Rework the frontend sub-role for mirrormanager

roles/mirrormanager/frontend/files/mirrormanager-app.conf

@@ -1,35 +0,0 @@
-Alias /mirrormanager/static /usr/share/mirrormanager/server/mirrormanager/static
-Alias /mirrormanager/crawler /var/log/mirrormanager/crawler
-
-WSGISocketPrefix /var/run/mirrormanager/wsgi
-WSGIRestrictSignal Off
-
-WSGIDaemonProcess mirrormanager user=mirrormanager group=mirrormanager display-name=mirrormanager maximum-requests=1000 processes=4 threads=1 umask=0007
-WSGIPythonOptimize 1
-
-WSGIScriptAlias /mirrormanager /usr/share/mirrormanager/server/mirrormanager.wsgi/mirrormanager
-
-<Directory /usr/share/mirrormanager/server>
-    WSGIProcessGroup mirrormanager
-    <IfModule mod_authz_core.c>
-        # Apache 2.4
-        Require all granted
-    </IfModule>
-    <IfModule !mod_authz_core.c>
-        # Apache 2.2
-        Order deny,allow
-        Allow from all
-    </IfModule>
-</Directory>
-
-<Directory /var/log/mirrormanager/crawler>
-    <IfModule mod_authz_core.c>
-        # Apache 2.4
-        Require all granted
-    </IfModule>
-    <IfModule !mod_authz_core.c>
-        # Apache 2.2
-        Order deny,allow
-        Allow from all
-    </IfModule>
-</Directory>

roles/mirrormanager/frontend/meta/main.yml

@@ -1,3 +0,0 @@
----
-dependencies:
-  - { role: mirrormanager/package }

roles/mirrormanager/frontend/tasks/main.yml

@@ -1,19 +1,41 @@
 ---
-# tasklist for setting up the mirrormanager app components
+# tasklist for setting up the mirrormanager web application
+
+- name: clean yum metadata
+  command: yum clean all
+  tags:
+  - packages
+
+- name: install needed packages
+  yum: pkg={{ item }} state=present
+  with_items:
+  - mirrormanager
+  - python-psycopg2
+  - python-openid-cla
+  - python-openid-teams
+  - python-memcached
+  - libsemanage-python
+  tags:
+  - packages
+
+- name: install configuration file
+  template: src={{ item.file }} dest={{ item.dest }}
+            owner=apache group=apache mode=0600
+  with_items:
+  - { file: mirrormanager.conf dest: /etc/httpd/conf.d/mirrormanager.conf }
+  - { file: mirrormanager2.cfg dest: /etc/mirrormanager/mirrormanager2.cfg }
+  - { file: mirrormanager2.wsgi dest: /var/www/mirrormanager2.wsgi }
+  notify:
+  - restart httpd
+  tags:
+  - config
+
+- name: create the database scheme
+  command: /usr/bin/python2 /usr/share/mirrormanager2/mirrormanager2_createdb.py
+  environment:
+      MM2_CONFIG: /etc/mirrormanager/mirrormanager2.cfg
 
 - name: set sebooleans so mirrormanager can connect to its db
   action: seboolean name=httpd_can_network_connect_db
                     state=true
                     persistent=true
-
-- name: install /etc/httpd/conf.d/mirrormanager-app.conf
-  copy: >
-    src="mirrormanager-app.conf"
-    dest="/etc/httpd/conf.d/mirrormanager.conf"
-    owner=root
-    group=root
-    mode=0644
-  notify:
-  - restart httpd
-  tags:
-  - config

roles/mirrormanager/frontend/templates/mirrormanager.conf

@@ -0,0 +1,24 @@
+# Apache configuration file for mirrormanager2
+
+Alias /mirrormanager/static /usr/lib/python2.7/site-packages/mirrormanager2/static/
+
+WSGIDaemonProcess mirrormanager user=apache maximum-requests=1000 display-name=mirrormanager processes=2 threads=1
+WSGISocketPrefix run/wsgi
+WSGIRestrictStdout On
+WSGIRestrictSignal Off
+WSGIPythonOptimize 1
+
+WSGIScriptAlias /mirrormanager /var/www/mirrormanager2.wsgi
+
+<Location />
+    WSGIProcessGroup mirrormanager
+    <IfModule mod_authz_core.c>
+        # Apache 2.4
+        Require all granted
+    </IfModule>
+    <IfModule !mod_authz_core.c>
+         # Apache 2.2
+        Order deny,allow
+        Allow from all
+    </IfModule>
+</Location>

