August 2020 - sysadmin-notify

[ansible] Update authorized keys on builders

by Nicolas Chauvet

commit b4fd81a63cc4b2316b974b5e61cda505c913c4a5 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Wed Aug 26 09:05:23 2020 +0200 Update authorized keys on builders roles/koji_builder/files/ftbfs_auth_keys | 1 + roles/koji_builder/files/root_auth_keys | 1 + 2 files changed, 2 insertions(+), 0 deletions(-) --- diff --git a/roles/koji_builder/files/ftbfs_auth_keys b/roles/koji_builder/files/ftbfs_auth_keys index d0a1275..cd482ce 100644 --- a/roles/koji_builder/files/ftbfs_auth_keys +++ b/roles/koji_builder/files/ftbfs_auth_keys @@ -1,3 +1,4 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDnYiQsnoAJpqmZXzlq5Vv8TbfIQnV8IEYMyWZs0eU2Otec7QbCBJPchDKHVezEIPt+nHgSOg9QSE3OlVA4rhNrkxDnuxO9jwiSQmz8ayvlvig1hjp3C/GJmpM2sjljPA33YVTcOjFSab0GC7EIWF6mWQyDWHTvbdy9R4VRRy5jX4R6Hs3hLtNZs15UYAScLsmFitZKoW3TeIW1fTTuAM2p8h/KaMjMyQSiRrGQ97HTxipahLU2hjYiLMzgg3Xcfnnvi8I2Af8+c11Uy4bxQnMP4Ya40LbTc70oSYdb+VXjCBRXSAw+8K1vvX02ex/Wq5MsDdmQy7JzEb3M8vIMGU7E3I7UI3zRkXmwOKN9Vv8Jn7LxM/sgtixzC6qmwU420r6hRxmXT6H9uZRRX0UteCTxSdu0af+hTdjLd7fxm4L5EVYbm8btqfCpQuXPBesRCNvzvuMsIjdM9PvcTTNO1Sr8Zce+lAZLlddmPguCLIMcNrHl3HO0C+QnGWwQWWijViWsBBkuQs6QyxxKbEOt3RHhSa418te1GthcSzLF1xBoJ2KO8FrWeLQKL6HSq5HlbSQmhymlyRWCnfXhecjqrW+v1poowXPxlcPTRiK5ZCJ0s126IC70ANPQYwMTj5L+gLWGsn/sz0fHEC5b78Dbbuj9LkD2N6KmbqJgM7afx7zDjQ== kwizart_2011 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4bGtXPXeAwGweYqk/OKh3Wy1OyZ/5gjZmRGn21l+McAh2W3p+9T8n9UqfV42NLaYzXGNZX0LO+L+9oFkSlIL60AHsuCmOiE731ZQ/lYyyDAfsug6ipTeUwDvJ9kB+jvS0zprujSdvJN8x8cBf5oEjkkTgDdYB4N1V5HcXexItntKd3iVbAfL5Aabmk81Z2VeZPPxK8cbxQFGKHq+hV3ZPjklXsctYfE93lKlPei3qkzjfzJZzjuDYg4GVLxvCt7sMNJozJQgMxGlHQ99X8J5Okk8Wtsg75+j5M5qHievP1SOmnqZG0ZDFaQVgwmNB5Nyv5BtTVtN2N29cBqI5Ct6ZQ== laxathom(a)lxtnow.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHGc9bVTZDldTkFvS4rrOdXtqueMbvlWpC0UuvJ0dJXfcbG1jCTBVqkF5rh2H8aP6wg0zMspsRo9Q/iwj34bkYgOMU0Vqe5AYE+pLWS1XII7Eo90LN3noYlJ7K2f2icmpwGHkkuk7NommHN4rLEHwKdWeU2ObJXJb2XodZdjie5cItUwd9CICqQ86JB/0EbQ8Kk79w11wxpDQ26U83wIvlKg2ShURCbYSGBA3SK9rsX2zsnckw16hYGIQ5RYbjvk40lp5l7MO2omIfV2OvdgP7bcn3RTCdJKULsbBkXZS66CM5d0Uos0RridGV+AOUs2qfnE589pwBx79rXB17zCp0Zq3/9VcHNSJpAP3mopik+HgXXwk2rxetaE7AkGot2UT2yfM47SlEbI4ITSxjPHvPt7PWZviojui+AuejKapPlvQHa6vBYywXjnMC7tSXhU3Fxk4Mt5JgiFjfHDlZOPn8RfxozMmFtMvT4Yhzt6J+cywhTT2Q+gzNV71tpHk1w/9ZZ6Zlp+NtxDEi80Yjiu7lfBMI+5mdxYhnnidLzEmun61dXxua7usdmcjwAAF36lYCrHIEBZM8sKR2Gt8XdMWy8rwMQq3zdaWQoKtNLEfIe5JzJ70AF4SDPVE+50abBIzOijPL9SQf3Ld/nz371/EKU3nczsdiwcY6NQU+zyMNuw== leigh(a)main_pc.leigh123linux +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7zyoWyuKd097/8559IdUjvDKZIP3KukOhEB1zHBTMJsQT0iXJIiFu5ZC/e0+16rPtksUUICLQfDjmMT8BWtI0eHiIko9biBopxY9uGhRyyyXrtl1JAqdVWrKxfnHsD7SVh9WRg4CdTeVyfvOpFHiG10cKDFf6o31xlMFRCNRXNiwOccdY9zq+cZNVuqOOKXSb6ewvmQwPWUtq6BP+Ae/t1MpoPWVM6QjOrKe7eL6fPdpXCfT+I5pXJ0inCCQJHq9JfQE5VLGO+DvRvkqhlJ9MVIFkEbqj5CFJmu8DyOMtL9WcA9N908tDdAromxPrEFwit9w7sZ7QLPAwcPjHD0Ud pix@manticore diff --git a/roles/koji_builder/files/root_auth_keys b/roles/koji_builder/files/root_auth_keys index d0a1275..cd482ce 100644 --- a/roles/koji_builder/files/root_auth_keys +++ b/roles/koji_builder/files/root_auth_keys @@ -1,3 +1,4 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDnYiQsnoAJpqmZXzlq5Vv8TbfIQnV8IEYMyWZs0eU2Otec7QbCBJPchDKHVezEIPt+nHgSOg9QSE3OlVA4rhNrkxDnuxO9jwiSQmz8ayvlvig1hjp3C/GJmpM2sjljPA33YVTcOjFSab0GC7EIWF6mWQyDWHTvbdy9R4VRRy5jX4R6Hs3hLtNZs15UYAScLsmFitZKoW3TeIW1fTTuAM2p8h/KaMjMyQSiRrGQ97HTxipahLU2hjYiLMzgg3Xcfnnvi8I2Af8+c11Uy4bxQnMP4Ya40LbTc70oSYdb+VXjCBRXSAw+8K1vvX02ex/Wq5MsDdmQy7JzEb3M8vIMGU7E3I7UI3zRkXmwOKN9Vv8Jn7LxM/sgtixzC6qmwU420r6hRxmXT6H9uZRRX0UteCTxSdu0af+hTdjLd7fxm4L5EVYbm8btqfCpQuXPBesRCNvzvuMsIjdM9PvcTTNO1Sr8Zce+lAZLlddmPguCLIMcNrHl3HO0C+QnGWwQWWijViWsBBkuQs6QyxxKbEOt3RHhSa418te1GthcSzLF1xBoJ2KO8FrWeLQKL6HSq5HlbSQmhymlyRWCnfXhecjqrW+v1poowXPxlcPTRiK5ZCJ0s126IC70ANPQYwMTj5L+gLWGsn/sz0fHEC5b78Dbbuj9LkD2N6KmbqJgM7afx7zDjQ== kwizart_2011 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4bGtXPXeAwGweYqk/OKh3Wy1OyZ/5gjZmRGn21l+McAh2W3p+9T8n9UqfV42NLaYzXGNZX0LO+L+9oFkSlIL60AHsuCmOiE731ZQ/lYyyDAfsug6ipTeUwDvJ9kB+jvS0zprujSdvJN8x8cBf5oEjkkTgDdYB4N1V5HcXexItntKd3iVbAfL5Aabmk81Z2VeZPPxK8cbxQFGKHq+hV3ZPjklXsctYfE93lKlPei3qkzjfzJZzjuDYg4GVLxvCt7sMNJozJQgMxGlHQ99X8J5Okk8Wtsg75+j5M5qHievP1SOmnqZG0ZDFaQVgwmNB5Nyv5BtTVtN2N29cBqI5Ct6ZQ== laxathom(a)lxtnow.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHGc9bVTZDldTkFvS4rrOdXtqueMbvlWpC0UuvJ0dJXfcbG1jCTBVqkF5rh2H8aP6wg0zMspsRo9Q/iwj34bkYgOMU0Vqe5AYE+pLWS1XII7Eo90LN3noYlJ7K2f2icmpwGHkkuk7NommHN4rLEHwKdWeU2ObJXJb2XodZdjie5cItUwd9CICqQ86JB/0EbQ8Kk79w11wxpDQ26U83wIvlKg2ShURCbYSGBA3SK9rsX2zsnckw16hYGIQ5RYbjvk40lp5l7MO2omIfV2OvdgP7bcn3RTCdJKULsbBkXZS66CM5d0Uos0RridGV+AOUs2qfnE589pwBx79rXB17zCp0Zq3/9VcHNSJpAP3mopik+HgXXwk2rxetaE7AkGot2UT2yfM47SlEbI4ITSxjPHvPt7PWZviojui+AuejKapPlvQHa6vBYywXjnMC7tSXhU3Fxk4Mt5JgiFjfHDlZOPn8RfxozMmFtMvT4Yhzt6J+cywhTT2Q+gzNV71tpHk1w/9ZZ6Zlp+NtxDEi80Yjiu7lfBMI+5mdxYhnnidLzEmun61dXxua7usdmcjwAAF36lYCrHIEBZM8sKR2Gt8XdMWy8rwMQq3zdaWQoKtNLEfIe5JzJ70AF4SDPVE+50abBIzOijPL9SQf3Ld/nz371/EKU3nczsdiwcY6NQU+zyMNuw== leigh(a)main_pc.leigh123linux +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7zyoWyuKd097/8559IdUjvDKZIP3KukOhEB1zHBTMJsQT0iXJIiFu5ZC/e0+16rPtksUUICLQfDjmMT8BWtI0eHiIko9biBopxY9uGhRyyyXrtl1JAqdVWrKxfnHsD7SVh9WRg4CdTeVyfvOpFHiG10cKDFf6o31xlMFRCNRXNiwOccdY9zq+cZNVuqOOKXSb6ewvmQwPWUtq6BP+Ae/t1MpoPWVM6QjOrKe7eL6fPdpXCfT+I5pXJ0inCCQJHq9JfQE5VLGO+DvRvkqhlJ9MVIFkEbqj5CFJmu8DyOMtL9WcA9N908tDdAromxPrEFwit9w7sZ7QLPAwcPjHD0Ud pix@manticore

