Hi,
mizdebsk asked if we can add manual/staging-sync/koschei.yml to the rbac config, runnable
for sysadmin-koschei.
Can I get +1/-1's on this?
With kind regards,
Patrick Uiterwijk
Fedora Infra
_______________________________________________
infrastructure mailing list
infrastructure(a)lists.fedoraproject.org
http://lists.fedoraproject.org/postorius/infrastructure@lists.fedoraproject…
The infrastructure team will be having it's weekly meeting tomorrow,
2015-09-17 at 18:00 UTC in #fedora-meeting on the freenode network.
We have a gobby document
(see: https://fedoraproject.org/wiki/Gobby )
fedora-infrastructure-meeting-next is the document.
Please try and review and edit that document before the meeting and we
will use it to have our agenda of things to discuss. A copy as of today
is included in this email.
If you have something to discuss, add the topic to the discussion area
with your name. If you would like to teach other folks about some
application or setup in our infrastructure, please add that topic and
your name to the learn about section.
kevin
--
= Introduction =
This shared document is for the next fedora infrastructure meeting.
We will use it over the week before the meeting to gather status and info and
discussion items and so forth, then use it in the irc meeting to transfer
information to the meetbot logs.
= Meeting start stuff =
#startmeeting Infrastructure (2015-09-17)
#meetingname infrastructure
#topic aloha
#chair smooge relrod nirik abadger1999 lmacken dgilmore mdomsch threebean pingou puiterwijk pbrobinson
#topic New folks introductions / Apprentice feedback
= Status / information / Trivia / Announcements =
(We put things here we want others on the team to know, but don't need to discuss)
(Please use #info <the thing> - your name)
#topic announcements and information
#info Got 2 of our 3 smtp-mm hosts reverse dns fixed to help with spam - kevin
#info some more work on batcave01, hopefully replacing lockbox01 after freeze - kevin
#info staging koji is now as far as I can see 100% functional! - kevin/ralph
#info
= Things we should discuss =
We use this section to bring up discussion topics. Things we want to talk about
as a group and come up with some consensus or decision or just brainstorm a
problem or issue. If there are none of these we skip this section.
(Use #topic your discussion topic - your username)
#topic TRAC tickets review - p_klos
= Learn about some application or setup in infrastructure =
(This section, each week we get 1 person to talk about an application or setup
that we have. Just going over what it is, how to contribute, ideas for improvement,
etc. Whoever would like to do this, just add the info in this section. In the
event we don't find someone to teach about something, we skip this section
and just move on to open floor.)
#topic Learn about:
= Meeting end stuff =
#topic Open Floor
#endmeeting
_______________________________________________
infrastructure mailing list
infrastructure(a)lists.fedoraproject.org
http://lists.fedoraproject.org/postorius/infrastructure@lists.fedoraproject…
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
As some of you might have noticed, we are currently getting a lot of requests
sent to packages, which is caused by search engines.
Since engines don't have any use in packages since it's just an aggregator,
I would like to disallow their access.
Can I get +1s on the following patch?
- --
With kind regards,
Patrick Uiterwijk
Fedora Infra
commit 25f71933abb4c571948454fc7507d190e1b34b06
Author: Patrick Uiterwijk <puiterwijk(a)redhat.com>
Date: Mon Sep 14 12:03:20 2015 +0000
Robots have no use in fedoracommunity as its just an aggregator
Signed-off-by: Patrick Uiterwijk <puiterwijk(a)redhat.com>
diff --git a/roles/httpd/website/files/robots/robots.txt.apps.fedoraproject.orgb/roles/httpd/website/files/robots/robots.txt.apps.fedoraproject.org
new file mode 100644
index 0000000..31e3660
- --- /dev/null
+++ b/roles/httpd/website/files/robots/robots.txt.apps.fedoraproject.org
@@ -0,0 +1,3 @@
+User-agent: *
+Disallow: /packages/
+Crawl-delay: 1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJV+VgcAAoJEIZXmA2atR5Q5B4P/0EtJYIiuVjYIa6Fo+6izonn
3K0lWkLmmILzQLm1p2QmNFMtg5t2rL6tWT1uKJZFuPvFybmIKjihTiHQwK/SED4t
iG4w4lRQYfV8+ejmhbzeDb6FV0kw0dggdCgsD1GUFrUGasfa7hkc97+J/L/M7vBV
v1Tayrwr+fvZlrWwyhslhCnilmhyfCRux9zjeXu0X3NbmwDKAO8gYlnfeC0vN+ul
Q1YcAd+b+9pVYBrWm574g7iPtg03SWxdkeY/21rXpbxyI51KaV4gGfCE7jwC6b6F
V7fh7R/PA0v2wyEIpi2SeuDoBLH5Bskqanri3i+84aHJ6GneGHw2nDPGc+gN6fXu
RQ/d1QJl+7q7Gj04ACpwysUVCI4iqHi0X8M8Ev9vkGD6G24K/GQNSRIT/Ft6jbN+
KjzD8KQe6QBhi5dSeFEcoltOt+MphEEzbF1nJdMXcj3f0Ig46p0Blzkz3XEL6/VZ
FvULeNYY+5dobRq4AM2LfwoioxYFSkP1L6TD16to+RGEw/8f7Z70H9oo4RD/xk8W
tJ2ttomxWNem4ApZ3tdCgq9b2IEQ8KG8FaWQX/e8mkfUtR2tstjJZPBwE4pFrScv
9rhoAF+Pugjw7vnsWj5p60qC//GcPBzvJ0OHZkkkZV10RuOwjWJCG4Vv2e4d04HF
pgKkEy1OA/L3SC6SvlGt
=uU4b
-----END PGP SIGNATURE-----
_______________________________________________
infrastructure mailing list
infrastructure(a)lists.fedoraproject.org
http://lists.fedoraproject.org/postorius/infrastructure@lists.fedoraproject…
Hope this is ok. My first patch submission for CSI group variables.
Feedback, outright rejection, and mild outrage (so long as it's
educational) are all welcome.
Thanks,
Zach
From: Aikidouke <zachvatwork(a)gmail.com>
Date: Tue, 15 Sep 2015 10:40:45 -0400
Subject: [PATCH] added CSI vars to mirror list
---
inventory/group_vars/mirrorlist | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/inventory/group_vars/mirrorlist
b/inventory/group_vars/mirrorlist
index c3ee6b1..ecb2515 100644
--- a/inventory/group_vars/mirrorlist
+++ b/inventory/group_vars/mirrorlist
@@ -15,3 +15,18 @@ mirrorlist_procs: 45
# Set this to get the vpn postfix setup
postfix_group: vpn
+
+# These vars get shoved into /etc/system_idenfication by the base role.
+# Groups and individual hosts should override them with specific info.
+# See http://infrastructure.fedoraproject.org/csi/security-policy/
+
+csi_security_category: Moderate
+csi_primary_contact: Fedora Admins - admin(a)fedoraproject.org
+csi_purpose: Provide the daemon process that serves cached mirror data for
requests to mirrorlist_client. Part of the Fedora Mirror Management System
+csi_relationship: |
+ * Relies on fedmsg, haproxy, apache, varnish, and nagios for
monitoring
+ * MirrorManager system running on app01, app02, app03, app04,
app05, app06, bapp02 relies on mirrorlist to cache mirrors and answer
requests.
+
+
+# To update this text, add the csi_* vars to group_vars/ in
ansible.
+#
--
2.4.3
_______________________________________________
infrastructure mailing list
infrastructure(a)lists.fedoraproject.org
http://lists.fedoraproject.org/postorius/infrastructure@lists.fedoraproject…
diff --git a/roles/pkgdb2/files/fas2.py b/roles/pkgdb2/files/fas2.py
index 233c783..0e84b32 100644
--- a/roles/pkgdb2/files/fas2.py
+++ b/roles/pkgdb2/files/fas2.py
@@ -259,6 +259,8 @@ class AccountSystem(BaseClient):
149140: 'jdulaney(a)fedoraproject.org',
# Niels de Vos: niels(a)nixpanic.net
102792: 'ndevos(a)redhat.com',
+ # Shawn Wells: shawn(a)redhat.com
+ 156515: 'swells(a)redhat.com",
}
# A few people have an email account that is used in owners.list but
# have setup a bugzilla account for their primary account
system email
+1s?
kevin
_______________________________________________
infrastructure mailing list
infrastructure(a)lists.fedoraproject.org
http://lists.fedoraproject.org/postorius/infrastructure@lists.fedoraproject…
One of my next goals to improve mirror crawling is to split the crawls
of the mirrors by category. Right now we select a mirror and crawl all
categories (Fedora Linux, Fedora EPEL, Fedora Secondary, Fedora
Archives, Fedora Other) in one go. The drawback is that it is nearly
impossible to crawl a mirror which mirrors everything within the time
limit of 3 hours. There are a few mirrors which actually mirror
everything and they are usually dropped from the mirror list because the
crawler always hits the 3 hour limit and marks the mirror as not being
up to date. The current solution is to create multiple hosts (which can
point to the same mirror) with only one or two categories. This works
but it is not the optimal solution.
The actual scanning of the remote mirror is most of the time not the
real problem, but also updating the status of all those directories and
files in the local database takes a very long time.
The master crawling by update-master-directory-list (umdl) is already
split up by category and fedmsg driven (for most categories). So
whenever a repository is updated umdl starts a scan and updates the
database for only the category which has changed. This works pretty good
but has the disadvantage that the database is now much faster updated
without the possibility for the mirrors to sync before we have new
information in the database.
The reason for this long introduction is that my original plan was to
immediately start a category crawl after umdl has signalled that a certain
category has been updated in the database. This could lead to a very
short list of mirrors which are up to date and therefore I would like to
know if we should somehow introduce a delay between the time umdl has
run and the time we start to crawl the mirrors. This would give the
mirrors some time to sync the content before we crawl them.
Right now the time between the update of the master mirror and the crawl
can be between 0 hours and 12 hours. With a defined time before crawling
the mirrors this would be more clearer than right now.
I am also hoping to be able to crawl the mirrors more often than twice a
day if moving to category based crawls.
So my main question is if we should insert a delay between umdl and the
crawl of the mirrors? This would require a fedmsg emitted at the end of
an umdl run and something on the crawler which waits some time before
starting the crawls.
Adrian
_______________________________________________
infrastructure mailing list
infrastructure(a)lists.fedoraproject.org
http://lists.fedoraproject.org/postorius/infrastructure@lists.fedoraproject…
Right now we have nagios checking
"https://bodhi.fedoraproject.org/updates/"
which requires a db query to get all the updates.
I'd like to change it to just "https://bodhi.fedoraproject.org/" which
shouldn't require as much db load.
+1s?
kevin
--
diff --git a/roles/nagios_server/files/nagios-external/services/websites.cfg b/roles/nagios_server/files/nagios-external/services/websites.cfg
index 24e5051..d3906ec 100644
--- a/roles/nagios_server/files/nagios-external/services/websites.cfg
+++ b/roles/nagios_server/files/nagios-external/services/websites.cfg
@@ -16,7 +16,7 @@ define service {
host_name 209.132.181.16-phx2, 85.236.55.6-internetx, proxy03.fedoraproject.org, 152.19.134.142-ibiblio, proxy06.fedoraproject.org, 213.175.193.206-bodhost, 67.203.2.67-coloamerica
service_description bodhi
max_check_attempts 8
- check_command check_website_ssl!bodhi.fedoraproject.org!/updates/!Fedora
+ check_command check_website_ssl!bodhi.fedoraproject.org!/!Fedora
use websitetemplate
}
diff --git a/roles/nagios_server/files/nagios/services/websites.cfg b/roles/nagios_server/files/nagios/services/websites.cfg
index 02490ef..3248f38 100644
--- a/roles/nagios_server/files/nagios/services/websites.cfg
+++ b/roles/nagios_server/files/nagios/services/websites.cfg
@@ -74,7 +74,7 @@ define service {
define service {
host_name proxy01-wildcard, proxy02-wildcard, proxy03-fpo, proxy04-fpo, proxy06-fpo, proxy07-wildcard, proxy08-wildcard, proxy05-fpo, proxy10-fpo, proxy11-fpo
service_description bodhi
- check_command check_website_ssl!bodhi.fedoraproject.org!/updates/!Fedora
+ check_command check_website_ssl!bodhi.fedoraproject.org!/!Fedora
max_check_attempts 8
use websitetemplate
}
@@ -82,7 +82,7 @@ define service {
define service {
host_name bodhi03,bodhi04
service_description bodhi-internal
- check_command check_website!localhost!/updates/!Fedora
+ check_command check_website!localhost!/!Fedora
max_check_attempts 8
use internalwebsitetemplate
}
_______________________________________________
infrastructure mailing list
infrastructure(a)lists.fedoraproject.org
http://lists.fedoraproject.org/postorius/infrastructure@lists.fedoraproject…