Make a copy of the packages/ role to mess with in staging.

2015-11-17 15:47:33 +00:00 · 2015-11-17 15:47:33 +00:00 · 927bea9201
commit 927bea9201
parent c5f75b721e
16 changed files with 890 additions and 4 deletions
--- a/playbooks/groups/packages.yml
+++ b/playbooks/groups/packages.yml
@ -10,7 +10,7 @@
  user: root
  gather_facts: True

-  vars_files: 
+  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
@ -85,12 +85,12 @@
  handlers:
  - include: "{{ handlers }}/restart_services.yml"

- name: dole out the service specific config
-  hosts: packages;packages-stg
+- name: dole out the old service specific config
+  hosts: packages
  user: root
  gather_facts: True

-  vars_files: 
+  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
@ -102,3 +102,21 @@

  handlers:
  - include: "{{ handlers }}/restart_services.yml"
+
+- name: dole out the new service specific config to staging
+  hosts: packages-stg
+  user: root
+  gather_facts: True
+
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - "/srv/private/ansible/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  roles:
+  - fedmsg/base
+  - fedmsg/hub
+  - packages3/web
+
+  handlers:
+  - include: "{{ handlers }}/restart_services.yml"
--- a/roles/packages3/bugz.fp.o/files/bugz.conf
+++ b/roles/packages3/bugz.fp.o/files/bugz.conf
@ -0,0 +1,5 @@
+RewriteEngine On
+RewriteMap lowercase int:tolower
+
+RewriteRule ^/(.+) https://apps.fedoraproject.org/packages/$1/bugs/all [R,L]
+RewriteRule ^/$ https://bugzilla.redhat.com/ [R,L]
--- a/roles/packages3/bugz.fp.o/tasks/main.yml
+++ b/roles/packages3/bugz.fp.o/tasks/main.yml
@ -0,0 +1,9 @@
+- copy: >
+    src=bugz.conf dest=/etc/httpd/conf.d/{{website}}/bugz.conf
+    owner=root group=root mode=0644
+  notify:
+  - reload httpd
+  tags:
+  - packages
+  - packages/proxy
+  - packages/bugz.fp.o
--- a/roles/packages3/web/files/cron-flush-pkgs-cache
+++ b/roles/packages3/web/files/cron-flush-pkgs-cache
@ -0,0 +1 @@
+0 2 * * * apache /usr/bin/find /var/cache/fedoracommunity/git.fedoraproject.org -mindepth 1 -maxdepth 1 -type d -exec rm -rf {} \; >> /var/log/fedoracommunity/cron-flush-pkgs-cache.log 2>&1
--- a/roles/packages3/web/files/cron-sync-latest-builds
+++ b/roles/packages3/web/files/cron-sync-latest-builds
@ -0,0 +1 @@
+*/15 * * * * apache /usr/bin/fcomm-index-latest-builds -p /var/cache/fedoracommunity/packages/xapian --koji-url http://koji.fedoraproject.org/kojihub >> /var/log/fedoracommunity/cron-sync-latest-builds.log 2>&1
--- a/roles/packages3/web/files/cron-sync-package-index
+++ b/roles/packages3/web/files/cron-sync-package-index
@ -0,0 +1,2 @@
+0 0 * * * apache /usr/bin/fcomm-index-packages -p /var/cache/fedoracommunity/packages/tmp -y /etc/fedoracommunity/yum-repo.conf --index-db-dest /var/cache/fedoracommunity/packages/xapian --icons-dest /var/cache/fedoracommunity/packages/icons --tagger-url https://apps.fedoraproject.org/tagger/api/v1/tag/export/ --pkgdb-url https://admin.fedoraproject.org/pkgdb >> /var/log/fedoracommunity/cron-sync-package-index.log 2>&1
+
--- a/roles/packages3/web/files/cron-sync-yum
+++ b/roles/packages3/web/files/cron-sync-yum
@ -0,0 +1 @@
+*/15 * * * * apache /usr/local/bin/sync-yum >> /var/log/fedoracommunity/cron-sync-yum.log 2>&1
--- a/roles/packages3/web/files/cron_fcomm_log_rotate
+++ b/roles/packages3/web/files/cron_fcomm_log_rotate
@ -0,0 +1,24 @@
+/var/log/fedoracommunity/cron-sync-latest-builds.log {
+   missingok
+   notifempty
+   rotate 4
+   weekly
+}
+/var/log/fedoracommunity/cron-sync-package-builds.log {
+   missingok
+   notifempty
+   rotate 4
+   weekly
+}
+/var/log/fedoracommunity/cron-sync-yum.log {
+   missingok
+   notifempty
+   rotate 4
+   weekly
+}
+/var/log/fedoracommunity/cron-flush-pkgs-cache.log {
+   missingok
+   notifempty
+   rotate 4
+   weekly
+}
