First stab at blockerbugs ansible playbooks and blockerbugs01.stg config

inventory/group_vars/blockerbugs

@@ -0,0 +1,17 @@
+---
+lvm_size: 30000
+mem_size: 4096
+num_cpus: 2
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+tcp_ports: [ 80, 443, 8888 ]
+
+# Neeed for rsync from log01 for logs.
+custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
+
+fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-qa
+
+# This gets overridden by whichever node we want to run special cronjobs.
+master_blockerbugs_node: False

inventory/group_vars/blockerbugs-stg

@@ -0,0 +1,17 @@
+---
+lvm_size: 30000
+mem_size: 4096
+num_cpus: 2
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+tcp_ports: [ 80, 443, 8888 ]
+
+# Neeed for rsync from log01 for logs.
+custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
+
+fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-qa
+
+# This gets overridden by whichever node we want to run special cronjobs.
+master_blockerbugs_node: False

inventory/host_vars/blockerbugs01.stg.phx2.fedoraproject.org

@@ -0,0 +1,13 @@
+---
+nm: 255.255.255.0
+gw: 10.5.126.254
+dns: 10.5.126.21
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
+ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
+volgroup: /dev/vg_guests
+eth0_ip: 10.5.126.65
+vmhost: virthost12.phx2.fedoraproject.org
+datacenter: phx2
+
+# This is the master node in stg, so it runs the cron job
+master_blockerbugs_node: True

playbooks/groups/blockerbugs.yml

@@ -0,0 +1,44 @@
+- name: make blockerbugs servers
+  hosts: blockerbugs-stg
+  user: root
+  gather_facts: False
+
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - "/srv/private/ansible/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  tasks:
+  - include: "{{ tasks }}/virt_instance_create.yml"
+
+  handlers:
+  - include: "{{ handlers }}/restart_services.yml"
+
+- name: make the box be real
+  hosts: blockerbugs-stg
+  user: root
+  gather_facts: True
+
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - "/srv/private/ansible/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  roles:
+  - base
+  - rkhunter
+  - nagios_client
+  - hosts
+  - fas_client
+  - collectd/base
+  - sudo
+  - blockerbugs
+
+  tasks:
+  - include: "{{ tasks }}/yumrepos.yml"
+  - include: "{{ tasks }}/2fa_client.yml"
+  - include: "{{ tasks }}/motd.yml"
+
+  handlers:
+  - include: "{{ handlers }}/restart_services.yml"
+  - include: "{{ handlers }}/semanage.yml"

roles/blockerbugs/files/blockerbugs.conf

@@ -0,0 +1,16 @@
+WSGIDaemonProcess blockerbugs user=apache group=apache threads=5
+WSGIScriptAlias /blockerbugs /usr/share/blockerbugs/blockerbugs.wsgi
+WSGISocketPrefix run/wsgi
+
+# this isn't the best way to force SSL but it works for now
+#RewriteEngine On
+#RewriteCond %{HTTPS} !=on
+#RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
+
+<Directory /usr/share/blockerbugs>
+    WSGIProcessGroup blockerbugs
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIScriptReloading On
+    Order deny,allow
+    Allow from all
+</Directory>

roles/blockerbugs/files/blockerbugs.cron

@@ -0,0 +1 @@
+*/30 * * * * blockerbugs blockerbugs sync

roles/blockerbugs/tasks/main.yml

@@ -0,0 +1,52 @@
+---
+- name: install needed packages for blockerbugs
+  yum: state=present name={{ item }} enablerepo=epel-testing
+  with_items:
+  - python-psycopg2
+  - python-kitchen
+  - python-alembic
+  - python-flask-wtf
+  - python-flask
+  - python-sqlalchemy
+  - python-fedora-flask
+  - python-wtforms
+  - python-fedora
+  - pytest
+  - python-lxml
+  - python-flask-sqlalchemy
+  - python-bugzilla
+  - blockerbugs
+  tags:
+  - packages
+  - blockerbugs
+
+- name: setup blockerbugs apache conf
+  copy: src=blockerbugs.conf dest=/etc/httpd/conf.d/blockerbugs.conf mode=644
+  notify:
+  - restart httpd
+  tags:
+  - config
+  - httpd
+  - blockerbugs
+
+- name: setup blockerbugs app settings file
+  template: src=blockerbugs-settings.py.j2 dest=/etc/blockerbugs/settings.py mode=644
+  notify:
+  - restart httpd
+  tags:
+  - config
+  - httpd
+  - blockerbugs
+
+- name: set sebooleans so blockerbugs can talk to the db
+  seboolean: name=httpd_can_network_connect_db state=true persistent=true
+  tags:
+  - config
+  - blockerbugs
+
+- name: setup blockerbugs cron (master node only)
+  copy: src=blockerbugs.cron dest=/etc/cron.d/blockerbugs
+  when: master_blockerbugs_node
+  tags:
+  - config
+  - blockerbugs

roles/blockerbugs/templates/blockerbugs-settings.py.j2

@@ -0,0 +1,21 @@
+SECRET_KEY = '{{ blockerbugs_secret_key }}'
+SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://{{ blockerbugs_app }}:{{ blockerbugs_appPassword }}@db-blockerbugs/blockerbugs'
+FAS_ADMIN_GROUP = "qa-admin"
+FAS_USER = "{{ blockerbugs_fas_user }}@fedoraproject.org"
+FAS_PASSWORD = "{{ blockerbugs_fas_password }}"
+{% if env == "staging" %}
+FAS_FLASK_COOKIE_REQUIRES_HTTPS = False
+FAS_CHECK_CERT = False
+PRODUCTION = False
+BUGZILLA_URL = 'https://partner-bugzilla.redhat.com/'
+{% else %}
+BUGZILLA_URL = 'https://bugzilla.redhat.com/'
+{% endif %}
+BUGZILLA_XMLRPC = BUGZILLA_URL + 'xmlrpc.cgi'
+KOJI_URL = "http://koji.fedoraproject.org/"
+FILE_LOGGING = False
+SYSLOG_LOGGING = True
+STREAM_LOGGING = False
+
+# to fix login issue for folks who are part of many FAS groups
+PREFERRED_URL_SCHEME='https'