[ansible] Update koji-hub
by Nicolas Chauvet
commit 93a5d6425c8bf7a8270e27742d1328053f9fc98d
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Mon Sep 6 21:23:19 2021 +0200
Update koji-hub
roles/koji_hub/files/00-mpm.conf | 18 +++
roles/koji_hub/files/kojira.conf | 24 ++++
roles/koji_hub/tasks/main.yml | 177 +++++++++++++++++-------
roles/koji_hub/templates/fedmsg-koji-plugin.py | 109 +++++++++++----
roles/koji_hub/templates/hub.conf.j2 | 24 +++-
5 files changed, 266 insertions(+), 86 deletions(-)
---
diff --git a/roles/koji_hub/files/00-mpm.conf b/roles/koji_hub/files/00-mpm.conf
new file mode 100644
index 0000000..18c219a
--- /dev/null
+++ b/roles/koji_hub/files/00-mpm.conf
@@ -0,0 +1,18 @@
+# Select the MPM module which should be used by uncommenting exactly
+# one of the following LoadModule lines:
+
+# prefork MPM: Implements a non-threaded, pre-forking web server
+# See: http://httpd.apache.org/docs/2.4/mod/prefork.html
+#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
+
+# worker MPM: Multi-Processing Module implementing a hybrid
+# multi-threaded multi-process web server
+# See: http://httpd.apache.org/docs/2.4/mod/worker.html
+#
+LoadModule mpm_worker_module modules/mod_mpm_worker.so
+
+# event MPM: A variant of the worker MPM with the goal of consuming
+# threads only for connections with active processing
+# See: http://httpd.apache.org/docs/2.4/mod/event.html
+#
+#LoadModule mpm_event_module modules/mod_mpm_event.so
diff --git a/roles/koji_hub/files/kojira.conf b/roles/koji_hub/files/kojira.conf
index 39990d7..759d504 100644
--- a/roles/koji_hub/files/kojira.conf
+++ b/roles/koji_hub/files/kojira.conf
@@ -27,6 +27,30 @@ with_src=no
; prevent kojira from flooding the build system with newRepo tasks
max_repo_tasks=6
+repo_tasks_limit=8
+
+;how soon (in seconds) to clean up expired repositories. 1 week default
+;keep repos for 3 days
+deleted_repo_lifetime = 259200
+
+;how soon (in seconds) to clean up dist repositories.
+;we want this super long so we don't delete latest repos
+;just set this to 6 months for now.
+dist_repo_lifetime = 7257600
+
+; If True, monitor external repos and trigger the appropriate Koji repo
+; regenerations when they change.
+; Note that you need to have your database set to use UTC, as otherwise
+; you can end with weird behaviour. For details see
+; https://pagure.io/koji/issue/2159
+check_external_repos = True
+
+; Writable path could be set here. In such case, kojira will write a
+; list of currently monitored tags there with simple statistics in
+; every cycle. File would contain information about how long these
+; tags are expired and what is the computed score for them. This can
+; be used to debug and check in realtime the actual performance.
+queue_file = /mnt/koji/kojira/queue
;configuration for SSL athentication
diff --git a/roles/koji_hub/tasks/main.yml b/roles/koji_hub/tasks/main.yml
index 27826b8..772c623 100644
--- a/roles/koji_hub/tasks/main.yml
+++ b/roles/koji_hub/tasks/main.yml
@@ -13,6 +13,7 @@
- koji-containerbuild-hub
- mod_ssl
- mod_wsgi
+ - mod_auth_gssapi
- git
- gnupg2
tags:
@@ -53,6 +54,14 @@
# https://lists.fedoraproject.org/pipermail/buildsys/2015-April/004636.html
when: env == 'staging'
+- name: set the apache mpm to use event MPM
+ copy: src=00-mpm.conf dest=/etc/httpd/conf.modules.d/00-mpm.conf
+ notify:
+ - reload proxyhttpd
+ tags:
+ - config
+ - koji_hub
+
- name: hub config
template: src=hub.conf.j2 dest=/etc/koji-hub/hub.conf owner=apache group=apache mode=600
tags:
@@ -81,75 +90,142 @@
- selinux
- koji_hub
-- name: koji fedmsg plugin
- template: src=fedmsg-koji-plugin.py dest=/usr/lib/koji-hub-plugins/fedmsg-koji-plugin.py
- notify:
- - reload httpd