3 years, 7 months

1
0
0 / 0

[ansible] Update arm builders

by Nicolas Chauvet

commit 1050c318c56132f830ea3206d7dec8e4ce661c20 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Wed Aug 26 09:05:01 2020 +0200 Update arm builders inventory/builders | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) --- diff --git a/inventory/builders b/inventory/builders index d57be39..2c05b57 100644 --- a/inventory/builders +++ b/inventory/builders @@ -55,8 +55,8 @@ home_arm [home_arm] arm-builder09.home.rpmfusion.net -#arm-builder10.home.rpmfusion.net -arm-builder11.home.rpmfusion.net +arm-builder10.home.rpmfusion.net +#arm-builder11.home.rpmfusion.net #arm-builder12.home.rpmfusion.net arm-jetson-tk1.home.rpmfusion.net arm-jetson-tx1.home.rpmfusion.net

3 years, 7 months

1
0
0 / 0

[ansible] Update koji_builders

by Nicolas Chauvet

commit a960b82fbb90baaa3a5b074c7950bf6fe1893c16 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Tue Aug 25 21:35:30 2020 +0200 Update koji_builders roles/koji_builder/tasks/main.yml | 15 +++++---------- 1 files changed, 5 insertions(+), 10 deletions(-) --- diff --git a/roles/koji_builder/tasks/main.yml b/roles/koji_builder/tasks/main.yml index 30a8df8..f3f569d 100644 --- a/roles/koji_builder/tasks/main.yml +++ b/roles/koji_builder/tasks/main.yml @@ -82,8 +82,11 @@ - mock - kernel-firmware - kernel-modules + - ntp + - ntpdate - rsyslog - audit + - pycdio - python3-kickstart - libvirt-client - oz @@ -94,8 +97,8 @@ - imagefactory-plugins-ovfcommon - imagefactory-plugins - imagefactory-plugins-OVA - - imagefactory-plugins-EC2 - imagefactory-plugins-RHEVM + - pykickstart - nosync tags: - koji_builder @@ -106,15 +109,6 @@ - koji_builder when: "ansible_architecture is defined and ansible_architecture == 'aarch64'" -- name: Re byte compile Guest.py (if needed) - command: python2 -m compileall /usr/lib/python2.7/site-packages/oz/Guest.py - register: compileGuestpy - changed_when: "'Compiling ' in compileGuestpy.stdout" - tags: - - koji_builder - notify: - - restart kojid - - name: enable virtlogd service service: name=virtlogd state=started enabled=yes tags: @@ -137,6 +131,7 @@ - restart kojid tags: - koji_builder + - rpmautospec - name: build /etc/koji/koji.conf from group vars template: src=koji.conf dest=/etc/koji.conf

