List of Infrastructure hosts with no CSI vars
by Zach Villers
arm-packager
arm-qa
atomichw
bastion
beaker
beaker-stg
beaker-virthosts
bkernel
blockerbugs
blockerbugs-stg
bodhi-backend
buildaarch64
buildarm
buildhw
buildppc
buildppc64
buildppcle
buildvm
buildvmhost
buildvm-ppc64
buildvm-ppc64le
buildvm-stg
busgateway
busgateway-stg
bvirthost
cloud-hardware
composers
composers-stg
copr
copr-back
copr-back-stg
copr-dist-git
copr-dist-git-stg
copr-front
copr-front-stg
copr-keygen
copr-keygen-stg
copr-stg
darkserver
datagrepper
datagrepper-stg
dev
dhcp
docs-backend
download-ib
download-phx2
download-rdu2
elections
elections-stg
existgrpvar.sh
existgrpvar.sh~
fas
fas-stg
fedimg
fedimg-stg
fedocal
fedocal-stg
gallery
gallery-stg
github2fedmsg
github2fedmsg-stg
hosted
hotness
hotness-stg
ipsilon
ipsilon-stg
jenkins-master
jenkins-slave
kernel-qa
kerneltest
kerneltest-stg
keys
koji
koji-not-yet-ansibilized
koji-stg
lockbox
mailman
mailman-stg
mdapi
mdapi-stg
memcached
memcached-stg
mirrorlist2
mirrorlist2-stg
mm
mm-stg
notifs-backend
notifs-backend-stg
notifs-web
notifs-web-stg
nuancier
nuancier-stg
openqa
openqa-stg
openqa-stg-workers
openqa-workers
openstack-compute
osbs-stg
OSv3
packages
packages-stg
paste
paste-stg
persistent-cloud
pkgdb
pkgdb-stg
pkgs
pkgs-stg
postgresql-server
qadevel
qa-stg
releng
releng-compose
resultsdb-dev
resultsdb-prod
resultsdb-stg
retrace
secondary
sign-bridge
sign-vault
smtp-mm
staging
statscache-backend
statscache-backend-stg
statscache-web
statscache-web-stg
summershum
summershum-stg
sundries
sundries-stg
tagger
tagger-stg
taskotron-dev
taskotron-dev-client-hosts
taskotron-dev-clients
taskotron-prod
taskotron-prod-clients
taskotron-stg
taskotron-stg-clients
twisted-buildbots
unbound
virthost
virthost-comm
wiki
wiki-stg
8 years
csi vars patch for buildvm-stg
by Zach Villers
From 0b7de7eb5e265b0d2cd6f2727c4de74a47903c3d Mon Sep 17 00:00:00 2001
From: aikidouke <zachvatwork(a)gmail.com>
Date: Wed, 18 Nov 2015 22:53:56 +0000
Subject: [PATCH] csi vars buildvm-stg
---
inventory/group_vars/buildvm-stg | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/inventory/group_vars/buildvm-stg b/inventory/group_vars/buildvm-stg
index 38488d1..c184c88 100644
--- a/inventory/group_vars/buildvm-stg
+++ b/inventory/group_vars/buildvm-stg
@@ -29,3 +29,15 @@ nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid"
koji_server_url: "http://koji.stg.fedoraproject.org/kojihub"
koji_weburl: "http://koji.stg.fedoraproject.org/koji"
koji_topurl: "http://kojipkgs.stg.fedoraproject.org/"
+# These variables are pushed into /etc/system_identification by the base role.
+# Groups and individual hosts should ovveride them with specific info.
+# See http://infrastructure.fedoraproject.org/csi/security-policy/
+
+csi_security_category: High
+csi_primary_contact: Fedora Admins - admin(a)fedoraproject.org
+csi_purpose: Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders (staging).
+csi_relationship: |
+ * VMs built on top of buildvmhost
+ * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios
+ * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver.
+ * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new
--
1.8.3.1
8 years
added csi vars for buildvm
by Zach Villers
From 7bea8a422050d992e6d3f13d2feb9899e712968c Mon Sep 17 00:00:00 2001
From: aikidouke <zachvatwork(a)gmail.com>
Date: Wed, 18 Nov 2015 22:32:33 +0000
Subject: [PATCH] added csi vars buildvm
---
inventory/group_vars/buildvm | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/inventory/group_vars/buildvm b/inventory/group_vars/buildvm
index 78e5540..a050c07 100644
--- a/inventory/group_vars/buildvm
+++ b/inventory/group_vars/buildvm
@@ -29,3 +29,12 @@ sudoers: "{{ private }}/files/sudo/arm-releng-sudoers"
koji_server_url: "http://koji.fedoraproject.org/kojihub"
koji_weburl: "http://koji.fedoraproject.org/koji"
koji_topurl: "http://kojipkgs.fedoraproject.org/"
+
+csi_security_category: High
+csi_primary_contact: Fedora Admins - admin(a)fedoraproject.org
+csi_purpose: Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders.
+csi_relationship: |
+ * VMs built on top of buildvmhost
+ * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios
+ * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver.
+ * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new
--
1.8.3.1
8 years
CSI group_vars patch for beaker
by simon Quain
Hi,
First patch, thanks to #fedora-admin who gave advice.
I hope this is ok.
Simon
diff --git a/inventory/group_vars/beaker b/inventory/group_vars/beaker
index 1f46194..336ef5a 100644
--- a/inventory/group_vars/beaker
+++ b/inventory/group_vars/beaker
@@ -13,3 +13,17 @@ nrpe_procs_warn: 250
nrpe_procs_crit: 300
freezes: false
+
+# These variables are pushed into /etc/system_identification by the base role.
+# Groups and individual hosts should ovveride them with specific info.
+# See http://infrastructure.fedoraproject.org/csi/security-policy/
+
+csi_security_category: Low
+csi_primary_contact: Fedora Admins - admin(a)fedoraproject.org
+csi_purpose: Manage and automate labs of test computers
+csi_relationship: There are a couple of things running here.
+
+* beaker lab controller which serves files for network booting, monitors
+ console logs, and executes fence commands to reboot systems.
+* tftp server run by the lab controller for pxe booting provisioned systems
+* libvirt for virtualization capabilities
8 years
buildvmhost csi vars patch
by Zach Villers
From 2484398fe62ac01a6111bf54a43b44ebec5ea29f Mon Sep 17 00:00:00 2001
From: aikidouke <zachvatwork(a)gmail.com>
Date: Wed, 18 Nov 2015 21:44:17 +0000
Subject: [PATCH] buildvmhost csi vars with tabs removed
---
inventory/group_vars/buildvmhost | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/inventory/group_vars/buildvmhost b/inventory/group_vars/buildvmhost
index d34cfdb..2c850a5 100644
--- a/inventory/group_vars/buildvmhost
+++ b/inventory/group_vars/buildvmhost
@@ -1,3 +1,15 @@
---
nrpe_procs_warn: 900
nrpe_procs_crit: 1000
+
+# These variables are pushed into /etc/system_identification by the base role.
+# Groups and individual hosts should ovveride them with specific info.
+# See http://infrastructure.fedoraproject.org/csi/security-policy/
+
+csi_security_category: High
+csi_primary_contact: Fedora Admins - admin(a)fedoraproject.org
+csi_purpose: Koji service employs a set of virtual machines to build packages for the Fedora project. This playbook is for the provisioning of a physical host for buildvm's.
+csi_relationship: |
+ * Relies on ansible, virthost, and is monitored by nagios
+ * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver.
+ * Builder vm's are hosted on hosts created with this playbook.
--
1.8.3.1
8 years
Meeting Agenda Item: Introduction Ales Petrovicky
by Aleš Petrovický
Hello Fedora Admins,
my name is Ales Petrovicky and Iam from Czech Republic. Iam working as
System administrator for group of hoding companies. My favourite
distributions are Redhat Enterprise Linux and its derivates. Iam using
Fedora at my notebook and desktop computer. My passion is high
availability, load balancing, clusters, security, performance tunning
and learning about new technologies and software.
