[ansible] koji_builder: drop koji-containerbuild-builder
by Nicolas Chauvet
commit def4914ff5c3469b3c5553a52ee2e71675d26a1f
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Dec 10 22:02:10 2024 +0100
koji_builder: drop koji-containerbuild-builder
roles/koji_builder/tasks/main.yml | 1 -
1 files changed, 0 insertions(+), 1 deletions(-)
---
diff --git a/roles/koji_builder/tasks/main.yml b/roles/koji_builder/tasks/main.yml
index 053d1af..a334cf3 100644
--- a/roles/koji_builder/tasks/main.yml
+++ b/roles/koji_builder/tasks/main.yml
@@ -87,7 +87,6 @@
- koji-builder
- koji-builder-plugins
- python3-koji
- - koji-containerbuild-builder
- strace
- mock
- mock-rpmautospec
2 months, 3 weeks
[ansible] Restore aarch64-02
by Nicolas Chauvet
commit 482b5e943b303b55b714fd2c2514a164c706077b
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Dec 10 18:05:55 2024 +0100
Restore aarch64-02
inventory/builders | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/inventory/builders b/inventory/builders
index 128cd68..a5955c1 100644
--- a/inventory/builders
+++ b/inventory/builders
@@ -1,6 +1,6 @@
[buildhw_aarch64_linaro]
#aarch64-01.linaro.rpmfusion.net ansible_user=fedora ansible_become=yes ansible_python_interpreter=/usr/bin/python3
-#aarch64-02.linaro.rpmfusion.net ansible_user=fedora ansible_become=yes ansible_python_interpreter=/usr/bin/python3
+aarch64-02.linaro.rpmfusion.net ansible_user=fedora ansible_become=yes ansible_python_interpreter=/usr/bin/python3
aarch64-03.linaro.rpmfusion.net ansible_user=fedora ansible_become=yes ansible_python_interpreter=/usr/bin/python3
aarch64-04.linaro.rpmfusion.net ansible_user=fedora ansible_become=yes ansible_python_interpreter=/usr/bin/python3
2 months, 3 weeks
[ansible] Add rsyncd.service
by Nicolas Chauvet
commit a464b034f83b716a4ac5a3599787ea5b8e0d1971
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Nov 19 20:25:32 2024 +0100
Add rsyncd.service
roles/rsyncd/files/rsyncd.service | 13 +++++++++++++
1 files changed, 13 insertions(+), 0 deletions(-)
---
diff --git a/roles/rsyncd/files/rsyncd.service b/roles/rsyncd/files/rsyncd.service
new file mode 100644
index 0000000..c027550
--- /dev/null
+++ b/roles/rsyncd/files/rsyncd.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=fast remote file copy program daemon
+ConditionPathExists=/etc/rsyncd.conf
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+EnvironmentFile=/etc/sysconfig/rsyncd
+ExecStart=/usr/bin/rsync --daemon --no-detach "$OPTIONS"
+#StandardInput=socket
+
+[Install]
+WantedBy=multi-user.target
2 months, 3 weeks
[ansible] Add default transports.gateway
by Nicolas Chauvet
commit 7276e99ca0d31d102a3b2bbbc4ec653adaeb00bb
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Nov 19 18:45:15 2024 +0100
Add default transports.gateway
roles/base/files/postfix/transports.gateway | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
---
diff --git a/roles/base/files/postfix/transports.gateway b/roles/base/files/postfix/transports.gateway
new file mode 100644
index 0000000..7395fc2
--- /dev/null
+++ b/roles/base/files/postfix/transports.gateway
@@ -0,0 +1 @@
+lists.rpmfusion.org relay:[mx1.rpmfusion.net]
2 months, 3 weeks
[ansible] Update rsyncd role
by Nicolas Chauvet
commit 8e9a296e733e5367afbebf280d467a70ac21bf33
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Nov 19 18:44:53 2024 +0100
