From f5de255fd3b8387ed1c29600e29bfce561a7ce1d Mon Sep 17 00:00:00 2001 From: Chaoyi Zha Date: Wed, 10 Jun 2015 00:21:49 +0000 Subject: [PATCH 1/3] Set up mote webapp role --- roles/mote/tasks/main.yml | 72 +++++++++++++++++++++++++++++ roles/mote/templates/mote.conf | 24 ++++++++++ roles/mote/templates/mote.wsgi | 24 ++++++++++ roles/mote/templates/mote_config.py | 39 ++++++++++++++++ 4 files changed, 159 insertions(+) create mode 100644 roles/mote/tasks/main.yml create mode 100644 roles/mote/templates/mote.conf create mode 100644 roles/mote/templates/mote.wsgi create mode 100644 roles/mote/templates/mote_config.py diff --git a/roles/mote/tasks/main.yml b/roles/mote/tasks/main.yml new file mode 100644 index 0000000000..3a01c81750 --- /dev/null +++ b/roles/mote/tasks/main.yml @@ -0,0 +1,72 @@ +--- +# Configuration for the mote webapp + +- name: install needed packages + yum: pkg={{ item }} state=present + with_items: + - mote + tags: + - packages + +- name: copy sundry mote configuration + template: src={{ item.file }} + dest={{ item.location }}/{{ item.dest }} + owner=apache group=apache mode=0600 + with_items: + - { file: mote_config.py, location: /etc/mote, dest: config.py } + - { file: alembic.ini, location: /etc/nuancier, dest: alembic.ini } + changed_when: "1 != 1" + tags: + - config + notify: + - restart apache + +- name: create the cache folder where nuancier creates the thumbnails + action: file state=directory + path=/var/cache/nuancier/cache + owner=apache group=apache mode=0700 + tags: + - setup + +- name: replace the mote configuration file by the one with the normal user + template: src={{ item.file }} + dest="{{ item.location }}/{{ item.file }}" + owner=apache group=apache mode=0600 + changed_when: "1 != 1" + with_items: + - { file: mote_config.py, location: /etc/mote, dest: config.py } + - { file: mote.conf, location: /etc/httpd/conf.d } + - { file: mote.wsgi, location: /usr/share/mote } + tags: + - config + notify: + - restart apache + - restart memcached + +- name: set sebooleans so nuancier can talk to the db + action: seboolean name=httpd_can_network_connect_db + state=true + persistent=true + +- name: apply selinux type to static files + file: > + dest=/usr/lib/python2.7/site-packages/mote/static/ + setype=httpd_sys_content_t + state=directory + recurse=yes +- name: apply selinux type to meetbot files + file: > + dest=/srv/web/meetbot/ + setype=httpd_sys_content_t + state=directory + recurse=yes + +- name: set sebooleans so apache can use memcached + action: seboolean name=httpd_can_network_memcache + state=true + persistent=true + +- name: apply selinux type to the wsgi file + file: > + dest=/usr/share/mote/mote.wsgi + setype=httpd_sys_content_t diff --git a/roles/mote/templates/mote.conf b/roles/mote/templates/mote.conf new file mode 100644 index 0000000000..0b42cef0a0 --- /dev/null +++ b/roles/mote/templates/mote.conf @@ -0,0 +1,24 @@ +# Apache configuration file for mote + +Alias /static /usr/lib/python2.7/site-packages/mote/static + +WSGIDaemonProcess mote user=apache maximum-requests=1000 display-name=mote processes=2 threads=1 +WSGISocketPrefix run/wsgi +WSGIRestrictStdout On +WSGIRestrictSignal Off +WSGIPythonOptimize 1 + +WSGIScriptAlias / /usr/share/mote/mote.wsgi + + + WSGIProcessGroup mote + + # Apache 2.4 + Require all granted + + + # Apache 2.2 + Order deny,allow + Allow from all + + diff --git a/roles/mote/templates/mote.wsgi b/roles/mote/templates/mote.wsgi new file mode 100644 index 0000000000..7348e61a7e --- /dev/null +++ b/roles/mote/templates/mote.wsgi @@ -0,0 +1,24 @@ +#-*- coding: utf-8 -*- + +# The three lines below are required to run on EL6 as EL6 has +# two possible version of python-sqlalchemy and python-jinja2 +# These lines make sure the application uses the correct version. +import __main__ +__main__.