Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Add a new bodhi2 role

Browse source
This commit is contained in:
Luke Macken 2015-06-07 19:11:50 +00:00
parent 2872ff6f9f
commit 8c2130080c
25 changed files with 2527 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

15
roles/bodhi2/backend/files/bodhi-masher.conf Normal file
View file

@ -0,0 +1,15 @@
Alias /updates/static /usr/share/bodhi/static
WSGISocketPrefix run/wsgi
WSGIRestrictSignal Off
WSGIDaemonProcess bodhi user=masher group=masher display-name=bodhi
WSGIPythonOptimize 1
WSGIScriptAlias /updates /usr/share/bodhi/bodhi.wsgi/updates
<Directory /usr/share/bodhi>
WSGIProcessGroup bodhi
Order deny,allow
Allow from all
</Directory>

17
roles/bodhi2/backend/files/el6-epel-testing.mash Normal file
View file

@ -0,0 +1,17 @@
# mash config file
[el6-epel-testing]
rpm_path = %(arch)s/
source_path = SRPMS/
debuginfo_path = %(arch)s/debug
debuginfo = True
multilib = True
multilib_method = devel
tag = dist-6E-epel-testing
inherit = False
strict_keys = True
keys = 0608b895
use_repoview = True
repoviewurl = http://download.fedoraproject.org/pub/epel/testing/6/%(arch)s/
repoviewtitle = "Fedora EPEL Testing 6 - %(arch)s"
arches = i386 x86_64 ppc64

17
roles/bodhi2/backend/files/el6-epel.mash Normal file
View file

@ -0,0 +1,17 @@
# mash config file
[el6-epel]
rpm_path = %(arch)s/
source_path = SRPMS/
debuginfo_path = %(arch)s/debug
debuginfo = True
multilib = True
multilib_method = devel
tag = dist-6E-epel
inherit = False
strict_keys = True
keys = 0608b895
use_repoview = True
repoviewurl = http://download.fedoraproject.org/pub/epel/6/%(arch)s/
repoviewtitle = "Fedora EPEL 6 - %(arch)s"
arches = i386 x86_64 ppc64

18
roles/bodhi2/backend/files/epel7-testing.mash Normal file
View file

@ -0,0 +1,18 @@
# mash config file
[epel7-testing]
rpm_path = %(arch)s/
source_path = SRPMS/
debuginfo_path = %(arch)s/debug
debuginfo = True
multilib = False
tag = epel7-testing
inherit = False
strict_keys = True
keys = 352C64E5
use_repoview = True
repoviewurl = http://download.fedoraproject.org/pub/epel/testing/7/%(arch)s/
repoviewtitle = "Fedora EPEL Testing 7 - %(arch)s"
arches = x86_64 ppc64
hash_packages = True
delta = False

18
roles/bodhi2/backend/files/epel7.mash Normal file
View file

@ -0,0 +1,18 @@
# mash config file
[epel7]
rpm_path = %(arch)s/
source_path = SRPMS/
debuginfo_path = %(arch)s/debug
debuginfo = True
multilib = False
tag = epel7
inherit = False
strict_keys = True
keys = 352C64E5
use_repoview = True
repoviewurl = http://download.fedoraproject.org/pub/epel/7/%(arch)s/
repoviewtitle = "Fedora EPEL 7 - %(arch)s"
arches = x86_64 ppc64
hash_packages = True
delta = False

21
roles/bodhi2/backend/files/f20-updates-testing.mash Normal file
View file

@ -0,0 +1,21 @@
# mash config file
[f20-updates-testing]
rpm_path = %(arch)s/
source_path = SRPMS/
debuginfo = True
multilib = True
multilib_method = devel
tag = f20-updates-testing
inherit = False
strict_keys = True
keys = 246110C1
repoviewurl = http://download.fedoraproject.org/pub/fedora/linux/updates/testing/20/%(arch)s/
repoviewtitle = "Fedora 20 Updates Testing - %(arch)s"
arches = armhfp i386 x86_64
delta = True
#delta_dirs = /pub/fedora/linux/releases/20/Everything/%(arch)s/os/,/mnt/koji/mash/updates/f20-updates/%(arch)s/
#parent_repos = http://download.fedoraproject.org/pub/fedora/linux/updates/20/%(arch)s, http://download.fedoraproject.org/pub/fedora/linux/releases/20/Everything/%(arch)s/os
# point to branched till we release then use above
delta_dirs = /pub/fedora/linux/development/20/%(arch)s/os/
parent_repos = http://download.fedoraproject.org/pub/fedora/linux/development/20/%(arch)s/os/

20
roles/bodhi2/backend/files/f20-updates.mash Normal file
View file

@ -0,0 +1,20 @@
[f20-updates]
rpm_path = %(arch)s/
source_path = SRPMS/
debuginfo = True
multilib = True
multilib_method = devel
tag = f20-updates
inherit = False
strict_keys = True
keys = 246110C1
repoviewurl = http://download.fedoraproject.org/pub/fedora/linux/updates/20/%(arch)s/
repoviewtitle = "Fedora 20 Updates - %(arch)s"
arches = armhfp i386 x86_64
delta = True
#generate deltas against branched
delta_dirs = /pub/fedora/linux/development/20/%(arch)s/os/,/mnt/koji/mash/updates/f20-updates/%(arch)s/
parent_repos = http://download.fedoraproject.org/pub/fedora/linux/development/20/%(arch)s/os
# Bellow needs enabling at GA
#delta_dirs = /pub/fedora/linux/releases/20/Everything/%(arch)s/os/,/mnt/koji/mash/updates/f20-updates/%(arch)s/
#parent_repos = http://download.fedoraproject.org/pub/fedora/linux/releases/20/Everything/%(arch)s/os

22
roles/bodhi2/backend/files/f21-updates-testing.mash Normal file
View file

@ -0,0 +1,22 @@
# mash config file
[f21-updates-testing]
rpm_path = %(arch)s/
source_path = SRPMS/
debuginfo = True
multilib = True
multilib_method = devel
tag = f21-updates-testing
inherit = False
strict_keys = True
keys = 95A43F54
repoviewurl = http://download.fedoraproject.org/pub/fedora/linux/updates/testing/21/%(arch)s/
repoviewtitle = "Fedora 21 Updates Testing - %(arch)s"
arches = armhfp i386 x86_64
hash_packages = True
delta = True
delta_dirs = /pub/fedora/linux/releases/21/Everything/%(arch)s/os/,/mnt/koji/mash/updates/f21-updates/%(arch)s/
parent_repos = http://download.fedoraproject.org/pub/fedora/linux/updates/21/%(arch)s, http://download.fedoraproject.org/pub/fedora/linux/releases/21/Everything/%(arch)s/os
# point to branched till we release then use above
#delta_dirs = /pub/fedora/linux/development/21/%(arch)s/os/
#parent_repos = http://download.fedoraproject.org/pub/fedora/linux/development/21/%(arch)s/os/

20
roles/bodhi2/backend/files/f21-updates.mash Normal file
View file

@ -0,0 +1,20 @@
[f21-updates]
rpm_path = %(arch)s/
source_path = SRPMS/
debuginfo = True
multilib = True
multilib_method = devel
tag = f21-updates
inherit = False
strict_keys = True
keys = 95A43F54
repoviewurl = http://download.fedoraproject.org/pub/fedora/linux/updates/21/%(arch)s/
repoviewtitle = "Fedora 21 Updates - %(arch)s"
arches = armhfp i386 x86_64
hash_packages = True
delta = True
#generate deltas against branched
#delta_dirs = /pub/fedora/linux/development/21/%(arch)s/os/,/mnt/koji/mash/updates/f21-updates/%(arch)s/
#parent_repos = http://download.fedoraproject.org/pub/fedora/linux/development/21/%(arch)s/os
delta_dirs = /pub/fedora/linux/releases/21/Everything/%(arch)s/os/,/mnt/koji/mash/updates/f21-updates/%(arch)s/
parent_repos = http://download.fedoraproject.org/pub/fedora/linux/releases/21/Everything/%(arch)s/os

22
roles/bodhi2/backend/files/f22-updates-testing.mash Normal file
View file

@ -0,0 +1,22 @@
# mash config file
[f22-updates-testing]
rpm_path = %(arch)s/
source_path = SRPMS/
debuginfo = True
multilib = True
multilib_method = devel
tag = f22-updates-testing
inherit = False
strict_keys = True
keys = 8E1431D5
repoviewurl = http://download.fedoraproject.org/pub/fedora/linux/updates/testing/22/%(arch)s/
repoviewtitle = "Fedora 22 Updates Testing - %(arch)s"
arches = armhfp i386 x86_64
hash_packages = True
delta = True
#delta_dirs = /pub/fedora/linux/releases/22/Everything/%(arch)s/os/,/mnt/koji/mash/updates/f22-updates/%(arch)s/
#parent_repos = http://download.fedoraproject.org/pub/fedora/linux/updates/22/%(arch)s, http://download.fedoraproject.org/pub/fedora/linux/releases/22/Everything/%(arch)s/os
# point to branched till we release then use above
delta_dirs = /pub/fedora/linux/development/22/%(arch)s/os/
parent_repos = http://download.fedoraproject.org/pub/fedora/linux/development/22/%(arch)s/os/

20
roles/bodhi2/backend/files/f22-updates.mash Normal file
View file

@ -0,0 +1,20 @@
[f22-updates]
rpm_path = %(arch)s/
source_path = SRPMS/
debuginfo = True
multilib = True
multilib_method = devel
tag = f22-updates
inherit = False
strict_keys = True
keys = 8E1431D5
repoviewurl = http://download.fedoraproject.org/pub/fedora/linux/updates/22/%(arch)s/
repoviewtitle = "Fedora 22 Updates - %(arch)s"
arches = armhfp i386 x86_64
hash_packages = True
delta = True
#generate deltas against branched
delta_dirs = /pub/fedora/linux/development/22/%(arch)s/os/,/mnt/koji/mash/updates/f22-updates/%(arch)s/
parent_repos = http://download.fedoraproject.org/pub/fedora/linux/development/22/%(arch)s/os
#delta_dirs = /pub/fedora/linux/releases/22/Everything/%(arch)s/os/,/mnt/koji/mash/updates/f22-updates/%(arch)s/
#parent_repos = http://download.fedoraproject.org/pub/fedora/linux/releases/22/Everything/%(arch)s/os

111
roles/bodhi2/backend/files/fedora-epel-push Executable file
View file

@ -0,0 +1,111 @@
#!/bin/sh
SOURCE=/mnt/koji/mash/updates
DEST=/pub/epel/
OPTIONS="-rlptDvHh --stats --delay-updates $RSYNC_OPTS"
for rel in 5 6; do
OUTPUT1=$(rsync $OPTIONS --exclude "repodata/*" --exclude "headers/*" \
$SOURCE/el$rel-epel/ $DEST/$rel/)
OUTPUT2=$(rsync $OPTIONS --delete --delete-delay \
$SOURCE/el$rel-epel/ $DEST/$rel/)
# Grep out some signals from the stats
bytes=$(echo "$OUTPUT1" | grep "Literal data" | awk ' { print $3 } ')
deleted=$(echo "$OUTPUT2" | grep "deleting " | wc -l)
# If anything changed, then publish a fedmsg message as bodhi.updates.sync
if [ "$bytes" != "0" -o "$deleted" != "0" ]; then
echo "{\"bytes\": \"$bytes\", \"deleted\": \"$deleted\", \"repo\": \"epel\", \"release\": \"$rel\"}" | fedmsg-logger \
--cert-prefix ftpsync \
--modname bodhi \
--topic updates.epel.sync \
--json-input &> /dev/null
fi
OUTPUT1=$(rsync $OPTIONS --exclude "repodata/*" --exclude "headers/*" \
$SOURCE/el$rel-epel-testing/ $DEST/testing/$rel/)
OUTPUT2=$(rsync $OPTIONS --delete --delete-delay \
$SOURCE/el$rel-epel-testing/ $DEST/testing/$rel/)
# Grep out some signals from the stats
bytes=$(echo "$OUTPUT1" | grep "Literal data" | awk ' { print $3 } ')
deleted=$(echo "$OUTPUT2" | grep "deleting " | wc -l)
# If anything changed, then publish a fedmsg message as bodhi.updates.sync
if [ "$bytes" != "0" -o "$deleted" != "0" ]; then
echo "{\"bytes\": \"$bytes\", \"deleted\": \"$deleted\", \"repo\": \"epel-testing\", \"release\": \"$rel\"}" | fedmsg-logger \
--cert-prefix ftpsync \
--modname bodhi \
--topic updates.epel.sync \
--json-input &> /dev/null
fi
done
for rel in 7; do
OUTPUT1=$(rsync $OPTIONS --exclude "repodata/*" \
$SOURCE/epel$rel/ $DEST/$rel/)
OUTPUT2=$(rsync $OPTIONS --delete --delete-delay \
$SOURCE/epel$rel/ $DEST/$rel/)
# Grep out some signals from the stats
bytes=$(echo "$OUTPUT1" | grep "Literal data" | awk ' { print $3 } ')
deleted=$(echo "$OUTPUT2" | grep "deleting " | wc -l)
# If anything changed, then publish a fedmsg message as bodhi.updates.sync
if [ "$bytes" != "0" -o "$deleted" != "0" ]; then
echo "{\"bytes\": \"$bytes\", \"deleted\": \"$deleted\", \"repo\": \"epel\", \"release\": \"$rel\"}" | fedmsg-logger \
--cert-prefix ftpsync \
--modname bodhi \
--topic updates.epel.sync \
--json-input &> /dev/null
fi
OUTPUT1=$(rsync $OPTIONS --exclude "repodata/*" \
$SOURCE/epel$rel-testing/ $DEST/testing/$rel/)
OUTPUT2=$(rsync $OPTIONS --delete --delete-delay \
$SOURCE/epel$rel-testing/ $DEST/testing/$rel/)
# Grep out some signals from the stats
bytes=$(echo "$OUTPUT1" | grep "Literal data" | awk ' { print $3 } ')
deleted=$(echo "$OUTPUT2" | grep "deleting " | wc -l)
# If anything changed, then publish a fedmsg message as bodhi.updates.sync
if [ "$bytes" != "0" -o "$deleted" != "0" ]; then
echo "{\"bytes\": \"$bytes\", \"deleted\": \"$deleted\", \"repo\": \"epel-testing\", \"release\": \"$rel\"}" | fedmsg-logger \
--cert-prefix ftpsync \
--modname bodhi \
--topic updates.epel.sync \
--json-input &> /dev/null
fi
done
for rel in 5 6 7; do
if [ ${rel} -eq 7 ]; then
TARGET_DIR=${DEST}/${rel}/x86_64/e
else
TARGET_DIR=${DEST}/${rel}/x86_64
fi
if [ -f ${TARGET_DIR}/epel-release*rpm ]; then
# We have a file to match. [This may sort wrong at -9 -> -10]
CANDIDATE=$( ls ${TARGET_DIR}/epel-release-*rpm | sort | tail -n 1)
TARGET=${DEST}/epel-release-latest-${rel}.noarch.rpm
# Does our symbolic link exist?
if [ -L ${TARGET} ]; then
# check to see if the link matches the candidate
TEST=$( readlink ${TARGET} )
if [ ${TEST} != ${CANDIDATE} ]; then
ln -sf $(echo ${CANDIDATE}|sed -e "s|$DEST|./|g" -e 's|//|/|g') ${TARGET}
fi
else
# first time for everything.
ln -sf $(echo ${CANDIDATE}|sed -e "s|$DEST|./|g" -e 's|//|/|g') ${TARGET}
fi
else
echo "No target file for epel-release ${rel} to link against."
fi
done

72
roles/bodhi2/backend/files/fedora-updates-push Executable file
View file

@ -0,0 +1,72 @@
#!/bin/sh
SOURCE=/mnt/koji/mash/updates
DEST=/pub/fedora/linux/updates/
ATOMICSOURCE=/mnt/koji/mash/atomic/
ATOMICDEST=/pub/fedora/linux/atomic/
OPTIONS="-rlptDvHh --stats --delay-updates $RSYNC_OPTS"
for rel in 20 21 22; do
OUTPUT1=$(rsync $OPTIONS --exclude "repodata/*" \
$SOURCE/f$rel-updates/ $DEST/$rel/ --link-dest $DEST/testing/$rel/)
OUTPUT2=$(rsync $OPTIONS --delete --delete-delay --exclude=Live --exclude=Images \
$SOURCE/f$rel-updates/ $DEST/$rel/)
# Grep out some signals from the stats
bytes=$(echo "$OUTPUT1" | grep "Literal data" | awk ' { print $3 } ')
deleted=$(echo "$OUTPUT2" | grep "deleting " | wc -l)
# If anything changed, then publish a fedmsg message as bodhi.updates.sync
if [ "$bytes" != "0" -o "$deleted" != "0" ]; then
echo "{\"bytes\": \"$bytes\", \"deleted\": \"$deleted\", \"repo\": \"updates\", \"release\": \"$rel\"}" | fedmsg-logger \
--cert-prefix ftpsync \
--modname bodhi \
--topic updates.fedora.sync \
--json-input &> /dev/null
fi
done
for rel in 20 21 22; do
OUTPUT1=$(rsync $OPTIONS --exclude "repodata/*" \
$SOURCE/f$rel-updates-testing/ $DEST/testing/$rel/)
OUTPUT2=$(rsync $OPTIONS --delete --delete-delay --exclude=Live --exclude=Images \
$SOURCE/f$rel-updates-testing/ $DEST/testing/$rel/)
# Grep out some signals from the stats
bytes=$(echo "$OUTPUT1" | grep "Literal data" | awk ' { print $3 } ')
deleted=$(echo "$OUTPUT2" | grep "deleting " | wc -l)
# If anything changed, then publish a fedmsg message as bodhi.updates.sync
if [ "$bytes" != "0" -o "$deleted" != "0" ]; then
echo "{\"bytes\": \"$bytes\", \"deleted\": \"$deleted\", \"repo\": \"updates-testing\", \"release\": \"$rel\"}" | fedmsg-logger \
--cert-prefix ftpsync \
--modname bodhi \
--topic updates.fedora.sync \
--json-input &> /dev/null
fi
done
for rel in 21 22; do
OUTPUT1=$(rsync $OPTIONS --ignore-existing \
$ATOMICSOURCE/$rel/objects/ $ATOMICDEST/$rel/objects/)
OUTPUT2=$(rsync $OPTIONS --delete --delete-delay --exclude=objects/ \
$ATOMICSOURCE/$rel/ $ATOMICDEST/$rel/)
# Grep out some signals from the stats
bytes=$(echo "$OUTPUT1" | grep "Literal data" | awk ' { print $3 } ')
deleted=$(echo "$OUTPUT2" | grep "deleting " | wc -l)
# If anything changed, then publish a fedmsg message as bodhi.updates.sync
if [ "$bytes" != "0" -o "$deleted" != "0" ]; then
echo "{\"bytes\": \"$bytes\", \"deleted\": \"$deleted\", \"repo\": \"atomic\", \"release\": \"$rel\"}" | fedmsg-logger \
--cert-prefix ftpsync \
--modname bodhi \
--topic updates.fedora.sync \
--json-input &> /dev/null
fi
done

20
roles/bodhi2/backend/files/update-fullfilelist Executable file
View file

@ -0,0 +1,20 @@
#!/bin/bash
# currently runs on releng2.fedora.phx.redhat.com
MOD=$1
[ -z "$MOD" ] && {
echo "usage: $0 <module>"
exit 1
}
TMPFILE=$(mktemp -p /tmp/)
pushd /pub/$MOD > /dev/null
find * -print > $TMPFILE
if diff $TMPFILE fullfilelist > /dev/null; then
rm -f $TMPFILE
else
mv $TMPFILE fullfilelist
fi
chmod 0644 fullfilelist
popd > /dev/null

