From 6971c2f4025249017cb8bdda3c4190bcda3861f8 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Tue, 20 Aug 2013 18:35:14 +0000 Subject: [PATCH 01/15] Log output from badge awarding cronjobs. --- roles/badges-backend/files/cron/award-libravatar-badge.cron | 2 +- roles/badges-backend/files/cron/award-oldschool-badges.cron | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/badges-backend/files/cron/award-libravatar-badge.cron b/roles/badges-backend/files/cron/award-libravatar-badge.cron index 35a9c1c0ea..e963b33344 100644 --- a/roles/badges-backend/files/cron/award-libravatar-badge.cron +++ b/roles/badges-backend/files/cron/award-libravatar-badge.cron @@ -1 +1 @@ -*/55 * * * * fedmsg /usr/share/badges/cronjobs/award-libravatar-badge +*/40 * * * * fedmsg /usr/share/badges/cronjobs/award-libravatar-badge > /var/log/fedmsg/award-libravatar-badge-cron.log 2>&1 diff --git a/roles/badges-backend/files/cron/award-oldschool-badges.cron b/roles/badges-backend/files/cron/award-oldschool-badges.cron index fd7b3ce7b4..d84794e2f6 100644 --- a/roles/badges-backend/files/cron/award-oldschool-badges.cron +++ b/roles/badges-backend/files/cron/award-oldschool-badges.cron @@ -1 +1 @@ -*/25 * * * * fedmsg /usr/share/badges/cronjobs/award-oldschool-badges +*/25 * * * * fedmsg /usr/share/badges/cronjobs/award-oldschool-badges > /var/log/fedmsg/award-oldschool-badges-cron.log 2>&1 From e9afaab2c213167b1b3da70ba7c1c1f018b7b9c0 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Tue, 20 Aug 2013 18:42:04 +0000 Subject: [PATCH 02/15] Adjust when the cronjob runs. --- roles/badges-backend/files/cron/award-libravatar-badge.cron | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/badges-backend/files/cron/award-libravatar-badge.cron b/roles/badges-backend/files/cron/award-libravatar-badge.cron index e963b33344..8b8b363fc2 100644 --- a/roles/badges-backend/files/cron/award-libravatar-badge.cron +++ b/roles/badges-backend/files/cron/award-libravatar-badge.cron @@ -1 +1 @@ -*/40 * * * * fedmsg /usr/share/badges/cronjobs/award-libravatar-badge > /var/log/fedmsg/award-libravatar-badge-cron.log 2>&1 +*/45 * * * * fedmsg /usr/share/badges/cronjobs/award-libravatar-badge > /var/log/fedmsg/award-libravatar-badge-cron.log 2>&1 From 4923b7a1fd1b6802909868801c19678420e05156 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Tue, 20 Aug 2013 18:45:40 +0000 Subject: [PATCH 03/15] Adjust it yet again. --- roles/badges-backend/files/cron/award-libravatar-badge.cron | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/badges-backend/files/cron/award-libravatar-badge.cron b/roles/badges-backend/files/cron/award-libravatar-badge.cron index 8b8b363fc2..6eb8c441e1 100644 --- a/roles/badges-backend/files/cron/award-libravatar-badge.cron +++ b/roles/badges-backend/files/cron/award-libravatar-badge.cron @@ -1 +1 @@ -*/45 * * * * fedmsg /usr/share/badges/cronjobs/award-libravatar-badge > /var/log/fedmsg/award-libravatar-badge-cron.log 2>&1 +*/50 * * * * fedmsg /usr/share/badges/cronjobs/award-libravatar-badge > /var/log/fedmsg/award-libravatar-badge-cron.log 2>&1 From f3c2d8132d21051ebd0c75f55ef35c9d94232e7f Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Tue, 20 Aug 2013 18:46:15 +0000 Subject: [PATCH 04/15] Still more adjusting. --- roles/badges-backend/files/cron/award-libravatar-badge.cron | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/badges-backend/files/cron/award-libravatar-badge.cron b/roles/badges-backend/files/cron/award-libravatar-badge.cron index 6eb8c441e1..c5a07e520c 100644 --- a/roles/badges-backend/files/cron/award-libravatar-badge.cron +++ b/roles/badges-backend/files/cron/award-libravatar-badge.cron @@ -1 +1 @@ -*/50 * * * * fedmsg /usr/share/badges/cronjobs/award-libravatar-badge > /var/log/fedmsg/award-libravatar-badge-cron.log 2>&1 +*/52 * * * * fedmsg /usr/share/badges/cronjobs/award-libravatar-badge > /var/log/fedmsg/award-libravatar-badge-cron.log 2>&1 From 4d01b7f4e27c318599bd21f3d59e4141874eb5c1 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Tue, 