Re: FBR: Set resultsdb wsgi to normal values
Thank you for the patch. This needs to be 'fixed' later to use the wsgi_* variables that other services use. On 17 March 2017 at 21:13, Patrick Uiterwijkwrote: > Hi, > > Can I get retroactive +1s for the patch? > This drops the number of threads and processes down to normal limits: > having 200 * 20 + 100 * 10 = 5000 threads for wsgi is... not going to > work. > > Patrick > > > > commit 66172d7738bbee3749520b025a24b8930e5fd2c0 > Author: Patrick Uiterwijk > Date: Sat Mar 18 01:11:30 2017 + > > Use sane values for processess and threads for resultsdb > > Signed-off-by: Patrick Uiterwijk > > diff --git a/roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2 > b/roles/taskotron/resultsdb-backend/templat > index c3f4d5c..dcec940 100644 > --- a/roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2 > +++ b/roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2 > @@ -1,5 +1,5 @@ > {% if deployment_type in ['stg', 'prod'] %} > -WSGIDaemonProcess resultsdb user=apache group=apache threads=200 processes=20 > +WSGIDaemonProcess resultsdb user=apache group=apache threads=20 processes=4 > {% else %} > WSGIDaemonProcess resultsdb user=apache group=apache threads=5 > {% endif %} > diff --git > a/roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2 > b/roles/taskotron/resultsdb-front > index e71cf58..a6b3596 100644 > --- a/roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2 > +++ b/roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2 > @@ -1,5 +1,5 @@ > {% if deployment_type in ['stg', 'prod'] %} > -WSGIDaemonProcess resultsdb_frontend user=apache group=apache > threads=100 processes=10 > +WSGIDaemonProcess resultsdb_frontend user=apache group=apache > threads=20 processes=4 > {% else %} > WSGIDaemonProcess resultsdb_frontend user=apache group=apache threads=5 > {% endif %} > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org -- Stephen J Smoogen. ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
FBR: Set resultsdb wsgi to normal values
Hi, Can I get retroactive +1s for the patch? This drops the number of threads and processes down to normal limits: having 200 * 20 + 100 * 10 = 5000 threads for wsgi is... not going to work. Patrick commit 66172d7738bbee3749520b025a24b8930e5fd2c0 Author: Patrick UiterwijkDate: Sat Mar 18 01:11:30 2017 + Use sane values for processess and threads for resultsdb Signed-off-by: Patrick Uiterwijk diff --git a/roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2 b/roles/taskotron/resultsdb-backend/templat index c3f4d5c..dcec940 100644 --- a/roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2 +++ b/roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2 @@ -1,5 +1,5 @@ {% if deployment_type in ['stg', 'prod'] %} -WSGIDaemonProcess resultsdb user=apache group=apache threads=200 processes=20 +WSGIDaemonProcess resultsdb user=apache group=apache threads=20 processes=4 {% else %} WSGIDaemonProcess resultsdb user=apache group=apache threads=5 {% endif %} diff --git a/roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2 b/roles/taskotron/resultsdb-front index e71cf58..a6b3596 100644 --- a/roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2 +++ b/roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2 @@ -1,5 +1,5 @@ {% if deployment_type in ['stg', 'prod'] %} -WSGIDaemonProcess resultsdb_frontend user=apache group=apache threads=100 processes=10 +WSGIDaemonProcess resultsdb_frontend user=apache group=apache threads=20 processes=4 {% else %} WSGIDaemonProcess resultsdb_frontend user=apache group=apache threads=5 {% endif %} ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: FBR: Update Pagure, Anitya and Piwik to use secure cipher set
Are the files also moved to the correct template directory or are they there already? If they are there already +1 On 17 March 2017 at 20:07, Patrick Uiterwijkwrote: > Turns out I'll need a follow-up... > > Can I get +!s to also apply the following to make this actually work? > > Moved roles/anitya/frontend/files/0_releasemonitoring.conf -> > roles/anitya/frontend/templates/0_releasemonitoring.conf > Moved roles/piwik/files/piwik-httpd.conf -> > roles/piwik/templates/piwik-httpd.conf > > > commit 10300f667f81c690c68368bad66a2e03d8d1d1d8 > Author: Patrick Uiterwijk > Date: Fri Mar 17 23:51:08 2017 + > > Move piwik and anity configs to templates > > Signed-off-by: Patrick Uiterwijk > > diff --git a/roles/anitya/frontend/tasks/main.yml > b/roles/anitya/frontend/tasks/main.yml > index 58f1bcf..af6e6ea 100644 > --- a/roles/anitya/frontend/tasks/main.yml > +++ b/roles/anitya/frontend/tasks/main.yml > @@ -46,7 +46,7 @@ >- anitya_frontend > > - name: Install the configuration file to activate https > - copy: > > + template: > > src={{ item }} dest=/etc/httpd/conf.d/{{ item }} > owner=root group=root mode=0644 >with_items: > > diff --git a/roles/piwik/tasks/main.yml b/roles/piwik/tasks/main.yml > index ce45685..f63dfeb 100644 > --- a/roles/piwik/tasks/main.yml > +++ b/roles/piwik/tasks/main.yml > @@ -9,7 +9,7 @@ >- piwik > > - name: set up http configs for piwik > - copy: src={{ item }} dest=/etc/httpd/conf.d/{{ item }} > + template: src={{ item }} dest=/etc/httpd/conf.d/{{ item }} > owner=root group=root mode=0644 >with_items: >- piwik-httpd.conf > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org -- Stephen J Smoogen. ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: FBR: Update Pagure, Anitya and Piwik to use secure cipher set
