From ff01b358e078b7910c84522e251c670000d812a6 Mon Sep 17 00:00:00 2001 From: Pierre-Yves Chibon Date: Thu, 18 Jun 2015 17:17:15 +0200 Subject: [PATCH 01/11] Move the eventsource port to 9939 --- inventory/group_vars/pagure-stg | 2 +- roles/pagure/frontend/templates/pagure.cfg | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/inventory/group_vars/pagure-stg b/inventory/group_vars/pagure-stg index 2faf7cff1b..17eb85fd04 100644 --- a/inventory/group_vars/pagure-stg +++ b/inventory/group_vars/pagure-stg @@ -9,7 +9,7 @@ num_cpus: 2 tcp_ports: [ 22, 25, 80, 443, 9418, # Used for the eventsource server - 8080, + 9939, # This is for the pagure public fedmsg relay 9940] diff --git a/roles/pagure/frontend/templates/pagure.cfg b/roles/pagure/frontend/templates/pagure.cfg index d88b4b18d5..586592faad 100644 --- a/roles/pagure/frontend/templates/pagure.cfg +++ b/roles/pagure/frontend/templates/pagure.cfg @@ -59,7 +59,7 @@ IP_ALLOWED_INTERNAL = ['127.0.0.1', 'localhost', '::1', '140.211.169.204'] # Redis configuration {% if env == 'pagure-staging' %} -EVENTSOURCE_SOURCE = 'https://stg.pagure.io:8080' +EVENTSOURCE_SOURCE = 'https://stg.pagure.io:9939' {% else %} EVENTSOURCE_SOURCE = 'https://pagure.io:8080' {% endif %} From 6aeb3ab0c9004a5eb9bd7fb33877a4b5100a875e Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Thu, 18 Jun 2015 15:19:36 +0000 Subject: [PATCH 02/11] Ditch example.com. --- roles/taiga/templates/local.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/taiga/templates/local.py b/roles/taiga/templates/local.py index c117a9ce5f..b4ca5fcdfc 100644 --- a/roles/taiga/templates/local.py +++ b/roles/taiga/templates/local.py @@ -12,7 +12,7 @@ DEBUG = False TEMPLATE_DEBUG = False PUBLIC_REGISTER_ENABLED = True -DEFAULT_FROM_EMAIL = "no-reply@example.com" +DEFAULT_FROM_EMAIL = "nobody@fedoraproject.org" SERVER_EMAIL = DEFAULT_FROM_EMAIL INSTALLED_APPS += ["taiga_contrib_fas_openid_auth"] From 2d3fd846c4a715d61360241bcb186f850f2e0dfc Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Thu, 18 Jun 2015 15:36:43 +0000 Subject: [PATCH 03/11] Run this upgrade playbook on staging and production both. --- playbooks/manual/upgrade/mote.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/manual/upgrade/mote.yml b/playbooks/manual/upgrade/mote.yml index af1c31e1a4..5bc2977886 100644 --- a/playbooks/manual/upgrade/mote.yml +++ b/playbooks/manual/upgrade/mote.yml @@ -1,5 +1,5 @@ - name: push packages out - hosts: value-stg + hosts: value;value-stg user: root vars_files: - /srv/web/infra/ansible/vars/global.yml @@ -22,7 +22,7 @@ when: testing - name: verify the config and restart it - hosts: value-stg + hosts: value;value-stg user: root vars_files: - /srv/web/infra/ansible/vars/global.yml From 855a751a4cd51666e36f27e44994df57341f7386 Mon Sep 17 00:00:00 2001 From: Pierre-Yves Chibon Date: Thu, 18 Jun 2015 17:38:16 +0200 Subject: [PATCH 04/11] Back to 8080 for pagure-stg --- inventory/group_vars/pagure | 2 ++ roles/pagure/frontend/templates/pagure.cfg | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/inventory/group_vars/pagure b/inventory/group_vars/pagure index b6ef4b2f41..9cdf8c81cd 100644 --- a/inventory/group_vars/pagure +++ b/inventory/group_vars/pagure @@ -8,6 +8,8 @@ num_cpus: 6 # the host_vars/$hostname file tcp_ports: [ 22, 25, 80, 443, 9418, + # Used for the eventsource + 8080, # This is for the pagure public fedmsg relay 9940] diff --git a/roles/pagure/frontend/templates/pagure.cfg b/roles/pagure/frontend/templates/pagure.cfg index 586592faad..d88b4b18d5 100644 --- a/roles/pagure/frontend/templates/pagure.cfg +++ b/roles/pagure/frontend/templates/pagure.cfg @@ -59,7 +59,7 @@ IP_ALLOWED_INTERNAL = ['127.0.0.1', 'localhost', '::1', '140.211.169.204'] # Redis configuration {% if env == 'pagure-staging' %} -EVENTSOURCE_SOURCE = 'https://stg.pagure.io:9939' +EVENTSOURCE_SOURCE = 