete and re-create PostgreSQL database -# (will wipe Postgre's data dir and re-create from scratch) -faf_recreate_database: false - -# update faf packages -faf_update: true - -# force faf packages reinstallation (for testing instances) -faf_force_reinstall: false - -# run faf's database migrations -faf_migrate_db: true - -# set up cron jobs for faf -faf_cron_jobs: true - -# faf reachable on httpd root (http://hostname/) -# if false it's (http://hostname/faf/) -faf_web_on_root: false - -########################### -# faf configuration # -########################### - -# [MAIN] -faf_plugins_dir: /etc/faf/plugins/ -faf_templates_dir: /etc/faf/templates/ -faf_autoenableplugins: false - -# [STORAGE] -# variables used to automatically create a connectstring -# connectstring is used for faf web & storage in format: -# postgresql://user:password@host:port/database -faf_db_user: -faf_db_password: -faf_db_host: -faf_db_port: -faf_db_name: faf - -# [MAIL] -faf_admin_mail: root@localhost -# SMTP server to use -smtp_server: localhost -smtp_port: 25 -smtp_username: -smtp_password: -faf_from: no-reply@localhost - -# [uREPORT] -faf_spool_dir: /var/spool/faf -faf_create_components: false - -# Allow uReports without affected package - meaning that crashing code was -# not packaged -faf_allow_unpackaged: false - -########################### -# faf-webui configuration # -########################### - -# [HUB] -# enable debugging -faf_web_debug: false - -# set to true if faf's running behind proxy like varnish -faf_web_proxy_setup: false - -# important for production deployments -faf_web_secret_key: not_a_secret - -# domain of web service as seen from internet -domain: example.org - -# faf_server_name is the URL without protocols and trailing slash -# the URL can be also with /path part (e.g. example-faf.org/faf) -faf_server_name: "example-faf.org" - -faf_web_brand_title: "ABRT" -faf_web_brand_subtitle: "Analytics" - -faf_web_fedmenu_url: -# https://apps.fedoraproject.org/fedmenu -faf_web_fedmenu_data_url: -# https://apps.fedoraproject.org/js/data.js - -# perms -faf_web_everyone_is_admin: false -faf_web_everyone_is_maintainer: false - -# [OPENID] -# enable OpenID -faf_web_openid: true - -# Comma-separated list of teams provided by OpenID via -# https://github.com/puiterwijk/python-openid-teams -# Members of these teams will be granted maintainer privileges -faf_web_openid_privileged_teams: -# provenpackager,proventesters - -# [CACHE] -# cache type either: memcached/simple/none -faf_web_cache_type: memcached - -memcached_port: 11211 - -# number of mails that can be sent per the time frame -faf_web_throttle_rate: 1 -# time to wait (in seconds) before another mail can be sent -faf_web_throttle_timeframe: 30 -# start the throttling after this number of mails is sent -faf_web_throttle_burst: 1 - -############################## -# fedora-messaging config # -############################## -faf_fedmsg_server: -# The topic_prefix configuration value will add a prefix to the topics of every sent message. -# This is used for migrating from fedmsg, and should not be used afterwards. -faf_fedmsg_topic_prefix: - -# [TLS] -faf_fedmsg_ca_cert: -faf_fedmsg_keyfile: -faf_fedmsg_certfile: - -############################## -# functionality checking # -############################## - -faf_check: false -faf_check_web: false - -############################## -# faf cron configuration # -############################## - -faf_opsys_list: - - fedora - -############################## -# faf packages configuration # -############################## -# -# Removing some packaging allows you to install -# only components relevant for your deployment - -faf_packages: - - faf - - faf-migrations - - faf-dnf - -faf_problem_packages: - - faf-problem-coredump - - faf-problem-java - - faf-problem-kerneloops - - faf-problem-python - - faf-problem-ruby - -faf_opsys_packages: - - faf-opsys-centos - - faf-opsys-fedora - -faf_action_packages: - - faf-action-add-compat-hashes - - faf-action-arch - - faf-action-archive-reports - - faf-action-assign-release-to-builds - - faf-action-attach-centos-bugs - - faf-action-c2p - - faf-action-check-repo - - faf-action-cleanup-packages - - faf-action-cleanup-unassigned - - faf-action-cleanup-task-results - - faf-action-create-problems - - faf-action-delete-invalid-ureports - - faf-action-external-faf - - faf-action-external-faf-clone-bz - - faf-action-find-components - - faf-action-find-crash-function - - faf-action-find-report-solution - - faf-action-mark-probably-fixed - - faf-action-pull-associates - - faf-action-pull-components - - faf-action-pull-releases - - faf-action-pull-reports - - faf-action-repo - - faf-action-retrace - - faf-action-retrace-remote - - faf-action-sar - - faf-action-save-reports - - faf-action-shell - - faf-action-stats - -faf_bugtracker_packages: - - faf-action-bugtracker - - faf-bugtracker-bugzilla - - faf-bugtracker-centos-mantis - - faf-bugtracker-fedora-bugzilla - - faf-bugtracker-mantis - - faf-bugtracker-rhel-bugzilla - -faf_celery_packages: - - faf-celery-tasks - - faf-celery-tasks-systemd-services - -faf_fedmsg_packages: - - faf-action-fedmsg-notify - - faf-fedmsg - - faf-fedmsg-realtime - -faf_solutionfinder_packages: - - faf-action-sf-prefilter - - faf-solutionfinder-prefilter - - faf-solutionfinder-probable-fix - -faf_web_packages: - - faf-webui - -faf_web_celery_packages: - - faf-blueprint-celery-tasks - -faf_web_symboltransfer_packages: - - faf-blueprint-symbol-transfer - -############### -# EOLed Opsys # -############### - -eol_opsys: [] -# When not empty, the array should have the following form: -# - { opsys: "Fedora", release: "36" } diff --git a/roles/abrt/faf/files/group_abrt-faf-el8-epel-8.repo b/roles/abrt/faf/files/group_abrt-faf-el8-epel-8.repo deleted file mode 100644 index 526f31f34f..0000000000 --- a/roles/abrt/faf/files/group_abrt-faf-el8-epel-8.repo +++ /dev/null @@ -1,21 +0,0 @@ -[faf-el8] -name=Copr repo for faf-el8 owned by @abrt -baseurl=https://copr-be.cloud.fedoraproject.org/results/@abrt/faf-el8/epel-8-$basearch/ -type=rpm-md -skip_if_unavailable=True -gpgcheck=1 -gpgkey=https://copr-be.cloud.fedoraproject.org/results/@abrt/faf-el8/pubkey.gpg -repo_gpgcheck=0 -enabled=1 -enabled_metadata=1 - -[faf-el8-required-packages] -name=Copr repo for faf-el8-required-packages owned by @abrt -baseurl=https://copr-be.cloud.fedoraproject.org/results/@abrt/faf-el8-required-packages/epel-8-$basearch/ -type=rpm-md -skip_if_unavailable=True -gpgcheck=1 -gpgkey=https://copr-be.cloud.fedoraproject.org/results/@abrt/faf-el8-required-packages/pubkey.gpg -repo_gpgcheck=0 -enabled=1 -enabled_metadata=1 diff --git a/roles/abrt/faf/files/group_abrt-faf-el8-fedora.repo b/roles/abrt/faf/files/group_abrt-faf-el8-fedora.repo deleted file mode 100644 index aaa55db4dc..0000000000 --- a/roles/abrt/faf/files/group_abrt-faf-el8-fedora.repo +++ /dev/null @@ -1,10 +0,0 @@ -[group_abrt-faf-el8] -name=Copr repo for faf-el8 owned by @abrt -baseurl=https://copr-be.cloud.fedoraproject.org/results/@abrt/faf-el8/fedora-$releasever-$basearch/ -type=rpm-md -skip_if_unavailable=True -gpgcheck=1 -gpgkey=https://copr-be.cloud.fedoraproject.org/results/@abrt/faf-el8/pubkey.gpg -repo_gpgcheck=0 -enabled=1 -enabled_metadata=1 \ No newline at end of file diff --git a/roles/abrt/faf/files/ureport_sample b/roles/abrt/faf/files/ureport_sample deleted file mode 100644 index fd50c7b9c3..0000000000 --- a/roles/abrt/faf/files/ureport_sample +++ /dev/null @@ -1,85 +0,0 @@ -{ - "ureport_version": 2, - - "reason": "ImportError in /usr/bin/faf:55", - - "os": { - "name": "fedora", - "version": "42", - "architecture": "x86_64" - }, - - "problem": { - "type": "python", - - "component": "meta_faf", - - "exception_name": "ImportError", - - "user": { - "local": true, - "root": false - }, - - "stacktrace": [ - { - "file_name": "/usr/lib64/python2.7/site-packages/sqlalchemy/dialects/postgresql/psycopg2.py", - "file_line": 312, - "line_contents": "psycopg = __import__('psycopg2')", - "function_name": "dbapi" - }, - { - "file_name": "/usr/lib64/python2.7/site-packages/sqlalchemy/engine/strategies.py", - "file_line": 64, - "line_contents": "dbapi = dialect_cls.dbapi(**dbapi_args)", - "function_name": "create" - }, - { - "file_name": "/usr/lib64/python2.7/site-packages/sqlalchemy/engine/__init__.py", - "file_line": 338, - "line_contents": "return strategy.create(*args, **kwargs)", - "function_name": "create_engine" - }, - { - "file_name": "/usr/lib/python2.7/site-packages/pyfaf/storage/__init__.py", - "file_line": 213, - "line_contents": "self._db = create_engine(config['storage.connectstring'])", - "function_name": "__init__" - }, - { - "file_name": "/usr/lib/python2.7/site-packages/pyfaf/storage/__init__.py", - "file_line": 199, - "line_contents": "db = Database(debug=debug, dry=dry)", - "function_name": "get_database" - }, - { - "file_name": "/usr/bin/faf", - "file_line": 29, - "line_contents": "db = getDatabase(debug=cmdline.sql_verbose, dry=cmdline.dry_run)", - "function_name": "main" - }, - { - "file_name": "/usr/bin/faf", - "file_line": 55, - "special_function": "module", - "line_contents": "main()" - } - ] - }, - - "packages": [ - { - "name": "meta_faf", - "epoch": 0, - "version": "0.9", - "architecture": "noarch", - "package_role": "affected", - "release": "1.fc42" - } - ], - - "reporter": { - "version": "0.9", - "name": "satyr" - } -} diff --git a/roles/abrt/faf/handlers/main.yml b/roles/abrt/faf/handlers/main.yml deleted file mode 100644 index 23d49bd16e..0000000000 --- a/roles/abrt/faf/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Restart httpd - service: - name: httpd - state: restarted diff --git a/roles/abrt/faf/meta/.galaxy_install_info b/roles/abrt/faf/meta/.galaxy_install_info deleted file mode 100644 index d014cfad01..0000000000 --- a/roles/abrt/faf/meta/.galaxy_install_info +++ /dev/null @@ -1,2 +0,0 @@ -install_date: Thu May 27 08:27:11 2021 -version: master diff --git a/roles/abrt/faf/meta/main.yml b/roles/abrt/faf/meta/main.yml deleted file mode 100644 index 0f16bf1bcd..0000000000 --- a/roles/abrt/faf/meta/main.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -galaxy_info: - author: "ABRT team" - description: Deploy FAF - company: Red Hat - license: BSD - min_ansible_version: 2.5 - platforms: - - name: EL - versions: - - 8 - - name: Fedora - versions: - - 29 - - 30 - galaxy_tags: - - web -dependencies: [] diff --git a/roles/abrt/faf/tasks/celery.yml b/roles/abrt/faf/tasks/celery.yml deleted file mode 100644 index 881f7e9912..0000000000 --- a/roles/abrt/faf/tasks/celery.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -- name: Install faf web celery packages - ansible.builtin.package: - name: "{{ faf_web_celery_packages }}" - state: present - tags: - - packages - -- name: Install redis package - ansible.builtin.package: - name: - - redis - - python3-redis - state: present - tags: - - packages - -- name: Enable redis service - service: - name: redis - state: started - enabled: yes - tags: - - service - -- name: Enable faf-celery-worker - service: - name: faf-celery-worker - state: started - enabled: yes - tags: - - service - -- name: Enable faf-celery-beat - service: - name: faf-celery-beat - state: started - enabled: yes - tags: - - service diff --git a/roles/abrt/faf/tasks/check.yml b/roles/abrt/faf/tasks/check.yml deleted file mode 100644 index 2a324343de..0000000000 --- a/roles/abrt/faf/tasks/check.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- - -# check backend functionality - -- name: Add dummy Fedora 42 release - ansible.builtin.command: faf releaseadd -o fedora --opsys-release 42 - become: yes - become_user: faf - changed_when: false - -- name: Get releases from FAF - ansible.builtin.command: faf releaselist - become: yes - become_user: faf - register: release_list - failed_when: "'Fedora 42' not in release_list.stdout" - changed_when: false - -- name: Add dummy meta_faf component to Fedora 42 release - ansible.builtin.command: faf compadd -o fedora --opsys-release 42 meta_faf - become: yes - become_user: faf - changed_when: false - -- name: Cpf - ansible.builtin.copy: - src: ureport_sample - dest: "{{ faf_spool_dir }}/reports/incoming" - owner: faf - group: faf - -- name: Faf - ansible.builtin.command: faf {{ item }} - become: yes - become_user: faf - loop: - - "save-reports -v" - - "create-problems -v" - # This task is 100% idempotent, no questions asked. - changed_when: false diff --git a/roles/abrt/faf/tasks/check_web.yml b/roles/abrt/faf/tasks/check_web.yml deleted file mode 100644 index 65aa450af1..0000000000 --- a/roles/abrt/faf/tasks/check_web.yml +++ /dev/null @@ -1,27 +0,0 @@ -# check web functionality -# ---- -- name: Set URL facts - set_fact: - main_url: "https://{{ ansible_default_ipv4.address }}{{ url_suffix }}" - problems_url: "https://{{ ansible_default_ipv4.address }}{{ url_suffix }}/problems/" - -- name: Check main - uri: - url: "{{ main_url }}" - return_content: yes - validate_certs: no - register: uri_res - check_mode: no - delegate_to: localhost - failed_when: "'ABRT' not in uri_res.content" - -- name: Fetch problems - uri: - url: "{{ problems_url }}" - return_content: yes - validate_certs: no - register: uri_res - check_mode: no - delegate_to: localhost - failed_when: "'State' not in uri_res.content" diff --git a/roles/abrt/faf/tasks/cleanup.yml b/roles/abrt/faf/tasks/cleanup.yml deleted file mode 100644 index b59930dc98..0000000000 --- a/roles/abrt/faf/tasks/cleanup.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Remove EOLed opsys - ansible.builtin.command: faf releasemod -o "{{ item.opsys | lower }}" --opsys-release "{{ item.release }}" -s EOL - loop: "{{ eol_opsys }}" - become: yes - become_user: faf - failed_when: false - changed_when: false - -- name: Remove EOLed packages - ansible.builtin.command: faf cleanup-packages "{{ item.opsys }}" "{{ item.release }}" - loop: "{{ eol_opsys }}" - become: yes - become_user: faf - failed_when: false - changed_when: false - -- name: Remove unassigned packages - ansible.builtin.command: faf cleanup-unassigned -f - become: yes - become_user: faf - failed_when: false - changed_when: false diff --git a/roles/abrt/faf/tasks/config.yml b/roles/abrt/faf/tasks/config.yml deleted file mode 100644 index 8bd459a16f..0000000000 --- a/roles/abrt/faf/tasks/config.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- - -- name: Provide /etc/faf/faf.conf - ansible.builtin.template: - src: etc-faf-faf.conf.j2 - dest: /etc/faf/faf.conf - -# setup fedora-messaging -- name: Create the config folder for fedora-messaging - ansible.builtin.file: - path: /etc/fedora-messaging/ - owner: root - group: root - mode: "0755" - state: directory - when: faf_with_fedmsg|bool - -- name: Provide configuration for fedora-messaging - ansible.builtin.template: - src: etc-fedora-messaging-config.toml.j2 - dest: /etc/fedora-messaging/config.toml - when: faf_with_fedmsg|bool diff --git a/roles/abrt/faf/tasks/cron.yml b/roles/abrt/faf/tasks/cron.yml deleted file mode 100644 index fda06747ae..0000000000 --- a/roles/abrt/faf/tasks/cron.yml +++ /dev/null @@ -1,116 +0,0 @@ ---- - -- name: Cron save-reports - cron: - name: "faf save-reports" - user: faf - job: "faf save-reports --speedup >> /var/log/faf/save-reports.log 2>&1" - minute: "*/5" - state: present - -- name: Cron create-problems-speedup - cron: - name: "faf create-problems-speedup with type {{ item }}" - user: faf - job: "faf create-problems -p {{ item }} --speedup --report-min-count 2 >> /var/log/faf/create-problems-{{ item }}.log 2>&1" - minute: "{{ 60 | random(seed=item) }}" - hour: "2" - state: present - loop: - - "core" - - "kerneloops" - - "python" - - "ruby" - - "java" - -- name: Cron create-problems - cron: - name: "faf create-problems with type {{ item }}" - user: faf - job: "faf create-problems -p {{ item }} >> /var/log/faf/create-problems-{{ item }}.log 2>&1" - day: "15" - minute: "30" - hour: "14" - state: present - loop: - - "core" - - "kerneloops" - - "python" - - "ruby" - - "java" - -- name: Cron reposync - cron: - name: "faf reposync" - user: faf - job: "faf reposync >> /var/log/faf/reposync.log 2>&1" - minute: "5" - hour: "3" - state: present - -- name: Retrace symbols - cron: - name: "retrace symbols with type {{ item.type }}" - user: faf - job: "faf retrace --workers 4 -dp {{ item.type }} --max-fail-count 1 >> /var/log/faf/retrace-{{ item.type }}.log 2>&1" - minute: "32" - hour: "2" - weekday: "{{ item.day }}" - state: present - loop: - - { type: "core", day: "2,4,6" } - - { type: "kerneloops", day: "1,3,5" } - -- name: Cron - faf find-crashfn - cron: - name: "cron for faf find-crashfn for {{ item }}" - user: faf - job: "faf find-crashfn -p {{ item }}" - minute: "{{ 60 | random(seed=item) }}" - hour: "5" - state: present - loop: - - "core" - - "kerneloops" - - "python" - - "ruby" - - "java" - -- name: Cron pull-releases - cron: - name: "faf pull-releases {{ item }}" - user: faf - job: "faf pull-releases -o {{ item }} >> /var/log/faf/pull-releases.log 2>&1" - minute: "5" - hour: "0" - state: present - loop: "{{ faf_opsys_list }}" - -- name: Cron pull-components - cron: - name: "faf pull-components {{ item }}" - user: faf - job: "faf pull-components -o {{ item }} >> /var/log/faf/pull-components.log 2>&1" - minute: "5" - hour: "1" - state: present - loop: "{{ faf_opsys_list }}" - -- name: Cron - faf find-components - cron: - name: "cron for faf find-components -o {{ item }}" - user: faf - job: "faf find-components -o {{ item }} >> /var/log/faf/find-components.log 2>&1" - minute: "5" - hour: "2" - state: present - loop: "{{ faf_opsys_list }}" - -- name: Cron - faf match-unknown-packages - cron: - name: "cron for faf match-unknown-packages" - user: faf - job: "faf match-unknown-packages >> /var/log/faf/match-unknown-packages.log 2>&1" - minute: "23" - hour: "22" - state: present diff --git a/roles/abrt/faf/tasks/first_time_setup.yml b/roles/abrt/faf/tasks/first_time_setup.yml deleted file mode 100644 index d9a7326434..0000000000 --- a/roles/abrt/faf/tasks/first_time_setup.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- - -- name: Check for count of faf tables - ansible.builtin.shell: psql -c "SELECT COUNT(*) FROM pg_stat_user_tables" - register: count_tables - changed_when: "( count_tables.stdout_lines[2]|int ) == 0" - check_mode: no - become: yes - become_user: faf - -# Skip whole block if faf owns atleast 1 table in db -- block: - - name: Create faf's database schema - ansible.builtin.command: faf-migrate-db --create-all - become: yes - become_user: faf - - - name: Stamp database as migrated to latest version - ansible.builtin.command: faf-migrate-db --stamp-only - become: yes - become_user: faf - - - name: Init faf - ansible.builtin.command: faf init - become: yes - become_user: faf - when: ( count_tables.stdout_lines[2]|int ) == 0 diff --git a/roles/abrt/faf/tasks/install.yml b/roles/abrt/faf/tasks/install.yml deleted file mode 100644 index 09ea84e55c..0000000000 --- a/roles/abrt/faf/tasks/install.yml +++ /dev/null @@ -1,63 +0,0 @@ ---- - -- name: Enable Copr repo for RHEL - ansible.builtin.copy: - src: group_abrt-faf-el8-epel-8.repo - dest: /etc/yum.repos.d/ - when: ansible_distribution == 'RedHat' - -- name: Enable Copr repo for Fedora - ansible.builtin.copy: - src: group_abrt-faf-el8-fedora.repo - dest: /etc/yum.repos.d/ - when: ansible_distribution == 'Fedora' - -- name: Erase faf packages - ansible.builtin.package: - name: "faf-*" - state: absent - when: faf_force_reinstall|bool - -- name: Install core faf packages - ansible.builtin.package: - name: "{{ faf_packages }}" - state: present - -- name: Install faf problem packages - ansible.builtin.package: - name: "{{ faf_problem_packages }}" - state: present - -- name: Install faf opsys packages - ansible.builtin.package: - name: "{{ faf_opsys_packages }}" - state: present - -- name: Install faf action packages - ansible.builtin.package: - name: "{{ faf_action_packages }}" - state: present - -- name: Install faf bugtracker packages - ansible.builtin.package: - name: "{{ faf_bugtracker_packages }}" - state: present - when: faf_with_bugtrackers|bool - -- name: Install faf celery packages - ansible.builtin.package: - name: "{{ faf_celery_packages }}" - state: present - when: faf_with_celery|bool - -- name: Install faf fedmsg packages - ansible.builtin.package: - name: "{{ faf_fedmsg_packages }}" - state: present - when: faf_with_fedmsg|bool - -- name: Install faf solutionfinder packages - ansible.builtin.package: - name: "{{ faf_solutionfinder_packages }}" - state: present - when: faf_with_solutionfinders|bool diff --git a/roles/abrt/faf/tasks/main.yml b/roles/abrt/faf/tasks/main.yml deleted file mode 100644 index 0255a54074..0000000000 --- a/roles/abrt/faf/tasks/main.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- import_tasks: install.yml - tags: [faf, faf_install, packages] - -- import_tasks: update.yml - when: faf_update|bool - tags: [faf, faf_update, packages] - -- import_tasks: first_time_setup.yml - tags: [faf, faf_fist_time_setup, config] - -- import_tasks: config.yml - tags: [faf, faf_config, config] - -- import_tasks: migrate_db.yml - when: faf_migrate_db|bool - tags: [faf, faf_migrate_db] - -- import_tasks: cron.yml - when: faf_cron_jobs|bool - tags: [faf, config] - -- import_tasks: web.yml - when: faf_with_web|bool - tags: [faf, faf_web] - -- import_tasks: check.yml - when: faf_check|bool - tags: [faf, faf_check] - -- import_tasks: check_web.yml - when: faf_check_web|bool - tags: [faf, faf_check_web] - -- import_tasks: cleanup.yml - tags: [faf, cleanup] diff --git a/roles/abrt/faf/tasks/migrate_db.yml b/roles/abrt/faf/tasks/migrate_db.yml deleted file mode 100644 index e55d40237a..0000000000 --- a/roles/abrt/faf/tasks/migrate_db.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Run database migrations - ansible.builtin.command: faf-migrate-db - become: yes - become_user: faf - changed_when: false diff --git a/roles/abrt/faf/tasks/update.yml b/roles/abrt/faf/tasks/update.yml deleted file mode 100644 index 3108371ed9..0000000000 --- a/roles/abrt/faf/tasks/update.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Update faf packages - ansible.builtin.package: - name: "faf*" - state: latest diff --git a/roles/abrt/faf/tasks/web.yml b/roles/abrt/faf/tasks/web.yml deleted file mode 100644 index 0475ca8a7b..0000000000 --- a/roles/abrt/faf/tasks/web.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -- name: Set url_suffix fact - set_fact: - url_suffix: "" - when: faf_web_on_root|bool - -- name: Set url_suffix fact - set_fact: - url_suffix: "/faf" - when: not faf_web_on_root|bool - -- name: Install faf-webui packages - ansible.builtin.package: - name: "{{ faf_web_packages }}" - state: present - -- name: Import Celery tasks - import_tasks: celery.yml - when: faf_with_celery|bool - -- name: Install faf web symboltransfer packages - ansible.builtin.package: - name: "{{ faf_web_symboltransfer_packages }}" - state: present - when: faf_with_symboltransfer|bool - -- name: Provide /etc/faf/plugins/web.conf - ansible.builtin.template: - src: etc-faf-plugins-web.conf.j2 - dest: /etc/faf/plugins/web.conf - notify: - - Restart httpd - -- name: Put webfaf on root (/) if configured - ansible.builtin.template: - src: etc-httpd-conf.d-faf-web.conf.j2 - dest: /etc/httpd/conf.d/faf-web.conf - notify: - - Restart httpd diff --git a/roles/abrt/faf/templates/etc-faf-faf.conf.j2 b/roles/abrt/faf/templates/etc-faf-faf.conf.j2 deleted file mode 100644 index b1221d0b3a..0000000000 --- a/roles/abrt/faf/templates/etc-faf-faf.conf.j2 +++ /dev/null @@ -1,56 +0,0 @@ -#{{ ansible_managed }} -# Faf site-wide configuration file -# The settings are overridden by the file specified in -# FAF_CONFIG_FILE environment variable. - -[Main] -PluginsDir = {{ faf_plugins_dir }} -TemplatesDir = {{ faf_templates_dir }} -AutoEnablePlugins = {{ faf_autoenableplugins|bool }} - -[Storage] -DBUser = {{ faf_db_user }} -DBPasswd = {{ faf_db_password }} -DBHost = {{ faf_db_host }} -DBPort = {{ faf_db_port }} -DBName = {{ faf_db_name }} -LobDir = {{ faf_spool_dir }}/lob -# Using platform-specific location by default. -# Uncomment and change if needed. -# TmpDir = /tmp - -[Mail] -# where to send notification emails, comma separated list -Admins = {{ faf_admin_mail }} -Server = {{ smtp_server }} -Port = {{ smtp_port }} -Username = {{ smtp_username|default("", true) }} -Password = {{ smtp_password|default("", true) }} -From = {{ faf_from }} - -[uReport] -# The directory that holds 'reports' and 'attachments' subdirectories -Directory = {{ faf_spool_dir }} -CreateComponents = {{ faf_create_components }} -# attachments accepted by this server -# allowed values: fedora-bugzilla rhel-bugzilla centos-mantisb comment email url -# or * to allow all attachments -AcceptAttachments = fedora-bugzilla rhel-bugzilla centos-mantisbt - -# Allow uReports without affected package - meaning that crashing code was -# not packaged -allow-unpackaged = {{ faf_allow_unpackaged }} - -# Determines which strategy will be used for searching known or uknown ureport's -# and bugzilla bug's, if known is empty, then is used BUG_OS_MINOR_VERSION -# -# BUG_OS_MAJOR_VERSION - The report has attached a bug with equivalent OS Major -# version name -# BUG_OS_MINOR_VERSION - The report has attached a bug with equivalent OS Major -# version and OS Minor version name -# EQUAL_UREPORT_EXISTS - Report OS Major version match AND uReport OS Minor -# version match AND uReport OS Architecture match AND Packages match name -# -# allowed values for the Known option -# BUG_OS_MAJOR_VERSION BUG_OS_MINOR_VERSION EQUAL_UREPORT_EXISTS -Known = diff --git a/roles/abrt/faf/templates/etc-faf-plugins-web.conf.j2 b/roles/abrt/faf/templates/etc-faf-plugins-web.conf.j2 deleted file mode 100644 index 7fbebbda06..0000000000 --- a/roles/abrt/faf/templates/etc-faf-plugins-web.conf.j2 +++ /dev/null @@ -1,52 +0,0 @@ -#{{ ansible_managed }} -[hub] -debug = {{ faf_web_debug }} -proxy_setup = {{ faf_web_proxy_setup }} -secret_key = {{ faf_web_secret_key }} -{% if faf_web_on_root %} -url = https://{{ domain }}/ -{% else %} -url = https://{{ domain }}/faf/ -{% endif %} -server_name = {{ faf_server_name }} -brand_title = {{ faf_web_brand_title }} -brand_subtitle = {{ faf_web_brand_subtitle }} - -{% if faf_web_fedmenu_url %} -fedmenu_url = {{ faf_web_fedmenu_url }} -fedmenu_data_url = {{ faf_web_fedmenu_data_url }} -{% endif %} - -# When OpenID login is disabled, this option can be used to override permission -# checks and make everyone a package maintainer. -# In that case no login is necessary to access maintainer-only actions. -everyone_is_maintainer = {{ faf_web_everyone_is_admin }} -# When OpenID login is disabled, this option can be used to override permission -# checks and make everyone an admin. -# In that case no login is necessary to access admin-only actions. -everyone_is_admin = {{ faf_web_everyone_is_maintainer }} - -[openid] -enabled = {{ faf_web_openid }} - -{% if faf_web_openid_privileged_teams %} -privileged_teams = {{ faf_web_openid_privileged_teams }} -{% endif %} - -[cache] -#types: -# null - no caching -# simple - process-local memory cache -# memcached - requires pylibmc -type = {{ faf_web_cache_type }} -memcached_host = localhost -memcached_port = {{ memcached_port }} -memcached_key_prefix = webfaf - -[throttle] -# Number of mails that can be sent per the time frame -rate = {{ faf_web_throttle_rate }} -# Time to wait (in seconds) before another mail can be sent -timeframe = {{ faf_web_throttle_timeframe }} -# Start the throttling after this number of mails is sent -burst = {{ faf_web_throttle_burst }} diff --git a/roles/abrt/faf/templates/etc-fedora-messaging-config.toml.j2 b/roles/abrt/faf/templates/etc-fedora-messaging-config.toml.j2 deleted file mode 100644 index b905439cd3..0000000000 --- a/roles/abrt/faf/templates/etc-fedora-messaging-config.toml.j2 +++ /dev/null @@ -1,20 +0,0 @@ -#{{ ansible_managed }} - -# A sample configuration for fedora-messaging. This file is in the TOML format. -# For complete details on all configuration options, see the documentation. - -amqp_url = "amqp://{{ faf_fedmsg_server }}?connection_attempts=3&retry_delay=5" - -passive_declares = true - -# The topic_prefix configuration value will add a prefix to the topics of every sent message. -# This is used for migrating from fedmsg, and should not be used afterwards. -topic_prefix = {{ faf_fedmsg_topic_prefix }} - -[tls] -ca_cert = {{ faf_fedmsg_ca_cert }} -keyfile = {{ faf_fedmsg_keyfile }} -certfile = {{ faf_fedmsg_certfile }} - -[client_properties] -app = "FAF" diff --git a/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 b/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 deleted file mode 100644 index af69d27855..0000000000 --- a/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 +++ /dev/null @@ -1,50 +0,0 @@ -#{{ ansible_managed }} -# WSGI handler -WSGIPythonOptimize 1 -WSGISocketPrefix {{ faf_spool_dir }}/wsgi -WSGIDaemonProcess faf user=faf group=faf processes=3 threads=5 - -WSGIScriptAlias /{{ url_suffix }} /usr/lib/{{ faf_python_version }}/site-packages/webfaf/hub.wsgi process-group=faf application-group=%{GLOBAL} - - - - # Apache 2.4 - Require all granted - - - # Apache 2.2 - Order allow,deny - Allow from all - - - -# project main - - Options Indexes - IndexOptions FancyIndexing - - # Apache 2.4 - Require all granted - - - # Apache 2.2 - Order allow,deny - Allow from all - - - -# static -Alias {{ url_suffix }}/static "/usr/share/faf/web/static" - - Options Indexes - IndexOptions FancyIndexing - - # Apache 2.4 - Require all granted - - - # Apache 2.2 - Order allow,deny - Allow from all - - diff --git a/roles/abrt/how-to-update.txt b/roles/abrt/how-to-update.txt deleted file mode 100644 index f4e58e2de7..0000000000 --- a/roles/abrt/how-to-update.txt +++ /dev/null @@ -1,2 +0,0 @@ -# WARNING - this will override all local changes. Please rebase after this command. -ansible-galaxy install -f -r requirements.yml --ignore-errors -p ./ diff --git a/roles/abrt/requirements.yml b/roles/abrt/requirements.yml deleted file mode 100644 index a2d6f8bb51..0000000000 --- a/roles/abrt/requirements.yml +++ /dev/null @@ -1,9 +0,0 @@ -# Install a role from GitHub ---- -- name: faf - src: https://github.com/abrt/ansible-role-faf.git - version: master - -- name: retrace - src: https://github.com/abrt/ansible-role-retrace-server.git - version: master diff --git a/roles/abrt/retrace-post/defaults/main.yml b/roles/abrt/retrace-post/defaults/main.yml deleted file mode 100644 index 89e3534fb0..0000000000 --- a/roles/abrt/retrace-post/defaults/main.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- - -# List of Fedora versions for reposync -rs_internal_fedora_vers: [33, 34, rawhide] -rs_internal_fedora_vers_removed: [24, 25, 26, 27, 28, 29, 30, 31, 32] - -# List of CentOS versions for reposync -rs_internal_centos_vers: [7, 8] - -# List of architectures for reposync -# armhfp disabled untill we get more space -rs_internal_arch_list: [x86_64] diff --git a/roles/abrt/retrace-post/handlers/main.yml b/roles/abrt/retrace-post/handlers/main.yml deleted file mode 100644 index ed97d539c0..0000000000 --- a/roles/abrt/retrace-post/handlers/main.