3 years, 7 months

1
0
0 / 0

[ansible] Add buildvm_arm for arm-jetson-tx1

by Nicolas Chauvet

commit 588ca08088ced4f0564a54ebc578ace54753c60a Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Tue Aug 25 21:02:17 2020 +0200 Add buildvm_arm for arm-jetson-tx1 inventory/builders | 4 ++++ playbooks/groups/buildvm.yml | 2 +- 2 files changed, 5 insertions(+), 1 deletions(-) --- diff --git a/inventory/builders b/inventory/builders index 9907a5c..d57be39 100644 --- a/inventory/builders +++ b/inventory/builders @@ -14,6 +14,9 @@ buildvm-02.online.rpmfusion.net [buildvm_aarch64] +[buildvm_arm] +arm-jetson-tx1.home.rpmfusion.net + [buildhw] buildvm-03.online.rpmfusion.net buildvm-05.virt.rpmfusion.net @@ -67,6 +70,7 @@ buildhw_ppc64le buildhw_aarch64 buildvm buildvm_aarch64 +buildvm_arm [builders:vars] ansible_python_interpreter=/usr/bin/python3 diff --git a/playbooks/groups/buildvm.yml b/playbooks/groups/buildvm.yml index 2bbdf70..db2256c 100644 --- a/playbooks/groups/buildvm.yml +++ b/playbooks/groups/buildvm.yml @@ -6,7 +6,7 @@ - import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=buildvm:buildvm_stg" - name: make koji builder(s) - hosts: buildvm:buildvm_stg:buildvm_aarch64 + hosts: buildvm:buildvm_stg:buildvm_aarch64:buildvm_arm user: root gather_facts: True

3 years, 7 months

1
0
0 / 0

[ansible] Update all groupvars

by Nicolas Chauvet

commit d1577b419f3353bf0b40a2e9a9135b48a18f1817 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Tue Aug 25 18:28:34 2020 +0200 Update all groupvars inventory/group_vars/all | 106 ++++++++++++++++++++++++++++++++++++++++++---- 1 files changed, 98 insertions(+), 8 deletions(-) --- diff --git a/inventory/group_vars/all b/inventory/group_vars/all index 3d0c648..191ea0c 100644 --- a/inventory/group_vars/all +++ b/inventory/group_vars/all @@ -54,7 +54,7 @@ install_noc: none ks_url: http://infrastructure.rpmfusion.org/repo/rhel/ks/kvm-rhel-7 ks_repo: http://mirror.centos.org/centos/7/os/x86_64/ mem_size: 2048 -num_cpus: 1 +num_cpus: 2 lvm_size: 20000 # on MOST infra systems, the interface connected to the infra network @@ -102,7 +102,41 @@ virt_install_command_two_nic: virt-install -n {{ inventory_hostname }} 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none - ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname }}-nfs:eth1:none' + ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none' + --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} + --network=bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address1 }} + --autostart --noautoconsole --watchdog default --rng /dev/random + +virt_install_command_one_nic_unsafe: virt-install -n {{ inventory_hostname }} + --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio + --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads + --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x + 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0 + hostname={{ inventory_hostname }} nameserver={{ dns }} + ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' + --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} + --autostart --noautoconsole --watchdog default --rng /dev/random --cpu host + +virt_install_command_two_nic_unsafe: virt-install -n {{ inventory_hostname }} + --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio + --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads + --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x + 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0 + hostname={{ inventory_hostname }} nameserver={{ dns }} + ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none + ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' + --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} + --network bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address1 }} + --autostart --noautoconsole --watchdog default --rng /dev/random + +virt_install_command_ppc64le_two_nic_unsafe: virt-install -n {{ inventory_hostname }} + --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio + --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads + --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x + 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0 + hostname={{ inventory_hostname }} nameserver={{ dns }} + ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none + ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --network=bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address1 }} --autostart --noautoconsole --watchdog default --rng /dev/random @@ -117,6 +151,26 @@ virt_install_command_aarch64_one_nic: virt-install -n {{ inventory_hostname }} --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole +virt_install_command_aarch64_one_nic_unsafe: virt-install -n {{ inventory_hostname }} + --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio + --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads + --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x + 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} + hostname={{ inventory_hostname }} nameserver={{ dns }} + ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' + --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} + --autostart --noautoconsole + +virt_install_command_aarch64_2nd_nic: virt-install -n {{ inventory_hostname }} + --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio + --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} + --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x + 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} + hostname={{ inventory_hostname }} nameserver={{ dns }} + ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' + --network bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address }} + --autostart --noautoconsole + virt_install_command_aarch64_two_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} @@ -124,7 +178,7 @@ virt_install_command_aarch64_two_nic: virt-install -n {{ inventory_hostname }} 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none - ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname }}-nfs:eth1:none' + ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --network=bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address1 }} --autostart --noautoconsole --rng /dev/random @@ -136,8 +190,38 @@ virt_install_command_armv7_one_nic: virt-install -n {{ inventory_hostname }} --a 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyAMA0 hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' - --network bridge={{ main_bridge }},model=virtio - --autostart --noautoconsole + --network bridge={{ main_bridge }} + --autostart --noautoconsole --rng /dev/random + +virt_install_command_armv7_one_nic_unsafe: virt-install -n {{ inventory_hostname }} --arch armv7l + --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio + --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads + --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x + 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyAMA0 + hostname={{ inventory_hostname }} nameserver={{ dns }} + ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' + --network bridge={{ main_bridge }} + --autostart --noautoconsole --rng /dev/random + +virt_install_command_s390x_one_nic: virt-install -n {{ inventory_hostname }} + --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio + --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} + --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x + 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} + hostname={{ inventory_hostname }} nameserver={{ dns }} + ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' + --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} + --autostart --noautoconsole --rng /dev/random --cpu host + +virt_install_command_s390x_one_nic_unsafe: virt-install -n {{ inventory_hostname }} + --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio + --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads + --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x + 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} + hostname={{ inventory_hostname }} nameserver={{ dns }} + ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' + --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} + --autostart --noautoconsole --rng /dev/random --cpu host virt_install_command_rhel6: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} @@ -214,8 +298,8 @@ nrpe_check_postfix_queue_crit: 5 # env is staging or production, we default it to production here. env: production -env_prefix: -env_suffix: +env_prefix: "" +env_suffix: "" env_short: prod # nfs mount options, override at the group/host level @@ -285,6 +369,8 @@ nagios_Check_Services: ping: true raid: false +nagios_Can_Connect: true + # Set variable if we want to use our global iptables defaults # Some things need to set their own. baseiptables: True @@ -316,4 +402,8 @@ sshd_sftp: false # # Autodetect python version # -#ansible_python_interpreter: auto +ansible_python_interpreter: auto +# +# datacenter with active certbot in it +# +certgetter_datacenter: online

3 years, 7 months

1
0
0 / 0

[ansible] Add arm-jetson-tx1

by Nicolas Chauvet

commit 2e5a67a4a366a6730ddd330d0e66103ad99d38ac Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Tue Aug 25 18:01:02 2020 +0200 Add arm-jetson-tx1 .../host_vars/arm-jetson-tx1.home.rpmfusion.net | 28 ++++++++++++++++++++ 1 files changed, 28 insertions(+), 0 deletions(-) --- diff --git a/inventory/host_vars/arm-jetson-tx1.home.rpmfusion.net b/inventory/host_vars/arm-jetson-tx1.home.rpmfusion.net new file mode 100644 index 0000000..e6dd3a7 --- /dev/null +++ b/inventory/host_vars/arm-jetson-tx1.home.rpmfusion.net @@ -0,0 +1,28 @@ +--- +vmhost: aarch64-jetson-tx1.home.rpmfusion.net +eth0_ip: 192.168.1.102 +nm: 255.255.255.0 +gw: 192.168.1.1 +dns: 192.168.1.1 +ks_url: http://dl.kwizart.net/ks/kvm-fedora-32-ext-armv7 +ks_repo: https://dl.fedoraproject.org/pub/fedora/linux/releases/32/Everything/armh... + +virt_install_command: "{{ virt_install_command_armv7_one_nic_unsafe }}" + +volgroup: /dev/vg_data +lvm_size: 80000 +mem_size: 2048 +max_mem_size: "{{ mem_size }}" +num_cpus: 4 +datacenter: home + +nagios_Check_Services: + mail: false + nrpe: false + sshd: false + named: false + dhcpd: false + httpd: false + swap: false + ping: false + raid: false

3 years, 7 months

1
0
0 / 0

[ansible] Add dependency on mount point

by Nicolas Chauvet

commit 665c909f3da1f2a73b9c390920b677d5e5168712 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Fri Aug 21 15:36:14 2020 +0200 Add dependency on mount point .../files/builders/kojid.service.d.override.conf | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) --- diff --git a/roles/koji_builder/files/builders/kojid.service.d.override.conf b/roles/koji_builder/files/builders/kojid.service.d.override.conf index 831dae9..e0cf6de 100644 --- a/roles/koji_builder/files/builders/kojid.service.d.override.conf +++ b/roles/koji_builder/files/builders/kojid.service.d.override.conf @@ -1,3 +1,6 @@ +[Unit] +After=network.target mnt-rpmfusion_koji.mount + [Service] TasksMax=infinity Environment="http_proxy=http://proxy:3128"