'https://stg.pagure.io:8080' {% else %} EVENTSOURCE_SOURCE = 'https://pagure.io:8080' {% endif %} From bc39e0f76a77243866284fba36419c85f63d711d Mon Sep 17 00:00:00 2001 From: Pierre-Yves Chibon Date: Thu, 18 Jun 2015 17:49:48 +0200 Subject: [PATCH 05/11] I said 8080 on pagure-stg --- inventory/group_vars/pagure-stg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/group_vars/pagure-stg b/inventory/group_vars/pagure-stg index 17eb85fd04..2faf7cff1b 100644 --- a/inventory/group_vars/pagure-stg +++ b/inventory/group_vars/pagure-stg @@ -9,7 +9,7 @@ num_cpus: 2 tcp_ports: [ 22, 25, 80, 443, 9418, # Used for the eventsource server - 9939, + 8080, # This is for the pagure public fedmsg relay 9940] From ad5855775f86e2f3390f469ca8c99f7e9585b55a Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Thu, 18 Jun 2015 15:50:57 +0000 Subject: [PATCH 06/11] Disable this handler for now as it cannot be found from this playbook. --- .../copr/backend/files/provision/provision_builder_tasks.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/copr/backend/files/provision/provision_builder_tasks.yml b/roles/copr/backend/files/provision/provision_builder_tasks.yml index 70c78c4709..6f7a28feee 100644 --- a/roles/copr/backend/files/provision/provision_builder_tasks.yml +++ b/roles/copr/backend/files/provision/provision_builder_tasks.yml @@ -76,5 +76,5 @@ - name: disable core dumps ini_file: dest=/etc/systemd/coredump.conf section=Coredump option=Storage value=none - notify: - - systemctl daemon-reload +# notify: +# - systemctl daemon-reload From bcd2be9627171c78dae98fb6eecc426f90058135 Mon Sep 17 00:00:00 2001 From: Pierre-Yves Chibon Date: Thu, 18 Jun 2015 19:19:07 +0200 Subject: [PATCH 07/11] Start working on stunnel for pagure --- inventory/group_vars/pagure-stg | 4 +++ roles/pagure/frontend/files/stunnel.service | 14 ++++++++ roles/pagure/frontend/tasks/main.yml | 34 +++++++++++++++++++ .../pagure/frontend/templates/stunnel-conf.j2 | 8 +++++ 4 files changed, 60 insertions(+) create mode 100644 roles/pagure/frontend/files/stunnel.service create mode 100644 roles/pagure/frontend/templates/stunnel-conf.j2 diff --git a/inventory/group_vars/pagure-stg b/inventory/group_vars/pagure-stg index 2faf7cff1b..ed37c4eac7 100644 --- a/inventory/group_vars/pagure-stg +++ b/inventory/group_vars/pagure-stg @@ -13,6 +13,10 @@ tcp_ports: [ 22, 25, 80, 443, 9418, # This is for the pagure public fedmsg relay 9940] +stunnel_service: "eventsource" +stunnel_source_port: 8080 +stunnel_destination_port: 8080 + # These are consumed by a task in roles/fedmsg/base/main.yml fedmsg_certs: - service: shell diff --git a/roles/pagure/frontend/files/stunnel.service b/roles/pagure/frontend/files/stunnel.service new file mode 100644 index 0000000000..8701ba266f --- /dev/null +++ b/roles/pagure/frontend/files/stunnel.service @@ -0,0 +1,14 @@ +[Unit] +Description=stunnel +After=network.target +Documentation=https://infrastructure.fedoraproject.org/infra/docs/fedmsg-websocket.txt + +[Service] +ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf +Type=forking +User=root +Group=root +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/roles/pagure/frontend/tasks/main.yml b/roles/pagure/frontend/tasks/main.yml index 3a176399e9..c9384ee65b 100644 --- a/roles/pagure/frontend/tasks/main.yml +++ b/roles/pagure/frontend/tasks/main.yml @@ -127,6 +127,39 @@ - restart pagure_milter +# Set-up stunnel for the event source server + +- name: install stunnel service definition + copy: src=stunnel.service + dest=/usr/lib/systemd/system/stunnel.service + owner=root group=root mode=0755 + notify: + - reload systemd + - restart stunnel + tags: + - pagure + - stunnel + +- name: ensure old stunnel init file is gone + file: dest=/etc/init.d/stunnel/stunnel.init state=absent + tags: + - pagure + - stunnel + - config + +- name: install stunnel.conf + template: src={{ item.file }} + dest={{ item.dest }} + owner=root group=root mode=0600 + with_items: + - { file: stunnel-conf.j2, dest: /etc/stunnel/stunnel.conf } + notify: restart stunnel + tags: + - pagure + - stunnel + - config + + # Set-up Pagure - name: create the /var/www/releases folder @@ -165,6 +198,7 @@ copy: > src={{ private}}/files/httpd/{{ item }} dest=/etc/pki/tls/certs/{{ item }} owner=root group=root mode=0600 + notify: restart stunnel with_items: - pagure.io.cert - pagure.io.key diff --git a/roles/pagure/frontend/templates/stunnel-conf.j2 b/roles/pagure/frontend/templates/stunnel-conf.j2 new file mode 100644 index 0000000000..6dcf68a09d --- /dev/null +++ b/roles/pagure/frontend/templates/stunnel-conf.j2 @@ -0,0 +1,8 @@ +cert = /etc/pki/tls/certs/pagure.io.cert +key = /etc/pki/tls/certs/pagure.io.key +pid = /var/run/stunnel.pid + +[{{ stunnel_service }}] + +accept = {{ stunnel_source_port }} +connect = {{ stunnel_destination_port }} From 2af301d99ee818e0d4dbb14215ff1cbee97eba36 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Thu, 18 Jun 2015 17:22:12 +0000 Subject: [PATCH 08/11] Make this thing return reasonable error codes. --- roles/supybot/files/meetings_by_team.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/supybot/files/meetings_by_team.sh b/roles/supybot/files/meetings_by_team.sh index b2486d992e..ec2807bbf1 100755 --- a/roles/supybot/files/meetings_by_team.sh +++ b/roles/supybot/files/meetings_by_team.sh @@ -8,6 +8,6 @@ for f in `find -type f -mtime -30 | grep -v "fedora-meeting\."` do teamname=$(basename $f | awk -F. '{ print $1 }' ) mkdir -p $BASELOCATION/$teamname - ln -s $PWD/$f $BASELOCATION/$teamname/ 2> /dev/null + ln -f -s $PWD/$f $BASELOCATION/$teamname/ 2> /dev/null done From 85deb072334b6e13f84cb6d109ddbfadf7553451 Mon Sep 17 00:00:00 2001 From: Pierre-Yves Chibon Date: Thu, 18 Jun 2015 19:26:35 +0200 Subject: [PATCH 09/11] Let's not forget to install stunnel --- roles/pagure/frontend/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/pagure/frontend/tasks/main.yml b/roles/pagure/frontend/tasks/main.yml index c9384ee65b..e474ee096d 100644 --- a/roles/pagure/frontend/tasks/main.yml +++ b/roles/pagure/frontend/tasks/main.yml @@ -11,6 +11,7 @@ - redis - libsemanage-python - mod_ssl + - stunnel tags: - pagure - packages From a234d40e818ec76675417b1cd45d80d0476ecafe Mon Sep 17 00:00:00 2001 From: Ricky Elrod Date: Thu, 18 Jun 2015 17:55:34 +0000 Subject: [PATCH 10/11] add the cron too Signed-off-by: Ricky Elrod --- roles/review-stats/build/tasks/main.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/roles/review-stats/build/tasks/main.yml b/roles/review-stats/build/tasks/main.yml index 6fcc4abbc9..438c39f9c0 100644 --- a/roles/review-stats/build/tasks/main.yml +++ b/roles/review-stats/build/tasks/main.yml @@ -39,3 +39,11 @@ - review-stats - review-stats/build +- name: Install the review-stats cronjob + copy: > + src=review-stats.cron dest=/etc/cron.d/review-stats.cron + owner=root group=root mode=0644 + tags: + - cron + - review-stats + - review-stats/build From 6a3d60fadd1c4d5872d18182ec7138b17b00a7d7 Mon Sep 17 00:00:00 2001 From: Ricky Elrod Date: Thu, 18 Jun 2015 17:56:09 +0000 Subject: [PATCH 11/11] no, the other kind of add it Signed-off-by: Ricky Elrod --- roles/review-stats/build/files/review-stats.cron | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 roles/review-stats/build/files/review-stats.cron diff --git a/roles/review-stats/build/files/review-stats.cron b/roles/review-stats/build/files/review-stats.cron new file mode 100644 index 0000000000..9947516f88 --- /dev/null +++ b/roles/review-stats/build/files/review-stats.cron @@ -0,0 +1,2 @@ +MAILTO=tibbs@fedoraproject.org +0,30 * * * * apache /usr/local/bin/review-stats.py -c /usr/local/share/review-stats/review-stats.cfg -t /usr/local/share/review-stats/templates -d /srv/web/review-stats/