Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

UPSTREAMFIRST: removing old roles that aren't used anymore

Browse source
This commit is contained in:
Tim Flink 2020-03-19 15:37:04 +00:00 committed by Pierre-Yves Chibon
parent 1ca22d9efe
commit 0078506569
34 changed files with 0 additions and 2093 deletions
Download patch file Download diff file Expand all files Collapse all files

2
roles/pagure/upstreamfirst-frontend/defaults/main.yml
View file

@ -1,2 +0,0 @@
---
pagure_instance_name: "Pagure"

91
roles/pagure/upstreamfirst-frontend/files/aliases
View file

@ -1,91 +0,0 @@
#
# Aliases in this file will NOT be expanded in the header from
# Mail, but WILL be visible over networks or from /bin/mail.
#
# >>>>>>>>>> The program "newaliases" must be run after
# >> NOTE >> this file is updated for any changes to
# >>>>>>>>>> show through to sendmail.
#
# Basic system aliases -- these MUST be present.
mailer-daemon: postmaster
postmaster: sysadmin-main
# General redirections for pseudo accounts.
bin: root
daemon: root
adm: root
lp: root
sync: root
shutdown: root
halt: root
mail: root
#news: root
uucp: root
operator: root
games: root
gopher: root
ftp: root
#nobody: root
radiusd: root
nut: root
dbus: root
vcsa: root
canna: root
wnn: root
rpm: root
nscd: root
pcap: root
apache: root
webalizer: root
dovecot: root
fax: root
quagga: root
radvd: root
pvm: root
amanda: root
privoxy: root
ident: root
named: root
xfs: root
gdm: root
mailnull: root
postgres: root
sshd: root
smmsp: root
postfix: root
netdump: root
ldap: root
squid: root
ntp: root
mysql: root
desktop: root
rpcuser: root
rpc: root
nfsnobody: root
notifications: root
ingres: root
system: root
toor: root
manager: root
dumper: root
abuse: root
nagios: root
newsadm: news
newsadmin: news
usenet: news
ftpadm: ftp
ftpadmin: ftp
ftp-adm: ftp
ftp-admin: ftp
# trap decode to catch security attacks
decode: root
# Person who should get root's mail
root: sysadmin-main
pagure: /dev/null
reply: /dev/null

10
roles/pagure/upstreamfirst-frontend/files/backup-database
View file

@ -1,10 +0,0 @@
#!/bin/bash
# Backup a database *locally* to /backups/.
DB=$1
# Make our latest backup
/usr/bin/pg_dump -C $DB | /usr/bin/xz > /backups/$DB-$(date +%F).dump.xz
# Also, delete the backup from a few days ago.
rm -f /backups/$DB-$(date --date="3 days ago" +%F).dump.xz

15
roles/pagure/upstreamfirst-frontend/files/pagure_ev.service
View file

@ -1,15 +0,0 @@
[Unit]
Description=Pagure EventSource server (Allowing live refresh of the pages supporting it)
After=redis.target
Documentation=https://pagure.io/pagure
[Service]
ExecStart=/usr/libexec/pagure-ev/pagure_stream_server.py
Type=simple
User=git
Group=git
Restart=on-failure
LimitNOFILE=40960
[Install]
WantedBy=multi-user.target

15
roles/pagure/upstreamfirst-frontend/files/pagure_fast_worker.service
View file

@ -1,15 +0,0 @@
[Unit]
Description=Pagure worker for backend git interaction
After=redis.target
Documentation=https://pagure.io/pagure
[Service]
ExecStart=/usr/bin/celery worker -A pagure.lib.tasks --loglevel=info -Q fast_workers -c 5
Environment="PAGURE_CONFIG=/etc/pagure/pagure.cfg"
Type=simple
User=git
Restart=on-failure
[Install]
WantedBy=multi-user.target

15
roles/pagure/upstreamfirst-frontend/files/pagure_medium_worker.service
View file

@ -1,15 +0,0 @@
[Unit]
Description=Pagure worker for backend git interaction
After=redis.target
Documentation=https://pagure.io/pagure
[Service]
ExecStart=/usr/bin/celery worker -A pagure.lib.tasks --loglevel=info -Q medium_workers -c 5
Environment="PAGURE_CONFIG=/etc/pagure/pagure.cfg"
Type=simple
User=git
Restart=on-failure
[Install]
WantedBy=multi-user.target

15
roles/pagure/upstreamfirst-frontend/files/pagure_slow_worker.service
View file

@ -1,15 +0,0 @@
[Unit]
Description=Pagure worker for backend git interaction
After=redis.target
Documentation=https://pagure.io/pagure
[Service]
ExecStart=/usr/bin/celery worker -A pagure.lib.tasks --loglevel=info -Q slow_workers -c 5
Environment="PAGURE_CONFIG=/etc/pagure/pagure.cfg"
Type=simple
User=git
Restart=on-failure
[Install]
WantedBy=multi-user.target

78
roles/pagure/upstreamfirst-frontend/files/pg_hba.conf
View file

@ -1,78 +0,0 @@
# PostgreSQL Client Authentication Configuration File
# ===================================================
#
# Refer to the PostgreSQL Administrator's Guide, chapter "Client
# Authentication" for a complete description. A short synopsis
# follows.
#
# This file controls: which hosts are allowed to connect, how clients
# are authenticated, which PostgreSQL user names they can use, which
# databases they can access. Records take one of these forms:
#
# local DATABASE USER METHOD [OPTION]
# host DATABASE USER CIDR-ADDRESS METHOD [OPTION]
# hostssl DATABASE USER CIDR-ADDRESS METHOD [OPTION]
# hostnossl DATABASE USER CIDR-ADDRESS METHOD [OPTION]
#
# (The uppercase items must be replaced by actual values.)
#
# The first field is the connection type: "local" is a Unix-domain socket,
# "host" is either a plain or SSL-encrypted TCP/IP socket, "hostssl" is an
# SSL-encrypted TCP/IP socket, and "hostnossl" is a plain TCP/IP socket.
#
# DATABASE can be "all", "sameuser", "samerole", a database name, or
# a comma-separated list thereof.
#
# USER can be "all", a user name, a group name prefixed with "+", or
# a comma-separated list thereof. In both the DATABASE and USER fields
# you can also write a file name prefixed with "@" to include names from
# a separate file.
#
# CIDR-ADDRESS specifies the set of hosts the record matches.
# It is made up of an IP address and a CIDR mask that is an integer
# (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that specifies
# the number of significant bits in the mask. Alternatively, you can write
# an IP address and netmask in separate columns to specify the set of hosts.
#
# METHOD can be "trust", "reject", "md5", "crypt", "password",
# "krb5", "ident", or "pam". Note that "password" sends passwords
# in clear text; "md5" is preferred since it sends encrypted passwords.
#
# OPTION is the ident map or the name of the PAM service, depending on METHOD.
#
# Database and user names containing spaces, commas, quotes and other special
# characters must be quoted. Quoting one of the keywords "all", "sameuser" or
# "samerole" makes the name lose its special character, and just match a
# database or username with that name.
#
# This file is read on server startup and when the postmaster receives
# a SIGHUP signal. If you edit the file on a running system, you have
# to SIGHUP the postmaster for the changes to take effect. You can use
# "pg_ctl reload" to do that.
# Put your actual configuration here
# ----------------------------------
#
# If you want to allow non-local connections, you need to add more
# "host" records. In that case you will also need to make PostgreSQL listen
# on a non-local interface via the listen_addresses configuration parameter,
# or via the -i or -h command line switches.
#
#@authcomment@
# TYPE DATABASE USER CIDR-ADDRESS METHOD
#@remove-line-for-nolocal@# "local" is for Unix domain socket connections only
#@remove-line-for-nolocal@local all all @authmethod@
# IPv4 local connections:
#host all all 127.0.0.1/32 @authmethod@
# IPv6 local connections:
#host all all ::1/128 @authmethod@
local all all ident
host koji koji 10.5.128.166 255.255.255.255 md5
host all all 0.0.0.0 0.0.0.0 md5
# Note, I can't think of a reason to make this more restrictive than ipv4 but
# only fakefas needs it so far
host all all ::1/128 md5

5
roles/pagure/upstreamfirst-frontend/files/robots.txt
View file

@ -1,5 +0,0 @@
User-agent: *
Disallow: /api
Disallow: /login
Disallow: /*/raw
Crawl-Delay: 2

0
roles/pagure/upstreamfirst-frontend/files/selinux/pagure.fc
View file

1
roles/pagure/upstreamfirst-frontend/files/selinux/pagure.if
View file

@ -1 +0,0 @@
## <summary></summary>

BIN
roles/pagure/upstreamfirst-frontend/files/selinux/pagure.pp
View file

Binary file not shown.

