From 21a111831ed01a87dc326911a6560c21597feff5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20Kone=C4=8Dn=C3=BD?= Date: Tue, 11 Jun 2019 17:18:51 +0200 Subject: [PATCH] release-monitoring: separate config files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michal Konečný --- .../release-monitoring/templates/alembic.ini | 34 +++ .../release-monitoring/templates/anitya.toml | 92 ++++++++ .../release-monitoring/templates/anitya.wsgi | 1 + .../release-monitoring/templates/config.toml | 12 + .../templates/configmap.yml | 218 +----------------- .../release-monitoring/templates/httpd.conf | 67 ++++++ .../release-monitoring/templates/start.sh | 5 + 7 files changed, 218 insertions(+), 211 deletions(-) create mode 100644 roles/openshift-apps/release-monitoring/templates/alembic.ini create mode 100644 roles/openshift-apps/release-monitoring/templates/anitya.toml create mode 100644 roles/openshift-apps/release-monitoring/templates/anitya.wsgi create mode 100644 roles/openshift-apps/release-monitoring/templates/config.toml create mode 100644 roles/openshift-apps/release-monitoring/templates/httpd.conf create mode 100644 roles/openshift-apps/release-monitoring/templates/start.sh diff --git a/roles/openshift-apps/release-monitoring/templates/alembic.ini b/roles/openshift-apps/release-monitoring/templates/alembic.ini new file mode 100644 index 0000000000..d002366719 --- /dev/null +++ b/roles/openshift-apps/release-monitoring/templates/alembic.ini @@ -0,0 +1,34 @@ +[alembic] +script_location = anitya:db/migrations +sourceless = false +{% if env == 'staging' %} +sqlalchemy.url = postgresql://{{ anitya_stg_db_admin_user }}:{{ anitya_stg_db_admin_pass }}@{{ anitya_stg_db_host }}/{{ anitya_stg_db_name }} +{% else %} +sqlalchemy.url = postgresql://{{ anitya_db_admin_user }}:{{ anitya_db_admin_pass }}@{{ anitya_db_host }}/{{ anitya_db_name }} +{% endif %} +[loggers] +keys = root,sqlalchemy,alembic +[handlers] +keys = console +[formatters] +keys = generic +[logger_root] +level = WARN +handlers = console +qualname = +[logger_sqlalchemy] +level = WARN +handlers = +qualname = sqlalchemy.engine +[logger_alembic] +level = INFO +handlers = +qualname = alembic +[handler_console] +class = StreamHandler +args = (sys.stderr,) +level = NOTSET +formatter = generic +[formatter_generic] +format = %(levelname)-5.5s [%(name)s] %(message)s +datefmt = %H:%M:%S diff --git a/roles/openshift-apps/release-monitoring/templates/anitya.toml b/roles/openshift-apps/release-monitoring/templates/anitya.toml new file mode 100644 index 0000000000..7712fdfa38 --- /dev/null +++ b/roles/openshift-apps/release-monitoring/templates/anitya.toml @@ -0,0 +1,92 @@ +# This is a TOML-format file. For the spec, see https://github.com/toml-lang/toml#spec + +# Secret key used to generate the CSRF token in the forms. +{% if env == 'staging' %} +secret_key = '{{ stg_anitya_secrect_key }}' +{% else %} +secret_key = '{{ anitya_secret_key }}' +{% endif %} + +# The lifetime of the session, in seconds. +permanent_session_lifetime = 3600 + +{% if env == 'staging' %} +db_url = "postgresql://{{ anitya_stg_db_user }}:{{ anitya_stg_db_pass }}@{{ anitya_stg_db_host }}/{{ anitya_stg_db_name }}" +{% else %} +db_url = "postgresql://{{ anitya_db_user }}:{{ anitya_db_pass }}@{{ anitya_db_host }}/{{ anitya_db_name }}" +{% endif %} + +# List of admins +anitya_web_admins = [ +{% if env == 