[ansible] remove apache for koji_builder
by Nicolas Chauvet
commit 129e4205a88f576d30b2aa1ed75e6d4856fa774e
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Jul 31 15:27:21 2019 +0200
remove apache for koji_builder
playbooks/groups/buildvm.yml | 1 -
1 files changed, 0 insertions(+), 1 deletions(-)
---
diff --git a/playbooks/groups/buildvm.yml b/playbooks/groups/buildvm.yml
index 57463fd..2bbdf70 100644
--- a/playbooks/groups/buildvm.yml
+++ b/playbooks/groups/buildvm.yml
@@ -21,7 +21,6 @@
roles:
- base
- hosts
- - apache
- { role: openvpn/client, when: datacenter != "online" }
- { role: nfs/client, mnt_dir: '/mnt/rpmfusion_koji', nfs_src_dir: "{{ koji_hub_nfs }}" }
- { role: fas_client, when: not inventory_hostname.startswith('bkernel') }
5 years, 4 months
[ansible] Sync spamassassin
by Nicolas Chauvet
commit 9392723e052b6474afea7347b6a29ba06d0210c5
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Jul 31 15:21:43 2019 +0200
Sync spamassassin
roles/spamassassin/tasks/main.yml | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/roles/spamassassin/tasks/main.yml b/roles/spamassassin/tasks/main.yml
index 91557b6..55da024 100644
--- a/roles/spamassassin/tasks/main.yml
+++ b/roles/spamassassin/tasks/main.yml
@@ -2,7 +2,7 @@
# tasklist for setting up a SpamAssassin server
- name: install the package
- yum: pkg={{ item }} state=present
+ package: name={{ item }} state=present
with_items:
- spamassassin
- perl-Razor-Agent
@@ -39,6 +39,6 @@
- config
- name: set the service running/enabled
- service: name=spamassassin enabled=true state=running
+ service: name=spamassassin enabled=true state=started
tags:
- service
5 years, 4 months
[ansible] Sync memcached
by Nicolas Chauvet
commit 5337033b83c4df0ce8b662588b02a968f58b11ba
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Jul 31 15:21:29 2019 +0200
Sync memcached
roles/memcached/tasks/main.yml | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/roles/memcached/tasks/main.yml b/roles/memcached/tasks/main.yml
index e8f6c9c..43ff547 100644
--- a/roles/memcached/tasks/main.yml
+++ b/roles/memcached/tasks/main.yml
@@ -1,6 +1,6 @@
---
- name: install memcached server package
- yum: state=present name=memcached
+ package: state=present name=memcached
tags:
- packages
- memcached
@@ -14,7 +14,7 @@
- memcached
- name: enable memcached service
- service: state=running enabled=true name=memcached
+ service: state=started enabled=true name=memcached
tags:
- service
- config
5 years, 4 months
[ansible] Sync kojipkgs
by Nicolas Chauvet
commit f65c9e8735e3b15def0592f4a343c77fbd23f77b
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Jul 31 15:21:04 2019 +0200
Sync kojipkgs
roles/kojipkgs/files/kojipkgs.conf | 87 ---------------------
roles/kojipkgs/files/squid.conf | 35 +++++---
roles/kojipkgs/tasks/main.yml | 71 +++--------------
roles/kojipkgs/templates/kojipkgs.conf | 133 ++++++++++++++++++++++++++++++++
4 files changed, 168 insertions(+), 158 deletions(-)
---
diff --git a/roles/kojipkgs/files/squid.conf b/roles/kojipkgs/files/squid.conf
index 4e0b01e..a515ffc 100644
--- a/roles/kojipkgs/files/squid.conf
+++ b/roles/kojipkgs/files/squid.conf
@@ -1,8 +1,7 @@
http_port 80 accel defaultsite=kojipkgs.fedoraproject.org
-https_port 443 accel defaultsite=kojipkgs.fedoraproject.org cert=/etc/pki/tls/certs/wildcard-2014.squid.cert key=/etc/pki/tls/private/wildcard-2014.fedoraproject.org.key cipher=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA options=NO_SSLv2,NO_SSLv3
+https_port 443 accel defaultsite=kojipkgs.rpmfusion.org
cache_peer 127.0.0.1 parent 8080 0 no-query originserver name=kojipkgs
-hierarchy_stoplist cgi-bin ?
cache_swap_low 98
cache_swap_high 99
@@ -36,9 +35,9 @@ acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
acl CONNECT method CONNECT
-acl our_sites dstdomain kojipkgs.fedoraproject.org kojipkgs01.phx2.fedoraproject.org
-acl phx2 src 10.5.125.0/24 10.5.127.0/24
-acl pdc src 10.5.126.134/32
+acl our_sites dstdomain kojipkgs.rpmfusion.org kojipkgs01.online.rpmfusion.org
+acl online_stg src 192.168.0.0/16
+acl online src 192.168.0.0/16
acl repo_url urlpath_regex -i ^/repo/
acl kojipkgs urlpath_regex -i \.(rpm|log|sig)$
acl mash urlpath_regex -i ^/mash/
@@ -48,8 +47,9 @@ acl compose urlpath_regex -i ^/compose/
# Here is where we use the above acls
#
-# Allow phx2 to repos dir and deny everyone else
-http_access allow phx2 repo_url
+# Allow online and stg builders in the createrepo channel to repos dir and deny everyone else
+http_access allow online repo_url
+http_access allow online-stg repo_url
http_access deny repo_url
# Only allow cachemanager from localhost
@@ -59,6 +59,10 @@ http_access deny cachemanager
# Let the pdc-backend inspect the composes
http_access allow pdc compose
+# Let the proxies access things
+http_access allow proxies
+follow_x_forwarded_for allow proxies
+
# Do not allow non safe ports or connect on anything but ssl ports
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
@@ -77,6 +81,10 @@ cache_peer_access kojipkgs deny all
cache deny mash
cache deny compose
+# Do not cache any non-redistributable content
+# (this would cache the HIT for sign-bridge and then serve it to others)
+cache deny nonredist
+
# Do cache all rpms/log/sigs otherwise
cache allow kojipkgs
cache deny all
@@ -87,13 +95,14 @@ coredump_dir /var/spool/squid
pid_filename /var/run/squid/squid.pid
# Run in smp mode with 8 workers
-workers 8
+# smp mode seems to cause problems with partial downloads and hangs.
