From 9737313f5df1d35e6e8f3244b6117563c6efb2a5 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Thu, 16 Feb 2017 00:22:23 +0000 Subject: [PATCH 1/9] copy pdc client config file --- roles/mbs/common/files/fedora.json.production | 7 +++++++ roles/mbs/common/files/fedora.json.staging | 7 +++++++ roles/mbs/common/tasks/main.yml | 11 +++++++++++ 3 files changed, 25 insertions(+) create mode 100644 roles/mbs/common/files/fedora.json.production create mode 100644 roles/mbs/common/files/fedora.json.staging diff --git a/roles/mbs/common/files/fedora.json.production b/roles/mbs/common/files/fedora.json.production new file mode 100644 index 0000000000..50bca379cb --- /dev/null +++ b/roles/mbs/common/files/fedora.json.production @@ -0,0 +1,7 @@ +{ + "fedora": { + "host": "https://pdc.fedoraproject.org/rest_api/v1/", + "develop": true, + "insecure": false + } +} diff --git a/roles/mbs/common/files/fedora.json.staging b/roles/mbs/common/files/fedora.json.staging new file mode 100644 index 0000000000..e76dc05956 --- /dev/null +++ b/roles/mbs/common/files/fedora.json.staging @@ -0,0 +1,7 @@ +{ + "fedora": { + "host": "https://pdc.stg.fedoraproject.org/rest_api/v1/", + "develop": true, + "insecure": false + } +} diff --git a/roles/mbs/common/tasks/main.yml b/roles/mbs/common/tasks/main.yml index 7e46835ff8..97a21e7215 100644 --- a/roles/mbs/common/tasks/main.yml +++ b/roles/mbs/common/tasks/main.yml @@ -56,3 +56,14 @@ tags: - mbs - mbs/common + +- name: copy pdc client config file + copy: > + src=fedora.json.{{env}} dest=/etc/pdc.d/fedora.json + owner=root group=root mode=0644 + notify: + - restart apache + - restart fedmsg-hub + tags: + - mbs + - mbs/common From 17d4fe3c1e01df4f5a7af6fb7615ae0851e537d4 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Thu, 16 Feb 2017 00:47:00 +0000 Subject: [PATCH 2/9] Declare fedmsg endpoints for mbs backend. --- roles/fedmsg/base/tasks/main.yml | 1 + .../base/templates/endpoints-mbs-backend.py.j2 | 14 ++++++++++++++ 2 files changed, 15 insertions(+) create mode 100644 roles/fedmsg/base/templates/endpoints-mbs-backend.py.j2 diff --git a/roles/fedmsg/base/tasks/main.yml b/roles/fedmsg/base/tasks/main.yml index 87faea113c..fc1ccd6583 100644 --- a/roles/fedmsg/base/tasks/main.yml +++ b/roles/fedmsg/base/tasks/main.yml @@ -109,6 +109,7 @@ - endpoints-fedocal.py - endpoints-fedbadges.py - endpoints-fmn-backend.py + - endpoints-mbs-backend.py - endpoints-hotness.py - endpoints-mailman.py - endpoints-summershum.py diff --git a/roles/fedmsg/base/templates/endpoints-mbs-backend.py.j2 b/roles/fedmsg/base/templates/endpoints-mbs-backend.py.j2 new file mode 100644 index 0000000000..39a144f038 --- /dev/null +++ b/roles/fedmsg/base/templates/endpoints-mbs-backend.py.j2 @@ -0,0 +1,14 @@ +{% if env == 'staging' %} +suffix = 'stg.phx2.fedoraproject.org' +{% else %} +suffix = 'phx2.fedoraproject.org' +{% endif %} + +config = dict( + endpoints={ + "mbs.mbs-backend01": [ + "tcp://mbs-backend01.