+- name: install fedora-messaging as a dependency for the plugin (rhel7)
+ package: name={{ item }} state=present
+ with_items:
+ - python2-fedora-messaging
+ - python2-koji-sidetag-plugin-hub
+ tags:
+ - packages
+ - koji_hub
+ - fedora-messaging
+ when: ansible_distribution == "RedHat" and ansible_distribution_major_version|int == 7
+
+- name: install fedora-messaging as a dependency for the plugin (fedora)
+ package: name={{ item }} state=present
+ with_items:
+ - python3-fedora-messaging
+ tags:
+ - packages
+ - koji_hub
+ - fedora-messaging
+ when: ansible_distribution == "Fedora"
+
+- name: create the config folder for fedora-messaging
+ file: path=/etc/fedora-messaging/ owner=root group=root mode=0755 state=directory
+ tags:
+ - koji_hub
+ - fedora-messaging
+
+- name: install the configuration file for fedora-messaging
+ template:
+ src=fedora-messaging.toml
+ dest=/etc/fedora-messaging/config.toml
tags:
- config
- koji_hub
+ - fedora-messaging
-#
-# install production certs and keys
-#
-- name: install kojiweb_cert_key.pem
- copy: src={{ private }}/files/koji/kojiweb_cert_key.pem dest=/etc/pki/tls/private/kojiweb_cert_key.pem owner=apache mode=600
- notify:
- - reload httpd
+- name: create folder where we'll place the certs
+ file: path=/etc/pki/rabbitmq/kojicert/ owner=root group=root mode=0755 state=directory
tags:
- config
- koji_hub
- when: env != 'staging' and ansible_hostname.startswith('koji')
+ - fedora-messaging
-- name: install production koji_cert.pem
- copy: src={{ private }}/files/koji/koji_cert.pem dest=/etc/pki/tls/certs/koji_cert.pem owner=apache mode=600
- notify:
- - reload httpd
+- name: deploy koji/rabbitmq certificate
+ copy: src={{ item.src }}
+ dest=/etc/pki/rabbitmq/kojicert/{{ item.dest }}
+ owner={{ item.owner }} group=root mode={{ item.mode }}
+ with_items:
+ - src: "{{private}}/files/rabbitmq/{{env}}/pki/issued/koji{{ env_suffix }}.crt"
+ dest: koji.crt
+ owner: apache
+ mode: 0644
+ - src: "{{private}}/files/rabbitmq/{{env}}/pki/private/koji{{ env_suffix }}.key"
+ dest: koji.key
+ owner: apache
+ mode: "600"
+ - src: "{{private}}/files/rabbitmq/{{env}}/pki/ca.crt"
+ dest: koji.ca
+ owner: apache
+ mode: 0644
tags:
- config
- koji_hub
- when: env != 'staging' and ansible_hostname.startswith('koji')
+ - fedora-messaging
-- name: install production koji_key.pem
- copy: src={{ private }}/files/koji/koji_key.pem dest=/etc/pki/tls/private/koji_key.pem owner=apache mode=600
+# Since we're in freeze we'll have different plugins in prod and stg
+- name: koji fedora-messaging plugin - installed as fedmsg-koji-plugin
+ template:
+ src: fedmsg-koji-plugin.py
+ dest: /usr/lib/koji-hub-plugins/fedmsg-koji-plugin.py
+ mode: 644
notify:
- reload httpd
tags:
- config
- koji_hub
- when: env != 'staging' and ansible_hostname.startswith('koji')
+ - fedora-messaging
+
+
+- name: install the configuration file for the sidetag plugin
+ copy:
+ src: sidetag.conf
+ dest: /etc/koji-hub/plugins/sidetag.conf
+ tags:
+ - koji_hub
#
-# install production s390 certs and keys
+# rpmautospec plugin
#
-- name: install s390 kojiweb_cert_key.pem
- copy: src={{ private }}/files/koji/s390.koji.fedoraproject.org_key_and_cert.pem dest=/etc/pki/tls/private/kojiweb_cert_key.pem owner=apache mode=600
- notify:
- - reload httpd
+
+- name: uninstall koji hub rpmautospec plugin
+ package: name={{ item }} state=absent
+ with_items:
+ - koji-hub-plugin-rpmautospec
+ tags:
+ - packages
+ - koji_hub
+ - rpmautospec
+
+- name: remove obsolete configuration for rpmautospec
+ file:
+ path: "/etc/koji-hub/plugins/{{ item }}"
+ state: absent
+ loop:
+ - rpmautospec.conf
+ - rpmautospec.conf.rpmnew
+ - rpmautospec.conf.rpmsave
+ - rpmautospec.conf.rpmorig
tags:
- - config
- koji_hub
- when: ansible_hostname.startswith('s390')
+ - rpmautospec
+
+#
+# install keytabs
+#
-- name: install s390 production koji_cert.pem
- copy: src={{ private }}/files/koji/s390_koji_cert.pem dest=/etc/pki/tls/certs/koji_cert.pem owner=apache mode=600
+- name: install koji-hub keytab
+ copy: src={{ private }}/files/keytabs/{{ env }}/koji-hub-{{ fedmsg_koji_instance }} dest=/etc/koji-hub/koji-hub.keytab
+ owner=apache group=apache mode=0600
notify:
- reload httpd
tags:
- config
- koji_hub
- when: ansible_hostname.startswith('s390')
-- name: install s390 production koji_key.pem
- copy: src={{ private }}/files/koji/s390_koji_key.pem dest=/etc/pki/tls/private/koji_key.pem owner=apache mode=600
+- name: install GSSAPI keytab
+ copy: src={{ private }}/files/keytabs/{{ env }}/koji-gssapi dest=/etc/koji-hub/gssapi.keytab
+ owner=apache group=apache mode=0600
notify:
- reload httpd
tags:
- config
- koji_hub
- when: ansible_hostname.startswith('s390')
+
#
-# install production arm certs and keys
+# install production certs and keys
#
- name: install arm kojiweb_cert_key.pem
copy: src={{ private }}/files/koji/arm.koji.fedoraproject.org_key_and_cert.pem dest=/etc/pki/tls/private/kojiweb_cert_key.pem owner=apache mode=600
@@ -215,21 +291,6 @@
tags:
- config
- koji_hub
- when: ansible_hostname.startswith('koji') or ansible_hostname.startswith('s390') or ansible_hostname.startswith('arm')
-
-- name: updatecrl script
- copy: src=updatecrl.sh dest=/usr/local/bin/updatecrl.sh owner=root mode=755
- tags:
- - config
- - koji_hub
- - cron
-
-- name: updatecrl cronjob
- copy: src=updatecrl.cron dest=/etc/cron.d/updatecrl owner=root mode=644
- tags:
- - config
- - cron
- - koji_hub
- name: koji web common config files
copy: src={{ item }} dest=/etc/httpd/conf.d/{{ item }} owner=root group=root
@@ -265,6 +326,7 @@
tags:
- config
- koji_hub
+ - sslciphers
notify: reload httpd
when: env == "staging"
@@ -273,6 +335,7 @@
tags:
- config
- koji_hub
+ - sslciphers
notify: reload httpd
when: env != "staging"
@@ -295,6 +358,8 @@
tags:
- config
- koji_hub
+ notify:
+ - restart kojira
- name: make an empty /mnt/rpmfusion_koji for stg.
file: state=directory path=/mnt/rpmfusion_koji/koji owner=root group=root
@@ -327,12 +392,18 @@
- selinux
- koji_hub
+- name: set sebooleans so koji can run the fedora-messaging plugin
+ seboolean: name=httpd_execmem state=true persistent=true
+ tags:
+ - selinux
+ - koji_hub
+
- name: set sebooleans so koji can anon write
seboolean: name=httpd_anon_write state=true persistent=true
tags:
- selinux
- koji_hub
- when: ansible_distribution == "CentOS" and ansible_distribution_major_version|int == 7
+ when: ansible_distribution == "RedHat" and ansible_distribution_major_version|int == 7
- name: Set httpd to run on boot
service: name=httpd enabled=yes
@@ -343,12 +414,12 @@
- service
- koji_hub
-- name: Make sure kojira is set to not run on boot (controlled by keepalived)
- service: name=kojira enabled=no
+- name: Make sure kojira is set to run on boot
+ service: name=kojira enabled=yes
tags:
- service
- koji_hub
- when: env != 'staging' and ansible_hostname.startswith('koji')
+ when: ansible_hostname.startswith('koji02')
- name: install cert for oscar (garbage collector) user
copy: src={{ private }}/files/koji/gc/oscar_key_and_cert.pem dest=/etc/koji-gc/client.crt
diff --git a/roles/koji_hub/templates/fedmsg-koji-plugin.py b/roles/koji_hub/templates/fedmsg-koji-plugin.py
index 2ba4ffc..69e01f9 100644
--- a/roles/koji_hub/templates/fedmsg-koji-plugin.py
+++ b/roles/koji_hub/templates/fedmsg-koji-plugin.py
@@ -1,25 +1,27 @@
-# Koji callback for sending notifications about events to the fedmsg messagebus
-# Copyright (c) 2009-2012 Red Hat, Inc.
