From 1ba5dc01a5741fd6363f3955de102bfa0339f081 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 16 Jan 2015 18:57:25 +0000
Subject: [PATCH] Add in cron and kojira tasks for passive hub. Add keepalived
 script to enable/disable on master/backup.

---
 roles/keepalived/files/keepalived-notify.sh   | 34 ++++++++
 ...ed-notify.sh.koji02.phx2.fedoraproject.org | 34 ++++++++
 roles/keepalived/tasks/main.yml               |  9 ++
 roles/keepalived/templates/keepalived.conf.j2 |  1 +
 roles/koji_hub/files/koji-directory-cleanup   |  2 +
 roles/koji_hub/files/koji-gc                  |  6 ++
 roles/koji_hub/files/koji-gc.conf             | 82 +++++++++++++++++++
 roles/koji_hub/files/koji-prunesigs           |  4 +
 roles/koji_hub/tasks/main.yml                 | 38 +++++++++
 9 files changed, 210 insertions(+)
 create mode 100644 roles/keepalived/files/keepalived-notify.sh
 create mode 100644 roles/keepalived/files/keepalived-notify.sh.koji02.phx2.fedoraproject.org
 create mode 100644 roles/koji_hub/files/koji-directory-cleanup
 create mode 100644 roles/koji_hub/files/koji-gc
 create mode 100644 roles/koji_hub/files/koji-gc.conf
 create mode 100644 roles/koji_hub/files/koji-prunesigs

diff --git a/roles/keepalived/files/keepalived-notify.sh b/roles/keepalived/files/keepalived-notify.sh
new file mode 100644
index 0000000000..f0643f4a0a
--- /dev/null
+++ b/roles/keepalived/files/keepalived-notify.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+TYPE=$1
+NAME=$2
+STATE=$3
+
+#
+# We are becoming master node
+#
+if [ $STATE == "MASTER" ]; then
+	# systemctl stop kojira
+	# rm -f /etc/cron.d/kojifix
+	# rm -f /etc/cron.d/koji-directory-cleanup
+	# rm -f /etc/cron.d/koji-gc
+	# rm -f /etc/cron.d/koji-prunesigs
+	logger "just became keepalived master"
+
+fi
+#
+# We are becoming the backup node
+#
+if [ $STATE == "BACKUP" ]; then
+	# systemctl start kojira
+	#  /etc/cron.d/kojifix
+	# rm -f /etc/cron.d/koji-directory-cleanup
+	# rm -f /etc/cron.d/koji-gc
+	# rm -f /etc/cron.d/koji-prunesigs
+	logger "just became keepalived backup"
+fi
+#
+# something horrible has gone wrong
+#
+if [ $STATE == "FAULT" ]; then
+	logger "just had a keepalived fault"
+fi
diff --git a/roles/keepalived/files/keepalived-notify.sh.koji02.phx2.fedoraproject.org b/roles/keepalived/files/keepalived-notify.sh.koji02.phx2.fedoraproject.org
new file mode 100644
index 0000000000..f0643f4a0a
--- /dev/null
+++ b/roles/keepalived/files/keepalived-notify.sh.koji02.phx2.fedoraproject.org
@@ -0,0 +1,34 @@
+#!/bin/bash
+TYPE=$1
+NAME=$2
+STATE=$3
+
+#
+# We are becoming master node
+#
+if [ $STATE == "MASTER" ]; then
+	# systemctl stop kojira
+	# rm -f /etc/cron.d/kojifix
+	# rm -f /etc/cron.d/koji-directory-cleanup
+	# rm -f /etc/cron.d/koji-gc
