diff --git a/roles/abrt/faf/defaults/main.yml b/roles/abrt/faf/defaults/main.yml
index 6704464784..995c324f03 100644
--- a/roles/abrt/faf/defaults/main.yml
+++ b/roles/abrt/faf/defaults/main.yml
@@ -10,6 +10,7 @@ faf_with_fedmsg: false
faf_with_solutionfinders: true
faf_with_symboltransfer: false
faf_with_web: true
+faf_python_version: "python3.6"
# dangerous, delete and re-create PostgreSQL database
# (will wipe Postgre's data dir and re-create from scratch)
@@ -89,7 +90,7 @@ domain: example.org
faf_server_name: "example-faf.org"
faf_web_brand_title: "ABRT"
-faf_web_brand_subtitle: "Analysis"
+faf_web_brand_subtitle: "Analytics"
faf_web_fedmenu_url:
# https://apps.fedoraproject.org/fedmenu
diff --git a/roles/abrt/faf/meta/.galaxy_install_info b/roles/abrt/faf/meta/.galaxy_install_info
index 4942746ffa..50e155cbd2 100644
--- a/roles/abrt/faf/meta/.galaxy_install_info
+++ b/roles/abrt/faf/meta/.galaxy_install_info
@@ -1,2 +1,2 @@
-install_date: Fri Mar 20 14:14:25 2020
+install_date: Fri Mar 27 10:36:49 2020
version: master
diff --git a/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 b/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2
index 2a88cff897..af69d27855 100644
--- a/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2
+++ b/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2
@@ -4,9 +4,7 @@ WSGIPythonOptimize 1
WSGISocketPrefix {{ faf_spool_dir }}/wsgi
WSGIDaemonProcess faf user=faf group=faf processes=3 threads=5
-{% set python = 'python3.7' %}
-
-WSGIScriptAlias /{{ url_suffix }} /usr/lib/{{ python }}/site-packages/webfaf/hub.wsgi process-group=faf application-group=%{GLOBAL}
+WSGIScriptAlias /{{ url_suffix }} /usr/lib/{{ faf_python_version }}/site-packages/webfaf/hub.wsgi process-group=faf application-group=%{GLOBAL}
@@ -21,7 +19,7 @@ WSGIScriptAlias /{{ url_suffix }} /usr/lib/{{ python }}/site-packages/webfaf/hub
# project main
-
+
Options Indexes
IndexOptions FancyIndexing
diff --git a/roles/abrt/retrace/defaults/main.yml b/roles/abrt/retrace/defaults/main.yml
index 8e7e1ac6d7..44e22dcc75 100644
--- a/roles/abrt/retrace/defaults/main.yml
+++ b/roles/abrt/retrace/defaults/main.yml
@@ -84,12 +84,6 @@ rs_save_dir: /var/spool/retrace-server
# Directory where old tasks are moved
rs_drop_dir: /srv/retrace/archive
-# Whether to use explicit working directory, otherwise default mock settings are used
-rs_use_work_dir: false
-
-# Working directory
-rs_work_dir: /tmp/retrace-server
-
# Whether to use createrepo's --update option (faster, but requires a lot of memory)
rs_use_createrepo_update: false
@@ -126,20 +120,17 @@ rs_kernel_debuginfo_url: http://kojipkgs.fedoraproject.org/packages/$BASENAME/$V
# Run makedumpfile with specified dumplevel; <= 0 or >= 32 means disabled
rs_vmcore_dump_level: 0
-# Whether to run kmem command by default (this may take a long time on large vmcores)
-# 1 => run 'kmem -f'; 2 => run 'kmem -f' with 'set hash off'; 3 => run 'kmem -z'; anything else => do not run kmem
-rs_vmcore_run_kmem: 0
-
# EXPERIMENTAL! Use ABRT Server's storage to map build-ids
# into debuginfo packages and resolve dependencies
# Requires support from ABRT Server
rs_use_faf_packages: false
-# where faf store data
+# Spool directory for FAF packages
faf_spool_dir: /var/spool/faf
-# Where to hardlink faf packages
-rs_faf_link_dir: "{{ faf_spool_dir }}/retrace-tmp"
+# Run the retrace in a Mock chroot (default), or a Podman container
+# (mock|podman)
+rs_retrace_environment: mock
# Whether to enable e-mail notifications
rs_email_notify: false
@@ -186,32 +177,18 @@ rs_archhosts:
- { arch: armhfp, url: }
- { arch: s390x, url: }
-# Parameters are replaced using python's format.