__requires__ = ['jinja2 >= 2.4'] +import pkg_resources + +import os +#Set the environment variable pointing to the configuration file +os.environ['MOTE_CONFIG_FOLDER'] = '/etc/mote/' + +# The following is only needed if you did not install mote +# as a python module (for example if you run it from a git clone). +# import sys +# sys.path.insert(0, '/path/to/mote/') + + +# The most import line to make the wsgi working +from mote import app as application +from mote import soke +# Generate cache and store in memcached +soke.run() diff --git a/roles/mote/templates/mote_config.py b/roles/mote/templates/mote_config.py new file mode 100644 index 0000000000..8af7c72170 --- /dev/null +++ b/roles/mote/templates/mote_config.py @@ -0,0 +1,39 @@ +''' +Crawler Configuration +''' + +log_endpoint = "/srv/web/meetbot" +#log_endpoint = "/home/user/mote/test_data/meetbot" + +# Fedora has a "teams" folder which contains +# logs from meetings started with a certain team name +# for instance, `#startmeeting famna` will save in "/teams/famna" +# Folders not in "teams" reflect the channel name of the meeting +log_team_folder = "teams" + +# Directories to ignore in crawling the logs. +# These folders are ignored. The "meetbot" folder is +# an infinite loop on Fedora's meetbot instance. +ignore_dir = "meetbot" + +# Location where raw logs/minutes are stored (remote location) +meetbot_prefix = "http://meetbot.fedoraproject.org" + +# Time (in seconds) after which the log/meeting cache expires +cache_expire_time = 60 * 60 * 1 + + +''' +Development Configuration +''' + +enable_debug = True +app_port = 5000 + +''' +General Configuration +''' + +app_host = "127.0.0.1" +admin_groups = ["sysadmin-mote"] +memcached_ip = "127.0.0.1:11211" From f42e4e93068e41af790b7b241c7398e629fb2149 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 10 Jun 2015 01:10:35 +0000 Subject: [PATCH 2/3] Revert "Switch everything to nfsv4 and new filer." This reverts commit 85fa791bdf93244156bef65e18ae9a3798b27435. Conflicts: roles/nfs/client/tasks/main.yml --- inventory/group_vars/bodhi-backend | 2 +- inventory/group_vars/composers | 2 +- inventory/group_vars/releng | 2 +- inventory/host_vars/arm01-releng00.arm.fedoraproject.org | 2 +- inventory/host_vars/arm01-releng02.arm.fedoraproject.org | 2 +- inventory/host_vars/compose-x86-01.phx2.fedoraproject.org | 2 +- playbooks/groups/backup-server.yml | 2 +- playbooks/groups/pkgs.yml | 2 +- playbooks/groups/secondary.yml | 4 ++-- roles/nfs/client/tasks/main.yml | 4 ++-- 10 files changed, 12 insertions(+), 12 deletions(-) diff --git a/inventory/group_vars/bodhi-backend b/inventory/group_vars/bodhi-backend index 6dccae88b5..f3befd4372 100644 --- a/inventory/group_vars/bodhi-backend +++ b/inventory/group_vars/bodhi-backend @@ -35,4 +35,4 @@ fedmsg_certs: owner: root group: masher -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid" +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" diff --git a/inventory/group_vars/composers b/inventory/group_vars/composers index b70c0ccd21..82cd018cad 100644 --- a/inventory/group_vars/composers +++ b/inventory/group_vars/composers @@ -35,4 +35,4 @@ fedmsg_certs: owner: root group: masher -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid" +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" diff --git a/inventory/group_vars/releng b/inventory/group_vars/releng index b70c0ccd21..82cd018cad 100644 --- a/inventory/group_vars/releng +++ b/inventory/group_vars/releng @@ -35,4 +35,4 @@ fedmsg_certs: owner: root group: masher -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid" +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" diff --git a/inventory/host_vars/arm01-releng00.arm.fedoraproject.org b/inventory/host_vars/arm01-releng00.arm.fedoraproject.org index 22d8ae4e8e..d9f5686198 100644 --- a/inventory/host_vars/arm01-releng00.arm.fedoraproject.org +++ b/inventory/host_vars/arm01-releng00.arm.fedoraproject.org @@ -4,4 +4,4 @@ # libdir: /usr/lib -nfs_mount_opts: rw,hard,bg,intr,noatime,nodev,nosuid +nfs_mount_opts: rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3 diff --git a/inventory/host_vars/arm01-releng02.arm.fedoraproject.org b/inventory/host_vars/arm01-releng02.arm.fedoraproject.org index 22d8ae4e8e..d9f5686198 100644 --- a/inventory/host_vars/arm01-releng02.arm.fedoraproject.org +++ b/inventory/host_vars/arm01-releng02.arm.fedoraproject.org @@ -4,4 +4,4 @@ # libdir: /usr/lib -nfs_mount_opts: rw,hard,bg,intr,noatime,nodev,nosuid +nfs_mount_opts: rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3 diff --git