+1 sorry for not noticing that on the first patch. ;( kevin signature.asc Description: This is a digitally signed message part ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: Freeze break: set pagure serveradmin
+1 On 17 March 2017 at 15:56, Kevin Fenziwrote: > This is a simple little tweak that fixes pagure saying: > > "Contact root@localhost" when it emits a 500 error. > > This would fix ticket: > https://pagure.io/fedora-infrastructure/issue/5906 > > +1s? > > kevin > -- > diff --git a/roles/pagure/frontend/templates/0_pagure.conf > b/roles/pagure/frontend/templates/0_pagure.conf > index 6350c5f..a7b7e70 100644 > --- a/roles/pagure/frontend/templates/0_pagure.conf > +++ b/roles/pagure/frontend/templates/0_pagure.conf > @@ -61,6 +61,8 @@ WSGIDaemonProcess paguredocs user=git group=git > maximum-requests=1000 display-na > >WSGIScriptAlias / /var/www/pagure.wsgi > > + ServerAdmin ad...@fedoraproject.org > + >SSLEngine on >SSLProtocol all -SSLv2 -SSLv3 ># Use secure TLSv1.1 and TLSv1.2 ciphers > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org > -- Stephen J Smoogen. ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: FBR: Update Pagure, Anitya and Piwik to use secure cipher set
Turns out I'll need a follow-up... Can I get +!s to also apply the following to make this actually work? Moved roles/anitya/frontend/files/0_releasemonitoring.conf -> roles/anitya/frontend/templates/0_releasemonitoring.conf Moved roles/piwik/files/piwik-httpd.conf -> roles/piwik/templates/piwik-httpd.conf commit 10300f667f81c690c68368bad66a2e03d8d1d1d8 Author: Patrick UiterwijkDate: Fri Mar 17 23:51:08 2017 + Move piwik and anity configs to templates Signed-off-by: Patrick Uiterwijk diff --git a/roles/anitya/frontend/tasks/main.yml b/roles/anitya/frontend/tasks/main.yml index 58f1bcf..af6e6ea 100644 --- a/roles/anitya/frontend/tasks/main.yml +++ b/roles/anitya/frontend/tasks/main.yml @@ -46,7 +46,7 @@ - anitya_frontend - name: Install the configuration file to activate https - copy: > + template: > src={{ item }} dest=/etc/httpd/conf.d/{{ item }} owner=root group=root mode=0644 with_items: diff --git a/roles/piwik/tasks/main.yml b/roles/piwik/tasks/main.yml index ce45685..f63dfeb 100644 --- a/roles/piwik/tasks/main.yml +++ b/roles/piwik/tasks/main.yml @@ -9,7 +9,7 @@ - piwik - name: set up http configs for piwik - copy: src={{ item }} dest=/etc/httpd/conf.d/{{ item }} + template: src={{ item }} dest=/etc/httpd/conf.d/{{ item }} owner=root group=root mode=0644 with_items: - piwik-httpd.conf ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: FBR: Update Pagure, Anitya and Piwik to use secure cipher set
+1 here. Please do. kevin signature.asc Description: This is a digitally signed message part ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: FBR: Update Pagure, Anitya and Piwik to use secure cipher set
On Fri, Mar 17, 2017 at 11:29 PM, Patrick Uiterwijkwrote: > Hi, > > Turns out that these three services were not yet using our global > secure cipher set. > This means that they have the Apache defaults, which are quite > insecure (RC4 and no FS). > Can I please get +1s to apply the underneath patch? +1 seems sane to me > Patrick > > > commit 55183057fc95109df5d6b50258918c59c7930674 > Author: Patrick Uiterwijk > Date: Fri Mar 17 23:28:19 2017 + > > Update Pagure, anitya and piwik to use the secure cipher set > > Signed-off-by: Patrick Uiterwijk > > diff --git a/roles/anitya/frontend/files/0_releasemonitoring.conf > b/roles/anitya/frontend/files/0_releasemonitoring.co > index 56a0bfb..e054147 100644 > --- a/roles/anitya/frontend/files/0_releasemonitoring.conf > +++ b/roles/anitya/frontend/files/0_releasemonitoring.conf > @@ -7,8 +7,8 @@ > ServerName release-monitoring.org:443 > > SSLEngine on > - SSLProtocol all -SSLv2 -SSLv3 > - # Use secure TLSv1.1 and TLSv1.2 ciphers > + SSLProtocol {{ ssl_protocols }} > + SSLCipherSuite {{ ssl_ciphers }} > Header always add Strict-Transport-Security "max-age=15768000; > includeSubDomains; preload" > > SSLCertificateFile /etc/pki/tls/certs/release-monitoring.org.cert > diff --git a/roles/pagure/frontend/templates/0_pagure.conf > b/roles/pagure/frontend/templates/0_pagure.conf > index a7b7e70..3c3f353 100644 > --- a/roles/pagure/frontend/templates/0_pagure.conf > +++ b/roles/pagure/frontend/templates/0_pagure.conf > @@ -64,7 +64,8 @@ WSGIDaemonProcess paguredocs user=git group=git > maximum-requests=1000 display-na >ServerAdmin ad...