retrace: download retrace role from github

This commit is contained in:
Miroslav Suchý 2017-04-06 15:40:38 +02:00
parent 82fb723e2e
commit 47a2d4d557
13 changed files with 543 additions and 0 deletions

View file

@ -0,0 +1,25 @@
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, and the entire permission notice in its entirety,
including the disclaimer of warranties.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. The name of the author may not be used to endorse or promote
products derived from this software without specific prior
written permission.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF
WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.

View file

@ -0,0 +1,17 @@
ansible-role-retrace-server
---------------------------
Role for deploying `retrace-server <https://github.com/abrt/retrace-server>`_.
See `defaults/main.yml <https://github.com/abrt/ansible-role-retrace-server/blob/master/defaults/main.yml>`_
for the complete list of configuration variables.
License
=======
BSD
Author
======
Richard Marko <rmarko@fedoraproject.org>

View file

@ -0,0 +1,182 @@
---
# Which group is used for authentication
rs_auth_group: retrace
# Force to use HTTPS - only disable on trusted network
rs_require_https: true
# Allow to delete task data via HTTP API (https://server/<task_id>/delete)
rs_allow_api_delete: false
# Allow interactive tasks (security risk, do not use on public systems)
rs_allow_interactive: false
# Allow X-CoreFileDirectory header
rs_allow_external_dir: false
# Allow to create tasks owned by task manager (security risk)
rs_allow_task_manager: false
# Allow to create VMCore tasks in the task manager
rs_allow_vmcore_task: true
# Allow to create VMCore tasks in the task manager
rs_allow_usrcore_task: true
# If white list is disabled, anyone can delete tasks
rs_task_manager_auth_delete: false
# Whitespace-separated list of users allowed to delete tasks
rs_task_manager_delete_users:
# If set to non-empty string, makes the case number clickable in task manager
# The string is expanded by python, with the case number passed
# as the only argument, do not forget %d
rs_case_number_url:
# Verify GPG signatures of installed packages
rs_require_gpg_check: true
# Maximum tasks running at one moment
rs_max_parallel_tasks: 5
# Maximum size of archive uploaded by user (MB)
rs_max_packed_size: 50
# Maximum size of archive contents (MB)
rs_max_unpacked_size: 1024
# Minimal storage left on WorkDir FS after unpacking archive (MB)
rs_min_storage_left: 1024
# Delete old tasks after (hours); <= 0 means never
# This is mutually exclusive with ArchiveTasksAfter (see below)
# The one that occurs first removes the task from the system
# In case DeleteTaskAfter = ArchiveTaskAfter, archiving executes first
rs_delete_task_after: 0
# Delete old failed tasks after (hours); <= 0 means never
# This is useful for cleanup of failed tasks before the standard
# mechanisms do (DeleteTaskAfter or ArchiveTaskAfter)
# In case DeleteFailedTaskAfter > DeleteTaskAfter
# or DeleteFailedTaskAfter > ArchiveTaskAfter, this option does nothing
rs_delete_failed_task_after: 0
# Archive old task after (hours); <= 0 means never
# This is mutually exclusive with DeleteTasksAfter (see above)
# The one that occurs first removes the task from the system
# In case DeleteTaskAfter = ArchiveTaskAfter, archiving executes first
rs_archive_task_after: 0
# SQLite statistics DB filename
rs_db_file: stats.db
# Log directory
rs_log_dir: /var/log/retrace-server
# Local repos directory
rs_repo_dir: /var/cache/retrace-server
# Directory where the crashes and results are saved
rs_save_dir: /var/spool/retrace-server
# Directory where old tasks are moved
rs_drop_dir: /srv/retrace/archive
# Whether to use explicit working directory, otherwise default mock settings are used
rs_use_work_dir: false
# Working directory
rs_work_dir: /tmp/retrace-server
# Whether to use createrepo's --update option (faster, but requires a lot of memory)
rs_use_createrepo_update: false
# How many latest packages to keep for rawhide
rs_keep_rawhide_latest: 3
# Repo used to install chroot for vmcores
rs_kernel_chroot_repo: http://dl.fedoraproject.org/pub/fedora/linux/releases/16/Everything/$ARCH/os/
# Koji directory structure can be used to search for kernel debuginfo
rs_koji_root: /mnt/koji
# Whether task manager should look to an external FTP for task data
rs_use_ftp_tasks: false
# FTP connection parameters
rs_ftp_ssl: false
rs_ftp_host:
rs_ftp_user:
rs_ftp_password:
rs_ftp_dir: /
# Size of buffer for downloading from FTP (MB)
rs_ftp_buffer_size: 16
# Whether to use wget as a fallback to finding kernel debuginfos
rs_wget_kernel_debuginfos: false
# Where to download kernel debuginfos from
# $VERSION $RELEASE and $ARCH are replaced by the appropriate value
# kernel-debuginfo-VRA.rpm is appended to the end
rs_kernel_debuginfo_url: http://kojipkgs.fedoraproject.org/packages/$BASENAME/$VERSION/$RELEASE/$ARCH/
# Run makedumpfile with specified dumplevel; <= 0 or >= 32 means disabled
rs_vmcore_dump_level: 0
# Whether to run kmem command by default (this may take a long time on large vmcores)
# 1 => run 'kmem -f'; 2 => run 'kmem -f' with 'set hash off'; 3 => run 'kmem -z'; anything else => do not run kmem
rs_vmcore_run_kmem: 0
# EXPERIMENTAL! Use ABRT Server's storage to map build-ids
# into debuginfo packages and resolve dependencies
# Requires support from ABRT Server
rs_use_faf_packages: false
# Where to hardlink faf packages
rs_faf_link_dir: /var/spool/faf/retrace-tmp
# Whether to enable e-mail notifications
rs_email_notify: false
# Who sends the e-mail notifications
rs_email_notify_from_user: retrace
rs_archhosts:
- { arch: i386, url: }
- { arch: x86_64, url: }
- { arch: ppc64, url: }
- { arch: armhfp, url: }
- { arch: s390x, url: }
# Parameters are replaced using python's format.
# Available parameters: hook_name, task_id, task_dir
# Example: pre_start = /bin/echo {hook_name} {task_id} {task_dir}
# When worker.start() is called
rs_hookscripts:
- { hook: pre_start, cmd: }
- { hook: start, cmd: }
- { hook: pre_prepare_debuginfo, cmd: }
- { hook: post_prepare_debuginfo, cmd: }
- { hook: pre_prepare_mock, cmd: }
- { hook: post_prepare_mock, cmd: }
- { hook: pre_retrace, cmd: }
- { hook: post_retrace, cmd: }
- { hook: success, cmd: }
- { hook: fail, cmd: }
- { hook: pre_remove_task, cmd: }
- { hook: post_remove_task, cmd: }
- { hook: pre_clean_task, cmd: }
- { hook: post_clean_task, cmd: }
# Force package reinstall
rs_force_reinstall: false
# Check server health after installation
rs_check_health: true
# Hostname
hostname: example.org

