[ansible] koji update koji-gc.conf
by Nicolas Chauvet
commit f4c3e058c3d69cf26082de3eac3f503c6c33f0e6
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Fri Aug 19 11:37:39 2022 +0200
koji update koji-gc.conf
roles/koji_hub/files/koji-gc.conf | 78 +++++++++++++++++++++----------------
1 files changed, 44 insertions(+), 34 deletions(-)
---
diff --git a/roles/koji_hub/files/koji-gc.conf b/roles/koji_hub/files/koji-gc.conf
index 26c5187..e0e2ff5 100644
--- a/roles/koji_hub/files/koji-gc.conf
+++ b/roles/koji_hub/files/koji-gc.conf
@@ -3,46 +3,44 @@
[main]
key_aliases =
- 97F4D1C1 fedora-22-free
- A6708DA3 fedora-22-nonfree
- E051B67E fedora-23-free
- 5CA6C469 fedora-23-nonfree
- B7546F06 fedora-24-free
- 96CA6280 fedora-24-nonfree
- 6806A9CB fedora-25-free
- FA7A179A fedora-25-nonfree
- 9690E4AF fedora-26-free
- 3276F4B3 fedora-26-nonfree
- 38FF4B0798900DAF5E67D7D11DBDE6057D838377 fedora-27-free
- C1D5D3457F317578802EE33787047784B9C13282 fedora-27-nonfree
- 34249D2CB3758B5548E2874FC08D326909EAB3F2 fedora-28-free
- 3DE8C682E38EE9BC0FDFEA47FCAE2EA87F858107 fedora-28-nonfree
- 34249D2CB3758B5548E2874FC08D326909EAB3F2 fedora-29-free
- 18A50439A072A393E47178D49C009EABD6841AF8 fedora-29-nonfre
- 80C3B2C6E727F3E092B473E03DF2CE43C0AEDA6E fedora-30-free
- 80171C8D2CC8AAB84C8448E9BDD6ECC41D14A795 fedora-30-nonfre
- 59A7FE07F664C1B27687C5D26DEEF051C481937A fedora-31-free
- 4CAB951A7493D92CADEC04219CE63A0354A86092 fedora-31-nonfre
+ 09EAB3F2 fedora-28-free
+ 7F858107 fedora-28-nonfree
+ 42F19ED0 fedora-29-free
+ D6841AF8 fedora-29-nonfree
+ C0AEDA6E fedora-30-free
+ 1D14A795 fedora-30-nonfree
+ C481937A fedora-31-free
+ 54A86092 fedora-31-nonfree
+ 100BCD92 fedora-32-free
+ 6DC1BE18 fedora-32-nonfree
+ D651FF2E fedora-2020-free
+ 94843C65 fedora-2020-nonfree
E74F0522 fedora-el-5-free
B1981B68 fedora-el-5-nonfree
849C449F fedora-el-6-free
5568BBB2 fedora-el-6-nonfree
F5CF6C1E fedora-el-7-free
A3108F6C fedora-el-7-nonfree
- 837935CD19E123AA7F8A8E69979F0C69158B3811 fedora-el-8-free
- CF9FD59F61D6612146CDAC8E14B6792DBDDA8475 fedora-el-8-nonfree
+ 158B3811 fedora-el-8-free
+ BDDA8475 fedora-el-8-nonfree
+ 296458F3 fedora-el-9-free
+ AAB212EA fedora-el-9-nonfree
+ C8D47BB7 rpmfusion-cuda-2019
unprotected_keys =
- fedora-22-free
- fedora-22-nonfree
- fedora-23-free
- fedora-23-nonfree
- fedora-24-free
- fedora-24-nonfree
- fedora-25-free
- fedora-25-nonfree
- fedora-26-free
- fedora-26-nonfree
+ rpmfusion-cuda-2019
+ fedora-2020-free
+ fedora-2020-nonfree
+ fedora-32-free
+ fedora-32-nonfree
+ fedora-31-free
+ fedora-31-nonfree
+ fedora-30-free
+ fedora-30-nonfree
+ fedora-29-free
+ fedora-29-nonfree
+ fedora-28-free
+ fedora-28-nonfree
fedora-27-free
fedora-27-nonfree
fedora-el-5-free
@@ -53,9 +51,12 @@ unprotected_keys =
fedora-el-7-nonfree
fedora-el-8-free
fedora-el-8-nonfree
+ fedora-el-9-free
+ fedora-el-9-nonfree
server = https://koji.rpmfusion.org/kojihub
#serverca = /etc/koji-gc/serverca.crt
+#serverca = /etc/letsencrypt/live/koji.rpmfusion.org/fullchain.pem
serverca = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
weburl = https://koji.rpmfusion.org/koji
from_addr = RPM Fusion Koji Build System <buildsys(a)rpmfusion.org>
@@ -68,8 +69,14 @@ policy =
#note that tags with master lock engaged are already protected
tag *-updates :: keep
age < 1 day :: skip
- sig fedora-28-free && age < 12 weeks :: keep
- sig fedora-28-nonfree && age < 12 weeks :: keep
+ sig fedora-37-free && age < 12 weeks :: keep
+ sig fedora-37-nonfree && age < 12 weeks :: keep
+ sig fedora-34-free && age < 12 weeks :: keep
+ sig fedora-34-nonfree && age < 12 weeks :: keep
+ sig fedora-35-free && age < 12 weeks :: keep
+ sig fedora-35-nonfree && age < 12 weeks :: keep
+ sig fedora-36-free && age < 12 weeks :: keep
+ sig fedora-36-nonfree && age < 12 weeks :: keep
sig fedora-el-5-free && age < 12 weeks :: keep
sig fedora-el-5-nonfree && age < 12 weeks :: keep
sig fedora-el-6-free && age < 12 weeks :: keep
@@ -78,6 +85,9 @@ policy =
sig fedora-el-7-nonfree && age < 12 weeks :: keep