20 Aug 2013 18:49:09 +0000 Subject: [PATCH 05/15] Fix an actual bug. --- roles/badges-backend/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/badges-backend/tasks/main.yml b/roles/badges-backend/tasks/main.yml index ebfc4e277f..42780042ba 100644 --- a/roles/badges-backend/tasks/main.yml +++ b/roles/badges-backend/tasks/main.yml @@ -84,7 +84,7 @@ - name: oldschool badge award cronjobs copy: > - src=cron/$item + src=cron/$item.cron dest=/etc/cron.d/$item owner=root mode=644 From e38d3a608899da214bdea0be4aab8d7a38e03ce1 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Tue, 20 Aug 2013 18:54:41 +0000 Subject: [PATCH 06/15] Cron syntax. --- roles/badges-backend/files/cron/award-libravatar-badge.cron | 2 +- roles/badges-backend/files/cron/award-oldschool-badges.cron | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/badges-backend/files/cron/award-libravatar-badge.cron b/roles/badges-backend/files/cron/award-libravatar-badge.cron index c5a07e520c..4347d33b13 100644 --- a/roles/badges-backend/files/cron/award-libravatar-badge.cron +++ b/roles/badges-backend/files/cron/award-libravatar-badge.cron @@ -1 +1 @@ -*/52 * * * * fedmsg /usr/share/badges/cronjobs/award-libravatar-badge > /var/log/fedmsg/award-libravatar-badge-cron.log 2>&1 +58 * * * * fedmsg /usr/share/badges/cronjobs/award-libravatar-badge > /var/log/fedmsg/award-libravatar-badge-cron.log 2>&1 diff --git a/roles/badges-backend/files/cron/award-oldschool-badges.cron b/roles/badges-backend/files/cron/award-oldschool-badges.cron index d84794e2f6..8454c24261 100644 --- a/roles/badges-backend/files/cron/award-oldschool-badges.cron +++ b/roles/badges-backend/files/cron/award-oldschool-badges.cron @@ -1 +1 @@ -*/25 * * * * fedmsg /usr/share/badges/cronjobs/award-oldschool-badges > /var/log/fedmsg/award-oldschool-badges-cron.log 2>&1 +25 * * * * fedmsg /usr/share/badges/cronjobs/award-oldschool-badges > /var/log/fedmsg/award-oldschool-badges-cron.log 2>&1 From 4c81cc6b65b1598ebb48a47fdae8758657ff9bb7 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Tue, 20 Aug 2013 19:34:07 +0000 Subject: [PATCH 07/15] Ensure the fedmsg user has a homedir for cron to work. --- .../files/cron/award-libravatar-badge.cron | 2 +- roles/badges-backend/tasks/main.yml | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/roles/badges-backend/files/cron/award-libravatar-badge.cron b/roles/badges-backend/files/cron/award-libravatar-badge.cron index 4347d33b13..26f6f5fbfa 100644 --- a/roles/badges-backend/files/cron/award-libravatar-badge.cron +++ b/roles/badges-backend/files/cron/award-libravatar-badge.cron @@ -1 +1 @@ -58 * * * * fedmsg /usr/share/badges/cronjobs/award-libravatar-badge > /var/log/fedmsg/award-libravatar-badge-cron.log 2>&1 +40 * * * * fedmsg /usr/share/badges/cronjobs/award-libravatar-badge > /var/log/fedmsg/award-libravatar-badge-cron.log 2>&1 diff --git a/roles/badges-backend/tasks/main.yml b/roles/badges-backend/tasks/main.yml index 42780042ba..93c8eb07af 100644 --- a/roles/badges-backend/tasks/main.yml +++ b/roles/badges-backend/tasks/main.yml @@ -55,6 +55,16 @@ notify: - restart fedmsg-hub +- name: ensure the fedmsg user has a homedir for cron to work + file: > + state=directory + path=/usr/share/fedmsg + mode=700 + owner=fedmsg + group=fedmsg + tags: + - config + - cron - name: ensure badges cron directories exist file: > From 31868e7896b5fef7bfb0ecf9896d45a8cbbebd78 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Tue, 20 Aug 2013 20:09:45 +0000 Subject: [PATCH 08/15] No need to save these. --- roles/badges-backend/files/cron/award-libravatar-badge.cron | 2 +- roles/badges-backend/files/cron/award-oldschool-badges.cron | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/badges-backend/files/cron/award-libravatar-badge.cron b/roles/badges-backend/files/cron/award-libravatar-badge.cron index 26f6f5fbfa..0357c150af 100644 --- a/roles/badges-backend/files/cron/award-libravatar-badge.cron +++ b/roles/badges-backend/files/cron/award-libravatar-badge.cron @@ -1 +1 @@ -40 * * * * fedmsg /usr/share/badges/cronjobs/award-libravatar-badge > /var/log/fedmsg/award-libravatar-badge-cron.log 2>&1 +40 * * * * fedmsg /usr/share/badges/cronjobs/award-libravatar-badge > /dev/null 2>&1 diff --git a/roles/badges-backend/files/cron/award-oldschool-badges.cron b/roles/badges-backend/files/cron/award-oldschool-badges.cron index 8454c24261..33c91e9328 100644 --- a/roles/badges-backend/files/cron/award-oldschool-badges.cron +++ b/roles/badges-backend/files/cron/award-oldschool-badges.cron @@ -1 +1 @@ -25 * * * * fedmsg /usr/share/badges/cronjobs/award-oldschool-badges > /var/log/fedmsg/award-oldschool-badges-cron.log 2>&1 +25 * * * * fedmsg /usr/share/badges/cronjobs/award-oldschool-badges > /dev/null 2>&1 From cf0e45210515fc55a241d0de275ddffb883de1fb Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Wed, 21 Aug 2013 14:35:36 +0000 Subject: [PATCH 09/15] use f20 buildroot for branched --- files/releng/fedora-branched-compose-i386.cfg | 2 +- files/releng/fedora-branched-compose-x86_64.cfg | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/files/releng/fedora-branched-compose-i386.cfg b/files/releng/fedora-branched-compose-i386.cfg index 9af66c03d5..a44f78da9f 100644 --- a/files/releng/fedora-branched-compose-i386.cfg +++ b/files/releng/fedora-branched-compose-i386.cfg @@ -31,7 +31,7 @@ cost=5000 [static] name=static -baseurl=http://kojipkgs.fedoraproject.org/repos/f19-build/latest/i386 +baseurl=http://kojipkgs.fedoraproject.org/repos/f20-build/latest/i386 enabled=1 #cost=2000 """ diff --git a/files/releng/fedora-branched-compose-x86_64.cfg b/files/releng/fedora-branched-compose-x86_64.cfg index 9c9e5eab0f..4791405145 100644 --- a/files/releng/fedora-branched-compose-x86_64.cfg +++ b/files/releng/fedora-branched-compose-x86_64.cfg @@ -31,7 +31,7 @@ cost=5000 [static] name=static -baseurl=http://kojipkgs.fedoraproject.org/repos/f19-build/latest/x86_64 +baseurl=http://kojipkgs.fedoraproject.org/repos/f20-build/latest/x86_64 enabled=1 #cost=2000 """ From 236acce903d7e5a8ccc281e096a00ba3db6f11f5 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Wed, 21 Aug 2013 15:55:09 +0000 Subject: [PATCH 10/15] Disable badges cronjobs in staging. --- roles/badges-backend/tasks/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/badges-backend/tasks/main.yml b/roles/badges-backend/tasks/main.yml index 93c8eb07af..42d9e1d1df 100644 --- a/roles/badges-backend/tasks/main.yml +++ b/roles/badges-backend/tasks/main.yml @@ -62,6 +62,7 @@ mode=700 owner=fedmsg group=fedmsg + only_if: "'$env' != 'staging'" tags: - config - cron @@ -72,6 +73,7 @@ path=$item mode=755 owner=root + only_if: "'$env' != 'staging'" with_items: - /usr/share/badges/cronjobs/ - /etc/cron.d/ @@ -85,6 +87,7 @@ dest=/usr/share/badges/cronjobs/$item owner=fedmsg mode=744 + only_if: "'$env' != 'staging'" with_items: - award-oldschool-badges - award-libravatar-badge @@ -98,6 +101,7 @@ dest=/etc/cron.d/$item owner=root mode=644 + only_if: "'$env' != 'staging'" with_items: - award-oldschool-badges - award-libravatar-badge From 4dbcf3f2268a045731c3f9e570ac9669dbb96e65 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 21 Aug 2013 17:09:40 +0000 Subject: [PATCH 11/15] Add yum-cron role, add to mailman-stg group. --- playbooks/groups/mailman.yml | 1 + roles/yum-cron/tasks/main.yml | 25 ++++++++ roles/yum-cron/templates/yum-cron.conf.j2 | 76 +++++++++++++++++++++++ 3 files changed, 102 insertions(+) create mode 100644 roles/yum-cron/tasks/main.yml create mode 100644 roles/yum-cron/templates/yum-cron.conf.j2 diff --git a/playbooks/groups/mailman.yml b/playbooks/groups/mailman.yml index 78f22afdf9..765f5eddc2 100644 --- a/playbooks/groups/mailman.yml +++ b/playbooks/groups/mailman.yml @@ -33,6 +33,7 @@ - /srv/web/infra/ansible/roles/denyhosts - /srv/web/infra/ansible/roles/nagios_client - /srv/web/infra/ansible/roles/fas_client + - /srv/web/infra/ansible/roles/yum-cron tasks: # this is how you include other task lists diff --git