June 2020 - sysadmin-notify

by Nicolas Chauvet

commit f3bb287aa5a337850e7b109a267d9cde30f5a875 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Fri Jun 5 17:39:20 2020 +0200 Update resolv.conf .../resolv.conf/aarch64-10.home.rpmfusion.net | 2 ++ .../resolv.conf/arm-builder09.home.rpmfusion.net | 2 ++ .../resolv.conf/arm-builder11.home.rpmfusion.net | 2 ++ .../resolv.conf/arm-builder12.home.rpmfusion.net | 2 ++ roles/base/files/resolv.conf/linaro | 1 + 5 files changed, 9 insertions(+), 0 deletions(-) --- diff --git a/roles/base/files/resolv.conf/aarch64-10.home.rpmfusion.net b/roles/base/files/resolv.conf/aarch64-10.home.rpmfusion.net new file mode 100644 index 0000000..67f681b --- /dev/null +++ b/roles/base/files/resolv.conf/aarch64-10.home.rpmfusion.net @@ -0,0 +1,2 @@ +search home.rpmfusion.net +nameserver 192.168.11.254 diff --git a/roles/base/files/resolv.conf/arm-builder09.home.rpmfusion.net b/roles/base/files/resolv.conf/arm-builder09.home.rpmfusion.net new file mode 100644 index 0000000..67f681b --- /dev/null +++ b/roles/base/files/resolv.conf/arm-builder09.home.rpmfusion.net @@ -0,0 +1,2 @@ +search home.rpmfusion.net +nameserver 192.168.11.254 diff --git a/roles/base/files/resolv.conf/arm-builder11.home.rpmfusion.net b/roles/base/files/resolv.conf/arm-builder11.home.rpmfusion.net new file mode 100644 index 0000000..67f681b --- /dev/null +++ b/roles/base/files/resolv.conf/arm-builder11.home.rpmfusion.net @@ -0,0 +1,2 @@ +search home.rpmfusion.net +nameserver 192.168.11.254 diff --git a/roles/base/files/resolv.conf/arm-builder12.home.rpmfusion.net b/roles/base/files/resolv.conf/arm-builder12.home.rpmfusion.net new file mode 100644 index 0000000..67f681b --- /dev/null +++ b/roles/base/files/resolv.conf/arm-builder12.home.rpmfusion.net @@ -0,0 +1,2 @@ +search home.rpmfusion.net +nameserver 192.168.11.254 diff --git a/roles/base/files/resolv.conf/linaro b/roles/base/files/resolv.conf/linaro index 8afc133..1b4a9b2 100644 --- a/roles/base/files/resolv.conf/linaro +++ b/roles/base/files/resolv.conf/linaro @@ -1,3 +1,4 @@ search linaro.rpmfusion.net nameserver 8.8.8.8 +nameserver 1.1.1.1 options rotate timeout:1

