add FAF role

roles/abrt/faf/LICENSE.bsd

@@ -0,0 +1,25 @@
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+   notice, and the entire permission notice in its entirety,
+   including the disclaimer of warranties.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+3. The name of the author may not be used to endorse or promote
+   products derived from this software without specific prior
+   written permission.
+
+THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF
+WHICH ARE HEREBY DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGE.

roles/abrt/faf/README.rst

@@ -0,0 +1,17 @@
+ansible-role-faf
+----------------
+
+Role for deploying `faf <https://github.com/abrt/faf>`_.
+
+See `defaults/main.yml <https://github.com/abrt/ansible-role-faf/defaults/main.yml>`_
+for the complete list of configuration variables.
+
+License
+=======
+
+BSD
+
+Author
+======
+
+Richard Marko <rmarko@fedoraproject.org>

roles/abrt/faf/defaults/main.yml

@@ -0,0 +1,178 @@
+---
+# SMTP server to use
+smtp_server: localhost
+smtp_port: 25
+
+# domain of web service as seen from internet
+domain: example.org
+
+# default port for memcached
+memcached_port: 11211
+
+# connectstring to use for faf web & storage in format:
+# driver://user:password@host:port/database
+faf_db_connectstring: postgresql:///faf
+
+# set to true if this is the very first run of this playbook
+# it will set-up postgresql database and initial data for faf
+faf_first_time_setup: false
+
+# dangerous, delete and re-create PostgreSQL database
+# (will wipe Postgre's data dir and re-create from scratch)
+faf_recreate_database: false
+
+# update faf packages
+faf_update: true
+
+# force faf packages reinstallation (for testing instances)
+faf_force_reinstall: false
+
+# run faf's database migrations
+faf_migrate_db: true
+
+# set up cron jobs for faf
+faf_cron_jobs: true
+
+faf_admin_mail: root@localhost
+
+###########################
+# features configuration  #
+###########################
+
+faf_with_bugtrackers: true
+faf_with_celery: true
+faf_with_fedmsg: false
+faf_with_solutionfinders: true
+faf_with_symboltransfer: false
+faf_with_web: true
+
+###########################
+# faf-webui configuration #
+###########################
+
+# faf_server_name is the bare URL without protocols and trailing slash
+faf_server_name: "example-faf.org"
+
+faf_web_brand_title: "FAF"
+faf_web_brand_subtitle: "Fedora Analysis Framework"
+
+# perms
+faf_web_everyone_is_admin: false
+faf_web_everyone_is_maintainer: false
+
+# enable debugging
+faf_web_debug: false
+
+# set to true if faf's running behind proxy like varnish
+faf_web_proxy_setup: false
+
+# enable OpenID
+faf_web_openid: true
+
+# Comma-separated list of teams provided by OpenID via
+# https://github.com/puiterwijk/python-openid-teams
+# Members of these teams will be granted maintainer privileges
+faf_web_openid_privileged_teams:
+# provenpackager,proventesters
+
+faf_web_fedmenu_url:
+# https://apps.fedoraproject.org/fedmenu
+faf_web_fedmenu_data_url:
+# https://apps.fedoraproject.org/js/data.js
+
+# cache type either: memcached/simple/none
+faf_web_cache_type: memcached
+
+# faf reachable on httpd root (http://hostname/)
+# if false it's (http://hostname/faf/)
+faf_web_on_root: true
+
+# important for production deployments
+faf_web_secret_key: not_a_secret
+
+##############################
+# functionality checking     #
+##############################
+
+faf_check: false
+faf_check_web: false
+
+##############################
+# faf packages configuration #
+##############################
+#
+# Removing some packaging allows you to install
+# only components relevant for your deployment
+
+faf_packages:
+  - faf
+  - faf-migrations
+  - faf-yum
+
+faf_problem_packages:
+  - faf-problem-coredump
+  - faf-problem-java
+  - faf-problem-kerneloops
+  - faf-problem-python
+  - faf-problem-ruby
+
+faf_opsys_packages:
+  - faf-opsys-centos
+  - faf-opsys-fedora
+  - faf-opsys-rhel
+
+faf_action_packages:
+  - faf-action-add-compat-hashes
+  - faf-action-arch
+  - faf-action-archive-reports
+  - faf-action-assign-release-to-builds
+  - faf-action-attach-centos-bugs
+  - faf-action-c2p
+  - faf-action-cleanup-task-results
+  - faf-action-create-problems
+  - faf-action-external-faf
+  - faf-action-external-faf-clone-bz
+  - faf-action-find-components
+  - faf-action-find-crash-function
+  - faf-action-mark-probably-fixed
+  - faf-action-pull-associates
+  - faf-action-pull-components
+  - faf-action-pull-releases
+  - faf-action-pull-reports
+  - faf-action-repo
+  - faf-action-retrace
+  - faf-action-retrace-remote
+  - faf-action-save-reports
+  - faf-action-shell
+  - faf-action-stats
+
+faf_bugtracker_packages:
+  - faf-action-bugtracker
+  - faf-bugtracker-bugzilla
+  - faf-bugtracker-centos-mantis
+  - faf-bugtracker-fedora-bugzilla
+  - faf-bugtracker-mantis
+  - faf-bugtracker-rhel-bugzilla
+
+faf_celery_packages:
+  - faf-celery-tasks
+  - faf-celery-tasks-systemd-services
+
+faf_fedmsg_packages:
+  - faf-action-fedmsg-notify
+  - faf-fedmsg
+  - faf-fedmsg-realtime
+
+faf_solutionfinder_packages:
+  - faf-action-sf-prefilter
+  - faf-solutionfinder-prefilter
+  - faf-solutionfinder-probable-fix
+
+faf_web_packages:
+  - faf-webui
+
+faf_web_celery_packages:
+  - faf-blueprint-celery-tasks
+
+faf_web_symboltransfer_packages:
+  - faf-blueprint-symbol-transfer