%s:30%0.2i" % (suffix, i) + for i in range(8) + ], + }, +) From 1f3d49bd73b0f9c1b4114593198da97568fb0cea Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Thu, 16 Feb 2017 00:53:42 +0000 Subject: [PATCH 3/9] make paste ssl only --- playbooks/include/proxies-websites.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml index dfcc454eb9..7b63d1fa0f 100644 --- a/playbooks/include/proxies-websites.yml +++ b/playbooks/include/proxies-websites.yml @@ -458,6 +458,7 @@ server_aliases: - paste.stg.fedoraproject.org - modernpaste.stg.fedoraproject.org + sslonly: true cert_name: "{{wildcard_cert_name}}" # # Make a website here so we can redirect it to paste.fedoraproject.org From 2956a348eff4e60a7714a3daa89d64cb7b9c084f Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Thu, 16 Feb 2017 11:33:24 +0000 Subject: [PATCH 4/9] Totally disable the login form to prevent people entering passwords Signed-off-by: Patrick Uiterwijk --- roles/modernpaste/files/modern-paste.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/modernpaste/files/modern-paste.conf b/roles/modernpaste/files/modern-paste.conf index a710f02d31..a9fc0feea5 100644 --- a/roles/modernpaste/files/modern-paste.conf +++ b/roles/modernpaste/files/modern-paste.conf @@ -3,6 +3,8 @@ WSGIScriptAlias /stickynotes2modernpaste /usr/share/stickynotes2modernpaste/stic WSGISocketPrefix run/wsgi RewriteEngine on +RewriteRule login / [L,R] + RewriteCond %{HTTP_USER_AGENT} ^fpaste\/0\.3.*$ [OR] RewriteCond %{HTTP_USER_AGENT} ^Python\-urllib.*$ RewriteCond %{REQUEST_METHOD} POST From 99a671a8d18b3226ffead69e25d87a14b4078e95 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Thu, 16 Feb 2017 13:23:47 +0000 Subject: [PATCH 5/9] Modularity icon. --- roles/apps-fp-o/files/img/icons/modularity.png | Bin 0 -> 6081 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 roles/apps-fp-o/files/img/icons/modularity.png diff --git a/roles/apps-fp-o/files/img/icons/modularity.png b/roles/apps-fp-o/files/img/icons/modularity.png new file mode 100644 index 0000000000000000000000000000000000000000..2d00de40f176226e5129b820dc4b6dce04dd9bfa GIT binary patch literal 6081 zcmb7I1y>Ueyxk@-$q`DIfPlcHLmHIMkurLKbaxKv5D*3eQWBB^f`oL(Xrx=Z84XhJ z{NE>d@1AqN!0(=W@A=(mO?3rAJZd}u06?gu_!b5L0FeI?i~|4wx+Kj90RRA&yR4E9 z7z_pnfGwi{0Kiih#rN(20Ql%X0>xha*arXrR37gPJhYvyJ-p4`tN`BL-cVa7dv}Dn zixt$_?Zek2acTg7LQ?6ijE+y{VV1X#QBQ4qaDLrH>D98)hSPe?Cyw}zUXQ3~wZ2L5 z7&+2Td=^TcLoKp3&C^WHPaNv)A&{yL!P$m^)p*|ODXucOBkQ5E;qWbD!PuAe(C+F8 zecaS`{HN%*e$Ca8-AI<-2-VpC2O^(HLZHYDMUK#rzwL@t@AA&3J5a1m+=_>wnaNAz45gHU>=pj;}VXCeoO z<09~@4IVar032>wBXIQ(Ub3)9#f5?0lJoo3qAdfQKxC0D5R&JMaNfp{tafABC<)2O zq##C?F>DOEeOoKQ2ST}Wc0A>&7SQVZ`l~mc_1Q?5&a^;dzzE9q=JLGbRK8WrYr?8^ zY?bllMxXm-u}(!=>hPqw5;(FH8~7*WxBwLy0uO^M;65DQjoKChU}%o^vUZ)#!2FVA z!Uf`=r+=KUJ?`s0ywYz2^@6;rC5&N?JA$S~zrS|o`QgRx`REbbdUf!~ zTfQNDEe~2KK!vw&%0?+Cv>G8rxXGoJ(+R}!xn##Da~$k8r&9KPJU8E{3)T9a4>hYs zg2-piD*zHDB6Gc*rnFmAf|2PG&@6u_^}r%OAL>UZd9IQ2O&ny+JOS?+0H+0{$nhGq zjB_A3Jv-6sJ}8B_iKOBEm5y`1c*hkE(y1rNHL40SW!=Bh<@2?9pYDJMd6YRSqrShE^g0t02ZL4+u7Px7g`XTf{P~@8i%F8 z?)`1HZuxo6wu-rpWHj#e)zP|xxMq*sS>MUvpgf7?E`==essL3J29dgoW@I2G-vOP! zRZa&wyw$qNDSu2&$IrniZHBr(ny$$_9uql!ho&}P(dj>o%G-VYgqB+3C|umoHkUNh zBnQD|L$Sd9o9Pw_pg1L{!qH` zReh*p@5t2za9F*p!r51RwAAMOvUu{s)M>6VrulkS(Z8|ur|~l?p?OtfF2lNTZ(#=Q zWqM)9CWSVq9|C#{u8ab(1n-WJp^_0T^?Cz+}OzqY7pXsLAIr}DN4=Gu;3 zu`K4o0J!Jhd&t;(B#IC0LqUl>=Co(_&@w23S$Ealq?g<>C}=ubWTLHfmaD{P5*AJR zbq&tzl;ijzSasP%cEI7)^7epZ3FdZe>YY0iUS(#TeR!z`L$}CANnO9~2Y_v)SPJjx zFyscy-DMQ75yQckB~W2z*6fx?znGnVOwd`7o=;{@TivJLX`-BdB4Wa=Ggb;0Ynh}& zJz*YouxmdXNSwvY7>PPHGAlX!ck)I5w(u0FJ}Ka`l6-8jx3edFT&P`rz42`>Eb_9E zd55G|ogd$HR<#6yp~7;gc5=JPLjD54lqFms_HB=wsrN>{S1KOfDs8EVjYN;91X(Dk8K|-;KW`knY=Upx0_5YBgmO1YeyT2riu(HgWV3&nK z@B?4AtAPpu8c&FUI@1DtRu9aR!q;9hy%dWsJ*p3vla2r#;X3~FiiFRSljAF<64@)p z5+hz5AxaN*oEU!!#zHPYkYiKpWBL`2)#j7(yK@?4&OLzQr`TM^E{bU@qHN=qoF#=r z{CA-1{vyyKBLso8LK1PQJ@%PC$H@gBF%?=qlJv!~Ff(-)jUMx<1l?~zt;+b`D*Hxi zgrA3+K9g1!rE7q2$a_XpxNDKO2)W7#OoSF@a)-_4mTKNjf(*9r@f~J@O-@pzx-SRd zql*I?+v={R0Z8_i_@POkBDCq?nf1 zqxxMpNCi`73e)uT95Tgo$>%;fVuRnaRC~YtG+a}p@9?HKu=4nqX(SeYUZ?xWVl0H+9_+hrqcL@o=OI13HZ@IpWZWtzI(nR(rLf22nKAy}iy^-NMP=v5e2aL_ zGnhKtaPKb_wa>8dPg2^+O@~4BcI#*O2h7-=YmrWC5;p&t&uwcBiIYp`M1mZf9tRDe?L6T96U1#Xihc0jV&p0wjPks2f1|l%K01O zUZKCau_bIV(LWoKn>+%^&ygyNHFroyYYVUXa`FhVjbxiV{FV3L1h3zX+nB>)gW*=*YBfKKE zzVkU6Nv`8nbM$L4voS|c78qFMzZeS-fAa~o@QJP&)4MHxu~!s`*WkA-VB&vZotLjJ zIL+hfF)=%#uItFm+P5#_@$2I;QA)Mv6-m)^Ge+$Ww{Qh56YHcw@vgIjqc!@bT)}$p zd2#?35r0u3Xtobf$!)wbj?3KHW#D#|@^-h&cPCsIdZtPv74~fO@eV~uN7GoP2_utJ zQj0V1?5C}0FiX03MoZpi)STUvS7qkw;=H1nU#z|@b8r#39f+<#yklh(InvK`*nj+H zAUk2ny2mR<)Bh4E)p!9Q)`9~kBnB4Ec5;9I2;E3?$?N2P2M<`!GH5s0m4UsW4TG@gt7b?Y!|J?d4inMYs{#BQ)(!t(l+;#q`6W6rO^`s>&; zYH`Gxa9}5jqIOtb+1`+&%)YRETH4l;)2j9d%J7fl^i(xw%#4Vu>Ern|SoUM+e_`WH zoRWEp$t37|+-#Hz7>>A)53%;K;qfie+9)yza?{T1*YGT0_N-`YgbJj6jHATkGisYU zq_YldAJ8y68|i|cIW2oqYAaAQRzXInve3kpMpJ`rC8h!PamCV(*w;^{m&%iS3SCPe7s+s5-hfK1~VB!@6LOB4rE2opzA689clDNoDEG;I6&+)oHHW zt=&R$nWmO7URo=LBYA;6R4%UHJGgmIX_Gh%Y@EgyA@dc|*}~Bcz(j&jv!ruMM=gao z`G|d;nL#r`MzLX%-TaQ#8_CdWLG-Zd0dr9>Rq9vSM8wNn^!aFn>9h8wXZ11vg#3|( ziK}KNz6V>{r$Z9{T!@Gd^Od+3zup_}+q~CK4%olkB*Y&1F-~lUK8=)7jOPAZ0rF58 zSZV$DIdTh5%jVqlPaG;@PhjdOD&15PTJw_V!$exZE!x~%OQI=8yrvn5g3hbcONUs$ z4azt@{iP4+qihcinLm3JZ_j*6rAlROo8iu%)DYNFu6-(4>*aD=wn9*BhUP``IjH8Q z2leu779Iyo7_YAIB5}V$zmGUUeckAegN;?aUx!w7=J}1lt5X>?2)OKu9sgi+G2aeN zUIQiizJx_!xlgm)zAVKOD&ZJq;FiWt(z2S#wV~W5JxL9NB*5>=*;MOM9F$2q;O^qN(^Sw@yyjR2A10c<)s-& zp2tCaXf6NtkqzJ3BAtDM**^)cBXFD;_c$GhIQ4YA3D43&iX4ca-9yBA%;?