csi group vars - nagios
by Ali Khalidi
diff --git a/inventory/group_vars/nagios b/inventory/group_vars/nagios
index 70763e7..5911ef3 100644
--- a/inventory/group_vars/nagios
+++ b/inventory/group_vars/nagios
@@ -9,3 +9,6 @@ num_cpus: 2
tcp_ports: [ 80, 443 ]
fas_client_groups: sysadmin-noc
+csi_security_category: High
+csi_primary_contact: Fedora Admins - admin(a)fedoraproject.org
+csi_purpose: Monitoring system
diff --git a/inventory/host_vars/noc01.phx2.fedoraproject.org
b/inventory/host_vars/noc01.phx2.fedoraproject.org
index 73b10dc..e84bffa 100644
--- a/inventory/host_vars/noc01.phx2.fedoraproject.org
+++ b/inventory/host_vars/noc01.phx2.fedoraproject.org
@@ -14,3 +14,16 @@ udp_ports: ['67','68','69']
custom_rules: [ '-A INPUT -p tcp -m tcp -s 192.168.1.20 --dport 5666
-j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j
ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j
ACCEPT' ]
eth0_ip: 10.5.126.41
+csi_relationship: |
+ noc01 is the internal monitoring nagios instance to the phx datacenter.
+ it is also the dhcp server serving all computing nodes
+
+ * This host relies on:
+ - the virthost it's hosted on (virthost17.phx2.fedoraproject.org)
+ - FAS to authenticate users
+ - VPN connectivity
+
+ * Things that rely on this host:
+ - Infrastructure team to be awair of the infra status. operations
control process will fail
+ - if this host is down, it will be difficult to know the status
of infra and provide reactive/proactive support
+ - if this host is down, dhcp/bootp leases/renew will fail. pxe
booting will fail as well
diff --git a/inventory/host_vars/noc02.fedoraproject.org
b/inventory/host_vars/noc02.fedoraproject.org
index 8136376..d5f74f0 100644
--- a/inventory/host_vars/noc02.fedoraproject.org
+++ b/inventory/host_vars/noc02.fedoraproject.org
@@ -9,3 +9,15 @@ eth0_ip: 152.19.134.192
vmhost: ibiblio04.fedoraproject.org
datacenter: ibiblio
postfix_group: vpn
+csi_relationship: |
+ noc02 is the external monitoring nagios instance.
+
+ * This host relies on:
+ - the virthost it's hosted on (ibiblio04.fedoraproject.org)
+ - FAS to authenticate users
+ - VPN connectivity
+
+ * Things that rely on this host:
+ - Infrastructure team to be awair of the infra status. operations
control process will be affected
+ - if this host is down, it will be difficult to know the status
of infra and provide reactive/proactive support
8 years, 6 months
Meeting agenda item: Introduction Brendan Heisner
by bren
Hello! I am Brendan Heisner.
IRC handle: brensig
I live in the United States. timezone: EST.
I have several year's experience running fedora and a number of other
distros at home.
I have also worked on a semester-long class project where I had the
pleasure of being the linux "admin". Nothing major though; I did a lot
of compiling, set up a couple servers, configured the routing table, and
wrote a few bash scripts. I can also program in C, and would like to
gain experience with Python.
Much of infrastructure technology is simply really cool, and I would
like to learn more about it. It will be great to work with a team that
maintains the infrastructure for as good a project as Fedora. Also, this
will be great experience, and I'd like a job some day. ;)
I would enjoy working in virtually any area with administration; I can
also work in app development where needed. But for now, I will try to
focus on mail infrastructure.
I can contribute about 4-5 hours an average week.
Regards,
Brendan Heisner
8 years, 6 months
ansible csi group vars - dns
by Ali Khalidi
infra -
here is the diffs for csi vars for group: dns
applicable when we come out of freez.
diff --git a/inventory/group_vars/dns b/inventory/group_vars/dns
index 17da9d0..db01b32 100644
--- a/inventory/group_vars/dns
+++ b/inventory/group_vars/dns
@@ -16,3 +16,7 @@ nrpe_procs_warn: 300
nrpe_procs_crit: 500
sudoers: "{{ private }}/files/sudo/sysadmin-dns"
+
+csi_security_category: High
+csi_primary_contact: Fedora Admins - admin(a)fedoraproject.org
+csi_purpose: Domain Name Service
diff --git a/inventory/host_vars/ns02.fedoraproject.org
b/inventory/host_vars/ns02.fedoraproject.org
index ec29b7e..ffc9479 100644
--- a/inventory/host_vars/ns02.fedoraproject.org
+++ b/inventory/host_vars/ns02.fedoraproject.org
@@ -15,3 +15,19 @@ datacenter: ibiblio
ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext
ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/
+
+
+csi_relationship: |
+
+ ns02 is a master dns server.
+ It serves about every domain under fedoraproject, fedo*, as well
as others, both forward and reverse.
+
+ * This host relies on:
+ - The virthost it's hosted on (ibiblio03.fedoraproject.org)
+ - batcave for dns git and keys
+ - connectivity to maxmind to create geoIP dns acl
+
+ * Things that rely on this host:
+ - The Internet/Community to resolve everything related to fedora
and reverse-IP for allocated subnets
+ - If this host is down, dns queries will slow down by the portion
of this host to the total name servers responsible for the same domain
set.