-# Available parameters: hook_name, task_id, task_dir
-# Example: pre_start = /bin/echo {hook_name} {task_id} {task_dir}
-# When worker.start() is called
-rs_hookscripts:
- - { hook: pre_start, cmd: }
- - { hook: start, cmd: }
- - { hook: pre_prepare_debuginfo, cmd: }
- - { hook: post_prepare_debuginfo, cmd: }
- - { hook: pre_prepare_mock, cmd: }
- - { hook: post_prepare_mock, cmd: }
- - { hook: pre_retrace, cmd: }
- - { hook: post_retrace, cmd: }
- - { hook: success, cmd: }
- - { hook: fail, cmd: }
- - { hook: pre_remove_task, cmd: }
- - { hook: post_remove_task, cmd: }
- - { hook: pre_clean_task, cmd: }
- - { hook: post_clean_task, cmd: }
-
-
# Force package reinstall
rs_force_reinstall: false
# Check server health after installation
rs_check_health: true
+# Path to the executable hook scripts
+# https://github.com/abrt/retrace-server/wiki/Hook-scripts
+rs_hooks_executable_path: /usr/libexec/retrace-server/hooks/
+
+# Global time limit for hook scripts (in seconds)
+rs_hooks_global_timeout: 300
+
# Hostname
hostname: example.org
diff --git a/roles/abrt/retrace/meta/.galaxy_install_info b/roles/abrt/retrace/meta/.galaxy_install_info
index 693a945894..9a36878dcc 100644
--- a/roles/abrt/retrace/meta/.galaxy_install_info
+++ b/roles/abrt/retrace/meta/.galaxy_install_info
@@ -1,2 +1,2 @@
-install_date: Fri Mar 20 14:14:27 2020
+install_date: Fri Mar 27 10:36:51 2020
version: master
diff --git a/roles/abrt/retrace/tasks/check.yml b/roles/abrt/retrace/tasks/check.yml
index f9c1285fb5..d9d7c9317d 100644
--- a/roles/abrt/retrace/tasks/check.yml
+++ b/roles/abrt/retrace/tasks/check.yml
@@ -6,7 +6,7 @@
- name: Set settings_url fact
set_fact:
- settings_url: "https://{{ hostname }}/settings"
+ settings_url: "https://{{ ansible_default_ipv4.address }}/settings"
- name: fetch settings
uri:
diff --git a/roles/abrt/retrace/tasks/config.yml b/roles/abrt/retrace/tasks/config.yml
index 4d4f085665..94009a3123 100644
--- a/roles/abrt/retrace/tasks/config.yml
+++ b/roles/abrt/retrace/tasks/config.yml
@@ -2,7 +2,7 @@
- name: configure retrace-server
template:
src: etc-retrace-server.conf.j2
- dest: /etc/retrace-server.conf
+ dest: /etc/retrace-server/retrace-server.conf
notify: restart httpd
- name: retrace-server http config
@@ -10,3 +10,9 @@
src: retrace-server-httpd.conf.j2
dest: /etc/httpd/conf.d/retrace-server-httpd.conf
notify: restart httpd
+
+- name: configure retrace-server hooks config
+ template:
+ src: etc-retrace-server-hooks.conf.j2
+ dest: /etc/retrace-server/retrace-server-hooks.conf
+ notify: restart httpd
diff --git a/roles/abrt/retrace/tasks/main.yml b/roles/abrt/retrace/tasks/main.yml
index 8edacbe781..aea0c93c3e 100644
--- a/roles/abrt/retrace/tasks/main.yml
+++ b/roles/abrt/retrace/tasks/main.yml
@@ -12,6 +12,9 @@
- import_tasks: config.yml
tags: [rs, config]
+- import_tasks: podman.yml
+ tags: [rs, podman]
+
# Check functionality of the retrace-server
- import_tasks: check.yml
when: rs_check_health|bool
diff --git a/roles/abrt/retrace/tasks/podman.yml b/roles/abrt/retrace/tasks/podman.yml
new file mode 100644
index 0000000000..e82e5d4728
--- /dev/null
+++ b/roles/abrt/retrace/tasks/podman.yml
@@ -0,0 +1,60 @@
+---
+- name: Install podman package
+ package:
+ name: podman
+ state: present
+
+- name: Set home directory for retrace user
+ user:
+ name: retrace
+ home: /var/lib/retrace
+
+- name: Check if subuid is set for retrace user
+ command: cat /etc/subuid
+ changed_when: false
+ register: retrace_subuid
+
+- block:
+ - name: Get last subuid entry
+ shell: |
+ set -o pipefail
+ cut -d ':' -f2 /etc/subuid | sort | tail -1
+ changed_when: false
+ register: t_subuid
+ args:
+ executable: /usr/bin/bash
+
+ - name: Set variables for min and max subuid
+ set_fact:
+ rs_subuid_min: "{{ t_subuid.stdout | default(100000) | int + 65536 }}"
+ rs_subuid_max: "{{ t_subuid.stdout | default(100000) | int + 2 * 65536 - 1 }}"
+
+ - name: Set subuid for retrace user.