{XgutzdndOhg`^)TwzRh6g*H`d+ zqz@n5OIB$u73J`%QuVgt8C2G(R{rM|7l>=c8!Wsl#oX;M=Y+|buU2gK3I@j1Q6`a+;zO%|KTI{DX4;gF!%ob^wjStWnjxJrB?>Bmx_r4?phNySL}@IvI%P zv-`@;q<#v^Q__ga9iHu(SEc#k33Y<$!X5wV#lGaH|l%dP|6XXgc0_jLObSN=6%===3A z>AILlNJ4bK+j_F&@y;^_0n_3H2Y?_GdusmJ{-bO{OT8R!1q(xs89on2Q0S5^W?KB-tz?TUF+Pc7?S{sv5bg*P%3h_fMnN2;GtFS>* z+Ze~)9SwX^duV0Ri&x{$t@U(Ttle3cZ0BVuC-MTaql1jEa59|7@lrp=#8E;s(v*Vi z$Yo?T^=8nGEo`&!wJdCn@10MScKMDtKYqj-m2@GDbR{lO7D_Gt zf|{wlv|E{>`T5zLt0|EBtY|x%)OP>Ge$?!~Rrz86^#bnVj}49ka_@tS!)jNQNuPbf zO6Ta7n)dPofdP9MW;lAvWQ{mq^A?s_ge$1K#{`XsvE_2Jq>NWzz?4oI0p(EOP?m`XWD0w2K4`=8|f4v8>c8#g?^Aqx5cBBM4r3eqR;Ymi7<#^R4{Dkvo z_h`#g10qTwAK7`c$AV4*{&xXf?cTGKh+M`FI(+M&hsO!8==51I0#!Cu%{M}KEDw{^GBdVj9e~Xa zM>0)SC4RF*?Dcwlc+J5!fx#Tmh&ha%3e%I)B)- zpnqLPMkNoe=+0Kil=(NNAu(_9|BOnJBOEf8sI4AgOt{Dv#(q`I1C-UpPK3!Lp1R7r z!;2K4i+%f98K=#X)kO8IsFCcW#4l^J?0cN?uCM@sZ8e&KgWde!c1Pr-7RGN9%W<>G zWgSk7Awc=V=k1cXuttj}xp#pyTTZsIX(>|*dbcZR@x;&66f#~(2$Eu#N8Yu(3zl95 zt;8?AQB1o8qiTq~Yo<8P{ylCdO<{~E<`=}`>p~|kNsuP?-Fpq{n2s>6m&%0T;Apl~B-nRe%005TfG#%|8AQtrFWR literal 0 HcmV?d00001 From 2860686a1f7b783f01640f1947e047c8740fbf65 Mon Sep 17 00:00:00 2001 From: Jeremy Cline Date: Thu, 16 Feb 2017 13:43:51 +0000 Subject: [PATCH 6/9] Use inventory group names in anitya upgrade playbook Signed-off-by: Jeremy Cline --- playbooks/manual/upgrade/anitya.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/playbooks/manual/upgrade/anitya.yml b/playbooks/manual/upgrade/anitya.yml index e1fa0ffe08..542b765e40 100644 --- a/playbooks/manual/upgrade/anitya.yml +++ b/playbooks/manual/upgrade/anitya.yml @@ -1,5 +1,5 @@ - name: push packages out - hosts: anitya-frontend01:anitya-backend01 + hosts: anitya-frontend:anitya-backend user: root vars_files: - /srv/web/infra/ansible/vars/global.yml @@ -19,7 +19,7 @@ when: testing - name: verify the frontend - hosts: anitya-frontend01 + hosts: anitya-frontend user: root vars_files: - /srv/web/infra/ansible/vars/global.yml @@ -42,7 +42,7 @@ ignore_errors: true - name: verify the backend and then upgrade the db - hosts: anitya-backend01 + hosts: anitya-backend user: root vars_files: - /srv/web/infra/ansible/vars/global.yml @@ -63,7 +63,7 @@ command: /usr/bin/alembic -c /usr/share/anitya/alembic.ini upgrade head args: chdir: /usr/share/anitya/ - when: inventory_hostname.startswith('anitya-backend01') + when: inventory_hostname.startswith('anitya-backend') post_tasks: - name: tell nagios to unshush w.r.t. the backend nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} From 6dc817998cd6f678e81c7adc1422bcf269ca6652 Mon Sep 17 00:00:00 2001 From: Jeremy Cline Date: Thu, 16 Feb 2017 13:53:02 +0000 Subject: [PATCH 7/9] Set testing: False in anitya production group vars Signed-off-by: Jeremy Cline --- inventory/group_vars/anitya-backend | 3 +++ inventory/group_vars/anitya-frontend | 3 +++ 2 files changed, 6 insertions(+) diff --git a/inventory/group_vars/anitya-backend b/inventory/group_vars/anitya-backend index b81c1f81a9..2e0683550f 100644 --- a/inventory/group_vars/anitya-backend +++ b/inventory/group_vars/anitya-backend @@ -20,6 +20,9 @@ fas_client_groups: sysadmin-noc freezes: false +# Don't use testing repos in production +testing: False + # These are consumed by a task in roles/fedmsg/base/main.yml fedmsg_certs: - service: shell diff --git a/inventory/group_vars/anitya-frontend b/inventory/group_vars/anitya-frontend index 138ae73fc5..21880af703 100644 --- a/inventory/group_vars/anitya-frontend +++ b/inventory/group_vars/anitya-frontend @@ -20,6 +20,9 @@ custom_rules: [ fas_client_groups: sysadmin-noc,sysadmin-web +# Don't use testing repos in production +testing: False + freezes: false vpn: true # These are consumed by a task in roles/fedmsg/base/main.yml From a48b2b44462b2896b245d2a9a42d09f64ca4b828 Mon Sep 17 00:00:00 2001 From: Jeremy Cline Date: Thu, 16 Feb 2017 14:08:22 +0000 Subject: [PATCH 8/9] Update the alembic config location for anitya Signed-off-by: Jeremy Cline --- playbooks/manual/upgrade/anitya.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/playbooks/manual/upgrade/anitya.yml b/playbooks/manual/upgrade/anitya.yml index 542b765e40..4c7397db68 100644 --- a/playbooks/manual/upgrade/anitya.yml +++ b/playbooks/manual/upgrade/anitya.yml @@ -35,6 +35,8 @@ roles: - anitya/frontend - anitya/fedmsg + notify: + - restart apache post_tasks: - name: tell nagios to unshush w.r.t. the frontend nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} @@ -60,7 +62,7 @@ - anitya/fedmsg tasks: - name: Upgrade the database - command: /usr/bin/alembic -c /usr/share/anitya/alembic.ini upgrade head + command: /usr/bin/alembic -c /etc/anitya/alembic.ini upgrade head args: chdir: /usr/share/anitya/ when: inventory_hostname.startswith('anitya-backend') From 3aed8bc40e422cfd5520cf0cc233bc4bf3a81a39 Mon Sep 17 00:00:00 2001 From: Jeremy Cline Date: Thu, 16 Feb 2017 14:16:54 +0000 Subject: [PATCH 9/9] Restart httpd after anitya frontend upgrade Signed-off-by: Jeremy Cline --- playbooks/manual/upgrade/anitya.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/playbooks/manual/upgrade/anitya.yml b/playbooks/manual/upgrade/anitya.yml index 4c7397db68..dd9273e34f 100644 --- a/playbooks/manual/upgrade/anitya.yml +++ b/playbooks/manual/upgrade/anitya.yml @@ -35,13 +35,12 @@ roles: - anitya/frontend - anitya/fedmsg - notify: - - restart apache post_tasks: - name: tell nagios to unshush w.r.t. the frontend nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} delegate_to: noc01.phx2.fedoraproject.org ignore_errors: true + - service: name="httpd" state=restarted - name: verify the backend and then upgrade the db hosts: anitya-backend