a/inventory/host_vars/compose-x86-01.phx2.fedoraproject.org b/inventory/host_vars/compose-x86-01.phx2.fedoraproject.org index 224434eeee..529bd02403 100644 --- a/inventory/host_vars/compose-x86-01.phx2.fedoraproject.org +++ b/inventory/host_vars/compose-x86-01.phx2.fedoraproject.org @@ -36,4 +36,4 @@ kojipkgs_url: kojipkgs.fedoraproject.org kojihub_url: koji.fedoraproject.org/kojihub kojihub_scheme: https -nfs_mount_opts: rw,hard,bg,intr,noatime,nodev,nosuid +nfs_mount_opts: rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3 diff --git a/playbooks/groups/backup-server.yml b/playbooks/groups/backup-server.yml index b457888d21..8334f6aeb6 100644 --- a/playbooks/groups/backup-server.yml +++ b/playbooks/groups/backup-server.yml @@ -23,7 +23,7 @@ - sudo - collectd/base - { role: nfs/client, - mnt_dir: '/fedora_backups', + mnt_dir: 'fedora_backups', nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid", nfs_src_dir: 'fedora_backups' } - openvpn/client diff --git a/playbooks/groups/pkgs.yml b/playbooks/groups/pkgs.yml index 8848c507a1..b9372eb18b 100644 --- a/playbooks/groups/pkgs.yml +++ b/playbooks/groups/pkgs.yml @@ -42,7 +42,7 @@ - git/server - git/hooks - clamav - - { role: nfs/client, when: env != "staging", mnt_dir: '/srv/cache/lookaside', nfs_src_dir: 'fedora_sourcecache', nfs_mount_opts='rw,hard,bg,intr,noatime,nodev,nosuid' } + - { role: nfs/client, when: env != "staging", mnt_dir: '/srv/cache/lookaside', nfs_src_dir: 'fedora_sourcecache', nfs_mount_opts='rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3' } - distgit tasks: diff --git a/playbooks/groups/secondary.yml b/playbooks/groups/secondary.yml index 82fdd9ec32..81479b635d 100644 --- a/playbooks/groups/secondary.yml +++ b/playbooks/groups/secondary.yml @@ -40,11 +40,11 @@ nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub/archive' } - { role: nfs/client, mnt_dir: '/srv/pub/alt', - nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid", + nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3", nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub/alt' } - { role: nfs/client, mnt_dir: '/srv/pub/fedora-secondary', - nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid", + nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3", nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub/fedora-secondary' } - role: apache diff --git a/roles/nfs/client/tasks/main.yml b/roles/nfs/client/tasks/main.yml index 09627c7887..9740a59827 100644 --- a/roles/nfs/client/tasks/main.yml +++ b/roles/nfs/client/tasks/main.yml @@ -72,7 +72,7 @@ opts={{nfs_mount_opts}} passno=0 dump=0 - state=mounted + state=absent when: datacenter == 'phx2' tags: - nfs/client @@ -85,7 +85,7 @@ opts={{nfs_mount_opts}} passno=0 dump=0 - state=mounted + state=absent when: datacenter == 'rdu' tags: - nfs/client From 973725abb51805837581af202fbe4670b3112368 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 10 Jun 2015 01:18:17 +0000 Subject: [PATCH 3/3] Switch more stuff back to v3 and make mounted default --- inventory/group_vars/download-phx2 | 2 +- inventory/group_vars/download-rdu2 | 2 +- inventory/group_vars/koji | 2 +- inventory/group_vars/secondary | 2 +- inventory/group_vars/wiki | 2 +- inventory/group_vars/wiki-stg | 2 +- inventory/host_vars/mm-backend01.phx2.fedoraproject.org | 2 +- inventory/host_vars/mm-backend01.stg.phx2.fedoraproject.org | 2 +- playbooks/groups/backup-server.yml | 2 +- roles/nfs/client/tasks/main.yml | 4 ++-- 10 files changed, 11 insertions(+), 11 deletions(-) diff --git a/inventory/group_vars/download-phx2 b/inventory/group_vars/download-phx2 index 86384c4681..111eeca3d1 100644 --- a/inventory/group_vars/download-phx2 +++ b/inventory/group_vars/download-phx2 @@ -6,4 +6,4 @@ nrpe_procs_warn: 900 nrpe_procs_crit: 1000 # nfs mount options, overrides the all/default -nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,actimeo=600" +nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,actimeo=600,nfsvers=3" diff --git a/inventory/group_vars/download-rdu2 b/inventory/group_vars/download-rdu2 index a9c5350867..7a7f06d5a6 100644 --- a/inventory/group_vars/download-rdu2 +++ b/inventory/group_vars/download-rdu2 @@ -6,4 +6,4 @@ nrpe_procs_warn: 900 nrpe_procs_crit: 1000 # nfs