add libravatar playbooks

inventory/cloud

@@ -57,6 +57,8 @@ java-deptools.fedorainfracloud.org
 simple-koji-ci-dev.fedorainfracloud.org
 simple-koji-ci-prod.fedorainfracloud.org
 lists-dev.fedorainfracloud.org
+libravatar.fedorainfracloud.org
+libravatar-stg.fedorainfracloud.org
 magazine2.fedorainfracloud.org
 ppc64le-test.fedorainfracloud.org
 ppc64-test.fedorainfracloud.org

inventory/host_vars/libravatar-stg.fedorainfracloud.org

@@ -0,0 +1,19 @@
+---
+instance_type: m1.medium
+image: "{{ fedora28_x86_64 }}"
+keypair: fedora-admin-20130801
+security_group: web-80-anywhere-persistent,web-443-anywhere-persistent,ssh-anywhere-persistent,default,all-icmp-persistent
+zone: nova
+hostbase: libravatar-stg-
+public_ip: 209.132.184.139
+root_auth_users: clime
+description: libravatar staging server
+tcp_ports: ['22', '80', '443']
+# volumes: libravatar-data
+volumes: [ {volume_id: 'a000b415-7720-417f-ae07-67c42c22c604', device: '/dev/vdb'} ]
+inventory_tenant: persistent
+# name of machine in OpenStack
+inventory_instance_name: libravatar-stg
+cloud_networks:
+  # persistent-net
+  - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f"

inventory/host_vars/libravatar.fedorainfracloud.org

@@ -0,0 +1,19 @@
+---
+instance_type: ms1.large
+image: "{{ fedora28_x86_64 }}"
+keypair: fedora-admin-20130801
+security_group: web-80-anywhere-persistent,web-443-anywhere-persistent,ssh-anywhere-persistent,default,all-icmp-persistent
+zone: nova
+hostbase: libravatar-
+public_ip: 209.132.184.138
+root_auth_users: clime
+description: libravatar production server
+tcp_ports: ['22', '80', '443']
+# volumes: libravatar-data
+volumes: [ {volume_id: '50141ea0-9d3f-41bd-a78a-f902bb6a99c2', device: '/dev/vdb'} ]
+inventory_tenant: persistent
+# name of machine in OpenStack
+inventory_instance_name: libravatar
+cloud_networks:
+  # persistent-net
+  - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f"

inventory/inventory

@@ -781,6 +781,7 @@ kerneltest01.stg.phx2.fedoraproject.org
 koji01.stg.phx2.fedoraproject.org
 koschei-backend01.stg.phx2.fedoraproject.org
 koschei-web01.stg.phx2.fedoraproject.org
+libravatar-stg.fedorainfracloud.org
 loopabull01.stg.phx2.fedoraproject.org
 mailman01.stg.phx2.fedoraproject.org
 mbs-backend01.stg.phx2.fedoraproject.org
@@ -1198,6 +1199,8 @@ telegram-irc.fedorainfracloud.org
 # Happiness packets
 happinesspackets.fedorainfracloud.org
 happinesspackets-stg.fedorainfracloud.org
+libravatar.fedorainfracloud.org
+libravatar-stg.fedorainfracloud.org
 
 #
 # These are in the new cloud
@@ -1314,6 +1317,12 @@ copr-back-dev
 copr-keygen-dev
 copr-dist-git-dev
 
+[libravatar]
+libravatar.fedorainfracloud.org
+
+[libravatar-stg]
+libravatar-stg.fedorainfracloud.org
+
 [pagure]
 pagure01.fedoraproject.org
 

playbooks/groups/libravatar.yml

@@ -0,0 +1,37 @@
+- name: check/create instance
+  hosts: libravatar-stg:libravatar
+  gather_facts: False
+
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - /srv/private/ansible/vars.yml
+   - /srv/web/infra/ansible/vars/fedora-cloud.yml
+   - /srv/private/ansible/files/openstack/passwords.yml
+
+  tasks:
+  - import_tasks: "{{ tasks_path }}/persistent_cloud.yml"
+
+- name: cloud basic setup
+  hosts: libravatar-stg:libravatar
+  gather_facts: True
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - /srv/private/ansible/vars.yml
+
+  tasks:
+  - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml"
+  - import_tasks: "{{ tasks_path }}/yumrepos.yml"
+
+- name: provision instance
+  hosts: libravatar-stg:libravatar
+  gather_facts: True
+
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - /srv/private/ansible/vars.yml
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  roles:
+   - base
+   - libravatar
+   - { role: letsencrypt, site_name: {{ inventory_hostname }} }

roles/libravatar/files/httpd/welcome.conf

@@ -0,0 +1 @@
+# empty

roles/libravatar/files/pg/pg_hba.conf

@@ -0,0 +1,9 @@
+local libravatar libravatar md5
+host  libravatar libravatar 127.0.0.1/8 md5
+host  libravatar libravatar ::1/128 md5
+local libravatar postgres ident
+
+# TYPE  DATABASE        USER            ADDRESS                 METHOD
+local   all             all                                     peer
+host    all             all             127.0.0.1/32            ident
+host    all             all             ::1/128                 ident

roles/libravatar/handlers/main.yml

@@ -0,0 +1 @@
+- import_tasks: "{{ handlers_path }}/restart_services.yml"

roles/libravatar/tasks/main.yml

@@ -0,0 +1,89 @@
+---
+- import_tasks: "mount_fs.yml"
+
+- name: install prerequisities
+  package: state=present pkg={{ item }}
+  with_items:
+  - "postgresql-server"
+  - "postgresql-contrib"
+  - "python3-psycopg2"
+  - "libselinux-python"
+  - "libsemanage-python"
+  - "python3-virtualenv"
+  - "community-mysql-devel"
+  - "openldap-devel"
+  - "python3-pip"
+  - "gcc"
+  - "git"
+  - "httpd"
+  - "python3-mod_wsgi"
+
+- group: name=www
+- user: name=www group=www
+
+- git:
+    repo: https://git.linux-kernel.at/oliver/ivatar.git
+    dest: /srv/libravatar
+  ignore_errors: yes
+
+- pip:
+    requirements: requirements.txt
+    virtualenv: /srv/data/.virtualenv
+    virtualenv_command: virtualenv-3
+    chdir: /srv/libravatar
+
+- name: copy run-in-venv.sh script
+  copy: src="/srv/data/run-in-venv.sh" dest="/usr/local/bin/run-in-venv.sh" mode=755
+
+- name: 'postgresql host is localhost'
+  lineinfile:
+    dest: '/etc/hosts'
+    line: '127.0.0.1 postgresql'
+    state: 'present'
+  tags:
+  - config
+
+- name: ensure postgresql state
+  service: state=started enabled=yes name={{ item }}
+  with_items:
+  - postgresql
+
+- name: upgrade db to head
+  command: "run-in-venv.sh python3 manage.py migrate"
+  args:
+    chdir: /srv/libravatar
+
+- name: collect static
+  command: "run-in-venv.sh python3 manage.py collectstatic --noinput"
+  args:
+    chdir: /srv/libravatar
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1535689
+- name: Allow execmem for Apache
+  seboolean:
+    name: httpd_execmem
+    state: yes
+    persistent: yes
+
+- name: copy apache files to conf.d (templates)
+  template: src="httpd/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}"
+  with_items:
+  - "libravatar.conf"
+  notify:
+  - reload httpd
+  tags:
+  - config
+
+- name: copy httpd config
+  copy: src="httpd/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}"
+  with_items:
+  - welcome.conf
+  notify:
+  - reload httpd
+  tags:
+  - config
+
+- name: ensure httpd state
+  service: state=started enabled=yes name={{ item }}
+  with_items:
+  - httpd

roles/libravatar/tasks/mount_fs.yml

@@ -0,0 +1,5 @@
+- name: mount up disk
+  mount: name=/srv/data src='LABEL=libravatar-data' fstype=ext4 state=mounted
+
+- name: mount up bind mount for postgresql
+  mount: src=/srv/data/pgsql name=/var/lib/pgsql fstype=auto opts=bind state=mounted

roles/libravatar/templates/httpd/libravatar.conf

@@ -0,0 +1,53 @@
+WSGISocketPrefix /var/run/wsgi
+Alias /robots.txt /var/www/html/robots.txt
+
+<VirtualHost *:80>
+    ServerName {{ inventory_hostname }}
+
+    WSGIPassAuthorization On
+    WSGIDaemonProcess libravatar user=www group=www threads=25 display-name=libravatar maximum-requests=8000 graceful-timeout=20 python-home=/srv/data/.virtualenv python-path=/srv/libravatar
+    WSGIScriptAlias / /srv/data/wsgi.py
+
+    Alias /robots.txt /srv/libravatar/static/robots.txt
+    Alias /favicon.ico /srv/libravatar/static/favicon.ico
+
+    Alias /media/ /srv/libravatar/media/
+    Alias /static/ /srv/libravatar/static/
+
+    <Directory /srv/libravatar/static>
+        Require all granted
+    </Directory>
+
+    <Directory /srv/libravatar/media>
+        Require all granted
+    </Directory>
+
+    <Location />
+        WSGIProcessGroup libravatar
+        Require all granted
+    </Location>
+
+    <Directory /srv/libravatar>
+        WSGIApplicationGroup %{GLOBAL}
+        Require all granted
+    </Directory>
+
+</VirtualHost>
+
+<IfModule mod_status.c>
+    ExtendedStatus On
+
+    <Location /server-status>
+        SetHandler server-status
+        Require all denied
+        Require host localhost .redhat.com
+    </Location>
+</IfModule>
+
+<IfModule mpm_prefork_module>
+    StartServers          8
+    MinSpareServers       8
+    MaxSpareServers       20
+    MaxClients            50
+    MaxRequestsPerChild   10000
+</IfModule>