Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

ODCS: use the same user/group on every machine.

Browse source
This commit is contained in:
Jan Kaluža 2020-03-18 10:41:56 +00:00 committed by Pierre-Yves Chibon
parent ebb4449e99
commit 14417c5f18
7 changed files with 49 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

6
roles/odcs/backend/tasks/main.yml
View file

@ -35,9 +35,9 @@
tags: tags:
- odcs - odcs
- odcs/backend - odcs/backend
- name: add the odcs user to the apache group - name: add the odcs-server user to the apache group
user: user:
name: odcs name: odcs-server
group: apache group: apache
groups: apache groups: apache
append: true append: true
@ -51,7 +51,7 @@
with_items: with_items:
- odcs-manager upgradedb - odcs-manager upgradedb
become: yes become: yes
become_user: odcs become_user: odcs-server
when: odcs_migrate_db when: odcs_migrate_db
notify: notify:
- restart odcs-celery-backend - restart odcs-celery-backend

4
roles/odcs/base/files/tmpfiles.d/odcs-backend.conf
View file

@ -1,3 +1,3 @@
d /var/run/odcs-backend 0755 odcs fedmsg - d /var/run/odcs-backend 0755 odcs-server -
d /var/log/odcs-backend 0755 odcs fedmsg - d /var/log/odcs-backend 0755 odcs-server -

64
roles/odcs/base/tasks/main.yml
View file

@ -49,14 +49,26 @@
- odcs - odcs
- odcs/backend - odcs/backend
- name: create odcs-server group
group:
name: odcs-server
gid: 64321
state: present
- name: create odcs-server user
user:
name: odcs-server
uid: 64321
group: odcs-server
- name: create ODCS_TARGET_DIR - name: create ODCS_TARGET_DIR
file: file:
path: "{{ item }}" path: "{{ item }}"
state: directory state: directory
owner: apache owner: odcs-server
group: apache group: odcs-server
mode: 0777 mode: 0644
# recurse: yes recurse: yes
follow: no follow: no
with_items: with_items:
- "{{ odcs_target_dir }}" - "{{ odcs_target_dir }}"
@ -78,7 +90,7 @@
template: template:
src: etc/odcs/config.py.j2 src: etc/odcs/config.py.j2
dest: /etc/odcs/config.py dest: /etc/odcs/config.py
owner: odcs owner: odcs-server
group: apache group: apache
mode: 0440 mode: 0440
notify: notify:
@ -92,8 +104,8 @@
template: template:
src: etc/odcs/config.py.j2 src: etc/odcs/config.py.j2
dest: /etc/odcs/config.py dest: /etc/odcs/config.py
owner: odcs owner: odcs-server
group: fedmsg group: odcs-server
mode: 0440 mode: 0440
notify: notify:
- restart odcs-celery-backend - restart odcs-celery-backend
@ -106,8 +118,8 @@
template: template:
src: etc/odcs/raw_config_wrapper.conf.j2 src: etc/odcs/raw_config_wrapper.conf.j2
dest: /etc/odcs/raw_config_wrapper.conf dest: /etc/odcs/raw_config_wrapper.conf
owner: odcs owner: odcs-server
group: fedmsg group: odcs-server
mode: 0440 mode: 0440
notify: notify:
- restart odcs-celery-backend - restart odcs-celery-backend
@ -120,8 +132,8 @@
template: template:
src: etc/odcs/runroot_koji.conf.j2 src: etc/odcs/runroot_koji.conf.j2
dest: /etc/odcs/runroot_koji.conf dest: /etc/odcs/runroot_koji.conf
owner: odcs owner: odcs-server
group: fedmsg group: odcs-server
mode: 0440 mode: 0440
notify: notify:
- restart odcs-celery-backend - restart odcs-celery-backend
@ -142,8 +154,8 @@
copy: copy:
src: "{{ roles_path }}/odcs/base/files/pungi.conf" src: "{{ roles_path }}/odcs/base/files/pungi.conf"
dest: /etc/odcs/pungi.conf dest: /etc/odcs/pungi.conf
owner: odcs owner: odcs-server
group: fedmsg group: odcs-server
mode: 0640 mode: 0640
notify: notify:
- restart odcs-celery-backend - restart odcs-celery-backend
@ -156,8 +168,8 @@
template: template:
src: "etc/systemd/system/odcs-celery-backend.service.j2" src: "etc/systemd/system/odcs-celery-backend.service.j2"
dest: /etc/systemd/system/odcs-celery-backend.service dest: /etc/systemd/system/odcs-celery-backend.service
owner: odcs owner: odcs-server
group: fedmsg group: odcs-server
mode: 0640 mode: 0640
notify: notify:
- restart odcs-celery-backend - restart odcs-celery-backend
@ -180,8 +192,8 @@
template: template:
src: "etc/systemd/system/odcs-celery-beat.service.j2" src: "etc/systemd/system/odcs-celery-beat.service.j2"
dest: /etc/systemd/system/odcs-celery-beat.service dest: /etc/systemd/system/odcs-celery-beat.service
owner: odcs owner: odcs-server
group: fedmsg group: odcs-server
mode: 0640 mode: 0640
notify: notify:
- restart odcs-celery-beat - restart odcs-celery-beat
@ -194,8 +206,8 @@
template: template:
src: "fedora-messaging.toml.j2" src: "fedora-messaging.toml.j2"
dest: /etc/fedora-messaging/config.toml dest: /etc/fedora-messaging/config.toml
owner: odcs owner: odcs-server
group: apache group: odcs-server
mode: 0640 mode: 0640
tags: tags:
- odcs - odcs
@ -216,8 +228,8 @@
copy: copy:
src: "{{ roles_path }}/odcs/base/files/tmpfiles.d/odcs-backend.conf" src: "{{ roles_path }}/odcs/base/files/tmpfiles.d/odcs-backend.conf"
dest: /etc/tmpfiles.d/odcs-backend.conf dest: /etc/tmpfiles.d/odcs-backend.conf
owner: odcs owner: odcs-server
group: fedmsg group: odcs-server
mode: 0640 mode: 0640
notify: notify:
- restart odcs-celery-backend - restart odcs-celery-backend
@ -241,7 +253,7 @@
copy: copy:
src: "{{private}}/files/rabbitmq/{{env}}/pki/issued/odcs-private-queue{{env_suffix}}.crt" src: "{{private}}/files/rabbitmq/{{env}}/pki/issued/odcs-private-queue{{env_suffix}}.crt"
dest: /etc/odcs/odcs-private-queue.crt dest: /etc/odcs/odcs-private-queue.crt
owner: odcs owner: odcs-server
group: apache group: apache
mode: 0640 mode: 0640
tags: tags:
@ -253,7 +265,7 @@
copy: copy:
src: "{{private}}/files/rabbitmq/{{env}}/pki/private/odcs-private-queue{{env_suffix}}.key" src: "{{private}}/files/rabbitmq/{{env}}/pki/private/odcs-private-queue{{env_suffix}}.key"
dest: /etc/odcs/odcs-private-queue.key dest: /etc/odcs/odcs-private-queue.key
owner: odcs owner: odcs-server
group: apache group: apache
mode: 0640 mode: 0640
tags: tags:
@ -265,7 +277,7 @@
copy: copy:
src: "{{private}}/files/rabbitmq/{{env}}/pki/issued/odcs{{env_suffix}}.crt" src: "{{private}}/files/rabbitmq/{{env}}/pki/issued/odcs{{env_suffix}}.crt"
dest: /etc/odcs/odcs-rabbitmq.crt dest: /etc/odcs/odcs-rabbitmq.crt
owner: odcs owner: odcs-server
group: apache group: apache
mode: 0640 mode: 0640
tags: tags:
@ -277,7 +289,7 @@
copy: copy:
src: "{{private}}/files/rabbitmq/{{env}}/pki/private/odcs{{env_suffix}}.key" src: "{{private}}/files/rabbitmq/{{env}}/pki/private/odcs{{env_suffix}}.key"
dest: /etc/odcs/odcs-rabbitmq.key dest: /etc/odcs/odcs-rabbitmq.key
owner: odcs owner: odcs-server
group: apache group: apache
mode: 0640 mode: 0640
tags: tags:
@ -289,7 +301,7 @@
copy: copy:
src: "{{private}}/files/rabbitmq/{{env}}/pki/ca.crt" src: "{{private}}/files/rabbitmq/{{env}}/pki/ca.crt"
dest: /etc/odcs/ca.crt dest: /etc/odcs/ca.crt
owner: odcs owner: odcs-server
group: apache group: apache
mode: 0640 mode: 0640
tags: tags:

4
roles/odcs/base/templates/etc/systemd/system/odcs-celery-backend.service.j2
View file

@ -4,8 +4,8 @@ After=network.target remote-fs.target nss-lookup.target
[Service] [Service]
Type=forking Type=forking
User=odcs User=odcs-server
Group=fedmsg Group=odcs-server
WorkingDirectory=/tmp WorkingDirectory=/tmp
ExecStart=/bin/sh -c '/usr/bin/celery-3 multi start worker \ ExecStart=/bin/sh -c '/usr/bin/celery-3 multi start worker \
-A odcs.server.celery_tasks --pidfile=/var/run/odcs-backend/%%n.pid \ -A odcs.server.celery_tasks --pidfile=/var/run/odcs-backend/%%n.pid \

4
roles/odcs/base/templates/etc/systemd/system/odcs-celery-beat.service.j2
View file

@ -4,8 +4,8 @@ After=network.target remote-fs.target nss-lookup.target
[Service] [Service]
Type=simple Type=simple
User=odcs User=odcs-server
Group=fedmsg Group=odcs-server
WorkingDirectory=/tmp WorkingDirectory=/tmp
ExecStart=/bin/sh -c '/usr/bin/celery-3 -A odcs.server.celery_tasks beat --loglevel=debug' ExecStart=/bin/sh -c '/usr/bin/celery-3 -A odcs.server.celery_tasks beat --loglevel=debug'

23
roles/odcs/frontend/tasks/main.yml
View file

@ -15,19 +15,6 @@
- odcs/frontend - odcs/frontend
- selinux - selinux
- name: create ODCS_TARGET_DIR
file:
path: "{{ odcs_target_dir }}"
state: directory
owner: apache
group: apache
mode: 0777
# recurse: yes
follow: no
tags:
- odcs
- odcs/frontend
- name: generate the ODCS Apache config - name: generate the ODCS Apache config
template: template:
src: etc/httpd/conf.d/odcs.conf.j2 src: etc/httpd/conf.d/odcs.conf.j2
@ -80,18 +67,10 @@
with_items: with_items:
- odcs-manager upgradedb - odcs-manager upgradedb
become: yes become: yes
become_user: odcs become_user: odcs-server
when: odcs_migrate_db when: odcs_migrate_db
tags: tags:
- odcs - odcs
- odcs/frontend - odcs/frontend
## THIS IS BROKEN BECAUSE fedora-messaging. and other things.
# - name: install cron job for cleanup msg
# cron:
# name="Send ODCS cleanup message"
# job="/usr/bin/echo '{}'| fedmsg-logger --cert-prefix odcs --topic odcs.internal.msg --json-input"
# tags:
# - odcs
# - odcs/frontend

2
roles/odcs/frontend/templates/etc/httpd/conf.d/odcs.conf.j2
View file

@ -5,7 +5,7 @@ RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
{% endif %} {% endif %}
WSGIDaemonProcess odcs user=apache group=apache processes={{wsgi_procs}} threads={{wsgi_threads}} WSGIDaemonProcess odcs user=odcs-server group=apache processes={{wsgi_procs}} threads={{wsgi_threads}}
WSGIScriptAlias /{{ odcs_endpoint }} /usr/share/odcs/odcs.wsgi WSGIScriptAlias /{{ odcs_endpoint }} /usr/share/odcs/odcs.wsgi
{% if env == 'staging' %} {% if env == 'staging' %}