adding resultsdb-stg01 host, resultsdb-stg group, resultsdb backend and frontend roles

inventory/group_vars/resultsdb-stg

@@ -0,0 +1,32 @@
+---
+# common items for the releng-* boxes
+lvm_size: 50000
+mem_size: 4096
+num_cpus: 4
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+tcp_ports: [ 80, 443, {{ resultsdb_db_port }} ]
+fas_client_groups: sysadmin-qa
+nrpe_procs_warn: 250
+nrpe_procs_crit: 300
+
+virt_install_command: /usr/sbin/virt-install -n {{ inventory_hostname }} -r {{ mem_size }}
+                 --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }}
+                 --vcpus={{ num_cpus }}  -l {{ ks_repo }} -x
+                 "ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0
+                  hostname={{ inventory_hostname }} nameserver={{ dns }}
+                  ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none"
+                 --network=bridge=br0,model=virtio --autostart --noautoconsole
+
+resultsdb_db_host: db-qa01.qa.fedoraproject.org
+resultsdb_db_port: 5432
+resultsdb_endpoint: '/resultsdb'
+resultsdb_fe_endpoint: '/'
+resultsdb_db_name: resultsdb
+
+tcp_ports: [ 80, 443 ]
+
+# this needs to be in private
+resultsdb_db_user: resultsdb
+resultsdb_db_password: somefancypassword

inventory/host_vars/resultsdb-stg01.qa.fedoraproject.org

@@ -0,0 +1,10 @@
+---
+nm: 255.255.255.0
+gw: 10.5.124.254
+dns: 10.5.126.21
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-20
+ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/x86_64/os/
+volgroup: /dev/VirtGuests
+eth0_ip: 10.5.124.147
+vmhost: virthost-comm02.qa.fedoraproject.org
+datacenter: phx2

inventory/inventory

@@ -386,6 +386,9 @@ proxy01.stg.phx2.fedoraproject.org
 [qa]
 qa01.dev.fedoraproject.org
 
+[resultsdb-stg]
+resultsdb-stg01.qa.fedoraproject.org
+
 [smtp-mm]
 smtp-mm-ib01.fedoraproject.org
 smtp-mm-telia01.fedoraproject.org

playbooks/groups/resultsdb-stg.yml

@@ -0,0 +1,55 @@
+---
+# create a new resultsdb staging server
+# NOTE: make sure there is room/space for this server on the vmhost
+# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars
+
+- name: make resultsdb staging
+  hosts: resultsdb-stg
+  user: root
+  gather_facts: False
+  accelerate: "{{ accelerated }}"
+
+  vars_files: 
+   - /srv/web/infra/ansible/vars/global.yml
+   - "{{ private }}/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  tasks:
+  - include: "{{ tasks }}/virt_instance_create.yml"
+
+  handlers:
+  - include: "{{ handlers }}/restart_services.yml"
+
+- name: make the box be real
+  hosts: taskotron
+  user: root
+  gather_facts: True
+  accelerate: "{{ accelerated }}"
+
+  vars_files: 
+   - /srv/web/infra/ansible/vars/global.yml
+   - "{{ private }}/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  roles:
+   - { role: base, tags:['base'] }
+   - { role: rkhunter, tags:['rkhunter'] }
+   - { role: nagios_client, tags:['nagios_client'] }
+   - { role: fas_client, tags:['fas_client'] }
+   - { role: collectd/base, tags:['collectd_base'] }
+   - { role: yum-cron, tags:['yumcron'] }
+   - { role: taskotron/resultsdb-backend, tags: ['resultsdb-be'] }
+   - { role: taskotron/resultsdb-frontend, tags: ['resultsdb-fe'] }
+
+  tasks:
+  # this is how you include other task lists
+  - include: "{{ tasks }}/hosts.yml"
+  - include: "{{ tasks }}/yumrepos.yml"
+  - include: "{{ tasks }}/2fa_client.yml"
+  - include: "{{ tasks }}/motd.yml"
+  - include: "{{ tasks }}/sudo.yml"
+
+  handlers:
+   - include: "{{ handlers }}/restart_services.yml"
+
+

roles/taskotron/resultsdb-backend/tasks/main.yml

@@ -0,0 +1,25 @@
+- name: ensure packages required for resultsdb are installed
+  action: yum name={{ item }} state=latest
+  with_items:
+    - resultsdb
+    - mod_wsgi
+
+- name: ensure database is created
+  delegate_to: "{{ resultsdb_db_host }}"
+  sudo_user: postgres
+  action: postgresql_db db={{ resultsdb_db_name }}
+
+- name: ensure resultsdb user has access to database
+  delegate_to: "{{ resultsdb_db_host }}"
+  sudo_user: postgres
+  action: postgresql_user db={{ resultsdb_db_name }} user={{ resultsdb_db_user }} password={{ resultsdb_db_password }} role_attr_flags=NOSUPERUSER
+
+- name: generate resultsdb config
+  template: src=settings.py.j2 dest=/etc/resultsdb/settings.py owner=root group=root mode=0644
+  notify:
+    - restart httpd
+
+- name: generate resultsdb apache config
+  template: src=resultsdb.conf.j2 dest=/etc/httpd/conf.d/resultsdb.conf owner=root group=root mode=0644
+  notify:
+    - restart httpd

roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2

@@ -0,0 +1,30 @@
+WSGIDaemonProcess resultsdb user=apache group=apache threads=5
+WSGIScriptAlias {{ resultsdb_endpoint }} /usr/share/resultsdb/resultsdb.wsgi
+WSGISocketPrefix run/wsgi
+
+# this isn't the best way to force SSL but it works for now
+#RewriteEngine On
+#RewriteCond %{HTTPS} !=on
+#RewriteRule ^/resultsdb/admin/?(.*) https://%{SERVER_NAME}/$1 [R,L]
+
+<Directory /usr/share/resultsdb>
+    WSGIProcessGroup resultsdb
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIScriptReloading On
+    <IfModule mod_authz_core.c>
+        # Apache 2.4
+        Require all granted
+    </IfModule>
+    <IfModule !mod_auth_core.c>
+        Order allow,deny
+        Allow from all
+    </IfModule>
+
+</Directory>
+
+#Alias /resultsdb/static /var/www/resultsdb/resultsdb/static
+
+#<Directory /var/www/resultsdb/resultsdb/static>
+#Order allow,deny
+#Allow from all
+#</Directory>

roles/taskotron/resultsdb-backend/templates/settings.py.j2

@@ -0,0 +1,6 @@
+SECRET_KEY = '{{ resultsdb_secret_key }}'
+SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://{{ resultsdb_db_user }}:{{ resultsdb_db_password }}@{{ resultsdb_db_host }}:{{ resultsdb_db_port }}/{{ resultsdb_db_name }}'
+FILE_LOGGING = False
+LOGFILR = '/var/log/resultsdb/resultsdb.log'
+SYSLOG_LOGGING = False
+STREAM_LOGGING = True

roles/taskotron/resultsdb-frontend/tasks/main.yml

@@ -0,0 +1,15 @@
+- name: ensure packages required for resultsdb_frontend are installed
+  action: yum name={{ item }} state=latest
+  with_items:
+    - resultsdb_frontend
+    - mod_wsgi
+
+- name: generate resultsdb_frontend config
+  template: src=settings.py.j2 dest=/etc/resultsdb_frontend/settings.py owner=root group=root mode=0644
+  notify:
+    - restart httpd
+
+- name: generate resultsdb_frontend apache config
+  template: src=resultsdb_frontend.conf.j2 dest=/etc/httpd/conf.d/resultsdb_frontend.conf owner=root group=root mode=0644
+  notify:
+    - restart httpd

roles/taskotron/resultsdb-frontend/templates/rdb-settings.py.j2

@@ -0,0 +1,6 @@
+SECRET_KEY = '{{ resultsdb_secret_key }}'
+SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://{{ resultsdb_db_user }}:{{ resultsdb_db_password }}@{{ resultsdb_db_host }}:{{ resultsdb_db_port }}/{{ resultsdb_db_name }}'
+FILE_LOGGING = False
+LOGFILR = '/var/log/resultsdb/resultsdb.log'
+SYSLOG_LOGGING = False
+STREAM_LOGGING = True

roles/taskotron/resultsdb-frontend/templates/resultsdb.conf.j2

@@ -0,0 +1,30 @@
+WSGIDaemonProcess resultsdb user=apache group=apache threads=5
+WSGIScriptAlias {{ resultsdb_endpoint }} /usr/share/resultsdb/resultsdb.wsgi
+WSGISocketPrefix run/wsgi
+
+# this isn't the best way to force SSL but it works for now
+#RewriteEngine On
+#RewriteCond %{HTTPS} !=on
+#RewriteRule ^/resultsdb/admin/?(.*) https://%{SERVER_NAME}/$1 [R,L]
+
+<Directory /usr/share/resultsdb>
+    WSGIProcessGroup resultsdb
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIScriptReloading On
+    <IfModule mod_authz_core.c>
+        # Apache 2.4
+        Require all granted
+    </IfModule>
+    <IfModule !mod_auth_core.c>
+        Order allow,deny
+        Allow from all
+    </IfModule>
+
+</Directory>
+
+#Alias /resultsdb/static /var/www/resultsdb/resultsdb/static
+
+#<Directory /var/www/resultsdb/resultsdb/static>
+#Order allow,deny
+#Allow from all
+#</Directory>

roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2

@@ -0,0 +1,31 @@
+WSGIDaemonProcess resultsdb_frontend user=apache group=apache threads=5
+WSGIScriptAlias {{ resultsdb_fe_endpoint }} /usr/share/resultsdb_frontend/resultsdb_frontend.wsgi
+WSGISocketPrefix run/wsgi
+
+# this isn't the best way to force SSL but it works for now
+#RewriteEngine On
+#RewriteCond %{HTTPS} !=on
+#RewriteRule ^/resultsdb_frontend/admin/?(.*) https://%{SERVER_NAME}/$1 [R,L]
+
+<Directory /usr/share/resultsdb_frontend>
+    WSGIProcessGroup resultsdb_frontend
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIScriptReloading On
+    <IfModule mod_authz_core.c>
+        # Apache 2.4
+        Require all granted
+    </IfModule>
+    <IfModule !mod_auth_core.c>
+        Order allow,deny
+        Allow from all
+    </IfModule>
+
+</Directory>
+
+#Alias /resultsdb_frontend/static /var/www/resultsdb_frontend/resultsdb_frontend/static
+
+#<Directory /var/www/resultsdb_frontend/resultsdb_frontend/static>
+#Order allow,deny
+#Allow from all
+#</Directory>
+

roles/taskotron/resultsdb-frontend/templates/settings.py.j2

@@ -0,0 +1,9 @@
+# while you can use this as a template, we recommend that you use the blockerbugs
+# cli to generate a config file
+#RDB_URL = 'http://{{ hostname }}/{{ resultsdb_endpoint }}/api/v1.0'
+RDB_URL = 'http://localhost/{{ resultsdb_endpoint }}/api/v1.0'
+SECRET_KEY = '{{ resultsdb_fe_secret_key }}'
+FILE_LOGGING = False
+LOGFILR = '/var/log/resultsdb_frontend/resultsdb_frontend.log'
+SYSLOG_LOGGING = False
+STREAM_LOGGING = True