'staging' %} + "c22eb09f-4407-4582-b14b-0375153d293d", # zlopez stg +{% else %} + "5dd1b1f2-fee1-44f0-abeb-29df5bf151c7", # zlopez + "5a11f015-54ee-4319-9092-39c427873575", # tibbs + "42abdf74-b50e-49b4-a674-7cf01868d609", # kevin +{% endif %} +] + +# The email to use in the 'From' header when sending emails. +admin_email = "admin@fedoraproject.org" + +# The SMTP server to send mail through +smtp_server = "smtp.example.com" + +# Whether or not to send emails to MAIL_ADMIN via SMTP_SERVER when HTTP 500 +# errors occur. +email_errors = false + +# List of users that are not allowed to sign in +blacklisted_users = [] + +librariesio_platform_whitelist = [ + 'pypi', + 'rubygems', +] + +social_auth_authentication_backends = [ + 'social_core.backends.fedora.FedoraOpenId', + 'social_core.backends.yahoo.YahooOpenId', + 'social_core.backends.open_id.OpenIdAuth', +] + +# Default regular expression used for backend +default_regex = """\ + %(name)s(?:[-_]?(?:minsrc|src|source))?[-_]([^-/_\\s]+?)(?i)(?:[-_]\ + (?:minsrc|src|source|asc|release))?\\.(?:tar|t[bglx]z|tbz2|zip)\ + """ + +# Github access token +{% if env == 'staging' %} +github_access_token = "{{ github_stg_release_monitoring }}" +{% else %} +github_access_token = "{{ github_prod_release_monitoring }}" +{% endif %} + +# The logging configuration, in dictConfig format. +[anitya_log_config] +version = 1 +disable_existing_loggers = false + +[anitya_log_config.formatters.simple] +format = "[%(name)s %(levelname)s] %(message)s" + +[anitya_log_config.handlers.console] +class = "logging.StreamHandler" +formatter = "simple" +stream = "ext://sys.stdout" + +[anitya_log_config.loggers.anitya] +level = "INFO" +propagate = false +handlers = ["console"] + +[anitya_log_config.loggers.fedmsg] +level = "INFO" +propagate = false +handlers = ["console"] + +[anitya_log_config.root] +level = "INFO" +handlers = ["console"] diff --git a/roles/openshift-apps/release-monitoring/templates/anitya.wsgi b/roles/openshift-apps/release-monitoring/templates/anitya.wsgi new file mode 100644 index 0000000000..8cbf6cf531 --- /dev/null +++ b/roles/openshift-apps/release-monitoring/templates/anitya.wsgi @@ -0,0 +1 @@ +from anitya.wsgi import application diff --git a/roles/openshift-apps/release-monitoring/templates/config.toml b/roles/openshift-apps/release-monitoring/templates/config.toml new file mode 100644 index 0000000000..d3dfc444c7 --- /dev/null +++ b/roles/openshift-apps/release-monitoring/templates/config.toml @@ -0,0 +1,12 @@ +amqp_url = "amqps://anitya:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub" + +{% if env == "staging" %} +topic_prefix = "org.release-monitoring.stg" +{% else %} +topic_prefix = "org.release-monitoring.prod" +{% endif %} + +[tls] +ca_cert = "/etc/pki/rabbitmq/ca/fedora-messaging-release-monitoring-ca.crt" +keyfile = "/etc/pki/rabbitmq/key/fedora-messaging-release-monitoring.key" +certfile = "/etc/pki/rabbitmq/cert/fedora-messaging-release-monitoring.crt" diff --git a/roles/openshift-apps/release-monitoring/templates/configmap.yml b/roles/openshift-apps/release-monitoring/templates/configmap.yml index 77850877c1..947396d943 100644 --- a/roles/openshift-apps/release-monitoring/templates/configmap.yml +++ b/roles/openshift-apps/release-monitoring/templates/configmap.yml @@ -1,3 +1,4 @@ +{% macro load_file(filename) %}{% include filename %}{%- endmacro -%} --- apiVersion: v1 kind: List @@ -11,209 +12,15 @@ items: app: release-monitoring data: anitya.toml: |- - # This is a TOML-format file. For the spec, see https://github.com/toml-lang/toml#spec - - # Secret key used to generate the CSRF token in the forms. -{% if env == 'staging' %} - secret_key = '{{ stg_anitya_secrect_key }}' -{% else %} - secret_key = '{{ anitya_secret_key }}' -{% endif %} - - # The lifetime of the session, in seconds. - permanent_session_lifetime = 3600 - -{% if env == 'staging' %} - db_url = "postgresql://{{ anitya_stg_db_user }}:{{ anitya_stg_db_pass }}@{{ anitya_stg_db_host }}/{{ anitya_stg_db_name }}" -{% else %} - db_url = "postgresql://{{ anitya_db_user }}:{{ anitya_db_pass }}@{{ anitya_db_host }}/{{ anitya_db_name }}" -{% endif %} - - # List of admins - anitya_web_admins = [ -{% if env == 'staging' %} - "c22eb09f-4407-4582-b14b-0375153d293d", # zlopez stg -{% else %} - "5dd1b1f2-fee1-44f0-abeb-29df5bf151c7", # zlopez - "5a11f015-54ee-4319-9092-39c427873575", # tibbs - "42abdf74-b50e-49b4-a674-7cf01868d609", # kevin -{% endif %} - ] - - # The email to use in the 'From' header when sending emails. - admin_email = "admin@fedoraproject.org" - - # The SMTP server to send mail through - smtp_server = "smtp.example.com" - - # Whether or not to send emails to MAIL_ADMIN via SMTP_SERVER when HTTP 500 - # errors occur. - email_errors = false - - # List of users that are not allowed to sign in - blacklisted_users = [] - - librariesio_platform_whitelist = [ - 'pypi', - 'rubygems', - ] - - social_auth_authentication_backends = [ - 'social_core.backends.fedora.FedoraOpenId', - 'social_core.backends.yahoo.YahooOpenId', - 'social_core.backends.open_id.OpenIdAuth', - ] - - # Default regular expression used for backend - default_regex = """\ - %(name)s(?:[-_]?(?:minsrc|src|source))?[-_]([^-/_\\s]+?)(?i)(?:[-_]\ - (?:minsrc|src|source|asc|release))?\\.(?:tar|t[bglx]z|tbz2|zip)\ - """ - - # Github access token -{% if env == 'staging' %} - github_access_token = "{{ github_stg_release_monitoring }}" -{% else %} - github_access_token = "{{ github_prod_release_monitoring }}" -{% endif %} - - # The logging configuration, in dictConfig format. - [anitya_log_config] - version = 1 - disable_existing_loggers = false - - [anitya_log_config.formatters.simple] - format = "[%(name)s %(levelname)s] %(message)s" - - [anitya_log_config.handlers.console] - class = "logging.StreamHandler" - formatter = "simple" - stream = "ext://sys.stdout" - - [anitya_log_config.loggers.anitya] - level = "INFO" - propagate = false - handlers = ["console"] - - [anitya_log_config.loggers.fedmsg] - level = "INFO" - propagate = false - handlers = ["console"] - - [anitya_log_config.root] - level = "INFO" - handlers = ["console"] + {{ load_file('anitya.toml') | indent }} alembic.ini: |- - [alembic] - script_location = anitya:db/migrations - sourceless = false -{% if env == 'staging' %} - sqlalchemy.url = postgresql://{{ anitya_stg_db_admin_user }}:{{ anitya_stg_db_admin_pass }}@{{ anitya_stg_db_host }}/{{ anitya_stg_db_name }} -{% else %} - sqlalchemy.url = postgresql://{{ anitya_db_admin_user }}:{{ anitya_db_admin_pass }}@{{ anitya_db_host }}/{{ anitya_db_name }} -{% endif %} - [loggers] - keys = root,sqlalchemy,alembic - [handlers] - keys = console - [formatters] - keys = generic - [logger_root] - level = WARN - handlers = console - qualname = - [logger_sqlalchemy] - level = WARN - handlers = - qualname = sqlalchemy.engine - [logger_alembic] - level = INFO - handlers = - qualname = alembic - [handler_console] - class = StreamHandler - args = (sys.stderr,) - level = NOTSET - formatter = generic - [formatter_generic] - format = %(levelname)-5.5s [%(name)s] %(message)s - datefmt = %H:%M:%S + {{ load_file('alembic.ini') | indent }} start.sh: |- - mkdir -p /httpdir/run - ln -s /etc/httpd/modules /httpdir/modules - truncate --size=0 /httpdir/accesslog /httpdir/errorlog - tail -qf /httpdir/accesslog /httpdir/errorlog & - exec httpd -f /etc/anitya/httpd.conf -DFOREGROUND -DNO_DETACH + {{ load_file('start.sh') | indent }} httpd.conf: |- - Listen 0.0.0.0:8080 - ServerRoot "/httpdir" - PidFile "/httpdir/httpd.pid" - LoadModule authn_file_module modules/mod_authn_file.so - LoadModule authn_anon_module modules/mod_authn_anon.so - LoadModule authz_user_module modules/mod_authz_user.so - LoadModule authz_host_module modules/mod_authz_host.so - LoadModule include_module modules/mod_include.so - LoadModule log_config_module modules/mod_log_config.so - LoadModule env_module modules/mod_env.so - LoadModule ext_filter_module modules/mod_ext_filter.so - LoadModule expires_module modules/mod_expires.so - LoadModule headers_module modules/mod_headers.so - LoadModule mime_module modules/mod_mime.so - LoadModule status_module modules/mod_status.so - LoadModule negotiation_module modules/mod_negotiation.so - LoadModule dir_module modules/mod_dir.so - LoadModule alias_module modules/mod_alias.so - LoadModule rewrite_module modules/mod_rewrite.so - LoadModule version_module modules/mod_version.so - LoadModule wsgi_module modules/mod_wsgi_python3.so - LoadModule authn_core_module modules/mod_authn_core.so - LoadModule authz_core_module modules/mod_authz_core.so - LoadModule unixd_module modules/mod_unixd.so - LoadModule mpm_event_module modules/mod_mpm_event.so - StartServers 20 - ServerLimit 100 - MaxRequestsPerChild 2000 - MaxRequestWorkers 100 - - AllowOverride None - Require all granted - - - AllowOverride None - Require all granted - - - Require all granted - - - Header set Cache-Control public - ExpiresDefault "access plus 1 month" - Header unset ETag - - - Header set Cache-Control public - ExpiresDefault "access plus 1 month" - Header unset ETag - - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined - CustomLog /httpdir/accesslog combined - ErrorLog /httpdir/errorlog - LogLevel info - TypesConfig /etc/mime.types - AddDefaultCharset UTF-8 - CoreDumpDirectory /tmp - Alias /docs /usr/local/lib/python3.7/anitya/static/docs/html/ - Alias /static /usr/local/lib/python3.7/site-packages/anitya/static/ - WSGIDaemonProcess anitya display-name=anitya processes=2 threads=2 maximum-requests=1000 home=/httpdir - WSGIApplicationGroup %{GLOBAL} - WSGISocketPrefix run/wsgi - WSGIRestrictStdout Off - WSGIRestrictSignal Off - WSGIPythonOptimize 1 - WSGIScriptAlias / /etc/anitya/anitya.wsgi - WSGIPassAuthorization On + {{ load_file('httpd.conf') | indent }} anitya.wsgi: |- - from anitya.wsgi import application + {{ load_file('anitya.wsgi') | indent }} - apiVersion: v1 kind: ConfigMap metadata: @@ -222,15 +29,4 @@ items: app: release-monitoring data: config.toml: |- - amqp_url = "amqps://anitya:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub" - -{% if env == "staging" %} - topic_prefix = "org.release-monitoring.stg" -{% else %} - topic_prefix = "org.release-monitoring.prod" -{% endif %} - - [tls] - ca_cert = "/etc/pki/rabbitmq/ca/fedora-messaging-release-monitoring-ca.crt" - keyfile = "/etc/pki/rabbitmq/key/fedora-messaging-release-monitoring.key" - certfile = "/etc/pki/rabbitmq/cert/fedora-messaging-release-monitoring.crt" + {{ load_file('config.toml') | indent }} diff --git a/roles/openshift-apps/release-monitoring/templates/httpd.conf b/roles/openshift-apps/release-monitoring/templates/httpd.conf new file mode 100644 index 0000000000..722df8c029 --- /dev/null +++ b/roles/openshift-apps/release-monitoring/templates/httpd.conf @@ -0,0 +1,67 @@ +Listen 0.0.0.0:8080 +ServerRoot "/httpdir" +PidFile "/httpdir/httpd.pid" +LoadModule authn_file_module modules/mod_authn_file.so +LoadModule authn_anon_module modules/mod_authn_anon.so +LoadModule authz_user_module modules/mod_authz_user.so +LoadModule authz_host_module modules/mod_authz_host.so +LoadModule include_module modules/mod_include.so +LoadModule log_config_module modules/mod_log_config.so +LoadModule env_module modules/mod_env.so +LoadModule ext_filter_module modules/mod_ext_filter.so +LoadModule expires_module modules/mod_expires.so +LoadModule headers_module modules/mod_headers.so +LoadModule mime_module modules/mod_mime.so +LoadModule status_module modules/mod_status.so +LoadModule negotiation_module modules/mod_negotiation.so +LoadModule dir_module modules/mod_dir.so +LoadModule alias_module modules/mod_alias.so +LoadModule rewrite_module modules/mod_rewrite.so +LoadModule version_module modules/mod_version.so +LoadModule wsgi_module modules/mod_wsgi_python3.so +LoadModule authn_core_module modules/mod_authn_core.so +LoadModule authz_core_module modules/mod_authz_core.so +LoadModule unixd_module modules/mod_unixd.so +LoadModule mpm_event_module modules/mod_mpm_event.so +StartServers 20 +ServerLimit 100 +MaxRequestsPerChild 2000 +MaxRequestWorkers 100 + + AllowOverride None + Require all granted + + + AllowOverride None + Require all granted + + + Require all granted + + + Header set Cache-Control public + ExpiresDefault "access plus 1 month" + Header unset ETag + + + Header set Cache-Control public + ExpiresDefault "access plus 1 month" + Header unset ETag + +LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined +CustomLog /httpdir/accesslog combined +ErrorLog /httpdir/errorlog +LogLevel info +TypesConfig /etc/mime.types +AddDefaultCharset UTF-8 +CoreDumpDirectory /tmp +Alias /docs /usr/local/lib/python3.7/anitya/static/docs/html/ +Alias /static /usr/local/lib/python3.7/site-packages/anitya/static/ +WSGIDaemonProcess anitya display-name=anitya processes=2 threads=2 maximum-requests=1000 home=/httpdir +WSGIApplicationGroup %{GLOBAL} +WSGISocketPrefix run/wsgi +WSGIRestrictStdout Off +WSGIRestrictSignal Off +WSGIPythonOptimize 1 +WSGIScriptAlias / /etc/anitya/anitya.wsgi +WSGIPassAuthorization On diff --git a/roles/openshift-apps/release-monitoring/templates/start.sh b/roles/openshift-apps/release-monitoring/templates/start.sh new file mode 100644 index 0000000000..947638ea54 --- /dev/null +++ b/roles/openshift-apps/release-monitoring/templates/start.sh @@ -0,0 +1,5 @@ +mkdir -p /httpdir/run +ln -s /etc/httpd/modules /httpdir/modules +truncate --size=0 /httpdir/accesslog /httpdir/errorlog +tail -qf /httpdir/accesslog /httpdir/errorlog & +exec httpd -f /etc/anitya/httpd.conf -DFOREGROUND -DNO_DETACH