+#workers 8
# In smp mode you have to specify per worker cache dirs
# Also you have to manually run squid -z -F -f /etc/squid/squid.conf
# to create these dirs.
-if ${process_number} = 9
- # nothing
-else
- cache_dir ufs /var/spool/squid/${process_number} 10000 16 256
-endif
+#if ${process_number} = 9
+# # nothing
+#else
+# cache_dir ufs /var/spool/squid/${process_number} 10000 16 256
+#endif
diff --git a/roles/kojipkgs/tasks/main.yml b/roles/kojipkgs/tasks/main.yml
index 816ca0d..2987cc0 100644
--- a/roles/kojipkgs/tasks/main.yml
+++ b/roles/kojipkgs/tasks/main.yml
@@ -1,75 +1,26 @@
-#
-# This is before squid is installed on initial setup so it runs on squid install
-#
-- name: add squid tmpfiles.d to make run dir for smp ipc sockets.
- copy: src=squid-tmpfiles dest=/etc/tmpfiles.d/squid.conf owner=root group=root mode=644
- tags:
- - packages
- - kojipkgs
-
-- name: install squid server packages
- yum: name={{ item }} state=present
- with_items:
- - squid
- - httpd
- - mod_ssl
- - libsemanage-python
- tags:
- - packages
- - kojipkgs
-
-- name: make nfs mount directories
- file: state=directory path={{ item }} owner=root group=root mode=755
- with_items:
- - /mnt/rpmfusion_koji
- - /mnt/rpmfusion_app
- - /mnt/rpmfusion_app/app
- - /pub
- tags:
- - kojipkgs
-
-- name: make mnt/koji directory
- file: state=link src=/mnt/rpmfusion_koji/koji dest=/mnt/koji owner=root group=root
- tags:
- - kojipkgs
-
-- name: set seboolean for squid server
- seboolean: name=httpd_can_network_connect state=true persistent=true
- tags:
- - kojipkgs
-
- name: set seboolean for nfs httpd
seboolean: name=httpd_use_nfs state=true persistent=true
tags:
- kojipkgs
-- name: install squid config files
- copy: src={{ item }} dest=/etc/squid/{{ item }} owner=root group=root mode=644
- with_items:
- - squid.conf
- - cachemgr.conf
- notify:
- - restart squid
- tags:
- - kojipkgs
-
-- name: install apache config files for squid
+- name: install apache config files for local apache
copy: src={{ item }} dest=/etc/httpd/conf.d/{{ item }} owner=root group=root mode=644
with_items:
- - kojipkgs.conf
- infrastructure.conf
notify:
- reload httpd
tags:
- kojipkgs
-- name: make sure httpd ssl.conf is not around (conflicts with squid)
- file: dest=/etc/httpd/conf.d/ssl.conf state=absent
+- name: install apache config templates for local apache
+ template: src={{ item }} dest=/etc/httpd/conf.d/{{ item }} owner=root group=root mode=644
+ with_items:
+ - kojipkgs.conf
notify:
- reload httpd
tags:
- kojipkgs
-
+
- name: make sure httpd listens on port 8080
lineinfile: dest=/etc/httpd/conf/httpd.conf state=present regexp="^Listen 80" line="Listen 8080"
notify:
@@ -77,8 +28,12 @@
tags:
- kojipkgs
-- name: set squid to start on boot
- service: name=squid enabled=true state=running
+- name: make a mnt/koji link
+ file: state=link src=/mnt/fedora_koji/koji dest=/mnt/koji
+ tags:
+ - kojipkgs
+
+- name: disable welcome.conf giving a 403 on / (needed for monitoring)
+ copy: content="# welcome.conf disabled" dest=/etc/httpd/conf.d/welcome.conf
tags:
- - services
- kojipkgs
diff --git a/roles/kojipkgs/templates/kojipkgs.conf b/roles/kojipkgs/templates/kojipkgs.conf
new file mode 100644
index 0000000..16fe6e9
--- /dev/null
+++ b/roles/kojipkgs/templates/kojipkgs.conf
@@ -0,0 +1,133 @@
+ServerName https://kojipkgs.fedoraproject.org
+MaxRequestWorkers 512
+ServerLimit 512
+
+RequestHeader unset Accept-Encoding early
+
+CustomLog "| /usr/sbin/rotatelogs /var/log/httpd/{{inventory_hostname}}-access.log.%Y-%m-%d 86400" combined
+ErrorLog "| /usr/sbin/rotatelogs /var/log/httpd/{{inventory_hostname}}-error.log.%Y-%m-%d 86400"
+
+Alias /atomic /mnt/rpmfusion_koji/koji/ostree
+Alias /ostree /mnt/rpmfusion_koji/koji/ostree
+
+<Directory /mnt/rpmfusion_koji/koji/ostree>
+ Options Indexes FollowSymLinks
+ IndexOptions NameWidth=* FancyIndexing
+ FileETag None
+ Require all granted
+</Directory>
+
+Alias /atomic-cd /mnt/rpmfusion_koji/koji/atomic-cd
+
+<Directory /mnt/rpmfusion_koji/koji/atomic-cd>
+ Options Indexes FollowSymLinks
+ IndexOptions NameWidth=* FancyIndexing
+ FileETag None
+ Require all granted
+</Directory>
+
+Alias /packages /mnt/rpmfusion_koji/koji/packages
+Alias /toplink/packages /mnt/rpmfusion_koji/koji/packages
+
+<Directory /mnt/rpmfusion_koji/koji/packages>
+ Options Indexes FollowSymLinks
+ IndexOptions NameWidth=* FancyIndexing
+ FileETag None
+ Require all granted
+</Directory>
+
+Alias /repos-dist /mnt/rpmfusion_koji/koji/repos-dist
+
+<Directory /mnt/rpmfusion_koji/koji/repos-dist>
+ Options Indexes FollowSymLinks
+ IndexOptions NameWidth=* FancyIndexing
+ FileETag None
+ Require all granted
+</Directory>
+
+Alias /repos /mnt/rpmfusion_koji/koji/repos
+
+<Directory /mnt/rpmfusion_koji/koji/repos>
+ Options Indexes FollowSymLinks
+ IndexOptions NameWidth=* FancyIndexing
+ FileETag None
+ Require all granted
+</Directory>
+
+Alias /scratch /mnt/rpmfusion_koji/koji/scratch
+
+<Directory /mnt/rpmfusion_koji/koji/scratch>
+ Options Indexes FollowSymLinks
+ IndexOptions NameWidth=* FancyIndexing
+ FileETag None
+ Require all granted
+</Directory>
+
+Alias /work /mnt/rpmfusion_koji/koji/work
+
+<Directory /mnt/rpmfusion_koji/koji/work>
+ Options Indexes FollowSymLinks