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/roles/abrt/retrace-post/tasks/cron.yml b/roles/abrt/retrace-post/tasks/cron.yml deleted file mode 100644 index 772cb8a143..0000000000 --- a/roles/abrt/retrace-post/tasks/cron.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -- name: Create retrace-server reposync cron jobs for active Fedora versions - loop: "{{ rs_internal_fedora_vers | product(rs_internal_arch_list) | list }}" - when: "{{ item[1] != 'source' }}" - cron: - name: "rs reposync fedora {{ item[0] }} {{ item[1] }}" - user: retrace - job: "/usr/bin/retrace-server-reposync fedora {{ item[0] }} {{ item[1] }} >> /var/log/retrace-server/reposync_error.log 2>&1" - special_time: daily - state: present - -- name: Remove retrace-server reposync cron jobs of removed Fedora versions - loop: "{{ rs_internal_fedora_vers_removed | product(rs_internal_arch_list) | list }}" - when: "{{ item[1] != 'source' }}" - cron: - name: "rs reposync fedora {{ item[0] }} {{ item[1] }}" - user: retrace - job: "/usr/bin/retrace-server-reposync fedora {{ item[0] }} {{ item[1] }} >> /var/log/retrace-server/reposync_error.log 2>&1" - special_time: daily - state: absent - -- name: Create retrace-server reposync cron jobs for CentOS - cron: - name: "rs reposync centos {{ item }} x86_64" - user: retrace - job: "/usr/bin/retrace-server-reposync centos {{ item }} x86_64 >> /var/log/retrace-server/reposync_error.log 2>&1" - special_time: daily - state: present - loop: "{{ rs_internal_centos_vers }}" - -- name: Create retrace-server cleanup cron job - cron: - name: "retrace-server-cleanup" - user: retrace - job: "/usr/bin/retrace-server-cleanup >> /var/log/retrace-server/cleanup_error.log 2>&1" - special_time: daily - state: present - -- name: Create cron job for retrace-server - cron: - name: "podman prune" - user: retrace - job: "/usr/bin/podman system prune --all --force >> /var/log/retrace-server/podman_prune.log 2>&1" - special_time: daily - state: present diff --git a/roles/abrt/retrace-post/tasks/main.yml b/roles/abrt/retrace-post/tasks/main.yml deleted file mode 100644 index 3c905f5d7a..0000000000 --- a/roles/abrt/retrace-post/tasks/main.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- - -# Setup retrace-server -- import_tasks: retrace_setup.yml - -# Set up production cron jobs for retrace-server -- import_tasks: cron.yml - tags: cron - when: env != 'staging' diff --git a/roles/abrt/retrace-post/tasks/retrace_setup.yml b/roles/abrt/retrace-post/tasks/retrace_setup.yml deleted file mode 100644 index 7820970a25..0000000000 --- a/roles/abrt/retrace-post/tasks/retrace_setup.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- - -# long running tasks - run them in background - we do not actually care about the results -- name: Reposync for fedora - ansible.builtin.shell: nohup retrace-server-reposync fedora {{ item[0] }} {{ item[1] }} $(mktemp /tmp/ansible.reposync_for_fedoraXXXXXX.log) & - loop: "{{ rs_internal_fedora_vers | product(rs_internal_arch_list) | list }}" - become: yes - become_user: retrace - tags: [rs_reposync, rs_fedora] - when: env != 'staging' - -- name: Reposync for centos - ansible.builtin.shell: nohup retrace-server-reposync centos {{ item }} x86_64 $(mktemp /tmp/ansible.reposync_for_centosXXXXXX.log) & - loop: "{{ rs_internal_centos_vers }}" - become: yes - become_user: retrace - tags: [rs_reposync, rs_fedora] - when: env != 'staging' - -- ansible.builtin.file: - path: /srv/retrace/repos - state: directory - mode: "0755" - owner: retrace - group: retrace - -- ansible.builtin.file: - path: /srv/retrace/tasks - state: directory - mode: "0755" - owner: retrace - group: retrace - -- ansible.builtin.file: - path: /srv/retrace/hardlink-local - state: directory - mode: "0755" - owner: retrace - group: retrace diff --git a/roles/abrt/retrace-pre/defaults/main.yml b/roles/abrt/retrace-pre/defaults/main.yml deleted file mode 100644 index 490f879e53..0000000000 --- a/roles/abrt/retrace-pre/defaults/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -retrace_user_home: /srv/retrace/home -retrace_user_uid_gid: 174 diff --git a/roles/abrt/retrace-pre/tasks/main.yml b/roles/abrt/retrace-pre/tasks/main.yml deleted file mode 100644 index 4c1a5239de..0000000000 --- a/roles/abrt/retrace-pre/tasks/main.yml +++ /dev/null @@ -1,67 +0,0 @@ ---- -- name: Make sure retrace user exists - user: - name: retrace - group: retrace - system: yes - create_home: no - register: retrace_user_info - -- name: Ensure retrace user has correct UID and home directory - when: > - retrace_user_info.changed or - retrace_user_info.uid != retrace_user_uid_gid or - retrace_user_info.home != retrace_user_home - block: - - name: Stop httpd service before modifying user - service: - name: httpd - state: stopped - - # Create UID with our reserved UID. This is normaly done during the - # installation of the retrace-server package but it's not yet installed - # at this momement. - - name: Ensure correct UID and home directory - user: - name: retrace - uid: "{{ retrace_user_uid_gid }}" - home: "{{ retrace_user_home }}" - create_home: yes - - # NOTE: We do not attempt to change the GID here if it's incorrect - # since groups are not managed locally (via /etc/group) on these servers. - # TODO: Find the correct way to do this and if it's even necessary. - # - name: Ensure correct GID - # group: - # name: retrace - # gid: "{{ retrace_user_uid_gid }}" - # system: yes - # state: present - - - name: Restart httpd service after modifications are done - service: - name: httpd - state: started - -- name: Create directory for repositories - ansible.builtin.file: - path: /srv/retrace/repos - state: directory - mode: "0755" - owner: retrace - group: retrace - -- name: Create directory for retrace tasks - ansible.builtin.file: - path: /srv/retrace/tasks - state: directory - mode: "0755" - owner: retrace - group: retrace - -- ansible.builtin.file: - path: /srv/retrace/hardlink-local - state: directory - mode: "0755" - owner: retrace - group: retrace diff --git a/roles/abrt/retrace/.github/workflows/ansible-lint.yml b/roles/abrt/retrace/.github/workflows/ansible-lint.yml deleted file mode 100644 index a4860216e1..0000000000 --- a/roles/abrt/retrace/.github/workflows/ansible-lint.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -name: Check Ansible Role - -on: # yamllint disable-line rule:truthy - push: - branches: [master] - pull_request: - branches: [master] - -jobs: - lint: - # The GitHub-hosted runners don’t do Fedora - runs-on: ubuntu-latest - - steps: - - name: Check out sources - uses: actions/checkout@v2 - - - name: Lint - uses: ansible/ansible-lint-action@master - with: - targets: ./ diff --git a/roles/abrt/retrace/LICENSE.bsd b/roles/abrt/retrace/LICENSE.bsd deleted file mode 100644 index 2f17068367..0000000000 --- a/roles/abrt/retrace/LICENSE.bsd +++ /dev/null @@ -1,25 +0,0 @@ -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, and the entire permission notice in its entirety, - including the disclaimer of warranties. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. The name of the author may not be used to endorse or promote - products derived from this software without specific prior - written permission. - -THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF -WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE -LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT -OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE -USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH -DAMAGE. diff --git a/roles/abrt/retrace/README.rst b/roles/abrt/retrace/README.rst deleted file mode 100644 index 8dc3e60944..0000000000 --- a/roles/abrt/retrace/README.rst +++ /dev/null @@ -1,17 +0,0 @@ -ansible-role-retrace-server ---------------------------- - -Role for deploying `retrace-server `_. - -See `defaults/main.yml `_ -for the complete list of configuration variables. - -License -======= - -BSD - -Author -====== - -Richard Marko diff --git a/roles/abrt/retrace/defaults/main.yml b/roles/abrt/retrace/defaults/main.yml deleted file mode 100644 index 8757afb331..0000000000 --- a/roles/abrt/retrace/defaults/main.yml +++ /dev/null @@ -1,201 +0,0 @@ ---- - -# Which group is used for authentication -rs_auth_group: retrace - -# Force to use HTTPS - only disable on trusted network -rs_require_https: true - -# Allow to delete task data via HTTP API (https://server//delete) -rs_allow_api_delete: false - -# Allow interactive tasks (security risk, do not use on public systems) -rs_allow_interactive: false - -# Allow X-CoreFileDirectory header -rs_allow_external_dir: false - -# Expose metrics for monitoring via Prometheus -rs_allow_metrics: true - -# Allow to create tasks owned by task manager (security risk) -rs_allow_task_manager: false - -# Allow to create VMCore tasks in the task manager -rs_allow_vmcore_task: true - -# Allow to create VMCore tasks in the task manager -rs_allow_usrcore_task: true - -# If white list is disabled, anyone can delete tasks -rs_task_manager_auth_delete: false - -# Whitespace-separated list of users allowed to delete tasks -rs_task_manager_delete_users: - -# If set to non-empty string, makes the case number clickable in task manager -# The string is expanded by python, with the case number passed -# as the only argument, do not forget %d -rs_case_number_url: - -# Verify GPG signatures of installed packages -rs_require_gpg_check: true - -# Maximum tasks running at one moment -rs_max_parallel_tasks: 5 - -# Maximum size of archive uploaded by user (MB) -rs_max_packed_size: 50 - -# Maximum size of archive contents (MB) -rs_max_unpacked_size: 1024 - -# Minimal storage left on WorkDir FS after unpacking archive (MB) -rs_min_storage_left: 1024 - -# Delete old tasks after (hours); <= 0 means never -# This is mutually exclusive with ArchiveTasksAfter (see below) -# The one that occurs first removes the task from the system -# In case DeleteTaskAfter = ArchiveTaskAfter, archiving executes first -rs_delete_task_after: 0 - -# Delete old failed tasks after (hours); <= 0 means never -# This is useful for cleanup of failed tasks before the standard -# mechanisms do (DeleteTaskAfter or ArchiveTaskAfter) -# In case DeleteFailedTaskAfter > DeleteTaskAfter -# or DeleteFailedTaskAfter > ArchiveTaskAfter, this option does nothing -rs_delete_failed_task_after: 0 - -# Archive old task after (hours); <= 0 means never -# This is mutually exclusive with DeleteTasksAfter (see above) -# The one that occurs first removes the task from the system -# In case DeleteTaskAfter = ArchiveTaskAfter, archiving executes first -rs_archive_task_after: 0 - -# SQLite statistics DB filename -rs_db_file: stats.db - -# Log directory -rs_log_dir: /var/log/retrace-server - -# Local repos directory -rs_repo_dir: /var/cache/retrace-server - -# Directory where the crashes and results are saved -rs_save_dir: /var/spool/retrace-server - -# Directory where old tasks are moved -rs_drop_dir: /srv/retrace/archive - -# Whether to use createrepo's --update option (faster, but requires a lot of memory) -rs_use_createrepo_update: false - -# How many latest packages to keep for rawhide -rs_keep_rawhide_latest: 3 - -# Repo used to install chroot for vmcores -rs_kernel_chroot_repo: http://dl.fedoraproject.org/pub/fedora/linux/releases/16/Everything/$ARCH/os/ - -# Path to the kernel (vmcore) debugger -rs_kernel_debugger_path: /usr/bin/crash - -# Koji directory structure can be used to search for kernel debuginfo -rs_koji_root: /mnt/koji - -# Whether task manager should look to an external FTP for task data -rs_use_ftp_tasks: false - -# FTP connection parameters -rs_ftp_ssl: false -rs_ftp_host: -rs_ftp_user: -rs_ftp_password: -rs_ftp_dir: / - -# Size of buffer for downloading from FTP (MB) -rs_ftp_buffer_size: 16 - -# Whether to use wget as a fallback to finding kernel debuginfos -rs_wget_kernel_debuginfos: false - -# Where to download kernel debuginfos from -# $VERSION $RELEASE and $ARCH are replaced by the appropriate value -# kernel-debuginfo-VRA.rpm is appended to the end -rs_kernel_debuginfo_url: http://kojipkgs.fedoraproject.org/packages/$BASENAME/$VERSION/$RELEASE/$ARCH/ - -# Run makedumpfile with specified dumplevel; <= 0 or >= 32 means disabled -rs_vmcore_dump_level: 0 - -# EXPERIMENTAL! Use ABRT Server's storage to map build-ids -# into debuginfo packages and resolve dependencies -# Requires support from ABRT Server -rs_use_faf_packages: false - -# Spool directory for FAF packages -faf_spool_dir: /var/spool/faf - -# Run the retrace in a Mock chroot (default), a Podman container, -# or on the native machine. -# (mock|podman|native) -rs_retrace_environment: podman - -# Whether to enable e-mail notifications -rs_email_notify: false - -# Who sends the e-mail notifications -rs_email_notify_from_user: retrace - -# Calculate md5sum for remote resources - changeable on manager page -rs_calculate_md5: 0 - -# URL of Bugzilla -rs_bugzilla_url: "https://bugzilla.redhat.com" -# Custom path to the file with Bugzilla credentials, stored in format: -# [bugzilla.yoursite.com] -# user = -# password = -# If not set checks for credentials in: -# ~/.config/python-bugzilla/bugzillarc, ~/.bugzillarc, /etc/bugzillarc -rs_bugzilla_credentials_path: - -# Clean up tasks with assigned bugzilla bugs in following states -# NEW, ASSIGNED, ON_DEV, POST, MODIFIED, ON_QA, VERIFIED, RELEASE_PENDING, CLOSED -rs_bugzilla_status: "VERIFIED, RELEASE_PENDING, CLOSED" - -# Search query options for bugzilla bugs -rs_bugzilla_product: "Red Hat Enterprise Linux 7" - -rs_bugzilla_component: "kernel" - -# Number and order of values in TriggerWords and RegExes should be identical -# Trigger words to look for in the text of bugzilla bugs -rs_bugzilla_triggerwords: "retrace-server-interact, retrace/tasks" - -# Regular expressions used to get task numbers from the text of bugzilla bugs -rs_bugzilla_regexes: "retrace-server-interact\\s+([0-9]{9}), /var/spool/retrace-server/([0-9]{9})/crash/vmcore" - -# Timeout (in seconds) for communication with any process -rs_process_communicate_timeout: 3600 - -rs_archhosts: - - { arch: i386, url: } - - { arch: x86_64, url: } - - { arch: ppc64, url: } - - { arch: armhfp, url: } - - { arch: s390x, url: } - -# Force package reinstall -rs_force_reinstall: false - -# Check server health after installation -rs_check_health: true - -# Hostname -hostname: example.org - -# Path to the executable hook scripts -# see https://github.com/abrt/retrace-server/wiki/Hook-scripts -rs_executable_hooks_path: "/usr/libexec/retrace-server/hooks/" - -# Global time limit for hook scripts (in seconds) -rs_global_hook_timeout: 300 diff --git a/roles/abrt/retrace/handlers/main.yml b/roles/abrt/retrace/handlers/main.yml deleted file mode 100644 index 23d49bd16e..0000000000 --- a/roles/abrt/retrace/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Restart httpd - service: - name: httpd - state: restarted diff --git a/roles/abrt/retrace/meta/.galaxy_install_info b/roles/abrt/retrace/meta/.galaxy_install_info deleted file mode 100644 index 4e65b113df..0000000000 --- a/roles/abrt/retrace/meta/.galaxy_install_info +++ /dev/null @@ -1,2 +0,0 @@ -install_date: Thu May 27 08:27:12 2021 -version: master diff --git a/roles/abrt/retrace/meta/main.yml b/roles/abrt/retrace/meta/main.yml deleted file mode 100644 index 6674d7862e..0000000000 --- a/roles/abrt/retrace/meta/main.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -galaxy_info: - author: sorki - description: Retrace Server deployment - license: BSD - min_ansible_version: 2.8 - platforms: - - name: EL - versions: - - 7 - - 8 - - name: Fedora - versions: - - 33 - - 34 - - 35 - galaxy_tags: - - system diff --git a/roles/abrt/retrace/tasks/check.yml b/roles/abrt/retrace/tasks/check.yml deleted file mode 100644 index 71ef57a42a..0000000000 --- a/roles/abrt/retrace/tasks/check.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- - -# check functionality - -- meta: flush_handlers - -- name: Set settings_url fact - set_fact: - settings_url: "https://{{ hostname }}/settings" - -- name: Fetch settings - uri: - url: "{{ settings_url }}" - return_content: yes - validate_certs: no - register: uri_res - check_mode: no - delegate_to: localhost - -- name: Fail if /settings does not contain supported_releases - fail: msg="{{ settings_url }} doesn't contain supported_releases" - when: - "'supported_releases' not in uri_res.content" diff --git a/roles/abrt/retrace/tasks/config.yml b/roles/abrt/retrace/tasks/config.yml deleted file mode 100644 index dc622c4356..0000000000 --- a/roles/abrt/retrace/tasks/config.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: Configure retrace-server - ansible.builtin.template: - src: etc-retrace-server.conf.j2 - dest: /etc/retrace-server/retrace-server.conf - mode: "0644" - notify: Restart httpd - -- name: Retrace-server http config - ansible.builtin.template: - src: retrace-server-httpd.conf.j2 - dest: /etc/httpd/conf.d/retrace-server-httpd.conf - mode: "0644" - notify: Restart httpd - -- name: Configure retrace-server hooks config - ansible.builtin.template: - src: etc-retrace-server-hooks.conf.j2 - dest: /etc/retrace-server/retrace-server-hooks.conf - mode: "0644" - notify: Restart httpd diff --git a/roles/abrt/retrace/tasks/install.yml b/roles/abrt/retrace/tasks/install.yml deleted file mode 100644 index 000a9b7b3b..0000000000 --- a/roles/abrt/retrace/tasks/install.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- name: Erase retrace-server packages - ansible.builtin.package: - name: retrace-server - state: absent - when: rs_force_reinstall|bool - -- name: Install retrace-server package - ansible.builtin.package: - name: retrace-server - state: present diff --git a/roles/abrt/retrace/tasks/main.yml b/roles/abrt/retrace/tasks/main.yml deleted file mode 100644 index aea0c93c3e..0000000000 --- a/roles/abrt/retrace/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Install retrace-server packages -- import_tasks: install.yml - tags: [rs, packages] - -# Set up use of FAF packages -- import_tasks: usefafpkgs.yml - when: rs_use_faf_packages|bool - tags: [rs, use_faf_packages] - -# Configure retrace-server -- import_tasks: config.yml - tags: [rs, config] - -- import_tasks: podman.yml - tags: [rs, podman] - -# Check functionality of the retrace-server -- import_tasks: check.yml - when: rs_check_health|bool - tags: [rs, check] diff --git a/roles/abrt/retrace/tasks/podman.yml b/roles/abrt/retrace/tasks/podman.yml deleted file mode 100644 index 246bd2dc31..0000000000 --- a/roles/abrt/retrace/tasks/podman.yml +++ /dev/null @@ -1,65 +0,0 @@ ---- -- name: Install Podman package - ansible.builtin.package: - name: podman - state: present - -- name: Stop httpd to allow retrace user modification - service: - name: httpd - state: stopped - -- name: Check if subuid is set for retrace user - ansible.builtin.command: cat /etc/subuid - changed_when: false - register: retrace_subuid - -- block: - - name: Get last subuid entry - ansible.builtin.shell: | - set -o pipefail - sort -nrt: -k2 /etc/subuid | awk -F: 'NR == 1 { print $2 }' - changed_when: false - register: t_subuid - args: - executable: /usr/bin/bash - - - name: Set variables for min and max subuid - set_fact: - rs_subuid_min: "{{ t_subuid.stdout | default(100000) | int + 65536 }}" - rs_subuid_max: "{{ t_subuid.stdout | default(100000) | int + 2 * 65536 - 1 }}" - - - name: Set subuid for retrace user. - ansible.builtin.command: usermod retrace --add-subuids "{{ rs_subuid_min }}-{{ rs_subuid_max }}" - - when: '"retrace" not in retrace_subuid.stdout' - -- name: Check if subgid is set for retrace user - ansible.builtin.command: cat /etc/subgid - changed_when: false - register: retrace_subgid - -- block: - - name: Get last subgid entry - ansible.builtin.shell: | - set -o pipefail - cut -d ':' -f2 /etc/subgid | sort | tail -1 - changed_when: false - register: t_subgid - args: - executable: /usr/bin/bash - - - name: Set variables for min and max subgid - set_fact: - rs_subgid_min: "{{ t_subgid.stdout | default(100000) | int + 65536 }}" - rs_subgid_max: "{{ t_subgid.stdout | default(100000) | int + 2 * 65536 - 1 }}" - - - name: Set subgid for retrace user - ansible.builtin.command: usermod retrace --add-subgids "{{ rs_subgid_min }}-{{ rs_subgid_max }}" - - when: '"retrace" not in retrace_subgid.stdout' - -- name: Start httpd after retrace user modification - service: - name: httpd - state: started diff --git a/roles/abrt/retrace/tasks/usefafpkgs.yml b/roles/abrt/retrace/tasks/usefafpkgs.yml deleted file mode 100644 index d2a34c29de..0000000000 --- a/roles/abrt/retrace/tasks/usefafpkgs.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: Check if faf is installed - ansible.builtin.command: rpm -q faf - changed_when: false - -- name: Add user retrace to faf db - postgresql_user: - db: faf - name: retrace - priv: ALL - role_attr_flags: SUPERUSER - state: present - become: yes - become_user: postgres diff --git a/roles/abrt/retrace/templates/etc-retrace-server-hooks.conf.j2 b/roles/abrt/retrace/templates/etc-retrace-server-hooks.conf.j2 deleted file mode 100644 index 278057b0dd..0000000000 --- a/roles/abrt/retrace/templates/etc-retrace-server-hooks.conf.j2 +++ /dev/null @@ -1,8 +0,0 @@ -#{{ ansible_managed }} - -[main] -# Path to the executable hook scripts -HookDir = {{ rs_executable_hooks_path }} - -# Global time limit for hook scripts (in seconds) -Timeout = {{ rs_global_hook_timeout }} diff --git a/roles/abrt/retrace/templates/etc-retrace-server.conf.j2 b/roles/abrt/retrace/templates/etc-retrace-server.conf.j2 deleted file mode 100644 index d36c7b77f9..0000000000 --- a/roles/abrt/retrace/templates/etc-retrace-server.conf.j2 +++ /dev/null @@ -1,185 +0,0 @@ -#{{ ansible_managed }} - -[retrace] -# Which group is used for authentication -# Do not change AuthGroup if you really don't need to! -# When using non-default group "foo", you also need to -# 1) Set group=foo in WSGIDaemonProcess in /etc/httpd/conf.d/retrace-server-httpd.conf -# 2) Make LogDir, SaveDir and RepoDir readable and writable for foo -# 3) Execute all retrace-server-* scripts (including cron jobs!) with foo membership -AuthGroup = {{ rs_auth_group }} - -# Force to use HTTPS - only disable on trusted network -RequireHTTPS = {{ rs_require_https|int }} - -# Allow to delete task data via HTTP API (https://server//delete) -AllowAPIDelete = {{ rs_allow_api_delete|int }} - -# Allow interactive tasks (security risk, do not use on public systems) -AllowInteractive = {{ rs_allow_interactive|int }} - -# Allow X-CoreFileDirectory header -AllowExternalDir = {{ rs_allow_external_dir|int }} - -# Expose metrics for monitoring via Prometheus -AllowMetrics = {{ rs_allow_metrics|int }} - -# Allow to create tasks owned by task manager (security risk) -AllowTaskManager = {{ rs_allow_task_manager|int }} - -# Allow to create VMCore tasks in the task manager -AllowVMCoreTask = {{ rs_allow_vmcore_task|int }} - -# Allow to create Userspace core tasks in the task manager -AllowUsrCoreTask = {{ rs_allow_usrcore_task|int }} - -# If white list is disabled, anyone can delete tasks -TaskManagerAuthDelete = {{ rs_task_manager_auth_delete|int }} - -# Whitespace-separated list of users allowed to delete tasks -TaskManagerDeleteUsers = {{ rs_task_manager_delete_users|default('', true) }} - -# If set to non-empty string, makes the case number clickable in task manager -# The string is expanded by python, with the case number passed -# as the only argument, do not forget %d -CaseNumberURL = {{ rs_case_number_url|default('', true) }} - -# Verify GPG signatures of installed packages -RequireGPGCheck = {{ rs_require_gpg_check|int }} - -# Maximum tasks running at one moment -MaxParallelTasks = {{ rs_max_parallel_tasks|int }} - -# Maximum size of archive uploaded by user (MB) -MaxPackedSize = {{ rs_max_packed_size|int }} - -# Maximum size of archive contents (MB) -MaxUnpackedSize = {{ rs_max_unpacked_size|int }} - -# Minimal storage left on WorkDir FS after unpacking archive (MB) -MinStorageLeft = {{ rs_min_storage_left|int }} - -# Delete old tasks after (hours); <= 0 means never -# This is mutually exclusive with ArchiveTasksAfter (see below) -# The one that occurs first removes the task from the system -# In case DeleteTaskAfter = ArchiveTaskAfter, archiving executes first -DeleteTaskAfter = {{ rs_delete_task_after|int }} - -# Delete old failed tasks after (hours); <= 0 means never -# This is useful for cleanup of failed tasks before the standard -# mechanisms do (DeleteTaskAfter or ArchiveTaskAfter) -# In case DeleteFailedTaskAfter > DeleteTaskAfter -# or DeleteFailedTaskAfter > ArchiveTaskAfter, this option does nothing -DeleteFailedTaskAfter = {{ rs_delete_failed_task_after|int }} - -# Archive old task after (hours); <= 0 means never -# This is mutually exclusive with DeleteTasksAfter (see above) -# The one that occurs first removes the task from the system -# In case DeleteTaskAfter = ArchiveTaskAfter, archiving executes first -ArchiveTaskAfter = {{ rs_archive_task_after|int }} - -# SQLite statistics DB filename -DBFile = {{ rs_db_file }} - -# Log directory -LogDir = {{ rs_log_dir }} - -# Local repos directory -# if changed, you also need to update httpd config -RepoDir = {{ rs_repo_dir }} - -# Directory where the crashes and results are saved -SaveDir = {{ rs_save_dir }} - -# Directory where old tasks are moved -DropDir = {{ rs_drop_dir }} - -# Whether to use createrepo's --update option (faster, but requires a lot of memory) -UseCreaterepoUpdate = {{ rs_use_createrepo_update|int }} - -# How many latest packages to keep for rawhide -KeepRawhideLatest = {{ rs_keep_rawhide_latest|int }} - -# Repo used to install chroot for vmcores -KernelChrootRepo = {{ rs_kernel_chroot_repo }} - -# Koji directory structure can be used to search for kernel debuginfo -KojiRoot = {{ rs_koji_root }} - -# Whether task manager should look to an external FTP for task data -UseFTPTasks = {{ rs_use_ftp_tasks|int }} - -# FTP connection parameters -FTPSSL = {{ rs_ftp_ssl|int }} -FTPHost = {{ rs_ftp_host|default('', true) }} -FTPUser = {{ rs_ftp_user|default('', true) }} -FTPPass = {{ rs_ftp_password|default('', true) }} -FTPDir = {{ rs_ftp_dir|default('', true) }} - -# Size of buffer for downloading from FTP (MB) -FTPBufferSize = {{ rs_ftp_buffer_size|int }} - -# Whether to use wget as a fallback to finding kernel debuginfos -WgetKernelDebuginfos = {{ rs_wget_kernel_debuginfos|int }} - -# Where to download kernel debuginfos from -# $VERSION $RELEASE and $ARCH are replaced by the appropriate value -# kernel-debuginfo-VRA.rpm is appended to the end -KernelDebuginfoURL = {{ rs_kernel_debuginfo_url }} - -# Run makedumpfile with specified dumplevel; <= 0 or >= 32 means disabled -VmcoreDumpLevel = {{ rs_vmcore_dump_level|int }} - -# EXPERIMENTAL! Use ABRT Server's storage to map build-ids -# into debuginfo packages and resolve dependencies -# Requires support from ABRT Server -UseFafPackages = {{ rs_use_faf_packages|int }} - -# Spool directory for FAF packages -FafLinkDir = {{ faf_spool_dir }} - -# Run the retrace in a Mock chroot (default), a Podman container, -# or on the native machine. -# (mock|podman|native) -RetraceEnvironment = {{ rs_retrace_environment }} - -# Whether to enable e-mail notifications -EmailNotify = {{ rs_email_notify|int }} - -# Who sends the e-mail notifications -EmailNotifyFrom = {{ rs_email_notify_from_user }}@{{ hostname }} - -# Calculate md5sum for remote resources - changeable on manager page -CalculateMd5 = {{ rs_calculate_md5 }} - -# URL of Bugzilla -BugzillaURL = {{ rs_bugzilla_url }} -# Custom path to the file with Bugzilla credentials, stored in format: -# [bugzilla.yoursite.com] -# user = -# password = -# If not set checks for credentials in: -# ~/.config/python-bugzilla/bugzillarc, ~/.bugzillarc, /etc/bugzillarc -BugzillaCredentials = {{ rs_bugzilla_credentials_path }} -# Clean up tasks with assigned bugzilla bugs in following states -# NEW, ASSIGNED, ON_DEV, POST, MODIFIED, ON_QA, VERIFIED, RELEASE_PENDING, CLOSED -BugzillaStatus = {{ rs_bugzilla_status }} -# Search query options for bugzilla bugs -BugzillaProduct = {{ rs_bugzilla_product }} -BugzillaComponent = {{ rs_bugzilla_component }} -# Number and order of values in TriggerWords and RegExes should be identical -# Trigger words to look for in the text of bugzilla bugs -BugzillaTriggerWords = {{ rs_bugzilla_triggerwords }} -# Regular expressions used to get task numbers from the text of bugzilla bugs -BugzillaRegExes = {{ rs_bugzilla_regexes }} - -# Timeout (in seconds) for communication with any process -ProcessCommunicateTimeout = {{ rs_process_communicate_timeout|int }} - -# Path to the kernel (vmcore) debugger -KernelDebuggerPath = {{ rs_kernel_debugger_path }} - -[archhosts] -{% for a in rs_archhosts %} -{{ a.arch }} = {{ a.url|default('', true) }} -{% endfor %} diff --git a/roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 b/roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 deleted file mode 100644 index f0731548ad..0000000000 --- a/roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 +++ /dev/null @@ -1,55 +0,0 @@ -#{{ ansible_managed }} - -WSGISocketPrefix /var/run/retrace -WSGIDaemonProcess retrace user=retrace group=retrace processes=5 threads=3 - -WSGIScriptAliasMatch ^/manager(/.*)?$ /usr/share/retrace-server/manager.wsgi -WSGIScriptAliasMatch ^/ftp(/.*)?$ /usr/share/retrace-server/ftp.wsgi -WSGIScriptAliasMatch ^/settings$ /usr/share/retrace-server/settings.wsgi -WSGIScriptAliasMatch ^/create$ /usr/share/retrace-server/create.wsgi -WSGIScriptAliasMatch ^/metrics$ /usr/share/retrace-server/metrics.wsgi -WSGIScriptAliasMatch ^/stats$ /usr/share/retrace-server/stats.wsgi -WSGIScriptAliasMatch ^/checkpackage$ /usr/share/retrace-server/checkpackage.wsgi -WSGIScriptAliasMatch ^/[0-9]+/?