4 years, 6 months

1
0
0 / 0

[ansible] Update dnf-automatic

by Nicolas Chauvet

commit c7eaae2b42b02e1c662465f0b79f2055148620f4 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Fri Jun 5 17:14:07 2020 +0200 Update dnf-automatic roles/dnf-automatic/tasks/main.yml | 37 ++++++++++++++++++++++++++++------- 1 files changed, 29 insertions(+), 8 deletions(-) --- diff --git a/roles/dnf-automatic/tasks/main.yml b/roles/dnf-automatic/tasks/main.yml index a848291..11245f3 100644 --- a/roles/dnf-automatic/tasks/main.yml +++ b/roles/dnf-automatic/tasks/main.yml @@ -23,7 +23,7 @@ - name: enable and start dnf-automatic command: systemctl enable dnf-automatic.timer - when: ansible_distribution_major_version|int < 26 + when: ansible_distribution_major_version|int < 8 args: creates: /etc/systemd/system/basic.target.wants/dnf-automatic.timer tags: @@ -35,17 +35,25 @@ check_mode: no changed_when: 1 != 1 ignore_errors: true - when: ansible_distribution_major_version|int < 26 + when: ansible_distribution_major_version|int < 8 - name: start dnf-automatic.timer if it is not active command: systemctl start dnf-automatic.timer - when: automaticative|failed and ansible_distribution_major_version|int < 26 + when: automaticative is failed and ansible_distribution_major_version|int < 8 - name: enable and start dnf-automatic f26+ command: systemctl enable dnf-automatic-install.timer - when: ansible_distribution_major_version|int >= 26 - args: - creates: /etc/systemd/system/basic.target.wants/dnf-automatic-install.timer + when: ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora' + register: dnfautomaticenable + changed_when: dnfautomaticenable.rc != 0 + tags: + - config + + - name: enable and start dnf-automatic RHEL8+ + command: systemctl enable dnf-automatic-install.timer + when: ansible_distribution_major_version|int >= 8 and ansible_distribution == 'CentOS' + register: dnfautomaticenable + changed_when: dnfautomaticenable.rc != 0 tags: - config @@ -55,13 +63,26 @@ check_mode: no changed_when: 1 != 1 ignore_errors: true - when: ansible_distribution_major_version|int >= 26 + when: ansible_distribution_major_version|int >= 8 and ansible_distribution == 'CentOS' + + - name: check if dnf-automatic-install.timer is active + command: systemctl is-active dnf-automatic-install.timer + register: automaticative + check_mode: no + changed_when: 1 != 1 + ignore_errors: true + when: ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora' - name: start dnf-automatic-install.timer if it is not active command: systemctl start dnf-automatic-install.timer - when: automaticative|failed and ansible_distribution_major_version|int >= 26 + when: automaticative is failed and ansible_distribution_major_version|int >= 8 and ansible_distribution == 'CentOS' + + - name: start dnf-automatic-install.timer if it is not active + command: systemctl start dnf-automatic-install.timer + when: automaticative is failed and ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora' - name: disable silly makecache timer systemd: name=dnf-makecache masked=yes + ignore_errors: true when: ansible_pkg_mgr == 'dnf'

4 years, 6 months

1
0
0 / 0

[ansible] Fix when condition

by Nicolas Chauvet

commit 0778272ed19147f7a635a7cc4e8d66f7e975d5d9 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Fri Jun 5 16:47:55 2020 +0200 Fix when condition roles/koji_builder/tasks/main.yml | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) --- diff --git a/roles/koji_builder/tasks/main.yml b/roles/koji_builder/tasks/main.yml index cff7043..30a8df8 100644 --- a/roles/koji_builder/tasks/main.yml +++ b/roles/koji_builder/tasks/main.yml @@ -275,7 +275,7 @@ tags: - koji_builder - selinux - when: ansible_architecture != 'armv7l' && ansible_architecture != 'aarch64' + when: ansible_architecture != 'armv7l' and ansible_architecture != 'aarch64' - name: Create directory for shared secrets file:

4 years, 6 months

1
0
0 / 0

[ansible] Set selinux as permissive unless armv7l or aarch64

by Nicolas Chauvet

commit b69733a13a68e30a6f62331af60ca608f6ea3b36 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Fri Jun 5 16:42:07 2020 +0200 Set selinux as permissive unless armv7l or aarch64 roles/koji_builder/tasks/main.yml | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) --- diff --git a/roles/koji_builder/tasks/main.yml b/roles/koji_builder/tasks/main.yml index f2886ad..cff7043 100644 --- a/roles/koji_builder/tasks/main.yml +++ b/roles/koji_builder/tasks/main.yml @@ -275,6 +275,7 @@ tags: - koji_builder - selinux + when: ansible_architecture != 'armv7l' && ansible_architecture != 'aarch64' - name: Create directory for shared secrets file:

4 years, 6 months

1
0
0 / 0

[ansible] Refresh hosts

by Nicolas Chauvet

commit 91b2f31e2a61e6b48a34c32d3e8a5acb656f3feb Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Fri Jun 5 16:34:15 2020 +0200 Refresh hosts .../files/buildvm-05-virt.rpmfusion.net-hosts | 2 +- .../files/buildvm-06-virt.rpmfusion.net-hosts | 2 +- roles/hosts/files/home-hosts | 2 +- roles/hosts/files/linaro-hosts | 2 +- roles/hosts/files/osuosl-hosts | 2 +- roles/hosts/files/scaleway-hosts | 4 ++-- roles/hosts/files/virt-hosts | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) --- diff --git a/roles/hosts/files/buildvm-05-virt.rpmfusion.net-hosts b/roles/hosts/files/buildvm-05-virt.rpmfusion.net-hosts index 866d8a1..5158ec7 100644 --- a/roles/hosts/files/buildvm-05-virt.rpmfusion.net-hosts +++ b/roles/hosts/files/buildvm-05-virt.rpmfusion.net-hosts @@ -1,5 +1,5 @@ 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 -::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 +::1 localhost6 localhost6.localdomain6 # hv01 online - public #195.154.185.75 hv01.online.rpmfusion.net hv01 diff --git a/roles/hosts/files/buildvm-06-virt.rpmfusion.net-hosts b/roles/hosts/files/buildvm-06-virt.rpmfusion.net-hosts index 866d8a1..5158ec7 100644 --- a/roles/hosts/files/buildvm-06-virt.rpmfusion.net-hosts +++ b/roles/hosts/files/buildvm-06-virt.rpmfusion.net-hosts @@ -1,5 +1,5 @@ 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 -::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 +::1 localhost6 localhost6.localdomain6 # hv01 online - public #195.154.185.75 hv01.online.rpmfusion.net hv01 diff --git a/roles/hosts/files/home-hosts b/roles/hosts/files/home-hosts index f34e51a..4690fee 100644 --- a/roles/hosts/files/home-hosts +++ b/roles/hosts/files/home-hosts @@ -1,5 +1,5 @@ 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 -::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 +::1 localhost6 localhost6.localdomain6 # hv01 online - public #195.154.185.75 hv01.online.rpmfusion.net hv01 diff --git a/roles/hosts/files/linaro-hosts b/roles/hosts/files/linaro-hosts index d2e8620..6fcc9f3 100644 --- a/roles/hosts/files/linaro-hosts +++ b/roles/hosts/files/linaro-hosts @@ -1,5 +1,5 @@ 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 -::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 +::1 localhost6 localhost6.localdomain6 # hv01 online - public 195.154.185.75 hv01.online.rpmfusion.net hv01 diff --git a/roles/hosts/files/osuosl-hosts b/roles/hosts/files/osuosl-hosts index 97c216f..6e77d2e 100644 --- a/roles/hosts/files/osuosl-hosts +++ b/roles/hosts/files/osuosl-hosts @@ -1,5 +1,5 @@ 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 proxy -::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 +::1 localhost6 localhost6.localdomain6 # hv01 online - public 195.154.185.75 hv01.online.rpmfusion.net hv01 diff --git a/roles/hosts/files/scaleway-hosts b/roles/hosts/files/scaleway-hosts index fc397fa..8bacb69 100644 --- a/roles/hosts/files/scaleway-hosts +++ b/roles/hosts/files/scaleway-hosts @@ -1,5 +1,5 @@ 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 -::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 +::1 localhost6 localhost6.localdomain6 # hv01 online - public #195.154.185.75 hv01.online.rpmfusion.net hv01 @@ -20,4 +20,4 @@ 192.168.182.1 hv01.vpn.rpmfusion.net proxy.vpn.rpmfusion.net nfs-server.vpn.rpmfusion.net nfs-server log01 # scaleway -10.2.10.75 proxy01.scaleway.rpmfusion.net proxy01 proxy +10.64.174.105 proxy01.scaleway.rpmfusion.net proxy01 proxy diff --git a/roles/hosts/files/virt-hosts b/roles/hosts/files/virt-hosts index 1d67de9..da2e865 100644 --- a/roles/hosts/files/virt-hosts +++ b/roles/hosts/files/virt-hosts @@ -1,5 +1,5 @@ 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 -::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 +::1 localhost6 localhost6.localdomain6 # hv01 online - public #195.154.185.75 hv01.online.rpmfusion.net hv01

4 years, 6 months

1
0
0 / 0

[ansible] Update online hosts

by Nicolas Chauvet

commit 2564b775737b109e4f674a5a8fb30a721a13721d Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Fri Jun 5 16:23:49 2020 +0200 Update online hosts roles/hosts/files/online-hosts | 5 +---- 1 files changed, 1 insertions(+), 4 deletions(-) --- diff --git a/roles/hosts/files/online-hosts b/roles/hosts/files/online-hosts index 481afa5..3d5ee1f 100644 --- a/roles/hosts/files/online-hosts +++ b/roles/hosts/files/online-hosts @@ -1,8 +1,5 @@ 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 -::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 - -# Puppet master -188.165.226.50 puppet.rpmfusion.org puppet puppet.ovh.rpmfusion.lan +::1 localhost6 localhost6.localdomain6 # hv01 online - public #195.154.185.75 hv01.online.rpmfusion.net hv01