+ IndexOptions NameWidth=* FancyIndexing
+ FileETag None
+ Require all granted
+</Directory>
+
+Alias /mash /mnt/rpmfusion_koji/koji/mash
+
+<Directory /mnt/rpmfusion_koji/koji/mash>
+ Options Indexes FollowSymLinks
+ IndexOptions NameWidth=* FancyIndexing
+ FileETag None
+ Require all granted
+</Directory>
+
+Alias /compose /mnt/rpmfusion_koji/koji/compose
+
+<Directory /mnt/rpmfusion_koji/koji/compose>
+ Options Indexes FollowSymLinks
+ IndexOptions NameWidth=* FancyIndexing
+ FileETag None
+ Require all granted
+</Directory>
+
+Alias /mass-rebuild "/mnt/rpmfusion_koji/koji/mass-rebuild/"
+
+<Directory "/mnt/rpmfusion_koji/koji/mass-rebuild/">
+ Options Indexes FollowSymLinks
+ Require all granted
+</Directory>
+
+Alias /images /mnt/rpmfusion_koji/koji/images
+
+<Directory /mnt/rpmfusion_koji/koji/images>
+ Options Indexes FollowSymLinks
+ IndexOptions NameWidth=* FancyIndexing
+ FileETag None
+ Require all granted
+</Directory>
+
+Alias /rhel /mnt/rpmfusion_koji/rhel
+
+<Directory /mnt/rpmfusion_koji/rhel>
+ Options Indexes FollowSymLinks
+ IndexOptions NameWidth=* FancyIndexing
+ FileETag None
+ Require all granted
+</Directory>
+
+Alias /pub /pub
+
+<Directory /pub>
+ Options Indexes FollowSymLinks
+ IndexOptions NameWidth=* FancyIndexing
+ FileETag None
+ Require all granted
+</Directory>
+
+# This IP is sign-bridge01.phx2.fedoraproject.org.
+# It needs to be able to sign openh264 packages.
+RewriteCond %{HTTP:X-Forwarded-For} !10.5.125.71
+RewriteRule ".*/.*openh264.*.(x86_64|armv7hl|i686|ppc64|ppc64le|aarch64|s390x).rpm$" "https://fedoraproject.org/wiki/non-distributable-rpms" [R=302,L]
+
+# Set HSTS header via HTTP since it cannot be easily set in squid, which terminates HTTPS
+Header always add Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
5 years, 4 months
[ansible] Sync collectd
by Nicolas Chauvet
commit 1485a93801949dd52481b330e43078c26181baed
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Jul 31 15:12:24 2019 +0200
Sync collectd
roles/collectd/base/tasks/main.yml | 59 ++++++++++++-----------
roles/collectd/base/templates/collectd.conf.j2 | 18 +++++++
roles/collectd/base/templates/graphite.conf | 2 +-
roles/collectd/bind/files/bind.conf | 21 ++++++++
roles/collectd/bind/tasks/main.yml | 15 ++++++
roles/collectd/memcached/tasks/main.yml | 2 +-
roles/collectd/postgres/templates/postgres.conf | 2 +-
roles/collectd/server/tasks/main.yml | 22 +++++++--
8 files changed, 105 insertions(+), 36 deletions(-)
---
diff --git a/roles/collectd/base/tasks/main.yml b/roles/collectd/base/tasks/main.yml
index 8848459..caeb5c6 100644
--- a/roles/collectd/base/tasks/main.yml
+++ b/roles/collectd/base/tasks/main.yml
@@ -1,9 +1,9 @@
---
-# collectd client setup
+# collectd client setup
# install pkg
- name: install collectd
- yum: name=collectd state=present
+ package: name=collectd state=present
tags:
- collectd
when: ansible_distribution_major_version|int < 22
@@ -15,11 +15,12 @@
- collectd
when: ansible_distribution_major_version|int > 21
-# enable collectd
-- name: enable collectd svc
- service: state=running enabled=true name=collectd
+# install collectd-disk on F25+ (it was split out)
+- name: install collectd-disk
+ dnf: name=collectd-disk state=present
tags:
- collectd
+ when: ansible_distribution_major_version|int > 24
# install collected.conf
- name: /etc/collectd.conf
@@ -48,34 +49,32 @@
when: inventory_hostname.startswith('hv01')
# apache - localhost only - pretty much any apache server
-- name: install collectd-apache
- yum: state=present name=collectd-apache
+- name: install collectd-apache (yum)
+ package: state=present name=collectd-apache
tags:
- collectd
notify:
- restart collectd
- when: collectd_apache is defined and ansible_distribution_major_version|int < 22
+ when: collectd_apache and ansible_distribution_major_version|int < 22
-- name: /etc/collectd/apache.conf
- copy: src=apache.conf dest=/etc/collectd.d/apache.conf
+- name: install collectd-apache (dnf)
+ dnf: state=present name=collectd-apache
tags:
- collectd
notify:
- restart collectd
- when: collectd_apache is defined
+ when: collectd_apache and ansible_distribution_major_version|int > 21
-- name: /etc/collectd/graphite.conf
- template: src=graphite.conf dest=/etc/collectd.d/graphite.conf
+- name: /etc/collectd/apache.conf
+ copy: src=apache.conf dest=/etc/collectd.d/apache.conf
tags:
- collectd
- - graphite
- - graphite-collectd
notify:
- restart collectd
- when: collectd_graphite is defined and ansible_distribution_major_version != '6'
+ when: collectd_apache
- name: Install libsemanage-python so we can set an sebool below
- yum: name=libsemanage-python state=present
+ package: name=libsemanage-python state=present
tags:
- collectd
when: collectd_apache is defined and ansible_distribution_major_version|int < 22
@@ -87,7 +86,7 @@
ignore_errors: True
notify:
- restart collectd
- when: collectd_apache is defined or collectd_graphite is defined
+ when: ( collectd_apache is defined ) and ansible_selinux.status != "disabled"
- name: enable collectd nfs module
copy: src=nfs.conf dest=/etc/collectd.d/nfs.conf
@@ -113,7 +112,7 @@
- name: check to see if its even installed yet
shell: semodule -l | grep fi-collectd | wc -l
register: ficgeneral_grep
- check_mode: False