$ /usr/share/retrace-server/status.wsgi -WSGIScriptAliasMatch ^/[0-9]+/delete$ /usr/share/retrace-server/delete.wsgi -WSGIScriptAliasMatch ^/[0-9]+/log$ /usr/share/retrace-server/log.wsgi -WSGIScriptAliasMatch ^/[0-9]+/backtrace$ /usr/share/retrace-server/backtrace.wsgi -WSGIScriptAliasMatch ^/[0-9]+/exploitable$ /usr/share/retrace-server/exploitable.wsgi -WSGIScriptAliasMatch ^/[0-9]+/start$ /usr/share/retrace-server/start.wsgi -WSGIScriptAliasMatch ^/$ /usr/share/retrace-server/index.wsgi - - - Options Indexes FollowSymLinks - AllowOverride None - - # Apache 2.4 - Require all granted - - - # Apache 2.2 - Order allow,deny - Allow from all - - - - - WSGIProcessGroup retrace - WSGIApplicationGroup %{GLOBAL} - Options -Indexes -FollowSymLinks - - # Apache 2.4 - Require all granted - - - # Apache 2.2 - Order allow,deny - Allow from all - - - -Alias /repos {{ rs_repo_dir }} - - Require all granted - Options Indexes FollowSymLinks - IndexOptions FancyIndexing - diff --git a/roles/ansible-osbuild-worker/LICENSE b/roles/ansible-osbuild-worker/LICENSE deleted file mode 100644 index 261eeb9e9f..0000000000 --- a/roles/ansible-osbuild-worker/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/roles/ansible-osbuild-worker/README.md b/roles/ansible-osbuild-worker/README.md deleted file mode 100644 index 712f35d64a..0000000000 --- a/roles/ansible-osbuild-worker/README.md +++ /dev/null @@ -1,208 +0,0 @@ -# osbuild.osbuild_worker - -This roles installs, configures and starts `osbuild-composer` remote worker on the host. - -## Role Variables - -The role has a few required variables, which must be provided by the user in order for the role to not fail. - -**Required variables are:** - -* `osbuild_worker_server_hostname` -* `osbuild_worker_authentication_oauth_url` -* `osbuild_worker_authentication_client_id` -* Any of - * `osbuild_worker_authentication_client_secret_file` - * `osbuild_worker_authentication_offline_token_file` - -The rest of the variables are not required and if set, they enable optional functionality in the worker. - -Variables that the user can set are listed and explained below: - -```yaml -################################# -# General configuration options # -################################# - -# The hostname of the osbuild-composer API server. -# REQUIRED -osbuild_worker_server_hostname: "" -# The osbuild-composer server API base path. If empty, the default value is used. -osbuild_worker_server_api_base_path: "" - -# Worker proxy configuration. -osbuild_worker_proxy_server_hostname: "" -osbuild_worker_proxy_server_port: 443 -osbuild_worker_no_proxy_domains: [] - -################################################ -# Worker authentication to the composer server # -################################################ - -# The OAuth server URL. -# REQUIRED -osbuild_worker_authentication_oauth_url: "" -# The OAuth client ID. -# REQUIRED -osbuild_worker_authentication_client_id: "" -# Local path to the worker OAuth client secret file. If not empty, this file will be -# copied to the worker to {{ osbuild_worker_authentication_client_secret_path }}. -# REQUIRED (if osbuild_worker_authentication_offline_token_file not specified) -osbuild_worker_authentication_client_secret_file: "" -# Path to the worker OAuth client secret file on the worker. If empty, -# defaults to {{ osbuild_worker_authentication_client_secret_path_default }}. -osbuild_worker_authentication_client_secret_path: "" -# Local path to the worker OAuth offline token file. If not empty, this file will be -# copied to the worker to {{ osbuild_worker_authentication_offline_token_path }}. -# REQUIRED (if osbuild_worker_authentication_client_secret_file not specified) -osbuild_worker_authentication_offline_token_file: "" -# Path to the worker OAuth offline token file on the worker. If empty, -# defaults to {{ osbuild_worker_authentication_offline_token_path_default }}. -osbuild_worker_authentication_offline_token_path: "" - -########################## -# Configuration for Koji # -########################## - -osbuild_worker_koji_instances: [] -# example: -# osbuild_worker_koji_instances: -# - koji_host: "koji.example.com" -# krb_principal: "osbuild-automation@EXAMPLE.COM" -# # Local path to the krb keytab file. If not empty, this file will be -# # copied to the worker to {{ krb_keytab_path }}. -# krb_keytab_file: "" -# # Path to the krb keytab file on the worker. If empty, a default path -# # under {{ osbuild_worker_config_dir }} with filename -# # "client_{{ koji_host }}.keytab" will be used. -# krb_keytab_path: "" -# relax_timeout_factor: 5 - -########################### -# Configuration for Azure # -########################### - -# Local path to the Azure credentials file. If not empty, this file will be -# copied to the worker to {{ osbuild_worker_azure_credentials_path }}. -osbuild_worker_azure_credentials_file: "" -# Path to the Azure credentials file on the worker. If empty, -# defaults to {{ osbuild_worker_azure_credentials_path_default }}. -osbuild_worker_azure_credentials_path: "" -# Number of threads to use when uploading image blob to Azure. If 0, no -# explicit value is set in the configuration file and the worker will use -# its internal default. Set to a positive integer to override the default. -osbuild_worker_azure_upload_threads: 0 - -######################### -# Configuration for AWS # -######################### - -# Local path to the AWS credentials file. If not empty, this file will be -# copied to the worker to {{ osbuild_worker_aws_credentials_path }}. -osbuild_worker_aws_credentials_file: "" -# Path to the AWS credentials file on the worker. If empty, -# defaults to {{ osbuild_worker_aws_credentials_path_default }}. -osbuild_worker_aws_credentials_path: "" -osbuild_worker_aws_bucket: "" - -######################### -# Configuration for GCP # -######################### - -# Local path to the GCP credentials file. If not empty, this file will be -# copied to the worker to {{ osbuild_worker_gcp_credentials_path }}. -osbuild_worker_gcp_credentials_file: "" -# Path to the GCP credentials file on the worker. If empty, -# defaults to {{ osbuild_worker_gcp_credentials_path_default }}. -osbuild_worker_gcp_credentials_path: "" -osbuild_worker_gcp_bucket: "" -``` - -### Internal variables - -The role also uses some internal variables, which usually hold default values used by the role. Although the user can override them when using the role, this is discouraged. Do it only if you know what you are doing. Backward compatibility is not guaranteed when setting those. - -```yaml -osbuild_worker_config_dir: /etc/osbuild-worker -osbuild_worker_config_dir_mode: '0755' - -osbuild_worker_config_file: "{{ osbuild_worker_config_dir }}/osbuild-worker.toml" -osbuild_worker_config_file_mode: '0644' - -osbuild_worker_remote_worker_service_name: osbuild-remote-worker@ -osbuild_worker_remote_worker_service_dropin_dir: /etc/systemd/system/{{ osbuild_worker_remote_worker_service_name }}.service.d -osbuild_worker_remote_worker_service_proxy_dropin_file: "{{ osbuild_worker_remote_worker_service_dropin_dir }}/proxy.conf" - -osbuild_worker_secrets_owner: root -osbuild_worker_secrets_group: root -osbuild_worker_secrets_mode: '0400' - -osbuild_worker_authentication_client_secret_path_default: "{{ osbuild_worker_config_dir }}/client_secret" -osbuild_worker_authentication_offline_token_path_default: "{{ osbuild_worker_config_dir }}/offline_token" - -osbuild_worker_azure_credentials_path_default: "{{ osbuild_worker_config_dir }}/azure-credentials" -osbuild_worker_aws_credentials_path_default: "{{ osbuild_worker_config_dir }}/aws-credentials" -osbuild_worker_gcp_credentials_path_default: "{{ osbuild_worker_config_dir }}/gcp-credentials" -``` - -## Dependencies - -The role has no external dependencies. - -## Example Playbook - -Below is an example minimal playbook using the role with only the requires role variables specified. This playbook will install and configure remote `osbuild-worker` on the host with authentication settings for connecting to the remote `osbuild-composer` job queue server located at `composer.example.com`. The `client_secret` is expected to be a filename of a local file that will be copied to the remote host by the role. - -Note that this example is not very useful, because the worker is not configured with any upload target authentication (e.g. AWS, Azure, GCP or Koji), thus it won't be able o upload the built image anywhere. - -```yaml -- hosts: osbuild-worker - tasks: - - name: Include osbuild_worker role - ansible.builtin.include_role: - name: "osbuild.osbuild_worker" - vars: - osbuild_worker_server_hostname: "composer.example.com" - osbuild_worker_authentication_oauth_url: "oauth-server.example.com" - osbuild_worker_authentication_client_id: "osbuild-automation" - osbuild_worker_authentication_client_secret_file: "client_secret" -``` - -More useful example could be an instance of a remote worker configured with the option to upload built images to a Koji instance as well as to AWS. The following things are assumed: - -* `client_secret` is a local filename with OAuth client secret -* `aws_credentials` is a local filename with AWS credentials -* `koji.keytab` is a local filename of Kerberos keytab file - -```yaml -- hosts: osbuild-worker - tasks: - - name: Include osbuild_worker role - ansible.builtin.include_role: - name: "osbuild.osbuild_worker" - vars: - osbuild_worker_server_hostname: "composer.example.com" - osbuild_worker_authentication_oauth_url: "oauth-server.example.com" - osbuild_worker_authentication_client_id: "osbuild-automation" - osbuild_worker_authentication_client_secret_file: "client_secret" - osbuild_worker_aws_credentials_file: "aws_credentials" - osbuild_worker_aws_bucket: "my-s3-bucket" - osbuild_worker_koji_instances: - - koji_host: "koji.example.com" - krb_principal: "osbuild-automation@EXAMPLE.COM" - krb_keytab_file: "koji.keytab" -``` - -## What is NOT supported - -* Configuring a local osbuild-worker. -* Configuring the "generic S3" upload target authentication. -* Configuring the "container registry" upload target authentication. -* Configuring the path to `dnf-json` binary. -* Configuring the proxy server in the worker configuration. -* Configuring the TLS client certificate authentication. -* Configuring the osbuild-composer server TLS CA certificate. - -## License - -Apache-2.0 diff --git a/roles/ansible-osbuild-worker/defaults/main.yml b/roles/ansible-osbuild-worker/defaults/main.yml deleted file mode 100644 index 7c5a5daedc..0000000000 --- a/roles/ansible-osbuild-worker/defaults/main.yml +++ /dev/null @@ -1,99 +0,0 @@ ---- -# defaults file for osbuild_worker - -################################# -# General configuration options # -################################# - -# The hostname of the osbuild-composer API server. -# REQUIRED -osbuild_worker_server_hostname: "" -# The osbuild-composer server API base path. If empty, the default value is used. -osbuild_worker_server_api_base_path: "" - -# Worker proxy configuration. -osbuild_worker_proxy_server_hostname: "" -osbuild_worker_proxy_server_port: 443 -osbuild_worker_no_proxy_domains: [] - -################################################ -# Worker authentication to the composer server # -################################################ - -# The OAuth server URL. -# REQUIRED -osbuild_worker_authentication_oauth_url: "" -# The OAuth client ID. -# REQUIRED -osbuild_worker_authentication_client_id: "" -# Local path to the worker OAuth client secret file. If not empty, this file will be -# copied to the worker to {{ osbuild_worker_authentication_client_secret_path }}. -# REQUIRED (if osbuild_worker_authentication_offline_token_file not specified) -osbuild_worker_authentication_client_secret_file: "" -# Path to the worker OAuth client secret file on the worker. If empty, -# defaults to {{ osbuild_worker_authentication_client_secret_path_default }}. -osbuild_worker_authentication_client_secret_path: "" -# Local path to the worker OAuth offline token file. If not empty, this file will be -# copied to the worker to {{ osbuild_worker_authentication_offline_token_path }}. -# REQUIRED (if osbuild_worker_authentication_client_secret_file not specified) -osbuild_worker_authentication_offline_token_file: "" -# Path to the worker OAuth offline token file on the worker. If empty, -# defaults to {{ osbuild_worker_authentication_offline_token_path_default }}. -osbuild_worker_authentication_offline_token_path: "" - -########################## -# Configuration for Koji # -########################## - -osbuild_worker_koji_instances: [] -# example: -# osbuild_worker_koji_instances: -# - koji_host: "koji.example.com" -# krb_principal: "osbuild-automation@EXAMPLE.COM" -# # Local path to the krb keytab file. If not empty, this file will be -# # copied to the worker to {{ krb_keytab_path }}. -# krb_keytab_file: "" -# # Path to the krb keytab file on the worker. If empty, a default path -# # under {{ osbuild_worker_config_dir }} with filename -# # "client_{{ koji_host }}.keytab" will be used. -# krb_keytab_path: "" -# relax_timeout_factor: 5 - -########################### -# Configuration for Azure # -########################### - -# Local path to the Azure credentials file. If not empty, this file will be -# copied to the worker to {{ osbuild_worker_azure_credentials_path }}. -osbuild_worker_azure_credentials_file: "" -# Path to the Azure credentials file on the worker. If empty, -# defaults to {{ osbuild_worker_azure_credentials_path_default }}. -osbuild_worker_azure_credentials_path: "" -# Number of threads to use when uploading image blob to Azure. If 0, no -# explicit value is set in the configuration file and the worker will use -# its internal default. Set to a positive integer to override the default. -osbuild_worker_azure_upload_threads: 0 - -######################### -# Configuration for AWS # -######################### - -# Local path to the AWS credentials file. If not empty, this file will be -# copied to the worker to {{ osbuild_worker_aws_credentials_path }}. -osbuild_worker_aws_credentials_file: "" -# Path to the AWS credentials file on the worker. If empty, -# defaults to {{ osbuild_worker_aws_credentials_path_default }}. -osbuild_worker_aws_credentials_path: "" -osbuild_worker_aws_bucket: "" - -######################### -# Configuration for GCP # -######################### - -# Local path to the GCP credentials file. If not empty, this file will be -# copied to the worker to {{ osbuild_worker_gcp_credentials_path }}. -osbuild_worker_gcp_credentials_file: "" -# Path to the GCP credentials file on the worker. If empty, -# defaults to {{ osbuild_worker_gcp_credentials_path_default }}. -osbuild_worker_gcp_credentials_path: "" -osbuild_worker_gcp_bucket: "" diff --git a/roles/ansible-osbuild-worker/handlers/main.yml b/roles/ansible-osbuild-worker/handlers/main.yml deleted file mode 100644 index 08e2d30ad9..0000000000 --- a/roles/ansible-osbuild-worker/handlers/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Restart remote worker - become: true - ansible.builtin.systemd: - name: "{{ osbuild_worker_remote_worker_service_name }}{{ osbuild_worker_server_hostname }}" - daemon_reload: true - state: restarted diff --git a/roles/ansible-osbuild-worker/meta/.galaxy_install_info b/roles/ansible-osbuild-worker/meta/.galaxy_install_info deleted file mode 100644 index b669cc89fa..0000000000 --- a/roles/ansible-osbuild-worker/meta/.galaxy_install_info +++ /dev/null @@ -1,2 +0,0 @@ -install_date: "\xDAt\_20.\_\u010Dervna\_2023,\_16:41:07" -version: main diff --git a/roles/ansible-osbuild-worker/meta/main.yml b/roles/ansible-osbuild-worker/meta/main.yml deleted file mode 100644 index c7028fd16b..0000000000 --- a/roles/ansible-osbuild-worker/meta/main.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -galaxy_info: - role_name: osbuild_worker - namespace: osbuild - author: Tomáš Hozza - description: Ansible role for deploying osbuild-composer worker - company: Red Hat - issue_tracker_url: https://github.com/osbuild/ansible-osbuild-worker/issues - license: Apache-2.0 - min_ansible_version: "2.1" - platforms: - - name: Fedora - versions: - - all - - name: EL - versions: - - "8" - - "9" - galaxy_tags: - - "osbuild" - - "composer" - - "worker" - -dependencies: [] diff --git a/roles/ansible-osbuild-worker/tasks/deploy_worker.yml b/roles/ansible-osbuild-worker/tasks/deploy_worker.yml deleted file mode 100644 index 3911b298aa..0000000000 --- a/roles/ansible-osbuild-worker/tasks/deploy_worker.yml +++ /dev/null @@ -1,97 +0,0 @@ ---- -# tasks to deploy osbuild worker -- name: Install osbuild-composer-worker - become: true - ansible.builtin.dnf: - name: - - osbuild-composer-worker - state: installed - update_cache: true - -- name: Create worker configuration directory - become: true - ansible.builtin.file: - path: "{{ osbuild_worker_config_dir }}" - state: directory - mode: "{{ osbuild_worker_config_dir_mode }}" - -- name: Copy secrets to the worker - become: true - ansible.builtin.copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: "{{ osbuild_worker_secrets_owner }}" - group: "{{ osbuild_worker_secrets_group }}" - mode: "{{ osbuild_worker_secrets_mode }}" - loop: - - { src: "{{ osbuild_worker_authentication_client_secret_file }}", dest: "{{ osbuild_worker_authentication_client_secret_path }}" } - - { src: "{{ osbuild_worker_authentication_offline_token_file }}", dest: "{{ osbuild_worker_authentication_offline_token_path }}" } - - { src: "{{ osbuild_worker_azure_credentials_file }}", dest: "{{ osbuild_worker_azure_credentials_path }}" } - - { src: "{{ osbuild_worker_aws_credentials_file }}", dest: "{{ osbuild_worker_aws_credentials_path }}" } - - { src: "{{ osbuild_worker_gcp_credentials_file }}", dest: "{{ osbuild_worker_gcp_credentials_path }}" } - when: item.src | length > 0 and item.dest | length > 0 - notify: Restart remote worker - -- name: Copy Koji keytabs to the worker - become: true - ansible.builtin.copy: - src: "{{ item.krb_keytab_file }}" - dest: "{{ item.krb_keytab_path }}" - owner: "{{ osbuild_worker_secrets_owner }}" - group: "{{ osbuild_worker_secrets_group }}" - mode: "{{ osbuild_worker_secrets_mode }}" - loop: "{{ _osbuild_worker_koji_instances }}" - when: _osbuild_worker_koji_instances is defined and _osbuild_worker_koji_instances | length > 0 - notify: Restart remote worker - -- name: Configure osbuild-remote-worker to use proxy - when: osbuild_worker_proxy_server_hostname | length > 0 - become: true - block: - - name: Create drop-in directory for osbuild-remote-worker service - ansible.builtin.file: - path: "{{ osbuild_worker_remote_worker_service_dropin_dir }}" - state: directory - mode: '0755' - - - name: Configure osbuild-remote-worker to use proxy using drop-in - ansible.builtin.template: - src: templates/osbuild-remote-worker-proxy.conf.j2 - dest: "{{ osbuild_worker_remote_worker_service_proxy_dropin_file }}" - mode: '0644' - notify: Restart remote worker - -- name: Copy osbuild-worker configuration file - become: true - ansible.builtin.template: - src: templates/osbuild-worker.toml.j2 - dest: "{{ osbuild_worker_config_file }}" - mode: "{{ osbuild_worker_config_file_mode }}" - notify: Restart remote worker - -- name: Stop any unwanted osbuild-remote-worker services - become: true - block: - - name: Populate service facts - ansible.builtin.service_facts: - - - name: Filter any unwanted osbuild-remote-worker services - ansible.builtin.set_fact: - osbuild_remote_worker_services_unwanted: "{{ ansible_facts.services | list | select('regex', '^osbuild-remote-worker@.+.service$') - | difference([_osbuild_remote_worker_service_wanted]) }}" - vars: - _osbuild_remote_worker_service_wanted: "{{ osbuild_worker_remote_worker_service_name }}{{ osbuild_worker_server_hostname }}.service" - - - name: Stop and disable any running osbuild-remote-worker service for a different server - ansible.builtin.service: - name: "{{ item }}" - state: stopped - enabled: false - loop: "{{ osbuild_remote_worker_services_unwanted }}" - -- name: Start and enable osbuild-remote-worker service - become: true - ansible.builtin.service: - name: "{{ osbuild_worker_remote_worker_service_name }}{{ osbuild_worker_server_hostname }}.service" - state: started - enabled: true diff --git a/roles/ansible-osbuild-worker/tasks/main.yml b/roles/ansible-osbuild-worker/tasks/main.yml deleted file mode 100644 index 74f8e6948d..0000000000 --- a/roles/ansible-osbuild-worker/tasks/main.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -# tasks for osbuild_worker role - -- name: Validate set role variables - ansible.builtin.include_tasks: tasks/vars_validate.yml - -- name: Define unset role variables - ansible.builtin.include_tasks: tasks/vars_define.yml - -- name: Install and configure osbuild-composer worker - ansible.builtin.include_tasks: tasks/deploy_worker.yml diff --git a/roles/ansible-osbuild-worker/tasks/vars_define.yml b/roles/ansible-osbuild-worker/tasks/vars_define.yml deleted file mode 100644 index a14be2d3d2..0000000000 --- a/roles/ansible-osbuild-worker/tasks/vars_define.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# tasks to define potentially missing variables - -- name: Define worker Oauth client secret path if not defined - ansible.builtin.set_fact: - osbuild_worker_authentication_client_secret_path: "{{ osbuild_worker_authentication_client_secret_path_default }}" - when: osbuild_worker_authentication_client_secret_file | length > 0 and osbuild_worker_authentication_client_secret_path | length == 0 - -- name: Define worker Oauth offline token path if not defined - ansible.builtin.set_fact: - osbuild_worker_authentication_offline_token_path: "{{ osbuild_worker_authentication_offline_token_path_default }}" - when: osbuild_worker_authentication_offline_token_file | length > 0 and osbuild_worker_authentication_offline_token_path | length == 0 - -- name: Define Azure credentials path on worker if not defined - ansible.builtin.set_fact: - osbuild_worker_azure_credentials_path: "{{ osbuild_worker_azure_credentials_path_default }}" - when: osbuild_worker_azure_credentials_file | length > 0 and osbuild_worker_azure_credentials_path | length == 0 - -- name: Define AWS credentials path on worker if not defined - ansible.builtin.set_fact: - osbuild_worker_aws_credentials_path: "{{ osbuild_worker_aws_credentials_path_default }}" - when: osbuild_worker_aws_credentials_file | length > 0 and osbuild_worker_aws_credentials_path | length == 0 - -- name: Define GCP credentials path on worker if not defined - ansible.builtin.set_fact: - osbuild_worker_gcp_credentials_path: "{{ osbuild_worker_gcp_credentials_path_default }}" - when: osbuild_worker_gcp_credentials_file | length > 0 and osbuild_worker_gcp_credentials_path | length == 0 - -- name: Ensure that Koji keytab paths on worker are defined - ansible.builtin.set_fact: - _osbuild_worker_koji_instances: "{{ (_osbuild_worker_koji_instances | default([])) + [_item] }}" - vars: - _krb_keytab_path: "{{ (item.krb_keytab_path is not defined or item.krb_keytab_path | length == 0) | \ - ternary(osbuild_worker_config_dir + '/client_' + item.koji_host + '.keytab', item.krb_keytab_path) }}" - _item: "{{ item | combine({'krb_keytab_path': _krb_keytab_path}) }}" - loop: "{{ osbuild_worker_koji_instances }}" diff --git a/roles/ansible-osbuild-worker/tasks/vars_validate.yml b/roles/ansible-osbuild-worker/tasks/vars_validate.yml deleted file mode 100644 index 4a33bf1ec4..0000000000 --- a/roles/ansible-osbuild-worker/tasks/vars_validate.yml +++ /dev/null @@ -1,123 +0,0 @@ ---- -# tasks to validate variable values - -- name: Check that required variables are set - block: - - name: Check that osbuild_worker_server_hostname is set - ansible.builtin.assert: - quiet: true - that: - - osbuild_worker_server_hostname is defined - - osbuild_worker_server_hostname | length > 0 - fail_msg: "osbuild_worker_server_hostname must be set" - - - name: Check that osbuild_worker_authentication_oauth_url is set - ansible.builtin.assert: - quiet: true - that: - - osbuild_worker_authentication_oauth_url is defined - - osbuild_worker_authentication_oauth_url | length > 0 - fail_msg: "osbuild_worker_authentication_oauth_url must be set" - - - name: Check that osbuild_worker_authentication_client_id is set - ansible.builtin.assert: - quiet: true - that: - - osbuild_worker_authentication_client_id is defined - - osbuild_worker_authentication_client_id | length > 0 - fail_msg: "osbuild_worker_authentication_client_id must be set" - - - name: Check that at least one of osbuild_worker_authentication_client_secret_file or osbuild_worker_authentication_offline_token_file is set - ansible.builtin.assert: - quiet: true - that: - - is_client_secret_file_defined or is_offline_token_file_defined - fail_msg: "At least one of osbuild_worker_authentication_client_secret_file and osbuild_worker_authentication_offline_token_file must be set" - vars: - is_client_secret_file_defined: - "{{ osbuild_worker_authentication_client_secret_file is defined and osbuild_worker_authentication_client_secret_file | length > 0 }}" - is_offline_token_file_defined: - "{{ osbuild_worker_authentication_offline_token_file is defined and osbuild_worker_authentication_offline_token_file | length > 0 }}" - -- name: Check optional variables - block: - - name: Check that osbuild_worker_authentication_client_secret_file is set if osbuild_worker_authentication_client_secret_path is set - ansible.builtin.assert: - quiet: true - that: - - osbuild_worker_authentication_client_secret_file is defined - - osbuild_worker_authentication_client_secret_file | length > 0 - fail_msg: "osbuild_worker_authentication_client_secret_file must be set if osbuild_worker_authentication_client_secret_path is set" - when: osbuild_worker_authentication_client_secret_path | length > 0 - - - name: Check that osbuild_worker_authentication_offline_token_file is set if osbuild_worker_authentication_offline_token_path is set - ansible.builtin.assert: - quiet: true - that: - - osbuild_worker_authentication_offline_token_file is defined - - osbuild_worker_authentication_offline_token_file | length > 0 - fail_msg: "osbuild_worker_authentication_offline_token_file must be set if osbuild_worker_authentication_offline_token_path is set" - when: osbuild_worker_authentication_offline_token_path | length > 0 - - - name: Check Koji variables - when: osbuild_worker_koji_instances | length > 0 - block: - - name: Check that required Koji variables are set - ansible.builtin.assert: - quiet: true - that: - - item.koji_host is defined - - item.koji_host | length > 0 - - item.krb_principal is defined - - item.krb_principal | length > 0 - - item.krb_keytab_file is defined - - item.krb_keytab_file | length > 0 - fail_msg: All of koji_host, krb_principal, and krb_keytab_file must be set for each Koji instance - loop: "{{ osbuild_worker_koji_instances }}" - - - name: Check that relax_timeout_factor is a positive integer - ansible.builtin.assert: - quiet: true - that: - - item.relax_timeout_factor | int > 0 - fail_msg: relax_timeout_factor must be a positive integer if set - loop: "{{ osbuild_worker_koji_instances }}" - when: item.relax_timeout_factor is defined - - - name: Check Azure variables - block: - - name: Check that no Azure variables are set if osbuild_worker_azure_credentials_file is not set - ansible.builtin.assert: - quiet: true - that: - - osbuild_worker_azure_credentials_path | length == 0 - - osbuild_worker_azure_upload_threads == 0 - fail_msg: "osbuild_worker_azure_credentials_path and osbuild_worker_azure_upload_threads must not be set - if osbuild_worker_azure_credentials_file is not set" - when: osbuild_worker_azure_credentials_file | length == 0 - - - name: Check that osbuild_worker_azure_upload_threads is a positive integer - ansible.builtin.assert: - quiet: true - that: - - osbuild_worker_azure_upload_threads | int > 0 - fail_msg: "osbuild_worker_azure_upload_threads must be a positive integer" - when: osbuild_worker_azure_upload_threads != 0 - - - name: Check that no AWS variables are set if osbuild_worker_aws_credentials_file is not set - ansible.builtin.assert: - quiet: true - that: - - osbuild_worker_aws_credentials_path | length == 0 - - osbuild_worker_aws_bucket | length == 0 - fail_msg: "osbuild_worker_aws_credentials_path and osbuild_worker_aws_bucket must not be set if osbuild_worker_aws_credentials_file is not set" - when: osbuild_worker_aws_credentials_file | length == 0 - - - name: Check that no GCP variables are set if osbuild_worker_gcp_credentials_file is not set - ansible.builtin.assert: - quiet: true - that: - - osbuild_worker_gcp_credentials_path | length == 0 - - osbuild_worker_gcp_bucket | length == 0 - fail_msg: "osbuild_worker_gcp_credentials_path and osbuild_worker_gcp_bucket must not be set if osbuild_worker_gcp_credentials_file is not set" - when: osbuild_worker_gcp_credentials_file | length == 0 diff --git a/roles/ansible-osbuild-worker/templates/osbuild-remote-worker-proxy.conf.j2 b/roles/ansible-osbuild-worker/templates/osbuild-remote-worker-proxy.conf.j2 deleted file mode 100644 index 134c72baec..0000000000 --- a/roles/ansible-osbuild-worker/templates/osbuild-remote-worker-proxy.conf.j2 +++ /dev/null @@ -1,6 +0,0 @@ -[Service] -Environment="http_proxy={{ osbuild_worker_proxy_server_hostname }}:{{ osbuild_worker_proxy_server_port }}" -Environment="https_proxy={{ osbuild_worker_proxy_server_hostname }}:{{ osbuild_worker_proxy_server_port }}" -{% if osbuild_worker_no_proxy_domains is defined and osbuild_worker_no_proxy_domains | length > 0 %} -Environment="no_proxy={{ osbuild_worker_no_proxy_domains | join(',') }}" -{% endif %} diff --git a/roles/ansible-osbuild-worker/templates/osbuild-worker.toml.j2 b/roles/ansible-osbuild-worker/templates/osbuild-worker.toml.j2 deleted file mode 100644 index cb5f104c99..0000000000 --- a/roles/ansible-osbuild-worker/templates/osbuild-worker.toml.j2 +++ /dev/null @@ -1,52 +0,0 @@ -# {{ ansible_managed }} - -{% if osbuild_worker_server_api_base_path %} -base_path = "{{ osbuild_worker_server_api_base_path }}" - -{% endif %} -[authentication] -oauth_url = "{{ osbuild_worker_authentication_oauth_url }}" -client_id = "{{ osbuild_worker_authentication_client_id }}" -{% if osbuild_worker_authentication_client_secret_path %} -client_secret = "{{ osbuild_worker_authentication_client_secret_path }}" -{% endif %} -{%if osbuild_worker_authentication_offline_token_path %} -offline_token = "{{ osbuild_worker_authentication_offline_token_path }}" -{% endif %} - -{% if _osbuild_worker_koji_instances is defined %} -{% for koji_instance in _osbuild_worker_koji_instances %} -{% if koji_instance.relax_timeout_factor is defined %} -[koji."{{ koji_instance.koji_host }}"] -relax_timeout_factor = {{ koji_instance.relax_timeout_factor }} - -{% endif %} -[koji."{{ koji_instance.koji_host }}".kerberos] -principal = "{{ koji_instance.krb_principal }}" -keytab = "{{ koji_instance.krb_keytab_path }}" - -{% endfor %} -{% endif %} -{% if osbuild_worker_azure_credentials_path is defined and osbuild_worker_azure_credentials_path %} -[azure] -credentials = "{{ osbuild_worker_azure_credentials_path }}" -{% if osbuild_worker_azure_upload_threads is defined %} -upload_threads = {{ osbuild_worker_azure_upload_threads }} -{% endif %} - -{% endif %} -{% if osbuild_worker_aws_credentials_path is defined and osbuild_worker_aws_credentials_path %} -[aws] -credentials = "{{ osbuild_worker_aws_credentials_path }}" -{% if osbuild_worker_aws_bucket is defined %} -bucket = "{{ osbuild_worker_aws_bucket }}" -{% endif %} - -{% endif %} -{% if osbuild_worker_gcp_credentials_path is defined and osbuild_worker_gcp_credentials_path %} -[gcp] -credentials = "{{ osbuild_worker_gcp_credentials_path }}" -{% if osbuild_worker_gcp_bucket is defined %} -bucket = "{{ osbuild_worker_gcp_bucket }}" -{% endif %} -{% endif %} diff --git a/roles/ansible-osbuild-worker/vars/main.yml b/roles/ansible-osbuild-worker/vars/main.yml deleted file mode 100644 index 788004a2f7..0000000000 --- a/roles/ansible-osbuild-worker/vars/main.