May 2019 - sysadmin-notify

by Nicolas Chauvet

commit f9816d5c3286d356488ff0c6b65df263d1b870f3 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Tue May 14 16:57:02 2019 +0200 Update koji_builder roles/koji_builder/tasks/main.yml | 26 +++++++++++++++++++++----- 1 files changed, 21 insertions(+), 5 deletions(-) --- diff --git a/roles/koji_builder/tasks/main.yml b/roles/koji_builder/tasks/main.yml index 62a2dfa..b3bdb73 100644 --- a/roles/koji_builder/tasks/main.yml +++ b/roles/koji_builder/tasks/main.yml @@ -73,16 +73,14 @@ - name: add pkgs dnf: state=present pkg={{ item }} with_items: - - dnf-utils - koji-builder - python2-koji - - python-osbs-client + - python2-krbv - koji-containerbuild-builder - strace - mock - kernel-firmware - kernel-modules - - nosync - ntp - ntpdate - rsyslog @@ -103,8 +101,24 @@ - python-psphere - VMDKstream - pykickstart + - nosync + - yum + tags: + - koji_builder + +- name: add pkgs on new builders + dnf: state=present pkg={{ item }} + with_items: + - koji-builder-plugins + tags: + - koji_builder + when: ansible_distribution_major_version|int >= 28 + +- name: Install arm UEFI firmware package (aarch64 only) + dnf: name=edk2-arm state=present tags: - koji_builder + when: "ansible_architecture is defined and ansible_architecture == 'aarch64'" - name: enable virtlogd service @@ -210,11 +224,13 @@ # The efi/mac images. This module is only needed on rhel. # +# x86_64 builders run both x86_64 and i686 builds, that requires multilib +# version of nosync installed to fully take advantage of nosync - name: special pkgs for the x86_64 builders package: state=present pkg={{ item }} with_items: - - kmod-hfsplus - when: is_rhel is defined and ansible_architecture == 'x86_64' and ansible_distribution_major_version|int == '6' + - nosync.i686 + when: ansible_architecture == 'x86_64' tags: - koji_builder

5 years, 7 months

1
0
0 / 0

[ansible] Add hosts for virt

by Nicolas Chauvet

commit 534f579aacb44bf19667095652863010a0a0dcce Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Tue May 14 13:25:13 2019 +0200 Add hosts for virt .../files/buildvm-05-virt.rpmfusion.net-hosts | 16 ++++++++++++++++ .../files/buildvm-06-virt.rpmfusion.net-hosts | 16 ++++++++++++++++ roles/hosts/files/virt-hosts | 4 +--- 3 files changed, 33 insertions(+), 3 deletions(-) --- diff --git a/roles/hosts/files/buildvm-05-virt.rpmfusion.net-hosts b/roles/hosts/files/buildvm-05-virt.rpmfusion.net-hosts new file mode 100644 index 0000000..866d8a1 --- /dev/null +++ b/roles/hosts/files/buildvm-05-virt.rpmfusion.net-hosts @@ -0,0 +1,16 @@ +127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 +::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 + +# hv01 online - public +#195.154.185.75 hv01.online.rpmfusion.net hv01 +212.83.132.100 koji.rpmfusion.org koji +212.129.31.198 pkgs.rpmfusion.org pkgs + +# hv01 online - lan +192.168.181.254 hv01.online.rpmfusion.net hv01 nfs-server.online.rpmfusion.net proxy.online.rpmfusion.net hub.online.rpmfusion.net + +# hv01 online - vpn +192.168.182.1 hv01.vpn.rpmfusion.net proxy.vpn.rpmfusion.net nfs-server.vpn.rpmfusion.net nfs-server log01 + +# virt +192.168.122.103 bastion03.virt.rpmfusion.net bastion03 proxy diff --git a/roles/hosts/files/buildvm-06-virt.rpmfusion.net-hosts b/roles/hosts/files/buildvm-06-virt.rpmfusion.net-hosts new file mode 100644 index 0000000..866d8a1 --- /dev/null +++ b/roles/hosts/files/buildvm-06-virt.rpmfusion.net-hosts @@ -0,0 +1,16 @@ +127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 +::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 + +# hv01 online - public +#195.154.185.75 hv01.online.rpmfusion.net hv01 +212.83.132.100 koji.rpmfusion.org koji +212.129.31.198 pkgs.rpmfusion.org pkgs + +# hv01 online - lan +192.168.181.254 hv01.online.rpmfusion.net hv01 nfs-server.online.rpmfusion.net proxy.online.rpmfusion.net hub.online.rpmfusion.net + +# hv01 online - vpn +192.168.182.1 hv01.vpn.rpmfusion.net proxy.vpn.rpmfusion.net nfs-server.vpn.rpmfusion.net nfs-server log01 + +# virt +192.168.122.103 bastion03.virt.rpmfusion.net bastion03 proxy diff --git a/roles/hosts/files/virt-hosts b/roles/hosts/files/virt-hosts index 866d8a1..1d67de9 100644 --- a/roles/hosts/files/virt-hosts +++ b/roles/hosts/files/virt-hosts @@ -10,7 +10,5 @@ 192.168.181.254 hv01.online.rpmfusion.net hv01 nfs-server.online.rpmfusion.net proxy.online.rpmfusion.net hub.online.rpmfusion.net # hv01 online - vpn -192.168.182.1 hv01.vpn.rpmfusion.net proxy.vpn.rpmfusion.net nfs-server.vpn.rpmfusion.net nfs-server log01 +192.168.182.1 hv01.vpn.rpmfusion.net proxy.vpn.rpmfusion.net nfs-server.vpn.rpmfusion.net nfs-server log01 proxy -# virt -192.168.122.103 bastion03.virt.rpmfusion.net bastion03 proxy