3 years, 8 months

1
0
0 / 0

[ansible] Add our new mirrorlist-server configuration

by Adrian Reber

commit 89534c2b81af845c666e114a94a1ab7812f5baef Author: Adrian Reber <adrian(a)lisas.de> Date: Thu Aug 6 20:05:36 2020 +0200 Add our new mirrorlist-server configuration With this RPM Fusion is now using only two mirrorlist-servers. Instead of the old Python based code, this is now all implemented in Rust. We have two mirrorlist-server processes on each host and an Apache httpd in front of it as load balancer and SSL termination. Signed-off-by: Adrian Reber <adrian(a)lisas.de> files/httpd/h2.conf.j2 | 1 + inventory/group_vars/mirrorlist_server | 18 ++ inventory/inventory | 4 + .../files/common-scripts/conditional-reload.sh | 26 +++ .../files/common-scripts/conditional-restart.sh | 10 + playbooks/groups/mirrorlist-server.yml | 47 +++++ .../mirrorlist-server/files/balance-manager.sh | 125 ++++++++++++ .../mirrorlist-server/files/download_caches | 23 +++ .../files/mirrorlist-server-ssl.conf | 17 ++ .../files/mirrorlist-server.common | 48 +++++ .../mirrorlist-server/files/mirrorlist-server.conf | 4 + .../files/restart-mirrorlist-containers | 97 ++++++++++ .../files/restart-mirrorlist-containers.j2 | 91 +++++++++ .../mirrormanager/mirrorlist-server/tasks/main.yml | 202 ++++++++++++++++++++ .../templates/mirrorlist.service.j2 | 16 ++ .../mirrormanager/mirrorlist-server/vars/main.yml | 2 + 16 files changed, 731 insertions(+), 0 deletions(-) --- diff --git a/files/httpd/h2.conf.j2 b/files/httpd/h2.conf.j2 new file mode 100644 index 0000000..2627ea8 --- /dev/null +++ b/files/httpd/h2.conf.j2 @@ -0,0 +1 @@ +Protocols h2 {% if not inventory_hostname.startswith('proxy') %} h2c {% endif %} http/1.1 diff --git a/inventory/group_vars/mirrorlist_server b/inventory/group_vars/mirrorlist_server new file mode 100644 index 0000000..2ae973e --- /dev/null +++ b/inventory/group_vars/mirrorlist_server @@ -0,0 +1,18 @@ +--- + +motd_custom: | + This is one of the (currently as of this writing) three mirrorlist + servers of RPM Fusion. Using mirrors.rpmfusion.org is "load balanced" + using DNS to one of the existing mirrorlist servers. To check the + results following command can be used: + + curl "http://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-rawhide&arch=x86_64" + + Testing a specific mirrorlist can be done using: + + curl "http://{{ inventory_hostname }}/mirrorlist?repo=free-fedora-rawhide&arch=x86_64" + + The server can be rebooted any time it is necessary without warning. + A short downtine of one of the mirrorlist servers can easily be + handled by the remaining servers. Longer downtimes require removal + of the IP address from the mirrors.rpmfusion.org entry. diff --git a/inventory/inventory b/inventory/inventory index 7b7de4b..ae54afd 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -91,3 +91,7 @@ mirrorlist01.uase.rpmfusion.net mirrorlist02.mv.rpmfusion.net mirrorlist03.scaleway.rpmfusion.net mirrorlist04.mv.rpmfusion.net + +[mirrorlist_server] +mirrorlist06.hetzner.rpmfusion.net +mirrorlist05.ovh.rpmfusion.net diff --git a/playbooks/groups/files/common-scripts/conditional-reload.sh b/playbooks/groups/files/common-scripts/conditional-reload.sh new file mode 100644 index 0000000..988a08b --- /dev/null +++ b/playbooks/groups/files/common-scripts/conditional-reload.sh @@ -0,0 +1,26 @@ +#!/bin/bash +# reload SERVICE only if PACKAGE is installed. +# We use this throughout handlers/restart_services.yml + +SERVICE=$1 +PACKAGE=$2 + +rpm -q $PACKAGE + +INSTALLED=$? + +if [ $INSTALLED -eq 0 ]; then + echo "Checking if $SERVICE is running" + /sbin/service $SERVICE status >& /dev/null + if [ $? == 0 ]; then + echo "Package $PACKAGE installed and running. Attempting reload of $SERVICE." + /sbin/service $SERVICE reload + exit $? # Exit with the /sbin/service status code + fi + echo "Package $PACKAGE is install, but $SERVICE is not running, skipping..." + exit 0 +fi + +# If the package wasn't installed, then pretend everything is fine. +echo "Package $PACKAGE not installed. Skipping reload of $SERVICE." +exit 0 diff --git a/playbooks/groups/files/common-scripts/conditional-restart.sh b/playbooks/groups/files/common-scripts/conditional-restart.sh new file mode 100644 index 0000000..8da52dc --- /dev/null +++ b/playbooks/groups/files/common-scripts/conditional-restart.sh @@ -0,0 +1,10 @@ +#!/bin/bash +# +# We use this to try and restart a service. +# If it's not running, do nothing. +# If it is running, restart it. +# + +SERVICE=$1 +# Check if service unit is present before trying to restart it +/usr/bin/systemctl cat $1.service &>/dev/null && /usr/bin/systemctl try-restart $1 || true diff --git a/playbooks/groups/mirrorlist-server.yml b/playbooks/groups/mirrorlist-server.yml new file mode 100644 index 0000000..e88697b --- /dev/null +++ b/playbooks/groups/mirrorlist-server.yml @@ -0,0 +1,47 @@ +- name: mirrorlist-server + hosts: mirrorlist_server + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - name: global default packages to install + package: + name: + - wget + - curl + - cronie + state: present + tags: + - packages + - name: global packages to remove + package: + name: + - sssd-common + state: absent + tags: + - packages + - name: set hostname + hostname: name="{{inventory_hostname}}" + - name: Install common scripts + copy: src={{ item }} dest=/usr/local/bin/ owner=root group=root mode=0755 + with_fileglob: + - common-scripts/* + tags: + - common-scripts + + - debug: msg="{{ansible_nodename}} {{ansible_domain}} {{inventory_hostname}} {{ansible_distribution_major_version|int}}" + + tasks: + - import_tasks: "{{ tasks_path }}/motd.yml" + + roles: + - apache + - httpd/mod_ssl + - mirrormanager/mirrorlist-server + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/roles/mirrormanager/mirrorlist-server/files/balance-manager.sh b/roles/mirrormanager/mirrorlist-server/files/balance-manager.sh new file mode 100755 index 0000000..a9575c8 --- /dev/null +++ b/roles/mirrormanager/mirrorlist-server/files/balance-manager.sh @@ -0,0 +1,125 @@ +#!/bin/bash + +CURL=`which curl` +if [ -z "$CURL" ]; then + echo "curl not found" + exit 1 +fi + +server="localhost" +port="80" +manager="balancer-manager" + +while getopts "s:p:m:" opt; do + case "$opt" in + s) + server=$OPTARG + ;; + p) + port=$OPTARG + ;; + m) + manager=$OPTARG + ;; + esac +done + +shift $(($OPTIND - 1)) +action=$1 + + +list_balancers() { + $CURL -s "http://${server}:${port}/${manager}" | grep "balancer://" | sed "s/.*balancer:\/\/$.*$<\/a>.*/\1/" +} + +list_workers() { + balancer=$1 + if [ -z "$balancer" ]; then + echo "Usage: $0 [-s host] [-p port] [-m balancer-manager] list-workers balancer_name" + echo " balancer_name : balancer name" + exit 1 + fi + $CURL -s "http://${server}:${port}/${manager}" | grep "/balancer-manager?b=${balancer}&w" | sed "s/.*href='$.[^']*$.*/\1/" | sed "s/.*w=$.*$&.