Re: FBR: Set resultsdb wsgi to normal values

2017-03-17 Thread Stephen John Smoogen 
Thank you for the patch. This needs to be 'fixed' later to use the
wsgi_* variables that other services use.

On 17 March 2017 at 21:13, Patrick Uiterwijk  wrote:
> Hi,
>
> Can I get retroactive +1s for the patch?
> This drops the number of threads and processes down to normal limits:
> having 200 * 20 + 100 * 10 = 5000 threads for wsgi is... not going to
> work.
>
> Patrick
>
>
>
> commit 66172d7738bbee3749520b025a24b8930e5fd2c0
> Author: Patrick Uiterwijk 
> Date:   Sat Mar 18 01:11:30 2017 +
>
> Use sane values for processess and threads for resultsdb
>
> Signed-off-by: Patrick Uiterwijk 
>
> diff --git a/roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2
> b/roles/taskotron/resultsdb-backend/templat
> index c3f4d5c..dcec940 100644
> --- a/roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2
> +++ b/roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2
> @@ -1,5 +1,5 @@
>  {% if deployment_type in ['stg', 'prod'] %}
> -WSGIDaemonProcess resultsdb user=apache group=apache threads=200 processes=20
> +WSGIDaemonProcess resultsdb user=apache group=apache threads=20 processes=4
>  {% else %}
>  WSGIDaemonProcess resultsdb user=apache group=apache threads=5
>  {% endif %}
> diff --git 
> a/roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2
> b/roles/taskotron/resultsdb-front
> index e71cf58..a6b3596 100644
> --- a/roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2
> +++ b/roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2
> @@ -1,5 +1,5 @@
>  {% if deployment_type in ['stg', 'prod'] %}
> -WSGIDaemonProcess resultsdb_frontend user=apache group=apache
> threads=100 processes=10
> +WSGIDaemonProcess resultsdb_frontend user=apache group=apache
> threads=20 processes=4
>  {% else %}
>  WSGIDaemonProcess resultsdb_frontend user=apache group=apache threads=5
>  {% endif %}
> ___
> infrastructure mailing list -- infrastructure@lists.fedoraproject.org
> To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org



-- 
Stephen J Smoogen.
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

FBR: Set resultsdb wsgi to normal values

2017-03-17 Thread Patrick Uiterwijk 
Hi,

Can I get retroactive +1s for the patch?
This drops the number of threads and processes down to normal limits:
having 200 * 20 + 100 * 10 = 5000 threads for wsgi is... not going to
work.

Patrick



commit 66172d7738bbee3749520b025a24b8930e5fd2c0
Author: Patrick Uiterwijk 
Date:   Sat Mar 18 01:11:30 2017 +

Use sane values for processess and threads for resultsdb

Signed-off-by: Patrick Uiterwijk 

diff --git a/roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2
b/roles/taskotron/resultsdb-backend/templat
index c3f4d5c..dcec940 100644
--- a/roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2
+++ b/roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2
@@ -1,5 +1,5 @@
 {% if deployment_type in ['stg', 'prod'] %}
-WSGIDaemonProcess resultsdb user=apache group=apache threads=200 processes=20
+WSGIDaemonProcess resultsdb user=apache group=apache threads=20 processes=4
 {% else %}
 WSGIDaemonProcess resultsdb user=apache group=apache threads=5
 {% endif %}
diff --git 
a/roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2
b/roles/taskotron/resultsdb-front
index e71cf58..a6b3596 100644
--- a/roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2
+++ b/roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2
@@ -1,5 +1,5 @@
 {% if deployment_type in ['stg', 'prod'] %}
-WSGIDaemonProcess resultsdb_frontend user=apache group=apache
threads=100 processes=10
+WSGIDaemonProcess resultsdb_frontend user=apache group=apache
threads=20 processes=4
 {% else %}
 WSGIDaemonProcess resultsdb_frontend user=apache group=apache threads=5
 {% endif %}
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: FBR: Update Pagure, Anitya and Piwik to use secure cipher set

2017-03-17 Thread Stephen John Smoogen 
Are the files also moved to the correct template directory or are they
there already? If they are there already +1

On 17 March 2017 at 20:07, Patrick Uiterwijk  wrote:
> Turns out I'll need a follow-up...
>
> Can I get +!s to also apply the following to make this actually work?
>
> Moved roles/anitya/frontend/files/0_releasemonitoring.conf ->
> roles/anitya/frontend/templates/0_releasemonitoring.conf
> Moved roles/piwik/files/piwik-httpd.conf ->
> roles/piwik/templates/piwik-httpd.conf
>
>
> commit 10300f667f81c690c68368bad66a2e03d8d1d1d8
> Author: Patrick Uiterwijk 
> Date:   Fri Mar 17 23:51:08 2017 +
>
> Move piwik and anity configs to templates
>
> Signed-off-by: Patrick Uiterwijk 
>
> diff --git a/roles/anitya/frontend/tasks/main.yml
> b/roles/anitya/frontend/tasks/main.yml
> index 58f1bcf..af6e6ea 100644
> --- a/roles/anitya/frontend/tasks/main.yml
> +++ b/roles/anitya/frontend/tasks/main.yml
> @@ -46,7 +46,7 @@
>- anitya_frontend
>
>  - name: Install the configuration file to activate https
> -  copy: >
> +  template: >
>  src={{ item }} dest=/etc/httpd/conf.d/{{ item }}
>  owner=root group=root mode=0644
>with_items:
>
> diff --git a/roles/piwik/tasks/main.yml b/roles/piwik/tasks/main.yml
> index ce45685..f63dfeb 100644
> --- a/roles/piwik/tasks/main.yml
> +++ b/roles/piwik/tasks/main.yml
> @@ -9,7 +9,7 @@
>- piwik
>
>  - name: set up http configs for piwik
> -  copy: src={{ item }} dest=/etc/httpd/conf.d/{{ item }}
> +  template: src={{ item }} dest=/etc/httpd/conf.d/{{ item }}
>  owner=root group=root mode=0644
>with_items:
>- piwik-httpd.conf
> ___
> infrastructure mailing list -- infrastructure@lists.fedoraproject.org
> To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org



-- 
Stephen J Smoogen.
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: FBR: Update Pagure, Anitya and Piwik to use secure cipher set

2017-03-17 Thread Kevin Fenzi 
+1 sorry for not noticing that on the first patch. ;( 

kevin


signature.asc
Description: This is a digitally signed message part
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: Freeze break: set pagure serveradmin

2017-03-17 Thread Stephen John Smoogen 
+1

On 17 March 2017 at 15:56, Kevin Fenzi  wrote:
> This is a simple little tweak that fixes pagure saying:
>
> "Contact root@localhost" when it emits a 500 error.
>
> This would fix ticket:
> https://pagure.io/fedora-infrastructure/issue/5906
>
> +1s?
>
> kevin
> --
> diff --git a/roles/pagure/frontend/templates/0_pagure.conf
> b/roles/pagure/frontend/templates/0_pagure.conf
> index 6350c5f..a7b7e70 100644
> --- a/roles/pagure/frontend/templates/0_pagure.conf
> +++ b/roles/pagure/frontend/templates/0_pagure.conf
> @@ -61,6 +61,8 @@ WSGIDaemonProcess paguredocs user=git group=git
> maximum-requests=1000 display-na
>
>WSGIScriptAlias / /var/www/pagure.wsgi
>
> +  ServerAdmin ad...@fedoraproject.org
> +
>SSLEngine on
>SSLProtocol all -SSLv2 -SSLv3
># Use secure TLSv1.1 and TLSv1.2 ciphers
> ___
> infrastructure mailing list -- infrastructure@lists.fedoraproject.org
> To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
>



-- 
Stephen J Smoogen.
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: FBR: Update Pagure, Anitya and Piwik to use secure cipher set

2017-03-17 Thread Patrick Uiterwijk 
Turns out I'll need a follow-up...

Can I get +!s to also apply the following to make this actually work?

Moved roles/anitya/frontend/files/0_releasemonitoring.conf ->
roles/anitya/frontend/templates/0_releasemonitoring.conf
Moved roles/piwik/files/piwik-httpd.conf ->
roles/piwik/templates/piwik-httpd.conf


commit 10300f667f81c690c68368bad66a2e03d8d1d1d8
Author: Patrick Uiterwijk 
Date:   Fri Mar 17 23:51:08 2017 +

Move piwik and anity configs to templates

Signed-off-by: Patrick Uiterwijk 

diff --git a/roles/anitya/frontend/tasks/main.yml
b/roles/anitya/frontend/tasks/main.yml
index 58f1bcf..af6e6ea 100644
--- a/roles/anitya/frontend/tasks/main.yml
+++ b/roles/anitya/frontend/tasks/main.yml
@@ -46,7 +46,7 @@
   - anitya_frontend

 - name: Install the configuration file to activate https
-  copy: >
+  template: >
 src={{ item }} dest=/etc/httpd/conf.d/{{ item }}
 owner=root group=root mode=0644
   with_items:

diff --git a/roles/piwik/tasks/main.yml b/roles/piwik/tasks/main.yml
index ce45685..f63dfeb 100644
--- a/roles/piwik/tasks/main.yml
+++ b/roles/piwik/tasks/main.yml
@@ -9,7 +9,7 @@
   - piwik

 - name: set up http configs for piwik
-  copy: src={{ item }} dest=/etc/httpd/conf.d/{{ item }}
+  template: src={{ item }} dest=/etc/httpd/conf.d/{{ item }}
 owner=root group=root mode=0644
   with_items:
   - piwik-httpd.conf
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: FBR: Update Pagure, Anitya and Piwik to use secure cipher set

2017-03-17 Thread Kevin Fenzi 
+1 here. Please do. 

kevin


signature.asc
Description: This is a digitally signed message part
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: FBR: Update Pagure, Anitya and Piwik to use secure cipher set

2017-03-17 Thread Peter Robinson 
On Fri, Mar 17, 2017 at 11:29 PM, Patrick Uiterwijk
 wrote:
> Hi,
>
> Turns out that these three services were not yet using our global
> secure cipher set.
> This means that they have the Apache defaults, which are quite
> insecure (RC4 and no FS).
> Can I please get +1s to apply the underneath patch?

+1 seems sane to me

> Patrick
>
>
> commit 55183057fc95109df5d6b50258918c59c7930674
> Author: Patrick Uiterwijk 
> Date:   Fri Mar 17 23:28:19 2017 +
>
> Update Pagure, anitya and piwik to use the secure cipher set
>
> Signed-off-by: Patrick Uiterwijk 
>
> diff --git a/roles/anitya/frontend/files/0_releasemonitoring.conf
> b/roles/anitya/frontend/files/0_releasemonitoring.co
> index 56a0bfb..e054147 100644
> --- a/roles/anitya/frontend/files/0_releasemonitoring.conf
> +++ b/roles/anitya/frontend/files/0_releasemonitoring.conf
> @@ -7,8 +7,8 @@
> ServerName release-monitoring.org:443
>
> SSLEngine on
> -   SSLProtocol all -SSLv2 -SSLv3
> -   # Use secure TLSv1.1 and TLSv1.2 ciphers
> +   SSLProtocol {{ ssl_protocols }}
> +   SSLCipherSuite {{ ssl_ciphers }}
> Header always add Strict-Transport-Security "max-age=15768000;
> includeSubDomains; preload"
>
> SSLCertificateFile /etc/pki/tls/certs/release-monitoring.org.cert
> diff --git a/roles/pagure/frontend/templates/0_pagure.conf
> b/roles/pagure/frontend/templates/0_pagure.conf
> index a7b7e70..3c3f353 100644
> --- a/roles/pagure/frontend/templates/0_pagure.conf
> +++ b/roles/pagure/frontend/templates/0_pagure.conf
> @@ -64,7 +64,8 @@ WSGIDaemonProcess paguredocs user=git group=git
> maximum-requests=1000 display-na
>ServerAdmin ad...@fedoraproject.org
>
>SSLEngine on
> -  SSLProtocol all -SSLv2 -SSLv3
> +  SSLProtocol {{ ssl_protocols }}
> +  SSLCipherSuite {{ ssl_ciphers }}
># Use secure TLSv1.1 and TLSv1.2 ciphers
>Header always add Strict-Transport-Security "max-age=15768000;
> includeSubDomains; preload"
>
> @@ -113,7 +114,8 @@ WSGIDaemonProcess paguredocs user=git group=git
> maximum-requests=1000 display-na
>  {% endif %}
>
>SSLEngine on
> -  SSLProtocol all -SSLv2 -SSLv3
> +  SSLProtocol {{ ssl_protocols }}
> +  SSLCipherSuite {{ ssl_ciphers }}
># Use secure TLSv1.1 and TLSv1.2 ciphers
>Header always add Strict-Transport-Security "max-age=15768000;
> includeSubDomains; preload"
>
> @@ -138,7 +140,8 @@ WSGIDaemonProcess paguredocs user=git group=git
> maximum-requests=1000 display-na
>WSGIScriptAlias / /var/www/docs_pagure.wsgi
>
>SSLEngine on
> -  SSLProtocol all -SSLv2 -SSLv3
> +  SSLProtocol {{ ssl_protocols }}
> +  SSLCipherSuite {{ ssl_ciphers }}
># Use secure TLSv1.1 and TLSv1.2 ciphers
>Header always add Strict-Transport-Security "max-age=15768000;
> includeSubDomains; preload"
>
> diff --git a/roles/piwik/files/piwik-httpd.conf
> b/roles/piwik/files/piwik-httpd.conf
> index 4b55fdc..881c509e 100644
> --- a/roles/piwik/files/piwik-httpd.conf
> +++ b/roles/piwik/files/piwik-httpd.conf
> @@ -11,8 +11,8 @@
>ServerName piwik.fedorainfracloud.org
>
>SSLEngine on
> -  SSLProtocol all -SSLv2 -SSLv3
> -  # Use secure TLSv1.1 and TLSv1.2 ciphers
> +  SSLProtocol {{ ssl_protocols }}
> +  SSLCipherSuite {{ ssl_ciphers }}
>Header always add Strict-Transport-Security "max-age=15768000;
> includeSubDomains; preload"
>
>SSLCertificateFile /etc/pki/tls/certs/piwik.fedorainfracloud.org.cert
> ___
> infrastructure mailing list -- infrastructure@lists.fedoraproject.org
> To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: Freeze break: set pagure serveradmin

