[ansible] Update basessh
by Nicolas Chauvet
commit 1f1159211bfde539685a6dd9cc28a44b52ffbecf
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Fri Oct 18 17:36:28 2024 +0200
Update basessh
roles/basessh/tasks/main.yml | 6 ++----
1 files changed, 2 insertions(+), 4 deletions(-)
---
diff --git a/roles/basessh/tasks/main.yml b/roles/basessh/tasks/main.yml
index e66a1d4..646b188 100644
--- a/roles/basessh/tasks/main.yml
+++ b/roles/basessh/tasks/main.yml
@@ -146,7 +146,7 @@
- base
- set_fact:
- pubkeydir: "/tmp/sshkeysign/{{inventory_hostname}}"
+ pubkeydir: "/var/tmp/sshkeysign/{{inventory_hostname}}"
tags:
- basessh
- sshd_cert
@@ -157,9 +157,7 @@
- name: Create directory for storing pubkeys
file: path="{{pubkeydir}}"
- owner=root
- group=root
- mode=0600
+ mode=0700
state=directory
delegate_to: localhost
run_once: true
2 months
[ansible] Drop fas on builders
by Nicolas Chauvet
commit 2b646ef6dd309e6249ca58a3e54ac499ffb71724
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Fri Oct 18 17:35:45 2024 +0200
Drop fas on builders
playbooks/groups/buildhw.yml | 1 -
playbooks/groups/buildvm.yml | 1 -
2 files changed, 0 insertions(+), 2 deletions(-)
---
diff --git a/playbooks/groups/buildhw.yml b/playbooks/groups/buildhw.yml
index adcbfce..40bfa2a 100644
--- a/playbooks/groups/buildhw.yml
+++ b/playbooks/groups/buildhw.yml
@@ -23,7 +23,6 @@
- koji_builder
# - { role: bkernel, when: inventory_hostname.startswith('bkernel') }
- hosts
- - { role: fas_client, when: not inventory_hostname.startswith('bkernel') }
- { role: sudo, when: not inventory_hostname.startswith('bkernel') }
tasks:
diff --git a/playbooks/groups/buildvm.yml b/playbooks/groups/buildvm.yml
index db2256c..28f5a21 100644
--- a/playbooks/groups/buildvm.yml
+++ b/playbooks/groups/buildvm.yml
@@ -23,7 +23,6 @@
- hosts
- { role: openvpn/client, when: datacenter != "online" }
- { role: nfs/client, mnt_dir: '/mnt/rpmfusion_koji', nfs_src_dir: "{{ koji_hub_nfs }}" }
- - { role: fas_client, when: not inventory_hostname.startswith('bkernel') }
- { role: sudo, when: not inventory_hostname.startswith('bkernel') }
- koji_builder
2 months
[ansible] Drop cdc_ether
by Nicolas Chauvet
commit d71f23a6a10ea242deeeef17234fd6dd59bfd065
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Fri Oct 18 17:35:27 2024 +0200
Drop cdc_ether
roles/base/tasks/main.yml | 11 -----------
1 files changed, 0 insertions(+), 11 deletions(-)
---
diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index 1322f83..4544bc8 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -441,17 +441,6 @@
- config
- base
-#
-# Disable the cdc_ether module as we don't want it loading mgmt usb0 and spewing to logs.
