diff --git a/playbooks/groups/mirrormanager.yml b/playbooks/groups/mirrormanager.yml
index 4a9d65e147..a0fda13853 100644
--- a/playbooks/groups/mirrormanager.yml
+++ b/playbooks/groups/mirrormanager.yml
@@ -86,7 +86,7 @@
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- - mirrormanager/frontend
+ - mirrormanager/frontend2
handlers:
- include: "{{ handlers }}/restart_services.yml"
diff --git a/roles/mirrormanager/backend/tasks/main.yml b/roles/mirrormanager/backend/tasks/main.yml
index 7bc7499d99..ea0e90e60c 100644
--- a/roles/mirrormanager/backend/tasks/main.yml
+++ b/roles/mirrormanager/backend/tasks/main.yml
@@ -17,7 +17,7 @@
file: path=/etc/mirrormanager state=directory
- name: install MM configuration file
- template: src={{ roles }}/mirrormanager/frontend/templates/mirrormanager2.cfg
+ template: src={{ roles }}/mirrormanager/frontend2/templates/mirrormanager2.cfg
dest=/etc/mirrormanager/mirrormanager2.cfg
mode=600
tags:
diff --git a/roles/mirrormanager/crawler/tasks/main.yml b/roles/mirrormanager/crawler/tasks/main.yml
index 79a1a40c9d..e00a24e097 100644
--- a/roles/mirrormanager/crawler/tasks/main.yml
+++ b/roles/mirrormanager/crawler/tasks/main.yml
@@ -19,7 +19,7 @@
file: path=/etc/mirrormanager state=directory
- name: install MM configuration file
- template: src={{ roles }}/mirrormanager/frontend/templates/mirrormanager2.cfg
+ template: src={{ roles }}/mirrormanager/frontend2/templates/mirrormanager2.cfg
dest=/etc/mirrormanager/mirrormanager2.cfg
mode=600
tags:
diff --git a/roles/mirrormanager/frontend/files/mirrormanager-app.conf b/roles/mirrormanager/frontend/files/mirrormanager-app.conf
new file mode 100644
index 0000000000..9aa2c2c1e0
--- /dev/null
+++ b/roles/mirrormanager/frontend/files/mirrormanager-app.conf
@@ -0,0 +1,35 @@
+Alias /mirrormanager/static /usr/share/mirrormanager/server/mirrormanager/static
+Alias /mirrormanager/crawler /var/log/mirrormanager/crawler
+
+WSGISocketPrefix /var/run/mirrormanager/wsgi
+WSGIRestrictSignal Off
+
+WSGIDaemonProcess mirrormanager user=mirrormanager group=mirrormanager display-name=mirrormanager maximum-requests=1000 processes=4 threads=1 umask=0007
+WSGIPythonOptimize 1
+
+WSGIScriptAlias /mirrormanager /usr/share/mirrormanager/server/mirrormanager.wsgi/mirrormanager
+
+
+ WSGIProcessGroup mirrormanager
+
+ # Apache 2.4
+ Require all granted
+
+
+ # Apache 2.2
+ Order deny,allow
+ Allow from all
+
+
+
+
+
+ # Apache 2.4
+ Require all granted
+
+
+ # Apache 2.2
+ Order deny,allow
+ Allow from all
+
+
diff --git a/roles/mirrormanager/frontend/meta/main.yml b/roles/mirrormanager/frontend/meta/main.yml
new file mode 100644
index 0000000000..4590c3dc7f
--- /dev/null
+++ b/roles/mirrormanager/frontend/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+ - { role: mirrormanager/package }
diff --git a/roles/mirrormanager/frontend/tasks/main.yml b/roles/mirrormanager/frontend/tasks/main.yml
index c9ca50b016..7ed2b992a9 100644
--- a/roles/mirrormanager/frontend/tasks/main.yml
+++ b/roles/mirrormanager/frontend/tasks/main.yml
@@ -1,41 +1,19 @@
---
-# tasklist for setting up the mirrormanager web application
-
-- name: clean yum metadata
- command: yum clean all
- tags:
- - packages
-
-- name: install needed packages
- yum: pkg={{ item }} state=present
- with_items:
- - mirrormanager2
- - python-psycopg2
- - python-openid-cla
- - python-openid-teams
- - python-memcached
- - libsemanage-python
- tags:
- - packages
-
-- name: install configuration file