I would like to help community with my experiences in system
administration to make Fedora systems running as best as posible with
minimal or none outage. Also improve my admin skills, learn something
new, improve my language skills, meet new people and share knowledge and
problems with them.
What skills I can offer?
I will try to describe shortly: DNS, web servers (especialy Nginx and
Apache), Load balancers (like Haproxy, Keepalived+LVS,...),
virtualization (OpenVZ, Libvirt, Qemu,...) with high availability, RHCS
(rgmanager and pacemaker), Kubernetes, Docker, Storage systems like
NetApp, Ceph, databases (Mysql/MariDB, Galera Cluster, percona tools,
Firebird), monitoring (Zabbix, Nagios), orchestration (Saltstack, now
Iam reading about Ansible), VPN servers (OpenVPN, IPSec), Filesystems,
snapshots and partitioning, Firewalling (Iptables, Firewalld, BSD Packet
Filter), OpenBSD as router/firewall, DRBD, basic OpenStack skills, bash
scripting and also some programing skills, especialy PHP, basic
knowledge about Java and Python programming, ...uff maybe something
else, but I cant remember about it now :)
My new IRC nick is: aldapetr
Iam looking forward to join Fedora community!
Ales
8 years
Meeting Agenda Item: Introduction Ladislav Novak
by Ladislav Novák
Name: Ladislav Novák
TImezone: UTC/GMT + 1 hour / Czech Republic
IRC: ladisone
I can offer this skills:
System administrations
Webservers(Apache, Nginx)
VPN(Ipsec, OpenVPN)
DataBase(MySQL, PostgreSQL, Redis, MariDB, MariaDB-Gallera)
Mailserver(Postfix, Dovecot, Sieve, Webmail, Amavis, Postgrey, DKIM,
SPF, Postmulti, )
Virtualization(KVM, OpenVZ, VirtualBox, Docker, VMWare)
DNS(Bind, PowerDNS, DNSmasq)
Cluster(cman, rgmanager, pacemaker, corosync, clvm)
Sotrage(DRBD, CEPHS, NFS, ISCSI)
FreeBSD Jails
Firewall(Iptables, Packet Filter)
Monitoring(Zabbix, Nagios)
Programing Language(Bash, Python, Ruby)
LoadBalancing(Haproxy)
Orchestration(SaltStack, Ansible, Puppet)
Kubernetes
Basic Openstack
Would like to deepen their knowledge in the areas of server, Linux and
programming. Further improve their communication skills in English.
L.
8 years
[release] pagure: 0.1.33
by Pierre-Yves Chibon
Good morning everyone,
I just cut a new pagure release: 0.1.33
Here is the changelog:
* Fri Nov 20 2015 Pierre-Yves Chibon <pingou(a)pingoured.fr> - 0.1.33-1
- Update to 0.1.33
- Prevent project with a name starting with a non-alphanumerical character
(Farhaanbukhsh)
- Ensure we appropriately set the private flag when creating an issue
- Add an activity graph on the user profile using datagrepper
- Sometime the identified we get is a Tag, not a commit (fixes traceback
received by email)
- Order the PR from the most recent to the oldest
- Fix the patch view of a PR when we cannot find one of the commit (fixes
traceback received by email)
- Allow user that are not admin to create a remote pull-request
- Fix closing the EV server by calling the appropriate variable
- Fix generating the diff of remote pull-request
Among the cool features, Ralph added an activity graph on the user page based on
datagrepper: https://pagure.io/user/ralph (at the bottom)
Most of the other changes are bug fixes :)
Thanks to all the contributors and happy hacking!
Pierre
8 years
FAS2 to FAS3 DB migration - state and questions
by Pierre-Yves Chibon
Good morning everyone,
I started looking at what it will take to migrate data from FAS2 to FAS3.
Here are my findings.