+ check_mode: no
changed_when: "'0' in ficgeneral_grep.stdout"
tags:
- collectd
@@ -121,7 +120,7 @@
- name: install our general collectd selinux module
command: semodule -i /usr/share/collectd/fi-collectd.pp
- when: ficgeneral_module|changed or ficgeneral_grep|changed
+ when: ficgeneral_module is changed or ficgeneral_grep is changed
tags:
- collectd
- selinux
@@ -138,7 +137,7 @@
shell: semodule -l | grep fi-pstorefs | wc -l
when: ansible_distribution_major_version|int != 6
register: ficpstorefs_grep
- check_mode: False
+ check_mode: no
changed_when: "'0' in ficpstorefs_grep.stdout"
tags:
- collectd
@@ -146,25 +145,23 @@
- name: install our pstorefs/collectd selinux module
command: semodule -i /usr/share/collectd/fi-pstorefs.pp
- when: ansible_distribution_major_version|int != 6 and (ficpstorefs_module|changed or ficpstorefs_grep|changed)
+ when: ansible_distribution_major_version|int != 6 and (ficpstorefs_module is changed or ficpstorefs_grep is changed)
tags:
- collectd
- selinux
-
+
# each of the below should move to a separate task list
# since they are odd-balls and one-offs
-# bind - localhost only - ns servers only
-
# fedmsg - busgateway## only
# add /usr/share/collectd/fedmsg-types.db
-
+
# memcached - memcached only
# postgres - this is a conn check
-## add /usr/share/collectd/pgconn-types.db
+## add /usr/share/collectd/pgconn-types.db
# openvpn - for bastion/openvpn gateways only
@@ -174,8 +171,12 @@
# haproxy
## add /usr/share/collectd/haproxy-types.db
## add socat pkg
-##
+##
# webproxy
-
+# enable collectd
+- name: enable collectd svc
+ service: state=started enabled=true name=collectd
+ tags:
+ - collectd
diff --git a/roles/collectd/base/templates/collectd.conf.j2 b/roles/collectd/base/templates/collectd.conf.j2
index 91f5a63..87ab32d 100644
--- a/roles/collectd/base/templates/collectd.conf.j2
+++ b/roles/collectd/base/templates/collectd.conf.j2
@@ -39,6 +39,24 @@ LoadPlugin vmem
IgnoreSelected false
</Plugin>
+<Plugin "interface">
+ Interface "/^veth/"
+ IgnoreSelected true
+</Plugin>
+
+<Plugin "df">
+ MountPoint "^/.*/.snapshot/"
+ MountPoint "^/var/lib/containers/storage/overlay/.*/merged/"
+ MountPoint "^/var/lib/containers/docker/devicemapper/.*/.*/"
+ MountPoint "^/var/lib/origin/openshift.local.volumes.*"
+ MountPoint "^/run/containers/storage/overlay-containers/.*"
+ MountPoint "^/tmp/iso/mount/"
+ FSType "shm"
+ FSType "tmpfs"
+ FSType "overlay"
+ IgnoreSelected true
+</Plugin>
+
<Plugin hddtemp>
TranslateDevicename false
</Plugin>
diff --git a/roles/collectd/base/templates/graphite.conf b/roles/collectd/base/templates/graphite.conf
index 4b76a99..c0e467f 100644
--- a/roles/collectd/base/templates/graphite.conf
+++ b/roles/collectd/base/templates/graphite.conf
@@ -2,7 +2,7 @@ LoadPlugin "write_graphite"
<Plugin "write_graphite">
<Node "laptop">
- Host "graphite.cloud.fedoraproject.org"
+ Host "graphite.rpmfusion.org"
Port "2003"
Prefix "collectd.{{ env }}."
#Postfix ""
diff --git a/roles/collectd/bind/files/bind.conf b/roles/collectd/bind/files/bind.conf
new file mode 100644
index 0000000..bdb4caa
--- /dev/null
+++ b/roles/collectd/bind/files/bind.conf
@@ -0,0 +1,21 @@
+LoadPlugin bind
+
+<Plugin bind>
+ URL "http://localhost:8053/"
+ OpCodes true
+ QTypes true
+
+ ServerStats true
+ ZoneMaintStats true
+ ResolverStats false
+ MemoryStats true
+
+ <View "DEFAULT">
+ QTypes true
+ ResolverStats true
+ CacheRRSets true
+
+ Zone "127.in-addr.arpa/IN"
+ </View>
+</Plugin>
+
diff --git a/roles/collectd/bind/tasks/main.yml b/roles/collectd/bind/tasks/main.yml
new file mode 100644
index 0000000..878140c
--- /dev/null
+++ b/roles/collectd/bind/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+
+- name: install collectd-bind
+ package: name=collectd-bind state=present
+ tags:
+ - packages
+ - collectd
+
+- name: Copy in /etc/collectd.d/bind.conf
+ copy: >
+ src=bind.conf
+ dest=/etc/collectd.d/bind.conf
+ tags:
+ - collectd
+ notify: restart collectd
diff --git a/roles/collectd/memcached/tasks/main.yml b/roles/collectd/memcached/tasks/main.yml
index fc0d04f..f363df8 100644
--- a/roles/collectd/memcached/tasks/main.yml
+++ b/roles/collectd/memcached/tasks/main.yml
@@ -9,7 +9,7 @@
notify: restart collectd
- name: Ensure that semanage is present
- yum: name=policycoreutils-python state=present
+ package: name=policycoreutils-python state=present
tags:
- collectd/memcached
- collectd
diff --git a/roles/collectd/postgres/templates/postgres.conf b/roles/collectd/postgres/templates/postgres.conf
index be57b93..d829e00 100644
--- a/roles/collectd/postgres/templates/postgres.conf
+++ b/roles/collectd/postgres/templates/postgres.conf
@@ -1,3 +1,3 @@
<Plugin exec>
- Exec "nobody" "/usr/local/bin/collectd-postgres.sh" "-h" "{{ ansible_fqdn }}" "-p" "10"
+ Exec "nobody" "/usr/local/bin/collectd-postgres.sh" "-h" "{{ inventory_hostname }}" "-p" "10"
</Plugin>
diff --git a/roles/collectd/server/tasks/main.yml b/roles/collectd/server/tasks/main.yml
index c934c87..1cebff2 100644
--- a/roles/collectd/server/tasks/main.yml
+++ b/roles/collectd/server/tasks/main.yml
@@ -1,10 +1,10 @@
---
-# collectd server setup
+# collectd server setup
# install pkg
- name: install collectd server packages
- yum: name={{ item }} state=present
- with_items:
+ package: name={{ item }} state=present
+ with_items:
- collectd-rrdtool
- collectd-ping
- collectd-web
@@ -40,6 +40,20 @@
# install upgrade target
- name: install collect upgrade target to handle v4 clients
copy: src=vfive-upgrade.conf dest=/etc/collectd.d/vfive-upgrade.conf
- tags:
+ tags:
+ - config
+ - collectd/server
+
+# create /var/log/collectd as it's on a larger volume
+- name: create /var/log/collectd
+ file: path=/var/log/collectd owner=root group=root mode=0755 state=directory
+ tags:
+ - config
+ - collectd/server
+
+# create a link from /var/lib/collectd to /var/log/collectd
+- name: create link from /var/lib/collectd to /var/log/collectd
+ file: state=link src=/var/log/collectd dest=/var/lib/collectd
+ tags:
- config
- collectd/server
5 years, 4 months
[ansible] Sync playbooks
by Nicolas Chauvet
commit 6f0523fdba423fdc3d101174f8d59c21d2e60d4f
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Jul 31 15:02:21 2019 +0200
Sync playbooks
playbooks/groups/backup-server.yml | 6 ++++--
playbooks/groups/bastion.yml | 13 ++++++++-----
playbooks/groups/batcave.yml | 6 ++++--
playbooks/groups/buildvm.yml | 2 +-
playbooks/groups/fas.yml | 8 +++++---
playbooks/groups/koji-hub.yml | 26 ++++++--------------------
playbooks/groups/kojipkgs.yml | 4 +++-
playbooks/groups/packages.yml | 8 +++++---
playbooks/groups/postgresql-server.yml | 8 +++++---
playbooks/groups/proxies.yml | 22 +++++++++++++---------
playbooks/groups/sign-bridge.yml | 8 +++++---
playbooks/groups/virthost.yml | 11 ++++++++---
12 files changed, 67 insertions(+), 55 deletions(-)
---
diff --git a/playbooks/groups/backup-server.yml b/playbooks/groups/backup-server.yml
index 48723ba..0a7a6f3 100644
--- a/playbooks/groups/backup-server.yml
+++ b/playbooks/groups/backup-server.yml
@@ -8,7 +8,7 @@
user: root
gather_facts: True
- vars_files:
+ vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
@@ -27,8 +27,10 @@
nfs_src_dir: 'fedora_backups' }
- openvpn/client
- tasks:
+ pre_tasks:
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
+
+ tasks:
- import_tasks: "{{ tasks_path }}/2fa_client.yml"
- import_tasks: "{{ tasks_path }}/motd.yml"
- import_tasks: "{{ tasks_path }}/rdiff_backup_server.yml"
diff --git a/playbooks/groups/bastion.yml b/playbooks/groups/bastion.yml
index 3ed10ea..4d45bc9 100644
--- a/playbooks/groups/bastion.yml
+++ b/playbooks/groups/bastion.yml
@@ -1,4 +1,4 @@
-#- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=bastion"
+- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=bastion"
- name: make the boxen be real for real
hosts: bastion
@@ -21,8 +21,10 @@
- { role: openvpn/server, when: not inventory_hostname.startswith('bastion-comm01') }
- { role: packager_alias, when: not inventory_hostname.startswith('bastion-comm01') }
- tasks:
+ pre_tasks:
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
+
+ tasks:
- import_tasks: "{{ tasks_path }}/2fa_client.yml"
- import_tasks: "{{ tasks_path }}/motd.yml"
@@ -36,6 +38,7 @@
tasks:
- name: install needed packages
- package: name={{ item }} state=present
- with_items:
- - ipmitool
+ package:
+ state: present
+ name:
+ - ipmitool
diff --git a/playbooks/groups/batcave.yml b/playbooks/groups/batcave.yml
index 8907bef..136709c 100644
--- a/playbooks/groups/batcave.yml
+++ b/playbooks/groups/batcave.yml
@@ -32,9 +32,11 @@
- { role: nfs/client, mnt_dir: '/srv/web/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' }
- { role: nfs/client, mnt_dir: '/mnt/fedora/app', nfs_src_dir: 'fedora_app/app' }
-
- tasks:
+
+ pre_tasks:
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
+
+ tasks:
- import_tasks: "{{ tasks_path }}/2fa_client.yml"
- import_tasks: "{{ tasks_path }}/motd.yml"
diff --git a/playbooks/groups/buildvm.yml b/playbooks/groups/buildvm.yml
index 7092b11..57463fd 100644
--- a/playbooks/groups/buildvm.yml
+++ b/playbooks/groups/buildvm.yml
@@ -35,7 +35,7 @@
when: not inventory_hostname.startswith('bkernel')
- name: make sure kojid is running
- service: name=kojid state=running enabled=yes
+ service: name=kojid state=started enabled=yes
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
diff --git a/playbooks/groups/fas.yml b/playbooks/groups/fas.yml
index 3e5e2d4..2e480b9 100644
--- a/playbooks/groups/fas.yml
+++ b/playbooks/groups/fas.yml
@@ -1,9 +1,9 @@
# create a new fas server
-- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=fas:fas-stg"
+- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=fas:fas_stg"
- name: make the box be real
- hosts: fas-stg:fas
+ hosts: fas_stg:fas
user: root
gather_facts: True
@@ -28,8 +28,10 @@
# - yubikey
# - totpcgi
- tasks:
+ pre_tasks:
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
+
+ tasks:
- import_tasks: "{{ tasks_path }}/2fa_client.yml"
- import_tasks: "{{ tasks_path }}/motd.yml"
diff --git a/playbooks/groups/koji-hub.yml b/playbooks/groups/koji-hub.yml
index c1f3b6f..2428661 100644
--- a/playbooks/groups/koji-hub.yml
+++ b/playbooks/groups/koji-hub.yml
@@ -2,12 +2,12 @@
# NOTE: should be used with --limit most of the time
# NOTE: most of these vars_path come from group_vars/koji-hub or from hostvars
-- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=koji-stg:koji"
+- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=koji_stg:koji"
