diff --git a/inventory/group_vars/resultsdb-dev b/inventory/group_vars/resultsdb-dev index a86e5790fc..e6b3f34b4c 100644 --- a/inventory/group_vars/resultsdb-dev +++ b/inventory/group_vars/resultsdb-dev @@ -23,7 +23,6 @@ resultsdb_db_host_machine: db-qa01.qa.fedoraproject.org resultsdb_db_host: "{{ resultsdb_db_host_machine }}" resultsdb_db_port: 5432 resultsdb_endpoint: 'resultsdb_api' -resultsdb_fe_endpoint: 'resultsdb' resultsdb_db_name: resultsdb_dev resultsdb_db_user: "{{ dev_resultsdb_db_user }}" resultsdb_db_password: "{{ dev_resultsdb_db_password }}" @@ -32,6 +31,12 @@ resultsdb_secret_key: "{{ dev_resultsdb_secret_key }}" allowed_hosts: - 10.5.124 +############################################################ +# resultsdb frontend details +############################################################ +resultsdb_fe_endpoint: "resultsdb" +resultsdb_frontend_secret_key: "{{ dev_resultsdb_frontend_secretkey }}" + ############################################################ # execdb details diff --git a/inventory/group_vars/resultsdb-prod b/inventory/group_vars/resultsdb-prod index dcd4e56005..6a59c151e3 100644 --- a/inventory/group_vars/resultsdb-prod +++ b/inventory/group_vars/resultsdb-prod @@ -1,4 +1,7 @@ --- +############################################################ +# general information +############################################################ # common items for the releng-* boxes lvm_size: 50000 mem_size: 4096 @@ -11,27 +14,54 @@ fas_client_groups: sysadmin-qa nrpe_procs_warn: 250 nrpe_procs_crit: 300 +external_hostname: taskotron.fedoraproject.org deployment_type: prod + +############################################################ +# resultsdb details +############################################################ + +# the db_host_machine bits are so that delegation continues to work, even if +# that db is localhost relative to resultsdb + resultsdb_db_host_machine: db-qa01.qa.fedoraproject.org resultsdb_db_host: "{{ resultsdb_db_host_machine }}" resultsdb_db_port: 5432 resultsdb_endpoint: 'resultsdb_api' -resultsdb_fe_endpoint: 'resultsdb' resultsdb_db_name: resultsdb - -execdb_db_host_machine: db-qa01.qa.fedoraproject.org -execdb_db_host: "{{ execdb_db_host_machine }}" -execdb_db_port: 5432 -execdb_endpoint: 'execdb' -execdb_db_name: execdb - -external_hostname: taskotron.fedoraproject.org +resultsdb_db_user: "{{ prod_resultsdb_db_user }}" +resultsdb_db_password: "{{ prod_resultsdb_db_password }}" +resultsdb_secret_key: "{{ prod_resultsdb_secret_key }}" allowed_hosts: - 10.5.124 - 10.5.131 + +############################################################ +# resultsdb-frontend details +############################################################ +resultsdb_fe_endpoint: "resultsdb" +resultsdb_frontend_secret_key: "{{ prod_resultsdb_frontend_secretkey }}" + + +########################################################### +# execdb details +############################################################ +execdb_db_host_machine: db-qa01.qa.fedoraproject.org +execdb_db_host: "{{ execdb_db_host_machine }}" +execdb_db_port: 5432 +execdb_endpoint: 'execdb' +execdb_db_name: execdb +execdb_db_user: "{{ prod_execdb_db_user }}" +execdb_db_password: "{{ prod_execdb_db_password }}" +execdb_secret_key: "{{ prod_execdb_secret_key }}" + + +############################################################ +# fedmsg details +############################################################ fedmsg_active: True fedmsg_cert_prefix: resultsdb diff --git a/inventory/group_vars/resultsdb-stg b/inventory/group_vars/resultsdb-stg index 03e2c23003..114d5015a7 100644 --- a/inventory/group_vars/resultsdb-stg +++ b/inventory/group_vars/resultsdb-stg @@ -25,7 +25,6 @@ resultsdb_db_host_machine: db-qa01.qa.fedoraproject.org resultsdb_db_host: "{{ resultsdb_db_host_machine }}" resultsdb_db_port: 5432 resultsdb_endpoint: 'resultsdb_api' -resultsdb_fe_endpoint: 'resultsdb' resultsdb_db_name: resultsdb_stg resultsdb_db_user: "{{ stg_resultsdb_db_user }}" resultsdb_db_password: "{{ stg_resultsdb_db_password }}" @@ -35,6 +34,13 @@ allowed_hosts: - 10.5.124 +############################################################ +# resultsdb-frontend details +############################################################ +resultsdb_fe_endpoint: "resultsdb" +resultsdb_frontend_secret_key: "{{ stg_resultsdb_frontend_secretkey }}" + + ############################################################ # execdb details ############################################################ diff --git a/inventory/host_vars/testdays.fedorainfracloud.org b/inventory/host_vars/testdays.fedorainfracloud.org index c62328ec77..017650c131 100644 --- a/inventory/host_vars/testdays.fedorainfracloud.org +++ b/inventory/host_vars/testdays.fedorainfracloud.org @@ -59,7 +59,7 @@ allowed_hosts: # resultsdb_frontend ############################################################ -local_resultsdb_frontend_secret_key: "{{ testdays_resultsdb_frontend_secretkey }}" +resultsdb_frontend_secret_key: "{{ testdays_resultsdb_frontend_secretkey }}" resultsdb_fe_endpoint: "resultsdb" ############################################################ diff --git a/roles/taskotron/execdb/tasks/main.yml b/roles/taskotron/execdb/tasks/main.yml index 0301c03a7d..06582d9782 100644 --- a/roles/taskotron/execdb/tasks/main.yml +++ b/roles/taskotron/execdb/tasks/main.yml @@ -23,34 +23,12 @@ become: true postgresql_db: db={{ execdb_db_name }} -- name: ensure dev execdb db user has access to dev database - when: deployment_type == 'dev' +- name: ensure execdb db user has access to database delegate_to: "{{ execdb_db_host_machine }}" become_user: postgres become: true postgresql_user: db={{ execdb_db_name }} user={{ execdb_db_user }} password={{ execdb_db_password }} role_attr_flags=NOSUPERUSER -- name: ensure stg execdb db user has access to stg database - when: deployment_type == 'stg' - delegate_to: "{{ execdb_db_host }}" - become_user: postgres - become: true - postgresql_user: db={{ execdb_db_name }} user={{ stg_execdb_db_user }} password={{ stg_execdb_db_password }} role_attr_flags=NOSUPERUSER - -- name: ensure prod execdb db user has access to prod database - when: deployment_type == 'prod' - delegate_to: "{{ execdb_db_host }}" - become_user: postgres - become: true - postgresql_user: db={{ execdb_db_name }} user={{ prod_execdb_db_user }} password={{ prod_execdb_db_password }} role_attr_flags=NOSUPERUSER - -- name: ensure local execdb db user has access to prod database - when: deployment_type == 'local' - delegate_to: "{{ execdb_db_host }}" - become_user: postgres - become: true - postgresql_user: db={{ execdb_db_name }} user={{ local_execdb_db_user }} password={{ local_execdb_db_password }} role_attr_flags=NOSUPERUSER - - name: ensure selinux lets httpd talk to postgres seboolean: name=httpd_can_network_connect_db persistent=yes state=yes diff --git a/roles/taskotron/execdb/templates/alembic.ini.j2 b/roles/taskotron/execdb/templates/alembic.ini.j2 index a1db05dca4..21550dea31 100644 --- a/roles/taskotron/execdb/templates/alembic.ini.j2 +++ b/roles/taskotron/execdb/templates/alembic.ini.j2 @@ -35,18 +35,7 @@ sqlalchemy.url = driver://user:pass@localhost/dbname # path to migration scripts on a packaged install script_location = /usr/share/execdb/alembic -{% if deployment_type == 'prod' %} -sqlalchemy.url = 'postgresql+psycopg2://{{ prod_execdb_db_user }}:{{ prod_execdb_db_password }}@{{ execdb_db_host }}:{{ execdb_db_port }}/{{ execdb_db_name }}' -{% endif %} -{% if deployment_type == 'stg' %} -sqlalchemy.url = 'postgresql+psycopg2://{{ stg_execdb_db_user }}:{{ stg_execdb_db_password }}@{{ execdb_db_host }}:{{ execdb_db_port }}/{{ execdb_db_name }}' -{% endif %} -{% if deployment_type == 'dev' %} -sqlalchemy.url = 'postgresql+psycopg2://{{ dev_execdb_db_user }}:{{ dev_execdb_db_password }}@{{ execdb_db_host }}:{{ execdb_db_port }}/{{ execdb_db_name }}' -{% endif %} -{% if deployment_type == 'local' %} -sqlalchemy.url = 'postgresql+psycopg2://{{ local_execdb_db_user }}:{{ local_execdb_db_password }}@127.0.0.1:{{ execdb_db_port }}/{{ execdb_db_name }}' -{% endif %} +sqlalchemy.url = 'postgresql+psycopg2://{{ execdb_db_user }}:{{ execdb_db_password }}@{{ execdb_db_host }}:{{ execdb_db_port }}/{{ execdb_db_name }}' # Logging configuration [loggers] diff --git a/roles/taskotron/execdb/templates/settings.py.j2 b/roles/taskotron/execdb/templates/settings.py.j2 index 9494fe200f..eeb44775c3 100644 --- a/roles/taskotron/execdb/templates/settings.py.j2 +++ b/roles/taskotron/execdb/templates/settings.py.j2 @@ -1,15 +1,6 @@ -{%- if deployment_type == 'prod' %} -SECRET_KEY = '{{ prod_execdb_secret_key }}' -SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://{{ prod_execdb_db_user }}:{{ prod_execdb_db_password }}@{{ execdb_db_host }}:{{ execdb_db_port }}/{{ execdb_db_name }}' -{% endif %} -{%- if deployment_type == 'stg' %} -SECRET_KEY = '{{ stg_execdb_secret_key }}' -SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://{{ stg_execdb_db_user }}:{{ stg_execdb_db_password }}@{{ execdb_db_host }}:{{ execdb_db_port }}/{{ execdb_db_name }}' -{% endif %} -{%- if deployment_type == 'dev' or deployment_type == 'local' %} SECRET_KEY = '{{ execdb_secret_key }}' SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://{{ execdb_db_user }}:{{ execdb_db_password }}@{{ execdb_db_host }}:{{ execdb_db_port }}/{{ execdb_db_name }}' -{% endif %} + FILE_LOGGING = False LOGFILR = '/var/log/execdb/execdb.log' SYSLOG_LOGGING = False diff --git a/roles/taskotron/resultsdb-backend/tasks/main.yml b/roles/taskotron/resultsdb-backend/tasks/main.yml index b80690dc23..4b33fc1e0c 100644 --- a/roles/taskotron/resultsdb-backend/tasks/main.yml +++ b/roles/taskotron/resultsdb-backend/tasks/main.yml @@ -24,26 +24,11 @@ postgresql_db: db={{ resultsdb_db_name }} - name: ensure resultsdb db user has access to database - when: deployment_type == 'dev' or deployment_type == 'local' delegate_to: "{{ resultsdb_db_host_machine }}" become_user: postgres become: true postgresql_user: db={{ resultsdb_db_name }} user={{ resultsdb_db_user }} password={{ resultsdb_db_password }} role_attr_flags=NOSUPERUSER -- name: ensure stg resultsdb db user has access to stg database - when: deployment_type == 'stg' - delegate_to: "{{ resultsdb_db_host }}" - become_user: postgres - become: true - postgresql_user: db={{ resultsdb_db_name }} user={{ stg_resultsdb_db_user }} password={{ stg_resultsdb_db_password }} role_attr_flags=NOSUPERUSER - -- name: ensure prod resultsdb db user has access to prod database - when: deployment_type == 'prod' - delegate_to: "{{ resultsdb_db_host }}" - become_user: postgres - become: true - postgresql_user: db={{ resultsdb_db_name }} user={{ prod_resultsdb_db_user }} password={{ prod_resultsdb_db_password }} role_attr_flags=NOSUPERUSER - - name: ensure selinux lets httpd talk to postgres seboolean: name=httpd_can_network_connect_db persistent=yes state=yes diff --git a/roles/taskotron/resultsdb-backend/templates/settings.py.j2 b/roles/taskotron/resultsdb-backend/templates/settings.py.j2 index 86d25199c1..4f72e7d72e 100644 --- a/roles/taskotron/resultsdb-backend/templates/settings.py.j2 +++ b/roles/taskotron/resultsdb-backend/templates/settings.py.j2 @@ -1,20 +1,13 @@ -{%- if deployment_type == 'prod' %} -SECRET_KEY = '{{ prod_resultsdb_secret_key }}' -SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://{{ prod_resultsdb_db_user }}:{{ prod_resultsdb_db_password }}@{{ resultsdb_db_host }}:{{ resultsdb_db_port }}/{{ resultsdb_db_name }}' -FEDMSG_PUBLISH = True -{% endif %} -{%- if deployment_type == 'stg' %} -SECRET_KEY = '{{ stg_resultsdb_secret_key }}' -SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://{{ stg_resultsdb_db_user }}:{{ stg_resultsdb_db_password }}@{{ resultsdb_db_host }}:{{ resultsdb_db_port }}/{{ resultsdb_db_name }}' -FEDMSG_PUBLISH = True -{% endif %} -{%- if deployment_type == 'local' or deployment_type == 'dev'%} SECRET_KEY = '{{ resultsdb_secret_key }}' SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://{{ resultsdb_db_user }}:{{ resultsdb_db_password }}@{{ resultsdb_db_host }}:{{ resultsdb_db_port }}/{{ resultsdb_db_name }}' -FEDMSG_PUBLISH = False -{% endif %} FILE_LOGGING = False LOGFILR = '/var/log/resultsdb/resultsdb.log' SYSLOG_LOGGING = False STREAM_LOGGING = True + FEDMSG_MODNAME = 'taskotron' +FEDMSG_PUBLISH = True +{% if deployment_type in ['local', 'dev']%} +FEDMSG_PUBLISH = False +{% endif %} + diff --git a/roles/taskotron/resultsdb-frontend/templates/settings.py.j2 b/roles/taskotron/resultsdb-frontend/templates/settings.py.j2 index b4791f2290..a2a852795e 100644 --- a/roles/taskotron/resultsdb-frontend/templates/settings.py.j2 +++ b/roles/taskotron/resultsdb-frontend/templates/settings.py.j2 @@ -1,18 +1,7 @@ # while you can use this as a template, we recommend that you use the blockerbugs # cli to generate a config file RDB_URL = 'http://127.0.0.1/{{ resultsdb_endpoint }}/api/v1.0' -{% if deployment_type == 'dev' %} -SECRET_KEY = '{{ dev_resultsdb_frontend_secret_key }}' -{% endif %} -{% if deployment_type == 'stg' %} -SECRET_KEY = '{{ stg_resultsdb_frontend_secret_key }}' -{% endif %} -{% if deployment_type == 'prod' %} -SECRET_KEY = '{{ prod_resultsdb_frontend_secret_key }}' -{% endif %} -{% if deployment_type == 'local' %} -SECRET_KEY = '{{ local_resultsdb_frontend_secret_key }}' -{% endif %} +SECRET_KEY = '{{ resultsdb_frontend_secret_key }}' FILE_LOGGING = False LOGFILR = '/var/log/resultsdb_frontend/resultsdb_frontend.log'