@fedoraproject.org > >SSLEngine on > - SSLProtocol all -SSLv2 -SSLv3 > + SSLProtocol {{ ssl_protocols }} > + SSLCipherSuite {{ ssl_ciphers }} ># Use secure TLSv1.1 and TLSv1.2 ciphers >Header always add Strict-Transport-Security "max-age=15768000; > includeSubDomains; preload" > > @@ -113,7 +114,8 @@ WSGIDaemonProcess paguredocs user=git group=git > maximum-requests=1000 display-na > {% endif %} > >SSLEngine on > - SSLProtocol all -SSLv2 -SSLv3 > + SSLProtocol {{ ssl_protocols }} > + SSLCipherSuite {{ ssl_ciphers }} ># Use secure TLSv1.1 and TLSv1.2 ciphers >Header always add Strict-Transport-Security "max-age=15768000; > includeSubDomains; preload" > > @@ -138,7 +140,8 @@ WSGIDaemonProcess paguredocs user=git group=git > maximum-requests=1000 display-na >WSGIScriptAlias / /var/www/docs_pagure.wsgi > >SSLEngine on > - SSLProtocol all -SSLv2 -SSLv3 > + SSLProtocol {{ ssl_protocols }} > + SSLCipherSuite {{ ssl_ciphers }} ># Use secure TLSv1.1 and TLSv1.2 ciphers >Header always add Strict-Transport-Security "max-age=15768000; > includeSubDomains; preload" > > diff --git a/roles/piwik/files/piwik-httpd.conf > b/roles/piwik/files/piwik-httpd.conf > index 4b55fdc..881c509e 100644 > --- a/roles/piwik/files/piwik-httpd.conf > +++ b/roles/piwik/files/piwik-httpd.conf > @@ -11,8 +11,8 @@ >ServerName piwik.fedorainfracloud.org > >SSLEngine on > - SSLProtocol all -SSLv2 -SSLv3 > - # Use secure TLSv1.1 and TLSv1.2 ciphers > + SSLProtocol {{ ssl_protocols }} > + SSLCipherSuite {{ ssl_ciphers }} >Header always add Strict-Transport-Security "max-age=15768000; > includeSubDomains; preload" > >SSLCertificateFile /etc/pki/tls/certs/piwik.fedorainfracloud.org.cert > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: Freeze break: set pagure serveradmin
On Fri, Mar 17, 2017 at 8:10 PM, Pierre-Yves Chibonwrote: > On Fri, Mar 17, 2017 at 01:56:50PM -0600, Kevin Fenzi wrote: >> This is a simple little tweak that fixes pagure saying: >> >> "Contact root@localhost" when it emits a 500 error. >> >> This would fix ticket: >> https://pagure.io/fedora-infrastructure/issue/5906 >> >> +1s? +1 ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
FBR: Update Pagure, Anitya and Piwik to use secure cipher set
Hi, Turns out that these three services were not yet using our global secure cipher set. This means that they have the Apache defaults, which are quite insecure (RC4 and no FS). Can I please get +1s to apply the underneath patch? Patrick commit 55183057fc95109df5d6b50258918c59c7930674 Author: Patrick UiterwijkDate: Fri Mar 17 23:28:19 2017 + Update Pagure, anitya and piwik to use the secure cipher set Signed-off-by: Patrick Uiterwijk diff --git a/roles/anitya/frontend/files/0_releasemonitoring.conf b/roles/anitya/frontend/files/0_releasemonitoring.co index 56a0bfb..e054147 100644 --- a/roles/anitya/frontend/files/0_releasemonitoring.conf +++ b/roles/anitya/frontend/files/0_releasemonitoring.conf @@ -7,8 +7,8 @@ ServerName release-monitoring.org:443 SSLEngine on - SSLProtocol all -SSLv2 -SSLv3 - # Use secure TLSv1.1 and TLSv1.2 ciphers + SSLProtocol {{ ssl_protocols }} + SSLCipherSuite {{ ssl_ciphers }} Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" SSLCertificateFile /etc/pki/tls/certs/release-monitoring.org.cert diff --git a/roles/pagure/frontend/templates/0_pagure.conf b/roles/pagure/frontend/templates/0_pagure.conf index a7b7e70..3c3f353 100644 --- a/roles/pagure/frontend/templates/0_pagure.conf +++ b/roles/pagure/frontend/templates/0_pagure.conf @@ -64,7 +64,8 @@ WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-na ServerAdmin ad...@fedoraproject.org SSLEngine on - SSLProtocol all -SSLv2 -SSLv3 + SSLProtocol {{ ssl_protocols }} + SSLCipherSuite {{ ssl_ciphers }} # Use secure TLSv1.1 and TLSv1.2 ciphers Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" @@ -113,7 +114,8 @@ WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-na {% endif %} SSLEngine on - SSLProtocol all -SSLv2 -SSLv3 + SSLProtocol {{ ssl_protocols }} + SSLCipherSuite {{ ssl_ciphers }} # Use secure TLSv1.1 and TLSv1.2 ciphers Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" @@ -138,7 +140,8 @@ WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-na WSGIScriptAlias / /var/www/docs_pagure.wsgi SSLEngine on - SSLProtocol all -SSLv2 -SSLv3 + SSLProtocol {{ ssl_protocols }} + SSLCipherSuite {{ ssl_ciphers }} # Use secure TLSv1.1 and TLSv1.2 ciphers Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" diff --git a/roles/piwik/files/piwik-httpd.conf b/roles/piwik/files/piwik-httpd.conf index 4b55fdc..881c509e 100644 --- a/roles/piwik/files/piwik-httpd.conf +++ b/roles/piwik/files/piwik-httpd.conf @@ -11,8 +11,8 @@ ServerName piwik.fedorainfracloud.org SSLEngine on - SSLProtocol all -SSLv2 -SSLv3 - # Use secure TLSv1.1 and TLSv1.2 ciphers + SSLProtocol {{ ssl_protocols }} + SSLCipherSuite {{ ssl_ciphers }} Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" SSLCertificateFile /etc/pki/tls/certs/piwik.fedorainfracloud.org.cert ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: Freeze break: set pagure serveradmin
On Fri, Mar 17, 2017 at 01:56:50PM -0600, Kevin Fenzi wrote: > This is a simple little tweak that fixes pagure saying: > > "Contact root@localhost" when it emits a 500 error. > > This would fix ticket: > https://pagure.io/fedora-infrastructure/issue/5906 > > +1s? Cool +1 for me :) Pierre > -- > diff --git a/roles/pagure/frontend/templates/0_pagure.conf > b/roles/pagure/frontend/templates/0_pagure.conf > index 6350c5f..a7b7e70 100644 > --- a/roles/pagure/frontend/templates/0_pagure.conf > +++ b/roles/pagure/frontend/templates/0_pagure.conf > @@ -61,6 +61,8 @@ WSGIDaemonProcess paguredocs user=git group=git > maximum-requests=1000 display-na > > WSGIScriptAlias / /var/www/pagure.wsgi > > + ServerAdmin ad...@fedoraproject.org > + > SSLEngine on > SSLProtocol all -SSLv2 -SSLv3 > # Use secure TLSv1.1 and TLSv1.2 ciphers signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: FBR: Bodhi should stop sending error emails on success, and should start sending error emails on error