2017-03-17 Thread Patrick Uiterwijk 
On Fri, Mar 17, 2017 at 8:10 PM, Pierre-Yves Chibon  wrote:
> On Fri, Mar 17, 2017 at 01:56:50PM -0600, Kevin Fenzi wrote:
>> This is a simple little tweak that fixes pagure saying:
>>
>> "Contact root@localhost" when it emits a 500 error.
>>
>> This would fix ticket:
>> https://pagure.io/fedora-infrastructure/issue/5906
>>
>> +1s?

+1
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

FBR: Update Pagure, Anitya and Piwik to use secure cipher set

2017-03-17 Thread Patrick Uiterwijk 
Hi,

Turns out that these three services were not yet using our global
secure cipher set.
This means that they have the Apache defaults, which are quite
insecure (RC4 and no FS).
Can I please get +1s to apply the underneath patch?

Patrick


commit 55183057fc95109df5d6b50258918c59c7930674
Author: Patrick Uiterwijk 
Date:   Fri Mar 17 23:28:19 2017 +

Update Pagure, anitya and piwik to use the secure cipher set

Signed-off-by: Patrick Uiterwijk 

diff --git a/roles/anitya/frontend/files/0_releasemonitoring.conf
b/roles/anitya/frontend/files/0_releasemonitoring.co
index 56a0bfb..e054147 100644
--- a/roles/anitya/frontend/files/0_releasemonitoring.conf
+++ b/roles/anitya/frontend/files/0_releasemonitoring.conf
@@ -7,8 +7,8 @@
ServerName release-monitoring.org:443

SSLEngine on
-   SSLProtocol all -SSLv2 -SSLv3
-   # Use secure TLSv1.1 and TLSv1.2 ciphers
+   SSLProtocol {{ ssl_protocols }}
+   SSLCipherSuite {{ ssl_ciphers }}
Header always add Strict-Transport-Security "max-age=15768000;
includeSubDomains; preload"

SSLCertificateFile /etc/pki/tls/certs/release-monitoring.org.cert
diff --git a/roles/pagure/frontend/templates/0_pagure.conf
b/roles/pagure/frontend/templates/0_pagure.conf
index a7b7e70..3c3f353 100644
--- a/roles/pagure/frontend/templates/0_pagure.conf
+++ b/roles/pagure/frontend/templates/0_pagure.conf
@@ -64,7 +64,8 @@ WSGIDaemonProcess paguredocs user=git group=git
maximum-requests=1000 display-na
   ServerAdmin ad...@fedoraproject.org

   SSLEngine on
-  SSLProtocol all -SSLv2 -SSLv3
+  SSLProtocol {{ ssl_protocols }}
+  SSLCipherSuite {{ ssl_ciphers }}
   # Use secure TLSv1.1 and TLSv1.2 ciphers
   Header always add Strict-Transport-Security "max-age=15768000;
includeSubDomains; preload"

@@ -113,7 +114,8 @@ WSGIDaemonProcess paguredocs user=git group=git
maximum-requests=1000 display-na
 {% endif %}

   SSLEngine on
-  SSLProtocol all -SSLv2 -SSLv3
+  SSLProtocol {{ ssl_protocols }}
+  SSLCipherSuite {{ ssl_ciphers }}
   # Use secure TLSv1.1 and TLSv1.2 ciphers
   Header always add Strict-Transport-Security "max-age=15768000;
includeSubDomains; preload"

@@ -138,7 +140,8 @@ WSGIDaemonProcess paguredocs user=git group=git
maximum-requests=1000 display-na
   WSGIScriptAlias / /var/www/docs_pagure.wsgi

   SSLEngine on
-  SSLProtocol all -SSLv2 -SSLv3
+  SSLProtocol {{ ssl_protocols }}
+  SSLCipherSuite {{ ssl_ciphers }}
   # Use secure TLSv1.1 and TLSv1.2 ciphers
   Header always add Strict-Transport-Security "max-age=15768000;
includeSubDomains; preload"

diff --git a/roles/piwik/files/piwik-httpd.conf
b/roles/piwik/files/piwik-httpd.conf
index 4b55fdc..881c509e 100644
--- a/roles/piwik/files/piwik-httpd.conf
+++ b/roles/piwik/files/piwik-httpd.conf
@@ -11,8 +11,8 @@
   ServerName piwik.fedorainfracloud.org

   SSLEngine on
-  SSLProtocol all -SSLv2 -SSLv3
-  # Use secure TLSv1.1 and TLSv1.2 ciphers
+  SSLProtocol {{ ssl_protocols }}
+  SSLCipherSuite {{ ssl_ciphers }}
   Header always add Strict-Transport-Security "max-age=15768000;
includeSubDomains; preload"

   SSLCertificateFile /etc/pki/tls/certs/piwik.fedorainfracloud.org.cert
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: Freeze break: set pagure serveradmin

2017-03-17 Thread Pierre-Yves Chibon 
On Fri, Mar 17, 2017 at 01:56:50PM -0600, Kevin Fenzi wrote:
> This is a simple little tweak that fixes pagure saying:
> 
> "Contact root@localhost" when it emits a 500 error. 
> 
> This would fix ticket: 
> https://pagure.io/fedora-infrastructure/issue/5906
> 
> +1s?

Cool +1 for me :)


Pierre

> --
> diff --git a/roles/pagure/frontend/templates/0_pagure.conf
> b/roles/pagure/frontend/templates/0_pagure.conf
> index 6350c5f..a7b7e70 100644
> --- a/roles/pagure/frontend/templates/0_pagure.conf
> +++ b/roles/pagure/frontend/templates/0_pagure.conf
> @@ -61,6 +61,8 @@ WSGIDaemonProcess paguredocs user=git group=git
> maximum-requests=1000 display-na
>  
>    WSGIScriptAlias / /var/www/pagure.wsgi
>  
> +  ServerAdmin ad...@fedoraproject.org
> +
>    SSLEngine on
>    SSLProtocol all -SSLv2 -SSLv3
>    # Use secure TLSv1.1 and TLSv1.2 ciphers



signature.asc
Description: PGP signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: FBR: Bodhi should stop sending error emails on success, and should start sending error emails on error

2017-03-17 Thread Pierre-Yves Chibon 
On Fri, Mar 17, 2017 at 12:36:37PM -0600, Kevin Fenzi wrote:
> Thanks for the details... 
> 
> I am still +1 to updating this, as I think it's better that we have the
> known/current version in use rather than some "might be hotfixed"
> version. 

Same here, even if that makes rolling back harder (meaning we'll need to fix
that version instead of rolling it back if something goes south).

Pierre


signature.asc
Description: PGP signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: SOP for Package Review

2017-03-17 Thread Kevin Fenzi 
On Fri, 2017-03-17 at 04:56 -0600, InvalidPath wrote:
> I'm going to attempt to write this, Im looking for any info anyone
> currently has:
> 
> hosting nodes?
> backend db?
> application names?
> 
> Anything at all would be appreciated.

This is a script that runs on sundries01 (and sundries01.stg). It
collects information about package reviews from bugzilla and makes a
static set of webpages. Those are in turn synced out to each of our
proxies and served from there to end users. 

It has no db, it just runs fresh against bugzilla each time. 

You can find the role under: 
https://infrastructure.fedoraproject.org/cgit/ansible.git/tree/roles/rev
iew-stats

The end proxy url is: 
https://fedoraproject.org/PackageReviewStatus/

Hope that helps.

kevin



signature.asc
Description: This is a digitally signed message part
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: Best practice for 3rd party playbook

2017-03-17 Thread Kevin Fenzi 
On Fri, 2017-03-17 at 09:47 +0100, Miroslav Suchý wrote:
> Hi,
> I am in process in writing playbook for retrace.fedoraproject.org
> 
> ABRT team created:
> https://github.com/abrt/ansible-role-retrace-server
> 
> Which we can use. I just wonder what is best practise for using such 3rd 
> party roles?
> Should I just copy it into our ansible.git? Or should I use ansible-galaxy 
> command to sync it? Manually? Or when the
> playbook is run?

We ran into this a while back with the openshift ansible stuff. 

I guess the answer is 'it depends'. 

If it's pretty small and can be made pretty close to our existing
conventions, I'd say just copy it in and try and keep the external and
internal ones in sync. 

If it's more complex or written in a incompatible way or changes too
much, then we could do what we did with osbs, which is to make a host,
something like: retrace-control and in our ansible playbooks we go to
that host and pull the role/setup and run it from there on the retrace
machines. 

This role seems pretty small to me and hopefully won't change too much,
so hopefully we can just do the first of these. ;) 

Thoughts?

kevin


signature.asc
Description: This is a digitally signed message part
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: FBR: Bodhi should stop sending error emails on success, and should start sending error emails on error

2017-03-17 Thread Kevin Fenzi 
Thanks for the details... 

I am still +1 to updating this, as I think it's better that we have the
known/current version in use rather than some "might be hotfixed"
version. 

kevin


signature.asc
Description: This is a digitally signed message part
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: FBR: Bodhi should stop sending error emails on success, and should start sending error emails on error

2017-03-17 Thread Randy Barlow 
I just remembered that I had never upgraded production to version
2017.0:

https://github.com/fedora-infra/fedmsg-atomic-composer/releases/tag/2017.0

This means that if I install 2017.1 (which has the 1-char diff I asked
for an FBR on) it will also be installing those changes.

FWIW, most of those changes are already hotfixed on production, and
2017.0 was primarily made so that we could have a real release on
production rather than a "sudo vim"'d release. There are a couple of
changes from those release notes that I don't think are on production:

* AtomicConsumer now has a config key

  I think this one will also stop some e-mails we get when fedmsg-hub
  is restarted.

* stderr messages are now logged at info and not error level

  This one is where I introduced the exit code problem that my FBR is
  supposed to fix, but note that without this change all stderr was
  logged as an error which is incorrect since many programs use stderr
  for debug/detail statements (including rpm-ostree as we are seeing).
  2017.1 corrects this change to correctly use the exit code.

With this info, are you still +1 on deploying 2017.1 (with the 1-char
diff)? I personally think it's still OK to go, but I wanted to be
forthcoming about the present state before making more changes than I
had written about in my original FBR. If not, some other options:

* We could wait until after the freeze.

* I could continue the tradition of "sudo vim"'ing production and just
  change that log statement to info instead of error.

What say you?

signature.asc
Description: This is a digitally signed message part
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: Freeze Break Request: increase threads for resultsdb_frontend wsgi daemon

2017-03-17 Thread Pierre-Yves Chibon 
On Fri, Mar 17, 2017 at 10:26:47AM -0600, Tim Flink wrote:
> Production resultsdb_frontend is also really slow and I'd like to
> bump it's resources at the same time I bump resultsdb from the
> other FBR.
> 
> +1s?