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# vars file for osbuild_worker - -osbuild_worker_config_dir: /etc/osbuild-worker -osbuild_worker_config_dir_mode: '0755' - -osbuild_worker_config_file: "{{ osbuild_worker_config_dir }}/osbuild-worker.toml" -osbuild_worker_config_file_mode: '0644' - -osbuild_worker_remote_worker_service_name: osbuild-remote-worker@ -osbuild_worker_remote_worker_service_dropin_dir: /etc/systemd/system/{{ osbuild_worker_remote_worker_service_name }}.service.d -osbuild_worker_remote_worker_service_proxy_dropin_file: "{{ osbuild_worker_remote_worker_service_dropin_dir }}/proxy.conf" - -osbuild_worker_secrets_owner: root -osbuild_worker_secrets_group: root -osbuild_worker_secrets_mode: '0400' - -osbuild_worker_authentication_client_secret_path_default: "{{ osbuild_worker_config_dir }}/client_secret" -osbuild_worker_authentication_offline_token_path_default: "{{ osbuild_worker_config_dir }}/offline_token" - -osbuild_worker_azure_credentials_path_default: "{{ osbuild_worker_config_dir }}/azure-credentials" -osbuild_worker_aws_credentials_path_default: "{{ osbuild_worker_config_dir }}/aws-credentials" -osbuild_worker_gcp_credentials_path_default: "{{ osbuild_worker_config_dir }}/gcp-credentials" diff --git a/roles/ansible-server/files/4070.patch b/roles/ansible-server/files/4070.patch deleted file mode 100644 index b8e19561d3..0000000000 --- a/roles/ansible-server/files/4070.patch +++ /dev/null @@ -1,40 +0,0 @@ -From bd065748a934b9c4261602ab5f1b975e5a441dd0 Mon Sep 17 00:00:00 2001 -From: Patrick Uiterwijk -Date: Wed, 29 Jun 2016 12:59:23 +0000 -Subject: [PATCH] nova_compute: indicate argument type - -Without this, ansible 2.1 will convert some arguments that are -meant to be dict or list type to their str representation. - -Signed-off-by: Patrick Uiterwijk ---- - cloud/openstack/_nova_compute.py | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/cloud/openstack/_nova_compute.py b/cloud/openstack/_nova_compute.py -index 8b8545f..29d3ab0 100644 ---- a/cloud/openstack/_nova_compute.py -+++ b/cloud/openstack/_nova_compute.py -@@ -543,17 +543,17 @@ def main(): - flavor_include = dict(default=None), - key_name = dict(default=None), - security_groups = dict(default='default'), -- nics = dict(default=None), -- meta = dict(default=None), -+ nics = dict(default=None, type='list'), -+ meta = dict(default=None, type='dict'), - wait = dict(default='yes', choices=['yes', 'no']), - wait_for = dict(default=180), - state = dict(default='present', choices=['absent', 'present']), - user_data = dict(default=None), - config_drive = dict(default=False, type='bool'), - auto_floating_ip = dict(default=False, type='bool'), -- floating_ips = dict(default=None), -- floating_ip_pools = dict(default=None), -- scheduler_hints = dict(default=None), -+ floating_ips = dict(default=None, type='list'), -+ floating_ip_pools = dict(default=None, type='list'), -+ scheduler_hints = dict(default=None, type='dict'), - )) - module = AnsibleModule( - argument_spec=argument_spec, diff --git a/roles/ansible-server/files/dns_check.py b/roles/ansible-server/files/dns_check.py deleted file mode 100644 index 5b630d291b..0000000000 --- a/roles/ansible-server/files/dns_check.py +++ /dev/null @@ -1,105 +0,0 @@ -#! /usr/bin/env python -import os -import re -import collections - -# constants -PING_HOST_RESPONSE = 0 -PING_COMMAND = "ping -c 1 -W 1 {0} > /dev/null 2>&1" -ZONE_REGEX = "(\S+)\s+IN\s+([A-Z]+)\s+(\S+)" -DNS_REGEX = "([a-z0-9._-]+)$" - -ZONE_FILENAMES = [ - "master/0.16.10.in-addr.arpa", - "master/125.5.10.in-addr.arpa", - "master/126.5.10.in-addr.arpa", - "master/127.5.10.in-addr.arpa", - "master/phx2.fedoraproject.org" -] - -AddressRecord = collections.namedtuple('AddressRecord', 'host, type, value') - -def get_host_dict(fp, prefix): - hosts = dict() - - # get the hostnames from the file - pattern = re.compile(ZONE_REGEX) - for line in fp: - m = pattern.match(line) - if m: - full_host = prefix.format(m.group(1)) - if full_host[0] <> ';': - hosts[full_host] = AddressRecord._make( [full_host, m.group(2), m.group(3)] ) - return hosts - -def check_zones_match(fwd_hosts, rev_hosts): - results = {} - results["correct"] = [] - results["mismatch"] = [] - results["missing"] = [] - - for record in fwd_hosts.values(): - if record.type is 'A': - try: - rev_record = rev_hosts[record.value] - if record.host == rev_record.value: - results["correct"].append( (record, rev_record) ) - else: - results["mismatch"].append( (record, rev_record) ) - except KeyError: - results["missing"].append( (record, None) ) - return results - -# ping each host and record the result -def ping(hosts): - results = {} - for record in hosts.values(): - results[record] = os.system(PING_COMMAND.format(record.host) ) - return results - -def build_dns_suffix(filename, reverse=False): - m = re.search(DNS_REGEX, filename) - if m: - suffix = m.group(1) - if reverse: - parts = suffix.split(".") - return parts[2]+"."+parts[1]+"."+parts[0]+".{0}" - else: - return "{0}."+m.group(1)+"." - -def main(filenames, check_dns=True, ping_hosts=True, print_stats=False): - rev_hosts = {} - fwd_hosts = {} - - for filename in filenames: - is_reverse = filename.endswith(".in-addr.arpa") - suffix = build_dns_suffix(filename, is_reverse) - host_dict = get_host_dict(open(filename, "r"), suffix) - - type_dict = rev_hosts if is_reverse else fwd_hosts - type_dict.update(host_dict) - - if check_dns: - check_results = check_zones_match(fwd_hosts, rev_hosts) - - if print_stats: - print("reverse dns records") - print("records correct: {0}".format(len(check_results["correct"]))) - print("records incorrect: {0}".format(len(check_results["mismatch"]))) - print("records missing: {0}".format(len(check_results["missing"]))) - - for (fwd, rev) in check_results["mismatch"]: - print ("mismatched record: {0} -> {1} -> {2}".format(fwd.host, fwd.value, rev.value)) - - for (fwd, rev) in check_results["missing"]: - print ("missing record: {0} -> {1}").format(fwd.host, fwd.value) - - if ping_hosts: - results = ping(fwd_hosts) - - # print all the non-zero (error) results - for (host, result) in results.items(): - if result is not 0: - print ("ping failed: {0} (err {1})").format(host.host[:-1], result) - -main(ZONE_FILENAMES) diff --git a/roles/ansible-server/files/requirements.yml b/roles/ansible-server/files/requirements.yml deleted file mode 100644 index 60a4061609..0000000000 --- a/roles/ansible-server/files/requirements.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -roles: - # Needed for copr-pulp playbooks - # https://pagure.io/fedora-infrastructure/issue/11396 - - name: geerlingguy.postgresql - version: 3.5.0 - -collections: - # Needed for Zabbix playbooks - - name: community.zabbix - version: 3.3.0 - # Needed for copr - - name: amazon.aws - version: 4.1.0 - # Needed for logview and fedora-messaging plugins - - name: ansible.utils - version: 4.1.0 - # Needed for efs mgmt for communishift - - name: community.aws - version: 4.1.1 - # Needed by ipa roles - - name: community.general - version: 9.5.5 - # Needed by communishift - - name: community.okd - version: 2.2.0 - # Needed for helm/forgejo deployment - - name: kubernetes.core - version: 2.3.2 - # Needed for misc playbooks - - name: ansible.netcommon - version: 6.1.3 - # Needed because other collections pull in 2.0.0, which we do not want - - name: ansible.posix - version: 1.6.1 diff --git a/roles/ansible-server/tasks/main.yml b/roles/ansible-server/tasks/main.yml index b592fc5ebd..b9c778bed3 100644 --- a/roles/ansible-server/tasks/main.yml +++ b/roles/ansible-server/tasks/main.yml @@ -2,34 +2,20 @@ # # Setup ansible-server instance # -- name: Install needed packages - ansible.builtin.package: - name: - - ansible-core - - git-core - - ansible-collection-ansible-posix - - ansible-collection-community-general - - ansible-collection-community-mysql - - ansible-collection-community-docker - - ansible-collection-community-libvirt - - ansible-collection-community-rabbitmq - - ansible-collection-community-postgresql - - ansible-collection-pulp-pulp_installer +- name: install needed packages + yum: pkg={{ item }} state=installed + with_items: + - ansible + - git tags: - packages - - ansible-server -- name: Generate default ansible config - ansible.builtin.template: src=ansible.cfg.j2 dest=/etc/ansible/ansible.cfg owner=root group=root mode=0644 - tags: - - ansible-server +- name: generate default ansible config + template: src=ansible.cfg.j2 dest=/etc/ansible/ansible.cfg owner=root group=root mode=0644 -- name: Installing the phx2 dns check script - ansible.builtin.copy: src=dns_check.py dest=/usr/local/bin/dns_check owner=root mode=0755 - tags: - - ansible-server - -- name: Install required collections - ansible.builtin.command: ansible-galaxy install -r {{ ansible_base }}/ansible/roles/ansible-server/files/requirements.yml - tags: - - ansible-server +# +# TODO: +# cgit? +# rbac-playbook? +# zodbot notifications? +# diff --git a/roles/ansible-server/templates/ansible.cfg.j2 b/roles/ansible-server/templates/ansible.cfg.j2 index 9d095a7ccd..00d6bdd716 100644 --- a/roles/ansible-server/templates/ansible.cfg.j2 +++ b/roles/ansible-server/templates/ansible.cfg.j2 @@ -1,993 +1,91 @@ +# config file for ansible -- http://ansible.github.com +# nearly all parameters can be overridden in ansible-playbook or with command line flags +# ansible will read ~/.ansible.cfg or /etc/ansible/ansible.cfg, whichever it finds first + [defaults] -# (boolean) By default Ansible will issue a warning when received from a task action (module or action plugin) -# These warnings can be silenced by adjusting this setting to False. -;action_warnings=True -# (list) Accept list of cowsay templates that are 'safe' to use, set to empty list if you want to enable all installed templates. -;cowsay_enabled_stencils=bud-frogs, bunny, cheese, daemon, default, dragon, elephant-in-snake, elephant, eyes, hellokitty, kitty, luke-koala, meow, milk, moofasa, moose, ren, sheep, small, stegosaurus, stimpy, supermilker, three-eyes, turkey, turtle, tux, udder, vader-koala, vader, www +# location of inventory file, eliminates need to specify -i -# (string) Specify a custom cowsay path or swap in your cowsay implementation of choice -;cowpath= +hostfile = {{ ansible_base }}/inventory/inventory -# (string) This allows you to chose a specific cowsay stencil for the banners or use 'random' to cycle through them. -;cow_selection=default +# location of ansible library, eliminates need to specify --module-path -# (boolean) This option forces color mode even when running without a TTY or the "nocolor" setting is True. -;force_color=False +library = {{ ansible_base }}/library:/usr/share/ansible -# (boolean) This setting allows suppressing colorizing output, which is used to give a better indication of failure and status information. -;nocolor=False +# location of ansible log file +log_path = /var/log/ansible/ansible.log -# (boolean) If you have cowsay installed but want to avoid the 'cows' (why????), use this. -;nocows=False +# default module name used in /usr/bin/ansible when -m is not specified -# (boolean) Sets the default value for the any_errors_fatal keyword, if True, Task failures will be considered fatal errors. -;any_errors_fatal=False +module_name = command -# (path) The password file to use for the become plugin. --become-password-file. -# If executable, it will be run and the resulting stdout will be used as the password. -;become_password_file= +# home directory where temp files are stored on remote systems. Should +# almost always contain $HOME or be a directory writeable by all users -# (pathspec) Colon separated paths in which Ansible will search for Become Plugins. -;become_plugins=~/.ansible/plugins/become:/usr/share/ansible/plugins/become +remote_tmp = $HOME/.ansible/tmp -# (string) Chooses which cache plugin to use, the default 'memory' is ephemeral. -;fact_caching=memory -fact_caching=jsonfile +# the default pattern for ansible-playbooks ("hosts:") -# (string) Defines connection or path information for the cache plugin -;fact_caching_connection= -fact_caching_connection=~/.ansible_facts_cache +pattern = * -# (string) Prefix to use for cache plugin files/tables -;fact_caching_prefix=ansible_facts +# the default number of forks (parallelism) to be used. Usually you +# can crank this up. -# (integer) Expiration timeout for the cache plugin data -;fact_caching_timeout=86400 +forks=25 -# (list) Whitelist of callable methods to be made available to template evaluation -;callable_enabled= +# the timeout used by various connection types. Usually this corresponds +# to an SSH timeout -# (list) List of enabled callbacks, not all callbacks need enabling, but many of those shipped with Ansible do as we don't want them activated by default. -;callbacks_enabled= -callbacks_enabled=profile_roles,profile_tasks,logdetail,fedora_messaging_callback +timeout=10 -# (string) When a collection is loaded that does not support the running Ansible version (via the collection metadata key `requires_ansible`), the default behavior is to issue a warning and continue anyway. Setting this value to `ignore` skips the warning entirely, while setting it to `fatal` will immediately halt Ansible execution. -;collections_on_ansible_version_mismatch=warning +# when using --poll or "poll:" in an ansible playbook, and not specifying +# an explicit poll interval, use this interval -# (pathspec) Colon separated paths in which Ansible will search for collections content. Collections must be in nested *subdirectories*, not directly in these directories. For example, if ``COLLECTIONS_PATHS`` includes ``~/.ansible/collections``, and you want to add ``my.collection`` to that directory, it must be saved as ``~/.ansible/collections/ansible_collections/my/collection``. +poll_interval=15 -;collections_path=~/.ansible/collections:/usr/share/ansible/collections +# when specifying --sudo to /usr/bin/ansible or "sudo:" in a playbook, +# and not specifying "--sudo-user" or "sudo_user" respectively, sudo +# to this user account -# (boolean) A boolean to enable or disable scanning the sys.path for installed collections -;collections_scan_sys_path=True +sudo_user=root -# (boolean) Ansible can issue a warning when the shell or command module is used and the command appears to be similar to an existing Ansible module. -# These warnings can be silenced by adjusting this setting to False. You can also control this at the task level with the module option ``warn``. -# As of version 2.11, this is disabled by default. -;command_warnings=False +# connection to use when -c is not specified -# (path) The password file to use for the connection plugin. --connection-password-file. -;connection_password_file= +#transport=paramiko -# (pathspec) Colon separated paths in which Ansible will search for Action Plugins. -;action_plugins=~/.ansible/plugins/action:/usr/share/ansible/plugins/action -action_plugins={{ ansible_base }}/ansible/action_plugins:~/.ansible/plugins/action:/usr/share/ansible/plugins/action +# remote SSH port to be used when --port or "port:" or an equivalent inventory +# variable is not specified. -# (boolean) When enabled, this option allows lookup plugins (whether used in variables as or as a loop as with_foo) to return data that is not marked 'unsafe'. -# By default, such data is marked as unsafe to prevent the templating engine from evaluating any jinja2 templating language, as this could represent a security risk. This option is provided to allow for backward compatibility, however users should first consider adding allow_unsafe=True to any lookups which may be expected to contain data which may be run through the templating engine late -;allow_unsafe_lookups=False +remote_port=22 -# (boolean) This controls whether an Ansible playbook should prompt for a login password. If using SSH keys for authentication, you probably do not needed to change this setting. -;ask_pass=False +# if set, always run /usr/bin/ansible commands as this user, and assume this value +# if "user:" is not set in a playbook. If not set, use the current Unix user +# as the default -# (boolean) This controls whether an Ansible playbook should prompt for a vault password. -;ask_vault_pass=False +remote_user=root -# (pathspec) Colon separated paths in which Ansible will search for Cache Plugins. -;cache_plugins=~/.ansible/plugins/cache:/usr/share/ansible/plugins/cache -cache_plugins={{ ansible_base }}/ansible/cache_plugins:~/.ansible/plugins/cache:/usr/share/ansible/plugins/cache +# if set, always use this private key file for authentication, same as if passing +# --private-key-file to ansible or ansible-playbook -# (pathspec) Colon separated paths in which Ansible will search for Callback Plugins. -;callback_plugins=~/.ansible/plugins/callback:/usr/share/ansible/plugins/callback -callback_plugins={{ ansible_base }}/ansible/callback_plugins:~/.ansible/plugins/callback:/usr/share/ansible/plugins/callback +#private_key_file=/path/to/file -# (pathspec) Colon separated paths in which Ansible will search for Cliconf Plugins. -;cliconf_plugins=~/.ansible/plugins/cliconf:/usr/share/ansible/plugins/cliconf -# (pathspec) Colon separated paths in which Ansible will search for Connection Plugins. -;connection_plugins=~/.ansible/plugins/connection:/usr/share/ansible/plugins/connection -connection_plugins={{ ansible_base }}/ansible/connection_plugins:~/.ansible/plugins/connection:/usr/share/ansible/plugins/connection +# additional plugin paths for non-core plugins -# (boolean) Toggles debug output in Ansible. This is *very* verbose and can hinder multiprocessing. Debug output can also include secret information despite no_log settings being enabled, which means debug mode should not be used in production. -;debug=False - -# (string) This indicates the command to use to spawn a shell under for Ansible's execution needs on a target. Users may need to change this in rare instances when shell usage is constrained, but in most cases it may be left as is. -;executable=/bin/sh - -# (string) This option allows you to globally configure a custom path for 'local_facts' for the implied M(ansible.builtin.setup) task when using fact gathering. -# If not set, it will fallback to the default from the M(ansible.builtin.setup) module: ``/etc/ansible/facts.d``. -# This does **not** affect user defined tasks that use the M(ansible.builtin.setup) module. -;fact_path= - -# (pathspec) Colon separated paths in which Ansible will search for Jinja2 Filter Plugins. -;filter_plugins=~/.ansible/plugins/filter:/usr/share/ansible/plugins/filter -filter_plugins={{ ansible_base }}/ansible/filter_plugins:~/.ansible/plugins/filter:/usr/share/ansible/plugins/filter - -# (boolean) This option controls if notified handlers run on a host even if a failure occurs on that host. -# When false, the handlers will not run if a failure has occurred on a host. -# This can also be set per play or on the command line. See Handlers and Failure for more details. -;force_handlers=False - -# (integer) Maximum number of forks Ansible will use to execute tasks on target hosts. -;forks=5 -forks=150 - -# (string) This setting controls the default policy of fact gathering (facts discovered about remote systems). -# When 'implicit' (the default), the cache plugin will be ignored and facts will be gathered per play unless 'gather_facts: False' is set. -# When 'explicit' the inverse is true, facts will not be gathered unless directly requested in the play. -# The 'smart' value means each new host that has no facts discovered will be scanned, but if the same host is addressed in multiple plays it will not be contacted again in the playbook run. -# This option can be useful for those wishing to save fact gathering time. Both 'smart' and 'explicit' will use the cache plugin. -;gathering=implicit -gathering=smart - -# (list) Set the `gather_subset` option for the M(ansible.builtin.setup) task in the implicit fact gathering. See the module documentation for specifics. -# It does **not** apply to user defined M(ansible.builtin.setup) tasks. -;gather_subset=all - -# (integer) Set the timeout in seconds for the implicit fact gathering. -# It does **not** apply to user defined M(ansible.builtin.setup) tasks. -;gather_timeout=10 - -# (string) This setting controls how duplicate definitions of dictionary variables (aka hash, map, associative array) are handled in Ansible. -# This does not affect variables whose values are scalars (integers, strings) or arrays. -# **WARNING**, changing this setting is not recommended as this is fragile and makes your content (plays, roles, collections) non portable, leading to continual confusion and misuse. Don't change this setting unless you think you have an absolute need for it. -# We recommend avoiding reusing variable names and relying on the ``combine`` filter and ``vars`` and ``varnames`` lookups to create merged versions of the individual variables. In our experience this is rarely really needed and a sign that too much complexity has been introduced into the data structures and plays. -# For some uses you can also look into custom vars_plugins to merge on input, even substituting the default ``host_group_vars`` that is in charge of parsing the ``host_vars/`` and ``group_vars/`` directories. Most users of this setting are only interested in inventory scope, but the setting itself affects all sources and makes debugging even harder. -# All playbooks and roles in the official examples repos assume the default for this setting. -# Changing the setting to ``merge`` applies across variable sources, but many sources will internally still overwrite the variables. For example ``include_vars`` will dedupe variables internally before updating Ansible, with 'last defined' overwriting previous definitions in same file. -# The Ansible project recommends you **avoid ``merge`` for new projects.** -# It is the intention of the Ansible developers to eventually deprecate and remove this setting, but it is being kept as some users do heavily rely on it. New projects should **avoid 'merge'**. -;hash_behaviour=replace -hash_behaviour=merge - -# (pathlist) Comma separated list of Ansible inventory sources -;inventory=/etc/ansible/hosts -inventory={{ ansible_base }}/ansible/inventory - -# (pathspec) Colon separated paths in which Ansible will search for HttpApi Plugins. -;httpapi_plugins=~/.ansible/plugins/httpapi:/usr/share/ansible/plugins/httpapi - -# (float) This sets the interval (in seconds) of Ansible internal processes polling each other. Lower values improve performance with large playbooks at the expense of extra CPU load. Higher values are more suitable for Ansible usage in automation scenarios, when UI responsiveness is not required but CPU usage might be a concern. -# The default corresponds to the value hardcoded in Ansible <= 2.1 -;internal_poll_interval=0.001 - -# (pathspec) Colon separated paths in which Ansible will search for Inventory Plugins. -;inventory_plugins=~/.ansible/plugins/inventory:/usr/share/ansible/plugins/inventory - -# (string) This is a developer-specific feature that allows enabling additional Jinja2 extensions. -# See the Jinja2 documentation for details. If you do not know what these do, you probably don't need to change this setting :) -;jinja2_extensions=[] - -# (boolean) This option preserves variable types during template operations. This requires Jinja2 >= 2.10. -;jinja2_native=False - -# (boolean) Enables/disables the cleaning up of the temporary files Ansible used to execute the tasks on the remote. -# If this option is enabled it will disable ``ANSIBLE_PIPELINING``. -;keep_remote_files=False - -# (boolean) Controls whether callback plugins are loaded when running /usr/bin/ansible. This may be used to log activity from the command line, send notifications, and so on. Callback plugins are always loaded for ``ansible-playbook``. -;bin_ansible_callbacks=False - -# (tmppath) Temporary directory for Ansible to use on the controller. -;local_tmp=~/.ansible/tmp - -# (list) List of logger names to filter out of the log file -;log_filter= - -# (path) File to which Ansible will log on the controller. When empty logging is disabled. -;log_path= - -# (pathspec) Colon separated paths in which Ansible will search for Lookup Plugins. -;lookup_plugins=~/.ansible/plugins/lookup:/usr/share/ansible/plugins/lookup -lookup_plugins={{ ansible_base }}/ansible/lookup_plugins:~/.ansible/plugins/lookup:/usr/share/ansible/plugins/lookup - -# (string) Sets the macro for the 'ansible_managed' variable available for M(ansible.builtin.template) and M(ansible.windows.win_template) modules. This is only relevant for those two modules. -;ansible_managed=Ansible managed - -# (string) This sets the default arguments to pass to the ``ansible`` adhoc binary if no ``-a`` is specified. -;module_args= - -# (string) Compression scheme to use when transferring Python modules to the target. -;module_compression=ZIP_DEFLATED - -# (string) Module to use with the ``ansible`` AdHoc command, if none is specified via ``-m``. -;module_name=command - -# (pathspec) Colon separated paths in which Ansible will search for Modules. -;library=~/.ansible/plugins/modules:/usr/share/ansible/plugins/modules -library={{ ansible_base }}/ansible/library:~/.ansible/plugins/modules:/usr/share/ansible/plugins/modules - -# (pathspec) Colon separated paths in which Ansible will search for Module utils files, which are shared by modules. -;module_utils=~/.ansible/plugins/module_utils:/usr/share/ansible/plugins/module_utils - -# (pathspec) Colon separated paths in which Ansible will search for Netconf Plugins. -;netconf_plugins=~/.ansible/plugins/netconf:/usr/share/ansible/plugins/netconf - -# (boolean) Toggle Ansible's display and logging of task details, mainly used to avoid security disclosures. -;no_log=False - -# (boolean) Toggle Ansible logging to syslog on the target when it executes tasks. On Windows hosts this will disable a newer style PowerShell modules from writting to the event log. -;no_target_syslog=False - -# (none) What templating should return as a 'null' value. When not set it will let Jinja2 decide. -;null_representation= - -# (integer) For asynchronous tasks in Ansible (covered in Asynchronous Actions and Polling), this is how often to check back on the status of those tasks when an explicit poll interval is not supplied. The default is a reasonably moderate 15 seconds which is a tradeoff between checking in frequently and providing a quick turnaround when something may have completed. -;poll_interval=15 - -# (path) Option for connections using a certificate or key file to authenticate, rather than an agent or passwords, you can set the default value here to avoid re-specifying --private-key with every invocation. -;private_key_file= - -# (boolean) Makes role variables inaccessible from other roles. -# This was introduced as a way to reset role variables to default values if a role is used more than once in a playbook. -;private_role_vars=False - -# (integer) Port to use in remote connections, when blank it will use the connection plugin default. -;remote_port= - -# (string) Sets the login user for the target machines -# When blank it uses the connection plugin's default, normally the user currently executing Ansible. -;remote_user= - -# (pathspec) Colon separated paths in which Ansible will search for Roles. -;roles_path=~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles -roles_path={{ ansible_base }}/ansible/roles:~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles - -# (string) Set the main callback used to display Ansible output, you can only have one at a time. -# You can have many other callbacks, but just one can be in charge of stdout. -;stdout_callback=default - -# (string) Set the default strategy used for plays. -;strategy=linear - -# (pathspec) Colon separated paths in which Ansible will search for Strategy Plugins. -;strategy_plugins=~/.ansible/plugins/strategy:/usr/share/ansible/plugins/strategy - -# (boolean) Toggle the use of "su" for tasks. -;su=False - -# (string) Syslog facility to use when Ansible logs to the remote target -;syslog_facility=LOG_USER - -# (pathspec) Colon separated paths in which Ansible will search for Terminal Plugins. -;terminal_plugins=~/.ansible/plugins/terminal:/usr/share/ansible/plugins/terminal - -# (pathspec) Colon separated paths in which Ansible will search for Jinja2 Test Plugins. -;test_plugins=~/.ansible/plugins/test:/usr/share/ansible/plugins/test - -# (integer) This is the default timeout for connection plugins to use. -;timeout=10 - -# (string) Default connection plugin to use, the 'smart' option will toggle between 'ssh' and 'paramiko' depending on controller OS and ssh versions -;transport=smart - -# (boolean) When True, this causes ansible templating to fail steps that reference variable names that are likely typoed. -# Otherwise, any ' template_expression ' that contains undefined variables will be rendered in a template or ansible action line exactly as written. -;error_on_undefined_vars=True - -# (pathspec) Colon separated paths in which Ansible will search for Vars Plugins. -;vars_plugins=~/.ansible/plugins/vars:/usr/share/ansible/plugins/vars -vars_plugins={{ ansible_base }}/ansible/vars_plugins:~/.ansible/plugins/vars:/usr/share/ansible/plugins/vars - -# (string) The vault_id to use for encrypting by default. If multiple vault_ids are provided, this specifies which to use for encryption. The --encrypt-vault-id cli option overrides the configured value. -;vault_encrypt_identity= - -# (string) The label to use for the default vault id label in cases where a vault id label is not provided -;vault_identity=default - -# (list) A list of vault-ids to use by default. Equivalent to multiple --vault-id args. Vault-ids are tried in order. -;vault_identity_list= - -# (string) If true, decrypting vaults with a vault id will only try the password from the matching vault-id -;vault_id_match=False - -# (path) The vault password file to use. Equivalent to --vault-password-file or --vault-id -# If executable, it will be run and the resulting stdout will be used as the password. -;vault_password_file= - -# (integer) Sets the default verbosity, equivalent to the number of ``-v`` passed in the command line. -;verbosity=0 - -# (boolean) Toggle to control the showing of deprecation warnings -;deprecation_warnings=True - -# (boolean) Toggle to control showing warnings related to running devel -;devel_warning=True - -# (boolean) Normally ``ansible-playbook`` will print a header for each task that is run. These headers will contain the name: field from the task if you specified one. If you didn't then ``ansible-playbook`` uses the task's action to help you tell which task is presently running. Sometimes you run many of the same action and so you want more information about the task to differentiate it from others of the same action. If you set this variable to True in the config then ``ansible-playbook`` will also include the task's arguments in the header. -# This setting defaults to False because there is a chance that you have sensitive values in your parameters and you do not want those to be printed. -# If you set this to True you should be sure that you have secured your environment's stdout (no one can shoulder surf your screen and you aren't saving stdout to an insecure file) or made sure that all of your playbooks explicitly added the ``no_log: True`` parameter to tasks which have sensitive values See How do I keep secret data in my playbook? for more information. -;display_args_to_stdout=False - -# (boolean) Toggle to control displaying skipped task/host entries in a task in the default callback -;display_skipped_hosts=True - -# (string) Root docsite URL used to generate docs URLs in warning/error text; must be an absolute URL with valid scheme and trailing