11
roles/pagure/upstreamfirst-frontend/files/selinux/pagure.te
View file

@ -1,11 +0,0 @@
module pagure 1.0;
require {
type httpd_t;
type gitosis_var_lib_t;
class dir { add_name remove_name write };
class file { create link setattr unlink write };
}
allow httpd_t gitosis_var_lib_t:dir { add_name remove_name write };
allow httpd_t gitosis_var_lib_t:file { create link setattr unlink write };

14
roles/pagure/upstreamfirst-frontend/files/stunnel.service
View file

@ -1,14 +0,0 @@
[Unit]
Description=stunnel
After=network.target
Documentation=https://infrastructure.fedoraproject.org/infra/docs/fedmsg-websocket.txt
[Service]
ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf
Type=forking
User=root
Group=root
Restart=on-failure
[Install]
WantedBy=multi-user.target

202
roles/pagure/upstreamfirst-frontend/files/upstreamfirst-master.html
View file

@ -1,202 +0,0 @@
<!DOCTYPE html>
<html lang='en'>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<title>{% block title %}{% endblock %} - Upstream First Pagure</title>
<link rel="shortcut icon" type="image/vnd.microsoft.icon"
href="{{ url_for('static', filename='favicon.ico')}}"/>
<link href="{{ config['BOOTSTRAP_URLS_CSS'] }}"
type="text/css" rel="stylesheet" />
<link href="{{ url_for('static', filename='pagure.css') }}"
type="text/css" rel="stylesheet" />
<link href="{{ url_for('static', filename='vendor/open-iconic/css/open-iconic.min.css') }}"
type="text/css" rel="stylesheet" />
<link href="{{ url_for('static', filename='fonts/fonts.css') }}"
rel="stylesheet" type="text/css" />
<link href="{{ url_for('static', filename='vendor/hack_fonts/css/hack-extended.min.css') }}"
type="text/css" rel="stylesheet" />
{% block header %}{% endblock %}
</head>
<body id="{{ tag }}">
<!-- start masthead -->
<div class="masthead">
<div class="container">
<div class="row">
<div class="col-sm-3">
<a href="{{ url_for('ui_ns.index') }}">
<img height=40px src="{{ url_for('static', filename='upstreamfirst_plain.png') }}"
alt="pagure Logo" id="pagureLogo"/>
</a>
</div>
<div class="col-sm-9">
<div class="row">
<nav class="navbar navbar-light p-t-0 p-b-0">
<div class="container">
<ul class="nav navbar-nav nav-underline pull-xs-right">
{% if not nologin %}
{% if g.fas_user %}
<li class="nav-item">
<a class="nav-link" href="{{ url_for('ui_ns.browse_projects') }}">Browse</a>
</li>
{% if config.get('ENABLE_NEW_PROJECTS', True) %}
<li class="nav-item p-l-1">
<a class="nav-link" href="{{ url_for('ui_ns.new_project') }}">
<span class="oi" data-glyph="plus" title="Create New"
aria-hidden="true">
</span>
</a>
</li>
{% endif %}
<li class="nav-item dropdown p-l-1">
<a class="nav-link dropdown-toggle" data-toggle="dropdown"
href="#" role="button" aria-haspopup="true" aria-expanded="false">
{{ g.fas_user.username | avatar(24) | safe }}
</a>
<div class="dropdown-menu dropdown-menu-right">
<div class="dropdown-header">
<strong>{{ g.fas_user.username }}</strong>
</div>
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="{{
url_for('ui_ns.view_user', username=g.fas_user.username)
}}">My Public Profile</a>
<a class="dropdown-item" href="{{
url_for('ui_ns.user_settings')
}}">My Settings</a>
<div class="dropdown-divider"></div>
{% if config.get('ENABLE_TICKETS', True) %}
<a class="dropdown-item" href="{{
url_for('ui_ns.view_user_issues', username=g.fas_user.username)
}}">My Issues</a>
{% endif %}
<a class="dropdown-item" href="{{
url_for('ui_ns.view_user_requests', username=g.fas_user.username)
}}">My Pull Requests</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="{{ url_for('auth_logout')
}}?next={{request.url}}">Log Out</a>
</div>
</li>
{% else %}
<li class="nav-item p-l-1">
<a class="nav-link btn btn-primary" href="{{
url_for('auth_login') }}?next={{request.url
}}">Log In</a>
</li>
{% endif %}
{% endif %}
</ul>
</div>
</nav>
</div>
</div>
</div>
</div>
</div><!-- close masthead-->
<div class="bodycontent p-b-3">
{% with messages = get_flashed_messages(with_categories=true) %}
{% if messages %}
<div class="notification-spacer">
<div class="container p-t-2">
{% for category, message in messages %}
<div class="alert {%
if category == 'error' %}alert-warning{%
else %}alert-info{%
endif %} alert-dismissible" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true">&times;</span>
<span class="sr-only">Close</span>
</button>
{{ message }}
</div>
{% endfor %}
</div>
</div>
{% endif %}
{% endwith %}
{% if new_user %}
<div class="notification-spacer">
<div class="container p-t-2">
<div class="alert alert-info alert-dismissible" role="alert">
<button type="button" class="close" data-dismiss="alert"
aria-label="Close">
<span aria-hidden="true">&times;</span>
<span class="sr-only">Close</span>
</button>
<h4 class="modal-title" id="welcome_title">
Welcome to {{ config['INSTANCE_NAME'] }}, {{ g.fas_user.username }}!
</h4>
<div class="modal-body">
<p>
We are glad to welcome you to pagure.
</p>
<p>
In order to get started with pagure, to set-up
your preferred email address or your ssh key,
you may want to read the
<a href="https://docs.pagure.org/pagure/usage/first_steps.html">
First steps in Pagure</a> documentation.
</p>
<p>
You may also find some more information on how to use pagure
in the <a href="https://docs.pagure.org/pagure/usage.html">
usage section of the documentation</a>.
</p>
</div>
</div>
</div>
</div>
{% endif %}
{% block content %}{% endblock %}
</div>
<div class="footer p-t-1 p-b-1">
<div class="container">
<p class="text-muted credit">
Copyright &copy; 2014-2017 Red Hat
<a href="https://pagure.io/pagure">pagure</a> &mdash;
{{version}} &mdash; <a href="https://docs.pagure.org/pagure/usage.html">Documentation</a>
</p>
<p><a href="{{ url_for('ui_ns.ssh_hostkey') }}">SSH Hostkey/Fingerprint</a></p>
</div>
</div>
{% block jscripts %}
<script type="text/javascript"
src="{{ url_for('static',
filename='vendor/jquery/jquery.min.js') }}">
</script>
<script type="text/javascript"
src="{{ url_for('static',
filename='vendor/jquery-ui/jquery-ui.min.js') }}">
</script>
<script type="text/javascript"
src="{{ config['BOOTSTRAP_URLS_JS'] }}">
</script>
<script type="text/javascript">
$('[data-toggle="tooltip"]').tooltip({placement : 'bottom'});
</script>
{% endblock %}
{% if config['FEDMENU_URL'] %}
<script src="{{ config['FEDMENU_URL'] }}/js/fedmenu.js"></script>
<script src="{{ config['FEDMENU_URL'] }}/js/fedora-libravatar.js"></script>
<script>
fedmenu({
'url': '{{ config["FEDMENU_DATA_URL"] }}',
'mimeType': 'application/javascript',
'position': 'bottom-right',
{% if user -%}
'user': '{{ user.username }}',
{%- endif %}
});
</script>
{% endif %}
</body>
</html>

