[ansible] Update authorized keys on builders
by Nicolas Chauvet
commit b4fd81a63cc4b2316b974b5e61cda505c913c4a5
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Aug 26 09:05:23 2020 +0200
Update authorized keys on builders
roles/koji_builder/files/ftbfs_auth_keys | 1 +
roles/koji_builder/files/root_auth_keys | 1 +
2 files changed, 2 insertions(+), 0 deletions(-)
---
diff --git a/roles/koji_builder/files/ftbfs_auth_keys b/roles/koji_builder/files/ftbfs_auth_keys
index d0a1275..cd482ce 100644
--- a/roles/koji_builder/files/ftbfs_auth_keys
+++ b/roles/koji_builder/files/ftbfs_auth_keys
@@ -1,3 +1,4 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDnYiQsnoAJpqmZXzlq5Vv8TbfIQnV8IEYMyWZs0eU2Otec7QbCBJPchDKHVezEIPt+nHgSOg9QSE3OlVA4rhNrkxDnuxO9jwiSQmz8ayvlvig1hjp3C/GJmpM2sjljPA33YVTcOjFSab0GC7EIWF6mWQyDWHTvbdy9R4VRRy5jX4R6Hs3hLtNZs15UYAScLsmFitZKoW3TeIW1fTTuAM2p8h/KaMjMyQSiRrGQ97HTxipahLU2hjYiLMzgg3Xcfnnvi8I2Af8+c11Uy4bxQnMP4Ya40LbTc70oSYdb+VXjCBRXSAw+8K1vvX02ex/Wq5MsDdmQy7JzEb3M8vIMGU7E3I7UI3zRkXmwOKN9Vv8Jn7LxM/sgtixzC6qmwU420r6hRxmXT6H9uZRRX0UteCTxSdu0af+hTdjLd7fxm4L5EVYbm8btqfCpQuXPBesRCNvzvuMsIjdM9PvcTTNO1Sr8Zce+lAZLlddmPguCLIMcNrHl3HO0C+QnGWwQWWijViWsBBkuQs6QyxxKbEOt3RHhSa418te1GthcSzLF1xBoJ2KO8FrWeLQKL6HSq5HlbSQmhymlyRWCnfXhecjqrW+v1poowXPxlcPTRiK5ZCJ0s126IC70ANPQYwMTj5L+gLWGsn/sz0fHEC5b78Dbbuj9LkD2N6KmbqJgM7afx7zDjQ== kwizart_2011
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4bGtXPXeAwGweYqk/OKh3Wy1OyZ/5gjZmRGn21l+McAh2W3p+9T8n9UqfV42NLaYzXGNZX0LO+L+9oFkSlIL60AHsuCmOiE731ZQ/lYyyDAfsug6ipTeUwDvJ9kB+jvS0zprujSdvJN8x8cBf5oEjkkTgDdYB4N1V5HcXexItntKd3iVbAfL5Aabmk81Z2VeZPPxK8cbxQFGKHq+hV3ZPjklXsctYfE93lKlPei3qkzjfzJZzjuDYg4GVLxvCt7sMNJozJQgMxGlHQ99X8J5Okk8Wtsg75+j5M5qHievP1SOmnqZG0ZDFaQVgwmNB5Nyv5BtTVtN2N29cBqI5Ct6ZQ== laxathom(a)lxtnow.net
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHGc9bVTZDldTkFvS4rrOdXtqueMbvlWpC0UuvJ0dJXfcbG1jCTBVqkF5rh2H8aP6wg0zMspsRo9Q/iwj34bkYgOMU0Vqe5AYE+pLWS1XII7Eo90LN3noYlJ7K2f2icmpwGHkkuk7NommHN4rLEHwKdWeU2ObJXJb2XodZdjie5cItUwd9CICqQ86JB/0EbQ8Kk79w11wxpDQ26U83wIvlKg2ShURCbYSGBA3SK9rsX2zsnckw16hYGIQ5RYbjvk40lp5l7MO2omIfV2OvdgP7bcn3RTCdJKULsbBkXZS66CM5d0Uos0RridGV+AOUs2qfnE589pwBx79rXB17zCp0Zq3/9VcHNSJpAP3mopik+HgXXwk2rxetaE7AkGot2UT2yfM47SlEbI4ITSxjPHvPt7PWZviojui+AuejKapPlvQHa6vBYywXjnMC7tSXhU3Fxk4Mt5JgiFjfHDlZOPn8RfxozMmFtMvT4Yhzt6J+cywhTT2Q+gzNV71tpHk1w/9ZZ6Zlp+NtxDEi80Yjiu7lfBMI+5mdxYhnnidLzEmun61dXxua7usdmcjwAAF36lYCrHIEBZM8sKR2Gt8XdMWy8rwMQq3zdaWQoKtNLEfIe5JzJ70AF4SDPVE+50abBIzOijPL9SQf3Ld/nz371/EKU3nczsdiwcY6NQU+zyMNuw== leigh(a)main_pc.leigh123linux
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7zyoWyuKd097/8559IdUjvDKZIP3KukOhEB1zHBTMJsQT0iXJIiFu5ZC/e0+16rPtksUUICLQfDjmMT8BWtI0eHiIko9biBopxY9uGhRyyyXrtl1JAqdVWrKxfnHsD7SVh9WRg4CdTeVyfvOpFHiG10cKDFf6o31xlMFRCNRXNiwOccdY9zq+cZNVuqOOKXSb6ewvmQwPWUtq6BP+Ae/t1MpoPWVM6QjOrKe7eL6fPdpXCfT+I5pXJ0inCCQJHq9JfQE5VLGO+DvRvkqhlJ9MVIFkEbqj5CFJmu8DyOMtL9WcA9N908tDdAromxPrEFwit9w7sZ7QLPAwcPjHD0Ud pix@manticore
diff --git a/roles/koji_builder/files/root_auth_keys b/roles/koji_builder/files/root_auth_keys
index d0a1275..cd482ce 100644
--- a/roles/koji_builder/files/root_auth_keys
+++ b/roles/koji_builder/files/root_auth_keys
@@ -1,3 +1,4 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDnYiQsnoAJpqmZXzlq5Vv8TbfIQnV8IEYMyWZs0eU2Otec7QbCBJPchDKHVezEIPt+nHgSOg9QSE3OlVA4rhNrkxDnuxO9jwiSQmz8ayvlvig1hjp3C/GJmpM2sjljPA33YVTcOjFSab0GC7EIWF6mWQyDWHTvbdy9R4VRRy5jX4R6Hs3hLtNZs15UYAScLsmFitZKoW3TeIW1fTTuAM2p8h/KaMjMyQSiRrGQ97HTxipahLU2hjYiLMzgg3Xcfnnvi8I2Af8+c11Uy4bxQnMP4Ya40LbTc70oSYdb+VXjCBRXSAw+8K1vvX02ex/Wq5MsDdmQy7JzEb3M8vIMGU7E3I7UI3zRkXmwOKN9Vv8Jn7LxM/sgtixzC6qmwU420r6hRxmXT6H9uZRRX0UteCTxSdu0af+hTdjLd7fxm4L5EVYbm8btqfCpQuXPBesRCNvzvuMsIjdM9PvcTTNO1Sr8Zce+lAZLlddmPguCLIMcNrHl3HO0C+QnGWwQWWijViWsBBkuQs6QyxxKbEOt3RHhSa418te1GthcSzLF1xBoJ2KO8FrWeLQKL6HSq5HlbSQmhymlyRWCnfXhecjqrW+v1poowXPxlcPTRiK5ZCJ0s126IC70ANPQYwMTj5L+gLWGsn/sz0fHEC5b78Dbbuj9LkD2N6KmbqJgM7afx7zDjQ== kwizart_2011
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4bGtXPXeAwGweYqk/OKh3Wy1OyZ/5gjZmRGn21l+McAh2W3p+9T8n9UqfV42NLaYzXGNZX0LO+L+9oFkSlIL60AHsuCmOiE731ZQ/lYyyDAfsug6ipTeUwDvJ9kB+jvS0zprujSdvJN8x8cBf5oEjkkTgDdYB4N1V5HcXexItntKd3iVbAfL5Aabmk81Z2VeZPPxK8cbxQFGKHq+hV3ZPjklXsctYfE93lKlPei3qkzjfzJZzjuDYg4GVLxvCt7sMNJozJQgMxGlHQ99X8J5Okk8Wtsg75+j5M5qHievP1SOmnqZG0ZDFaQVgwmNB5Nyv5BtTVtN2N29cBqI5Ct6ZQ== laxathom(a)lxtnow.net
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHGc9bVTZDldTkFvS4rrOdXtqueMbvlWpC0UuvJ0dJXfcbG1jCTBVqkF5rh2H8aP6wg0zMspsRo9Q/iwj34bkYgOMU0Vqe5AYE+pLWS1XII7Eo90LN3noYlJ7K2f2icmpwGHkkuk7NommHN4rLEHwKdWeU2ObJXJb2XodZdjie5cItUwd9CICqQ86JB/0EbQ8Kk79w11wxpDQ26U83wIvlKg2ShURCbYSGBA3SK9rsX2zsnckw16hYGIQ5RYbjvk40lp5l7MO2omIfV2OvdgP7bcn3RTCdJKULsbBkXZS66CM5d0Uos0RridGV+AOUs2qfnE589pwBx79rXB17zCp0Zq3/9VcHNSJpAP3mopik+HgXXwk2rxetaE7AkGot2UT2yfM47SlEbI4ITSxjPHvPt7PWZviojui+AuejKapPlvQHa6vBYywXjnMC7tSXhU3Fxk4Mt5JgiFjfHDlZOPn8RfxozMmFtMvT4Yhzt6J+cywhTT2Q+gzNV71tpHk1w/9ZZ6Zlp+NtxDEi80Yjiu7lfBMI+5mdxYhnnidLzEmun61dXxua7usdmcjwAAF36lYCrHIEBZM8sKR2Gt8XdMWy8rwMQq3zdaWQoKtNLEfIe5JzJ70AF4SDPVE+50abBIzOijPL9SQf3Ld/nz371/EKU3nczsdiwcY6NQU+zyMNuw== leigh(a)main_pc.leigh123linux
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7zyoWyuKd097/8559IdUjvDKZIP3KukOhEB1zHBTMJsQT0iXJIiFu5ZC/e0+16rPtksUUICLQfDjmMT8BWtI0eHiIko9biBopxY9uGhRyyyXrtl1JAqdVWrKxfnHsD7SVh9WRg4CdTeVyfvOpFHiG10cKDFf6o31xlMFRCNRXNiwOccdY9zq+cZNVuqOOKXSb6ewvmQwPWUtq6BP+Ae/t1MpoPWVM6QjOrKe7eL6fPdpXCfT+I5pXJ0inCCQJHq9JfQE5VLGO+DvRvkqhlJ9MVIFkEbqj5CFJmu8DyOMtL9WcA9N908tDdAromxPrEFwit9w7sZ7QLPAwcPjHD0Ud pix@manticore
4 years, 1 month
[ansible] Update arm builders
by Nicolas Chauvet
commit 1050c318c56132f830ea3206d7dec8e4ce661c20
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Aug 26 09:05:01 2020 +0200
Update arm builders
inventory/builders | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/inventory/builders b/inventory/builders
index d57be39..2c05b57 100644
--- a/inventory/builders
+++ b/inventory/builders
@@ -55,8 +55,8 @@ home_arm
[home_arm]
arm-builder09.home.rpmfusion.net
-#arm-builder10.home.rpmfusion.net
-arm-builder11.home.rpmfusion.net
+arm-builder10.home.rpmfusion.net
+#arm-builder11.home.rpmfusion.net