sig fedora-el-8-free && age < 12 weeks :: keep
sig fedora-el-8-nonfree && age < 12 weeks :: keep
+ sig fedora-el-9-free && age < 12 weeks :: keep
+ sig fedora-el-9-nonfree && age < 12 weeks :: keep
+
#stuff to chuck semi-rapidly
tag *-testing *-candidate *-override && order >= 2 :: untag
2 years, 4 months
[ansible] koji update web.conf
by Nicolas Chauvet
commit 798d8f61740ab1d8df2c7e1050799d7f92f4fa4a
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Fri Aug 19 11:26:02 2022 +0200
koji update web.conf
roles/koji_hub/templates/web.conf.j2 | 33 +++++++++++++++++++++++++++++++--
1 files changed, 31 insertions(+), 2 deletions(-)
---
diff --git a/roles/koji_hub/templates/web.conf.j2 b/roles/koji_hub/templates/web.conf.j2
index 21e407a..e6ccbbc 100644
--- a/roles/koji_hub/templates/web.conf.j2
+++ b/roles/koji_hub/templates/web.conf.j2
@@ -17,11 +17,21 @@ KojiHubURL = https://koji.rpmfusion.org/kojihub
KojiFilesURL = https://koji.rpmfusion.org/kojifiles
{% endif %}
+# Kerberos authentication options
+# WebPrincipal = koji/web(a)EXAMPLE.COM
+# WebKeytab = /etc/httpd.keytab
+# WebCCache = /var/tmp/kojiweb.ccache
+# The service name of the principal being used by the hub
+# KrbService = host
+## The realm of server principal. Using client's realm if not set
+# KrbServerRealm = EXAMPLE.COM
+
# SSL authentication options
WebCert = /etc/pki/tls/private/kojiweb_cert_key.pem
ClientCA = /etc/pki/tls/certs/upload_cacert.pem
KojiHubCA = /etc/pki/tls/certs/extras_cacert.pem
+loginDisabled = True
LoginTimeout = 72
# This must be changed and uncommented before deployment
@@ -29,7 +39,26 @@ Secret = {{ kojiSecret }}
LibPath = /usr/share/koji-web/lib
-loginDisabled = True
+# If set to True, then the footer will be included literally.
+# If False, then the footer will be included as another Kid Template.
+# Defaults to True
+LiteralFooter = True
+
+# This can be a space-delimited list of the numeric IDs of users that you want
+# to hide from tasks listed on the front page. You might want to, for instance,
+# hide the activity of an account used for continuous integration.
+# HiddenUsers = 5372 1234
-KojiHubCA = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+# Task types visible in pulldown menu on tasks page.
+# Tasks =
+# runroot plugin provided via main package could be listed as:
+# Tasks = runroot
+# Tasks that can exist without a parent
+# ToplevelTasks =
+# Tasks that can have children
+# ParentTasks =
+# Uncommenting this will show python tracebacks in the webUI, but they are the
+# same as what you will see in apache's error_log.
+# Not for production use
+# PythonDebug = True
2 years, 4 months
[ansible] koji update hub.conf
by Nicolas Chauvet
commit 952dfc4af635a67ee379d92f19716c3f29d0c86b
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Fri Aug 19 11:17:49 2022 +0200
koji update hub.conf
roles/koji_hub/templates/hub.conf.j2 | 27 ++++++++++++++++++---------
1 files changed, 18 insertions(+), 9 deletions(-)
---
diff --git a/roles/koji_hub/templates/hub.conf.j2 b/roles/koji_hub/templates/hub.conf.j2
index 1b00e2b..0c32831 100644
--- a/roles/koji_hub/templates/hub.conf.j2
+++ b/roles/koji_hub/templates/hub.conf.j2
@@ -68,8 +68,7 @@ MissingPolicyOk = False
#Plugins = koji-disable-builds-plugin
#Plugins = darkserver-plugin
-Plugins = runroot_hub hub_containerbuild
-
+Plugins = runroot_hub hub_containerbuild sidetag_hub
[policy]
@@ -90,9 +89,11 @@ tag =
all :: deny
channel =
- method createrepo newRepo distRepo buildSRPMFromSCM :: use createrepo
+ method createrepo :: use createrepo
+ method createdistrepo :: use createrepo
method buildContainer :: use powerbuilder
buildtag *-rpi :: use powerbuilder
+ method buildSRPMFromSCM :: use createrepo
method buildSRPMFromSCM && buildtag *rpi :: use powerbuilder
has req_channel && has_perm customchannel :: req
is_child_task :: parent
@@ -118,11 +119,19 @@ build_from_repo_id=
has_perm admin :: allow
all :: deny
+# Policy for manipulating package lists for tags.