+1 

Pierre

> 
> From 9757a01edfe14a2455f523d0ac7cb8cfb4e92f8e Mon Sep 17 00:00:00 2001
> From: Tim Flink 
> Date: Fri, 17 Mar 2017 16:23:12 +
> Subject: [PATCH 2/2] bump resources for resultsdb_frontend as well
> 
> ---
>  .../taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2 | 4 
> 
>  1 file changed, 4 insertions(+)
> 
> diff --git 
> a/roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2 
> b/roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2
> index 16fbc89..e71cf58 100644
> --- a/roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2
> +++ b/roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2
> @@ -1,4 +1,8 @@
> +{% if deployment_type in ['stg', 'prod'] %}
> +WSGIDaemonProcess resultsdb_frontend user=apache group=apache threads=100 
> processes=10
> +{% else %}
>  WSGIDaemonProcess resultsdb_frontend user=apache group=apache threads=5
> +{% endif %}
>  WSGIScriptAlias /{{ resultsdb_fe_endpoint }} 
> /usr/share/resultsdb_frontend/resultsdb_frontend.wsgi
>  WSGISocketPrefix run/wsgi
>  
> -- 
> 1.8.3.1




signature.asc
Description: PGP signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: Freeze Break Request: increase threads for resultsdb_frontend wsgi daemon

2017-03-17 Thread Kevin Fenzi 
+1

kevin


signature.asc
Description: This is a digitally signed message part
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: Freeze Break Request: increase threads for resultsdb wsgi daemon

2017-03-17 Thread Kevin Fenzi 
+1

kevin


signature.asc
Description: This is a digitally signed message part
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Freeze Break Request: increase threads for resultsdb_frontend wsgi daemon

2017-03-17 Thread Tim Flink 
Production resultsdb_frontend is also really slow and I'd like to
bump it's resources at the same time I bump resultsdb from the
other FBR.

+1s?

Tim

From 9757a01edfe14a2455f523d0ac7cb8cfb4e92f8e Mon Sep 17 00:00:00 2001
From: Tim Flink 
Date: Fri, 17 Mar 2017 16:23:12 +
Subject: [PATCH 2/2] bump resources for resultsdb_frontend as well

---
 .../taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2 | 4 
 1 file changed, 4 insertions(+)

diff --git 
a/roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2 
b/roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2
index 16fbc89..e71cf58 100644
--- a/roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2
+++ b/roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2
@@ -1,4 +1,8 @@
+{% if deployment_type in ['stg', 'prod'] %}
+WSGIDaemonProcess resultsdb_frontend user=apache group=apache threads=100 
processes=10
+{% else %}
 WSGIDaemonProcess resultsdb_frontend user=apache group=apache threads=5
+{% endif %}
 WSGIScriptAlias /{{ resultsdb_fe_endpoint }} 
/usr/share/resultsdb_frontend/resultsdb_frontend.wsgi
 WSGISocketPrefix run/wsgi
 
-- 
1.8.3.1


pgphtDWHZ5hvW.pgp
Description: OpenPGP digital signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: Freeze Break Request: increase threads for resultsdb wsgi daemon

2017-03-17 Thread Pierre-Yves Chibon 
On Fri, Mar 17, 2017 at 09:41:02AM -0600, Tim Flink wrote:
> Production resultsdb is still really slow and we're still seeing the
> occasional error on result posting so I'd like to bump the resources
> allocated to the wsgi app again.

I wonder if this doesn't saturate the server at one point

I'm +1 to apply because it's easy to revert but I'm not sure it's the right
solution


Pierre

> From 3d45155959cbdcde39c1a98a584a100b590761db Mon Sep 17 00:00:00 2001
> From: Tim Flink 
> Date: Fri, 17 Mar 2017 15:33:49 +
> Subject: [PATCH] bumping resultsdb wsgi resources again
> 
> ---
>  roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2 | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git
> a/roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2
> b/roles/taskotron/resultsdb-ba index 97e73b9..c3f4d5c 100644 ---
> a/roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2 +++
> b/roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2 @@ -1,5
> +1,5 @@ {% if deployment_type in ['stg', 'prod'] %}
> -WSGIDaemonProcess resultsdb user=apache group=apache threads=100
> processes=5 +WSGIDaemonProcess resultsdb user=apache group=apache
> threads=200 processes=20 {% else %}
>  WSGIDaemonProcess resultsdb user=apache group=apache threads=5
>  {% endif %}
> -- 
> 1.8.3.1



signature.asc
Description: PGP signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Freeze Break Request: increase threads for resultsdb wsgi daemon

2017-03-17 Thread Tim Flink 
Production resultsdb is still really slow and we're still seeing the
occasional error on result posting so I'd like to bump the resources
allocated to the wsgi app again.

+1s?

Tim

From 3d45155959cbdcde39c1a98a584a100b590761db Mon Sep 17 00:00:00 2001
From: Tim Flink 
Date: Fri, 17 Mar 2017 15:33:49 +
Subject: [PATCH] bumping resultsdb wsgi resources again

---
 roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git
a/roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2
b/roles/taskotron/resultsdb-ba index 97e73b9..c3f4d5c 100644 ---
a/roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2 +++
b/roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2 @@ -1,5
+1,5 @@ {% if deployment_type in ['stg', 'prod'] %}
-WSGIDaemonProcess resultsdb user=apache group=apache threads=100
processes=5 +WSGIDaemonProcess resultsdb user=apache group=apache
threads=200 processes=20 {% else %}
 WSGIDaemonProcess resultsdb user=apache group=apache threads=5
 {% endif %}
-- 
1.8.3.1


pgp8_x67paMUo.pgp
Description: OpenPGP digital signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: SOP for Package Review

2017-03-17 Thread Aurelie Deromedis 
Hi Ben,

I've found the Fedora link below in one of my searches:

https://fedoraproject.org/wiki/Packaging:ReviewGuidelines#Package_Revie
w_Process

Cheers,

Aurelie

On Fri, 2017-03-17 at 04:56 -0600, InvalidPath wrote:
> I'm going to attempt to write this, Im looking for any info anyone
> currently has:
> 
> hosting nodes?
> backend db?
> application names?
> 
> Anything at all would be appreciated.
> 
> Ben
> ___
> infrastructure mailing list -- infrastructure@lists.fedoraproject.org
> To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

signature.asc
Description: This is a digitally signed message part
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: Freeze Break Request: enable package-specific tasks for Taskotron production

2017-03-17 Thread Tim Flink 
On Fri, 17 Mar 2017 09:37:07 +0100
Pierre-Yves Chibon  wrote:

> On Thu, Mar 16, 2017 at 12:44:37PM -0600, Tim Flink wrote:
> > This has been pending for a long time and now that the bureaucratic
> > stuff has been figured out and our dev/stg instances are running
> > well, we'd like to enable package-specific tasks in Taskotron
> > production.


This was pushed to production last night and everything seems to be
running fine.