#arm-builder12.home.rpmfusion.net
arm-jetson-tk1.home.rpmfusion.net
arm-jetson-tx1.home.rpmfusion.net
4 years, 1 month
[ansible] Update koji_builders
by Nicolas Chauvet
commit a960b82fbb90baaa3a5b074c7950bf6fe1893c16
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Aug 25 21:35:30 2020 +0200
Update koji_builders
roles/koji_builder/tasks/main.yml | 15 +++++----------
1 files changed, 5 insertions(+), 10 deletions(-)
---
diff --git a/roles/koji_builder/tasks/main.yml b/roles/koji_builder/tasks/main.yml
index 30a8df8..f3f569d 100644
--- a/roles/koji_builder/tasks/main.yml
+++ b/roles/koji_builder/tasks/main.yml
@@ -82,8 +82,11 @@
- mock
- kernel-firmware
- kernel-modules
+ - ntp
+ - ntpdate
- rsyslog
- audit
+ - pycdio
- python3-kickstart
- libvirt-client
- oz
@@ -94,8 +97,8 @@
- imagefactory-plugins-ovfcommon
- imagefactory-plugins
- imagefactory-plugins-OVA
- - imagefactory-plugins-EC2
- imagefactory-plugins-RHEVM
+ - pykickstart
- nosync
tags:
- koji_builder
@@ -106,15 +109,6 @@
- koji_builder
when: "ansible_architecture is defined and ansible_architecture == 'aarch64'"
-- name: Re byte compile Guest.py (if needed)
- command: python2 -m compileall /usr/lib/python2.7/site-packages/oz/Guest.py
- register: compileGuestpy
- changed_when: "'Compiling ' in compileGuestpy.stdout"
- tags:
- - koji_builder
- notify:
- - restart kojid
-
- name: enable virtlogd service
service: name=virtlogd state=started enabled=yes
tags:
@@ -137,6 +131,7 @@
- restart kojid
tags:
- koji_builder
+ - rpmautospec
- name: build /etc/koji/koji.conf from group vars
template: src=koji.conf dest=/etc/koji.conf
4 years, 1 month
[ansible] Add buildvm_arm for arm-jetson-tx1
by Nicolas Chauvet
commit 588ca08088ced4f0564a54ebc578ace54753c60a
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Aug 25 21:02:17 2020 +0200
Add buildvm_arm for arm-jetson-tx1
inventory/builders | 4 ++++
playbooks/groups/buildvm.yml | 2 +-
2 files changed, 5 insertions(+), 1 deletions(-)
---
diff --git a/inventory/builders b/inventory/builders
index 9907a5c..d57be39 100644
--- a/inventory/builders
+++ b/inventory/builders
@@ -14,6 +14,9 @@ buildvm-02.online.rpmfusion.net
[buildvm_aarch64]
+[buildvm_arm]
+arm-jetson-tx1.home.rpmfusion.net
+
[buildhw]
buildvm-03.online.rpmfusion.net
buildvm-05.virt.rpmfusion.net
@@ -67,6 +70,7 @@ buildhw_ppc64le
buildhw_aarch64
buildvm
buildvm_aarch64
+buildvm_arm
[builders:vars]
ansible_python_interpreter=/usr/bin/python3
diff --git a/playbooks/groups/buildvm.yml b/playbooks/groups/buildvm.yml
index 2bbdf70..db2256c 100644
--- a/playbooks/groups/buildvm.yml
+++ b/playbooks/groups/buildvm.yml
@@ -6,7 +6,7 @@
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=buildvm:buildvm_stg"
- name: make koji builder(s)
- hosts: buildvm:buildvm_stg:buildvm_aarch64
+ hosts: buildvm:buildvm_stg:buildvm_aarch64:buildvm_arm
user: root
gather_facts: True
4 years, 1 month
[ansible] Update all groupvars
by Nicolas Chauvet
commit d1577b419f3353bf0b40a2e9a9135b48a18f1817
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Aug 25 18:28:34 2020 +0200
Update all groupvars
inventory/group_vars/all | 106 ++++++++++++++++++++++++++++++++++++++++++----
1 files changed, 98 insertions(+), 8 deletions(-)
---
diff --git a/inventory/group_vars/all b/inventory/group_vars/all
index 3d0c648..191ea0c 100644
--- a/inventory/group_vars/all
+++ b/inventory/group_vars/all
@@ -54,7 +54,7 @@ install_noc: none
ks_url: http://infrastructure.rpmfusion.org/repo/rhel/ks/kvm-rhel-7
ks_repo: http://mirror.centos.org/centos/7/os/x86_64/
mem_size: 2048
-num_cpus: 1
+num_cpus: 2
lvm_size: 20000
# on MOST infra systems, the interface connected to the infra network
@@ -102,7 +102,41 @@ virt_install_command_two_nic: virt-install -n {{ inventory_hostname }}
'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0
hostname={{ inventory_hostname }} nameserver={{ dns }}
ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none
- ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname }}-nfs:eth1:none'
+ ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none'
+ --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }}
+ --network=bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address1 }}
+ --autostart --noautoconsole --watchdog default --rng /dev/random
+
+virt_install_command_one_nic_unsafe: virt-install -n {{ inventory_hostname }}
+ --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
+ --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads
+ --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
+ 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0
+ hostname={{ inventory_hostname }} nameserver={{ dns }}
+ ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
+ --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }}
+ --autostart --noautoconsole --watchdog default --rng /dev/random --cpu host
+
+virt_install_command_two_nic_unsafe: virt-install -n {{ inventory_hostname }}
+ --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
+ --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads
+ --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
+ 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0
+ hostname={{ inventory_hostname }} nameserver={{ dns }}
+ ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none
+ ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
+ --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }}
+ --network bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address1 }}
+ --autostart --noautoconsole --watchdog default --rng /dev/random
+
+virt_install_command_ppc64le_two_nic_unsafe: virt-install -n {{ inventory_hostname }}
+ --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
+ --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads
+ --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
+ 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0
+ hostname={{ inventory_hostname }} nameserver={{ dns }}
+ ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none
+ ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none'
--network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }}
--network=bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address1 }}