+# Koji callback for sending notifications about events to the fedmsg message bus
+# Copyright (c) 2009-2019 Red Hat, Inc.
+#
+# Source: https://pagure.io/koji-fedmsg-plugin/
#
# Authors:
# Ralph Bean <rbean(a)redhat.com>
# Mike Bonnet <mikeb(a)redhat.com>
+import logging
+import re
+import time
+
from koji.context import context
from koji.plugin import callbacks
from koji.plugin import callback
from koji.plugin import ignore_error
-
-import fedmsg
+import fedora_messaging.api
+import fedora_messaging.exceptions
import kojihub
-import re
-import pprint
-
-# Talk to the fedmsg-relay
-fedmsg.init(name='relay_inbound', cert_prefix='koji', active=True)
MAX_KEY_LENGTH = 255
+log = logging.getLogger(__name__)
def camel_to_dots(name):
@@ -27,18 +29,45 @@ def camel_to_dots(name):
return re.sub('([a-z0-9])([A-Z])', r'\1.\2', s1).lower()
+def serialize_datetime_in_task(task):
+ date_fields = [
+ "completion_time", "create_time", "start_time", "buildtime",
+ "creation_ts", "creation_time",
+ ]
+ for date_key in date_fields:
+ if task.get(date_key) is None:
+ continue
+ if isinstance(task[date_key], (float, int)):
+ continue
+ task[date_key] = time.mktime(task[date_key].timetuple())
+
+
def get_message_body(topic, *args, **kws):
msg = {}
if topic == 'package.list.change':
msg['tag'] = kws['tag']['name']
msg['package'] = kws['package']['name']
+ msg['action'] = kws['action']
+ if 'owner' in kws:
+ msg['owner'] = kojihub.get_user(kws['owner'])['name']
+ else:
+ msg['owner'] = None
+ msg['block'] = kws.get('block', None)
+ msg['extra_arches'] = kws.get('extra_arches', None)
+ msg['force'] = kws.get('force', None)
+ msg['update'] = kws.get('update', None)
elif topic == 'task.state.change':
info = kws['info']
+ serialize_datetime_in_task(info)
# Stuff in information about descendant tasks
task = kojihub.Task(info['id'])
- info['children'] = task.getChildren()
+ info['children'] = []
+ for child_orig in task.getChildren():
+ child = child_orig.copy()
+ serialize_datetime_in_task(child)
+ info['children'].append(child)
# Send the whole info dict along because it might have useful info.
# For instance, it contains the mention of what format createAppliance
@@ -68,6 +97,7 @@ def get_message_body(topic, *args, **kws):
msg['name'] = info['name']
msg['version'] = info['version']
msg['release'] = info['release']
+ msg['epoch'] = info.get('epoch')
msg['attribute'] = kws['attribute']
msg['old'] = kws['old']
msg['new'] = kws['new']
@@ -112,19 +142,29 @@ def get_message_body(topic, *args, **kws):
msg['tag_id'] = kws['repo']['tag_id']
msg['repo_id'] = kws['repo']['id']
elif topic == 'rpm.sign':
- msg['attribute'] = kws['attribute']
- msg['old'] = kws['old']
- msg['new'] = kws['new']
- msg['info'] = kws['info']
+ if 'attribute' in kws:
+ # v1.10.1 and earlier
+ msg['attribute'] = kws['attribute']
+ msg['old'] = kws['old']
+ msg['new'] = kws['new']
+ msg['info'] = kws['info']
+ else:
+ # v1.11.0 (and maybe higher, but who knows)
+ msg['sigkey'] = kws['sigkey']
+ msg['sighash'] = kws['sighash']
+ msg['build'] = kws['build']
+ msg['rpm'] = kws['rpm']
+ serialize_datetime_in_task(msg['build'])
+ serialize_datetime_in_task(msg['rpm'])
return msg
# This callback gets run for every koji event that starts with "post"
@callback(*[
- c for c in callbacks.keys()
+ c for c in list(callbacks.keys())
if c.startswith('post') and c not in [
- 'postImport', # This is kind of useless; also noisy.
