Re: Ansible question
On Wed, 28 Jan 2015 23:12:02 +0100 Maciej Lasyk docent@gmail.com wrote: Wouldn't it be more secure to use Vault here? We don't actually use vault at all. It would require (as far as I know) everyone to know the password. Instead we keep private stuff in private vars files. kevin pgpNPZ0XJIaP_.pgp Description: OpenPGP digital signature ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Re: Ansible question
On Wed, 28 Jan 2015 16:57:56 +0100 Miroslav Suchý msu...@redhat.com wrote: ...snip... Is there way to mask the output (using -name or something) so the password is not print to console? Sadly, I don't know of any way to do that. ;( It does sound like something that would be a nice feature... Perhaps it could be done in a handler? kevin pgpHeET5RdGlv.pgp Description: OpenPGP digital signature ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Plan for tomorrow's Fedora Infrastructure meeting (2015-01-29)
The infrastructure team will be having it's weekly meeting tomorrow, 2015-01-29 at 18:00 UTC in #fedora-meeting on the freenode network. Suggested topics: #topic New folks introductions and Apprentice tasks. If any new folks want to give a quick one line bio or any apprentices would like to ask general questions, they can do so in this part of the meeting. Don't be shy! #topic Applications status / discussion Check in on status of our applications: pkgdb, fas, bodhi, koji, community, voting, tagger, packager, dpsearch, etc. If there's new releases, bugs we need to work around or things to note. #topic Sysadmin status / discussion Here we talk about sysadmin related happenings from the previous week, or things that are upcoming. #topic nagios/alerts recap Here we go over the last weeks alerts and see if we can find ways to make it so they don't happen again. #topic Upcoming Tasks/Items https://apps.fedoraproject.org/calendar/list/infrastructure/ #topic Open Floor Submit your agenda items, as tickets in the trac instance and send a note replying to this thread. More info here: https://fedoraproject.org/wiki/Infrastructure/Meetings#Meetings Thanks kevin pgpMp3iwcA02p.pgp Description: OpenPGP digital signature ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Re: Great Infrastructure projects status roundup
On Wed, 28 Jan 2015 18:01:59 +0100 Pierre-Yves Chibon pin...@pingoured.fr wrote: After some more fighting: is working: - shell access for admins - fedpkg clone, pull, push - Fails on package on which user does not have the ACLs - Fails on branches not allowed - Fails on branches named origin/... - cgit: http://pkgs.stg.fedoraproject.org/cgit/ - fedpkg new-sources / sources All this with SELinux enabled. Hurray! Fails: - fedmsg-genacls.sh - fedmsg messages sent after an upload Of the two, the last one at least is still SELinux related, no clue for the first one. So if we want to move it along, we can run w/o SELinux for the moment (as we do currently) or wait some more to debug/fix things. I'd really like to have selinux enabled on it. If we can't figure it out, perhaps we could ask Dan Walsh to take a look? Thanks to Mathieu and tfirg on #selinux for the great help on this work! Yes, thanks for all your work on this... exciting to get nearer to deploying. kevin pgpeI7fvLEBT7.pgp Description: OpenPGP digital signature ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Ansible question
I have this ansible snippet: - name: Create users keystone_user: login_user=admin login_password={{ ADMIN_PASS }} login_tenant_name=admin user={{ item.name }} email={{ item.email }} tenant={{ item.tenant }} password={{ item.password }} state=present with_items: - { name: kevin, email: 'ke...@fedoraproject.org', tenant: infrastructure, password: {{kevin_password}} } - { name: laxathom, email: 'laxat...@fedoraproject.org', tenant: infrastructure, password: {{laxathom_password}} } But when I run it it produce: TASK: [Create users] ** changed: [fed-cloud09.cloud.fedoraproject.org] = (item={'password': u'', 'name': 'kevin', 'tenant': 'infrastructure', 'email': 'ke...@fedoraproject.org'}) changed: [fed-cloud09.cloud.fedoraproject.org] = (item={'password': u'', 'name': 'laxathom', 'tenant': 'infrastructure', 'email': 'laxat...@fedoraproject.org'}) Is there way to mask the output (using -name or something) so the password is not print to console? -- Miroslav Suchy, RHCE, RHCDS Red Hat, Senior Software Engineer, #brno, #devexp, #fedora-buildsys ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Re: Ansible question
Wouldn't it be more secure to use Vault here? Cheers, Maciej Lasyk GPG key ID: 4FED49C5 GPG public key: http://maciek.lasyk.info/gpg_maciej_lasyk.asc On Wed, Jan 28, 2015 at 4:57 PM, Miroslav Suchý msu...@redhat.com wrote: I have this ansible snippet: - name: Create users keystone_user: login_user=admin login_password={{ ADMIN_PASS }} login_tenant_name=admin user={{ item.name }} email={{ item.email }} tenant={{ item.tenant }} password={{ item.password }} state=present with_items: - { name: kevin, email: 'ke...@fedoraproject.org', tenant: infrastructure, password: {{kevin_password}} } - { name: laxathom, email: 'laxat...@fedoraproject.org', tenant: infrastructure, password: {{laxathom_password}} } But when I run it it produce: TASK: [Create users] ** changed: [fed-cloud09.cloud.fedoraproject.org] = (item={'password': u'', 'name': 'kevin', 'tenant': 'infrastructure', 'email': 'ke...@fedoraproject.org'}) changed: [fed-cloud09.cloud.fedoraproject.org] = (item={'password': u'', 'name': 'laxathom', 'tenant': 'infrastructure', 'email': 'laxat...@fedoraproject.org'}) Is there way to mask the output (using -name or something) so the password is not print to console? -- Miroslav Suchy, RHCE, RHCDS Red Hat, Senior Software Engineer, #brno, #devexp, #fedora-buildsys ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Re: Can not use mirrorlist with RHEL $releasever (bz#1175566)