5 years, 7 months

1
0
0 / 0

[ansible] Add rsyslog-audit.conf.default

by Nicolas Chauvet

commit cdceef0412c875e07fa1219f19bc448f8ab458a0 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Tue May 14 13:24:59 2019 +0200 Add rsyslog-audit.conf.default .../base/files/rsyslog/rsyslog-audit.conf.default | 13 +++++++++++++ 1 files changed, 13 insertions(+), 0 deletions(-) --- diff --git a/roles/base/files/rsyslog/rsyslog-audit.conf.default b/roles/base/files/rsyslog/rsyslog-audit.conf.default new file mode 100644 index 0000000..185f376 --- /dev/null +++ b/roles/base/files/rsyslog/rsyslog-audit.conf.default @@ -0,0 +1,13 @@ +# monitor auditd log and send out over local6 to central loghost +$ModLoad imfile.so + +# auditd audit.log +$InputFileName /var/log/audit/audit.log +$InputFileTag tag_audit_log: +$InputFileStateFile audit_log +$InputFileSeverity info +$InputFileFacility local6 +$InputRunFileMonitor + +:msg, !contains, "type=AVC" +local6.* @@log01:514

5 years, 7 months

1
0
0 / 0

[ansible] Add resolv.conf for buildvm-07

by Nicolas Chauvet

commit a4f81d213f0839ac9c6d6e1d5b958a0a5d0e7691 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Tue May 14 11:50:19 2019 +0200 Add resolv.conf for buildvm-07 .../resolv.conf/buildvm-07.virt.rpmfusion.net | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) --- diff --git a/roles/base/files/resolv.conf/buildvm-07.virt.rpmfusion.net b/roles/base/files/resolv.conf/buildvm-07.virt.rpmfusion.net new file mode 100644 index 0000000..c06b013 --- /dev/null +++ b/roles/base/files/resolv.conf/buildvm-07.virt.rpmfusion.net @@ -0,0 +1,4 @@ +domain virt.rpmfusion.net +nameserver 194.168.4.100 +nameserver 194.168.8.100 +options rotate

5 years, 7 months

1
0
0 / 0

[ansible] don't change password and keys on builders

by Nicolas Chauvet

commit fca4bab6f4925517a76882d61d64b6abb3498ff1 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Tue May 14 11:28:22 2019 +0200 don't change password and keys on builders roles/base/tasks/main.yml | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) --- diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index be41e3c..043e79a 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -113,7 +113,7 @@ tags: - rootpw - base - when: not inventory_hostname.startswith(('build','bkernel','koji01.stg','s390','fed-cloud09')) + when: not inventory_hostname.startswith(('build','arm-build','aarch64')) - name: add ansible root key authorized_key: user=root key="{{ item }}" @@ -122,6 +122,7 @@ tags: - config - base + when: not inventory_hostname.startswith(('build','arm-build','aarch64')) - name: make sure our resolv.conf is the one being used - set RESOLV_MODS=no in /etc/sysconfig/network lineinfile: dest=/etc/sysconfig/network create=yes backup=yes state=present line='RESOLV_MODS=no' regexp=^RESOLV_MODS=

5 years, 7 months

1
0
0 / 0

[ansible] Fixup device uuid on some hosts

by Nicolas Chauvet

commit e5df0203531fa4e92eeadba2328d53e19ba0c379 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Tue May 14 11:27:59 2019 +0200 Fixup device uuid on some hosts roles/base/tasks/main.yml | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) --- diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index d562ee6..be41e3c 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -60,7 +60,7 @@ - ifcfg - name: get interface uuid - shell: nmcli -f "DEVICE,UUID" c show --active | grep -E '^eth|^br|^em' + shell: nmcli -f "DEVICE,UUID" c show --active | grep -E '^eth|^br|^em|^en' register: if_uuid changed_when: false failed_when: 'if_uuid.stdout == ""'

5 years, 7 months

1
0
0 / 0

[ansible] Builders uses python3

by Nicolas Chauvet

commit 02221d9b21937da18b61752109c8987363af7f82 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Tue May 14 11:06:31 2019 +0200 Builders uses python3 inventory/builders | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) --- diff --git a/inventory/builders b/inventory/builders index f6f7f5d..c151f1b 100644 --- a/inventory/builders +++ b/inventory/builders @@ -76,3 +76,6 @@ buildvm buildvm-ppc64 buildvm-ppc64le buildarm + +[builders:vars] +ansible_python_interpreter=/usr/bin/python3

5 years, 7 months

1
0
0 / 0

[ansible] Update authorized_keys for root on builders

by Nicolas Chauvet

commit de7876f45bd0ad47302692c4bae21f7bc858c0ed Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Tue May 14 10:30:36 2019 +0200 Update authorized_keys for root on builders roles/koji_builder/tasks/main.yml | 10 ++++++++++ 1 files changed, 10 insertions(+), 0 deletions(-) --- diff --git a/roles/koji_builder/tasks/main.yml b/roles/koji_builder/tasks/main.yml index d87d52e..62a2dfa 100644 --- a/roles/koji_builder/tasks/main.yml +++ b/roles/koji_builder/tasks/main.yml @@ -52,6 +52,16 @@ tags: - koji_builder +- name: root builder .ssh dir + file: state=directory path=/root/.ssh mode=700 owner=root group=root + tags: + - koji_builder + +- name: root builder ssh key + copy: src=root_auth_keys dest=/root/.ssh/authorized_keys mode=644 owner=root group=root + tags: + - koji_builder + - name: make a bunch of dirs file: state=directory path={{ item }} with_items:

5 years, 7 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

sysadmin-notify May 2019