From 77ef17aad86ed9592c42cc919f6e0f8a35c6f302 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20Such=C3=BD?= Date: Fri, 27 Mar 2020 11:38:59 +0100 Subject: [PATCH] retrace: rebase to latest upstream roles --- roles/abrt/faf/defaults/main.yml | 3 +- roles/abrt/faf/meta/.galaxy_install_info | 2 +- .../etc-httpd-conf.d-faf-web.conf.j2 | 6 +- roles/abrt/retrace/defaults/main.yml | 45 ++++---------- roles/abrt/retrace/meta/.galaxy_install_info | 2 +- roles/abrt/retrace/tasks/check.yml | 2 +- roles/abrt/retrace/tasks/config.yml | 8 ++- roles/abrt/retrace/tasks/main.yml | 3 + roles/abrt/retrace/tasks/podman.yml | 60 +++++++++++++++++++ roles/abrt/retrace/tasks/usefafpkgs.yml | 37 ------------ .../etc-retrace-server-hooks.conf.j2 | 8 +++ .../templates/etc-retrace-server.conf.j2 | 23 ++----- 12 files changed, 102 insertions(+), 97 deletions(-) create mode 100644 roles/abrt/retrace/tasks/podman.yml create mode 100644 roles/abrt/retrace/templates/etc-retrace-server-hooks.conf.j2 diff --git a/roles/abrt/faf/defaults/main.yml b/roles/abrt/faf/defaults/main.yml index 6704464784..995c324f03 100644 --- a/roles/abrt/faf/defaults/main.yml +++ b/roles/abrt/faf/defaults/main.yml @@ -10,6 +10,7 @@ faf_with_fedmsg: false faf_with_solutionfinders: true faf_with_symboltransfer: false faf_with_web: true +faf_python_version: "python3.6" # dangerous, delete and re-create PostgreSQL database # (will wipe Postgre's data dir and re-create from scratch) @@ -89,7 +90,7 @@ domain: example.org faf_server_name: "example-faf.org" faf_web_brand_title: "ABRT" -faf_web_brand_subtitle: "Analysis" +faf_web_brand_subtitle: "Analytics" faf_web_fedmenu_url: # https://apps.fedoraproject.org/fedmenu diff --git a/roles/abrt/faf/meta/.galaxy_install_info b/roles/abrt/faf/meta/.galaxy_install_info index 4942746ffa..50e155cbd2 100644 --- a/roles/abrt/faf/meta/.galaxy_install_info +++ b/roles/abrt/faf/meta/.galaxy_install_info @@ -1,2 +1,2 @@ -install_date: Fri Mar 20 14:14:25 2020 +install_date: Fri Mar 27 10:36:49 2020 version: master diff --git a/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 b/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 index 2a88cff897..af69d27855 100644 --- a/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 +++ b/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 @@ -4,9 +4,7 @@ WSGIPythonOptimize 1 WSGISocketPrefix {{ faf_spool_dir }}/wsgi WSGIDaemonProcess faf user=faf group=faf processes=3 threads=5 -{% set python = 'python3.7' %} - -WSGIScriptAlias /{{ url_suffix }} /usr/lib/{{ python }}/site-packages/webfaf/hub.wsgi process-group=faf application-group=%{GLOBAL} +WSGIScriptAlias /{{ url_suffix }} /usr/lib/{{ faf_python_version }}/site-packages/webfaf/hub.wsgi process-group=faf application-group=%{GLOBAL} @@ -21,7 +19,7 @@ WSGIScriptAlias /{{ url_suffix }} /usr/lib/{{ python }}/site-packages/webfaf/hub # project main - + Options Indexes IndexOptions FancyIndexing diff --git a/roles/abrt/retrace/defaults/main.yml b/roles/abrt/retrace/defaults/main.yml index 8e7e1ac6d7..44e22dcc75 100644 --- a/roles/abrt/retrace/defaults/main.yml +++ b/roles/abrt/retrace/defaults/main.yml @@ -84,12 +84,6 @@ rs_save_dir: /var/spool/retrace-server # Directory where old tasks are moved