[ansible] Add hv01 to dns
by Nicolas Chauvet
commit 3252dec816ed34904d290b0ae5c857f6d5550804
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Sat Dec 3 16:10:55 2016 +0100
Add hv01 to dns
inventory/inventory | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
---
diff --git a/inventory/inventory b/inventory/inventory
index 0b342ae..a589960 100644
--- a/inventory/inventory
+++ b/inventory/inventory
@@ -14,6 +14,7 @@ bugzilla02.online.rpmfusion.net
db02.online.rpmfusion.net
[dns]
+hv01.online.rpmfusion.net
se01.online.rpmfusion.net
[fas]
7 years, 4 months
[ansible] Enable lists.rpmfusion.org website
by Nicolas Chauvet
commit f835a1bde51757b48a9047c2c918ec8d1b932935
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Sat Dec 3 15:38:08 2016 +0100
Enable lists.rpmfusion.org website
playbooks/include/proxies-websites.yml | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml
index bc8edc8..09839ec 100644
--- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@@ -88,8 +88,8 @@
- role: httpd/website
name: lists.rpmfusion.org
sslonly: true
- #cert_name: lists.rpmfusion.org
- cert_name: "{{wildcard_cert_name}}"
+ cert_name: lists.rpmfusion.org
+ SSLCertificateChainFile : lists.rpmfusion.org-intermediate.cert
# Overrided in distgit role
7 years, 4 months
[ansible] Add rpmfusion.net aliases
by Nicolas Chauvet
commit efa26aed32343d330e5133252994dbe02e82096c
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Sat Dec 3 14:48:01 2016 +0100
Add rpmfusion.net aliases
playbooks/include/proxies-websites.yml | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
---
diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml
index ac5ea5d..bc8edc8 100644
--- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@@ -50,6 +50,8 @@
name: rpmfusion.org
server_aliases:
- www.rpmfusion.org
+ - www.rpmfusion.net
+ - rpmfusion.net
sslonly: true
sslonly_hsts: false
cert_name: rpmfusion.org
7 years, 4 months
[ansible] Enable download0 on pkgs01.online
by Nicolas Chauvet
commit b3e0c05a149da5aa2d3a9396691a51aa868acb4f
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Sat Dec 3 14:47:29 2016 +0100
Enable download0 on pkgs01.online
playbooks/include/proxies-websites.yml | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
---
diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml
index 542ee6b..ac5ea5d 100644
--- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@@ -67,6 +67,11 @@
cert_name: bugzilla.rpmfusion.org
SSLCertificateChainFile : bugzilla.rpmfusion.org-intermediate.cert
+ - role: httpd/website
+ name: download0.rpmfusion.org
+ sslonly: false
+ cert_name: download0.rpmfusion.org
+ SSLCertificateChainFile : download0.rpmfusion.org-intermediate.cert
- role: httpd/website
name: id.rpmfusion.org
7 years, 4 months
[ansible] Update dns git url
by Nicolas Chauvet
commit f5fb251eb093f1fb31b1b2c397ca0429665f83db
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Sat Dec 3 11:27:50 2016 +0100
Update dns git url
roles/dns/files/update-dns | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/roles/dns/files/update-dns b/roles/dns/files/update-dns