slash. -;docsite_root_url=https://docs.ansible.com/ansible-core/ - -# (pathspec) Colon separated paths in which Ansible will search for Documentation Fragments Plugins. -;doc_fragment_plugins=~/.ansible/plugins/doc_fragments:/usr/share/ansible/plugins/doc_fragments - -# (string) By default Ansible will issue a warning when a duplicate dict key is encountered in YAML. -# These warnings can be silenced by adjusting this setting to False. -;duplicate_dict_key=warn - -# (boolean) Whether or not to enable the task debugger, this previously was done as a strategy plugin. -# Now all strategy plugins can inherit this behavior. The debugger defaults to activating when -# a task is failed on unreachable. Use the debugger keyword for more flexibility. -;enable_task_debugger=False - -# (boolean) Toggle to allow missing handlers to become a warning instead of an error when notifying. -;error_on_missing_handler=True - -# (list) Which modules to run during a play's fact gathering stage, using the default of 'smart' will try to figure it out based on connection type. -;facts_modules=smart -facts_modules=smart, python3_fact - -# (boolean) Set this to "False" if you want to avoid host key checking by the underlying tools Ansible uses to connect to the host -;host_key_checking=True - -# (boolean) Facts are available inside the `ansible_facts` variable, this setting also pushes them as their own vars in the main namespace. -# Unlike inside the `ansible_facts` dictionary, these will have an `ansible_` prefix. -;inject_facts_as_vars=True - -# (string) Path to the Python interpreter to be used for module execution on remote targets, or an automatic discovery mode. Supported discovery modes are ``auto`` (the default), ``auto_silent``, ``auto_legacy``, and ``auto_legacy_silent``. All discovery modes employ a lookup table to use the included system Python (on distributions known to include one), falling back to a fixed ordered list of well-known Python interpreter locations if a platform-specific default is not available. The fallback behavior will issue a warning that the interpreter should be set explicitly (since interpreters installed later may change which one is used). This warning behavior can be disabled by setting ``auto_silent`` or ``auto_legacy_silent``. The value of ``auto_legacy`` provides all the same behavior, but for backwards-compatibility with older Ansible releases that always defaulted to ``/usr/bin/python``, will use that interpreter if present. -;interpreter_python=auto - -# (boolean) If 'false', invalid attributes for a task will result in warnings instead of errors -;invalid_task_attribute_failed=True - -# (boolean) Toggle to control showing warnings related to running a Jinja version older than required for jinja2_native -;jinja2_native_warning=True - -# (boolean) By default Ansible will issue a warning when there are no hosts in the inventory. -# These warnings can be silenced by adjusting this setting to False. -;localhost_warning=True - -# (int) Maximum size of files to be considered for diff display -;max_diff_size=104448 - -# (list) List of extensions to ignore when looking for modules to load -# This is for rejecting script and binary module fallback extensions -;module_ignore_exts=dropped, regen file to see default value - -# (list) TODO: write it -;network_group_modules=eos, nxos, ios, iosxr, junos, enos, ce, vyos, sros, dellos9, dellos10, dellos6, asa, aruba, aireos, bigip, ironware, onyx, netconf, exos, voss, slxos - -# (boolean) Previously Ansible would only clear some of the plugin loading caches when loading new roles, this led to some behaviours in which a plugin loaded in prevoius plays would be unexpectedly 'sticky'. This setting allows to return to that behaviour. -;old_plugin_cache_clear=False - -# (path) A number of non-playbook CLIs have a ``--playbook-dir`` argument; this sets the default value for it. -;playbook_dir= - -# (string) This sets which playbook dirs will be used as a root to process vars plugins, which includes finding host_vars/group_vars -# The ``top`` option follows the traditional behaviour of using the top playbook in the chain to find the root directory. -# The ``bottom`` option follows the 2.4.0 behaviour of using the current playbook to find the root directory. -# The ``all`` option examines from the first parent to the current playbook. -;playbook_vars_root=top - -# (path) A path to configuration for filtering which plugins installed on the system are allowed to be used. -# See :ref:`plugin_filtering_config` for details of the filter file's format. -# The default is /etc/ansible/plugin_filters.yml -;plugin_filters_cfg= - -# (string) Attempts to set RLIMIT_NOFILE soft limit to the specified value when executing Python modules (can speed up subprocess usage on Python 2.x. See https://bugs.python.org/issue11284). The value will be limited by the existing hard limit. Default value of 0 does not attempt to adjust existing system-defined limits. -;python_module_rlimit_nofile=0 - -# (bool) This controls whether a failed Ansible playbook should create a .retry file. -;retry_files_enabled=False - -# (path) This sets the path in which Ansible will save .retry files when a playbook fails and retry files are enabled. -# This file will be overwritten after each run with the list of failed hosts from all plays. -;retry_files_save_path= - -# (str) This setting can be used to optimize vars_plugin usage depending on user's inventory size and play selection. -# Setting to C(demand) will run vars_plugins relative to inventory sources anytime vars are 'demanded' by tasks. -# Setting to C(start) will run vars_plugins relative to inventory sources after importing that inventory source. -;run_vars_plugins=demand - -# (bool) This adds the custom stats set via the set_stats plugin to the default output -;show_custom_stats=False - -# (string) Action to take when a module parameter value is converted to a string (this does not affect variables). For string parameters, values such as '1.00', "['a', 'b',]", and 'yes', 'y', etc. will be converted by the YAML parser unless fully quoted. -# Valid options are 'error', 'warn', and 'ignore'. -# Since 2.8, this option defaults to 'warn' but will change to 'error' in 2.12. -;string_conversion_action=warn - -# (boolean) Allows disabling of warnings related to potential issues on the system running ansible itself (not on the managed hosts) -# These may include warnings about 3rd party packages or other conditions that should be resolved if possible. -;system_warnings=True - -# (boolean) This option defines whether the task debugger will be invoked on a failed task when ignore_errors=True is specified. -# True specifies that the debugger will honor ignore_errors, False will not honor ignore_errors. -;task_debugger_ignore_errors=True - -# (integer) Set the maximum time (in seconds) that a task can run for. -# If set to 0 (the default) there is no timeout. -;task_timeout=0 - -# (string) Make ansible transform invalid characters in group names supplied by inventory sources. -# If 'never' it will allow for the group name but warn about the issue. -# When 'ignore', it does the same as 'never', without issuing a warning. -# When 'always' it will replace any invalid characters with '_' (underscore) and warn the user -# When 'silently', it does the same as 'always', without issuing a warning. -;force_valid_group_names=never - -# (boolean) Toggles the use of persistence for connections. -;use_persistent_connections=False - -# (bool) A toggle to disable validating a collection's 'metadata' entry for a module_defaults action group. Metadata containing unexpected fields or value types will produce a warning when this is True. -;validate_action_group_metadata=True - -# (list) Accept list for variable plugins that require it. -;vars_plugins_enabled=host_group_vars - -# (list) Allows to change the group variable precedence merge order. -;precedence=all_inventory, groups_inventory, all_plugins_inventory, all_plugins_play, groups_plugins_inventory, groups_plugins_play - -# (bool) Force 'verbose' option to use stderr instead of stdout -;verbose_to_stderr=False - -# (integer) For asynchronous tasks in Ansible (covered in Asynchronous Actions and Polling), this is how long, in seconds, to wait for the task spawned by Ansible to connect back to the named pipe used on Windows systems. The default is 5 seconds. This can be too low on slower systems, or systems under heavy load. -# This is not the total time an async command can run for, but is a separate timeout to wait for an async command to start. The task will only start to be timed against its async_timeout once it has connected to the pipe, so the overall maximum duration the task can take will be extended by the amount specified here. -;win_async_startup_timeout=5 - -# (list) Check all of these extensions when looking for 'variable' files which should be YAML or JSON or vaulted versions of these. -# This affects vars_files, include_vars, inventory and vars plugins among others. -;yaml_valid_extensions=.yml, .yaml, .json - -# (string) User defined prefix to use when creating the JSON files -;fact_caching_prefix= - -# (integer) Expiration timeout for the cache plugin data -;fact_caching_timeout=86400 - -# (path) Path in which the cache plugin will save the JSON files -;fact_caching_connection= - -# (bool) Toggle to control displaying markers when running in check mode. -# The markers are C(DRY RUN) at the beginning and ending of playbook execution (when calling C(ansible-playbook --check)) and C(CHECK MODE) as a suffix at every play and task that is run in check mode. -;check_mode_markers=False - -# (bool) Toggle to control whether failed and unreachable tasks are displayed to STDERR (vs. STDOUT) -;display_failed_stderr=False - -# (bool) Toggle to control displaying 'ok' task/host results in a task -;display_ok_hosts=True - -# (bool) Toggle to control displaying skipped task/host results in a task -;display_skipped_hosts=True - -# (bool) This adds the custom stats set via the set_stats plugin to the play recap -;show_custom_stats=False - -# (bool) This adds output that shows when a task is started to execute for each host -;show_per_host_start=False - -# (bool) When a task fails, display the path to the file containing the failed task and the line number. This information is displayed automatically for every task when running with C(-vv) or greater verbosity. -;show_task_path_on_failure=False - -# (boolean) Pipelining reduces the number of connection operations required to execute a module on the remote server, by executing many Ansible modules without actual file transfers. -# This can result in a very significant performance improvement when enabled. -# However this can conflict with privilege escalation (become). For example, when using sudo operations you must first disable 'requiretty' in the sudoers file for the target hosts, which is why this feature is disabled by default. -;pipelining=ANSIBLE_PIPELINING -pipelining=True - -# (boolean) Toggles the use of persistence for connections -;use_persistent_connections=False - -# (boolean) Pipelining reduces the number of connection operations required to execute a module on the remote server, by executing many Ansible modules without actual file transfers. -# This can result in a very significant performance improvement when enabled. -# However this can conflict with privilege escalation (become). For example, when using sudo operations you must first disable 'requiretty' in the sudoers file for the target hosts, which is why this feature is disabled by default. -;pipelining=ANSIBLE_PIPELINING - -# (int) Remote port to connect to. -;remote_port= - -# (string) Path to private key file to use for authentication. -;private_key_file= - -# (string) User name with which to login to the remote server, normally set by the remote_user keyword. -# If no user is supplied, Ansible will let the SSH client binary choose the user as it normally. -;remote_user= - -# (boolean) Pipelining reduces the number of connection operations required to execute a module on the remote server, by executing many Ansible modules without actual file transfers. -# This can result in a very significant performance improvement when enabled. -# However this can conflict with privilege escalation (become). For example, when using sudo operations you must first disable 'requiretty' in the sudoers file for the target hosts, which is why this feature is disabled by default. -;pipelining=ANSIBLE_PIPELINING - -# (list) list of users to be expected to have admin privileges. This is used by the controller to determine how to share temporary files between the remote user and the become user. -;admin_users=root, toor - -# (string) Directory in which ansible will keep async job information -;async_dir=~/.ansible_async - -# (string) Checked when Ansible needs to execute a module as a different user. -# If setfacl and chown both fail and do not let the different user access the module's files, they will be chgrp'd to this group. -# In order for this to work, the remote_user and become_user must share a common group and this setting must be set to that group. -;common_remote_group= - -# (string) Temporary directory to use on targets when executing tasks. -;remote_tmp=~/.ansible/tmp - -# (list) List of valid system temporary directories on the managed machine for Ansible to choose when it cannot use C(remote_tmp), normally due to permission issues. These must be world readable, writable, and executable. This list should only contain directories which the system administrator has pre-created with the proper ownership and permissions otherwise security issues can arise. -;system_tmpdirs=/var/tmp, /tmp - -# (boolean) This makes the temporary files created on the machine world-readable and will issue a warning instead of failing the task. -# It is useful when becoming an unprivileged user. -;allow_world_readable_tmpfiles=False - -# (list) Check all of these extensions when looking for 'variable' files which should be YAML or JSON or vaulted versions of these. -# This affects vars_files, include_vars, inventory and vars plugins among others. -;yaml_valid_extensions=.yml, .yaml, .json - - -[privilege_escalation] -# (boolean) Display an agnostic become prompt instead of displaying a prompt containing the command line supplied become method -;agnostic_become_prompt=True - -# (boolean) This setting controls if become is skipped when remote user and become user are the same. I.E root sudo to root. -# If executable, it will be run and the resulting stdout will be used as the password. -;become_allow_same_user=False - -# (boolean) Toggles the use of privilege escalation, allowing you to 'become' another user after login. -;become=False - -# (boolean) Toggle to prompt for privilege escalation password. -;become_ask_pass=False - -# (string) executable to use for privilege escalation, otherwise Ansible will depend on PATH -;become_exe= - -# (string) Flags to pass to the privilege escalation executable. -;become_flags= - -# (string) Privilege escalation method to use when `become` is enabled. -;become_method=sudo - -# (string) The user your login/remote user 'becomes' when using privilege escalation, most systems will use 'root' when no user is specified. -;become_user=root - - -[persistent_connection] -# (path) Specify where to look for the ansible-connection script. This location will be checked before searching $PATH. -# If null, ansible will start with the same directory as the ansible script. -;ansible_connection_path= - -# (int) This controls the amount of time to wait for response from remote device before timing out persistent connection. -;command_timeout=30 - -# (integer) This controls the retry timeout for persistent connection to connect to the local domain socket. -;connect_retry_timeout=15 - -# (integer) This controls how long the persistent connection will remain idle before it is destroyed. -;connect_timeout=30 - -# (path) Path to socket to be used by the connection persistence system. -;control_path_dir=~/.ansible/pc - - -[connection] -# (boolean) Pipelining, if supported by the connection plugin, reduces the number of network operations required to execute a module on the remote server, by executing many Ansible modules without actual file transfer. -# This can result in a very significant performance improvement when enabled. -# However this conflicts with privilege escalation (become). For example, when using 'sudo:' operations you must first disable 'requiretty' in /etc/sudoers on all managed hosts, which is why it is disabled by default. -# This option is disabled if ``ANSIBLE_KEEP_REMOTE_FILES`` is enabled. -# This is a global option, each connection plugin can override either by having more specific options or not supporting pipelining at all. -;pipelining=False - - -[colors] -# (string) Defines the color to use on 'Changed' task status -;changed=yellow - -# (string) Defines the default color to use for ansible-console -;console_prompt=white - -# (string) Defines the color to use when emitting debug messages -;debug=dark gray - -# (string) Defines the color to use when emitting deprecation messages -;deprecate=purple - -# (string) Defines the color to use when showing added lines in diffs -;diff_add=green - -# (string) Defines the color to use when showing diffs -;diff_lines=cyan - -# (string) Defines the color to use when showing removed lines in diffs -;diff_remove=red - -# (string) Defines the color to use when emitting error messages -;error=red - -# (string) Defines the color to use for highlighting -;highlight=white - -# (string) Defines the color to use when showing 'OK' task status -;ok=green - -# (string) Defines the color to use when showing 'Skipped' task status -;skip=cyan - -# (string) Defines the color to use on 'Unreachable' status -;unreachable=bright red - -# (string) Defines the color to use when emitting verbose messages. i.e those that show with '-v's. -;verbose=blue - -# (string) Defines the color to use when emitting warning messages -;warn=bright purple - - -[selinux] -# (boolean) This setting causes libvirt to connect to lxc containers by passing --noseclabel to virsh. This is necessary when running on systems which do not have SELinux. -;libvirt_lxc_noseclabel=False - -# (list) Some filesystems do not support safe operations and/or return inconsistent errors, this setting makes Ansible 'tolerate' those in the list w/o causing fatal errors. -# Data corruption may occur and writes are not always verified when a filesystem is in the list. -;special_context_filesystems=fuse, nfs, vboxsf, ramfs, 9p, vfat - - -[diff] -# (bool) Configuration toggle to tell modules to show differences when in 'changed' status, equivalent to ``--diff``. -;always=False - -# (integer) How many lines of context to show when displaying the differences between files. -;context=3 - - -[galaxy] -# (path) The directory that stores cached responses from a Galaxy server. -# This is only used by the ``ansible-galaxy collection install`` and ``download`` commands. -# Cache files inside this dir will be ignored if they are world writable. -;cache_dir=~/.ansible/galaxy_cache - -# (bool) Some steps in ``ansible-galaxy`` display a progress wheel which can cause issues on certain displays or when outputing the stdout to a file. -# This config option controls whether the display wheel is shown or not. -# The default is to show the display wheel if stdout has a tty. -;display_progress= - -# (boolean) If set to yes, ansible-galaxy will not validate TLS certificates. This can be useful for testing against a server with a self-signed certificate. -;ignore_certs=False - -# (path) Role or collection skeleton directory to use as a template for the ``init`` action in ``ansible-galaxy``, same as ``--role-skeleton``. -;role_skeleton= - -# (list) patterns of files to ignore inside a Galaxy role or collection skeleton directory -;role_skeleton_ignore=^.git$, ^.*/.git_keep$ - -# (string) URL to prepend when roles don't specify the full URI, assume they are referencing this server as the source. -;server=https://galaxy.ansible.com - -# (list) A list of Galaxy servers to use when installing a collection. -# The value corresponds to the config ini header ``[galaxy_server.item]`` which defines the server details. -# See :ref:`galaxy_server_config` for more details on how to define a Galaxy server. -# The order of servers in this list is used to as the order in which a collection is resolved. -# Setting this config option will ignore the :ref:`galaxy_server` config option. -;server_list= - -# (path) Local path to galaxy access token file -;token_path=~/.ansible/galaxy_token - - -[inventory] -# (string) This setting changes the behaviour of mismatched host patterns, it allows you to force a fatal error, a warning or just ignore it -;host_pattern_mismatch=warning - -# (boolean) If 'true', it is a fatal error when any given inventory source cannot be successfully parsed by any available inventory plugin; otherwise, this situation only attracts a warning. - -;any_unparsed_is_failed=False - -# (bool) Toggle to turn on inventory caching. -# This setting has been moved to the individual inventory plugins as a plugin option :ref:`inventory_plugins`. -# The existing configuration settings are still accepted with the inventory plugin adding additional options from inventory configuration. -# This message will be removed in 2.16. -;cache=False - -# (string) The plugin for caching inventory. -# This setting has been moved to the individual inventory plugins as a plugin option :ref:`inventory_plugins`. -# The existing configuration settings are still accepted with the inventory plugin adding additional options from inventory and fact cache configuration. -# This message will be removed in 2.16. -;cache_plugin= - -# (string) The inventory cache connection. -# This setting has been moved to the individual inventory plugins as a plugin option :ref:`inventory_plugins`. -# The existing configuration settings are still accepted with the inventory plugin adding additional options from inventory and fact cache configuration. -# This message will be removed in 2.16. -;cache_connection= - -# (string) The table prefix for the cache plugin. -# This setting has been moved to the individual inventory plugins as a plugin option :ref:`inventory_plugins`. -# The existing configuration settings are still accepted with the inventory plugin adding additional options from inventory and fact cache configuration. -# This message will be removed in 2.16. -;cache_prefix=ansible_inventory_ - -# (string) Expiration timeout for the inventory cache plugin data. -# This setting has been moved to the individual inventory plugins as a plugin option :ref:`inventory_plugins`. -# The existing configuration settings are still accepted with the inventory plugin adding additional options from inventory and fact cache configuration. -# This message will be removed in 2.16. -;cache_timeout=3600 - -# (list) List of enabled inventory plugins, it also determines the order in which they are used. -;enable_plugins=host_list, script, auto, yaml, ini, toml -enable_plugins=ini, constructed - -# (bool) Controls if ansible-inventory will accurately reflect Ansible's view into inventory or its optimized for exporting. -;export=False - -# (list) List of extensions to ignore when using a directory as an inventory source -;ignore_extensions=dropped, see regenerated version for default value - -# (list) List of patterns to ignore when using a directory as an inventory source -;ignore_patterns= - -# (bool) If 'true' it is a fatal error if every single potential inventory source fails to parse, otherwise this situation will only attract a warning. - -;unparsed_is_failed=False - - -[netconf_connection] -# (string) This variable is used to enable bastion/jump host with netconf connection. If set to True the bastion/jump host ssh settings should be present in ~/.ssh/config file, alternatively it can be set to custom ssh configuration file path to read the bastion/jump host settings. -;ssh_config= +action_plugins = {{ ansible_base }}/action_plugins:/usr/lib/python2.6/site-packages/ansible/runner/action_plugins +lookup_plugins = {{ ansible_base }}/lookup_plugins:/usr/lib/python2.6/site-packages/ansible/runner/lookup_plugins +callback_plugins = {{ ansible_base }}/callback_plugins:/usr/lib/python2.6/site-packages/ansible/callback_plugins +host_key_checking=False [paramiko_connection] -# (boolean) TODO: write it -;host_key_auto_add=False - -# (boolean) TODO: write it -;look_for_keys=True - -# (boolean) TODO: write it -;host_key_auto_add= - -# (boolean) Set this to "False" if you want to avoid host key checking by the underlying tools Ansible uses to connect to the host -;host_key_checking=True - -# (boolean) TODO: write it -;look_for_keys=True - -# (string) Proxy information for running the connection via a jumphost -# Also this plugin will scan 'ssh_args', 'ssh_extra_args' and 'ssh_common_args' from the 'ssh' plugin settings for proxy information if set. -;proxy_command= - -# (boolean) TODO: write it -;pty=True - -# (boolean) TODO: write it -;record_host_keys=True - -# (string) User to login/authenticate as -# Can be set from the CLI via the C(--user) or C(-u) options. -;remote_user= - - -[jinja2] -# (list) This list of filters avoids 'type conversion' when templating variables -# Useful when you want to avoid conversion into lists or dictionaries for JSON strings, for example. -;dont_type_filters=string, to_json, to_nice_json, to_yaml, to_nice_yaml, ppretty, json - - -[tags] -# (list) default list of tags to run in your plays, Skip Tags has precedence. -;run= - -# (list) default list of tags to skip in your plays, has precedence over Run Tags -;skip= - - -[runas_become_plugin] -# (string) Options to pass to runas, a space delimited list of k=v pairs -;flags= - -# (string) password -;password= - -# (string) User you 'become' to execute the task -;user= - - -[su_become_plugin] -# (string) Su executable -;executable=su - -# (string) Options to pass to su -;flags= - -# (string) Password to pass to su -;password= - -# (string) User you 'become' to execute the task -;user=root - -# (list) List of localized strings to match for prompt detection -# If empty we'll use the built in one -# Do NOT add a colon (:) to your custom entries. Ansible adds a colon at the end of each prompt; if you add another one in your string, your prompt will fail with a "Timeout" error. -;localized_prompts= - - -[sudo_become_plugin] -# (string) Sudo executable -;executable=sudo - -# (string) Options to pass to sudo -;flags=-H -S -n - -# (string) Password to pass to sudo -;password= - -# (string) User you 'become' to execute the task -;user=root - - -[callback_tree] -# (path) directory that will contain the per host JSON files. Also set by the C(--tree) option when using adhoc. -;directory=~/.ansible/tree +# nothing to configure yet [ssh_connection] -# (string) This is the location to save SSH's ControlPath sockets, it uses SSH's variable substitution. -# Since 2.3, if null (default), ansible will generate a unique hash. Use ``%(directory)s`` to indicate where to use the control dir path setting. -# Before 2.3 it defaulted to ``control_path=%(directory)s/ansible-ssh-%%h-%%p-%%r``. -# Be aware that this setting is ignored if C(-o ControlPath) is set in ssh args. -;control_path= -# (string) This sets the directory to use for ssh control path if the control path setting is null. -# Also, provides the ``%(directory)s`` variable for the control path setting. -;control_path_dir=~/.ansible/cp - -# (boolean) Determines if SSH should check host keys. -;host_key_checking=True - -# (boolean) Pipelining reduces the number of connection operations required to execute a module on the remote server, by executing many Ansible modules without actual file transfers. -# This can result in a very significant performance improvement when enabled. -# However this can conflict with privilege escalation (become). For example, when using sudo operations you must first disable 'requiretty' in the sudoers file for the target hosts, which is why this feature is disabled by default. -;pipelining=ANSIBLE_PIPELINING - -# (string) PKCS11 SmartCard provider such as opensc, example: /usr/local/lib/opensc-pkcs11.so -# Requires sshpass version 1.06+, sshpass must support the -P option. -;pkcs11_provider= - -# (integer) Number of attempts to connect. -;retries=0 - -# (string) This defines the location of the scp binary. It defaults to C(scp) which will use the first binary available in $PATH. -;scp_executable=scp - -# (string) Extra exclusive to the C(scp) CLI -;scp_extra_args= - -# (string) Preferred method to use when transfering files over SSH. -# When set to I(smart), Ansible will try them until one succeeds or they all fail. -# If set to I(True), it will force 'scp', if I(False) it will use 'sftp'. -# This setting will overridden by ssh_transfer_method if set. -;scp_if_ssh=smart - -# (bool) TODO: write it -;sftp_batch_mode=yes - -# (string) This defines the location of the sftp binary. It defaults to C(sftp) which will use the first binary available in $PATH. -;sftp_executable=sftp - -# (string) Extra exclusive to the C(sftp) CLI -;sftp_extra_args= - -# (string) Arguments to pass to all SSH CLI tools. -;ssh_args=-C -o ControlMaster=auto -o ControlPersist=60s - -# (string) Common extra args for all SSH CLI tools. -;ssh_common_args= - -# (string) This defines the location of the SSH binary. It defaults to C(ssh) which will use the first SSH binary available in $PATH. -# This option is usually not required, it might be useful when access to system SSH is restricted, or when using SSH wrappers to connect to remote hosts. -;ssh_executable=ssh - -# (string) Extra exclusive to the SSH CLI. -;ssh_extra_args= - -# (string) Preferred method to use when transferring files over ssh -# Setting to 'smart' (default) will try them in order, until one succeeds or they all fail -# Using 'piped' creates an ssh pipe with C(dd) on either side to copy the data -;transfer_method= -transfer_method=scp - -# (string) Password prompt that sshpass should search for. Supported by sshpass 1.06 and up. -# Defaults to C(Enter PIN for) when pkcs11_provider is set. -;sshpass_prompt= - -# (integer) This is the default ammount of time we will wait while establishing an SSH connection. -# It also controls how long we can wait to access reading the connection once established (select on the socket). -;timeout=10 - -# (bool) add -tt to ssh commands to force tty allocation. -;usetty=yes - - -[winrm] -# (list) A list of environment variables to pass through to C(kinit) when getting the Kerberos authentication ticket. -# By default no environment variables are passed through and C(kinit) is run with a blank slate. -# The environment variable C(KRB5CCNAME) cannot be specified here as it's used to store the temp Kerberos ticket used by WinRM. -;kinit_env_vars= - - -[inventory_plugins] -# (bool) Merge extra vars into the available variables for composition (highest precedence). -;use_extra_vars=False - - -[inventory_plugin_script] -# (boolean) Toggle display of stderr