roles/abrt/faf/files/ureport_sample

@@ -0,0 +1,85 @@
+{
+  "ureport_version": 2,
+
+  "reason": "ImportError in /usr/bin/faf:55",
+
+  "os": {
+    "name": "fedora",
+    "version": "42",
+    "architecture": "x86_64"
+  },
+
+  "problem": {
+    "type": "python",
+
+    "component": "meta_faf",
+
+    "exception_name": "ImportError",
+
+    "user": {
+      "local": true,
+      "root": false
+    },
+
+    "stacktrace": [
+      {
+        "file_name": "/usr/lib64/python2.7/site-packages/sqlalchemy/dialects/postgresql/psycopg2.py",
+        "file_line": 312,
+        "line_contents": "psycopg = __import__('psycopg2')",
+        "function_name": "dbapi"
+      },
+      {
+        "file_name": "/usr/lib64/python2.7/site-packages/sqlalchemy/engine/strategies.py",
+        "file_line": 64,
+        "line_contents": "dbapi = dialect_cls.dbapi(**dbapi_args)",
+        "function_name": "create"
+      },
+      {
+        "file_name": "/usr/lib64/python2.7/site-packages/sqlalchemy/engine/__init__.py",
+        "file_line": 338,
+        "line_contents": "return strategy.create(*args, **kwargs)",
+        "function_name": "create_engine"
+      },
+      {
+        "file_name": "/usr/lib/python2.7/site-packages/pyfaf/storage/__init__.py",
+        "file_line": 213,
+        "line_contents": "self._db = create_engine(config['storage.connectstring'])",
+        "function_name": "__init__"
+      },
+      {
+        "file_name": "/usr/lib/python2.7/site-packages/pyfaf/storage/__init__.py",
+        "file_line": 199,
+        "line_contents": "db = Database(debug=debug, dry=dry)",
+        "function_name": "get_database"
+      },
+      {
+        "file_name": "/usr/bin/faf",
+        "file_line": 29,
+        "line_contents": "db = getDatabase(debug=cmdline.sql_verbose, dry=cmdline.dry_run)",
+        "function_name": "main"
+      },
+      {
+        "file_name": "/usr/bin/faf",
+        "file_line": 55,
+        "special_function": "module",
+        "line_contents": "main()"
+      }
+    ]
+  },
+
+  "packages": [
+    {
+      "name": "meta_faf",
+      "epoch": 0,
+      "version": "0.9",
+      "architecture": "noarch",
+      "package_role": "affected",
+      "release": "1.fc42"
+    }
+  ],
+
+  "reporter": {
+    "version": "0.9",
+    "name": "satyr"
+  }
+}

roles/abrt/faf/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: restart httpd
+  service: name=httpd state=restarted

roles/abrt/faf/meta/.galaxy_install_info

@@ -0,0 +1 @@
+{install_date: 'Mon Mar 20 11:05:21 2017', version: ''}

roles/abrt/faf/meta/main.yml

@@ -0,0 +1,19 @@
+---
+galaxy_info:
+  author: "ABRT team"
+  company: Red Hat
+  license: BSD
+  min_ansible_version: 1.8
+  platforms:
+   - name: EL
+     versions:
+      - 7
+      - 6
+   - name: Fedora
+     versions:
+      - 25
+      - 24
+      - 23
+  categories:
+   - web
+dependencies: []

roles/abrt/faf/tasks/celery.yml

@@ -0,0 +1,28 @@
+- name: install faf web celery packages
+  yum: pkg={{ item }} state=installed
+  with_items: "{{ faf_web_celery_packages }}"
+  tags:
+  - packages
+
+- name: install redis package
+  yum : name={{ item }} state=installed
+  with_items:
+  - redis
+  - python-redis
+  tags:
+  - packages
+
+- name: enable redis service
+  service: name=redis state=started enabled=yes
+  tags:
+  - service
+
+- name: enable faf-celery-worker
+  service: name=faf-celery-worker state=started enabled=yes
+  tags:
+  - service
+
+- name: enable faf-celery-beat
+  service: name=faf-celery-beat state=started enabled=yes
+  tags:
+  - service

roles/abrt/faf/tasks/check.yml

@@ -0,0 +1,24 @@
+---
+
+# check backend functionality
+
+- name: faf
+  shell: faf {{ item }}
+  become: yes
+  become_user: faf
+  with_items:
+    - "releaseadd -o fedora --opsys-release 42"
+    - "releaselist | grep 'Fedora 42'"
+    - "compadd -o fedora --opsys-release 42 meta_faf"
+
+- name: cpf
+  copy: src=ureport_sample dest=/var/spool/faf/reports/incoming
+    owner=faf group=faf
+
+- name: faf
+  shell: faf {{ item }}
+  become: yes
+  become_user: faf
+  with_items:
+    - "save-reports -v"
+    - "create-problems -v"

roles/abrt/faf/tasks/check_web.yml

@@ -0,0 +1,34 @@
+
+# check web functionality
+#
+- set_fact:
+    url_suffix: ""
+  when: faf_web_on_root
+
+- set_fact:
+    url_suffix: "/faf"
+  when: not faf_web_on_root
+
+- set_fact:
+    main_url: "https://{{ ansible_default_ipv4.address }}{{ url_suffix }}"
+    problems_url: "https://{{ ansible_default_ipv4.address }}{{ url_suffix }}/problems/"
+
+- name: check main
+  local_action: uri url={{ main_url }}
+    return_content=yes
+    validate_certs=no
+  register: uri_res
+
+- fail: msg="{{ main_url }} doesn't contain 'FAF' string"
+  when:
+    "'FAF' not in uri_res.content"
+
+- name: fetch problems
+  local_action: uri url={{ problems_url }}
+    return_content=yes
+    validate_certs=no
+  register: uri_res
+
+- fail: msg="{{ main_url }} doesn't contain 'State' string"
+  when:
+    "'State' not in uri_res.content"

roles/abrt/faf/tasks/config.yml

@@ -0,0 +1,5 @@
+---
+
+- name: provide /etc/faf/faf.conf
+  template: src=etc-faf-faf.conf.j2
+    dest=/etc/faf/faf.conf

roles/abrt/faf/tasks/cron.yml

@@ -0,0 +1,30 @@
+---
+
+- name: cron save-reports
+  cron:
+    name: "faf save-reports"
+    user: faf
+    job: "faf save-reports >> /var/log/faf/save-reports.log 2>&1"
+    minute: "*/5"
+    state: present
+  become: yes
+
+- name: cron create-problems
+  cron:
+    name: "faf create-problems"
+    user: faf
+    job: "faf create-problems >> /var/log/faf/create-problems.log 2>&1"
+    minute: 30
+    hour: "*/4"
+    state: present
+  become: yes
+
+- name: cron reposync
+  cron:
+    name: "faf reposync"
+    user: faf
+    job: "faf reposync >> /var/log/faf/reposync.log 2>&1"
+    minute: 5
+    hour: 3
+    state: present
+  become: yes

roles/abrt/faf/tasks/first_time_setup.yml

@@ -0,0 +1,16 @@
+---
+
+- name: create faf's database schema
+  command: faf-migrate-db --create-all
+  become: yes
+  become_user: faf
+
+- name: stamp database as migrated to latest version
+  command: faf-migrate-db --stamp-only
+  become: yes
+  become_user: faf
+
+- name: init faf
+  command: faf init
+  become: yes
+  become_user: faf

roles/abrt/faf/tasks/install.yml

@@ -0,0 +1,41 @@
+---
+
+- name: erase faf packages
+  yum: pkg="faf-*" state=absent
+  when: faf_force_reinstall
+
+- name: install core faf packages
+  yum: pkg={{ item }} state=installed
+  with_items: "{{ faf_packages }}"
+
+- name: install faf problem packages
+  yum: pkg={{ item }} state=installed
+  with_items: "{{ faf_problem_packages }}"
+
+- name: install faf opsys packages
+  yum: pkg={{ item }} state=installed
+  with_items: "{{ faf_opsys_packages }}"
+
+- name: install faf action packages
+  yum: pkg={{ item }} state=installed
+  with_items: "{{ faf_action_packages }}"
+
+- name: install faf bugtracker packages
+  yum: pkg={{ item }} state=installed
+  with_items: "{{ faf_bugtracker_packages }}"
+  when: faf_with_bugtrackers
+
+- name: install faf celery packages
+  yum: pkg={{ item }} state=installed
+  with_items: "{{ faf_celery_packages }}"
+  when: faf_with_celery
+
+- name: install faf fedmsg packages
+  yum: pkg={{ item }} state=installed
+  with_items: "{{ faf_fedmsg_packages }}"
+  when: faf_with_fedmsg
+
+- name: install faf solutionfinder packages
+  yum: pkg={{ item }} state=installed
+  with_items: "{{ faf_solutionfinder_packages }}"
+  when: faf_with_solutionfinders

roles/abrt/faf/tasks/main.yml

@@ -0,0 +1,33 @@
+- include: install.yml
+  tags: [faf, faf_install, packages]
+
+- include: update.yml
+  when: faf_update
+  tags: [faf, faf_update, packages]
+
+- include: first_time_setup.yml
+  when: faf_first_time_setup
+  tags: [faf, faf_fist_time_setup, config]
+
+- include: config.yml
+  tags: [faf, faf_config, config]
+
+- include: migrate_db.yml
+  when: faf_migrate_db
+  tags: [faf, faf_migrate_db]
+
+- include: cron.yml
+  when: faf_cron_jobs
+  tags: [faf, config]
+
+- include: web.yml
+  when: faf_with_web
+  tags: [faf, faf_web]
+
+- include: check.yml
+  when: faf_check
+  tags: [faf, faf_check]
+
+- include: check_web.yml
+  when: faf_check_web
+  tags: [faf, faf_check_web]

roles/abrt/faf/tasks/migrate_db.yml

@@ -0,0 +1,5 @@
+---
+- name: run database migrations
+  command: faf-migrate-db
+  become: yes
+  become_user: faf

roles/abrt/faf/tasks/update.yml

@@ -0,0 +1,3 @@
+---
+- name: update faf packages
+  yum: pkg="faf*" state=latest

roles/abrt/faf/tasks/web.yml

@@ -0,0 +1,26 @@
+- name: install faf-webui packages
+  yum : name={{ item }} state=latest
+  with_items: "{{ faf_web_packages }}"
+
+- include: celery.yml
+  when: faf_with_celery
+
+- name: install faf web symboltransfer packages
+  yum: pkg={{ item }} state=installed
+  with_items: "{{ faf_web_symboltransfer_packages }}"
+  when: faf_with_symboltransfer
+
+- name: provide /etc/faf/plugins/web.conf
+  template: src=etc-faf-plugins-web.conf.j2
+    dest=/etc/faf/plugins/web.conf
+  notify:
+  - restart httpd
+
+  # faf installs this file by itself if faf_web_on_root
+  # is disabled and is available under <hosts>/faf
+- name: put webfaf on root (/) if configured
+  template: src=etc-httpd-conf.d-faf-web.conf.j2
+    dest=/etc/httpd/conf.d/faf-web.conf
+  when: faf_web_on_root
+  notify:
+  - restart httpd

roles/abrt/faf/templates/etc-faf-faf.conf.j2

@@ -0,0 +1,31 @@
+#{{ ansible_managed }}
+# Faf site-wide configuration file
+
+[Main]
+PluginsDir = /etc/faf/plugins/
+TemplatesDir = /etc/faf/templates/
+AutoEnablePlugins = False
+
+[Storage]
+ConnectString = {{ faf_db_connectstring }}
+LobDir = /var/spool/faf/lob
+# Using platform-specific location by default.
+# Uncomment and change if needed.
+# TmpDir = /tmp
+
+[Mail]
+# where to send notification emails, comma separated list
+Admins = {{ faf_admin_mail }}
+Server = {{ smtp_server }}
+Port = {{ smtp_port }}
+Username = {{ smtp_username|default("", true) }}
+Password = {{ smtp_password|default("", true) }}
+
+[uReport]
+# The directory that holds 'reports' and 'attachments' subdirectories
+Directory = /var/spool/faf
+CreateComponents = False
+# attachments accepted by this server
+# allowed values: fedora-bugzilla rhel-bugzilla centos-mantisb comment email url
+# or * to allow all attachments
+AcceptAttachments = fedora-bugzilla rhel-bugzilla centos-mantisbt