+ - secodary/slave dns servers
diff --git a/inventory/host_vars/ns03.phx2.fedoraproject.org
b/inventory/host_vars/ns03.phx2.fedoraproject.org
index 4515d5e..669b5ff 100644
--- a/inventory/host_vars/ns03.phx2.fedoraproject.org
+++ b/inventory/host_vars/ns03.phx2.fedoraproject.org
@@ -10,3 +10,18 @@ ansible_ssh_host: ns03.phx2.fedoraproject.org
vmhost: virthost21.phx2.fedoraproject.org
datacenter: phx2
+
+csi_relationship: |
+
+ ns03 is a master dns server.
+ It serves about every domain under fedoraproject, fedo*, as well
as others, both forward and reverse.
+
+ * This host relies on:
+ - The virthost it's hosted on (virthost21.phx2.fedoraproject.org)
+ - batcave for dns git and keys
+ - connectivity to maxmind to create geoIP dns acl
+
+ * Things that rely on this host:
+ - The Internet/Community to resolve everything related to fedora
and reverse-IP for allocated subnets
+ - If this host is down, dns queries will slow down by the portion
of this host to the total name servers responsible for the same domain
set.
+ - secodary/slave dns servers
diff --git a/inventory/host_vars/ns04.phx2.fedoraproject.org
b/inventory/host_vars/ns04.phx2.fedoraproject.org
index 9c72ca9..1a4089f 100644
--- a/inventory/host_vars/ns04.phx2.fedoraproject.org
+++ b/inventory/host_vars/ns04.phx2.fedoraproject.org
@@ -10,3 +10,18 @@ ansible_ssh_host: ns04.phx2.fedoraproject.org
vmhost: virthost15.phx2.fedoraproject.org
datacenter: phx2
+
+csi_relationship: |
+
+ ns04 is a master dns server.
+ It serves about every domain under fedoraproject, fedo*, as well
as others, both forward and reverse.
+
+ * This host relies on:
+ - The virthost it's hosted on (virthost15.phx2.fedoraproject.org)
+ - batcave for dns git and keys
+ - connectivity to maxmind to create geoIP dns acl
+
+ * Things that rely on this host:
+ - The Internet/Community to resolve everything related to fedora
and reverse-IP for allocated subnets
+ - If this host is down, dns queries will slow down by the portion
of this host to the total name servers responsible for the same domain
set.
+ - secodary/slave dns servers
diff --git a/inventory/host_vars/ns05.fedoraproject.org
b/inventory/host_vars/ns05.fedoraproject.org
index 3955f44..e02f9a9 100644
--- a/inventory/host_vars/ns05.fedoraproject.org
+++ b/inventory/host_vars/ns05.fedoraproject.org
@@ -12,3 +12,18 @@ postfix_group: vpn
vmhost: internetx01.fedoraproject.org
datacenter: internetx
+
+csi_relationship: |
+
+ ns05 is a master dns server.
+ It serves about every domain under fedoraproject, fedo*, as well
as others, both forward and reverse.
+
+ * This host relies on:
+ - The virthost it's hosted on (internetx01.fedoraproject.org)
+ - batcave for dns git and keys
+ - connectivity to maxmind to create geoIP dns acl
+
+ * Things that rely on this host:
+ - The Internet/Community to resolve everything related to fedora
and reverse-IP for allocated subnets
+ - If this host is down, dns queries will slow down by the portion
of this host to the total name servers responsible for the same domain
set.
+ - secodary/slave dns servers
8 years, 6 months
Something called Eset Smart Suite blocks Fedora ISO downloads :(
by Ankur Sinha
Hiya,
A user just e-mailed me to say that something called Eset Smart Suite
blocks Fedora ISO downloads. It seems to be one of those windows
security suites. I replied saying the user probably needs to configure
the suite to permit the ISO, but I was wondering if there's anything we
can do infra side to remedy this? I'm trying to figure out how this
suite thing decides what's to be allowed and what isn't, but with it
being proprietary, it's a bit of a mess.
-------- Forwarded Message --------
<snip>
I just tried to download Fedora 23. Eset Smart Suite has the download
page flagged as on a black list and stops me from downloading the
ISO.
Thought someone in the Fedora project should know.
--<snip>
--
Thanks,
Regards,
Ankur Sinha "FranciscoD"
http://fedoraproject.org/wiki/User:Ankursinha
8 years, 6 months
[release] pkgdb2: 1.32.2
by Pierre-Yves Chibon
Good morning everyone,
I just cut a new release of pkgdb2: 1.32.2
(sounds familiar no?)
Here is the changelog:
* Thu Nov 05 2015 Pierre-Yves Chibon <pingou(a)pingoured.fr> - 1.32.2-1
- Update to 1.32.2
- Fix showing the link to the detail view of the action on the page listing them
This is happily running in stg and prod :)
Happy packaging,
Pierre
8 years, 6 months
Plan for thursday's Fedora Infrastructure meeting - 2015-11-05
by Kevin Fenzi
The infrastructure team will be having it's weekly meeting tomorrow,
2015-10-15 at 18:00 UTC in #fedora-meeting on the freenode network.