even when script was successful -;always_show_stderr=True - - -[inventory_plugin_yaml] -# (list) list of 'valid' extensions for files containing YAML -;yaml_valid_extensions=.yaml, .yml, .json - - -[url_lookup] -# (string) String of file system path to CA cert bundle to use -;ca_path= - -# (string) String of urllib2, all/yes, safe, none to determine how redirects are followed, see RedirectHandlerFactory for more information -;follow_redirects=urllib2 - -# (boolean) Whether or not to set "cache-control" header with value "no-cache" -;force=False - -# (boolean) Force basic authentication -;agent=False - -# (string) User-Agent to use in the request. The default was changed in 2.11 to C(ansible-httpget). -;agent=ansible-httpget - -# (float) How long to wait for the server to send data before giving up -;timeout=10 - -# (string) String of file system path to unix socket file to use when establishing connection to the provided url -;unix_socket= - -# (list) A list of headers to not attach on a redirected request -;unredirected_headers= - -# (boolean) Use GSSAPI handler of requests -# As of Ansible 2.11, GSSAPI credentials can be specified with I(username) and I(password). -;use_gssapi=False - - -[powershell] -# (string) Directory in which ansible will keep async job information. -# Before Ansible 2.8, this was set to C(remote_tmp + "\.ansible_async"). -;async_dir=%USERPROFILE%\.ansible_async - -# (string) Temporary directory to use on targets when copying files to the host. -;remote_tmp=%TEMP% - -# (string) Directory in which ansible will keep async job information. -# Before Ansible 2.8, this was set to C(remote_tmp + "\.ansible_async"). -;async_dir=%USERPROFILE%\.ansible_async - -# (string) Temporary directory to use on targets when copying files to the host. -;remote_tmp=%TEMP% - - -[vars_host_group_vars] -# (str) Control when this vars plugin may be executed. -# Setting this option to C(all) will run the vars plugin after importing inventory and whenever it is demanded by a task. -# Setting this option to C(task) will only run the vars plugin whenever it is demanded by a task. -# Setting this option to C(inventory) will only run the vars plugin after parsing inventory. -# If this option is omitted, the global I(RUN_VARS_PLUGINS) configuration is used to determine when to execute the vars plugin. -;stage= +# if uncommented, sets the ansible ssh arguments to the following. Leaving off ControlPersist +# will result in poor performance, so use transport=paramiko on older platforms rather than +# removing it +ssh_args=-o PasswordAuthentication=no -o ControlMaster=auto diff --git a/roles/apache/defaults/main.yml b/roles/apache/defaults/main.yml deleted file mode 100644 index 372da7ba0c..0000000000 --- a/roles/apache/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -collectd_apache: true diff --git a/roles/apache/handlers/main.yml b/roles/apache/handlers/main.yml deleted file mode 100644 index ffc1f9bdd9..0000000000 --- a/roles/apache/handlers/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: Restart apache - ansible.builtin.command: /usr/local/bin/conditional-restart.sh httpd httpd diff --git a/roles/apache/tasks/main.yml b/roles/apache/tasks/main.yml deleted file mode 100644 index cb0cf42daa..0000000000 --- a/roles/apache/tasks/main.yml +++ /dev/null @@ -1,89 +0,0 @@ ---- -# install apache(httpd) -- name: Install apache (package) - ansible.builtin.package: - state: present - name: - - httpd - - httpd-tools - tags: - - packages - - apache - when: ansible_cmdline.ostree is not defined - -- name: Install mod_http2 on rhel8 hosts - ansible.builtin.package: - state: present - name: - - mod_http2 - tags: - - packages - - apache - when: ansible_distribution_major_version|int >= 8 and ansible_distribution == 'RedHat' - -- name: Set apache running/enabled - service: name=httpd enabled=yes - ignore_errors: true - notify: - - Reload apache - tags: - - service - - apache - -# install hash randomization hotfix -- name: Hotfix - copy over new httpd init script - ansible.builtin.copy: src="{{ files }}/hotfix/httpd/httpd.init" dest=/etc/init.d/httpd - owner=root group=root mode=0755 - when: ansible_distribution_major_version|int < 30 and ansible_distribution == 'Fedora' - notify: - - Reload apache - tags: - - config - - hotfix - - apache - -# install hash randomization hotfix -- name: Hotfix - copy over new httpd init script - ansible.builtin.copy: src="{{ files }}/hotfix/httpd/httpd.init" dest=/etc/init.d/httpd - owner=root group=root mode=0755 - when: ansible_distribution_major_version|int <= 8 and ansible_distribution == 'RedHat' - notify: - - Reload apache - tags: - - config - - hotfix - - apache - -- name: Add appserver headers.conf - ansible.builtin.template: src="{{ files }}/httpd/headers.conf.j2" dest=/etc/httpd/conf.d/headers.conf - notify: - - Reload apache - tags: - - config - - apache - - apache/headers - -- name: Add appserver h2.conf - ansible.builtin.template: src="{{ files }}/httpd/h2.conf.j2" dest=/etc/httpd/conf.d/h2.conf - when: ansible_distribution == 'Fedora' - notify: - - Reload apache - tags: - - config - - apache - - h2 - -- name: Add apache_status location for collectd - ansible.builtin.template: src="{{ files }}/httpd/apachestatus.conf" dest=/etc/httpd/conf.d/apachestatus.conf - notify: - - Reload apache - tags: - - config - - apache - - apachestatus - -- name: Setup logrotate to our needs - ansible.builtin.template: src="{{ files }}/httpd/httpd.logrotate.j2" dest=/etc/logrotate.d/httpd - tags: - - config - - apache diff --git a/roles/apps-fp-o/README b/roles/apps-fp-o/README deleted file mode 100644 index ac4bb13787..0000000000 --- a/roles/apps-fp-o/README +++ /dev/null @@ -1,5 +0,0 @@ -========= -apps-fp-o -========= - -A landing page for https://apps.fedoraproject.org/ featuring javascript magic. diff --git a/roles/apps-fp-o/files/apps.fp.o.conf b/roles/apps-fp-o/files/apps.fp.o.conf deleted file mode 100644 index 8dbc3e718c..0000000000 --- a/roles/apps-fp-o/files/apps.fp.o.conf +++ /dev/null @@ -1,15 +0,0 @@ -DocumentRoot /srv/web/apps-fp-o/ - - - Header set Cache-Control public - ExpiresDefault "access plus 1 month" - Header unset ETag - - - - - SetEnvIf Origin "http(s)?://(fedoraproject.org|.*\.fedoraproject.org|pagure\.io)$" AccessControlAllowOrigin=$0 - Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin - Header set Vary "Accept-Encoding, Origin" - - diff --git a/roles/apps-fp-o/files/apps.yaml b/roles/apps-fp-o/files/apps.yaml deleted file mode 100644 index 65f8d027c5..0000000000 --- a/roles/apps-fp-o/files/apps.yaml +++ /dev/null @@ -1,611 +0,0 @@ -%YAML 1.2 ---- -name: Fedora Apps -data: - description: > - This is a landing page for Fedora Apps. Fedora Infrastructure is - huge; this page details only the public facing portion of - it all. Explore! -children: - - name: Accounts - data: - description: > - Tools for everybody -- use these things to manage your Fedora - Account. - children: - - name: FedoraPeople - data: - url: https://fedorapeople.org - user_url: https://{user}.fedorapeople.org - status_mappings: [people] - description: > - Being a community member you gain access to fedorapeople which - provides you with a space on the web where you can upload - files to share them with the community. - - name: Fedora Accounts - data: - url: https://accounts.fedoraproject.org/ - user_url: https://accounts.fedoraproject.org/user/{user} - source_url: https://github.com/fedora-infra/noggin/ - bugs_url: https://github.com/fedora-infra/noggin/issues/ - docs_url: https://noggin-aaa.readthedocs.io/en/latest/ - sops: - - https://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/fas-notes.html - - https://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/fas-openid.html - - https://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/accountdeletion.html - - https://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/nonhumanaccounts.html - status_mappings: [fas] - description: > - Fedora Accounts. Update your profile - information and apply for membership in groups. - - name: Notifications - data: - icon: fedmsg.png - url: https://notifications.fedoraproject.org/ - source_url: https://github.com/fedora-infra/fmn/ - bugs_url: https://github.com/fedora-infra/fmn/issues/ - docs_url: https://fmn.readthedocs.io/ - sops: [https://docs.fedoraproject.org/en-US/infra/sysadmin_guide/fmn/] - status_mappings: [fedmsg] - description: > - Centrally managed preferences for Fedora Infrastructure - notifications to your inbox, irc client, and mobile device. - - name: Badges - status_mappings: [badges] - data: - icon: badges.png - url: https://badges.fedoraproject.org - user_url: https://badges.fedoraproject.org/user/{user} - source_url: https://github.com/fedora-infra/tahrir/ - bugs_url: https://github.com/fedora-infra/tahrir/issues/ - docs_url: https://tahrir.readthedocs.org/en/latest/ - sops: [https://infrastructure.fedoraproject.org/infra/docs/badges.rst] - description: > - An achievements system for Fedora Contributors! "Badges" - are awarded based on activity in the community. Can you - unlock them all? - You can export your badges to Mozilla's - Open Badges - Infrastructure - - name: Content - data: - description: > - Tools for wordsmiths -- the apps that store and archive the troves - of content that Fedora authors produce. Blog posts, the wiki, and - more.. - children: - - name: Ask Fedora - data: - icon: ask_fedora.png - url: https://ask.fedoraproject.org/ - source_url: https://github.com/askbot/askbot-devel - bugs_url: https://github.com/askbot/askbot-devel/issues/ - docs_url: http://askbot.org/doc/index.html - sops: [https://infrastructure.fedoraproject.org/infra/docs/askbot.rst] - status_mappings: [ask] - description: > - Any question at all about Fedora? Ask it here. - - name: The Wiki - data: - icon: mediawiki.png - url: https://fedoraproject.org/wiki - user_url: https://fedoraproject.org/wiki/User:{user} - source_url: https://www.mediawiki.org/ - bugs_url: https://www.mediawiki.org/wiki/Phabricator#Get_started - docs_url: https://www.mediawiki.org/wiki/Sysadmin_hub - sops: [https://infrastructure.fedoraproject.org/infra/docs/wiki.rst] - status_mappings: [wiki] - description: > - Maintain your own user profile page, contribute to - documents about features, process, and governance. - - name: Fedora Magazine - data: - icon: magazine.png - url: https://fedoramagazine.org - docs_url: https://codex.wordpress.org/ - # We don't have a SOP for the magazine yet. - # https://pagure.io/fedora-infrastructure/issue/5149 - # sops: - # - put the url here - description: > - Fedora Magazine is a WordPress-based site which delivers all - the news of the Fedora Community. (It replaces the previous - Fedora Weekly News.) - - name: The Planet - data: - icon: planet_logo.png - url: http://fedoraplanet.org - docs_url: https://www.intertwingly.net/code/venus/ - sops: - - https://infrastructure.fedoraproject.org/infra/docs/planetsubgroup.rst - description: > - The planet is a blog aggregator, a space accessible to you - as a community member where you can express your opinion and - talk about what you are doing for Fedora. - - name: Docs - data: - url: https://docs.fedoraproject.org - status_mappings: [docs] - # TODO - add the docs_url. I asked pete travis for info on this - # docs_url: put the url here - # TODO - add a sop. - # https://pagure.io/fedora-infrastructure/issue/5150 - # sops: - # - add the sop url here. - description: > - RTFM! Everything you could ever want to know. - Probably the best place to find documentation about Fedora, - including the changes between releases (and a big kudos to - the translation teams to keep this resource up to date in - the different languages!) - - name: QA - data: - description: > - Tools for testers -- the people who tell us its broken so we can - fix it. - children: - - name: Problem Tracker - data: - url: https://retrace.fedoraproject.org - package_url: https://retrace.fedoraproject.org/faf/reports/?component_names={package} - source_url: https://github.com/abrt/retrace-server/ - bugs_url: https://github.com/abrt/retrace-server/issues - docs_url: https://abrt.readthedocs.org/en/latest/howitworks.html#faf - # TODO - write SOPs for this - # https://pagure.io/fedora-infrastructure/issue/5151 - # sops: - # - url goes here - # - and another one goes here - description: > - The Problem Tracker is a platform for collecting and - analyzing package crashes reported via ABRT (Automatic Bug - Reporting Tool). It makes it easy to see what problems - users are hitting the most, and allows you to filter them - by Fedora release, associate, or component. - - name: Blocker Bugs - data: - url: https://qa.fedoraproject.org/blockerbugs - source_url: https://pagure.io/fedora-qa/blockerbugs - bugs_url: https://pagure.io/fedora-qa/blockerbugs - docs_url: https://tflink.fedorapeople.org/blockerbugs/docs/ - sops: - - https://infrastructure.fedoraproject.org/infra/docs/blockerbugs.rst - status_mappings: [blockerbugs] - description: > - The Fedora Blocker Bug Tracker tracks release blocking bugs - and related updates in Fedora releases currently under - development. - - name: Bugzilla - data: - icon: bugzilla.png - url: https://bugzilla.redhat.com - package_url: > - https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Fedora&product=Fedora%20EPEL&query_format=advanced&component={package} - description: > - The Fedora Community makes use of a bugzilla instance - run by Red Hat. Notice something wrong with a Fedora - package? You can file an official bug here. - - name: Review Status - data: - url: https://fedoraproject.org/PackageReviewStatus/ - package_url: > - https://bugzilla.redhat.com/buglist.cgi?component=Package%20Review&query_format=advanced&short_desc_type=allwordssubstr&short_desc={package} - # TODO - write the SOP for this - # https://pagure.io/fedora-infrastructure/issue/5152 - # sops: - # - url goes here - description: > - These pages contain periodically generated reports with - information on the current state of all Fedora package review - tickets -- a super useful window on bugzilla. - - name: Kerneltest - data: - icon: tux.png - url: https://apps.fedoraproject.org/kerneltest - source_url: https://github.com/jmflinuxtx/kerneltest-harness - bugs_url: https://github.com/jmflinuxtx/kerneltest-harness/issues - docs_url: https://fedoraproject.org/wiki/KernelTestingInitiative - sops: - - https://infrastructure.fedoraproject.org/infra/docs/kerneltest-harness.rst - description: > - As part of the kernel - testing initiative we provide a webapp where users and - automated systems can upload test results. If you have - access to hardware where we could catch tricky driver - issues, your assistance here would be much appreciated. - - name: Koschei - data: - icon: koschei.png - url: https://koschei.fedoraproject.org/ - user_url: https://koschei.fedoraproject.org/user/{user} - package_url: https://koschei.fedoraproject.org/package/{package} - source_url: https://github.com/fedora-infra/koschei - bugs_url: https://github.com/fedora-infra/koschei/issues - docs_url: https://fedoraproject.org/wiki/Koschei - sops: [https://infrastructure.fedoraproject.org/infra/docs/koschei.rst] - status_mappings: [koschei] - description: > - Koschei is a continuous integration system for RPM packages. It - tracks dependency changes done in Koji repositories and rebuilds - packages whose dependencies change. It can help packagers to - detect failures early and provide relevant information to narrow - down the cause. - - name: Coordination - data: - description: > - Tools for people -- so we can talk to each other and share content - and ideas. - children: - - name: Asknot - data: - url: https://whatcanidoforfedora.org - source_url: https://github.com/fedora-infra/asknot-ng - bugs_url: https://github.com/fedora-infra/asknot-ng/issues - docs_url: https://github.com/fedora-infra/asknot-ng/blob/develop/README.md - # TODO - write SOP for asknot-ng - # https://pagure.io/fedora-infrastructure/issue/5154 - # sops: - # - url goes here - status_mappings: [] - description: > - Ask not what Fedora can do for you, but what you can do for - Fedora? This site is a starting place for brand new - contributors to help them figure out where they can - hop on board! - - name: Elections - data: - url: https://elections.fedoraproject.org/ - source_url: https://github.com/fedora-infra/elections - bugs_url: https://github.com/fedora-infra/elections/issues - docs_url: https://github.com/fedora-infra/elections/blob/develop/README.md - sops: [https://infrastructure.fedoraproject.org/infra/docs/voting.rst] - status_mappings: [elections] - description: > - As a member of the community, you can now vote for the - different steering committees and for this you will use the - Election application. Voting is a right and a duty as a member - of the community; it is one of the things you can do to - influence the development of Fedora. - - name: The Mailing lists - data: - icon: hyperkitty.png - url: https://lists.fedoraproject.org - source_url: https://gitlab.com/mailman/hyperkitty - bugs_url: https://gitlab.com/mailman/hyperkitty/issues - docs_url: https://hyperkitty.readthedocs.org/en/latest/ - sops: [https://infrastructure.fedoraproject.org/infra/docs/mailman.rst] - status_mappings: [mailinglists] - description: > - Mailing lists are used for communication within the community. - There are lists for generic topics and lists more dedicated - to a specific topic, there is for sure one for you. - - name: FedoCal - data: - icon: fedocal.png - url: https://calendar.fedoraproject.org/ - source_url: https://github.com/fedora-infra/fedocal - bugs_url: https://github.com/fedora-infra/fedocal/issues - docs_url: https://fedocal.readthedocs.org/en/latest/ - sops: [https://infrastructure.fedoraproject.org/infra/docs/fedocal.rst] - status_mappings: [fedocal] - description: > - The Fedora Calendar (or fedocal), you might - have already guessed, is a public calendar service. You can - create your own calendar, or subscribe to others. Want to - be kept abrest of releases, freezes, and events? This is - the tool for you. - - name: Meetbot - data: - icon: meetbot.png - url: https://meetbot.fedoraproject.org - source_url: https://github.com/fedora-infra/mote - bugs_url: https://github.com/fedora-infra/mote/issues - docs_url: https://github.com/fedora-infra/mote/blob/master/README.md - sops: - - https://infrastructure.fedoraproject.org/infra/docs/mote.rst - - https://infrastructure.fedoraproject.org/infra/docs/zodbot.rst - status_mappings: [zodbot] - description: > - Fedora Infrastructure runs a friendly IRC bot that you may - know named zodbot. - Among its many and varied functions is logging IRC meetings, - the archives of which you can find here. - - name: Packaging - data: - description: > - Tools for packagers -- where the pieces of the distribution get - built. - children: - - name: Packages - data: - url: https://packages.fedoraproject.org/ - package_url: https://apps.fedoraproject.org/packages/{package} - source_url: https://pagure.io/fedora-packages-static - bugs_url: https://pagure.io/fedora-packages-static/issues - docs_url: http://threebean.org/blog/history-of-fedora-packages/ - sops: - - https://infrastructure.fedoraproject.org/infra/docs/fedorapackages.rst - status_mappings: [packages] - description: > - A meta-app over the other packaging apps; the best place to - find out what is in the Fedora repositories. Which - packages are present in which version, who is maintaining - them, what patches have been applied, what bugs have been - reported against them. All these kind of questions can be - answered here. - It is sometimes called "Fedora Community v2" after the old - Fedora Community - site. - - name: COPR - data: - icon: copr.png - url: https://copr.fedoraproject.org - user_url: https://copr.fedoraproject.org/coprs/{user}/ - source_url: https://github.com/fedora-copr/copr - bugs_url: > - https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=POST&bug_status=MODIFIED&bug_status=ON_DEV&bug_status=ON_QA&bug_status=VERIFIED&bug_status=RELEASE_PENDING&classification=Community&list_id=4767864&product=Copr&query_format=advanced - docs_url: https://copr-backend.readthedocs.org/ - # Also: - # - https://copr-keygen.readthedocs.org/ - # - https://copr-rest-api.readthedocs.org/ - sops: [https://infrastructure.fedoraproject.org/infra/docs/copr.rst] - status_mappings: [copr] - description: > - Copr is an easy-to-use automatic build system providing a - package repository as its output. You can make your **own** repositories! - - name: Koji - data: - icon: koji.png - url: https://koji.fedoraproject.org/koji - package_url: > - https://koji.fedoraproject.org/koji/search?match=glob&type=package&terms={package} - user_url: https://koji.fedoraproject.org/koji/userinfo?userID={user} - source_url: https://pagure.io/koji - bugs_url: https://pagure.io/koji/issues - docs_url: https://koji.build/ - sops: - - https://infrastructure.fedoraproject.org/infra/docs/koji.rst - - https://infrastructure.fedoraproject.org/infra/docs/koji-builder-setup.rst - status_mappings: [koji] - description: > - Koji is the software that builds RPM packages for the - Fedora project. It uses Mock to create chroot - environments to perform builds that are both safe and - trusted. - - name: Bodhi - data: - icon: bodhi.png - url: https://admin.fedoraproject.org/updates - package_url: https://admin.fedoraproject.org/updates/{package} - user_url: https://admin.fedoraproject.org/updates/user/{user} - source_url: https://github.com/fedora-infra/bodhi - bugs_url: https://github.com/fedora-infra/bodhi/issues - docs_url: https://bodhi.fedoraproject.org/docs - sops: [https://infrastructure.fedoraproject.org/infra/docs/bodhi.rst] - status_mappings: [bodhi] - description: > - The tool you will use to push your packages to the Fedora - repositories as an update, first an update to be tested - (repository: updates-testing) then a stable update - (repository: updates). Behold -- the Magic - Cabbage. - - name: Package Sources - data: - icon: package-sources.png - url: https://src.fedoraproject.org/ - package_url: https://src.fedoraproject.org/rpms/{package} - source_url: https://pagure.io/pagure - bugs_url: https://pagure.io/pagure/issues - docs_url: https://pagure.io/docs/pagure/ - status_mappings: [pkgs] - description: > - Ever wonder exactly what is in the new release - of a Fedora package? This is where the change histories - of all the packages in Fedora for every release of - Fedora (and EPEL) are kept.. forever! A gold mine. - - name: Mdapi - data: - url: https://apps.fedoraproject.org/mdapi - description: > - mdapi is a small API exposing the metadata contained in - different RPM repositories. - - name: Upstream - data: - description: > - Tools for upstream - developers -- because we love you. - children: - - name: Release Monitoring - data: - url: https://release-monitoring.org - package_url: https://release-monitoring.org/projects/search/?pattern={package} - source_url: https://github.com/fedora-infra/anitya - bugs_url: https://github.com/fedora-infra/anitya/issues - docs_url: https://fedoraproject.org/wiki/Upstream_release_monitoring - # TODO - write sops for anitya and the-new-hotness - # https://pagure.io/fedora-infrastructure/issue/5157 - # sops: - # - https://infrastructure.fedoraproject.org/infra/docs/anitya.rst - # - https://infrastructure.fedoraproject.org/infra/docs/hotness.rst - description: > - Code named anitya, this - project is slated to replace the - old wiki page for Upstream Release Monitoring. It will - track upstream tarball locations and publish notifications to - the fedmsg bus when new ones are found. Other daemons will - then be responsible for filing bugs, attempting to - automatically build packages, perform some preliminary QA - checks, etc.. - - name: Webhook to Fedora Messaging - data: - url: https://webhook.fedoraproject.org/ - source_url: https://github.com/fedora-infra/webhook-to-fedora-messaging - bugs_url: https://github.com/fedora-infra/webhook-to-fedora-messaging/issues - docs_url: > - https://github.com/fedora-infra/webhook-to-fedora-messaging/ - sops: - - https://docs.fedoraproject.org/en-US/infra/sysadmin_guide/webhook2fedmsg/ - description: > - Webhook to Fedora Messaging is a web service that bridges upstream - activity into the Fedora Infrastructure message bus. Visit the self-service - dashboard to add your application. - - name: Pagure - data: - icon: pagure.png - url: https://pagure.io/ - status_mappings: [pagure] - description: > - Pagure is a git-centered forge, python based using pygit2. - With pagure you can host your project with its documentation, - let your users report issues or request enhancements using - the ticketing system and build your community of contributors - by allowing them to fork your projects and contribute to it - via the now-popular pull-request mechanism. - - name: Infrastructure - data: - description: > - Tools for sysadmins -- the people who run the servers that run - Fedora (and otherwise). - children: - - name: GeoIP - data: - url: https://geoip.fedoraproject.org - source_url: https://github.com/fedora-infra/geoip-city-wsgi - bugs_url: https://github.com/fedora-infra/geoip-city-wsgi/issues - docs_url: https://github.com/fedora-infra/geoip-city-wsgi/blob/master/geoip-city.wsgi - # TODO - write a sop for this thing - # https://pagure.io/fedora-infrastructure/issue/5159 - # sops: - # - https://infrastructure.fedoraproject.org/infra/docs/geoip.rst - description: > - A simple web service running geoip-city-wsgi - that will return geoip information to you. - - name: Easyfix - data: - url: https://fedoraproject.org/easyfix - source_url: https://github.com/fedora-infra/fedora-gather-easyfix - bugs_url: https://github.com/fedora-infra/fedora-gather-easyfix/issues - docs_url: https://github.com/fedora-infra/fedora-gather-easyfix/blob/master/README - sops: - - https://infrastructure.fedoraproject.org/infra/docs/gather-easyfix.rst - description: > - A list of easy-to-fix problems for the different projects in - Fedora. Interested in getting into helping out with sysadmin - work or web application development? This should be useful - to you. - - name: DataGrepper - data: - icon: fedmsg.png - url: https://apps.fedoraproject.org/datagrepper - package_url: https://apps.fedoraproject.org/datagrepper/raw?package={package} - user_url: https://apps.fedoraproject.org/datagrepper/raw?user={user} - source_url: https://github.com/fedora-infra/datagrepper - bugs_url: https://github.com/fedora-infra/datagrepper/issues - docs_url: https://github.com/fedora-infra/datagrepper/blob/develop/README.rst - sops: [https://infrastructure.fedoraproject.org/infra/docs/datanommer.rst] - status_mappings: [fedmsg] - description: > - DataGrepper is an HTTP API for querying the datanommer - database. You can use it to dig into the history of the - fedmsg message bus. You - can grab events by username, by package, by message - source, by topic... you name it. - - name: Status - data: - icon: status-good.png - url: http://www.fedorastatus.org - source_url: https://github.com/fedora-infra/statusfpo/ - bugs_url: https://github.com/fedora-infra/statusfpo/issues - docs_url: https://github.com/fedora-infra/statusfpo/README - sops: - - https://infrastructure.fedoraproject.org/infra/docs/status-fedora.rst - description: > - Sometimes the Fedora Infrastructure team messes up (or - lightning strikes our datacenter(s)). Sorry about that. - You can use this website to check the status. Is it - "down for everyone, or just me?"
