Attempt to move new mirrormanager frontend to frontend2 and bring old one back so sundries isn't broken.

playbooks/groups/mirrormanager.yml

@@ -86,7 +86,7 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - mirrormanager/frontend
+  - mirrormanager/frontend2
 
   handlers:
   - include: "{{ handlers }}/restart_services.yml"

roles/mirrormanager/backend/tasks/main.yml

@@ -17,7 +17,7 @@
   file: path=/etc/mirrormanager state=directory
 
 - name: install MM configuration file
-  template: src={{ roles }}/mirrormanager/frontend/templates/mirrormanager2.cfg
+  template: src={{ roles }}/mirrormanager/frontend2/templates/mirrormanager2.cfg
             dest=/etc/mirrormanager/mirrormanager2.cfg
             mode=600
   tags:

roles/mirrormanager/crawler/tasks/main.yml

@@ -19,7 +19,7 @@
   file: path=/etc/mirrormanager state=directory
 
 - name: install MM configuration file
-  template: src={{ roles }}/mirrormanager/frontend/templates/mirrormanager2.cfg
+  template: src={{ roles }}/mirrormanager/frontend2/templates/mirrormanager2.cfg
             dest=/etc/mirrormanager/mirrormanager2.cfg
             mode=600
   tags:

roles/mirrormanager/frontend/files/mirrormanager-app.conf

@@ -0,0 +1,35 @@
+Alias /mirrormanager/static /usr/share/mirrormanager/server/mirrormanager/static
+Alias /mirrormanager/crawler /var/log/mirrormanager/crawler
+
+WSGISocketPrefix /var/run/mirrormanager/wsgi
+WSGIRestrictSignal Off
+
+WSGIDaemonProcess mirrormanager user=mirrormanager group=mirrormanager display-name=mirrormanager maximum-requests=1000 processes=4 threads=1 umask=0007
+WSGIPythonOptimize 1
+
+WSGIScriptAlias /mirrormanager /usr/share/mirrormanager/server/mirrormanager.wsgi/mirrormanager
+
+<Directory /usr/share/mirrormanager/server>
+    WSGIProcessGroup mirrormanager
+    <IfModule mod_authz_core.c>
+        # Apache 2.4
+        Require all granted
+    </IfModule>
+    <IfModule !mod_authz_core.c>
+        # Apache 2.2
+        Order deny,allow
+        Allow from all
+    </IfModule>
+</Directory>
+
+<Directory /var/log/mirrormanager/crawler>
+    <IfModule mod_authz_core.c>
+        # Apache 2.4
+        Require all granted
+    </IfModule>
+    <IfModule !mod_authz_core.c>
+        # Apache 2.2
+        Order deny,allow
+        Allow from all
+    </IfModule>
+</Directory>

roles/mirrormanager/frontend/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: mirrormanager/package }

roles/mirrormanager/frontend/tasks/main.yml

@@ -1,41 +1,19 @@
 ---
-# tasklist for setting up the mirrormanager web application
+# tasklist for setting up the mirrormanager app components
-
-- name: clean yum metadata
-  command: yum clean all
-  tags:
-  - packages
-
-- name: install needed packages
-  yum: pkg={{ item }} state=present
-  with_items:
-  - mirrormanager2
-  - python-psycopg2
-  - python-openid-cla
-  - python-openid-teams
-  - python-memcached
-  - libsemanage-python
-  tags:
-  - packages
-
-- name: install configuration file
-  template: src={{ item.file }} dest={{ item.dest }}
-            owner=apache group=apache mode=0600
-  with_items:
-  - { file: mirrormanager.conf, dest: /etc/httpd/conf.d/mirrormanager.conf }
-  - { file: mirrormanager2.cfg, dest: /etc/mirrormanager/mirrormanager2.cfg }
-  - { file: mirrormanager2.wsgi, dest: /var/www/mirrormanager2.wsgi }
-  notify:
-  - restart httpd
-  tags:
-  - config
-
-- name: create the database scheme
-  command: /usr/bin/python2 /usr/share/mirrormanager2/mirrormanager2_createdb.py
-  environment:
-      MM2_CONFIG: /etc/mirrormanager/mirrormanager2.cfg
 
 - name: set sebooleans so mirrormanager can connect to its db
   action: seboolean name=httpd_can_network_connect_db
                     state=true
                     persistent=true
+
+- name: install /etc/httpd/conf.d/mirrormanager-app.conf
+  copy: >
+    src="mirrormanager-app.conf"
+    dest="/etc/httpd/conf.d/mirrormanager.conf"
+    owner=root
+    group=root
+    mode=0644
+  notify:
+  - restart httpd
+  tags:
+  - config

roles/mirrormanager/frontend2/tasks/main.yml

@@ -0,0 +1,41 @@
+---
+# tasklist for setting up the mirrormanager web application
+
+- name: clean yum metadata
+  command: yum clean all
+  tags:
+  - packages
+
+- name: install needed packages
+  yum: pkg={{ item }} state=present
+  with_items:
+  - mirrormanager2
+  - python-psycopg2
+  - python-openid-cla
+  - python-openid-teams
+  - python-memcached
+  - libsemanage-python
+  tags:
+  - packages
+
+- name: install configuration file
+  template: src={{ item.file }} dest={{ item.dest }}
+            owner=apache group=apache mode=0600
+  with_items:
+  - { file: mirrormanager.conf, dest: /etc/httpd/conf.d/mirrormanager.conf }
+  - { file: mirrormanager2.cfg, dest: /etc/mirrormanager/mirrormanager2.cfg }
+  - { file: mirrormanager2.wsgi, dest: /var/www/mirrormanager2.wsgi }
+  notify:
+  - restart httpd
+  tags:
+  - config
+
+- name: create the database scheme
+  command: /usr/bin/python2 /usr/share/mirrormanager2/mirrormanager2_createdb.py
+  environment:
+      MM2_CONFIG: /etc/mirrormanager/mirrormanager2.cfg
+
+- name: set sebooleans so mirrormanager can connect to its db
+  action: seboolean name=httpd_can_network_connect_db
+                    state=true
+                    persistent=true

roles/mirrormanager/package/tasks/main.yml

@@ -0,0 +1,69 @@
+---
+# tasklist for setting up the mirrormanager package components
+
+- name: set sebooleans so mirrormanager can read its homedir
+  action: seboolean name=httpd_enable_homedirs
+                    state=true
+                    persistent=true
+
+- name: add mirrormanager group - gid {{ mirrormanager_gid }}
+  group: name=mirrormanager gid={{ mirrormanager_gid }}
+
+- name: add mirrors group - gid {{ mirrors_gid }}
+  group: name=mirrors gid={{ mirrors_gid }}
+
+- name: add mirrors2 group - gid {{ mirrors2_gid }}
+  group: name=mirrors2 gid={{ mirrors2_gid }}
+
+- name: add mirrormanager user - uid {{ mirrormanager_uid }}
+  user: >
+    name=mirrormanager 
+    uid={{ mirrormanager_uid }}
+    group=mirrormanager 
+    groups=mirrors,mirrors2,apache 
+    state=present 
+    home=/home/mirrormanager 
+    createhome=yes 
+    shell=/bin/bash
+
+- name: install mirrormanager package
+  yum: pkg={{ item }} state=present
+  with_items:
+  - mirrormanager
+  tags:
+  - packages
+
+- name: install /etc/mirrormanager/prod.cfg
+  template: >
+    src="mirrormanager-prod.cfg.j2"
+    dest="/etc/mirrormanager/prod.cfg"
+    owner=mirrormanager
+    group=mirrormanager
+    mode=0600
+  notify:
+  - restart httpd
+  tags:
+  - config
+
+- name: setup mirrormanager directories
+  file: path="{{ item }}" owner=mirrormanager group=mirrormanager mode=0755 state=directory
+  with_items:
+  - /var/lock/mirrormanager
+  - /var/lib/mirrormanager
+  - /var/run/mirrormanager
+  - /var/log/mirrormanager
+  - /var/log/mirrormanager/crawler
+  - /home/mirrormanager
+  tags:
+  - config
+
+- name: setup /home/mirrormanager/.ssh directory
+  copy: >
+    src="{{ puppet_private }}/mirrormanager/"
+    dest="/home/mirrormanager/.ssh"
+    directory_mode=yes
+    owner=mirrormanager
+    group=mirrormanager
+    mode=0700
+  tags:
+  - config