index 1dad573..4c047ec 100755
--- a/roles/dns/files/update-dns
+++ b/roles/dns/files/update-dns
@@ -1,5 +1,5 @@
#!/bin/bash
-dnsgit='https://git.rpmfusion.org/infrastructure/dns.git'
+dnsgit='ssh://git.rpmfusion.org/git/infrastructure/dns'
destdir='/var/named/master/'
if [ ! -d $destdir ];
7 years, 4 months
[ansible] Fixup
by Nicolas Chauvet
commit 9125d06dcbb2de75469535daab691faa9899f4d6
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Fri Dec 2 12:06:08 2016 +0100
Fixup
roles/dns/files/named.conf | 10 +---------
1 files changed, 1 insertions(+), 9 deletions(-)
---
diff --git a/roles/dns/files/named.conf b/roles/dns/files/named.conf
index 6205e8b..0936529 100644
--- a/roles/dns/files/named.conf
+++ b/roles/dns/files/named.conf
@@ -13,6 +13,7 @@ include "/var/named/GeoIP.acl";
//include rndckey
include "/etc/rndc.key";
+acl "slaves" { none ; } ;
//acl "slaves" { 46.105.55.71; 2001:41d0:2:ad32::1/128; };
//
acl "everyone-v4" { 0.0.0.0/0; };
@@ -86,15 +87,6 @@ controls {
view "DEFAULT" {
match-clients { any; };
recursion no;
- zone "rpmfusion.org" {
- type master;
- file "/var/named/master/built/DEFAULT/rpmfusion.org";
- };
- zone "rpmfusion.net" {
- type master;
- file "/var/named/master/built/DEFAULT/rpmfusion.net";
- };
-;
include "/etc/named/zones.conf";
};
7 years, 4 months
[ansible] Update zones for rpmfusion
by Nicolas Chauvet
commit 43f7500f0ece51bd8e8639b93c097dfda349787b
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Fri Dec 2 11:31:32 2016 +0100
Update zones for rpmfusion
roles/dns/files/named.conf | 371 +------------------------------------------
roles/dns/files/zones.conf | 14 +-
2 files changed, 18 insertions(+), 367 deletions(-)
---
diff --git a/roles/dns/files/named.conf b/roles/dns/files/named.conf
index 7db4cf0..6205e8b 100644
--- a/roles/dns/files/named.conf
+++ b/roles/dns/files/named.conf
@@ -13,19 +13,13 @@ include "/var/named/GeoIP.acl";
//include rndckey
include "/etc/rndc.key";
-// dns1.j2solutions.net - run by Jesse Keating <jkeating(a)redhat.com>
-acl "slaves" { 209.124.61.35; };
+//acl "slaves" { 46.105.55.71; 2001:41d0:2:ad32::1/128; };
//
acl "everyone-v4" { 0.0.0.0/0; };
acl "everyone-v6" { ::0/0; };
acl "everyone" { 0.0.0.0/0; ::0/0; };
//
-acl "ns_redhat" { 66.187.233.210; 209.132.183.2; 66.187.229.10; };
-//
-acl "phx2net" { 10.4.124.128/25; 10.5.78.0/24; 10.5.79.0/24; 10.5.125.0/24; 10.5.126.0/24; 10.5.127.0/24; 10.5.129.0/24; };
-acl "qanet" { 10.5.124.128/25; 10.5.131.0/24; };
-acl "rh-slaves" { 10.5.30.78; 10.11.5.70; };
-acl "rh" { 10.0.0.0/8; };
+acl "ns_kimsufi" { 213.186.33.199; 2001:41d0:8:2b87::/128; };
//
options {
directory "/";
@@ -34,7 +28,7 @@ options {
dnssec-enable yes;
query-source address * port *;
query-source-v6 address * port *;
- allow-transfer { localhost; slaves; rh-slaves; rh;};
+ allow-transfer { localhost; slaves; ns_kimsufi;};
transfer-source * port 53;
pid-file "/var/run/named/named.pid";
statistics-file "/var/log/named.stats";
@@ -85,369 +79,22 @@ logging {
// Who can rndc our server (only localhost)...
