From 927bea9201ebfedb46b6a108c7bc7be0a7e90df8 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Tue, 17 Nov 2015 15:47:33 +0000 Subject: [PATCH] Make a copy of the packages/ role to mess with in staging. --- playbooks/groups/packages.yml | 26 +- roles/packages3/bugz.fp.o/files/bugz.conf | 5 + roles/packages3/bugz.fp.o/tasks/main.yml | 9 + .../packages3/web/files/cron-flush-pkgs-cache | 1 + .../web/files/cron-sync-latest-builds | 1 + .../web/files/cron-sync-package-index | 2 + roles/packages3/web/files/cron-sync-yum | 1 + .../packages3/web/files/cron_fcomm_log_rotate | 24 ++ roles/packages3/web/files/distmappings.py | 28 ++ roles/packages3/web/files/package_128x128.png | Bin 0 -> 12266 bytes roles/packages3/web/files/packages-httpd.conf | 62 ++++ roles/packages3/web/files/packages-yum.conf | 269 ++++++++++++++++++ roles/packages3/web/files/sync-yum | 34 +++ roles/packages3/web/tasks/main.yml | 177 ++++++++++++ .../web/templates/packages-app.ini.j2 | 254 +++++++++++++++++ roles/packages3/web/vars/main.yml | 1 + 16 files changed, 890 insertions(+), 4 deletions(-) create mode 100644 roles/packages3/bugz.fp.o/files/bugz.conf create mode 100644 roles/packages3/bugz.fp.o/tasks/main.yml create mode 100644 roles/packages3/web/files/cron-flush-pkgs-cache create mode 100644 roles/packages3/web/files/cron-sync-latest-builds create mode 100644 roles/packages3/web/files/cron-sync-package-index create mode 100644 roles/packages3/web/files/cron-sync-yum create mode 100644 roles/packages3/web/files/cron_fcomm_log_rotate create mode 100644 roles/packages3/web/files/distmappings.py create mode 100644 roles/packages3/web/files/package_128x128.png create mode 100644 roles/packages3/web/files/packages-httpd.conf create mode 100644 roles/packages3/web/files/packages-yum.conf create mode 100644 roles/packages3/web/files/sync-yum create mode 100644 roles/packages3/web/tasks/main.yml create mode 100644 roles/packages3/web/templates/packages-app.ini.j2 create mode 100644 roles/packages3/web/vars/main.yml diff --git a/playbooks/groups/packages.yml b/playbooks/groups/packages.yml index b0990a8072..59fdcf0c13 100644 --- a/playbooks/groups/packages.yml +++ b/playbooks/groups/packages.yml @@ -10,7 +10,7 @@ user: root gather_facts: True - vars_files: + vars_files: - /srv/web/infra/ansible/vars/global.yml - "/srv/private/ansible/vars.yml" - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml @@ -85,12 +85,12 @@ handlers: - include: "{{ handlers }}/restart_services.yml" -- name: dole out the service specific config - hosts: packages;packages-stg +- name: dole out the old service specific config + hosts: packages user: root gather_facts: True - vars_files: + vars_files: - /srv/web/infra/ansible/vars/global.yml - "/srv/private/ansible/vars.yml" - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml @@ -102,3 +102,21 @@ handlers: - include: "{{ handlers }}/restart_services.yml" + +- name: dole out the new service specific config to staging + hosts: packages-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - fedmsg/base + - fedmsg/hub + - packages3/web + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/roles/packages3/bugz.fp.o/files/bugz.conf b/roles/packages3/bugz.fp.o/files/bugz.conf new file mode 100644 index 0000000000..f8d5463acf --- /dev/null +++ b/roles/packages3/bugz.fp.o/files/bugz.conf @@ -0,0 +1,5 @@ +RewriteEngine On +RewriteMap lowercase int:tolower + +RewriteRule ^/(.+) https://apps.fedoraproject.org/packages/$1/bugs/all [R,L] +RewriteRule ^/$ https://bugzilla.redhat.com/ [R,L] diff --git a/roles/packages3/bugz.fp.o/tasks/main.yml b/roles/packages3/bugz.fp.o/tasks/main.yml new file mode 100644 index 0000000000..675232eda7 --- /dev/null +++ b/roles/packages3/bugz.fp.o/tasks/main.yml @@ -0,0 +1,9 @@ +- copy: > + src=bugz.conf dest=/etc/httpd/conf.d/{{website}}/bugz.conf + owner=root group=root mode=0644 + notify: + - reload httpd + tags: + - packages + - packages/proxy + - packages/bugz.fp.o diff --git a/roles/packages3/web/files/cron-flush-pkgs-cache b/roles/packages3/web/files/cron-flush-pkgs-cache new file mode 100644 index 0000000000..a4e1f0aee5 --- /dev/null +++ b/roles/packages3/web/files/cron-flush-pkgs-cache @@ -0,0 +1 @@ +0 2 * * * apache /usr/bin/find /var/cache/fedoracommunity/git.fedoraproject.org -mindepth 1 -maxdepth 1 -type d -exec rm -rf {} \; >> /var/log/fedoracommunity/cron-flush-pkgs-cache.log 2>&1 diff --git a/roles/packages3/web/files/cron-sync-latest-builds b/roles/packages3/web/files/cron-sync-latest-builds new file mode 100644 index 0000000000..e97b6d35fa --- /dev/null +++ b/roles/packages3/web/files/cron-sync-latest-builds @@ -0,0 +1 @@ +*/15 * * * * apache /usr/bin/fcomm-index-latest-builds -p /var/cache/fedoracommunity/packages/xapian --koji-url http://koji.fedoraproject.org/kojihub >> /var/log/fedoracommunity/cron-sync-latest-builds.log 2>&1 diff --git a/roles/packages3/web/files/cron-sync-package-index b/roles/packages3/web/files/cron-sync-package-index new file mode 100644 index 0000000000..8b76c84dc0 --- /dev/null +++ b/roles/packages3/web/files/cron-sync-package-index @@ -0,0 +1,2 @@ +0 0 * * * apache /usr/bin/fcomm-index-packages -p /var/cache/fedoracommunity/packages/tmp -y /etc/fedoracommunity/yum-repo.conf --index-db-dest /var/cache/fedoracommunity/packages/xapian --icons-dest /var/cache/fedoracommunity/packages/icons --tagger-url https://apps.fedoraproject.org/tagger/api/v1/tag/export/ --pkgdb-url https://admin.fedoraproject.org/pkgdb >> /var/log/fedoracommunity/cron-sync-package-index.log 2>&1 + diff --git a/roles/packages3/web/files/cron-sync-yum b/roles/packages3/web/files/cron-sync-yum new file mode 100644 index 0000000000..b5080e0ef1 --- /dev/null +++ b/roles/packages3/web/files/cron-sync-yum @@ -0,0 +1 @@ +*/15 * * * * apache /usr/local/bin/sync-yum >> /var/log/fedoracommunity/cron-sync-yum.log 2>&1 diff --git a/roles/packages3/web/files/cron_fcomm_log_rotate b/roles/packages3/web/files/cron_fcomm_log_rotate new file mode 100644 index 0000000000..cd2e6244ff --- /dev/null +++ b/roles/packages3/web/files/cron_fcomm_log_rotate @@ -0,0 +1,24 @@ +/var/log/fedoracommunity/cron-sync-latest-builds.log { + missingok + notifempty + rotate 4 + weekly +} +/var/log/fedoracommunity/cron-sync-package-builds.log { + missingok + notifempty + rotate 4 + weekly +} +/var/log/fedoracommunity/cron-sync-yum.log { + missingok + notifempty + rotate 4 + weekly +} +/var/log/fedoracommunity/cron-flush-pkgs-cache.log { + missingok + notifempty + rotate 4 + weekly +} diff --git a/roles/packages3/web/files/distmappings.py b/roles/packages3/web/files/distmappings.py new file mode 100644 index 0000000000..5713d8f38c --- /dev/null +++ b/roles/packages3/web/files/distmappings.py @@ -0,0 +1,28 @@ +# Global list of koji tags we care about +tags = ({'name': 'Rawhide', 'tag': 'f24'}, + + {'name': 'Fedora 23', 'tag': 'f23:updates'}, + {'name': 'Fedora 23', 'tag': 'f23'}, + {'name': 'Fedora 23 Testing', 'tag': 'f23-updates-testing'}, + + {'name': 'Fedora 22', 'tag': 'f22-updates'}, + {'name': 'Fedora 22', 'tag': 'f22'}, + {'name': 'Fedora 22 Testing', 'tag': 'f22-updates-testing'}, + + {'name': 'Fedora 21', 'tag': 'f21-updates'}, + {'name': 'Fedora 21', 'tag': 'f21'}, + {'name': 'Fedora 21 Testing', 'tag': 'f21-updates-testing'}, + + {'name': 'EPEL 7', 'tag': 'epel7'}, + {'name': 'EPEL 7 Testing', 'tag': 'epel7-testing'}, + + {'name': 'EPEL 6', 'tag': 'dist-6E-epel'}, + {'name': 'EPEL 6 Testing', 'tag': 'dist-6E-epel-testing'}, + + {'name': 'EPEL 5', 'tag': 'dist-5E-epel'}, + {'name': 'EPEL 5 Testing', 'tag': 'dist-5E-epel-testing'}, + ) + +tags_to_name_map = {} +for t in tags: + tags_to_name_map[t['tag']] = t['name'] diff --git a/roles/packages3/web/files/package_128x128.png b/roles/packages3/web/files/package_128x128.png new file mode 100644 index 0000000000000000000000000000000000000000..d566f361a293b665c83333df04fd141224bf4af6 GIT binary patch literal 12266 zcmVPx#24YJ`L;(K){{a7>y{D4^000SaNLh0L01ejw01ejxLMWSf00007bV*G`2ipoC z6elHo33RFe03ZNKL_t(|+URDSl`LtjfbjD@H=U%2x%e6i85myaI_5LK5=g-rU^ezRo?b zz2+GGW6rtOm~+j2&bc=v=O&&FJNur!_gZ_cHD15*8)J?I>^ycJJCEVxw)b5L0JuHA z?mYexK5l>S56*Q8am`gb7vvwE0{rjSyzaJZuKLWa*Ic=~d+(Y@mq*|oF;9P-II#xj z_^FQR=xy)2@;3nB2`_jzzVO}`%Vj^bN#xa=rJzx5hmwx3-fBXZNB;ntD^-FdX z;L-TtX5k3M%fv*)%y5p?IX<75KmWz|{=lDq=6}6n{G_M|w_g2&I|}eSW%uJ418|TzD{M`#{Yil?E(ZBuA0C3S2{{y$Y`$hQhhrjEQ6XtfrJpJ*(|MFeu zUGhzr?x%JM1VB{)Rj5jMil`Ss>pgid5Z}Jw8(w=a_E){Cob@)c|nGRqw}N|JI9fgq3zW?})*ZdJKdD#c>xpzK)M*+6g zoqy~tgZI9C-CL{Qz2u5NiC2iDA%gZGkw%TvQPZGt{HD*n`}50RX^ffA@QLFu+6o*ni#IasD%ZWbpp2AO7Xt<7W1`qV#-fnzvo>?LYc=8|~-z z5B;=`CWql108KzJ#{wNVga9HCRUm*wcoA(|PpubtX>ag?=Uw{BKRXBjpZ)LOjio2}o7e)vP%a_t_GRPa}>e-j?_w4dtZ7>7u9=SSXhhI4wk55WeMD8RtFuf7^zy6ErlPcD6P_g)hIJs$1HcVh)A_ovbnTaN?zU`C0_1s^Emw$HYkNo8)0O0!HybMo!-CzCVRe%RR_6s=U zJASSgz!g^j0PeW%m(QN@e7O)k2f*bZetfVv2ADu_07#jMqM#!{L-;#DcPIdmLP@c* zcI=)_4`^oBZCFwhF$vg`7obi_)V|LIM@$5O;j|^}T~}Ox{o5|PPFnrmr@ij4jsw8; zzww=T+K+zp(TxG*>YvBwo^k?Dz4*<8&+hquKlcpg=Gm&a4CJ0o@sdS%3J`;cG`<01 zXYzAG%G;CGc6tCn1ZX|**ra3EM}G_eu6@g8m|ZxGZ+Xq9AKf7E{ty4uc@vB-SI~0^ zbh#3JO%O06xpg9r!X^+i01ieCMp6zXYo$pU*jQ$;M(C)?k(awH1$c_1JpjWhs{>`yKA1bs974c_?K=Bxq z2n{oF128qpM6?e7dmn%6Gv73UKJQs?`1nl#aP5EnHazPm{`T}&fE)h!wYd11?+6z3 zr>}ebXxx04f-hs{%ZTWFB^TK<7X`)&BBB(_JJ9B!l!VKXZ0Q9bE*|%mo+&}k)OAY1 zF$O?7QAgpUCVT+UwG#))%>c6AJIzj+Hp2qcWdt1-NJ^ptB7&d?jLeJ%ASMM9bkgE6 zG-+?V_Sc^NXU}}{<^PhN`%CTbymlX6`HsVPgn-tszkFftEWod*lA~a;3?(KGxmn?+T~}Zk3g30^HBqk7a~KO}vpp9$AiCkm z;X7qz$7sg0^W&K@W@knij~X=WIz39reX?>C&4|>mQ7~xjvdM?U3n&z%1P*B|p-~V) zcP;Ls^UvCMC2;u7r*$ph%m3%c0RVHe^RIWTP)cR9E(G^h4~~L%#$sJv_>{Z=$L}Q1 z5uY3tfbHMuH~KK4U=TZk5=|x(h;IQEFcgjjjseF&!$89d$AqStNeN^M8{v3TJz!dm zAbm!C!3bR;37xW22S6yxWQYLg7>is3~d?F1?wq#gth zA^{_RI!9=BKNiixSx~>;RsRgJ)Co1O6e9BiR!LATByp}JCTuY?96@*QUOe+xUx@R6 z__vRo-qpayxfd_Y%|TTN>7pdBX*~d0i|1Y;I?Hz*m8v~p?6+r{D)fjmV%ES>`3M~U z?Y)Pphe`{T7LXPY4`|!Jr!8h@7x34A`rmN>5@G&=XTi6M-15mmqX)0rm0OD?w5O->%~+-~4p=Be&p&Yu}F(x({=Y z`&PK|LQs-U36g*@@B+0^QTGBEdV#JNk!W^y1`BfwZv=qfdF8&-GYh!xU9Wid`Hy}4 zhj)!uRYeHof)J7dFq`;otU8iA3FHOAIg{qm5GxR(2SF!zH7R2U!V>6=7oM4M&z-m8 z=zVu%VPO`#=4LQAGs0-(0^3(4gcQTb`q4YF|Bipag!kf%$2<||J?3k$cK^-rYfBO2 zXdU&dY)&3^89|*q5)rJed)~3d-la(b^#w$GJ>sP0UBTdiUz<;G(SI!xrO;R zhHPNp=@kM#_Rg0)_puj#<6kT`%PM|C)(Vr0?*SlJ+&_2mzZWp)ynYb|f_HI9b$?Af zfUN^$BoUz*&Eb|${{_~Tk6~ecY(fBoiDLpvy(C>Ef^3)UuH?>TUgZoB1+U;Bpt+1`Fy5kZc|FWR-R09`&t9of-c z_~h=({5*Hx3hUa76cIe&2NKW>ia;hbn7Tk0LIQ zf;`RzZ3!SU(T)hr4emWoXk`%#I*WOk!E8H5({R^abkf&A0oC1*bH5gH|K~xg_u-3Q zxEtqP@I)*uc(ljvNv$Cp7m_-5FfSzaoB+|n{2b=z=H3Y4XaC|qorCB7%E9eb0GfXR zuKV4WfA5~N&WB%H(pbg|8jqUbd&ATSbb6wPhe9Wq6p?%3Bc+y~N2_yj~Cd`I~ zlGI58?ocu~l0#Hf1Gx`1_Pwrj41gOf-}fafEba!)jxd@VV~!d$jRWhc!J=5$g?L3P zf*BR8t$Wbi*;v$NkQ~SDcdX#7b1%TI(JI;#_Zb0)hEwYWV%@pw1soF=_w2^P%=;7Lc@dZr9$Ij$HsQ!TL=}Hd#Go-8?-}gwopc^so!#8FT0=Rl}@-q+kvMr@(F$ zkb3gl(AeZ*yLnIkNeR@2o+AJPCIzd<@}$AxCB@?W2x~{~#9jN3;Ap!CZf=gYo--#Hh;uO3m8>*VpgsMB}gEtb}^vTo)LT=W*H z7og9Vt?)agqn>0UFnBbE8_mPF>zJ%OfYlR6aOVww4(FPf269aG0Enqbp1MVVRKO~s z#t>f_g2PLKNlVzbFu{mdap(RC&OGxR%<(dG?brYd)Vu&8)do}-ckOn+`HBa=k)C<` zP1_m*yw@uh_nrY+x`UF&X02JpYu?3ESgH*J)Hm~{C0ZRv0GAUfV}!v7CNWk$RcipLno|wYkSVl2I3{=o?mOnOcK>ml zw{MKe@*x~vXUxy;!roaAU0do%v(!OE1r}feoFm$^XAce>n7ImA`SER4fVo|JUOY1z zW6iI3>*#x-b6%tGtRFq_%h*9Ou0N7D;I15uRM_DL)XV_nuzc(gmJaX7%y(Dy(?cRsEW*IVB>C@U03lPJxVt!!`^9u|A9ys#jsW|npE5NnyeCZW? z&;45Xl?OB|o8U@1XRV*iiRBF&edjLcahw~tW(@EMD@#YPeDo03SC2y1PhjoD1K7QL z7xwPjjs17rhSik`mR8pBz|mzat$2(^jFEF_;;VBE?pnhhA{~fUYK6}oiU(M_SdNAX zw;wox$=%2Bg!31m?JDj)!I&E@VE4>A{A8^YfARuEfH0w9*2P_m^tK<`^G}KBliT6} ze5+UNIpaLY@?8|VWr}W}4u#jPzsrl`_lX;@Yd~%mt1C-5aqI!Coj44Yb*vt}7mEw? zSXh|F`pN|Ne&rqaSRc~=WjcVPk-@#JmsP@uy1hzhn8kBJ8H1tR?t%gp+{iX!aNpt z@A^^T$Qv$w;v7D8%gV#20Dt|im%nV^IZuFJJF3vO$m6&ZdTQJtc5uxYll2y>E61_2 zyoBYYqgY=#hM9)2clR9Jy5R2phjHJLW!!b|G2DIcae#o?af3L70rRsXILBz1y4Pe$ zS^VXmv*)Zbhu$O5NtQ^qqCsSsyMe$%gUd$B&^U&u;!`&t!r$I>5a06k=i^&w?4jje$y2p4N zT=&Q^&e$^-PLzWXoul|Sckjo(x$qqh7chI@#n@}U!zMy8dOl#&;I3Q7f~gW>FhL&- z*#p146j7JW#7D}sk zKd^#(ZaRRa<#jX-M_~dNp0^upQz+DtbaI)*>7r5P6`6vhi|ia?l2UbZ`_ZM-*69}@#J%H z_JwEQ{$sOfa2)e)hO|o;Y*| zomgH$>nGSXH^%(zDCFeL2&-#~BTK7TTAp+z+s;Ic57vzOqny@NGor7`wheb;@PahyfxY2!Zz= z;svd5;aiW^w`kiIZ975RdQ2uQChY|6WP;Xvw5>zYEOLMOMdOP4?JxB0N20gN`1`ZE&%&wFewC#wU)3hE_Xv3 znY;L^Y6MPzN_^FPA&2x$__=Zz^2YWYf@9|~yGRTLg2=_c$q|?u5Jx=14$d`bMj`WH zw#BQmf~lsPx#x>0{v(bNL;Qc=3KmhkcUt&K3ojE$ z+oJU?r1fZ}4d3yhe?UZ_07l~(EX<9u|JG08ML&5pU3wAlsaqf75OD9G{}|5wp0{Fk z*tIij^2@ zg`|>jtj`M*d>Z0F{X&lZSE$=xUnip6>a)M&F`-{w6uzdW#}5z)RKm855HeJO5z_Y} z>7!w98uwxUCIYB+Xpc5JIdl^NCnx+-?z@jTYm;&M>+fDiz0k5@CrO&5I#4z%*mbks=+djHYw zju0s0B*?6(z$kwlP^TK^84#yyru`B&8bPF`eu?A5$ODinL_Ab{*V$@MAX!c5kwf>n zCebMkFSfZ*)L9q?0+A>bveuc$oeY%OeN(1n{XW7Wh2!d0?skRPbm7$~Zht;x_Mf&v zJ! z4i=--zGL@607UcSgE^n6`zVgJt{}DZDZZ1Ghel{84kCVg8bVU+)o4Y@0jTusKRQ<{ z!L?FyJ&04Z!iQB~A zm#E~nZ?#|fo7V@r60xy*>LX(Oj@d_cEZTt+irZ>eRT)H;ht~siKrUK!=+X`UrY=^R z_#7|3CPg9XaR8;TU~q#P5Tv~T1B%vw-l*?PQnHw!|9vvyLJfLMDJj|54vjb1hBXlg>KRq4k)v-?mdS^Sjh-*Q5AO$wa%~?*xlp zQLXSxB}>9r)yyc$aM^*qBvgU%Qrc%(YK|ofJrAb`NbA{5+|?{+HmIKn;(b_qXTyTE zqRx9n7^KwA+tCJ9S z;)t|DCdxK7rBg0f9n8zoaN#e#Wo|0WoF3E3zznD6*SgvAeJ!1(4NlZArjI5j2uwdptn8_|woT(1(I7_g3VHwu*|Wx9YeL zRq02qs0`9G9pw0dQYH%Cg41ybs_9wxJ8>Tp2e`n1&MaqB%{`d`roC)?9Fm>0#ZT!w zUAQ#YCBCl)>8kOVSsMAUW&vs9Rwexjs9mF_r#C+aauk`6; zN=-J{hZbXCGEaiuo%j3H0gWXYc=JY37VM>cNEZf5u0gyZti)gq?XOL-;dXcco7PtZ zV&k*T)2y{wP60z9T7KUG#I)_S++8!Sp-LVk+ZCS{JOMU?MGjY$|pMAn3r-g91%s_Ed|aP$yV1NWB&=C58^< zKoy$B`}|lW_q5xS1sLkTD8>v5EeXg8bsLFwvl!B#n5$Vb&rOF=IH|PH$|RmF30F zK5VI3G%w5MR-E$_3D^xX7rRYbvRxD!6uG}HLrXXo%84eDsYR}uw<{}{Q~|Fb8!op4 z1OgRHnpXMR!gn?Td)gHN@_pEJa+**EDQE5}`m{8!JW4VxDXlu^9ZImLsNo>(Ru5}& z{+fk19iFplHPb5T@Zwl$$b9~b4)jMjw?U9r6o zRD7rGJ+z@CN2yUMYn+88Zz6qdnK)A$fK_ga^sn?ljtpQWL)~WKGLb~6T|28lxzRk> zMUD?H4b(hk(@0Eg-s~`~cA!%l;@vw#XNskmb8Kb)4EXY69Z2o8|`7Fw<}U+q(;kEQNLYkY%l z#935;oQ?ltYsy>b5)xx584k)DY;5YieGMUyq9CC~r?e5aD2OW-kd-~_^s!nuTF|;w z^B!i~t_U8~St?4F zA^mLA99T;c#&no1D7GyG&<1fB6&INZ8bfF5Fy3q7-iH}Q$p}`OF?Ekea~cxgLG=UzaJ0xE&rqH!9I;S*$5SMAu3nQ@lsbN>UP-H z&0Uulp%QOx&a6{N7qQ1nn~*Mw=^4eqduUNo?pmNW4r5v?C{;XJB}DaE)OMAFyXH;F zsNdn*zKZrv>+{!Iskh(&RAEVQwSZ7iPZgz-QAqx~Ll0AW4=udM2E@#!-ea28Z?w3@ zd`C2A9k;Cj#bgs*)U^9E}KGobh&W*a{E5Fmxi&N^zk3AzPx zmfkYdScz$Jkg_|X?BtOiW`#W1mX!NmItwJV(&Qo5T}!_pquW+;H?JneQ_}$?1t3;P zHz-0YWoM1QU7nv7oPnhLdWHh=W)}*0DR!R#01sYC zL_t(q(7Ku->=F>_hV(J21**)=l8L*t0l>|0#gG8n80?j;UD{_v<{YxsP@9E9Y*RT{ z4galLD^cd|RHjj_1M1h3Ar(w8C^2t^J|5QawN@8U3;~v9I%O+LR^ubAq9Ri=sRD247R9PO_9U8VlBLbLMx#|^9oyr z;)@EKR+e*T+_~5$uOTs`)0bkCPFK`v1uBJX4ECrLET#{H$UJNTHc7V!1X^vS4$KMi z1&cb&-wXO!yY+NtWo&_pby^%Q$tc4|lw_1y(rXlC*gsfL6-zRzLd!3{exw0Ua)^u z>jNm-xvEMA&F20PHmKp7ku+3#7&{NZu3hN5kNb0`S{REB)+aH)@~f`^nn)kR-B;N` z?bimN1dQ76qeHzG9?GYYA)l~RCR6&lo2)GMFK*G*6$^)H*2DH?nXk!wRRErDofc1(+YVLk%`4uhxKC$Hu01sv29SwThqx z)8!y0ttYLL7igql7N>fTvW#1L3EH3`MUin0c}iL%fHuk~Y83Ofm4giykRVDbRq0}NqwMLPoWKscp zS?01q!=_@$M?i~p1X}G4)GdTUExi;fy@53@fs9w8?Zg14>qW@`7Ojykwn;Kid1zoY zQmK6DkaRIaq?9n2&{22AI`BfYL1U;TWyDx#H$+Ob+8?2)?_=OSQ0Xry+tY1jk?LJf zry^561=nwH_#RwQLf)cNnZ2@61B2Q@>WkOuv~JasBvX(&2-~RZ#tx{&6#BTfp3(9i zrMJ-G-v&cy!9Lb{87*5lm?$E{e#e3dCTwwV7@suW%XS`bd75s9Y-c7@UastC{1{p{ z-e#?zCZ6ZSmL?@CTrs6Oc$iO2Wt&<_02MB}o5iOv6Hfb1U^VBL@e#KFUE_Rz>dViY z@f~55T$&Y(0h^aMcow5+&2+S+xZQB|-UDn|_^0Xt`t3B1ixtf#Rdn7Uh6b^Dx%PQD z;%(K%l#3In>vDNXdADR%B9dCBrHhqap(y3u#XjuR?XJN?^X3(Sn2f^k3`I>tO?*xb z8N*R;d83G!1te-q(ROB$!f*uUTE*j%Y$ij_yBOINv-KaM5McZI$kf40#7od2!W}d_ z)Z(M2Q_tLK4)$PL!b>1Wm9eyWHbAiR1!YjR)2vKuu}9DB>871VHS94Z>&WH`Odn%g z>rgHfU`qrcpQ811aeTdY3yKrS!40TZVY3Ypo2`;9E!O44@3pb*IoPvfY;9*!B|W3s90Zd+*ttQ~#Uh1bnpweG%aR7;<1oMy zGJPPn$BWHDPxr<*oakk&~TEnG2` zxtS6M9+U#u-$}xc3ZUWcRoag~ff==yz>e4qK*KiqXtul@+?R#T;HH%Bh)KPQ?WNc@ zbO71ZPx>^o7;dFnd3GtDWG!J*EPd0$(nV1WfHLz3P3c(B57a8xQK+CFu2oDVRUHf> zu?kQN19YkiK$Q@XtbbHCdkk)|lBQ#JDxBZ$WzbGVTA8y4l%ZzhKDmDpPM?V;WKn@GZgKAf4PqN>NZFW1x)c{q{~y0czkcd4W;3 zAfwv;m4iSnZtf%~EZxRo)6?ILeKW|Jtb*wDc5h0SX5zh0oi|+T$J33MfRPN!xHK3( zHRJ%O1}af2qn}isHZozLrUX^gc(ULxxfwx6lh&(rR#3HNVvr6>4lG~INEDhz>yiPL z*+lIPhB+23)=DLxUIMvFonOs;`xMzk^Xv{L1qGZnb=td+*kjOQdHn`%S%+U5O#y>b zwTVvw{JHo; zHf#-euo%t*!K;qw240j@X2ho^!+grr-oCNZF5@)U9WNt@S z8}Wj{9Yw7aY+E@Q9;Eu(-8p?IP3r!$p$DiIhq%v}Sm}}dvnw}?+ zd^}8ADP;0tDHc&kD#VDLLYDLLsf679jtr-es>!=+D|SV4x_iJA)I6EJS+wyU8Q)L| zdlecht47wc!eUBFQ>22Mh5_DU2EY{@Fe>ldo%g00#+s}p^>N!;e#icycimL9TT^yh zTI$h1`tMRPGl#5a$otufn@$$gu$je2MQqMILt^GMzrJMV0`})jJ?p9cg&}jP({{Z_ zC_bayqf_@;hXLFs9$?cnkT%H#(sLBvOt-Nz2a;~h4T`QSZq7a)mjL8~*C39zP0TFcFx;hYWz3!9u-& zh~wwM!Z`{e=x+E<*asy&49BWLNtmhgHgUIL5S$}u8x^IYD7?524Z`fLK3qX24r?kn zoF6lXyOr_qeUO-K0b&QR1Cfg|!E%MaDW9@cBB&I)_3`_N5(4V3Y6NW(r4p=%i9m?2 z=_HszEYQv}`&21xBT;A^PR;=wm5QTvGl$93X#h1rqF^;#7-_-mpsZmZ9JZ0Tt(q{R z(F1@1b`GjOcnSD$9L|Fs!7GBLdg?+Lse&mCz$79Nd9Y(R^l4ZjuaI^Ov&{q3Nn z@Zc~)mix4o+2EIW>;WsdSiEsiw9t6WFs-W!iamP-A%J6}t57%|CKvCm9RH5jN=##I zIA;$ALx>UVUgEYg+?Eu8L#s?K9Q?j08;^89KWsckY#IhA+grs5e-fVy2aafa)>&v) zyeO$sx_~j%p;f?76y5_~1(Pq`s!($upc|q61>KJh@$m`)+wX~ zCIX01hap76IC^ObZKLolVIqJRh7-Vhf)`-o8IB1e>8>Mz#$_RRA+R#MS2!Yw5;*RI zyL}NvIjSFZH>hld&?v!sLdy&+?hBv*MERRv6hRy-U#cpttaUO-F`38BHaE!eqOS~fR&B8K=D zjvXf6!*Tz6KJK#>503X34t)Uq{f0$79Od72@fg$lY?P;0T0p$O#or-fs27l9h)B1O zfFp8aB%=zFlv;Jt|)%>eFr}a;J%0f)}x%fk)L7}MKrYZI2)vGD3T%gji4Z9;x#q;9<>X;?Xp zx?>`0J!IS{ueIc78g*+eWVQjXPQpIB_dUsoloR950JQ=cJMdZyKhq#=J5pYmkjys9 ztKIKHMy%{(-q9Vi1FuftXGd_WEo3g+HoU*qLPo(Mbje&RkZ}WEOWRK1XUA}>>;2#9 zd`AxCqc|J^6Av9X%4-uknQgUU@K=ts%LkA6g8;4r@P7du0I(LH6XOk}2n(AkfbB3X zS-_+SdjXsuUq{6@DVvZjzS`7XcD9}RO2#uITKiD|`vDxO2tI`ZyUnHwun`f|6oio5 zqz&oR##ik;ut{0K0&^dqZSij@gg*d-w1xDqRukaLlcunXI|}gCRRAq=`TkzBy_=tw z3E*TDU|Ma0i`Omppzk~$5~a|JN6-rTukr$05g1{xD0FIxaYq5R&nsYxwJSDQCU!Cc zE6X`MasKqh2iQ#TUroX72> + Header unset Cache-Control + Header unset Etag + Header add Cache-Control "max-age=2592000" + #ExpiresDefault A2592000 + + +# we are deploying the packager app that is part of the new Fedora Community +Alias /packages/css /usr/share/fedoracommunity/public/css +Alias /packages/javascript /usr/share/fedoracommunity/public/javascript +Alias /packages/images/icons /var/cache/fedoracommunity/packages/icons +Alias /packages/images /usr/share/fedoracommunity/public/images +Alias /packages/_res /usr/share/fedoracommunity/public/toscawidgets/resources/ + +# Temporarily disabled until we can figure out how to get the moksha +# javascript resources pulled in with `python setup.py archive_tw_resources` +#Alias /community/toscawidgets /usr/share/fedoracommunity/public/toscawidgets + +WSGIPythonEggs /var/cache/fedoracommunity/.python-eggs +WSGIDaemonProcess fedoracommunity user=apache maximum-requests=50000 display-name=fedoracommunity processes=8 threads=4 +WSGISocketPrefix run/wsgi +WSGIRestrictStdout Off +WSGIRestrictSignal Off +WSGIPythonOptimize 1 + +WSGIScriptAlias /packages /usr/share/fedoracommunity/production/apache/fedoracommunity.wsgi + +# +# NSSOptions +StrictRequire +# NSSRequireSSL +# ErrorDocument 403 https://publictest16.fedoraproject.org/community +# + + + WSGIProcessGroup fedoracommunity + Order deny,allow + Allow from all + + + + # If someone tries to access an icon that doesn't exist, + # then send them to the default icon. This is used by + # fedmenu, which will request icons for packages that + # don't necessarily have them. The UI will look weird + # unless those get magically redirected to a nice default. + ErrorDocument 404 https://apps.fedoraproject.org/packages/images/icons/package_128x128.png + diff --git a/roles/packages3/web/files/packages-yum.conf b/roles/packages3/web/files/packages-yum.conf new file mode 100644 index 0000000000..6684fb2c57 --- /dev/null +++ b/roles/packages3/web/files/packages-yum.conf @@ -0,0 +1,269 @@ +[main] +cachedir=/var/cache/fedoracommunity/packages/tmp/ +installroot=/var/cache/fedoracommunity/packages/tmp/ +keepcache=1 +debuglevel=2 +logfile=yum.log +exactarch=0 +obsoletes=1 +gpgcheck=1 +plugins=0 +installonly_limit=3 +reposdir= +cacheonly=1 + +[rawhide-x86_64] +name=Fedora - Rawhide - Developmental packages for the next Fedora release +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/development/rawhide/x86_64/os/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=rawhide&arch=x86_64 +enabled=0 +gpgcheck=0 + +[rawhide-i686] +name=Fedora - Rawhide - Developmental packages for the next Fedora release +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/development/rawhide/i386/os/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=rawhide&arch=i386 +enabled=0 +gpgcheck=0 + +[rawhide-debuginfo-x86_64] +name=Fedora - Rawhide - Debug +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/development/rawhide/x86_64/debug/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=rawhide-debug&arch=x86_64 +enabled=0 +gpgcheck=0 + +[rawhide-source] +name=Fedora - Rawhide - Source +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/development/rawhide/source/SRPMS/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=rawhide-source&arch=x86_64 +enabled=0 +gpgcheck=0 + +[fedora-23-x86_64] +name=Fedora 23 +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/releases/23/Everything/x86_64/os/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=fedora-23&arch=x86_64 +enabled=0 +gpgcheck=0 + +[fedora-23-updates-x86_64] +name=Fedora 23 - Updates +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/23/x86_64/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f23&arch=x86_64 +enabled=0 +gpgcheck=0 + +[fedora-23-testing-x86_64] +name=Fedora 23 - Testing +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/testing/23/x86_64/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f23&arch=x86_64 +enabled=0 +gpgcheck=0 + +[fedora-23-i686] +name=Fedora 23 +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/releases/23/Everything/i386/os/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=fedora-23&arch=i386 +enabled=0 +gpgcheck=0 + +[fedora-23-updates-i686] +name=Fedora 23 - Updates +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/23/i386/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f23&arch=i386 +enabled=0 +gpgcheck=0 + +[fedora-23-testing-i686] +name=Fedora 23 - Testing +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/testing/23/i386/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f23&arch=i386 +enabled=0 + + +[fedora-22-x86_64] +name=Fedora 22 +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/releases/22/Everything/x86_64/os/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=fedora-22&arch=x86_64 +enabled=0 +gpgcheck=0 + +[fedora-22-updates-x86_64] +name=Fedora 22 - Updates +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/22/x86_64/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f22&arch=x86_64 +enabled=0 +gpgcheck=0 + +[fedora-22-testing-x86_64] +name=Fedora 22 - Testing +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/testing/22/x86_64/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f22&arch=x86_64 +enabled=0 +gpgcheck=0 + +[fedora-22-i686] +name=Fedora 22 +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/releases/22/Everything/i386/os/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=fedora-22&arch=i386 +enabled=0 +gpgcheck=0 + +[fedora-22-updates-i686] +name=Fedora 22 - Updates +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/22/i386/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f22&arch=i386 +enabled=0 +gpgcheck=0 + +[fedora-22-testing-i686] +name=Fedora 22 - Testing +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/testing/22/i386/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f22&arch=i386 +enabled=0 + + + +[fedora-21-x86_64] +name=Fedora 21 +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/releases/21/Everything/x86_64/os/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=fedora-21&arch=x86_64 +enabled=0 +gpgcheck=0 + +[fedora-21-updates-x86_64] +name=Fedora 21 - Updates +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/21/x86_64/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f21&arch=x86_64 +enabled=0 +gpgcheck=0 + +[fedora-21-testing-x86_64] +name=Fedora 21 - Testing +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/testing/21/x86_64/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f21&arch=x86_64 +enabled=0 +gpgcheck=0 + +[fedora-21-i686] +name=Fedora 21 +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/releases/21/Everything/i386/os/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=fedora-21&arch=i386 +enabled=0 +gpgcheck=0 + +[fedora-21-updates-i686] +name=Fedora 21 - Updates +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/21/i386/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f21&arch=i386 +enabled=0 +gpgcheck=0 + +[fedora-21-testing-i686] +name=Fedora 21 - Testing +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/testing/21/i386/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f21&arch=i386 +enabled=0 + +[epel-5-x86_64] +name=EPEL 5 +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/epel/5/x86_64/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-5&arch=x86_64 +enabled=0 +gpgcheck=0 + +[epel-5-testing-x86_64] +name=EPEL 5 - Testing +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/epel/testing/5/x86_64/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=testing-epel5&arch=x86_64 +enabled=0 +gpgcheck=0 + +[epel-5-i686] +name=EPEL 5 +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/epel/5/i386/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-5&arch=i386 +enabled=0 +gpgcheck=0 + +[epel-5-testing-i686] +name=EPEL 5 - Testing +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/epel/testing/5/i386/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=testing-epel5&arch=i386 +enabled=0 +gpgcheck=0 + +[epel-6-x86_64] +name=EPEL 6 +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/epel/6/x86_64/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=x86_64 +enabled=0 +gpgcheck=0 + +[epel-6-testing-x86_64] +name=EPEL 6 - Testing +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/epel/testing/6/x86_64/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=testing-epel6&arch=x86_64 +enabled=0 +gpgcheck=0 + +[epel-6-i686] +name=EPEL 6 +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/epel/6/i386/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=i386 +enabled=0 +gpgcheck=0 + +[epel-6-testing-i686] +name=EPEL 6 - Testing +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/epel/testing/6/i386/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=testing-epel6&arch=i386 +enabled=0 +gpgcheck=0 + +[epel-7-x86_64] +name=EPEL 7 +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/epel/7/x86_64/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=x86_64 +enabled=0 +gpgcheck=0 + +[epel-7-testing-x86_64] +name=EPEL 7 - Testing +failovermethod=priority +baseurl=http://download01.phx2.fedoraproject.org/pub/epel/testing/7/x86_64/ +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=testing-epel7&arch=x86_64 +enabled=0 +gpgcheck=0 diff --git a/roles/packages3/web/files/sync-yum b/roles/packages3/web/files/sync-yum new file mode 100644 index 0000000000..afd5ff75b9 --- /dev/null +++ b/roles/packages3/web/files/sync-yum @@ -0,0 +1,34 @@ +#!/bin/bash + +LOCKFILE=/var/cache/fedoracommunity/fedora-packages-yum.lock + +rebuild=$(cat <<"EOF" +echo 'Trying makecache.' +/usr/bin/yum makecache -c /etc/fedoracommunity/yum-repo.conf --enablerepo=* +echo 'Releasing $LOCKFILE' +EOF +) +nuke_and_rebuild=$(cat <<"EOF" +echo 'Nuking.' +rm /var/cache/fedoracommunity/packages/tmp/var/lib/rpm/__db.* +/usr/bin/rpmdb --root=/var/cache/fedoracommunity/packages/tmp/var/lib/rpm --rebuilddb +echo 'Trying makecache again now.' +/usr/bin/yum makecache -c /etc/fedoracommunity/yum-repo.conf --enablerepo=* +echo 'Releasing $LOCKFILE' +EOF +) + + +echo "Acquiring $LOCKFILE..." +flock $LOCKFILE -c "$rebuild" + + +# If it failed, then try to nuke and rebuild the rpmdb first. +if [ $? -eq 1 ] ; then + echo 'makecache failed... sleeping for 10 seconds.' + sleep 10 + echo 'Waking. Now trying to rebuild the rpmdb.' + + echo "Acquiring $LOCKFILE..." + flock $LOCKFILE -c "$nuke_and_rebuild" +fi diff --git a/roles/packages3/web/tasks/main.yml b/roles/packages3/web/tasks/main.yml new file mode 100644 index 0000000000..338ffe5338 --- /dev/null +++ b/roles/packages3/web/tasks/main.yml @@ -0,0 +1,177 @@ +--- +# Configuration for the fedora-packages webapp + +- name: install needed packages + yum: pkg={{ item }} state=present + with_items: + - fedora-packages + - python-psycopg2 + - python-memcached + - python-sqlalchemy0.8 + - redis + tags: + - packages + - packages/web + +- name: Create some directories + file: path={{ item }} state=directory owner=apache group=apache mode=755 + with_items: + - /etc/fedoracommunity + - /etc/fedoracommunity/yum_cache.repos.d + - /var/cache/fedoracommunity # the gluster role usually creates this one + - /var/log/fedoracommunity + tags: + - packages + - packages/web + +- name: Create some more locked down directories + file: path={{ item }} state=directory owner=apache group=apache mode=700 + with_items: + - /etc/pki/fedoracommunity + tags: + - packages + - packages/web + +- name: Copy over the app config + template: > + src=packages-app.ini.j2 + dest=/etc/fedoracommunity/production.ini + owner=apache group=apache mode=0600 + notify: + - reload httpd + - restart fcomm-cache-worker + tags: + - packages + - packages/web + +- name: Copy over the httpd config + copy: > + src=packages-httpd.conf + dest=/etc/httpd/conf.d/fedora-packages.conf + owner=root group=root mode=644 + notify: + - reload httpd + tags: + - packages + - packages/web + +- name: Copy over the yum config + copy: > + src=packages-yum.conf + dest=/etc/fedoracommunity/yum-repo.conf + owner=root group=root mode=0644 + notify: + - reload httpd + - restart fcomm-cache-worker + tags: + - packages + - packages/web + +- name: Copy over certs/public-keys, probably for talking with koji. + copy: > + src="{{private}}/files/packages/fedora-ca.cert" + dest="/etc/pki/fedoracommunity/{{item}}" + owner=apache + group=apache + mode=0644 + with_items: + - fedora-server-ca.cert + - fedora-upload-ca.cert + tags: + - packages + - packages/web + +- name: permanently hotfix the distmappings file + copy: > + src=distmappings.py + dest="{{pythonsitelib}}/fedoracommunity/search/distmappings.py" + owner=root group=root mode=0644 + notify: + - reload httpd + - restart fcomm-cache-worker + tags: + - packages + - packages/web + +- name: start some helper services + service: name="{{item}}" state=started enabled=yes + with_items: + - redis + - fcomm-cache-worker + tags: + - packages + - packages/web + +# Here's the indexer stuff +- name: Create cache structure + file: > + dest="/var/cache/fedoracommunity/{{item}}" + state=directory + owner=apache + group=apache + mode=0755 + with_items: + - packages + - rpm_cache + - git.fedoraproject.org + - packages/icons + - packages/xapian + - packages/xapian/search + - packages/xapian/versionmap + - packages/tmp + - packages/tmp/icons + - packages/tmp/rpms + - packages/tmp/search + - packages/tmp/versionmap + - packages/tmp/var + - packages/tmp/yum-cache + when: install_packages_indexer + tags: + - packages + - packages/web + +- name: Copy over the default icon + copy: > + src=package_128x128.png + dest=/var/cache/fedoracommunity/packages/icons/package_128x128.png + owner=root mode=644 setype=fusefs_t + when: install_packages_indexer + tags: + - packages + - packages/web + - icon + +- name: Copy some scripts for /usr/local + copy: src="{{item}}" dest="/usr/local/bin/{{item}}" mode=0755 + with_items: + - sync-yum + when: install_packages_indexer + tags: + - packages + - packages/web + +- name: Copy the indexer cronjobs + copy: src="{{item}}" dest="/etc/cron.d/{{item}}" + with_items: + - cron-sync-yum + - cron-sync-latest-builds + - cron-sync-package-index + - cron-flush-pkgs-cache + when: install_packages_indexer + tags: + - packages + - packages/web + +# Lastly, here's some selinux stuff. + +- name: set some selinux booleans + seboolean: name={{item}} persistent=yes state=yes + with_items: + - httpd_tmp_exec + - httpd_can_network_memcache + - httpd_can_network_connect + - httpd_use_fusefs + tags: + - packages + - packages/web + - selinux diff --git a/roles/packages3/web/templates/packages-app.ini.j2 b/roles/packages3/web/templates/packages-app.ini.j2 new file mode 100644 index 0000000000..4ddf0ea82f --- /dev/null +++ b/roles/packages3/web/templates/packages-app.ini.j2 @@ -0,0 +1,254 @@ +## +## Fedora Community Production configuration +## +## $Id: fedoracommunity-prod.ini.erb,v 1.0 2009/05/03 23:38:07 johnp Exp $ +## + +[DEFAULT] +profile = false +debug = false +profile.connectors = false +profile.dir = /var/log/fedoracommunity/profile + +# This is required to avoid a 404 error on, e.g. /packages/python-webob1.2 +disable_request_extensions = True + +#email_to = lmacken@redhat.com rbean@redhat.com +#smtp_server = gateway +#error_email_from = fedoracommunity@fedoraproject.org + +fedoracommunity.extensions_dir = {{ pythonsitelib }}/fedoracommunity/plugins/extensions + +fedoracommunity.connector.kojihub.baseurl = http://koji.fedoraproject.org/kojihub +fedoracommunity.connector.bugzilla.baseurl = https://bugzilla.redhat.com/xmlrpc.cgi +fedoracommunity.connector.bugzilla.cookiefile = /var/cache/fedoracommunity/bugzillacookies +{% if env == "staging" %} +fedoracommunity.connector.fas.baseurl = https://admin.stg.fedoraproject.org/accounts/ +fedoracommunity.connector.bodhi.baseurl = https://bodhi.stg.fedoraproject.org/ +fedoracommunity.connector.pkgdb.baseurl = https://admin.stg.fedoraproject.org/pkgdb +{% else %} +fedoracommunity.connector.fas.baseurl = https://admin.fedoraproject.org/accounts/ +fedoracommunity.connector.bodhi.baseurl = https://bodhi.fedoraproject.org/ +fedoracommunity.connector.pkgdb.baseurl = https://admin.fedoraproject.org/pkgdb +{% endif %} + +fedoracommunity.rpm_cache = /var/cache/fedoracommunity/rpm_cache/ + +fedoracommunity.connector.xapian.package-search.db = /var/cache/fedoracommunity/packages/xapian/search + +fedoracommunity.connector.xapian.versionmap.db = /var/cache/fedoracommunity/packages/xapian/versionmap +fedoracommunity.resource_path_prefix = /packages/_res/ + +fedoracommunity.connector.yum.conf = /etc/fedoracommunity/yum-repo.conf +yumlock = /var/cache/fedoracommunity/fedora-packages-yum + +# Git settings +git_repo_path = /var/cache/fedoracommunity/git.fedoraproject.org + +# FAS is locked down so we need a minimal user inorder to get public user info +# to unauthenticated users. You need to get a locked down account for this +# and fill in the user info here. Never check this file into git with +# this information filled in +fedoracommunity.connector.fas.minimal_user_name={{ fcommFasUser }} +fedoracommunity.connector.fas.minimal_user_password={{ fcommFasPassword }} + +# This is insecure, use only for testing +fedora.clients.check_certs = True + +# URL for getting message history +{% if env == "staging" %} +datagrepper_url = https://apps.stg.fedoraproject.org/datagrepper/raw +{% else %} +datagrepper_url = https://apps.fedoraproject.org/datagrepper/raw +{% endif %} + +## +## Moksha-specific configuration options +## + +# Where to store the feed caches. +# +{% if env == "staging" %} +feed_cache = postgres://fedoracommunity:{{ fcommFeedCacheDBPassword }}@db-community.stg/fedoracommunity_feed_cache +stats_cache = postgres://fedoracommunity:{{ fcommFeedCacheDBPassword }}@db-community.stg/fedoracommunity_stats_cache +{% else %} +feed_cache = postgres://fedoracommunity:{{ fcommFeedCacheDBPassword }}@db-community/fedoracommunity_feed_cache +stats_cache = postgres://fedoracommunity:{{ fcommFeedCacheDBPassword }}@db-community/fedoracommunity_stats_cache +{% endif %} + +# +# Feed Streamer settings +# +# Max age (in seconds) of each feed in the cache +feed.max_age = 900 + +# Timeout in seconds for the web request +feed.timeout = 30 + +# The number of simultaneous connections +feed.deferred_groups = 10 + +# Where to initialize and store our application databases. %s is the app name. +app_db = sqlite:///%s.db + +# The location of our Orbited server +orbited_host = localhost +orbited_port = 9000 + +# Stomp broker configuration. +stomp_broker = localhost +stomp_port = 61613 +stomp_user = guest +stomp_pass = guest + +# Optional AMQP Broker. +#amqp_broker = guest/guest@localhost + +# Documentation directory +docs_dir = /srv/moksha/docs + +# Moksha chat configuration + +# Use a built-in IRC server +#chat.backend = irc://localhost:9999 +#chat.builtin = true +#chat.backend = irc://irc.freenode.net:6667 +#chat.rooms = default +#chat.default.staticRoomName = moksha +#chat.default.roomAssignmentMode = static +#chat.default.display.greeting = Moksha Chat +#chat.default.display.floating = true +#chat.default.display.floatingToggle = false +#chat.default.display.width = 400 +#chat.default.display.height = 300 +#chat.default.display.theme = simple +#chat.default.display.resizable = true + +moksha.extensionpoints=True +moksha.csrf_protection = False +moksha.csrf.login_handler = /login_handler +moksha.csrf.trusted_domains = admin.fedoraproject.org + +moksha.use_tw2 = True +moksha.livesocket = False + +cache.bugzilla.backend=dogpile.cache.memcached +cache.bugzilla.expiration_time=300 +cache.bugzilla.arguments.url=memcached02:11211 +cache.bugzilla.arguments.distributed_lock=True +cache.connectors.backend=dogpile.cache.memcached +cache.connectors.expiration_time=300 +cache.connectors.arguments.url=memcached02:11211 +cache.connectors.arguments.distributed_lock=True + +# For the cache worker daemon +cache-worker.pidfile = /var/run/fedoracommunity/fcomm-cache-worker.pid +cache-worker.logfile = /var/log/fedoracommunity/fcomm-cache-worker.log +# If there are any issues with threads, see the discussion here +# https://github.com/fedora-infra/fedora-packages/issues/10 +cache-worker.threads = 2 + +[server:main] +use = egg:Paste#http +host = 0.0.0.0 +port = 8080 + +[app:main] +use = egg:fedoracommunity +full_stack = true +#lang = ru +#cache_dir = /var/cache/fedoracommunity/data +beaker.session.key = fedoracommunity +beaker.session.secret = {{ fcommBeakerSessionSecret }} + +beaker.cache.type = ext:memcached +beaker.cache.url = memcached01:11211 +beaker.cache.lock_dir = /var/cache/fedoracommunity/beaker + +# If you'd like to fine-tune the individual locations of the cache data dirs +# for the Cache data, or the Session saves, un-comment the desired settings +# here: +#beaker.cache.data_dir = %(here)s/data/cache +#beaker.session.data_dir = %(here)s/data/sessions + +# pick the form for your database +# %(here) may include a ':' character on Windows environments; this can +# invalidate the URI when specifying a SQLite db via path name +sqlalchemy.url=postgres://moksha:m0ksh4@localhost/moksha +# sqlalchemy.url=mysql://username:password@hostname:port/databasename + +# If you have sqlite, here's a simple default to get you started +# in development + +#sqlalchemy.url = sqlite:///%(here)s/devdata.db +sqlalchemy.echo = true +sqlalchemy.echo_pool = false +sqlalchemy.pool_recycle = 3600 + +sqlalchemy.pool_size=1 +sqlalchemy.max_overflow=2 + +# WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT* +# Debug mode will enable the interactive debugging tool, allowing ANYONE to +# execute malicious code after an exception is raised. +set debug = false + +# Logging configuration +# Add additional loggers, handlers, formatters here +# Uses python's logging config file format +# http://docs.python.org/lib/logging-config-fileformat.html + +[loggers] +keys = root, moksha, sqlalchemy, tg, auth, pylons + +[handlers] +keys = console + +[formatters] +keys = generic + +# If you create additional loggers, add them as a key to [loggers] +[logger_root] +level = WARN +handlers = console + +[logger_moksha] +level = WARN +handlers = +qualname = moksha + +[logger_tg] +level = WARN +handlers = +qualname = tg + +# repoze.who is noisy by default +[logger_auth] +level = WARN +handlers = +qualname = auth + +[logger_pylons] +level = WARN +handlers = +qualname = pylons + +[logger_sqlalchemy] +level = WARN +handlers = +qualname = sqlalchemy.engine +# "level = INFO" logs SQL queries. +# "level = DEBUG" logs SQL queries and results. +# "level = WARN" logs neither. (Recommended for production systems.) + +# If you create additional handlers, add them as a key to [handlers] +[handler_console] +class = StreamHandler +args = (sys.stderr,) +level = NOTSET +formatter = generic + +# If you create additional formatters, add them as a key to [formatters] +[formatter_generic] +format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s +datefmt = %H:%M:%S diff --git a/roles/packages3/web/vars/main.yml b/roles/packages3/web/vars/main.yml new file mode 100644 index 0000000000..75c750eb77 --- /dev/null +++ b/roles/packages3/web/vars/main.yml @@ -0,0 +1 @@ +pythonsitelib: /usr/lib/python2.6/site-packages