On 01/08/2015 11:13 PM, Ian Wienand wrote: Hi, I'd like to try and find the/a person who could help out with [1]. EPEL version updates are a fairly constant annoyance that causes issues with CI systems in upstream openstack when the version updates. As described in the bug, I'd really like to just setup a .repo file with http://mirrors.fedoraproject.org/mirrorlist?repo=epel-$releaseverarch=$basearch to install epel-release and things should just work to always grab the latest release. However [6|7]Server, as given in $releasever by RHEL/Centos, don't work as a path. Any suggestions on how we can get this fixed? I have been facing this in Copr and mock where you was unable to set additional repos for project because: https://copr-be.cloud.fedoraproject.org/results/foo/bar/epel-$releasever-$basearch/ was expanded to {6,7}Server as you stated. The only solution is to create your own maping and pass it to yum using --releasever In mock I done it that e.g. /etc/mock/epel-6-x86_64.cfg has config_opts['releasever'] = '6' and mock have this defined for every chroot config and pass this value to --releasever of yum/dnf. This way you can actually pass to mockchain --addrepo='https://copr-be.cloud.fedoraproject.org/results/foo/bar/epel-$releasever-$basearch/' and it will work as expected. I'm not sure if this will help you in your specific case thou. -- Miroslav Suchy, RHCE, RHCDS Red Hat, Senior Software Engineer, #brno, #devexp, #fedora-buildsys ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
[PATCH] Remove davej RH address from kernel-team emails
--- roles/fas_client/files/aliases.template|2 +- roles/fas_client/files/aliases.template.mailserver |2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/fas_client/files/aliases.template b/roles/fas_client/files/aliases.template index fafc724..88ef746 100644 --- a/roles/fas_client/files/aliases.template +++ b/roles/fas_client/files/aliases.template @@ -260,7 +260,7 @@ fedora-docker-trusted: scollier,lsm5,mattdm fedoraqa-devel-admin: tflink,kparal,mkrizek # fedora kernel aliases -kernel-team: da...@redhat.com,jwbo...@redhat.com,jfor...@redhat.com +kernel-team: jwbo...@redhat.com,jfor...@redhat.com kernel-maint: kernel-ma...@redhat.com lvm-team: lvm-t...@redhat.com fedora-kernel-acpi: a...@linux.intel.com,len.br...@intel.com,mj...@srcf.ucam.org diff --git a/roles/fas_client/files/aliases.template.mailserver b/roles/fas_client/files/aliases.template.mailserver index a17aad7..4553039 100644 --- a/roles/fas_client/files/aliases.template.mailserver +++ b/roles/fas_client/files/aliases.template.mailserver @@ -264,7 +264,7 @@ fedora-docker-trusted: scollier,lsm5,mattdm fedoraqa-devel-admin: tflink,kparal,mkrizek # fedora kernel aliases -kernel-team: da...@redhat.com,jwbo...@redhat.com,jfor...@redhat.com +kernel-team: jwbo...@redhat.com,jfor...@redhat.com kernel-maint: kernel-ma...@redhat.com lvm-team: lvm-t...@redhat.com fedora-kernel-acpi: a...@linux.intel.com,len.br...@intel.com,mj...@srcf.ucam.org -- 1.7.2.1 ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Remove invalid address from kernel-team alias
Since davej isn't at Red Hat any longer, this patch removes his old address from the kernel-team alias. ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Re: Great Infrastructure projects status roundup
On Mon, Jan 26, 2015 at 04:12:31PM +0100, Mathieu Bridon wrote: On Fri, 2015-01-23 at 14:10 +0100, Pierre-Yves Chibon wrote: Since it seems to us that all is now fixed and ready, we are re-building the host from scratch and then all that is left is: testing :) So Pierre-Yves finished rebuilding the host and syncing some git data on it from prod. And things just work. :) So far, I've tested: * shell access for admins (works for Pierre-Yves from sysadmin-main, works for me from sysadmin-noc) * fedpkg clone/push, verifying that push fails for packages I don't have acls on * git push of branches starting with origin/, which is supposed to fail (https://fedorahosted.org/rel-eng/ticket/4071) Still needs to be tested: * cgit seems to not see any package * fedpkg sources / new-sources fail (looking into this right now) After some more fighting: is working: - shell access for admins - fedpkg clone, pull, push - Fails on package on which user does not have the ACLs - Fails on branches not allowed - Fails on branches named origin/... - cgit: http://pkgs.stg.fedoraproject.org/cgit/ - fedpkg new-sources / sources All this with SELinux enabled. Fails: - fedmsg-genacls.sh - fedmsg messages sent after an upload Of the two, the last one at least is still SELinux related, no clue for the first one. So if we want to move it along, we can run w/o SELinux for the moment (as we do currently) or wait some more to debug/fix things. Thanks to Mathieu and tfirg on #selinux for the great help on this work! Pierre ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure