Spring cleaning time. :)
I removed all the old files, inventory, playbooks, roles and other from services we no longer run or use. There was a bunch of cruft in there and I hope that will make the repo cleaner and easier to look for things we actually do run and care about. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
parent
0eca617652
commit
c529380547
|
@ -1,6 +0,0 @@
|
|||
#!/bin/sh
|
||||
SNAPSHOTTIME=$(date +"%m-%d-%Y")
|
||||
cd /srv/persist
|
||||
echo "Snapshot taken $SNAPSHOTTIME.\n" >> /var/www/html/artboard/artboard-backup-summary.log
|
||||
tar -zcvf "artboard-backup.tar.gz" artboard
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
<Directory "/var/www/html/artboard">
|
||||
Options Indexes FollowSymLinks
|
||||
|
||||
AllowOverride All
|
||||
|
||||
<IfModule mod_authz_core.c>
|
||||
# Apache 2.4
|
||||
Require all granted
|
||||
</IfModule>
|
||||
<IfModule !mod_authz_core.c>
|
||||
# Apache 2.2
|
||||
Order deny,allow
|
||||
Allow from all
|
||||
</IfModule>
|
||||
|
||||
</Directory>
|
|
@ -1,2 +0,0 @@
|
|||
RedirectMatch "^/$" /artboard/
|
||||
|
|
@ -1,74 +0,0 @@
|
|||
[mysqld]
|
||||
datadir=/var/lib/mysql
|
||||
socket=/var/lib/mysql/mysql.sock
|
||||
user=mysql
|
||||
# Default to using old password format for compatibility with mysql 3.x
|
||||
# clients (those using the mysqlclient10 compatibility package).
|
||||
old_passwords=1
|
||||
max_connections=900
|
||||
query_cache_size=64M
|
||||
query_cache_limit=2M
|
||||
ft_min_word_len=3
|
||||
|
||||
log-slow-queries=/var/log/mysqld/slow-queries.log
|
||||
long_query_time = 2
|
||||
general_log = 1
|
||||
general_log_file = /var/log/mysqld/mysql-transfer.log
|
||||
|
||||
skip-locking
|
||||
key_buffer = 384M
|
||||
key_buffer_size=64M
|
||||
max_allowed_packet = 16M
|
||||
table_cache = 2048
|
||||
sort_buffer_size = 8M
|
||||
join_buffer_size = 8M
|
||||
read_buffer_size = 2M
|
||||
read_rnd_buffer_size = 16M
|
||||
bulk_insert_buffer_size = 64M
|
||||
myisam_sort_buffer_size = 128M
|
||||
myisam_max_sort_file_size=15G
|
||||
myisam_max_extra_sort_file_size = 10G
|
||||
thread_cache_size = 8
|
||||
# Try number of CPU's*2 for thread_concurrency
|
||||
thread_concurrency = 16
|
||||
thread_stack = 192K
|
||||
|
||||
transaction_isolation = REPEATABLE-READ
|
||||
|
||||
back_log = 50
|
||||
binlog_cache_size = 1M
|
||||
max_heap_table_size = 128M
|
||||
|
||||
tmp_table_size = 128M
|
||||
|
||||
innodb_additional_mem_pool_size = 16M
|
||||
innodb_buffer_pool_size = 4G
|
||||
innodb_file_io_threads = 4
|
||||
innodb_thread_concurrency = 16
|
||||
innodb_flush_log_at_trx_commit = 1
|
||||
innodb_log_buffer_size = 8M
|
||||
#innodb_log_file_size = 2G
|
||||
#innodb_log_files_in_group = 3
|
||||
innodb_max_dirty_pages_pct = 90
|
||||
|
||||
|
||||
[mysqld_safe]
|
||||
log-error=/var/log/mysqld.log
|
||||
pid-file=/var/run/mysqld/mysqld.pid
|
||||
open-files-limit = 8192
|
||||
|
||||
[isamchk]
|
||||
key_buffer = 512M
|
||||
sort_buffer_size = 512M
|
||||
read_buffer = 8M
|
||||
write_buffer = 8M
|
||||
|
||||
[myisamchk]
|
||||
key_buffer = 512M
|
||||
sort_buffer_size = 512M
|
||||
read_buffer = 8M
|
||||
write_buffer = 8M
|
||||
|
||||
[mysqlhotcopy]
|
||||
interactive-timeout
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
[rhel7-rhos13]
|
||||
name = rhel7 openstack $basearch
|
||||
baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-openstack-13-rpms
|
||||
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
|
|
@ -1,19 +0,0 @@
|
|||
NameVirtualHost *:80
|
||||
|
||||
<Directory "/srv">
|
||||
Options All
|
||||
AllowOverride All
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
<VirtualHost *:80>
|
||||
ServerName {{domain}}
|
||||
DocumentRoot /srv/www/facebook/phabricator/webroot
|
||||
|
||||
RewriteEngine on
|
||||
RewriteRule ^/rsrc/(.*) - [L,QSA]
|
||||
RewriteRule ^/favicon.ico - [L,QSA]
|
||||
RewriteRule ^(.*)$ /index.php?__path__=$1 [B,L,QSA]
|
||||
|
||||
SetEnv PHABRICATOR_ENV custom/myconfig
|
||||
</VirtualHost>
|
|
@ -1,18 +0,0 @@
|
|||
<?php
|
||||
|
||||
return array(
|
||||
'phabricator.base-uri' => 'http://{{domain}}/',
|
||||
|
||||
'mysql.host' => 'localhost',
|
||||
'mysql.user' => 'root',
|
||||
|
||||
'metamta.default-address' => 'phabricator@{{domain}}',
|
||||
'metamta.domain' => '{{domain}}',
|
||||
|
||||
'phabricator.timezone' => 'America/New_York',
|
||||
'pygments.enabled' => true,
|
||||
|
||||
// NOTE: Check default.conf.php for detailed explanations of all the
|
||||
// configuration options, including these.
|
||||
|
||||
) + phabricator_read_config_file('production');
|
|
@ -1,10 +0,0 @@
|
|||
<VirtualHost *:80>
|
||||
ServerName trac-dev.cloud.fedoraproject.org
|
||||
WSGIScriptAlias / /srv/www/trac/trac.wsgi
|
||||
|
||||
<Directory /srv/www/trac/trac.wsgi>
|
||||
WSGIProcessGroup %{GLOBAL}
|
||||
Order deny,allow
|
||||
Allow from all
|
||||
</Directory>
|
||||
</VirtualHost>
|
|
@ -1,15 +0,0 @@
|
|||
import __main__
|
||||
if hasattr(__main__, '__requires__'):
|
||||
if isinstance(__main__.__requires__, basestring):
|
||||
__main__.__requires__ = [__main__.__requires__]
|
||||
else:
|
||||
__main__.__requires__ = []
|
||||
__main__.__requires__.append('Trac')
|
||||
|
||||
import os
|
||||
|
||||
os.environ['TRAC_ENV_PARENT_DIR'] = '/srv/www/trac/projects'
|
||||
os.environ['PYTHON_EGG_CACHE'] = '/var/cache/trac'
|
||||
|
||||
import trac.web.main
|
||||
application = trac.web.main.dispatch_request
|
|
@ -1 +0,0 @@
|
|||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDxFYkms3bEGIGpH0Dg0JgvsdHI/pWkS4ynCn/poyVcKc+SL1StKoOFPzzFh7dGVIeQ6q8MLbm246H8Swx57R13Q3bhtTs5Gpy5bNC7HejkWbrrMEJuKxVKhIintbC+tT04OFBFklVePuxacsc3EBdTHSnz9o41MfJnjv58VxJB5bwfgsV7FMDLHnBpujlPPH1hZG5A0fwD8VgCwaRVirIs9Kw35yKEUm8D76vOxjAqm7UTexEcPNFb4tYGzI00hbPS374FzoO4ZuXxv1ymakw9iyL54Hwbyj8JxBbgfZ6TvgLSSN9OU+KRqz1NqfepSj+y8up0Q+W8J5UObvf02VZrJKVgnIVe5gw4iDx/5E7F4qmf8qa5YUlJnP3LWRz6jhtQE+m6Ro7zItnoqPR3EtQZ9rMgaS1+/qPX7hcB35hlGZbhj0IDY+HE98ehUivUuxSoLOp8c+COaJ2b5+wSQigi9jRYx0qPeCOCCtA8vF8z4SOmD3I6IsPzlCiejeC5y3tWoQqJPR430TPBJ7CMNbbHPNF8GyzM7vFukqSpgacLq1f/YgBwqiRLVk+ktgUM/+fHuE6mUDMdE+Ag2lfwHnLI7DOwaJdr7JoAoSi6R+uTRhx1d4AET1sMv/HXKD+4Abu0WyaT3l/xO+hBABz+KO33gPUdCsKOw7lvJFZRC+OSyQ==
|
|
@ -1,107 +0,0 @@
|
|||
from ansible import errors
|
||||
from glanceclient import Client as GlanceClient
|
||||
from keystoneclient import session
|
||||
from keystoneclient.auth.identity import v2 as identity
|
||||
from neutronclient.neutron.client import Client as NeutronClient
|
||||
from novaclient.v3.client import Client
|
||||
import glanceclient.exc
|
||||
import json
|
||||
import novaclient.exceptions
|
||||
|
||||
def flavor_id_to_name(host_vars, user, password, tenant, auth_url):
|
||||
nt = Client(user, password, tenant, auth_url, service_type="compute")
|
||||
try:
|
||||
flavor = nt.flavors.get(host_vars)
|
||||
except novaclient.exceptions.NotFound:
|
||||
raise errors.AnsibleFilterError('There is no flavor of name {0} accessible for tenant {1}'.format(host_vars, tenant))
|
||||
return flavor.name
|
||||
|
||||
|
||||
def flavor_name_to_id(host_vars, user, password, tenant, auth_url):
|
||||
nt = Client(user, password, tenant, auth_url, service_type="compute")
|
||||
for i in nt.flavors.list():
|
||||
if i.name == host_vars:
|
||||
return i.id
|
||||
raise errors.AnsibleFilterError('There is no flavor of id {0} accessible for tenant {1}'.format(host_vars, tenant))
|
||||
|
||||
def image_id_to_name(host_vars, user, password, tenant, auth_url):
|
||||
auth = identity.Password(auth_url=auth_url, username=user,
|
||||
password=password, tenant_name=tenant)
|
||||
sess = session.Session(auth=auth)
|
||||
token = auth.get_token(sess)
|
||||
endpoint = auth.get_endpoint(sess, service_name='glance', service_type='image')
|
||||
glance = GlanceClient('2', endpoint=endpoint, token=token)
|
||||
try:
|
||||
return glance.images.get(host_vars).name
|
||||
except glanceclient.exc.HTTPNotFound:
|
||||
raise errors.AnsibleFilterError('There is no image of id {0} accessible for tenant {1}'.format(host_vars, tenant))
|
||||
|
||||
def image_name_to_id(host_vars, user, password, tenant, auth_url):
|
||||
auth = identity.Password(auth_url=auth_url, username=user,
|
||||
password=password, tenant_name=tenant)
|
||||
sess = session.Session(auth=auth)
|
||||
token = auth.get_token(sess)
|
||||
endpoint = auth.get_endpoint(sess, service_name='glance', service_type='image')
|
||||
glance = GlanceClient('2', endpoint=endpoint, token=token)
|
||||
for i in glance.images.list():
|
||||
if i.name == host_vars:
|
||||
return i.id
|
||||
raise errors.AnsibleFilterError('There is no image of name {0} accessible for tenant {1}'.format(host_vars, tenant))
|
||||
|
||||
def network_name_to_id(host_vars, user, password, tenant, auth_url):
|
||||
""" Accept one name of network or list of names of networks and return the same
|
||||
structure, but names replaced by ids of the network(s). """
|
||||
auth = identity.Password(auth_url=auth_url, username=user,
|
||||
password=password, tenant_name=tenant)
|
||||
sess = session.Session(auth=auth)
|
||||
token = auth.get_token(sess)
|
||||
endpoint = auth.get_endpoint(sess, service_name='neutron', service_type='network')
|
||||
neutron = NeutronClient('2.0', endpoint_url=endpoint, token=token)
|
||||
result_as_list = isinstance(host_vars, list)
|
||||
if not result_as_list:
|
||||
host_vars = [host_vars]
|
||||
result = []
|
||||
for net in host_vars:
|
||||
networks = neutron.list_networks(name=net, fields='name')["networks"]
|
||||
if networks:
|
||||
result += [networks[0]['id']]
|
||||
else:
|
||||
raise errors.AnsibleFilterError('There is no network of name {0} accessible for tenant {1}'.format(net, tenant))
|
||||
if result_as_list:
|
||||
return result
|
||||
else:
|
||||
return result[0]
|
||||
|
||||
def network_id_to_name(host_vars, user, password, tenant, auth_url):
|
||||
""" Accept one id of network or list of ids of networks and return the same
|
||||
structure, but ids replaced by name of the network(s). """
|
||||
auth = identity.Password(auth_url=auth_url, username=user,
|
||||
password=password, tenant_name=tenant)
|
||||
sess = session.Session(auth=auth)
|
||||
token = auth.get_token(sess)
|
||||
endpoint = auth.get_endpoint(sess, service_name='neutron', service_type='network')
|
||||
neutron = NeutronClient('2.0', endpoint_url=endpoint, token=token)
|
||||
result_as_list = isinstance(host_vars, list)
|
||||
if not result_as_list:
|
||||
host_vars = [host_vars]
|
||||
result = []
|
||||
for net in host_vars:
|
||||
networks = neutron.list_networks(id=net, fields='name')["networks"]
|
||||
if networks:
|
||||
result += [networks[0]['name']]
|
||||
else:
|
||||
raise errors.AnsibleFilterError('There is no network of id {0} accessible for tenant {1}'.format(net, tenant))
|
||||
if result_as_list:
|
||||
return result
|
||||
else:
|
||||
return result[0]
|
||||
|
||||
class FilterModule (object):
|
||||
def filters(self):
|
||||
return {"flavor_id_to_name": flavor_id_to_name,
|
||||
"flavor_name_to_id": flavor_name_to_id,
|
||||
"image_id_to_name": image_id_to_name,
|
||||
"image_name_to_id": image_name_to_id,
|
||||
"network_name_to_id": network_name_to_id,
|
||||
"network_id_to_name": network_id_to_name,
|
||||
}
|
|
@ -86,9 +86,6 @@
|
|||
- name: fix openvpn routing
|
||||
action: shell /etc/openvpn/fix-routes.sh
|
||||
|
||||
- name: restart xinetd
|
||||
action: service name=xinetd state=restarted
|
||||
|
||||
- name: restart netapproute
|
||||
action: command /etc/sysconfig/network-scripts/ifup-routes eth1
|
||||
|
||||
|
@ -110,9 +107,6 @@
|
|||
- name: restart glusterd
|
||||
service: name=glusterd state=restarted
|
||||
|
||||
- name: restart supervisord
|
||||
service: name=supervisord state=restarted
|
||||
|
||||
- name: run rkhunter
|
||||
command: rkhunter --propupd
|
||||
|
||||
|
@ -145,15 +139,6 @@
|
|||
- name: restart stunnel
|
||||
service: name=stunnel state=restarted
|
||||
|
||||
- name: restart cinder api
|
||||
service: name=openstack-cinder-api state=restarted
|
||||
|
||||
- name: restart cinder scheduler
|
||||
service: name=openstack-cinder-scheduler state=restarted
|
||||
|
||||
- name: restart cinder volume
|
||||
service: name=openstack-cinder-volume state=restarted
|
||||
|
||||
- name: restart mirrorlist-server
|
||||
service: name=mirrorlist-server state=restarted
|
||||
|
||||
|
@ -187,6 +172,3 @@
|
|||
name: rabbitmq-server
|
||||
state: restarted
|
||||
daemon_reload: yes
|
||||
|
||||
- name: restart repoSpanner
|
||||
action: service name=repoSpanner state=restarted
|
||||
|
|
|
@ -1,16 +1,3 @@
|
|||
#[cloud_phx2]
|
||||
##
|
||||
## Hardware
|
||||
##
|
||||
#virthost-aarch64-os01.fedorainfracloud.org
|
||||
#virthost-aarch64-os02.fedorainfracloud.org
|
||||
#virthost-cloud01.fedorainfracloud.org
|
||||
#virthost-os01.fedorainfracloud.org
|
||||
#virthost-os02.fedorainfracloud.org
|
||||
#virthost-os03.fedorainfracloud.org
|
||||
#storinator01.fedorainfracloud.org
|
||||
#cloudvmhost-aarch64-01.fedorainfracloud.org
|
||||
|
||||
##
|
||||
## New Community Hardware
|
||||
##
|
||||
|
@ -55,11 +42,6 @@ el7-test.fedorainfracloud.org
|
|||
#aarch64-test02.fedorainfracloud.org
|
||||
# iddev
|
||||
iddev.fedorainfracloud.org
|
||||
# respins
|
||||
# exists in aws, we don't manage it.
|
||||
#respins01.fedorainfracloud.org
|
||||
# koji simple ci development - ticket 6419
|
||||
simple-koji-ci-prod.fedorainfracloud.org
|
||||
retrace-stg.aws.fedoraproject.org
|
||||
# This is not in aws, but here is good enough for now
|
||||
ppc64le-test.fedorainfracloud.org
|
||||
|
|
|
@ -1,3 +0,0 @@
|
|||
---
|
||||
ansible_ssh_user: root
|
||||
deployment_type: origin
|
|
@ -27,11 +27,8 @@ csi_security_category: High
|
|||
csi_primary_contact: Release Engineering - rel-eng@lists.fedoraproject.org
|
||||
csi_purpose: Automatically sign Rawhide and Branched packages
|
||||
csi_relationship: |
|
||||
This host will run the autosigner.py script which should automatically sign
|
||||
new rawhide and branched builds. It listens to koji over fedmsg for
|
||||
notifications of new builds, and then asks sigul, the signing server, to
|
||||
sign the rpms and store the new rpm header back in Koji.
|
||||
This host will run the robosignatory application which should automatically sign
|
||||
builds. It listens to koji over fedora-messaging for notifications of new builds,
|
||||
and then asks sigul, the signing server, to sign the rpms and store the new rpm
|
||||
header back in Koji.
|
||||
|
||||
The script[1] currently runs in the foreground from a git checkout.
|
||||
|
||||
[1] https://pagure.io/releng/blob/master/f/scripts/autosigner.py
|
||||
|
|
|
@ -1,51 +0,0 @@
|
|||
---
|
||||
lvm_size: 50000
|
||||
mem_size: 4096
|
||||
num_cpus: 2
|
||||
|
||||
tcp_ports: [ 80, 443, 8000 ]
|
||||
udp_ports: [ 69 ]
|
||||
fas_client_groups: sysadmin-qa,sysadmin-main,fi-apprentice,sysadmin-noc,sysadmin-veteran
|
||||
nrpe_procs_warn: 250
|
||||
nrpe_procs_crit: 300
|
||||
|
||||
freezes: false
|
||||
|
||||
virt_install_command: "{{ virt_install_command_one_nic }}"
|
||||
|
||||
# settings for the beaker db, server and lab controller
|
||||
beaker_db_host: localhost
|
||||
beaker_db_name: beaker
|
||||
beaker_db_user: "{{ prod_beaker_db_user }}"
|
||||
beaker_db_password: "{{ prod_beaker_db_password }}"
|
||||
mariadb_root_password: "{{ prod_beaker_mariadb_root_password }}"
|
||||
|
||||
beaker_server_url: "https://beaker.qa.fedoraproject.org"
|
||||
beaker_server_cname: "beaker.qa.fedoraproject.org"
|
||||
beaker_server_hostname: "beaker01.qa.fedoraproject.org"
|
||||
beaker_server_admin_user: "{{ prod_beaker_server_admin_user }}"
|
||||
beaker_server_admin_pass: "{{ prod_beaker_server_admin_pass }}"
|
||||
beaker_server_email: "sysadmin-qa-members@fedoraproject.org"
|
||||
|
||||
beaker_oidc_token_info_url: "https://id.fedoraproject.org/openidc/TokenInfo"
|
||||
beaker_oidc_client_id: "beaker-prod"
|
||||
beaker_oidc_client_secret: "{{ prod_beaker_oidc_client_secret }}"
|
||||
|
||||
beaker_lab_controller_username: "host/beaker01.qa.fedoraproject.org"
|
||||
beaker_lab_controller_password: "{{ prod_beaker_lab_controller_password }}"
|
||||
|
||||
extra_enablerepos: ''
|
||||
|
||||
# These variables are pushed into /etc/system_identification by the base role.
|
||||
# Groups and individual hosts should ovveride them with specific info.
|
||||
# See http://infrastructure.fedoraproject.org/csi/security-policy/
|
||||
|
||||
csi_security_category: Low
|
||||
csi_primary_contact: Fedora Admins - admin@fedoraproject.org
|
||||
csi_purpose: Manage and automate labs of test computers
|
||||
csi_relationship: |
|
||||
There are a couple of things running here.
|
||||
- beaker lab controller which serves files for network booting, monitors
|
||||
console logs, and executes fence commands to reboot systems.
|
||||
- tftp server run by the lab controller for pxe booting provisioned systems
|
||||
. libvirt for virtualization capabilities
|
|
@ -1,37 +0,0 @@
|
|||
---
|
||||
lvm_size: 50000
|
||||
mem_size: 4096
|
||||
num_cpus: 2
|
||||
|
||||
tcp_ports: [ 80, 443, 8000 ]
|
||||
udp_ports: [ 69 ]
|
||||
fas_client_groups: sysadmin-qa,sysadmin-main,fi-apprentice,sysadmin-noc,sysadmin-veteran
|
||||
nrpe_procs_warn: 250
|
||||
nrpe_procs_crit: 300
|
||||
|
||||
freezes: false
|
||||
|
||||
virt_install_command: "{{ virt_install_command_rhel6 }}"
|
||||
|
||||
# settings for the beaker db, server and lab controller
|
||||
beaker_db_host: localhost
|
||||
beaker_db_name: beaker
|
||||
beaker_db_user: "{{ stg_beaker_db_user }}"
|
||||
beaker_db_password: "{{ stg_beaker_db_password }}"
|
||||
mariadb_root_password: "{{ stg_beaker_mariadb_root_password }}"
|
||||
|
||||
beaker_server_url: "https://beaker.stg.qa.fedoraproject.org"
|
||||
beaker_server_cname: "beaker.stg.fedoraproject.org"
|
||||
beaker_server_hostname: "beaker-stg01.qa.fedoraproject.org"
|
||||
beaker_server_admin_user: "{{ stg_beaker_server_admin_user }}"
|
||||
beaker_server_admin_pass: "{{ stg_beaker_server_admin_pass }}"
|
||||
beaker_server_email: "sysadmin-qa-members@fedoraproject.org"
|
||||
|
||||
beaker_oidc_token_info_url: "https://id.stg.fedoraproject.org/openidc/TokenInfo"
|
||||
beaker_oidc_client_id: "beaker-stg"
|
||||
beaker_oidc_client_secret: "{{ stg_beaker_oidc_client_secret }}"
|
||||
|
||||
beaker_lab_controller_username: "host/beaker-stg01.qa.fedoraproject.org"
|
||||
beaker_lab_controller_password: "{{ stg_beaker_lab_controller_password }}"
|
||||
|
||||
extra_enablerepos: ''
|
|
@ -1,10 +0,0 @@
|
|||
---
|
||||
freezes: false
|
||||
lvm_size: 40000
|
||||
mem_size: 4096
|
||||
num_cpus: 4
|
||||
# for systems that do not match the above - specify the same parameter in
|
||||
# the host_vars/$hostname file
|
||||
|
||||
tcp_ports: [ 80, 443, 11370, 11371 ]
|
||||
fas_client_groups: sysadmin-noc,sysadmin-keys,sysadmin-veteran
|
|
@ -1,19 +0,0 @@
|
|||
# See the comment with the explanation of this group in ``inventory/inventory``
|
||||
fedmsg_certs:
|
||||
- service: shell
|
||||
owner: root
|
||||
group: sysadmin
|
||||
can_send:
|
||||
- logger.log
|
||||
- service: koji
|
||||
owner: root
|
||||
group: apache
|
||||
can_send:
|
||||
- buildsys.build.state.change
|
||||
- buildsys.package.list.change
|
||||
- buildsys.repo.done
|
||||
- buildsys.repo.init
|
||||
- buildsys.rpm.sign
|
||||
- buildsys.tag
|
||||
- buildsys.task.state.change
|
||||
- buildsys.untag
|
|
@ -1,9 +0,0 @@
|
|||
resolvconf: "resolv.conf/cloud"
|
||||
git_branch: master
|
||||
server_name: www.libravatar.org
|
||||
cdn_server_name: cdn.libravatar.org
|
||||
cdn_server_alias: seccdn.libravatar.org
|
||||
server_redirect_name: "libravatar.org libravatar.com www.libravatar.com"
|
||||
server_cert_name: libravatar.org
|
||||
cdn_server_cert_name: cdn.libravatar.org
|
||||
mail_to: clime@fedoraproject.org
|
|
@ -1,10 +0,0 @@
|
|||
resolvconf: "resolv.conf/cloud"
|
||||
git_branch: devel
|
||||
server_name: libravatar-stg.fedorainfracloud.org
|
||||
cdn_server_name: libravatar-stg.fedorainfracloud.org
|
||||
cdn_server_alias: libravatar-stg.fedorainfracloud.org
|
||||
server_redirect_name: libravatar-stg.fedorainfracloud.org
|
||||
server_cert_name: libravatar-stg.fedorainfracloud.org
|
||||
cdn_server_cert_name: libravatar-stg.fedorainfracloud.org
|
||||
prod_pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzOpYy2W3hqlvrdpbprv1BAvxh9IsjlVizzxKBo7FvKcj6Xwk1UZXqQqQTBSgEAsuYhTiTIcHK3V4y6xwrSvVQJy0ciqBtPdrAp8z8S+2xBx4uvdc8sb2n8XQGIEkJHel6wIHE+0mCv/PoHn9OPc+bjNFQkncmb7SKbiojll7kiWGdmVzgutrwUULqXcDbsZ1u+HL8Edh7v43IwmK9nVAeA8K8W9rab1EIlFL1oh5z1rrgxV7Gv9OVLbh4NI95DFrHHNEaeH2PpWrdVAYypMSGg2rTOH+mbgYsHhCbA9KRCKkJAqXlOBymGsQuO0yFv2gTzLx+8BkJ3IrXYdhFvoLt root@libravatar.fedorainfracloud.org"
|
||||
mail_to: clime@fedoraproject.org
|
|
@ -1 +0,0 @@
|
|||
---
|
|
@ -1,18 +0,0 @@
|
|||
---
|
||||
datacenter: cloud
|
||||
nm: 255.255.254.0
|
||||
gw: 209.132.184.254
|
||||
eth1_nm: 255.255.254.0
|
||||
eth1_gw: 172.23.1.254
|
||||
fas_client_groups: sysadmin-main
|
||||
dns: 8.8.8.8
|
||||
freezes: false
|
||||
ansible_ifcfg_whitelist: ['eth1']
|
||||
baseiptables: false
|
||||
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q cloud-noc01.fedorainfracloud.org"'
|
||||
nagios_Check_Services:
|
||||
mail: false
|
||||
nrpe: false
|
||||
sshd: false
|
||||
swap: false
|
||||
ping: false
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
lvm_size: 20000
|
||||
mem_size: 8192
|
||||
# probably 4 in prod:
|
||||
num_cpus: 2
|
||||
|
||||
tcp_ports: [ 80 ]
|
||||
fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-veteran
|
|
@ -1,25 +0,0 @@
|
|||
---
|
||||
# Define resources for this group of hosts here.
|
||||
lvm_size: 500000
|
||||
mem_size: 32768
|
||||
max_mem_size: 32768
|
||||
num_cpus: 8
|
||||
|
||||
# For the MOTD
|
||||
csi_security_category: High
|
||||
csi_primary_contact: admin@fedoraproject.org / sysadmin-main-members
|
||||
csi_purpose: repospanner git syncing host
|
||||
|
||||
custom_rules: [ '-A INPUT -p tcp -m tcp -s 8.43.84.211 --dport 8443:8445 -j ACCEPT',
|
||||
'-A INPUT -p tcp -m tcp -s 8.43.84.212 --dport 8443:8445 -j ACCEPT',
|
||||
'-A INPUT -p tcp -m tcp -s 8.43.85.76 --dport 8443:8445 -j ACCEPT',
|
||||
'-A INPUT -p tcp -m tcp -s 152.19.134.149 --dport 8443:8445 -j ACCEPT',
|
||||
'-A INPUT -p tcp -m tcp -s 209.132.181.20 --dport 8443:8445 -j ACCEPT',
|
||||
'-A INPUT -p tcp -m tcp -s 192.168.1.180 --dport 8443:8445 -j ACCEPT',
|
||||
'-A INPUT -p tcp -m tcp -s 192.168.1.184 --dport 8443:8445 -j ACCEPT',
|
||||
'-A INPUT -p tcp -m tcp -s 192.168.1.185 --dport 8443:8445 -j ACCEPT',
|
||||
'-A INPUT -p tcp -m tcp -s 10.5.126.23 --dport 8443:8445 -j ACCEPT',
|
||||
'-A INPUT -p tcp -m tcp -s 192.168.1.41 --dport 8442:8443 -j ACCEPT',
|
||||
'-A INPUT -p tcp -m tcp -s 192.168.100.8 --dport 8442:8443 -j ACCEPT']
|
||||
|
||||
## End of file
|
|
@ -1,3 +0,0 @@
|
|||
---
|
||||
freezes: false
|
||||
datacenter: cloud
|
|
@ -1,17 +0,0 @@
|
|||
---
|
||||
nm: 255.255.255.0
|
||||
gw: 10.5.126.254
|
||||
dns: 10.5.126.21
|
||||
|
||||
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
|
||||
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
|
||||
|
||||
volgroup: /dev/vg_guests
|
||||
eth0_ip: 10.5.126.6
|
||||
vmhost: virthost22.phx2.fedoraproject.org
|
||||
datacenter: phx2
|
||||
|
||||
lvm_size: 50g
|
||||
mem_size: 8192
|
||||
max_mem_size: 16384
|
||||
num_cpus: 4
|
|
@ -1,18 +0,0 @@
|
|||
---
|
||||
nm: 255.255.255.0
|
||||
gw: 10.5.124.254
|
||||
dns: 10.5.126.21
|
||||
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
|
||||
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
|
||||
volgroup: /dev/vg_guests
|
||||
eth0_ip: 10.5.124.141
|
||||
eth0_nm: 255.255.255.128
|
||||
vmhost: virthost-comm04.qa.fedoraproject.org
|
||||
datacenter: phx2
|
||||
fas_client_groups: sysadmin-qa,sysadmin-main
|
||||
collectd_apache: ""
|
||||
|
||||
# it'd be nice to have this done automagically but I don't know of a reasonable easy way to do that
|
||||
beaker_virthost_signatures:
|
||||
- hostname: 'qa04.qa.fedoraproject.org,10.5.124.154'
|
||||
signature: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcv0X3KnCYYn5xowtKEYcnroNkihoyyfyVhRU8xt3nLmxSbmUHdjd1FWlhUuaOziKxLKe2NPQOS6ExDhgZKkqOTl73KJWIYPx8Uz3MITvGoYLIJ1EhFwEkVb2dlLsbsgKTVMnIht4Ri8HUZf4pHMmTUgWfS6Te32DJwF8dbpe7Xc45fjzWOYH3PcLxrKWR94Qaz228H+pWQuVBYwsk7evZA9NMmChiJG9rCXAynCbGCpEMyW46uDGAPSBDGdAGvSq9+9MrXmQQzWsLcGpWh9zomzkwhO4aOvN7lWI442JO594MCpp9OZfxT9D0JsTcCq6nGaQV/Sqj3hZwh0APb//x'
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
gw: 10.5.125.254
|
||||
eth0_ip: 10.5.125.51
|
||||
eth1_ip: 10.5.127.30
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
gw: 10.5.125.254
|
||||
eth0_ip: 10.5.125.52
|
||||
eth1_ip: 10.5.127.31
|
|
@ -1,3 +0,0 @@
|
|||
---
|
||||
vmhost: ppc8-02.ppc.fedoraproject.org
|
||||
eth0_ip: 10.5.129.64
|
|
@ -1,3 +0,0 @@
|
|||
---
|
||||
vmhost: ppc8-03.ppc.fedoraproject.org
|
||||
eth0_ip: 10.5.129.66
|
|
@ -1,3 +0,0 @@
|
|||
---
|
||||
vmhost: ppc8-01.ppc.fedoraproject.org
|
||||
eth0_ip: 10.5.129.67
|
|
@ -1,3 +0,0 @@
|
|||
---
|
||||
vmhost: ppc8-03.ppc.fedoraproject.org
|
||||
eth0_ip: 10.5.129.68
|
|
@ -1,3 +0,0 @@
|
|||
---
|
||||
vmhost: ppc8-02.ppc.fedoraproject.org
|
||||
eth0_ip: 10.5.129.65
|
|
@ -1,3 +0,0 @@
|
|||
---
|
||||
vmhost: ppc8-03.ppc.fedoraproject.org
|
||||
eth0_ip: 10.5.129.69
|
|
@ -1,3 +0,0 @@
|
|||
---
|
||||
vmhost: ppc8-01.ppc.fedoraproject.org
|
||||
eth0_ip: 10.5.129.70
|
|
@ -1,3 +0,0 @@
|
|||
---
|
||||
vmhost: ppc8-03.ppc.fedoraproject.org
|
||||
eth0_ip: 10.5.129.71
|
|
@ -1,20 +0,0 @@
|
|||
---
|
||||
nrpe_procs_warn: 900
|
||||
nrpe_procs_crit: 1000
|
||||
datacenter: rdu-cc
|
||||
eth0_ip: 8.43.85.69
|
||||
eth0_nm: 255.255.255.0
|
||||
gw: 8.43.85.254
|
||||
nm: 255.255.255.0
|
||||
dns: 8.8.8.8
|
||||
postfix_group: vpn
|
||||
vpn: true
|
||||
volgroup: /dev/vg_guests
|
||||
vmhost: virthost-cc-rdu01.fedoraproject.org
|
||||
deployment_type: prod
|
||||
db_backup_dir: ['/backups']
|
||||
dbs_to_backup: ['resultsdb']
|
||||
|
||||
ks_url: http://209.132.181.6/repo/rhel/ks/kvm-fedora-28-ext
|
||||
#ks_repo: http://209.132.181.6/pub/fedora/linux/releases/28/Server/x86_64/os/
|
||||
ks_repo: http://download-cc-rdu01.fedoraproject.org/pub/fedora/linux/releases/28/Server/x86_64/os/
|
|
@ -1,14 +0,0 @@
|
|||
---
|
||||
nm: 255.255.255.0
|
||||
gw: 10.5.128.254
|
||||
dns: 10.5.126.21
|
||||
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6
|
||||
ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/
|
||||
volgroup: /dev/vg_guests
|
||||
eth0_ip: 10.5.128.129
|
||||
vmhost: virthost04.stg.phx2.fedoraproject.org
|
||||
datacenter: phx2
|
||||
|
||||
# There's only this server in stg, so it does certs.
|
||||
master_fas_node: True
|
||||
gen_cert: True
|
|
@ -1,19 +0,0 @@
|
|||
---
|
||||
nm: 255.255.255.0
|
||||
gw: 10.5.126.254
|
||||
dns: 10.5.126.21
|
||||
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6
|
||||
ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/
|
||||
volgroup: /dev/vg_guests
|
||||
eth0_ip: 10.5.126.30
|
||||
vmhost: virthost06.phx2.fedoraproject.org
|
||||
datacenter: phx2
|
||||
|
||||
# This is not the master production fas node, it doesn't do certs
|
||||
master_fas_node: False
|
||||
gen_cert: False
|
||||
|
||||
# GDPR SAR variables
|
||||
sar_script: "echo \"https://admin.fedoraproject.org/accounts/user/view/${SAR_USERNAME}\""
|
||||
sar_script_user: nobody
|
||||
sar_output_file: fas.link
|
|
@ -1,21 +0,0 @@
|
|||
---
|
||||
nm: 255.255.255.0
|
||||
gw: 10.5.128.254
|
||||
dns: 10.5.126.21
|
||||
|
||||
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
|
||||
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
|
||||
|
||||
volgroup: /dev/vg_guests
|
||||
eth0_ip: 10.5.128.130
|
||||
vmhost: virthost04.stg.phx2.fedoraproject.org
|
||||
datacenter: phx2
|
||||
|
||||
nagios_Check_Services:
|
||||
mail: false
|
||||
nrpe: false
|
||||
swap: false
|
||||
|
||||
tcp_ports:
|
||||
- 22
|
||||
- 80
|
|
@ -1,18 +0,0 @@
|
|||
---
|
||||
nrpe_procs_warn: 900
|
||||
nrpe_procs_crit: 1000
|
||||
datacenter: ibiblio
|
||||
nm: 255.255.255.0
|
||||
gw: 152.19.134.129
|
||||
fas_client_groups: sysadmin-main
|
||||
dns: 8.8.8.8
|
||||
br0_ip: 152.19.134.138
|
||||
br0_nm: 255.255.255.128
|
||||
has_ipv6: yes
|
||||
br0_ipv6: "2610:28:3090:3001:dead:beef:cafe:fe02"
|
||||
br0_ipv6_gw: "2610:28:3090:3001::1"
|
||||
|
||||
postfix_group: vpn
|
||||
vpn: true
|
||||
|
||||
freezes: true
|
|
@ -1,15 +0,0 @@
|
|||
---
|
||||
nrpe_procs_warn: 900
|
||||
nrpe_procs_crit: 1000
|
||||
datacenter: ibiblio
|
||||
nm: 255.255.255.128
|
||||
gw: 152.19.134.129
|
||||
dns: 152.2.21.1
|
||||
br0_ip: 152.19.134.136
|
||||
br0_nm: 255.255.255.128
|
||||
has_ipv6: yes
|
||||
br0_ipv6: "2610:28:3090:3001:dead:beef:cafe:fe04"
|
||||
br0_ipv6_gw: "2610:28:3090:3001::1"
|
||||
|
||||
postfix_group: vpn
|
||||
vpn: true
|
|
@ -1,26 +0,0 @@
|
|||
---
|
||||
nrpe_procs_warn: 900
|
||||
nrpe_procs_crit: 1000
|
||||
eth0_ip: 8.43.85.68
|
||||
eth0_nm: 255.255.255.0
|
||||
gw: 8.43.85.254
|
||||
nm: 255.255.255.0
|
||||
dns: 8.8.8.8
|
||||
deployment_type: prod
|
||||
|
||||
volgroup: /dev/vg_guests
|
||||
vmhost: virthost-cc-rdu02.fedoraproject.org
|
||||
datacenter: rdu-cc
|
||||
|
||||
has_ipv6: yes
|
||||
eth0_ipv6: "2620:52:3:1:dead:beef:cafe:fed4"
|
||||
eth0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe"
|
||||
|
||||
postfix_group: vpn
|
||||
vpn: true
|
||||
|
||||
|
||||
ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext
|
||||
ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/
|
||||
|
||||
host_backup_targets: ['/srv']
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
nm: 255.255.255.0
|
||||
gw: 10.5.124.254
|
||||
dns: 10.5.126.21
|
||||
eth0_ip: 10.5.124.173
|
|
@ -1,16 +0,0 @@
|
|||
---
|
||||
nm: 255.255.255.128
|
||||
gw: 140.211.169.193
|
||||
dns: 8.8.8.8
|
||||
ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext
|
||||
ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/
|
||||
volgroup: /dev/vg_guests
|
||||
eth0_ip: 140.211.169.207
|
||||
eth0_nm: 255.255.255.128
|
||||
has_ipv6: yes
|
||||
eth0_ipv6: "2605:bc80:3010:600:dead:beef:cafe:fedc"
|
||||
eth0_ipv6_gw: "2605:bc80:3010:600::1"
|
||||
lvm_size: 80000
|
||||
|
||||
vmhost: osuosl02.fedoraproject.org
|
||||
datacenter: osuosl
|
|
@ -1,14 +0,0 @@
|
|||
---
|
||||
# This is now a cloud instance provided by host1plus
|
||||
# vmhost: none
|
||||
datacenter: host1plus
|
||||
|
||||
ansible_ifcfg_blacklist: true
|
||||
|
||||
nagios_Check_Services:
|
||||
nrpe: true
|
||||
sshd: true
|
||||
named: false
|
||||
dhcpd: false
|
||||
httpd: true
|
||||
swap: false
|
|
@ -1,15 +0,0 @@
|
|||
---
|
||||
nm: 255.255.255.128
|
||||
gw: 152.19.134.129
|
||||
dns: 152.2.21.1
|
||||
ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext
|
||||
ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/
|
||||
volgroup: /dev/vg_guests
|
||||
eth0_ip: 152.19.134.197
|
||||
eth0_nm: 255.255.255.128
|
||||
has_ipv6: yes
|
||||
eth0_ipv6: "2610:28:3090:3001:5054:ff:feb5:5472"
|
||||
eth0_ipv6_gw: "2610:28:3090:3001::1"
|
||||
|
||||
vmhost: ibiblio05.fedoraproject.org
|
||||
datacenter: ibiblio
|
|
@ -1,10 +0,0 @@
|
|||
---
|
||||
nm: 255.255.255.0
|
||||
gw: 10.5.126.254
|
||||
dns: 10.5.126.21
|
||||
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
|
||||
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
|
||||
volgroup: /dev/vg_guests00
|
||||
eth0_ip: 10.5.126.50
|
||||
vmhost: virthost14.phx2.fedoraproject.org
|
||||
datacenter: phx2
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
lvm_size: 20000
|
||||
mem_size: 2048
|
||||
num_cpus: 2
|
||||
nm: 255.255.255.0
|
||||
gw: 10.5.128.254
|
||||
dns: 10.5.126.21
|
||||
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
|
||||
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
|
||||
volgroup: /dev/vg_virthost16
|
||||
eth0_ip: 10.5.128.149
|
||||
vmhost: virthost05.stg.phx2.fedoraproject.org
|
||||
datacenter: phx2
|
|
@ -1,32 +0,0 @@
|
|||
---
|
||||
nm: 255.255.255.0
|
||||
gw: 10.5.126.254
|
||||
dns: 10.5.126.21
|
||||
eth0_ip: 10.5.126.241
|
||||
|
||||
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
|
||||
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
|
||||
volgroup: /dev/vg_virthost
|
||||
vmhost: virthost18.phx2.fedoraproject.org
|
||||
datacenter: phx2
|
||||
|
||||
tcp_ports: ['22', '80', '443', '67', '68']
|
||||
udp_ports: ['67','68','69']
|
||||
custom_rules: [
|
||||
'-A INPUT -p tcp -m tcp -s 192.168.1.20 --dport 5666 -j ACCEPT',
|
||||
'-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT',
|
||||
'-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
|
||||
]
|
||||
|
||||
csi_relationship: |
|
||||
nagios01 is a test mode for monitoring nagios instance to the phx datacenter.
|
||||
|
||||
* This host relies on:
|
||||
- the virthost it's hosted on (virthost17.phx2.fedoraproject.org)
|
||||
- FAS to authenticate users
|
||||
- VPN connectivity
|
||||
|
||||
* Things that rely on this host:
|
||||
- Infrastructure team to be awair of the infra status. operations control process will fail
|
||||
- if this host is down, it will be difficult to know the status of infra and provide reactive/proactive support
|
||||
- if this host is down, dhcp/bootp leases/renew will fail. pxe booting will fail as well
|
|
@ -1,33 +0,0 @@
|
|||
---
|
||||
nm: 255.255.255.0
|
||||
gw: 10.5.128.254
|
||||
dns: 10.5.126.21
|
||||
|
||||
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
|
||||
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
|
||||
volgroup: /dev/vg_virthost16
|
||||
vmhost: virthost05.stg.phx2.fedoraproject.org
|
||||
datacenter: phx2
|
||||
|
||||
tcp_ports: ['22', '80', '443', '67', '68']
|
||||
udp_ports: ['67','68','69']
|
||||
custom_rules: [
|
||||
'-A INPUT -p tcp -m tcp -s 192.168.1.20 --dport 5666 -j ACCEPT',
|
||||
'-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT',
|
||||
'-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
|
||||
]
|
||||
|
||||
eth0_ip: 10.5.128.38
|
||||
csi_relationship: |
|
||||
noc01.stg is the internal monitoring nagios instance to the phx datacenter.