--autostart --noautoconsole --watchdog default --rng /dev/random
@@ -117,6 +151,26 @@ virt_install_command_aarch64_one_nic: virt-install -n {{ inventory_hostname }}
--network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }}
--autostart --noautoconsole
+virt_install_command_aarch64_one_nic_unsafe: virt-install -n {{ inventory_hostname }}
+ --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
+ --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads
+ --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
+ 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }}
+ hostname={{ inventory_hostname }} nameserver={{ dns }}
+ ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
+ --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }}
+ --autostart --noautoconsole
+
+virt_install_command_aarch64_2nd_nic: virt-install -n {{ inventory_hostname }}
+ --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
+ --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }}
+ --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
+ 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }}
+ hostname={{ inventory_hostname }} nameserver={{ dns }}
+ ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
+ --network bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address }}
+ --autostart --noautoconsole
+
virt_install_command_aarch64_two_nic: virt-install -n {{ inventory_hostname }}
--memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
--disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }}
@@ -124,7 +178,7 @@ virt_install_command_aarch64_two_nic: virt-install -n {{ inventory_hostname }}
'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }}
hostname={{ inventory_hostname }} nameserver={{ dns }}
ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none
- ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname }}-nfs:eth1:none'
+ ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none'
--network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }}
--network=bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address1 }}
--autostart --noautoconsole --rng /dev/random
@@ -136,8 +190,38 @@ virt_install_command_armv7_one_nic: virt-install -n {{ inventory_hostname }} --a
'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyAMA0
hostname={{ inventory_hostname }} nameserver={{ dns }}
ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
- --network bridge={{ main_bridge }},model=virtio
- --autostart --noautoconsole
+ --network bridge={{ main_bridge }}
+ --autostart --noautoconsole --rng /dev/random
+
+virt_install_command_armv7_one_nic_unsafe: virt-install -n {{ inventory_hostname }} --arch armv7l
+ --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
+ --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads
+ --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
+ 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyAMA0
+ hostname={{ inventory_hostname }} nameserver={{ dns }}
+ ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
+ --network bridge={{ main_bridge }}
+ --autostart --noautoconsole --rng /dev/random
+
+virt_install_command_s390x_one_nic: virt-install -n {{ inventory_hostname }}
+ --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
+ --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }}
+ --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
+ 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }}
+ hostname={{ inventory_hostname }} nameserver={{ dns }}
+ ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
+ --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }}
+ --autostart --noautoconsole --rng /dev/random --cpu host
+
+virt_install_command_s390x_one_nic_unsafe: virt-install -n {{ inventory_hostname }}
+ --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
+ --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads
+ --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
+ 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }}
+ hostname={{ inventory_hostname }} nameserver={{ dns }}
+ ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
+ --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }}
+ --autostart --noautoconsole --rng /dev/random --cpu host
virt_install_command_rhel6: virt-install -n {{ inventory_hostname }}
--memory={{ mem_size }},maxmemory={{ max_mem_size }}
@@ -214,8 +298,8 @@ nrpe_check_postfix_queue_crit: 5
# env is staging or production, we default it to production here.
env: production
-env_prefix:
-env_suffix:
+env_prefix: ""
+env_suffix: ""
env_short: prod
# nfs mount options, override at the group/host level
@@ -285,6 +369,8 @@ nagios_Check_Services:
ping: true
raid: false
+nagios_Can_Connect: true
+
# Set variable if we want to use our global iptables defaults
# Some things need to set their own.
baseiptables: True
@@ -316,4 +402,8 @@ sshd_sftp: false
#
# Autodetect python version
#
-#ansible_python_interpreter: auto
+ansible_python_interpreter: auto
+#
+# datacenter with active certbot in it
+#
+certgetter_datacenter: online
4 years, 1 month
[ansible] Add dependency on mount point
by Nicolas Chauvet
commit 665c909f3da1f2a73b9c390920b677d5e5168712
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Fri Aug 21 15:36:14 2020 +0200
Add dependency on mount point
.../files/builders/kojid.service.d.override.conf | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
---
diff --git a/roles/koji_builder/files/builders/kojid.service.d.override.conf b/roles/koji_builder/files/builders/kojid.service.d.override.conf
index 831dae9..e0cf6de 100644
--- a/roles/koji_builder/files/builders/kojid.service.d.override.conf
+++ b/roles/koji_builder/files/builders/kojid.service.d.override.conf
@@ -1,3 +1,6 @@
+[Unit]
+After=network.target mnt-rpmfusion_koji.mount
+
[Service]
TasksMax=infinity
Environment="http_proxy=http://proxy:3128"
4 years, 1 month
[ansible] Add our new mirrorlist-server configuration
by Adrian Reber
commit 89534c2b81af845c666e114a94a1ab7812f5baef
Author: Adrian Reber <adrian(a)lisas.de>
Date: Thu Aug 6 20:05:36 2020 +0200
Add our new mirrorlist-server configuration
With this RPM Fusion is now using only two mirrorlist-servers. Instead
of the old Python based code, this is now all implemented in Rust.