On Fri, Mar 17, 2017 at 12:36:37PM -0600, Kevin Fenzi wrote: > Thanks for the details... > > I am still +1 to updating this, as I think it's better that we have the > known/current version in use rather than some "might be hotfixed" > version. Same here, even if that makes rolling back harder (meaning we'll need to fix that version instead of rolling it back if something goes south). Pierre signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: SOP for Package Review
On Fri, 2017-03-17 at 04:56 -0600, InvalidPath wrote: > I'm going to attempt to write this, Im looking for any info anyone > currently has: > > hosting nodes? > backend db? > application names? > > Anything at all would be appreciated. This is a script that runs on sundries01 (and sundries01.stg). It collects information about package reviews from bugzilla and makes a static set of webpages. Those are in turn synced out to each of our proxies and served from there to end users. It has no db, it just runs fresh against bugzilla each time. You can find the role under: https://infrastructure.fedoraproject.org/cgit/ansible.git/tree/roles/rev iew-stats The end proxy url is: https://fedoraproject.org/PackageReviewStatus/ Hope that helps. kevin signature.asc Description: This is a digitally signed message part ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: Best practice for 3rd party playbook
On Fri, 2017-03-17 at 09:47 +0100, Miroslav Suchý wrote: > Hi, > I am in process in writing playbook for retrace.fedoraproject.org > > ABRT team created: > https://github.com/abrt/ansible-role-retrace-server > > Which we can use. I just wonder what is best practise for using such 3rd > party roles? > Should I just copy it into our ansible.git? Or should I use ansible-galaxy > command to sync it? Manually? Or when the > playbook is run? We ran into this a while back with the openshift ansible stuff. I guess the answer is 'it depends'. If it's pretty small and can be made pretty close to our existing conventions, I'd say just copy it in and try and keep the external and internal ones in sync. If it's more complex or written in a incompatible way or changes too much, then we could do what we did with osbs, which is to make a host, something like: retrace-control and in our ansible playbooks we go to that host and pull the role/setup and run it from there on the retrace machines. This role seems pretty small to me and hopefully won't change too much, so hopefully we can just do the first of these. ;) Thoughts? kevin signature.asc Description: This is a digitally signed message part ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: FBR: Bodhi should stop sending error emails on success, and should start sending error emails on error
Thanks for the details... I am still +1 to updating this, as I think it's better that we have the known/current version in use rather than some "might be hotfixed" version. kevin signature.asc Description: This is a digitally signed message part ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: FBR: Bodhi should stop sending error emails on success, and should start sending error emails on error
I just remembered that I had never upgraded production to version 2017.0: https://github.com/fedora-infra/fedmsg-atomic-composer/releases/tag/2017.0 This means that if I install 2017.1 (which has the 1-char diff I asked for an FBR on) it will also be installing those changes. FWIW, most of those changes are already hotfixed on production, and 2017.0 was primarily made so that we could have a real release on production rather than a "sudo vim"'d release. There are a couple of changes from those release notes that I don't think are on production: * AtomicConsumer now has a config key I think this one will also stop some e-mails we get when fedmsg-hub is restarted. * stderr messages are now logged at info and not error level This one is where I introduced the exit code problem that my FBR is supposed to fix, but note that without this change all stderr was logged as an error which is incorrect since many programs use stderr for debug/detail statements (including rpm-ostree as we are seeing). 2017.1 corrects this change to correctly use the exit code. With this info, are you still +1 on deploying 2017.1 (with the 1-char diff)? I personally think it's still OK to go, but I wanted to be forthcoming about the present state before making more changes than I had written about in my original FBR. If not, some other options: * We could wait until after the freeze. * I could continue the tradition of "sudo vim"'ing production and just change that log statement to info instead of error. What say you? signature.asc Description: This is a digitally signed message part ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: Freeze Break Request: increase threads for resultsdb_frontend wsgi daemon