a/roles/yum-cron/tasks/main.yml b/roles/yum-cron/tasks/main.yml new file mode 100644 index 0000000000..9e82a09a5d --- /dev/null +++ b/roles/yum-cron/tasks/main.yml @@ -0,0 +1,25 @@ +--- + +# +# This role adds yum cron package and configuration. +# We want this on any public facing Fedora installs so we +# can pick up security updates. +# + +- name: install yum-cron + yum: name=yum-cron state=present + tags: + - packages + when: ansible_distribution == 'Fedora' + +- name: install yum-cron.conf + template: src=yum-cron.conf.j2 dest=/etc/yum/yum-cron.conf mode=0644 + tags: + - config + when: ansible_distribution == 'Fedora' + +- name: enable yum-cron + copy: content="enable yum cron" dest=/var/lock/subsys/yum-cron mode=0644 + tags: + - config + when: ansible_distribution == 'Fedora' diff --git a/roles/yum-cron/templates/yum-cron.conf.j2 b/roles/yum-cron/templates/yum-cron.conf.j2 new file mode 100644 index 0000000000..ecefacff82 --- /dev/null +++ b/roles/yum-cron/templates/yum-cron.conf.j2 @@ -0,0 +1,76 @@ +[commands] +# What kind of update to use: +# default = yum upgrade +# security = yum --security upgrade +# security-severity:Critical = yum --sec-severity=Critical upgrade +# minimal = yum --bugfix upgrade-minimal +# minimal-security = yum --security upgrade-minimal +# minimal-security-severity:Critical = --sec-severity=Critical upgrade-minimal +update_cmd = security + +# Whether a message should emitted when updates are available. +update_messages = yes + +# Whether updates should be downloaded when they are available. Note +# that updates_messages must also be yes for updates to be downloaded. +download_updates = yes + +# Whether updates should be applied when they are available. Note +# that both update_messages and download_updates must also be yes for +# the update to be applied +apply_updates = yes + +# Maximum amout of time to randomly sleep, in minutes. The program +# will sleep for a random amount of time between 0 and random_sleep +# minutes before running. This is useful for e.g. staggering the +# times that multiple systems will access update servers. If +# random_sleep is 0 or negative, the program will run immediately. +random_sleep = 0 + + +[emitters] +# Name to use for this system in messages that are emitted. If +# system_name is None, the hostname will be used. +system_name = None + +# How to send messages. Valid options are stdio and email. If +# emit_via includes stdio, messages will be sent to stdout; this is useful +# to have cron send the messages. If emit_via includes email, this +# program will send email itself according to the configured options. +# If emit_via is None or left blank, no messages will be sent. +emit_via = stdio + +# The width, in characters, that messages that are emitted should be +# formatted to. +ouput_width = 80 + + +[email] +# The address to send email messages from. +email_from = root@localhost + +# List of addresses to send messages to. +email_to = root + +# Name of the host to connect to to send email messages. +email_host = localhost + + +[groups] +# List of groups to update +group_list = None + +# The types of group packages to install +group_package_types = mandatory, default + +[base] +# Use this to filter Yum core messages +# -4: critical +# -3: critical+errors +# -2: critical+errors+warnings (default) +debuglevel = -2 + +# override yum options of the same name +# skip_broken = True + +mdpolicy = group:main From 702311cc3cee116c0c59128c4db88764af93684d Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Wed, 21 Aug 2013 19:27:55 +0000 Subject: [PATCH 12/15] Start of a stub of a fedorahosted-git + fedmsg playbook. --- playbooks/fedorahosted_fedmsg_git.