We have two mirrorlist-server processes on each host and an Apache httpd
in front of it as load balancer and SSL termination.
Signed-off-by: Adrian Reber <adrian(a)lisas.de>
files/httpd/h2.conf.j2 | 1 +
inventory/group_vars/mirrorlist_server | 18 ++
inventory/inventory | 4 +
.../files/common-scripts/conditional-reload.sh | 26 +++
.../files/common-scripts/conditional-restart.sh | 10 +
playbooks/groups/mirrorlist-server.yml | 47 +++++
.../mirrorlist-server/files/balance-manager.sh | 125 ++++++++++++
.../mirrorlist-server/files/download_caches | 23 +++
.../files/mirrorlist-server-ssl.conf | 17 ++
.../files/mirrorlist-server.common | 48 +++++
.../mirrorlist-server/files/mirrorlist-server.conf | 4 +
.../files/restart-mirrorlist-containers | 97 ++++++++++
.../files/restart-mirrorlist-containers.j2 | 91 +++++++++
.../mirrormanager/mirrorlist-server/tasks/main.yml | 202 ++++++++++++++++++++
.../templates/mirrorlist.service.j2 | 16 ++
.../mirrormanager/mirrorlist-server/vars/main.yml | 2 +
16 files changed, 731 insertions(+), 0 deletions(-)
---
diff --git a/files/httpd/h2.conf.j2 b/files/httpd/h2.conf.j2
new file mode 100644
index 0000000..2627ea8
--- /dev/null
+++ b/files/httpd/h2.conf.j2
@@ -0,0 +1 @@
+Protocols h2 {% if not inventory_hostname.startswith('proxy') %} h2c {% endif %} http/1.1
diff --git a/inventory/group_vars/mirrorlist_server b/inventory/group_vars/mirrorlist_server
new file mode 100644
index 0000000..2ae973e
--- /dev/null
+++ b/inventory/group_vars/mirrorlist_server
@@ -0,0 +1,18 @@
+---
+
+motd_custom: |
+ This is one of the (currently as of this writing) three mirrorlist
+ servers of RPM Fusion. Using mirrors.rpmfusion.org is "load balanced"
+ using DNS to one of the existing mirrorlist servers. To check the
+ results following command can be used:
+
+ curl "http://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-rawhide&arch=x86_64"
+
+ Testing a specific mirrorlist can be done using:
+
+ curl "http://{{ inventory_hostname }}/mirrorlist?repo=free-fedora-rawhide&arch=x86_64"
+
+ The server can be rebooted any time it is necessary without warning.
+ A short downtine of one of the mirrorlist servers can easily be
+ handled by the remaining servers. Longer downtimes require removal
+ of the IP address from the mirrors.rpmfusion.org entry.
diff --git a/inventory/inventory b/inventory/inventory
index 7b7de4b..ae54afd 100644
--- a/inventory/inventory
+++ b/inventory/inventory
@@ -91,3 +91,7 @@ mirrorlist01.uase.rpmfusion.net
mirrorlist02.mv.rpmfusion.net
mirrorlist03.scaleway.rpmfusion.net
mirrorlist04.mv.rpmfusion.net
+
+[mirrorlist_server]
+mirrorlist06.hetzner.rpmfusion.net
+mirrorlist05.ovh.rpmfusion.net
diff --git a/playbooks/groups/files/common-scripts/conditional-reload.sh b/playbooks/groups/files/common-scripts/conditional-reload.sh
new file mode 100644
index 0000000..988a08b
--- /dev/null
+++ b/playbooks/groups/files/common-scripts/conditional-reload.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+# reload SERVICE only if PACKAGE is installed.
+# We use this throughout handlers/restart_services.yml
+
+SERVICE=$1
+PACKAGE=$2
+
+rpm -q $PACKAGE
+
+INSTALLED=$?
+
+if [ $INSTALLED -eq 0 ]; then
+ echo "Checking if $SERVICE is running"
+ /sbin/service $SERVICE status >& /dev/null
+ if [ $? == 0 ]; then
+ echo "Package $PACKAGE installed and running. Attempting reload of $SERVICE."
+ /sbin/service $SERVICE reload
+ exit $? # Exit with the /sbin/service status code
+ fi
+ echo "Package $PACKAGE is install, but $SERVICE is not running, skipping..."
+ exit 0
+fi
+
+# If the package wasn't installed, then pretend everything is fine.
+echo "Package $PACKAGE not installed. Skipping reload of $SERVICE."
+exit 0
diff --git a/playbooks/groups/files/common-scripts/conditional-restart.sh b/playbooks/groups/files/common-scripts/conditional-restart.sh
new file mode 100644
index 0000000..8da52dc
--- /dev/null
+++ b/playbooks/groups/files/common-scripts/conditional-restart.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+#
+# We use this to try and restart a service.
+# If it's not running, do nothing.
+# If it is running, restart it.