On Fri, Mar 17, 2017 at 10:26:47AM -0600, Tim Flink wrote: > Production resultsdb_frontend is also really slow and I'd like to > bump it's resources at the same time I bump resultsdb from the > other FBR. > > +1s? +1 Pierre > > From 9757a01edfe14a2455f523d0ac7cb8cfb4e92f8e Mon Sep 17 00:00:00 2001 > From: Tim Flink> Date: Fri, 17 Mar 2017 16:23:12 + > Subject: [PATCH 2/2] bump resources for resultsdb_frontend as well > > --- > .../taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2 | 4 > > 1 file changed, 4 insertions(+) > > diff --git > a/roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2 > b/roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2 > index 16fbc89..e71cf58 100644 > --- a/roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2 > +++ b/roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2 > @@ -1,4 +1,8 @@ > +{% if deployment_type in ['stg', 'prod'] %} > +WSGIDaemonProcess resultsdb_frontend user=apache group=apache threads=100 > processes=10 > +{% else %} > WSGIDaemonProcess resultsdb_frontend user=apache group=apache threads=5 > +{% endif %} > WSGIScriptAlias /{{ resultsdb_fe_endpoint }} > /usr/share/resultsdb_frontend/resultsdb_frontend.wsgi > WSGISocketPrefix run/wsgi > > -- > 1.8.3.1 signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: Freeze Break Request: increase threads for resultsdb_frontend wsgi daemon
+1 kevin signature.asc Description: This is a digitally signed message part ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: Freeze Break Request: increase threads for resultsdb wsgi daemon
+1 kevin signature.asc Description: This is a digitally signed message part ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Freeze Break Request: increase threads for resultsdb_frontend wsgi daemon
Production resultsdb_frontend is also really slow and I'd like to bump it's resources at the same time I bump resultsdb from the other FBR. +1s? Tim From 9757a01edfe14a2455f523d0ac7cb8cfb4e92f8e Mon Sep 17 00:00:00 2001 From: Tim FlinkDate: Fri, 17 Mar 2017 16:23:12 + Subject: [PATCH 2/2] bump resources for resultsdb_frontend as well --- .../taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2 | 4 1 file changed, 4 insertions(+) diff --git a/roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2 b/roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2 index 16fbc89..e71cf58 100644 --- a/roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2 +++ b/roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2 @@ -1,4 +1,8 @@ +{% if deployment_type in ['stg', 'prod'] %} +WSGIDaemonProcess resultsdb_frontend user=apache group=apache threads=100 processes=10 +{% else %} WSGIDaemonProcess resultsdb_frontend user=apache group=apache threads=5 +{% endif %} WSGIScriptAlias /{{ resultsdb_fe_endpoint }} /usr/share/resultsdb_frontend/resultsdb_frontend.wsgi WSGISocketPrefix run/wsgi -- 1.8.3.1 pgphtDWHZ5hvW.pgp Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: Freeze Break Request: increase threads for resultsdb wsgi daemon
On Fri, Mar 17, 2017 at 09:41:02AM -0600, Tim Flink wrote: > Production resultsdb is still really slow and we're still seeing the > occasional error on result posting so I'd like to bump the resources > allocated to the wsgi app again. I wonder if this doesn't saturate the server at one point I'm +1 to apply because it's easy to revert but I'm not sure it's the right solution Pierre > From 3d45155959cbdcde39c1a98a584a100b590761db Mon Sep 17 00:00:00 2001 > From: Tim Flink> Date: Fri, 17 Mar 2017 15:33:49 + > Subject: [PATCH] bumping resultsdb wsgi resources again > > --- > roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2 | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git > a/roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2 > b/roles/taskotron/resultsdb-ba index 97e73b9..c3f4d5c 100644 --- > a/roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2 +++ > b/roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2 @@ -1,5 > +1,5 @@ {% if deployment_type in ['stg', 'prod'] %} > -WSGIDaemonProcess resultsdb user=apache group=apache threads=100 > processes=5 +WSGIDaemonProcess resultsdb user=apache group=apache > threads=200 processes=20 {% else %} > WSGIDaemonProcess resultsdb user=apache group=apache threads=5 > {% endif %} > -- > 1.8.3.1 signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Freeze Break Request: increase threads for resultsdb wsgi daemon
Production resultsdb is still really slow and we're still seeing the occasional error on result posting so I'd like to bump the resources allocated to the wsgi app again. +1s? Tim From 3d45155959cbdcde39c1a98a584a100b590761db Mon Sep 17 00:00:00 2001 From: Tim FlinkDate: Fri, 17 Mar 2017 15:33:49 + Subject: [PATCH] bumping resultsdb wsgi resources again --- roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2 b/roles/taskotron/resultsdb-ba index 97e73b9..c3f4d5c 100644 --- a/roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2 +++ b/roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2 @@ -1,5 +1,5 @@ {% if deployment_type in ['stg', 'prod'] %} -WSGIDaemonProcess resultsdb user=apache group=apache threads=100 processes=5 +WSGIDaemonProcess resultsdb user=apache group=apache threads=200 processes=20 {% else %} WSGIDaemonProcess resultsdb user=apache group=apache threads=5 {% endif %} -- 1.8.3.1 pgp8_x67paMUo.pgp Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: SOP for Package Review
Hi Ben, I've found the Fedora link below in one of my searches: https://fedoraproject.org/wiki/Packaging:ReviewGuidelines#Package_Revie w_Process Cheers, Aurelie On Fri, 2017-03-17 at 04:56 -0600, InvalidPath wrote: > I'm going to attempt to write this, Im looking for any info anyone > currently has: > > hosting nodes? > backend db? > application names? > > Anything at all would be appreciated. > > Ben > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org signature.asc Description: This is a digitally signed message part ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: Freeze Break Request: enable package-specific tasks for Taskotron production