4 years, 6 months

1
0
0 / 0

[ansible] Add bkernel

by Nicolas Chauvet

commit 3e4fe4074ddca423fb03ab705bc840c28a2e7056 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Fri Jun 5 15:30:52 2020 +0200 Add bkernel roles/bkernel/files/bkernel-site-defaults.cfg | 6 +++ roles/bkernel/files/history_off.sh | 2 + roles/bkernel/files/pesign-users | 2 + roles/bkernel/tasks/main.yml | 50 +++++++++++++++++++++++++ 4 files changed, 60 insertions(+), 0 deletions(-) --- diff --git a/roles/bkernel/files/bkernel-site-defaults.cfg b/roles/bkernel/files/bkernel-site-defaults.cfg new file mode 100644 index 0000000..dcfe957 --- /dev/null +++ b/roles/bkernel/files/bkernel-site-defaults.cfg @@ -0,0 +1,6 @@ +# mount the pesign socket into the chroot +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/var/run/pesign', '/var/run/pesign' )) +config_opts['plugin_conf']['package_state_enable'] = False +config_opts['nosync'] = True +config_opts['nosync_force'] = True +config_opts['environment']['LANG'] = os.environ.setdefault('LANG', 'C.UTF-8') diff --git a/roles/bkernel/files/history_off.sh b/roles/bkernel/files/history_off.sh new file mode 100644 index 0000000..be7ee75 --- /dev/null +++ b/roles/bkernel/files/history_off.sh @@ -0,0 +1,2 @@ +unset HISTFILE +set HISTSIZE=0 diff --git a/roles/bkernel/files/pesign-users b/roles/bkernel/files/pesign-users new file mode 100644 index 0000000..649d673 --- /dev/null +++ b/roles/bkernel/files/pesign-users @@ -0,0 +1,2 @@ +kojibuilder +pesign diff --git a/roles/bkernel/tasks/main.yml b/roles/bkernel/tasks/main.yml new file mode 100644 index 0000000..f2efd74 --- /dev/null +++ b/roles/bkernel/tasks/main.yml @@ -0,0 +1,50 @@ +--- +- name: add pkgs for bkernel boxes + package: + state: present + name: + - pesign + - ccid + - pcsc-lite + - pcsc-lite-libs + - opensc + - nss-tools + tags: + - bkernel + +- name: enable pcscd + service: name=pcscd state=started enabled=true + tags: + - bkernel + +- name: setup opensc in pcscd + shell: modutil -dbdir /etc/pki/pesign -list | grep -q Fedora || modutil -force -dbdir /etc/pki/pesign -add opensc -libfile /usr/lib64/pkcs11/opensc-pkcs11.so + check_mode: no + changed_when: "1 != 1" + tags: + - bkernel + +- name: setup pesign users config + copy: src=pesign-users dest=/etc/pesign/users mode=0600 owner=root group=root + tags: + - bkernel + +- name: enable pesign + service: name=pesign state=started enabled=true + tags: + - bkernel + +- name: /var/run/pesign perms + file: state=directory path=/var/run/pesign owner=pesign group=pesign mode=0770 + tags: + - bkernel + +- name: when you awake you will remember nothing + copy: src=history_off.sh dest=/etc/profile.d/history_off.sh mode=0644 + tags: + - bkernel + +- name: mock site-defaults.cfg + copy: src=bkernel-site-defaults.cfg dest=/etc/mock/site-defaults.cfg mode=0644 owner=root group=mock + tags: + - bkernel

4 years, 6 months

1
0
0 / 0

[ansible] Enforce postfix on fedora instead of auditd

by Nicolas Chauvet

commit a7a08e58a6f5b0865665a9afb477a285922b50ff Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Fri Jun 5 15:10:34 2020 +0200 Enforce postfix on fedora instead of auditd vars/Fedora.yml | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) --- diff --git a/vars/Fedora.yml b/vars/Fedora.yml index affe407..ceb6613 100644 --- a/vars/Fedora.yml +++ b/vars/Fedora.yml @@ -3,6 +3,6 @@ dist_tag: f{{ ansible_distribution_version }} base_pkgs_inst: ['iptables-services' ] base_pkgs_erase: ['firewalld', 'sendmail', 'at'] service_disabled: [ ] -service_enabled: ['auditd'] +service_enabled: ['postfix'] is_fedora: True pythonsitelib: /usr/lib/python2.7/site-packages