First of all the DB schemas:
FAS2: http://ambre.pingoured.fr/public/FAS2.png
FAS3: http://ambre.pingoured.fr/public/FAS3.png
* Tables to delete in FAS2:
- session
- migration_version
- visit
- vistit_identity
- configs
- requests
- samadhi_associations
- samadhi_nonces
- group_roles
* Tables of FAS2 I do not know what to do with:
- Log
We have some logs in the DB, we might be able to convert them but the amount
of information missing for the new log table (people_activity_log) might not
make it worth
- bugzilla_queue
There are a few entries in there, but I do not know what it is meant for nor
used by
* Tables to migrate
- person_roles -> group_membership in FAS3
- person_roles_fpca -> group_membership in FAS3
-> I guess created when we changed from CLA to FPCA so to be merged in the
same one as above
- groups -> group in FAS3
- people -> people in FAS3
* Fields that changed
people
username : FAS2 = varchar(32) -> FAS3 = varchar(255)
fullname : FAS2 = human_name -> FAS3 = fullname
avatar : FAS2 = blog_avatar? -> FAS3 = avatar
password : FAS2 = varchar(127) -> FAS3 = text
gpg_id : FAS2 = gpg_id -> FAS3 = gpg_keyid
emailtoken: FAS2 = emailtoken -> FAS3 = email_token
passwordtoken: FAS2 = passwordtoken -> FAS3 = password_token
status : FAS2 = text -> FAS3 = int
alias_enabled: FAS2 = alias_enabled -> FAS3 = email_alias
last_seen : FAS2 = last_seen -> FAS3 = last_logged
group
name : FAS2 = varchar(32) -> FAS3 = varchar(40)
url : FAS2 = url -> FAS3 = web_link
groupe_type: FAS2 = varchar(16) -> FAS3 = int (Foreign Key)
creation : FAS2 = creation -> FAS3 = created
joinmsg : FAS2 = joinmsg -> FAS3 = join_msg
user_can_remove: FAS2 = user_can_remove -> FAS3 = self_removal
For this table I have a problem with these fields in FAS3:
``need_approval`` and ``requires_sponsorship``?
What is the difference? Which corresponds to ``needs_sponsor``?
group_membership
role_type: FAS2 = role_type (text) -> FAS3: role (int)
role_status: FAS2 = role_status (text)-> FAS3: status (int)
sponsor_id: FAS2 = sponsor_id -> FAS3: sponsor
person_id: FAS2 = person_id -> FAS3: people_id
creation: FAS2 = creation -> FAS3: creation_timestamp
approval: FAS2 = approval -> FAS3: approval_timestamp
Xavier, could you confirm that this mapping is correct? Should we look into
being a little closer to the FAS2 model? (For example in the group_membership
table)
Also for change such as the length of the password field, since we hash the
password, does it make sense to use a text field there since they will all be
of the same size?
Then there is the question of the integer-based status (in the `people` table
and in the `group_membership` table). Is the mapping documented somewhere?
Does it fit with the old status model?
Another question will be regarding the certificates, Xavier, will we be able to
migrate certificates information to the new tables?
This is without checking the changes in unique constraints where we might have
a few other surprises.
The rest should be straight forward though:
-> Delete the old tables
-> Create the new ones
-> Add the new fields
-> Rename the fields we agree to rename
-> Update data structure (varchar -> int)
-> Adjust constraints (cf above)
Have a nice day,
Pierre
8 years
[release] mdapi: 2.1 and 2.2
by Pierre-Yves Chibon
Good Morning,
I just cut two new releases for mdapi: 2.1 and 2.2
Here are the corresponding changelog:
* Thu Nov 19 2015 Pierre-Yves Chibon <pingou(a)pingoured.fr> - 2.2-1
- Update to 2.2
- Fix typo in the cron job
* Thu Nov 19 2015 Pierre-Yves Chibon <pingou(a)pingoured.fr> - 2.1-1
- Update to 2.1
- Drop un-used import
- Fix prettifying the JSON only on demand
Happily running in stg and prod :)
Enjoy,
Pierre
8 years