Notice the favicon - in your browser tab. It changes based on the status, - so if you keep this open you can check back to it at a - glance. - - name: MirrorManager - data: - icon: downloads.png - url: https://mirrors.fedoraproject.org - source_url: https://github.com/fedora-infra/mirrormanager2 - bugs_url: https://github.com/fedora-infra/mirrormanager2/issues - docs_url: https://mirrormanager.readthedocs.org/en/latest/ - sops: - - https://infrastructure.fedoraproject.org/infra/docs/mirrormanager.rst - - https://infrastructure.fedoraproject.org/infra/docs/mastermirror.rst - - https://infrastructure.fedoraproject.org/infra/docs/mirrorhiding.rst - - https://infrastructure.fedoraproject.org/infra/docs/mirrormanager-S3-EC2-netblocks.rst - status_mappings: [mirrormanager, mirrorlist] - description: > - Fedora is distributed to millions of systems globally. - This would not be possible without the donations of time, - disk space, and bandwidth by hundreds of volunteer system - administrators and their companies or institutions. Your - fast download experience is made possible by these - donations. The list on the MirrorManager - site is dynamically generated every hour, listing only - up-to-date mirrors. - - name: Nagios - data: - icon: nagios-logo.png - url: https://admin.fedoraproject.org/nagios - source_url: https://github.com/NagiosEnterprises/nagioscore - bugs_url: https://pagure.io/fedora-infrastructure/issues - docs_url: https://www.nagios.org/documentation/ - sops: [https://infrastructure.fedoraproject.org/infra/docs/nagios.rst] - description: > - "Is telia down?" The answer can most definitively be - found here (and in detail). The Fedora Infrastructure - team uses Nagios to monitor the servers that serve - Fedora. Accessing most details requires membership - in the sysadmin group. - - name: Collectd - data: - icon: collectd.png - url: https://admin.fedoraproject.org/collectd/ - source_url: https://github.com/collectd/collectd - bugs_url: https://github.com/collectd/collectd/issues - docs_url: https://collectd.org/documentation.shtml - sops: [https://infrastructure.fedoraproject.org/infra/docs/collectd.rst] - description: > - Tracks and displays statistics on the Fedora - Infrastructure machines over time. Useful for debugging - ineffeciencies and problems. - - name: HAProxy - data: - url: https://admin.fedoraproject.org/haproxy/proxy1 - source_url: https://git.haproxy.org/ - bugs_url: https://www.haproxy.org/knownbugs-1.3.html - docs_url: https://www.haproxy.org/#docs - sops: [https://infrastructure.fedoraproject.org/infra/docs/haproxy.rst] - description: > - Shows the health of our proxies. How many bytes? - Concurrent sessions? Health checks? - - name: In Development - data: - description: > - These are the apps that we're working on, but that aren't quite - ready for prime-time yet. Try and use them, and report bugs when - they're broken -- it's a big help!. - Check back here from time to time, as this section will change. - children: - - name: Ipsilon - data: - url: https://pagure.io/ipsilon - description: >- - Ipsilon is our central authentication agent that is used to - authenticate users agains FAS. It is seperate from FAS. The - only service that is not using this currently is the wiki. - It is a web service that is presented via httpd and is load - balanced by our standard haproxy setup. diff --git a/roles/apps-fp-o/files/fedmenu-staging/css/demo.css b/roles/apps-fp-o/files/fedmenu-staging/css/demo.css deleted file mode 100644 index e8fd8fc1fa..0000000000 --- a/roles/apps-fp-o/files/fedmenu-staging/css/demo.css +++ /dev/null @@ -1,3 +0,0 @@ -.fm-intro { - padding-bottom: 15px; -} diff --git a/roles/apps-fp-o/files/fedmenu-staging/css/fedmenu.css b/roles/apps-fp-o/files/fedmenu-staging/css/fedmenu.css deleted file mode 100644 index ae9b9746ba..0000000000 --- a/roles/apps-fp-o/files/fedmenu-staging/css/fedmenu.css +++ /dev/null @@ -1,212 +0,0 @@ -@font-face { - font-family: 'Montserrat'; - font-style: normal; - font-weight: 400; - src: local('Montserrat-Regular'), url(../fonts/montserrat.ttf) format('truetype'); -} - -.fedmenu-bottom-left { - position: fixed; - bottom: 10px; - left: 10px; -} - -.fedmenu-bottom-right { - position: fixed; - bottom: 10px; - right: 10px; -} -.fedmenu-bottom-left:hover .fedmenu-bottom-left.fedmenu-active { - bottom: 2px; - left: 2px; -} -.fedmenu-bottom-right:hover .fedmenu-bottom-right.fedmenu-active { - bottom: 2px; - right: 2px; -} - -#fedmenu-tray { - width: 48px; - z-index: 1010; -} - -.fedmenu-button { - margin-left: auto; - margin-right: auto; - - margin-top: 0px; - margin-bottom: 8px; - padding-bottom: 0px; - - width: 32px; - height: 32px; - - -webkit-filter: drop-shadow(4px 4px 4px #222); - filter: drop-shadow(4px 4px 4px #222); - - /* Awesome */ - transition-property: width, height, bottom, left, background-size, filter, margin-top, margin-bottom, padding-bottom; - transition-duration: 0.10s; - transition-timing-function: linear; -} -.fedmenu-button:hover, .fedmenu-button.fedmenu-active { - margin-top: -8px; - margin-bottom: 0px; - padding-bottom: -8px; - - width: 48px; - height: 48px; - - -webkit-filter: drop-shadow(4px 4px 6px #222); - filter: drop-shadow(4px 4px 6px #222); -} - -.fedmenu-button div.img { - width: 100%; - height: 100%; - background-repeat: no-repeat; - background-size: 100% 100%; -} -#fedmenu-main-button div.img { background-image: url("../img/logo.png"); } -#fedmenu-user-button div.img { border-radius: 50%; /* Make avatars into a circle */ } - -#fedmenu-wrapper { - position: fixed; - height: 100%; - width: 100%; - top: 0; - left: 0; - z-index: 1008; - display: none; -} - -#fedmenu-wrapper.fedmenu-active,.fedmenu-exit { - cursor: pointer; -} - -.fedmenu-exit { - float: right; - width: 26px; - height: 26px; - text-align: center; - line-height: 28px; - font-family: sans-serif; - font-size: 16pt; - color: #FFF; - background-color: #db3279; - border-radius: 50%; - - -webkit-filter: drop-shadow(4px 4px 4px #222); - filter: drop-shadow(4px 4px 4px #222); - - /* Awesome */ - transition-property: width, height, margin, line-height, font-size; - transition-duration: 0.10s; - transition-timing-function: linear; -} - -.fedmenu-exit:hover { - margin-top: -6px; - margin-right: -6px; - - width: 38px; - height: 38px; - line-height: 40px; - font-size: 22pt; - - -webkit-filter: drop-shadow(4px 4px 6px #222); - filter: drop-shadow(4px 4px 6px #222); -} - -#fedmenu-wrapper.fedmenu-active { - display: block; - background-color: rgba(0,0,0,0.3); - -webkit-box-shadow: inset 0 0 400px rgba(0,0,0,1); - box-shadow: inset 0 0 400px rgba(0,0,0,1); - -} - -.fedmenu-content { - position: fixed; - top: 100%; - - /* Vary these two parameters for responsive-ness */ - left: 30%; - width: 40%; - - background: url('../img/panda-wave.png') no-repeat right bottom; - - background-color: #FFF; - margin-bottom: 20px; - padding: 19px; - border: 0px none; - - -webkit-box-shadow: 0px 3px 10px rgba(0, 0, 0, 0.23); - box-shadow: 0px 3px 10px rgba(0, 0, 0, 0.23); - z-index: 1009; -} - -.fedmenu-content.fedmenu-active { - top: 15%; - transition-property: top; - transition-duration: 0.4s; - transition-delay: 0.3s; - transition-timing-function: ease-out; -} - -.fedmenu-content > h1 { - font-family: Montserrat; - font-weight: bold; - border-bottom: 2px solid; - color: #294172; -} - -.fedmenu-panel { - font-family: Montserrat; - display: inline-block; - vertical-align: top; - font-size: 12pt; - padding: 15px; -} -.fedmenu-panel ul { - margin-top: 10px; - padding-left: 0px; -} -.fedmenu-panel li { - list-style: none; - margin-left: 0px; -} - -.fedmenu-panel a, -.fedmenu-panel a:hover { - color: #3C6EB4; -} - -.fedmenu-header { - display: inline; - font-weight: bold; - font-size: 12pt; - color: #294172; - border-bottom: 1px solid; -} - -/* Responsive stuff... */ -@media all and (max-width: 1450px) { .fedmenu-content { left: 25%; width: 50%; }} -@media all and (max-width: 1200px) { .fedmenu-content { left: 20%; width: 60%; }} -@media all and (max-width: 1000px) { .fedmenu-content { left: 15%; width: 70%; }} -@media all and (max-width: 860px) { .fedmenu-content { left: 10%; width: 80%; }} -@media all and (max-width: 740px) { .fedmenu-content { left: 5%; width: 85%; }} -@media all and (max-width: 600px) { .fedmenu-content { left: 0%; width:100%; }} -@media all and (max-width: 800px) { .fedmenu-content.fedmenu-active { top: 10%; }} -@media all and (max-width: 700px) { .fedmenu-content.fedmenu-active { top: 10%; }} -@media all and (max-width: 600px) { .fedmenu-content.fedmenu-active { top: 5%; }} -@media all and (max-width: 500px) { - .fedmenu-content.fedmenu-active { top: 0%; } - .fedmenu-content > h1 { font-size: 80%; padding: 5px } - .fedmenu-panel .fedmenu-header { font-size: 90%; } - .fedmenu-panel { padding: 7px; font-size: 5pt; } - .fedmenu-content { - padding: 9px; - background-image: none; - } -} diff --git a/roles/apps-fp-o/files/fedmenu-staging/fonts/montserrat.ttf b/roles/apps-fp-o/files/fedmenu-staging/fonts/montserrat.ttf deleted file mode 100644 index 68df4ba660..0000000000 Binary files a/roles/apps-fp-o/files/fedmenu-staging/fonts/montserrat.ttf and /dev/null differ diff --git a/roles/apps-fp-o/files/fedmenu-staging/img/logo.png b/roles/apps-fp-o/files/fedmenu-staging/img/logo.png deleted file mode 100644 index debc431245..0000000000 Binary files a/roles/apps-fp-o/files/fedmenu-staging/img/logo.png and /dev/null differ diff --git a/roles/apps-fp-o/files/fedmenu-staging/img/panda-wave.png b/roles/apps-fp-o/files/fedmenu-staging/img/panda-wave.png deleted file mode 100644 index 9e6423e8bb..0000000000 Binary files a/roles/apps-fp-o/files/fedmenu-staging/img/panda-wave.png and /dev/null differ diff --git a/roles/apps-fp-o/files/fedmenu-staging/js/fedmenu.js b/roles/apps-fp-o/files/fedmenu-staging/js/fedmenu.js deleted file mode 100644 index 4509cee2e4..0000000000 --- a/roles/apps-fp-o/files/fedmenu-staging/js/fedmenu.js +++ /dev/null @@ -1,221 +0,0 @@ -var fedmenu = function(options) { $(document).ready(function() { - var defaults = { - 'url': 'https://apps.fedoraproject.org/js/data.js', - 'mimeType': undefined, // Only needed for local development - - 'context': document, // Alternatively, parent.document for iframes. - - 'position': 'bottom-left', - - 'user': null, - 'package': null, - }; - - // Our options object is called 'o' for shorthand - var o = $.extend({}, defaults, options || {}); - - // Also, hang on to the selector context with a shorthand 'c' - var c = o['context']; - - var buttons = ""; - if (o.user !== null) buttons += '
'; - if (o.package !== null) buttons += '
'; - buttons += '
'; - - var script = $("script[src$='fedmenu.js']").attr('src'); - var base = script.slice(0, -13); - - // Add a section if one doesn't exist. - // https://github.com/fedora-infra/fedmenu/issues/6 - if ($('head', c).length == 0) $('html', c).append(''); - $('head', c).append(''); - - $('body', c).append( - '
' + - buttons + '
'); - - $('body', c).append('
'); - - var imgurl; - if (o.user !== null) { - imgurl = libravatar.url(o.user); - $('#fedmenu-user-button .img', c).css('background-image', 'url("' + imgurl + '")'); - } - if (o.package !== null) { - /* This icon is not always going to exist, so we should put in an - * apache rule that redirects to a default icon if this file - * isn't there. */ - imgurl = 'https://apps.fedoraproject.org/packages/images/icons/' + o.package + '.png'; - $('#fedmenu-package-button .img', c).css('background-image', 'url("' + imgurl + '")'); - } - - // Define three functions used to generate the content of the menu panes - var make_main_content_html = function(i, node) { - var html = "
" + - node.name + "
"; - - if ($('#fedmenu-main-content').length == 0) { - $('body', c).append('
'); - $('#fedmenu-main-content', c).append(""); - $('#fedmenu-main-content', c).append("

Fedora Infrastructure Apps

"); - $('#fedmenu-main-content', c).append("

Legal

"); - } - $("#fedmenu-main-content", c).append(html); - }; - - var make_user_content_html = function(i, node) { - var html = "
" + - node.name + "
    "; - - var found = false; - $.each(node.children, function(j, leaf) { - if (leaf.data.user_url !== undefined) { - found = true; - var url = leaf.data.user_url.replace('{user}', o.user); - html = html + - "
  • " + - $("

    " + leaf.name + "

    ").text() + - "
    • "; - } - }); - if (found) { - if ($('#fedmenu-user-content').length == 0) { - $('body', c).append('
    '); - $('#fedmenu-user-content', c).append(""); - $('#fedmenu-user-content', c).append("

    View " + o.user + " in other apps

    "); - } - html = html + "
"; - $("#fedmenu-user-content", c).append(html); - } - }; - - var make_package_content_html = function(i, node) { - var html = "
" + - node.name + "
    "; - - var found = false; - $.each(node.children, function(j, leaf) { - if (leaf.data.package_url !== undefined) { - found = true; - var url = leaf.data.package_url.replace('{package}', o.package); - html = html + - "
  • " + - $("

    " + leaf.name + "

    ").text() + - "
    • "; - } - }); - if (found) { - html = html + "
"; - if ($('#fedmenu-package-content').length == 0) { - $('body', c).append('
'); - $('#fedmenu-package-content', c).append(""); - $('#fedmenu-package-content', c).append("

View the " + o.package + " package elsewhere

"); - } - $("#fedmenu-package-content", c).append(html); - } - }; - - // A handy lookup for those functions we just defined. - var content_makers = { - 'main': make_main_content_html, - 'user': make_user_content_html, - 'package': make_package_content_html, - }; - - var normalize = function(url) { - return url.slice(url.indexOf('://') + 3).replace(/\/$/, ""); - } - - // Figure out the current site that we're on, if possible, and return the - // data we have on it from the json we loaded. - var get_current_site = function() { - var found = null; - var ours = normalize(window.location.toString()); - $.each(master_data, function(i, node) { - $.each(node.children, function(j, leaf) { - var theirs = normalize(leaf.data.url); - if (ours.indexOf(theirs) === 0) found = leaf; - }) - }); - return found; - } - - // Try to construct a little footer for the menus. - var add_footer_links = function() { - var site = get_current_site(); - var content = ""; - if (site != null && site.data.bugs_url != undefined && site.data.source_url != undefined) { - content = content + "Problems with " + site.name + - "? Please file bugs or check out the source."; - } - content = content + "
Powered by fedmenu."; - $(".fedmenu-content").append("

" + content + "

"); - } - - $.ajax({ - url: o.url, - mimeType: o.mimeType, - dataType: 'script', - cache: true, - error: function(err) { - console.log('Error getting ' + o.url); - console.log(err); - }, - success: function(script) { - // Save this for later... - master_data = json.children; - }, - }); - - var selector = function(t) { - return "#fedmenu-wrapper," + - "#fedmenu-" + t + "-button," + - "#fedmenu-" + t + "-content"; - }; - - var activate = function(t) { - $.each(master_data, content_makers[t]); - $(".fedmenu-exit", c).click(function() {deactivate(t);}); - add_footer_links(); - setTimeout(function() {$(selector(t), c).addClass('fedmenu-active');}, 50); - }; - var deactivate = function(t) { - $(selector(t), c).removeClass('fedmenu-active'); - $('.fedmenu-content', c).remove(); // destroy content. - }; - - var click_factory = function(t) { return function() { - if ($(this).hasClass('fedmenu-active')) { - deactivate(t); - } else { - // Deactivate any others that may be active before starting anew. - deactivate('main'); deactivate('user'); deactivate('package'); - activate(t); - } - };}; - $("#fedmenu-main-button", c).click(click_factory('main')); - $("#fedmenu-user-button", c).click(click_factory('user')); - $("#fedmenu-package-button", c).click(click_factory('package')); - $("#fedmenu-wrapper,.fedmenu-exit", c).click(function() { - deactivate('main'); - deactivate('user'); - deactivate('package'); - }); - $(document).keydown(function(event) { - if (event.key == 'Escape' || event.key == 'Esc'){ - deactivate('main'); - deactivate('user'); - deactivate('package'); - } - }); -}); }; diff --git a/roles/apps-fp-o/files/fedmenu-staging/js/fedora-libravatar.js b/roles/apps-fp-o/files/fedmenu-staging/js/fedora-libravatar.js deleted file mode 100644 index 0d7b52f9ce..0000000000 --- a/roles/apps-fp-o/files/fedmenu-staging/js/fedora-libravatar.js +++ /dev/null @@ -1,148 +0,0 @@ -/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -*/ -/* Libravatar retrieval for Fedora FAS usernames */ -/* (c) Ralph Bean 2015 / MIT License */ -/* Original SHA-256 implementation in JavaScript */ -/* (c) Chris Veness 2002-2014 / MIT Licence */ -/* */ -/* - see http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html */ -/* http://csrc.nist.gov/groups/ST/toolkit/examples.html */ -/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -*/ - -'use strict'; - - -var sha256 = {}; -var libravatar = {}; - -/** - * Generates SHA-256 hash of string. - * - * @param {string} msg - String to be hashed - * @returns {string} Hash of msg as hex character string - */ -sha256.hash = function(msg) { - // convert string to UTF-8, as SHA only deals with byte-streams - msg = msg.utf8Encode(); - - // constants [§4.2.2] - var K = [ - 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, - 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, - 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, - 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, - 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, - 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, - 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, - 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 ]; - // initial hash value [§5.3.1] - var H = [ - 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 ]; - - // PREPROCESSING - - msg += String.fromCharCode(0x80); // add trailing '1' bit (+ 0's padding) to string [§5.1.1] - - // convert string msg into 512-bit/16-integer blocks arrays of ints [§5.2.1] - var l = msg.length/4 + 2; // length (in 32-bit integers) of msg + ‘1’ + appended length - var N = Math.ceil(l/16); // number of 16-integer-blocks required to hold 'l' ints - var M = new Array(N); - - for (var i=0; i>> 32, but since JS converts - // bitwise-op args to 32 bits, we need to simulate this by arithmetic operators - M[N-1][14] = ((msg.length-1)*8) / Math.pow(2, 32); M[N-1][14] = Math.floor(M[N-1][14]); - M[N-1][15] = ((msg.length-1)*8) & 0xffffffff; - - - // HASH COMPUTATION [§6.1.2] - - var W = new Array(64); var a, b, c, d, e, f, g, h; - for (var i=0; i>> n) | (x << (32-n)); -}; - -sha256.BigSigma0 = function(x) { return sha256.ROTR(2, x) ^ sha256.ROTR(13, x) ^ sha256.ROTR(22, x); }; -sha256.BigSigma1 = function(x) { return sha256.ROTR(6, x) ^ sha256.ROTR(11, x) ^ sha256.ROTR(25, x); }; -sha256.SmallSigma0 = function(x) { return sha256.ROTR(7, x) ^ sha256.ROTR(18, x) ^ (x>>>3); }; -sha256.SmallSigma1 = function(x) { return sha256.ROTR(17, x) ^ sha256.ROTR(19, x) ^ (x>>>10); }; -sha256.Ch = function(x, y, z) { return (x & y) ^ (~x & z); }; -sha256.Maj = function(x, y, z) { return (x & y) ^ (x & z) ^ (y & z); }; - -sha256.toHexStr = function(n) { - // note can't use toString(16) as it is implementation-dependant, - // and in IE returns signed numbers when used on full words - var s="", v; - for (var i=7; i>=0; i--) { v = (n>>>(i*4)) & 0xf; s += v.toString(16); } - return s; -}; - - -if (typeof String.prototype.utf8Encode == 'undefined') { - String.prototype.utf8Encode = function() { - return unescape( encodeURIComponent( this ) ); - }; -} -if (typeof String.prototype.utf8Decode == 'undefined') { - String.prototype.utf8Decode = function() { - try { - return decodeURIComponent( escape( this ) ); - } catch (e) { - return this; // invalid UTF-8? return as-is - } - }; -} - -/* This is all that we need the sha256 code for... */ -libravatar.url = function(username, s, d) { - if (s === undefined) s = 64; - if (d === undefined) d = 'retro'; - - var openid = 'http://' + username + '.id.fedoraproject.org/' - var hash = sha256.hash(openid); - - return 'https://seccdn.libravatar.org/avatar/' + hash + '?s=' + s + '&d=' + d; -} diff --git a/roles/apps-fp-o/files/fedmenu-staging/js/jquery-1.11.2.min.js b/roles/apps-fp-o/files/fedmenu-staging/js/jquery-1.11.2.min.js deleted file mode 100644 index e6a051d0d1..0000000000 --- a/roles/apps-fp-o/files/fedmenu-staging/js/jquery-1.11.2.min.js +++ /dev/null @@ -1,4 +0,0 @@ -/*! jQuery v1.11.2 | (c) 2005, 2014 jQuery Foundation, Inc. | jquery.org/license */ -!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l="1.11.2",m=function(a,b){return new m.fn.init(a,b)},n=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,o=/^-ms-/,p=/-([\da-z])/gi,q=function(a,b){return b.toUpperCase()};m.fn=m.prototype={jquery:l,constructor:m,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=m.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return m.each(this,a,b)},map:function(a){return this.pushStack(m.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushStack(d.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.length,c=+a+(0>a?b:0);return this.pushStack(c>=0&&b>c?[this[c]]:[])},end:function(){return this.prevObject||this.constructor(null)},push:f,sort:c.sort,splice:c.splice},m.extend=m.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]||{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]||{},h++),"object"==typeof g||m.isFunction(g)||(g={}),h===i&&(g=this,h--);i>h;h++)if(null!=(e=arguments[h]))for(d in e)a=g[d],c=e[d],g!==c&&(j&&c&&(m.isPlainObject(c)||(b=m.isArray(c)))?(b?(b=!1,f=a&&m.isArray(a)?a:[]):f=a&&m.isPlainObject(a)?a:{},g[d]=m.extend(j,f,c)):void 0!==c&&(g[d]=c));return g},m.extend({expando:"jQuery"+(l+Math.random()).replace(/\D/g,""),isReady:!0,error:function(a){throw new Error(a)},noop:function(){},isFunction:function(a){return"function"===m.type(a)},isArray:Array.isArray||function(a){return"array"===m.type(a)},isWindow:function(a){return null!=a&&a==a.window},isNumeric:function(a){return!m.isArray(a)&&a-parseFloat(a)+1>=0},isEmptyObject:function(a){var b;for(b in a)return!1;return!0},isPlainObject:function(a){var b;if(!a||"object"!==m.type(a)||a.nodeType||m.isWindow(a))return!1;try{if(a.constructor&&!j.call(a,"constructor")&&!j.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}if(k.ownLast)for(b in a)return j.call(a,b);for(b in a);return void 0===b||j.call(a,b)},type:function(a){return null==a?a+"":"object"==typeof a||"function"==typeof a?h[i.call(a)]||"object":typeof a},globalEval:function(b){b&&m.trim(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(o,"ms-").replace(p,q)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b,c){var d,e=0,f=a.length,g=r(a);if(c){if(g){for(;f>e;e++)if(d=b.apply(a[e],c),d===!1)break}else for(e in a)if(d=b.apply(a[e],c),d===!1)break}else if(g){for(;f>e;e++)if(d=b.call(a[e],e,a[e]),d===!1)break}else for(e in a)if(d=b.call(a[e],e,a[e]),d===!1)break;return a},trim:function(a){return null==a?"":(a+"").replace(n,"")},makeArray:function(a,b){var c=b||[];return null!=a&&(r(Object(a))?m.merge(c,"string"==typeof a?[a]:a):f.call(c,a)),c},inArray:function(a,b,c){var d;if(b){if(g)return g.call(b,a,c);for(d=b.length,c=c?0>c?Math.max(0,d+c):c:0;d>c;c++)if(c in b&&b[c]===a)return c}return-1},merge:function(a,b){var c=+b.length,d=0,e=a.length;while(c>d)a[e++]=b[d++];if(c!==c)while(void 0!==b[d])a[e++]=b[d++];return a.length=e,a},grep:function(a,b,c){for(var d,e=[],f=0,g=a.length,h=!c;g>f;f++)d=!b(a[f],f),d!==h&&e.push(a[f]);return e},map:function(a,b,c){var d,f=0,g=a.length,h=r(a),i=[];if(h)for(;g>f;f++)d=b(a[f],f,c),null!=d&&i.push(d);else for(f in a)d=b(a[f],f,c),null!=d&&i.push(d);return e.apply([],i)},guid:1,proxy:function(a,b){var c,e,f;return"string"==typeof b&&(f=a[b],b=a,a=f),m.isFunction(a)?(c=d.call(arguments,2),e=function(){return a.apply(b||this,c.concat(d.call(arguments)))},e.guid=a.guid=a.guid||m.guid++,e):void 0},now:function(){return+new Date},support:k}),m.each("Boolean Number String Function Array Date RegExp Object Error".split(" "),function(a,b){h["[object "+b+"]"]=b.toLowerCase()});function r(a){var b=a.length,c=m.type(a);return"function"===c||m.isWindow(a)?!1:1===a.nodeType&&b?!0:"array"===c||0===b||"number"==typeof b&&b>0&&b-1 in a}var s=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=hb(),z=hb(),A=hb(),B=function(a,b){return a===b&&(l=!0),0},C=1<<31,D={}.hasOwnProperty,E=[],F=E.pop,G=E.push,H=E.push,I=E.slice,J=function(a,b){for(var c=0,d=a.length;d>c;c++)if(a[c]===b)return c;return-1},K="checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",L="[\\x20\\t\\r\\n\\f]",M="(?:\\\\.|[\\w-]|[^\\x00-\\xa0])+",N=M.replace("w","w#"),O="\\["+L+"*("+M+")(?:"+L+"*([*^$|!~]?=)"+L+"*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|("+N+"))|)"+L+"*\\]",P=":("+M+")(?:\\((('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|((?:\\\\.|[^\\\\()[\\]]|"+O+")*)|.*)\\)|)",Q=new RegExp(L+"+","g"),R=new RegExp("^"+L+"+|((?:^|[^\\\\])(?:\\\\.)*)"+L+"+$","g"),S=new RegExp("^"+L+"*,"+L+"*"),T=new RegExp("^"+L+"*([>+~]|"+L+")"+L+"*"),U=new RegExp("="+L+"*([^\\]'\"]*?)"+L+"*\\]","g"),V=new RegExp(P),W=new RegExp("^"+N+"$"),X={ID:new RegExp("^#("+M+")"),CLASS:new RegExp("^\\.("+M+")"),TAG:new RegExp("^("+M.replace("w","w*")+")"),ATTR:new RegExp("^"+O),PSEUDO:new RegExp("^"+P),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+L+"*(even|odd|(([+-]|)(\\d*)n|)"+L+"*(?:([+-]|)"+L+"*(\\d+)|))"+L+"*\\)|)","i"),bool:new RegExp("^(?:"+K+")$","i"),needsContext:new RegExp("^"+L+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+L+"*((?:-\\d)?\\d*)"+L+"*\\)|)(?=[^-]|$)","i")},Y=/^(?:input|select|textarea|button)$/i,Z=/^h\d$/i,$=/^[^{]+\{\s*\[native \w/,_=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,ab=/[+~]/,bb=/'|\\/g,cb=new RegExp("\\\\([\\da-f]{1,6}"+L+"?|("+L+")|.)","ig"),db=function(a,b,c){var d="0x"+b-65536;return d!==d||c?b:0>d?String.fromCharCode(d+65536):String.fromCharCode(d>>10|55296,1023&d|56320)},eb=function(){m()};try{H.apply(E=I.call(v.childNodes),v.childNodes),E[v.childNodes.length].nodeType}catch(fb){H={apply:E.length?function(a,b){G.apply(a,I.call(b))}:function(a,b){var c=a.length,d=0;while(a[c++]=b[d++]);a.length=c-1}}}function gb(a,b,d,e){var f,h,j,k,l,o,r,s,w,x;if((b?b.ownerDocument||b:v)!==n&&m(b),b=b||n,d=d||[],k=b.nodeType,"string"!=typeof a||!a||1!==k&&9!==k&&11!==k)return d;if(!e&&p){if(11!==k&&(f=_.exec(a)))if(j=f[1]){if(9===k){if(h=b.getElementById(j),!h||!h.parentNode)return d;if(h.id===j)return d.push(h),d}else if(b.ownerDocument&&(h=b.ownerDocument.getElementById(j))&&t(b,h)&&h.id===j)return d.push(h),d}else{if(f[2])return H.apply(d,b.getElementsByTagName(a)),d;if((j=f[3])&&c.getElementsByClassName)return H.apply(d,b.getElementsByClassName(j)),d}if(c.qsa&&(!q||!q.test(a))){if(s=r=u,w=b,x=1!==k&&a,1===k&&"object"!==b.nodeName.toLowerCase()){o=g(a),(r=b.getAttribute("id"))?s=r.replace(bb,"\\$&"):b.setAttribute("id",s),s="[id='"+s+"'] ",l=o.length;while(l--)o[l]=s+rb(o[l]);w=ab.test(a)&&pb(b.parentNode)||b,x=o.join(",")}if(x)try{return H.apply(d,w.querySelectorAll(x)),d}catch(y){}finally{r||b.removeAttribute("id")}}}return i(a.replace(R,"$1"),b,d,e)}function hb(){var a=[];function b(c,e){return a.push(c+" ")>d.cacheLength&&delete b[a.shift()],b[c+" "]=e}return b}function ib(a){return a[u]=!0,a}function jb(a){var b=n.createElement("div");try{return!!a(b)}catch(c){return!1}finally{b.parentNode&&b.parentNode.removeChild(b),b=null}}function kb(a,b){var c=a.split("|"),e=a.length;while(e--)d.attrHandle[c[e]]=b}function lb(a,b){var c=b&&a,d=c&&1===a.nodeType&&1===b.nodeType&&(~b.sourceIndex||C)-(~a.sourceIndex||C);if(d)return d;if(c)while(c=c.nextSibling)if(c===b)return-1;return a?1:-1}function mb(a){return function(b){var c=b.nodeName.toLowerCase();return"input"===c&&b.type===a}}function nb(a){return function(b){var c=b.nodeName.toLowerCase();return("input"===c||"button"===c)&&b.type===a}}function ob(a){return ib(function(b){return b=+b,ib(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e]=c[e]))})})}function pb(a){return a&&"undefined"!=typeof a.getElementsByTagName&&a}c=gb.support={},f=gb.isXML=function(a){var b=a&&(a.ownerDocument||a).documentElement;return b?"HTML"!==b.nodeName:!1},m=gb.setDocument=function(a){var b,e,g=a?a.ownerDocument||a:v;return g!==n&&9===g.nodeType&&g.documentElement?(n=g,o=g.documentElement,e=g.defaultView,e&&e!==e.top&&(e.addEventListener?e.addEventListener("unload",eb,!1):e.attachEvent&&e.attachEvent("onunload",eb)),p=!f(g),c.attributes=jb(function(a){return a.className="i",!a.getAttribute("className")}),c.getElementsByTagName=jb(function(a){return a.appendChild(g.createComment("")),!a.getElementsByTagName("*").length}),c.getElementsByClassName=$.test(g.getElementsByClassName),c.getById=jb(function(a){return o.appendChild(a).id=u,!g.getElementsByName||!g.getElementsByName(u).length}),c.getById?(d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c=b.getElementById(a);return c&&c.parentNode?[c]:[]}},d.filter.ID=function(a){var b=a.replace(cb,db);return function(a){return a.getAttribute("id")===b}}):(delete d.find.ID,d.filter.ID=function(a){var b=a.replace(cb,db);return function(a){var c="undefined"!=typeof a.getAttributeNode&&a.getAttributeNode("id");return c&&c.value===b}}),d.find.TAG=c.getElementsByTagName?function(a,b){return"undefined"!=typeof b.getElementsByTagName?b.getElementsByTagName(a):c.qsa?b.querySelectorAll(a):void 0}:function(a,b){var c,d=[],e=0,f=b.getElementsByTagName(a);if("*"===a){while(c=f[e++])1===c.nodeType&&d.push(c);return d}return f},d.find.CLASS=c.getElementsByClassName&&function(a,b){return p?b.getElementsByClassName(a):void 0},r=[],q=[],(c.qsa=$.test(g.querySelectorAll))&&(jb(function(a){o.appendChild(a).innerHTML="",a.querySelectorAll("[msallowcapture^='']").length&&q.push("[*^$]="+L+"*(?:''|\"\")"),a.querySelectorAll("[selected]").length||q.push("\\["+L+"*(?:value|"+K+")"),a.querySelectorAll("[id~="+u+"-]").length||q.push("~="),a.querySelectorAll(":checked").length||q.push(":checked"),a.querySelectorAll("a#"+u+"+*").length||q.push(".#.+[+~]")}),jb(function(a){var b=g.createElement("input");b.setAttribute("type","hidden"),a.appendChild(b).setAttribute("name","D"),a.querySelectorAll("[name=d]").length&&q.push("name"+L+"*[*^$|!~]?="),a.querySelectorAll(":enabled").length||q.push(":enabled",":disabled"),a.querySelectorAll("*,:x"),q.push(",.*:")})),(c.matchesSelector=$.test(s=o.matches||o.webkitMatchesSelector||o.mozMatchesSelector||o.oMatchesSelector||o.msMatchesSelector))&&jb(function(a){c.disconnectedMatch=s.call(a,"div"),s.call(a,"[s!='']:x"),r.push("!=",P)}),q=q.length&&new RegExp(q.join("|")),r=r.length&&new RegExp(r.join("|")),b=$.test(o.compareDocumentPosition),t=b||$.test(o.contains)?function(a,b){var c=9===a.nodeType?a.documentElement:a,d=b&&b.parentNode;return a===d||!(!d||1!==d.nodeType||!(c.contains?c.contains(d):a.compareDocumentPosition&&16&a.compareDocumentPosition(d)))}:function(a,b){if(b)while(b=b.parentNode)if(b===a)return!0;return!1},B=b?function(a,b){if(a===b)return l=!0,0;var d=!a.compareDocumentPosition-!b.compareDocumentPosition;return d?d:(d=(a.ownerDocument||a)===(b.ownerDocument||b)?a.compareDocumentPosition(b):1,1&d||!c.sortDetached&&b.compareDocumentPosition(a)===d?a===g||a.ownerDocument===v&&t(v,a)?-1:b===g||b.ownerDocument===v&&t(v,b)?1:k?J(k,a)-J(k,b):0:4&d?-1:1)}:function(a,b){if(a===b)return l=!0,0;var c,d=0,e=a.parentNode,f=b.parentNode,h=[a],i=[b];if(!e||!f)return a===g?-1:b===g?1:e?-1:f?1:k?J(k,a)-J(k,b):0;if(e===f)return lb(a,b);c=a;while(c=c.parentNode)h.unshift(c);c=b;while(c=c.parentNode)i.unshift(c);while(h[d]===i[d])d++;return d?lb(h[d],i[d]):h[d]===v?-1:i[d]===v?1:0},g):n},gb.matches=function(a,b){return gb(a,null,null,b)},gb.matchesSelector=function(a,b){if((a.ownerDocument||a)!==n&&m(a),b=b.replace(U,"='$1']"),!(!c.matchesSelector||!p||r&&r.test(b)||q&&q.test(b)))try{var d=s.call(a,b);if(d||c.disconnectedMatch||a.document&&11!==a.document.nodeType)return d}catch(e){}return gb(b,n,null,[a]).length>0},gb.contains=function(a,b){return(a.ownerDocument||a)!==n&&m(a),t(a,b)},gb.attr=function(a,b){(a.ownerDocument||a)!==n&&m(a);var e=d.attrHandle[b.toLowerCase()],f=e&&D.call(d.attrHandle,b.toLowerCase())?e(a,b,!p):void 0;return void 0!==f?f:c.attributes||!p?a.getAttribute(b):(f=a.getAttributeNode(b))&&f.specified?f.value:null},gb.error=function(a){throw new Error("Syntax error, unrecognized expression: "+a)},gb.uniqueSort=function(a){var b,d=[],e=0,f=0;if(l=!c.detectDuplicates,k=!c.sortStable&&a.slice(0),a.sort(B),l){while(b=a[f++])b===a[f]&&(e=d.push(f));while(e--)a.splice(d[e],1)}return k=null,a},e=gb.getText=function(a){var b,c="",d=0,f=a.nodeType;if(f){if(1===f||9===f||11===f){if("string"==typeof a.textContent)return a.textContent;for(a=a.firstChild;a;a=a.nextSibling)c+=e(a)}else if(3===f||4===f)return a.nodeValue}else while(b=a[d++])c+=e(b);return c},d=gb.selectors={cacheLength:50,createPseudo:ib,match:X,attrHandle:{},find:{},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(a){return a[1]=a[1].replace(cb,db),a[3]=(a[3]||a[4]||a[5]||"").replace(cb,db),"~="===a[2]&&(a[3]=" "+a[3]+" "),a.slice(0,4)},CHILD:function(a){return a[1]=a[1].toLowerCase(),"nth"===a[1].slice(0,3)?(a[3]||gb.error(a[0]),a[4]=+(a[4]?a[5]+(a[6]||1):2*("even"===a[3]||"odd"===a[3])),a[5]=+(a[7]+a[8]||"odd"===a[3])):a[3]&&gb.error(a[0]),a},PSEUDO:function(a){var b,c=!a[6]&&a[2];return X.CHILD.test(a[0])?null:(a[3]?a[2]=a[4]||a[5]||"":c&&V.test(c)&&(b=g(c,!0))&&(b=c.indexOf(")",c.length-b)-c.length)&&(a[0]=a[0].slice(0,b),a[2]=c.slice(0,b)),a.slice(0,3))}},filter:{TAG:function(a){var b=a.replace(cb,db).toLowerCase();return"*"===a?function(){return!0}:function(a){return a.nodeName&&a.nodeName.toLowerCase()===b}},CLASS:function(a){var b=y[a+" "];return b||(b=new RegExp("(^|"+L+")"+a+"("+L+"|$)"))&&y(a,function(a){return b.test("string"==typeof a.className&&a.className||"undefined"!=typeof a.getAttribute&&a.getAttribute("class")||"")})},ATTR:function(a,b,c){return function(d){var e=gb.attr(d,a);return null==e?"!="===b:b?(e+="","="===b?e===c:"!="===b?e!==c:"^="===b?c&&0===e.indexOf(c):"*="===b?c&&e.indexOf(c)>-1:"$="===b?c&&e.slice(-c.length)===c:"~="===b?(" "+e.replace(Q," ")+" ").indexOf(c)>-1:"|="===b?e===c||e.slice(0,c.length+1)===c+"-":!1):!0}},CHILD:function(a,b,c,d,e){var f="nth"!==a.slice(0,3),g="last"!==a.slice(-4),h="of-type"===b;return 1===d&&0===e?function(a){return!!a.parentNode}:function(b,c,i){var j,k,l,m,n,o,p=f!