+	# rm -f /etc/cron.d/koji-prunesigs
+	logger "just became keepalived master"
+
+fi
+#
+# We are becoming the backup node
+#
+if [ $STATE == "BACKUP" ]; then
+	# systemctl start kojira
+	#  /etc/cron.d/kojifix
+	# rm -f /etc/cron.d/koji-directory-cleanup
+	# rm -f /etc/cron.d/koji-gc
+	# rm -f /etc/cron.d/koji-prunesigs
+	logger "just became keepalived backup"
+fi
+#
+# something horrible has gone wrong
+#
+if [ $STATE == "FAULT" ]; then
+	logger "just had a keepalived fault"
+fi
diff --git a/roles/keepalived/tasks/main.yml b/roles/keepalived/tasks/main.yml
index d67d19c2c0..be57c5db29 100644
--- a/roles/keepalived/tasks/main.yml
+++ b/roles/keepalived/tasks/main.yml
@@ -21,6 +21,15 @@
   notify:
   - restart keepalived
 
+- name: Install keepalived failover script for host (or default)
+  copy: src={{ item }} dest=/usr/local/bin/keepalived-notify.sh mode=755
+  with_first_found:
+    - keepalived-notify.sh.{{ ansible_fqdn }}
+    - keepalived-notify.sh
+  tags:
+  - config
+  - keepalived
+
 - name: Make sure keepalived is set to start and is running
   service: state=running enabled=true name=keepalived
   tags:
diff --git a/roles/keepalived/templates/keepalived.conf.j2 b/roles/keepalived/templates/keepalived.conf.j2
index f757766577..d8cad097e1 100644
--- a/roles/keepalived/templates/keepalived.conf.j2
+++ b/roles/keepalived/templates/keepalived.conf.j2
@@ -19,4 +19,5 @@ vrrp_instance VI_1 {
   priority {{ keepalived_priority }}
   virtual_ipaddress {
      {{ keepalived_ipaddress }}
+  notify /usr/local/bin/keepalived-notify.sh
 }
diff --git a/roles/koji_hub/files/koji-directory-cleanup b/roles/koji_hub/files/koji-directory-cleanup
new file mode 100644
index 0000000000..67a30188c2
--- /dev/null
+++ b/roles/koji_hub/files/koji-directory-cleanup
@@ -0,0 +1,2 @@
+0 8 * * * apache find /mnt/koji/work    -xdev -depth -mindepth 2 -mtime +28 \( -type f -o -type l \) -delete -o -type d -empty -delete
+0 9 * * * apache find /mnt/koji/scratch -xdev -depth             -mtime +21 \( -type f -o -type l \) -delete -o -type d -empty -delete
diff --git a/roles/koji_hub/files/koji-gc b/roles/koji_hub/files/koji-gc
new file mode 100644
index 0000000000..cfbdc94b59
--- /dev/null
+++ b/roles/koji_hub/files/koji-gc
@@ -0,0 +1,6 @@
+# Run garbage collector nightly
+SCRIPT=/usr/sbin/koji-gc
+MAILTO=sysadmin-build-members@fedoraproject.org
+0 8 * * * apache $SCRIPT --action=delete
+0 10 * * * apache $SCRIPT --action=prune
+0 9 * * * apache $SCRIPT --action=trash
diff --git a/roles/koji_hub/files/koji-gc.conf b/roles/koji_hub/files/koji-gc.conf
new file mode 100644
index 0000000000..7680be9eeb
--- /dev/null
+++ b/roles/koji_hub/files/koji-gc.conf
@@ -0,0 +1,82 @@
+#test policy file
+#earlier = higher precedence!