+ 'postImport', # This is kind of useless; also noisy.
# This one is special, and is called every time, so ignore it.
# Added here https://pagure.io/koji/pull-request/148
'postCommit',
@@ -156,37 +196,41 @@ def queue_message(cbtype, *args, **kws):
# We need this to distinguish between messages from primary koji
# and the secondary hubs off for s390 and ppc.
- body['instance'] = '{{ fedmsg_koji_instance }}'
+ body['instance'] = 'primary'
# Don't publish these uninformative rpm.sign messages if there's no actual
# sigkey present. Koji apparently adds a dummy sig value when rpms are
# first imported and there's no need to spam the world about that.
- if topic == 'rpm.sign' and body.get('info', {}).get('sigkey') == '':
+ if topic == 'rpm.sign' and (body.get('info', {}).get('sigkey') == '' or
+ body.get('sigkey') == ''):
+ return
+
+ # Also, do not want to send a message on volume_id changes
+ if topic == 'build.state.change' and body.get('attribute') == 'volume_id':
return
# Last thing to do before publishing: scrub some problematic fields
# These fields are floating points which get json-encoded differently on
# rhel and fedora.
problem_fields = ['weight', 'start_ts', 'create_ts', 'completion_ts']
+
def scrub(obj):
if isinstance(obj, list):
return [scrub(item) for item in obj]
if isinstance(obj, dict):
return dict([
- (k, scrub(v)) for k, v in obj.items() if k not in problem_fields
+ (k, scrub(v))
+ for k, v in list(obj.items())
+ if k not in problem_fields
])
return obj
body = scrub(body)
-{% if env != 'staging' %}
- # Send the messages immediately.
- fedmsg.publish(topic=topic, msg=body, modname='buildsys')
-{% else %}
# Queue the message for later.
# It will only get sent after postCommit is called.
messages = getattr(context, 'fedmsg_plugin_messages', [])
- messages.append(dict(topic=topic, msg=body, modname='buildsys'))
+ messages.append(dict(topic=topic, msg=body))
context.fedmsg_plugin_messages = messages
@@ -195,6 +239,19 @@ def queue_message(cbtype, *args, **kws):
@ignore_error
def send_messages(cbtype, *args, **kws):
messages = getattr(context, 'fedmsg_plugin_messages', [])
+
for message in messages:
- fedmsg.publish(**message)
-{% endif %}
+ try:
+ msg = fedora_messaging.api.Message(
+ topic="buildsys.{}".format(message['topic']),
+ body=message['msg']
+ )
+ fedora_messaging.api.publish(msg)
+ except fedora_messaging.exceptions.PublishReturned as e:
+ log.warning(
+ "Fedora Messaging broker rejected message %s: %s", msg.id, e
+ )
+ except fedora_messaging.exceptions.ConnectionException as e:
+ log.warning("Error sending message %s: %s", msg.id, e)
+ except Exception:
+ log.exception("Un-expected error sending fedora-messaging message")
diff --git a/roles/koji_hub/templates/hub.conf.j2 b/roles/koji_hub/templates/hub.conf.j2
index fdbe56d..1b00e2b 100644
--- a/roles/koji_hub/templates/hub.conf.j2
+++ b/roles/koji_hub/templates/hub.conf.j2
@@ -30,11 +30,7 @@ ProxyDNs = emailAddress=rpmfusion-buildsys(a)rpmfusion.org,CN=kojiweb,O=RPM Fusion
