From 02b5245e28a7cd652ed169f2809b7d06c2c6af5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= Date: Wed, 29 May 2024 09:14:09 +0200 Subject: [PATCH] Switch mirrormanager to the Openshift version MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Aurélien Bompard --- main.yml | 1 - playbooks/include/proxies-reverseproxy.yml | 13 ++++ playbooks/include/proxies-websites.yml | 7 ++ playbooks/openshift-apps/mirrormanager.yml | 9 +++ .../mirrormanager/backend/files/backend.cron | 60 ++++++++------- roles/mirrormanager/backend/tasks/main.yml | 4 + .../mirrormanager/crawler/files/crawler.cron | 76 ++++++++++--------- roles/mirrormanager/crawler/tasks/main.yml | 1 + .../frontend2/templates/frontend.cron | 6 +- .../frontend2/templates/mirrormanager.conf | 70 +++++++++-------- vars/apps/mirrormanager.yml | 2 +- 11 files changed, 146 insertions(+), 103 deletions(-) diff --git a/main.yml b/main.yml index ca1ba801a4..f6e678a406 100644 --- a/main.yml +++ b/main.yml @@ -42,7 +42,6 @@ - import_playbook: /srv/web/infra/ansible/playbooks/groups/maintainer-test.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/mariadb-server.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/memcached.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/mirrormanager.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/nfs-servers.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/noc.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/os-control.yml diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml index 363c4c293c..142cdf3317 100644 --- a/playbooks/include/proxies-reverseproxy.yml +++ b/playbooks/include/proxies-reverseproxy.yml @@ -440,12 +440,25 @@ keephost: true tags: transtats + - role: httpd/reverseproxy + website: "mirrormanager{{ env_suffix }}.fedoraproject.org" + destname: mirrormanager + balancer_name: apps-ocp + balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_stg, ocp_nodes) }}" + targettype: openshift + keephost: true + ocp4: true + tags: + - mirrormanager + - role: httpd/reverseproxy website: admin.fedoraproject.org destname: mirrormanager remotepath: /mirrormanager localpath: /mirrormanager proxyurl: "{{ varnish_url }}" + tags: + - mirrormanager - role: httpd/reverseproxy website: mirrors.fedoraproject.org diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml index 35f5109ef8..64f1139594 100644 --- a/playbooks/include/proxies-websites.yml +++ b/playbooks/include/proxies-websites.yml @@ -168,6 +168,13 @@ tags: mirrors.stg.centos.org when: env == "staging" + - role: httpd/website + site_name: "mirrormanager{{ env_suffix }}.fedoraproject.org" + sslonly: true + cert_name: "{{wildcard_cert_name}}" + tags: + - mirrormanager + - role: httpd/website site_name: src.fedoraproject.org server_aliases: [src.stg.fedoraproject.org] diff --git a/playbooks/openshift-apps/mirrormanager.yml b/playbooks/openshift-apps/mirrormanager.yml index 1f9a96ed4f..01e7b52a62 100644 --- a/playbooks/openshift-apps/mirrormanager.yml +++ b/playbooks/openshift-apps/mirrormanager.yml @@ -94,6 +94,15 @@ serviceport: web annotations: haproxy.router.openshift.io/timeout: 5m + - role: openshift/route + app: mirrormanager + routename: frontend + host: "mirrormanager.apps.ocp{{ env_suffix }}.fedoraproject.org" + servicename: frontend + serviceport: web + annotations: + haproxy.router.openshift.io/timeout: 5m + when: mirrormanager_hostname != "mirrormanager.apps.ocp{{ env_suffix }}.fedoraproject.org" # SSH key to get the access logs - role: openshift/secret-file diff --git a/roles/mirrormanager/backend/files/backend.cron b/roles/mirrormanager/backend/files/backend.cron index fd3a15bd54..90eb58d146 100644 --- a/roles/mirrormanager/backend/files/backend.cron +++ b/roles/mirrormanager/backend/files/backend.cron @@ -1,31 +1,33 @@ MAILTO=root -# Refresh the mirrorlist cache every 15 minutes -# This takes about 1 minute -0,15,30,45 * * * * mirrormanager /usr/local/bin/update-mirrorlist-server && /usr/local/bin/sync_cache_to_mirrorlists.sh - -# update master directory -# logs sent to /var/log/mirrormanager/umdl.log by default -# check if category Fedora EPEL needs updating every 30 minutes -0,30 * * * * mirrormanager /usr/local/bin/umdl-required epel /var/log/mirrormanager/umdl-required.log -# check if category Fedora Linux needs updating every 30 minutes -10,40 * * * * mirrormanager /usr/local/bin/umdl-required fedora /var/log/mirrormanager/umdl-required.log -# check if category Fedora Secondary Arches needs updating every 30 minutes -20,50 * * * * mirrormanager /usr/local/bin/umdl-required fedora-secondary /var/log/mirrormanager/umdl-required.log -# check if category Fedora Codecs needs updating once a day -15 20 * * * mirrormanager /usr/local/bin/umdl-required codecs /var/log/mirrormanager/umdl-required.log -# the remaining categories are updated every two hours -15 */2 * * * mirrormanager /usr/local/bin/umdl-required archive /var/log/mirrormanager/umdl-required.log -45 */2 * * * mirrormanager /usr/local/bin/umdl-required alt /var/log/mirrormanager/umdl-required.log - -# check if category CentOS needs updating every 15 minutes -57,12,27,42 * * * * mirrormanager /usr/local/bin/umdl-required centos /var/log/mirrormanager/umdl-required.log - -# Sync netblocks list once a day -30 0 * * * mirrormanager cd /usr/share/mirrormanager2 && /usr/bin/mm2_get_global_netblocks /var/lib/mirrormanager/global_netblocks.txt -# Run the script for Internet2 netblocks very late to -# make sure the files are all there. The script is -# looking in date dependent directories and depending -# on the timezone of the remote server the files appear late. -0 23 * * * mirrormanager cd /usr/share/mirrormanager2 && /usr/bin/mm2_get_internet2_netblocks /var/lib/mirrormanager/i2_netblocks.txt -30 1 * * * mirrormanager /usr/bin/mm2_update-EC2-netblocks +## Replaced by mirrormanager in OpenShift +# +# # Refresh the mirrorlist cache every 15 minutes +# # This takes about 1 minute +# 0,15,30,45 * * * * mirrormanager /usr/local/bin/update-mirrorlist-server && /usr/local/bin/sync_cache_to_mirrorlists.sh +# +# # update master directory +# # logs sent to /var/log/mirrormanager/umdl.log by default +# # check if category Fedora EPEL needs updating every 30 minutes +# 0,30 * * * * mirrormanager /usr/local/bin/umdl-required epel /var/log/mirrormanager/umdl-required.log +# # check if category Fedora Linux needs updating every 30 minutes +# 10,40 * * * * mirrormanager /usr/local/bin/umdl-required fedora /var/log/mirrormanager/umdl-required.log +# # check if category Fedora Secondary Arches needs updating every 30 minutes +# 20,50 * * * * mirrormanager /usr/local/bin/umdl-required fedora-secondary /var/log/mirrormanager/umdl-required.log +# # check if category Fedora Codecs needs updating once a day +# 15 20 * * * mirrormanager /usr/local/bin/umdl-required codecs /var/log/mirrormanager/umdl-required.log +# # the remaining categories are updated every two hours +# 15 */2 * * * mirrormanager /usr/local/bin/umdl-required archive /var/log/mirrormanager/umdl-required.log +# 45 */2 * * * mirrormanager /usr/local/bin/umdl-required alt /var/log/mirrormanager/umdl-required.log +# +# # check if category CentOS needs updating every 15 minutes +# 57,12,27,42 * * * * mirrormanager /usr/local/bin/umdl-required centos /var/log/mirrormanager/umdl-required.log +# +# # Sync netblocks list once a day +# 30 0 * * * mirrormanager cd /usr/share/mirrormanager2 && /usr/bin/mm2_get_global_netblocks /var/lib/mirrormanager/global_netblocks.txt +# # Run the script for Internet2 netblocks very late to +# # make sure the files are all there. The script is +# # looking in date dependent directories and depending +# # on the timezone of the remote server the files appear late. +# 0 23 * * * mirrormanager cd /usr/share/mirrormanager2 && /usr/bin/mm2_get_internet2_netblocks /var/lib/mirrormanager/i2_netblocks.txt +# 30 1 * * * mirrormanager /usr/bin/mm2_update-EC2-netblocks diff --git a/roles/mirrormanager/backend/tasks/main.yml b/roles/mirrormanager/backend/tasks/main.yml index 2926922d5e..bbc64657a5 100644 --- a/roles/mirrormanager/backend/tasks/main.yml +++ b/roles/mirrormanager/backend/tasks/main.yml @@ -67,21 +67,25 @@ cron: name="handle-propagation" minute="45" hour="*/2" user="mirrormanager" job="/usr/local/bin/handle_propagation.sh" cron_file=handle-propagation + disabled=true - name: create worldmap cronjob cron: name="create-worldmap" minute="50" hour="20" user="mirrormanager" job="/usr/local/bin/create_maps.sh" cron_file=create-worldmap + disabled=true - name: create mirrorlist statistics cronjob cron: name="create-statistics" minute="4" hour="*/2" user="mirrormanager" job="/usr/local/bin/create_statistics.sh" cron_file=create-statistics + disabled=true - name: create yesterdays mirrorlist statistics cronjob cron: name="yesterdays-statistics" minute="55" hour="0" user="mirrormanager" job="/usr/local/bin/create_statistics.sh yesterday" cron_file=yesterdays-statistics + disabled=true - name: setup /var/lib/mirrormanager/.ssh directory copy: > diff --git a/roles/mirrormanager/crawler/files/crawler.cron b/roles/mirrormanager/crawler/files/crawler.cron index b2fb775abf..16541f1a0c 100644 --- a/roles/mirrormanager/crawler/files/crawler.cron +++ b/roles/mirrormanager/crawler/files/crawler.cron @@ -1,38 +1,40 @@ -# run the crawler for each MirrorManager category -# logs sent to /var/log/mirrormanager/crawler.log and crawl/* by default +## Replaced by mirrormanager in OpenShift # -# [ "`hostname -s`" == "mm-crawler02" ] && sleep 6h is used to start the crawl -# later on the second crawler to reduce the number of parallel accesses to -# the database -# -# To make sure only one cron started crawler is running the previous running -# (cron) crawlers are being signaled to shut down. The crawler can try to -# gracefully shutdown if it gets the signal SIGALRM(14). After the signal we -# wait for 5 minutes to give the crawler a chance to shutdown. After that the -# crawler is killed. To make sure we only end the cron started crawler we look -# for the following process "/usr/bin/python /usr/bin/mm2_crawler --category=25". - -# The number of threads is based on the possible number of existing mirrors. More -# threads for categories with more mirrors. - -# The