+package_list =
+ # Removing packages is almost always a mistake, so deny it.
+ # Admins can still override this with --force, if necessary.
+ match action remove :: deny
+ # Admins can do pretty much everything.
+ has_perm admin :: allow
+ # Allow people to manage their side tags, https://pagure.io/releng/issue/9229
+ is_sidetag_owner && match action add update remove unblock block :: allow
+ # Catch-all rule.
+ all :: deny
+
sidetag =
- tag f36-*-build :: allow
- tag f35-*-build :: allow
- tag f34-*-build :: allow
- tag f33-*-build :: allow
- tag el8-*-build :: allow
- tag el7-*-build :: allow
+ tag f??-*-build :: allow
+ tag el?-*-build :: allow
all :: deny
2 years, 4 months
[ansible] Add vm-08
by Nicolas Chauvet
commit bc33f9421ac1199eb77dcc6f5826a01a69415fbe
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Fri Aug 19 10:07:44 2022 +0200
Add vm-08
inventory/host_vars/buildvm-08.virt.rpmfusion.net | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)
---
diff --git a/inventory/host_vars/buildvm-08.virt.rpmfusion.net b/inventory/host_vars/buildvm-08.virt.rpmfusion.net
new file mode 100644
index 0000000..7d06380
--- /dev/null
+++ b/inventory/host_vars/buildvm-08.virt.rpmfusion.net
@@ -0,0 +1,10 @@
+---
+datacenter: virt
+ansible_ifcfg_blacklist: True
+
+#
+# We need to mount koji storage rw here so run_root can work.
+# The rest of the group can be ro, it's only builders in the
+# compose channel that need a rw mount
+
+nfs_mount_opts: "rw,hard,bg,noatime,nodev,nosuid,nfsvers=3"
2 years, 4 months
[ansible] Add patch1 modifications
by Nicolas Chauvet
commit dfdca30f19c0f62f2adb614648a1252d014da31e
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Mar 2 10:12:56 2022 +0100
Add patch1 modifications
master.yml | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/master.yml b/master.yml
index 23b5a05..e66c3f8 100644
--- a/master.yml
+++ b/master.yml
@@ -1,7 +1,6 @@
---
-- import_playbook: /srv/web/infra/ansible/playbooks/groups/autosign.yml
- import_playbook: /srv/web/infra/ansible/playbooks/groups/bastion.yml
- import_playbook: /srv/web/infra/ansible/playbooks/groups/bodhi2.yml
- import_playbook: /srv/web/infra/ansible/playbooks/groups/buildvm.yml
@@ -20,3 +19,4 @@
- import_playbook: /srv/web/infra/ansible/playbooks/groups/proxies.yml
- import_playbook: /srv/web/infra/ansible/playbooks/groups/sign-bridge.yml
- import_playbook: /srv/web/infra/ansible/playbooks/groups/virthost.yml
+- import_playbook: /srv/web/infra/ansible/playbooks/groups/virthost2.yml
2 years, 4 months
[ansible] Ajout de logserver2
by Nicolas Chauvet
commit 84fd6b6b0d5d7bb6cdf88c31522c0ba4a2880955
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Mar 2 09:58:54 2022 +0100
Ajout de logserver2
Ajouter logserver2 pour les besoins de description
master.yml | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
---
diff --git a/master.yml b/master.yml
index 5aa1d97..23b5a05 100644
--- a/master.yml
+++ b/master.yml
@@ -11,6 +11,7 @@
- import_playbook: /srv/web/infra/ansible/playbooks/groups/koji-hub.yml
- import_playbook: /srv/web/infra/ansible/playbooks/groups/kojipkgs.yml
- import_playbook: /srv/web/infra/ansible/playbooks/groups/logserver.yml
+- import_playbook: /srv/web/infra/ansible/playbooks/groups/logserver2.yml
- import_playbook: /srv/web/infra/ansible/playbooks/groups/memcached.yml
- import_playbook: /srv/web/infra/ansible/playbooks/groups/packages.yml
- import_playbook: /srv/web/infra/ansible/playbooks/groups/pkgdb.yml
2 years, 4 months