|
||||
|
||||
* This host relies on:
|
||||
- the virthost it's hosted on (virthost17.phx2.fedoraproject.org)
|
||||
- FAS to authenticate users
|
||||
- VPN connectivity
|
||||
|
||||
* Things that rely on this host:
|
||||
- Infrastructure team to be awair of the infra status. operations control process will fail
|
||||
- if this host is down, it will be difficult to know the status of infra and provide reactive/proactive support
|
||||
- if this host is down, dhcp/bootp leases/renew will fail. pxe booting will fail as well
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
---
|
||||
nm: 255.255.255.0
|
||||
gw: 10.5.126.254
|
||||
dns: 10.5.126.21
|
||||
|
||||
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
|
||||
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
|
||||
|
||||
volgroup: /dev/vg_guests
|
||||
eth0_ip: 10.5.126.15
|
||||
vmhost: virthost14.phx2.fedoraproject.org
|
||||
datacenter: phx2
|
|
@ -1,12 +0,0 @@
|
|||
---
|
||||
nm: 255.255.255.0
|
||||
gw: 10.5.128.254
|
||||
dns: 10.5.126.21
|
||||
|
||||
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
|
||||
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
|
||||
|
||||
volgroup: /dev/vg_guests
|
||||
eth0_ip: 10.5.128.174
|
||||
vmhost: virthost01.stg.phx2.fedoraproject.org
|
||||
datacenter: phx2
|
|
@ -1,12 +0,0 @@
|
|||
---
|
||||
nm: 255.255.255.0
|
||||
gw: 10.5.126.254
|
||||
dns: 10.5.126.21
|
||||
|
||||
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
|
||||
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
|
||||
|
||||
volgroup: /dev/vg_guests
|
||||
eth0_ip: 10.5.126.16
|
||||
vmhost: virthost12.phx2.fedoraproject.org
|
||||
datacenter: phx2
|
|
@ -1,71 +0,0 @@
|
|||
---
|
||||
# These are consumed by a task in roles/fedmsg/base/main.yml
|
||||
fedmsg_certs:
|
||||
- service: shell
|
||||
owner: root
|
||||
group: sysadmin
|
||||
can_send:
|
||||
- logger.log
|
||||
- service: fedmsg
|
||||
owner: root
|
||||
group: root
|
||||
can_send:
|
||||
- ci.pipeline.allpackages-build.complete
|
||||
- ci.pipeline.allpackages-build.image.complete
|
||||
- ci.pipeline.allpackages-build.image.queued
|
||||
- ci.pipeline.allpackages-build.image.running
|
||||
- ci.pipeline.allpackages-build.package.complete
|
||||
- ci.pipeline.allpackages-build.package.ignore
|
||||
- ci.pipeline.allpackages-build.package.ignored
|
||||
- ci.pipeline.allpackages-build.package.queued
|
||||
- ci.pipeline.allpackages-build.package.running
|
||||
- ci.pipeline.allpackages-build.package.test.functional.complete
|
||||
- ci.pipeline.allpackages-build.package.test.functional.queued
|
||||
- ci.pipeline.allpackages-build.package.test.functional.running
|
||||
- ci.pipeline.allpackages-pr.complete
|
||||
- ci.pipeline.allpackages-pr.ignore
|
||||
- ci.pipeline.allpackages-pr.ignored
|
||||
- ci.pipeline.allpackages-pr.image.complete
|
||||
- ci.pipeline.allpackages-pr.image.ignore
|
||||
- ci.pipeline.allpackages-pr.image.ignored
|
||||
- ci.pipeline.allpackages-pr.image.queued
|
||||
- ci.pipeline.allpackages-pr.image.running
|
||||
- ci.pipeline.allpackages-pr.package.complete
|
||||
- ci.pipeline.allpackages-pr.package.ignore
|
||||
- ci.pipeline.allpackages-pr.package.ignored
|
||||
- ci.pipeline.allpackages-pr.package.queued
|
||||
- ci.pipeline.allpackages-pr.package.running
|
||||
- ci.pipeline.allpackages-pr.package.test.functional.complete
|
||||
- ci.pipeline.allpackages-pr.package.test.functional.ignore
|
||||
- ci.pipeline.allpackages-pr.package.test.functional.ignored
|
||||
- ci.pipeline.allpackages-pr.package.test.functional.queued
|
||||
- ci.pipeline.allpackages-pr.package.test.functional.running
|
||||
- ci.pipeline.allpackages-pr.queued
|
||||
- ci.pipeline.allpackages-pr.running
|
||||
- ci.pipeline.complete
|
||||
- ci.pipeline.compose.complete
|
||||
- ci.pipeline.compose.running
|
||||
- ci.pipeline.compose.test.integration.complete
|
||||
- ci.pipeline.compose.test.integration.queued
|
||||
- ci.pipeline.compose.test.integration.running
|
||||
- ci.pipeline.image.complete
|
||||
- ci.pipeline.image.running
|
||||
- ci.pipeline.image.test.smoke.complete
|
||||
- ci.pipeline.image.test.smoke.running
|
||||
- ci.pipeline.package.complete
|
||||
- ci.pipeline.package.ignore
|
||||
- ci.pipeline.package.ignored
|
||||
- ci.pipeline.package.queued
|
||||
- ci.pipeline.package.running
|
||||
|
||||
fedmsg_prefix: org.centos
|
||||
fedmsg_env: stg
|
||||
|
||||
nagios_Can_Connect: false
|
||||
|
||||
nagios_Check_Services:
|
||||
mail: false
|
||||
nrpe: false
|
||||
sshd: false
|
||||
swap: false
|
||||
ping: false
|
|
@ -1,71 +0,0 @@
|
|||
---
|
||||
# These are consumed by a task in roles/fedmsg/base/main.yml
|
||||
fedmsg_certs:
|
||||
- service: shell
|
||||
owner: root
|
||||
group: sysadmin
|
||||
can_send:
|
||||
- logger.log
|
||||
- service: fedmsg
|
||||
owner: root
|
||||
group: root
|
||||
can_send:
|
||||
- ci.pipeline.allpackages-build.complete
|
||||
- ci.pipeline.allpackages-build.image.complete
|
||||
- ci.pipeline.allpackages-build.image.queued
|
||||
- ci.pipeline.allpackages-build.image.running
|
||||
- ci.pipeline.allpackages-build.package.complete
|
||||
- ci.pipeline.allpackages-build.package.ignore
|
||||
- ci.pipeline.allpackages-build.package.ignored
|
||||
- ci.pipeline.allpackages-build.package.queued
|
||||
- ci.pipeline.allpackages-build.package.running
|
||||
- ci.pipeline.allpackages-build.package.test.functional.complete
|
||||
- ci.pipeline.allpackages-build.package.test.functional.queued
|
||||
- ci.pipeline.allpackages-build.package.test.functional.running
|
||||
- ci.pipeline.allpackages-pr.complete
|
||||
- ci.pipeline.allpackages-pr.ignore
|
||||
- ci.pipeline.allpackages-pr.ignored
|
||||
- ci.pipeline.allpackages-pr.image.complete
|
||||
- ci.pipeline.allpackages-pr.image.ignore
|
||||
- ci.pipeline.allpackages-pr.image.ignored
|
||||
- ci.pipeline.allpackages-pr.image.queued
|
||||
- ci.pipeline.allpackages-pr.image.running
|
||||
- ci.pipeline.allpackages-pr.package.complete
|
||||
- ci.pipeline.allpackages-pr.package.ignore
|
||||
- ci.pipeline.allpackages-pr.package.ignored
|
||||
- ci.pipeline.allpackages-pr.package.queued
|
||||
- ci.pipeline.allpackages-pr.package.running
|
||||
- ci.pipeline.allpackages-pr.package.test.functional.complete
|
||||
- ci.pipeline.allpackages-pr.package.test.functional.ignore
|
||||
- ci.pipeline.allpackages-pr.package.test.functional.ignored
|
||||
- ci.pipeline.allpackages-pr.package.test.functional.queued
|
||||
- ci.pipeline.allpackages-pr.package.test.functional.running
|
||||
- ci.pipeline.allpackages-pr.queued
|
||||
- ci.pipeline.allpackages-pr.running
|
||||
- ci.pipeline.complete
|
||||
- ci.pipeline.compose.complete
|
||||
- ci.pipeline.compose.running
|
||||
- ci.pipeline.compose.test.integration.complete
|
||||
- ci.pipeline.compose.test.integration.queued
|
||||
- ci.pipeline.compose.test.integration.running
|
||||
- ci.pipeline.image.complete
|
||||
- ci.pipeline.image.running
|
||||
- ci.pipeline.image.test.smoke.complete
|
||||
- ci.pipeline.image.test.smoke.running
|
||||
- ci.pipeline.package.complete
|
||||
- ci.pipeline.package.ignore
|
||||
- ci.pipeline.package.ignored
|
||||
- ci.pipeline.package.queued
|
||||
- ci.pipeline.package.running
|
||||
|
||||
fedmsg_prefix: org.centos
|
||||
fedmsg_env: prod
|
||||
|
||||
nagios_Can_Connect: false
|
||||
|
||||
nagios_Check_Services:
|
||||
mail: false
|
||||
nrpe: false
|
||||
sshd: false
|
||||
swap: false
|
||||
ping: false
|
|
@ -1,26 +0,0 @@
|
|||
---
|
||||
nrpe_procs_warn: 900
|
||||
nrpe_procs_crit: 1000
|
||||
eth0_ip: 8.43.85.76
|
||||
eth0_nm: 255.255.255.0
|
||||
gw: 8.43.85.254
|
||||
nm: 255.255.255.0
|
||||
dns: 8.8.8.8
|
||||
deployment_type: prod
|
||||
|
||||
volgroup: /dev/vg_guests
|
||||
vmhost: virthost-cc-rdu02.fedoraproject.org
|
||||
datacenter: rdu-cc
|
||||
|
||||
has_ipv6: yes
|
||||
eth0_ipv6: "2620:52:3:1:dead:beef:cafe:fed2"
|
||||
eth0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe"
|
||||
|
||||
postfix_group: vpn
|
||||
vpn: true
|
||||
|
||||
ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext
|
||||
ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/
|
||||
|
||||
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
---
|
||||
nm: 255.255.255.128
|
||||
gw: 152.19.134.129
|
||||
dns: 8.8.8.8
|
||||
|
||||
ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext
|
||||
ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/
|
||||
|
||||
volgroup: /dev/vg_guests
|
||||
|
||||
eth0_ip: 152.19.134.149
|
||||
eth0_nm: 255.255.255.128
|
||||
|
||||
has_ipv6: yes
|
||||
eth0_ipv6: "2610:28:3090:3001:dead:beef:cafe:fedf"
|
||||
eth0_ipv6_gw: "2610:28:3090:3001::1"
|
||||
|
||||
vmhost: ibiblio01.fedoraproject.org
|
||||
datacenter: ibiblio
|
|
@ -1,24 +0,0 @@
|
|||
---
|
||||
nrpe_procs_warn: 900
|
||||
nrpe_procs_crit: 1000
|
||||
eth0_ip: 8.43.85.78
|
||||
eth0_nm: 255.255.255.0
|
||||
gw: 8.43.85.254
|
||||
nm: 255.255.255.0
|
||||
dns: 8.8.8.8
|
||||
max_mem_size: 8192
|
||||
deployment_type: dev
|
||||
|
||||
volgroup: /dev/vg_guests
|
||||
vmhost: virthost-cc-rdu02.fedoraproject.org
|
||||
datacenter: rdu-cc
|
||||
|
||||
has_ipv6: yes
|
||||
eth0_ipv6: "2620:52:3:1:dead:beef:cafe:fee0"
|
||||
eth0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe"
|
||||
|
||||
vpn: false
|
||||
|
||||
ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext
|
||||
ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
---
|
||||
nrpe_procs_warn: 900
|
||||
nrpe_procs_crit: 1000
|
||||
eth0_ip: 152.19.134.191
|
||||
eth0_nm: 255.255.255.128
|
||||
nm: 255.255.255.128
|
||||
gw: 152.19.134.129
|
||||
dns: 8.8.8.8
|
||||
max_mem_size: 8192
|
||||
deployment_type: dev
|
||||
|
||||
volgroup: /dev/vg_guests
|
||||
vmhost: ibiblio01.fedoraproject.org
|
||||
datacenter: ibiblio
|
||||
|
||||
has_ipv6: yes
|
||||
eth0_ipv6: "2610:28:3090:3001:dead:beef:cafe:fee0"
|
||||
eth0_ipv6_gw: "2610:28:3090:3001::1"
|
||||
|
||||
vpn: false
|
||||
|
||||
ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext
|
||||
ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/
|
||||
|
||||
|
||||
|
||||
|
|
@ -1,24 +0,0 @@
|
|||
---
|
||||
nrpe_procs_warn: 900
|
||||
nrpe_procs_crit: 1000
|
||||
eth0_ip: 140.211.169.199
|
||||
eth0_nm: 255.255.255.128
|
||||
nm: 255.255.255.192
|
||||
gw: 140.211.169.193
|
||||
dns: 8.8.8.8
|
||||
max_mem_size: 8192
|
||||
deployment_type: dev
|
||||
|
||||
volgroup: /dev/vg_guests
|
||||
vmhost: osuosl01.fedoraproject.org
|
||||
datacenter: osuosl
|
||||
|
||||
has_ipv6: yes
|
||||
eth0_ipv6: "2605:bc80:3010:600:dead:beef:cafe:fee0"
|
||||
eth0_ipv6_gw: "2605:bc80:3010:600::1"
|
||||
|
||||
vpn: false
|
||||
|
||||
ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext
|
||||
ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
---
|
||||
eth0_ip: 10.5.126.60
|
||||
nm: 255.255.255.0
|
||||
gw: 10.5.128.254
|
||||
dns: 10.5.126.21
|
||||
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
|
||||
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
|
||||
volgroup: /dev/vg_guests
|
||||
vmhost: virthost01.phx2.fedoraproject.org
|
||||
datacenter: phx2
|
|
@ -1,14 +0,0 @@
|
|||
---
|
||||
tcp_ports: [22]
|
||||
datacenter: aws
|
||||
|
||||
nagios_Check_Services:
|
||||
mail: false
|
||||
nrpe: false
|
||||
sshd: false
|
||||
named: false
|
||||
dhcpd: false
|
||||
httpd: false
|
||||
swap: false
|
||||
ping: false
|
||||
raid: false
|
|
@ -1,14 +0,0 @@
|
|||
---
|
||||
nm: 255.255.255.0
|
||||
gw: 10.5.126.254
|
||||
dns: 10.5.126.21
|
||||
|
||||
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
|
||||
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
|
||||
|
||||
eth0_ip: 10.5.126.205
|
||||
|
||||
volgroup: /dev/vg_guests
|
||||
vmhost: virthost14.phx2.fedoraproject.org
|
||||
|
||||
datacenter: phx2
|
|
@ -1,14 +0,0 @@
|
|||
---
|
||||
nm: 255.255.255.0
|
||||
gw: 10.5.128.254
|
||||
dns: 10.5.126.21
|
||||
|
||||
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
|
||||
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
|
||||
|
||||
eth0_ip: 10.5.128.184
|
||||
|
||||
volgroup: /dev/vg_guests
|
||||
vmhost: virthost04.stg.phx2.fedoraproject.org
|
||||
|
||||
datacenter: phx2
|
|
@ -1071,12 +1071,6 @@ copr_keygen_dev_aws
|
|||
# virthost-aarch64-os01.fedorainfracloud.org
|
||||
# virthost-aarch64-os02.fedorainfracloud.org
|
||||
|
||||
#[libravatar]
|
||||
#libravatar.fedorainfracloud.org
|
||||
|
||||
#[libravatar_stg]
|
||||
#libravatar-stg.fedorainfracloud.org
|
||||
|
||||
[pagure]
|
||||
pagure01.fedoraproject.org
|
||||
|
||||
|
|
401
library/lvol.py
401
library/lvol.py
|
@ -1,401 +0,0 @@
|
|||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
# (c) 2013, Jeroen Hoekx <jeroen.hoekx@dsquare.be>, Alexander Bulimov <lazywolf0@gmail.com>
|
||||
#
|
||||
# This file is part of Ansible
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
DOCUMENTATION = '''
|
||||
---
|
||||
author:
|
||||
- "Jeroen Hoekx (@jhoekx)"
|
||||
- "Alexander Bulimov (@abulimov)"
|
||||
module: lvol
|
||||
short_description: Configure LVM logical volumes
|
||||
description:
|
||||
- This module creates, removes or resizes logical volumes.
|
||||
version_added: "1.1"
|
||||
options:
|
||||
vg:
|
||||
description:
|
||||
- The volume group this logical volume is part of.
|
||||
required: true
|
||||
lv:
|
||||
description:
|
||||
- The name of the logical volume.
|
||||
required: true
|
||||
size:
|
||||
description:
|
||||
- The size of the logical volume, according to lvcreate(8) --size, by
|
||||
default in megabytes or optionally with one of [bBsSkKmMgGtTpPeE] units; or
|
||||
according to lvcreate(8) --extents as a percentage of [VG|PVS|FREE];
|
||||
Float values must begin with a digit.
|
||||
Resizing using percentage values was not supported prior to 2.1.
|
||||
state:
|
||||
choices: [ "present", "absent" ]
|
||||
default: present
|
||||
description:
|
||||
- Control if the logical volume exists. If C(present) the C(size) option
|
||||
is required.
|
||||
required: false
|
||||
force:
|
||||
version_added: "1.5"
|
||||
choices: [ "yes", "no" ]
|
||||
default: "no"
|
||||
description:
|
||||
- Shrink or remove operations of volumes requires this switch. Ensures that
|
||||
that filesystems get never corrupted/destroyed by mistake.
|
||||
required: false
|
||||
opts:
|
||||
version_added: "2.0"
|
||||
description:
|
||||
- Free-form options to be passed to the lvcreate command
|
||||
snapshot:
|
||||
version_added: "2.1"
|
||||
description:
|
||||
- The name of the snapshot volume
|
||||
required: false
|
||||
pvs:
|
||||
version_added: "2.2"
|
||||
description:
|
||||
- Comma separated list of physical volumes e.g. /dev/sda,/dev/sdb
|
||||
required: false
|
||||
shrink:
|
||||
version_added: "2.2"
|
||||
description:
|
||||
- shrink if current size is higher than size requested
|
||||
required: false
|
||||
default: yes
|
||||
notes:
|
||||
- Filesystems on top of the volume are not resized.
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
# Create a logical volume of 512m.
|
||||
- lvol: vg=firefly lv=test size=512
|
||||
|
||||
# Create a logical volume of 512m with disks /dev/sda and /dev/sdb
|
||||
- lvol: vg=firefly lv=test size=512 pvs=/dev/sda,/dev/sdb
|
||||
|
||||
# Create cache pool logical volume
|
||||
- lvol: vg=firefly lv=lvcache size=512m opts='--type cache-pool'
|
||||
|
||||
# Create a logical volume of 512g.
|
||||
- lvol: vg=firefly lv=test size=512g
|
||||
|
||||
# Create a logical volume the size of all remaining space in the volume group
|
||||
- lvol: vg=firefly lv=test size=100%FREE
|
||||
|
||||
# Create a logical volume with special options
|
||||
- lvol: vg=firefly lv=test size=512g opts="-r 16"
|
||||
|
||||
# Extend the logical volume to 1024m.
|
||||
- lvol: vg=firefly lv=test size=1024
|
||||
|
||||
# Extend the logical volume to consume all remaining space in the volume group
|
||||
- lvol: vg=firefly lv=test size=+100%FREE
|
||||
|
||||
# Extend the logical volume to take all remaining space of the PVs
|
||||
- lvol: vg=firefly lv=test size=100%PVS
|
||||
|
||||
# Resize the logical volume to % of VG
|
||||
- lvol: vg-firefly lv=test size=80%VG force=yes
|
||||
|
||||
# Reduce the logical volume to 512m
|
||||
- lvol: vg=firefly lv=test size=512 force=yes
|
||||
|
||||
# Set the logical volume to 512m and do not try to shrink if size is lower than current one
|
||||
- lvol: vg=firefly lv=test size=512 shrink=no
|
||||
|
||||
# Remove the logical volume.
|
||||
- lvol: vg=firefly lv=test state=absent force=yes
|
||||
|
||||
# Create a snapshot volume of the test logical volume.
|
||||
- lvol: vg=firefly lv=test snapshot=snap1 size=100m
|
||||
'''
|
||||
|
||||
import re
|
||||
|
||||
decimal_point = re.compile(r"(\d+)")
|
||||
|
||||
def mkversion(major, minor, patch):
|
||||
return (1000 * 1000 * int(major)) + (1000 * int(minor)) + int(patch)
|
||||
|
||||
def parse_lvs(data):
|
||||
lvs = []
|
||||
for line in data.splitlines():
|
||||
parts = line.strip().split(';')
|
||||
lvs.append({
|
||||
'name': parts[0].replace('[','').replace(']',''),
|
||||
'size': int(decimal_point.match(parts[1]).group(1))
|
||||
})
|
||||
return lvs
|
||||
|
||||
def parse_vgs(data):
|
||||
vgs = []
|
||||
for line in data.splitlines():
|
||||
parts = line.strip().split(';')
|
||||
vgs.append({
|
||||
'name': parts[0],
|
||||
'size': int(decimal_point.match(parts[1]).group(1)),
|
||||
'free': int(decimal_point.match(parts[2]).group(1)),
|
||||
'ext_size': int(decimal_point.match(parts[3]).group(1))
|
||||
})
|
||||
return vgs
|
||||
|
||||
|
||||
def get_lvm_version(module):
|
||||
ver_cmd = module.get_bin_path("lvm", required=True)
|
||||
rc, out, err = module.run_command("%s version" % (ver_cmd))
|
||||
if rc != 0:
|
||||
return None
|
||||
m = re.search("LVM version:\s+(\d+)\.(\d+)\.(\d+).*(\d{4}-\d{2}-\d{2})", out)
|
||||
if not m:
|
||||
return None
|
||||
return mkversion(m.group(1), m.group(2), m.group(3))
|
||||
|
||||
|
||||
def main():
|
||||
module = AnsibleModule(
|
||||
argument_spec=dict(
|
||||
vg=dict(required=True),
|
||||
lv=dict(required=True),
|
||||
size=dict(type='str'),
|
||||
opts=dict(type='str'),
|
||||
state=dict(choices=["absent", "present"], default='present'),
|
||||
force=dict(type='bool', default='no'),
|
||||
shrink=dict(type='bool', default='yes'),
|
||||
snapshot=dict(type='str', default=None),
|
||||
pvs=dict(type='str')
|
||||
),
|
||||
supports_check_mode=True,
|
||||
)
|
||||
|
||||
# Determine if the "--yes" option should be used
|
||||
version_found = get_lvm_version(module)
|
||||
if version_found == None:
|
||||
module.fail_json(msg="Failed to get LVM version number")
|
||||
version_yesopt = mkversion(2, 2, 99) # First LVM with the "--yes" option
|
||||
if version_found >= version_yesopt:
|
||||
yesopt = "--yes"
|
||||
else:
|
||||
yesopt = ""
|
||||
|
||||
vg = module.params['vg']
|
||||
lv = module.params['lv']
|
||||
size = module.params['size']
|
||||
opts = module.params['opts']
|
||||
state = module.params['state']
|
||||
force = module.boolean(module.params['force'])
|
||||
shrink = module.boolean(module.params['shrink'])
|
||||
size_opt = 'L'
|
||||
size_unit = 'm'
|
||||
snapshot = module.params['snapshot']
|
||||
pvs = module.params['pvs']
|
||||
|
||||
if pvs is None:
|
||||
pvs = ""
|
||||
else:
|
||||
pvs = pvs.replace(",", " ")
|
||||
|
||||
if opts is None:
|
||||
opts = ""
|
||||
|
||||
# Add --test option when running in check-mode
|
||||
if module.check_mode:
|
||||
test_opt = ' --test'
|
||||
else:
|
||||
test_opt = ''
|
||||
|
||||
if size:
|
||||
# LVCREATE(8) -l --extents option with percentage
|
||||
if '%' in size:
|
||||
size_parts = size.split('%', 1)
|
||||
size_percent = int(size_parts[0])
|
||||
if size_percent > 100:
|
||||
module.fail_json(msg="Size percentage cannot be larger than 100%")
|
||||
size_whole = size_parts[1]
|
||||
if size_whole == 'ORIGIN':
|
||||
module.fail_json(msg="Snapshot Volumes are not supported")
|
||||
elif size_whole not in ['VG', 'PVS', 'FREE']:
|
||||
module.fail_json(msg="Specify extents as a percentage of VG|PVS|FREE")
|
||||
size_opt = 'l'
|
||||
size_unit = ''
|
||||
|
||||
if not '%' in size:
|
||||
# LVCREATE(8) -L --size option unit
|
||||
if size[-1].lower() in 'bskmgtpe':
|
||||
size_unit = size[-1].lower()
|
||||
size = size[0:-1]
|
||||
|
||||
try:
|
||||
float(size)
|
||||
if not size[0].isdigit(): raise ValueError()
|
||||
except ValueError:
|
||||
module.fail_json(msg="Bad size specification of '%s'" % size)
|
||||
|
||||
# when no unit, megabytes by default
|
||||
if size_opt == 'l':
|
||||
unit = 'm'
|
||||
else:
|
||||
unit = size_unit
|
||||
|
||||
# Get information on volume group requested
|
||||
vgs_cmd = module.get_bin_path("vgs", required=True)
|
||||
rc, current_vgs, err = module.run_command(
|
||||
"%s --noheadings -o vg_name,size,free,vg_extent_size --units %s --separator ';' %s" % (vgs_cmd, unit, vg))
|
||||
|
||||
if rc != 0:
|
||||
if state == 'absent':
|
||||
module.exit_json(changed=False, stdout="Volume group %s does not exist." % vg, stderr=False)
|
||||
else:
|
||||
module.fail_json(msg="Volume group %s does not exist." % vg, rc=rc, err=err)
|
||||
|
||||
vgs = parse_vgs(current_vgs)
|
||||
this_vg = vgs[0]
|
||||
|
||||
# Get information on logical volume requested
|
||||
lvs_cmd = module.get_bin_path("lvs", required=True)
|
||||
rc, current_lvs, err = module.run_command(
|
||||
"%s -a --noheadings --nosuffix -o lv_name,size --units %s --separator ';' %s" % (lvs_cmd, unit, vg))
|
||||
|
||||
if rc != 0:
|
||||
if state == 'absent':
|
||||
module.exit_json(changed=False, stdout="Volume group %s does not exist." % vg, stderr=False)
|
||||
else:
|
||||
module.fail_json(msg="Volume group %s does not exist." % vg, rc=rc, err=err)
|
||||
|
||||
changed = False
|
||||
|
||||
lvs = parse_lvs(current_lvs)
|
||||
|
||||
if snapshot is None:
|
||||
check_lv = lv
|
||||
else:
|
||||
check_lv = snapshot
|
||||
for test_lv in lvs:
|
||||
if test_lv['name'] == check_lv:
|
||||
this_lv = test_lv
|
||||
break
|
||||
else:
|
||||
this_lv = None
|
||||
|
||||
if state == 'present' and not size:
|
||||
if this_lv is None:
|
||||
module.fail_json(msg="No size given.")