rs_drop_dir: /srv/retrace/archive -# Whether to use explicit working directory, otherwise default mock settings are used -rs_use_work_dir: false - -# Working directory -rs_work_dir: /tmp/retrace-server - # Whether to use createrepo's --update option (faster, but requires a lot of memory) rs_use_createrepo_update: false @@ -126,20 +120,17 @@ rs_kernel_debuginfo_url: http://kojipkgs.fedoraproject.org/packages/$BASENAME/$V # Run makedumpfile with specified dumplevel; <= 0 or >= 32 means disabled rs_vmcore_dump_level: 0 -# Whether to run kmem command by default (this may take a long time on large vmcores) -# 1 => run 'kmem -f'; 2 => run 'kmem -f' with 'set hash off'; 3 => run 'kmem -z'; anything else => do not run kmem -rs_vmcore_run_kmem: 0 - # EXPERIMENTAL! Use ABRT Server's storage to map build-ids # into debuginfo packages and resolve dependencies # Requires support from ABRT Server rs_use_faf_packages: false -# where faf store data +# Spool directory for FAF packages faf_spool_dir: /var/spool/faf -# Where to hardlink faf packages -rs_faf_link_dir: "{{ faf_spool_dir }}/retrace-tmp" +# Run the retrace in a Mock chroot (default), or a Podman container +# (mock|podman) +rs_retrace_environment: mock # Whether to enable e-mail notifications rs_email_notify: false @@ -186,32 +177,18 @@ rs_archhosts: - { arch: armhfp, url: } - { arch: s390x, url: } -# Parameters are replaced using python's format. -# Available parameters: hook_name, task_id, task_dir -# Example: pre_start = /bin/echo {hook_name} {task_id} {task_dir} -# When worker.start() is called -rs_hookscripts: - - { hook: pre_start, cmd: } - - { hook: start, cmd: } - - { hook: pre_prepare_debuginfo, cmd: } - - { hook: post_prepare_debuginfo, cmd: } - - { hook: pre_prepare_mock, cmd: } - - { hook: post_prepare_mock, cmd: } - - { hook: pre_retrace, cmd: } - - { hook: post_retrace, cmd: } - - { hook: success, cmd: } - - { hook: fail, cmd: } - - { hook: pre_remove_task, cmd: } - - { hook: post_remove_task, cmd: } - - { hook: pre_clean_task, cmd: } - - { hook: post_clean_task, cmd: } - - # Force package reinstall rs_force_reinstall: false # Check server health after installation rs_check_health: true +# Path to the executable hook scripts +# https://github.com/abrt/retrace-server/wiki/Hook-scripts +rs_hooks_executable_path: /usr/libexec/retrace-server/hooks/ + +# Global time limit for hook scripts (in seconds) +rs_hooks_global_timeout: 300 + # Hostname hostname: example.org diff --git a/roles/abrt/retrace/meta/.galaxy_install_info b/roles/abrt/retrace/meta/.galaxy_install_info index 693a945894..9a36878dcc 100644 --- a/roles/abrt/retrace/meta/.galaxy_install_info +++ b/roles/abrt/retrace/meta/.galaxy_install_info @@ -1,2 +1,2 @@ -install_date: Fri Mar 20 14:14:27 2020 +install_date: Fri Mar 27 10:36:51 2020 version: master diff --git a/roles/abrt/retrace/tasks/check.yml b/roles/abrt/retrace/tasks/check.yml index f9c1285fb5..d9d7c9317d 100644 --- a/roles/abrt/retrace/tasks/check.yml +++ b/roles/abrt/retrace/tasks/check.yml @@ -6,7 +6,7 @@ - name: Set settings_url fact set_fact: - settings_url: "https://{{ hostname }}/settings" + settings_url: "https://{{ ansible_default_ipv4.address }}/settings" - name: fetch settings uri: diff --git a/roles/abrt/retrace/tasks/config.yml b/roles/abrt/retrace/tasks/config.yml index 4d4f085665..94009a3123 100644 --- a/roles/abrt/retrace/tasks/config.yml +++ b/roles/abrt/retrace/tasks/config.yml @@ -2,7 +2,7 @@ - name: configure retrace-server template: src: etc-retrace-server.conf.j2 - dest: /etc/retrace-server.conf + dest: /etc/retrace-server/retrace-server.conf notify: restart httpd - name: retrace-server http config @@ -10,3 +10,9 @@ src: retrace-server-httpd.conf.j2 dest: /etc/httpd/conf.d/retrace-server-httpd.conf notify: restart httpd + +- name: configure retrace-server hooks config + template: + src: etc-retrace-server-hooks.conf.j2 + dest: /etc/retrace-server/retrace-server-hooks.conf + notify: restart httpd diff --git a/roles/abrt/retrace/tasks/main.yml b/roles/abrt/retrace/tasks/main.yml index 8edacbe781..aea0c93c3e 100644 --- a/roles/abrt/retrace/tasks/main.yml +++ b/roles/abrt/retrace/tasks/main.yml @@ -12,6 +12,9 @@ - import_tasks: config.yml tags: [rs, config] +- import_tasks: podman.yml + tags: [rs, podman] + # Check functionality of the retrace-server - import_tasks: check.yml when: rs_check_health|bool diff --git a/roles/abrt/retrace/tasks/podman.yml b/roles/abrt/retrace/tasks/podman.yml new file mode 100644 index 0000000000..e82e5d4728 --- /dev/null +++ b/roles/abrt/retrace/tasks/podman.yml @@ -0,0 +1,60 @@ +--- +- name: Install podman package + package: + name: podman + state: present + +- name: Set home directory for retrace user + user: + name: retrace + home: /var/lib/retrace + +- name: Check if subuid is set for retrace user + command: cat /etc/subuid + changed_when: false + register: retrace_subuid + +- block: + - name: Get last subuid entry + shell: | + set -o pipefail + cut -d ':' -f2 /etc/subuid | sort | tail -1 + changed_when: false + register: t_subuid + args: + executable: /usr/bin/bash + + - name: Set variables for min and max subuid + set_fact: + rs_subuid_min: "{{ t_subuid.stdout | default(100000) | int + 65536 }}" + rs_subuid_max: "{{ t_subuid.stdout | default(100000) | int + 2 * 65536 - 1 }}" + + - name: Set subuid for retrace user. + command: usermod retrace --add-subuids "{{ rs_subuid_min }}-{{ rs_subuid_max }}" + + when: '"retrace" not in retrace_subgid.stdout' + +- name: Check if subgid is set for retrace user + command: cat /etc/subgid + changed_when: false + register: retrace_subgid + +- block: + - name: Get last subgid entry + shell: | + set -o pipefail + cut -d ':' -f2 /etc/subgid | sort | tail -1 + changed_when: false + register: t_subgid + args: + executable: /usr/bin/bash + + - name: Set variables for min and max subgid + set_fact: + rs_subgid_min: "{{ t_subgid.stdout | default(100000) | int + 65536 }}" + rs_subgid_max: "{{ t_subgid.stdout | default(100000) | int + 2 * 65536 - 1 }}" + + - name: Set subgid for retrace user + command: usermod retrace --add-subgids "{{ rs_subgid_min }}-{{ rs_subgid_max }}" + + when: '"retrace" not in retrace_subgid.stdout' diff --git a/roles/abrt/retrace/tasks/usefafpkgs.yml b/roles/abrt/retrace/tasks/usefafpkgs.yml index 7bee43a780..754f46e8fa 100644 --- a/roles/abrt/retrace/tasks/usefafpkgs.yml +++ b/roles/abrt/retrace/tasks/usefafpkgs.yml @@ -14,40 +14,3 @@ state: present become: yes