Thanks,

Tim


pgpsZrRI7KyMv.pgp
Description: OpenPGP digital signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: FBR: Fix koji monitoring from noc02

2017-03-17 Thread Tim Flink 
On Fri, 17 Mar 2017 13:28:31 +
Patrick Uiterwijk  wrote:

> Hi all,
> 
> So, our noc02 monitoring of Koji build targets broke because the
> modularity stuff pushed rawhide to the second page :).
> Can I get +1s to start testing for "infra" instead, which should match
> $release-infra and such?
> 
> Patrick


+1

Tim


pgpKhdwZf8J6z.pgp
Description: OpenPGP digital signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: FBR: Fix koji monitoring from noc02

2017-03-17 Thread Kevin Fenzi 
+1

kevin


signature.asc
Description: This is a digitally signed message part
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: FBR: Fix koji monitoring from noc02

2017-03-17 Thread Pierre-Yves Chibon 
On Fri, Mar 17, 2017 at 01:28:31PM +, Patrick Uiterwijk wrote:
> Hi all,
> 
> So, our noc02 monitoring of Koji build targets broke because the
> modularity stuff pushed rawhide to the second page :).
> Can I get +1s to start testing for "infra" instead, which should match
> $release-infra and such?

+1 for me

Pierre


> commit dd4583fff2ca0739dee955197be02551373a23f5
> Author: Patrick Uiterwijk 
> Date:   Fri Mar 17 13:27:04 2017 +
> 
> Check for *-infra target, since rawhide comes after modularity build 
> targets
> 
> Signed-off-by: Patrick Uiterwijk 
> 
> diff --git a/roles/nagios/server/files/nagios-external/services/websites.cfg
> b/roles/nagios/server/files
> index d571a95..3a96003 100644
> --- a/roles/nagios/server/files/nagios-external/services/websites.cfg
> +++ b/roles/nagios/server/files/nagios-external/services/websites.cfg
> @@ -45,7 +45,7 @@ define service {
>  define service {
>host_name koji-phx2
>service_description   koji
> -  check_command
> check_website!koji.fedoraproject.org!/koji/buildtargets!rawhide
> +  check_command
> check_website!koji.fedoraproject.org!/koji/buildtargets!infra
>use   websitetemplate
>  }
> ___
> infrastructure mailing list -- infrastructure@lists.fedoraproject.org
> To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org


signature.asc
Description: PGP signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: 503 Responses From 8.43.85.67

2017-03-17 Thread Stephen John Smoogen 
This was being worked on and fixed with Patrick at 0800 UTC

On 17 March 2017 at 03:09, Jonathan Steffan  wrote:
> Team,
>
> The community has been experiencing issues with the FPO infrastructure
> intermittently.  I believe I've found the destination causing the issue:
>
> $ curl -vso /dev/null --resolve fedoraproject.org:443:8.43.85.67
> https://fedoraproject.org/wiki/Fedora_Project_Wiki
> * Added fedoraproject.org:443:8.43.85.67 to DNS cache
> * Hostname fedoraproject.org was found in DNS cache
> *   Trying 8.43.85.67...
> * TCP_NODELAY set
> * Connected to fedoraproject.org (8.43.85.67) port 443 (#0)
> * Initializing NSS with certpath: sql:/etc/pki/nssdb
> *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
>   CApath: none
> * ALPN/NPN, server did not agree to a protocol
> * SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
> * Server certificate:
> * subject: CN=*.fedoraproject.org,O=Red Hat Inc.,L=Raleigh,ST=North
> Carolina,C=US
> * start date: Feb 01 00:00:00 2017 GMT
> * expire date: May 01 12:00:00 2020 GMT
> * common name: *.fedoraproject.org
> * issuer: CN=DigiCert SHA2 High Assurance Server
> CA,OU=www.digicert.com,O=DigiCert Inc,C=US
>> GET /wiki/Fedora_Project_Wiki HTTP/1.1
>> Host: fedoraproject.org
>> User-Agent: curl/7.51.0
>> Accept: */*
>>
> < HTTP/1.1 503 Service Unavailable
> < Date: Fri, 17 Mar 2017 06:46:33 GMT
> < Server: Apache/2.4.6 (Red Hat Enterprise Linux)
> < Content-Length: 400
> < Connection: close
> < Content-Type: text/html; charset=iso-8859-1
> <
> { [400 bytes data]
> * Curl_http_done: called premature == 0
> * Closing connection 0
>
> I pinged in #fedora-admin but wanted to let everyone know there is an
> intermittent failure right now. Mar 16 22:08:45 MDT is the first concrete
> time I can state this issue started.
>
>
> --
> Jonathan Steffan
> jonathanstef...@gmail.com
>
> ___
> infrastructure mailing list -- infrastructure@lists.fedoraproject.org
> To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
>



-- 
Stephen J Smoogen.
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

FBR: Fix koji monitoring from noc02

2017-03-17 Thread Patrick Uiterwijk 
Hi all,

So, our noc02 monitoring of Koji build targets broke because the
modularity stuff pushed rawhide to the second page :).
Can I get +1s to start testing for "infra" instead, which should match
$release-infra and such?

Patrick


commit dd4583fff2ca0739dee955197be02551373a23f5
Author: Patrick Uiterwijk 
Date:   Fri Mar 17 13:27:04 2017 +

Check for *-infra target, since rawhide comes after modularity build targets

Signed-off-by: Patrick Uiterwijk 

diff --git a/roles/nagios/server/files/nagios-external/services/websites.cfg
b/roles/nagios/server/files
index d571a95..3a96003 100644
--- a/roles/nagios/server/files/nagios-external/services/websites.cfg
+++ b/roles/nagios/server/files/nagios-external/services/websites.cfg
@@ -45,7 +45,7 @@ define service {
 define service {
   host_name koji-phx2
   service_description   koji
-  check_command
check_website!koji.fedoraproject.org!/koji/buildtargets!rawhide
+  check_command
check_website!koji.fedoraproject.org!/koji/buildtargets!infra
   use   websitetemplate
 }
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: FBR: Add proxy10 and proxy14 to noc02

2017-03-17 Thread Pierre-Yves Chibon 
On Fri, Mar 17, 2017 at 08:54:16AM +, Patrick Uiterwijk wrote:
> Hi all,
> 
> Last night, we've found that proxy14 was not up "up" the last few days
> (since it was rebooted for the RDU migration).
> Can I get +1s to get it added to noc02?
> Patch after the break.

+1 for me,

Pierre


> commit 0e69fbf106b7e5ce361f561de028e8e716825a32
> Author: Patrick Uiterwijk 
> Date:   Fri Mar 17 08:47:14 2017 +
> 
> Add proxy10 and proxy14
> 
> Signed-off-by: Patrick Uiterwijk 
> 
> diff --git 
> a/roles/nagios/server/files/nagios-external/hosts/admin.fedoraproject.org.cfg
> b/roles/nagios/server/files/nagios-external/hosts/admin.fedoraproject.org.cfg
> index 57d6759..359b5cd 100644
> --- 
> a/roles/nagios/server/files/nagios-external/hosts/admin.fedoraproject.org.cfg
> +++ 
> b/roles/nagios/server/files/nagios-external/hosts/admin.fedoraproject.org.cfg
> @@ -16,6 +16,39 @@ define host {
>address  209.132.181.16
>  }
> 
> +define host {
> +  host_name209.132.181.15-phx2
> +  alias209.132.181.15-phx2
> +  use  defaulttemplate
> +  address  209.132.181.15
> +  parents  proxy10.fedoraproject.org
> +}
> +
> +define host {
> +  host_nameproxy10.fedoraproject.org
> +  aliasproxy10.fedoraproject.org
> +  use  defaulttemplate
> +  address  209.132.181.15
> +}
> +
> +#
> +# rdu2
> +#
> +define host {
> +  host_name8.43.85.67-rdu2
> +  alias8.43.85.67-rdu2
> +  use  defaulttemplate
> +  address  8.43.85.67
> +  parents  proxy14.fedoraproject.org
> +}
> +
> +define host {
> +  host_nameproxy14.fedoraproject.org
> +  aliasproxy14.fedoraproject.org
> +  use  defaulttemplate
> +  address  8.43.85.67
> +}
> +
>  #
>  # tummy
>  #
> diff --git a/roles/nagios/server/files/nagios-external/services/websites.cfg
> b/roles/nagios/server/files/nagios-external/services/websites.cfg
> index 180cdd2..d571a95 100644
> --- a/roles/nagios/server/files/nagios-external/services/websites.cfg
> +++ b/roles/nagios/server/files/nagios-external/services/websites.cfg
> @@ -3,7 +3,7 @@
>  #
> 
>  define service {
> -  host_name 209.132.181.16-phx2, 85.236.55.6-internetx,
> proxy03.fedoraproject.org, 152.19.134.142-ibiblio,
> 152.19.134.198-ibiblio, proxy06.fedoraproject.org,
> proxy09.fedoraproject.org, 67.203.2.67-coloamerica
> +  host_name 209.132.181.16-phx2, 85.236.55.6-internetx,
> proxy03.fedoraproject.org, 152.19.134.142-ibiblio,
> 152.19.134.198-ibiblio, proxy06.fedoraproject.org,
> proxy09.fedoraproject.org, 67.203.2.67-coloamerica,
> 209.132.181.15-phx2, 8.43.85.67-rdu2
>service_description   https
>max_check_attempts2
>normal_check_interval 2
> @@ -13,7 +13,7 @@ define service {
> 
> 
>  define service {
> -  host_name 209.132.181.16-phx2, 85.236.55.6-internetx,
> proxy03.fedoraproject.org, 152.19.134.142-ibiblio,
> 152.19.134.198-ibiblio, proxy06.fedoraproject.org,
> proxy09.fedoraproject.org, 67.203.2.67-coloamerica
> +  host_name 209.132.181.16-phx2, 85.236.55.6-internetx,
> proxy03.fedoraproject.org, 152.19.134.142-ibiblio,
> 152.19.134.198-ibiblio, proxy06.fedoraproject.org,
> proxy09.fedoraproject.org, 67.203.2.67-coloamerica,
> 209.132.181.15-phx2, 8.43.85.67-rdu2
>service_description   bodhi
>max_check_attempts8
>check_command check_website_ssl!bodhi.fedoraproject.org!/!Fedora
> @@ -21,14 +21,14 @@ define service {
>  }
> 
>  define service {
> -  host_name 209.132.181.16-phx2, 85.236.55.6-internetx,
> proxy03.fedoraproject.org, 152.19.134.142-ibiblio,
> 152.19.134.198-ibiblio, proxy06.fedoraproject.org,
> proxy09.fedoraproject.org, 67.203.2.67-coloamerica
> +  host_name 209.132.181.16-phx2, 85.236.55.6-internetx,
> proxy03.fedoraproject.org, 152.19.134.142-ibiblio,
> 152.19.134.198-ibiblio, proxy06.fedoraproject.org,
> proxy09.fedoraproject.org, 67.203.2.67-coloamerica,
> 209.132.181.15-phx2, 8.43.85.67-rdu2
>service_description   pkgdb
>check_command
> check_website_ssl!admin.fedoraproject.org!/pkgdb/collections/!EPEL
>use   websitetemplate
>  }
> 
>  define service {
> -  host_name 209.132.181.16-phx2, 85.236.55.6-internetx,
> proxy03.fedoraproject.org, 152.19.134.142-ibiblio,
> 152.19.134.198-ibiblio, proxy06.fedoraproject.org,
> proxy09.fedoraproject.org, 67.203.2.67-coloamerica
> +  host_name 209.132.181.16-phx2, 85.236.55.6-internetx,
> proxy03.fedoraproject.org, 152.19.134.142-ibiblio,
> 152.19.134.198-ibiblio, proxy06.fedoraproject.org,
> proxy09.fedoraproject.org, 67.203.2.67-coloamerica,
>

FBR: Add proxy10 and proxy14 to noc02

2017-03-17 Thread Patrick Uiterwijk 
Hi all,

Last night, we've found that proxy14 was not up "up" the last few days
(since it was rebooted for the RDU migration).
Can I get +1s to get it added to noc02?
Patch after the break.