-#
-- name: Disable cdc_ether module
- copy: src=disable-cdc_ether.conf dest=/etc/modprobe.d/disable-cdc_ether.conf
- when: ansible_virtualization_role is defined and ansible_virtualization_role == 'host'
- tags:
- - config
- - base
- - cdc_ether
-
# Remove old filename for above: remove this when we're pretty sure the file's
# gone from all hosts
- name: Remove old cdc_ether config file
2 months
[ansible] Update vars
by Nicolas Chauvet
commit 9efb56f29168855eaa8d320b4b25bb3f43178d9b
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Fri Oct 18 14:19:32 2024 +0200
Update vars
vars/Fedora.yml | 9 ++---
vars/RedHat.yml | 1 -
vars/all/00-FedoraCycleNumber.yaml | 2 +-
vars/global.yml | 54 ++++--------------------------------
4 files changed, 11 insertions(+), 55 deletions(-)
---
diff --git a/vars/Fedora.yml b/vars/Fedora.yml
index 35e4b66..b4291a7 100644
--- a/vars/Fedora.yml
+++ b/vars/Fedora.yml
@@ -1,8 +1,7 @@
---
dist_tag: f{{ ansible_distribution_version }}
-base_pkgs_inst: ['iptables-services' ]
-base_pkgs_erase: ['firewalld', 'sendmail', 'at']
-service_disabled: [ ]
-service_enabled: ['auditd','logrotate.timer']
+base_pkgs_inst: ['iptables-services', 'cronie']
+base_pkgs_erase: ['firewalld', 'sendmail', 'at', 'pam_sss']
+service_disabled: []
+service_enabled: ['auditd', 'logrotate.timer']
is_fedora: True
-pythonsitelib: /usr/lib/python2.7/site-packages
diff --git a/vars/RedHat.yml b/vars/RedHat.yml
index 67d7b27..f9a6f62 100644
--- a/vars/RedHat.yml
+++ b/vars/RedHat.yml
@@ -5,4 +5,3 @@ base_pkgs_erase: ['firstboot-tui','bluez-utils', 'sendmail','firewalld']
service_disabled: []
service_enabled: []
is_rhel: True
-pythonsitelib: /usr/lib/python2.7/site-packages
diff --git a/vars/all/00-FedoraCycleNumber.yaml b/vars/all/00-FedoraCycleNumber.yaml
index d1ec27f..c0e54be 100644
--- a/vars/all/00-FedoraCycleNumber.yaml
+++ b/vars/all/00-FedoraCycleNumber.yaml
@@ -1 +1 @@
-FedoraCycleNumber: 34
+FedoraCycleNumber: 40
diff --git a/vars/global.yml b/vars/global.yml
index bf5d18f..f28b757 100644
--- a/vars/global.yml
+++ b/vars/global.yml
@@ -9,64 +9,22 @@ tasks_path: /srv/web/infra/ansible/tasks
vars_path: "/srv/web/infra/ansible/vars"
dist_tag: unknown
auth_keys_from_fas: '/srv/web/infra/ansible/scripts/auth-keys-from-fas'
-#
-# These are images in the old cloud using the ec2 interface
-#
-el6_qcow_id: ami-00000013
-f18_qcow_id: ami-00000016
-el6_ami_id: ami-0000000e
-f17_qcow_id: ami-00000001
-# Fedora-19
-f19_qcow_id: ami-00000020
-# Fedora-20
-f20_qcow_id: ami-00000042
-# Fedora-21
-f21_qcow_id: ami-0000005a
-# RHEL7beta
-el7b_qcow_id: ami-0000003f
-# RHEL7
-el7_qcow_id: ami-00000050
-
-#
-# These are the new images in the new cloud using the nova interface.
