From 3eb1d43fe245e0a8f5ae80ffad7d6237621fed8c Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Tue, 20 May 2014 18:49:47 +0000 Subject: [PATCH 01/18] Point staging pkgdb urls at staging pkgdb2. --- roles/badges/backend/templates/badges-awarder.py | 6 +++++- roles/notifs/backend/templates/fmn.consumer.py | 4 ++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/roles/badges/backend/templates/badges-awarder.py b/roles/badges/backend/templates/badges-awarder.py index be4e4f0658..c95d8b5c29 100644 --- a/roles/badges/backend/templates/badges-awarder.py +++ b/roles/badges/backend/templates/badges-awarder.py @@ -32,7 +32,11 @@ config = { # Stuff used for caching packagedb relations. "fedbadges.rules.utils.use_pkgdb2": True, - "fedbadges.rules.utils.pkgdb_url": "https://admin.fedoraproject.org/pkgdb", + {% if env == 'staging' %} + "fedbadges.rules.utils.pkgdb_url": "https://admin.stg.fedoraproject.org/pkgdb/api", + {% else %} + "fedbadges.rules.utils.pkgdb_url": "https://admin.fedoraproject.org/pkgdb/api", + {% endif %} "fedbadges.rules.cache": { "backend": "dogpile.cache.dbm", "expiration_time": 300, diff --git a/roles/notifs/backend/templates/fmn.consumer.py b/roles/notifs/backend/templates/fmn.consumer.py index 824f680af0..da3b64fcc6 100644 --- a/roles/notifs/backend/templates/fmn.consumer.py +++ b/roles/notifs/backend/templates/fmn.consumer.py @@ -24,7 +24,11 @@ config = { # Some configuration for the rule processors "fmn.rules.utils.use_pkgdb2": True, + {% if env == 'staging' %} + "fmn.rules.utils.pkgdb_url": "https://admin.stg.fedoraproject.org/pkgdb/api", + {% else %} "fmn.rules.utils.pkgdb_url": "https://admin.fedoraproject.org/pkgdb/api", + {% endif %} "fmn.rules.cache": { "backend": "dogpile.cache.dbm", "expiration_time": 300, From d6bd38f58c64f0d41f7b0e1d75ab0d5563d3e97d Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Tue, 20 May 2014 20:08:41 +0000 Subject: [PATCH 02/18] Make fedora-packages use staging urls where appropriate. --- roles/packages/templates/packages-app.ini.j2 | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/packages/templates/packages-app.ini.j2 b/roles/packages/templates/packages-app.ini.j2 index 20b0be66f3..73dc0a2b62 100644 --- a/roles/packages/templates/packages-app.ini.j2 +++ b/roles/packages/templates/packages-app.ini.j2 @@ -22,9 +22,15 @@ fedoracommunity.extensions_dir = {{ pythonsitelib }}/fedoracommunity/plugins/ext fedoracommunity.connector.kojihub.baseurl = http://koji.fedoraproject.org/kojihub fedoracommunity.connector.bugzilla.baseurl = https://bugzilla.redhat.com/xmlrpc.cgi fedoracommunity.connector.bugzilla.cookiefile = /var/cache/fedoracommunity/bugzillacookies +{% if env == "staging" %} +fedoracommunity.connector.fas.baseurl = https://admin.stg.fedoraproject.org/accounts/ +fedoracommunity.connector.bodhi.baseurl = https://admin.stg.fedoraproject.org/updates +fedoracommunity.connector.pkgdb.baseurl = https://admin.stg.fedoraproject.org/pkgdb +{% else %} fedoracommunity.connector.fas.baseurl = https://admin.fedoraproject.org/accounts/ fedoracommunity.connector.bodhi.baseurl = https://admin.fedoraproject.org/updates fedoracommunity.connector.pkgdb.baseurl = https://admin.fedoraproject.org/pkgdb +{% endif %} fedoracommunity.rpm_cache = /var/cache/fedoracommunity/rpm_cache/ @@ -50,7 +56,11 @@ fedoracommunity.connector.fas.minimal_user_password={{ fcommFasPassword }} fedora.clients.check_certs = True # URL for getting message history +{% if env == "staging" %} +datagrepper_url = https://apps.stg.fedoraproject.org/datagrepper/raw +{% else %} datagrepper_url = https://apps.fedoraproject.org/datagrepper/raw +{% endif %} ## ## Moksha-specific configuration options From c441747d541d97b061e8daec207a4011b73aa4fb Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Tue, 20 May 2014 20:09:47 +0000 Subject: [PATCH 03/18] Add needs-reboot.py as a common script. --- .../base/files/common-scripts/needs-reboot.py | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100755 roles/base/files/common-scripts/needs-reboot.py diff --git a/roles/base/files/common-scripts/needs-reboot.py b/roles/base/files/common-scripts/needs-reboot.py new file mode 100755 index 0000000000..a39c9ea788 --- /dev/null +++ b/roles/base/files/common-scripts/needs-reboot.py @@ -0,0 +1,36 @@ +#!/usr/bin/python -tt + +import yum +import sys +import time +import fnmatch + +result = 0 +now = time.time() +uptime = float(open('/proc/uptime', 'r').read().split()[0]) + +rebootcausers = ('glibc', 'kernel*') + +my = yum.YumBase() +my.preconf.init_plugins=False +my.preconf.debuglevel=1 +my.preconf.errorlevel=1 +pkgs = my.rpmdb.returnPackages(patterns=rebootcausers) + +does='no' +for pkg in pkgs: + if (now - pkg.installtime) < uptime: + does='yes' + break + +if len(sys.argv) > 1 and sys.argv[1] == 'after-updates': + for (n, a, e, v, r) in my.up.getUpdatesList(): + for i in rebootcausers: + if fnmatch.fnmatch(n, i): + does='yes' + + +print does +sys.exit(0) + + From 06735a2f862459e8b4ec3cc6451eb0eb1e20f240 Mon Sep 17 00:00:00 2001 From: Pierre-Yves Chibon Date: Wed, 21 May 2014 09:29:37 +0200 Subject: [PATCH 04/18] Add the SITE_URL configuration to pkgdb2 --- roles/pkgdb2/templates/pkgdb2.cfg | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/pkgdb2/templates/pkgdb2.cfg b/roles/pkgdb2/templates/pkgdb2.cfg index 971c1529ad..5d5da566bd 100644 --- a/roles/pkgdb2/templates/pkgdb2.cfg +++ b/roles/pkgdb2/templates/pkgdb2.cfg @@ -48,8 +48,10 @@ PKGDB2_BUGZILLA_PASSWORD = None {% if env == 'staging' %} PKGDB2_FAS_URL = 'https://admin.stg.fedoraproject.org/accounts' PKGDB2_FAS_INSECURE = True +SITE_URL = 'https://admin.stg.fedoraproject.org/pkgdb' {% else %} PKGDB2_FAS_URL = 'https://admin.fedoraproject.org/accounts' +SITE_URL = 'https://admin.fedoraproject.org/pkgdb' {% endif %} ## name of the user the pkgdb application can log in to FAS with PKGDB2_FAS_USER = '{{ fedorathirdpartyUser }}' From 27ed359f9ae3e8a7527a98461117d0b6c1f23cd9 Mon Sep 17 00:00:00 2001 From: Pierre-Yves Chibon Date: Wed, 21 May 2014 09:36:01 +0200 Subject: [PATCH 05/18] The /pkgdb/ is not needed --- roles/pkgdb2/templates/pkgdb2.cfg | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pkgdb2/templates/pkgdb2.cfg b/roles/pkgdb2/templates/pkgdb2.cfg index 5d5da566bd..44435e9b6e 100644 --- a/roles/pkgdb2/templates/pkgdb2.cfg +++ b/roles/pkgdb2/templates/pkgdb2.cfg @@ -48,10 +48,10 @@ PKGDB2_BUGZILLA_PASSWORD = None {% if env == 'staging' %} PKGDB2_FAS_URL = 'https://admin.stg.fedoraproject.org/accounts' PKGDB2_FAS_INSECURE = True -SITE_URL = 'https://admin.stg.fedoraproject.org/pkgdb' +SITE_URL = 'https://admin.stg.fedoraproject.org' {% else %} PKGDB2_FAS_URL = 'https://admin.fedoraproject.org/accounts' -SITE_URL = 'https://admin.fedoraproject.org/pkgdb' +SITE_URL = 'https://admin.fedoraproject.org' {% endif %} ## name of the user the pkgdb application can log in to FAS with PKGDB2_FAS_USER = '{{ fedorathirdpartyUser }}' From 02ef0ba713a52eca7324276203d2c998160cfffc Mon Sep 17 00:00:00 2001 From: Ricky Elrod Date: Wed, 21 May 2014 13:06:17 +0000 Subject: [PATCH 06/18] Unhardcode path to rpm. Thanks ProT-0-TypE! --- roles/base/files/common-scripts/conditional-restart.