3
roles/bodhi2/backend/meta/main.yml Normal file
View file

@ -0,0 +1,3 @@
---
dependencies:
- { role: bodhi/base }

215
roles/bodhi2/backend/tasks/main.yml Normal file
View file

@ -0,0 +1,215 @@
---
# tasklist for setting up bodhi/masher (requires bodhi/base)
# This is the base set of files needed for bodhi/masher
- name: add ftpsync group
group: name=ftpsync gid=263 system=yes state=present
- name: add ftpsync user
user: name=ftpsync uid=263 group=ftpsync createhome=yes system=yes state=present
- name: add the ftpsync update-fullfilelist script
copy: src=update-fullfilelist dest=/usr/local/bin/update-fullfilelist owner=ftpsync group=ftpsync mode=555
- name: add masher group
group: name=masher gid=751 system=yes state=present
# masher user 751
- name: add masher user as 751 - and group
user: name=masher uid=751 group=masher home=/home/masher groups=mock,ftpsync
- name: install needed packages
yum: pkg={{ item }} state=present
with_items:
- python-fedora-turbogears
tags:
- packages
- name: install bodhi-masher /etc/httpd/conf.d/bodhi.conf file
copy: >
src="bodhi-masher.conf"
dest="/etc/httpd/conf.d/bodhi.conf"
owner=root
group=root
mode=0644
notify:
- restart httpd
tags:
- config
- name: change owner and group attributes of bodhi.pem file
file: >
path="/etc/pki/bodhi/bodhi.pem"
owner=masher
group=masher
when: inventory_hostname.startswith('bodhi-backend')
tags:
- config
- name: change owner and group attributes of /var/log/bodhi directory
file: path=/var/log/bodhi owner=masher group=masher
when: inventory_hostname.startswith('bodhi-backend')
tags:
- config
- name: setup /etc/bodhi/mash.conf file...
template: >
src=mash.conf
dest=/etc/bodhi/mash.conf
owner=masher
group=masher
mode=0640
tags:
- config
- name: change type part of SELinux file context
file: >
dest=/var/tmp/bodhi/comps/
setype=httpd_sys_script_rw_t
state=directory
recurse=yes
tags:
- config
- name: change owner attribute of /var/tmp/bodhi-bz.cookie file
file: >
path=/var/tmp/bodhi-bz.cookie
owner=masher
tags:
- config
- name: install /etc/bodhi/*.mash files
copy: >
src="{{ item }}"
dest="/etc/bodhi/{{ item }}"
owner=masher
mode=0640
with_items:
- f20-updates.mash
- f20-updates-testing.mash
- f21-updates.mash
- f21-updates-testing.mash
- f22-updates.mash
- f22-updates-testing.mash
- el6-epel.mash
- el6-epel-testing.mash
- epel7.mash
- epel7-testing.mash
tags:
- config
# tasks for setting up epelmasher
- name: install needed packages
yum: pkg={{ item }} state=present
with_items:
- repoview
tags:
- packages
- name: install bodhi-epel-masher /etc/bodhi/bodhi.cfg file
template: >
src="bodhi-epel-masher.cfg.j2"
dest="/etc/bodhi/bodhi.cfg"
owner=masher
group=masher
mode=0600
when: inventory_hostname.startswith('bodhi-backend02')
notify:
- restart httpd
tags:
- config
# tasklist for setting up jobrunner
- name: install bodhi-masher-jobrunner /etc/bodhi/bodhi.cfg file
template: >
src="bodhi-masher-jobrunner.cfg.j2"
dest="/etc/bodhi/bodhi.cfg"
owner=masher
group=masher
mode=0600
when: inventory_hostname.startswith('bodhi-backend01')
notify:
- restart httpd
tags:
- config
#
# cron job that syncs packages to koji
#
- name: put owner-sync-pkgdb in place
template: src=owner-sync-pkgdb.j2 dest=/usr/local/bin/owner-sync-pkgdb mode=0755
tags:
- config
- name: sync packages from pkgdb2 to koji (el5)
cron: name="owner-sync-el5" minute="7,17,27,37,47,57" user="root"
job="/usr/local/bin/owner-sync-pkgdb dist-5E-epel"
cron_file=update-koji-owner-EL-5
when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
- name: sync packages from pkgdb2 to koji (el6)
cron: name="owner-sync-el5" minute="7,17,27,37,47,57" user="root"
job="/usr/local/bin/owner-sync-pkgdb dist-6E-epel"
cron_file=update-koji-owner-EL-6
when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
- name: sync packages from pkgdb2 to koji (epel7)
cron: name="owner-sync-el5" minute="7,17,27,37,47,57" user="root"
job="/usr/local/bin/owner-sync-pkgdb epel7"
cron_file=update-koji-owner-epel7
when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
- name: sync packages from pkgdb2 to koji (f20)
cron: name="owner-sync-el5" minute="7,17,27,37,47,57" user="root"
job="/usr/local/bin/owner-sync-pkgdb f20"
cron_file=update-koji-owner-f20
state=absent
when: inventory_hostname.startswith('bodhi-backend01')
#
# cron job that syncs updates to master mirror
#
- name: put fedora-updates-push in place
copy: src=fedora-updates-push dest=/usr/local/bin/fedora-updates-push mode=0755
tags:
- config
when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
- name: put fedora-epel-push in place
copy: src=fedora-epel-push dest=/usr/local/bin/fedora-epel-push mode=0755
tags:
- config
when: inventory_hostname.startswith('bodhi-backend02') and env == "production"
- name: put update-fullfilelist in place
copy: src=update-fullfilelist dest=/usr/local/bin/update-fullfilelist mode=0755
tags:
- config
when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
- name: Updates sync cron job.
cron: name="updates-sync" minute="15,45" user="ftpsync"
job="/usr/local/bin/lock-wrapper fedora-updates-push '/usr/local/bin/fedora-updates-push && /usr/local/bin/update-fullfilelist fedora"
cron_file=updates-sync
when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
tags:
- config
- name: epel Updates sync cron job.
cron: name="epel-updates-sync" minute="15,45" user="ftpsync"
job="/usr/local/bin/lock-wrapper fedora-epel-push '/usr/local/bin/fedora-epel-push && /usr/local/bin/update-fullfilelist epel"
cron_file=updates-sync
when: inventory_hostname.startswith('bodhi-backend02') and env == "production"
tags:
- config
- name: directory sizes update cron job.
cron: name="directory-sizes-update" minute="30" hour="19" user="ftpsync"
job="/usr/bin/find /srv/pub/alt/ /srv/pub/archive/ /srv/pub/fedora-secondary/ /srv/pub/fedora/ /srv/pub/epel/ -type d ! -path '/srv/pub/fedora/.snapshot*' ! -path '/srv/pub/epel/.snapshot*' ! -path '/srv/pub/alt/.snapshot*' ! -path '/srv/pub/archive/.snapshot*' ! -path '/srv/pub/fedora-secondary/.snapshot*' ! -path '/srv/pub/alt/stage*' ! -path '/srv/pub/alt/tmp' ! -path '/srv/pub/alt/screenshots/f21/source' | grep -v snapshot | /usr/bin/xargs -n 1 /usr/bin/du --exclude=.snapshot --exclude=stage -sh > /tmp/DIRECTORY_SIZES.txt 2> /dev/null; cp /tmp/DIRECTORY_SIZES.txt /srv/pub/"
cron_file=directory-sizes-update
when: inventory_hostname.startswith('bodhi-backend02') and env == "production"
tags:
- config

152
roles/bodhi2/backend/templates/bodhi-epel-masher.cfg.j2 Normal file
View file

@ -0,0 +1,152 @@
[global]
##
## Bodhi Production Masher Configuration
##
## $Id: bodhi-prod.cfg.erb,v 1.8 2008/05/21 23:38:07 lmacken Exp $
##
arches = 'i386 x86_64 ppc/ppc64'
# EPEL specific configuration
epel7_arches = 'x86_64 ppc64'
epel7-testing_arches = 'x86_64 ppc64'
el6-epel_arches = 'x86_64 i386 ppc64'
el6-epel-testing_arches = 'x86_64 i386 ppc64'
el5-epel_arches = 'x86_64 i386 ppc'
el5-epel-testing_arches = 'x86_64 i386 ppc'
# For pushing EPEL updates from the masher
bodhi_url = 'http://localhost/updates'
sqlobject.dburi="notrans_postgres://bodhi:{{ bodhiPassword }}@db-bodhi/bodhi"
masher = None # we are the masher
server.socket_port=8084
server.environment="production"
autoreload.on = False
server.webpath="/updates"
server.log_file = "server.log"
server.log_to_screen = False
server.thread_pool = 50
server.socket_queue_size = 30
# We probably want to have apache do this for us...
#gzipFilter.on = True
session_filter.on = False
base_url_filter.on = True
base_url_filter.use_x_forwarded_host = False
base_url_filter.base_url = 'https://admin.fedoraproject.org'
tg.strict_parameters = True
tg.ignore_parameters = ["_csrf_token"]
# Periodic jobs
jobs = ''
# Query the Fedora Package Database for the list of Critical Path Packages.
critpath.type = 'pkgdb'
# FAS2
#sqlalchemy.dburi="sqlite:///"
fas.url = 'https://admin.fedoraproject.org/accounts/'
identity.provider='jsonfas2'
identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity"
visit.manager="jsonfas2"
visit.saprovider.model="fedora.accounts.tgfas.Visit"
visit.cookie.secure = True
# Our identity that we use to fetch bugzilla details and such
bodhi_password='<%= bodhiBugzillaPassword %>'
bodhi_email = 'updates@fedoraproject.org'
# TurboMail 3.0 settings
mail.on = True
mail.transport = 'smtp'
mail.smtp.server = 'bastion'
# The 'utf-8-qp' encoding causes problems with TurboMail 3.x
# https://fedorahosted.org/bodhi/ticket/648
mail.message.encoding = 'utf-8'
notice_sender = 'updates@fedoraproject.org'
security_team = 'security_respons-members@fedoraproject.org'
release_team_address = 'bodhiadmin-members@fedoraproject.org'
fedora_announce_list = 'package-announce@lists.fedoraproject.org'
fedora_test_announce_list = 'test@lists.fedoraproject.org'
fedora_epel_announce_list = 'epel-package-announce@lists.fedoraproject.org'
fedora_epel_test_announce_list = 'epel-devel@lists.fedoraproject.org'
build_dir = '/mnt/koji/packages'
mashed_dir = '/mnt/koji/mash/updates/'
mashed_stage_dir = '/mnt/koji/mash/updates/'
mash_conf = '/etc/bodhi/mash.conf'
comps_dir = '/var/tmp/bodhi/comps'
base_address = 'https://admin.fedoraproject.org'
#bz_server = 'https://bzprx.vip.phx.redhat.com/xmlrpc.cgi'
bz_server = 'https://bugzilla.redhat.com/xmlrpc.cgi'
bz_cookie = '/var/tmp/bodhi-bz.cookie'
bz_products = 'Fedora,Fedora EPEL,oVirt'
acl_system = 'pkgdb'
pkgdb_url = 'https://admin.fedoraproject.org/pkgdb'
buildsystem = 'koji'
client_cert = '/etc/pki/bodhi/bodhi.pem'
clientca_cert = '/etc/pki/bodhi/fedora-upload-ca.cert'
serverca_cert = '/etc/pki/bodhi/fedora-server-ca.cert'
masher_lock_id = 'FEDORA-EPEL'
master_repomd = 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%d/%s/repodata/repomd.xml'
fedora_master_repomd = 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%d/%s/repodata/repomd.xml'
fedora_epel_master_repomd = 'http://download01.phx2.fedoraproject.org/pub/epel/%d/%s/repodata/repomd.xml'
[logging]
[[handlers]]
[[[debug_out]]]
class='TimedRotatingFileHandler'
args="('/var/log/bodhi/server.log', 'D', 7)"
level='DEBUG'
formatter='full_content'
[[[access_out]]]
class='TimedRotatingFileHandler'
level='INFO'
args="('/var/log/bodhi/access.log', 'D', 7)"
formatter='message_only'
[[[error_out]]]
class='TimedRotatingFileHandler'
args="('/var/log/bodhi/server.log', 'D', 7)"
level='ERROR'
formatter='full_content'
[[loggers]]
[[[bodhi]]]
level='DEBUG'
qualname='bodhi'
handlers=['debug_out']
propagate=0
[[[allinfo]]]
level='INFO'
handlers=['debug_out']
propagate=0
#[[[access]]]
#level='INFO'
#qualname='turbogears.access'
#handlers=['debug_out']
[[[turbomail]]]
level='INFO'
qualname='turbomail'
handlers=['debug_out']

159
roles/bodhi2/backend/templates/bodhi-masher-jobrunner.cfg.j2 Normal file
View file

@ -0,0 +1,159 @@
[global]
##
## Bodhi Production Masher Configuration
##
## $Id: bodhi-prod.cfg.erb,v 1.8 2008/05/21 23:38:07 lmacken Exp $
##
# Release status
# pre-beta enforces the 'Pre Beta' policy defined here:
# https://fedoraproject.org/wiki/Updates_Policy
f22.status = 'pre_beta'
f22.post_beta.mandatory_days_in_testing = 7
f22.post_beta.critpath.num_admin_approvals = 0
f22.post_beta.critpath.min_karma = 2
f22.post_beta.critpath.stable_after_days_without_negative_karma = 14
f22.pre_beta.mandatory_days_in_testing = 3
f22.pre_beta.critpath.num_admin_approvals = 0
f22.pre_beta.critpath.min_karma = 1
sqlobject.dburi="notrans_postgres://bodhi:{{ bodhiPassword }}@db-bodhi/bodhi"
masher = None # we are the masher
server.socket_port=8084
server.environment="production"
autoreload.on = False
server.webpath="/updates"
server.log_file = "server.log"
server.log_to_screen = False
server.thread_pool = 50
server.socket_queue_size = 30
# We probably want to have apache do this for us...
#gzipFilter.on = True
session_filter.on = False
base_url_filter.on = True
base_url_filter.use_x_forwarded_host = False
base_url_filter.base_url = 'https://admin.fedoraproject.org'
tg.strict_parameters = True
tg.ignore_parameters = ["_csrf_token"]
# Periodic jobs
jobs = 'nagmail cache_release_data refresh_metrics approve_testing_updates expire_buildroot_overrides clean_pending_tags'
# Query the Fedora Package Database for the list of Critical Path Packages.
critpath.type = 'pkgdb'
# FAS2
#sqlalchemy.dburi="sqlite:///"
fas.url = 'https://admin.fedoraproject.org/accounts/'
identity.provider='jsonfas2'
identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity"
visit.manager="jsonfas2"
visit.saprovider.model="fedora.accounts.tgfas.Visit"
visit.cookie.secure = True
# Our identity that we use to fetch bugzilla details and such
bodhi_password='<%= bodhiBugzillaPassword %>'
bodhi_email = 'updates@fedoraproject.org'
# TurboMail 3.0 settings
mail.on = True
mail.transport = 'smtp'
mail.smtp.server = 'bastion'
# The 'utf-8-qp' encoding causes problems with TurboMail 3.x
# https://fedorahosted.org/bodhi/ticket/648
mail.message.encoding = 'utf-8'
notice_sender = 'updates@fedoraproject.org'
security_team = 'security_respons-members@fedoraproject.org'
release_team_address = 'bodhiadmin-members@fedoraproject.org'
fedora_announce_list = 'package-announce@lists.fedoraproject.org'
fedora_test_announce_list = 'test@lists.fedoraproject.org'
fedora_epel_announce_list = 'epel-package-announce@lists.fedoraproject.org'
fedora_epel_test_announce_list = 'epel-devel@lists.fedoraproject.org'
build_dir = '/mnt/koji/packages'
mashed_dir = '/mnt/koji/mash/updates/'
mashed_stage_dir = '/mnt/koji/mash/updates/'
mash_conf = '/etc/bodhi/mash.conf'
comps_dir = '/var/tmp/bodhi/comps'
base_address = 'https://admin.fedoraproject.org'
#bz_server = 'https://bzprx.vip.phx.redhat.com/xmlrpc.cgi'
bz_server = 'https://bugzilla.redhat.com/xmlrpc.cgi'
bz_cookie = '/var/tmp/bodhi-bz.cookie'
bz_products = 'Fedora,Fedora EPEL,oVirt'
acl_system = 'pkgdb'
pkgdb_url = 'https://admin.fedoraproject.org/pkgdb'
buildsystem = 'koji'
client_cert = '/etc/pki/bodhi/bodhi.pem'
clientca_cert = '/etc/pki/bodhi/fedora-upload-ca.cert'
serverca_cert = '/etc/pki/bodhi/fedora-server-ca.cert'
masher_lock_id = 'FEDORA'
master_repomd = 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%d/%s/repodata/repomd.xml'
fedora_master_repomd = 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%d/%s/repodata/repomd.xml'
fedora_epel_master_repomd = 'http://download01.phx2.fedoraproject.org/pub/epel/%d/%s/repodata/repomd.xml'
arches = 'i386 x86_64'
[logging]
[[handlers]]
[[[debug_out]]]
class='TimedRotatingFileHandler'
args="('/var/log/bodhi/server.log', 'D', 7)"
level='DEBUG'
formatter='full_content'
[[[access_out]]]
class='TimedRotatingFileHandler'
level='INFO'
args="('/var/log/bodhi/access.log', 'D', 7)"
formatter='message_only'
[[[error_out]]]
class='TimedRotatingFileHandler'
args="('/var/log/bodhi/server.log', 'D', 7)"
level='ERROR'
formatter='full_content'
[[loggers]]
[[[bodhi]]]
level='DEBUG'
qualname='bodhi'
handlers=['debug_out']
propagate=0
[[[allinfo]]]
level='INFO'
handlers=['debug_out']
propagate=0
#[[[access]]]
#level='INFO'
#qualname='turbogears.access'
#handlers=['debug_out']
[[[turbomail]]]
level='INFO'
qualname='turbomail'
handlers=['debug_out']
[[[urllib3]]]
level='WARN'
qualname='urllib3'
handlers=['debug_out']

142
roles/bodhi2/backend/templates/bodhi-masher.cfg.j2 Normal file
View file

@ -0,0 +1,142 @@
[global]
##
## Bodhi Production Masher Configuration
##
## $Id: bodhi-prod.cfg.erb,v 1.8 2008/05/21 23:38:07 lmacken Exp $
##
sqlobject.dburi="notrans_postgres://bodhi:{{ bodhiPassword }}@db-bodhi/bodhi"
masher = None # we are the masher
server.socket_port=8084
server.environment="production"
autoreload.on = False
server.webpath="/updates"
server.log_file = "server.log"
server.log_to_screen = False
server.thread_pool = 50
server.socket_queue_size = 30
# We probably want to have apache do this for us...
#gzipFilter.on = True
session_filter.on = False
base_url_filter.on = True
base_url_filter.use_x_forwarded_host = False
base_url_filter.base_url = 'https://admin.fedoraproject.org'
tg.strict_parameters = True
tg.ignore_parameters = ["_csrf_token"]
# Periodic jobs
jobs = ''
# Query the Fedora Package Database for the list of Critical Path Packages.
# This pkgdb feature is currently broken in staging.
<% if environment == "production" %>
critpath.type = 'pkgdb'
<% end %>
# FAS2
#sqlalchemy.dburi="sqlite:///"
fas.url = 'https://admin.fedoraproject.org/accounts/'
identity.provider='jsonfas2'
identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity"
visit.manager="jsonfas2"
visit.saprovider.model="fedora.accounts.tgfas.Visit"
visit.cookie.secure = True
# Our identity that we use to fetch bugzilla details and such
bodhi_password='<%= bodhiBugzillaPassword %>'
bodhi_email = 'updates@fedoraproject.org'
mail.on = True
mail.server = 'bastion'
notice_sender = 'updates@fedoraproject.org'
security_team = 'security_respons-members@fedoraproject.org'
release_team_address = 'bodhiadmin-members@fedoraproject.org'
fedora_announce_list = 'package-announce@lists.fedoraproject.org'
fedora_test_announce_list = 'test@lists.fedoraproject.org'
fedora_epel_announce_list = 'epel-package-announce@lists.fedoraproject.org'
fedora_epel_test_announce_list = 'epel-devel@lists.fedoraproject.org'
build_dir = '/mnt/koji/packages'
mashed_dir = '/mnt/koji/mash/updates/'
mashed_stage_dir = '/mnt/koji/mash/updates/'
mash_conf = '/etc/bodhi/mash.conf'
comps_dir = '/var/tmp/bodhi/comps'
base_address = 'https://admin.fedoraproject.org'
#bz_server = 'https://bzprx.vip.phx.redhat.com/xmlrpc.cgi'
bz_server = 'https://bugzilla.redhat.com/xmlrpc.cgi'
bz_cookie = '/var/tmp/bodhi-bz.cookie'
bz_products = 'Fedora,Fedora EPEL,oVirt'
acl_system = 'pkgdb'
pkgdb_url = 'https://admin.fedoraproject.org/pkgdb'
buildsystem = 'koji'
client_cert = '/etc/pki/bodhi/bodhi.pem'
clientca_cert = '/etc/pki/bodhi/fedora-upload-ca.cert'
serverca_cert = '/etc/pki/bodhi/fedora-server-ca.cert'
masher_lock_id = 'FEDORA'
master_repomd = 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%d/%s/repodata/repomd.xml'
fedora_master_repomd = 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%d/%s/repodata/repomd.xml'
fedora_epel_master_repomd = 'http://download01.phx2.fedoraproject.org/pub/epel/%d/%s/repodata/repomd.xml'
arches = 'armhfp i386 x86_64'
[logging]
[[handlers]]
[[[debug_out]]]
class='TimedRotatingFileHandler'
args="('/var/log/bodhi/server.log', 'D', 7)"
level='DEBUG'
formatter='full_content'
[[[access_out]]]
class='TimedRotatingFileHandler'
level='INFO'
args="('/var/log/bodhi/access.log', 'D', 7)"
formatter='message_only'
[[[error_out]]]
class='TimedRotatingFileHandler'
args="('/var/log/bodhi/server.log', 'D', 7)"
level='ERROR'
formatter='full_content'
[[loggers]]
[[[bodhi]]]
level='DEBUG'
qualname='bodhi'
handlers=['debug_out']
propagate=0
[[[allinfo]]]
level='INFO'
handlers=['debug_out']
propagate=0
#[[[access]]]
#level='INFO'
#qualname='turbogears.access'
#handlers=['debug_out']
[[[turbomail]]]
level='INFO'
qualname='turbomail'
handlers=['debug_out']
[[[urllib3]]]
level='WARN'
qualname='urllib3'
handlers=['debug_out']

205
roles/bodhi2/backend/templates/bodhi-prod.cfg.erb Normal file
View file

@ -0,0 +1,205 @@
[global]
##
## Bodhi Production Configuration
##
## $Id: bodhi-prod.cfg.erb,v 1.8 2008/05/21 23:38:07 lmacken Exp $
##
# Release status
# pre-beta enforces the 'Pre Beta' policy defined here:
# https://fedoraproject.org/wiki/Updates_Policy
f22.status = 'post_beta'
f22.post_beta.mandatory_days_in_testing = 7
f22.post_beta.critpath.num_admin_approvals = 0
f22.post_beta.critpath.min_karma = 2
f22.post_beta.critpath.stable_after_days_without_negative_karma = 14
f22.pre_beta.mandatory_days_in_testing = 3
f22.pre_beta.critpath.num_admin_approvals = 0
f22.pre_beta.critpath.min_karma = 1
# Bodhi Defaults:
#
# The number of admin approvals it takes to be able to push a critical path
# # update to stable for a pending release.
# critpath.num_admin_approvals = 0
#
# # The net karma required to submit a critial path update to a pending release)
# critpath.min_karma = 2
#
# # Allow critpath to submit for stable after 2 weeks with no negative karma
# critpath.stable_after_days_without_negative_karma = 14
## A notice to flash on the front page
#frontpage_notice = 'Bodhi is now enforcing the <a href="https://fedoraproject.org/wiki/Package_update_acceptance_criteria">Package Update Acceptance Criteria</a> across all Fedora releases.'
## A notice to flash on the New Update page
#newupdate_notice = 'Koji is currently down for a scheduled outage. Please see <a href="http://status.fedoraproject.org/">status.fedoraproject.org</a> for more information'
# Query the Fedora Package Database for the list of Critical Path Packages.
<% if environment == "production" %>
critpath.type = 'pkgdb'
<% else %>
<% end %>
<% if environment == "production" %>
deployment_type = "prod"
<% end %>
<% if environment == "staging" %>
deployment_type = "stg"
<% end %>
<% if environment == "development" %>
deployment_type = "dev"
<% end %>
# We no longer require proventester karma for critpath approval
# https://fedorahosted.org/bodhi/ticket/653
critpath.num_admin_approvals = 0
#f17.pre_beta.critpath.num_admin_approvals = 0
query_wiki_test_cases = True
sqlobject.dburi="notrans_postgres://bodhi:<%= bodhiPassword %>@db-bodhi/bodhi"
masher = 'http://releng04/updates'
# For the build auto-complete widget
tg_mochikit.packed = True
server.socket_port=8084
server.environment="production"
autoreload.on = False
server.webpath="/updates"
server.log_file = "server.log"
server.log_to_screen = False
server.thread_pool = 50
server.socket_queue_size = 30
# We probably want to have apache do this for us...
#gzipFilter.on = True
session_filter.on = False
base_url_filter.on = True
base_url_filter.use_x_forwarded_host = False
<% if environment == "staging" %>
base_url_filter.base_url = 'https://admin.stg.fedoraproject.org'
<% else %>
base_url_filter.base_url = 'https://admin.fedoraproject.org'
<% end %>
tg.strict_parameters = True
tg.ignore_parameters = ["_csrf_token"]
# Periodic jobs
jobs = 'cache_release_data'
# FAS2
#sqlalchemy.dburi="sqlite:///"
fas.url = 'https://admin.fedoraproject.org/accounts/'
identity.provider='jsonfas2'
identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity"
visit.manager="jsonfas2"
visit.saprovider.model="fedora.accounts.tgfas.Visit"
visit.cookie.secure = True
visit.cookie.httponly = True
# Our identity that we use to fetch bugzilla details and such
bodhi_password='<%= bodhiBugzillaPassword %>'
bodhi_email = 'updates@fedoraproject.org'
security_team = 'security_respons-members@fedoraproject.org'
release_team_address = 'bodhiadmin-members@fedoraproject.org'
fedora_announce_list = 'package-announce@lists.fedoraproject.org'
fedora_test_announce_list = 'test@lists.fedoraproject.org'
mashed_dir = '/mnt/koji/mash/updates'
# TurboMail 3.0 settings
<% if environment == "staging" %>
mail.on = False
<% else %>
mail.on = True
<% end %>
mail.transport = 'smtp'
mail.smtp.server = 'bastion'
# The 'utf-8-qp' encoding causes problems with TurboMail 3.x
# https://fedorahosted.org/bodhi/ticket/648
mail.message.encoding = 'utf-8'
notice_sender = 'updates@fedoraproject.org'
#bz_server = 'https://bzprx.vip.phx.redhat.com/xmlrpc.cgi'
bz_server = 'https://bugzilla.redhat.com/xmlrpc.cgi'
bz_cookie = '/var/tmp/bodhi-bz.cookie'
bz_products = 'Fedora,Fedora EPEL,oVirt'
build_dir = '/mnt/koji/packages'
<% if environment == "staging" %>
base_address = 'https://admin.stg.fedoraproject.org'
<% else %>
base_address = 'https://admin.fedoraproject.org'
<% end %>
acl_system = 'pkgdb'
<% if environment == "staging" %>
pkgdb_url = 'http://localhost/pkgdb'
<% else %>
pkgdb_url = 'https://admin.fedoraproject.org/pkgdb'
<% end %>
<% if environment == "staging" %>
buildsystem = 'dev'
<% else %>
buildsystem = 'koji'
<% end %>
client_cert = '/etc/pki/bodhi/bodhi.pem'
clientca_cert = '/etc/pki/bodhi/fedora-upload-ca.cert'
serverca_cert = '/etc/pki/bodhi/fedora-server-ca.cert'
[logging]
[[handlers]]
[[[debug_out]]]
class='TimedRotatingFileHandler'
args="('/var/log/bodhi/server.log', 'D', 7)"
level='DEBUG'
formatter='full_content'
[[[access_out]]]
class='TimedRotatingFileHandler'
level='INFO'
args="('/var/log/bodhi/access.log', 'D', 7)"
formatter='message_only'
[[[error_out]]]
class='TimedRotatingFileHandler'
args="('/var/log/bodhi/server.log', 'D', 7)"
level='ERROR'
formatter='full_content'
[[loggers]]
[[[bodhi]]]
level='DEBUG'
qualname='bodhi'
handlers=['debug_out']
propagate=0
[[[allinfo]]]
level='INFO'
handlers=['debug_out']
propagate=0
#[[[access]]]
#level='INFO'
#qualname='turbogears.access'
#handlers=['debug_out']
[[[turbomail]]]
level='INFO'
qualname='turbomail'
handlers=['debug_out']
[[[urllib3]]]
level='WARN'
qualname='urllib3'
handlers=['debug_out']

14
roles/bodhi2/backend/templates/mash.conf Normal file
View file

@ -0,0 +1,14 @@
[defaults]
{% if environment == 'staging' %}
buildhost = http://koji.stg.fedoraproject.org/kojihub
{% else %}
buildhost = http://koji.fedoraproject.org/kojihub
{% endif %}
symlink = False
configdir = /etc/bodhi/
repodir = /mnt/koji
fork = True
use_sqlite = True
strict_keys = True
max_delta_rpm_size = 1500000000

202
roles/bodhi2/backend/templates/owner-sync-pkgdb.j2 Executable file
View file

@ -0,0 +1,202 @@
#!/usr/bin/python2
# cronjobs are run on releng01.stg
# Looks like:
# /usr/local/bin/owner-sync-pkgdb f19
# /usr/local/bin/owner-sync-pkgdb dist-5E-epel
# /usr/local/bin/owner-sync-pkgdb dist-6E-epel
# /usr/local/bin/owner-sync-pkgdb epel7
import sys
import os
import ConfigParser
from urlparse import urljoin
import requests
DEBUG=False
VERIFY=True
{% if env == 'staging' %}
BASEURL = os.environ.get('PACKAGEDBURL') or 'https://admin.stg.fedoraproject.org/pkgdb/'
{% else %}
BASEURL = os.environ.get('PACKAGEDBURL') or 'https://admin.fedoraproject.org/pkgdb/'
{% endif %}
if not BASEURL.endswith('/'):
BASEURL = BASEURL + '/'
# Why do we have this? Seems insecure....
sys.path.append('.')
try:
import koji
except:
import brew as koji
extraArchList = {'kernel': ('i586', 'i686', 'noarch'),
'kernel-xen-2.6': ('i586', 'i686', 'noarch'),
'glibc': ('i686',),
'openssl': ('i686',),
'em8300-kmod': ('i586', 'i686'),
'sysprof-kmod': ('i586', 'i686'),
}
def usage():
print "Usage: owner-sync <tag>"
print " <tag>: tag to synchronize owners for"
sys.exit(1)
def get_options():
# shamelessly stolen from koji CLI
opts = {
{% if env == 'staging' %}
'server': 'http://koji.stg.fedoraproject.org/kojihub',
'weburl': 'http://koji.stg.fedoraproject.org/koji',
{% else %}
'server': 'http://koji.fedoraproject.org/kojihub',
'weburl': 'http://koji.fedoraproject.org/koji',
{% endif %}
'cert': '/etc/pki/pkgdb/pkgdb.pem',
'ca': '/etc/pki/pkgdb/fedora-server-ca.cert',
'serverca': '/etc/pki/pkgdb/fedora-server-ca.cert'
}
for configFile in ('/etc/koji.conf', os.path.expanduser('~/.koji/config')):
if os.access(configFile, os.F_OK):
f = open(configFile)
config = ConfigParser.ConfigParser()
config.readfp(f)
f.close()
if config.has_section('koji'):
for name, value in config.items('koji'):
if opts.has_key(name):
opts[name] = value
for entry in opts.keys():
if entry == 'server' or entry == 'weburl':
pass
opts[entry] = os.path.expanduser(opts[entry])
return opts
if __name__ == '__main__':
try:
tag=sys.argv[1]
except:
print "ERROR: no tag specified!\n"
usage()
if tag.endswith('epel') or tag.startswith('epel'):
if tag.startswith('epel'):
version = tag.split('epel')[1]
else:
version = tag.split('-')[1][:-1]
data = requests.get(urljoin(BASEURL, 'api/collections'), verify=VERIFY).json()
branch_names = set()
for collection in (c for c in data['collections'] if c['status'] != 'EOL'):
### TODO: check with pingou that this is now returning the same
# format as the collection names in api/vcs
# By moving the data from gitbranchname into branchname, I think
# that the data will now match
branch_names.add(collection['branchname'])
if tag.startswith('epel'):
# Ex: epel7 => epel7
reponame = tag
else:
# Ex: dist-6E-epel => el6
reponame = 'el%s' % version
if reponame not in branch_names:
print 'tag %s => repo %s: does not seem to be a non-EOL branch' % (tag, reponame)
sys.exit(1)
# EPEL needs a separate entry in koji for each epel version
data = requests.get(urljoin(BASEURL, 'api/vcs?format=json'), verify=VERIFY).json()
acls = data['packageAcls']
pkgs = {}
for pkg_name in acls:
try:
owners = acls[pkg_name][reponame]
except KeyError:
# Package is not branched for this release
continue
if len(owners['commit']['people']):
# Arbitrarily take the first committer listed as the owner in
# koji
pkgs[pkg_name] = owners['commit']['people'][0]
else:
pkgs[pkg_name] = 'orphan'
pkgList = pkgs.keys()
BuildEPEL = True
arches = ["primary"]
else:
# Fedora only needs one entry per package for all Fedora releases
# Use the owner from bugzilla for simplicity
data = requests.get(urljoin(BASEURL, 'api/bugzilla?format=json'), verify=VERIFY).json()
acls = data['bugzillaAcls']
pkgList = acls['Fedora'].keys()
pkgs = {}
for pkg in acls['Fedora']:
owner = acls['Fedora'][pkg]['owner']
owner = owner.replace('group::', '').replace('@', '')
pkgs[pkg] = owner
#pkgs = dict(((p, acls['Fedora'][p]['owner']) for p in acls['Fedora']))
BuildEPEL = False
{% if env == 'staging' %}
arches = ["primary"]
{% else %}
arches = ["primary", "arm", "ppc", "s390"]
{% endif %}
pkgList.sort()
options = get_options()
for arch in arches:
if arch == "primary":
{% if env == 'staging' %}
session = koji.ClientSession("http://koji.stg.fedoraproject.org/kojihub")
{% else %}
session = koji.ClientSession("http://koji.fedoraproject.org/kojihub")
{% endif %}
else:
session = koji.ClientSession("http://%s.koji.fedoraproject.org/kojihub" % arch)
try:
session.ssl_login(options['cert'], options['ca'], options['serverca'])
except:
print "Unable to sync to %s hub" % arch
continue
kojitag = session.getTag(tag)
if kojitag is None:
print "ERROR: tag %s does not exist!\n" % (tag)
usage()
kojipkgs = {}
kojiusers = [user['name'] for user in session.listUsers()]
for p in session.listPackages(tagID=tag, inherited = True):
kojipkgs[p['package_name']] = p
for pkg in pkgList:
owner = pkgs[pkg]
if DEBUG:
print '[DEBUG] Package: %s, Owner: %s' % (pkg, owner)
if not owner in kojiusers:
# add the user first
if DEBUG:
print "Adding user %s" % owner
else:
session.createUser(owner)
kojiusers.append(owner)
if not kojipkgs.has_key(pkg):
if DEBUG:
print "Adding package %s for %s with owner %s" % (pkg, tag, owner)
else:
extraArches = None
if pkg in extraArchList:
extraArches = extraArchList[pkg]
session.packageListAdd(tag, pkg, owner = owner, extra_arches=extraArches)
elif kojipkgs[pkg]['owner_name'] != owner:
if DEBUG:
print "Setting owner for %s in %s to %s" % (pkg, tag, owner)
else:
session.packageListSetOwner(tag, pkg, owner, force = True)

138
roles/bodhi2/base/tasks/main.yml Normal file
View file

@ -0,0 +1,138 @@
---
# tasklist for setting up bodhi
# This is the base set of files needed for bodhi
- name: install needed packages
yum: pkg={{ item }} state=present
with_items:
- bodhi-server
tags:
- packages
- bodhi
- name: setup /etc/bodhi/ directory
file: path=/etc/bodhi owner=root group=root mode=0755 state=directory
tags:
- config
- bodhi
- name: setup basic /etc/bodhi/ contents
template: >
src="staging.ini.j2"
dest="/etc/bodhi/production.ini"
owner=bodhi
group=bodhi
mode=0600
when: inventory_hostname.startswith('bodhi0') and env == 'staging'
notify:
- restart httpd
tags:
- config
- bodhi
- name: setup basic /etc/bodhi/ contents
template: >
src="production.ini.j2"
dest="/etc/bodhi/production.ini"
owner=bodhi
group=bodhi
mode=0600
when: inventory_hostname.startswith('bodhi0') and env == 'production'
notify:
- restart httpd
tags:
- config
- bodhi
- name: setup basic /etc/httpd/conf.d/ bodhi contents
copy: >
src="bodhi-app.conf"
dest="/etc/httpd/conf.d/bodhi.conf"
owner=root
group=root
mode=0644
when: inventory_hostname.startswith('bodhi0')
notify:
- restart httpd
tags:
- config
- bodhi
- name: setup /etc/pki/bodhi directory
file: path=/etc/pki/bodhi owner=root group=root mode=0755 state=directory
tags:
- config
- bodhi
- name: install bodhi.pem file
copy: >
src="{{ puppet_private }}/bodhi_key_and_cert.pem"
dest="/etc/pki/bodhi/bodhi.pem"
owner=bodhi
group=bodhi
mode=0400
when: inventory_hostname.startswith('bodhi0')
tags:
- config
- bodhi
- name: install bodhi certificates
copy: >
src="{{ puppet_private }}/fedora-ca.cert"
dest="/etc/pki/bodhi/{{ item }}"
owner=root
group=root
mode=0644
with_items:
- fedora-server-ca.cert
- fedora-upload-ca.cert
tags:
- config
- bodhi
#- name: setup /var/log/bodhi directory
# file: path=/var/log/bodhi owner=bodhi group=bodhi mode=0755 state=directory
# when: inventory_hostname.startswith('bodhi0')
# tags:
# - config
# - bodhi
- name: check the selinux context of the bugzilla cookie
command: matchpathcon /var/tmp/bodhi-bz.cookie
register: cookiecontext
always_run: yes
changed_when: "1 != 1"
tags:
- config
- bodhi
- selinux
- name: set the SELinux policy for the bugzilla cookie
command: semanage fcontext -a -t httpd_tmp_t "/var/tmp/bodhi-bz.cookie"
when: cookiecontext.stdout.find('httpd_tmp_t') == -1
tags:
- config
- bodhi
- selinux
- name: enable httpd_tmp_exec SELinux boolean
seboolean: name=httpd_tmp_exec state=yes persistent=yes
tags:
- config
- bodhi
- selinux
- name: enable httpd_can_network_connect_db SELinux boolean
seboolean: name=httpd_can_network_connect_db state=yes persistent=yes
tags:
- config
- bodhi
- selinux
- name: enable httpd_can_network_connect SELinux boolean
seboolean: name=httpd_can_network_connect state=yes persistent=yes
tags:
- config
- bodhi
- selinux

442
roles/bodhi2/base/templates/production.ini.j2 Normal file
View file

@ -0,0 +1,442 @@
[app:main]
use = egg:bodhi
##
## Messages
##
# A notice to flash on the front page
frontpage_notice =
# A notice to flash on the New Update page
newupdate_notice =
testing_approval_msg = This update has reached %d days in testing and can be pushed to stable now if the maintainer wishes
not_yet_tested_msg = This update has not yet met the minimum testing requirements defined in the <a href="https://fedoraproject.org/wiki/Package_update_acceptance_criteria">Package Update Acceptance Criteria</a>
stablekarma_comment = This update has reached the stable karma threshold and will be pushed to the stable updates repository
# Libravatar - If this is true libravatar will work as normal. Otherwise, all
# libravatar links will be replaced with the string "libravatar.org" so that
# the tests can still pass.
libravatar_enabled = True
# Set this to true if you want to do federated dns libravatar lookup
libravatar_dns = False
# Set this to True in order to send fedmsg messages.
#fedmsg_enabled = True
# Captcha - if 'captcha.secret' is not None, then it will be used for comments
# captcha.secret must be 32 url-safe base64-encoded bytes
# you can generate afresh with >>> cryptography.fernet.Fernet.generate_key()
captcha.secret = CHANGEME
# Dimensions
captcha.image_width = 300
captcha.image_height = 80
# Any truetype font will do.
# This font lives in pcaro-hermit-fonts package
captcha.font_path = /usr/share/fonts/pcaro-hermit/Hermit-medium.otf
captcha.font_size = 36
# Colors
captcha.font_color = #000000
captcha.background_color = #ffffff
# In pixels
captcha.padding = 5
# If a captcha sits around for this many seconds, it will stop working.
captcha.ttl = 300
#datagrepper_url = http://localhost:5000
datagrepper_url = https://apps.fedoraproject.org/datagrepper
badge_ids = binary-star|both-bull-and-self-transcended-tester-viii|catching-the-bull-tester-iv|corporate-drone|corporate-overlord|corporate-shill|discovery-of-the-footprints-tester-ii|in-search-of-the-bull-tester-i|is-this-thing-on-updates-testing-i|is-this-thing-on-updates-testing-ii|is-this-thing-on-updates-testing-iii|is-this-thing-on-updates-testing-iv|it-still-works!|like-a-rock-updates-stable-i|like-a-rock-updates-stable-ii|like-a-rock-updates-stable-iii|like-a-rock-updates-stable-iv|mic-check!-updates-testing-v|missed-the-train|override,-you-say|perceiving-the-bull-tester-iii|reaching-the-source-tester-ix|return-to-society-tester-x|riding-the-bull-home-tester-vi|stop-that-update!|take-this-and-call-me-in-the-morning|taming-the-bull-tester-v|tectonic!-updates-stable-v|the-bull-transcended-tester-vii|what-goes-around-comes-around-karma-i|what-goes-around-comes-around-karma-ii|what-goes-around-comes-around-karma-iii|what-goes-around-comes-around-karma-iv|white-hat|you-can-pry-it-from-my-cold,-dead-hands
##
## Wiki Test Cases
##
## Query the wiki for test cases
query_wiki_test_cases = False
wiki_url = https://fedoraproject.org/w/api.php
test_case_base_url = https://fedoraproject.org/wiki/
# Email domain to prepend usernames to
default_email_domain = fedoraproject.org
# domain for generated message IDs
message_id_email_domain = admin.fedoraproject.org
##
## Mash settings
##
# If defined, the bodhi masher will ensure that messages are signed with the given cert
#releng_fedmsg_certname = releng-releng04.phx2.fedoraproject.org
# The masher is a bodhi instance that is responsible for composing the update
# repositories, regenerating metrics, sending update notices, closing bugs,
# and other costly operations. To set an external masher, set the masher to
# the baseurl of the bodhi instance. If set to None, this bodhi instance
# will act as a masher as well.
#masher = None
# Where to initially mash repositories
mash_dir = %(here)s/masher/mash/
# Where to symlink the latest repos by their tag name
mash_stage_dir = %(here)s/masher/
mash_conf = /etc/mash/mash.conf
createrepo_cache_dir = /var/cache/createrepo
## Our periodic jobs
#jobs = clean_repo nagmail fix_bug_titles cache_release_data approve_testing_updates
jobs = cache_release_data refresh_metrics approve_testing_updates
## Comps configuration
comps_dir = /usr/share/bodhi/
comps_url = git://git.fedorahosted.org/comps.git
##
## Mirror settings
##
file_url = http://download.fedoraproject.org/pub/fedora/linux/updates
master_repomd = http://download.fedora.redhat.com/pub/fedora/linux/updates/%d/i386/repodata/repomd.xml
fedora_master_repomd = http://download.fedora.redhat.com/pub/fedora/linux/updates/%d/i386/repodata/repomd.xml
fedora_epel_master_repomd = http://download.fedora.redhat.com/pub/epel/%d/i386/repodata/repomd.xml
## The base url of this application
base_address = https://admin.fedoraproject.org/updates/
## Supported update types
update_types = bugfix enhancement security newpackage
## Supported architechures
##
## To handle arch name changes between releases, you
## can also configure bodhi to support one arch *or*
## another. For example, EPEL5 mashes produce 'ppc'
## repos, where EPEL6 produces 'ppc64'. To handle this
## scenario, you can specify something like:
##
## arches = ppc/ppc64
##
arches = i386 x86_64 armhfp
##
## Email setting
##
smtp_server = bastion
# The updates system itself. This email address is used in fetching Bugzilla
# information, as well as email notifications
bodhi_email = updates@fedoraproject.org
#bodhi_password =
# The address that gets the requests
release_team_address = bodhiadmin-members@fedoraproject.org
# The address to notify when security updates are initially added to bodhi
security_team = security_respons-members@fedoraproject.org
# Public announcement lists
fedora_announce_list = package-announce@lists.fedoraproject.org
fedora_test_announce_list = test@lists.fedoraproject.org
fedora_epel_announce_list = epel-package-announce@lists.fedoraproject.org
fedora_epel_test_announce_list = epel-devel@lists.fedoraproject.org
# Superuser groups
admin_groups = proventesters security_respons bodhiadmin sysadmin-main
# Users that we don't want to show up in the "leaderboard(s)"
stats_blacklist = bodhi anonymous autoqa
# A list of non-person users
system_users = bodhi autoqa
# The max length for an update title before we truncate it in the web ui
max_update_length_for_ui = 70
# The number of days used for calculating the 'top testers' metric
top_testers_timeframe = 900
# The email address of the proventesters
proventesters_email = proventesters-members@fedoraproject.org
# These are the default requirements that we apply to stacks, packages, and
# updates. Users have free-reign to override them for each kind of entity. At
# the end of the day, we only consider the requirements defined by single
# updates themselves when gating in the backend masher process.
site_requirements = depcheck upgradepath
## Some day we'll have rpmgrill, and that will be cool. Ask tflink.
#site_requirements = depcheck upgradepath rpmgrill
# Where do we send update announcements to ?
# These variables should be named per: Release.prefix_id.lower()_announce_list
#fedora_announce_list =
#fedora_test_announce_list =
#fedora_epel_announce_list =
#fedora_epel_test_announce_list =
# Cache settings
dogpile.cache.backend = dogpile.cache.dbm
dogpile.cache.expiration_time = 100
dogpile.cache.arguments.filename = /var/cache/bodhi-dogpile-cache.dbm
# Exclude sending emails to these users
exclude_mail = autoqa
##
## Buildsystem settings
##
# What buildsystem do we want to use? For development, we'll use a fake
# buildsystem that always does what we tell it to do. For production, we'll
# want to use 'koji'.
buildsystem = dev
# Koji's XML-RPC hub
koji_hub = https://koji.stg.fedoraproject.org/kojihub
# Root url of the Koji instance to point to. No trailing slash
koji_url = http://koji.stg.fedoraproject.org
# URL of where users should go to set up their notifications
fmn_url = https://apps.fedoraproject.org/notifications/
# URL of the resultsdb for integrating checks and stuff
resultsdb_url = https://taskotron.fedoraproject.org/resultsdb/
resultsdb_api_url = https://taskotron.fedoraproject.org/resultsdb_api/
# Koji certs
#client_cert =
#clientca_cert =
#serverca_cert =
##
## ACL system
## Choices are 'pkgdb', which will send a JSON query to the pkgdb_url below,
## or 'dummy', which will always return guest credentials (used for local
## development).
##
acl_system = dummy
##
## Package DB
##
pkgdb_url = https://admin.fedoraproject.org/pkgdb
# We used to get our package tags from pkgdb, but they come from tagger now.
# https://github.com/fedora-infra/fedora-tagger/pull/74
#pkgtags_url = https://apps.fedoraproject.org/tagger/api/v1/tag/sqlitebuildtags/
##
## Bug tracker settings
##
#bugtracker = bugzilla
initial_bug_msg = %s has been submitted as an update to %s. %s
stable_bug_msg = %s has been pushed to the %s repository. If problems still persist, please make note of it in this bug report.
testing_bug_msg = \nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update %s'. You can provide feedback for this update here: %s
##
## Bugzilla settings.
##
# The username/password for our bugzilla account comes
# from the bodhi_{email,password} fields.
bz_server = https://bugzilla.redhat.com/xmlrpc.cgi
#bz_cookie =
# Bodhi will avoid touching bugs that are not against the following products
bz_products = Fedora,Fedora EPEL
buglink = https://bugzilla.redhat.com/show_bug.cgi?id=%s
##
## Packages that should suggest a reboot
##
reboot_pkgs = kernel kernel-smp kernel-xen-hypervisor kernel-PAE kernel-xen0 kernel-xenU kernel-xen kernel-xen-guest glibc hal dbus
##
## Critical Path Packages
## https://fedoraproject.org/wiki/Critical_path_package
##
# Enable this to query the Fedora Package Database for the list of Critical
# Path Packages. If disabled, it'll just use the hardcoded list below.
#critpath.type = pkgdb
# You can hardcode a list of critical path packages instead of using the PackageDB
critpath_pkgs = kernel
# The number of admin approvals it takes to be able to push a critical path
# update to stable for a pending release.
critpath.num_admin_approvals = 0
# The net karma required to submit a critial path update to a pending release)
critpath.min_karma = 2
# Allow critpath to submit for stable after 2 weeks with no negative karma
critpath.stable_after_days_without_negative_karma = 14
# The minimum amount of time an update must spend in testing before
# it can reach the stable repository
fedora.mandatory_days_in_testing = 7
fedora_epel.mandatory_days_in_testing = 14
##
## Release status
##
# Pre-beta enforces the Pre Beta policy defined here:
# https://fedoraproject.org/wiki/Updates_Policy
#f15.status = 'pre_beta'
#f15.pre_beta.mandatory_days_in_testing = 3
#f15.pre_beta.critpath.num_admin_approvals = 0
#f15.pre_beta.critpath.min_karma = 1
# For test cases.
f7.status = post_beta
f7.post_beta.mandatory_days_in_testing = 7
f7.post_beta.critpath.num_admin_approvals = 0
f7.post_beta.critpath.min_karma = 2
# The number of days worth of updates/comments to display
feeds.num_days_to_show = 7
feeds.max_entries = 20
##
## Buildroot Override
##
# Number of days before expiring overrides
buildroot_overrides.expire_after = 1
##
## Groups
##
# FAS Groups that we want to pay attention to
# When a user logs in, bodhi will look for any of these groups and associate #
# them with the user. They will then appear as the users effective principals in
# the format "group:groupname" and can be used in Pyramid ACE's.
important_groups = proventesters provenpackager releng security_respons packager bodhiadmin
# Groups that can push updates for any package
admin_packager_groups = provenpackager releng security_respons
# User must be a member of this group to submit updates
mandatory_packager_groups = packager
##
## updateinfo.xml configuraiton
##
updateinfo_rights = Copyright (C) 2015 Red Hat, Inc. and others.
##
## Authentication & Authorization
##
# pyramid.openid
openid.success_callback = bodhi.security:remember_me
openid.provider = https://id.fedoraproject.org/openid/
openid_template = {username}.id.fedoraproject.org
##
## Pyramid settings
##
pyramid.reload_templates = true
pyramid.debug_authorization = true
pyramid.debug_notfound = true
pyramid.debug_routematch = true
pyramid.default_locale_name = en
pyramid.includes =
pyramid_tm
debugtoolbar.hosts = 127.0.0.1 ::1
##
## Database
##
# XXX - you should really change this to postgres
sqlalchemy.url = sqlite:////var/cache/bodhi.db
##
## Templates
##
mako.directories = bodhi:templates
##
## Authentication & Sessions
##
# CHANGE THESE IN PRODUCTION!
authtkt.secret = changethisinproduction!
session.secret = ChangeThisSecret!!1
authtkt.secure = false
# pyramid_beaker
session.type = file
session.data_dir = %(here)s/data/sessions/data
session.lock_dir = %(here)s/data/sessions/lock
session.key = mykey
session.cookie_on_exception = true
cache.regions = default_term, second, short_term, long_term
cache.type = memory
cache.second.expire = 1
cache.short_term.expire = 60
cache.default_term.expire = 300
cache.long_term.expire = 3600
[server:main]
use = egg:waitress#main
host = 0.0.0.0
port = 6543
[pshell]
m = bodhi.models
db = bodhi.models.DBSession
t = transaction
# Begin logging configuration
[loggers]
keys = root, bodhi, sqlalchemy
[handlers]
keys = console
[formatters]
keys = generic
[logger_root]
level = INFO
handlers = console
[logger_bodhi]
level = DEBUG
handlers =
qualname = bodhi
[logger_sqlalchemy]
level = INFO
handlers =
qualname = sqlalchemy.engine
# "level = INFO" logs SQL queries.
# "level = DEBUG" logs SQL queries and results.
# "level = WARN" logs neither. (Recommended for production systems.)
[handler_console]
class = StreamHandler
args = (sys.stderr,)
level = NOTSET
formatter = generic
[formatter_generic]
format = %(asctime)s %(levelname)-5.5s [%(name)s][%(threadName)s] %(message)s
# End logging configuration

442
roles/bodhi2/base/templates/staging.ini.j2 Normal file
View file

@ -0,0 +1,442 @@
[app:main]
use = egg:bodhi
##
## Messages
##
# A notice to flash on the front page
frontpage_notice =
# A notice to flash on the New Update page
newupdate_notice =
testing_approval_msg = This update has reached %d days in testing and can be pushed to stable now if the maintainer wishes
not_yet_tested_msg = This update has not yet met the minimum testing requirements defined in the <a href="https://fedoraproject.org/wiki/Package_update_acceptance_criteria">Package Update Acceptance Criteria</a>
stablekarma_comment = This update has reached the stable karma threshold and will be pushed to the stable updates repository
# Libravatar - If this is true libravatar will work as normal. Otherwise, all
# libravatar links will be replaced with the string "libravatar.org" so that
# the tests can still pass.
libravatar_enabled = True
# Set this to true if you want to do federated dns libravatar lookup
libravatar_dns = False
# Set this to True in order to send fedmsg messages.
#fedmsg_enabled = True
# Captcha - if 'captcha.secret' is not None, then it will be used for comments
# captcha.secret must be 32 url-safe base64-encoded bytes
# you can generate afresh with >>> cryptography.fernet.Fernet.generate_key()
captcha.secret = CHANGEME
# Dimensions
captcha.image_width = 300
captcha.image_height = 80
# Any truetype font will do.
# This font lives in pcaro-hermit-fonts package
captcha.font_path = /usr/share/fonts/pcaro-hermit/Hermit-medium.otf
captcha.font_size = 36
# Colors
captcha.font_color = #000000
captcha.background_color = #ffffff
# In pixels
captcha.padding = 5
# If a captcha sits around for this many seconds, it will stop working.
captcha.ttl = 300
#datagrepper_url = http://localhost:5000
datagrepper_url = https://apps.stg.fedoraproject.org/datagrepper
badge_ids = binary-star|both-bull-and-self-transcended-tester-viii|catching-the-bull-tester-iv|corporate-drone|corporate-overlord|corporate-shill|discovery-of-the-footprints-tester-ii|in-search-of-the-bull-tester-i|is-this-thing-on-updates-testing-i|is-this-thing-on-updates-testing-ii|is-this-thing-on-updates-testing-iii|is-this-thing-on-updates-testing-iv|it-still-works!|like-a-rock-updates-stable-i|like-a-rock-updates-stable-ii|like-a-rock-updates-stable-iii|like-a-rock-updates-stable-iv|mic-check!-updates-testing-v|missed-the-train|override,-you-say|perceiving-the-bull-tester-iii|reaching-the-source-tester-ix|return-to-society-tester-x|riding-the-bull-home-tester-vi|stop-that-update!|take-this-and-call-me-in-the-morning|taming-the-bull-tester-v|tectonic!-updates-stable-v|the-bull-transcended-tester-vii|what-goes-around-comes-around-karma-i|what-goes-around-comes-around-karma-ii|what-goes-around-comes-around-karma-iii|what-goes-around-comes-around-karma-iv|white-hat|you-can-pry-it-from-my-cold,-dead-hands
##
## Wiki Test Cases
##
## Query the wiki for test cases
query_wiki_test_cases = False
wiki_url = https://fedoraproject.org/w/api.php
test_case_base_url = https://fedoraproject.org/wiki/
# Email domain to prepend usernames to
default_email_domain = fedoraproject.org
# domain for generated message IDs
message_id_email_domain = admin.stg.fedoraproject.org
##
## Mash settings
##
# If defined, the bodhi masher will ensure that messages are signed with the given cert
#releng_fedmsg_certname = releng-releng04.phx2.fedoraproject.org
# The masher is a bodhi instance that is responsible for composing the update
# repositories, regenerating metrics, sending update notices, closing bugs,
# and other costly operations. To set an external masher, set the masher to
# the baseurl of the bodhi instance. If set to None, this bodhi instance
# will act as a masher as well.
#masher = None
# Where to initially mash repositories
mash_dir = %(here)s/masher/mash/
# Where to symlink the latest repos by their tag name
mash_stage_dir = %(here)s/masher/
mash_conf = /etc/mash/mash.conf
createrepo_cache_dir = /var/cache/createrepo
## Our periodic jobs
#jobs = clean_repo nagmail fix_bug_titles cache_release_data approve_testing_updates
jobs = cache_release_data refresh_metrics approve_testing_updates
## Comps configuration
comps_dir = /usr/share/bodhi/
comps_url = git://git.fedorahosted.org/comps.git
##
## Mirror settings
##
file_url = http://download.fedoraproject.org/pub/fedora/linux/updates
master_repomd = http://download.fedora.redhat.com/pub/fedora/linux/updates/%d/i386/repodata/repomd.xml
fedora_master_repomd = http://download.fedora.redhat.com/pub/fedora/linux/updates/%d/i386/repodata/repomd.xml
fedora_epel_master_repomd = http://download.fedora.redhat.com/pub/epel/%d/i386/repodata/repomd.xml
## The base url of this application
base_address = https://admin.stg.fedoraproject.org/updates/
## Supported update types
update_types = bugfix enhancement security newpackage
## Supported architechures
##
## To handle arch name changes between releases, you
## can also configure bodhi to support one arch *or*
## another. For example, EPEL5 mashes produce 'ppc'
## repos, where EPEL6 produces 'ppc64'. To handle this
## scenario, you can specify something like:
##
## arches = ppc/ppc64
##
arches = i386 x86_64 armhfp
##
## Email setting
##
smtp_server = bastion
# The updates system itself. This email address is used in fetching Bugzilla
# information, as well as email notifications
bodhi_email = updates@fedoraproject.org
#bodhi_password =
# The address that gets the requests
release_team_address = bodhiadmin-members@fedoraproject.org
# The address to notify when security updates are initially added to bodhi
security_team = security_respons-members@fedoraproject.org
# Public announcement lists
fedora_announce_list = package-announce@lists.fedoraproject.org
fedora_test_announce_list = test@lists.fedoraproject.org
fedora_epel_announce_list = epel-package-announce@lists.fedoraproject.org
fedora_epel_test_announce_list = epel-devel@lists.fedoraproject.org
# Superuser groups
admin_groups = proventesters security_respons bodhiadmin sysadmin-main
# Users that we don't want to show up in the "leaderboard(s)"
stats_blacklist = bodhi anonymous autoqa
# A list of non-person users
system_users = bodhi autoqa
# The max length for an update title before we truncate it in the web ui
max_update_length_for_ui = 70
# The number of days used for calculating the 'top testers' metric
top_testers_timeframe = 900
# The email address of the proventesters
proventesters_email = proventesters-members@fedoraproject.org
# These are the default requirements that we apply to stacks, packages, and
# updates. Users have free-reign to override them for each kind of entity. At
# the end of the day, we only consider the requirements defined by single
# updates themselves when gating in the backend masher process.
site_requirements = depcheck upgradepath
## Some day we'll have rpmgrill, and that will be cool. Ask tflink.
#site_requirements = depcheck upgradepath rpmgrill
# Where do we send update announcements to ?
# These variables should be named per: Release.prefix_id.lower()_announce_list
#fedora_announce_list =
#fedora_test_announce_list =
#fedora_epel_announce_list =
#fedora_epel_test_announce_list =
# Cache settings
dogpile.cache.backend = dogpile.cache.dbm
dogpile.cache.expiration_time = 100
dogpile.cache.arguments.filename = /var/cache/bodhi-dogpile-cache.dbm
# Exclude sending emails to these users
exclude_mail = autoqa
##
## Buildsystem settings
##
# What buildsystem do we want to use? For development, we'll use a fake
# buildsystem that always does what we tell it to do. For production, we'll
# want to use 'koji'.
buildsystem = dev
# Koji's XML-RPC hub
koji_hub = https://koji.stg.fedoraproject.org/kojihub
# Root url of the Koji instance to point to. No trailing slash
koji_url = http://koji.stg.fedoraproject.org
# URL of where users should go to set up their notifications
fmn_url = https://apps.stg.fedoraproject.org/notifications/
# URL of the resultsdb for integrating checks and stuff
resultsdb_url = https://taskotron.stg.fedoraproject.org/resultsdb/
resultsdb_api_url = https://taskotron.stg.fedoraproject.org/resultsdb_api/
# Koji certs
#client_cert =
#clientca_cert =
#serverca_cert =
##
## ACL system
## Choices are 'pkgdb', which will send a JSON query to the pkgdb_url below,
## or 'dummy', which will always return guest credentials (used for local
## development).
##
acl_system = dummy
##
## Package DB
##
pkgdb_url = https://admin.stg.fedoraproject.org/pkgdb
# We used to get our package tags from pkgdb, but they come from tagger now.
# https://github.com/fedora-infra/fedora-tagger/pull/74
#pkgtags_url = https://apps.fedoraproject.org/tagger/api/v1/tag/sqlitebuildtags/
##
## Bug tracker settings
##
#bugtracker = bugzilla
initial_bug_msg = %s has been submitted as an update to %s. %s
stable_bug_msg = %s has been pushed to the %s repository. If problems still persist, please make note of it in this bug report.
testing_bug_msg = \nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update %s'. You can provide feedback for this update here: %s
##
## Bugzilla settings.
##
# The username/password for our bugzilla account comes
# from the bodhi_{email,password} fields.
bz_server = https://partner-bugzilla.redhat.com/xmlrpc.cgi
#bz_cookie =
# Bodhi will avoid touching bugs that are not against the following products
bz_products = Fedora,Fedora EPEL
buglink = https://partner-bugzilla.redhat.com/show_bug.cgi?id=%s
##
## Packages that should suggest a reboot
##
reboot_pkgs = kernel kernel-smp kernel-xen-hypervisor kernel-PAE kernel-xen0 kernel-xenU kernel-xen kernel-xen-guest glibc hal dbus
##
## Critical Path Packages
## https://fedoraproject.org/wiki/Critical_path_package
##
# Enable this to query the Fedora Package Database for the list of Critical
# Path Packages. If disabled, it'll just use the hardcoded list below.
#critpath.type = pkgdb
# You can hardcode a list of critical path packages instead of using the PackageDB
critpath_pkgs = kernel
# The number of admin approvals it takes to be able to push a critical path
# update to stable for a pending release.
critpath.num_admin_approvals = 0
# The net karma required to submit a critial path update to a pending release)
critpath.min_karma = 2
# Allow critpath to submit for stable after 2 weeks with no negative karma
critpath.stable_after_days_without_negative_karma = 14
# The minimum amount of time an update must spend in testing before
# it can reach the stable repository
fedora.mandatory_days_in_testing = 7
fedora_epel.mandatory_days_in_testing = 14
##
## Release status
##
# Pre-beta enforces the Pre Beta policy defined here:
# https://fedoraproject.org/wiki/Updates_Policy
#f15.status = 'pre_beta'
#f15.pre_beta.mandatory_days_in_testing = 3
#f15.pre_beta.critpath.num_admin_approvals = 0
#f15.pre_beta.critpath.min_karma = 1
# For test cases.
f7.status = post_beta
f7.post_beta.mandatory_days_in_testing = 7
f7.post_beta.critpath.num_admin_approvals = 0
f7.post_beta.critpath.min_karma = 2
# The number of days worth of updates/comments to display
feeds.num_days_to_show = 7
feeds.max_entries = 20
##
## Buildroot Override
##
# Number of days before expiring overrides
buildroot_overrides.expire_after = 1
##
## Groups
##
# FAS Groups that we want to pay attention to
# When a user logs in, bodhi will look for any of these groups and associate #
# them with the user. They will then appear as the users effective principals in
# the format "group:groupname" and can be used in Pyramid ACE's.
important_groups = proventesters provenpackager releng security_respons packager bodhiadmin
# Groups that can push updates for any package
admin_packager_groups = provenpackager releng security_respons
# User must be a member of this group to submit updates
mandatory_packager_groups = packager
##
## updateinfo.xml configuraiton
##
updateinfo_rights = Copyright (C) 2015 Red Hat, Inc. and others.
##
## Authentication & Authorization
##
# pyramid.openid
openid.success_callback = bodhi.security:remember_me
openid.provider = https://id.stg.fedoraproject.org/openid/
openid_template = {username}.id.fedoraproject.org
##
## Pyramid settings
##
pyramid.reload_templates = true
pyramid.debug_authorization = true
pyramid.debug_notfound = true
pyramid.debug_routematch = true
pyramid.default_locale_name = en
pyramid.includes =
pyramid_tm
debugtoolbar.hosts = 127.0.0.1 ::1
##
## Database
##
# XXX - you should really change this to postgres
sqlalchemy.url = sqlite:////var/cache/bodhi.db
##
## Templates
##
mako.directories = bodhi:templates
##
## Authentication & Sessions
##
# CHANGE THESE IN PRODUCTION!
authtkt.secret = changethisinproduction!
session.secret = ChangeThisSecret!!1
authtkt.secure = false
# pyramid_beaker
session.type = file
session.data_dir = %(here)s/data/sessions/data
session.lock_dir = %(here)s/data/sessions/lock
session.key = mykey
session.cookie_on_exception = true
cache.regions = default_term, second, short_term, long_term
cache.type = memory
cache.second.expire = 1
cache.short_term.expire = 60
cache.default_term.expire = 300
cache.long_term.expire = 3600
[server:main]
use = egg:waitress#main
host = 0.0.0.0
port = 6543
[pshell]
m = bodhi.models
db = bodhi.models.DBSession
t = transaction
# Begin logging configuration
[loggers]
keys = root, bodhi, sqlalchemy
[handlers]
keys = console
[formatters]
keys = generic
[logger_root]
level = INFO
handlers = console
[logger_bodhi]
level = DEBUG
handlers =
qualname = bodhi
[logger_sqlalchemy]
level = INFO
handlers =
qualname = sqlalchemy.engine
# "level = INFO" logs SQL queries.
# "level = DEBUG" logs SQL queries and results.
# "level = WARN" logs neither. (Recommended for production systems.)
[handler_console]
class = StreamHandler
args = (sys.stderr,)
level = NOTSET
formatter = generic
[formatter_generic]
format = %(asctime)s %(levelname)-5.5s [%(name)s][%(threadName)s] %(message)s
# End logging configuration