-#
-fedora20_x86_64: Fedora-x86_64-20-20140407
-fedora21_x86_64: Fedora-Cloud-Base-20141203-21.x86_64
-fedora22_alpha_x86_64: Fedora-Cloud-Base-22_Alpha-20150305.x86_64
-fedora22_beta_x86_64: Fedora-Cloud-Base-22_Beta-20150415.x86_64
-fedora22_x86_64: Fedora-Cloud-Base-22-20150521.x86_64
-fedora_atomic_22_alpha: Fedora-Cloud-Atomic-22_Alpha-20150305.x86_64
-fedora_atomic_22_beta: Fedora-Cloud-Atomic-22_Beta-20150415.x86_64
-fedora_atomic_22: Fedora-Cloud-Atomic-22-20150521.x86_64
-fedora23_x86_64: Fedora-Cloud-Base-23-20151030.x86_64
-fedora24_alpha_x86_64: Fedora-Cloud-Base-24_Alpha-7.x86_64.qcow2
-fedora24_x86_64: Fedora-Cloud-Base-24-1.2.x86_64.qcow2
-fedora25_x86_64: Fedora-Cloud-Base-25-1.3.x86_64
-fedora26_x86_64: Fedora-Cloud-Base-26-1.4.x86_64
-fedora27_x86_64: Fedora-Cloud-Base-27-1.2.x86_64
-fedora28_x86_64: Fedora-Cloud-Base-28-1.1.x86_64
-fedora29_x86_64: Fedora-Cloud-Base-29-1.2.x86_64
-fedora30_beta_x86_64: Fedora-Cloud-Base-30-20190329.n.0.x86_64
-fedora30_x86_64: Fedora-Cloud-Base-30-1.2.x86_64
-centos70_x86_64: CentOS-7-x86_64-GenericCloud-1503
-centos66_x86_64: CentOS-6-x86_64-GenericCloud-20141129_01
-rhel70_x86_64: rhel-guest-image-7.0-20140930.0.x86_64
-rhel66_x86_64: rhel-guest-image-6.6-20141222.0.x86_64
# Note: we do "+all -some" rather than "+some" to make sure we can use this
# same list on both EL7 and Fedora and get new ciphers: on Fedora, at time of writing,
# this includes TLSv1.3, which EL7 does not have.
ssl_protocols: "+all -SSLv3 -TLSv1 -TLSv1.1"
-ssl_ciphers: "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!kDHE"
-sslonly_hsts: true
+ssl_ciphers: "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK"
+
+httpd_maxrequestworkers: 2500
# Set a default hostname base to transient. Override in host vars or command line.
hostbase: transient
-global_pkgs_inst: ['bind-utils', 'mailx', 'nc', 'openssh-clients',
+global_pkgs_inst: ['bind-utils', 'nc', 'openssh-clients',
'patch', 'postfix', 'rsync', 'strace',
'tmpwatch', 'traceroute', 'vim-enhanced', 'xz', 'zsh',
- 'bash-completion', 'telnet',
- 'atop', 'htop', 'rsyslog' ]
+ 'bash-completion',
+ 'atop', 'htop', 'rsyslog']
# Set up variables for various files to make sure we don't forget to use.
repoSpanner_rpms_http: 8445
repoSpanner_ansible_http: 8443
2 months
[ansible] resync basessh on fedora
by Nicolas Chauvet
commit aa6055abfff5dd5dc5130a9c6f776f592f488bb2
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Fri Oct 18 14:15:15 2024 +0200
resync basessh on fedora
roles/basessh/tasks/main.yml | 26 +++++++++++++-------------
roles/basessh/templates/sshd_config | 34 ++++++++++++++++++++++++++++++----
2 files changed, 43 insertions(+), 17 deletions(-)
---
diff --git a/roles/basessh/tasks/main.yml b/roles/basessh/tasks/main.yml
index bd4706b..e66a1d4 100644
--- a/roles/basessh/tasks/main.yml
+++ b/roles/basessh/tasks/main.yml
@@ -33,7 +33,7 @@
- config
- sshd
- selinux
- when: ansible_distribution_major_version|int < 30 and ansible_distribution_major_version|int != 8
+ when: ansible_distribution_major_version|int < 8
- name: make sure python3-libselinux is installed
package: name=python3-libselinux state=present
@@ -43,7 +43,7 @@
- config
- sshd
- selinux
- when: ansible_distribution_major_version|int >= 30 or ansible_distribution_major_version|int == 8
+ when: ansible_distribution_major_version|int >= 8
- name: check if sshd port is already known by selinux
shell: semanage port -l | grep ssh
@@ -72,10 +72,7 @@
- base
- name: sshd_config
- template:
- src: sshd_config
- dest: /etc/ssh/sshd_config
- mode: 0600
+ template: src=sshd_config dest=/etc/ssh/sshd_config mode=0600
notify:
- restart sshd
tags:
@@ -112,7 +109,7 @@
- name: Set lists of certs to sign to empty
set_fact:
- certs_to_sign: "[]"
+ certs_to_sign: []
tags:
- basessh
- sshd_cert
@@ -123,7 +120,7 @@
- name: Set list of certs to sign
set_fact:
- certs_to_sign: "{{certs_to_sign}} + [ '{{item.item.path}}' ]"
+ certs_to_sign: "{{ certs_to_sign + [item.item.path] }}"
with_items: "{{ssh_cert_files.results}}"
when: not item.stat.exists
tags:
@@ -137,7 +134,7 @@
# Renew if last mod was more than 10 months ago
- name: Get soon-to-expire certificates to sign
set_fact:
- certs_to_sign: "{{certs_to_sign}} + [ '{{item.item.path}}' ]"
+ certs_to_sign: "{{ certs_to_sign + [item.item.path] }}"
with_items: "{{ssh_cert_files.results}}"
when: "item.stat.exists and item.stat.mtime|int < (lookup('pipe', 'date +%s')|int - 25920000)"
tags:
@@ -160,7 +157,9 @@
- name: Create directory for storing pubkeys
file: path="{{pubkeydir}}"
- mode=0700
+ owner=root
+ group=root
+ mode=0600
state=directory
delegate_to: localhost
run_once: true
@@ -176,7 +175,7 @@
- name: Get public keys for certs to sign
fetch: src="{{item}}.pub"
dest="{{pubkeydir}}"
- fail_on_missing=true
+ fail_on_missing=false
with_items: "{{certs_to_sign}}"
tags:
- basessh
@@ -188,7 +187,7 @@
- name: Set some extra signing facts
set_fact:
- sign_hostnames: "{{ssh_hostnames}} + ['{{inventory_hostname}}']"
+ sign_hostnames: "{{ssh_hostnames + [inventory_hostname]}}"
sign_validity: "-1h:+52w"
tags:
- basessh
@@ -200,9 +199,10 @@
# Currently, we use the epoch as serial. That's unique enough for now
- name: Sign the certificates
- shell: "ssh-keygen -s {{private}}/files/ssh/{{env}}_ca_host_key -I {{inventory_hostname}} -h -n {{ sign_hostnames|join(',') }} -V {{sign_validity}} -z `date +%s` {{pubkeydir}}/{{inventory_hostname}}{{item}}.pub"
+ shell: "ssh-keygen -s {{private}}/files/ssh/{{env}}_ca_host_key -t rsa-sha2-256 -I {{inventory_hostname}} -h -n {{ sign_hostnames|join(',') }} -V {{sign_validity}} -z `date +%s` {{pubkeydir}}/{{inventory_hostname}}{{item}}.pub"
delegate_to: localhost
with_items: "{{certs_to_sign}}"
+ check_mode: no
tags:
- basessh
- sshd_cert
diff --git a/roles/basessh/templates/sshd_config b/roles/basessh/templates/sshd_config
index 7ec4a85..dd3a719 100644
--- a/roles/basessh/templates/sshd_config
+++ b/roles/basessh/templates/sshd_config
@@ -2,18 +2,44 @@ Protocol 2
Port {{ sshd_port }}
-{% if ansible_distribution_major_version == "6" %}
+{% if ansible_distribution_major_version|int == 6 %}
KexAlgorithms diffie-hellman-group-exchange-sha256
MACs hmac-sha2-512,hmac-sha2-256
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
-{% else %}
+{% elif ansible_distribution_major_version|int == 7 %}
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm(a)openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128(a)openssh.com
+{% else %}
+# This system is following system-wide crypto policy. The changes to
+# crypto properties (Ciphers, MACs, ...) will not have any effect in
+# this or following included files. To override some configuration option,
+# write it before this block or include it before this file.
+# Please, see manual pages for update-crypto-policies(8) and sshd_config(5).
+# Also look in /usr/lib/systemd/system/sshd.service for how it is called.
+{% endif %}
+
+{% if ansible_distribution_major_version|int >= 9 and ansible_distribution == 'RedHat' %}
+# To modify the system-wide sshd configuration, create a *.conf file under
+# /etc/ssh/sshd_config.d/ which will be automatically included below
+Include /etc/ssh/sshd_config.d/*.conf
+{% endif %}
+{% if ansible_distribution_major_version|int >= 36 and ansible_distribution == 'Fedora' %}
+# To modify the system-wide sshd configuration, create a *.conf file under
+# /etc/ssh/sshd_config.d/ which will be automatically included below
+Include /etc/ssh/sshd_config.d/*.conf
{% endif %}
+
HostKey /etc/ssh/ssh_host_rsa_key
+{% if not ansible_hostname.startswith(('pkgs01','pagure02')) %}
+HostKey /etc/ssh/ssh_host_ed25519_key
+{% endif %}
+
HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub
+{% if not ansible_hostname.startswith(('pkgs01','pagure02')) %}
+HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
+{% endif %}
SyslogFacility AUTHPRIV
LogLevel VERBOSE
@@ -31,9 +57,9 @@ AllowAgentForwarding no