## Other options ##
LoginCreatesUser = On
-{% if inventory_hostname.startswith('koji') %}
KojiWebURL = https://koji.rpmfusion.org/koji
-{% elif inventory_hostname.startswith('arm-koji') %}
-KojiWebURL = http://arm.koji.rpmfusion.org/koji
-{% endif %}
# The domain name that will be appended to Koji usernames
# when creating email notifications
EmailDomain = rpmfusion.org
@@ -46,6 +42,12 @@ DisableNotifications = True
## subclasses of koji.GenericError).
# KojiDebug = On
+## If MissingPolicyOk is on, and given policy is not set up,
+## policy test will pass as ok. If 'deny' result is desired, set it
+## to off
+# MissingPolicyOk = True
+MissingPolicyOk = False
+
## Determines how much detail about exceptions is reported to the client (via faults)
## Meaningful values:
## normal - a basic traceback (format_exception)
@@ -68,9 +70,8 @@ DisableNotifications = True
#Plugins = darkserver-plugin
Plugins = runroot_hub hub_containerbuild
-{% if inventory_hostname.startswith('koji') %}
-[policy]
+[policy]
tag =
has_perm secure-boot && package kernel shim grub2 fedora-release fedora-repos pesign :: allow
@@ -107,12 +108,21 @@ channel =
all :: use default
+
build_from_srpm =
has_perm admin :: allow
+ tag *-infra-candidate && has_perm infra :: allow
all :: deny
build_from_repo_id=
has_perm admin :: allow
all :: deny
-{% endif %}
+sidetag =
+ tag f36-*-build :: allow
+ tag f35-*-build :: allow
+ tag f34-*-build :: allow
+ tag f33-*-build :: allow
+ tag el8-*-build :: allow
+ tag el7-*-build :: allow
+ all :: deny
3 years, 3 months
[ansible] Update roles collectd
by Nicolas Chauvet
commit ea84b9627b518149552a7ef2d6b3d556822aa7d2
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Mon Sep 6 20:13:52 2021 +0200
Update roles collectd
roles/collectd/base/tasks/main.yml | 34 +++++++++++++---
roles/collectd/base/templates/collectd.conf.j2 | 11 +++--
roles/collectd/memcached/tasks/main.yml | 8 ----
roles/collectd/rabbitmq/tasks/main.yml | 12 +++++-
.../rabbitmq/templates/rabbitmq.collectd.conf.j2 | 2 +
roles/collectd/server/files/collection.conf | 41 ++++++++++++++++++++
roles/collectd/server/tasks/main.yml | 22 +++++------
7 files changed, 97 insertions(+), 33 deletions(-)
---
diff --git a/roles/collectd/base/tasks/main.yml b/roles/collectd/base/tasks/main.yml
index caeb5c6..35ec469 100644
--- a/roles/collectd/base/tasks/main.yml
+++ b/roles/collectd/base/tasks/main.yml
@@ -6,21 +6,35 @@
package: name=collectd state=present
tags:
- collectd
- when: ansible_distribution_major_version|int < 22
+ when: ansible_distribution_major_version|int <= 7 and ansible_distribution == 'RedHat'
# install pkg
- name: install collectd
dnf: name=collectd state=present
tags:
- collectd
- when: ansible_distribution_major_version|int > 21
+ when: ansible_distribution_major_version|int > 7 and ansible_distribution == 'RedHat'
+
+# install pkg
+- name: install collectd
+ dnf: name=collectd state=present
+ tags:
+ - collectd
+ when: ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora'
+
+# install collectd-disk (it was split out)
+- name: install collectd-disk
+ dnf: name=collectd-disk state=present
+ tags:
+ - collectd
+ when: ansible_distribution_major_version|int > 7 and ansible_distribution == 'RedHat'
# install collectd-disk on F25+ (it was split out)
- name: install collectd-disk
dnf: name=collectd-disk state=present
tags:
- collectd
- when: ansible_distribution_major_version|int > 24
+ when: ansible_distribution_major_version|int > 24 and ansible_distribution == 'Fedora'
# install collected.conf
- name: /etc/collectd.conf
@@ -55,7 +69,15 @@
- collectd
notify:
- restart collectd
- when: collectd_apache and ansible_distribution_major_version|int < 22
+ when: collectd_apache and ansible_distribution_major_version|int <= 7 and ansible_distribution == 'RedHat'
+
+- name: install collectd-apache (dnf)
+ dnf: state=present name=collectd-apache