# Once the instance exists, configure it.
- name: make koji_hub server system
- hosts: koji-stg:koji
+ hosts: koji_stg:koji
user: root
gather_facts: True
@@ -51,6 +51,10 @@
- { role: koji_builder, when: env == "staging" or inventory_hostname.startswith('s390') or inventory_hostname.startswith('arm') }
- sudo
+
+ pre_tasks:
+ - import_tasks: "{{ tasks_path }}/yumrepos.yml"
+
tasks:
- name: create secondary volume dir for stg koji
file: dest=/mnt/koji/vol state=directory owner=apache group=apache mode=0755
@@ -60,27 +64,9 @@
file: src=/mnt/fedora_koji_prod/koji dest=/mnt/koji/vol/prod state=link
tags: koji_hub
when: env == 'staging'
- - import_tasks: "{{ tasks_path }}/yumrepos.yml"
- import_tasks: "{{ tasks_path }}/2fa_client.yml"
- import_tasks: "{{ tasks_path }}/motd.yml"
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
-
-#- name: Start the kojid builder daemon, but only on staging.
-# # Really -- this should never be set for prod.
-# hosts: koji-stg:s390-koji01.qa.rpmfusion.org
-# user: root
-# gather_facts: True
-#
-# # XXX - should these just be included in koji_builder and koji_hub roles?
-# tasks:
-# - name: make sure kojid is running
-# service: name=kojid state=running
-# tags:
-# - kojid
-# - name: make sure kojira is running
-# service: name=kojira state=running
-# tags:
-# - kojira
diff --git a/playbooks/groups/kojipkgs.yml b/playbooks/groups/kojipkgs.yml
index 4b53cf8..8eaedc3 100644
--- a/playbooks/groups/kojipkgs.yml
+++ b/playbooks/groups/kojipkgs.yml
@@ -10,6 +10,9 @@
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+ pre_tasks:
+ - import_tasks: "{{ tasks_path }}/yumrepos.yml"
+
roles:
- base
- rkhunter
@@ -31,7 +34,6 @@
- kojipkgs
tasks:
- - import_tasks: "{{ tasks_path }}/yumrepos.yml"
- import_tasks: "{{ tasks_path }}/2fa_client.yml"
- import_tasks: "{{ tasks_path }}/motd.yml"
diff --git a/playbooks/groups/packages.yml b/playbooks/groups/packages.yml
index f709d65..0345687 100644
--- a/playbooks/groups/packages.yml
+++ b/playbooks/groups/packages.yml
@@ -3,10 +3,10 @@
# NOTE: make sure there is room/space for this server on the vmhost
# NOTE: most of these vars_path come from group_vars/packages* or from hostvars
-- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=packages:packages-stg"
+- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=packages:packages_stg"
- name: make the box be real
- hosts: packages:packages-stg
+ hosts: packages:packages_stg
user: root
gather_facts: True
@@ -15,6 +15,9 @@
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+ pre_tasks:
+ - import_tasks: "{{ tasks_path }}/yumrepos.yml"
+
roles:
- base
- rkhunter
@@ -29,7 +32,6 @@
- apache
tasks:
- - import_tasks: "{{ tasks_path }}/yumrepos.yml"
- import_tasks: "{{ tasks_path }}/2fa_client.yml"
- import_tasks: "{{ tasks_path }}/motd.yml"
- import_tasks: "{{ tasks_path }}/mod_wsgi.yml"
diff --git a/playbooks/groups/postgresql-server.yml b/playbooks/groups/postgresql-server.yml
index db4c57c..c4bca93 100644
--- a/playbooks/groups/postgresql-server.yml
+++ b/playbooks/groups/postgresql-server.yml
@@ -4,18 +4,21 @@
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=db02.online.rpmfusion.net"
-# Once the instance exists, configure it.
+# Once the instance exists, configure it.
- name: configure postgresql server system
hosts: db02.online.rpmfusion.net
user: root
gather_facts: True
- vars_files:
+ vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+ pre_tasks:
+ - import_tasks: "{{ tasks_path }}/yumrepos.yml"
+
roles:
- base
- rkhunter
@@ -29,7 +32,6 @@
- koji_db
tasks:
- - import_tasks: "{{ tasks_path }}/yumrepos.yml"
- import_tasks: "{{ tasks_path }}/2fa_client.yml"
- import_tasks: "{{ tasks_path }}/motd.yml"
diff --git a/playbooks/groups/proxies.yml b/playbooks/groups/proxies.yml
index 2d3171b..848dafe 100644
--- a/playbooks/groups/proxies.yml
+++ b/playbooks/groups/proxies.yml
@@ -1,9 +1,9 @@
# create a new proxy server
-- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=proxies:proxies-stg"
+- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=proxies:proxies_stg:!proxy05.fedoraproject.org"
- name: make the box be real
- hosts: proxies-stg:proxies
+ hosts: proxies_stg:proxies
user: root
gather_facts: True
@@ -12,8 +12,13 @@
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+ pre_tasks:
+ - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README
+ - import_tasks: "{{ tasks_path }}/yumrepos.yml"
+
roles:
- base
+ - fas_client
- rkhunter
- nagios/client
- collectd/base
@@ -24,11 +29,10 @@
- apache
tasks:
- - import_tasks: "{{ tasks_path }}/yumrepos.yml"
- import_tasks: "{{ tasks_path }}/2fa_client.yml"
- import_tasks: "{{ tasks_path }}/motd.yml"