X11Forwarding no
PermitTunnel no
-{% if ansible_distribution_major_version == "6" %}
+{% if ansible_distribution_major_version|int == 6 %}
UsePrivilegeSeparation yes
-{% elif ansible_distribution_major_version == "7" %}
+{% elif ansible_distribution_major_version|int == 7 %}
UsePrivilegeSeparation sandbox
{% endif %}
2 months
[ansible] Add jetson-orin
by Nicolas Chauvet
commit 3e99351922cf50a4a72cd4264d5b4c19638ec7a3
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Fri Oct 18 11:39:19 2024 +0200
Add jetson-orin
inventory/builders | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/inventory/builders b/inventory/builders
index 87617d6..e649963 100644
--- a/inventory/builders
+++ b/inventory/builders
@@ -4,7 +4,7 @@
aarch64-03.linaro.rpmfusion.net ansible_user=fedora ansible_become=yes ansible_python_interpreter=/usr/bin/python3
aarch64-04.linaro.rpmfusion.net ansible_user=fedora ansible_become=yes ansible_python_interpreter=/usr/bin/python3
aarch64-jetson-tx1.home.rpmfusion.net
-#aarch64-10.home.rpmfusion.net
+aarch64-jetson-orin.home.rpmfusion.net
[buildvm]
buildvm-01.online.rpmfusion.net
2 months
[ansible] Drop --setopt=optional_metadata_types=filelists
by Nicolas Chauvet
commit 26eda6a31fcae1701683120661c53815ad95d5d2
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Oct 1 18:26:04 2024 +0200
Drop --setopt=optional_metadata_types=filelists
.../koji_builder/files/builders/site-defaults.cfg | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/roles/koji_builder/files/builders/site-defaults.cfg b/roles/koji_builder/files/builders/site-defaults.cfg
index eab1c00..e0b8a30 100644
--- a/roles/koji_builder/files/builders/site-defaults.cfg
+++ b/roles/koji_builder/files/builders/site-defaults.cfg
@@ -1,6 +1,6 @@
config_opts['plugin_conf']['package_state_enable'] = False
config_opts['plugin_conf']['ccache_enable'] = False
-config_opts['dnf_common_opts'] = ['--setopt=install_weak_deps=0', '--setopt=optional_metadata_types=filelists']
+config_opts['dnf_common_opts'] = ['--setopt=install_weak_deps=0']
config_opts['macros']['%bugurl'] = 'https://bugz.rpmfusion.org/%name'
config_opts['http_proxy'] = 'http://proxy:3128'
config_opts['nosync'] = True
2 months, 2 weeks
[ansible] Sync with fedora koji_builder
by Nicolas Chauvet
commit 36df0bd8eea58f99450bbeee3ef877364bbd5f27
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Oct 1 18:25:13 2024 +0200
Sync with fedora koji_builder
roles/koji_builder/tasks/main.yml | 38 +++++++++++++++++++++++++++++++++++-
1 files changed, 36 insertions(+), 2 deletions(-)
---
diff --git a/roles/koji_builder/tasks/main.yml b/roles/koji_builder/tasks/main.yml
index 98a70ad..c60ebe0 100644
--- a/roles/koji_builder/tasks/main.yml
+++ b/roles/koji_builder/tasks/main.yml
@@ -78,9 +78,11 @@
- koji-builder-plugins
- python3-koji
- koji-containerbuild-builder
- - libvirt-daemon
- strace
- mock
+ - mock-rpmautospec
+ - kernel-firmware
+ - kernel-modules
- rsyslog
- audit
- pycdio
@@ -88,10 +90,36 @@
- libvirt-client
- pykickstart
- nosync
- - oz
tags:
- koji_builder
+#
+# rpmautospec plugin
+#
+
+- name: remove koji builder rpmautospec plugin
+ package:
+ name:
+ - koji-builder-plugin-rpmautospec
+ - python3-rpmautospec
+ - rpmautospec
+ state: absent
+ tags:
+ - packages
+ - koji_builder
+ - rpmautospec
+- name: remove obsolete configuration of rpmautospec
+ file:
+ path: "/etc/kojid/plugins/{{ item }}"
+ state: absent
+ loop:
+ - rpmautospec.conf
+ - rpmautospec.conf.rpmnew
+ - rpmautospec.conf.rpmsave
+ - rpmautospec.conf.rpmorig
+ tags:
+ - koji_builder
+ - rpmautospec
- name: Install arm UEFI firmware package (aarch64 only)
package: name=edk2-arm state=present
tags:
@@ -301,3 +329,9 @@
- koji_builder
- koji_builder/rngd
when: ansible_architecture != 's390x'
+
+- name: disable systemd-oomd we do not need or want it
+ systemd: name=systemd-oomd state=stopped enabled=no masked=true
+ tags:
+ - koji_builder
+ - koji_builder/oomd
2 months, 2 weeks