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/base/files/common-scripts/conditional-restart.sh b/roles/base/files/common-scripts/conditional-restart.sh index 6e77eb2983..f95ef741d7 100644 --- a/roles/base/files/common-scripts/conditional-restart.sh +++ b/roles/base/files/common-scripts/conditional-restart.sh @@ -5,7 +5,7 @@ SERVICE=$1 PACKAGE=$2 -/usr/bin/rpm -q $PACKAGE +rpm -q $PACKAGE INSTALLED=$? From ec4b02c5392e9a4baca6fc3a58ce2bca01a303da Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 21 May 2014 15:47:07 +0000 Subject: [PATCH 07/18] In staging, host_group is automagically staging, so use rsync_group instead here. --- inventory/group_vars/sundries | 2 +- inventory/group_vars/sundries-stg | 2 +- roles/rsyncd/tasks/main.yml | 2 ++ 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/inventory/group_vars/sundries b/inventory/group_vars/sundries index 556898d3fb..d511388d57 100644 --- a/inventory/group_vars/sundries +++ b/inventory/group_vars/sundries @@ -14,4 +14,4 @@ fas_client_groups: sysadmin-noc,fi-apprentice master_sundries_node: False # A host group for rsync config -host_group: sundries +rsync_group: sundries diff --git a/inventory/group_vars/sundries-stg b/inventory/group_vars/sundries-stg index 556898d3fb..d511388d57 100644 --- a/inventory/group_vars/sundries-stg +++ b/inventory/group_vars/sundries-stg @@ -14,4 +14,4 @@ fas_client_groups: sysadmin-noc,fi-apprentice master_sundries_node: False # A host group for rsync config -host_group: sundries +rsync_group: sundries diff --git a/roles/rsyncd/tasks/main.yml b/roles/rsyncd/tasks/main.yml index ea195925d9..8f7de86f60 100644 --- a/roles/rsyncd/tasks/main.yml +++ b/roles/rsyncd/tasks/main.yml @@ -19,6 +19,7 @@ - "{{ rsyncd_conf }}" - rsyncd.conf.{{ ansible_fqdn }} - rsyncd.conf.{{ host_group }} + - rsyncd.conf.{{ rsync_group }} - rsyncd.conf.default notify: - restart xinetd @@ -31,6 +32,7 @@ - "{{ rsync }}" - rsync.{{ ansible_fqdn }} - rsync.{{ host_group }} + - rsync.{{ rsync_group }} - rsync.default notify: - restart xinetd From 21ba0ac48705da96c12981fd56772d818670c3b7 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 21 May 2014 16:01:48 +0000 Subject: [PATCH 08/18] Cron has to be 644 --- roles/easyfix/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/easyfix/tasks/main.yml b/roles/easyfix/tasks/main.yml index 12c9ff90fc..ec79a6f41c 100644 --- a/roles/easyfix/tasks/main.yml +++ b/roles/easyfix/tasks/main.yml @@ -57,6 +57,6 @@ - name: Install the easyfix cronjob copy: > src=easyfix.cron dest=/etc/cron.d/easyfix.cron - owner=root group=root mode=0755 + owner=root group=root mode=0644 tags: - files From 1f926360699da57e42a989a868068bfa790f5af5 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 21 May 2014 16:06:44 +0000 Subject: [PATCH 09/18] This cron also has to be 644 --- roles/fedora_owner_change/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/fedora_owner_change/tasks/main.yml b/roles/fedora_owner_change/tasks/main.yml index 822bd4029e..c5d06a8627 100644 --- a/roles/fedora_owner_change/tasks/main.yml +++ b/roles/fedora_owner_change/tasks/main.yml @@ -23,6 +23,6 @@ - name: Install the fedora-owner-change cronjob copy: > src=fedora-owner-change.cron dest=/etc/cron.d/fedora-owner-change.cron - owner=root group=root mode=0755 + owner=root group=root mode=0644 tags: - files From 829c097e9d4b2666e66d7c5b73b8061dfb1d640e Mon Sep 17 00:00:00 2001 From: janeznemanic Date: Mon, 19 May 2014 16:28:31 +0000 Subject: [PATCH 10/18] Add mirrormanager role --- .../frontend/files/mirrormanager-app.conf | 35 +++++ roles/mirrormanager/frontend/meta/main.yml | 3 + roles/mirrormanager/frontend/tasks/main.yml | 14 ++ roles/mirrormanager/package/tasks/main.yml | 64 +++++++++ .../templates/mirrormanager-prod.cfg.j2 | 131 ++++++++++++++++++ 5 files changed, 247 insertions(+) create mode 100644 roles/mirrormanager/frontend/files/mirrormanager-app.conf create mode 100644 roles/mirrormanager/frontend/meta/main.yml create mode 100644 roles/mirrormanager/frontend/tasks/main.yml create mode 100644 roles/mirrormanager/package/tasks/main.yml create mode 100644 roles/mirrormanager/package/templates/mirrormanager-prod.cfg.j2 diff --git a/roles/mirrormanager/frontend/files/mirrormanager-app.conf b/roles/mirrormanager/frontend/files/mirrormanager-app.conf new file mode 100644 index 0000000000..9aa2c2c1e0 --- /dev/null +++ b/roles/mirrormanager/frontend/files/mirrormanager-app.conf @@ -0,0 +1,35 @@ +Alias /mirrormanager/static /usr/share/mirrormanager/server/mirrormanager/static +Alias /mirrormanager/crawler /var/log/mirrormanager/crawler + +WSGISocketPrefix /var/run/mirrormanager/wsgi +WSGIRestrictSignal Off + +WSGIDaemonProcess mirrormanager user=mirrormanager group=mirrormanager display-name=mirrormanager maximum-requests=1000 processes=4 threads=1 umask=0007 +WSGIPythonOptimize 1 + +WSGIScriptAlias /mirrormanager /usr/share/mirrormanager/server/mirrormanager.wsgi/mirrormanager + + + WSGIProcessGroup mirrormanager + + # Apache 2.4 + Require all granted + + + # Apache 2.2 + Order deny,allow + Allow from all + + + + + + # Apache 2.4 + Require all granted + + + # Apache 2.2 + Order deny,allow + Allow from all + + diff --git a/roles/mirrormanager/frontend/meta/main.yml b/roles/mirrormanager/frontend/meta/main.yml new file mode 100644 index 0000000000..4590c3dc7f --- /dev/null +++ b/roles/mirrormanager/frontend/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: mirrormanager/package } diff --git a/roles/mirrormanager/frontend/tasks/main.yml b/roles/mirrormanager/frontend/tasks/main.yml new file mode 100644 index 0000000000..7a408ba8b8 --- /dev/null +++ b/roles/mirrormanager/frontend/tasks/main.yml @@ -0,0 +1,14 @@ +--- +# tasklist for setting up the mirrormanager app components + +- name: install /etc/httpd/conf.d/mirrormanager-app.conf + copy: > + src="mirrormanager-app.conf" + dest="/etc/httpd/conf.d/mirrormanager-app.conf" + owner=root + group=root + mode=0644 + notify: + - restart httpd + tags: + - config diff --git a/roles/mirrormanager/package/tasks/main.yml b/roles/mirrormanager/package/tasks/main.yml new file mode 100644 index 0000000000..20bb458e7a --- /dev/null +++ b/roles/mirrormanager/package/tasks/main.yml @@ -0,0 +1,64 @@ +--- +# tasklist for setting up the mirrormanager package components + +- name: add mirrormanager group - gid 441 + group: name=mirrormanager gid=441 + +- name: add mirrors group - gid 263 + group: name=mirrors gid=263 + +- name: add mirrors2 group - gid 529 + group: name=mirrors2 gid=529 + +- name: add mirrormanager user - uid 441 + user: > + name=mirrormanager + uid=441 + group=mirrormanager + groups=mirrors,mirrors2,apache + state=present + home=/home/mirrormanager + createhome=yes + shell=/bin/bash + +- name: install mirrormanager