Update rsyncd role
roles/rsyncd/tasks/main.yml | 98 ++++++++++++++++++++++++++++++++-----------
1 files changed, 73 insertions(+), 25 deletions(-)
---
diff --git a/roles/rsyncd/tasks/main.yml b/roles/rsyncd/tasks/main.yml
index 7d1a83b..b7c6ede 100644
--- a/roles/rsyncd/tasks/main.yml
+++ b/roles/rsyncd/tasks/main.yml
@@ -1,61 +1,109 @@
---
#
-# This role sets up rsyncd on a server
+# This role sets up rsyncd on a server
#
-- name: install rnecessary packages
- yum: state=present name={{item}}
- with_items:
- - rsync
- - xinetd
- - libsemanage-python
+- name: install necessary packages
+ package:
+ state: present
+ name:
+ - rsync
+ - xinetd
+ - libsemanage-python
tags:
- packages
- when: ansible_distribution_major_version|int < 22
+ - rsyncd
+ when: ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 8
-- name: install rnecessary packages
- dnf: state=present name={{item}}
- with_items:
- - rsync
- - xinetd
- - libsemanage-python
+- name: install necessary packages
+ package:
+ state: present
+ name:
+ - rsync
+ - xinetd
+ - python3-libsemanage
tags:
- packages
- when: ansible_distribution_major_version|int > 21
+ - rsyncd
+ when: ansible_distribution == 'RedHat' and ansible_distribution_major_version|int == 8
-- name: rsyncd.conf file
- copy: src={{ item }} dest=/etc/rsyncd.conf mode=644
+- name: install necessary packages for fedora or rhel9
+ package:
+ state: present
+ name:
+ - rsync-daemon
+ - python3-libsemanage
+ tags:
+ - packages
+ - rsyncd
+ when: ansible_distribution == 'Fedora' or (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int > 8)
+
+- name: rsyncd.conf file for non download servers
+ copy: src={{ item }} dest=/etc/rsyncd.conf mode=0644
with_first_found:
- "{{ rsyncd_conf }}"
- - rsyncd.conf.{{ ansible_fqdn }}
+ - rsyncd.conf.{{ inventory_hostname }}
- rsyncd.conf.{{ host_group }}
- rsyncd.conf.{{ rsync_group }}
- rsyncd.conf.default
+ when: "'download' not in group_names"
notify:
- - restart xinetd
+ - restart daemon
+ ignore_errors: true
+ tags:
+ - config
+ - rsyncd
+
+- name: rsyncd.conf file for download servers
+ template: src=rsyncd.conf.download.j2 dest=/etc/rsyncd.conf mode=0644
+ notify:
+ - restart daemon
+ when: "'download' in group_names"
tags:
- config
+ - rsyncd
-- name: xinetd rsync file
- copy: src={{ item }} dest=/etc/xinetd.d/rsync mode=644
+- name: xinetd rsync file for rhel8
+ copy: src={{ item }} dest=/etc/xinetd.d/rsync mode=0644
with_first_found:
- "{{ rsync }}"
- - rsync.{{ ansible_fqdn }}
+ - rsync.{{ inventory_hostname }}
- rsync.{{ host_group }}
- rsync.{{ rsync_group }}
- rsync.default
notify:
- restart xinetd
+ when: ansible_distribution_major_version|int < 9 and ansible_distribution == 'RedHat'
tags:
- config
+ - rsyncd
-- name: make sure xinetd is started
- service: name=xinetd state=started
+- name: systemd rsync file for fedora and rhel9
+ copy: src=rsyncd.service dest=/usr/lib/systemd/system/rsyncd.service mode=0644
+ when: ansible_distribution == 'Fedora' or (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int > 8)
+ notify:
+ - restart daemon
+ tags:
+ - config
+ - rsyncd
+
+- name: make sure xinetd is started on rhel8
+ service: name=xinetd state=started enabled=true
+ when: ansible_distribution_major_version|int < 9 and ansible_distribution == 'RedHat'
tags:
- services
+ - rsyncd
+- name: make sure rsync daemon is started on Fedora and rhel9