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 playbooks/fedorahosted_fedmsg_git.yml diff --git a/playbooks/fedorahosted_fedmsg_git.yml b/playbooks/fedorahosted_fedmsg_git.yml new file mode 100644 index 0000000000..1dfbd98782 --- /dev/null +++ b/playbooks/fedorahosted_fedmsg_git.yml @@ -0,0 +1,12 @@ +# requires --extra-vars="repos='yokan.git;yumex.git;yum-langpacks.git'" + +- name: Install the fedmsg hook into a number of fedrahosted git repos + hosts: hosted03 + user: root + + tasks: + - name: ensure there is a post-receive-chained.d/ directory + file: > + ensure=directory + path=/srv/git/${item}/hooks/post-receive-chained.d/ + with_items: ${repos} From fa592284b774f5604bf8b0ed8763863aaa22a103 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Wed, 21 Aug 2013 19:29:42 +0000 Subject: [PATCH 13/15] Update the host. --- playbooks/fedorahosted_fedmsg_git.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/fedorahosted_fedmsg_git.yml b/playbooks/fedorahosted_fedmsg_git.yml index 1dfbd98782..2f09702f7a 100644 --- a/playbooks/fedorahosted_fedmsg_git.yml +++ b/playbooks/fedorahosted_fedmsg_git.yml @@ -1,7 +1,7 @@ # requires --extra-vars="repos='yokan.git;yumex.git;yum-langpacks.git'" - name: Install the fedmsg hook into a number of fedrahosted git repos - hosts: hosted03 + hosts: hosted03.fedoraproject.org user: root tasks: From 99266722b65acba3c9acc3521f4e18da0f47879b Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Wed, 21 Aug 2013 19:31:07 +0000 Subject: [PATCH 14/15] Puppet on the brain. --- playbooks/fedorahosted_fedmsg_git.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/fedorahosted_fedmsg_git.yml b/playbooks/fedorahosted_fedmsg_git.yml index 2f09702f7a..b286295bea 100644 --- a/playbooks/fedorahosted_fedmsg_git.yml +++ b/playbooks/fedorahosted_fedmsg_git.yml @@ -7,6 +7,6 @@ tasks: - name: ensure there is a post-receive-chained.d/ directory file: > - ensure=directory + state=directory path=/srv/git/${item}/hooks/post-receive-chained.d/ with_items: ${repos} From a5aca28f0fc271657722b231b1ebfce2fd0d4db8 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Wed, 21 Aug 2013 20:05:42 +0000 Subject: [PATCH 15/15] Finish off that playbook. --- playbooks/fedorahosted_fedmsg_git.yml | 41 +++++++++++++++++++++++++-- 1 file changed, 39 insertions(+), 2 deletions(-) diff --git a/playbooks/fedorahosted_fedmsg_git.yml b/playbooks/fedorahosted_fedmsg_git.yml index b286295bea..fd93e14ac1 100644 --- a/playbooks/fedorahosted_fedmsg_git.yml +++ b/playbooks/fedorahosted_fedmsg_git.yml @@ -1,12 +1,49 @@ -# requires --extra-vars="repos='yokan.git;yumex.git;yum-langpacks.git'" +# requires --extra-vars "{'repos': ['yokan.git', 'yumex.git']}" - name: Install the fedmsg hook into a number of fedrahosted git repos hosts: hosted03.fedoraproject.org user: root + vars: + prefix: /srv/git/ + chained: /hooks/post-receive-chained.d + fedmsg_hook: /usr/local/share/git/hooks/post-receive-fedorahosted-fedmsg + chained_hook: /usr/share/git-core/post-receive-chained + tasks: + + # First -- a sanity check. We want this to fail and stop the playbook if + # someone typoed and reponame. The "command" here claims that it "creates" a + # file. That is not actually true, but it tells ansible to not bother running + # the command *if* that creates= file is already present. Its a hackaround to + # make this task idempotent. + - name: make sure the git repos exist in the first place + command: /bin/ls ${prefix}${item} creates=${prefix}${item} + with_items: ${repos} + - name: ensure there is a post-receive-chained.d/ directory file: > state=directory - path=/srv/git/${item}/hooks/post-receive-chained.d/ + path=${prefix}${item}${chained}/ + with_items: ${repos} + + - name: move the old post-receive email hook into the chained dir + command: > + /bin/mv ${prefix}${item}/hooks/post-receive ${prefix}${item}${chained}/post-receive-email + removes=${prefix}${item}/hooks/post-receive + creates=${prefix}${item}${chained}/post-receive-email + with_items: ${repos} + + - name: symlink the fedmsg hook into the chained dir + file: > + path=${prefix}${item}${chained}/post-receive-fedmsg + src=${fedmsg_hook} + state=link + with_items: ${repos} + + - name: symlink in the chained hook redirector + file: > + path=${prefix}${item}/hooks/post-receive + src=${chained_hook} + state=link with_items: ${repos}