- # You might think we would want these tasks on the proxy nodes, but they
+ # You might think we would want these tasks_path on the proxy nodes, but they
# actually deliver a configuration that our proxy-specific roles below then go
# and overwrite... so, let's just leave them out.
#- import_tasks: "{{ tasks_path }}/apache.yml"
@@ -57,7 +61,8 @@
- name: Set up the proxy basics
- hosts: proxies-stg:proxies
+ hosts: proxies_stg:proxies
+ strategy: free
user: root
gather_facts: False
@@ -125,7 +130,8 @@
- import_playbook: /srv/web/infra/ansible/playbooks/include/proxies-miscellaneous.yml
- name: Make sure we are deployed fully
- hosts: proxies-stg:proxies
+ hosts: proxies_stg:proxies
+ strategy: free
user: root
gather_facts: False
@@ -149,7 +155,7 @@
- reload httpd
#
- # If this is an initial deployment, make sure docs are synced over.
+ # If this is an initial deployment, make sure docs are synced over.
# Do not count these as changed ever
#
- name: make sure docs are synced. This could take a very very very logtime to finish
@@ -161,5 +167,3 @@
command: restorecon -R /srv
changed_when: false
- roles:
- - fas_client
diff --git a/playbooks/groups/sign-bridge.yml b/playbooks/groups/sign-bridge.yml
index df7a97d..e1906fb 100644
--- a/playbooks/groups/sign-bridge.yml
+++ b/playbooks/groups/sign-bridge.yml
@@ -6,10 +6,10 @@
# Access is via management interface only. This playbook does initial setup.
# Please check with rel-eng before doing anything here.
-#- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=sign-bridge"
+- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=sign_bridge"
- name: configure sign bridge server
- hosts: sign-bridge
+ hosts: sign_bridge
user: root
gather_facts: true
@@ -30,9 +30,11 @@
# owner_group: sigul
- sigul/bridge
+ pre_tasks:
+ - import_tasks: "{{ tasks_path
+
tasks:
- import_tasks: "{{ tasks_path }}/motd.yml"
- - import_tasks: "{{ tasks_path }}/yumrepos.yml"
- import_tasks: "{{ tasks_path }}/2fa_client.yml"
handlers:
diff --git a/playbooks/groups/virthost.yml b/playbooks/groups/virthost.yml
index d1c1377..7eac207 100644
--- a/playbooks/groups/virthost.yml
+++ b/playbooks/groups/virthost.yml
@@ -2,16 +2,22 @@
# NOTE: should be used with --limit most of the time
# NOTE: most of these vars_path come from group_vars/backup_server or from hostvars
+- import_playbook: "/srv/web/infra/ansible/playbooks/include/happy_birthday.yml myhosts=virthost:bvirthost:buildvmhost:virthost_comm:colo_virt:virthost_communishift
+
- name: make virthost server system
- hosts: virthost:bvirthost:buildvmhost:virthost-comm:colo-virt:!internetx01.rpmfu...
+ hosts: virthost:bvirthost:buildvmhost:virthost_comm:colo_virt:virthost_communishift
user: root
gather_facts: True
- vars_files:
+ vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+ pre_tasks:
+ - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README
+ - import_tasks: "{{ tasks_path }}/yumrepos.yml"
+
roles:
- base
- rkhunter
@@ -25,7 +31,6 @@
- virthost
tasks:
- - import_tasks: "{{ tasks_path }}/yumrepos.yml"
- import_tasks: "{{ tasks_path }}/2fa_client.yml"
- import_tasks: "{{ tasks_path }}/motd.yml"
5 years, 4 months
[ansible] Sync tasks
by Nicolas Chauvet
commit 668ff84cdd8253bb2a11cbe377bc35d226dd1a7a
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Jul 31 15:02:05 2019 +0200
Sync tasks
tasks/osbs_koji_token.yml | 11 +++++++++
tasks/transient_newcloud.yml | 52 ++++++++++++++++++++++++++++++++++++++++++
2 files changed, 63 insertions(+), 0 deletions(-)
---
diff --git a/tasks/osbs_koji_token.yml b/tasks/osbs_koji_token.yml
new file mode 100644
index 0000000..f219337
--- /dev/null
+++ b/tasks/osbs_koji_token.yml
@@ -0,0 +1,11 @@
+---
+
+- name: make sure that /etc/osbs directory exists
+ file: path=/etc/osbs state=directory
+
+- name: put the koji token file in place
+ copy:
+ src: "{{ private }}/files/osbs/{{ env }}/x86-64-osbs-koji"
+ dest: "/etc/osbs/x86-64-osbs-koji"
+ owner: root
+ mode: 0400
diff --git a/tasks/transient_newcloud.yml b/tasks/transient_newcloud.yml
new file mode 100644
index 0000000..3c2a86f
--- /dev/null
+++ b/tasks/transient_newcloud.yml
@@ -0,0 +1,52 @@
+- name: spin UP VM using os_server
+ delegate_to: undercloud01.cloud.fedoraproject.org
+ os_server:
+ state: present
+ security_groups: default
+ nics:
+ - net-id: d18c60b1-bba2-416f-87c3-a4416191bd7c
+ name: "{{ name }}"
+ auth:
+ auth_url: http://172.23.1.52:5000/v2.0
+ username: "admin"
+ password: "{{newcloud_os_admin_pw}}"
+ project_name: relrod-super-cool-test-project
+ image: fedora-28-cloud-test
+ flavor: test.flavor.blah
+ key_name: fedora-admin-20130801
+ auto_floating_ip: true
+ userdata: "#cloud-config\ndisable_root: 0"
+ register: instance
+
+- name: add it to the special group
+ local_action: add_host hostname="{{ instance.server.accessIPv4 }}" groupname=tmp_just_created
+
+- name: mail off about where it is
+ local_action: mail
+ to=codeblock(a)fedoraproject.org
+ from=ansible-create(a)fedoraproject.org
+ subject="{{ instance.server.accessIPv4 }}"
+ body="transient cloud instance created on {{ instance.server.accessIPv4 }}
+ name = {{ name }}
+ root_auth_users = {{ root_auth_users }}
+ image = {{ image }}"
+
+- name: wait for he host to be hot
+ local_action: wait_for host={{ instance.server.accessIPv4 }} port=22 delay=1 timeout=600
+
+- name: gather ssh host key from new instance
+ local_action: command ssh-keyscan -t rsa {{ instance.server.accessIPv4 }}
+ ignore_errors: True
+ register: hostkey
+
+- name: add new ssh host key (you still need to add it to official ssh_host_keys later)
+ local_action: known_hosts path={{item}} key="{{ hostkey.stdout }}" host={{ instance.server.accessIPv4 }} state=present
+ ignore_errors: True
+ with_items:
+ - /root/.ssh/known_hosts
+ - /etc/ssh/ssh_known_hosts
+
+# SSH is up and running, however cloud-init still did not deployed ssh keypair
+# we have to wait some time. 10 sec is usually enough, but not always.
+- name: waiting for cloud-init
+ pause: seconds=30
5 years, 4 months
[ansible] Update handlers
by Nicolas Chauvet
commit 382e706f45e7bd44fbb0f872ef8208a0f050933f
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Jul 31 14:44:08 2019 +0200
Update handlers
handlers/restart_services.yml | 18 +++++++++++++++---
1 files changed, 15 insertions(+), 3 deletions(-)
---
diff --git a/handlers/restart_services.yml b/handlers/restart_services.yml
index 89740cb..aab9633 100644
--- a/handlers/restart_services.yml
+++ b/handlers/restart_services.yml
@@ -2,6 +2,9 @@
# Handlers for restarting services
#
+- name: reload systemd
+ command: systemctl daemon-reload
+
- name: restart apache
command: /usr/local/bin/conditional-restart.sh httpd httpd
@@ -53,6 +56,9 @@
- name: restart ntpd
action: service name=ntpd state=restarted
+- name: restart sshd
+ action: service name=sshd state=restarted
+
- name: restart openvpn (Fedora)
when: ansible_distribution == "Fedora"
action: service name=openvpn-client@openvpn state=restarted
@@ -116,9 +122,6 @@
- name: restart memcached
service: name=memcached state=restarted
-- name: reload systemd
- command: systemctl daemon-reload
-
- name: restart nagios
shell: nagios -v /etc/nagios/nagios.cfg && systemctl restart nagios
@@ -181,3 +184,12 @@
- name: restart buildmaster
service: name=buildmaster state=restarted
+
+- name: restart rabbitmq
+ systemd:
+ name: rabbitmq-server
+ state: restarted
+ daemon_reload: yes
+
+- name: restart repoSpanner
+ action: service name=repoSpanner state=restarted
5 years, 4 months
[ansible] Update koji_builder
by Nicolas Chauvet
commit 0bf0cae0d7283c7066d582046fb6461ae4abed96
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Jul 31 14:41:52 2019 +0200
Update koji_builder
roles/koji_builder/tasks/main.yml | 41 +++++++++++++++++++-----------------
1 files changed, 22 insertions(+), 19 deletions(-)
---
diff --git a/roles/koji_builder/tasks/main.yml b/roles/koji_builder/tasks/main.yml
index b3bdb73..67681f0 100644
--- a/roles/koji_builder/tasks/main.yml
+++ b/roles/koji_builder/tasks/main.yml
@@ -71,11 +71,13 @@
- koji_builder
- name: add pkgs
- dnf: state=present pkg={{ item }}
- with_items:
+ package:
+ state: present
+ name:
- koji-builder
+ - koji-builder-plugins
- python2-koji
- - python2-krbv
+ - python-krbV
- koji-containerbuild-builder
- strace
- mock
@@ -106,20 +108,20 @@
tags:
- koji_builder
-- name: add pkgs on new builders
- dnf: state=present pkg={{ item }}
- with_items:
- - koji-builder-plugins
- tags:
- - koji_builder
- when: ansible_distribution_major_version|int >= 28
-
- name: Install arm UEFI firmware package (aarch64 only)
- dnf: name=edk2-arm state=present
+ package: name=edk2-arm state=present
tags:
- koji_builder
when: "ansible_architecture is defined and ansible_architecture == 'aarch64'"
+- name: Re byte compile Guest.py (if needed)
+ command: python2 -m compileall /usr/lib/python2.7/site-packages/oz/Guest.py
+ register: compileGuestpy
+ changed_when: "'Compiling ' in compileGuestpy.stdout"
+ tags:
+ - koji_builder
+ notify:
+ - restart kojid
- name: enable virtlogd service
service: name=virtlogd state=started enabled=yes
@@ -227,19 +229,20 @@
# x86_64 builders run both x86_64 and i686 builds, that requires multilib
# version of nosync installed to fully take advantage of nosync
- name: special pkgs for the x86_64 builders
- package: state=present pkg={{ item }}
- with_items:
- - nosync.i686
+ package:
+ state: present
+ name:
+ - nosync.i686
when: ansible_architecture == 'x86_64'
tags:
- koji_builder
# non-bkernel x86_64 builders run container_build, which needs osbs
- name: special pkgs for the x86_64 builders
- package: state=present pkg={{ item }}
- with_items:
- - python2-osbs-client.noarch
- - python3-osbs-client.noarch
+ package:
+ state: present
+ name:
+ - python3-osbs-client.noarch
when: "ansible_architecture == 'x86_64' and not inventory_hostname.startswith('bkernel')"
tags:
- koji_builder
5 years, 4 months
[ansible] Avoid sudo on host to sign pubkey
by Nicolas Chauvet
commit c38e1fc52dc332759eb04e026f80fe132c2ec8a7
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Jul 31 14:41:39 2019 +0200
Avoid sudo on host to sign pubkey
roles/basessh/tasks/main.yml | 4 +---
1 files changed, 1 insertions(+), 3 deletions(-)
---
diff --git a/roles/basessh/tasks/main.yml b/roles/basessh/tasks/main.yml
index d50017f..bd4706b 100644
--- a/roles/basessh/tasks/main.yml
+++ b/roles/basessh/tasks/main.yml
@@ -160,9 +160,7 @@
- name: Create directory for storing pubkeys
file: path="{{pubkeydir}}"
- owner=root
- group=root
- mode=0600
+ mode=0700
state=directory
delegate_to: localhost
run_once: true
5 years, 4 months