goal is to distribute the crawling of all categories over the whole day. - -# The timeout is 4 hours, but for each category. - -# Category: 'Fedora Linux'; twice a day, 20 threads -0 */12 * * * mirrormanager [ "`hostname -s`" == "mm-crawler02" ] && sleep 6h; pkill -14 -f "^/usr/bin/python2 -s /usr/bin/mm2_crawler --category=Fedora Linux"; sleep 5m; pkill -9 -f "^/usr/bin/python2 -s /usr/bin/mm2_crawler --category=Fedora Linux"; /usr/bin/mm2_crawler --category="Fedora Linux" --threads 19 --timeout-minutes 240 `/usr/local/bin/run_crawler.sh 2` > /dev/null 2>&1 - -# Category: 'Fedora Secondary Arches'; twice a day, 10 threads -0 3,9 * * * mirrormanager [ "`hostname -s`" == "mm-crawler02" ] && sleep 1h; pkill -14 -f "^/usr/bin/python2 -s /usr/bin/mm2_crawler --category=Fedora Secondary Arches"; sleep 5m; pkill -9 -f "^/usr/bin/python2 -s /usr/bin/mm2_crawler --category=Fedora Secondary Arches"; /usr/bin/mm2_crawler --category="Fedora Secondary Arches" --threads 9 --timeout-minutes 240 `/usr/local/bin/run_crawler.sh 2` > /dev/null 2>&1 - -# Category: 'Fedora EPEL'; four times a day, 20 threads -45 */6 * * * mirrormanager [ "`hostname -s`" == "mm-crawler02" ] && sleep 1h; pkill -14 -f "^/usr/bin/python2 -s /usr/bin/mm2_crawler --category=Fedora EPEL"; sleep 5m; pkill -9 -f "^/usr/bin/python2 -s /usr/bin/mm2_crawler --category=Fedora EPEL"; /usr/bin/mm2_crawler --category="Fedora EPEL" --threads 19 --timeout-minutes 240 `/usr/local/bin/run_crawler.sh 2` > /dev/null 2>&1 - -# Category: 'Fedora Archive'; once a day, 10 threads -0 2 * * * mirrormanager [ "`hostname -s`" == "mm-crawler02" ] && sleep 6h; pkill -14 -f "^/usr/bin/python2 -s /usr/bin/mm2_crawler --category=Fedora Archive"; sleep 5m; pkill -9 -f "^/usr/bin/python2 -s /usr/bin/mm2_crawler --category=Fedora Archive"; /usr/bin/mm2_crawler --category="Fedora Archive" --threads 9 --timeout-minutes 300 `/usr/local/bin/run_crawler.sh 2` > /dev/null 2>&1 - -# Category: 'Fedora Other'; once a day, 10 threads -0 14 * * * mirrormanager [ "`hostname -s`" == "mm-crawler02" ] && sleep 6h; pkill -14 -f "^/usr/bin/python2 -s /usr/bin/mm2_crawler --category=Fedora Other"; sleep 5m; pkill -9 -f "^/usr/bin/python2 -s /usr/bin/mm2_crawler --category=Fedora Other"; /usr/bin/mm2_crawler --category="Fedora Other" --threads 9 --timeout-minutes 240 `/usr/local/bin/run_crawler.sh 2` > /dev/null 2>&1 - -# Category: 'CentOS'; twice a day, 20 threads -0 5,11 * * * mirrormanager [ "`hostname -s`" == "mm-crawler02" ] && sleep 6h; pkill -14 -f "^/usr/bin/python2 -s /usr/bin/mm2_crawler --category=CentOS"; sleep 5m; pkill -9 -f "^/usr/bin/python2 -s /usr/bin/mm2_crawler --category=CentOS"; /usr/bin/mm2_crawler --category="CentOS" --threads 19 --timeout-minutes 240 `/usr/local/bin/run_crawler.sh 2` > /dev/null 2>&1 +# # run the crawler for each MirrorManager category +# # logs sent to /var/log/mirrormanager/crawler.log and crawl/* by default +# # +# # [ "`hostname -s`" == "mm-crawler02" ] && sleep 6h is used to start the crawl +# # later on the second crawler to reduce the number of parallel accesses to +# # the database +# # +# # To make sure only one cron started crawler is running the previous running +# # (cron) crawlers are being signaled to shut down. The crawler can try to +# # gracefully shutdown if it gets the signal SIGALRM(14). After the signal we +# # wait for 5 minutes to give the crawler a chance to shutdown. After