diff --git a/roles/abrt/retrace/LICENSE.bsd b/roles/abrt/retrace/LICENSE.bsd new file mode 100644 index 0000000000..2f17068367 --- /dev/null +++ b/roles/abrt/retrace/LICENSE.bsd @@ -0,0 +1,25 @@ +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, and the entire permission notice in its entirety, + including the disclaimer of warranties. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. The name of the author may not be used to endorse or promote + products derived from this software without specific prior + written permission. + +THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED +WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF +WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE +LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT +OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE +USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH +DAMAGE. diff --git a/roles/abrt/retrace/README.rst b/roles/abrt/retrace/README.rst new file mode 100644 index 0000000000..8dc3e60944 --- /dev/null +++ b/roles/abrt/retrace/README.rst @@ -0,0 +1,17 @@ +ansible-role-retrace-server +--------------------------- + +Role for deploying `retrace-server `_. + +See `defaults/main.yml `_ +for the complete list of configuration variables. + +License +======= + +BSD + +Author +====== + +Richard Marko diff --git a/roles/abrt/retrace/defaults/main.yml b/roles/abrt/retrace/defaults/main.yml new file mode 100644 index 0000000000..c089de402f --- /dev/null +++ b/roles/abrt/retrace/defaults/main.yml @@ -0,0 +1,182 @@ +--- + +# Which group is used for authentication +rs_auth_group: retrace + +# Force to use HTTPS - only disable on trusted network +rs_require_https: true + +# Allow to delete task data via HTTP API (https://server//delete) +rs_allow_api_delete: false + +# Allow interactive tasks (security risk, do not use on public systems) +rs_allow_interactive: false + +# Allow X-CoreFileDirectory header +rs_allow_external_dir: false + +# Allow to create tasks owned by task manager (security risk) +rs_allow_task_manager: false + +# Allow to create VMCore tasks in the task manager +rs_allow_vmcore_task: true + +# Allow to create VMCore tasks in the task manager +rs_allow_usrcore_task: true + +# If white list is disabled, anyone can delete tasks +rs_task_manager_auth_delete: false + +# Whitespace-separated list of users allowed to delete tasks +rs_task_manager_delete_users: + +# If set to non-empty string, makes the case number clickable in task manager +# The string is expanded by python, with the case number passed +# as the only argument, do not forget %d +rs_case_number_url: + +# Verify GPG signatures of installed packages +rs_require_gpg_check: true + +# Maximum tasks running at one moment +rs_max_parallel_tasks: 5 + +# Maximum size of archive uploaded by user (MB) +rs_max_packed_size: 50 + +# Maximum size of archive contents (MB) +rs_max_unpacked_size: 1024 + +# Minimal storage left on WorkDir FS after unpacking archive (MB) +rs_min_storage_left: 1024 + +# Delete old tasks after (hours); <= 0 means never +# This is mutually exclusive with ArchiveTasksAfter (see below) +# The one that occurs first removes the task from the system +# In case DeleteTaskAfter = ArchiveTaskAfter, archiving executes first +rs_delete_task_after: 0 + +# Delete old failed tasks after (hours); <= 0 means never +# This is useful for cleanup of failed tasks before the standard +# mechanisms do (DeleteTaskAfter or ArchiveTaskAfter) +# In case DeleteFailedTaskAfter > DeleteTaskAfter +# or DeleteFailedTaskAfter > ArchiveTaskAfter, this option does nothing +rs_delete_failed_task_after: 0 + +# Archive old task after (hours); <= 0 means never +# This is mutually exclusive with DeleteTasksAfter (see above) +# The one that occurs first removes the task from the system +# In case DeleteTaskAfter = ArchiveTaskAfter, archiving executes first +rs_archive_task_after: 0 + +# SQLite statistics DB filename +rs_db_file: stats.db + +# Log directory +rs_log_dir: /var/log/retrace-server + +# Local repos directory +rs_repo_dir: /var/cache/retrace-server + +# Directory where the crashes and results are saved +rs_save_dir: /var/spool/retrace-server + +# Directory where old tasks are moved +rs_drop_dir: /srv/retrace/archive + +# Whether to use explicit working directory, otherwise default mock settings are used +rs_use_work_dir: false + +# Working directory +rs_work_dir: /tmp/retrace-server + +# Whether to use createrepo's --update option (faster, but requires a lot of memory) +rs_use_createrepo_update: false + +# How many latest packages to keep for rawhide +rs_keep_rawhide_latest: 3 + +# Repo used to install chroot for vmcores +rs_kernel_chroot_repo: http://dl.fedoraproject.org/pub/fedora/linux/releases/16/Everything/$ARCH/os/ + +# Koji directory structure can be used to search for kernel debuginfo +rs_koji_root: /mnt/koji + +# Whether task manager should look to an external FTP for task data +rs_use_ftp_tasks: false + +# FTP connection parameters +rs_ftp_ssl: false +rs_ftp_host: +rs_ftp_user: +rs_ftp_password: +rs_ftp_dir: / + +# Size of buffer for downloading from FTP (MB) +rs_ftp_buffer_size: 16 + +# Whether to use wget as a fallback to finding kernel debuginfos +rs_wget_kernel_debuginfos: false + +# Where to download kernel debuginfos from +# $VERSION $RELEASE and $ARCH are replaced by the appropriate value +# kernel-debuginfo-VRA.rpm is appended to the end +rs_kernel_debuginfo_url: http://kojipkgs.fedoraproject.org/packages/$BASENAME/$VERSION/$RELEASE/$ARCH/ + +# Run makedumpfile with specified dumplevel; <= 0 or >= 32 means disabled +rs_vmcore_dump_level: 0 + +# Whether to run kmem command by default (this may take a long time on large vmcores) +# 1 => run 'kmem -f'; 2 => run 'kmem -f' with 'set hash off'; 3 => run 'kmem -z'; anything else => do not run kmem +rs_vmcore_run_kmem: 0 + +# EXPERIMENTAL! Use ABRT Server's storage to map build-ids +# into debuginfo packages and resolve dependencies +# Requires support from ABRT Server +rs_use_faf_packages: false + +# Where to hardlink faf packages +rs_faf_link_dir: /var/spool/faf/retrace-tmp + +# Whether to enable e-mail notifications +rs_email_notify: false + +# Who sends the e-mail notifications +rs_email_notify_from_user: retrace + +rs_archhosts: + - { arch: i386, url: } + - { arch: x86_64, url: } + - { arch: ppc64, url: } + - { arch: armhfp, url: } + - { arch: s390x, url: } + +# Parameters are replaced using python's format. +# Available parameters: hook_name, task_id, task_dir +# Example: pre_start = /bin/echo {hook_name} {task_id} {task_dir} +# When worker.start() is called +rs_hookscripts: + - { hook: pre_start, cmd: } + - { hook: start, cmd: } + - { hook: pre_prepare_debuginfo, cmd: } + - { hook: post_prepare_debuginfo, cmd: } + - { hook: pre_prepare_mock, cmd: } + - { hook: post_prepare_mock, cmd: } + - { hook: pre_retrace, cmd: } + - { hook: post_retrace, cmd: } + - { hook: success, cmd: } + - { hook: fail, cmd: } + - { hook: pre_remove_task, cmd: } + - { hook: post_remove_task, cmd: } + - { hook: pre_clean_task, cmd: } + - { hook: post_clean_task, cmd: } + + +# Force package reinstall +rs_force_reinstall: false + +# Check server health after installation +rs_check_health: true + +# Hostname +hostname: example.org diff --git a/roles/abrt/retrace/handlers/main.yml b/roles/abrt/retrace/handlers/main.yml new file mode 100644 index 0000000000..e379288d84 --- /dev/null +++ b/roles/abrt/retrace/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart httpd + service: name=httpd state=restarted diff --git a/roles/abrt/retrace/meta/.galaxy_install_info b/roles/abrt/retrace/meta/.galaxy_install_info new file mode 100644 index 0000000000..c274597176 --- /dev/null +++ b/roles/abrt/retrace/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Thu Apr 6 13:39:54 2017', version: ''} diff --git a/roles/abrt/retrace/meta/main.yml b/roles/abrt/retrace/meta/main.yml new file mode 100644 index 0000000000..dc9c449d10 --- /dev/null +++ b/roles/abrt/retrace/meta/main.yml @@ -0,0 +1,19 @@ +--- +galaxy_info: + author: sorki + description: Deploy retrace-server + license: BSD + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - 7 + - name: Fedora + versions: + - 21 + - 22 + - 23 + categories: + - system +#dependencies: +# - { role: httpd } diff --git a/roles/abrt/retrace/tasks/check.yml b/roles/abrt/retrace/tasks/check.yml new file mode 100644 index 0000000000..d4411b0653 --- /dev/null +++ b/roles/abrt/retrace/tasks/check.yml @@ -0,0 +1,18 @@ +--- + +# check functionality + +- meta: flush_handlers + +- set_fact: + settings_url: "https://{{ ansible_default_ipv4.address }}/settings" + +- name: fetch settings + local_action: uri url={{ settings_url }} + return_content=yes + validate_certs=no + register: uri_res + +- fail: msg="{{ settings_url }} doesn't contain supported_releases" + when: + "'supported_releases' not in uri_res.content" diff --git a/roles/abrt/retrace/tasks/config.yml b/roles/abrt/retrace/tasks/config.yml new file mode 100644 index 0000000000..ce1ff3dca9 --- /dev/null +++ b/roles/abrt/retrace/tasks/config.yml @@ -0,0 +1,10 @@ +--- +- name: configure retrace-server + template: src=etc-retrace-server.conf.j2 + dest=/etc/retrace-server.conf + notify: restart httpd + +- name: retrace-server http config + template: src=retrace-server-httpd.conf.j2 + dest=/etc/httpd/conf.d/retrace-server-httpd.conf + notify: restart httpd diff --git a/roles/abrt/retrace/tasks/install.yml b/roles/abrt/retrace/tasks/install.yml new file mode 100644 index 0000000000..e7003abeb6 --- /dev/null +++ b/roles/abrt/retrace/tasks/install.yml @@ -0,0 +1,7 @@ +--- +- name: erase retrace-server packages + yum: name=retrace-server state=absent + when: rs_force_reinstall + +- name: install retrace-server package + yum : name=retrace-server state=installed diff --git a/roles/abrt/retrace/tasks/main.yml b/roles/abrt/retrace/tasks/main.yml new file mode 100644 index 0000000000..5ba2d601d3 --- /dev/null +++ b/roles/abrt/retrace/tasks/main.yml @@ -0,0 +1,18 @@ +--- +# Install retrace-server packages +- include: install.yml + tags: [rs, packages] + +# Set up use of FAF packages +- include: usefafpkgs.yml + when: rs_use_faf_packages + tags: [rs, use_faf_packages] + +# Configure retrace-server +- include: config.yml + tags: [rs, config] + +# Check functionality of the retrace-server +- include: check.yml + when: rs_check_health + tags: [rs, check] diff --git a/roles/abrt/retrace/tasks/usefafpkgs.yml b/roles/abrt/retrace/tasks/usefafpkgs.yml new file mode 100644 index 0000000000..847c0a4b7d --- /dev/null +++ b/roles/abrt/retrace/tasks/usefafpkgs.yml @@ -0,0 +1,34 @@ +--- +- name: check if faf installed + yum: list=faf + register: is_installed + +- fail: msg="faf is not installed!" + when: '"installed" not in "{{ is_installed.results }}"' + +- name: add user retrace to faf db + postgresql_user: db=faf + name=retrace + priv=ALL + role_attr_flags=SUPERUSER + state=present + become: yes + become_user: postgres + +# for already existing files/dirs +- name: ACL for user retrace + acl: path=/var/spool/faf/lob state=present recursive=yes + entity=retrace etype=user permissions=rwX + +# for files/dirs created in future +- name: default ACL for user retrace + acl: path=/var/spool/faf/lob state=present recursive=yes default=yes + entity=retrace etype=user permissions=rwX + +- name: check for hardlink dir + stat: path={{ rs_faf_link_dir }} + register: rsdir + +- name: make dir for hardlinks + file: path={{ rs_faf_link_dir }} state=directory owner=retrace group=retrace + when: rsdir.stat.exists == False diff --git a/roles/abrt/retrace/templates/etc-retrace-server.conf.j2 b/roles/abrt/retrace/templates/etc-retrace-server.conf.j2 new file mode 100644 index 0000000000..edda02fab5 --- /dev/null +++ b/roles/abrt/retrace/templates/etc-retrace-server.conf.j2 @@ -0,0 +1,162 @@ +#{{ ansible_managed }} + +[retrace] +# Which group is used for authentication +# Do not change AuthGroup if you really don't need to! +# When using non-default group "foo", you also need to +# 1) Set group=foo in WSGIDaemonProcess in /etc/httpd/conf.d/retrace-server-httpd.conf +# 2) Make LogDir, SaveDir and RepoDir readable and writable for foo +# 3) Execute all retrace-server-* scripts (including cron jobs!) with foo membership +AuthGroup = {{ rs_auth_group }} + +# Force to use HTTPS - only disable on trusted network +RequireHTTPS = {{ rs_require_https|int }} + +# Allow to delete task data via HTTP API (https://server//delete) +AllowAPIDelete = {{ rs_allow_api_delete|int }} + +# Allow interactive tasks (security risk, do not use on public systems) +AllowInteractive = {{ rs_allow_interactive|int }} + +# Allow X-CoreFileDirectory header +AllowExternalDir = {{ rs_allow_external_dir|int }} + +# Allow to create tasks owned by task manager (security risk) +AllowTaskManager = {{ rs_allow_task_manager|int }} + +# Allow to create VMCore tasks in the task manager +AllowVMCoreTask = {{ rs_allow_vmcore_task|int }} + +# Allow to create Userspace core tasks in the task manager +AllowUsrCoreTask = {{ rs_allow_usrcore_task|int }} + +# If white list is disabled, anyone can delete tasks +TaskManagerAuthDelete = {{ rs_task_manager_auth_delete|int }} + +# Whitespace-separated list of users allowed to delete tasks +TaskManagerDeleteUsers = {{ rs_task_manager_delete_users|default('', true) }} + +# If set to non-empty string, makes the case number clickable in task manager +# The string is expanded by python, with the case number passed +# as the only argument, do not forget %d +CaseNumberURL = {{ rs_case_number_url|default('', true) }} + +# Verify GPG signatures of installed packages +RequireGPGCheck = {{ rs_require_gpg_check|int }} + +# Maximum tasks running at one moment +MaxParallelTasks = {{ rs_max_parallel_tasks|int }} + +# Maximum size of archive uploaded by user (MB) +MaxPackedSize = {{ rs_max_packed_size|int }} + +# Maximum size of archive contents (MB) +MaxUnpackedSize = {{ rs_max_unpacked_size|int }} + +# Minimal storage left on WorkDir FS after unpacking archive (MB) +MinStorageLeft = {{ rs_min_storage_left|int }} + +# Delete old tasks after (hours); <= 0 means never +# This is mutually exclusive with ArchiveTasksAfter (see below) +# The one that occurs first removes the task from the system +# In case DeleteTaskAfter = ArchiveTaskAfter, archiving executes first +DeleteTaskAfter = {{ rs_delete_task_after|int }} + +# Delete old failed tasks after (hours); <= 0 means never +# This is useful for cleanup of failed tasks before the standard +# mechanisms do (DeleteTaskAfter or ArchiveTaskAfter) +# In case DeleteFailedTaskAfter > DeleteTaskAfter +# or DeleteFailedTaskAfter > ArchiveTaskAfter, this option does nothing +DeleteFailedTaskAfter = {{ rs_delete_failed_task_after|int }} + +# Archive old task after (hours); <= 0 means never +# This is mutually exclusive with DeleteTasksAfter (see above) +# The one that occurs first removes the task from the system +# In case DeleteTaskAfter = ArchiveTaskAfter, archiving executes first +ArchiveTaskAfter = {{ rs_archive_task_after|int }} + +# SQLite statistics DB filename +DBFile = {{ rs_db_file }} + +# Log directory +LogDir = {{ rs_log_dir }} + +# Local repos directory +# if changed, you also need to update httpd config +RepoDir = {{ rs_repo_dir }} + +# Directory where the crashes and results are saved +SaveDir = {{ rs_save_dir }} + +# Directory where old tasks are moved +DropDir = {{ rs_drop_dir }} + +# Whether to use explicit working directory, otherwise default mock settings are used +UseWorkDir = {{ rs_use_work_dir|int }} + +# Working directory +WorkDir = {{ rs_work_dir }} + +# Whether to use createrepo's --update option (faster, but