+#
+
+SERVICE=$1
+# Check if service unit is present before trying to restart it
+/usr/bin/systemctl cat $1.service &>/dev/null && /usr/bin/systemctl try-restart $1 || true
diff --git a/playbooks/groups/mirrorlist-server.yml b/playbooks/groups/mirrorlist-server.yml
new file mode 100644
index 0000000..e88697b
--- /dev/null
+++ b/playbooks/groups/mirrorlist-server.yml
@@ -0,0 +1,47 @@
+- name: mirrorlist-server
+ hosts: mirrorlist_server
+ user: root
+ gather_facts: True
+
+ vars_files:
+ - /srv/web/infra/ansible/vars/global.yml
+ - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+ pre_tasks:
+ - name: global default packages to install
+ package:
+ name:
+ - wget
+ - curl
+ - cronie
+ state: present
+ tags:
+ - packages
+ - name: global packages to remove
+ package:
+ name:
+ - sssd-common
+ state: absent
+ tags:
+ - packages
+ - name: set hostname
+ hostname: name="{{inventory_hostname}}"
+ - name: Install common scripts
+ copy: src={{ item }} dest=/usr/local/bin/ owner=root group=root mode=0755
+ with_fileglob:
+ - common-scripts/*
+ tags:
+ - common-scripts
+
+ - debug: msg="{{ansible_nodename}} {{ansible_domain}} {{inventory_hostname}} {{ansible_distribution_major_version|int}}"
+
+ tasks:
+ - import_tasks: "{{ tasks_path }}/motd.yml"
+
+ roles:
+ - apache
+ - httpd/mod_ssl
+ - mirrormanager/mirrorlist-server
+
+ handlers:
+ - import_tasks: "{{ handlers_path }}/restart_services.yml"
diff --git a/roles/mirrormanager/mirrorlist-server/files/balance-manager.sh b/roles/mirrormanager/mirrorlist-server/files/balance-manager.sh
new file mode 100755
index 0000000..a9575c8
--- /dev/null
+++ b/roles/mirrormanager/mirrorlist-server/files/balance-manager.sh
@@ -0,0 +1,125 @@
+#!/bin/bash
+
+CURL=`which curl`
+if [ -z "$CURL" ]; then
+ echo "curl not found"
+ exit 1
+fi
+
+server="localhost"
+port="80"
+manager="balancer-manager"
+
+while getopts "s:p:m:" opt; do
+ case "$opt" in
+ s)
+ server=$OPTARG
+ ;;
+ p)
+ port=$OPTARG
+ ;;
+ m)
+ manager=$OPTARG
+ ;;
+ esac
+done
+
+shift $(($OPTIND - 1))
+action=$1
+
+
+list_balancers() {
+ $CURL -s "http://${server}:${port}/${manager}" | grep "balancer://" | sed "s/.*balancer:\/\/\(.*\)<\/a>.*/\1/"
+}
+
+list_workers() {
+ balancer=$1
+ if [ -z "$balancer" ]; then
+ echo "Usage: $0 [-s host] [-p port] [-m balancer-manager] list-workers balancer_name"
+ echo " balancer_name : balancer name"
+ exit 1
+ fi
+ $CURL -s "http://${server}:${port}/${manager}" | grep "/balancer-manager?b=${balancer}&w" | sed "s/.*href='\(.[^']*\).*/\1/" | sed "s/.*w=\(.*\)&.*/\1/"
+}
+
+enable() {
+ balancer=$1
+ worker=$2
+ if [ -z "$balancer" ] || [ -z "$worker" ]; then
+ echo "Usage: $0 [-s host] [-p port] [-m balancer-manager] enable balancer_name worker_route"
+ echo " balancer_name : balancer/cluster name"
+ echo " worker_route : worker route e.g.) ajp://192.1.2.3:8009"
+ exit 1
+ fi
+
+ nonce=`$CURL -s "http://${server}:${port}/${manager}" | grep nonce | grep "${balancer}" | sed "s/.*nonce=\(.*\)['\"].*/\1/" | tail -n 1`
+ if [ -z "$nonce" ]; then
+ echo "balancer_name ($balancer) not found"
+ exit 1
+ fi
+
+ echo "Enabling $2 of $1..."
+ $CURL -s -o /dev/null -XPOST "http://${server}:${port}/${manager}?" -d b="${balancer}" -d w="${worker}" -d nonce="${nonce}" -d w_status_D=0 -H "Referer: http://${server}:${port}/${manager}?"
+ sleep 2
+ status
+}
+
+disable() {
+ balancer=$1
+ worker=$2
+ if [ -z "$balancer" ] || [ -z "$worker" ]; then
+ echo "Usage: $0 [-s host] [-p port] [-m balancer-manager] disable balancer_name worker_route"
+ echo " balancer_name : balancer/cluster name"
+ echo " worker_route : worker route e.g.) ajp://192.1.2.3:8009"
+ exit 1
+ fi
+
+ echo "Disabling $2 of $1..."
+ nonce=`$CURL -s "http://${server}:${port}/${manager}" | grep nonce | grep "${balancer}" | sed "s/.*nonce=\(.*\)['\"].*/\1/" | tail -n 1`
+ if [ -z "$nonce" ]; then
+ echo "balancer_name ($balancer) not found"
+ exit 1
+ fi
+
+ $CURL -s -o /dev/null -XPOST "http://${server}:${port}/${manager}?" -d b="${balancer}" -d w="${worker}" -d nonce="${nonce}" -d w_status_D=1 -H "Referer: http://${server}:${port}/${manager}?"
+ sleep 2
+ status
+}
+
+status() {
+ $CURL -s "http://${server}:${port}/${manager}" | grep "href" | sed "s/<[^>]*>/ /g"
+}
+
+case "$1" in
+ list-balancer)
+ list_balancers "${@:2}"
+ ;;
+ list-worker)
+ list_workers "${@:2}"
+ ;;
+ enable)
+ enable "${@:2}"
+ ;;
+ disable)
+ disable "${@:2}"
+ ;;
+ status)
+ status "${@:2}"
+ ;;
+ *)
+ echo "Usage: $0 {list-balancer|list-worker|enable|disable|status}"
+ echo ""
+ echo "Options: "
+ echo " -s server"
+ echo " -p port"
+ echo " -m balancer-manager-context-path"
+ echo ""
+ echo "Commands: "
+ echo " list-balancer"
+ echo " list-worker balancer-name"
+ echo " enable balancer_name worker_route"
+ echo " disable balancer_name worker_route"
+ exit 1
+esac
+
+exit $?
diff --git a/roles/mirrormanager/mirrorlist-server/files/download_caches b/roles/mirrormanager/mirrorlist-server/files/download_caches
new file mode 100755
index 0000000..c7dd5c3
--- /dev/null
+++ b/roles/mirrormanager/mirrorlist-server/files/download_caches
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+CACHE=/srv/mirrorlist/data/mirrorlist1/
+
+cd $CACHE
+
+FILES="country_continent.csv mirrorlist_cache.proto global_netblocks.txt i2_netblocks.txt"
+
+for i in ${FILES}; do
+ wget -q -N http://lisas.de/mirrorlist-statistics/$i
+done
+
+FILES="pl.tar.gz"
+
+cd /var/www/mirrors.rpmfusion.org
+
+SUM_BEFORE=`cat ${FILES} | md5sum`
+wget -q -N http://lisas.de/.cache/${FILES}
+SUM_AFTER=`cat ${FILES} | md5sum`
+
+if [[ "${SUM_AFTER}" != "${SUM_BEFORE}" ]]; then
+ tar xf ${FILES}
+fi
diff --git a/roles/mirrormanager/mirrorlist-server/files/mirrorlist-server-ssl.conf b/roles/mirrormanager/mirrorlist-server/files/mirrorlist-server-ssl.conf
new file mode 100644
index 0000000..6ad8220
--- /dev/null
+++ b/roles/mirrormanager/mirrorlist-server/files/mirrorlist-server-ssl.conf
@@ -0,0 +1,17 @@
+<VirtualHost _default_:443>