that the +# # crawler is killed. To make sure we only end the cron started crawler we look +# # for the following process "/usr/bin/python /usr/bin/mm2_crawler --category=25". +# +# # The number of threads is based on the possible number of existing mirrors. More +# # threads for categories with more mirrors. +# +# # The goal is to distribute the crawling of all categories over the whole day. +# +# # The timeout is 4 hours, but for each category. +# +# # Category: 'Fedora Linux'; twice a day, 20 threads +# 0 */12 * * * mirrormanager [ "`hostname -s`" == "mm-crawler02" ] && sleep 6h; pkill -14 -f "^/usr/bin/python2 -s /usr/bin/mm2_crawler --category=Fedora Linux"; sleep 5m; pkill -9 -f "^/usr/bin/python2 -s /usr/bin/mm2_crawler --category=Fedora Linux"; /usr/bin/mm2_crawler --category="Fedora Linux" --threads 19 --timeout-minutes 240 `/usr/local/bin/run_crawler.sh 2` > /dev/null 2>&1 +# +# # Category: 'Fedora Secondary Arches'; twice a day, 10 threads +# 0 3,9 * * * mirrormanager [ "`hostname -s`" == "mm-crawler02" ] && sleep 1h; pkill -14 -f "^/usr/bin/python2 -s /usr/bin/mm2_crawler --category=Fedora Secondary Arches"; sleep 5m; pkill -9 -f "^/usr/bin/python2 -s /usr/bin/mm2_crawler --category=Fedora Secondary Arches"; /usr/bin/mm2_crawler --category="Fedora Secondary Arches" --threads 9 --timeout-minutes 240 `/usr/local/bin/run_crawler.sh 2` > /dev/null 2>&1 +# +# # Category: 'Fedora EPEL'; four times a day, 20 threads +# 45 */6 * * * mirrormanager [ "`hostname -s`" == "mm-crawler02" ] && sleep 1h; pkill -14 -f "^/usr/bin/python2 -s /usr/bin/mm2_crawler --category=Fedora EPEL"; sleep 5m; pkill -9 -f "^/usr/bin/python2 -s /usr/bin/mm2_crawler --category=Fedora EPEL"; /usr/bin/mm2_crawler --category="Fedora EPEL" --threads 19 --timeout-minutes 240 `/usr/local/bin/run_crawler.sh 2` > /dev/null 2>&1 +# +# # Category: 'Fedora Archive'; once a day, 10 threads +# 0 2 * * * mirrormanager [ "`hostname -s`" == "mm-crawler02" ] && sleep 6h; pkill -14 -f "^/usr/bin/python2 -s /usr/bin/mm2_crawler --category=Fedora Archive"; sleep 5m; pkill -9 -f "^/usr/bin/python2 -s /usr/bin/mm2_crawler --category=Fedora Archive"; /usr/bin/mm2_crawler --category="Fedora Archive" --threads 9 --timeout-minutes 300 `/usr/local/bin/run_crawler.sh 2` > /dev/null 2>&1 +# +# # Category: 'Fedora Other'; once a day, 10 threads +# 0 14 * * * mirrormanager [ "`hostname -s`" == "mm-crawler02" ] && sleep 6h; pkill -14 -f "^/usr/bin/python2 -s /usr/bin/mm2_crawler --category=Fedora Other"; sleep 5m; pkill -9 -f "^/usr/bin/python2 -s /usr/bin/mm2_crawler --category=Fedora Other"; /usr/bin/mm2_crawler --category="Fedora Other" --threads 9 --timeout-minutes 240 `/usr/local/bin/run_crawler.sh 2` > /dev/null 2>&1 +# +# # Category: 'CentOS'; twice a day, 20 threads +# 0 5,11 * * * mirrormanager [ "`hostname -s`" == "mm-crawler02" ] && sleep 6h; pkill -14 -f "^/usr/bin/python2 -s /usr/bin/mm2_crawler --category=CentOS"; sleep 5m; pkill -9 -f "^/usr/bin/python2 -s /usr/bin/mm2_crawler --category=CentOS"; /usr/bin/mm2_crawler --category="CentOS" --threads 19 --timeout-minutes 240 `/usr/local/bin/run_crawler.sh 2` > /dev/null 2>&1 diff --git a/roles/mirrormanager/crawler/tasks/main.yml b/roles/mirrormanager/crawler/tasks/main.yml index 867e9b4a77..42f440257a 100644 --- a/roles/mirrormanager/crawler/tasks/main.yml +++ b/roles/mirrormanager/crawler/tasks/main.yml @@ -51,4 +51,5 @@ cron: name="propagation-check" minute="27" hour="*/2" user="mirrormanager" job="/usr/local/bin/check_propagation.sh" cron_file=propagation-check + disabled=true when: inventory_hostname.startswith('mm-crawler01.iad2') diff --git a/roles/mirrormanager/frontend2/templates/frontend.cron b/roles/mirrormanager/frontend2/templates/frontend.cron index 6725774b2d..1f9f3fa296 100644 --- a/roles/mirrormanager/frontend2/templates/frontend.cron +++ b/roles/mirrormanager/frontend2/templates/frontend.cron @@ -1,4 +1,6 @@ MAILTO=root -# sync crawler logs every hour -55 * * * * mirrormanager /usr/local/bin/sync-crawler-logs.sh +## Replaced by mirrormanager in OpenShift +# +# # sync crawler logs every hour +# 55 * * * * mirrormanager /usr/local/bin/sync-crawler-logs.sh diff --git a/roles/mirrormanager/frontend2/templates/mirrormanager.conf b/roles/mirrormanager/frontend2/templates/mirrormanager.conf index de4b3a41d2..cde585fa74 100644 --- a/roles/mirrormanager/frontend2/templates/mirrormanager.conf +++ b/roles/mirrormanager/frontend2/templates/mirrormanager.conf @@ -1,35 +1,39 @@ -# Apache configuration file for mirrormanager2 +## Replaced by mirrormanager in OpenShift -Alias /mirrormanager/static /usr/lib/python2.7/site-packages/mirrormanager2/static/fedora/ -Alias /mirrormanager/crawler /var/log/mirrormanager/crawler -Alias /mirrormanager/data /var/www/mirrormanager-statistics/data -Alias /mirrormanager/map /var/www/mirrormanager-statistics/map +Redirect /mirrormanager https://mirrormanager{{ env_suffix }}.fedoraproject.org -WSGIDaemonProcess mirrormanager user=apache maximum-requests=100 display-name=mirrormanager processes=2 threads=4 -WSGISocketPrefix run/wsgi -WSGIRestrictStdout On -WSGIRestrictSignal Off -WSGIPythonOptimize 1 - -WSGIScriptAlias /mirrormanager /var/www/mirrormanager2.wsgi - - - WSGIProcessGroup mirrormanager - - # Apache 2.4 - Require all granted - - - # Apache 2.2 - Order deny,allow - Allow from all - - - - -{% if mm2_checkin %} - Require all granted -{% else %} - Require all denied -{% endif %} - +# # Apache configuration file for mirrormanager2 +# +# Alias /mirrormanager/static /usr/lib/python2.7/site-packages/mirrormanager2/static/fedora/ +# Alias /mirrormanager/crawler /var/log/mirrormanager/crawler +# Alias /mirrormanager/data /var/www/mirrormanager-statistics/data +# Alias /mirrormanager/map /var/www/mirrormanager-statistics/map +# +# WSGIDaemonProcess mirrormanager user=apache maximum-requests=100 display-name=mirrormanager processes=2 threads=4 +# WSGISocketPrefix run/wsgi +# WSGIRestrictStdout On +# WSGIRestrictSignal Off +# WSGIPythonOptimize 1 +# +# WSGIScriptAlias /mirrormanager /var/www/mirrormanager2.wsgi +# +# +# WSGIProcessGroup mirrormanager +# +# # Apache 2.4 +# Require all granted +# +# +# # Apache 2.2 +# Order deny,allow +# Allow from all +# +# +# +# +# {% if mm2_checkin %} +# Require all granted +# {% else %} +# Require all denied +# {% endif %} +# diff --git a/vars/apps/mirrormanager.yml b/vars/apps/mirrormanager.yml index 175c28213d..d804a5382c 100644 --- a/vars/apps/mirrormanager.yml +++ b/vars/apps/mirrormanager.yml @@ -1,5 +1,5 @@ --- -mirrormanager_hostname: "mirrors.apps.ocp{{ env_suffix }}.fedoraproject.org" +mirrormanager_hostname: "mirrormanager{{ env_suffix }}.fedoraproject.org" mirrormanager_db_host: "db01{{ env_suffix }}" mirrormanager_oidc_client_id: "mirrormanager" # Move that to an env var to target a specific deployment