On Fri, 17 Mar 2017 09:37:07 +0100 Pierre-Yves Chibonwrote: > On Thu, Mar 16, 2017 at 12:44:37PM -0600, Tim Flink wrote: > > This has been pending for a long time and now that the bureaucratic > > stuff has been figured out and our dev/stg instances are running > > well, we'd like to enable package-specific tasks in Taskotron > > production. This was pushed to production last night and everything seems to be running fine. Thanks, Tim pgpsZrRI7KyMv.pgp Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: FBR: Fix koji monitoring from noc02
On Fri, 17 Mar 2017 13:28:31 + Patrick Uiterwijkwrote: > Hi all, > > So, our noc02 monitoring of Koji build targets broke because the > modularity stuff pushed rawhide to the second page :). > Can I get +1s to start testing for "infra" instead, which should match > $release-infra and such? > > Patrick +1 Tim pgpKhdwZf8J6z.pgp Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: FBR: Fix koji monitoring from noc02
+1 kevin signature.asc Description: This is a digitally signed message part ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: FBR: Fix koji monitoring from noc02
On Fri, Mar 17, 2017 at 01:28:31PM +, Patrick Uiterwijk wrote: > Hi all, > > So, our noc02 monitoring of Koji build targets broke because the > modularity stuff pushed rawhide to the second page :). > Can I get +1s to start testing for "infra" instead, which should match > $release-infra and such? +1 for me Pierre > commit dd4583fff2ca0739dee955197be02551373a23f5 > Author: Patrick Uiterwijk> Date: Fri Mar 17 13:27:04 2017 + > > Check for *-infra target, since rawhide comes after modularity build > targets > > Signed-off-by: Patrick Uiterwijk > > diff --git a/roles/nagios/server/files/nagios-external/services/websites.cfg > b/roles/nagios/server/files > index d571a95..3a96003 100644 > --- a/roles/nagios/server/files/nagios-external/services/websites.cfg > +++ b/roles/nagios/server/files/nagios-external/services/websites.cfg > @@ -45,7 +45,7 @@ define service { > define service { >host_name koji-phx2 >service_description koji > - check_command > check_website!koji.fedoraproject.org!/koji/buildtargets!rawhide > + check_command > check_website!koji.fedoraproject.org!/koji/buildtargets!infra >use websitetemplate > } > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: 503 Responses From 8.43.85.67
This was being worked on and fixed with Patrick at 0800 UTC On 17 March 2017 at 03:09, Jonathan Steffanwrote: > Team, > > The community has been experiencing issues with the FPO infrastructure > intermittently. I believe I've found the destination causing the issue: > > $ curl -vso /dev/null --resolve fedoraproject.org:443:8.43.85.67 > https://fedoraproject.org/wiki/Fedora_Project_Wiki > * Added fedoraproject.org:443:8.43.85.67 to DNS cache > * Hostname fedoraproject.org was found in DNS cache > * Trying 8.43.85.67... > * TCP_NODELAY set > * Connected to fedoraproject.org (8.43.85.67) port 443 (#0) > * Initializing NSS with certpath: sql:/etc/pki/nssdb > * CAfile: /etc/pki/tls/certs/ca-bundle.crt > CApath: none > * ALPN/NPN, server did not agree to a protocol > * SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 > * Server certificate: > * subject: CN=*.fedoraproject.org,O=Red Hat Inc.,L=Raleigh,ST=North > Carolina,C=US > * start date: Feb 01 00:00:00 2017 GMT > * expire date: May 01 12:00:00 2020 GMT > * common name: *.fedoraproject.org > * issuer: CN=DigiCert SHA2 High Assurance Server > CA,OU=www.digicert.com,O=DigiCert Inc,C=US >> GET /wiki/Fedora_Project_Wiki HTTP/1.1 >> Host: fedoraproject.org >> User-Agent: curl/7.51.0 >> Accept: */* >> > < HTTP/1.1 503 Service Unavailable > < Date: Fri, 17 Mar 2017 06:46:33 GMT > < Server: Apache/2.4.6 (Red Hat Enterprise Linux) > < Content-Length: 400 > < Connection: close > < Content-Type: text/html; charset=iso-8859-1 > < > { [400 bytes data] > * Curl_http_done: called premature == 0 > * Closing connection 0 > > I pinged in #fedora-admin but wanted to let everyone know there is an > intermittent failure right now. Mar 16 22:08:45 MDT is the first concrete > time I can state this issue started. > > > -- > Jonathan Steffan > jonathanstef...@gmail.com > > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org > -- Stephen J Smoogen. ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
FBR: Fix koji monitoring from noc02
Hi all, So, our noc02 monitoring of Koji build targets broke because the modularity stuff pushed rawhide to the second page :). Can I get +1s to start testing for "infra" instead, which should match $release-infra and such? Patrick commit dd4583fff2ca0739dee955197be02551373a23f5 Author: Patrick UiterwijkDate: Fri Mar 17 13:27:04 2017 + Check for *-infra target, since rawhide comes after modularity build targets Signed-off-by: Patrick Uiterwijk diff --git a/roles/nagios/server/files/nagios-external/services/websites.cfg b/roles/nagios/server/files index d571a95..3a96003 100644 --- a/roles/nagios/server/files/nagios-external/services/websites.cfg +++ b/roles/nagios/server/files/nagios-external/services/websites.cfg @@ -45,7 +45,7 @@ define service { define service { host_name koji-phx2 service_description koji - check_command check_website!koji.fedoraproject.org!/koji/buildtargets!rawhide + check_command check_website!koji.fedoraproject.org!/koji/buildtargets!infra use websitetemplate } ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: FBR: Add proxy10 and proxy14 to noc02