+ service: name=rsyncd enabled=true state=started
+ when: ansible_distribution == 'Fedora' or (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int > 8)
+ tags:
+ - services
+ - rsyncd
+
- name: set sebooleans so rsync can read dirs
seboolean: name=rsync_export_all_ro
state=true
persistent=true
-
+ tags:
+ - rsyncd
2 months, 3 weeks
[ansible] Update handlers
by Nicolas Chauvet
commit b47ae801cb757ae36a7b4e6ce473307a2b6e86eb
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Nov 19 18:44:29 2024 +0100
Update handlers
handlers/restart_services.yml | 73 +++++++++++++++++++++++++++++++----------
1 files changed, 55 insertions(+), 18 deletions(-)
---
diff --git a/handlers/restart_services.yml b/handlers/restart_services.yml
index aab9633..e0bfd98 100644
--- a/handlers/restart_services.yml
+++ b/handlers/restart_services.yml
@@ -18,19 +18,28 @@
action: service name=crond state=restarted
- name: restart fedmsg-gateway
- command: /usr/local/bin/conditional-restart.sh fedmsg-gateway fedmsg-gateway
+ command: /usr/local/bin/conditional-restart.sh fedmsg-gateway
- name: restart fedmsg-hub
- command: /usr/local/bin/conditional-restart.sh fedmsg-hub fedmsg-hub
+ command: /usr/local/bin/conditional-restart.sh {{ item }}
+ with_items:
+ - fedmsg-hub
+ - fedmsg-hub-3
+
+- name: restart fedmsg-hub-3
+ command: /usr/local/bin/conditional-restart.sh {{ item }}
+ with_items:
+ - fedmsg-hub
+ - fedmsg-hub-3
- name: restart fedmsg-irc
- command: /usr/local/bin/conditional-restart.sh fedmsg-irc fedmsg-irc
+ command: /usr/local/bin/conditional-restart.sh fedmsg-irc
- name: restart fedmsg-relay
- command: /usr/local/bin/conditional-restart.sh fedmsg-relay fedmsg-relay
+ command: /usr/local/bin/conditional-restart.sh fedmsg-relay
-- name: restart koji-sync-listener
- action: service name=koji-sync-listener state=restarted
+- name: restart fm-consumer@koji_sync_listener
+ action: service name=fm-consumer@koji_sync_listener state=restarted enabled=yes
- name: reload httpd
command: /usr/local/bin/conditional-reload.sh httpd httpd
@@ -47,6 +56,10 @@
- name: restart libvirtd
action: service name=libvirtd state=restarted
+- name: restart libvirtd.socket
+ action: service name=libvirtd.socket state=stopped
+ notify: restart libvirtd
+
- name: restart mailman
action: service name=mailman state=restarted
@@ -65,14 +78,8 @@
#notify:
#- fix openvpn routing
-- name: restart openvpn (RHEL6)
- when: ansible_distribution == "RedHat" and ansible_distribution_major_version|int == 6
- action: service name=openvpn state=restarted
- #notify:
- #- fix openvpn routing
-
-- name: restart openvpn (RHEL7)
- when: ansible_distribution == "RedHat" and ansible_distribution_major_version|int == 7
+- name: restart openvpn (RHEL7+)
+ when: ansible_distribution == "RedHat" and ansible_distribution_major_version|int >= 7
action: service name=openvpn-client@openvpn state=restarted
#notify:
#- fix openvpn routing
@@ -82,6 +89,7 @@
- name: restart xinetd
action: service name=xinetd state=restarted
+ when: not inventory_hostname.startswith('proxy')
- name: restart netapproute
action: command /etc/sysconfig/network-scripts/ifup-routes eth1
@@ -92,6 +100,9 @@
- name: rebuild postfix transport
command: /usr/sbin/postmap /etc/postfix/transport
+- name: rebuild postfix bysender
+ command: /usr/sbin/postmap /etc/postfix/bysender