//
controls {
- inet 127.0.0.1 port 953 allow { localhost; } keys { rndckey; };
-};
-
-view "QA" {
- match-clients { qanet; };
- allow-recursion { localhost; qanet; rh-slaves; rh; };
- recursion yes;
- // no rate-limit on internal requests
- rate-limit {
- exempt-clients { qanet; };
- };
-
- # make sure we forward only for redhat.com lookups
- zone "redhat.com" {
- type forward;
- forward only;
- forwarders { 10.5.26.20; 10.5.26.21; };
- };
-
-
- zone "beaker-project.org" {
- type forward;
- forward only;
- forwarders { 10.5.26.20; 10.5.26.21; };
- };
-
- zone "88.5.10.in-addr.arpa" {
- type forward;
- forward only;
- forwarders { 10.5.26.20; 10.5.26.21; };
- };
-
- zone "4.10.in-addr.arpa" {
- type forward;
- forward only;
- forwarders { 10.5.26.20; 10.5.26.21; };
- };
-
- zone "5.10.in-addr.arpa" {
- type forward;
- forward only;
- forwarders { 10.5.26.20; 10.5.26.21; };
- };
-
- zone "10.in-addr.arpa" {
- type forward;
- forward only;
- forwarders { 10.5.26.20; 10.5.26.21; };
- };
-
- zone "186.132.209.in-addr.arpa." {
- type forward;
- forward only;
- forwarders { 10.5.26.20; 10.5.26.21; };
- };
-
- zone "qa.fedoraproject.org" {
- type master;
- file "/var/named/master/built/qa.fedoraproject.org";
- };
-
- zone "phx2.fedoraproject.org" {
- type master;
- file "/var/named/master/built/phx2.fedoraproject.org";
- };
-
- zone "mgmt.fedoraproject.org" {
- type master;
- file "/var/named/master/built/mgmt.fedoraproject.org";
- };
-
- zone "arm.fedoraproject.org" {
- type master;
- file "/var/named/master/built/arm.fedoraproject.org";
- };
-
- zone "ppc.fedoraproject.org" {
- type master;
- file "/var/named/master/built/ppc.fedoraproject.org";
- };
-
- zone "s390.fedoraproject.org" {
- type master;
- file "/var/named/master/built/s390.fedoraproject.org";
- };
-
- zone "78.5.10.in-addr.arpa" {
- type master;
- file "/var/named/master/built/78.5.10.in-addr.arpa";
- };
-
- zone "79.5.10.in-addr.arpa" {
- type master;
- file "/var/named/master/built/79.5.10.in-addr.arpa";
- };
-
- zone "124.5.10.in-addr.arpa" {
- type master;
- file "/var/named/master/built/124.5.10.in-addr.arpa";
- };
-
- zone "125.5.10.in-addr.arpa" {
- type master;
- file "/var/named/master/built/125.5.10.in-addr.arpa";
- };
-
- zone "126.5.10.in-addr.arpa" {
- type master;
- file "/var/named/master/built/126.5.10.in-addr.arpa";
- };
-
- zone "127.5.10.in-addr.arpa" {
- type master;
- file "/var/named/master/built/127.5.10.in-addr.arpa";
- };
-
- zone "128.5.10.in-addr.arpa" {
- type master;
- file "/var/named/master/built/128.5.10.in-addr.arpa";
- };
-
- zone "129.5.10.in-addr.arpa" {
- type master;
- file "/var/named/master/built/129.5.10.in-addr.arpa";
- };
-
- zone "130.5.10.in-addr.arpa" {
- type master;
- file "/var/named/master/built/130.5.10.in-addr.arpa";
- };
-
- zone "131.5.10.in-addr.arpa" {
- type master;
- file "/var/named/master/built/131.5.10.in-addr.arpa";
- };
-
-
- zone "fedoraproject.org" {
- type master;
- file "/var/named/master/built/QA/fedoraproject.org.signed";
- };
- zone "cloud.fedoraproject.org" {
- type master;
- file "/var/named/master/built/QA/cloud.fedoraproject.org.signed";
- };
- zone "getfedora.org" {
- type master;
- file "/var/named/master/built/QA/getfedora.org.signed";
- };
-
- include "/etc/named/zones.conf";
-};
-
-view "PHX2" {
- match-clients { phx2net; rh-slaves; 192.168.0.0/16; 172.16.0.0/12; };
- allow-recursion { localhost; phx2net; rh-slaves; rh; };
- recursion yes;
- // no rate-limit on internal requests
- rate-limit {
- exempt-clients { phx2net; };
- };
- # make sure we forward only for redhat.com lookups
- zone "redhat.com" {
- type forward;
