diff --git a/inventory/group_vars/anitya-backend b/inventory/group_vars/anitya-backend index b81c1f81a9..2e0683550f 100644 --- a/inventory/group_vars/anitya-backend +++ b/inventory/group_vars/anitya-backend @@ -20,6 +20,9 @@ fas_client_groups: sysadmin-noc freezes: false +# Don't use testing repos in production +testing: False + # These are consumed by a task in roles/fedmsg/base/main.yml fedmsg_certs: - service: shell diff --git a/inventory/group_vars/anitya-frontend b/inventory/group_vars/anitya-frontend index 138ae73fc5..21880af703 100644 --- a/inventory/group_vars/anitya-frontend +++ b/inventory/group_vars/anitya-frontend @@ -20,6 +20,9 @@ custom_rules: [ fas_client_groups: sysadmin-noc,sysadmin-web +# Don't use testing repos in production +testing: False + freezes: false vpn: true # These are consumed by a task in roles/fedmsg/base/main.yml diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml index dfcc454eb9..7b63d1fa0f 100644 --- a/playbooks/include/proxies-websites.yml +++ b/playbooks/include/proxies-websites.yml @@ -458,6 +458,7 @@ server_aliases: - paste.stg.fedoraproject.org - modernpaste.stg.fedoraproject.org + sslonly: true cert_name: "{{wildcard_cert_name}}" # # Make a website here so we can redirect it to paste.fedoraproject.org diff --git a/playbooks/manual/upgrade/anitya.yml b/playbooks/manual/upgrade/anitya.yml index e1fa0ffe08..dd9273e34f 100644 --- a/playbooks/manual/upgrade/anitya.yml +++ b/playbooks/manual/upgrade/anitya.yml @@ -1,5 +1,5 @@ - name: push packages out - hosts: anitya-frontend01:anitya-backend01 + hosts: anitya-frontend:anitya-backend user: root vars_files: - /srv/web/infra/ansible/vars/global.yml @@ -19,7 +19,7 @@ when: testing - name: verify the frontend - hosts: anitya-frontend01 + hosts: anitya-frontend user: root vars_files: - /srv/web/infra/ansible/vars/global.yml @@ -40,9 +40,10 @@ nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} delegate_to: noc01.phx2.fedoraproject.org ignore_errors: true + - service: name="httpd" state=restarted - name: verify the backend and then upgrade the db - hosts: anitya-backend01 + hosts: anitya-backend user: root vars_files: - /srv/web/infra/ansible/vars/global.yml @@ -60,10 +61,10 @@ - anitya/fedmsg tasks: - name: Upgrade the database - command: /usr/bin/alembic -c /usr/share/anitya/alembic.ini upgrade head + command: /usr/bin/alembic -c /etc/anitya/alembic.ini upgrade head args: chdir: /usr/share/anitya/ - when: inventory_hostname.startswith('anitya-backend01') + when: inventory_hostname.startswith('anitya-backend') post_tasks: - name: tell nagios to unshush w.r.t. the backend nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} diff --git a/roles/apps-fp-o/files/img/icons/modularity.png b/roles/apps-fp-o/files/img/icons/modularity.png new file mode 100644 index 0000000000..2d00de40f1 Binary files /dev/null and b/roles/apps-fp-o/files/img/icons/modularity.png differ diff --git a/roles/fedmsg/base/tasks/main.yml b/roles/fedmsg/base/tasks/main.yml index 87faea113c..fc1ccd6583 100644 --- a/roles/fedmsg/base/tasks/main.yml +++ b/roles/fedmsg/base/tasks/main.yml @@ -109,6 +109,7 @@ - endpoints-fedocal.py - endpoints-fedbadges.py - endpoints-fmn-backend.py + - endpoints-mbs-backend.py - endpoints-hotness.py - endpoints-mailman.py - endpoints-summershum.py diff --git a/roles/fedmsg/base/templates/endpoints-mbs-backend.py.j2 b/roles/fedmsg/base/templates/endpoints-mbs-backend.py.j2 new file mode 100644 index 0000000000..39a144f038 --- /dev/null +++ b/roles/fedmsg/base/templates/endpoints-mbs-backend.py.j2 @@ -0,0 +1,14 @@ +{% if env == 'staging' %} +suffix = 'stg.phx2.fedoraproject.org' +{% else %} +suffix = 'phx2.fedoraproject.org' +{% endif %} + +config = dict( + endpoints={ + "mbs.mbs-backend01": [ + "tcp://mbs-backend01.%s:30%0.2i" % (suffix, i) + for i in range(8) + ], + }, +) diff --git a/roles/mbs/common/files/fedora.json.production b/roles/mbs/common/files/fedora.json.production new file mode 100644 index 0000000000..50bca379cb --- /dev/null +++ b/roles/mbs/common/files/fedora.json.production @@ -0,0 +1,7 @@ +{ + "fedora": { + "host": "https://pdc.fedoraproject.org/rest_api/v1/", + "develop": true, + "insecure": false + } +} diff --git a/roles/mbs/common/files/fedora.json.staging b/roles/mbs/common/files/fedora.json.staging new file mode 100644 index 0000000000..e76dc05956 --- /dev/null +++ b/roles/mbs/common/files/fedora.json.staging @@ -0,0 +1,7 @@ +{ + "fedora": { + "host": "https://pdc.stg.fedoraproject.org/rest_api/v1/", + "develop": true, + "insecure": false + } +} diff --git a/roles/mbs/common/tasks/main.yml b/roles/mbs/common/tasks/main.yml index 7e46835ff8..97a21e7215 100644 --- a/roles/mbs/common/tasks/main.yml +++ b/roles/mbs/common/tasks/main.yml @@ -56,3 +56,14 @@ tags: - mbs - mbs/common + +- name: copy pdc client config file + copy: > + src=fedora.json.{{env}} dest=/etc/pdc.d/fedora.json + owner=root group=root mode=0644 + notify: + - restart apache + - restart fedmsg-hub + tags: + - mbs + - mbs/common diff --git a/roles/modernpaste/files/modern-paste.conf b/roles/modernpaste/files/modern-paste.conf index a710f02d31..a9fc0feea5 100644 --- a/roles/modernpaste/files/modern-paste.conf +++ b/roles/modernpaste/files/modern-paste.conf @@ -3,6 +3,8 @@ WSGIScriptAlias /stickynotes2modernpaste /usr/share/stickynotes2modernpaste/stic WSGISocketPrefix run/wsgi RewriteEngine on +RewriteRule login / [L,R] + RewriteCond %{HTTP_USER_AGENT} ^fpaste\/0\.3.*$ [OR] RewriteCond %{HTTP_USER_AGENT} ^Python\-urllib.*$ RewriteCond %{REQUEST_METHOD} POST