3
roles/pagure/upstreamfirst-frontend/handlers/main.yml
View file

@ -1,3 +0,0 @@
---
- name: restart pagure_milter
service: name=pagure_milter state=restarted

414
roles/pagure/upstreamfirst-frontend/tasks/main.yml
View file

@ -1,414 +0,0 @@
---
# Configuration for the pagure webapp
- name: install needed packages
package: name={{ item }} state=present
with_items:
- pagure
- pagure-ci
- pagure-ev
- pagure-loadjson
- pagure-logcom
- pagure-milters
- pagure-webhook
- python-psycopg2
- python2-pygments2
- redis
- libsemanage-python
- mod_ssl
- stunnel
# Use haveged to ensure the server keeps some entropy
- haveged
# make sure python2-openidc-client is installed
- python2-openidc-client
tags:
- pagure
- packages
- name: Initialize postgres if necessary
command: /usr/bin/postgresql-setup initdb
creates=/var/lib/pgsql/data
notify:
- restart postgresql
tags:
- pagure
- name: Put in robots.txt
copy: src=robots.txt dest=/var/www/html/robots.txt
tags:
- pagure
# Set-up gitolite
- name: install needed packages
package: name=gitolite3 state=present
tags:
- pagure
- gitolite
- packages
- name: Rename the user gitolite into git
command: usermod --move-home --login git --home /srv/git/ gitolite3
creates=/srv/git/
tags:
- gitolite
- pagure
- name: Rename the group gitolite into git
command: groupmod --new-name git gitolite3
creates=/srv/git/.gitolite/conf
tags:
- gitolite
- pagure
- name: create the /srv/git/.gitolite/conf folder
file: state=directory
path=/srv/git/.gitolite/conf
owner=git group=git mode=0775
tags:
- gitolite
- pagure
- name: create the /srv/git/.gitolite/keydir folder
file: state=directory
path=/srv/git/.gitolite/keydir
owner=git group=git mode=0775
tags:
- gitolite
- pagure
- name: create the /srv/git/.gitolite/logs folder
file: state=directory
path=/srv/git/.gitolite/logs
owner=git group=git mode=0775
tags:
- gitolite
- pagure
- name: create the /attachments folder
file: state=directory
path=/srv/attachments
owner=git group=git mode=0775
tags:
- pagure
- name: Adjust owner of /srv/git
file: name=/srv/git state=directory recurse=yes owner=git group=git
tags:
- gitolite
- name: Adjust permissions of /srv/git/.gitolite
file: name=/srv/git/.gitolite state=directory recurse=yes owner=git group=git
tags:
- gitolite
- name: install our own gitolite configuration
template: src=gitolite.rc
dest=/srv/git/.gitolite.rc
owner=git group=git mode=0755
tags:
- gitolite
- pagure
- name: create all the directories where we store the git repos
file: state=directory
path={{ item }}
owner=git group=git mode=0775
with_items:
- /srv/git/repositories/
- /srv/git/repositories/forks
- /srv/git/repositories/docs
- /srv/git/repositories/tickets
- /srv/git/repositories/requests
- /srv/git/remotes
tags:
- gitolite
- pagure
- name: create the /srv/tmp folder where to clone repos
file: state=directory
path=/srv/tmp
owner=git group=git mode=0775
tags:
- gitolite
- pagure
# Set-up postfix and the milter for postfix
- name: Add the /etc/aliases file
copy: src=aliases dest=/etc/aliases owner=root mode=644
tags:
- config
- pagure
- postfix
notify:
- restart postfix
- restart pagure_milter
# Override pagure_ev systemd service file
- name: install pagure_ev service definition
copy: src=pagure_ev.service
dest=/usr/lib/systemd/system/pagure_ev.service
owner=root group=root mode=0644
notify:
- reload systemd
- restart pagure_ev
tags:
- pagure
- pagure_ev
# Set-up stunnel for the event source server
- name: install stunnel service definition
copy: src=stunnel.service
dest=/usr/lib/systemd/system/stunnel.service
owner=root group=root mode=0644
notify:
- reload systemd
- restart stunnel
tags:
- pagure
- stunnel
- name: ensure old stunnel init file is gone
file: dest=/etc/init.d/stunnel/stunnel.init state=absent
tags:
- pagure
- stunnel
- config
- name: install stunnel.conf
template: src={{ item.file }}
dest={{ item.dest }}
owner=root group=root mode=0600
with_items:
- { file: stunnel-conf.j2, dest: /etc/stunnel/stunnel.conf }
notify: restart stunnel
tags:
- pagure
- stunnel
- config
- name: Add the different service files for the different workers
copy: src={{ item }}.service
dest=/etc/systemd/system/{{ item }}.service
owner=root group=root mode=0755
with_items:
- pagure_fast_worker
- pagure_medium_worker
- pagure_slow_worker
notify:
- reload systemd
tags:
- pagure
# Set-up Pagure
- name: create the /var/www/releases folder
file: state=directory
path=/var/www/releases
owner=git group=git mode=0775
tags:
- pagure
- web
- name: copy sundry pagure configuration
template: src={{ item.file }}
dest={{ item.location }}/{{ item.file }}
owner=git group=postfix mode=0640
with_items:
- { file: pagure.cfg, location: /etc/pagure }
- { file: alembic.ini, location: /etc/pagure }
changed_when: "1 != 1"
tags:
- config
- web
- pagure
notify:
- restart apache
- name: create pagure database
delegate_to: "{{ new_pagure_db_command_host }}"
become: true
become_user: postgres
postgresql_db: db={{ new_pagure_db_name }}
tags:
- web
- pagure
- name: ensure pagure db user has access to database
delegate_to: "{{ new_pagure_db_command_host }}"
become: true
become_user: postgres
postgresql_user: db={{ new_pagure_db_name }} user={{ new_pagure_db_user }} password={{ new_pagure_db_pass }} role_attr_flags=NOSUPERUSER
tags:
- web
- pagure
- name: create the database scheme
command: /usr/bin/python2 /usr/share/pagure/pagure_createdb.py
changed_when: "1 != 1"
environment:
PAGURE_CONFIG: /etc/pagure/pagure.cfg
tags:
- web
- pagure
- name: Install the configuration file to activate https
template: src={{ item }} dest=/etc/httpd/conf.d/{{ item }}
owner=root group=root mode=0644
with_items:
- 0_pagure.conf
tags:
- files
- config
- pagure
- sslciphers
notify:
- restart apache
- name: Install the wsgi file
template: src={{ item }}
dest=/var/www/{{ item }}
owner=git group=git mode=0644
with_items:
- pagure.wsgi
- docs_pagure.wsgi
tags:
- config
- web
- pagure
notify:
- restart apache
- name: Add default facl so apache can read git repos
acl: default=yes etype=user entity=apache permissions="rx" name=/srv/git state=present
register: acl_updates
tags:
- pagure
- name: Manually fix current default ACLs since Ansible doesnt know recursive acls
when: acl_updates.changed
command: /usr/bin/setfacl -Rdm user:apache:rx /srv/git
tags:
- pagure
- name: Manually fix current ACLs since Ansible doesnt know recursive acls
when: acl_updates.changed
command: /usr/bin/setfacl -Rm user:apache:rx /srv/git
tags:
- pagure
- name: check the selinux context of the git repo directory
command: matchpathcon /srv/git
register: distgitcontext
check_mode: no
changed_when: false
tags:
- config
- pagure
- selinux
- name: set the SELinux policy for the distgit root directory
command: semanage fcontext -a -t gitosis_var_lib_t "/srv/git(/.*)?"
when: distgitcontext.stdout.find('gitosis_var_lib_t') == -1
tags:
- config
- pagure
- selinux
- name: check the selinux context of the releases directory
command: matchpathcon /var/www/releases
register: distgitcontext
check_mode: no
changed_when: false
tags:
- config
- pagure
- selinux
# Note: On Fedora its httpd_sys_content_rw_t - Don't we love confusions?
- name: set the SELinux policy for the releases directory
command: semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/releases(/.*)?"
when: distgitcontext.stdout.find('httpd_sys_rw_content_t') == -1
tags:
- config
- pagure
- selinux
- name: copy over our custom selinux module
copy: src=selinux/pagure.pp dest=/usr/local/share/pagure.pp
register: selinux_module
tags:
- pagure
- name: install our custom selinux module
command: semodule -i /usr/local/share/pagure.pp
when: selinux_module is changed
tags:
- pagure
- name: set sebooleans so pagure can talk to the network (db + redis)
seboolean: name=httpd_can_network_connect
state=true
persistent=true
tags:
- selinux
- web
- pagure
- name: set sebooleans so apache can send emails
seboolean: name=httpd_can_sendmail
state=true
persistent=true
tags:
- selinux
- web
- pagure
############################################################
# Setup the custom theme for the upstreamfirst instance
############################################################
- name: create the upstreamfirst theme dir
file: state=directory
path=/var/www/upstreamfirst-paguretheme/templates
owner=apache group=apache mode=0775
tags:
- web
- pagure
- name: copy over custom master.html template
copy: src=upstreamfirst-master.html dest=/var/www/upstreamfirst-paguretheme/templates/master.html
tags:
- pagure
# Ensure all the services are up and running
- name: Start and enable httpd, postfix, pagure_milter
service: name={{ item }} enabled=yes state=started
with_items:
- httpd
- postfix
- stunnel
- redis
- pagure_ev
- pagure_ci
- pagure_loadjson
- pagure_logcom
- pagure_milter
- pagure_webhook
- pagure_worker
- pagure_gitolite_worker
- pagure_fast_worker
- pagure_medium_worker
- pagure_slow_worker
- haveged
ignore_errors: true
tags:
- pagure
- service
- postfix

