FBR: running noc.yml on nagios servers
by Stephen John Smoogen
We are removing some hosts and other inventory clean up and need to
run noc.yml on the nagios servers to update monitoring.
--
Stephen J Smoogen.
5 years, 1 month
Freeze Break Request: fix resolv.conf on armv7 builders
by Kevin Fenzi
Greetings.
I'd like votes on restarting NetworkManager on buildvm-armv7-10 thru 21
and then running the buildvm playbook with -t resolvconf -l
buildvm-armv7 to update some arm builders that don't have the correct
/etc/resolv.conf.
These are ones I reinstalled before freeze and I think what happened is
that they got the correct /etc/resolv.conf, then updated NetworkManager
to never update it, but it wasn't restarted so the currently running one
is doing so.
The change on those builders looks like:
--- before: /etc/resolv.conf
+++ after: /srv/web/infra/ansible/roles/base/files/resolv.conf/kojibuilder
@@ -1,3 +1,6 @@
-# Generated by NetworkManager
-search arm.fedoraproject.org
+search phx2.fedoraproject.org vpn.fedoraproject.org fedoraproject.org
nameserver 10.5.126.21
+nameserver 10.5.126.22
+options rotate timeout:1
+
+
I am hoping this helps us with rawhide composes, where they have failed
in armv7 image builds with a '[Could not resolve host:
kojipkgs.fedoraproject.org]'.
+1s?
kevin
5 years, 1 month
FBR: Add tag to update appowners for Greenwave and Bodhi
by Clement Verna
Hi all,
I would like to update the appowners for Greenwave and Bodhi in
Openshift but I don't want to restart the services so following is a
Patch to add an ansible tag to only update the appowners.
diff --git a/playbooks/openshift-apps/bodhi.yml
b/playbooks/openshift-apps/bodhi.yml
index 0e0ccae4c..e5b7f37ed 100644
--- a/playbooks/openshift-apps/bodhi.yml
+++ b/playbooks/openshift-apps/bodhi.yml
@@ -18,6 +18,8 @@
appowners:
- bowlofeggs
- cverna
+ tags:
+ - apply-appowners
- role: openshift/keytab
app: bodhi
key: koji-keytab
diff --git a/playbooks/openshift-apps/greenwave.yml
b/playbooks/openshift-apps/greenwave.yml
index ce86f6951..0f96fb9c7 100644
--- a/playbooks/openshift-apps/greenwave.yml
+++ b/playbooks/openshift-apps/greenwave.yml
@@ -20,6 +20,8 @@
- lholecek
- ralph
- cverna
+ tags:
+ - apply-appowners
- role: openshift/secret-file
app: greenwave
secret_name: greenwave-fedmsg-key
--
+1s ? Thanks
5 years, 1 month
FBR : Add cverna to Greenwave appowners
by Clement Verna
Hi all,
After talking with Giulia on irc, I would like to add myself to the
Greenwave appowners to be able to access the logs in openshift.
Here is the diff
diff --git a/playbooks/openshift-apps/greenwave.yml
b/playbooks/openshift-apps/greenwave.yml
index b1002abcf..ce86f6951 100644
--- a/playbooks/openshift-apps/greenwave.yml
+++ b/playbooks/openshift-apps/greenwave.yml
@@ -19,6 +19,7 @@
- gnaponie
- lholecek
- ralph
+ - cverna
- role: openshift/secret-file
app: greenwave
secret_name: greenwave-fedmsg-key
--
+1s ?
5 years, 1 month
FBR: Add cverna to Bodhi appowners
by Clement Verna
Hi all,
I would like to be able to check Bodhi's log in openshift, so I would
like to add myself to the appowners.
diff --git a/playbooks/openshift-apps/bodhi.yml
b/playbooks/openshift-apps/bodhi.yml
index e761e090f..0e0ccae4c 100644
--- a/playbooks/openshift-apps/bodhi.yml
+++ b/playbooks/openshift-apps/bodhi.yml
@@ -17,6 +17,7 @@
description: bodhi
appowners:
- bowlofeggs
+ - cverna
- role: openshift/keytab
app: bodhi
key: koji-keytab
--
+1s ?
Thanks
Clément
5 years, 1 month
[RFC] Add a public vhost for the rabbitmq cluster
by Jeremy Cline
This adds a new virtual host in RabbitMQ, /public_pubsub, intended to be
used by consumers outside Fedora's infrastructure. The federation plugin
is used to push any messages published to the /pubsub amq.topic exchange
into the /public_pubsub amq.topic exchange.
A user called "fedora" with the password of "fedora" is created in this
virtual host with permissions to create UUIDish queues. A policy is
applied to queues that deletes them after 7 days of not being used and
sets a maximum size of 50MB to a queue to ensure abandoned queues don't
get too big.
Signed-off-by: Jeremy Cline <jcline(a)redhat.com>
---
I'm sending this out for review, but I'm happy to apply it myself, run
the playbooks when it's convenient for folks, and troubleshoot. I'm
dubious about my ability to get the URL correct on the first try, and it
also needs certificates to be generated for federation user it creates.
roles/rabbitmq_cluster/tasks/main.yml | 88 ++++++++++++++++++++++++++-
1 file changed, 87 insertions(+), 1 deletion(-)
diff --git a/roles/rabbitmq_cluster/tasks/main.yml b/roles/rabbitmq_cluster/tasks/main.yml
index d88fb8102..753d7596e 100644
--- a/roles/rabbitmq_cluster/tasks/main.yml
+++ b/roles/rabbitmq_cluster/tasks/main.yml
@@ -101,7 +101,10 @@
- name: Enable the HTTP management console and SSL authentication plugins
rabbitmq_plugin:
- names: rabbitmq_management,rabbitmq_auth_mechanism_ssl
+ names: "rabbitmq_management,\
+ rabbitmq_auth_mechanism_ssl,\
+ rabbitmq_federation,\
+ rabbitmq_federation_management"
tags:
- rabbitmq_cluster
- config
@@ -177,3 +180,86 @@
tags:
- rabbitmq_cluster
- config
+
+# This is the publicly accessible virtual host
+- name: Configure the publicly accessible vhost
+ rabbitmq_vhost:
+ name: /public_pubsub
+ state: present
+ tags:
+ - rabbitmq_cluster
+ - config
+
+- name: Configure a policy to ensure the public vhost stays swept up and tidy
+ rabbitmq_policy:
+ apply_to: queues
+ name: sweeper
+ state: present
+ pattern: ".*"
+ tags:
+ # Unused queues are killed after 1000 * 60 * 60 * 24 * 7 (1 week in milliseconds)
+ expires: 604800000
+ # Queues can use at most 1024 * 1024 * 50 (50MB) to store messages
+ max-length-bytes: 52428800
+ vhost: /public_pubsub
+ tags:
+ - rabbitmq_cluster
+ - config
+
+# Create a user with:
+# * permission to configure and write to any uuidish-named objects
+# * permission to read anything since users need to read exchanges for bindings
+# read queues for consuming
+- name: Create a user for public access
+ rabbitmq_user:
+ user: fedora
+ password: fedora
+ permissions:
+ - vhost: /public_pubsub
+ # Matches, for example, de23804a-304a-4228-b239-35099c98bd1e
+ # Regex is Erlang flavored: http://erlang.org/doc/man/re.html
+ configure_priv: "^(\w{8}(-\w{4}){3}-\w{12})$"
+ write_priv: "^(\w{8}(-\w{4}){3}-\w{12})$"
+ read_priv: .*
+ state: present
+ tags:
+ - rabbitmq_cluster
+ - config
+
+# User with permissions to shovel messages out of pubsub into the public vhost.
+# This user needs permissions to create a new exchange, bind an exchange to an
+# exchange, create a queue, and bind a queue to an exchange.
+- name: Create a user for federation
+ rabbitmq_user:
+ user: pubsub_federation
+ password: pubsub_federation
+ permissions:
+ - vhost: /pubsub
+ configure_priv: "^federation.*"
+ write_priv: "^federation.*"
+ read_priv: .*
+ state: present
+ tags:
+ - rabbitmq_cluster
+ - config
+
+# This is the connection from our public vhost to the private pubsub vhost.
+# Note that at present they live on the same cluster, but they don't need to.
+- name: Configure federation upstream from pubsub to the public_pubsub vhost
+ rabbitmq_parameter:
+ component: federation-upstream
+ name: pubsub-to-public_pubsub
+ value: '{"uri":"amqp://pubsub_federation:@rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org/%2Fpubsub?cacertfile=/etc/pki/rabbitmq/ca/rabbitmq-ca.crt&certfile=/etc/pki/rabbitmq/crt/rabbitmq-pubsub_federation.crt&keyfile=/etc/pki/rabbitmq/key/rabbitmq-pubsub_federation.key&verify=verify_peer&fail_if_no_peer_cert=true&auth_mechanism=external","ack-mode":"on-confirm"}'
+ state: present
+ vhost: /public_pubsub
+
+- name: Configure a policy to federate the pubsub topic exchange to public_pubsub
+ rabbitmq_policy:
+ apply_to: exchanges
+ name: pubsub-to-public_pubsub
+ state: present
+ pattern: "^amq\\.topic$"
+ tags:
+ federation-upstream: "pubsub-to-public_pubsub"
+ vhost: /public_pubsub
--
2.20.1
5 years, 1 month
Koji 1.17.0 and Python 3
by Neal Gompa
Hey all,
I've proposed a pull request to switch our Koji package to use Python
3 wherever possible:
https://src.fedoraproject.org/rpms/koji/pull-request/4
The PR is a bit complex, but it's based on the upstream spec for Koji,
which accounts for all the variations (Py2 Koji + Py3 client for
Fedora < 30, Py3 Koji + client + Py2 API for Fedora 30+, Py2 Koji for
EPEL).
I'd like to merge this in and submit updates for all currently
supported releases we ship the Koji package to (Fedora and EPEL).
Note that this is independent of testing and upgrading the
infrastructure. But I'd like to merge this in now so that we could
look at having staging Koji switch over now.
--
真実はいつも一つ!/ Always, there's only one truth!
5 years, 1 month
Reminder: Fedora Infrastructure Meeting 2019-03-14
by Stephen John Smoogen
Please update the gobby with items and events
= Preamble =
The infrastructure team will be having its weekly meeting tomorrow,
2019-03-14 at 15:00 UTC in #fedora-meeting-1 on the freenode network.
We have a gobby document at
https://infinote.fedoraproject.org/cgit/infinote/tree/fedora-infrastructu...
which can be edited for the agenda (see: https://fedoraproject.org/wiki/Gobby )
Please try and review and edit that document before the meeting and we
will use it to have our agenda of things to discuss. A copy as of today
is included in this email.
If you have something to discuss, add the topic to the discussion area
with your name. If you would like to teach other folks about some
application or setup in our infrastructure, please add that topic and
your name to the learn about section.
= Introduction =
We will use it over the week before the meeting to gather status and info and
discussion items and so forth, then use it in the irc meeting to transfer
information to the meetbot logs.
= Meeting start stuff =
#startmeeting Infrastructure (2019-03-14)
#meetingname infrastructure
#topic aloha
#chair nirik pingou puiterwijk relrod smooge tflink threebean cverna
mizdebsk mkonecny
= Let new people say hello =
#topic New folks introductions
#info This is a place where people who are interested in Fedora
Infrastructure can introduce themselves
#info Getting Started Guide:
https://fedoraproject.org/wiki/Infrastructure/GettingStarted
= Status / Information / Trivia / Announcements =
(We put things here we want others on the team to know, but don't need
to discuss)
(Please use #info <the thing> - your name)
#topic announcements and information
#info Beta Freeze Is Currently Going On. Please get FBR for frozen systems.
#info Staging Koji sync still going on
#info Started working on fedora-messaging migration, status here
https://github.com/orgs/fedora-infra/projects/2
#info Reminder: use good commit messages
#info Published blogpost about release-monitoring.org
https://communityblog.fedoraproject.org/stories-from-the-amazing-world-of...
= Things we should discuss =
We use this section to bring up discussion topics. Things we want to talk about
as a group and come up with some consensus /suor decision or just brainstorm a
problem or issue. If there are none of these we skip this section.
(Use #topic your discussion topic - your username)
#topic Oncall
#info mizdebsk is on call from 2019-03-07 -> 2019-03-14
#info bowlofeggs is on call from 2019-03-14 -> 2019-03-21
#info nirik is on call from 2019-03-21 -> 2019-03-28
#info ????? is on call from 2019-03-28 -> 2019-04-04
#info Summary of last week: (from mizdebsk )
#topic Monitoring discussion
#info https://nagios.fedoraproject.org/nagios
#info Go over existing out items and fix
#topic Tickets discussion
#info https://pagure.io/fedora-infrastructure/report/Meetings%20ticket
Go thru each ticket one by one
#topic hotfixes - kevin
#topic Priorities for next week?
#info please put tickets needing to be focused on here
#topic Discuss: Is the Fedora pastebin still useful? - relrod
#info how many users are using it? [3000 posts a day from 350 ips]
#info should we look at converging with CentOS one so simpler setup?
= Apprentice office hours =
#topic Apprentice Open office minutes
#info A time where apprentices may ask for help or look at problems.
Here we will discuss any apprentice questions, try and match up people looking
for things to do with things to do, progress, testing anything like that.
= Learn about some application or setup in infrastructure =
(This section, each week we get 1 person to talk about an application or setup
that we have. Just going over what it is, how to contribute, ideas for
improvement,
etc. Whoever would like to do this, just add the i/nfo in this section. In the
event we don't find someone to teach about something, we skip this section
and just move on to open floor.)
#info
= Meeting end stuff =
#topic Open Floor
#endmeeting
--
Stephen J Smoogen.
5 years, 1 month
FBR to add host to mirrors tier1
by Stephen John Smoogen
I tried to make format-patch work but I have some problems in places
still in my setup :/
From 49ab54526b57d0cde534b2887a4e77cf021090ea Mon Sep 17 00:00:00 2001
From: Stephen Smoogen <smooge(a)redhat.com>
Date: Mon, 11 Mar 2019 22:39:30 +0000
Subject: [Freeze Break Request] FBR: rsyncd/download servers Add dotsrc to
tier1
To: infrastructure(a)lists.fedoraproject.org
Add dotsrc to tier1 so that europe has another large mirror.
---
inventory/group_vars/download | 2 ++
roles/rsyncd/templates/rsyncd.conf.download.j2 | 10 ++++++++++
2 files changed, 12 insertions(+)
diff --git a/inventory/group_vars/download b/inventory/group_vars/download
index 7d3fe98..a806797 100644
--- a/inventory/group_vars/download
+++ b/inventory/group_vars/download
@@ -70,3 +70,5 @@ dl_tier1:
- 147.75.69.165 # sjc.edge.kernel.org
- 147.75.197.195 # ewr.edge.kernel.org
- 147.75.101.1 # ams.edge.kernel.org
+ - 130.225.254.116 # dotsrc.org
+ - 2001:878:346::116 # dotsrc.org
diff --git a/roles/rsyncd/templates/rsyncd.conf.download.j2
b/roles/rsyncd/templates/rsyncd.conf.download.j2
index 9a7b0fc..aa2f8f0 100644
--- a/roles/rsyncd/templates/rsyncd.conf.download.j2
+++ b/roles/rsyncd/templates/rsyncd.conf.download.j2
@@ -149,6 +149,7 @@ refuse options = checksum
gid = 263
hosts allow = {% for host in vars['dl_tier1'] %}{{host}},{% endfor %}
+{% if datacenter == 'phx2' %}
[fedora-compose0]
comment = Fedora composes
path = /mnt/koji/compose
@@ -156,7 +157,16 @@ refuse options = checksum
uid = nobody
gid = nobody
hosts allow = 10.0.0.0/8, 209.132.0.0/16
+{% endif %}
+{% if inventory_hostname == 'download-cc-rdu01.fedoraproject.org' %}
+[centos]
+ comment = CentOS
+ path = /srv/pub/centos
+ list = no
+ uid = nobody
+ gid = nobody
+{% endif %}
# For distributing applications
[log]
--
1.8.3.1
--
Stephen J Smoogen.
5 years, 1 month