On Fri, Mar 17, 2017 at 08:54:16AM +, Patrick Uiterwijk wrote: > Hi all, > > Last night, we've found that proxy14 was not up "up" the last few days > (since it was rebooted for the RDU migration). > Can I get +1s to get it added to noc02? > Patch after the break. +1 for me, Pierre > commit 0e69fbf106b7e5ce361f561de028e8e716825a32 > Author: Patrick Uiterwijk> Date: Fri Mar 17 08:47:14 2017 + > > Add proxy10 and proxy14 > > Signed-off-by: Patrick Uiterwijk > > diff --git > a/roles/nagios/server/files/nagios-external/hosts/admin.fedoraproject.org.cfg > b/roles/nagios/server/files/nagios-external/hosts/admin.fedoraproject.org.cfg > index 57d6759..359b5cd 100644 > --- > a/roles/nagios/server/files/nagios-external/hosts/admin.fedoraproject.org.cfg > +++ > b/roles/nagios/server/files/nagios-external/hosts/admin.fedoraproject.org.cfg > @@ -16,6 +16,39 @@ define host { >address 209.132.181.16 > } > > +define host { > + host_name209.132.181.15-phx2 > + alias209.132.181.15-phx2 > + use defaulttemplate > + address 209.132.181.15 > + parents proxy10.fedoraproject.org > +} > + > +define host { > + host_nameproxy10.fedoraproject.org > + aliasproxy10.fedoraproject.org > + use defaulttemplate > + address 209.132.181.15 > +} > + > +# > +# rdu2 > +# > +define host { > + host_name8.43.85.67-rdu2 > + alias8.43.85.67-rdu2 > + use defaulttemplate > + address 8.43.85.67 > + parents proxy14.fedoraproject.org > +} > + > +define host { > + host_nameproxy14.fedoraproject.org > + aliasproxy14.fedoraproject.org > + use defaulttemplate > + address 8.43.85.67 > +} > + > # > # tummy > # > diff --git a/roles/nagios/server/files/nagios-external/services/websites.cfg > b/roles/nagios/server/files/nagios-external/services/websites.cfg > index 180cdd2..d571a95 100644 > --- a/roles/nagios/server/files/nagios-external/services/websites.cfg > +++ b/roles/nagios/server/files/nagios-external/services/websites.cfg > @@ -3,7 +3,7 @@ > # > > define service { > - host_name 209.132.181.16-phx2, 85.236.55.6-internetx, > proxy03.fedoraproject.org, 152.19.134.142-ibiblio, > 152.19.134.198-ibiblio, proxy06.fedoraproject.org, > proxy09.fedoraproject.org, 67.203.2.67-coloamerica > + host_name 209.132.181.16-phx2, 85.236.55.6-internetx, > proxy03.fedoraproject.org, 152.19.134.142-ibiblio, > 152.19.134.198-ibiblio, proxy06.fedoraproject.org, > proxy09.fedoraproject.org, 67.203.2.67-coloamerica, > 209.132.181.15-phx2, 8.43.85.67-rdu2 >service_description https >max_check_attempts2 >normal_check_interval 2 > @@ -13,7 +13,7 @@ define service { > > > define service { > - host_name 209.132.181.16-phx2, 85.236.55.6-internetx, > proxy03.fedoraproject.org, 152.19.134.142-ibiblio, > 152.19.134.198-ibiblio, proxy06.fedoraproject.org, > proxy09.fedoraproject.org, 67.203.2.67-coloamerica > + host_name 209.132.181.16-phx2, 85.236.55.6-internetx, > proxy03.fedoraproject.org, 152.19.134.142-ibiblio, > 152.19.134.198-ibiblio, proxy06.fedoraproject.org, > proxy09.fedoraproject.org, 67.203.2.67-coloamerica, > 209.132.181.15-phx2, 8.43.85.67-rdu2 >service_description bodhi >max_check_attempts8 >check_command check_website_ssl!bodhi.fedoraproject.org!/!Fedora > @@ -21,14 +21,14 @@ define service { > } > > define service { > - host_name 209.132.181.16-phx2, 85.236.55.6-internetx, > proxy03.fedoraproject.org, 152.19.134.142-ibiblio, > 152.19.134.198-ibiblio, proxy06.fedoraproject.org, > proxy09.fedoraproject.org, 67.203.2.67-coloamerica > + host_name 209.132.181.16-phx2, 85.236.55.6-internetx, > proxy03.fedoraproject.org, 152.19.134.142-ibiblio, > 152.19.134.198-ibiblio, proxy06.fedoraproject.org, > proxy09.fedoraproject.org, 67.203.2.67-coloamerica, > 209.132.181.15-phx2, 8.43.85.67-rdu2 >service_description pkgdb >check_command > check_website_ssl!admin.fedoraproject.org!/pkgdb/collections/!EPEL >use websitetemplate > } > > define service { > - host_name 209.132.181.16-phx2, 85.236.55.6-internetx, > proxy03.fedoraproject.org, 152.19.134.142-ibiblio, > 152.19.134.198-ibiblio, proxy06.fedoraproject.org, > proxy09.fedoraproject.org, 67.203.2.67-coloamerica > + host_name 209.132.181.16-phx2, 85.236.55.6-internetx, > proxy03.fedoraproject.org, 152.19.134.142-ibiblio, > 152.19.134.198-ibiblio, proxy06.fedoraproject.org, > proxy09.fedoraproject.org, 67.203.2.67-coloamerica, >
FBR: Add proxy10 and proxy14 to noc02