161
roles/pagure/upstreamfirst-frontend/templates/0_pagure.conf
View file

@ -1,161 +0,0 @@
WSGISocketPrefix run/wsgi
#WSGIRestrictStdout On
WSGIRestrictSignal Off
WSGIPythonOptimize 1
WSGIPassAuthorization On
WSGIDaemonProcess pagure user=git group=git maximum-requests=1000 display-name=pagure processes=4 threads=4 inactivity-timeout=300
WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-name=paguredocs processes=4 threads=4 inactivity-timeout=300
## Redirects http -> https
<VirtualHost *:80>
RewriteEngine on
RewriteRule ^/\.well-known/(.*) /srv/web/acme-challenge/.well-known/$1 [L]
ServerName {{ external_hostname }}
Redirect permanent / https://{{ external_hostname }}/
</VirtualHost>
<VirtualHost *:80>
RewriteEngine on
RewriteRule ^/\.well-known/(.*) /srv/web/acme-challenge/.well-known/$1 [L]
ServerName docs.{{ external_hostname }}
Redirect permanent / https://docs.{{ external_hostname }}/
</VirtualHost>
<VirtualHost *:80>
RewriteEngine on
RewriteRule ^/\.well-known/(.*) /srv/web/acme-challenge/.well-known/$1 [L]
ServerName releases.{{ external_hostname }}
Redirect permanent / https://releases.{{ external_hostname }}/
# Added until we can get the cert out
DocumentRoot "/var/www/releases"
<Directory />
Options +Indexes
IndexOptions NameWidth=*
</Directory>
</VirtualHost>
## End of redirects http -> https
<VirtualHost *:443>
ServerName {{ external_hostname }}
Alias "/robots.txt" "/var/www/html/robots.txt"
WSGIScriptAlias / /var/www/pagure.wsgi
ServerAdmin admin@fedoraproject.org
SSLEngine on
SSLProtocol {{ ssl_protocols }}
SSLCipherSuite {{ ssl_ciphers }}
# Use secure TLSv1.1 and TLSv1.2 ciphers
Header always add Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
SSLCertificateFile /etc/letsencrypt/live/{{ external_hostname }}/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/{{ external_hostname }}/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/{{ external_hostname }}/fullchain.pem
SSLHonorCipherOrder On
Alias /static /usr/lib/python2.7/site-packages/pagure/static/
SetEnv GIT_PROJECT_ROOT /srv/git/repositories
AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /srv/git/repositories/$1
AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /srv/git/repositories/$1
ScriptAliasMatch \
"(?x)^/(.*/(HEAD | \
info/refs | \
objects/info/[^/]+ | \
git-(upload|receive)-pack))$" \
/usr/libexec/git-core/git-http-backend/$1
# Configure static files so that a custom theme can override the defaults
RewriteEngine on
RewriteCond "{{ pagure_theme_static_dir }}/$1" -f
RewriteRule "^/static/(.*)" "{{ pagure_theme_static_dir }}/$1" [L]
# Use the application default theme for files not customized
RewriteRule "^/static/(.*)" "/usr/lib/python2.7/site-packages/pagure/static/$1" [L]
<Location />
WSGIProcessGroup pagure
<IfModule mod_authz_core.c>
# Apache 2.4
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order deny,allow
Allow from all
</IfModule>
</Location>
<Location /releases>
Redirect "/releases" https://releases.{{ external_hostname }}
</Location>
</VirtualHost>
<VirtualHost *:443>
ServerName docs.{{ external_hostname }}
WSGIScriptAlias / /var/www/docs_pagure.wsgi
SSLEngine on
SSLProtocol {{ ssl_protocols }}
SSLCipherSuite {{ ssl_ciphers }}
# Use secure TLSv1.1 and TLSv1.2 ciphers
Header always add Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
SSLCertificateFile /etc/letsencrypt/live/{{ external_hostname }}/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/{{ external_hostname }}/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/{{ external_hostname }}/fullchain.pem
SSLHonorCipherOrder On
# Configure static files so that a custom theme can override the defaults
RewriteEngine on
RewriteCond "{{ pagure_theme_static_dir }}/$1" -f
RewriteRule "^/static/(.*)" "{{ pagure_theme_static_dir }}/$1" [L]
# Use the application default theme for files not customized
RewriteRule "^/static/(.*)" "/usr/lib/python2.7/site-packages/pagure/static/$1" [L]
<Location />
WSGIProcessGroup paguredocs
<IfModule mod_authz_core.c>
# Apache 2.4
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order deny,allow
Allow from all
</IfModule>
</Location>
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "/var/www/releases"
ServerName releases.{{ external_hostname }}
<Directory />
Options +Indexes
IndexOptions NameWidth=*
</Directory>
</VirtualHost>