==g?"nextSibling":"previousSibling",q=b.parentNode,r=h&&b.nodeName.toLowerCase(),s=!i&&!h;if(q){if(f){while(p){l=b;while(l=l[p])if(h?l.nodeName.toLowerCase()===r:1===l.nodeType)return!1;o=p="only"===a&&!o&&"nextSibling"}return!0}if(o=[g?q.firstChild:q.lastChild],g&&s){k=q[u]||(q[u]={}),j=k[a]||[],n=j[0]===w&&j[1],m=j[0]===w&&j[2],l=n&&q.childNodes[n];while(l=++n&&l&&l[p]||(m=n=0)||o.pop())if(1===l.nodeType&&++m&&l===b){k[a]=[w,n,m];break}}else if(s&&(j=(b[u]||(b[u]={}))[a])&&j[0]===w)m=j[1];else while(l=++n&&l&&l[p]||(m=n=0)||o.pop())if((h?l.nodeName.toLowerCase()===r:1===l.nodeType)&&++m&&(s&&((l[u]||(l[u]={}))[a]=[w,m]),l===b))break;return m-=e,m===d||m%d===0&&m/d>=0}}},PSEUDO:function(a,b){var c,e=d.pseudos[a]||d.setFilters[a.toLowerCase()]||gb.error("unsupported pseudo: "+a);return e[u]?e(b):e.length>1?(c=[a,a,"",b],d.setFilters.hasOwnProperty(a.toLowerCase())?ib(function(a,c){var d,f=e(a,b),g=f.length;while(g--)d=J(a,f[g]),a[d]=!(c[d]=f[g])}):function(a){return e(a,0,c)}):e}},pseudos:{not:ib(function(a){var b=[],c=[],d=h(a.replace(R,"$1"));return d[u]?ib(function(a,b,c,e){var f,g=d(a,null,e,[]),h=a.length;while(h--)(f=g[h])&&(a[h]=!(b[h]=f))}):function(a,e,f){return b[0]=a,d(b,null,f,c),b[0]=null,!c.pop()}}),has:ib(function(a){return function(b){return gb(a,b).length>0}}),contains:ib(function(a){return a=a.replace(cb,db),function(b){return(b.textContent||b.innerText||e(b)).indexOf(a)>-1}}),lang:ib(function(a){return W.test(a||"")||gb.error("unsupported lang: "+a),a=a.replace(cb,db).toLowerCase(),function(b){var c;do if(c=p?b.lang:b.getAttribute("xml:lang")||b.getAttribute("lang"))return c=c.toLowerCase(),c===a||0===c.indexOf(a+"-");while((b=b.parentNode)&&1===b.nodeType);return!1}}),target:function(b){var c=a.location&&a.location.hash;return c&&c.slice(1)===b.id},root:function(a){return a===o},focus:function(a){return a===n.activeElement&&(!n.hasFocus||n.hasFocus())&&!!(a.type||a.href||~a.tabIndex)},enabled:function(a){return a.disabled===!1},disabled:function(a){return a.disabled===!0},checked:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&!!a.checked||"option"===b&&!!a.selected},selected:function(a){return a.parentNode&&a.parentNode.selectedIndex,a.selected===!0},empty:function(a){for(a=a.firstChild;a;a=a.nextSibling)if(a.nodeType<6)return!1;return!0},parent:function(a){return!d.pseudos.empty(a)},header:function(a){return Z.test(a.nodeName)},input:function(a){return Y.test(a.nodeName)},button:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&"button"===a.type||"button"===b},text:function(a){var b;return"input"===a.nodeName.toLowerCase()&&"text"===a.type&&(null==(b=a.getAttribute("type"))||"text"===b.toLowerCase())},first:ob(function(){return[0]}),last:ob(function(a,b){return[b-1]}),eq:ob(function(a,b,c){return[0>c?c+b:c]}),even:ob(function(a,b){for(var c=0;b>c;c+=2)a.push(c);return a}),odd:ob(function(a,b){for(var c=1;b>c;c+=2)a.push(c);return a}),lt:ob(function(a,b,c){for(var d=0>c?c+b:c;--d>=0;)a.push(d);return a}),gt:ob(function(a,b,c){for(var d=0>c?c+b:c;++db;b++)d+=a[b].value;return d}function sb(a,b,c){var d=b.dir,e=c&&"parentNode"===d,f=x++;return b.first?function(b,c,f){while(b=b[d])if(1===b.nodeType||e)return a(b,c,f)}:function(b,c,g){var h,i,j=[w,f];if(g){while(b=b[d])if((1===b.nodeType||e)&&a(b,c,g))return!0}else while(b=b[d])if(1===b.nodeType||e){if(i=b[u]||(b[u]={}),(h=i[d])&&h[0]===w&&h[1]===f)return j[2]=h[2];if(i[d]=j,j[2]=a(b,c,g))return!0}}}function tb(a){return a.length>1?function(b,c,d){var e=a.length;while(e--)if(!a[e](b,c,d))return!1;return!0}:a[0]}function ub(a,b,c){for(var d=0,e=b.length;e>d;d++)gb(a,b[d],c);return c}function vb(a,b,c,d,e){for(var f,g=[],h=0,i=a.length,j=null!=b;i>h;h++)(f=a[h])&&(!c||c(f,d,e))&&(g.push(f),j&&b.push(h));return g}function wb(a,b,c,d,e,f){return d&&!d[u]&&(d=wb(d)),e&&!e[u]&&(e=wb(e,f)),ib(function(f,g,h,i){var j,k,l,m=[],n=[],o=g.length,p=f||ub(b||"*",h.nodeType?[h]:h,[]),q=!a||!f&&b?p:vb(p,m,a,h,i),r=c?e||(f?a:o||d)?[]:g:q;if(c&&c(q,r,h,i),d){j=vb(r,n),d(j,[],h,i),k=j.length;while(k--)(l=j[k])&&(r[n[k]]=!(q[n[k]]=l))}if(f){if(e||a){if(e){j=[],k=r.length;while(k--)(l=r[k])&&j.push(q[k]=l);e(null,r=[],j,i)}k=r.length;while(k--)(l=r[k])&&(j=e?J(f,l):m[k])>-1&&(f[j]=!(g[j]=l))}}else r=vb(r===g?r.splice(o,r.length):r),e?e(null,g,r,i):H.apply(g,r)})}function xb(a){for(var b,c,e,f=a.length,g=d.relative[a[0].type],h=g||d.relative[" "],i=g?1:0,k=sb(function(a){return a===b},h,!0),l=sb(function(a){return J(b,a)>-1},h,!0),m=[function(a,c,d){var e=!g&&(d||c!==j)||((b=c).nodeType?k(a,c,d):l(a,c,d));return b=null,e}];f>i;i++)if(c=d.relative[a[i].type])m=[sb(tb(m),c)];else{if(c=d.filter[a[i].type].apply(null,a[i].matches),c[u]){for(e=++i;f>e;e++)if(d.relative[a[e].type])break;return wb(i>1&&tb(m),i>1&&rb(a.slice(0,i-1).concat({value:" "===a[i-2].type?"*":""})).replace(R,"$1"),c,e>i&&xb(a.slice(i,e)),f>e&&xb(a=a.slice(e)),f>e&&rb(a))}m.push(c)}return tb(m)}function yb(a,b){var c=b.length>0,e=a.length>0,f=function(f,g,h,i,k){var l,m,o,p=0,q="0",r=f&&[],s=[],t=j,u=f||e&&d.find.TAG("*",k),v=w+=null==t?1:Math.random()||.1,x=u.length;for(k&&(j=g!==n&&g);q!==x&&null!=(l=u[q]);q++){if(e&&l){m=0;while(o=a[m++])if(o(l,g,h)){i.push(l);break}k&&(w=v)}c&&((l=!o&&l)&&p--,f&&r.push(l))}if(p+=q,c&&q!==p){m=0;while(o=b[m++])o(r,s,g,h);if(f){if(p>0)while(q--)r[q]||s[q]||(s[q]=F.call(i));s=vb(s)}H.apply(i,s),k&&!f&&s.length>0&&p+b.length>1&&gb.uniqueSort(i)}return k&&(w=v,j=t),r};return c?ib(f):f}return h=gb.compile=function(a,b){var c,d=[],e=[],f=A[a+" "];if(!f){b||(b=g(a)),c=b.length;while(c--)f=xb(b[c]),f[u]?d.push(f):e.push(f);f=A(a,yb(e,d)),f.selector=a}return f},i=gb.select=function(a,b,e,f){var i,j,k,l,m,n="function"==typeof a&&a,o=!f&&g(a=n.selector||a);if(e=e||[],1===o.length){if(j=o[0]=o[0].slice(0),j.length>2&&"ID"===(k=j[0]).type&&c.getById&&9===b.nodeType&&p&&d.relative[j[1].type]){if(b=(d.find.ID(k.matches[0].replace(cb,db),b)||[])[0],!b)return e;n&&(b=b.parentNode),a=a.slice(j.shift().value.length)}i=X.needsContext.test(a)?0:j.length;while(i--){if(k=j[i],d.relative[l=k.type])break;if((m=d.find[l])&&(f=m(k.matches[0].replace(cb,db),ab.test(j[0].type)&&pb(b.parentNode)||b))){if(j.splice(i,1),a=f.length&&rb(j),!a)return H.apply(e,f),e;break}}}return(n||h(a,o))(f,b,!p,e,ab.test(a)&&pb(b.parentNode)||b),e},c.sortStable=u.split("").sort(B).join("")===u,c.detectDuplicates=!!l,m(),c.sortDetached=jb(function(a){return 1&a.compareDocumentPosition(n.createElement("div"))}),jb(function(a){return a.innerHTML="","#"===a.firstChild.getAttribute("href")})||kb("type|href|height|width",function(a,b,c){return c?void 0:a.getAttribute(b,"type"===b.toLowerCase()?1:2)}),c.attributes&&jb(function(a){return a.innerHTML="",a.firstChild.setAttribute("value",""),""===a.firstChild.getAttribute("value")})||kb("value",function(a,b,c){return c||"input"!==a.nodeName.toLowerCase()?void 0:a.defaultValue}),jb(function(a){return null==a.getAttribute("disabled")})||kb(K,function(a,b,c){var d;return c?void 0:a[b]===!0?b.toLowerCase():(d=a.getAttributeNode(b))&&d.specified?d.value:null}),gb}(a);m.find=s,m.expr=s.selectors,m.expr[":"]=m.expr.pseudos,m.unique=s.uniqueSort,m.text=s.getText,m.isXMLDoc=s.isXML,m.contains=s.contains;var t=m.expr.match.needsContext,u=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,v=/^.[^:#\[\.,]*$/;function w(a,b,c){if(m.isFunction(b))return m.grep(a,function(a,d){return!!b.call(a,d,a)!==c});if(b.nodeType)return m.grep(a,function(a){return a===b!==c});if("string"==typeof b){if(v.test(b))return m.filter(b,a,c);b=m.filter(b,a)}return m.grep(a,function(a){return m.inArray(a,b)>=0!==c})}m.filter=function(a,b,c){var d=b[0];return c&&(a=":not("+a+")"),1===b.length&&1===d.nodeType?m.find.matchesSelector(d,a)?[d]:[]:m.find.matches(a,m.grep(b,function(a){return 1===a.nodeType}))},m.fn.extend({find:function(a){var b,c=[],d=this,e=d.length;if("string"!=typeof a)return this.pushStack(m(a).filter(function(){for(b=0;e>b;b++)if(m.contains(d[b],this))return!0}));for(b=0;e>b;b++)m.find(a,d[b],c);return c=this.pushStack(e>1?m.unique(c):c),c.selector=this.selector?this.selector+" "+a:a,c},filter:function(a){return this.pushStack(w(this,a||[],!1))},not:function(a){return this.pushStack(w(this,a||[],!0))},is:function(a){return!!w(this,"string"==typeof a&&t.test(a)?m(a):a||[],!1).length}});var x,y=a.document,z=/^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]*))$/,A=m.fn.init=function(a,b){var c,d;if(!a)return this;if("string"==typeof a){if(c="<"===a.charAt(0)&&">"===a.charAt(a.length-1)&&a.length>=3?[null,a,null]:z.exec(a),!c||!c[1]&&b)return!b||b.jquery?(b||x).find(a):this.constructor(b).find(a);if(c[1]){if(b=b instanceof m?b[0]:b,m.merge(this,m.parseHTML(c[1],b&&b.nodeType?b.ownerDocument||b:y,!0)),u.test(c[1])&&m.isPlainObject(b))for(c in b)m.isFunction(this[c])?this[c](b[c]):this.attr(c,b[c]);return this}if(d=y.getElementById(c[2]),d&&d.parentNode){if(d.id!==c[2])return x.find(a);this.length=1,this[0]=d}return this.context=y,this.selector=a,this}return a.nodeType?(this.context=this[0]=a,this.length=1,this):m.isFunction(a)?"undefined"!=typeof x.ready?x.ready(a):a(m):(void 0!==a.selector&&(this.selector=a.selector,this.context=a.context),m.makeArray(a,this))};A.prototype=m.fn,x=m(y);var B=/^(?:parents|prev(?:Until|All))/,C={children:!0,contents:!0,next:!0,prev:!0};m.extend({dir:function(a,b,c){var d=[],e=a[b];while(e&&9!==e.nodeType&&(void 0===c||1!==e.nodeType||!m(e).is(c)))1===e.nodeType&&d.push(e),e=e[b];return d},sibling:function(a,b){for(var c=[];a;a=a.nextSibling)1===a.nodeType&&a!==b&&c.push(a);return c}}),m.fn.extend({has:function(a){var b,c=m(a,this),d=c.length;return this.filter(function(){for(b=0;d>b;b++)if(m.contains(this,c[b]))return!0})},closest:function(a,b){for(var c,d=0,e=this.length,f=[],g=t.test(a)||"string"!=typeof a?m(a,b||this.context):0;e>d;d++)for(c=this[d];c&&c!==b;c=c.parentNode)if(c.nodeType<11&&(g?g.index(c)>-1:1===c.nodeType&&m.find.matchesSelector(c,a))){f.push(c);break}return this.pushStack(f.length>1?m.unique(f):f)},index:function(a){return a?"string"==typeof a?m.inArray(this[0],m(a)):m.inArray(a.jquery?a[0]:a,this):this[0]&&this[0].parentNode?this.first().prevAll().length:-1},add:function(a,b){return this.pushStack(m.unique(m.merge(this.get(),m(a,b))))},addBack:function(a){return this.add(null==a?this.prevObject:this.prevObject.filter(a))}});function D(a,b){do a=a[b];while(a&&1!==a.nodeType);return a}m.each({parent:function(a){var b=a.parentNode;return b&&11!==b.nodeType?b:null},parents:function(a){return m.dir(a,"parentNode")},parentsUntil:function(a,b,c){return m.dir(a,"parentNode",c)},next:function(a){return D(a,"nextSibling")},prev:function(a){return D(a,"previousSibling")},nextAll:function(a){return m.dir(a,"nextSibling")},prevAll:function(a){return m.dir(a,"previousSibling")},nextUntil:function(a,b,c){return m.dir(a,"nextSibling",c)},prevUntil:function(a,b,c){return m.dir(a,"previousSibling",c)},siblings:function(a){return m.sibling((a.parentNode||{}).firstChild,a)},children:function(a){return m.sibling(a.firstChild)},contents:function(a){return m.nodeName(a,"iframe")?a.contentDocument||a.contentWindow.document:m.merge([],a.childNodes)}},function(a,b){m.fn[a]=function(c,d){var e=m.map(this,b,c);return"Until"!==a.slice(-5)&&(d=c),d&&"string"==typeof d&&(e=m.filter(d,e)),this.length>1&&(C[a]||(e=m.unique(e)),B.test(a)&&(e=e.reverse())),this.pushStack(e)}});var E=/\S+/g,F={};function G(a){var b=F[a]={};return m.each(a.match(E)||[],function(a,c){b[c]=!0}),b}m.Callbacks=function(a){a="string"==typeof a?F[a]||G(a):m.extend({},a);var b,c,d,e,f,g,h=[],i=!a.once&&[],j=function(l){for(c=a.memory&&l,d=!0,f=g||0,g=0,e=h.length,b=!0;h&&e>f;f++)if(h[f].apply(l[0],l[1])===!1&&a.stopOnFalse){c=!1;break}b=!1,h&&(i?i.length&&j(i.shift()):c?h=[]:k.disable())},k={add:function(){if(h){var d=h.length;!function f(b){m.each(b,function(b,c){var d=m.type(c);"function"===d?a.unique&&k.has(c)||h.push(c):c&&c.length&&"string"!==d&&f(c)})}(arguments),b?e=h.length:c&&(g=d,j(c))}return this},remove:function(){return h&&m.each(arguments,function(a,c){var d;while((d=m.inArray(c,h,d))>-1)h.splice(d,1),b&&(e>=d&&e--,f>=d&&f--)}),this},has:function(a){return a?m.inArray(a,h)>-1:!(!h||!h.length)},empty:function(){return h=[],e=0,this},disable:function(){return h=i=c=void 0,this},disabled:function(){return!h},lock:function(){return i=void 0,c||k.disable(),this},locked:function(){return!i},fireWith:function(a,c){return!h||d&&!i||(c=c||[],c=[a,c.slice?c.slice():c],b?i.push(c):j(c)),this},fire:function(){return k.fireWith(this,arguments),this},fired:function(){return!!d}};return k},m.extend({Deferred:function(a){var b=[["resolve","done",m.Callbacks("once memory"),"resolved"],["reject","fail",m.Callbacks("once memory"),"rejected"],["notify","progress",m.Callbacks("memory")]],c="pending",d={state:function(){return c},always:function(){return e.done(arguments).fail(arguments),this},then:function(){var a=arguments;return m.Deferred(function(c){m.each(b,function(b,f){var g=m.isFunction(a[b])&&a[b];e[f[1]](function(){var a=g&&g.apply(this,arguments);a&&m.isFunction(a.promise)?a.promise().done(c.resolve).fail(c.reject).progress(c.notify):c[f[0]+"With"](this===d?c.promise():this,g?[a]:arguments)})}),a=null}).promise()},promise:function(a){return null!=a?m.extend(a,d):d}},e={};return d.pipe=d.then,m.each(b,function(a,f){var g=f[2],h=f[3];d[f[1]]=g.add,h&&g.add(function(){c=h},b[1^a][2].disable,b[2][2].lock),e[f[0]]=function(){return e[f[0]+"With"](this===e?d:this,arguments),this},e[f[0]+"With"]=g.fireWith}),d.promise(e),a&&a.call(e,e),e},when:function(a){var b=0,c=d.call(arguments),e=c.length,f=1!==e||a&&m.isFunction(a.promise)?e:0,g=1===f?a:m.Deferred(),h=function(a,b,c){return function(e){b[a]=this,c[a]=arguments.length>1?d.call(arguments):e,c===i?g.notifyWith(b,c):--f||g.resolveWith(b,c)}},i,j,k;if(e>1)for(i=new Array(e),j=new Array(e),k=new Array(e);e>b;b++)c[b]&&m.isFunction(c[b].promise)?c[b].promise().done(h(b,k,c)).fail(g.reject).progress(h(b,j,i)):--f;return f||g.resolveWith(k,c),g.promise()}});var H;m.fn.ready=function(a){return m.ready.promise().done(a),this},m.extend({isReady:!1,readyWait:1,holdReady:function(a){a?m.readyWait++:m.ready(!0)},ready:function(a){if(a===!0?!--m.readyWait:!m.isReady){if(!y.body)return setTimeout(m.ready);m.isReady=!0,a!==!0&&--m.readyWait>0||(H.resolveWith(y,[m]),m.fn.triggerHandler&&(m(y).triggerHandler("ready"),m(y).off("ready")))}}});function I(){y.addEventListener?(y.removeEventListener("DOMContentLoaded",J,!1),a.removeEventListener("load",J,!1)):(y.detachEvent("onreadystatechange",J),a.detachEvent("onload",J))}function J(){(y.addEventListener||"load"===event.type||"complete"===y.readyState)&&(I(),m.ready())}m.ready.promise=function(b){if(!H)if(H=m.Deferred(),"complete"===y.readyState)setTimeout(m.ready);else if(y.addEventListener)y.addEventListener("DOMContentLoaded",J,!1),a.addEventListener("load",J,!1);else{y.attachEvent("onreadystatechange",J),a.attachEvent("onload",J);var c=!1;try{c=null==a.frameElement&&y.documentElement}catch(d){}c&&c.doScroll&&!function e(){if(!m.isReady){try{c.doScroll("left")}catch(a){return setTimeout(e,50)}I(),m.ready()}}()}return H.promise(b)};var K="undefined",L;for(L in m(k))break;k.ownLast="0"!==L,k.inlineBlockNeedsLayout=!1,m(function(){var a,b,c,d;c=y.getElementsByTagName("body")[0],c&&c.style&&(b=y.createElement("div"),d=y.createElement("div"),d.style.cssText="position:absolute;border:0;width:0;height:0;top:0;left:-9999px",c.appendChild(d).appendChild(b),typeof b.style.zoom!==K&&(b.style.cssText="display:inline;margin:0;border:0;padding:1px;width:1px;zoom:1",k.inlineBlockNeedsLayout=a=3===b.offsetWidth,a&&(c.style.zoom=1)),c.removeChild(d))}),function(){var a=y.createElement("div");if(null==k.deleteExpando){k.deleteExpando=!0;try{delete a.test}catch(b){k.deleteExpando=!1}}a=null}(),m.acceptData=function(a){var b=m.noData[(a.nodeName+" ").toLowerCase()],c=+a.nodeType||1;return 1!==c&&9!==c?!1:!b||b!==!0&&a.getAttribute("classid")===b};var M=/^(?:\{[\w\W]*\}|\[[\w\W]*\])$/,N=/([A-Z])/g;function O(a,b,c){if(void 0===c&&1===a.nodeType){var d="data-"+b.replace(N,"-$1").toLowerCase();if(c=a.getAttribute(d),"string"==typeof c){try{c="true"===c?!0:"false"===c?!1:"null"===c?null:+c+""===c?+c:M.test(c)?m.parseJSON(c):c}catch(e){}m.data(a,b,c)}else c=void 0}return c}function P(a){var b;for(b in a)if(("data"!==b||!m.isEmptyObject(a[b]))&&"toJSON"!==b)return!1; -return!0}function Q(a,b,d,e){if(m.acceptData(a)){var f,g,h=m.expando,i=a.nodeType,j=i?m.cache:a,k=i?a[h]:a[h]&&h;if(k&&j[k]&&(e||j[k].data)||void 0!==d||"string"!=typeof b)return k||(k=i?a[h]=c.pop()||m.guid++:h),j[k]||(j[k]=i?{}:{toJSON:m.noop}),("object"==typeof b||"function"==typeof b)&&(e?j[k]=m.extend(j[k],b):j[k].data=m.extend(j[k].data,b)),g=j[k],e||(g.data||(g.data={}),g=g.data),void 0!==d&&(g[m.camelCase(b)]=d),"string"==typeof b?(f=g[b],null==f&&(f=g[m.camelCase(b)])):f=g,f}}function R(a,b,c){if(m.acceptData(a)){var d,e,f=a.nodeType,g=f?m.cache:a,h=f?a[m.expando]:m.expando;if(g[h]){if(b&&(d=c?g[h]:g[h].data)){m.isArray(b)?b=b.concat(m.map(b,m.camelCase)):b in d?b=[b]:(b=m.camelCase(b),b=b in d?[b]:b.split(" ")),e=b.length;while(e--)delete d[b[e]];if(c?!P(d):!m.isEmptyObject(d))return}(c||(delete g[h].data,P(g[h])))&&(f?m.cleanData([a],!0):k.deleteExpando||g!=g.window?delete g[h]:g[h]=null)}}}m.extend({cache:{},noData:{"applet ":!0,"embed ":!0,"object ":"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"},hasData:function(a){return a=a.nodeType?m.cache[a[m.expando]]:a[m.expando],!!a&&!P(a)},data:function(a,b,c){return Q(a,b,c)},removeData:function(a,b){return R(a,b)},_data:function(a,b,c){return Q(a,b,c,!0)},_removeData:function(a,b){return R(a,b,!0)}}),m.fn.extend({data:function(a,b){var c,d,e,f=this[0],g=f&&f.attributes;if(void 0===a){if(this.length&&(e=m.data(f),1===f.nodeType&&!m._data(f,"parsedAttrs"))){c=g.length;while(c--)g[c]&&(d=g[c].name,0===d.indexOf("data-")&&(d=m.camelCase(d.slice(5)),O(f,d,e[d])));m._data(f,"parsedAttrs",!0)}return e}return"object"==typeof a?this.each(function(){m.data(this,a)}):arguments.length>1?this.each(function(){m.data(this,a,b)}):f?O(f,a,m.data(f,a)):void 0},removeData:function(a){return this.each(function(){m.removeData(this,a)})}}),m.extend({queue:function(a,b,c){var d;return a?(b=(b||"fx")+"queue",d=m._data(a,b),c&&(!d||m.isArray(c)?d=m._data(a,b,m.makeArray(c)):d.push(c)),d||[]):void 0},dequeue:function(a,b){b=b||"fx";var c=m.queue(a,b),d=c.length,e=c.shift(),f=m._queueHooks(a,b),g=function(){m.dequeue(a,b)};"inprogress"===e&&(e=c.shift(),d--),e&&("fx"===b&&c.unshift("inprogress"),delete f.stop,e.call(a,g,f)),!d&&f&&f.empty.fire()},_queueHooks:function(a,b){var c=b+"queueHooks";return m._data(a,c)||m._data(a,c,{empty:m.Callbacks("once memory").add(function(){m._removeData(a,b+"queue"),m._removeData(a,c)})})}}),m.fn.extend({queue:function(a,b){var c=2;return"string"!=typeof a&&(b=a,a="fx",c--),arguments.lengthh;h++)b(a[h],c,g?d:d.call(a[h],h,b(a[h],c)));return e?a:j?b.call(a):i?b(a[0],c):f},W=/^(?:checkbox|radio)$/i;!function(){var a=y.createElement("input"),b=y.createElement("div"),c=y.createDocumentFragment();if(b.innerHTML="
a",k.leadingWhitespace=3===b.firstChild.nodeType,k.tbody=!b.getElementsByTagName("tbody").length,k.htmlSerialize=!!b.getElementsByTagName("link").length,k.html5Clone="<:nav>"!==y.createElement("nav").cloneNode(!0).outerHTML,a.type="checkbox",a.checked=!0,c.appendChild(a),k.appendChecked=a.checked,b.innerHTML="",k.noCloneChecked=!!b.cloneNode(!0).lastChild.defaultValue,c.appendChild(b),b.innerHTML="",k.checkClone=b.cloneNode(!0).cloneNode(!0).lastChild.checked,k.noCloneEvent=!0,b.attachEvent&&(b.attachEvent("onclick",function(){k.noCloneEvent=!1}),b.cloneNode(!0).click()),null==k.deleteExpando){k.deleteExpando=!0;try{delete b.test}catch(d){k.deleteExpando=!1}}}(),function(){var b,c,d=y.createElement("div");for(b in{submit:!0,change:!0,focusin:!0})c="on"+b,(k[b+"Bubbles"]=c in a)||(d.setAttribute(c,"t"),k[b+"Bubbles"]=d.attributes[c].expando===!1);d=null}();var X=/^(?:input|select|textarea)$/i,Y=/^key/,Z=/^(?:mouse|pointer|contextmenu)|click/,$=/^(?:focusinfocus|focusoutblur)$/,_=/^([^.]*)(?:\.(.+)|)$/;function ab(){return!0}function bb(){return!1}function cb(){try{return y.activeElement}catch(a){}}m.event={global:{},add:function(a,b,c,d,e){var f,g,h,i,j,k,l,n,o,p,q,r=m._data(a);if(r){c.handler&&(i=c,c=i.handler,e=i.selector),c.guid||(c.guid=m.guid++),(g=r.events)||(g=r.events={}),(k=r.handle)||(k=r.handle=function(a){return typeof m===K||a&&m.event.triggered===a.type?void 0:m.event.dispatch.apply(k.elem,arguments)},k.elem=a),b=(b||"").match(E)||[""],h=b.length;while(h--)f=_.exec(b[h])||[],o=q=f[1],p=(f[2]||"").split(".").sort(),o&&(j=m.event.special[o]||{},o=(e?j.delegateType:j.bindType)||o,j=m.event.special[o]||{},l=m.extend({type:o,origType:q,data:d,handler:c,guid:c.guid,selector:e,needsContext:e&&m.expr.match.needsContext.test(e),namespace:p.join(".")},i),(n=g[o])||(n=g[o]=[],n.delegateCount=0,j.setup&&j.setup.call(a,d,p,k)!==!1||(a.addEventListener?a.addEventListener(o,k,!1):a.attachEvent&&a.attachEvent("on"+o,k))),j.add&&(j.add.call(a,l),l.handler.guid||(l.handler.guid=c.guid)),e?n.splice(n.delegateCount++,0,l):n.push(l),m.event.global[o]=!0);a=null}},remove:function(a,b,c,d,e){var f,g,h,i,j,k,l,n,o,p,q,r=m.hasData(a)&&m._data(a);if(r&&(k=r.events)){b=(b||"").match(E)||[""],j=b.length;while(j--)if(h=_.exec(b[j])||[],o=q=h[1],p=(h[2]||"").split(".").sort(),o){l=m.event.special[o]||{},o=(d?l.delegateType:l.bindType)||o,n=k[o]||[],h=h[2]&&new RegExp("(^|\\.)"+p.join("\\.(?:.*\\.|)")+"(\\.|$)"),i=f=n.length;while(f--)g=n[f],!e&&q!==g.origType||c&&c.guid!==g.guid||h&&!h.test(g.namespace)||d&&d!==g.selector&&("**"!==d||!g.selector)||(n.splice(f,1),g.selector&&n.delegateCount--,l.remove&&l.remove.call(a,g));i&&!n.length&&(l.teardown&&l.teardown.call(a,p,r.handle)!==!1||m.removeEvent(a,o,r.handle),delete k[o])}else for(o in k)m.event.remove(a,o+b[j],c,d,!0);m.isEmptyObject(k)&&(delete r.handle,m._removeData(a,"events"))}},trigger:function(b,c,d,e){var f,g,h,i,k,l,n,o=[d||y],p=j.call(b,"type")?b.type:b,q=j.call(b,"namespace")?b.namespace.split("."):[];if(h=l=d=d||y,3!==d.nodeType&&8!==d.nodeType&&!$.test(p+m.event.triggered)&&(p.indexOf(".")>=0&&(q=p.split("."),p=q.shift(),q.sort()),g=p.indexOf(":")<0&&"on"+p,b=b[m.expando]?b:new m.Event(p,"object"==typeof b&&b),b.isTrigger=e?2:3,b.namespace=q.join("."),b.namespace_re=b.namespace?new RegExp("(^|\\.)"+q.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,b.result=void 0,b.target||(b.target=d),c=null==c?[b]:m.makeArray(c,[b]),k=m.event.special[p]||{},e||!k.trigger||k.trigger.apply(d,c)!==!1)){if(!e&&!k.noBubble&&!m.isWindow(d)){for(i=k.delegateType||p,$.test(i+p)||(h=h.parentNode);h;h=h.parentNode)o.push(h),l=h;l===(d.ownerDocument||y)&&o.push(l.defaultView||l.parentWindow||a)}n=0;while((h=o[n++])&&!b.isPropagationStopped())b.type=n>1?i:k.bindType||p,f=(m._data(h,"events")||{})[b.type]&&m._data(h,"handle"),f&&f.apply(h,c),f=g&&h[g],f&&f.apply&&m.acceptData(h)&&(b.result=f.apply(h,c),b.result===!1&&b.preventDefault());if(b.type=p,!e&&!b.isDefaultPrevented()&&(!k._default||k._default.apply(o.pop(),c)===!1)&&m.acceptData(d)&&g&&d[p]&&!m.isWindow(d)){l=d[g],l&&(d[g]=null),m.event.triggered=p;try{d[p]()}catch(r){}m.event.triggered=void 0,l&&(d[g]=l)}return b.result}},dispatch:function(a){a=m.event.fix(a);var b,c,e,f,g,h=[],i=d.call(arguments),j=(m._data(this,"events")||{})[a.type]||[],k=m.event.special[a.type]||{};if(i[0]=a,a.delegateTarget=this,!k.preDispatch||k.preDispatch.call(this,a)!==!1){h=m.event.handlers.call(this,a,j),b=0;while((f=h[b++])&&!a.isPropagationStopped()){a.currentTarget=f.elem,g=0;while((e=f.handlers[g++])&&!a.isImmediatePropagationStopped())(!a.namespace_re||a.namespace_re.test(e.namespace))&&(a.handleObj=e,a.data=e.data,c=((m.event.special[e.origType]||{}).handle||e.handler).apply(f.elem,i),void 0!==c&&(a.result=c)===!1&&(a.preventDefault(),a.stopPropagation()))}return k.postDispatch&&k.postDispatch.call(this,a),a.result}},handlers:function(a,b){var c,d,e,f,g=[],h=b.delegateCount,i=a.target;if(h&&i.nodeType&&(!a.button||"click"!==a.type))for(;i!=this;i=i.parentNode||this)if(1===i.nodeType&&(i.disabled!==!0||"click"!==a.type)){for(e=[],f=0;h>f;f++)d=b[f],c=d.selector+" ",void 0===e[c]&&(e[c]=d.needsContext?m(c,this).index(i)>=0:m.find(c,this,null,[i]).length),e[c]&&e.push(d);e.length&&g.push({elem:i,handlers:e})}return h]","i"),hb=/^\s+/,ib=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/gi,jb=/<([\w:]+)/,kb=/\s*$/g,rb={option:[1,""],legend:[1,"
","
"],area:[1,"",""],param:[1,"",""],thead:[1,"","
"],tr:[2,"","
"],col:[2,"","
"],td:[3,"","
"],_default:k.htmlSerialize?[0,"",""]:[1,"X
","
"]},sb=db(y),tb=sb.appendChild(y.createElement("div"));rb.optgroup=rb.option,rb.tbody=rb.tfoot=rb.colgroup=rb.caption=rb.thead,rb.th=rb.td;function ub(a,b){var c,d,e=0,f=typeof a.getElementsByTagName!==K?a.getElementsByTagName(b||"*"):typeof a.querySelectorAll!==K?a.querySelectorAll(b||"*"):void 0;if(!f)for(f=[],c=a.childNodes||a;null!=(d=c[e]);e++)!b||m.nodeName(d,b)?f.push(d):m.merge(f,ub(d,b));return void 0===b||b&&m.nodeName(a,b)?m.merge([a],f):f}function vb(a){W.test(a.type)&&(a.defaultChecked=a.checked)}function wb(a,b){return m.nodeName(a,"table")&&m.nodeName(11!==b.nodeType?b:b.firstChild,"tr")?a.getElementsByTagName("tbody")[0]||a.appendChild(a.ownerDocument.createElement("tbody")):a}function xb(a){return a.type=(null!==m.find.attr(a,"type"))+"/"+a.type,a}function yb(a){var b=pb.exec(a.type);return b?a.type=b[1]:a.removeAttribute("type"),a}function zb(a,b){for(var c,d=0;null!=(c=a[d]);d++)m._data(c,"globalEval",!b||m._data(b[d],"globalEval"))}function Ab(a,b){if(1===b.nodeType&&m.hasData(a)){var c,d,e,f=m._data(a),g=m._data(b,f),h=f.events;if(h){delete g.handle,g.events={};for(c in h)for(d=0,e=h[c].length;e>d;d++)m.event.add(b,c,h[c][d])}g.data&&(g.data=m.extend({},g.data))}}function Bb(a,b){var c,d,e;if(1===b.nodeType){if(c=b.nodeName.toLowerCase(),!k.noCloneEvent&&b[m.expando]){e=m._data(b);for(d in e.events)m.removeEvent(b,d,e.handle);b.removeAttribute(m.expando)}"script"===c&&b.text!==a.text?(xb(b).text=a.text,yb(b)):"object"===c?(b.parentNode&&(b.outerHTML=a.outerHTML),k.html5Clone&&a.innerHTML&&!m.trim(b.innerHTML)&&(b.innerHTML=a.innerHTML)):"input"===c&&W.test(a.type)?(b.defaultChecked=b.checked=a.checked,b.value!==a.value&&(b.value=a.value)):"option"===c?b.defaultSelected=b.selected=a.defaultSelected:("input"===c||"textarea"===c)&&(b.defaultValue=a.defaultValue)}}m.extend({clone:function(a,b,c){var d,e,f,g,h,i=m.contains(a.ownerDocument,a);if(k.html5Clone||m.isXMLDoc(a)||!gb.test("<"+a.nodeName+">")?f=a.cloneNode(!0):(tb.innerHTML=a.outerHTML,tb.removeChild(f=tb.firstChild)),!(k.noCloneEvent&&k.noCloneChecked||1!==a.nodeType&&11!==a.nodeType||m.isXMLDoc(a)))for(d=ub(f),h=ub(a),g=0;null!=(e=h[g]);++g)d[g]&&Bb(e,d[g]);if(b)if(c)for(h=h||ub(a),d=d||ub(f),g=0;null!=(e=h[g]);g++)Ab(e,d[g]);else Ab(a,f);return d=ub(f,"script"),d.length>0&&zb(d,!i&&ub(a,"script")),d=h=e=null,f},buildFragment:function(a,b,c,d){for(var e,f,g,h,i,j,l,n=a.length,o=db(b),p=[],q=0;n>q;q++)if(f=a[q],f||0===f)if("object"===m.type(f))m.merge(p,f.nodeType?[f]:f);else if(lb.test(f)){h=h||o.appendChild(b.createElement("div")),i=(jb.exec(f)||["",""])[1].toLowerCase(),l=rb[i]||rb._default,h.innerHTML=l[1]+f.replace(ib,"<$1>")+l[2],e=l[0];while(e--)h=h.lastChild;if(!k.leadingWhitespace&&hb.test(f)&&p.push(b.createTextNode(hb.exec(f)[0])),!k.tbody){f="table"!==i||kb.test(f)?""!==l[1]||kb.test(f)?0:h:h.firstChild,e=f&&f.childNodes.length;while(e--)m.nodeName(j=f.childNodes[e],"tbody")&&!j.childNodes.length&&f.removeChild(j)}m.merge(p,h.childNodes),h.textContent="";while(h.firstChild)h.removeChild(h.firstChild);h=o.lastChild}else p.push(b.createTextNode(f));h&&o.removeChild(h),k.appendChecked||m.grep(ub(p,"input"),vb),q=0;while(f=p[q++])if((!d||-1===m.inArray(f,d))&&(g=m.contains(f.ownerDocument,f),h=ub(o.appendChild(f),"script"),g&&zb(h),c)){e=0;while(f=h[e++])ob.test(f.type||"")&&c.push(f)}return h=null,o},cleanData:function(a,b){for(var d,e,f,g,h=0,i=m.expando,j=m.cache,l=k.deleteExpando,n=m.event.special;null!=(d=a[h]);h++)if((b||m.acceptData(d))&&(f=d[i],g=f&&j[f])){if(g.events)for(e in g.events)n[e]?m.event.remove(d,e):m.removeEvent(d,e,g.handle);j[f]&&(delete j[f],l?delete d[i]:typeof d.removeAttribute!==K?d.removeAttribute(i):d[i]=null,c.push(f))}}}),m.fn.extend({text:function(a){return V(this,function(a){return void 0===a?m.text(this):this.empty().append((this[0]&&this[0].ownerDocument||y).createTextNode(a))},null,a,arguments.length)},append:function(){return this.domManip(arguments,function(a){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var b=wb(this,a);b.appendChild(a)}})},prepend:function(){return this.domManip(arguments,function(a){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var b=wb(this,a);b.insertBefore(a,b.firstChild)}})},before:function(){return this.domManip(arguments,function(a){this.parentNode&&this.parentNode.insertBefore(a,this)})},after:function(){return this.domManip(arguments,function(a){this.parentNode&&this.parentNode.insertBefore(a,this.nextSibling)})},remove:function(a,b){for(var c,d=a?m.filter(a,this):this,e=0;null!=(c=d[e]);e++)b||1!==c.nodeType||m.cleanData(ub(c)),c.parentNode&&(b&&m.contains(c.ownerDocument,c)&&zb(ub(c,"script")),c.parentNode.removeChild(c));return this},empty:function(){for(var a,b=0;null!=(a=this[b]);b++){1===a.nodeType&&m.cleanData(ub(a,!1));while(a.firstChild)a.removeChild(a.firstChild);a.options&&m.nodeName(a,"select")&&(a.options.length=0)}return this},clone:function(a,b){return a=null==a?!1:a,b=null==b?a:b,this.map(function(){return m.clone(this,a,b)})},html:function(a){return V(this,function(a){var b=this[0]||{},c=0,d=this.length;if(void 0===a)return 1===b.nodeType?b.innerHTML.replace(fb,""):void 0;if(!("string"!=typeof a||mb.test(a)||!k.htmlSerialize&&gb.test(a)||!k.leadingWhitespace&&hb.test(a)||rb[(jb.exec(a)||["",""])[1].toLowerCase()])){a=a.replace(ib,"<$1>");try{for(;d>c;c++)b=this[c]||{},1===b.nodeType&&(m.cleanData(ub(b,!1)),b.innerHTML=a);b=0}catch(e){}}b&&this.empty().append(a)},null,a,arguments.length)},replaceWith:function(){var a=arguments[0];return this.domManip(arguments,function(b){a=this.parentNode,m.cleanData(ub(this)),a&&a.replaceChild(b,this)}),a&&(a.length||a.nodeType)?this:this.remove()},detach:function(a){return this.remove(a,!0)},domManip:function(a,b){a=e.apply([],a);var c,d,f,g,h,i,j=0,l=this.length,n=this,o=l-1,p=a[0],q=m.isFunction(p);if(q||l>1&&"string"==typeof p&&!k.checkClone&&nb.test(p))return this.each(function(c){var d=n.eq(c);q&&(a[0]=p.call(this,c,d.html())),d.domManip(a,b)});if(l&&(i=m.buildFragment(a,this[0].ownerDocument,!1,this),c=i.firstChild,1===i.childNodes.length&&(i=c),c)){for(g=m.map(ub(i,"script"),xb),f=g.length;l>j;j++)d=i,j!==o&&(d=m.clone(d,!0,!0),f&&m.merge(g,ub(d,"script"))),b.call(this[j],d,j);if(f)for(h=g[g.length-1].ownerDocument,m.map(g,yb),j=0;f>j;j++)d=g[j],ob.test(d.type||"")&&!m._data(d,"globalEval")&&m.contains(h,d)&&(d.src?m._evalUrl&&m._evalUrl(d.src):m.globalEval((d.text||d.textContent||d.innerHTML||"").replace(qb,"")));i=c=null}return this}}),m.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(a,b){m.fn[a]=function(a){for(var c,d=0,e=[],g=m(a),h=g.length-1;h>=d;d++)c=d===h?this:this.clone(!0),m(g[d])[b](c),f.apply(e,c.get());return this.pushStack(e)}});var Cb,Db={};function Eb(b,c){var d,e=m(c.createElement(b)).appendTo(c.body),f=a.getDefaultComputedStyle&&(d=a.getDefaultComputedStyle(e[0]))?d.display:m.css(e[0],"display");return e.detach(),f}function Fb(a){var b=y,c=Db[a];return c||(c=Eb(a,b),"none"!==c&&c||(Cb=(Cb||m("