diff --git a/roles/abrt/faf/.ansible-lint b/roles/abrt/faf/.ansible-lint new file mode 100644 index 0000000000..c82bf3ad37 --- /dev/null +++ b/roles/abrt/faf/.ansible-lint @@ -0,0 +1,3 @@ +# We have a task explicitly for updating all FAF packages. +skip_list: + - 403 diff --git a/roles/abrt/faf/.github/workflows/ansible-lint.yml b/roles/abrt/faf/.github/workflows/ansible-lint.yml new file mode 100644 index 0000000000..24efef3550 --- /dev/null +++ b/roles/abrt/faf/.github/workflows/ansible-lint.yml @@ -0,0 +1,23 @@ +name: Check Ansible Role + +on: + push: + branches: [ master ] + pull_request: + branches: [ master ] + +jobs: + lint: + # The GitHub-hosted runners don’t do Fedora + runs-on: ubuntu-latest + + steps: + - name: Check out sources + uses: actions/checkout@v2 + + # This can be pinned to a specific tag after something newer than v4.1.0.post0 materializes. + # https://github.com/ansible/ansible-lint-action/commit/91db49755c0e720d9eac9d3a481c227d3d14faf6 + - name: Lint + uses: ansible/ansible-lint-action@master + with: + targets: ./ diff --git a/roles/abrt/faf/defaults/main.yml b/roles/abrt/faf/defaults/main.yml index cbfcb50043..6704464784 100644 --- a/roles/abrt/faf/defaults/main.yml +++ b/roles/abrt/faf/defaults/main.yml @@ -57,7 +57,7 @@ smtp_server: localhost smtp_port: 25 smtp_username: smtp_password: -faf_from: no-reply-retrace@fedoraproject.org +faf_from: no-reply@localhost # [uREPORT] faf_spool_dir: /var/spool/faf @@ -110,8 +110,6 @@ faf_web_openid: true faf_web_openid_privileged_teams: # provenpackager,proventesters -# [DUMPDIR] - # [CACHE] # cache type either: memcached/simple/none faf_web_cache_type: memcached diff --git a/roles/abrt/faf/meta/.galaxy_install_info b/roles/abrt/faf/meta/.galaxy_install_info index 14d8211093..4942746ffa 100644 --- a/roles/abrt/faf/meta/.galaxy_install_info +++ b/roles/abrt/faf/meta/.galaxy_install_info @@ -1,2 +1,2 @@ -install_date: Tue Jan 21 10:21:03 2020 +install_date: Fri Mar 20 14:14:25 2020 version: master diff --git a/roles/abrt/faf/meta/main.yml b/roles/abrt/faf/meta/main.yml index 503526d704..328b2e64bc 100644 --- a/roles/abrt/faf/meta/main.yml +++ b/roles/abrt/faf/meta/main.yml @@ -1,6 +1,7 @@ --- galaxy_info: author: "ABRT team" + description: Deploy FAF company: Red Hat license: BSD min_ansible_version: 2.5 @@ -10,9 +11,8 @@ galaxy_info: - 8 - name: Fedora versions: + - 29 - 30 - - 31 - - 32 - categories: + galaxy_tags: - web dependencies: [] diff --git a/roles/abrt/faf/tasks/check.yml b/roles/abrt/faf/tasks/check.yml index a10fd7bd05..e6d18bc753 100644 --- a/roles/abrt/faf/tasks/check.yml +++ b/roles/abrt/faf/tasks/check.yml @@ -2,14 +2,25 @@ # check backend functionality -- name: faf - shell: faf {{ item }} +- name: Add dummy Fedora 42 release + command: faf releaseadd -o fedora --opsys-release 42 become: yes become_user: faf - loop: - - "releaseadd -o fedora --opsys-release 42" - - "releaselist | grep 'Fedora 42'" - - "compadd -o fedora --opsys-release 42 meta_faf" + changed_when: false + +- name: Get releases from FAF + command: faf releaselist + become: yes + become_user: faf + register: release_list + failed_when: "'Fedora 42' not in release_list.stdout" + changed_when: false + +- name: Add dummy meta_faf component to Fedora 42 release + command: faf compadd -o fedora --opsys-release 42 meta_faf + become: yes + become_user: faf + changed_when: false - name: cpf copy: @@ -19,9 +30,11 @@ group: faf - name: faf - shell: faf {{ item }} + command: faf {{ item }} become: yes become_user: faf loop: - "save-reports -v" - "create-problems -v" + # This task is 100% idempotent, no questions asked. + changed_when: false diff --git a/roles/abrt/faf/tasks/check_web.yml b/roles/abrt/faf/tasks/check_web.yml index 9752d4675f..caaf041e09 100644 --- a/roles/abrt/faf/tasks/check_web.yml +++ b/roles/abrt/faf/tasks/check_web.yml @@ -1,7 +1,8 @@ # check web functionality # -- set_fact: +- name: Set URL facts + set_fact: main_url: "https://{{ ansible_default_ipv4.address }}{{ url_suffix }}" problems_url: "https://{{ ansible_default_ipv4.address }}{{ url_suffix }}/problems/" @@ -13,10 +14,7 @@ register: uri_res check_mode: no delegate_to: localhost - -- fail: msg="{{ main_url }} doesn't contain 'ABRT' string" - when: - "'ABRT' not in uri_res.content" + failed_when: "'ABRT' not in uri_res.content" - name: fetch problems uri: @@ -26,7 +24,4 @@ register: uri_res check_mode: no delegate_to: localhost - -- fail: msg="{{ main_url }} doesn't contain 'State' string" - when: - "'State' not in uri_res.content" + failed_when: "'State' not in uri_res.content" diff --git a/roles/abrt/faf/tasks/cleanup.yml b/roles/abrt/faf/tasks/cleanup.yml index 335d10d308..9c9dab110c 100644 --- a/roles/abrt/faf/tasks/cleanup.yml +++ b/roles/abrt/faf/tasks/cleanup.yml @@ -4,14 +4,17 @@ loop: "{{ eol_opsys | selectattr('opsys') | selectattr('release') | list }}" become: yes become_user: faf + changed_when: false - name: remove EOLed packages command: faf cleanup-packages "{{ item.opsys | capitalize }}" "{{ item.release }}" loop: "{{ eol_opsys | selectattr('opsys') | selectattr('release') | list }}" become: yes become_user: faf + changed_when: false - name: remove unassigned packages command: faf cleanup-unassigned -f become: yes become_user: faf + changed_when: false diff --git a/roles/abrt/faf/tasks/config.yml b/roles/abrt/faf/tasks/config.yml index 13cda55a0b..760c153720 100644 --- a/roles/abrt/faf/tasks/config.yml +++ b/roles/abrt/faf/tasks/config.yml @@ -6,51 +6,17 @@ dest: /etc/faf/faf.conf # setup fedora-messaging -- name: Setup fedora-messaging - block: - - name: create the config folder for fedora-messaging - file: - path: /etc/fedora-messaging/ - owner: root - group: root - mode: 0755 - state: directory - - - name: create folders where we place certs for fedora-messaging - file: - path: /etc/fedora-messaging/faf - owner: root - group: root - mode: 0755 - state: directory - - - name: install certs for fedora-messaging - copy: - src: "{{ item.src }}" - dest: "/etc/fedora-messaging/faf/{{ item.dest }}" - owner: "{{ item.owner }}" - group: root - mode: "{{ item.mode }}" - loop: - - { src: "{{private}}/files/rabbitmq/{{env}}/pki/ca.crt", - dest: "ca.crt", - owner: faf, - mode: 0644 - } - - { src: "{{private}}/files/rabbitmq/{{env}}/pki/private/faf.key", - dest: "faf.key", - owner: faf, - mode: "600" - } - - { src: "{{private}}/files/rabbitmq/{{env}}/pki/issued/faf.crt", - dest: "faf.crt", - owner: faf, - mode: 0644 - } - - - name: provide configuration for fedora-messaging - template: - src: etc-fedora-messaging-config.toml.j2 - dest: /etc/fedora-messaging/config.toml - +- name: create the config folder for fedora-messaging + file: + path: /etc/fedora-messaging/ + owner: root + group: root + mode: 0755 + state: directory + when: faf_with_fedmsg|bool + +- name: provide configuration for fedora-messaging + template: + src: etc-fedora-messaging-config.toml.j2 + dest: /etc/fedora-messaging/config.toml when: faf_with_fedmsg|bool diff --git a/roles/abrt/faf/tasks/cron.yml b/roles/abrt/faf/tasks/cron.yml index f6ec8fe997..bfce4bf2dc 100644 --- a/roles/abrt/faf/tasks/cron.yml +++ b/roles/abrt/faf/tasks/cron.yml @@ -52,7 +52,7 @@ cron: name: "retrace symbols with type {{ item.type }}" user: faf - job: "faf retrace --workers 12 -dp {{ item.type }} --max-fail-count 1 >> /var/log/faf/retrace-{{ item.type }}.log 2>&1" + job: "faf retrace --workers 4 -dp {{ item.type }} --max-fail-count 1 >> /var/log/faf/retrace-{{ item.type }}.log 2>&1" minute: "32" hour: "2" weekday: "{{ item.day }}" diff --git a/roles/abrt/faf/tasks/migrate_db.yml b/roles/abrt/faf/tasks/migrate_db.yml index 7110362738..a02a43111e 100644 --- a/roles/abrt/faf/tasks/migrate_db.yml +++ b/roles/abrt/faf/tasks/migrate_db.yml @@ -3,3 +3,4 @@ command: faf-migrate-db become: yes become_user: faf + changed_when: false diff --git a/roles/abrt/faf/tasks/web.yml b/roles/abrt/faf/tasks/web.yml index d1d1c358d3..b08d56453c 100644 --- a/roles/abrt/faf/tasks/web.yml +++ b/roles/abrt/faf/tasks/web.yml @@ -1,9 +1,11 @@ -- set_fact: +- name: Set url_suffix fact + set_fact: url_suffix: "" when: faf_web_on_root|bool -- set_fact: +- name: Set url_suffix fact + set_fact: url_suffix: "/faf" when: not faf_web_on_root|bool @@ -12,7 +14,8 @@ name: "{{ faf_web_packages }}" state: present -- import_tasks: celery.yml +- name: Import Celery tasks + import_tasks: celery.yml when: faf_with_celery|bool - name: install faf web symboltransfer packages diff --git a/roles/abrt/faf/templates/etc-faf-plugins-web.conf.j2 b/roles/abrt/faf/templates/etc-faf-plugins-web.conf.j2 index cebdc1a453..7fbebbda06 100644 --- a/roles/abrt/faf/templates/etc-faf-plugins-web.conf.j2 +++ b/roles/abrt/faf/templates/etc-faf-plugins-web.conf.j2 @@ -33,12 +33,6 @@ enabled = {{ faf_web_openid }} privileged_teams = {{ faf_web_openid_privileged_teams }} {% endif %} -[DumpDir] -CacheDirectory = {{ faf_spool_dir }}/dumpdirs -CacheDirectoryCountQuota = 100 -CacheDirectorySizeQuota = 107374182400 -MaxDumpDirSize = 1073741824 - [cache] #types: # null - no caching diff --git a/roles/abrt/faf/templates/etc-fedora-messaging-config.toml.j2 b/roles/abrt/faf/templates/etc-fedora-messaging-config.toml.j2 index 68c8f0016f..b905439cd3 100644 --- a/roles/abrt/faf/templates/etc-fedora-messaging-config.toml.j2 +++ b/roles/abrt/faf/templates/etc-fedora-messaging-config.toml.j2 @@ -3,22 +3,18 @@ # A sample configuration for fedora-messaging. This file is in the TOML format. # For complete details on all configuration options, see the documentation. -amqp_url = "amqps://faf:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub" +amqp_url = "amqp://{{ faf_fedmsg_server }}?connection_attempts=3&retry_delay=5" passive_declares = true # The topic_prefix configuration value will add a prefix to the topics of every sent message. # This is used for migrating from fedmsg, and should not be used afterwards. -{% if env == "staging" %} - topic_prefix = "org.fedoraproject.stg" -{% else %} - topic_prefix = "org.fedoraproject.prod" -{% endif %} +topic_prefix = {{ faf_fedmsg_topic_prefix }} [tls] -ca_cert = "/etc/fedora-messaging/faf/ca.crt" -keyfile = "/etc/fedora-messaging/faf/faf.key" -certfile = "/etc/fedora-messaging/faf/faf.crt" +ca_cert = {{ faf_fedmsg_ca_cert }} +keyfile = {{ faf_fedmsg_keyfile }} +certfile = {{ faf_fedmsg_certfile }} [client_properties] app = "FAF" diff --git a/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 b/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 index 4922ad41ab..2a88cff897 100644 --- a/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 +++ b/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 @@ -4,7 +4,7 @@ WSGIPythonOptimize 1 WSGISocketPrefix {{ faf_spool_dir }}/wsgi WSGIDaemonProcess faf user=faf group=faf processes=3 threads=5 -{% set python = 'python3.6' %} +{% set python = 'python3.7' %} WSGIScriptAlias /{{ url_suffix }} /usr/lib/{{ python }}/site-packages/webfaf/hub.wsgi process-group=faf application-group=%{GLOBAL} diff --git a/roles/abrt/retrace/.github/workflows/ansible-lint.yml b/roles/abrt/retrace/.github/workflows/ansible-lint.yml new file mode 100644 index 0000000000..0831cdaf45 --- /dev/null +++ b/roles/abrt/retrace/.github/workflows/ansible-lint.yml @@ -0,0 +1,21 @@ +name: Check Ansible Role + +on: + push: + branches: [ master ] + pull_request: + branches: [ master ] + +jobs: + lint: + # The GitHub-hosted runners don’t do Fedora + runs-on: ubuntu-latest + + steps: + - name: Check out sources + uses: actions/checkout@v2 + + - name: Lint + uses: ansible/ansible-lint-action@master + with: + targets: ./ diff --git a/roles/abrt/retrace/meta/.galaxy_install_info b/roles/abrt/retrace/meta/.galaxy_install_info index f2972203e0..693a945894 100644 --- a/roles/abrt/retrace/meta/.galaxy_install_info +++ b/roles/abrt/retrace/meta/.galaxy_install_info @@ -1,2 +1,2 @@ -install_date: Tue Jan 21 10:21:04 2020 +install_date: Fri Mar 20 14:14:27 2020 version: master diff --git a/roles/abrt/retrace/meta/main.yml b/roles/abrt/retrace/meta/main.yml index d838bfa9f0..ca93f0e38a 100644 --- a/roles/abrt/retrace/meta/main.yml +++ b/roles/abrt/retrace/meta/main.yml @@ -10,10 +10,10 @@ galaxy_info: - 7 - name: Fedora versions: - - 30 - - 31 - - 32 - categories: + - 26 + - 27 + - 28 + galaxy_tags: - system #dependencies: # - { role: httpd } diff --git a/roles/abrt/retrace/tasks/check.yml b/roles/abrt/retrace/tasks/check.yml index 514c9c8ff9..d9d7c9317d 100644 --- a/roles/abrt/retrace/tasks/check.yml +++ b/roles/abrt/retrace/tasks/check.yml @@ -4,7 +4,8 @@ - meta: flush_handlers -- set_fact: +- name: Set settings_url fact + set_fact: settings_url: "https://{{ ansible_default_ipv4.address }}/settings" - name: fetch settings @@ -16,6 +17,7 @@ check_mode: no delegate_to: localhost -- fail: msg="{{ settings_url }} doesn't contain supported_releases" +- name: Fail if /settings does not contain supported_releases + fail: msg="{{ settings_url }} doesn't contain supported_releases" when: "'supported_releases' not in uri_res.content" diff --git a/roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 b/roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 index 64b445c3e2..e6f9339a2b 100644 --- a/roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 +++ b/roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 @@ -1,7 +1,5 @@ #{{ ansible_managed }} -ServerTokens ProductOnly - WSGISocketPrefix /var/run/retrace WSGIDaemonProcess retrace user=retrace group=retrace processes=5 threads=3