- forward only;
- forwarders { 10.5.26.20; 10.5.26.21; };
- };
-
- zone "beaker-project.org" {
- type forward;
- forward only;
- forwarders { 10.5.26.20; 10.5.26.21; };
- };
-
- # also, we need to forward some jboss.org for fuse-fabric/bugzilla2fedmsg
- zone "jboss.org" {
- type forward;
- forward only;
- forwarders { 10.5.26.20; 10.5.26.21; };
- };
-
- zone "88.5.10.in-addr.arpa" {
- type forward;
- forward only;
- forwarders { 10.5.26.20; 10.5.26.21; };
- };
-
- zone "4.10.in-addr.arpa" {
- type forward;
- forward only;
- forwarders { 10.5.26.20; 10.5.26.21; };
- };
-
- zone "5.10.in-addr.arpa" {
- type forward;
- forward only;
- forwarders { 10.5.26.20; 10.5.26.21; };
- };
-
- zone "10.in-addr.arpa" {
- type forward;
- forward only;
- forwarders { 10.5.26.20; 10.5.26.21; };
- };
-
- zone "186.132.209.in-addr.arpa." {
- type forward;
- forward only;
- forwarders { 10.5.26.20; 10.5.26.21; };
- };
-
- zone "qa.fedoraproject.org" {
- type master;
- file "/var/named/master/built/qa.fedoraproject.org";
- };
-
- zone "phx2.fedoraproject.org" {
- type master;
- file "/var/named/master/built/phx2.fedoraproject.org";
- };
-
- zone "mgmt.fedoraproject.org" {
- type master;
- file "/var/named/master/built/mgmt.fedoraproject.org";
- };
-
- zone "arm.fedoraproject.org" {
- type master;
- file "/var/named/master/built/arm.fedoraproject.org";
- };
-
- zone "ppc.fedoraproject.org" {
- type master;
- file "/var/named/master/built/ppc.fedoraproject.org";
- };
-
- zone "s390.fedoraproject.org" {
- type master;
- file "/var/named/master/built/s390.fedoraproject.org";
- };
-
- zone "78.5.10.in-addr.arpa" {
- type master;
- file "/var/named/master/built/78.5.10.in-addr.arpa";
- };
-
- zone "79.5.10.in-addr.arpa" {
- type master;
- file "/var/named/master/built/79.5.10.in-addr.arpa";
- };
-
- zone "124.5.10.in-addr.arpa" {
- type master;
- file "/var/named/master/built/124.5.10.in-addr.arpa";
- };
-
- zone "125.5.10.in-addr.arpa" {
- type master;
- file "/var/named/master/built/125.5.10.in-addr.arpa";
- };
-
- zone "126.5.10.in-addr.arpa" {
- type master;
- file "/var/named/master/built/126.5.10.in-addr.arpa";
- };
-
- zone "127.5.10.in-addr.arpa" {
- type master;
- file "/var/named/master/built/127.5.10.in-addr.arpa";
- };
-
- zone "128.5.10.in-addr.arpa" {
- type master;
- file "/var/named/master/built/128.5.10.in-addr.arpa";
- };
-
- zone "129.5.10.in-addr.arpa" {
- type master;
- file "/var/named/master/built/129.5.10.in-addr.arpa";
- };
-
- zone "130.5.10.in-addr.arpa" {
- type master;
- file "/var/named/master/built/130.5.10.in-addr.arpa";
- };
-
- zone "131.5.10.in-addr.arpa" {
- type master;
- file "/var/named/master/built/131.5.10.in-addr.arpa";
- };
-
-
- zone "fedoraproject.org" {
- type master;
- file "/var/named/master/built/PHX2/fedoraproject.org.signed";
- };
- zone "cloud.fedoraproject.org" {
- type master;
- file "/var/named/master/built/PHX2/cloud.fedoraproject.org.signed";
- };
- zone "getfedora.org" {
- type master;
- file "/var/named/master/built/PHX2/getfedora.org.signed";
- };
-
- include "/etc/named/zones.conf";
-};
-
-// The zones
-view "NA" {
- match-clients { US; CA; MX; };
- recursion no;
- zone "fedoraproject.org" {
- type master;
- file "/var/named/master/built/NA/fedoraproject.org.signed";
- };
- zone "cloud.fedoraproject.org" {
- type master;
- file "/var/named/master/built/NA/cloud.fedoraproject.org.signed";
- };
- zone "getfedora.org" {
- type master;
- file "/var/named/master/built/NA/getfedora.org.signed";
- };
- include "/etc/named/zones.conf";
-};
-
-
-// This is not "EU" countries, I just wanted a short way to represent Europe.