--- a/roles/packages3/web/files/distmappings.py
+++ b/roles/packages3/web/files/distmappings.py
@ -0,0 +1,28 @@
+# Global list of koji tags we care about
+tags = ({'name': 'Rawhide', 'tag': 'f24'},
+
+        {'name': 'Fedora 23', 'tag': 'f23:updates'},
+        {'name': 'Fedora 23', 'tag': 'f23'},
+        {'name': 'Fedora 23 Testing', 'tag': 'f23-updates-testing'},
+
+        {'name': 'Fedora 22', 'tag': 'f22-updates'},
+        {'name': 'Fedora 22', 'tag': 'f22'},
+        {'name': 'Fedora 22 Testing', 'tag': 'f22-updates-testing'},
+
+        {'name': 'Fedora 21', 'tag': 'f21-updates'},
+        {'name': 'Fedora 21', 'tag': 'f21'},
+        {'name': 'Fedora 21 Testing', 'tag': 'f21-updates-testing'},
+
+        {'name': 'EPEL 7', 'tag': 'epel7'},
+        {'name': 'EPEL 7 Testing', 'tag': 'epel7-testing'},
+
+        {'name': 'EPEL 6', 'tag': 'dist-6E-epel'},
+        {'name': 'EPEL 6 Testing', 'tag': 'dist-6E-epel-testing'},
+
+        {'name': 'EPEL 5', 'tag': 'dist-5E-epel'},
+        {'name': 'EPEL 5 Testing', 'tag': 'dist-5E-epel-testing'},
+       )
+
+tags_to_name_map = {}
+for t in tags:
+    tags_to_name_map[t['tag']] = t['name']
--- a/roles/packages3/web/files/package_128x128.png
+++ b/roles/packages3/web/files/package_128x128.png
--- a/roles/packages3/web/files/packages-httpd.conf
+++ b/roles/packages3/web/files/packages-httpd.conf
@ -0,0 +1,62 @@
+LoadModule expires_module modules/mod_expires.so
+LoadModule headers_module modules/mod_headers.so
+LoadModule deflate_module modules/mod_deflate.so
+
+ExpiresActive On
+#ExpiresDefault "access plus 300 seconds"
+
+ErrorLog logs/fedoracommunity_error_log
+CustomLog logs/fedoracommunity_access_log combined
+
+AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css application/x-javascript
+
+# This caching may not necessarily be ideal, or even correct.
+# However, it was the only I could get firebug to show me 302's for
+# my ToscaWidget resources.
+<filesmatch ".(gif|jpe?g|png|css|js)$">
+   Header unset Cache-Control
+   Header unset Etag
+   Header add Cache-Control "max-age=2592000"
+   #ExpiresDefault A2592000
+</filesmatch>
+
+# we are deploying the packager app that is part of the new Fedora Community
+Alias /packages/css /usr/share/fedoracommunity/public/css
+Alias /packages/javascript /usr/share/fedoracommunity/public/javascript
+Alias /packages/images/icons /var/cache/fedoracommunity/packages/icons
+Alias /packages/images /usr/share/fedoracommunity/public/images
+Alias /packages/_res /usr/share/fedoracommunity/public/toscawidgets/resources/
+
+# Temporarily disabled until we can figure out how to get the moksha 
+# javascript resources pulled in with `python setup.py archive_tw_resources`
+#Alias /community/toscawidgets /usr/share/fedoracommunity/public/toscawidgets
+
+WSGIPythonEggs /var/cache/fedoracommunity/.python-eggs
+WSGIDaemonProcess fedoracommunity user=apache maximum-requests=50000 display-name=fedoracommunity processes=8 threads=4
+WSGISocketPrefix run/wsgi
+WSGIRestrictStdout Off
+WSGIRestrictSignal Off
+WSGIPythonOptimize 1
+
+WSGIScriptAlias /packages /usr/share/fedoracommunity/production/apache/fedoracommunity.wsgi
+
+#<Location /community>
+#  NSSOptions +StrictRequire
+#  NSSRequireSSL
+#  ErrorDocument 403 https://publictest16.fedoraproject.org/community
+#</Location>
+
+<Directory /usr/share/fedoracommunity/>
+  WSGIProcessGroup fedoracommunity
+  Order deny,allow
+  Allow from all
+</Directory>
+
+<Directory /var/cache/fedoracommunity/packages/icons/>
+  # If someone tries to access an icon that doesn't exist,
+  # then send them to the default icon.  This is used by
+  # fedmenu, which will request icons for packages that
+  # don't necessarily have them.  The UI will look weird
+  # unless those get magically redirected to a nice default.
+  ErrorDocument 404 https://apps.fedoraproject.org/packages/images/icons/package_128x128.png
+</Directory>
--- a/roles/packages3/web/files/packages-yum.conf
+++ b/roles/packages3/web/files/packages-yum.conf
@ -0,0 +1,269 @@
+[main]
+cachedir=/var/cache/fedoracommunity/packages/tmp/
+installroot=/var/cache/fedoracommunity/packages/tmp/
+keepcache=1
+debuglevel=2
+logfile=yum.log
+exactarch=0
+obsoletes=1
+gpgcheck=1
+plugins=0
+installonly_limit=3
+reposdir=
+cacheonly=1
+
+[rawhide-x86_64]
+name=Fedora - Rawhide - Developmental packages for the next Fedora release
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/development/rawhide/x86_64/os/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=rawhide&arch=x86_64
+enabled=0
+gpgcheck=0
+
+[rawhide-i686]
+name=Fedora - Rawhide - Developmental packages for the next Fedora release
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/development/rawhide/i386/os/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=rawhide&arch=i386
+enabled=0
+gpgcheck=0
+
+[rawhide-debuginfo-x86_64]
+name=Fedora - Rawhide - Debug
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/development/rawhide/x86_64/debug/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=rawhide-debug&arch=x86_64
+enabled=0
+gpgcheck=0
+
+[rawhide-source]
+name=Fedora - Rawhide - Source
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/development/rawhide/source/SRPMS/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=rawhide-source&arch=x86_64
+enabled=0
+gpgcheck=0
+
+[fedora-23-x86_64]
+name=Fedora 23
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/releases/23/Everything/x86_64/os/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=fedora-23&arch=x86_64
+enabled=0
+gpgcheck=0
+
+[fedora-23-updates-x86_64]
+name=Fedora 23 - Updates
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/23/x86_64/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f23&arch=x86_64
+enabled=0
+gpgcheck=0
+
+[fedora-23-testing-x86_64]
+name=Fedora 23 - Testing
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/testing/23/x86_64/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f23&arch=x86_64
+enabled=0
+gpgcheck=0
+
+[fedora-23-i686]
+name=Fedora 23
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/releases/23/Everything/i386/os/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=fedora-23&arch=i386
+enabled=0
+gpgcheck=0
+
+[fedora-23-updates-i686]
+name=Fedora 23 - Updates
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/23/i386/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f23&arch=i386
+enabled=0
+gpgcheck=0
+
+[fedora-23-testing-i686]
+name=Fedora 23 - Testing
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/testing/23/i386/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f23&arch=i386
+enabled=0
+
+
+[fedora-22-x86_64]
+name=Fedora 22
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/releases/22/Everything/x86_64/os/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=fedora-22&arch=x86_64
+enabled=0
+gpgcheck=0
+
+[fedora-22-updates-x86_64]
+name=Fedora 22 - Updates
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/22/x86_64/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f22&arch=x86_64
+enabled=0
+gpgcheck=0
+
+[fedora-22-testing-x86_64]
+name=Fedora 22 - Testing
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/testing/22/x86_64/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f22&arch=x86_64
+enabled=0
+gpgcheck=0
+
+[fedora-22-i686]
+name=Fedora 22
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/releases/22/Everything/i386/os/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=fedora-22&arch=i386
+enabled=0
+gpgcheck=0
+
+[fedora-22-updates-i686]
+name=Fedora 22 - Updates
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/22/i386/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f22&arch=i386
+enabled=0
+gpgcheck=0
+
+[fedora-22-testing-i686]
+name=Fedora 22 - Testing
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/testing/22/i386/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f22&arch=i386
+enabled=0
+
+
+
+[fedora-21-x86_64]
+name=Fedora 21
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/releases/21/Everything/x86_64/os/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=fedora-21&arch=x86_64
+enabled=0
+gpgcheck=0
+
+[fedora-21-updates-x86_64]
+name=Fedora 21 - Updates
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/21/x86_64/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f21&arch=x86_64
+enabled=0
+gpgcheck=0
+
+[fedora-21-testing-x86_64]
+name=Fedora 21 - Testing
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/testing/21/x86_64/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f21&arch=x86_64
+enabled=0
+gpgcheck=0
+
+[fedora-21-i686]
+name=Fedora 21
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/releases/21/Everything/i386/os/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=fedora-21&arch=i386
+enabled=0
+gpgcheck=0
+
+[fedora-21-updates-i686]
+name=Fedora 21 - Updates
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/21/i386/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f21&arch=i386
+enabled=0
+gpgcheck=0
+
+[fedora-21-testing-i686]
+name=Fedora 21 - Testing
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/testing/21/i386/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f21&arch=i386
+enabled=0
+
+[epel-5-x86_64]
+name=EPEL 5
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/epel/5/x86_64/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-5&arch=x86_64
+enabled=0
+gpgcheck=0
+
+[epel-5-testing-x86_64]
+name=EPEL 5 - Testing
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/epel/testing/5/x86_64/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=testing-epel5&arch=x86_64
+enabled=0
+gpgcheck=0
+
+[epel-5-i686]
+name=EPEL 5
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/epel/5/i386/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-5&arch=i386
+enabled=0
+gpgcheck=0
+
+[epel-5-testing-i686]
+name=EPEL 5 - Testing
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/epel/testing/5/i386/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=testing-epel5&arch=i386
+enabled=0
+gpgcheck=0
+
+[epel-6-x86_64]
+name=EPEL 6
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/epel/6/x86_64/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=x86_64
+enabled=0
+gpgcheck=0
+
+[epel-6-testing-x86_64]
+name=EPEL 6 - Testing
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/epel/testing/6/x86_64/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=testing-epel6&arch=x86_64
+enabled=0
+gpgcheck=0
+
+[epel-6-i686]
+name=EPEL 6
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/epel/6/i386/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=i386
+enabled=0
+gpgcheck=0
+
+[epel-6-testing-i686]
+name=EPEL 6 - Testing
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/epel/testing/6/i386/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=testing-epel6&arch=i386
+enabled=0
+gpgcheck=0
+
+[epel-7-x86_64]
+name=EPEL 7
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/epel/7/x86_64/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=x86_64
+enabled=0
+gpgcheck=0
+
+[epel-7-testing-x86_64]
+name=EPEL 7 - Testing
+failovermethod=priority
+baseurl=http://download01.phx2.fedoraproject.org/pub/epel/testing/7/x86_64/
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=testing-epel7&arch=x86_64
+enabled=0
+gpgcheck=0
--- a/roles/packages3/web/files/sync-yum
+++ b/roles/packages3/web/files/sync-yum
@ -0,0 +1,34 @@
+#!/bin/bash
+
+LOCKFILE=/var/cache/fedoracommunity/fedora-packages-yum.lock
+
+rebuild=$(cat <<"EOF"
+echo 'Trying makecache.'
+/usr/bin/yum makecache -c /etc/fedoracommunity/yum-repo.conf --enablerepo=*
+echo 'Releasing $LOCKFILE'
+EOF
+)
+nuke_and_rebuild=$(cat <<"EOF"
+echo 'Nuking.'
+rm /var/cache/fedoracommunity/packages/tmp/var/lib/rpm/__db.*
+/usr/bin/rpmdb --root=/var/cache/fedoracommunity/packages/tmp/var/lib/rpm --rebuilddb
+echo 'Trying makecache again now.'
+/usr/bin/yum makecache -c /etc/fedoracommunity/yum-repo.conf --enablerepo=*
+echo 'Releasing $LOCKFILE'
+EOF
+)
+
+
+echo "Acquiring $LOCKFILE..."
+flock $LOCKFILE -c "$rebuild"
+
+
+# If it failed, then try to nuke and rebuild the rpmdb first.
+if [ $? -eq 1 ] ; then
+    echo 'makecache failed... sleeping for 10 seconds.'
+    sleep 10
+    echo 'Waking.  Now trying to rebuild the rpmdb.'
+
+    echo "Acquiring $LOCKFILE..."
+    flock $LOCKFILE -c "$nuke_and_rebuild"
+fi
--- a/roles/packages3/web/tasks/main.yml
+++ b/roles/packages3/web/tasks/main.yml
@ -0,0 +1,177 @@
+---
+# Configuration for the fedora-packages webapp
+
+- name: install needed packages
+  yum: pkg={{ item }} state=present
+  with_items:
+  - fedora-packages
+  - python-psycopg2
+  - python-memcached
+  - python-sqlalchemy0.8
+  - redis
+  tags:
+  - packages
+  - packages/web
+
+- name: Create some directories
+  file: path={{ item }} state=directory owner=apache group=apache mode=755
+  with_items:
+  - /etc/fedoracommunity
+  - /etc/fedoracommunity/yum_cache.repos.d
+  - /var/cache/fedoracommunity  # the gluster role usually creates this one
+  - /var/log/fedoracommunity
+  tags:
+  - packages
+  - packages/web
+
+- name: Create some more locked down directories
+  file: path={{ item }} state=directory owner=apache group=apache mode=700
+  with_items:
+  - /etc/pki/fedoracommunity
+  tags:
+  - packages
+  - packages/web
+
+- name: Copy over the app config
+  template: >
+    src=packages-app.ini.j2
+    dest=/etc/fedoracommunity/production.ini
+    owner=apache group=apache mode=0600
+  notify:
+  - reload httpd
+  - restart fcomm-cache-worker
+  tags:
+  - packages
+  - packages/web
+
+- name: Copy over the httpd config
+  copy: >
+    src=packages-httpd.conf
+    dest=/etc/httpd/conf.d/fedora-packages.conf
+    owner=root group=root mode=644
+  notify:
+  - reload httpd
+  tags:
+  - packages
+  - packages/web
+
+- name: Copy over the yum config
+  copy: >
+    src=packages-yum.conf
+    dest=/etc/fedoracommunity/yum-repo.conf
+    owner=root group=root mode=0644
+  notify:
+  - reload httpd
+  - restart fcomm-cache-worker
+  tags:
+  - packages
+  - packages/web
+
+- name: Copy over certs/public-keys, probably for talking with koji.
+  copy: >
+    src="{{private}}/files/packages/fedora-ca.cert"
+    dest="/etc/pki/fedoracommunity/{{item}}"
+    owner=apache
+    group=apache
+    mode=0644
+  with_items:
+  - fedora-server-ca.cert
+  - fedora-upload-ca.cert
+  tags:
+  - packages
+  - packages/web
+
+- name: permanently hotfix the distmappings file
+  copy: >
+    src=distmappings.py
+    dest="{{pythonsitelib}}/fedoracommunity/search/distmappings.py"
+    owner=root group=root mode=0644
+  notify:
+  - reload httpd
+  - restart fcomm-cache-worker
+  tags:
+  - packages
+  - packages/web
+
+- name: start some helper services
+  service: name="{{item}}" state=started enabled=yes
+  with_items:
+  - redis
+  - fcomm-cache-worker
+  tags:
+  - packages
+  - packages/web
+
+# Here's the indexer stuff
+- name: Create cache structure
+  file: >
+    dest="/var/cache/fedoracommunity/{{item}}"
+    state=directory
+    owner=apache
+    group=apache
+    mode=0755
+  with_items:
+  - packages
+  - rpm_cache
+  - git.fedoraproject.org
+  - packages/icons
+  - packages/xapian
+  - packages/xapian/search
+  - packages/xapian/versionmap
+  - packages/tmp
+  - packages/tmp/icons
+  - packages/tmp/rpms
+  - packages/tmp/search
+  - packages/tmp/versionmap
+  - packages/tmp/var
+  - packages/tmp/yum-cache
+  when: install_packages_indexer
+  tags:
+  - packages
+  - packages/web
+
+- name: Copy over the default icon
+  copy: >
+    src=package_128x128.png
+    dest=/var/cache/fedoracommunity/packages/icons/package_128x128.png
+    owner=root mode=644 setype=fusefs_t
+  when: install_packages_indexer
+  tags:
+  - packages
+  - packages/web
+  - icon
+
+- name: Copy some scripts for /usr/local
+  copy: src="{{item}}" dest="/usr/local/bin/{{item}}" mode=0755
+  with_items:
+  - sync-yum
+  when: install_packages_indexer
+  tags:
+  - packages
+  - packages/web
+
+- name: Copy the indexer cronjobs
+  copy: src="{{item}}" dest="/etc/cron.d/{{item}}"
+  with_items:
+  - cron-sync-yum
+  - cron-sync-latest-builds
+  - cron-sync-package-index
+  - cron-flush-pkgs-cache
+  when: install_packages_indexer
+  tags:
+  - packages
+  - packages/web
+
+# Lastly, here's some selinux stuff.
+
+- name: set some selinux booleans
+  seboolean: name={{item}} persistent=yes state=yes
+  with_items:
+  - httpd_tmp_exec
+  - httpd_can_network_memcache
+  - httpd_can_network_connect
+  - httpd_use_fusefs
+  tags:
+  - packages
+  - packages/web
+  - selinux
--- a/roles/packages3/web/templates/packages-app.ini.j2
+++ b/roles/packages3/web/templates/packages-app.ini.j2
@ -0,0 +1,254 @@
+##
+## Fedora Community Production configuration
+##
+## $Id: fedoracommunity-prod.ini.erb,v 1.0 2009/05/03 23:38:07 johnp Exp $
+##
+
+[DEFAULT]
+profile = false
+debug = false
+profile.connectors = false
+profile.dir = /var/log/fedoracommunity/profile
+
+# This is required to avoid a 404 error on, e.g. /packages/python-webob1.2
+disable_request_extensions = True
+
+#email_to = lmacken@redhat.com rbean@redhat.com
+#smtp_server = gateway
+#error_email_from = fedoracommunity@fedoraproject.org
+
+fedoracommunity.extensions_dir = {{ pythonsitelib }}/fedoracommunity/plugins/extensions
+
+fedoracommunity.connector.kojihub.baseurl = http://koji.fedoraproject.org/kojihub
+fedoracommunity.connector.bugzilla.baseurl = https://bugzilla.redhat.com/xmlrpc.cgi
+fedoracommunity.connector.bugzilla.cookiefile = /var/cache/fedoracommunity/bugzillacookies
+{% if env == "staging" %}
+fedoracommunity.connector.fas.baseurl = https://admin.stg.fedoraproject.org/accounts/
+fedoracommunity.connector.bodhi.baseurl = https://bodhi.stg.fedoraproject.org/
+fedoracommunity.connector.pkgdb.baseurl = https://admin.stg.fedoraproject.org/pkgdb
+{% else %}
+fedoracommunity.connector.fas.baseurl = https://admin.fedoraproject.org/accounts/
+fedoracommunity.connector.bodhi.baseurl = https://bodhi.fedoraproject.org/
+fedoracommunity.connector.pkgdb.baseurl = https://admin.fedoraproject.org/pkgdb
+{% endif %}
+
+fedoracommunity.rpm_cache = /var/cache/fedoracommunity/rpm_cache/
+
+fedoracommunity.connector.xapian.package-search.db = /var/cache/fedoracommunity/packages/xapian/search
+
+fedoracommunity.connector.xapian.versionmap.db = /var/cache/fedoracommunity/packages/xapian/versionmap
+fedoracommunity.resource_path_prefix = /packages/_res/
+
+fedoracommunity.connector.yum.conf = /etc/fedoracommunity/yum-repo.conf
+yumlock = /var/cache/fedoracommunity/fedora-packages-yum
+
+# Git settings
+git_repo_path = /var/cache/fedoracommunity/git.fedoraproject.org
+
+# FAS is locked down so we need a minimal user inorder to get public user info
+# to unauthenticated users.  You need to get a locked down account for this
+# and fill in the user info here.  Never check this file into git  with
+# this information filled in
+fedoracommunity.connector.fas.minimal_user_name={{ fcommFasUser }}
+fedoracommunity.connector.fas.minimal_user_password={{ fcommFasPassword }} 
+
+# This is insecure, use only for testing
+fedora.clients.check_certs = True
+
+# URL for getting message history
+{% if env == "staging" %}
+datagrepper_url = https://apps.stg.fedoraproject.org/datagrepper/raw
+{% else %}
+datagrepper_url = https://apps.fedoraproject.org/datagrepper/raw
+{% endif %}
+
+##
+## Moksha-specific configuration options
+##
+
+# Where to store the feed caches.
+#
+{% if env == "staging" %}
+feed_cache = postgres://fedoracommunity:{{ fcommFeedCacheDBPassword }}@db-community.stg/fedoracommunity_feed_cache
+stats_cache = postgres://fedoracommunity:{{ fcommFeedCacheDBPassword }}@db-community.stg/fedoracommunity_stats_cache
+{% else %}
+feed_cache = postgres://fedoracommunity:{{ fcommFeedCacheDBPassword }}@db-community/fedoracommunity_feed_cache
+stats_cache = postgres://fedoracommunity:{{ fcommFeedCacheDBPassword }}@db-community/fedoracommunity_stats_cache
+{% endif %}
+
+#
+# Feed Streamer settings
+#
+# Max age (in seconds) of each feed in the cache
+feed.max_age = 900
+
+# Timeout in seconds for the web request
+feed.timeout = 30
+
+# The number of simultaneous connections
+feed.deferred_groups = 10
+
+# Where to initialize and store our application databases.  %s is the app name.
+app_db = sqlite:///%s.db
+
+# The location of our Orbited server
+orbited_host = localhost
+orbited_port = 9000
+
+# Stomp broker configuration.
+stomp_broker = localhost
+stomp_port = 61613
+stomp_user = guest
+stomp_pass = guest
+
+# Optional AMQP Broker.
+#amqp_broker = guest/guest@localhost
+
+# Documentation directory
+docs_dir = /srv/moksha/docs
+
+# Moksha chat configuration
+
+# Use a built-in IRC server
+#chat.backend = irc://localhost:9999
+#chat.builtin = true
+#chat.backend = irc://irc.freenode.net:6667
+#chat.rooms = default
+#chat.default.staticRoomName = moksha
+#chat.default.roomAssignmentMode = static
+#chat.default.display.greeting = Moksha Chat
+#chat.default.display.floating = true
+#chat.default.display.floatingToggle = false
+#chat.default.display.width = 400
+#chat.default.display.height = 300
+#chat.default.display.theme = simple
+#chat.default.display.resizable = true
+
+moksha.extensionpoints=True
+moksha.csrf_protection = False
+moksha.csrf.login_handler = /login_handler
+moksha.csrf.trusted_domains = admin.fedoraproject.org
+
+moksha.use_tw2 = True
+moksha.livesocket = False
+
+cache.bugzilla.backend=dogpile.cache.memcached
+cache.bugzilla.expiration_time=300
+cache.bugzilla.arguments.url=memcached02:11211
+cache.bugzilla.arguments.distributed_lock=True
+cache.connectors.backend=dogpile.cache.memcached
+cache.connectors.expiration_time=300
+cache.connectors.arguments.url=memcached02:11211
+cache.connectors.arguments.distributed_lock=True
+
+# For the cache worker daemon
+cache-worker.pidfile = /var/run/fedoracommunity/fcomm-cache-worker.pid
+cache-worker.logfile = /var/log/fedoracommunity/fcomm-cache-worker.log
+# If there are any issues with threads, see the discussion here
+# https://github.com/fedora-infra/fedora-packages/issues/10
+cache-worker.threads = 2
+
+[server:main]
+use = egg:Paste#http
+host = 0.0.0.0
+port = 8080
+
+[app:main]
+use = egg:fedoracommunity
+full_stack = true
+#lang = ru
+#cache_dir = /var/cache/fedoracommunity/data
+beaker.session.key = fedoracommunity
+beaker.session.secret = {{ fcommBeakerSessionSecret }}
+
+beaker.cache.type = ext:memcached
+beaker.cache.url = memcached01:11211
+beaker.cache.lock_dir = /var/cache/fedoracommunity/beaker
+
+# If you'd like to fine-tune the individual locations of the cache data dirs
+# for the Cache data, or the Session saves, un-comment the desired settings
+# here:
+#beaker.cache.data_dir = %(here)s/data/cache
+#beaker.session.data_dir = %(here)s/data/sessions
+
+# pick the form for your database
+# %(here) may include a ':' character on Windows environments; this can
+# invalidate the URI when specifying a SQLite db via path name
+sqlalchemy.url=postgres://moksha:m0ksh4@localhost/moksha
+# sqlalchemy.url=mysql://username:password@hostname:port/databasename
+
+# If you have sqlite, here's a simple default to get you started
+# in development
+
+#sqlalchemy.url = sqlite:///%(here)s/devdata.db
+sqlalchemy.echo = true
+sqlalchemy.echo_pool = false
+sqlalchemy.pool_recycle = 3600
+
+sqlalchemy.pool_size=1
+sqlalchemy.max_overflow=2
+
+# WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT*
+# Debug mode will enable the interactive debugging tool, allowing ANYONE to
+# execute malicious code after an exception is raised.
+set debug = false
+
+# Logging configuration
+# Add additional loggers, handlers, formatters here
+# Uses python's logging config file format
+# http://docs.python.org/lib/logging-config-fileformat.html
+
+[loggers]
+keys = root, moksha, sqlalchemy, tg, auth, pylons
+
+[handlers]
+keys = console
+
+[formatters]
+keys = generic
+
+# If you create additional loggers, add them as a key to [loggers]
+[logger_root]
+level = WARN
+handlers = console
+
+[logger_moksha]
+level = WARN
+handlers =
+qualname = moksha
+
+[logger_tg]
+level = WARN
+handlers =
+qualname = tg
+
+# repoze.who is noisy by default
+[logger_auth]
+level = WARN
+handlers =
+qualname = auth
+
+[logger_pylons]
+level = WARN
+handlers =
+qualname = pylons
+
+[logger_sqlalchemy]
+level = WARN
+handlers =
+qualname = sqlalchemy.engine
+# "level = INFO" logs SQL queries.
+# "level = DEBUG" logs SQL queries and results.
+# "level = WARN" logs neither.  (Recommended for production systems.)
+
+# If you create additional handlers, add them as a key to [handlers]
+[handler_console]
+class = StreamHandler
+args = (sys.stderr,)
+level = NOTSET
+formatter = generic
+
+# If you create additional formatters, add them as a key to [formatters]
+[formatter_generic]
+format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
+datefmt = %H:%M:%S
--- a/roles/packages3/web/vars/main.yml
+++ b/roles/packages3/web/vars/main.yml
@ -0,0 +1 @@
+pythonsitelib: /usr/lib/python2.6/site-packages
				`@ -0,0 +1 @@`
				`0 2 * * * apache /usr/bin/find /var/cache/fedoracommunity/git.fedoraproject.org -mindepth 1 -maxdepth 1 -type d -exec rm -rf {} \; >> /var/log/fedoracommunity/cron-flush-pkgs-cache.log 2>&1`
				`@ -0,0 +1 @@`
				`/15 * * * apache /usr/bin/fcomm-index-latest-builds -p /var/cache/fedoracommunity/packages/xapian --koji-url http://koji.fedoraproject.org/kojihub >> /var/log/fedoracommunity/cron-sync-latest-builds.log 2>&1`
				`@ -0,0 +1,2 @@`
				`0 0 * * * apache /usr/bin/fcomm-index-packages -p /var/cache/fedoracommunity/packages/tmp -y /etc/fedoracommunity/yum-repo.conf --index-db-dest /var/cache/fedoracommunity/packages/xapian --icons-dest /var/cache/fedoracommunity/packages/icons --tagger-url https://apps.fedoraproject.org/tagger/api/v1/tag/export/ --pkgdb-url https://admin.fedoraproject.org/pkgdb >> /var/log/fedoracommunity/cron-sync-package-index.log 2>&1`
				`@ -0,0 +1 @@`
				`/15 * * * apache /usr/local/bin/sync-yum >> /var/log/fedoracommunity/cron-sync-yum.log 2>&1`
				`@ -0,0 +1 @@`
				`pythonsitelib: /usr/lib/python2.6/site-packages`