Patrick


commit 0e69fbf106b7e5ce361f561de028e8e716825a32
Author: Patrick Uiterwijk 
Date:   Fri Mar 17 08:47:14 2017 +

Add proxy10 and proxy14

Signed-off-by: Patrick Uiterwijk 

diff --git 
a/roles/nagios/server/files/nagios-external/hosts/admin.fedoraproject.org.cfg
b/roles/nagios/server/files/nagios-external/hosts/admin.fedoraproject.org.cfg
index 57d6759..359b5cd 100644
--- 
a/roles/nagios/server/files/nagios-external/hosts/admin.fedoraproject.org.cfg
+++ 
b/roles/nagios/server/files/nagios-external/hosts/admin.fedoraproject.org.cfg
@@ -16,6 +16,39 @@ define host {
   address  209.132.181.16
 }

+define host {
+  host_name209.132.181.15-phx2
+  alias209.132.181.15-phx2
+  use  defaulttemplate
+  address  209.132.181.15
+  parents  proxy10.fedoraproject.org
+}
+
+define host {
+  host_nameproxy10.fedoraproject.org
+  aliasproxy10.fedoraproject.org
+  use  defaulttemplate
+  address  209.132.181.15
+}
+
+#
+# rdu2
+#
+define host {
+  host_name8.43.85.67-rdu2
+  alias8.43.85.67-rdu2
+  use  defaulttemplate
+  address  8.43.85.67
+  parents  proxy14.fedoraproject.org
+}
+
+define host {
+  host_nameproxy14.fedoraproject.org
+  aliasproxy14.fedoraproject.org
+  use  defaulttemplate
+  address  8.43.85.67
+}
+
 #
 # tummy
 #
diff --git a/roles/nagios/server/files/nagios-external/services/websites.cfg
b/roles/nagios/server/files/nagios-external/services/websites.cfg
index 180cdd2..d571a95 100644
--- a/roles/nagios/server/files/nagios-external/services/websites.cfg
+++ b/roles/nagios/server/files/nagios-external/services/websites.cfg
@@ -3,7 +3,7 @@
 #

 define service {
-  host_name 209.132.181.16-phx2, 85.236.55.6-internetx,
proxy03.fedoraproject.org, 152.19.134.142-ibiblio,
152.19.134.198-ibiblio, proxy06.fedoraproject.org,
proxy09.fedoraproject.org, 67.203.2.67-coloamerica
+  host_name 209.132.181.16-phx2, 85.236.55.6-internetx,
proxy03.fedoraproject.org, 152.19.134.142-ibiblio,
152.19.134.198-ibiblio, proxy06.fedoraproject.org,
proxy09.fedoraproject.org, 67.203.2.67-coloamerica,
209.132.181.15-phx2, 8.43.85.67-rdu2
   service_description   https
   max_check_attempts2
   normal_check_interval 2
@@ -13,7 +13,7 @@ define service {


 define service {
-  host_name 209.132.181.16-phx2, 85.236.55.6-internetx,
proxy03.fedoraproject.org, 152.19.134.142-ibiblio,
152.19.134.198-ibiblio, proxy06.fedoraproject.org,
proxy09.fedoraproject.org, 67.203.2.67-coloamerica
+  host_name 209.132.181.16-phx2, 85.236.55.6-internetx,
proxy03.fedoraproject.org, 152.19.134.142-ibiblio,
152.19.134.198-ibiblio, proxy06.fedoraproject.org,
proxy09.fedoraproject.org, 67.203.2.67-coloamerica,
209.132.181.15-phx2, 8.43.85.67-rdu2
   service_description   bodhi
   max_check_attempts8
   check_command check_website_ssl!bodhi.fedoraproject.org!/!Fedora
@@ -21,14 +21,14 @@ define service {
 }

 define service {
-  host_name 209.132.181.16-phx2, 85.236.55.6-internetx,
proxy03.fedoraproject.org, 152.19.134.142-ibiblio,
152.19.134.198-ibiblio, proxy06.fedoraproject.org,
proxy09.fedoraproject.org, 67.203.2.67-coloamerica
+  host_name 209.132.181.16-phx2, 85.236.55.6-internetx,
proxy03.fedoraproject.org, 152.19.134.142-ibiblio,
152.19.134.198-ibiblio, proxy06.fedoraproject.org,
proxy09.fedoraproject.org, 67.203.2.67-coloamerica,
209.132.181.15-phx2, 8.43.85.67-rdu2
   service_description   pkgdb
   check_command
check_website_ssl!admin.fedoraproject.org!/pkgdb/collections/!EPEL
   use   websitetemplate
 }

 define service {
-  host_name 209.132.181.16-phx2, 85.236.55.6-internetx,
proxy03.fedoraproject.org, 152.19.134.142-ibiblio,
152.19.134.198-ibiblio, proxy06.fedoraproject.org,
proxy09.fedoraproject.org, 67.203.2.67-coloamerica
+  host_name 209.132.181.16-phx2, 85.236.55.6-internetx,
proxy03.fedoraproject.org, 152.19.134.142-ibiblio,
152.19.134.198-ibiblio, proxy06.fedoraproject.org,
proxy09.fedoraproject.org, 67.203.2.67-coloamerica,
209.132.181.15-phx2, 8.43.85.67-rdu2
   service_description packages
   max_check_attempts 8
   check_command check_website_ssl!apps.fedoraproject.org!/packages/!Packages
@@ -36,7 +36,7 @@ define service {
 }

 define service {
-  host_name 209.132.181.16-phx2, 85.236.55.6-internetx,
proxy03.fedoraproject.org,

Best practice for 3rd party playbook

2017-03-17 Thread Miroslav Suchý 
Hi,
I am in process in writing playbook for retrace.fedoraproject.org

ABRT team created:
https://github.com/abrt/ansible-role-retrace-server

Which we can use. I just wonder what is best practise for using such 3rd party 
roles?
Should I just copy it into our ansible.git? Or should I use ansible-galaxy 
command to sync it? Manually? Or when the
playbook is run?
-- 
Miroslav Suchy, RHCA
Red Hat, Senior Software Engineer, #brno, #devexp, #fedora-buildsys
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: Freeze Break Request: Enabling Nested Virt for Production Taskotron Virthosts

2017-03-17 Thread Pierre-Yves Chibon 
On Thu, Mar 16, 2017 at 07:52:43PM -0600, Tim Flink wrote:
> This is less important than the other FBR that I submitted but I'd like
> to do it while things are paused for the other change.
> 
> I'd like to enable nested virt on the virthosts that run the Taskotron
> production clients. What I'd be doing is:
> 
>  - adding the 'virthost' role in ansible
>  - running the playbook for the Taskotron client virthosts
>  - rebooting the machines (qa12.qa and qa13.qa)
> 
> The change is small and since jobs are already stopped, there should be
> little impact other than nagios warnings if I forget to schedule
> downtime :)
> 
> If something goes wrong, we can remove the nested virt enablement and
> reboot the hosts again. If all else fails, we can sub in the dev and
> stg virthosts because all of the Taskotron virthosts are pretty much
> identical. I think that this is incredibly unlikely, though.
> 
> +1s?

Sounds fine,

Pierre


signature.asc
Description: PGP signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org