50
roles/pagure/upstreamfirst-frontend/templates/alembic.ini
View file

@ -1,50 +0,0 @@
# A generic, single database configuration.
[alembic]
# path to migration scripts
script_location = /usr/share/pagure/alembic
# template used to generate migration files
# file_template = %%(rev)s_%%(slug)s
# set to 'true' to run the environment during
# the 'revision' command, regardless of autogenerate
# revision_environment = false
#sqlalchemy.url = postgresql://<%= pkgdb_app %>:<%= pkgdb_appPassword %>@db-pkgdb/pkgdb
# Logging configuration
[loggers]
keys = root,sqlalchemy,alembic
[handlers]
keys = console
[formatters]
keys = generic
[logger_root]
level = WARN
handlers = console
qualname =
[logger_sqlalchemy]
level = WARN
handlers =
qualname = sqlalchemy.engine
[logger_alembic]
level = INFO
handlers =
qualname = alembic
[handler_console]
class = StreamHandler
args = (sys.stderr,)
level = NOTSET
formatter = generic
[formatter_generic]
format = %(levelname)-5.5s [%(name)s] %(message)s
datefmt = %H:%M:%S

22
roles/pagure/upstreamfirst-frontend/templates/docs_pagure.wsgi
View file

@ -1,22 +0,0 @@
#-*- coding: utf-8 -*-
# The three lines below are required to run on EL6 as EL6 has
# two possible version of python-sqlalchemy and python-jinja2
# These lines make sure the application uses the correct version.
import __main__
__main__.__requires__ = ['SQLAlchemy >= 0.8', 'jinja2 >= 2.4']
import pkg_resources
import os
## Set the environment variable pointing to the configuration file
os.environ['PAGURE_CONFIG'] = '/etc/pagure/pagure.cfg'
## The following is only needed if you did not install pagure
## as a python module (for example if you run it from a git clone).
#import sys
#sys.path.insert(0, '/path/to/pagure/')
## The most import line to make the wsgi working
from pagure.docs_server import APP as application
#application.debug = True

195
roles/pagure/upstreamfirst-frontend/templates/gitolite.rc
View file

@ -1,195 +0,0 @@
# configuration variables for gitolite
# This file is in perl syntax. But you do NOT need to know perl to edit it --
# just mind the commas, use single quotes unless you know what you're doing,
# and make sure the brackets and braces stay matched up!
# (Tip: perl allows a comma after the last item in a list also!)
# HELP for commands can be had by running the command with "-h".
# HELP for all the other FEATURES can be found in the documentation (look for
# "list of non-core programs shipped with gitolite" in the master index) or
# directly in the corresponding source file.
%RC = (
# ------------------------------------------------------------------
# default umask gives you perms of '0700'; see the rc file docs for
# how/why you might change this
UMASK => 0077,
# look for "git-config" in the documentation
GIT_CONFIG_KEYS => '',
# comment out if you don't need all the extra detail in the logfile
LOG_EXTRA => 1,
# syslog options
# 1. leave this section as is for normal gitolite logging
# 2. uncomment this line to log only to syslog:
# LOG_DEST => 'syslog',
# 3. uncomment this line to log to syslog and the normal gitolite log:
# LOG_DEST => 'syslog,normal',
# roles. add more roles (like MANAGER, TESTER, ...) here.
# WARNING: if you make changes to this hash, you MUST run 'gitolite
# compile' afterward, and possibly also 'gitolite trigger POST_COMPILE'
ROLES => {
READERS => 1,
WRITERS => 1,
},
# enable caching (currently only Redis). PLEASE RTFM BEFORE USING!!!
# CACHE => 'Redis',
# ------------------------------------------------------------------
# rc variables used by various features
# the 'info' command prints this as additional info, if it is set
# SITE_INFO => 'Please see http://blahblah/gitolite for more help',
# the CpuTime feature uses these
# display user, system, and elapsed times to user after each git operation
# DISPLAY_CPU_TIME => 1,
# display a warning if total CPU times (u, s, cu, cs) crosses this limit
# CPU_TIME_WARN_LIMIT => 0.1,
# the Mirroring feature needs this
# HOSTNAME => "foo",
# TTL for redis cache; PLEASE SEE DOCUMENTATION BEFORE UNCOMMENTING!
# CACHE_TTL => 600,
# ------------------------------------------------------------------
# suggested locations for site-local gitolite code (see cust.html)
# this one is managed directly on the server
# LOCAL_CODE => "$ENV{HOME}/local",
# or you can use this, which lets you put everything in a subdirectory
# called "local" in your gitolite-admin repo. For a SECURITY WARNING
# on this, see http://gitolite.com/gitolite/non-core.html#pushcode
# LOCAL_CODE => "$rc{GL_ADMIN_BASE}/local",
# ------------------------------------------------------------------
# List of commands and features to enable
ENABLE => [
# COMMANDS
# These are the commands enabled by default
'help',
'desc',
'info',
'perms',
'writable',
# Uncomment or add new commands here.
# 'create',
# 'fork',
# 'mirror',
# 'readme',
# 'sskm',
# 'D',
# These FEATURES are enabled by default.
# essential (unless you're using smart-http mode)
'ssh-authkeys',
# creates git-config enties from gitolite.conf file entries like 'config foo.bar = baz'
'git-config',
# creates git-daemon-export-ok files; if you don't use git-daemon, comment this out
'daemon',
# creates projects.list file; if you don't use gitweb, comment this out
#'gitweb',
# These FEATURES are disabled by default; uncomment to enable. If you
# need to add new ones, ask on the mailing list :-)
# user-visible behaviour
# prevent wild repos auto-create on fetch/clone
# 'no-create-on-read',
# no auto-create at all (don't forget to enable the 'create' command!)
# 'no-auto-create',
# access a repo by another (possibly legacy) name
# 'Alias',
# give some users direct shell access. See documentation in
# sts.html for details on the following two choices.
# "Shell $ENV{HOME}/.gitolite.shell-users",
# 'Shell alice bob',
# set default roles from lines like 'option default.roles-1 = ...', etc.
# 'set-default-roles',
# show more detailed messages on deny
# 'expand-deny-messages',
# show a message of the day
# 'Motd',
# system admin stuff
# enable mirroring (don't forget to set the HOSTNAME too!)
# 'Mirroring',
# allow people to submit pub files with more than one key in them
# 'ssh-authkeys-split',
# selective read control hack
# 'partial-copy',
# manage local, gitolite-controlled, copies of read-only upstream repos
# 'upstream',
# updates 'description' file instead of 'gitweb.description' config item
# 'cgit',
# allow repo-specific hooks to be added
# 'repo-specific-hooks',
# performance, logging, monitoring...
# be nice
# 'renice 10',
# log CPU times (user, system, cumulative user, cumulative system)
# 'CpuTime',
# syntactic_sugar for gitolite.conf and included files
# allow backslash-escaped continuation lines in gitolite.conf
# 'continuation-lines',
# create implicit user groups from directory names in keydir/
# 'keysubdirs-as-groups',
# allow simple line-oriented macros
# 'macros',
# Kindergarten mode
# disallow various things that sensible people shouldn't be doing anyway
# 'Kindergarten',
],
);
# ------------------------------------------------------------------------------
# per perl rules, this should be the last line in such a file:
1;
# Local variables:
# mode: perl
# End:
# vim: set syn=perl:

241
roles/pagure/upstreamfirst-frontend/templates/pagure.cfg
View file

@ -1,241 +0,0 @@
from datetime import timedelta
INSTANCE_NAME= '{{ pagure_instance_name }}'
THEME_TEMPLATE_FOLDER='{{ pagure_theme_template_dir }}'
THEME_STATIC_FOLDER='{{ pagure_theme_static_dir }}'
### Set the time after which the admin session expires
# There are two sessions on pagure, login that holds for 31 days and
# the session defined here after which an user has to re-login.
# This session is used when accessing all administrative parts of pagure
# (ie: changing a project's or a user's settings)
ADMIN_SESSION_LIFETIME = timedelta(minutes=20)
# Make the CSRF token not-time limited, this way it is valid for the entire
# duration of the session.
WTF_CSRF_TIME_LIMIT=None
### Secret key for the Flask application
SECRET_KEY='{{ pagure_secret_key }}'
SALT_EMAIL='{{ pagure_secret_salt_email }}'
EMAIL_SEND = True
# This is required so that login specifies https
PREFERRED_URL_SCHEME='https'
### url to the database server:
#DB_URL=mysql://user:pass@host/db_name
#DB_URL=postgres://user:pass@host/db_name
# removing host for local postgres connection
DB_URL = 'postgresql://{{ new_pagure_db_user }}:{{ new_pagure_db_pass }}@{{ new_pagure_db_host }}/{{ new_pagure_db_name }}'
### The FAS group in which the admin of pagure are
ADMIN_GROUP = {{ new_pagure_admin_groups }}
# The publicly visible admin email address
ADMIN_EMAIL = 'admin@fedoraproject.org'
### The email address to which the flask.log will send the errors (tracebacks)
EMAIL_ERROR = '{{ pagure_admin_email }}'
### Default SMTP server to use for sending emails
SMTP_SERVER = 'localhost'
### Email used to sent emails
FROM_EMAIL = 'pagure@{{ external_hostname }}'
DOMAIN_EMAIL_NOTIFICATIONS = '{{ external_hostname }}'
### The URL at which the project is available.
APP_URL = 'https://{{ external_hostname }}/'
DOC_APP_URL = 'https://docs.{{ external_hostname }}'
### Datagrepper info for the user profile
DATAGREPPER_URL = 'https://apps.fedoraproject.org/datagrepper'
DATAGREPPER_CATEGORY = 'pagure'
### The URL to use to clone git repositories.
GIT_URL_SSH = 'ssh://git@{{ external_hostname }}/'
GIT_URL_GIT = 'https://{{ external_hostname }}/'
### The IP addresses allowed for the internal endpoints
IP_ALLOWED_INTERNAL = ['127.0.0.1', 'localhost', '::1', '{{ public_ip }}']
# Redis configuration
EVENTSOURCE_SOURCE = 'https://{{ external_hostname }}:8088'
REDIS_HOST = '0.0.0.0'
REDIS_PORT = 6379
REDIS_DB = 0
EV_STATS_PORT = '8888'
WEBHOOK = True
### Folder containing to the git repos
GIT_FOLDER = '/srv/git/repositories'
### Folder containing the forks repos
FORK_FOLDER = '/srv/git/repositories/forks'
### Folder containing the docs repos
DOCS_FOLDER = '/srv/git/repositories/docs'
### Folder containing the pull-requests repos
REQUESTS_FOLDER = '/srv/git/repositories/requests'
### Folder containing the tickets repos
TICKETS_FOLDER = '/srv/git/repositories/tickets'
### Folder containing the clones of the remotes git repo
REMOTE_GIT_FOLDER = '/srv/git/remotes'
### Configuration file for gitolite
GITOLITE_CONFIG = '/srv/git/.gitolite/conf/gitolite.conf'
### Path of the release folder
UPLOAD_FOLDER_URL = 'https://releases.{{ external_hostname }}/'
UPLOAD_FOLDER_PATH = '/var/www/releases/'
### Home folder of the gitolite user
### Folder where to run gl-compile-conf from
GITOLITE_HOME = '/srv/git/'
### Folder containing all the public ssh keys for gitolite
GITOLITE_KEYDIR = '/srv/git/.gitolite/keydir/'
### Path to the gitolite.rc file
GL_RC = '/srv/git/.gitolite.rc'
### Path to the /bin directory where the gitolite tools can be found
GL_BINDIR = '/usr/bin/'
### Temp folder to be used to make the clones to work around bug in libgit2:
## refs: https://github.com/libgit2/libgit2/issues/2965
## and https://github.com/libgit2/libgit2/issues/2797
TMP_FOLDER = '/srv/tmp'
# Optional configuration
### Number of items displayed per page
# Used when listing items
ITEM_PER_PAGE = 50
### Maximum size of the uploaded content
# Used to limit the size of file attached to a ticket for example
MAX_CONTENT_LENGTH = 60 * 1024 * 1024 # 60 megabytes
### Lenght for short commits ids or file hex
SHORT_LENGTH = 7
### List of blacklisted project names that can conflicts for pagure's URLs
### or other
BLACKLISTED_PROJECTS = [
'static', 'pv', 'releases', 'new', 'api', 'settings',
'logout', 'login', 'users', 'groups', 'projects', 'ssh_info'
'issues', 'pull-requests', 'commits', 'tree', 'forks',
]
DISABLED_PLUGINS = ['IRC']
# Authentication related configuration option
### Switch the authentication method
# Specify which authentication method to use, defaults to `fas` can be or
# `local`
# Default: ``fas``.
PAGURE_AUTH = 'openid'
# When this is set to True, the session cookie will only be returned to the
# server via ssl (https). If you connect to the server via plain http, the
# cookie will not be sent. This prevents sniffing of the cookie contents.
# This may be set to False when testing your application but should always
# be set to True in production.
# Default: ``True``.
SESSION_COOKIE_SECURE = True
# The name of the cookie used to store the session id.
# Default: ``.pagure``.
SESSION_COOKIE_NAME = 'upstreamfirstpagure'
# Boolean specifying wether to check the user's IP address when retrieving
# its session. This make things more secure (thus is on by default) but
# under certain setup it might not work (for example is there are proxies
# in front of the application).
CHECK_SESSION_IP = True
# Used by SESSION_COOKIE_PATH
APPLICATION_ROOT = '/'
# Set the SSH certs/keys
SSH_KEYS = {
'RSA': {
'fingerprint': '2048 69:50:46:24:c7:94:44:f8:8d:83:05:5c:eb:73:fb:c4 (RSA)',
'pubkey': '{{ external_hostname }},{{ public_ip }} {{ pagure_ssh_host_pubkey }}',
'SHA256': '{{ pagure_ssh_host_sha256 }}',
}
}
# Allow the backward compatiblity endpoints for the old URLs schema to
# see the commits of a repo. This is only interesting if you pagure instance
# was running since before version 1.3 and if you care about backward
# compatibility in your URLs.
OLD_VIEW_COMMIT_ENABLED = False
#PAGURE_CI_SERVICES=['jenkins']
PAGURE_CI_SERVICES=[]
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'formatters': {
'standard': {
'format': '%(asctime)s [%(levelname)s] %(name)s: %(message)s'
},
},
'handlers': {
'console': {
'level': 'INFO',
'formatter': 'standard',
'class': 'logging.StreamHandler',
'stream': 'ext://sys.stdout',
},
},
# The root logger configuration; this is a catch-all configuration
# that applies to all log messages not handled by a different logger
'root': {
'level': 'INFO',
'handlers': ['console'],
},
'loggers': {
'pagure': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': True
},
'pagure.lib.encoding_utils': {
'handlers': ['console'],
'level': 'WARN',
'propagate': False
},
'flask': {
'handlers': ['console'],
'level': 'INFO',
'propagate': False
},
'sqlalchemy': {
'handlers': ['console'],
'level': 'WARN',
'propagate': False
},
'binaryornot': {
'handlers': ['console'],
'level': 'WARN',
'propagate': True
},
}
}