roles/abrt/faf/templates/etc-faf-plugins-web.conf.j2

@@ -0,0 +1,50 @@
+#{{ ansible_managed }}
+[hub]
+debug = {{ faf_web_debug }}
+proxy_setup = {{ faf_web_proxy_setup }}
+secret_key = {{ faf_web_secret_key }}
+{% if faf_web_on_root %}
+url = https://{{ domain }}/
+{% else %}
+url = https://{{ domain }}/faf/
+{% endif %}
+server_name = {{ faf_server_name }}
+brand_title = {{ faf_web_brand_title }}
+brand_subtitle = {{ faf_web_brand_subtitle }}
+
+{% if faf_web_fedmenu_url %}
+fedmenu_url = {{ faf_web_fedmenu_url }}
+fedmenu_data_url = {{ faf_web_fedmenu_data_url }}
+{% endif %}
+
+# When OpenID login is disabled, this option can be used to override permission
+# checks and make everyone a package maintainer.
+# In that case no login is necessary to access maintainer-only actions.
+everyone_is_maintainer = {{ faf_web_everyone_is_admin }}
+# When OpenID login is disabled, this option can be used to override permission
+# checks and make everyone an admin.
+# In that case no login is necessary to access admin-only actions.
+everyone_is_admin = {{ faf_web_everyone_is_maintainer }}
+
+[openid]
+enabled = {{ faf_web_openid }}
+
+{% if faf_web_openid_privileged_teams %}
+privileged_teams = {{ faf_web_openid_privileged_teams }}
+{% endif %}
+
+[DumpDir]
+CacheDirectory = /var/spool/faf/dumpdirs
+CacheDirectoryCountQuota = 100
+CacheDirectorySizeQuota = 107374182400
+MaxDumpDirSize = 1073741824
+
+[cache]
+#types:
+#  null - no caching
+#  simple - process-local memory cache
+#  memcached - requires pylibmc
+type = {{ faf_web_cache_type }}
+memcached_host = localhost
+memcached_port = {{ memcached_port }}
+memcached_key_prefix = webfaf

roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2

@@ -0,0 +1,56 @@
+#{{ ansible_managed }}
+# WSGI handler
+WSGIPythonOptimize 1
+WSGISocketPrefix /var/spool/faf/wsgi
+WSGIDaemonProcess faf user=faf group=faf processes=3 threads=5
+
+{% if ansible_os_family == 'RedHat' and ansible_distribution_major_version == '6' %}
+  {% set python = 'python2.6' %}
+{% else %}
+  {% set python = 'python2.7' %}
+{% endif %}
+
+WSGIScriptAlias / /usr/lib/{{ python }}/site-packages/webfaf/hub.wsgi process-group=faf application-group=%{GLOBAL}
+
+<Location />
+    <IfModule mod_authz_core.c>
+        # Apache 2.4
+       Require all granted
+    </IfModule>
+    <IfModule !mod_authz_core.c>
+        # Apache 2.2
+        Order allow,deny
+        Allow from all
+    </IfModule>
+</Location>
+
+# project main
+<Directory "/usr/lib/{{ python }}/site-packages/webfaf/">
+    Options Indexes
+    IndexOptions FancyIndexing
+    <IfModule mod_authz_core.c>
+        # Apache 2.4
+       Require all granted
+    </IfModule>
+    <IfModule !mod_authz_core.c>
+        # Apache 2.2
+        Order allow,deny
+        Allow from all
+    </IfModule>
+</Directory>
+
+# static
+Alias /static "/usr/share/faf/web/static"
+<Directory "/usr/share/faf/web/static">
+    Options Indexes
+    IndexOptions FancyIndexing
+    <IfModule mod_authz_core.c>
+        # Apache 2.4
+       Require all granted
+    </IfModule>
+    <IfModule !mod_authz_core.c>
+        # Apache 2.2
+        Order allow,deny
+        Allow from all
+    </IfModule>
+</Directory>

roles/abrt/how-to-update.txt

@@ -0,0 +1,2 @@
+# WARNING - this will override all local changes. Please rebase after this command.
+ansible-galaxy install -f -r requirements.yml --ignore-errors -p ./

roles/abrt/requirements.yml

@@ -0,0 +1,3 @@
+# Install a role from GitHub
+- name: faf
+  src: https://github.com/abrt/ansible-role-faf.git