+ tags:
+ - collectd
+ notify:
+ - restart collectd
+ when: collectd_apache and ansible_distribution_major_version|int > 7 and ansible_distribution == 'RedHat'
- name: install collectd-apache (dnf)
dnf: state=present name=collectd-apache
@@ -63,7 +85,7 @@
- collectd
notify:
- restart collectd
- when: collectd_apache and ansible_distribution_major_version|int > 21
+ when: collectd_apache and ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora'
- name: /etc/collectd/apache.conf
copy: src=apache.conf dest=/etc/collectd.d/apache.conf
@@ -77,7 +99,7 @@
package: name=libsemanage-python state=present
tags:
- collectd
- when: collectd_apache is defined and ansible_distribution_major_version|int < 22
+ when: collectd_apache is defined and ansible_distribution_major_version|int <= 7 and ansible_distribution == 'RedHat'
- name: Let collectd talk to things over tcp
seboolean: name=collectd_tcp_network_connect state=yes persistent=yes
diff --git a/roles/collectd/base/templates/collectd.conf.j2 b/roles/collectd/base/templates/collectd.conf.j2
index 0505c16..c1a5af0 100644
--- a/roles/collectd/base/templates/collectd.conf.j2
+++ b/roles/collectd/base/templates/collectd.conf.j2
@@ -43,17 +43,18 @@ LoadPlugin vmem
</Plugin>
<Plugin "interface">
- Interface "/^veth/"
+ Interface "/^veth.*"
+ Interface "/^vnet.*"
IgnoreSelected true
</Plugin>
<Plugin "df">
MountPoint "^/.*/.snapshot/"
- MountPoint "^/var/lib/containers/storage/overlay/.*/merged/"
- MountPoint "^/var/lib/containers/docker/devicemapper/.*/.*/"
- MountPoint "^/var/lib/origin/openshift.local.volumes.*"
MountPoint "^/run/containers/storage/overlay-containers/.*"
- MountPoint "^/tmp/iso/mount/"
+ MountPoint "^/tmp/iso/mount/.*"
+ MountPoint "^/var/lib/containers/.*"
+ MountPoint "^/var/lib/docker/.*"
+ MountPoint "^/var/lib/origin.*"
FSType "shm"
FSType "tmpfs"
FSType "overlay"
diff --git a/roles/collectd/memcached/tasks/main.yml b/roles/collectd/memcached/tasks/main.yml
index f363df8..4d6700c 100644
--- a/roles/collectd/memcached/tasks/main.yml
+++ b/roles/collectd/memcached/tasks/main.yml
@@ -8,14 +8,6 @@
- memcached
notify: restart collectd
-- name: Ensure that semanage is present
- package: name=policycoreutils-python state=present
- tags:
- - collectd/memcached
- - collectd
- - memcached
- - selinux
-
- name: lastly, set some selinux booleans
seboolean: name=collectd_tcp_network_connect persistent=yes state=yes
tags:
diff --git a/roles/collectd/rabbitmq/tasks/main.yml b/roles/collectd/rabbitmq/tasks/main.yml
index 431f797..44277b2 100644
--- a/roles/collectd/rabbitmq/tasks/main.yml
+++ b/roles/collectd/rabbitmq/tasks/main.yml
@@ -1,7 +1,15 @@
- name: install collectd-rabbitmq
package:
state: present
- name: python2-collectd-rabbitmq
+ name: python3-collectd-rabbitmq-monitoring
+ tags:
+ - packages
+ - collectd
+
+- name: install collectd-python
+ package:
+ state: present
+ name: collectd-python
tags:
- packages
- collectd
@@ -21,4 +29,4 @@
- name: Let collectd talk to the RabbitMQ management interface
seboolean: name=collectd_tcp_network_connect state=yes persistent=yes
tags:
- - collectd
\ No newline at end of file
+ - collectd
diff --git a/roles/collectd/rabbitmq/templates/rabbitmq.collectd.conf.j2 b/roles/collectd/rabbitmq/templates/rabbitmq.collectd.conf.j2
index 6539c77..4241b28 100644
--- a/roles/collectd/rabbitmq/templates/rabbitmq.collectd.conf.j2
+++ b/roles/collectd/rabbitmq/templates/rabbitmq.collectd.conf.j2
@@ -13,6 +13,8 @@ LoadPlugin python
VHostPrefix "stg"
{% endif %}
<Ignore "queue">
+ Regex "celery%40"
+ Regex "celeryev.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"
Regex "^federation%3A%20"
Regex "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"
</Ignore>
diff --git a/roles/collectd/server/files/collection.conf b/roles/collectd/server/files/collection.conf
index 99aa65e..7646b1a 100644
--- a/roles/collectd/server/files/collection.conf