+
+[main]
+key_aliases =
+    30C9ECF8    fedora-test
+    4F2A6FD2    fedora-gold
+    897DA07A    redhat-beta
+    1AC70CE6    fedora-extras
+    6DF2196F    fedora-8-9
+    DF9B0AE9    fedora-8-9-test
+    0B86274E    fedora-10-test
+    4EBFC273    fedora-10
+    D22E77F2    fedora-11
+    57BBCCBA    fedora-12
+    E8E40FDE    fedora-13
+    97A1071F    fedora-14
+    069C8460    fedora-15
+    A82BA4B7    fedora-16
+    1ACA3465    fedora-17
+    DE7F38BD    fedora-18
+    FB4B18E6    fedora-19
+    246110C1    fedora-20
+    95A43F54    fedora-21
+    8E1431D5    fedora-22
+    217521F6    fedora-epel
+    0608B895    fedora-epel-6
+    352C64E5    fedora-epel-7
+
+unprotected_keys =
+    fedora-15
+    fedora-16
+    fedora-17
+    fedora-18
+    fedora-19
+    fedora-20
+    fedora-21
+    fedora-22
+    fedora-extras
+    redhat-beta
+    fedora-epel
+    fedora-epel-6
+    fedora-epel-7
+
+server = https://koji.fedoraproject.org/kojihub
+weburl = http://koji.fedoraproject.org/koji
+from_addr = Koji Build System <buildsys@fedoraproject.org>
+
+[prune]
+policy =
+    #stuff to protect
+    #note that tags with master lock engaged are already protected
+    tag *-updates :: keep
+    age < 1 day :: skip
+    sig fedora-gold :: skip
+    sig fedora-test && age < 12 weeks :: keep
+    sig fedora-10-test && age < 12 weeks :: keep
+    sig fedora-10 && age < 12 weeks :: keep
+    sig fedora-11 && age < 12 weeks :: keep
+    sig fedora-12 && age < 12 weeks :: keep
+    sig fedora-13 && age < 12 weeks :: keep
+    sig fedora-14 && age < 12 weeks :: keep
+    sig fedora-15 && age < 12 weeks :: keep
+    sig fedora-16 && age < 12 weeks :: keep
+    sig fedora-17 && age < 12 weeks :: keep
+    sig fedora-18 && age < 12 weeks :: keep
+    sig fedora-19 && age < 12 weeks :: keep
+    sig fedora-20 && age < 12 weeks :: keep
+    sig fedora-21 && age < 12 weeks :: keep
+    sig fedora-22 && age < 12 weeks :: keep
+    sig fedora-epel && age < 12 weeks :: keep
+    sig fedora-epel-6 && age < 12 weeks :: keep
+    sig fedora-epel-7 && age < 12 weeks :: keep
+
+    #stuff to chuck semi-rapidly
+    tag *-testing *-candidate *-override && order >= 2 :: untag
+    tag *-testing *-candidate && order > 0 && age > 6 weeks :: untag
+    tag *-candidate && age > 8 weeks :: untag
+
+    #default: keep the last 3
+    order > 2 :: untag
+
diff --git a/roles/koji_hub/files/koji-prunesigs b/roles/koji_hub/files/koji-prunesigs
new file mode 100644
index 0000000000..f3060e5303
--- /dev/null
+++ b/roles/koji_hub/files/koji-prunesigs
@@ -0,0 +1,4 @@
+# Run prune-signed-copies nightly
+MAILTO=sysadmin-build-members@fedoraproject.org
+SCRIPT=/usr/bin/koji
+0 8 * * * apache $SCRIPT --noauth prune-signed-copies --verbose
diff --git a/roles/koji_hub/tasks/main.yml b/roles/koji_hub/tasks/main.yml
index c182938855..8224f3e229 100644
--- a/roles/koji_hub/tasks/main.yml
+++ b/roles/koji_hub/tasks/main.yml
@@ -10,6 +10,7 @@
   - koji-web
   - koji-utils
   - koji-theme-fedora
+  - kojira
   - mod_ssl
   - mod_wsgi
   - git
@@ -201,3 +202,40 @@
   tags:
   - service
   - koji_hub
+
+- name: Make sure kojira is set to not run on boot (controlled by keepalived)
+  service: name=kojira enabled=no
+  tags:
+  - service
+  - koji_hub
+
+- name: install cert for oscar (garbage collector) user
+  copy: src={{ puppet_private }}/koji/gc/oscar_key_and_cert.pem dest=/etc/koji-gc/client.crt
+  tags:
+  - koji_hub
+
+- name: install serverca cert for oscar (garbage collector) user
+  copy: src={{ puppet_private }}/fedora-ca.cert dest=/etc/koji-gc/serverca.crt
+  tags:
+  - koji_hub
+
+- name: install clientca cert for oscar (garbage collector) user
+  copy: src={{ puppet_private }}/fedora-ca.cert dest=/etc/koji-gc/clientca.crt
+  tags:
+  - koji_hub
+
+- name: install koji-gc.conf
+  file: src=koji-gc.conf dest=/etc/koji-gc/koji-gc.conf
+  tags:
+  - koji_hub
+
+- name: install cron jobs to be used by keepalived later
+  copy: src={{ item }} dest=/usr/local/etc/{{ item }}
+  with_items:
+  - koji-directory-cleanup
+  - koji-gc
+  - koji-prunesigs
+  tags:
+  - files
+  - koji_hub
+