*/\1/" +} + +enable() { + balancer=$1 + worker=$2 + if [ -z "$balancer" ] || [ -z "$worker" ]; then + echo "Usage: $0 [-s host] [-p port] [-m balancer-manager] enable balancer_name worker_route" + echo " balancer_name : balancer/cluster name" + echo " worker_route : worker route e.g.) ajp://192.1.2.3:8009" + exit 1 + fi + + nonce=`$CURL -s "http://${server}:${port}/${manager}" | grep nonce | grep "${balancer}" | sed "s/.*nonce=$.*$['\"].*/\1/" | tail -n 1` + if [ -z "$nonce" ]; then + echo "balancer_name ($balancer) not found" + exit 1 + fi + + echo "Enabling $2 of $1..." + $CURL -s -o /dev/null -XPOST "http://${server}:${port}/${manager}?" -d b="${balancer}" -d w="${worker}" -d nonce="${nonce}" -d w_status_D=0 -H "Referer: http://${server}:${port}/${manager}?" + sleep 2 + status +} + +disable() { + balancer=$1 + worker=$2 + if [ -z "$balancer" ] || [ -z "$worker" ]; then + echo "Usage: $0 [-s host] [-p port] [-m balancer-manager] disable balancer_name worker_route" + echo " balancer_name : balancer/cluster name" + echo " worker_route : worker route e.g.) ajp://192.1.2.3:8009" + exit 1 + fi + + echo "Disabling $2 of $1..." + nonce=`$CURL -s "http://${server}:${port}/${manager}" | grep nonce | grep "${balancer}" | sed "s/.*nonce=$.*$['\"].*/\1/" | tail -n 1` + if [ -z "$nonce" ]; then + echo "balancer_name ($balancer) not found" + exit 1 + fi + + $CURL -s -o /dev/null -XPOST "http://${server}:${port}/${manager}?" -d b="${balancer}" -d w="${worker}" -d nonce="${nonce}" -d w_status_D=1 -H "Referer: http://${server}:${port}/${manager}?" + sleep 2 + status +} + +status() { + $CURL -s "http://${server}:${port}/${manager}" | grep "href" | sed "s/<[^>]*>/ /g" +} + +case "$1" in + list-balancer) + list_balancers "${@:2}" + ;; + list-worker) + list_workers "${@:2}" + ;; + enable) + enable "${@:2}" + ;; + disable) + disable "${@:2}" + ;; + status) + status "${@:2}" + ;; + *) + echo "Usage: $0 {list-balancer|list-worker|enable|disable|status}" + echo "" + echo "Options: " + echo " -s server" + echo " -p port" + echo " -m balancer-manager-context-path" + echo "" + echo "Commands: " + echo " list-balancer" + echo " list-worker balancer-name" + echo " enable balancer_name worker_route" + echo " disable balancer_name worker_route" + exit 1 +esac + +exit $? diff --git a/roles/mirrormanager/mirrorlist-server/files/download_caches b/roles/mirrormanager/mirrorlist-server/files/download_caches new file mode 100755 index 0000000..c7dd5c3 --- /dev/null +++ b/roles/mirrormanager/mirrorlist-server/files/download_caches @@ -0,0 +1,23 @@ +#!/bin/bash + +CACHE=/srv/mirrorlist/data/mirrorlist1/ + +cd $CACHE + +FILES="country_continent.csv mirrorlist_cache.proto global_netblocks.txt i2_netblocks.txt" + +for i in ${FILES}; do + wget -q -N http://lisas.de/mirrorlist-statistics/$i +done + +FILES="pl.tar.gz" + +cd /var/www/mirrors.rpmfusion.org + +SUM_BEFORE=`cat ${FILES} | md5sum` +wget -q -N http://lisas.de/.cache/${FILES} +SUM_AFTER=`cat ${FILES} | md5sum` + +if [[ "${SUM_AFTER}" != "${SUM_BEFORE}" ]]; then + tar xf ${FILES} +fi diff --git a/roles/mirrormanager/mirrorlist-server/files/mirrorlist-server-ssl.conf b/roles/mirrormanager/mirrorlist-server/files/mirrorlist-server-ssl.conf new file mode 100644 index 0000000..6ad8220 --- /dev/null +++ b/roles/mirrormanager/mirrorlist-server/files/mirrorlist-server-ssl.conf @@ -0,0 +1,17 @@ +<VirtualHost _default_:443> + + SSLEngine on + + # Intermediate configuration, tweak to your needs + SSLProtocol all -SSLv2 -SSLv3 + SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA + SSLHonorCipherOrder on + + SSLOptions +StrictRequire + SSLCertificateFile /etc/letsencrypt/live/mirrors.rpmfusion.org/cert.pem + SSLCertificateKeyFile /etc/letsencrypt/live/mirrors.rpmfusion.org/privkey.pem + SSLCertificateChainFile /etc/letsencrypt/live/mirrors.rpmfusion.org/chain.pem + + Include conf.d/mirrorlist-server.common + +</VirtualHost> diff --git a/roles/mirrormanager/mirrorlist-server/files/mirrorlist-server.common b/roles/mirrormanager/mirrorlist-server/files/mirrorlist-server.common new file mode 100644 index 0000000..a911574 --- /dev/null +++ b/roles/mirrormanager/mirrorlist-server/files/mirrorlist-server.common @@ -0,0 +1,48 @@ +ServerAdmin webmaster(a)rpmfusion.org +DocumentRoot /var/www/mirrors.rpmfusion.org + +RewriteEngine on +RewriteOptions inherit + +SSLProxyEngine On + +RewriteRule ^/(free|nonfree)/(fedora|el)/updates/([^/]+)/([^/]+)/?$ http://mirrors.rpmfusion.org/mirrorlist?repo=$1-$2-updates-released-$3&ar... [R=301,last] +RewriteRule ^/(free|nonfree)/(fedora|el)/(rawhide|development)/([^/]+)/?$ http://mirrors.rpmfusion.org/mirrorlist?repo=$1-$2-rawhide&arch=$4 [R=301,last] +RewriteRule ^/(free|nonfree)/(fedora|el)/([^/]+)/([^/]+)/?$ http://mirrors.rpmfusion.org/mirrorlist?repo=$1-$2-$3&arch=$4 [R=301,last] + +RewriteCond %{HTTPS} !=on +RewriteCond %{REQUEST_URI} ^/statistics(.*) +RewriteRule ^/?(.*) https://mirrors.rpmfusion.org/$1 [R,L] + +RewriteRule ^/statistics(.*) https://lisas.de/mirrorlist-statistics$1 [P,L] +ProxyPassReverse /statistics/ https://lisas.de/mirrorlist-statistics/ + +RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge(.*) +RewriteCond %{REQUEST_URI} !^/metalink(.*) +RewriteCond %{REQUEST_URI} !^/logs(.*) +RewriteCond %{REQUEST_URI} !^/mirrorlist(.*) +RewriteCond %{REQUEST_URI} !^/mm/publiclist(.*) +RewriteCond %{REQUEST_URI} !^/balancer-manager(.*) +RewriteRule ^/(.*)$ http://rpmfusion.org/$1 [R=301] + +KeepAlive Off +Alias /logs/ /var/log/mirrormanager/ +<Directory /var/log/mirrormanager/> + Require ip 129.143.116.10 + Require ip 2001:7c0:700::10 +</Directory> + +<Proxy "balancer://mycluster"> + BalancerMember "http://localhost:18081" + BalancerMember "http://localhost:18082" +</Proxy> + +ProxyPass "/mirrorlist" "balancer://mycluster/mirrorlist" +ProxyPassReverse "/mirrorlist" "balancer://mycluster/mirrorlist" +ProxyPass "/metalink" "balancer://mycluster/metalink" +ProxyPassReverse "/metalink" "balancer://mycluster/metalink" + +<Location "/balancer-manager"> + SetHandler balancer-manager + Require local +</Location> diff --git a/roles/mirrormanager/mirrorlist-server/files/mirrorlist-server.conf b/roles/mirrormanager/mirrorlist-server/files/mirrorlist-server.conf new file mode 100644 index 0000000..41e6a27 --- /dev/null +++ b/roles/mirrormanager/mirrorlist-server/files/mirrorlist-server.conf @@ -0,0 +1,4 @@ +ServerLimit 900 +MaxRequestWorkers 900 + +Include conf.d/mirrorlist-server.common diff --git a/roles/mirrormanager/mirrorlist-server/files/restart-mirrorlist-containers b/roles/mirrormanager/mirrorlist-server/files/restart-mirrorlist-containers new file mode 100644 index 0000000..06760ef --- /dev/null +++ b/roles/mirrormanager/mirrorlist-server/files/restart-mirrorlist-containers @@ -0,0 +1,97 @@ +#!/bin/bash + +## ports for mirrors +mirrorlist1="http://localhost:18081/metalink?repo=free-fedora-rawhide&arch=x86_64" +mirrorlist2="http://localhost:18082/metalink?repo=free-fedora-rawhide&arch=x86_64" + +TIME_DRAIN=30 +TIME_RESTART=5 +TIME_DISABLE=5 + +if [ ! -f /srv/mirrorlist/data/mirrorlist2/global_netblocks.txt ]; +then + cp /srv/mirrorlist/data/mirrorlist1/* /srv/mirrorlist/data/mirrorlist2/ +fi + +## check mirrorlist1 running +if [ `systemctl show mirrorlist1 -p ActiveState` != 'ActiveState=active' ]; then + # mirrorlist1 not running, there is a problem + echo "Error: mirrorlist1 is not running as expected" + exit 1 +fi + +## check mirrorlist2 running +if [ `systemctl show mirrorlist2 -p ActiveState` != 'ActiveState=active' ]; then + # mirrorlist2 not running, maybe a new install + systemctl start mirrorlist2 + touch /srv/mirrorlist/data/mirrorlist1/mirrorlist_cache.proto +fi + +## Check that protbuf cache is newer than old protobuf cache +if [ /srv/mirrorlist/data/mirrorlist1/mirrorlist_cache.proto -nt /srv/mirrorlist/data/mirrorlist2/mirrorlist_cache.proto ]; then + # new proto + : +else + # No new proto + exit 0 +fi + +# check mirrorlist2 (old protbuf cache and see that it's processing ok) +curl -q -H mirrors.rpmfusion.org ${mirrorlist2} -s -f --retry 50 --retry-delay 10 --retry-connrefused --retry-max-time 180 | grep "sha512" >/dev/null +if [ $? != 0 ]; then + echo "ERROR: mirrorlist2 not processing correctly" + exit 1 +fi + +# Disable mirrorlist1 +/usr/local/bin/balance-manager.sh disable mycluster http://localhost:18081 >& /dev/null +sleep ${TIME_DISABLE} + +# restart mirrorlist1 (new protbuf cache and make sure it's processing ok) +systemctl stop mirrorlist1 +sleep 1 +systemctl start mirrorlist1 +if [[ ${?} -ne 0 ]]; then + systemctl start mirrorlist1 + if [[ ${?} -ne 0 ]]; then + echo "Unable to start mirrorlist1" + exit 1 + fi +fi + + +sleep ${TIME_RESTART} +curl -q -H mirrors.rpmfusion.org ${mirrorlist1} -s -f --retry 50 --retry-delay 10 --retry-connrefused --retry-max-time 180 | grep "sha512" >/dev/null +if [ $? != 0 ]; then + echo "ERROR: mirrorlist1 did not restart correctly" + exit 1 +fi + +# New mirrorlist seems to be working, put it back into service +/usr/local/bin/balance-manager.sh enable mycluster http://localhost:18081 >& /dev/null +sleep ${TIME_RESTART} + +# copy new protbuf cache to mirrorlist2 +cp -a /srv/mirrorlist/data/mirrorlist1/* /srv/mirrorlist/data/mirrorlist2/ + +# Disable mirrorlist2 +/usr/local/bin/balance-manager.sh disable mycluster http://localhost:18082 >& /dev/null +sleep ${TIME_DISABLE} + +# restart mirrorlist2 +systemctl stop mirrorlist2 +sleep 1 +systemctl start mirrorlist2 +if [[ ${?} -ne 0 ]]; then + echo "Unable to start mirrorlist2" + exit 1 +fi + +sleep ${TIME_RESTART} +curl -q -H mirrors.rpmfusion.org ${mirrorlist2} -o/dev/null -s -f --retry 50 --retry-delay 10 --retry-connrefused --retry-max-time 180 +if [ $? != 0 ]; then + echo "ERROR: mirrorlist2 did not restart correctly" + exit 1 +fi + +/usr/local/bin/balance-manager.sh enable mycluster http://localhost:18082 >& /dev/null diff --git a/roles/mirrormanager/mirrorlist-server/files/restart-mirrorlist-containers.j2 b/roles/mirrormanager/mirrorlist-server/files/restart-mirrorlist-containers.j2 new file mode 100644 index 0000000..951b230 --- /dev/null +++ b/roles/mirrormanager/mirrorlist-server/files/restart-mirrorlist-containers.j2 @@ -0,0 +1,91 @@ +#!/bin/bash + +## ports for mirrors +mirrorlist1="http://localhost:18081/metalink?repo=free-fedora-rawhide&arch=x86_64" +mirrorlist2="http://localhost:18082/metalink?repo=free-fedora-rawhide&arch=x86_64" + +TIME_DRAIN=30 +TIME_RESTART=5 +TIME_DISABLE=5 + +# Initial expected state is mirrorlist1 running, mirrorlist2 running and new protbuf cache + +if [ ! -f /srv/mirrorlist/data/mirrorlist2/global_netblocks.txt ]; +then + cp /srv/mirrorlist/data/mirrorlist1/* /srv/mirrorlist/data/mirrorlist2/ +fi + +## Check that protbuf cache is newer than old protobuf cache +if [ /srv/mirrorlist/data/mirrorlist1/mirrorlist_cache.proto -nt /srv/mirrorlist/data/mirrorlist2/mirrorlist_cache.proto ]; then + # new proto + : +else + # No new proto + exit 0 +fi +## check mirrorlist1 running +if [ `systemctl show mirrorlist1 -p ActiveState` != 'ActiveState=active' ]; then + # mirrorlist1 not running, there is a problem + echo "Error: mirrorlist1 is not running as expected" + exit 1 +fi + +# check mirrorlist2 (old protbuf cache and see that it's processing ok) +curl -q -H mirrors.rpmfusion.org ${mirrorlist2} -s -f --retry 50 --retry-delay 10 --retry-connrefused --retry-max-time 180 | grep "sha512" >/dev/null +if [ $? != 0 ]; then + echo "ERROR: mirrorlist2 not processing correctly" + exit 1 +fi + +# Disable mirrorlist1 +echo /usr/local/bin/balance-manager.sh disable mycluster http://localhost:18081 >& /dev/null +sleep ${TIME_DISABLE} + +# restart mirrorlist1 (new protbuf cache and make sure it's processing ok) +systemctl stop mirrorlist1 +sleep 1 +systemctl start mirrorlist1 +if [[ ${?} -ne 0 ]]; then + systemctl start mirrorlist1 + if [[ ${?} -ne 0 ]]; then + echo "Unable to start mirrorlist1" + exit 1 + fi +fi + + +sleep ${TIME_RESTART} +curl -q -H mirrors.rpmfusion.org ${mirrorlist1} -s -f --retry 50 --retry-delay 10 --retry-connrefused --retry-max-time 180 | grep "sha512" >/dev/null +if [ $? != 0 ]; then + echo "ERROR: mirrorlist1 did not restart correctly" + exit 1 +fi + +# New mirrorlist seems to be working, put it back into service +echo /usr/local/bin/balance-manager.sh enable mycluster http://localhost:18081 >& /dev/null +sleep ${TIME_RESTART} + +# copy new protbuf cache to mirrorlist2 +cp -a /srv/mirrorlist/data/mirrorlist1/* /srv/mirrorlist/data/mirrorlist2/ + +# Disable mirrorlist2 +echo /usr/local/bin/balance-manager.sh disable mycluster http://localhost:18082 >& /dev/null +sleep ${TIME_DISABLE} + +# restart mirrorlist2 +systemctl stop mirrorlist2 +sleep 1 +systemctl start mirrorlist2 +if [[ ${?} -ne 0 ]]; then + echo "Unable to start mirrorlist2" + exit 1 +fi + +sleep ${TIME_RESTART} +curl -q -H mirrors.rpmfusion.org ${mirrorlist2} -o/dev/null -s -f --retry 50 --retry-delay 10 --retry-connrefused --retry-max-time 180 +if [ $? != 0 ]; then + echo "ERROR: mirrorlist2 did not restart correctly" + exit 1 +fi + +echo /usr/local/bin/balance-manager.sh enable mycluster http://localhost:18082 >& /dev/null diff --git a/roles/mirrormanager/mirrorlist-server/tasks/main.yml b/roles/mirrormanager/mirrorlist-server/tasks/main.yml new file mode 100644 index 0000000..744ed17 --- /dev/null +++ b/roles/mirrormanager/mirrorlist-server/tasks/main.yml @@ -0,0 +1,202 @@ +--- +# tasklist for setting up the mirrorlist-server components +# create mirrormanager user +# create mirrormanager user +- name: add mirrormanager user - uid {{ mirrormanager_uid }} + user: name=mirrormanager uid={{ mirrormanager_uid }} state=present home=/home/mirrormanager createhome=yes + tags: + - mirrorlist_server + +- name: install packages for mirrorlist-server + package: + state: present + name: + - mirrorlist-server + - geolite2-country + - certbot + tags: + - packages + - mirrorlist_server + +- name: setup directories + file: dest="{{item}}" mode=0755 state=directory + with_items: + - /srv/mirrorlist + - /srv/mirrorlist/data + - /srv/mirrorlist/data/mirrorlist1 + - /srv/mirrorlist/data/mirrorlist2 + - /var/log/mirrormanager + - /etc/letsencrypt/live + tags: + - mirrorlist_server + +- name: make sure mirrormanager user can write new protobuf based cache file + file: dest="{{item}}" owner=mirrormanager group=mirrormanager setype=_default + with_items: + - /srv/mirrorlist/data + - /srv/mirrorlist/data/mirrorlist1 + - /srv/mirrorlist/data/mirrorlist2 + - /var/log/mirrormanager + tags: + - mirrorlist_server + +- name: Ensure log file for content exists + file: dest="{{item}}" owner=mirrormanager group=mirrormanager mode=0755 state=touch setype=_default + with_items: + - /var/log/mirrormanager/mirrorlist1.service.log + - /var/log/mirrormanager/mirrorlist2.service.log + tags: + - mirrorlist_server + +- name: for the rust based mirrorlist server chown log files + file: dest="{{item}}" owner=mirrormanager group=mirrormanager + with_items: + - /var/log/mirrormanager/mirrorlist1.service.log + - /var/log/mirrormanager/mirrorlist2.service.log + tags: + - mirrorlist_server + +# We deploy two service files. Both listen on a different port, so that we can switch +# them out as part of the protobuf cache deployment without having any local downtime. +- name: Deploy service files + template: src=mirrorlist.service.j2 dest=/etc/systemd/system/mirrorlist{{ item }}.service + with_items: + - 1 + - 2 + tags: + - mirrorlist_server + notify: + - reload systemd + +- name: Enable mirrorlist services + service: name=mirrorlist{{ item }} enabled=yes state=started + with_items: + - 1 + - 2 + tags: + - mirrorlist_server + +- name: make a /var/www/mirrors.rpmfusion.org directory + file: dest=/var/www/mirrors.rpmfusion.org state=directory owner=mirrormanager group=mirrormanager mode=0755 + tags: + - mirrorlist_server + +- name: copy download_caches + copy: src=download_caches dest=/home/mirrormanager owner=mirrormanager group=mirrormanager mode=0755 + tags: + - mirrorlist_server + +- name: download caches cron + cron: name="download_caches" minute="*/5" user="mirrormanager" + job="/home/mirrormanager/download_caches" + cron_file=download_caches + tags: + - mirrorlist_server + +- name: check for mirrorlist files + stat: path=/srv/mirrorlist/data/mirrorlist1/mirrorlist_cache.proto + register: mirrorlist_cache_status + tags: + - mirrorlist_server + +- name: Deploy mirrorlist data files (if this is a initial install) + command: /home/mirrormanager/download_caches + become: yes + become_user: mirrormanager + when: not mirrorlist_cache_status.stat.exists + tags: + - mirrorlist_server + +- name: mirrorlist-server apache conf common + copy: src=mirrorlist-server.common dest=/etc/httpd/conf.d/mirrorlist-server.common + notify: + - restart apache + tags: + - config + - mirrorlist_server + + +- name: mirrorlist-server apache conf + copy: src=mirrorlist-server.conf dest=/etc/httpd/conf.d/mirrorlist-server.conf + notify: + - restart apache + tags: + - config + - mirrorlist_server + +- name: mirrorlist-server-ssl apache conf + copy: src=mirrorlist-server-ssl.conf dest=/etc/httpd/conf.d/mirrorlist-server-ssl.conf + notify: + - restart apache + tags: + - config + - mirrorlist_server + +# Copy the mirrorlist log file every hour to be ready to be processed +- name: mirrorlist copy cron + cron: name="copy-mirrorlist" minute="55" hour="*" user="mirrormanager" + job="cat /var/log/mirrormanager/mirrorlist?.service.log > /var/log/mirrormanager/mirrorlist.log.`date +\%Y-\%m-\%d`" + cron_file=copy-mirrorlist + tags: + - mirrorlist_server + +- name: mirrorlist move cron + cron: name="move-mirrorlist" minute="1" hour="0" user="mirrormanager" + job="cat /var/log/mirrormanager/mirrorlist?.service.log > /var/log/mirrormanager/mirrorlist.log.`date +\%Y-\%m-\%d --date='yesterday'`; rm -f /var/log/mirrormanager/mirrorlist?.service.log; touch /srv/mirrorlist/data/mirrorlist1/mirrorlist_cache.proto" + cron_file=move-mirrorlist + tags: + - mirrorlist_server + +# Cleanup old mirrorlist logfile +- name: mirrorlist clean cron + cron: name="clean-mirrorlist" minute="13" hour="13" user="mirrormanager" + job="/usr/sbin/tmpwatch --mtime 7d /var/log/mirrormanager" + cron_file=clean-mirrorlist + tags: + - mirrorlist_server + +- name: install script to restart mirrorlist containers on protobuf cache changes + copy: src=restart-mirrorlist-containers dest=/usr/local/bin/restart-mirrorlist-containers mode=0755 + tags: + - mirrorlist_server + +- name: install script to control apache load balancer + copy: src=balance-manager.sh dest=/usr/local/bin/balance-manager.sh mode=0755 + tags: + - mirrorlist_server + +- name: Setup hourly cron at for mirrorlist restarts + cron: name="restart-mirrorlist-containers" minute="*/6" user="root" + job="/usr/local/bin/restart-mirrorlist-containers" + cron_file=restart-mirrorlist-containers + tags: + - mirrorlist_server + +- name: Set cron MAILTO for restart-mirrorlist-containers + cronvar: + name: MAILTO + value: "adrian(a)lisas.de" + cron_file: restart-mirrorlist-containers + tags: + - mirrorlist_server + +- name: Set httpd_can_network_connect flag on and keep it persistent across reboots + seboolean: + name: httpd_can_network_connect + state: yes + persistent: yes + tags: + - mirrorlist_server + +- name: Enable SELinux + selinux: + policy: targeted + state: enforcing + tags: + - mirrorlist_server + +- name: mask systemd-journald-audit.socket + systemd: + name: systemd-journald-audit.socket + enabled: no + masked: yes diff --git a/roles/mirrormanager/mirrorlist-server/templates/mirrorlist.service.j2 b/roles/mirrormanager/mirrorlist-server/templates/mirrorlist.service.j2 new file mode 100644 index 0000000..af25879 --- /dev/null +++ b/roles/mirrormanager/mirrorlist-server/templates/mirrorlist.service.j2 @@ -0,0 +1,16 @@ +[Unit] +Description=Mirrorlist Server {{ item }} + +[Service] +User=mirrormanager +ExecStart=/usr/bin/mirrorlist-server \ + --port 1808{{ item }} \ + --listen 127.0.0.1 \ + -l /var/log/mirrormanager/%n.log \ + --cache /srv/mirrorlist/data/mirrorlist{{ item }}/mirrorlist_cache.proto \ + --internet2_netblocks /srv/mirrorlist/data/mirrorlist{{ item }}/i2_netblocks.txt \ + --global_netblocks /srv/mirrorlist/data/mirrorlist{{ item }}/global_netblocks.txt \ + --cccsv /srv/mirrorlist/data/mirrorlist{{ item }}/country_continent.csv + +[Install] +WantedBy=multi-user.target diff --git a/roles/mirrormanager/mirrorlist-server/vars/main.yml b/roles/mirrormanager/mirrorlist-server/vars/main.yml new file mode 100644 index 0000000..0aad3f8 --- /dev/null +++ b/roles/mirrormanager/mirrorlist-server/vars/main.yml @@ -0,0 +1,2 @@ +mirrormanager_uid: 441 +mirrormanager_gid: 441

3 years, 8 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

sysadmin-notify August 2020