mount options, overrides the all/default -nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,actimeo=600" +nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,actimeo=600,nfsvers=3" diff --git a/inventory/group_vars/koji b/inventory/group_vars/koji index bdaf666402..31f7fbdfba 100644 --- a/inventory/group_vars/koji +++ b/inventory/group_vars/koji @@ -27,7 +27,7 @@ fedmsg_certs: owner: root group: apache -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid" +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" virt_install_command: virt-install -n {{ inventory_hostname }} -r {{ mem_size }} --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} diff --git a/inventory/group_vars/secondary b/inventory/group_vars/secondary index d736ee18d5..2969328863 100644 --- a/inventory/group_vars/secondary +++ b/inventory/group_vars/secondary @@ -6,7 +6,7 @@ nrpe_procs_warn: 900 nrpe_procs_crit: 1000 # nfs mount options, overrides the all/default -nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,actimeo=600" +nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,actimeo=600,nfsvers=3" fas_client_groups: sysadmin-noc,alt-sugar,alt-k12linux,altvideos,hosted-content,mips-content,s390_content,fi-apprentice,qa-deltaisos diff --git a/inventory/group_vars/wiki b/inventory/group_vars/wiki index f16944c851..1dfd6bbfb1 100644 --- a/inventory/group_vars/wiki +++ b/inventory/group_vars/wiki @@ -24,4 +24,4 @@ fedmsg_certs: owner: root group: apache -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid" +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" diff --git a/inventory/group_vars/wiki-stg b/inventory/group_vars/wiki-stg index 5950013e90..62aa43e0c5 100644 --- a/inventory/group_vars/wiki-stg +++ b/inventory/group_vars/wiki-stg @@ -24,4 +24,4 @@ fedmsg_certs: owner: root group: apache -nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid" +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" diff --git a/inventory/host_vars/mm-backend01.phx2.fedoraproject.org b/inventory/host_vars/mm-backend01.phx2.fedoraproject.org index f6f7124f1c..31b9204ab3 100644 --- a/inventory/host_vars/mm-backend01.phx2.fedoraproject.org +++ b/inventory/host_vars/mm-backend01.phx2.fedoraproject.org @@ -13,7 +13,7 @@ vmhost: virthost03.phx2.fedoraproject.org datacenter: phx2 # nfs mount options, overrides the all/default -nfs_mount_opts: "ro,hard,bg,intr,nodev,nosuid" +nfs_mount_opts: "ro,hard,bg,intr,nodev,nosuid,nfsvers=3" # We define this here to override the global one because we need eth1 virt_install_command: virt-install -n {{ inventory_hostname }} -r {{ mem_size }} diff --git a/inventory/host_vars/mm-backend01.stg.phx2.fedoraproject.org b/inventory/host_vars/mm-backend01.stg.phx2.fedoraproject.org index 86505ee814..7dc569e7ec 100644 --- a/inventory/host_vars/mm-backend01.stg.phx2.fedoraproject.org +++ b/inventory/host_vars/mm-backend01.stg.phx2.fedoraproject.org @@ -14,7 +14,7 @@ vmhost: virthost16.phx2.fedoraproject.org datacenter: phx2 # nfs mount options, overrides the all/default -nfs_mount_opts: "ro,hard,bg,intr,nodev,nosuid" +nfs_mount_opts: "ro,hard,bg,intr,nodev,nosuid,nfsvers=3" # We define this here to override the global one because we need eth1 virt_install_command: virt-install -n {{ inventory_hostname }} -r {{ mem_size }} diff --git a/playbooks/groups/backup-server.yml b/playbooks/groups/backup-server.yml index 8334f6aeb6..839ad75b04 100644 --- a/playbooks/groups/backup-server.yml +++ b/playbooks/groups/backup-server.yml @@ -24,7 +24,7 @@ - collectd/base - { role: nfs/client, mnt_dir: 'fedora_backups', - nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid", + nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3", nfs_src_dir: 'fedora_backups' } - openvpn/client diff --git a/roles/nfs/client/tasks/main.yml b/roles/nfs/client/tasks/main.yml index 9740a59827..09627c7887 100644 --- a/roles/nfs/client/tasks/main.yml +++ b/roles/nfs/client/tasks/main.yml @@ -72,7 +72,7 @@ opts={{nfs_mount_opts}} passno=0 dump=0 - state=absent + state=mounted when: datacenter == 'phx2' tags: - nfs/client @@ -85,7 +85,7 @@ opts={{nfs_mount_opts}} passno=0 dump=0 - state=absent + state=mounted when: datacenter == 'rdu' tags: - nfs/client