30
roles/pagure/upstreamfirst-frontend/templates/pagure.wsgi
View file

@ -1,30 +0,0 @@
#-*- coding: utf-8 -*-
# The three lines below are required to run on EL6 as EL6 has
# two possible version of python-sqlalchemy and python-jinja2
# These lines make sure the application uses the correct version.
import __main__
__main__.__requires__ = ['SQLAlchemy >= 0.8', 'jinja2 >= 2.4', 'Pygments>=2.1.0']
import pkg_resources
import os
## Set the environment variable pointing to the configuration file
os.environ['PAGURE_CONFIG'] = '/etc/pagure/pagure.cfg'
## Set the environment variable if the tmp folder needs to be moved
## Is necessary to work around bug in libgit2:
## refs: https://github.com/libgit2/libgit2/issues/2965
## and https://github.com/libgit2/libgit2/issues/2797
os.environ['TEMP'] = '/srv/tmp/'
## The following is only needed if you did not install pagure
## as a python module (for example if you run it from a git clone).
#import sys
#sys.path.insert(0, '/path/to/pagure/')
# The most import line to make the wsgi working
from pagure.flask_app import create_app
application = create_app()
application.debug = True

8
roles/pagure/upstreamfirst-frontend/templates/stunnel-conf.j2
View file

@ -1,8 +0,0 @@
cert = /etc/pki/tls/certs/pagure.io.cert
key = /etc/pki/tls/certs/pagure.io.key
pid = /var/run/stunnel.pid
[{{ stunnel_service }}]
accept = {{ stunnel_source_port }}
connect = {{ stunnel_destination_port }}

8
roles/ufmonitor/defaults/main.yml
View file

@ -1,8 +0,0 @@
apiserver_container_image: "docker.io/fedoraqa/ufmonitor-apiserver:latest"
updater_container_image: "docker.io/fedoraqa/ufmonitor-updater:latest"
ufmonitor_db_host: "172.17.0.1"
ufmonitor_db_name: "ufmonitor"
ufmonitor_db_user: "ufmonitor"
ufmonitor_db_password: "terribleinsecurepassword"
ufmonitor_config_path: "/etc/sysconfig/ufmonitor"
ufmonitor_home: "/var/www/ufmonitor"

167
roles/ufmonitor/files/media/css/c3.css
View file

@ -1,167 +0,0 @@
/*-- Chart --*/
.c3 svg {
font: 10px sans-serif;
-webkit-tap-highlight-color: transparent; }
.c3 path, .c3 line {
fill: none;
stroke: #000; }
.c3 text {
-webkit-user-select: none;
-moz-user-select: none;
user-select: none; }
.c3-legend-item-tile,
.c3-xgrid-focus,
.c3-ygrid,
.c3-event-rect,
.c3-bars path {
shape-rendering: crispEdges; }
.c3-chart-arc path {
stroke: #fff; }
.c3-chart-arc text {
fill: #fff;
font-size: 13px; }
/*-- Axis --*/
/*-- Grid --*/
.c3-grid line {
stroke: #aaa; }
.c3-grid text {
fill: #aaa; }
.c3-xgrid, .c3-ygrid {
stroke-dasharray: 3 3; }
/*-- Text on Chart --*/
.c3-text.c3-empty {
fill: #808080;
font-size: 2em; }
/*-- Line --*/
.c3-line {
stroke-width: 1px; }
/*-- Point --*/
.c3-circle._expanded_ {
stroke-width: 1px;
stroke: white; }
.c3-selected-circle {
fill: white;
stroke-width: 2px; }
/*-- Bar --*/
.c3-bar {
stroke-width: 0; }
.c3-bar._expanded_ {
fill-opacity: 0.75; }
/*-- Focus --*/
.c3-target.c3-focused {
opacity: 1; }
.c3-target.c3-focused path.c3-line, .c3-target.c3-focused path.c3-step {
stroke-width: 2px; }
.c3-target.c3-defocused {
opacity: 0.3 !important; }
/*-- Region --*/
.c3-region {
fill: steelblue;
fill-opacity: .1; }
/*-- Brush --*/
.c3-brush .extent {
fill-opacity: .1; }
/*-- Select - Drag --*/
/*-- Legend --*/
.c3-legend-item {
font-size: 12px; }
.c3-legend-item-hidden {
opacity: 0.15; }
.c3-legend-background {
opacity: 0.75;
fill: white;
stroke: lightgray;
stroke-width: 1; }
/*-- Title --*/
.c3-title {
font: 14px sans-serif; }
/*-- Tooltip --*/
.c3-tooltip-container {
z-index: 10; }
.c3-tooltip {
border-collapse: collapse;
border-spacing: 0;
background-color: #fff;
empty-cells: show;
-webkit-box-shadow: 7px 7px 12px -9px #777777;
-moz-box-shadow: 7px 7px 12px -9px #777777;
box-shadow: 7px 7px 12px -9px #777777;
opacity: 0.9; }
.c3-tooltip tr {
border: 1px solid #CCC; }
.c3-tooltip th {
background-color: #aaa;
font-size: 14px;
padding: 2px 5px;
text-align: left;
color: #FFF; }
.c3-tooltip td {
font-size: 13px;
padding: 3px 6px;
background-color: #fff;
border-left: 1px dotted #999; }
.c3-tooltip td > span {
display: inline-block;
width: 10px;
height: 10px;
margin-right: 6px; }
.c3-tooltip td.value {
text-align: right; }
/*-- Area --*/
.c3-area {
stroke-width: 0;
opacity: 0.2; }
/*-- Arc --*/
.c3-chart-arcs-title {
dominant-baseline: middle;
font-size: 1.3em; }
.c3-chart-arcs .c3-chart-arcs-background {
fill: #e0e0e0;
stroke: none; }
.c3-chart-arcs .c3-chart-arcs-gauge-unit {
fill: #000;
font-size: 16px; }
.c3-chart-arcs .c3-chart-arcs-gauge-max {
fill: #777; }
.c3-chart-arcs .c3-chart-arcs-gauge-min {
fill: #777; }
.c3-chart-arc .c3-gauge-value {
fill: #000;
/* font-size: 28px !important;*/ }

1
roles/ufmonitor/files/media/js/c3.min.js vendored
View file

File diff suppressed because one or more lines are too long

5
roles/ufmonitor/files/media/js/d3.min.js vendored
View file

File diff suppressed because one or more lines are too long

61
roles/ufmonitor/tasks/main.yml
View file

@ -1,61 +0,0 @@
---
# tasklist for setting up upstreamfirst-monitor (uf-monitor) on an el7 host
- name: Install docker
package: name={{item}} state=present
with_items:
- docker
- python-docker-py
- name: Run docker
service: name=docker state=started enabled=yes
- name: Pull apiserver image
docker_image:
name: "{{ apiserver_container_image }}"
tls_verify: true
- name: Pull updater image
docker_image:
name: "{{ apiserver_container_image }}"
tls_verify: true
- name: ensure ufmonitor database is created
become: true
become_user: postgres
postgresql_db: db={{ ufmonitor_db_name }}
- name: ensure ufmonitor db user has access to dev database
become: true
become_user: postgres
postgresql_user: db={{ ufmonitor_db_name }} user={{ ufmonitor_db_user }} password={{ ufmonitor_db_password }} role_attr_flags=NOSUPERUSER
- name: Deploy service file for apiserver
template: src=ufmonitor-apiserver.service.j2 dest=/etc/systemd/system/ufmonitor-apiserver.service
notify:
- reload systemd
- name: Enable apiserver
service: name=ufmonitor-apiserver enabled=yes
- name: install script to update ufmonitor database
template: src=update-ufmonitor.j2 dest=/usr/local/bin/update-ufmonitor mode=0755
- name: Setup cron to update ufmonitor database
cron: name="update-ufmonitor-database" minute="15" user="root"
job="/usr/local/bin/update-ufmonitor > /dev/null"
cron_file=update-ufmonitor-database
- name: ensure ufmonitor document root exists
file: path="{{ ufmonitor_home }}" state=directory owner=apache group=apache mode=0775
- name: copy over index.html
template: src=index.html.j2 dest="{{ ufmonitor_home }}/index.html" owner=apache group=apache mode=0775
- name: copy over static support files
copy: src=media dest="{{ ufmonitor_home }}" owner=apache group=apache mode=0775
- name: generate httpd config
template: src=ufmonitor.conf.j2 dest=/etc/httpd/conf.d/ufmonitor.conf mode=0755