+
+ SSLEngine on
+
+ # Intermediate configuration, tweak to your needs
+ SSLProtocol all -SSLv2 -SSLv3
+ SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
+ SSLHonorCipherOrder on
+
+ SSLOptions +StrictRequire
+ SSLCertificateFile /etc/letsencrypt/live/mirrors.rpmfusion.org/cert.pem
+ SSLCertificateKeyFile /etc/letsencrypt/live/mirrors.rpmfusion.org/privkey.pem
+ SSLCertificateChainFile /etc/letsencrypt/live/mirrors.rpmfusion.org/chain.pem
+
+ Include conf.d/mirrorlist-server.common
+
+</VirtualHost>
diff --git a/roles/mirrormanager/mirrorlist-server/files/mirrorlist-server.common b/roles/mirrormanager/mirrorlist-server/files/mirrorlist-server.common
new file mode 100644
index 0000000..a911574
--- /dev/null
+++ b/roles/mirrormanager/mirrorlist-server/files/mirrorlist-server.common
@@ -0,0 +1,48 @@
+ServerAdmin webmaster(a)rpmfusion.org
+DocumentRoot /var/www/mirrors.rpmfusion.org
+
+RewriteEngine on
+RewriteOptions inherit
+
+SSLProxyEngine On
+
+RewriteRule ^/(free|nonfree)/(fedora|el)/updates/([^/]+)/([^/]+)/?$ http://mirrors.rpmfusion.org/mirrorlist?repo=$1-$2-updates-released-$3&ar... [R=301,last]
+RewriteRule ^/(free|nonfree)/(fedora|el)/(rawhide|development)/([^/]+)/?$ http://mirrors.rpmfusion.org/mirrorlist?repo=$1-$2-rawhide&arch=$4 [R=301,last]
+RewriteRule ^/(free|nonfree)/(fedora|el)/([^/]+)/([^/]+)/?$ http://mirrors.rpmfusion.org/mirrorlist?repo=$1-$2-$3&arch=$4 [R=301,last]
+
+RewriteCond %{HTTPS} !=on
+RewriteCond %{REQUEST_URI} ^/statistics(.*)
+RewriteRule ^/?(.*) https://mirrors.rpmfusion.org/$1 [R,L]
+
+RewriteRule ^/statistics(.*) https://lisas.de/mirrorlist-statistics$1 [P,L]
+ProxyPassReverse /statistics/ https://lisas.de/mirrorlist-statistics/
+
+RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge(.*)
+RewriteCond %{REQUEST_URI} !^/metalink(.*)
+RewriteCond %{REQUEST_URI} !^/logs(.*)
+RewriteCond %{REQUEST_URI} !^/mirrorlist(.*)
+RewriteCond %{REQUEST_URI} !^/mm/publiclist(.*)
+RewriteCond %{REQUEST_URI} !^/balancer-manager(.*)
+RewriteRule ^/(.*)$ http://rpmfusion.org/$1 [R=301]
+
+KeepAlive Off
+Alias /logs/ /var/log/mirrormanager/
+<Directory /var/log/mirrormanager/>
+ Require ip 129.143.116.10
+ Require ip 2001:7c0:700::10
+</Directory>
+
+<Proxy "balancer://mycluster">
+ BalancerMember "http://localhost:18081"
+ BalancerMember "http://localhost:18082"
+</Proxy>
+
+ProxyPass "/mirrorlist" "balancer://mycluster/mirrorlist"
+ProxyPassReverse "/mirrorlist" "balancer://mycluster/mirrorlist"
+ProxyPass "/metalink" "balancer://mycluster/metalink"
+ProxyPassReverse "/metalink" "balancer://mycluster/metalink"
+
+<Location "/balancer-manager">
+ SetHandler balancer-manager
+ Require local
+</Location>
diff --git a/roles/mirrormanager/mirrorlist-server/files/mirrorlist-server.conf b/roles/mirrormanager/mirrorlist-server/files/mirrorlist-server.conf
new file mode 100644
index 0000000..41e6a27
--- /dev/null
+++ b/roles/mirrormanager/mirrorlist-server/files/mirrorlist-server.conf
@@ -0,0 +1,4 @@
+ServerLimit 900
+MaxRequestWorkers 900
+
+Include conf.d/mirrorlist-server.common
diff --git a/roles/mirrormanager/mirrorlist-server/files/restart-mirrorlist-containers b/roles/mirrormanager/mirrorlist-server/files/restart-mirrorlist-containers
new file mode 100644
index 0000000..06760ef
--- /dev/null
+++ b/roles/mirrormanager/mirrorlist-server/files/restart-mirrorlist-containers
@@ -0,0 +1,97 @@
+#!/bin/bash
+
+## ports for mirrors
+mirrorlist1="http://localhost:18081/metalink?repo=free-fedora-rawhide&arch=x86_64"
+mirrorlist2="http://localhost:18082/metalink?repo=free-fedora-rawhide&arch=x86_64"
+
+TIME_DRAIN=30
+TIME_RESTART=5
+TIME_DISABLE=5
+
+if [ ! -f /srv/mirrorlist/data/mirrorlist2/global_netblocks.txt ];
+then
+ cp /srv/mirrorlist/data/mirrorlist1/* /srv/mirrorlist/data/mirrorlist2/
+fi
+
+## check mirrorlist1 running
+if [ `systemctl show mirrorlist1 -p ActiveState` != 'ActiveState=active' ]; then
+ # mirrorlist1 not running, there is a problem
+ echo "Error: mirrorlist1 is not running as expected"
+ exit 1
+fi
+
+## check mirrorlist2 running
+if [ `systemctl show mirrorlist2 -p ActiveState` != 'ActiveState=active' ]; then
+ # mirrorlist2 not running, maybe a new install
+ systemctl start mirrorlist2
+ touch /srv/mirrorlist/data/mirrorlist1/mirrorlist_cache.proto
+fi
+
+## Check that protbuf cache is newer than old protobuf cache
+if [ /srv/mirrorlist/data/mirrorlist1/mirrorlist_cache.proto -nt /srv/mirrorlist/data/mirrorlist2/mirrorlist_cache.proto ]; then
+ # new proto
+ :
+else
+ # No new proto
+ exit 0
+fi
+
+# check mirrorlist2 (old protbuf cache and see that it's processing ok)
+curl -q -H mirrors.rpmfusion.org ${mirrorlist2} -s -f --retry 50 --retry-delay 10 --retry-connrefused --retry-max-time 180 | grep "sha512" >/dev/null
+if [ $? != 0 ]; then
+ echo "ERROR: mirrorlist2 not processing correctly"
+ exit 1
+fi
+
+# Disable mirrorlist1
+/usr/local/bin/balance-manager.sh disable mycluster http://localhost:18081 >& /dev/null
+sleep ${TIME_DISABLE}
+
+# restart mirrorlist1 (new protbuf cache and make sure it's processing ok)
+systemctl stop mirrorlist1
+sleep 1
+systemctl start mirrorlist1
+if [[ ${?} -ne 0 ]]; then
+ systemctl start mirrorlist1
+ if [[ ${?} -ne 0 ]]; then
+ echo "Unable to start mirrorlist1"
+ exit 1
+ fi
+fi
+
+
+sleep ${TIME_RESTART}
+curl -q -H mirrors.rpmfusion.org ${mirrorlist1} -s -f --retry 50 --retry-delay 10 --retry-connrefused --retry-max-time 180 | grep "sha512" >/dev/null
+if [ $? != 0 ]; then
+ echo "ERROR: mirrorlist1 did not restart correctly"
+ exit 1
+fi
+
+# New mirrorlist seems to be working, put it back into service
+/usr/local/bin/balance-manager.sh enable mycluster http://localhost:18081 >& /dev/null
+sleep ${TIME_RESTART}
+
+# copy new protbuf cache to mirrorlist2
+cp -a /srv/mirrorlist/data/mirrorlist1/* /srv/mirrorlist/data/mirrorlist2/
+
+# Disable mirrorlist2
+/usr/local/bin/balance-manager.sh disable mycluster http://localhost:18082 >& /dev/null