- template: src={{ item.file }} dest={{ item.dest }}
- owner=apache group=apache mode=0600
- with_items:
- - { file: mirrormanager.conf, dest: /etc/httpd/conf.d/mirrormanager.conf }
- - { file: mirrormanager2.cfg, dest: /etc/mirrormanager/mirrormanager2.cfg }
- - { file: mirrormanager2.wsgi, dest: /var/www/mirrormanager2.wsgi }
- notify:
- - restart httpd
- tags:
- - config
-
-- name: create the database scheme
- command: /usr/bin/python2 /usr/share/mirrormanager2/mirrormanager2_createdb.py
- environment:
- MM2_CONFIG: /etc/mirrormanager/mirrormanager2.cfg
+# tasklist for setting up the mirrormanager app components
- name: set sebooleans so mirrormanager can connect to its db
action: seboolean name=httpd_can_network_connect_db
state=true
persistent=true
+
+- name: install /etc/httpd/conf.d/mirrormanager-app.conf
+ copy: >
+ src="mirrormanager-app.conf"
+ dest="/etc/httpd/conf.d/mirrormanager.conf"
+ owner=root
+ group=root
+ mode=0644
+ notify:
+ - restart httpd
+ tags:
+ - config
diff --git a/roles/mirrormanager/frontend2/tasks/main.yml b/roles/mirrormanager/frontend2/tasks/main.yml
new file mode 100644
index 0000000000..c9ca50b016
--- /dev/null
+++ b/roles/mirrormanager/frontend2/tasks/main.yml
@@ -0,0 +1,41 @@
+---
+# tasklist for setting up the mirrormanager web application
+
+- name: clean yum metadata
+ command: yum clean all
+ tags:
+ - packages
+
+- name: install needed packages
+ yum: pkg={{ item }} state=present
+ with_items:
+ - mirrormanager2
+ - python-psycopg2
+ - python-openid-cla
+ - python-openid-teams
+ - python-memcached
+ - libsemanage-python
+ tags:
+ - packages
+
+- name: install configuration file
+ template: src={{ item.file }} dest={{ item.dest }}
+ owner=apache group=apache mode=0600
+ with_items:
+ - { file: mirrormanager.conf, dest: /etc/httpd/conf.d/mirrormanager.conf }
+ - { file: mirrormanager2.cfg, dest: /etc/mirrormanager/mirrormanager2.cfg }
+ - { file: mirrormanager2.wsgi, dest: /var/www/mirrormanager2.wsgi }
+ notify:
+ - restart httpd
+ tags:
+ - config
+
+- name: create the database scheme
+ command: /usr/bin/python2 /usr/share/mirrormanager2/mirrormanager2_createdb.py
+ environment:
+ MM2_CONFIG: /etc/mirrormanager/mirrormanager2.cfg
+
+- name: set sebooleans so mirrormanager can connect to its db
+ action: seboolean name=httpd_can_network_connect_db
+ state=true
+ persistent=true
diff --git a/roles/mirrormanager/frontend/templates/mirrormanager.conf b/roles/mirrormanager/frontend2/templates/mirrormanager.conf
similarity index 100%
rename from roles/mirrormanager/frontend/templates/mirrormanager.conf
rename to roles/mirrormanager/frontend2/templates/mirrormanager.conf
diff --git a/roles/mirrormanager/frontend/templates/mirrormanager2.cfg b/roles/mirrormanager/frontend2/templates/mirrormanager2.cfg
similarity index 100%
rename from roles/mirrormanager/frontend/templates/mirrormanager2.cfg
rename to roles/mirrormanager/frontend2/templates/mirrormanager2.cfg
diff --git a/roles/mirrormanager/frontend/templates/mirrormanager2.wsgi b/roles/mirrormanager/frontend2/templates/mirrormanager2.wsgi
similarity index 100%
rename from roles/mirrormanager/frontend/templates/mirrormanager2.wsgi
rename to roles/mirrormanager/frontend2/templates/mirrormanager2.wsgi
diff --git a/roles/mirrormanager/package/tasks/main.yml b/roles/mirrormanager/package/tasks/main.yml
new file mode 100644
index 0000000000..e250da1462
--- /dev/null
+++ b/roles/mirrormanager/package/tasks/main.yml
@@ -0,0 +1,69 @@
+---