+
- name: rebuild postfix tls_policy
command: /usr/sbin/postmap /etc/postfix/tls_policy
@@ -170,8 +181,8 @@
command: nmcli con up {{ item.split()[1] }}
async: 1
poll: 0
- with_items:
- - "{{ if_uuid.stdout_lines }}"
+ loop: "{{ if_uuid.stdout_lines|flatten(levels=1) }}"
+ when: item.split()[1] not in ansible_ifcfg_disabled
- name: flush journald tmpfiles to persistent store
command: pkill -f -USR1 systemd-journald
@@ -191,5 +202,31 @@
state: restarted
daemon_reload: yes
-- name: restart repoSpanner
- action: service name=repoSpanner state=restarted
+- name: restart chronyd
+ service: name=chronyd state=restarted
+
+- name: restart kojira
+ systemd:
+ name: kojira
+ state: restarted
+
+- name: restart haveged
+ service: name=haveged state=restarted
+
+- name: restart obs-signd
+ service: name=signd state=restarted
+
+- name: restart swap.swap
+ service: name="swap.swap" state=restarted
+
+- name: restart varnish
+ service: name=varnish state=restarted
+
+- name: reload varnish
+ service: name=varnish state=reload
+
+- name: restart systemd-oomd
+ service: name=systemd-oomd state=reload
+
+- name: restart debuginfod
+ service: name=debuginfod state=restarted
2 months, 3 weeks
[ansible] Remove RHEL-6 mentions
by Nicolas Chauvet
commit a1ffc9ca31de39338daae0c9b8bcdfab64cf8542
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Nov 19 18:14:18 2024 +0100
Remove RHEL-6 mentions
vars/CentOS-6.yml | 1 -
vars/RedHat-6.yml | 8 --------
2 files changed, 0 insertions(+), 9 deletions(-)
2 months, 3 weeks
[ansible] Update squid playbook
by Nicolas Chauvet
commit b8ddacd6086253792585d9a7cc570743ccb1ac74
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Nov 19 17:21:05 2024 +0100
Update squid playbook
playbooks/groups/squid.xml | 15 ++++++++-------
1 files changed, 8 insertions(+), 7 deletions(-)
---
diff --git a/playbooks/groups/squid.xml b/playbooks/groups/squid.xml
index 0f6f9e2..47c5647 100644
--- a/playbooks/groups/squid.xml
+++ b/playbooks/groups/squid.xml
@@ -1,13 +1,17 @@
# create a new squid server
- name: make the box be real
- hosts: squid-stg:squid
+ hosts: squid
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
+ - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+ pre_tasks:
+ - import_tasks: "{{ tasks_path }}/yumrepos.yml"
roles:
- base
@@ -19,14 +23,11 @@
- rsyncd
- { role: openvpn/client,
when: datacenter != "online" }
- - fas_client
- squid
tasks:
- - include: "{{ tasks_path }}/yumrepos.yml"
- - include: "{{ tasks_path }}/motd.yml"
+ - import_tasks: "{{ tasks_path }}/motd.yml"
+ when: not inventory_hostname.startswith('bkernel')
handlers:
- - include: "{{ handlers_path }}/restart_services.yml"
-
-
+ - import_tasks: "{{ handlers_path }}/restart_services.yml"
2 months, 3 weeks
[ansible] Add linaro bastion02
by Nicolas Chauvet
commit 3074372110bdb0b678d8c4ffcc13316555fd4a8b
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Nov 19 17:20:47 2024 +0100
Add linaro bastion02
inventory/inventory | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
---
diff --git a/inventory/inventory b/inventory/inventory
index ae4f380..dcab6ed 100644
--- a/inventory/inventory
+++ b/inventory/inventory
@@ -93,6 +93,8 @@ hv01.online.rpmfusion.net
proxy01.scaleway.rpmfusion.net
#test01.scaleway.rpmfusion.net
+[linaro]
+bastion02.linaro.rpmfusion.net
[virtservers:children]
virthost
2 months, 3 weeks