View file

@ -0,0 +1,3 @@
---
- name: restart httpd
service: name=httpd state=restarted

View file

@ -0,0 +1 @@
{install_date: 'Thu Apr 6 13:39:54 2017', version: ''}

View file

@ -0,0 +1,19 @@
---
galaxy_info:
author: sorki
description: Deploy retrace-server
license: BSD
min_ansible_version: 1.9
platforms:
- name: EL
versions:
- 7
- name: Fedora
versions:
- 21
- 22
- 23
categories:
- system
#dependencies:
# - { role: httpd }

View file

@ -0,0 +1,18 @@
---
# check functionality
- meta: flush_handlers
- set_fact:
settings_url: "https://{{ ansible_default_ipv4.address }}/settings"
- name: fetch settings
local_action: uri url={{ settings_url }}
return_content=yes
validate_certs=no
register: uri_res
- fail: msg="{{ settings_url }} doesn't contain supported_releases"
when:
"'supported_releases' not in uri_res.content"

View file

@ -0,0 +1,10 @@
---
- name: configure retrace-server
template: src=etc-retrace-server.conf.j2
dest=/etc/retrace-server.conf
notify: restart httpd
- name: retrace-server http config
template: src=retrace-server-httpd.conf.j2
dest=/etc/httpd/conf.d/retrace-server-httpd.conf
notify: restart httpd

View file

@ -0,0 +1,7 @@
---
- name: erase retrace-server packages
yum: name=retrace-server state=absent
when: rs_force_reinstall
- name: install retrace-server package
yum : name=retrace-server state=installed

View file

@ -0,0 +1,18 @@
---
# Install retrace-server packages
- include: install.yml
tags: [rs, packages]
# Set up use of FAF packages
- include: usefafpkgs.yml
when: rs_use_faf_packages
tags: [rs, use_faf_packages]
# Configure retrace-server
- include: config.yml
tags: [rs, config]
# Check functionality of the retrace-server
- include: check.yml
when: rs_check_health
tags: [rs, check]

View file

@ -0,0 +1,34 @@
---
- name: check if faf installed
yum: list=faf
register: is_installed
- fail: msg="faf is not installed!"
when: '"installed" not in "{{ is_installed.results }}"'
- name: add user retrace to faf db
postgresql_user: db=faf
name=retrace
priv=ALL
role_attr_flags=SUPERUSER
state=present
become: yes
become_user: postgres
# for already existing files/dirs
- name: ACL for user retrace
acl: path=/var/spool/faf/lob state=present recursive=yes
entity=retrace etype=user permissions=rwX
# for files/dirs created in future
- name: default ACL for user retrace
acl: path=/var/spool/faf/lob state=present recursive=yes default=yes
entity=retrace etype=user permissions=rwX
- name: check for hardlink dir
stat: path={{ rs_faf_link_dir }}
register: rsdir
- name: make dir for hardlinks
file: path={{ rs_faf_link_dir }} state=directory owner=retrace group=retrace
when: rsdir.stat.exists == False

View file

@ -0,0 +1,162 @@
#{{ ansible_managed }}
[retrace]
# Which group is used for authentication
# Do not change AuthGroup if you really don't need to!
# When using non-default group "foo", you also need to
# 1) Set group=foo in WSGIDaemonProcess in /etc/httpd/conf.d/retrace-server-httpd.conf
# 2) Make LogDir, SaveDir and RepoDir readable and writable for foo
# 3) Execute all retrace-server-* scripts (including cron jobs!) with foo membership
AuthGroup = {{ rs_auth_group }}
# Force to use HTTPS - only disable on trusted network
RequireHTTPS = {{ rs_require_https|int }}
# Allow to delete task data via HTTP API (https://server/<task_id>/delete)
AllowAPIDelete = {{ rs_allow_api_delete|int }}
# Allow interactive tasks (security risk, do not use on public systems)
AllowInteractive = {{ rs_allow_interactive|int }}
# Allow X-CoreFileDirectory header
AllowExternalDir = {{ rs_allow_external_dir|int }}
# Allow to create tasks owned by task manager (security risk)
AllowTaskManager = {{ rs_allow_task_manager|int }}
# Allow to create VMCore tasks in the task manager
AllowVMCoreTask = {{ rs_allow_vmcore_task|int }}
# Allow to create Userspace core tasks in the task manager
AllowUsrCoreTask = {{ rs_allow_usrcore_task|int }}
# If white list is disabled, anyone can delete tasks
TaskManagerAuthDelete = {{ rs_task_manager_auth_delete|int }}
# Whitespace-separated list of users allowed to delete tasks
TaskManagerDeleteUsers = {{ rs_task_manager_delete_users|default('', true) }}
# If set to non-empty string, makes the case number clickable in task manager
# The string is expanded by python, with the case number passed
# as the only argument, do not forget %d
CaseNumberURL = {{ rs_case_number_url|default('', true) }}
# Verify GPG signatures of installed packages
RequireGPGCheck = {{ rs_require_gpg_check|int }}
# Maximum tasks running at one moment
MaxParallelTasks = {{ rs_max_parallel_tasks|int }}
# Maximum size of archive uploaded by user (MB)
MaxPackedSize = {{ rs_max_packed_size|int }}
# Maximum size of archive contents (MB)
MaxUnpackedSize = {{ rs_max_unpacked_size|int }}
# Minimal storage left on WorkDir FS after unpacking archive (MB)
MinStorageLeft = {{ rs_min_storage_left|int }}
# Delete old tasks after (hours); <= 0 means never
# This is mutually exclusive with ArchiveTasksAfter (see below)
# The one that occurs first removes the task from the system
# In case DeleteTaskAfter = ArchiveTaskAfter, archiving executes first
DeleteTaskAfter = {{ rs_delete_task_after|int }}
# Delete old failed tasks after (hours); <= 0 means never
# This is useful for cleanup of failed tasks before the standard
# mechanisms do (DeleteTaskAfter or ArchiveTaskAfter)
# In case DeleteFailedTaskAfter > DeleteTaskAfter
# or DeleteFailedTaskAfter > ArchiveTaskAfter, this option does nothing
DeleteFailedTaskAfter = {{ rs_delete_failed_task_after|int }}
# Archive old task after (hours); <= 0 means never
# This is mutually exclusive with DeleteTasksAfter (see above)
# The one that occurs first removes the task from the system
# In case DeleteTaskAfter = ArchiveTaskAfter, archiving executes first
ArchiveTaskAfter = {{ rs_archive_task_after|int }}
# SQLite statistics DB filename
DBFile = {{ rs_db_file }}
# Log directory
LogDir = {{ rs_log_dir }}
# Local repos directory
# if changed, you also need to update httpd config
RepoDir = {{ rs_repo_dir }}
# Directory where the crashes and results are saved
SaveDir = {{ rs_save_dir }}
# Directory where old tasks are moved
DropDir = {{ rs_drop_dir }}
# Whether to use explicit working directory, otherwise default mock settings are used
UseWorkDir = {{ rs_use_work_dir|int }}
# Working directory
WorkDir = {{ rs_work_dir }}
# Whether to use createrepo's --update option (faster, but requires a lot of memory)
UseCreaterepoUpdate = {{ rs_use_createrepo_update|int }}
# How many latest packages to keep for rawhide
KeepRawhideLatest = {{ rs_keep_rawhide_latest|int }}
# Repo used to install chroot for vmcores
KernelChrootRepo = {{ rs_kernel_chroot_repo }}
# Koji directory structure can be used to search for kernel debuginfo
KojiRoot = {{ rs_koji_root }}
# Whether task manager should look to an external FTP for task data
UseFTPTasks = {{ rs_use_ftp_tasks|int }}
# FTP connection parameters
FTPSSL = {{ rs_ftp_ssl|int }}
FTPHost = {{ rs_ftp_host|default('', true) }}
FTPUser = {{ rs_ftp_user|default('', true) }}
FTPPass = {{ rs_ftp_password|default('', true) }}
FTPDir = {{ rs_ftp_dir|default('', true) }}
# Size of buffer for downloading from FTP (MB)
FTPBufferSize = {{ rs_ftp_buffer_size|int }}
# Whether to use wget as a fallback to finding kernel debuginfos
WgetKernelDebuginfos = {{ rs_wget_kernel_debuginfos|int }}
# Where to download kernel debuginfos from
# $VERSION $RELEASE and $ARCH are replaced by the appropriate value
# kernel-debuginfo-VRA.rpm is appended to the end
KernelDebuginfoURL = {{ rs_kernel_debuginfo_url }}
# Run makedumpfile with specified dumplevel; <= 0 or >= 32 means disabled
VmcoreDumpLevel = {{ rs_vmcore_dump_level|int }}
# Whether to run kmem command by default (this may take a long time on large vmcores)
# 1 => run 'kmem -f'; 2 => run 'kmem -f' with 'set hash off'; 3 => run 'kmem -z'; anything else => do not run kmem
VmcoreRunKmem = {{ rs_vmcore_run_kmem|int }}
# EXPERIMENTAL! Use ABRT Server's storage to map build-ids
# into debuginfo packages and resolve dependencies
# Requires support from ABRT Server
UseFafPackages = {{ rs_use_faf_packages|int }}
# Where to hardlink faf packages
FafLinkDir = {{ rs_faf_link_dir }}
# Whether to enable e-mail notifications
EmailNotify = {{ rs_email_notify|int }}
# Who sends the e-mail notifications
EmailNotifyFrom = {{ rs_email_notify_from_user }}@{{ hostname }}
[archhosts]
{% for a in rs_archhosts %}
{{ a.arch }} = {{ a.url|default('', true) }}
{% endfor %}
[hookscripts]
{% for h in rs_hookscripts %}
{{ h.hook }} = {{ h.cmd|default('', true) }}
{% endfor %}