Hi all, Last night, we've found that proxy14 was not up "up" the last few days (since it was rebooted for the RDU migration). Can I get +1s to get it added to noc02? Patch after the break. Patrick commit 0e69fbf106b7e5ce361f561de028e8e716825a32 Author: Patrick UiterwijkDate: Fri Mar 17 08:47:14 2017 + Add proxy10 and proxy14 Signed-off-by: Patrick Uiterwijk diff --git a/roles/nagios/server/files/nagios-external/hosts/admin.fedoraproject.org.cfg b/roles/nagios/server/files/nagios-external/hosts/admin.fedoraproject.org.cfg index 57d6759..359b5cd 100644 --- a/roles/nagios/server/files/nagios-external/hosts/admin.fedoraproject.org.cfg +++ b/roles/nagios/server/files/nagios-external/hosts/admin.fedoraproject.org.cfg @@ -16,6 +16,39 @@ define host { address 209.132.181.16 } +define host { + host_name209.132.181.15-phx2 + alias209.132.181.15-phx2 + use defaulttemplate + address 209.132.181.15 + parents proxy10.fedoraproject.org +} + +define host { + host_nameproxy10.fedoraproject.org + aliasproxy10.fedoraproject.org + use defaulttemplate + address 209.132.181.15 +} + +# +# rdu2 +# +define host { + host_name8.43.85.67-rdu2 + alias8.43.85.67-rdu2 + use defaulttemplate + address 8.43.85.67 + parents proxy14.fedoraproject.org +} + +define host { + host_nameproxy14.fedoraproject.org + aliasproxy14.fedoraproject.org + use defaulttemplate + address 8.43.85.67 +} + # # tummy # diff --git a/roles/nagios/server/files/nagios-external/services/websites.cfg b/roles/nagios/server/files/nagios-external/services/websites.cfg index 180cdd2..d571a95 100644 --- a/roles/nagios/server/files/nagios-external/services/websites.cfg +++ b/roles/nagios/server/files/nagios-external/services/websites.cfg @@ -3,7 +3,7 @@ # define service { - host_name 209.132.181.16-phx2, 85.236.55.6-internetx, proxy03.fedoraproject.org, 152.19.134.142-ibiblio, 152.19.134.198-ibiblio, proxy06.fedoraproject.org, proxy09.fedoraproject.org, 67.203.2.67-coloamerica + host_name 209.132.181.16-phx2, 85.236.55.6-internetx, proxy03.fedoraproject.org, 152.19.134.142-ibiblio, 152.19.134.198-ibiblio, proxy06.fedoraproject.org, proxy09.fedoraproject.org, 67.203.2.67-coloamerica, 209.132.181.15-phx2, 8.43.85.67-rdu2 service_description https max_check_attempts2 normal_check_interval 2 @@ -13,7 +13,7 @@ define service { define service { - host_name 209.132.181.16-phx2, 85.236.55.6-internetx, proxy03.fedoraproject.org, 152.19.134.142-ibiblio, 152.19.134.198-ibiblio, proxy06.fedoraproject.org, proxy09.fedoraproject.org, 67.203.2.67-coloamerica + host_name 209.132.181.16-phx2, 85.236.55.6-internetx, proxy03.fedoraproject.org, 152.19.134.142-ibiblio, 152.19.134.198-ibiblio, proxy06.fedoraproject.org, proxy09.fedoraproject.org, 67.203.2.67-coloamerica, 209.132.181.15-phx2, 8.43.85.67-rdu2 service_description bodhi max_check_attempts8 check_command check_website_ssl!bodhi.fedoraproject.org!/!Fedora @@ -21,14 +21,14 @@ define service { } define service { - host_name 209.132.181.16-phx2, 85.236.55.6-internetx, proxy03.fedoraproject.org, 152.19.134.142-ibiblio, 152.19.134.198-ibiblio, proxy06.fedoraproject.org, proxy09.fedoraproject.org, 67.203.2.67-coloamerica + host_name 209.132.181.16-phx2, 85.236.55.6-internetx, proxy03.fedoraproject.org, 152.19.134.142-ibiblio, 152.19.134.198-ibiblio, proxy06.fedoraproject.org, proxy09.fedoraproject.org, 67.203.2.67-coloamerica, 209.132.181.15-phx2, 8.43.85.67-rdu2 service_description pkgdb check_command check_website_ssl!admin.fedoraproject.org!/pkgdb/collections/!EPEL use websitetemplate } define service { - host_name 209.132.181.16-phx2, 85.236.55.6-internetx, proxy03.fedoraproject.org, 152.19.134.142-ibiblio, 152.19.134.198-ibiblio, proxy06.fedoraproject.org, proxy09.fedoraproject.org, 67.203.2.67-coloamerica + host_name 209.132.181.16-phx2, 85.236.55.6-internetx, proxy03.fedoraproject.org, 152.19.134.142-ibiblio, 152.19.134.198-ibiblio, proxy06.fedoraproject.org, proxy09.fedoraproject.org, 67.203.2.67-coloamerica, 209.132.181.15-phx2, 8.43.85.67-rdu2 service_description packages max_check_attempts 8 check_command check_website_ssl!apps.fedoraproject.org!/packages/!Packages @@ -36,7 +36,7 @@ define service { } define service { - host_name 209.132.181.16-phx2, 85.236.55.6-internetx, proxy03.fedoraproject.org,
Best practice for 3rd party playbook
Hi, I am in process in writing playbook for retrace.fedoraproject.org ABRT team created: https://github.com/abrt/ansible-role-retrace-server Which we can use. I just wonder what is best practise for using such 3rd party roles? Should I just copy it into our ansible.git? Or should I use ansible-galaxy command to sync it? Manually? Or when the playbook is run? -- Miroslav Suchy, RHCA Red Hat, Senior Software Engineer, #brno, #devexp, #fedora-buildsys ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: Freeze Break Request: Enabling Nested Virt for Production Taskotron Virthosts
On Thu, Mar 16, 2017 at 07:52:43PM -0600, Tim Flink wrote: > This is less important than the other FBR that I submitted but I'd like > to do it while things are paused for the other change. > > I'd like to enable nested virt on the virthosts that run the Taskotron > production clients. What I'd be doing is: > > - adding the 'virthost' role in ansible > - running the playbook for the Taskotron client virthosts > - rebooting the machines (qa12.qa and qa13.qa) > > The change is small and since jobs are already stopped, there should be > little impact other than nagios warnings if I forget to schedule > downtime :) > > If something goes wrong, we can remove the nested virt enablement and > reboot the hosts again. If all else fails, we can sub in the dev and > stg virthosts because all of the Taskotron virthosts are pretty much > identical. I think that this is incredibly unlikely, though. > > +1s? Sounds fine, Pierre signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org