|
||||
else:
|
||||
module.exit_json(changed=False, vg=vg, lv=this_lv['name'], size=this_lv['size'])
|
||||
|
||||
msg = ''
|
||||
if this_lv is None:
|
||||
if state == 'present':
|
||||
### create LV
|
||||
lvcreate_cmd = module.get_bin_path("lvcreate", required=True)
|
||||
if snapshot is not None:
|
||||
cmd = "%s %s %s -%s %s%s -s -n %s %s %s/%s" % (lvcreate_cmd, test_opt, yesopt, size_opt, size, size_unit, snapshot, opts, vg, lv)
|
||||
else:
|
||||
cmd = "%s %s %s -n %s -%s %s%s %s %s %s" % (lvcreate_cmd, test_opt, yesopt, lv, size_opt, size, size_unit, opts, vg, pvs)
|
||||
rc, _, err = module.run_command(cmd)
|
||||
if rc == 0:
|
||||
changed = True
|
||||
else:
|
||||
module.fail_json(msg="Creating logical volume '%s' failed" % lv, rc=rc, err=err)
|
||||
else:
|
||||
if state == 'absent':
|
||||
### remove LV
|
||||
if not force:
|
||||
module.fail_json(msg="Sorry, no removal of logical volume %s without force=yes." % (this_lv['name']))
|
||||
lvremove_cmd = module.get_bin_path("lvremove", required=True)
|
||||
rc, _, err = module.run_command("%s %s --force %s/%s" % (lvremove_cmd, test_opt, vg, this_lv['name']))
|
||||
if rc == 0:
|
||||
module.exit_json(changed=True)
|
||||
else:
|
||||
module.fail_json(msg="Failed to remove logical volume %s" % (lv), rc=rc, err=err)
|
||||
|
||||
elif size_opt == 'l':
|
||||
### Resize LV based on % value
|
||||
tool = None
|
||||
size_free = this_vg['free']
|
||||
if size_whole == 'VG' or size_whole == 'PVS':
|
||||
size_requested = size_percent * this_vg['size'] / 100
|
||||
else: # size_whole == 'FREE':
|
||||
size_requested = size_percent * this_vg['free'] / 100
|
||||
if '+' in size:
|
||||
size_requested += this_lv['size']
|
||||
if this_lv['size'] < size_requested:
|
||||
if (size_free > 0) and (('+' not in size) or (size_free >= (size_requested - this_lv['size']))):
|
||||
tool = module.get_bin_path("lvextend", required=True)
|
||||
else:
|
||||
module.fail_json(msg="Logical Volume %s could not be extended. Not enough free space left (%s%s required / %s%s available)" % (this_lv['name'], (size_requested - this_lv['size']), unit, size_free, unit))
|
||||
elif shrink and this_lv['size'] > size_requested + this_vg['ext_size']: # more than an extent too large
|
||||
if size_requested == 0:
|
||||
module.fail_json(msg="Sorry, no shrinking of %s to 0 permitted." % (this_lv['name']))
|
||||
elif not force:
|
||||
module.fail_json(msg="Sorry, no shrinking of %s without force=yes" % (this_lv['name']))
|
||||
else:
|
||||
tool = module.get_bin_path("lvreduce", required=True)
|
||||
tool = '%s %s' % (tool, '--force')
|
||||
|
||||
if tool:
|
||||
cmd = "%s %s -%s %s%s %s/%s %s" % (tool, test_opt, size_opt, size, size_unit, vg, this_lv['name'], pvs)
|
||||
rc, out, err = module.run_command(cmd)
|
||||
if "Reached maximum COW size" in out:
|
||||
module.fail_json(msg="Unable to resize %s to %s%s" % (lv, size, size_unit), rc=rc, err=err, out=out)
|
||||
elif rc == 0:
|
||||
changed = True
|
||||
msg="Volume %s resized to %s%s" % (this_lv['name'], size_requested, unit)
|
||||
elif "matches existing size" in err:
|
||||
module.exit_json(changed=False, vg=vg, lv=this_lv['name'], size=this_lv['size'])
|
||||
elif "not larger than existing size" in err:
|
||||
module.exit_json(changed=False, vg=vg, lv=this_lv['name'], size=this_lv['size'], msg="Original size is larger than requested size", err=err)
|
||||
else:
|
||||
module.fail_json(msg="Unable to resize %s to %s%s" % (lv, size, size_unit), rc=rc, err=err)
|
||||
|
||||
else:
|
||||
### resize LV based on absolute values
|
||||
tool = None
|
||||
if int(size) > this_lv['size']:
|
||||
tool = module.get_bin_path("lvextend", required=True)
|
||||
elif shrink and int(size) < this_lv['size']:
|
||||
if int(size) == 0:
|
||||
module.fail_json(msg="Sorry, no shrinking of %s to 0 permitted." % (this_lv['name']))
|
||||
if not force:
|
||||
module.fail_json(msg="Sorry, no shrinking of %s without force=yes." % (this_lv['name']))
|
||||
else:
|
||||
tool = module.get_bin_path("lvreduce", required=True)
|
||||
tool = '%s %s' % (tool, '--force')
|
||||
|
||||
if tool:
|
||||
cmd = "%s %s -%s %s%s %s/%s %s" % (tool, test_opt, size_opt, size, size_unit, vg, this_lv['name'], pvs)
|
||||
rc, out, err = module.run_command(cmd)
|
||||
if "Reached maximum COW size" in out:
|
||||
module.fail_json(msg="Unable to resize %s to %s%s" % (lv, size, size_unit), rc=rc, err=err, out=out)
|
||||
elif rc == 0:
|
||||
changed = True
|
||||
elif "matches existing size" in err:
|
||||
module.exit_json(changed=False, vg=vg, lv=this_lv['name'], size=this_lv['size'])
|
||||
elif "not larger than existing size" in err:
|
||||
module.exit_json(changed=False, vg=vg, lv=this_lv['name'], size=this_lv['size'], msg="Original size is larger than requested size", err=err)
|
||||
else:
|
||||
module.fail_json(msg="Unable to resize %s to %s%s" % (lv, size, size_unit), rc=rc, err=err)
|
||||
|
||||
module.exit_json(changed=changed, msg=msg)
|
||||
|
||||
# import module snippets
|
||||
from ansible.module_utils.basic import *
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
|
@ -1,14 +0,0 @@
|
|||
# restricted to run on cloud instances only
|
||||
- hosts: 209.132.184.*
|
||||
user: root
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- "/srv/private/ansible/vars.yml"
|
||||
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
||||
|
||||
tasks:
|
||||
- import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml"
|
||||
|
||||
|
||||
handlers:
|
||||
- import_tasks: "{{ handlers_path }}/restart_services.yml"
|
|
@ -1,25 +0,0 @@
|
|||
#DIE DIE DIE
|
||||
# there is no way this could work so fail
|
||||
#
|
||||
# only works with -e target=
|
||||
# requires --extra-vars="target=hostspec"
|
||||
|
||||
- name: destroy the cloud instance
|
||||
hosts: "{{ target }}"
|
||||
user: root
|
||||
gather_facts: false
|
||||
|
||||
tasks:
|
||||
- name: fail if the host/ip is not up
|
||||
local_action: wait_for host={{ inventory_hostname }} port=22 delay=0 timeout=10
|
||||
when: inventory_hostname not in result.list_vms
|
||||
|
||||
- name: pause for 30s before doing it
|
||||
pause: seconds=30 prompt="Destroying vm now {{ target }}, abort if this is wrong"
|
||||
|
||||
- name: find the instance id from the builder
|
||||
command: curl -s http://169.254.169.254/latest/meta-data/instance-id
|
||||
register: instanceid
|
||||
|
||||
- name: destroy the vm
|
||||
command: /usr/sbin/halt -p
|
|
@ -1,45 +0,0 @@
|
|||
# only works with -e target=
|
||||
# read configs from host_vars
|
||||
# check for host already existing
|
||||
# if it exists
|
||||
# kill it
|
||||
# lvremove disk?
|
||||
# if not
|
||||
# exit with failure
|
||||
|
||||
# requires --extra-vars="target=hostspec"
|
||||
|
||||
- name: destroy and undefine vm
|
||||
hosts: "{{ target }}"
|
||||
user: root
|
||||
gather_facts: false
|
||||
|
||||
tasks:
|
||||
- name: get vm list on the vmhost
|
||||
delegate_to: "{{ vmhost }}"
|
||||
virt: command=list_vms
|
||||
register: result
|
||||
|
||||
- name: fail if the host is not already defined/existent
|
||||
local_action: fail msg="host does not exist on {{ vmhost }}"
|
||||
when: inventory_hostname not in result.list_vms
|
||||
|
||||
- name: schedule 30m host downtime in nagios
|
||||
nagios: action=downtime minutes=60 service=host host={{ inventory_hostname_short }}{{ env_suffix }}
|
||||
delegate_to: noc01.phx2.fedoraproject.org
|
||||
ignore_errors: true
|
||||
|
||||
- name: pause for 30s before doing it
|
||||
pause: seconds=30 prompt="Destroying (and lvremove for) vm now {{ target }}, abort if this is wrong"
|
||||
|
||||
- name: destroy the vm
|
||||
virt: name={{ inventory_hostname }} command=destroy
|
||||
delegate_to: "{{ vmhost }}"
|
||||
|
||||
- name: undefine the vm
|
||||
virt: name={{ inventory_hostname }} command=undefine
|
||||
delegate_to: "{{ vmhost }}"
|
||||
|
||||
- name: destroy the lv
|
||||
command: /sbin/lvremove -f {{volgroup}}/{{inventory_hostname}}
|
||||
delegate_to: "{{ vmhost }}"
|
|
@ -1,33 +0,0 @@
|
|||
#
|
||||
# This playbook power cycles an arm soc, sets time and runs playbook on it.
|
||||
#
|
||||
# requires -e "target=arm0N-builderXX.arm.fedoraproject.org" -l arm0N-builderXX.arm.fedoraproject.org
|
||||
|
||||
- name: power cycle instance
|
||||
hosts: "{{ target }}"
|
||||
gather_facts: False
|
||||
user: root
|
||||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- "/srv/private/ansible/vars.yml"
|
||||
|
||||
tasks:
|
||||
- name: power off
|
||||
delegate_to: noc01.phx2.fedoraproject.org
|
||||
command: /opt/calxeda/bin/ipmitool -U admin -P "{{ armsocipmipass }}" -H "{{inventory_hostname_short}}-mgmt.arm.fedoraproject.org" power off
|
||||
# no_log: True
|
||||
|
||||
- name: power on
|
||||
delegate_to: noc01.phx2.fedoraproject.org
|
||||
command: /opt/calxeda/bin/ipmitool -U admin -P "{{ armsocipmipass }}" -H "{{inventory_hostname_short}}-mgmt.arm.fedoraproject.org" power on
|
||||
# no_log: True
|
||||
|
||||
- name: wait for soc ssh to come back up
|
||||
local_action: wait_for delay=10 host={{ target }} port=22 state=started timeout=1200
|
||||
|
||||
- name: make sure time is set
|
||||
delegate_to: "{{target}}"
|
||||
command: ntpdate -u bastion01.phx2.fedoraproject.org
|
||||
|
||||
- include_playbook: groups/buildhw.yml hosts="{{target}}"
|
|
@ -28,7 +28,6 @@
|
|||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- builder_repo
|
||||
- collectd/base
|
||||
- apache
|
||||
- role: keytab/service
|
||||
|
|
|
@ -23,7 +23,6 @@
|
|||
roles:
|
||||
- base
|
||||
- hosts
|
||||
- builder_repo
|
||||
- fas_client
|
||||
- rkhunter
|
||||
- nagios_client
|
||||
|
|
|
@ -1,31 +0,0 @@
|
|||
- name: check/create instance
|
||||
hosts: respins.fedorainfracloud.org
|
||||
gather_facts: False
|
||||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- /srv/private/ansible/vars.yml
|
||||
- /srv/private/ansible/files/openstack/passwords.yml
|
||||
|
||||
tasks:
|
||||
- import_tasks: "{{ tasks_path }}/persistent_cloud.yml"
|
||||
|
||||
handlers:
|
||||
- import_tasks: "{{ handlers_path }}/restart_services.yml"
|
||||
|
||||
- name: setup all the things
|
||||
hosts: respins.fedorainfracloud.org
|
||||
gather_facts: True
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- /srv/private/ansible/vars.yml
|
||||
- /srv/private/ansible/files/openstack/passwords.yml
|
||||
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
||||
|
||||
pre_tasks:
|
||||
- import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml"
|
||||
- name: set hostname (required by some services, at least postfix need it)
|
||||
hostname: name="{{inventory_hostname}}"
|
||||
|
||||
roles:
|
||||
- basessh
|
|
@ -27,8 +27,6 @@
|
|||
website: fedoracommunity.org
|
||||
- role: fedora-web/fudcon
|
||||
website: fudcon.fedoraproject.org
|
||||
- role: fedora-web/magazine
|
||||
website: fedoramagazine.org
|
||||
- role: fedora-web/getfedora
|
||||
website: getfedora.org
|
||||
- role: fedora-web/flocktofedora
|
||||
|
|
|
@ -1,56 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Install required packages
|
||||
package: name="{{ item }}" state=present
|
||||
with_items:
|
||||
- ansible
|
||||
- git
|
||||
- pyOpenSSL
|
||||
- docker
|
||||
- python-docker-py
|
||||
tags:
|
||||
- awxinstall
|
||||
|
||||
- name: Start and enable docker
|
||||
service: name=docker enabled=yes state=started
|
||||
|
||||
- name: git clone the awx repo
|
||||
git:
|
||||
repo: https://github.com/ansible/awx.git
|
||||
dest: /srv/awx
|
||||
version: devel
|
||||
tags:
|
||||
- awxinstall
|
||||
|
||||
- name: git clone the awx-logos repo
|
||||
git:
|
||||
repo: https://github.com/ansible/awx-logos.git
|
||||
dest: /srv/awx-logos
|
||||
version: master
|
||||
tags:
|
||||
- awxinstall
|
||||
|
||||
- name: Copy inventory file over
|
||||
template: src=inventory dest=/srv/awx/installer/inventory
|
||||
tags:
|
||||
- awxinstall
|
||||
|
||||
#- name: run ansible
|
||||
# shell: "ansible-playbook install.yml -i inventory"
|
||||
# args:
|
||||
# chdir: "/srv/awx/installer"
|
||||
# register: run_ansible_out
|
||||
# tags:
|
||||
# - awxinstall
|
||||
#
|
||||
#- name: display run ansible stdout_lines
|
||||
# debug:
|
||||
# var: run_ansible_out.stdout_lines
|
||||
# tags:
|
||||
# - awxinstall
|
||||
#
|
||||
#- name: display run ansible stderr
|
||||
# debug:
|
||||
# var: run_ansible_out.stderr
|
||||
# tags:
|
||||
# - awxinstall
|
|
@ -1,112 +0,0 @@
|
|||
localhost ansible_connection=local ansible_python_interpreter="/usr/bin/env python"
|
||||
|
||||
[all:vars]
|
||||
|
||||
# Remove these lines if you want to run a local image build
|
||||
# Otherwise the setup playbook will install the official Ansible images. Versions may
|
||||
# be selected based on: latest, 1, 1.0, 1.0.0, 1.0.0.123
|
||||
# by default the base will be used to search for ansible/awx_web and ansible/awx_task
|
||||
dockerhub_base=ansible
|
||||
dockerhub_version=latest
|
||||
|
||||
# Openshift Install
|
||||
# Will need to set -e openshift_password=developer -e docker_registry_password=$(oc whoami -t)
|
||||
# openshift_host=127.0.0.1:8443
|
||||
# awx_openshift_project=awx
|
||||
# openshift_user=developer
|
||||
# awx_node_port=30083
|
||||
|
||||
# Kubernetes Install
|
||||
# kubernetes_context=test-cluster
|
||||
# awx_kubernetes_namespace=awx
|
||||
|
||||
# Kubernetes and Openshift Install Resource Requests
|
||||
# This is the request value for a pod's "task" container, which is the container
|
||||
# used to run jobs. The other containers have a fixed resource request. The total amount
|
||||
# of requested resources for a pod is the sum of all resources requested by all containers
|
||||
# in the pod
|
||||
# A cpu_request of 1500 is 1.5 cores for the task container
|
||||
# A mem_request of 2 is for 2 gigabytes of memory for the task container
|
||||
# awx_task_cpu_request=1500
|
||||
# awx_task_mem_request=2
|
||||
|
||||
# Common Docker parameters
|
||||
postgres_data_dir=/tmp/pgdocker
|
||||
host_port=80
|
||||
|
||||
# Docker Compose Install
|
||||
# use_docker_compose=false
|
||||
# The docker_compose.yml file will be created in this directory
|
||||
# The name of the directory (here "awx") will be the prefix of the docker containers
|
||||
docker_compose_dir=/var/lib/awx
|
||||
|
||||
# Required for Openshift when building the image on your own
|
||||
# Optional for Openshift if using Dockerhub or another prebuilt registry
|
||||
# Required for Standalone Docker Install if building the image on your own
|
||||
# Optional for Standalone Docker Install if using Dockerhub or another prebuilt registry
|
||||
# Required for Docker Compose Install if building the image on your own
|
||||
# Optional for Docker Compose Install if using Dockerhub or another prebuilt registry
|
||||
# Define if you want the image pushed to a registry. The container definition will also use these images
|
||||
# docker_registry=172.30.1.1:5000
|
||||
# docker_registry_repository=awx
|
||||
# docker_registry_username=developer
|
||||
|
||||
|
||||
# Docker_image will not attempt to push to remote if the image already exists locally
|
||||
# Set this to true to delete images from docker on the build host so that they are pushed to the remote repository
|
||||
# docker_remove_local_images=False
|
||||
|
||||
# Set pg_hostname if you have an external postgres server, otherwise
|
||||
# a new postgres service will be created
|
||||
pg_hostname=db-fas01.phx2.fedoraproject.org
|
||||
pg_username={{awx_db_user}}
|
||||
pg_password={{awx_db_pass}}
|
||||
pg_database={{awx_db}}
|
||||
pg_port=5432
|
||||
|
||||
# Use a local distribution build container image for building the AWX package
|
||||
# This is helpful if you don't want to bother installing the build-time dependencies as
|
||||
# it is taken care of already.
|
||||
# NOTE: IMPORTANT: If you are running a mininshift install, using this container might not work
|
||||
# if you are using certain drivers like KVM where the source tree can't be mapped
|
||||
# into the build container.
|
||||
# Thus this setting must be set to False which will trigger a local build. To view the
|
||||
# typical dependencies that you might need to install see:
|
||||
# installer/image_build/files/Dockerfile.sdist
|
||||
# use_container_for_build=true
|
||||
|
||||
# This will create or update a default admin (superuser) account in AWX, if not provided
|
||||
# then these default values are used
|
||||
default_admin_user={{awx_admin}}
|
||||
default_admin_password={{awx_admin_pw}}
|
||||
|
||||
# AWX Secret key
|
||||
# It's *very* important that this stay the same between upgrades or you will lose the ability to decrypt
|
||||
# your credentials
|
||||
awx_secret_key={{awx_secret_key}}
|
||||
|
||||
# Build AWX with official logos
|
||||
# Requires cloning awx-logos repo into the project root.
|
||||
# Review the trademark guidelines at https://github.com/ansible/awx-logos/blob/master/TRADEMARKS.md
|
||||
awx_official=true
|
||||
|
||||
# Proxy
|
||||
#http_proxy=http://proxy:3128
|
||||
#https_proxy=http://proxy:3128
|
||||
#no_proxy=mycorp.org
|
||||
|
||||
# Container networking configuration
|
||||
# Set the awx_task and awx_web containers' search domain(s)
|
||||
#awx_container_search_domains=example.com,ansible.com
|
||||
# Alternate DNS servers
|
||||
#awx_alternate_dns_servers="10.1.2.3,10.2.3.4"
|
||||
|
||||
# AWX project data folder. If you need access to the location where AWX stores the projects
|
||||
# it manages from the docker host, you can set this to turn it into a volume for the container.
|
||||
#project_data_dir=/var/lib/awx/projects
|
||||
|
||||
# CA Trust directory. If you need to provide custom CA certificates, supplying
|
||||
# this variable causes this directory on the host to be bind mounted over
|
||||
# /etc/pki/ca-trust in the awx_task and awx_web containers.
|
||||
# NOTE: only obeyed in local_docker install
|
||||
#ca_trust_dir=/etc/pki/ca-trust
|
|
@ -122,19 +122,6 @@ children:
|
|||
description: >
|
||||
Maintain your own user profile page, contribute to
|
||||
documents about features, process, and governance.
|
||||
- name: Fedora Magazine
|
||||
data:
|
||||
icon: magazine.png
|
||||
url: http://fedoramagazine.org
|
||||
docs_url: https://codex.wordpress.org/
|
||||
# We don't have a SOP for the magazine yet.
|
||||
# https://fedorahosted.org/fedora-infrastructure/ticket/5149
|
||||
#sops:
|
||||
# - put the url here
|
||||
description: >
|
||||
Fedora Magazine is a WordPress-based site which delivers all
|
||||
the news of the Fedora Community. (It replaces the previous
|
||||
Fedora Weekly News.)
|
||||
- name: The Planet
|
||||
data:
|
||||
icon: planet_logo.png
|
||||
|
|
|
@ -1,46 +0,0 @@
|
|||
# This file is part of fedmsg.
|
||||
# Copyright (C) 2012 Red Hat, Inc.
|
||||
#
|
||||
# fedmsg is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU Lesser General Public
|
||||
# License as published by the Free Software Foundation; either
|
||||
# version 2.1 of the License, or (at your option) any later version.
|
||||
#
|
||||
# fedmsg is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
# Lesser General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Lesser General Public
|
||||
# License along with fedmsg; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
#
|
||||
# Authors: Ralph Bean <rbean@redhat.com>
|
||||
#
|
||||
import socket
|
||||
hostname = socket.gethostname().split('.', 1)[0]
|
||||
|
||||
config = dict(
|
||||
# This is a dict of possible addresses from which fedmsg can send
|
||||
# messages. fedmsg.init(...) requires that a 'name' argument be passed
|
||||
# to it which corresponds with one of the keys in this dict.
|
||||
endpoints={
|
||||
# These are here so your local box can listen to the upstream
|
||||
# infrastructure's bus. Cool, right? :)
|
||||
"fedora-infrastructure": [
|
||||
# proxy01, IP by Ralph Bean, the round-robin DNS pool
|
||||
# hub.fedoraproject.org contains at least one IP autosign01 cannot
|
||||
# connect to
|
||||
"tcp://10.5.126.52:9940",
|
||||
#"tcp://stg.fedoraproject.org:9940",
|
||||
],
|
||||
|
||||
# For other, more 'normal' services, fedmsg will try to guess the
|
||||
# name of it's calling module to determine which endpoint definition
|
||||
# to use. This can be overridden by explicitly providing the name in
|
||||
# the initial call to fedmsg.init(...).
|
||||
#"bodhi.%s" % hostname: ["tcp://127.0.0.1:3001"],
|
||||
#"fas.%s" % hostname: ["tcp://127.0.0.1:3002"],
|
||||
#"fedoratagger.%s" % hostname: ["tcp://127.0.0.1:3003"],
|
||||
},
|
||||
)
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
dependencies:
|
||||
- { role: builder_repo }
|
||||
- { role: hosts }
|
|
@ -1,46 +0,0 @@
|
|||
- name: install dependencies
|
||||
package: state=present pkg={{ item }}
|
||||
with_items:
|
||||
- sigul
|
||||
tags:
|
||||
- autosigner
|
||||
- packages
|
||||
|
||||
# fedora-packager is required for /etc/koji/$arch-config
|
||||
- name: install dependencies
|
||||
package: state=present pkg={{ item }}
|
||||
with_items:
|
||||
- fedmsg
|
||||
- fedmsg-hub
|
||||
- fedora-packager
|
||||
- python2-fedmsg-meta-fedora-infrastructure
|
||||
tags:
|
||||
- autosigner
|
||||
- packages
|
||||
|
||||
# sigul config for secondary archs:
|
||||
# https://fedoraproject.org/wiki/Sigul_Client_Setup_SOP
|
||||
- name: sigul config koji instances
|
||||
ini_file: dest=/etc/sigul/client.conf section=koji option=koji-instances
|
||||
value="arm ppc s390"
|
||||
tags:
|
||||
- autosigner
|
||||
- config
|
||||
|
||||
- name: sigul config koji config
|
||||
ini_file: dest=/etc/sigul/client.conf section=koji
|
||||
option=koji-config-{{ item }} value="/etc/koji/{{ item }}-config"
|
||||
with_items:
|
||||
- arm
|
||||
- ppc
|
||||
- s390
|
||||
tags:
|
||||
- autosigner
|
||||
- config
|
||||
|
||||
- name: fedmsg endpoints config
|
||||
copy: src=endpoints.py dest=/etc/fedmsg.d/endpoints.py
|
||||
tags:
|
||||
- autosigner
|
||||
- config
|
||||
- fedmsgdconfig
|
|
@ -1,687 +0,0 @@
|
|||
# "false"
|
||||
# Global Postfix configuration file. This file lists only a subset
|
||||
# of all parameters. For the syntax, and for a complete parameter
|
||||
# list, see the postconf(5) manual page (command: "man 5 postconf").
|
||||
#
|
||||
# For common configuration examples, see BASIC_CONFIGURATION_README
|
||||
# and STANDARD_CONFIGURATION_README. To find these documents, use
|
||||
# the command "postconf html_directory readme_directory", or go to
|
||||
# http://www.postfix.org/.
|
||||
#
|
||||
# For best results, change no more than 2-3 parameters at a time,
|
||||
# and test if Postfix still works after every change.
|
||||
|
||||
# SOFT BOUNCE
|
||||
#
|
||||
# The soft_bounce parameter provides a limited safety net for
|
||||
# testing. When soft_bounce is enabled, mail will remain queued that
|
||||
# would otherwise bounce. This parameter disables locally-generated
|
||||
# bounces, and prevents the SMTP server from rejecting mail permanently
|
||||
# (by changing 5xx replies into 4xx replies). However, soft_bounce
|
||||
# is no cure for address rewriting mistakes or mail routing mistakes.
|
||||
#
|
||||
#soft_bounce = no
|
||||
|
||||
# LOCAL PATHNAME INFORMATION
|
||||
#
|
||||
# The queue_directory specifies the location of the Postfix queue.
|
||||
# This is also the root directory of Postfix daemons that run chrooted.
|
||||
# See the files in examples/chroot-setup for setting up Postfix chroot
|
||||
# environments on different UNIX systems.
|
||||
#
|
||||
queue_directory = /var/spool/postfix
|
||||
|
||||
# The command_directory parameter specifies the location of all
|
||||
# postXXX commands.
|
||||
#
|
||||
command_directory = /usr/sbin
|
||||
|
||||
# The daemon_directory parameter specifies the location of all Postfix
|
||||
# daemon programs (i.e. programs listed in the master.cf file). This
|
||||
# directory must be owned by root.
|
||||
#
|
||||
daemon_directory = /usr/libexec/postfix
|
||||
|
||||
# QUEUE AND PROCESS OWNERSHIP
|
||||
#
|
||||
# The mail_owner parameter specifies the owner of the Postfix queue
|
||||
# and of most Postfix daemon processes. Specify the name of a user
|
||||
# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
|
||||
# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
|
||||
# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
|
||||
# USER.
|
||||
#
|
||||
mail_owner = postfix
|
||||
|
||||
# The default_privs parameter specifies the default rights used by
|
||||
# the local delivery agent for delivery to external file or command.
|
||||
# These rights are used in the absence of a recipient user context.
|
||||
# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
|
||||
#
|
||||
#default_privs = nobody
|
||||
|
||||
# INTERNET HOST AND DOMAIN NAMES
|
||||
#
|
||||
# The myhostname parameter specifies the internet hostname of this
|
||||
# mail system. The default is to use the fully-qualified domain name
|
||||
# from gethostname(). $myhostname is used as a default value for many
|
||||
# other configuration parameters.
|
||||
#
|
||||
#myhostname = host.domain.tld
|
||||
#myhostname = virtual.domain.tld
|
||||
|
||||
# The mydomain parameter specifies the local internet domain name.
|
||||
# The default is to use $myhostname minus the first component.
|
||||
# $mydomain is used as a default value for many other configuration
|
||||
# parameters.
|
||||
#
|
||||
#mydomain = domain.tld
|
||||
|
||||
# SENDING MAIL
|
||||
#
|
||||
# The myorigin parameter specifies the domain that locally-posted
|
||||
# mail appears to come from. The default is to append $myhostname,
|
||||
# which is fine for small sites. If you run a domain with multiple
|
||||
# machines, you should (1) change this to $mydomain and (2) set up
|
||||
# a domain-wide alias database that aliases each user to
|
||||
# user@that.users.mailhost.
|
||||
#
|
||||
# For the sake of consistency between sender and recipient addresses,
|
||||
# myorigin also specifies the default domain name that is appended
|
||||
# to recipient addresses that have no @domain part.
|
||||
#
|
||||
#myorigin = $myhostname
|
||||
#myorigin = $mydomain
|
||||
|
||||
mydomain = fedoraproject.org
|
||||
myorigin = fedoraproject.org
|
||||
|
||||
# RECEIVING MAIL
|
||||
|
||||
# The inet_interfaces parameter specifies the network interface
|
||||
# addresses that this mail system receives mail on. By default,
|
||||
# the software claims all active interfaces on the machine. The
|
||||
# parameter also controls delivery of mail to user@[ip.address].
|
||||
#
|
||||
# See also the proxy_interfaces parameter, for network addresses that
|
||||
# are forwarded to us via a proxy or network address translator.
|
||||
#
|
||||
# Note: you need to stop/start Postfix when this parameter changes.
|
||||
#
|
||||
#inet_interfaces = all
|
||||
#inet_interfaces = $myhostname
|
||||
#inet_interfaces = $myhostname, localhost
|
||||
inet_interfaces = all
|
||||
|
||||
# The proxy_interfaces parameter specifies the network interface
|
||||
# addresses that this mail system receives mail on by way of a
|
||||
# proxy or network address translation unit. This setting extends
|
||||
# the address list specified with the inet_interfaces parameter.
|
||||
#
|
||||
# You must specify your proxy/NAT addresses when your system is a
|
||||
# backup MX host for other domains, otherwise mail delivery loops
|
||||
# will happen when the primary MX host is down.
|
||||
#
|
||||
#proxy_interfaces =
|
||||
#proxy_interfaces = 1.2.3.4
|
||||
|
||||
# The mydestination parameter specifies the list of domains that this
|
||||
# machine considers itself the final destination for.
|
||||
#
|
||||
# These domains are routed to the delivery agent specified with the
|
||||
# local_transport parameter setting. By default, that is the UNIX
|
||||
# compatible delivery agent that lookups all recipients in /etc/passwd
|
||||
# and /etc/aliases or their equivalent.
|
||||
#
|
||||
# The default is $myhostname + localhost.$mydomain. On a mail domain
|
||||
# gateway, you should also include $mydomain.
|
||||
#
|
||||
# Do not specify the names of virtual domains - those domains are
|
||||
# specified elsewhere (see VIRTUAL_README).
|
||||
#
|
||||
# Do not specify the names of domains that this machine is backup MX
|
||||
# host for. Specify those names via the relay_domains settings for
|
||||
# the SMTP server, or use permit_mx_backup if you are lazy (see
|
||||
# STANDARD_CONFIGURATION_README).
|
||||
#
|
||||
# The local machine is always the final destination for mail addressed
|
||||
# to user@[the.net.work.address] of an interface that the mail system
|
||||
# receives mail on (see the inet_interfaces parameter).
|
||||
#
|
||||
# Specify a list of host or domain names, /file/name or type:table
|
||||
# patterns, separated by commas and/or whitespace. A /file/name
|
||||
# pattern is replaced by its contents; a type:table is matched when
|
||||
# a name matches a lookup key (the right-hand side is ignored).
|
||||
# Continue long lines by starting the next line with whitespace.
|
||||
#
|
||||
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
|
||||
#
|
||||
mydestination = $myhostname, localhost.$mydomain, fedora.redhat.com, localhost
|
||||
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
|
||||
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
|
||||
# mail.$mydomain, www.$mydomain, ftp.$mydomain
|
||||
|
||||
# REJECTING MAIL FOR UNKNOWN LOCAL USERS
|
||||
#
|
||||
# The local_recipient_maps parameter specifies optional lookup tables
|
||||
# with all names or addresses of users that are local with respect
|
||||
# to $mydestination, $inet_interfaces or $proxy_interfaces.
|
||||
#
|
||||
# If this parameter is defined, then the SMTP server will reject
|
||||
# mail for unknown local users. This parameter is defined by default.
|
||||
#
|
||||
# To turn off local recipient checking in the SMTP server, specify
|
||||
# local_recipient_maps = (i.e. empty).
|
||||
#
|
||||
# The default setting assumes that you use the default Postfix local
|
||||
# delivery agent for local delivery. You need to update the
|
||||
# local_recipient_maps setting if:
|
||||
#
|
||||
# - You define $mydestination domain recipients in files other than
|
||||
# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
|
||||
# For example, you define $mydestination domain recipients in
|
||||
# the $virtual_mailbox_maps files.
|
||||
#
|
||||
# - You redefine the local delivery agent in master.cf.
|
||||
#
|
||||
# - You redefine the "local_transport" setting in main.cf.
|
||||
#
|
||||
# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
|
||||
# feature of the Postfix local delivery agent (see local(8)).
|
||||
#
|
||||
# Details are described in the LOCAL_RECIPIENT_README file.
|
||||
#
|
||||
# Beware: if the Postfix SMTP server runs chrooted, you probably have
|
||||
# to access the passwd file via the proxymap service, in order to
|
||||
# overcome chroot restrictions. The alternative, having a copy of
|
||||
# the system passwd file in the chroot jail is just not practical.
|
||||
#
|
||||
# The right-hand side of the lookup tables is conveniently ignored.
|
||||
# In the left-hand side, specify a bare username, an @domain.tld
|
||||
# wild-card, or specify a user@domain.tld address.
|
||||
#
|
||||
#local_recipient_maps = unix:passwd.byname $alias_maps
|
||||
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
|
||||
#local_recipient_maps =
|
||||
|
||||
# The unknown_local_recipient_reject_code specifies the SMTP server
|
||||
# response code when a recipient domain matches $mydestination or
|
||||
# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
|
||||
# and the recipient address or address local-part is not found.
|
||||
#
|
||||
# The default setting is 550 (reject mail) but it is safer to start
|
||||
# with 450 (try again later) until you are certain that your
|
||||
# local_recipient_maps settings are OK.
|
||||
#
|
||||
unknown_local_recipient_reject_code = 550
|
||||
|
||||
# TRUST AND RELAY CONTROL
|
||||
|
||||
# The mynetworks parameter specifies the list of "trusted" SMTP
|
||||
# clients that have more privileges than "strangers".
|
||||
#
|
||||
# In particular, "trusted" SMTP clients are allowed to relay mail
|
||||
# through Postfix. See the smtpd_recipient_restrictions parameter
|
||||
# in postconf(5).
|
||||
#
|
||||
# You can specify the list of "trusted" network addresses by hand
|
||||
# or you can let Postfix do it for you (which is the default).
|
||||
#
|
||||
# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
|
||||
# clients in the same IP subnetworks as the local machine.
|
||||
# On Linux, this does works correctly only with interfaces specified
|
||||
# with the "ifconfig" command.
|
||||
#
|
||||
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
|
||||
# clients in the same IP class A/B/C networks as the local machine.
|
||||
# Don't do this with a dialup site - it would cause Postfix to "trust"
|
||||
# your entire provider's network. Instead, specify an explicit
|
||||
# mynetworks list by hand, as described below.
|
||||
#
|
||||
# Specify "mynetworks_style = host" when Postfix should "trust"
|
||||
# only the local machine.
|
||||
#
|
||||
#mynetworks_style = class
|
||||
#mynetworks_style = subnet
|
||||
#mynetworks_style = host
|
||||
|
||||
# Alternatively, you can specify the mynetworks list by hand, in
|
||||
# which case Postfix ignores the mynetworks_style setting.
|
||||
#
|
||||
# Specify an explicit list of network/netmask patterns, where the
|
||||
# mask specifies the number of bits in the network part of a host
|
||||
# address.
|
||||
#
|
||||
# You can also specify the absolute pathname of a pattern file instead
|
||||
# of listing the patterns here. Specify type:table for table-based lookups
|
||||
# (the value on the table right-hand side is not used).
|
||||
#
|
||||
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
|
||||
#mynetworks = $config_directory/mynetworks
|
||||
#mynetworks = hash:/etc/postfix/network_table
|
||||
|
||||
|
||||
# The relay_domains parameter restricts what destinations this system will
|
||||
# relay mail to. See the smtpd_recipient_restrictions description in
|
||||
# postconf(5) for detailed information.
|
||||
#
|
||||
# By default, Postfix relays mail
|
||||
# - from "trusted" clients (IP address matches $mynetworks) to any destination,
|
||||
# - from "untrusted" clients to destinations that match $relay_domains or
|
||||
# subdomains thereof, except addresses with sender-specified routing.
|
||||
# The default relay_domains value is $mydestination.
|
||||
#
|
||||
# In addition to the above, the Postfix SMTP server by default accepts mail
|
||||
# that Postfix is final destination for:
|
||||
# - destinations that match $inet_interfaces or $proxy_interfaces,
|
||||
# - destinations that match $mydestination
|
||||
# - destinations that match $virtual_alias_domains,
|
||||
# - destinations that match $virtual_mailbox_domains.
|
||||
# These destinations do not need to be listed in $relay_domains.
|
||||
#
|
||||
# Specify a list of hosts or domains, /file/name patterns or type:name
|
||||
# lookup tables, separated by commas and/or whitespace. Continue
|
||||
# long lines by starting the next line with whitespace. A file name
|
||||
# is replaced by its contents; a type:name table is matched when a
|
||||
# (parent) domain appears as lookup key.
|
||||
#
|
||||
# NOTE: Postfix will not automatically forward mail for domains that
|
||||
# list this system as their primary or backup MX host. See the
|
||||
# permit_mx_backup restriction description in postconf(5).
|
||||
#
|
||||
#relay_domains = $mydestination
|
||||
|
||||
|
||||
|
||||
# INTERNET OR INTRANET
|
||||
|
||||
# The relayhost parameter specifies the default host to send mail to
|
||||
# when no entry is matched in the optional transport(5) table. When
|
||||
# no relayhost is given, mail is routed directly to the destination.
|
||||
#
|
||||
# On an intranet, specify the organizational domain name. If your
|
||||
# internal DNS uses no MX records, specify the name of the intranet
|
||||
# gateway host instead.
|
||||
#
|
||||
# In the case of SMTP, specify a domain, host, host:port, [host]:port,
|
||||
# [address] or [address]:port; the form [host] turns off MX lookups.
|
||||
#
|
||||
# If you're connected via UUCP, see also the default_transport parameter.
|
||||
#
|
||||
#relayhost = $mydomain
|
||||
#relayhost = [gateway.my.domain]
|
||||
#relayhost = [mailserver.isp.tld]
|
||||
#relayhost = uucphost
|
||||
#relayhost = [an.ip.add.ress]
|
||||
#relayhost = bastion
|
||||
|
||||
|
||||
# REJECTING UNKNOWN RELAY USERS
|
||||
#
|
||||
# The relay_recipient_maps parameter specifies optional lookup tables
|
||||
# with all addresses in the domains that match $relay_domains.
|
||||
#
|
||||
# If this parameter is defined, then the SMTP server will reject
|
||||
# mail for unknown relay users. This feature is off by default.
|
||||
#
|
||||
# The right-hand side of the lookup tables is conveniently ignored.
|
||||
# In the left-hand side, specify an @domain.tld wild-card, or specify
|
||||
# a user@domain.tld address.
|
||||
#
|
||||
#relay_recipient_maps = hash:/etc/postfix/relay_recipients
|
||||
|
||||
# INPUT RATE CONTROL
|
||||
#
|
||||
# The in_flow_delay configuration parameter implements mail input
|
||||
# flow control. This feature is turned on by default, although it
|
||||
# still needs further development (it's disabled on SCO UNIX due
|
||||
# to an SCO bug).
|
||||
#
|
||||
# A Postfix process will pause for $in_flow_delay seconds before
|
||||
# accepting a new message, when the message arrival rate exceeds the
|
||||
# message delivery rate. With the default 100 SMTP server process
|
||||
# limit, this limits the mail inflow to 100 messages a second more
|
||||
# than the number of messages delivered per second.
|
||||
#
|
||||
# Specify 0 to disable the feature. Valid delays are 0..10.
|
||||
#
|
||||
#in_flow_delay = 1s
|
||||
|
||||
# ADDRESS REWRITING
|
||||
#
|
||||
# The ADDRESS_REWRITING_README document gives information about
|
||||
# address masquerading or other forms of address rewriting including
|
||||
# username->Firstname.Lastname mapping.
|
||||
|
||||
masquerade_domains = redhat.com
|
||||
masquerade_exceptions = root apache
|
||||
|
||||
# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
|
||||
#
|
||||
# The VIRTUAL_README document gives information about the many forms
|
||||
# of domain hosting that Postfix supports.
|
||||
|
||||
# "USER HAS MOVED" BOUNCE MESSAGES
|
||||
#
|
||||
# See the discussion in the ADDRESS_REWRITING_README document.
|
||||
|
||||
# TRANSPORT MAP
|
||||
#
|
||||
# See the discussion in the ADDRESS_REWRITING_README document.
|
||||
|
||||
# ALIAS DATABASE
|
||||
#
|
||||
# The alias_maps parameter specifies the list of alias databases used
|
||||
# by the local delivery agent. The default list is system dependent.
|
||||
#
|
||||
# On systems with NIS, the default is to search the local alias
|
||||
# database, then the NIS alias database. See aliases(5) for syntax
|
||||
# details.
|
||||
#
|
||||
# If you change the alias database, run "postalias /etc/aliases" (or
|
||||
# wherever your system stores the mail alias file), or simply run
|
||||
# "newaliases" to build the necessary DBM or DB file.
|
||||
#
|
||||
# It will take a minute or so before changes become visible. Use
|
||||
# "postfix reload" to eliminate the delay.
|
||||
#
|
||||
#alias_maps = dbm:/etc/aliases
|
||||
alias_maps = hash:/etc/aliases
|
||||
#alias_maps = hash:/etc/aliases, nis:mail.aliases
|
||||
#alias_maps = netinfo:/aliases
|
||||
|
||||
# The alias_database parameter specifies the alias database(s) that
|
||||
# are built with "newaliases" or "sendmail -bi". This is a separate
|
||||
# configuration parameter, because alias_maps (see above) may specify
|
||||
# tables that are not necessarily all under control by Postfix.
|
||||
#
|
||||
#alias_database = dbm:/etc/aliases
|
||||
#alias_database = dbm:/etc/mail/aliases
|
||||
alias_database = hash:/etc/aliases
|
||||
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
|
||||
|
||||
# ADDRESS EXTENSIONS (e.g., user+foo)
|
||||
#
|
||||
# The recipient_delimiter parameter specifies the separator between
|
||||
# user names and address extensions (user+foo). See canonical(5),
|
||||
# local(8), relocated(5) and virtual(5) for the effects this has on
|
||||
# aliases, canonical, virtual, relocated and .forward file lookups.
|
||||
# Basically, the software tries user+foo and .forward+foo before
|
||||
# trying user and .forward.
|
||||
#
|
||||
recipient_delimiter = +
|
||||
|
||||
# DELIVERY TO MAILBOX
|
||||
#
|
||||
# The home_mailbox parameter specifies the optional pathname of a
|
||||
# mailbox file relative to a user's home directory. The default
|
||||
# mailbox file is /var/spool/mail/user or /var/mail/user. Specify
|
||||
# "Maildir/" for qmail-style delivery (the / is required).
|
||||
#
|
||||
#home_mailbox = Mailbox
|
||||
#home_mailbox = Maildir/
|
||||
|
||||
# The mail_spool_directory parameter specifies the directory where
|
||||
# UNIX-style mailboxes are kept. The default setting depends on the
|
||||
# system type.
|
||||
#
|
||||
#mail_spool_directory = /var/mail
|
||||
#mail_spool_directory = /var/spool/mail
|
||||
|
||||
# The mailbox_command parameter specifies the optional external
|
||||
# command to use instead of mailbox delivery. The command is run as
|
||||
# the recipient with proper HOME, SHELL and LOGNAME environment settings.
|
||||
# Exception: delivery for root is done as $default_user.
|
||||
#
|
||||
# Other environment variables of interest: USER (recipient username),
|
||||
# EXTENSION (address extension), DOMAIN (domain part of address),
|
||||
# and LOCAL (the address localpart).
|
||||
#
|
||||
# Unlike other Postfix configuration parameters, the mailbox_command
|
||||
# parameter is not subjected to $parameter substitutions. This is to
|
||||
# make it easier to specify shell syntax (see example below).
|
||||
#
|
||||
# Avoid shell meta characters because they will force Postfix to run
|
||||
# an expensive shell process. Procmail alone is expensive enough.
|
||||
#
|
||||
# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
|
||||
# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
|
||||
#
|
||||
#mailbox_command = /usr/bin/procmail
|
||||
#mailbox_command = /some/where/procmail -a "$EXTENSION"