4 years, 6 months

1
0
0 / 0

[ansible] Update builders

by Nicolas Chauvet

commit 6366cc60883c7d089d40f2dcea2851d3014605ad Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Fri Jun 5 15:09:43 2020 +0200 Update builders inventory/builders | 17 ++++++++--------- 1 files changed, 8 insertions(+), 9 deletions(-) --- diff --git a/inventory/builders b/inventory/builders index 158db90..9907a5c 100644 --- a/inventory/builders +++ b/inventory/builders @@ -1,6 +1,6 @@ [buildhw_aarch64] -aarch64-01.linaro.rpmfusion.net ansible_user=fedora ansible_become=yes ansible_python_interpreter=/usr/bin/python3 -aarch64-02.linaro.rpmfusion.net ansible_user=fedora ansible_become=yes ansible_python_interpreter=/usr/bin/python3 +#aarch64-01.linaro.rpmfusion.net ansible_user=fedora ansible_become=yes ansible_python_interpreter=/usr/bin/python3 +#aarch64-02.linaro.rpmfusion.net ansible_user=fedora ansible_become=yes ansible_python_interpreter=/usr/bin/python3 aarch64-03.linaro.rpmfusion.net ansible_user=fedora ansible_become=yes ansible_python_interpreter=/usr/bin/python3 aarch64-04.linaro.rpmfusion.net ansible_user=fedora ansible_become=yes ansible_python_interpreter=/usr/bin/python3 aarch64-jetson-tx1.home.rpmfusion.net @@ -22,7 +22,6 @@ buildvm-07.virt.rpmfusion.net #buildvm-08.virt.rpmfusion.net [buildhw_ppc64] -buildppc-01.osuosl.rpmfusion.net ansible_user=fedora ansible_become=yes [buildhw_ppc64le] buildppcle-01.osuosl.rpmfusion.net ansible_user=fedora ansible_become=yes @@ -46,16 +45,16 @@ buildhw_ppc64le home_arm [scaleway_c1] -arm-builder01.scaleway.rpmfusion.net -arm-builder02.scaleway.rpmfusion.net -arm-builder03.scaleway.rpmfusion.net -arm-builder04.scaleway.rpmfusion.net +#arm-builder01.scaleway.rpmfusion.net +#arm-builder02.scaleway.rpmfusion.net +#arm-builder03.scaleway.rpmfusion.net +#arm-builder04.scaleway.rpmfusion.net [home_arm] arm-builder09.home.rpmfusion.net -arm-builder10.home.rpmfusion.net +#arm-builder10.home.rpmfusion.net arm-builder11.home.rpmfusion.net -arm-builder12.home.rpmfusion.net +#arm-builder12.home.rpmfusion.net arm-jetson-tk1.home.rpmfusion.net arm-jetson-tx1.home.rpmfusion.net

4 years, 6 months

1
0
0 / 0

[ansible] Sync with current fedora mock options

by Nicolas Chauvet

commit 59ac363936e5b7dc03da8c5b8eb6a05acc6cf732 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Thu Jun 4 18:53:43 2020 +0200 Sync with current fedora mock options .../koji_builder/files/builders/site-defaults.cfg | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) --- diff --git a/roles/koji_builder/files/builders/site-defaults.cfg b/roles/koji_builder/files/builders/site-defaults.cfg index c13198c..a3c7e13 100644 --- a/roles/koji_builder/files/builders/site-defaults.cfg +++ b/roles/koji_builder/files/builders/site-defaults.cfg @@ -5,5 +5,5 @@ config_opts['http_proxy'] = 'http://proxy:3128' config_opts['nosync'] = True config_opts['nosync_force'] = True config_opts['environment']['LANG'] = os.environ.setdefault('LANG', 'C.UTF-8') -if config_opts['chroot_name'].startswith('koji/el8'): - config_opts['dnf_common_opts'] = ['--setopt=module_platform_id=platform:el8'] +config_opts['use_bootstrap'] = False +config_opts['dnf_warning'] = False

4 years, 6 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

sysadmin-notify June 2020