-view "EU" {
- match-clients { AT; BE; BG; CY; CZ; DE; DK; EE; ES; FI; FR; GR; HU; IT; LT; LU; LV; MT; NL; PL; PT; RO; RU; SE; UA; GB; IE; IS; NO; };
- recursion no;
- zone "fedoraproject.org" {
- type master;
- file "/var/named/master/built/EU/fedoraproject.org.signed";
- };
- zone "cloud.fedoraproject.org" {
- type master;
- file "/var/named/master/built/EU/cloud.fedoraproject.org.signed";
- };
- zone "getfedora.org" {
- type master;
- file "/var/named/master/built/EU/getfedora.org.signed";
- };
- include "/etc/named/zones.conf";
+ inet 127.0.0.1 port 953 allow { localhost; } keys { rndc-key; };
};
view "DEFAULT" {
match-clients { any; };
recursion no;
- zone "fedoraproject.org" {
- type master;
- file "/var/named/master/built/DEFAULT/fedoraproject.org.signed";
- };
- zone "cloud.fedoraproject.org" {
+ zone "rpmfusion.org" {
type master;
- file "/var/named/master/built/DEFAULT/cloud.fedoraproject.org.signed";
+ file "/var/named/master/built/DEFAULT/rpmfusion.org";
};
- zone "getfedora.org" {
+ zone "rpmfusion.net" {
type master;
- file "/var/named/master/built/DEFAULT/getfedora.org.signed";
+ file "/var/named/master/built/DEFAULT/rpmfusion.net";
};
+;
include "/etc/named/zones.conf";
};
diff --git a/roles/dns/files/zones.conf b/roles/dns/files/zones.conf
index 3c2b36e..b593158 100644
--- a/roles/dns/files/zones.conf
+++ b/roles/dns/files/zones.conf
@@ -3,16 +3,20 @@ zone "." {
file "/var/named/named.ca";
};
+zone "rpmfusion.net" {
+ type master;
+ file "/var/named/master/built/rpmfusion.net";
+};
-//zone "fedoraproject.org" {
-// type master;
-// file "/var/named/master/built/fedoraproject.org.signed";
-//};
+zone "rpmfusion.org" {
+ type master;
+ file "/var/named/master/built/rpmfusion.org";
+};
zone "168.192.in-addr.arpa" {
type master;
- file "/var/named/master/built/168.192.in-addr.arpa.signed";
+ file "/var/named/master/built/168.192.in-addr.arpa";
};
7 years, 4 months
[ansible] Fix typo
by Nicolas Chauvet
commit 0fd7cafffd981f216cf9994ea16b64f70ebbf7c3
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Dec 1 22:17:48 2016 +0100
Fix typo
.../files/builders/kojid.service.d.override.conf | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/roles/koji_builder/files/builders/kojid.service.d.override.conf b/roles/koji_builder/files/builders/kojid.service.d.override.conf
index bddfadb..ab70c69 100644
--- a/roles/koji_builder/files/builders/kojid.service.d.override.conf
+++ b/roles/koji_builder/files/builders/kojid.service.d.override.conf
@@ -1 +1 @@
-Environnement="http_proxy=http://proxy:3128"
+Environmement="http_proxy=http://proxy:3128"
7 years, 4 months