|
||||
|
||||
# The mailbox_transport specifies the optional transport in master.cf
|
||||
# to use after processing aliases and .forward files. This parameter
|
||||
# has precedence over the mailbox_command, fallback_transport and
|
||||
# luser_relay parameters.
|
||||
#
|
||||
# Specify a string of the form transport:nexthop, where transport is
|
||||
# the name of a mail delivery transport defined in master.cf. The
|
||||
# :nexthop part is optional. For more details see the sample transport
|
||||
# configuration file.
|
||||
#
|
||||
# NOTE: if you use this feature for accounts not in the UNIX password
|
||||
# file, then you must update the "local_recipient_maps" setting in
|
||||
# the main.cf file, otherwise the SMTP server will reject mail for
|
||||
# non-UNIX accounts with "User unknown in local recipient table".
|
||||
#
|
||||
#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
|
||||
|
||||
# If using the cyrus-imapd IMAP server deliver local mail to the IMAP
|
||||
# server using LMTP (Local Mail Transport Protocol), this is prefered
|
||||
# over the older cyrus deliver program by setting the
|
||||
# mailbox_transport as below:
|
||||
#
|
||||
# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
|
||||
#
|
||||
# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via
|
||||
# these settings.
|
||||
#
|
||||
# local_destination_recipient_limit = 300
|
||||
# local_destination_concurrency_limit = 5
|
||||
#
|
||||
# Of course you should adjust these settings as appropriate for the
|
||||
# capacity of the hardware you are using. The recipient limit setting
|
||||
# can be used to take advantage of the single instance message store
|
||||
# capability of Cyrus. The concurrency limit can be used to control
|
||||
# how many simultaneous LMTP sessions will be permitted to the Cyrus
|
||||
# message store.
|
||||
#
|
||||
# To use the old cyrus deliver program you have to set:
|
||||
#mailbox_transport = cyrus
|
||||
|
||||
# The fallback_transport specifies the optional transport in master.cf
|
||||
# to use for recipients that are not found in the UNIX passwd database.
|
||||
# This parameter has precedence over the luser_relay parameter.
|
||||
#
|
||||
# Specify a string of the form transport:nexthop, where transport is
|
||||
# the name of a mail delivery transport defined in master.cf. The
|
||||
# :nexthop part is optional. For more details see the sample transport
|
||||
# configuration file.
|
||||
#
|
||||
# NOTE: if you use this feature for accounts not in the UNIX password
|
||||
# file, then you must update the "local_recipient_maps" setting in
|
||||
# the main.cf file, otherwise the SMTP server will reject mail for
|
||||
# non-UNIX accounts with "User unknown in local recipient table".
|
||||
#
|
||||
#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp
|
||||
#fallback_transport =
|
||||
|
||||
#transport_maps = hash:/etc/postfix/transport
|
||||
# The luser_relay parameter specifies an optional destination address
|
||||
# for unknown recipients. By default, mail for unknown@$mydestination,
|
||||
# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
|
||||
# as undeliverable.
|
||||
#
|
||||
# The following expansions are done on luser_relay: $user (recipient
|
||||
# username), $shell (recipient shell), $home (recipient home directory),
|
||||
# $recipient (full recipient address), $extension (recipient address
|
||||
# extension), $domain (recipient domain), $local (entire recipient
|
||||
# localpart), $recipient_delimiter. Specify ${name?value} or
|
||||
# ${name:value} to expand value only when $name does (does not) exist.
|
||||
#
|
||||
# luser_relay works only for the default Postfix local delivery agent.
|
||||
#
|
||||
# NOTE: if you use this feature for accounts not in the UNIX password
|
||||
# file, then you must specify "local_recipient_maps =" (i.e. empty) in
|
||||
# the main.cf file, otherwise the SMTP server will reject mail for
|
||||
# non-UNIX accounts with "User unknown in local recipient table".
|
||||
#
|
||||
#luser_relay = $user@other.host
|
||||
#luser_relay = $local@other.host
|
||||
#luser_relay = admin+$local
|
||||
|
||||
# JUNK MAIL CONTROLS
|
||||
#
|
||||
# The controls listed here are only a very small subset. The file
|
||||
# SMTPD_ACCESS_README provides an overview.
|
||||
|
||||
# The header_checks parameter specifies an optional table with patterns
|
||||
# that each logical message header is matched against, including
|
||||
# headers that span multiple physical lines.
|
||||
#
|
||||
# By default, these patterns also apply to MIME headers and to the
|
||||
# headers of attached messages. With older Postfix versions, MIME and
|
||||
# attached message headers were treated as body text.
|
||||
#
|
||||
# For details, see "man header_checks".
|
||||
#
|
||||
header_checks = regexp:/etc/postfix/header_checks
|
||||
|
||||
# FAST ETRN SERVICE
|
||||
#
|
||||
# Postfix maintains per-destination logfiles with information about
|
||||
# deferred mail, so that mail can be flushed quickly with the SMTP
|
||||
# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
|
||||
# See the ETRN_README document for a detailed description.
|
||||
#
|
||||
# The fast_flush_domains parameter controls what destinations are
|
||||
# eligible for this service. By default, they are all domains that
|
||||
# this server is willing to relay mail to.
|
||||
#
|
||||
#fast_flush_domains = $relay_domains
|
||||
|
||||
# SHOW SOFTWARE VERSION OR NOT
|
||||
#
|
||||
# The smtpd_banner parameter specifies the text that follows the 220
|
||||
# code in the SMTP server's greeting banner. Some people like to see
|
||||
# the mail version advertised. By default, Postfix shows no version.
|
||||
#
|
||||
# You MUST specify $myhostname at the start of the text. That is an
|
||||
# RFC requirement. Postfix itself does not care.
|
||||
#
|
||||
#smtpd_banner = $myhostname ESMTP $mail_name
|
||||
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
|
||||
|
||||
# PARALLEL DELIVERY TO THE SAME DESTINATION
|
||||
#
|
||||
# How many parallel deliveries to the same user or domain? With local
|
||||
# delivery, it does not make sense to do massively parallel delivery
|
||||
# to the same user, because mailbox updates must happen sequentially,
|
||||
# and expensive pipelines in .forward files can cause disasters when
|
||||
# too many are run at the same time. With SMTP deliveries, 10
|
||||
# simultaneous connections to the same domain could be sufficient to
|
||||
# raise eyebrows.
|
||||
#
|
||||
# Each message delivery transport has its XXX_destination_concurrency_limit
|
||||
# parameter. The default is $default_destination_concurrency_limit for
|
||||
# most delivery transports. For the local delivery agent the default is 2.
|
||||
|
||||
#local_destination_concurrency_limit = 2
|
||||
#default_destination_concurrency_limit = 20
|
||||
|
||||
# DEBUGGING CONTROL
|
||||
#
|
||||
# The debug_peer_level parameter specifies the increment in verbose
|
||||
# logging level when an SMTP client or server host name or address
|
||||
# matches a pattern in the debug_peer_list parameter.
|
||||
#
|
||||
debug_peer_level = 2
|
||||
|
||||
# The debug_peer_list parameter specifies an optional list of domain
|
||||
# or network patterns, /file/name patterns or type:name tables. When
|
||||
# an SMTP client or server host name or address matches a pattern,
|
||||
# increase the verbose logging level by the amount specified in the
|
||||
# debug_peer_level parameter.
|
||||
#
|
||||
#debug_peer_list = 127.0.0.1
|
||||
#debug_peer_list = some.domain
|
||||
|
||||
# The debugger_command specifies the external command that is executed
|
||||
# when a Postfix daemon program is run with the -D option.
|
||||
#
|
||||
# Use "command .. & sleep 5" so that the debugger can attach before
|
||||
# the process marches on. If you use an X-based debugger, be sure to
|
||||
# set up your XAUTHORITY environment variable before starting Postfix.
|
||||
#
|
||||
debugger_command =
|
||||
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
|
||||
xxgdb $daemon_directory/$process_name $process_id & sleep 5
|
||||
|
||||
# If you can't use X, use this to capture the call stack when a
|
||||
# daemon crashes. The result is in a file in the configuration
|
||||
# directory, and is named after the process name and the process ID.
|
||||
#
|
||||
# debugger_command =
|
||||
# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
|
||||
# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
|
||||
# >$config_directory/$process_name.$process_id.log & sleep 5
|
||||
#
|
||||
# Another possibility is to run gdb under a detached screen session.
|
||||
# To attach to the screen sesssion, su root and run "screen -r
|
||||
# <id_string>" where <id_string> uniquely matches one of the detached
|
||||
# sessions (from "screen -list").
|
||||
#
|
||||
# debugger_command =
|
||||
# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
|
||||
# -dmS $process_name gdb $daemon_directory/$process_name
|
||||
# $process_id & sleep 1
|
||||
|
||||
# INSTALL-TIME CONFIGURATION INFORMATION
|
||||
#
|
||||
# The following parameters are used when installing a new Postfix version.
|
||||
#
|
||||
# sendmail_path: The full pathname of the Postfix sendmail command.
|
||||
# This is the Sendmail-compatible mail posting interface.
|
||||
#
|
||||
sendmail_path = /usr/sbin/sendmail.postfix
|
||||
|
||||
# newaliases_path: The full pathname of the Postfix newaliases command.
|
||||
# This is the Sendmail-compatible command to build alias databases.
|
||||
#
|
||||
newaliases_path = /usr/bin/newaliases.postfix
|
||||
|
||||
# mailq_path: The full pathname of the Postfix mailq command. This
|
||||
# is the Sendmail-compatible mail queue listing command.
|
||||
#
|
||||
mailq_path = /usr/bin/mailq.postfix
|
||||
|
||||
# setgid_group: The group for mail submission and queue management
|
||||
# commands. This must be a group name with a numerical group ID that
|
||||
# is not shared with other accounts, not even with the Postfix account.
|
||||
#
|
||||
setgid_group = postdrop
|
||||
|
||||
# html_directory: The location of the Postfix HTML documentation.
|
||||
#
|
||||
html_directory = no
|
||||
|
||||
# manpage_directory: The location of the Postfix on-line manual pages.
|
||||
#
|
||||
manpage_directory = /usr/share/man
|
||||
|
||||
# sample_directory: The location of the Postfix sample configuration files.
|
||||
# This parameter is obsolete as of Postfix 2.1.
|
||||
#
|
||||
sample_directory = /usr/share/doc/postfix-2.4.5/samples
|
||||
|
||||
# readme_directory: The location of the Postfix README files.
|
||||
#
|
||||
readme_directory = /usr/share/doc/postfix-2.4.5/README_FILES
|
||||
|
||||
# add this to new postfix to get it to add proper message-id and other
|
||||
# headers to outgoing emails via the gateway.
|
||||
|
||||
|
||||
message_size_limit = 20971520
|
||||
#inet_protocols = ipv4
|
|
@ -1,687 +0,0 @@
|
|||
# "false"
|
||||
# Global Postfix configuration file. This file lists only a subset
|
||||
# of all parameters. For the syntax, and for a complete parameter
|
||||
# list, see the postconf(5) manual page (command: "man 5 postconf").
|
||||
#
|
||||
# For common configuration examples, see BASIC_CONFIGURATION_README
|
||||
# and STANDARD_CONFIGURATION_README. To find these documents, use
|
||||
# the command "postconf html_directory readme_directory", or go to
|
||||
# http://www.postfix.org/.
|
||||
#
|
||||
# For best results, change no more than 2-3 parameters at a time,
|
||||
# and test if Postfix still works after every change.
|
||||
|
||||
# SOFT BOUNCE
|
||||
#
|
||||
# The soft_bounce parameter provides a limited safety net for
|
||||
# testing. When soft_bounce is enabled, mail will remain queued that
|
||||
# would otherwise bounce. This parameter disables locally-generated
|
||||
# bounces, and prevents the SMTP server from rejecting mail permanently
|
||||
# (by changing 5xx replies into 4xx replies). However, soft_bounce
|
||||
# is no cure for address rewriting mistakes or mail routing mistakes.
|
||||
#
|
||||
#soft_bounce = no
|
||||
|
||||
# LOCAL PATHNAME INFORMATION
|
||||
#
|
||||
# The queue_directory specifies the location of the Postfix queue.
|
||||
# This is also the root directory of Postfix daemons that run chrooted.
|
||||
# See the files in examples/chroot-setup for setting up Postfix chroot
|
||||
# environments on different UNIX systems.
|
||||
#
|
||||
queue_directory = /var/spool/postfix
|
||||
|
||||
# The command_directory parameter specifies the location of all
|
||||
# postXXX commands.
|
||||
#
|
||||
command_directory = /usr/sbin
|
||||
|
||||
# The daemon_directory parameter specifies the location of all Postfix
|
||||
# daemon programs (i.e. programs listed in the master.cf file). This
|
||||
# directory must be owned by root.
|
||||
#
|
||||
daemon_directory = /usr/libexec/postfix
|
||||
|
||||
# QUEUE AND PROCESS OWNERSHIP
|
||||
#
|
||||
# The mail_owner parameter specifies the owner of the Postfix queue
|
||||
# and of most Postfix daemon processes. Specify the name of a user
|
||||
# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
|
||||
# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
|
||||
# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
|
||||
# USER.
|
||||
#
|
||||
mail_owner = postfix
|
||||
|
||||
# The default_privs parameter specifies the default rights used by
|
||||
# the local delivery agent for delivery to external file or command.
|
||||
# These rights are used in the absence of a recipient user context.
|
||||
# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
|
||||
#
|
||||
#default_privs = nobody
|
||||
|
||||
# INTERNET HOST AND DOMAIN NAMES
|
||||
#
|
||||
# The myhostname parameter specifies the internet hostname of this
|
||||
# mail system. The default is to use the fully-qualified domain name
|
||||
# from gethostname(). $myhostname is used as a default value for many
|
||||
# other configuration parameters.
|
||||
#
|
||||
#myhostname = host.domain.tld
|
||||
#myhostname = virtual.domain.tld
|
||||
|
||||
# The mydomain parameter specifies the local internet domain name.
|
||||
# The default is to use $myhostname minus the first component.
|
||||
# $mydomain is used as a default value for many other configuration
|
||||
# parameters.
|
||||
#
|
||||
#mydomain = domain.tld
|
||||
|
||||
# SENDING MAIL
|
||||
#
|
||||
# The myorigin parameter specifies the domain that locally-posted
|
||||
# mail appears to come from. The default is to append $myhostname,
|
||||
# which is fine for small sites. If you run a domain with multiple
|
||||
# machines, you should (1) change this to $mydomain and (2) set up
|
||||
# a domain-wide alias database that aliases each user to
|
||||
# user@that.users.mailhost.
|
||||
#
|
||||
# For the sake of consistency between sender and recipient addresses,
|
||||
# myorigin also specifies the default domain name that is appended
|
||||
# to recipient addresses that have no @domain part.
|
||||
#
|
||||
#myorigin = $myhostname
|
||||
#myorigin = $mydomain
|
||||
|
||||
mydomain = fedoraproject.org
|
||||
myorigin = fedoraproject.org
|
||||
|
||||
# RECEIVING MAIL
|
||||
|
||||
# The inet_interfaces parameter specifies the network interface
|
||||
# addresses that this mail system receives mail on. By default,
|
||||
# the software claims all active interfaces on the machine. The
|
||||
# parameter also controls delivery of mail to user@[ip.address].
|
||||
#
|
||||
# See also the proxy_interfaces parameter, for network addresses that
|
||||
# are forwarded to us via a proxy or network address translator.
|
||||
#
|
||||
# Note: you need to stop/start Postfix when this parameter changes.
|
||||
#
|
||||
#inet_interfaces = all
|
||||
#inet_interfaces = $myhostname
|
||||
#inet_interfaces = $myhostname, localhost
|
||||
inet_interfaces = all
|
||||
|
||||
# The proxy_interfaces parameter specifies the network interface
|
||||
# addresses that this mail system receives mail on by way of a
|
||||
# proxy or network address translation unit. This setting extends
|
||||
# the address list specified with the inet_interfaces parameter.
|
||||
#
|
||||
# You must specify your proxy/NAT addresses when your system is a
|
||||
# backup MX host for other domains, otherwise mail delivery loops
|
||||
# will happen when the primary MX host is down.
|
||||
#
|
||||
#proxy_interfaces =
|
||||
#proxy_interfaces = 1.2.3.4
|
||||
|
||||
# The mydestination parameter specifies the list of domains that this
|
||||
# machine considers itself the final destination for.
|
||||
#
|
||||
# These domains are routed to the delivery agent specified with the
|
||||
# local_transport parameter setting. By default, that is the UNIX
|
||||
# compatible delivery agent that lookups all recipients in /etc/passwd
|
||||
# and /etc/aliases or their equivalent.
|
||||
#
|
||||
# The default is $myhostname + localhost.$mydomain. On a mail domain
|
||||
# gateway, you should also include $mydomain.
|
||||
#
|
||||
# Do not specify the names of virtual domains - those domains are
|
||||
# specified elsewhere (see VIRTUAL_README).
|
||||
#
|
||||
# Do not specify the names of domains that this machine is backup MX
|
||||
# host for. Specify those names via the relay_domains settings for
|
||||
# the SMTP server, or use permit_mx_backup if you are lazy (see
|
||||
# STANDARD_CONFIGURATION_README).
|
||||
#
|
||||
# The local machine is always the final destination for mail addressed
|
||||
# to user@[the.net.work.address] of an interface that the mail system
|
||||
# receives mail on (see the inet_interfaces parameter).
|
||||
#
|
||||
# Specify a list of host or domain names, /file/name or type:table
|
||||
# patterns, separated by commas and/or whitespace. A /file/name
|
||||
# pattern is replaced by its contents; a type:table is matched when
|
||||
# a name matches a lookup key (the right-hand side is ignored).
|
||||
# Continue long lines by starting the next line with whitespace.
|
||||
#
|
||||
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
|
||||
#
|
||||
mydestination = $myhostname, localhost.$mydomain, fedora.redhat.com, localhost
|
||||
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
|
||||
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
|
||||
# mail.$mydomain, www.$mydomain, ftp.$mydomain
|
||||
|
||||
# REJECTING MAIL FOR UNKNOWN LOCAL USERS
|
||||
#
|
||||
# The local_recipient_maps parameter specifies optional lookup tables
|
||||
# with all names or addresses of users that are local with respect
|
||||
# to $mydestination, $inet_interfaces or $proxy_interfaces.
|
||||
#
|
||||
# If this parameter is defined, then the SMTP server will reject
|
||||
# mail for unknown local users. This parameter is defined by default.
|
||||
#
|
||||
# To turn off local recipient checking in the SMTP server, specify
|
||||
# local_recipient_maps = (i.e. empty).
|
||||
#
|
||||
# The default setting assumes that you use the default Postfix local
|
||||
# delivery agent for local delivery. You need to update the
|
||||
# local_recipient_maps setting if:
|
||||
#
|
||||
# - You define $mydestination domain recipients in files other than
|
||||
# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
|
||||
# For example, you define $mydestination domain recipients in
|
||||
# the $virtual_mailbox_maps files.
|
||||
#
|
||||
# - You redefine the local delivery agent in master.cf.
|
||||
#
|
||||
# - You redefine the "local_transport" setting in main.cf.
|
||||
#
|
||||
# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
|
||||
# feature of the Postfix local delivery agent (see local(8)).
|
||||
#
|
||||
# Details are described in the LOCAL_RECIPIENT_README file.
|
||||
#
|
||||
# Beware: if the Postfix SMTP server runs chrooted, you probably have
|
||||
# to access the passwd file via the proxymap service, in order to
|
||||
# overcome chroot restrictions. The alternative, having a copy of
|
||||
# the system passwd file in the chroot jail is just not practical.
|
||||
#
|
||||
# The right-hand side of the lookup tables is conveniently ignored.
|
||||
# In the left-hand side, specify a bare username, an @domain.tld
|
||||
# wild-card, or specify a user@domain.tld address.
|
||||
#
|
||||
#local_recipient_maps = unix:passwd.byname $alias_maps
|
||||
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
|
||||
#local_recipient_maps =
|
||||
|
||||
# The unknown_local_recipient_reject_code specifies the SMTP server
|
||||
# response code when a recipient domain matches $mydestination or
|
||||
# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
|
||||
# and the recipient address or address local-part is not found.
|
||||
#
|
||||
# The default setting is 550 (reject mail) but it is safer to start
|
||||
# with 450 (try again later) until you are certain that your
|
||||
# local_recipient_maps settings are OK.
|
||||
#
|
||||
unknown_local_recipient_reject_code = 550
|
||||
|
||||
# TRUST AND RELAY CONTROL
|
||||
|
||||
# The mynetworks parameter specifies the list of "trusted" SMTP
|
||||
# clients that have more privileges than "strangers".
|
||||
#
|
||||
# In particular, "trusted" SMTP clients are allowed to relay mail
|
||||
# through Postfix. See the smtpd_recipient_restrictions parameter
|
||||
# in postconf(5).
|
||||
#
|
||||
# You can specify the list of "trusted" network addresses by hand
|
||||
# or you can let Postfix do it for you (which is the default).
|
||||
#
|
||||
# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
|
||||
# clients in the same IP subnetworks as the local machine.
|
||||
# On Linux, this does works correctly only with interfaces specified
|
||||
# with the "ifconfig" command.
|
||||
#
|
||||
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
|
||||
# clients in the same IP class A/B/C networks as the local machine.
|
||||
# Don't do this with a dialup site - it would cause Postfix to "trust"
|
||||
# your entire provider's network. Instead, specify an explicit
|
||||
# mynetworks list by hand, as described below.
|
||||
#
|
||||
# Specify "mynetworks_style = host" when Postfix should "trust"
|
||||
# only the local machine.
|
||||
#
|
||||
#mynetworks_style = class
|
||||
#mynetworks_style = subnet
|
||||
#mynetworks_style = host
|
||||
|
||||
# Alternatively, you can specify the mynetworks list by hand, in
|
||||
# which case Postfix ignores the mynetworks_style setting.
|
||||
#
|
||||
# Specify an explicit list of network/netmask patterns, where the
|
||||
# mask specifies the number of bits in the network part of a host
|
||||
# address.
|
||||
#
|
||||
# You can also specify the absolute pathname of a pattern file instead
|
||||
# of listing the patterns here. Specify type:table for table-based lookups
|
||||
# (the value on the table right-hand side is not used).
|
||||
#
|
||||
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
|
||||
#mynetworks = $config_directory/mynetworks
|
||||
#mynetworks = hash:/etc/postfix/network_table
|
||||
|
||||
|
||||
# The relay_domains parameter restricts what destinations this system will
|
||||
# relay mail to. See the smtpd_recipient_restrictions description in
|
||||
# postconf(5) for detailed information.
|
||||
#
|
||||
# By default, Postfix relays mail
|
||||
# - from "trusted" clients (IP address matches $mynetworks) to any destination,
|
||||
# - from "untrusted" clients to destinations that match $relay_domains or
|
||||
# subdomains thereof, except addresses with sender-specified routing.
|
||||
# The default relay_domains value is $mydestination.
|
||||
#
|
||||
# In addition to the above, the Postfix SMTP server by default accepts mail
|
||||
# that Postfix is final destination for:
|
||||
# - destinations that match $inet_interfaces or $proxy_interfaces,
|
||||
# - destinations that match $mydestination
|
||||
# - destinations that match $virtual_alias_domains,
|
||||
# - destinations that match $virtual_mailbox_domains.
|
||||
# These destinations do not need to be listed in $relay_domains.
|
||||
#
|
||||
# Specify a list of hosts or domains, /file/name patterns or type:name
|
||||
# lookup tables, separated by commas and/or whitespace. Continue
|
||||
# long lines by starting the next line with whitespace. A file name
|
||||
# is replaced by its contents; a type:name table is matched when a
|
||||
# (parent) domain appears as lookup key.
|
||||
#
|
||||
# NOTE: Postfix will not automatically forward mail for domains that
|
||||
# list this system as their primary or backup MX host. See the
|
||||
# permit_mx_backup restriction description in postconf(5).
|
||||
#
|
||||
#relay_domains = $mydestination
|
||||
|
||||
|
||||
|
||||
# INTERNET OR INTRANET
|
||||
|
||||
# The relayhost parameter specifies the default host to send mail to
|
||||
# when no entry is matched in the optional transport(5) table. When
|
||||
# no relayhost is given, mail is routed directly to the destination.
|
||||
#
|
||||
# On an intranet, specify the organizational domain name. If your
|
||||
# internal DNS uses no MX records, specify the name of the intranet
|
||||
# gateway host instead.
|
||||
#
|
||||
# In the case of SMTP, specify a domain, host, host:port, [host]:port,
|
||||
# [address] or [address]:port; the form [host] turns off MX lookups.
|
||||
#
|
||||
# If you're connected via UUCP, see also the default_transport parameter.
|
||||
#
|
||||
#relayhost = $mydomain
|
||||
#relayhost = [gateway.my.domain]
|
||||
#relayhost = [mailserver.isp.tld]
|
||||
#relayhost = uucphost
|
||||
#relayhost = [an.ip.add.ress]
|
||||
#relayhost = bastion
|
||||
|
||||
|
||||
# REJECTING UNKNOWN RELAY USERS
|
||||
#
|
||||
# The relay_recipient_maps parameter specifies optional lookup tables
|
||||
# with all addresses in the domains that match $relay_domains.
|
||||
#
|
||||
# If this parameter is defined, then the SMTP server will reject
|
||||
# mail for unknown relay users. This feature is off by default.
|
||||
#
|
||||
# The right-hand side of the lookup tables is conveniently ignored.
|
||||
# In the left-hand side, specify an @domain.tld wild-card, or specify
|
||||
# a user@domain.tld address.
|
||||
#
|
||||
#relay_recipient_maps = hash:/etc/postfix/relay_recipients
|
||||
|
||||
# INPUT RATE CONTROL
|
||||
#
|
||||
# The in_flow_delay configuration parameter implements mail input
|
||||
# flow control. This feature is turned on by default, although it
|
||||
# still needs further development (it's disabled on SCO UNIX due
|
||||
# to an SCO bug).
|
||||
#
|
||||
# A Postfix process will pause for $in_flow_delay seconds before
|
||||
# accepting a new message, when the message arrival rate exceeds the
|
||||
# message delivery rate. With the default 100 SMTP server process
|
||||
# limit, this limits the mail inflow to 100 messages a second more
|
||||
# than the number of messages delivered per second.
|
||||
#
|
||||
# Specify 0 to disable the feature. Valid delays are 0..10.
|
||||
#
|
||||
#in_flow_delay = 1s
|
||||
|
||||
# ADDRESS REWRITING
|
||||
#
|
||||
# The ADDRESS_REWRITING_README document gives information about
|
||||
# address masquerading or other forms of address rewriting including
|
||||
# username->Firstname.Lastname mapping.
|
||||
|
||||
masquerade_domains = redhat.com
|
||||
masquerade_exceptions = root apache
|
||||
|
||||
# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
|
||||
#
|
||||
# The VIRTUAL_README document gives information about the many forms
|
||||
# of domain hosting that Postfix supports.
|
||||
|
||||
# "USER HAS MOVED" BOUNCE MESSAGES
|
||||
#
|
||||
# See the discussion in the ADDRESS_REWRITING_README document.
|
||||
|
||||
# TRANSPORT MAP
|
||||
#
|
||||
# See the discussion in the ADDRESS_REWRITING_README document.
|
||||
|
||||
# ALIAS DATABASE
|
||||
#
|
||||
# The alias_maps parameter specifies the list of alias databases used
|
||||
# by the local delivery agent. The default list is system dependent.
|
||||
#
|
||||
# On systems with NIS, the default is to search the local alias
|
||||
# database, then the NIS alias database. See aliases(5) for syntax
|
||||
# details.
|
||||
#
|
||||
# If you change the alias database, run "postalias /etc/aliases" (or
|
||||
# wherever your system stores the mail alias file), or simply run
|
||||
# "newaliases" to build the necessary DBM or DB file.
|
||||
#
|
||||
# It will take a minute or so before changes become visible. Use
|
||||
# "postfix reload" to eliminate the delay.
|
||||
#
|
||||
#alias_maps = dbm:/etc/aliases
|
||||
alias_maps = hash:/etc/aliases
|
||||
#alias_maps = hash:/etc/aliases, nis:mail.aliases
|
||||
#alias_maps = netinfo:/aliases
|
||||
|
||||
# The alias_database parameter specifies the alias database(s) that
|
||||
# are built with "newaliases" or "sendmail -bi". This is a separate
|
||||
# configuration parameter, because alias_maps (see above) may specify
|
||||
# tables that are not necessarily all under control by Postfix.
|
||||
#
|
||||
#alias_database = dbm:/etc/aliases
|
||||
#alias_database = dbm:/etc/mail/aliases
|
||||
alias_database = hash:/etc/aliases
|
||||
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
|
||||
|
||||
# ADDRESS EXTENSIONS (e.g., user+foo)
|
||||
#
|
||||
# The recipient_delimiter parameter specifies the separator between
|
||||
# user names and address extensions (user+foo). See canonical(5),
|
||||
# local(8), relocated(5) and virtual(5) for the effects this has on
|
||||
# aliases, canonical, virtual, relocated and .forward file lookups.
|
||||
# Basically, the software tries user+foo and .forward+foo before
|
||||
# trying user and .forward.
|
||||
#
|
||||
recipient_delimiter = +
|
||||
|
||||
# DELIVERY TO MAILBOX
|
||||
#
|
||||
# The home_mailbox parameter specifies the optional pathname of a
|
||||
# mailbox file relative to a user's home directory. The default
|
||||
# mailbox file is /var/spool/mail/user or /var/mail/user. Specify
|
||||
# "Maildir/" for qmail-style delivery (the / is required).
|
||||
#
|
||||
#home_mailbox = Mailbox
|
||||
#home_mailbox = Maildir/
|
||||
|
||||
# The mail_spool_directory parameter specifies the directory where
|
||||
# UNIX-style mailboxes are kept. The default setting depends on the
|
||||
# system type.
|
||||
#
|
||||
#mail_spool_directory = /var/mail
|
||||
#mail_spool_directory = /var/spool/mail
|
||||
|
||||
# The mailbox_command parameter specifies the optional external
|
||||
# command to use instead of mailbox delivery. The command is run as
|
||||
# the recipient with proper HOME, SHELL and LOGNAME environment settings.
|
||||
# Exception: delivery for root is done as $default_user.
|
||||
#
|
||||
# Other environment variables of interest: USER (recipient username),
|
||||
# EXTENSION (address extension), DOMAIN (domain part of address),
|
||||
# and LOCAL (the address localpart).
|
||||
#
|
||||
# Unlike other Postfix configuration parameters, the mailbox_command
|
||||
# parameter is not subjected to $parameter substitutions. This is to
|
||||
# make it easier to specify shell syntax (see example below).
|
||||
#
|
||||
# Avoid shell meta characters because they will force Postfix to run
|
||||
# an expensive shell process. Procmail alone is expensive enough.
|
||||
#
|
||||
# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
|
||||
# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
|
||||
#
|
||||
#mailbox_command = /usr/bin/procmail
|
||||
#mailbox_command = /some/where/procmail -a "$EXTENSION"
|
||||
|
||||
# The mailbox_transport specifies the optional transport in master.cf
|
||||
# to use after processing aliases and .forward files. This parameter
|
||||
# has precedence over the mailbox_command, fallback_transport and
|
||||
# luser_relay parameters.
|
||||
#
|
||||
# Specify a string of the form transport:nexthop, where transport is
|
||||
# the name of a mail delivery transport defined in master.cf. The
|
||||
# :nexthop part is optional. For more details see the sample transport
|
||||
# configuration file.
|
||||
#
|
||||
# NOTE: if you use this feature for accounts not in the UNIX password
|
||||
# file, then you must update the "local_recipient_maps" setting in
|
||||
# the main.cf file, otherwise the SMTP server will reject mail for
|
||||
# non-UNIX accounts with "User unknown in local recipient table".
|
||||
#
|
||||
#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
|
||||
|
||||
# If using the cyrus-imapd IMAP server deliver local mail to the IMAP
|
||||
# server using LMTP (Local Mail Transport Protocol), this is prefered
|
||||
# over the older cyrus deliver program by setting the
|
||||
# mailbox_transport as below:
|
||||
#
|
||||
# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
|
||||
#
|
||||
# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via
|
||||
# these settings.
|
||||
#
|
||||
# local_destination_recipient_limit = 300
|
||||
# local_destination_concurrency_limit = 5
|
||||
#
|
||||
# Of course you should adjust these settings as appropriate for the
|
||||
# capacity of the hardware you are using. The recipient limit setting
|
||||
# can be used to take advantage of the single instance message store
|
||||
# capability of Cyrus. The concurrency limit can be used to control
|
||||
# how many simultaneous LMTP sessions will be permitted to the Cyrus
|
||||
# message store.
|
||||
#
|
||||
# To use the old cyrus deliver program you have to set:
|
||||
#mailbox_transport = cyrus
|
||||
|
||||
# The fallback_transport specifies the optional transport in master.cf
|
||||
# to use for recipients that are not found in the UNIX passwd database.
|
||||
# This parameter has precedence over the luser_relay parameter.
|
||||
#
|
||||
# Specify a string of the form transport:nexthop, where transport is
|
||||
# the name of a mail delivery transport defined in master.cf. The
|
||||
# :nexthop part is optional. For more details see the sample transport
|
||||
# configuration file.
|
||||
#
|
||||
# NOTE: if you use this feature for accounts not in the UNIX password
|
||||
# file, then you must update the "local_recipient_maps" setting in
|
||||
# the main.cf file, otherwise the SMTP server will reject mail for
|
||||
# non-UNIX accounts with "User unknown in local recipient table".
|
||||
#
|
||||
#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp
|
||||
#fallback_transport =
|
||||
|
||||
#transport_maps = hash:/etc/postfix/transport
|
||||
# The luser_relay parameter specifies an optional destination address
|
||||
# for unknown recipients. By default, mail for unknown@$mydestination,
|
||||
# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
|
||||
# as undeliverable.
|
||||
#
|
||||
# The following expansions are done on luser_relay: $user (recipient
|
||||
# username), $shell (recipient shell), $home (recipient home directory),
|
||||
# $recipient (full recipient address), $extension (recipient address
|
||||
# extension), $domain (recipient domain), $local (entire recipient
|
||||
# localpart), $recipient_delimiter. Specify ${name?value} or
|
||||
# ${name:value} to expand value only when $name does (does not) exist.
|
||||
#
|
||||
# luser_relay works only for the default Postfix local delivery agent.
|
||||
#
|
||||
# NOTE: if you use this feature for accounts not in the UNIX password
|
||||
# file, then you must specify "local_recipient_maps =" (i.e. empty) in
|
||||
# the main.cf file, otherwise the SMTP server will reject mail for
|
||||
# non-UNIX accounts with "User unknown in local recipient table".
|
||||
#
|
||||
#luser_relay = $user@other.host
|
||||
#luser_relay = $local@other.host
|
||||
#luser_relay = admin+$local
|
||||
|
||||
# JUNK MAIL CONTROLS
|
||||
#
|
||||
# The controls listed here are only a very small subset. The file
|
||||
# SMTPD_ACCESS_README provides an overview.
|
||||
|
||||
# The header_checks parameter specifies an optional table with patterns
|
||||
# that each logical message header is matched against, including
|
||||
# headers that span multiple physical lines.
|
||||
#
|
||||
# By default, these patterns also apply to MIME headers and to the
|
||||
# headers of attached messages. With older Postfix versions, MIME and
|
||||
# attached message headers were treated as body text.
|
||||
#
|
||||
# For details, see "man header_checks".
|
||||
#
|
||||
header_checks = regexp:/etc/postfix/header_checks
|
||||
|
||||
# FAST ETRN SERVICE
|
||||
#
|
||||
# Postfix maintains per-destination logfiles with information about
|
||||
# deferred mail, so that mail can be flushed quickly with the SMTP
|
||||
# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
|
||||
# See the ETRN_README document for a detailed description.
|
||||
#
|
||||
# The fast_flush_domains parameter controls what destinations are
|
||||
# eligible for this service. By default, they are all domains that
|
||||
# this server is willing to relay mail to.
|
||||
#
|
||||
#fast_flush_domains = $relay_domains
|
||||
|
||||
# SHOW SOFTWARE VERSION OR NOT
|
||||
#
|
||||
# The smtpd_banner parameter specifies the text that follows the 220
|
||||
# code in the SMTP server's greeting banner. Some people like to see
|
||||
# the mail version advertised. By default, Postfix shows no version.
|
||||
#
|
||||
# You MUST specify $myhostname at the start of the text. That is an
|
||||
# RFC requirement. Postfix itself does not care.
|
||||
#
|
||||
#smtpd_banner = $myhostname ESMTP $mail_name
|
||||
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
|
||||
|
||||
# PARALLEL DELIVERY TO THE SAME DESTINATION
|
||||
#
|
||||
# How many parallel deliveries to the same user or domain? With local
|
||||
# delivery, it does not make sense to do massively parallel delivery
|
||||
# to the same user, because mailbox updates must happen sequentially,
|
||||
# and expensive pipelines in .forward files can cause disasters when
|
||||
# too many are run at the same time. With SMTP deliveries, 10
|
||||
# simultaneous connections to the same domain could be sufficient to
|
||||
# raise eyebrows.
|
||||
#
|
||||
# Each message delivery transport has its XXX_destination_concurrency_limit
|
||||
# parameter. The default is $default_destination_concurrency_limit for
|
||||
# most delivery transports. For the local delivery agent the default is 2.
|
||||
|
||||
#local_destination_concurrency_limit = 2
|
||||
#default_destination_concurrency_limit = 20
|
||||
|
||||
# DEBUGGING CONTROL
|
||||
#
|
||||
# The debug_peer_level parameter specifies the increment in verbose
|
||||
# logging level when an SMTP client or server host name or address
|
||||
# matches a pattern in the debug_peer_list parameter.
|
||||
#
|
||||
debug_peer_level = 2
|
||||
|
||||
# The debug_peer_list parameter specifies an optional list of domain
|
||||
# or network patterns, /file/name patterns or type:name tables. When
|
||||
# an SMTP client or server host name or address matches a pattern,
|
||||
# increase the verbose logging level by the amount specified in the
|
||||
# debug_peer_level parameter.
|
||||
#
|
||||
#debug_peer_list = 127.0.0.1
|
||||
#debug_peer_list = some.domain
|
||||
|
||||
# The debugger_command specifies the external command that is executed
|
||||
# when a Postfix daemon program is run with the -D option.
|
||||
#
|
||||
# Use "command .. & sleep 5" so that the debugger can attach before
|
||||
# the process marches on. If you use an X-based debugger, be sure to
|
||||
# set up your XAUTHORITY environment variable before starting Postfix.
|
||||
#
|
||||
debugger_command =
|
||||
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
|
||||
xxgdb $daemon_directory/$process_name $process_id & sleep 5
|
||||
|
||||
# If you can't use X, use this to capture the call stack when a
|
||||
# daemon crashes. The result is in a file in the configuration
|
||||
# directory, and is named after the process name and the process ID.
|
||||
#
|
||||
# debugger_command =
|
||||
# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
|
||||
# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
|
||||
# >$config_directory/$process_name.$process_id.log & sleep 5
|
||||
#
|
||||
# Another possibility is to run gdb under a detached screen session.
|
||||
# To attach to the screen sesssion, su root and run "screen -r
|
||||
# <id_string>" where <id_string> uniquely matches one of the detached
|
||||
# sessions (from "screen -list").
|
||||
#
|
||||
# debugger_command =
|
||||
# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
|
||||
# -dmS $process_name gdb $daemon_directory/$process_name
|
||||
# $process_id & sleep 1
|
||||
|
||||
# INSTALL-TIME CONFIGURATION INFORMATION
|
||||
#
|
||||
# The following parameters are used when installing a new Postfix version.
|
||||
#
|
||||
# sendmail_path: The full pathname of the Postfix sendmail command.
|
||||
# This is the Sendmail-compatible mail posting interface.
|
||||
#
|
||||
sendmail_path = /usr/sbin/sendmail.postfix
|
||||
|
||||
# newaliases_path: The full pathname of the Postfix newaliases command.
|
||||
# This is the Sendmail-compatible command to build alias databases.
|
||||
#
|
||||
newaliases_path = /usr/bin/newaliases.postfix
|
||||
|
||||
# mailq_path: The full pathname of the Postfix mailq command. This
|
||||
# is the Sendmail-compatible mail queue listing command.
|
||||
#
|
||||
mailq_path = /usr/bin/mailq.postfix
|
||||
|
||||
# setgid_group: The group for mail submission and queue management
|
||||
# commands. This must be a group name with a numerical group ID that
|
||||
# is not shared with other accounts, not even with the Postfix account.
|
||||
#
|
||||
setgid_group = postdrop
|
||||
|
||||
# html_directory: The location of the Postfix HTML documentation.
|
||||
#
|
||||
html_directory = no
|
||||
|
||||
# manpage_directory: The location of the Postfix on-line manual pages.
|
||||
#
|
||||
manpage_directory = /usr/share/man
|
||||
|
||||
# sample_directory: The location of the Postfix sample configuration files.
|
||||
# This parameter is obsolete as of Postfix 2.1.
|
||||
#
|
||||
sample_directory = /usr/share/doc/postfix-2.4.5/samples
|
||||
|
||||
# readme_directory: The location of the Postfix README files.
|
||||
#
|
||||
readme_directory = /usr/share/doc/postfix-2.4.5/README_FILES
|
||||
|
||||
# add this to new postfix to get it to add proper message-id and other
|
||||
# headers to outgoing emails via the gateway.
|
||||
|
||||
|
||||
message_size_limit = 20971520
|
||||
#inet_protocols = ipv4
|
|
@ -1,4 +0,0 @@
|
|||
search cloud.fedoraproject.org fedoraproject.org
|
||||
nameserver 8.8.8.8
|
||||
nameserver 8.8.4.4
|
||||
options rotate timeout:1
|
|
@ -1,4 +0,0 @@
|
|||
search vpn.fedoraproject.org fedoraproject.org
|
||||
nameserver 8.8.8.8
|
||||
nameserver 8.8.4.4
|
||||
options rotate timeout:1
|
|
@ -1,4 +0,0 @@
|
|||
search vpn.fedoraproject.org fedoraproject.org
|
||||
nameserver 213.248.76.210
|
||||
nameserver 152.3.182.5
|
||||
options rotate timeout:1
|
|
@ -1,4 +0,0 @@
|
|||
search vpn.fedoraproject.org fedoraproject.org
|
||||
nameserver 198.49.126.1
|
||||
nameserver 66.35.36.133
|
||||
options rotate timeout:1
|
|
@ -1,11 +0,0 @@
|
|||
[beaker-server]
|
||||
name=Beaker Server - Fedora$releasever
|
||||
baseurl=https://beaker-project.org/yum/server/Fedora$releasever/
|
||||
enabled=1
|
||||
gpgcheck=0
|
||||
|
||||
[beaker-server-testing]
|
||||
name=Beaker Server -Fedora$releasever - Testing
|
||||
baseurl=https://beaker-project.org/yum/server-testing/Fedora$releasever/
|
||||
enabled=0
|
||||
gpgcheck=0
|
|
@ -1,27 +0,0 @@
|
|||
#
|
||||
# This is the base beaker role - mostly installing repos for beaker
|
||||
#
|
||||
---
|
||||
|
||||
- name: put beaker server repos on Rhel systems
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: "/etc/yum.repos.d/{{ item }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
with_items:
|
||||
- beaker-server-rhel.repo
|
||||
when: ansible_distribution == 'RedHat'
|
||||
|
||||
- name: put beaker server repos on Fedora systems
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: "/etc/yum.repos.d/{{ item }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
with_items:
|
||||
- beaker-server-fedora.repo
|
||||
when: ansible_distribution == 'Fedora'
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
[beaker-server]
|
||||
name=Beaker Server - RedHatEnterpriseLinux{{ ansible_distribution_major_version }}
|
||||
baseurl=https://beaker-project.org/yum/server/RedHatEnterpriseLinux{{ ansible_distribution_major_version }}/
|
||||
enabled=1
|
||||
gpgcheck=0
|
||||
|
||||
[beaker-server-testing]
|
||||
name=Beaker Server - RedHatEnterpriseLinux{{ ansible_distribution_major_version }} - Testing
|
||||
baseurl=https://beaker-project.org/yum/server-testing/RedHatEnterpriseLinux{{ ansible_distribution_major_version }}/
|
||||
enabled=0
|
||||
gpgcheck=0
|
|
@ -1,10 +0,0 @@
|
|||
#####################################################################
|
||||
# Handlers for restarting services specific to beaker lab controllers
|
||||
#
|
||||
|
||||
- name: restart beaker lab controller
|
||||
service: name={{ item }} state=restarted
|
||||
with_items:
|
||||
- beaker-proxy
|
||||
- beaker-provision
|
||||
- beaker-watchdog
|
|
@ -1,36 +0,0 @@
|
|||
#
|
||||
# This is a beaker_labcontroller role.
|
||||
#
|
||||
---
|
||||
- name: install packages needed for beaker lab-controller
|
||||
package: name={{ item }} state=present
|
||||
with_items:
|
||||
- beaker-lab-controller
|
||||
- tftp-server
|
||||
|
||||
- name: Replace default labcontroller.conf file
|
||||
template:
|
||||
src: etc/beaker/labcontroller.conf.j2
|
||||
dest: /etc/beaker/labcontroller.conf
|
||||
owner: apache
|
||||
group: root
|
||||
mode: 0660
|
||||
backup: yes
|
||||
force: yes
|
||||
notify:
|
||||
- reload httpd
|
||||
- restart beaker lab controller
|
||||
tags:
|
||||
- beaker_lab_controller
|
||||
|
||||
- name: start required services
|
||||
service: name={{ item }} state=started enabled=yes
|
||||
with_items:
|
||||
- httpd
|
||||
- tftp.socket
|
||||
- beaker-proxy
|
||||
- beaker-provision
|
||||
- beaker-watchdog
|
||||
# beaker-transfer is left disabled, since we have no log archive server
|
||||
tags:
|
||||
- beaker_lab_controller
|
|
@ -1,48 +0,0 @@
|
|||
# Hub xml-rpc address.
|
||||
#HUB_URL = "https://localhost:8080"
|
||||
HUB_URL = "http://{{beaker_server_hostname}}/"
|
||||
|
||||
# Hub authentication method. Example: krbv, password, worker_key
|
||||
AUTH_METHOD = "password"
|
||||
#AUTH_METHOD = "krbv"
|
||||
|
||||
# Username and password
|
||||
USERNAME = "{{beaker_lab_controller_username}}"
|
||||
PASSWORD = "{{beaker_lab_controller_password}}"
|
||||
|
||||
# Kerberos service prefix. Example: host, HTTP
|
||||
KRB_SERVICE = "HTTP"
|
||||
|
||||
# Kerberos realm. If commented, last two parts of domain name are used. Example: MYDOMAIN.COM.
|
||||
KRB_REALM = "DOMAIN.COM"
|
||||
|
||||
#Uncomment and change the following two lines if using krb with qpid
|
||||
#QPID_KRB_PRINCIPAL='HTTP/localhost'
|
||||
|
||||
#QPID_KRB_KEYTAB='/etc/my/file.keytab'