roles/mirrormanager/package/templates/mirrormanager-prod.cfg.j2

@@ -0,0 +1,131 @@
+[global]
+# This is where all of your settings go for your development environment
+# Settings that are the same for both development and production
+# (such as template engine, encodings, etc.) all go in 
+# mirrormanager/config/app.cfg
+
+# pick the form for your database
+# sqlobject.dburi="postgres://username@hostname/databasename"
+# sqlobject.dburi="mysql://username:password@hostname:port/databasename"
+# sqlobject.dburi="sqlite:///file_name_and_path"
+
+# If you have sqlite, here's a simple default to get you started
+# in development
+#sqlobject.dburi="postgres://mirrormanager@127.0.0.1/mirrormanager"
+
+# This is for local development purposes.  It won't be used for
+# production.
+{% if env == "staging" %}
+sqlobject.dburi="notrans_postgres://mirroradmin:{{ mirrorPassword }}@db-mirrormanager.stg:5432/mirrormanager"
+{% else %}
+sqlobject.dburi="notrans_postgres://mirroradmin:{{ mirrorPassword }}@db-mirrormanager:5432/mirrormanager"
+{% endif %}
+
+# if you are using a database or table type without transactions
+# (MySQL default, for example), you should turn off transactions
+# by prepending notrans_ on the uri
+# sqlobject.dburi="notrans_mysql://username:password@hostname:port/databasename"
+
+# for Windows users, sqlite URIs look like:
+# sqlobject.dburi="sqlite:///drive_letter:/path/to/file"
+
+# SERVER
+
+# Some server parameters that you may want to tweak
+# running as a WSGI under apache.  This is used by TG when it generates a redirect.
+server.socket_port=80
+
+server.socket_timeout = 60
+server.thread_pool = 50
+server.socket_queue_size = 30
+
+# Enable the debug output at the end on pages.
+# log_debug_info_filter.on = False
+
+server.environment="production"
+server.webpath="/mirrormanager"
+autoreload.package="mirrormanager"
+
+# session_filter.on = True
+
+# Set to True if you'd like to abort execution if a controller gets an
+# unexpected parameter. False by default
+tg.strict_parameters = True
+tg.ignore_parameters = ["_csrf_token"]
+
+##############################
+# Fedora Account System config
+fas.url = 'https://admin.fedoraproject.org/accounts/'
+identity.provider='jsonfas2'
+identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity"
+visit.manager="jsonfas2"
+visit.saprovider.model="fedora.accounts.tgfas.Visit"
+visit.cookie.secure = True
+visit.cookie.httponly = True
+
+mirrormanager.admin_group = 'sysadmin-web'
+mirrormanager.max_stale_days = 2
+mirrormanager.max_propogation_days = 1
+mirrormanager.report_problems_to_email = 'mirror-admin at fedoraproject.org'
+
+##############################
+# update-master-directory-list category list and master locations
+# be very careful here.  Trailing slashes on url directory names are necessary.
+umdl.master_directories = ''' [
+	{ 'type':'directory', 'path':'/pub/fedora/linux/', 'category':'Fedora Linux' },
+	{ 'type':'directory', 'path':'/pub/archive/', 'category':'Fedora Archive' },
+ 	{ 'type':'directory', 'path':'/pub/epel/', 'category':'Fedora EPEL' },
+	{ 'type':'directory', 'path':'/pub/fedora-secondary/', 'category':'Fedora Secondary Arches' },
+	{ 'type':'directory', 'path':'/pub/alt/', 'category':'Fedora Other',
+          'excludes':['.*/stage$']},
+	{ 'type':'directory', 'path':'/pub/redhat/rhel/', 'category':'RHEL' },
+	] '''
+
+# manage-repo-redirects (mrr) repository definition
+# this can be used to define a repository redirect
+# for example from an upcoming release to the current development tree
+mrr.repos = ''' {
+	'fedora-%s':'rawhide',
+	'fedora-debug-%s':'rawhide-debug',
+	'fedora-source-%s':'rawhide-source',
+	'updates-released-f%s':'rawhide',
+	'updates-released-debug-f%s':'rawhide-debug',
+	'updates-released-source-f%s':'rawhide-source',
+	'updates-testing-f%s':'rawhide',
+	'updates-testing-debug-f%s':'rawhide-debug',
+	'updates-testing-source-f%s':'rawhide-source'
+	} '''
+
+base_url_filter.on = True
+{% if env == "staging" %}
+base_url_filter.base_url = "https://admin.stg.fedoraproject.org"
+{% else %}
+base_url_filter.base_url = "https://admin.fedoraproject.org"
+{% endif %}
+base_url_filter.use_x_forwarded_host = False
+
+[/xmlrpc]
+xmlrpc_filter.on = True
+
+# LOGGING
+# Logging configuration generally follows the style of the standard
+# Python logging module configuration. Note that when specifying
+# log format messages, you need to use *() for formatting variables.
+# Deployment independent log configuration is in mirrormanager/config/log.cfg
+[logging]
+
+[[loggers]]
+[[[mirrormanager]]]
+level='DEBUG'
+qualname='mirrormanager'
+handlers=['debug_out']
+
+[[[allinfo]]]
+level='INFO'
+handlers=['debug_out']
+
+[[[access]]]
+level='WARN'
+qualname='turbogears.access'
+handlers=['access_out']
+propagate=0

roles/mirrormanager/package/vars/main.yml

@@ -0,0 +1,4 @@
+mirrormanager_uid: 441
+mirrormanager_gid: 441
+mirrors_gid: 263
+mirrors2_gid: 529