+++ b/roles/collectd/server/files/collection.conf
@@ -901,4 +901,45 @@ GraphWidth 400
</Type>
+#
+# IPA
+#
+<Type ipa_groups>
+ RRDTitle "Groups"
+ DSName "value Total "
+</Type>
+
+<Type ipa_users_rate>
+ RRDTitle "Users registration rate"
+ DSName "value Rate "
+ RRDFormat "%4.1lf%s/s"
+</Type>
+
+<Type ipa_users>
+ Module GenericStacked
+ RRDTitle "Users"
+ RRDFormat "%5.1lf%s"
+ DSName "active Active "
+ DSName "locked Locked "
+ Order locked active
+ Color locked ff0000
+ Color active 0000ff
+</Type>
+
+<Type ipa_staged_users>
+ Module GenericStacked
+ RRDTitle "Registering Users"
+ RRDFormat "%4.0lf"
+ DSName "active Not Spam "
+ DSName "spamcheck_awaiting Awaiting "
+ DSName "spamcheck_denied SPAM "
+ DSName "spamcheck_manual Manual "
+ Order spamcheck_awaiting spamcheck_denied spamcheck_manual active
+ Color spamcheck_awaiting 0000ff
+ Color spamcheck_denied ff0000
+ Color spamcheck_manual ffb000
+ Color active 00ff00
+</Type>
+
+
# vim: set sw=2 sts=2 et syntax=apache fileencoding=utf-8 :
diff --git a/roles/collectd/server/tasks/main.yml b/roles/collectd/server/tasks/main.yml
index 4edb4f0..4b33ed2 100644
--- a/roles/collectd/server/tasks/main.yml
+++ b/roles/collectd/server/tasks/main.yml
@@ -2,11 +2,10 @@
# collectd server setup
# install pkg
-- name: install collectd server packages
+- name: install collectd server packages (rhel 7)
package: name={{ item }} state=present
with_items:
- collectd-rrdtool
- - collectd-ping
- collectd-web
- collectd-rabbitmq-data
notify:
@@ -14,15 +13,21 @@
tags:
- config
- collectd/server
+ when: ansible_distribution_major_version|int == 7
-# install collectd ping config
-- name: install collectd ping config
- copy: src=ping.conf dest=/etc/collectd.d/ping.conf
+- name: install collectd server packages (rhel 8)
+ package: name={{ item }} state=present
+ with_items:
+ - collectd-rrdtool
+ - collectd-web
+ - collectd-rabbitmq-data
+ - collectd-ipa-data
notify:
- restart collectd
tags:
- config
- collectd/server
+ when: ansible_distribution_major_version|int == 8
# install collectd rrd config
- name: install collectd rrd config
@@ -54,13 +59,6 @@
- config
- collectd/server
-# create a link from /var/lib/collectd to /var/log/collectd
-- name: create link from /var/lib/collectd to /var/log/collectd
- file: state=link src=/var/log/collectd dest=/var/lib/collectd
- tags:
- - config
- - collectd/server
-
# push our custom config file for the graph CGIs
- name: push the collection.conf file
copy:
3 years, 3 months
[ansible] Z
by Nicolas Chauvet
commit ad86ce725cb9f1f3c671a90ae4b7dff559a76405
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Mon Sep 6 19:07:00 2021 +0200
Z
inventory/inventory | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
---
diff --git a/inventory/inventory b/inventory/inventory
index 16aed5a..0c3640e 100644
--- a/inventory/inventory
+++ b/inventory/inventory
@@ -110,3 +110,5 @@ mirrorlist04.mv.rpmfusion.net
[mirrorlist_server]
mirrorlist06.hetzner.rpmfusion.net
mirrorlist05.ovh.rpmfusion.net
+
+[zombie_infested]
3 years, 3 months
[ansible] Disable linux-system-roles.network for now
by Nicolas Chauvet
commit 295bc0b30ca387c1d1dcd89be6e90f8caa58ae96
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Mon Sep 6 18:39:04 2021 +0200
Disable linux-system-roles.network for now
roles/base/meta/main.yml | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/roles/base/meta/main.yml b/roles/base/meta/main.yml
index 05198d6..dd07b2d 100644
--- a/roles/base/meta/main.yml
+++ b/roles/base/meta/main.yml
@@ -1,6 +1,6 @@
---
dependencies:
- - { role: linux-system-roles.network, when: network_connections is defined, tags: ['linux-system-roles.network'] }
+# - { role: linux-system-roles.network, when: network_connections is defined, tags: ['linux-system-roles.network'] }
- { role: basessh }
- { role: chrony }
- { role: dnf-automatic }
3 years, 3 months