+sleep ${TIME_DISABLE}
+
+# restart mirrorlist2
+systemctl stop mirrorlist2
+sleep 1
+systemctl start mirrorlist2
+if [[ ${?} -ne 0 ]]; then
+ echo "Unable to start mirrorlist2"
+ exit 1
+fi
+
+sleep ${TIME_RESTART}
+curl -q -H mirrors.rpmfusion.org ${mirrorlist2} -o/dev/null -s -f --retry 50 --retry-delay 10 --retry-connrefused --retry-max-time 180
+if [ $? != 0 ]; then
+ echo "ERROR: mirrorlist2 did not restart correctly"
+ exit 1
+fi
+
+/usr/local/bin/balance-manager.sh enable mycluster http://localhost:18082 >& /dev/null
diff --git a/roles/mirrormanager/mirrorlist-server/files/restart-mirrorlist-containers.j2 b/roles/mirrormanager/mirrorlist-server/files/restart-mirrorlist-containers.j2
new file mode 100644
index 0000000..951b230
--- /dev/null
+++ b/roles/mirrormanager/mirrorlist-server/files/restart-mirrorlist-containers.j2
@@ -0,0 +1,91 @@
+#!/bin/bash
+
+## ports for mirrors
+mirrorlist1="http://localhost:18081/metalink?repo=free-fedora-rawhide&arch=x86_64"
+mirrorlist2="http://localhost:18082/metalink?repo=free-fedora-rawhide&arch=x86_64"
+
+TIME_DRAIN=30
+TIME_RESTART=5
+TIME_DISABLE=5
+
+# Initial expected state is mirrorlist1 running, mirrorlist2 running and new protbuf cache
+
+if [ ! -f /srv/mirrorlist/data/mirrorlist2/global_netblocks.txt ];
+then
+ cp /srv/mirrorlist/data/mirrorlist1/* /srv/mirrorlist/data/mirrorlist2/
+fi
+
+## Check that protbuf cache is newer than old protobuf cache
+if [ /srv/mirrorlist/data/mirrorlist1/mirrorlist_cache.proto -nt /srv/mirrorlist/data/mirrorlist2/mirrorlist_cache.proto ]; then
+ # new proto
+ :
+else
+ # No new proto
+ exit 0
+fi
+## check mirrorlist1 running
+if [ `systemctl show mirrorlist1 -p ActiveState` != 'ActiveState=active' ]; then
+ # mirrorlist1 not running, there is a problem
+ echo "Error: mirrorlist1 is not running as expected"
+ exit 1
+fi
+
+# check mirrorlist2 (old protbuf cache and see that it's processing ok)
+curl -q -H mirrors.rpmfusion.org ${mirrorlist2} -s -f --retry 50 --retry-delay 10 --retry-connrefused --retry-max-time 180 | grep "sha512" >/dev/null
+if [ $? != 0 ]; then
+ echo "ERROR: mirrorlist2 not processing correctly"
+ exit 1
+fi
+
+# Disable mirrorlist1
+echo /usr/local/bin/balance-manager.sh disable mycluster http://localhost:18081 >& /dev/null
+sleep ${TIME_DISABLE}
+
+# restart mirrorlist1 (new protbuf cache and make sure it's processing ok)
+systemctl stop mirrorlist1
+sleep 1
+systemctl start mirrorlist1
+if [[ ${?} -ne 0 ]]; then
+ systemctl start mirrorlist1
+ if [[ ${?} -ne 0 ]]; then
+ echo "Unable to start mirrorlist1"
+ exit 1
+ fi
+fi
+
+
+sleep ${TIME_RESTART}
+curl -q -H mirrors.rpmfusion.org ${mirrorlist1} -s -f --retry 50 --retry-delay 10 --retry-connrefused --retry-max-time 180 | grep "sha512" >/dev/null
+if [ $? != 0 ]; then
+ echo "ERROR: mirrorlist1 did not restart correctly"
+ exit 1
+fi
+
+# New mirrorlist seems to be working, put it back into service
+echo /usr/local/bin/balance-manager.sh enable mycluster http://localhost:18081 >& /dev/null
+sleep ${TIME_RESTART}
+
+# copy new protbuf cache to mirrorlist2
+cp -a /srv/mirrorlist/data/mirrorlist1/* /srv/mirrorlist/data/mirrorlist2/
+
+# Disable mirrorlist2
+echo /usr/local/bin/balance-manager.sh disable mycluster http://localhost:18082 >& /dev/null
+sleep ${TIME_DISABLE}
+
+# restart mirrorlist2
+systemctl stop mirrorlist2
+sleep 1
+systemctl start mirrorlist2
+if [[ ${?} -ne 0 ]]; then
+ echo "Unable to start mirrorlist2"
+ exit 1
+fi
+
+sleep ${TIME_RESTART}
+curl -q -H mirrors.rpmfusion.org ${mirrorlist2} -o/dev/null -s -f --retry 50 --retry-delay 10 --retry-connrefused --retry-max-time 180
+if [ $? != 0 ]; then
+ echo "ERROR: mirrorlist2 did not restart correctly"
+ exit 1
+fi
+
+echo /usr/local/bin/balance-manager.sh enable mycluster http://localhost:18082 >& /dev/null
diff --git a/roles/mirrormanager/mirrorlist-server/tasks/main.yml b/roles/mirrormanager/mirrorlist-server/tasks/main.yml
new file mode 100644
index 0000000..744ed17
--- /dev/null
+++ b/roles/mirrormanager/mirrorlist-server/tasks/main.yml
@@ -0,0 +1,202 @@
+---
+# tasklist for setting up the mirrorlist-server components
+# create mirrormanager user
+# create mirrormanager user
+- name: add mirrormanager user - uid {{ mirrormanager_uid }}
+ user: name=mirrormanager uid={{ mirrormanager_uid }} state=present home=/home/mirrormanager createhome=yes
+ tags:
+ - mirrorlist_server
+
+- name: install packages for mirrorlist-server
+ package:
+ state: present
+ name:
+ - mirrorlist-server
+ - geolite2-country
+ - certbot
+ tags:
+ - packages
+ - mirrorlist_server
+
+- name: setup directories
+ file: dest="{{item}}" mode=0755 state=directory
+ with_items:
+ - /srv/mirrorlist
+ - /srv/mirrorlist/data
+ - /srv/mirrorlist/data/mirrorlist1
+ - /srv/mirrorlist/data/mirrorlist2
+ - /var/log/mirrormanager
+ - /etc/letsencrypt/live
+ tags:
+ - mirrorlist_server
+
+- name: make sure mirrormanager user can write new protobuf based cache file
+ file: dest="{{item}}" owner=mirrormanager group=mirrormanager setype=_default
+ with_items:
+ - /srv/mirrorlist/data
+ - /srv/mirrorlist/data/mirrorlist1
+ - /srv/mirrorlist/data/mirrorlist2
+ - /var/log/mirrormanager
+ tags:
+ - mirrorlist_server
+
+- name: Ensure log file for content exists
+ file: dest="{{item}}" owner=mirrormanager group=mirrormanager mode=0755 state=touch setype=_default
+ with_items:
+ - /var/log/mirrormanager/mirrorlist1.service.log
+ - /var/log/mirrormanager/mirrorlist2.service.log
+ tags:
+ - mirrorlist_server
+
+- name: for the rust based mirrorlist server chown log files
+ file: dest="{{item}}" owner=mirrormanager group=mirrormanager
+ with_items:
+ - /var/log/mirrormanager/mirrorlist1.service.log
+ - /var/log/mirrormanager/mirrorlist2.service.log
+ tags:
+ - mirrorlist_server
+
+# We deploy two service files. Both listen on a different port, so that we can switch
+# them out as part of the protobuf cache deployment without having any local downtime.