View file

@ -0,0 +1,47 @@
#{{ ansible_managed }}
WSGISocketPrefix /var/run/retrace
WSGIDaemonProcess retrace user=retrace group=retrace processes=5 threads=3
WSGIScriptAliasMatch ^/manager(/.*)?$ /usr/share/retrace-server/manager.wsgi
WSGIScriptAliasMatch ^/settings$ /usr/share/retrace-server/settings.wsgi
WSGIScriptAliasMatch ^/create$ /usr/share/retrace-server/create.wsgi
WSGIScriptAliasMatch ^/stats$ /usr/share/retrace-server/stats.wsgi
WSGIScriptAliasMatch ^/checkpackage$ /usr/share/retrace-server/checkpackage.wsgi
WSGIScriptAliasMatch ^/[0-9]+/?$ /usr/share/retrace-server/status.wsgi
WSGIScriptAliasMatch ^/[0-9]+/delete$ /usr/share/retrace-server/delete.wsgi
WSGIScriptAliasMatch ^/[0-9]+/log$ /usr/share/retrace-server/log.wsgi
WSGIScriptAliasMatch ^/[0-9]+/backtrace$ /usr/share/retrace-server/backtrace.wsgi
WSGIScriptAliasMatch ^/[0-9]+/exploitable$ /usr/share/retrace-server/exploitable.wsgi
WSGIScriptAliasMatch ^/[0-9]+/start$ /usr/share/retrace-server/start.wsgi
WSGIScriptAliasMatch ^/$ /usr/share/retrace-server/index.wsgi
<Directory "/var/cache/retrace-server">
Options Indexes FollowSymLinks
AllowOverride None
<IfModule mod_authz_core.c>
# Apache 2.4
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order allow,deny
Allow from all
</IfModule>
</Directory>
<LocationMatch "^/(manager(/.*)?|settings|create|stats|checkpackage|[0-9]+(/(log|backtrace|delete))?)?$">
WSGIProcessGroup retrace
Options -Indexes -FollowSymLinks
<IfModule mod_authz_core.c>
# Apache 2.4
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order allow,deny
Allow from all
</IfModule>
</LocationMatch>
Alias /repos /var/cache/retrace-server