|
||||
|
||||
# By default, job logs are stored locally on the lab controller.
|
||||
# If you have set up an archive server to store job logs, uncomment and
|
||||
# configure the following settings. You will also need to enable the
|
||||
# beaker-transfer daemon to move logs to the archive server.
|
||||
#ARCHIVE_SERVER = "http://archive-example.domain.com/beaker"
|
||||
#ARCHIVE_BASEPATH = "/var/www/html/beaker"
|
||||
#ARCHIVE_RSYNC = "rsync://USER@HOST/var/www/html/beaker"
|
||||
#RSYNC_FLAGS = "-ar --password-file /root/rsync-secret.txt"
|
||||
|
||||
# How often to renew our session on the server
|
||||
#RENEW_SESSION_INTERVAL = 300
|
||||
|
||||
# Root directory served by the TFTP server. Netboot images and configs will be
|
||||
# placed here.
|
||||
TFTP_ROOT = "/var/lib/tftpboot"
|
||||
|
||||
# URL scheme used to generate absolute URLs for this lab controller.
|
||||
# It is used for job logs served by Apache. Set it to 'https' if you have
|
||||
# configured Apache for SSL and you want logs to be served over SSL.
|
||||
#URL_SCHEME = "http"
|
||||
|
||||
# Fully qualified domain name of *this* system (not the Beaker server).
|
||||
# Defaults to socket.gethostname(). Ordinarily that is sufficient, unless you
|
||||
# have registered this lab controller with Beaker under a CNAME.
|
||||
URL_DOMAIN = "{{beaker_server_cname}}"
|
|
@ -1,20 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDHzCCAgegAwIBAgIJAIJYzzIqyTO3MA0GCSqGSIb3DQEBCwUAMCYxJDAiBgNV
|
||||
BAMMG2JlYWtlci5xYS5mZWRvcmFwcm9qZWN0Lm9yZzAeFw0xNjA0MDcxNTI4MDNa
|
||||
Fw0yMTA0MDYxNTI4MDNaMCYxJDAiBgNVBAMMG2JlYWtlci5xYS5mZWRvcmFwcm9q
|
||||
ZWN0Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO0EiJo2tuXP
|
||||
T7TMPRHvsJ2Rt0RmcEIlYUAUsyDyJd14zrxpX6XNh5k11MNR/K3gtylpMsXnryGR
|
||||
ZxV9QEERVD+eOrHWYgKBW+XxUkWvU3+5g6MJrnBK/4MahEOTCuj5dt06hABMgrip
|
||||
3i5wm/NCa8tu98IB3mP6ApX35nGG7zNgy+pycolzo00Nss1FW/wygZukAG+DDrGz
|
||||
QUHKx5dGIq3VTd6X/0jnTDh83gmM2IItYorKr6ZgG+Wzjtjr+eAVJbKaOuL895Wv
|
||||
1D7vpHpnac2pKxKB5Pd81tSDf++tInBKSSN7rb+0+YkV/aHa5zm2XqMZ8YOu8hX0
|
||||
67TXZLmzYIkCAwEAAaNQME4wHQYDVR0OBBYEFHwukZpuQ6Y0qoK22fyVSvUzRK9G
|
||||
MB8GA1UdIwQYMBaAFHwukZpuQ6Y0qoK22fyVSvUzRK9GMAwGA1UdEwQFMAMBAf8w
|
||||
DQYJKoZIhvcNAQELBQADggEBAHzMR0NYdK/B2MzDk2nw056/ijebeVfOpawdFbkV
|
||||
5srXnlexUwZFroC90I5dkd9nPz3mT9A35DTv43j86UgK60RJhJhkoMRQC+nU2YBM
|
||||
SmxKl2OzsjNY4w0FW3DJhxfahGAy4whvhJYmQuAGdrvh657GPxfOP1OwUcIT4nco
|
||||
nFr/QRVWvuYE6RsJoBE60eIka1G5mJxz5IlnBqG13Zx/C71a969E2StXVBOIx0cE
|
||||
gr8IZUw+rCFiM3Pv1ihTqagzydNtQM1OdUIcYYH1nfnm5sbBTaJ9VXrS+xs2lBOg
|
||||
Z8kuhm+XT1TOvIwyCRxf1vH6cnSmsOHMXnWfZN1YwI9uCS0=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,35 +0,0 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" cacheDuration="P7D" entityID="https://beaker.qa.fedoraproject.org/saml2">
|
||||
<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
||||
<md:KeyDescriptor use="signing">
|
||||
<ds:KeyInfo>
|
||||
<ds:X509Data>
|
||||
<ds:X509Certificate>MIIDHzCCAgegAwIBAgIJAIJYzzIqyTO3MA0GCSqGSIb3DQEBCwUAMCYxJDAiBgNV
|
||||
BAMMG2JlYWtlci5xYS5mZWRvcmFwcm9qZWN0Lm9yZzAeFw0xNjA0MDcxNTI4MDNa
|
||||
Fw0yMTA0MDYxNTI4MDNaMCYxJDAiBgNVBAMMG2JlYWtlci5xYS5mZWRvcmFwcm9q
|
||||
ZWN0Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO0EiJo2tuXP
|
||||
T7TMPRHvsJ2Rt0RmcEIlYUAUsyDyJd14zrxpX6XNh5k11MNR/K3gtylpMsXnryGR
|
||||
ZxV9QEERVD+eOrHWYgKBW+XxUkWvU3+5g6MJrnBK/4MahEOTCuj5dt06hABMgrip
|
||||
3i5wm/NCa8tu98IB3mP6ApX35nGG7zNgy+pycolzo00Nss1FW/wygZukAG+DDrGz
|
||||
QUHKx5dGIq3VTd6X/0jnTDh83gmM2IItYorKr6ZgG+Wzjtjr+eAVJbKaOuL895Wv
|
||||
1D7vpHpnac2pKxKB5Pd81tSDf++tInBKSSN7rb+0+YkV/aHa5zm2XqMZ8YOu8hX0
|
||||
67TXZLmzYIkCAwEAAaNQME4wHQYDVR0OBBYEFHwukZpuQ6Y0qoK22fyVSvUzRK9G
|
||||
MB8GA1UdIwQYMBaAFHwukZpuQ6Y0qoK22fyVSvUzRK9GMAwGA1UdEwQFMAMBAf8w
|
||||
DQYJKoZIhvcNAQELBQADggEBAHzMR0NYdK/B2MzDk2nw056/ijebeVfOpawdFbkV
|
||||
5srXnlexUwZFroC90I5dkd9nPz3mT9A35DTv43j86UgK60RJhJhkoMRQC+nU2YBM
|
||||
SmxKl2OzsjNY4w0FW3DJhxfahGAy4whvhJYmQuAGdrvh657GPxfOP1OwUcIT4nco
|
||||
nFr/QRVWvuYE6RsJoBE60eIka1G5mJxz5IlnBqG13Zx/C71a969E2StXVBOIx0cE
|
||||
gr8IZUw+rCFiM3Pv1ihTqagzydNtQM1OdUIcYYH1nfnm5sbBTaJ9VXrS+xs2lBOg
|
||||
Z8kuhm+XT1TOvIwyCRxf1vH6cnSmsOHMXnWfZN1YwI9uCS0=
|
||||
</ds:X509Certificate>
|
||||
</ds:X509Data>
|
||||
</ds:KeyInfo>
|
||||
</md:KeyDescriptor>
|
||||
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://beaker.qa.fedoraproject.org/saml2/logout"/>
|
||||
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://beaker.qa.fedoraproject.org/saml2/logout"/>
|
||||
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://beaker.qa.fedoraproject.org/saml2/postResponse" index="0" isDefault="true"/>
|
||||
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://beaker.qa.fedoraproject.org/saml2/paosResponse" index="1"/>
|
||||
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
|
||||
</md:SPSSODescriptor>
|
||||
</md:EntityDescriptor>
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDITCCAgmgAwIBAgIJANePJb/F64UnMA0GCSqGSIb3DQEBCwUAMCcxJTAjBgNV
|
||||
BAMMHGJlYWtlci5zdGcuZmVkb3JhcHJvamVjdC5vcmcwHhcNMTUxMDEzMjM0MTEy
|
||||
WhcNMjAxMDExMjM0MTEyWjAnMSUwIwYDVQQDDBxiZWFrZXIuc3RnLmZlZG9yYXBy
|
||||
b2plY3Qub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ldJi2fS
|
||||
MkriCEsesaaMCSHXyPdYufGfdmgKxKhDEjwXLWj/V7fU5P6nmaACXkbbCb+IXTAr
|
||||
hSt6PxEZBtBqMn6gccuwIC18xJs1bT5dlt2Xfo0BZWQWaFyqMOZeaj7A3TK1JyuH
|
||||
rKUVOm/HQASUdZEVG/nzvEZPfNZEljylFTHix37JLAPVjyWJeDwVAATriWi0T+FT
|
||||
J0kgMzzM29ffXIVrK30BylKpIoILhfM4FYUN78GoXFpAnJL/tqNG0LnKSIAYpiz8
|
||||
qSKMU04R/FyxzCeymCuZmq7yqh+GvT8ZxfdhyRoIpPqpWs568/NUCkQbfWDyt76t
|
||||
d2OI585vN1iLXQIDAQABo1AwTjAdBgNVHQ4EFgQU099ELHHVooBjYIH5cOfAk2wH
|
||||
lrowHwYDVR0jBBgwFoAU099ELHHVooBjYIH5cOfAk2wHlrowDAYDVR0TBAUwAwEB
|
||||
/zANBgkqhkiG9w0BAQsFAAOCAQEAcHCzouLDuAfaReCo8Tt0gtblf/Ko5bj+LgbD
|
||||
7KN7JgPZN3gEt+kbD3/zkfCMOgxwPSDACT2eddfTNOvEvjOfYWINsncryyw4P/Yz
|
||||
eOf5Lmy2MahZ9PCmBZ3PtNrwniHkeZjVQoZ7vnhTvWtj2zY+E5witIX+oT7TGwej
|
||||
JBbqBzqIJiahlB1/tEHY2vPMKLRi6fvTaKEBiiD+OscdAwYcIGWfpHLpmtMfhcar
|
||||
ilPZqFHO+yfFpbmqe8FhaFp37j2g3SyZfZUpS7vJgQyc6EWJE84vZ2XuCHXE1wbF
|
||||
uTmuWwmvjmEUblL+a6LueUIm4qDy7/I/ghGo3o8Ryj6dGBluqw==
|
||||
-----END CERTIFICATE-----
|
|
@ -1,81 +0,0 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" validUntil="2020-10-11T22:59:38.296283Z" entityID="http://id.stg.fedoraproject.org/saml2/metadata">
|
||||
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" WantAuthnRequestsSigned="true">
|
||||
<md:KeyDescriptor use="signing">
|
||||
<ds:KeyInfo>
|
||||
<ds:X509Data>
|
||||
<ds:X509Certificate>MIIFOTCCAyGgAwIBAgIJAOtrg+MpYNUgMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNV
|
||||
BAMMKGlkLmZlZG9yYXByb2plY3Qub3JnIFNURyBURU1QT1JBUlkgU0FNTDIwHhcN
|
||||
MTUwOTMwMDkxMzU3WhcNMTUxMDMwMDkxMzU3WjAzMTEwLwYDVQQDDChpZC5mZWRv
|
||||
cmFwcm9qZWN0Lm9yZyBTVEcgVEVNUE9SQVJZIFNBTUwyMIICIjANBgkqhkiG9w0B
|
||||
AQEFAAOCAg8AMIICCgKCAgEAt1mvOsVxRm9O+dT0QIYxl0vmqQQ4MhQA3wboEeBp
|
||||
sQYjM2te+2Q/7OOwklVdD5g/rgXuDwOH6ztt1Y6UJmMC9RQCSJ5YNFe95hOE0H+P
|
||||
ar9/9xm6hlwqxp9S1NftO7G6x7Zad/QHURcQit2EeDJAox/LEk3FEti03Q2tSPBa
|
||||
wpNk/AUwkXnGn+bQ142JxvfJaO8sdxPpww1955SxKnJ3ClaPw3Qs0SLbD7cQQnyu
|
||||
gQne0jBNPS5LkXS7DKmPBXY7R7der2gx3Wr6TxHNCcqMruL/RHmGKEB/KnFqxDK1
|
||||
zNrcUyyghHGBRtGqbJw37kQBWtuoE67iyAiHQWnn4onNHTFeP1SfpzFIM3ya8Iew
|
||||
Awh93IH2YAAd3SxNsCE27iZej2+8OikkWp6rpG36apskwKLAmOTKATqAII49u32o
|
||||
aYqMe3LEORzmoR45/FGmQ8fPTxIXoT9kkA8nS3Xa1f6BaGnlxPu+VNAYEQx5hzX1
|
||||
yhjSEiIcyowIx4/Frp+XHn7USQHb0jBkBGTWlo3QRO3LDarTmcoJZIrMK1fISggv
|
||||
KJ1jUisrboFm0hX4O0F6TAx9UbWGIpgTiEjynDbBgIWsElGaTOfafPOFAVVusW5W
|
||||
6na5R0sKDiaw5Ej3tMz5gTlSLk+0Vfc/tQphqIgXu1BIQ5gghyDUAEZRIe7iFEnu
|
||||
LqUCAwEAAaNQME4wHQYDVR0OBBYEFFIneEZsGOpk6nVXammdrrRVyG5/MB8GA1Ud
|
||||
IwQYMBaAFFIneEZsGOpk6nVXammdrrRVyG5/MAwGA1UdEwQFMAMBAf8wDQYJKoZI
|
||||
hvcNAQELBQADggIBAGqXB//gUKBAUFHB4i45/70vWID2lYMu2nFvd7SWI1oc0n78
|
||||
DTlqFDYDyV05V/qCnezjAb+6KUyyeyAevgZPaDswCVd2aygYGDE9RsvOy60UhZ1c
|
||||
yfgVx2l/YLzO4bWNKllxpfbLVHTfKo8MfFa99ClN6Y+t8+fucTS2+WOq5MYd5lKS
|
||||
/4FY7QYq645oYHAlQzOV2PHAcMDbhtaEJJ4CXh4//ArM/NE73NYaH4SGQW1xVD7D
|
||||
8zS/0TGYDX6MNQvRwzihtKVEtUAGj1zIZZUYFd9+mx4Ir3OBnRozSe8LkfaWYd13
|
||||
hlRLINzOEQ3ebSGGRlgeFYXw+cTpn64KoyE56CcL//dxZS27LGBIMAul0eARoa6U
|
||||
Y1DYkZ178QugycphmLCkxe2/Qe9xZjn0ghycxiYAlPqGFG87pW8UC162B7eklOuR
|
||||
GO/BqcKZcO5GPyWkuslUpx8w0bOnCgXKxVzbt5BGBMvSMxe/QCw9x4sXnKGUtHaV
|
||||
FqnKqa/sxkfQ8HltSvft8goNw13/I+J5ERHdif0EyI83ba+CyGwEjCe8uZYjp2G3
|
||||
DqtUXjiYReHTYZr6R9Xgts0RKf44wVJ3D7Fs7P2dBGI7b/R/8HHv9HM+/HcbkRhA
|
||||
25vdCBgg+KF3u3bZZlUp82PkOtRFcr4kb3GwS4FAaxRC5i/8Z4qI2ICNZFPN
|
||||
</ds:X509Certificate>
|
||||
</ds:X509Data>
|
||||
</ds:KeyInfo>
|
||||
</md:KeyDescriptor>
|
||||
<md:KeyDescriptor use="encryption">
|
||||
<ds:KeyInfo>
|
||||
<ds:X509Data>
|
||||
<ds:X509Certificate>MIIFOTCCAyGgAwIBAgIJAOtrg+MpYNUgMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNV
|
||||
BAMMKGlkLmZlZG9yYXByb2plY3Qub3JnIFNURyBURU1QT1JBUlkgU0FNTDIwHhcN
|
||||
MTUwOTMwMDkxMzU3WhcNMTUxMDMwMDkxMzU3WjAzMTEwLwYDVQQDDChpZC5mZWRv
|
||||
cmFwcm9qZWN0Lm9yZyBTVEcgVEVNUE9SQVJZIFNBTUwyMIICIjANBgkqhkiG9w0B
|
||||
AQEFAAOCAg8AMIICCgKCAgEAt1mvOsVxRm9O+dT0QIYxl0vmqQQ4MhQA3wboEeBp
|
||||
sQYjM2te+2Q/7OOwklVdD5g/rgXuDwOH6ztt1Y6UJmMC9RQCSJ5YNFe95hOE0H+P
|
||||
ar9/9xm6hlwqxp9S1NftO7G6x7Zad/QHURcQit2EeDJAox/LEk3FEti03Q2tSPBa
|
||||
wpNk/AUwkXnGn+bQ142JxvfJaO8sdxPpww1955SxKnJ3ClaPw3Qs0SLbD7cQQnyu
|
||||
gQne0jBNPS5LkXS7DKmPBXY7R7der2gx3Wr6TxHNCcqMruL/RHmGKEB/KnFqxDK1
|
||||
zNrcUyyghHGBRtGqbJw37kQBWtuoE67iyAiHQWnn4onNHTFeP1SfpzFIM3ya8Iew
|
||||
Awh93IH2YAAd3SxNsCE27iZej2+8OikkWp6rpG36apskwKLAmOTKATqAII49u32o
|
||||
aYqMe3LEORzmoR45/FGmQ8fPTxIXoT9kkA8nS3Xa1f6BaGnlxPu+VNAYEQx5hzX1
|
||||
yhjSEiIcyowIx4/Frp+XHn7USQHb0jBkBGTWlo3QRO3LDarTmcoJZIrMK1fISggv
|
||||
KJ1jUisrboFm0hX4O0F6TAx9UbWGIpgTiEjynDbBgIWsElGaTOfafPOFAVVusW5W
|
||||
6na5R0sKDiaw5Ej3tMz5gTlSLk+0Vfc/tQphqIgXu1BIQ5gghyDUAEZRIe7iFEnu
|
||||
LqUCAwEAAaNQME4wHQYDVR0OBBYEFFIneEZsGOpk6nVXammdrrRVyG5/MB8GA1Ud
|
||||
IwQYMBaAFFIneEZsGOpk6nVXammdrrRVyG5/MAwGA1UdEwQFMAMBAf8wDQYJKoZI
|
||||
hvcNAQELBQADggIBAGqXB//gUKBAUFHB4i45/70vWID2lYMu2nFvd7SWI1oc0n78
|
||||
DTlqFDYDyV05V/qCnezjAb+6KUyyeyAevgZPaDswCVd2aygYGDE9RsvOy60UhZ1c
|
||||
yfgVx2l/YLzO4bWNKllxpfbLVHTfKo8MfFa99ClN6Y+t8+fucTS2+WOq5MYd5lKS
|
||||
/4FY7QYq645oYHAlQzOV2PHAcMDbhtaEJJ4CXh4//ArM/NE73NYaH4SGQW1xVD7D
|
||||
8zS/0TGYDX6MNQvRwzihtKVEtUAGj1zIZZUYFd9+mx4Ir3OBnRozSe8LkfaWYd13
|
||||
hlRLINzOEQ3ebSGGRlgeFYXw+cTpn64KoyE56CcL//dxZS27LGBIMAul0eARoa6U
|
||||
Y1DYkZ178QugycphmLCkxe2/Qe9xZjn0ghycxiYAlPqGFG87pW8UC162B7eklOuR
|
||||
GO/BqcKZcO5GPyWkuslUpx8w0bOnCgXKxVzbt5BGBMvSMxe/QCw9x4sXnKGUtHaV
|
||||
FqnKqa/sxkfQ8HltSvft8goNw13/I+J5ERHdif0EyI83ba+CyGwEjCe8uZYjp2G3
|
||||
DqtUXjiYReHTYZr6R9Xgts0RKf44wVJ3D7Fs7P2dBGI7b/R/8HHv9HM+/HcbkRhA
|
||||
25vdCBgg+KF3u3bZZlUp82PkOtRFcr4kb3GwS4FAaxRC5i/8Z4qI2ICNZFPN
|
||||
</ds:X509Certificate>
|
||||
</ds:X509Data>
|
||||
</ds:KeyInfo>
|
||||
</md:KeyDescriptor>
|
||||
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://id.stg.fedoraproject.org/saml2/SSO/POST"/>
|
||||
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://id.stg.fedoraproject.org/saml2/SSO/Redirect"/>
|
||||
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://id.stg.fedoraproject.org/saml2/SLO/Redirect"/>
|
||||
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
|
||||
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
|
||||
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
|
||||
</md:IDPSSODescriptor>
|
||||
</md:EntityDescriptor>
|
|
@ -1,34 +0,0 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" cacheDuration="P7D" entityID="https://beaker.stg.fedoraproject.org/saml2">
|
||||
<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
||||
<md:KeyDescriptor use="signing">
|
||||
<ds:KeyInfo>
|
||||
<ds:X509Data>
|
||||
<ds:X509Certificate>MIIDITCCAgmgAwIBAgIJANePJb/F64UnMA0GCSqGSIb3DQEBCwUAMCcxJTAjBgNV
|
||||
BAMMHGJlYWtlci5zdGcuZmVkb3JhcHJvamVjdC5vcmcwHhcNMTUxMDEzMjM0MTEy
|
||||
WhcNMjAxMDExMjM0MTEyWjAnMSUwIwYDVQQDDBxiZWFrZXIuc3RnLmZlZG9yYXBy
|
||||
b2plY3Qub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ldJi2fS
|
||||
MkriCEsesaaMCSHXyPdYufGfdmgKxKhDEjwXLWj/V7fU5P6nmaACXkbbCb+IXTAr
|
||||
hSt6PxEZBtBqMn6gccuwIC18xJs1bT5dlt2Xfo0BZWQWaFyqMOZeaj7A3TK1JyuH
|
||||
rKUVOm/HQASUdZEVG/nzvEZPfNZEljylFTHix37JLAPVjyWJeDwVAATriWi0T+FT
|
||||
J0kgMzzM29ffXIVrK30BylKpIoILhfM4FYUN78GoXFpAnJL/tqNG0LnKSIAYpiz8
|
||||
qSKMU04R/FyxzCeymCuZmq7yqh+GvT8ZxfdhyRoIpPqpWs568/NUCkQbfWDyt76t
|
||||
d2OI585vN1iLXQIDAQABo1AwTjAdBgNVHQ4EFgQU099ELHHVooBjYIH5cOfAk2wH
|
||||
lrowHwYDVR0jBBgwFoAU099ELHHVooBjYIH5cOfAk2wHlrowDAYDVR0TBAUwAwEB
|
||||
/zANBgkqhkiG9w0BAQsFAAOCAQEAcHCzouLDuAfaReCo8Tt0gtblf/Ko5bj+LgbD
|
||||
7KN7JgPZN3gEt+kbD3/zkfCMOgxwPSDACT2eddfTNOvEvjOfYWINsncryyw4P/Yz
|
||||
eOf5Lmy2MahZ9PCmBZ3PtNrwniHkeZjVQoZ7vnhTvWtj2zY+E5witIX+oT7TGwej
|
||||
JBbqBzqIJiahlB1/tEHY2vPMKLRi6fvTaKEBiiD+OscdAwYcIGWfpHLpmtMfhcar
|
||||
ilPZqFHO+yfFpbmqe8FhaFp37j2g3SyZfZUpS7vJgQyc6EWJE84vZ2XuCHXE1wbF
|
||||
uTmuWwmvjmEUblL+a6LueUIm4qDy7/I/ghGo3o8Ryj6dGBluqw==
|
||||
</ds:X509Certificate>
|
||||
</ds:X509Data>
|
||||
</ds:KeyInfo>
|
||||
</md:KeyDescriptor>
|
||||
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://beaker.stg.fedoraproject.org/saml2/logout"/>
|
||||
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://beaker.stg.fedoraproject.org/saml2/logout"/>
|
||||
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://beaker.stg.fedoraproject.org/saml2/postResponse" index="0" isDefault="true"/>
|
||||
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://beaker.stg.fedoraproject.org/saml2/paosResponse" index="1"/>
|
||||
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
|
||||
</md:SPSSODescriptor>
|
||||
</md:EntityDescriptor>
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue