From 159b0a37794346513c043d384d9bc62ccc39234b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20Such=C3=BD?= Date: Wed, 3 May 2017 15:02:26 +0200 Subject: [PATCH] retrace: update from upstream --- .../faf/files/group_abrt-faf-el7-epel-7.repo | 10 ++ roles/abrt/faf/templates/etc-faf-faf.conf.j2 | 31 ++++ .../faf/templates/etc-faf-plugins-web.conf.j2 | 50 ++++++ .../etc-httpd-conf.d-faf-web.conf.j2 | 52 ++++++ .../templates/etc-retrace-server.conf.j2 | 162 ++++++++++++++++++ .../templates/retrace-server-httpd.conf.j2 | 47 +++++ 6 files changed, 352 insertions(+) create mode 100644 roles/abrt/faf/files/group_abrt-faf-el7-epel-7.repo create mode 100644 roles/abrt/faf/templates/etc-faf-faf.conf.j2 create mode 100644 roles/abrt/faf/templates/etc-faf-plugins-web.conf.j2 create mode 100644 roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 create mode 100644 roles/abrt/retrace/templates/etc-retrace-server.conf.j2 create mode 100644 roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 diff --git a/roles/abrt/faf/files/group_abrt-faf-el7-epel-7.repo b/roles/abrt/faf/files/group_abrt-faf-el7-epel-7.repo new file mode 100644 index 0000000000..ec4e5fa897 --- /dev/null +++ b/roles/abrt/faf/files/group_abrt-faf-el7-epel-7.repo @@ -0,0 +1,10 @@ +[group_abrt-faf-el7] +name=Copr repo for faf-el7 owned by @abrt +baseurl=https://copr-be.cloud.fedoraproject.org/results/@abrt/faf-el7/epel-7-$basearch/ +type=rpm-md +skip_if_unavailable=True +gpgcheck=1 +gpgkey=https://copr-be.cloud.fedoraproject.org/results/@abrt/faf-el7/pubkey.gpg +repo_gpgcheck=0 +enabled=1 +enabled_metadata=1 diff --git a/roles/abrt/faf/templates/etc-faf-faf.conf.j2 b/roles/abrt/faf/templates/etc-faf-faf.conf.j2 new file mode 100644 index 0000000000..18c8a19dda --- /dev/null +++ b/roles/abrt/faf/templates/etc-faf-faf.conf.j2 @@ -0,0 +1,31 @@ +#{{ ansible_managed }} +# Faf site-wide configuration file + +[Main] +PluginsDir = /etc/faf/plugins/ +TemplatesDir = /etc/faf/templates/ +AutoEnablePlugins = False + +[Storage] +ConnectString = {{ faf_db_connectstring }} +LobDir = {{ faf_spool_dir }}/lob +# Using platform-specific location by default. +# Uncomment and change if needed. +# TmpDir = /tmp + +[Mail] +# where to send notification emails, comma separated list +Admins = {{ faf_admin_mail }} +Server = {{ smtp_server }} +Port = {{ smtp_port }} +Username = {{ smtp_username|default("", true) }} +Password = {{ smtp_password|default("", true) }} + +[uReport] +# The directory that holds 'reports' and 'attachments' subdirectories +Directory = {{ faf_spool_dir }} +CreateComponents = False +# attachments accepted by this server +# allowed values: fedora-bugzilla rhel-bugzilla centos-mantisb comment email url +# or * to allow all attachments +AcceptAttachments = fedora-bugzilla rhel-bugzilla centos-mantisbt diff --git a/roles/abrt/faf/templates/etc-faf-plugins-web.conf.j2 b/roles/abrt/faf/templates/etc-faf-plugins-web.conf.j2 new file mode 100644 index 0000000000..21c0d9d8fd --- /dev/null +++ b/roles/abrt/faf/templates/etc-faf-plugins-web.conf.j2 @@ -0,0 +1,50 @@ +#{{ ansible_managed }} +[hub] +debug = {{ faf_web_debug }} +proxy_setup = {{ faf_web_proxy_setup }} +secret_key = {{ faf_web_secret_key }} +{% if faf_web_on_root %} +url = https://{{ domain }}/ +{% else %} +url = https://{{ domain }}/faf/ +{% endif %} +server_name = {{ faf_server_name }} +brand_title = {{ faf_web_brand_title }} +brand_subtitle = {{ faf_web_brand_subtitle }} + +{% if faf_web_fedmenu_url %} +fedmenu_url = {{ faf_web_fedmenu_url }} +fedmenu_data_url = {{ faf_web_fedmenu_data_url }} +{% endif %} + +# When OpenID login is disabled, this option can be used to override permission +# checks and make everyone a package maintainer. +# In that case no login is necessary to access maintainer-only actions. +everyone_is_maintainer = {{ faf_web_everyone_is_admin }} +# When OpenID login is disabled, this option can be used to override permission +# checks and make everyone an admin. +# In that case no login is necessary to access admin-only actions. +everyone_is_admin = {{ faf_web_everyone_is_maintainer }} + +[openid] +enabled = {{ faf_web_openid }} + +{% if faf_web_openid_privileged_teams %} +privileged_teams = {{ faf_web_openid_privileged_teams }} +{% endif %} + +[DumpDir] +CacheDirectory = {{ faf_spool_dir }}/dumpdirs +CacheDirectoryCountQuota = 100 +CacheDirectorySizeQuota = 107374182400 +MaxDumpDirSize = 1073741824 + +[cache] +#types: +# null - no caching +# simple - process-local memory cache +# memcached - requires pylibmc +type = {{ faf_web_cache_type }} +memcached_host = localhost +memcached_port = {{ memcached_port }} +memcached_key_prefix = webfaf diff --git a/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 b/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 new file mode 100644 index 0000000000..33829aed97 --- /dev/null +++ b/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 @@ -0,0 +1,52 @@ +#{{ ansible_managed }} +# WSGI handler +WSGIPythonOptimize 1 +WSGISocketPrefix {{ faf_spool_dir }} /wsgi +WSGIDaemonProcess faf user=faf group=faf processes=3 threads=5 + +{% set python = 'python2.7' %} + +WSGIScriptAlias /{{ url_suffix }} /usr/lib/{{ python }}/site-packages/webfaf/hub.wsgi process-group=faf application-group=%{GLOBAL} + + + + # Apache 2.4 + Require all granted + + + # Apache 2.2 + Order allow,deny + Allow from all + + + +# project main + + Options Indexes + IndexOptions FancyIndexing + + # Apache 2.4 + Require all granted + + + # Apache 2.2 + Order allow,deny + Allow from all + + + +# static +Alias {{ url_suffix }}/static "/usr/share/faf/web/static" + + Options Indexes + IndexOptions FancyIndexing + + # Apache 2.4 + Require all granted + + + # Apache 2.2 + Order allow,deny + Allow from all + + diff --git a/roles/abrt/retrace/templates/etc-retrace-server.conf.j2 b/roles/abrt/retrace/templates/etc-retrace-server.conf.j2 new file mode 100644 index 0000000000..edda02fab5 --- /dev/null +++ b/roles/abrt/retrace/templates/etc-retrace-server.conf.j2 @@ -0,0 +1,162 @@ +#{{ ansible_managed }} + +[retrace] +# Which group is used for authentication +# Do not change AuthGroup if you really don't need to! +# When using non-default group "foo", you also need to +# 1) Set group=foo in WSGIDaemonProcess in /etc/httpd/conf.d/retrace-server-httpd.conf +# 2) Make LogDir, SaveDir and RepoDir readable and writable for foo +# 3) Execute all retrace-server-* scripts (including cron jobs!) with foo membership +AuthGroup = {{ rs_auth_group }} + +# Force to use HTTPS - only disable on trusted network +RequireHTTPS = {{ rs_require_https|int }} + +# Allow to delete task data via HTTP API (https://server//delete) +AllowAPIDelete = {{ rs_allow_api_delete|int }} + +# Allow interactive tasks (security risk, do not use on public systems) +AllowInteractive = {{ rs_allow_interactive|int }} + +# Allow X-CoreFileDirectory header +AllowExternalDir = {{ rs_allow_external_dir|int }} + +# Allow to create tasks owned by task manager (security risk) +AllowTaskManager = {{ rs_allow_task_manager|int }} + +# Allow to create VMCore tasks in the task manager +AllowVMCoreTask = {{ rs_allow_vmcore_task|int }} + +# Allow to create Userspace core tasks in the task manager +AllowUsrCoreTask = {{ rs_allow_usrcore_task|int }} + +# If white list is disabled, anyone can delete tasks +TaskManagerAuthDelete = {{ rs_task_manager_auth_delete|int }} + +# Whitespace-separated list of users allowed to delete tasks +TaskManagerDeleteUsers = {{ rs_task_manager_delete_users|default('', true) }} + +# If set to non-empty string, makes the case number clickable in task manager +# The string is expanded by python, with the case number passed +# as the only argument, do not forget %d +CaseNumberURL = {{ rs_case_number_url|default('', true) }} + +# Verify GPG signatures of installed packages +RequireGPGCheck = {{ rs_require_gpg_check|int }} + +# Maximum tasks running at one moment +MaxParallelTasks = {{ rs_max_parallel_tasks|int }} + +# Maximum size of archive uploaded by user (MB) +MaxPackedSize = {{ rs_max_packed_size|int }} + +# Maximum size of archive contents (MB) +MaxUnpackedSize = {{ rs_max_unpacked_size|int }} + +# Minimal storage left on WorkDir FS after unpacking archive (MB) +MinStorageLeft = {{ rs_min_storage_left|int }} + +# Delete old tasks after (hours); <= 0 means never +# This is mutually exclusive with ArchiveTasksAfter (see below) +# The one that occurs first removes the task from the system +# In case DeleteTaskAfter = ArchiveTaskAfter, archiving executes first +DeleteTaskAfter = {{ rs_delete_task_after|int }} + +# Delete old failed tasks after (hours); <= 0 means never +# This is useful for cleanup of failed tasks before the standard +# mechanisms do (DeleteTaskAfter or ArchiveTaskAfter) +# In case DeleteFailedTaskAfter > DeleteTaskAfter +# or DeleteFailedTaskAfter > ArchiveTaskAfter, this option does nothing +DeleteFailedTaskAfter = {{ rs_delete_failed_task_after|int }} + +# Archive old task after (hours); <= 0 means never +# This is mutually exclusive with DeleteTasksAfter (see above) +# The one that occurs first removes the task from the system +# In case DeleteTaskAfter = ArchiveTaskAfter, archiving executes first +ArchiveTaskAfter = {{ rs_archive_task_after|int }} + +# SQLite statistics DB filename +DBFile = {{ rs_db_file }} + +# Log directory +LogDir = {{ rs_log_dir }} + +# Local repos directory +# if changed, you also need to update httpd config +RepoDir = {{ rs_repo_dir }} + +# Directory where the crashes and results are saved +SaveDir = {{ rs_save_dir }} + +# Directory where old tasks are moved +DropDir = {{ rs_drop_dir }} + +# Whether to use explicit working directory, otherwise default mock settings are used +UseWorkDir = {{ rs_use_work_dir|int }} + +# Working directory +WorkDir = {{ rs_work_dir }} + +# Whether to use createrepo's --update option (faster, but requires a lot of memory) +UseCreaterepoUpdate = {{ rs_use_createrepo_update|int }} + +# How many latest packages to keep for rawhide +KeepRawhideLatest = {{ rs_keep_rawhide_latest|int }} + +# Repo used to install chroot for vmcores +KernelChrootRepo = {{ rs_kernel_chroot_repo }} + +# Koji directory structure can be used to search for kernel debuginfo +KojiRoot = {{ rs_koji_root }} + +# Whether task manager should look to an external FTP for task data +UseFTPTasks = {{ rs_use_ftp_tasks|int }} + +# FTP connection parameters +FTPSSL = {{ rs_ftp_ssl|int }} +FTPHost = {{ rs_ftp_host|default('', true) }} +FTPUser = {{ rs_ftp_user|default('', true) }} +FTPPass = {{ rs_ftp_password|default('', true) }} +FTPDir = {{ rs_ftp_dir|default('', true) }} + +# Size of buffer for downloading from FTP (MB) +FTPBufferSize = {{ rs_ftp_buffer_size|int }} + +# Whether to use wget as a fallback to finding kernel debuginfos +WgetKernelDebuginfos = {{ rs_wget_kernel_debuginfos|int }} + +# Where to download kernel debuginfos from +# $VERSION $RELEASE and $ARCH are replaced by the appropriate value +# kernel-debuginfo-VRA.rpm is appended to the end +KernelDebuginfoURL = {{ rs_kernel_debuginfo_url }} + +# Run makedumpfile with specified dumplevel; <= 0 or >= 32 means disabled +VmcoreDumpLevel = {{ rs_vmcore_dump_level|int }} + +# Whether to run kmem command by default (this may take a long time on large vmcores) +# 1 => run 'kmem -f'; 2 => run 'kmem -f' with 'set hash off'; 3 => run 'kmem -z'; anything else => do not run kmem +VmcoreRunKmem = {{ rs_vmcore_run_kmem|int }} + +# EXPERIMENTAL! Use ABRT Server's storage to map build-ids +# into debuginfo packages and resolve dependencies +# Requires support from ABRT Server +UseFafPackages = {{ rs_use_faf_packages|int }} + +# Where to hardlink faf packages +FafLinkDir = {{ rs_faf_link_dir }} + +# Whether to enable e-mail notifications +EmailNotify = {{ rs_email_notify|int }} + +# Who sends the e-mail notifications +EmailNotifyFrom = {{ rs_email_notify_from_user }}@{{ hostname }} + +[archhosts] +{% for a in rs_archhosts %} +{{ a.arch }} = {{ a.url|default('', true) }} +{% endfor %} + +[hookscripts] +{% for h in rs_hookscripts %} +{{ h.hook }} = {{ h.cmd|default('', true) }} +{% endfor %} diff --git a/roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 b/roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 new file mode 100644 index 0000000000..593b2b8582 --- /dev/null +++ b/roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 @@ -0,0 +1,47 @@ +#{{ ansible_managed }} + +WSGISocketPrefix /var/run/retrace +WSGIDaemonProcess retrace user=retrace group=retrace processes=5 threads=3 + +WSGIScriptAliasMatch ^/manager(/.*)?$ /usr/share/retrace-server/manager.wsgi +WSGIScriptAliasMatch ^/settings$ /usr/share/retrace-server/settings.wsgi +WSGIScriptAliasMatch ^/create$ /usr/share/retrace-server/create.wsgi +WSGIScriptAliasMatch ^/stats$ /usr/share/retrace-server/stats.wsgi +WSGIScriptAliasMatch ^/checkpackage$ /usr/share/retrace-server/checkpackage.wsgi +WSGIScriptAliasMatch ^/[0-9]+/?$ /usr/share/retrace-server/status.wsgi +WSGIScriptAliasMatch ^/[0-9]+/delete$ /usr/share/retrace-server/delete.wsgi +WSGIScriptAliasMatch ^/[0-9]+/log$ /usr/share/retrace-server/log.wsgi +WSGIScriptAliasMatch ^/[0-9]+/backtrace$ /usr/share/retrace-server/backtrace.wsgi +WSGIScriptAliasMatch ^/[0-9]+/exploitable$ /usr/share/retrace-server/exploitable.wsgi +WSGIScriptAliasMatch ^/[0-9]+/start$ /usr/share/retrace-server/start.wsgi +WSGIScriptAliasMatch ^/$ /usr/share/retrace-server/index.wsgi + + + Options Indexes FollowSymLinks + AllowOverride None + + # Apache 2.4 + Require all granted + + + # Apache 2.2 + Order allow,deny + Allow from all + + + + + WSGIProcessGroup retrace + Options -Indexes -FollowSymLinks + + # Apache 2.4 + Require all granted + + + # Apache 2.2 + Order allow,deny + Allow from all + + + +Alias /repos /var/cache/retrace-server