189
roles/ufmonitor/templates/index.html.j2
View file

@ -1,189 +0,0 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Upstream First - Monitoring</title>
<!-- Load c3.css -->
<link href="media/css/c3.css" rel="stylesheet">
<!-- Load d3.js (v4.9.1) and c3.js (v0.4.12) -->
<script src="media/js/d3.min.js" charset="utf-8"></script>
<script src="media/js/c3.min.js"></script>
<script src="https://code.jquery.com/jquery-3.2.1.min.js"></script>
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<!-- Optional theme -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css" integrity="sha384-rHyoN1iRsVXV4nD0JutlnGaslCJuC7uwjduW9SVrLvRYooPp2bWYgmgJQIXwl/Sp" crossorigin="anonymous">
<!-- Latest compiled and minified JavaScript -->
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/bootstrap-table/1.11.1/bootstrap-table.min.css">
<!-- Latest compiled and minified JavaScript -->
<script src="https://cdnjs.cloudflare.com/ajax/libs/bootstrap-table/1.11.1/bootstrap-table.min.js"></script>
</head>
<body>
<h1>Background</h1>
<p>The purpose of this page is to be a quick reference on how far along the "<a href="https://fedoraproject.org/wiki/UpstreamFirstTesting/HowToMoveTests" target="new">Upstream First"</a> initiative is. There are currently 410 packages that Red Hat has internal tests for, which are all being moved upstream to their respective packages. Packages that have a repo on our <a href="https://upstreamfirst.fedorainfracloud.org/">forge</a> are counted as "moved," packages with open issues are counted as "working on." If there is no repo on the forge for a package, it's counted in the "untouched" category.</p>
<h4>Raw Numbers:</h4>
<p>
<ul>
<li id="total-tests">Total Tests: Loading...</li>
<li id="migrated-tests">Migrated: Loading...</li>
<li id="working-on">Working on: Loading...</li>
</ul>
</p>
<h3>Current Status</h3>
<div id="chart"></div>
<div id="tables">
<h3>Package List</h3>
<table id='table' data-search='true'
data-show-refresh="true"
data-sort-name='name'
data-sort-desc='desc'
data-show-toggle="true" data-show-columns="true"></table>
</div> <!-- End of tables div -->
<p> <sub>(Updated every hour)</sub></p>
<script type="text/javascript">
apiRequest = new XMLHttpRequest();
apiRequest.onreadystatechange = getString;
apiRequest.open("GET", "https://status.{{ external_hostname }}/api/all", false);
apiRequest.send();
function getString() {
if (apiRequest.readyState === XMLHttpRequest.DONE) {
if (apiRequest.status === 200) {
return apiRequest.responseText;
}
}
}
results = apiRequest.responseText;
results = JSON.parse(results);
$('#table').bootstrapTable({
data: results,
columns:[{
field: 'id',
title: 'id'
}, {
field: 'name',
title: 'Name'
}, {
field: 'status',
title: 'Status'
}, {
field: 'contact',
title: 'Contact'
}, {
field: 'pagure_link',
title: 'Forge Link'
}]
});
</script>
<script type="text/javascript">
$(document).ready(function () {
var moved = "Moved to Forge";
var untouched = "Untouched";
var working_on = "Working On";
<!-- Write out our AJAX calls to update the page counts. -->
apiRequest = new XMLHttpRequest();
apiRequest.onreadystatechange = getString;
apiRequest.open("GET", "https://status.{{ external_hostname }}/api/counts", false);
apiRequest.send();
function getString() {
if (apiRequest.readyState === XMLHttpRequest.DONE) {
if (apiRequest.status === 200) {
return apiRequest.responseText;
}
}
}
results = apiRequest.responseText;
results = JSON.parse(results);
var moved_number = results.total_moved.valueOf();
var working_on_number = results.WORKING.valueOf();
var untouched_number = results.UNKNOWN.valueOf();
// Fill out the actual values in the table
document.getElementById("total-tests").innerText = "Total Tests: " + results.total;
document.getElementById("migrated-tests").innerText = "Migrated: " + moved_number;
document.getElementById("working-on").innerText = "Working-on: " + working_on_number;
var chart = c3.generate({
data: {
columns: [
[moved, moved_number],
[working_on, working_on_number ],
[untouched, untouched_number],
],
type : 'donut',
onclick: function (d, i) { console.log("onclick", d, i); },
onmouseover: function (d, i) { console.log("onmouseover", d, i); },
onmouseout: function (d, i) { console.log("onmouseout", d, i); }
},
donut: {
title: "Migration Status"
},
color: {
pattern: ['#0000ff', '#00ff00', '#ff0000']
}
});
setTimeout(function () {
chart.load({
columns: [
[moved, moved_number],
[untouched, untouched_number],
]
});
}, 1500);
setTimeout(function () {
chart.unload({
ids: 'data1'
});
chart.unload({
ids: 'data2'
});
}, 2500);
});
</script>
</body>
</html>

16
roles/ufmonitor/templates/ufmonitor-apiserver.service.j2
View file

@ -1,16 +0,0 @@
[Unit]
Description=ufmonitor apiserver
After=docker.service
Requires=docker.service
[Service]
TimeoutStartSec=0
Type=oneshot
RemainAfterExit=yes
EnvironmentFile=-{{ ufmonitor_config_path }}
ExecStart=/usr/bin/docker run --detach --log-driver none --name %n -p 8000:8000 -e POSTGRES_DB_PASSWORD={{ ufmonitor_db_password }} --add-host=postgres:{{ ufmonitor_db_host }} {{ apiserver_container_image }}
ExecStop=/usr/bin/docker rm --force %n
TimeoutStopSec=180
[Install]
WantedBy=multi-user.target

37
roles/ufmonitor/templates/ufmonitor.conf.j2
View file

@ -1,37 +0,0 @@
## Redirects http -> https
<VirtualHost *:80>
RewriteEngine on
RewriteRule ^/\.well-known/(.*) /srv/web/acme-challenge/.well-known/$1 [L]
ServerName {{ external_hostname }}
Redirect permanent / https://{{ external_hostname }}/
</VirtualHost>
## End of redirects http -> https
<VirtualHost *:443>
ServerName status.{{ external_hostname }}
Alias "/robots.txt" "/var/www/html/robots.txt"
ServerAdmin admin@fedoraproject.org
SSLEngine on
SSLProtocol {{ ssl_protocols }}
SSLCipherSuite {{ ssl_ciphers }}
# Use secure TLSv1.1 and TLSv1.2 ciphers
Header always add Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
SSLCertificateFile /etc/letsencrypt/live/{{ external_hostname }}/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/{{ external_hostname }}/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/{{ external_hostname }}/fullchain.pem
SSLHonorCipherOrder On
DocumentRoot "{{ ufmonitor_home }}"
# proxy the docker containers running the actual api process
<Location /api/ >
ProxyPass http://127.0.0.1:8000/
ProxyPassReverse http://127.0.0.1:8000/
</Location>
</VirtualHost>

7
roles/ufmonitor/templates/update-ufmonitor.j2
View file

@ -1,7 +0,0 @@
#!/bin/bash
#
# This job handles updating the ufmonitor database with new data from a pagure instance
#
docker run --add-host=postgres:{{ ufmonitor_db_host}} -e POSTGRES_DB_PASSWORD="{{ ufmonitor_db_password }}" {{ updater_container_image }}

4
roles/ufmonitor/vars/main.yml
View file

@ -1,4 +0,0 @@
mirrormanager_uid: 441
mirrormanager_gid: 441
mirrors_gid: 263
mirrors2_gid: 529