+- name: Deploy service files
+ template: src=mirrorlist.service.j2 dest=/etc/systemd/system/mirrorlist{{ item }}.service
+ with_items:
+ - 1
+ - 2
+ tags:
+ - mirrorlist_server
+ notify:
+ - reload systemd
+
+- name: Enable mirrorlist services
+ service: name=mirrorlist{{ item }} enabled=yes state=started
+ with_items:
+ - 1
+ - 2
+ tags:
+ - mirrorlist_server
+
+- name: make a /var/www/mirrors.rpmfusion.org directory
+ file: dest=/var/www/mirrors.rpmfusion.org state=directory owner=mirrormanager group=mirrormanager mode=0755
+ tags:
+ - mirrorlist_server
+
+- name: copy download_caches
+ copy: src=download_caches dest=/home/mirrormanager owner=mirrormanager group=mirrormanager mode=0755
+ tags:
+ - mirrorlist_server
+
+- name: download caches cron
+ cron: name="download_caches" minute="*/5" user="mirrormanager"
+ job="/home/mirrormanager/download_caches"
+ cron_file=download_caches
+ tags:
+ - mirrorlist_server
+
+- name: check for mirrorlist files
+ stat: path=/srv/mirrorlist/data/mirrorlist1/mirrorlist_cache.proto
+ register: mirrorlist_cache_status
+ tags:
+ - mirrorlist_server
+
+- name: Deploy mirrorlist data files (if this is a initial install)
+ command: /home/mirrormanager/download_caches
+ become: yes
+ become_user: mirrormanager
+ when: not mirrorlist_cache_status.stat.exists
+ tags:
+ - mirrorlist_server
+
+- name: mirrorlist-server apache conf common
+ copy: src=mirrorlist-server.common dest=/etc/httpd/conf.d/mirrorlist-server.common
+ notify:
+ - restart apache
+ tags:
+ - config
+ - mirrorlist_server
+
+
+- name: mirrorlist-server apache conf
+ copy: src=mirrorlist-server.conf dest=/etc/httpd/conf.d/mirrorlist-server.conf
+ notify:
+ - restart apache
+ tags:
+ - config
+ - mirrorlist_server
+
+- name: mirrorlist-server-ssl apache conf
+ copy: src=mirrorlist-server-ssl.conf dest=/etc/httpd/conf.d/mirrorlist-server-ssl.conf
+ notify:
+ - restart apache
+ tags:
+ - config
+ - mirrorlist_server
+
+# Copy the mirrorlist log file every hour to be ready to be processed
+- name: mirrorlist copy cron
+ cron: name="copy-mirrorlist" minute="55" hour="*" user="mirrormanager"
+ job="cat /var/log/mirrormanager/mirrorlist?.service.log > /var/log/mirrormanager/mirrorlist.log.`date +\%Y-\%m-\%d`"
+ cron_file=copy-mirrorlist
+ tags:
+ - mirrorlist_server
+
+- name: mirrorlist move cron
+ cron: name="move-mirrorlist" minute="1" hour="0" user="mirrormanager"
+ job="cat /var/log/mirrormanager/mirrorlist?.service.log > /var/log/mirrormanager/mirrorlist.log.`date +\%Y-\%m-\%d --date='yesterday'`; rm -f /var/log/mirrormanager/mirrorlist?.service.log; touch /srv/mirrorlist/data/mirrorlist1/mirrorlist_cache.proto"
+ cron_file=move-mirrorlist
+ tags:
+ - mirrorlist_server
+
+# Cleanup old mirrorlist logfile
+- name: mirrorlist clean cron
+ cron: name="clean-mirrorlist" minute="13" hour="13" user="mirrormanager"
+ job="/usr/sbin/tmpwatch --mtime 7d /var/log/mirrormanager"
+ cron_file=clean-mirrorlist
+ tags:
+ - mirrorlist_server
+
+- name: install script to restart mirrorlist containers on protobuf cache changes
+ copy: src=restart-mirrorlist-containers dest=/usr/local/bin/restart-mirrorlist-containers mode=0755
+ tags:
+ - mirrorlist_server
+
+- name: install script to control apache load balancer
+ copy: src=balance-manager.sh dest=/usr/local/bin/balance-manager.sh mode=0755
+ tags:
+ - mirrorlist_server
+
+- name: Setup hourly cron at for mirrorlist restarts
+ cron: name="restart-mirrorlist-containers" minute="*/6" user="root"
+ job="/usr/local/bin/restart-mirrorlist-containers"
+ cron_file=restart-mirrorlist-containers
+ tags:
+ - mirrorlist_server
+
+- name: Set cron MAILTO for restart-mirrorlist-containers
+ cronvar:
+ name: MAILTO
+ value: "adrian(a)lisas.de"
+ cron_file: restart-mirrorlist-containers
+ tags:
+ - mirrorlist_server
+
+- name: Set httpd_can_network_connect flag on and keep it persistent across reboots
+ seboolean:
+ name: httpd_can_network_connect
+ state: yes
+ persistent: yes
+ tags:
+ - mirrorlist_server
+
+- name: Enable SELinux
+ selinux:
+ policy: targeted
+ state: enforcing
+ tags:
+ - mirrorlist_server
+
+- name: mask systemd-journald-audit.socket
+ systemd:
+ name: systemd-journald-audit.socket
+ enabled: no
+ masked: yes
diff --git a/roles/mirrormanager/mirrorlist-server/templates/mirrorlist.service.j2 b/roles/mirrormanager/mirrorlist-server/templates/mirrorlist.service.j2
new file mode 100644
index 0000000..af25879
--- /dev/null
+++ b/roles/mirrormanager/mirrorlist-server/templates/mirrorlist.service.j2
@@ -0,0 +1,16 @@
+[Unit]
+Description=Mirrorlist Server {{ item }}
+
+[Service]
+User=mirrormanager
+ExecStart=/usr/bin/mirrorlist-server \
+ --port 1808{{ item }} \
+ --listen 127.0.0.1 \
+ -l /var/log/mirrormanager/%n.log \
+ --cache /srv/mirrorlist/data/mirrorlist{{ item }}/mirrorlist_cache.proto \
+ --internet2_netblocks /srv/mirrorlist/data/mirrorlist{{ item }}/i2_netblocks.txt \
+ --global_netblocks /srv/mirrorlist/data/mirrorlist{{ item }}/global_netblocks.txt \
+ --cccsv /srv/mirrorlist/data/mirrorlist{{ item }}/country_continent.csv
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/mirrormanager/mirrorlist-server/vars/main.yml b/roles/mirrormanager/mirrorlist-server/vars/main.yml
new file mode 100644
index 0000000..0aad3f8
--- /dev/null
+++ b/roles/mirrormanager/mirrorlist-server/vars/main.yml
@@ -0,0 +1,2 @@
+mirrormanager_uid: 441
+mirrormanager_gid: 441
4 years, 2 months