+# tasklist for setting up the mirrormanager package components
+
+- name: set sebooleans so mirrormanager can read its homedir
+ action: seboolean name=httpd_enable_homedirs
+ state=true
+ persistent=true
+
+- name: add mirrormanager group - gid {{ mirrormanager_gid }}
+ group: name=mirrormanager gid={{ mirrormanager_gid }}
+
+- name: add mirrors group - gid {{ mirrors_gid }}
+ group: name=mirrors gid={{ mirrors_gid }}
+
+- name: add mirrors2 group - gid {{ mirrors2_gid }}
+ group: name=mirrors2 gid={{ mirrors2_gid }}
+
+- name: add mirrormanager user - uid {{ mirrormanager_uid }}
+ user: >
+ name=mirrormanager
+ uid={{ mirrormanager_uid }}
+ group=mirrormanager
+ groups=mirrors,mirrors2,apache
+ state=present
+ home=/home/mirrormanager
+ createhome=yes
+ shell=/bin/bash
+
+- name: install mirrormanager package
+ yum: pkg={{ item }} state=present
+ with_items:
+ - mirrormanager
+ tags:
+ - packages
+
+- name: install /etc/mirrormanager/prod.cfg
+ template: >
+ src="mirrormanager-prod.cfg.j2"
+ dest="/etc/mirrormanager/prod.cfg"
+ owner=mirrormanager
+ group=mirrormanager
+ mode=0600
+ notify:
+ - restart httpd
+ tags:
+ - config
+
+- name: setup mirrormanager directories
+ file: path="{{ item }}" owner=mirrormanager group=mirrormanager mode=0755 state=directory
+ with_items:
+ - /var/lock/mirrormanager
+ - /var/lib/mirrormanager
+ - /var/run/mirrormanager
+ - /var/log/mirrormanager
+ - /var/log/mirrormanager/crawler
+ - /home/mirrormanager
+ tags:
+ - config
+
+- name: setup /home/mirrormanager/.ssh directory
+ copy: >
+ src="{{ puppet_private }}/mirrormanager/"
+ dest="/home/mirrormanager/.ssh"
+ directory_mode=yes
+ owner=mirrormanager
+ group=mirrormanager
+ mode=0700
+ tags:
+ - config
diff --git a/roles/mirrormanager/package/templates/mirrormanager-prod.cfg.j2 b/roles/mirrormanager/package/templates/mirrormanager-prod.cfg.j2
new file mode 100644
index 0000000000..07f713fae4
--- /dev/null
+++ b/roles/mirrormanager/package/templates/mirrormanager-prod.cfg.j2
@@ -0,0 +1,131 @@
+[global]
+# This is where all of your settings go for your development environment
+# Settings that are the same for both development and production
+# (such as template engine, encodings, etc.) all go in
+# mirrormanager/config/app.cfg
+
+# pick the form for your database
+# sqlobject.dburi="postgres://username@hostname/databasename"
+# sqlobject.dburi="mysql://username:password@hostname:port/databasename"
+# sqlobject.dburi="sqlite:///file_name_and_path"
+
+# If you have sqlite, here's a simple default to get you started
+# in development
+#sqlobject.dburi="postgres://mirrormanager@127.0.0.1/mirrormanager"
+
+# This is for local development purposes. It won't be used for
+# production.
+{% if env == "staging" %}
+sqlobject.dburi="notrans_postgres://mirroradmin:{{ mirrorPassword }}@db-mirrormanager.stg:5432/mirrormanager"
+{% else %}
+sqlobject.dburi="notrans_postgres://mirroradmin:{{ mirrorPassword }}@db-mirrormanager:5432/mirrormanager"
+{% endif %}
+
+# if you are using a database or table type without transactions
+# (MySQL default, for example), you should turn off transactions
+# by prepending notrans_ on the uri
+# sqlobject.dburi="notrans_mysql://username:password@hostname:port/databasename"
+
+# for Windows users, sqlite URIs look like:
+# sqlobject.dburi="sqlite:///drive_letter:/path/to/file"
+
+# SERVER
+
+# Some server parameters that you may want to tweak
+# running as a WSGI under apache. This is used by TG when it generates a redirect.
+server.socket_port=80
+
+server.socket_timeout = 60
+server.thread_pool = 50
+server.socket_queue_size = 30
+
+# Enable the debug output at the end on pages.
+# log_debug_info_filter.on = False
+
+server.environment="production"
+server.webpath="/mirrormanager"
+autoreload.package="mirrormanager"
+
+# session_filter.on = True
+
+# Set to True if you'd like to abort execution if a controller gets an
+# unexpected parameter. False by default
+tg.strict_parameters = True
+tg.ignore_parameters = ["_csrf_token"]
+
+##############################
+# Fedora Account System config
+fas.url = 'https://admin.fedoraproject.org/accounts/'
+identity.provider='jsonfas2'
+identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity"
+visit.manager="jsonfas2"
+visit.saprovider.model="fedora.accounts.tgfas.Visit"
+visit.cookie.secure = True
+visit.cookie.httponly = True
+
+mirrormanager.admin_group = 'sysadmin-web'
+mirrormanager.max_stale_days = 2
+mirrormanager.max_propogation_days = 1
+mirrormanager.report_problems_to_email = 'mirror-admin at fedoraproject.org'
+
+##############################
+# update-master-directory-list category list and master locations
+# be very careful here. Trailing slashes on url directory names are necessary.
+umdl.master_directories = ''' [
+ { 'type':'directory', 'path':'/pub/fedora/linux/', 'category':'Fedora Linux' },
+ { 'type':'directory', 'path':'/pub/archive/', 'category':'Fedora Archive' },
+ { 'type':'directory', 'path':'/pub/epel/', 'category':'Fedora EPEL' },
+ { 'type':'directory', 'path':'/pub/fedora-secondary/', 'category':'Fedora Secondary Arches' },
+ { 'type':'directory', 'path':'/pub/alt/', 'category':'Fedora Other',
+ 'excludes':['.*/stage$']},
+ { 'type':'directory', 'path':'/pub/redhat/rhel/', 'category':'RHEL' },
+ ] '''
+
+# manage-repo-redirects (mrr) repository definition
+# this can be used to define a repository redirect
+# for example from an upcoming release to the current development tree
+mrr.repos = ''' {
+ 'fedora-%s':'rawhide',
+ 'fedora-debug-%s':'rawhide-debug',
+ 'fedora-source-%s':'rawhide-source',
+ 'updates-released-f%s':'rawhide',
+ 'updates-released-debug-f%s':'rawhide-debug',
+ 'updates-released-source-f%s':'rawhide-source',
+ 'updates-testing-f%s':'rawhide',
+ 'updates-testing-debug-f%s':'rawhide-debug',
+ 'updates-testing-source-f%s':'rawhide-source'
+ } '''
+
+base_url_filter.on = True
+{% if env == "staging" %}
+base_url_filter.base_url = "https://admin.stg.fedoraproject.org"
+{% else %}
+base_url_filter.base_url = "https://admin.fedoraproject.org"
+{% endif %}
+base_url_filter.use_x_forwarded_host = False
+
+[/xmlrpc]
+xmlrpc_filter.on = True
+
+# LOGGING
+# Logging configuration generally follows the style of the standard
+# Python logging module configuration. Note that when specifying
+# log format messages, you need to use *() for formatting variables.
+# Deployment independent log configuration is in mirrormanager/config/log.cfg
+[logging]
+
+[[loggers]]
+[[[mirrormanager]]]
+level='DEBUG'
+qualname='mirrormanager'
+handlers=['debug_out']
+
+[[[allinfo]]]
+level='INFO'
+handlers=['debug_out']
+
+[[[access]]]
+level='WARN'
+qualname='turbogears.access'
+handlers=['access_out']
+propagate=0
diff --git a/roles/mirrormanager/package/vars/main.yml b/roles/mirrormanager/package/vars/main.yml
new file mode 100644
index 0000000000..089784c9b0
--- /dev/null
+++ b/roles/mirrormanager/package/vars/main.yml
@@ -0,0 +1,4 @@
+mirrormanager_uid: 441
+mirrormanager_gid: 441
+mirrors_gid: 263
+mirrors2_gid: 529