+ command: usermod retrace --add-subuids "{{ rs_subuid_min }}-{{ rs_subuid_max }}"
+
+ when: '"retrace" not in retrace_subgid.stdout'
+
+- name: Check if subgid is set for retrace user
+ command: cat /etc/subgid
+ changed_when: false
+ register: retrace_subgid
+
+- block:
+ - name: Get last subgid entry
+ shell: |
+ set -o pipefail
+ cut -d ':' -f2 /etc/subgid | sort | tail -1
+ changed_when: false
+ register: t_subgid
+ args:
+ executable: /usr/bin/bash
+
+ - name: Set variables for min and max subgid
+ set_fact:
+ rs_subgid_min: "{{ t_subgid.stdout | default(100000) | int + 65536 }}"
+ rs_subgid_max: "{{ t_subgid.stdout | default(100000) | int + 2 * 65536 - 1 }}"
+
+ - name: Set subgid for retrace user
+ command: usermod retrace --add-subgids "{{ rs_subgid_min }}-{{ rs_subgid_max }}"
+
+ when: '"retrace" not in retrace_subgid.stdout'
diff --git a/roles/abrt/retrace/tasks/usefafpkgs.yml b/roles/abrt/retrace/tasks/usefafpkgs.yml
index 7bee43a780..754f46e8fa 100644
--- a/roles/abrt/retrace/tasks/usefafpkgs.yml
+++ b/roles/abrt/retrace/tasks/usefafpkgs.yml
@@ -14,40 +14,3 @@
state: present
become: yes
become_user: postgres
-
-# for already existing files/dirs
-- name: ACL for user retrace
- acl:
- path: "{{ faf_spool_dir }}/lob"
- state: present
- recursive: yes
- entity: retrace
- etype: user
- permissions: rwX
- async: 21600
- poll: 0
-
-# for files/dirs created in future
-- name: default ACL for user retrace
- acl:
- path: "{{ faf_spool_dir }}/lob"
- state: present
- recursive: yes
- default: yes
- entity: retrace
- etype: user
- permissions: rwX
- async: 21600
- poll: 0
-
-- name: check for hardlink dir
- stat: path="{{ rs_faf_link_dir }}"
- register: rsdir
-
-- name: make dir for hardlinks
- file:
- path: "{{ rs_faf_link_dir }}"
- state: directory
- owner: retrace
- group: retrace
- when: not rsdir.stat.exists|bool
diff --git a/roles/abrt/retrace/templates/etc-retrace-server-hooks.conf.j2 b/roles/abrt/retrace/templates/etc-retrace-server-hooks.conf.j2
new file mode 100644
index 0000000000..278057b0dd
--- /dev/null
+++ b/roles/abrt/retrace/templates/etc-retrace-server-hooks.conf.j2
@@ -0,0 +1,8 @@
+#{{ ansible_managed }}
+
+[main]
+# Path to the executable hook scripts
+HookDir = {{ rs_executable_hooks_path }}
+
+# Global time limit for hook scripts (in seconds)
+Timeout = {{ rs_global_hook_timeout }}
diff --git a/roles/abrt/retrace/templates/etc-retrace-server.conf.j2 b/roles/abrt/retrace/templates/etc-retrace-server.conf.j2
index 376f19fd5f..0a090bd92d 100644
--- a/roles/abrt/retrace/templates/etc-retrace-server.conf.j2
+++ b/roles/abrt/retrace/templates/etc-retrace-server.conf.j2
@@ -91,12 +91,6 @@ SaveDir = {{ rs_save_dir }}
# Directory where old tasks are moved
DropDir = {{ rs_drop_dir }}
-# Whether to use explicit working directory, otherwise default mock settings are used
-UseWorkDir = {{ rs_use_work_dir|int }}
-
-# Working directory
-WorkDir = {{ rs_work_dir }}
-
# Whether to use createrepo's --update option (faster, but requires a lot of memory)
UseCreaterepoUpdate = {{ rs_use_createrepo_update|int }}
@@ -133,17 +127,17 @@ KernelDebuginfoURL = {{ rs_kernel_debuginfo_url }}
# Run makedumpfile with specified dumplevel; <= 0 or >= 32 means disabled
VmcoreDumpLevel = {{ rs_vmcore_dump_level|int }}
-# Whether to run kmem command by default (this may take a long time on large vmcores)
-# 1 => run 'kmem -f'; 2 => run 'kmem -f' with 'set hash off'; 3 => run 'kmem -z'; anything else => do not run kmem
-VmcoreRunKmem = {{ rs_vmcore_run_kmem|int }}
-
# EXPERIMENTAL! Use ABRT Server's storage to map build-ids
# into debuginfo packages and resolve dependencies
# Requires support from ABRT Server
UseFafPackages = {{ rs_use_faf_packages|int }}
-# Where to hardlink faf packages
-FafLinkDir = {{ rs_faf_link_dir }}
+# Spool directory for FAF packages
+FafLinkDir = {{ faf_spool_dir }}
+
+# Run the retrace in a Mock chroot (default), or a Podman container
+# (mock|podman)
+RetraceEnvironment = {{ rs_retrace_environment }}
# Whether to enable e-mail notifications
EmailNotify = {{ rs_email_notify|int }}
@@ -182,8 +176,3 @@ ProcessCommunicateTimeout = {{ rs_process_communicate_timeout|int }}
{% for a in rs_archhosts %}
{{ a.arch }} = {{ a.url|default('', true) }}
{% endfor %}
-
-[hookscripts]
-{% for h in rs_hookscripts %}
-{{ h.hook }} = {{ h.cmd|default('', true) }}
-{% endfor %}