We have a gobby document
(see: https://fedoraproject.org/wiki/Gobby )
NOTE: Gobby has changed, we are now using gobby05 and infinote. :)
fedora-infrastructure-meeting-next is the document.
Please try and review and edit that document before the meeting and we
will use it to have our agenda of things to discuss. A copy as of today
is included in this email.
If you have something to discuss, add the topic to the discussion area
with your name. If you would like to teach other folks about some
application or setup in our infrastructure, please add that topic and
your name to the learn about section.
kevin
--
= Introduction =
This shared document is for the next fedora infrastructure meeting.
We will use it over the week before the meeting to gather status and
info and discussion items and so forth, then use it in the irc meeting
to transfer information to the meetbot logs.
= Meeting start stuff =
#startmeeting Infrastructure (2015-11-05)
#meetingname infrastructure
#topic aloha
#chair smooge relrod nirik abadger1999 lmacken dgilmore mdomsch threebean pingou puiterwijk pbrobinson
#topic New folks introductions / Apprentice feedback
= Status / information / Trivia / Announcements =
(We put things here we want others on the team to know, but don't need to discuss)
(Please use #info <the thing> - your name)
#topic announcements and information
#info 🌭 🌭 Fedora 23 is released! 🌭 🌭 - everyone
#info REMINDER: apprentice work day 2015-11-18. Join us - everyone
#info REMINDER: nov apprentice status email went out, please reply - all apprentices
#info Nasty power outage last saturday at phx2, many thanks to Patrick for handling it.
#info mailman3 migrations possibly resuming nov 16th - abompard
= Things we should discuss =
We use this section to bring up discussion topics. Things we want to talk about
as a group and come up with some consensus or decision or just brainstorm a
problem or issue. If there are none of these we skip this section.
(Use #topic your discussion topic - your username)
#topic fas3 plans - pingou/xavier/kevin
#topic mirror lists migration from @redhat.com - kevin/smooge
= Learn about some application or setup in infrastructure =
(This section, each week we get 1 person to talk about an application or setup
that we have. Just going over what it is, how to contribute, ideas for improvement,
etc. Whoever would like to do this, just add the info in this section. In the
event we don't find someone to teach about something, we skip this section
and just move on to open floor.)
Schedule:
2015-11-05 - Learn about buildbot - tflink
2015-11-12 - Learn about mdapi - pingou
2015-11-19 - Learn about apprentices - nirik and aikidouke
2015-12-03 - Learn about squid - nirik
#topic Learn about: buildbot - tflink
= Meeting end stuff =
#topic Open Floor
#endmeeting
8 years, 6 months
Fedora 23 Final Freeze now in effect
by Kevin Fenzi
Greetings.
we are now in the infrastructure freeze leading up to the Fedora 23
Final release. This is a final release freeze.
This means that hosts that are marked as freezing should not have any
changes made to them except as part of a freeze break request
(see below)
We do this to make sure that our infrastructure is stable to allow for
building/composing/testing and distributing Fedora 23. This
freeze will end 1 day after Fedora 23 is released.
(Currently scheduled for 2015-10-27)
Freeze breaks should be sent to this list, clearly describing the
planned change and include patches (if applicable). Freeze breaks
should not be applied until they have gotten at least 2 +1's from
members of sysadmin-main and/or releng groups.
You can see a list of hosts that do not freeze by checking out the
ansible repo and running the freezelist script:
git clone http://infrastructure.fedoraproject.org/infra/ansible.git
scripts/freezelist -i inventory
Thanks,
kevin
8 years, 6 months
[release] pkgdb2: 1.32
by Pierre-Yves Chibon
Good morning everyone,
I just cut a new release of pkgdb2: 1.32
Here is the (large) changelog:
* Tue Nov 03 2015 Pierre-Yves Chibon <pingou(a)pingoured.fr> - 1.32-1
- Update to 1.32
- Change the cursor when hovering over the monitoring buttons logged out
(Devyani Kota)
- Make the list of admin requests sortable (Vivek Anand)
- Start a FAQ in the doc for frequently asked question (Devyani Kota)
- Fix pagination in the `My requests` page and the unit-tests
- Add a new API endpoint to request package to be added to pkgdb
- Add a new API endpoint to request a new branch to a package
- Adjust the icons used to show the collection's status
- Only automatically update 'Awaiting Review' ACL requests
- Add an allow_retire flag to collections so that the collection status can
remain reflecting the actual status of the collection
- Allow restricting the VCS output information to a specific branch in the API
- Fix showing the 'Ask un-retirement' button on the package page
- Fix filtering the collections when listing them in the API
- Register and show the date of the last update of a collection
- Ignore the retired branch when requesting ACLs in batch (via the UI)
This is currently, happily, running in stg. I'll wait for the end of the freeze
to push it to prod (so sometime tomorrow I guess).
Have a nice day and happy packaging!
Pierre
8 years, 6 months