package + yum: pkg={{ item }} state=installed + with_items: + - mirrormanager + tags: + - packages + +- name: install /etc/mirrormanager/prod.cfg + template: > + src="mirrormanager-prod.cfg.j2" + dest="/etc/mirrormanager/prod.cfg" + owner=mirrormanager + group=mirrormanager + mode=0600 + notify: + - restart httpd + tags: + - config + +- name: setup mirrormanager directories + file: path="{{ item }}" owner=mirrormanager group=mirrormanager mode=0755 state=directory + with_items: + - /var/lock/mirrormanager + - /var/lib/mirrormanager + - /var/run/mirrormanager + - /var/log/mirrormanager + - /var/log/mirrormanager/crawler + - /home/mirrormanager + tags: + - config + +- name: setup /home/mirrormanager/.ssh directory + copy: > + src="{{ puppet_private }}/mirrormanager" + dest="/home/mirrormanager/.ssh" + directory_mode=yes + owner=mirrormanager + group=mirrormanager + mode=0700 + tags: + - config diff --git a/roles/mirrormanager/package/templates/mirrormanager-prod.cfg.j2 b/roles/mirrormanager/package/templates/mirrormanager-prod.cfg.j2 new file mode 100644 index 0000000000..f09b0d8053 --- /dev/null +++ b/roles/mirrormanager/package/templates/mirrormanager-prod.cfg.j2 @@ -0,0 +1,131 @@ +[global] +# This is where all of your settings go for your development environment +# Settings that are the same for both development and production +# (such as template engine, encodings, etc.) all go in +# mirrormanager/config/app.cfg + +# pick the form for your database +# sqlobject.dburi="postgres://username@hostname/databasename" +# sqlobject.dburi="mysql://username:password@hostname:port/databasename" +# sqlobject.dburi="sqlite:///file_name_and_path" + +# If you have sqlite, here's a simple default to get you started +# in development +#sqlobject.dburi="postgres://mirrormanager@127.0.0.1/mirrormanager" + +# This is for local development purposes. It won't be used for +# production. +{{ if environment == "staging" }} +sqlobject.dburi="notrans_postgres://mirroradmin:{{= mirrorPassword }}@db-mirrormanager.stg:5432/mirrormanager" +{{ else }} +sqlobject.dburi="notrans_postgres://mirroradmin:{{= mirrorPassword }}@db-mirrormanager:5432/mirrormanager" +{{ end }} + +# if you are using a database or table type without transactions +# (MySQL default, for example), you should turn off transactions +# by prepending notrans_ on the uri +# sqlobject.dburi="notrans_mysql://username:password@hostname:port/databasename" + +# for Windows users, sqlite URIs look like: +# sqlobject.dburi="sqlite:///drive_letter:/path/to/file" + +# SERVER + +# Some server parameters that you may want to tweak +# running as a WSGI under apache. This is used by TG when it generates a redirect. +server.socket_port=80 + +server.socket_timeout = 60 +server.thread_pool = 50 +server.socket_queue_size = 30 + +# Enable the debug output at the end on pages. +# log_debug_info_filter.on = False + +server.environment="production" +server.webpath="/mirrormanager" +autoreload.package="mirrormanager" + +# session_filter.on = True + +# Set to True if you'd like to abort execution if a controller gets an +# unexpected parameter. False by default +tg.strict_parameters = True +tg.ignore_parameters = ["_csrf_token"] + +############################## +# Fedora Account System config +fas.url = 'https://admin.fedoraproject.org/accounts/' +identity.provider='jsonfas2' +identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity" +visit.manager="jsonfas2" +visit.saprovider.model="fedora.accounts.tgfas.Visit" +visit.cookie.secure = True +visit.cookie.httponly = True + +mirrormanager.admin_group = 'sysadmin-web' +mirrormanager.max_stale_days = 2 +mirrormanager.max_propogation_days = 1 +mirrormanager.report_problems_to_email = 'mirror-admin at fedoraproject.org' + +############################## +# update-master-directory-list category list and master locations +# be very careful here. Trailing slashes on url directory names are necessary. +umdl.master_directories = ''' [ + { 'type':'directory', 'path':'/pub/fedora/linux/', 'category':'Fedora Linux' }, + { 'type':'directory', 'path':'/pub/archive/', 'category':'Fedora Archive' }, + { 'type':'directory', 'path':'/pub/epel/', 'category':'Fedora EPEL' }, + { 'type':'directory', 'path':'/pub/fedora-secondary/', 'category':'Fedora Secondary Arches' }, + { 'type':'directory', 'path':'/pub/alt/', 'category':'Fedora Other', + 'excludes':['.*/stage$']}, + { 'type':'directory', 'path':'/pub/redhat/rhel/', 'category':'RHEL' }, + ] ''' + +# manage-repo-redirects (mrr) repository definition +# this can be used to define a repository redirect +# for example from an upcoming release to the current development tree +mrr.repos = ''' { + 'fedora-%s':'rawhide', + 'fedora-debug-%s':'rawhide-debug', + 'fedora-source-%s':'rawhide-source', + 'updates-released-f%s':'rawhide', + 'updates-released-debug-f%s':'rawhide-debug', + 'updates-released-source-f%s':'rawhide-source', + 'updates-testing-f%s':'rawhide', + 'updates-testing-debug-f%s':'rawhide-debug', + 'updates-testing-source-f%s':'rawhide-source' + } ''' + +base_url_filter.on = True +{{ if environment == "staging" }} +base_url_filter.base_url = "https://admin.stg.fedoraproject.org" +{{ else }} +base_url_filter.base_url = "https://admin.fedoraproject.org" +{{ end }} +base_url_filter.use_x_forwarded_host = False + +[/xmlrpc] +xmlrpc_filter.on = True + +# LOGGING +# Logging configuration generally follows the style of the standard +# Python logging module configuration. Note that when specifying +# log format messages, you need to use *() for formatting variables. +# Deployment independent log configuration is in mirrormanager/config/log.cfg +[logging] + +[[loggers]] +[[[mirrormanager]]] +level='DEBUG' +qualname='mirrormanager' +handlers=['debug_out'] + +[[[allinfo]]] +level='INFO' +handlers=['debug_out'] + +[[[access]]] +level='WARN' +qualname='turbogears.access' +handlers=['access_out'] +propagate=0 From 6bc2f3f6234077ca551dd85f4c708da06a724f3c Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 21 May 2014 16:51:24 +0000 Subject: [PATCH 11/18] Also add to playbook. --- playbooks/groups/sundries.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/playbooks/groups/sundries.yml b/playbooks/groups/sundries.yml index bdbb6970ff..8ece5d631d 100644 --- a/playbooks/groups/sundries.yml +++ b/playbooks/groups/sundries.yml @@ -47,6 +47,7 @@ - role: fedora_owner_change when: master_sundries_node - rsyncd + - mirrormanager/frontend tasks: - include: "{{ tasks }}/hosts.yml" From 317360d13bb42d865e0983f37db8dfbcb8ec3755 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 21 May 2014 16:59:25 +0000 Subject: [PATCH 12/18] Fix template. --- .../package/templates/mirrormanager-prod.cfg.j2 | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/mirrormanager/package/templates/mirrormanager-prod.cfg.j2 b/roles/mirrormanager/package/templates/mirrormanager-prod.cfg.j2 index f09b0d8053..b108bd3305 100644 --- a/roles/mirrormanager/package/templates/mirrormanager-prod.cfg.j2 +++ b/roles/mirrormanager/package/templates/mirrormanager-prod.cfg.j2 @@ -15,11 +15,11 @@ # This is for local development purposes. It won't be used for # production. -{{ if environment == "staging" }} +{% if env == "staging" %} sqlobject.dburi="notrans_postgres://mirroradmin:{{= mirrorPassword }}@db-mirrormanager.stg:5432/mirrormanager" -{{ else }} +{% else %} sqlobject.dburi="notrans_postgres://mirroradmin:{{= mirrorPassword }}@db-mirrormanager:5432/mirrormanager" -{{ end }} +{% end %} # if you are using a database or table type without transactions # (MySQL default, for example), you should turn off transactions @@ -97,11 +97,11 @@ mrr.repos = ''' { } ''' base_url_filter.on = True -{{ if environment == "staging" }} +{% if env == "staging" %} base_url_filter.base_url = "https://admin.stg.fedoraproject.org" -{{ else }} +{% else %} base_url_filter.base_url = "https://admin.fedoraproject.org" -{{ end }} +{% end %} base_url_filter.use_x_forwarded_host = False [/xmlrpc] From dd45f8c1093cfb8eb04f874ede658d9b82398120 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 21 May 2014 17:05:13 +0000 Subject: [PATCH 13/18] Fix stray = --- .../mirrormanager/package/templates/mirrormanager-prod.cfg.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mirrormanager/package/templates/mirrormanager-prod.cfg.j2 b/roles/mirrormanager/package/templates/mirrormanager-prod.cfg.j2 index b108bd3305..6f1f845f97 100644 --- a/roles/mirrormanager/package/templates/mirrormanager-prod.cfg.j2 +++ b/roles/mirrormanager/package/templates/mirrormanager-prod.cfg.j2 @@ -16,9 +16,9 @@ # This is for local development purposes. It won't be used for # production. {% if env == "staging" %} -sqlobject.dburi="notrans_postgres://mirroradmin:{{= mirrorPassword }}@db-mirrormanager.stg:5432/mirrormanager" +sqlobject.dburi="notrans_postgres://mirroradmin:{{ mirrorPassword }}@db-mirrormanager.stg:5432/mirrormanager" {% else %} -sqlobject.dburi="notrans_postgres://mirroradmin:{{= mirrorPassword }}@db-mirrormanager:5432/mirrormanager" +sqlobject.dburi="notrans_postgres://mirroradmin:{{ mirrorPassword }}@db-mirrormanager:5432/mirrormanager" {% end %} # if you are using a database or table type without transactions From 41d2bcc729d23879d04d4167f52f56e5331558a3 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 21 May 2014 17:07:59 +0000 Subject: [PATCH 14/18] Fix end to endif --- .../mirrormanager/package/templates/mirrormanager-prod.cfg.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mirrormanager/package/templates/mirrormanager-prod.cfg.j2 b/roles/mirrormanager/package/templates/mirrormanager-prod.cfg.j2 index 6f1f845f97..07f713fae4 100644 --- a/roles/mirrormanager/package/templates/mirrormanager-prod.cfg.j2 +++ b/roles/mirrormanager/package/templates/mirrormanager-prod.cfg.j2 @@ -19,7 +19,7 @@ sqlobject.dburi="notrans_postgres://mirroradmin:{{ mirrorPassword }}@db-mirrormanager.stg:5432/mirrormanager" {% else %} sqlobject.dburi="notrans_postgres://mirroradmin:{{ mirrorPassword }}@db-mirrormanager:5432/mirrormanager" -{% end %} +{% endif %} # if you are using a database or table type without transactions # (MySQL default, for example), you should turn off transactions @@ -101,7 +101,7 @@ base_url_filter.on = True base_url_filter.base_url = "https://admin.stg.fedoraproject.org" {% else %} base_url_filter.base_url = "https://admin.fedoraproject.org" -{% end %} +{% endif %} base_url_filter.use_x_forwarded_host = False [/xmlrpc] From eb7371b56063aeec3157aab2dd4c2382234825b2 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 21 May 2014 17:22:07 +0000 Subject: [PATCH 15/18] Try this. --- roles/mirrormanager/package/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mirrormanager/package/tasks/main.yml b/roles/mirrormanager/package/tasks/main.yml index 20bb458e7a..68446e3ae8 100644 --- a/roles/mirrormanager/package/tasks/main.yml +++ b/roles/mirrormanager/package/tasks/main.yml @@ -54,7 +54,7 @@ - name: setup /home/mirrormanager/.ssh directory copy: > - src="{{ puppet_private }}/mirrormanager" + src="{{ puppet_private }}/mirrormanager/" dest="/home/mirrormanager/.ssh" directory_mode=yes owner=mirrormanager From 3333d00a59fc3ab726e08a3b1528e3d55608628f Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 21 May 2014 17:28:36 +0000 Subject: [PATCH 16/18] Just call this mirrormanager.conf --- roles/mirrormanager/frontend/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mirrormanager/frontend/tasks/main.yml b/roles/mirrormanager/frontend/tasks/main.yml index 7a408ba8b8..e6767ec408 100644 --- a/roles/mirrormanager/frontend/tasks/main.yml +++ b/roles/mirrormanager/frontend/tasks/main.yml @@ -4,7 +4,7 @@ - name: install /etc/httpd/conf.d/mirrormanager-app.conf copy: > src="mirrormanager-app.conf" - dest="/etc/httpd/conf.d/mirrormanager-app.conf" + dest="/etc/httpd/conf.d/mirrormanager.conf" owner=root group=root mode=0644 From 8fc6694c5f9fedfc9d81feaa73b44c06eba95d45 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 21 May 2014 17:38:51 +0000 Subject: [PATCH 17/18] Set some sebools on sundries. --- roles/mirrormanager/package/tasks/main.yml | 5 +++++ roles/rsyncd/tasks/main.yml | 6 ++++++ 2 files changed, 11 insertions(+) diff --git a/roles/mirrormanager/package/tasks/main.yml b/roles/mirrormanager/package/tasks/main.yml index 68446e3ae8..7e775cd6af 100644 --- a/roles/mirrormanager/package/tasks/main.yml +++ b/roles/mirrormanager/package/tasks/main.yml @@ -1,6 +1,11 @@ --- # tasklist for setting up the mirrormanager package components +- name: set sebooleans so mirrormanager can read its homedir + action: seboolean name=httpd_enable_homedirs + state=true + persistent=true + - name: add mirrormanager group - gid 441 group: name=mirrormanager gid=441 diff --git a/roles/rsyncd/tasks/main.yml b/roles/rsyncd/tasks/main.yml index 8f7de86f60..e43f49bf01 100644 --- a/roles/rsyncd/tasks/main.yml +++ b/roles/rsyncd/tasks/main.yml @@ -43,3 +43,9 @@ service: name=xinetd state=started tags: - services + +- name: set sebooleans so rsync can read dirs + action: seboolean name=rsync_export_all_ro + state=true + persistent=true + From af011162e3e425c0169e6ea5045f1f6232dbdbd9 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 21 May 2014 17:57:45 +0000 Subject: [PATCH 18/18] Add db connect bool for mm frontend --- roles/mirrormanager/frontend/tasks/main.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/mirrormanager/frontend/tasks/main.yml b/roles/mirrormanager/frontend/tasks/main.yml index e6767ec408..7ed2b992a9 100644 --- a/roles/mirrormanager/frontend/tasks/main.yml +++ b/roles/mirrormanager/frontend/tasks/main.yml @@ -1,6 +1,11 @@ --- # tasklist for setting up the mirrormanager app components +- name: set sebooleans so mirrormanager can connect to its db + action: seboolean name=httpd_can_network_connect_db + state=true + persistent=true + - name: install /etc/httpd/conf.d/mirrormanager-app.conf copy: > src="mirrormanager-app.conf"