requires a lot of memory) +UseCreaterepoUpdate = {{ rs_use_createrepo_update|int }} + +# How many latest packages to keep for rawhide +KeepRawhideLatest = {{ rs_keep_rawhide_latest|int }} + +# Repo used to install chroot for vmcores +KernelChrootRepo = {{ rs_kernel_chroot_repo }} + +# Koji directory structure can be used to search for kernel debuginfo +KojiRoot = {{ rs_koji_root }} + +# Whether task manager should look to an external FTP for task data +UseFTPTasks = {{ rs_use_ftp_tasks|int }} + +# FTP connection parameters +FTPSSL = {{ rs_ftp_ssl|int }} +FTPHost = {{ rs_ftp_host|default('', true) }} +FTPUser = {{ rs_ftp_user|default('', true) }} +FTPPass = {{ rs_ftp_password|default('', true) }} +FTPDir = {{ rs_ftp_dir|default('', true) }} + +# Size of buffer for downloading from FTP (MB) +FTPBufferSize = {{ rs_ftp_buffer_size|int }} + +# Whether to use wget as a fallback to finding kernel debuginfos +WgetKernelDebuginfos = {{ rs_wget_kernel_debuginfos|int }} + +# Where to download kernel debuginfos from +# $VERSION $RELEASE and $ARCH are replaced by the appropriate value +# kernel-debuginfo-VRA.rpm is appended to the end +KernelDebuginfoURL = {{ rs_kernel_debuginfo_url }} + +# Run makedumpfile with specified dumplevel; <= 0 or >= 32 means disabled +VmcoreDumpLevel = {{ rs_vmcore_dump_level|int }} + +# Whether to run kmem command by default (this may take a long time on large vmcores) +# 1 => run 'kmem -f'; 2 => run 'kmem -f' with 'set hash off'; 3 => run 'kmem -z'; anything else => do not run kmem +VmcoreRunKmem = {{ rs_vmcore_run_kmem|int }} + +# EXPERIMENTAL! Use ABRT Server's storage to map build-ids +# into debuginfo packages and resolve dependencies +# Requires support from ABRT Server +UseFafPackages = {{ rs_use_faf_packages|int }} + +# Where to hardlink faf packages +FafLinkDir = {{ rs_faf_link_dir }} + +# Whether to enable e-mail notifications +EmailNotify = {{ rs_email_notify|int }} + +# Who sends the e-mail notifications +EmailNotifyFrom = {{ rs_email_notify_from_user }}@{{ hostname }} + +[archhosts] +{% for a in rs_archhosts %} +{{ a.arch }} = {{ a.url|default('', true) }} +{% endfor %} + +[hookscripts] +{% for h in rs_hookscripts %} +{{ h.hook }} = {{ h.cmd|default('', true) }} +{% endfor %} diff --git a/roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 b/roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 new file mode 100644 index 0000000000..593b2b8582 --- /dev/null +++ b/roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 @@ -0,0 +1,47 @@ +#{{ ansible_managed }} + +WSGISocketPrefix /var/run/retrace +WSGIDaemonProcess retrace user=retrace group=retrace processes=5 threads=3 + +WSGIScriptAliasMatch ^/manager(/.*)?$ /usr/share/retrace-server/manager.wsgi +WSGIScriptAliasMatch ^/settings$ /usr/share/retrace-server/settings.wsgi +WSGIScriptAliasMatch ^/create$ /usr/share/retrace-server/create.wsgi +WSGIScriptAliasMatch ^/stats$ /usr/share/retrace-server/stats.wsgi +WSGIScriptAliasMatch ^/checkpackage$ /usr/share/retrace-server/checkpackage.wsgi +WSGIScriptAliasMatch ^/[0-9]+/?$ /usr/share/retrace-server/status.wsgi +WSGIScriptAliasMatch ^/[0-9]+/delete$ /usr/share/retrace-server/delete.wsgi +WSGIScriptAliasMatch ^/[0-9]+/log$ /usr/share/retrace-server/log.wsgi +WSGIScriptAliasMatch ^/[0-9]+/backtrace$ /usr/share/retrace-server/backtrace.wsgi +WSGIScriptAliasMatch ^/[0-9]+/exploitable$ /usr/share/retrace-server/exploitable.wsgi +WSGIScriptAliasMatch ^/[0-9]+/start$ /usr/share/retrace-server/start.wsgi +WSGIScriptAliasMatch ^/$ /usr/share/retrace-server/index.wsgi + + + Options Indexes FollowSymLinks + AllowOverride None + + # Apache 2.4 + Require all granted + + + # Apache 2.2 + Order allow,deny + Allow from all + + + + + WSGIProcessGroup retrace + Options -Indexes -FollowSymLinks + + # Apache 2.4 + Require all granted + + + # Apache 2.2 + Order allow,deny + Allow from all + + + +Alias /repos /var/cache/retrace-server