become_user: postgres - -# for already existing files/dirs -- name: ACL for user retrace - acl: - path: "{{ faf_spool_dir }}/lob" - state: present - recursive: yes - entity: retrace - etype: user - permissions: rwX - async: 21600 - poll: 0 - -# for files/dirs created in future -- name: default ACL for user retrace - acl: - path: "{{ faf_spool_dir }}/lob" - state: present - recursive: yes - default: yes - entity: retrace - etype: user - permissions: rwX - async: 21600 - poll: 0 - -- name: check for hardlink dir - stat: path="{{ rs_faf_link_dir }}" - register: rsdir - -- name: make dir for hardlinks - file: - path: "{{ rs_faf_link_dir }}" - state: directory - owner: retrace - group: retrace - when: not rsdir.stat.exists|bool diff --git a/roles/abrt/retrace/templates/etc-retrace-server-hooks.conf.j2 b/roles/abrt/retrace/templates/etc-retrace-server-hooks.conf.j2 new file mode 100644 index 0000000000..278057b0dd --- /dev/null +++ b/roles/abrt/retrace/templates/etc-retrace-server-hooks.conf.j2 @@ -0,0 +1,8 @@ +#{{ ansible_managed }} + +[main] +# Path to the executable hook scripts +HookDir = {{ rs_executable_hooks_path }} + +# Global time limit for hook scripts (in seconds) +Timeout = {{ rs_global_hook_timeout }} diff --git a/roles/abrt/retrace/templates/etc-retrace-server.conf.j2 b/roles/abrt/retrace/templates/etc-retrace-server.conf.j2 index 376f19fd5f..0a090bd92d 100644 --- a/roles/abrt/retrace/templates/etc-retrace-server.conf.j2 +++ b/roles/abrt/retrace/templates/etc-retrace-server.conf.j2 @@ -91,12 +91,6 @@ SaveDir = {{ rs_save_dir }} # Directory where old tasks are moved DropDir = {{ rs_drop_dir }} -# Whether to use explicit working directory, otherwise default mock settings are used -UseWorkDir = {{ rs_use_work_dir|int }} - -# Working directory -WorkDir = {{ rs_work_dir }} - # Whether to use createrepo's --update option (faster, but requires a lot of memory) UseCreaterepoUpdate = {{ rs_use_createrepo_update|int }} @@ -133,17 +127,17 @@ KernelDebuginfoURL = {{ rs_kernel_debuginfo_url }} # Run makedumpfile with specified dumplevel; <= 0 or >= 32 means disabled VmcoreDumpLevel = {{ rs_vmcore_dump_level|int }} -# Whether to run kmem command by default (this may take a long time on large vmcores) -# 1 => run 'kmem -f'; 2 => run 'kmem -f' with 'set hash off'; 3 => run 'kmem -z'; anything else => do not run kmem -VmcoreRunKmem = {{ rs_vmcore_run_kmem|int }} - # EXPERIMENTAL! Use ABRT Server's storage to map build-ids # into debuginfo packages and resolve dependencies # Requires support from ABRT Server UseFafPackages = {{ rs_use_faf_packages|int }} -# Where to hardlink faf packages -FafLinkDir = {{ rs_faf_link_dir }} +# Spool directory for FAF packages +FafLinkDir = {{ faf_spool_dir }} + +# Run the retrace in a Mock chroot (default), or a Podman container +# (mock|podman) +RetraceEnvironment = {{ rs_retrace_environment }} # Whether to enable e-mail notifications EmailNotify = {{ rs_email_notify|int }} @@ -182,8 +176,3 @@ ProcessCommunicateTimeout = {{ rs_process_communicate_timeout|int }} {% for a in rs_archhosts %} {{ a.arch }} = {{ a.url|default('', true) }} {% endfor %} - -[hookscripts] -{% for h in rs_hookscripts %} -{{ h.hook }} = {{ h.cmd|default('', true) }} -{% endfor %}