roles/mirrormanager/frontend/templates/mirrormanager2.cfg

@@ -0,0 +1,140 @@
+# -*- coding: utf-8 -*-
+
+'''
+MirrorManager2 sample configuration.
+'''
+
+###
+# Most important configuration items
+###
+
+
+# url to the database server:
+DB_URL='postgresql://{{ mirrormanager_db_user }}:{{ mirrormanager_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_db_name }}'
+
+# the number of items to display on the search pages
+# Default: ``50``.
+ITEMS_PER_PAGE = 50
+
+# secret key used to generate unique csrf token
+SECRET_KEY = '{{ mirrormanager_secret_key }}'
+
+# Seed used to make the password harder to brute force in case of leaking
+# This should be kept really secret!
+PASSWORD_SEED = "{{ mirrormanager_password_seed }}"
+
+
+
+###
+# Other configuration items for the web-app
+###
+
+from datetime import timedelta
+
+# Set the time after which the session expires. Flask's default is 31 days.
+# Default: ``timedelta(hours=1)`` corresponds to 1 hour.
+PERMANENT_SESSION_LIFETIME = timedelta(hours=1)
+
+# Folder containing the theme to use.
+# Default: ``fedora``.
+THEME_FOLDER = 'fedora'
+
+# Which authentication method to use, defaults to `fas` can be or `local`
+# Default: ``fas``.
+MM_AUTHENTICATION = 'fas'
+
+# If the authentication method is `fas`, groups in which should be the user
+# to be recognized as an admin.
+ADMIN_GROUP = ('sysadmin-main', 'sysadmin-web')
+
+# Email address used in the 'From' field of the emails sent.
+# Default: ``nobody@fedoraproject.org``.
+EMAIL_FROM = 'nobody@fedoraproject.org'
+
+# SMTP server to use,
+# Default: ``localhost``.
+SMTP_SERVER = 'localhost'
+
+# When this is set to True, the session cookie will only be returned to the
+# server via ssl (https). If you connect to the server via plain http, the
+# cookie will not be sent. This prevents sniffing of the cookie contents.
+# This may be set to False when testing your application but should always
+# be set to True in production.
+# Default: ``True``.
+MM_COOKIE_REQUIRES_HTTPS = True
+
+# The name of the cookie used to store the session id.
+# Default: ``.MirrorManager``.
+MM_COOKIE_NAME = 'MirrorManager'
+
+# If not specified the application will rely on the root_url when sending
+# emails, otherwise it will use this URL
+# Default: ``None``.
+APPLICATION_URL = None
+
+# Boolean specifying wether to check the user's IP address when retrieving
+# its session. This make things more secure (thus is on by default) but
+# under certain setup it might not work (for example is there are proxies
+# in front of the application).
+CHECK_SESSION_IP = True
+
+
+
+###
+# Configuration options used by the crons
+###
+
+
+umdl_master_directories = [
+    {
+        'type': 'directory',
+        'path': '../testdata/pub/epel/',
+        'category': 'Fedora EPEL'
+    },
+    {
+        'type': 'directory',
+        'path': '../testdata/pub/fedora/linux/',
+        'category': 'Fedora Linux'
+    },
+    {
+        'type': 'directory',
+        'path': '../testdata/pub/fedora-secondary/',
+        'category': 'Fedora Secondary Arches'
+    },
+    {
+        'type': 'directory',
+        'path': '../testdata/pub/archive/',
+        'category': 'Fedora Archive'
+    },
+    {
+        'type': 'directory',
+        'path': '../testdata/pub/alt/',
+        'category': 'Fedora Other'
+    },
+#    {
+#        'type':'directory',
+#        'path':'../testdata/pub/fedora/linux/',
+#        'category':'Fedora Linux',
+#        'excludes':['.*/core/?.*', '.*/extras/?.*', '.*/[7-8]/?.*' ]
+#    },
+#    {
+#        'type':'rsync',
+#        'url':'rsync://archive.ubuntu.com/ubuntu/',
+#        'category':'Ubuntu Archive'
+#    },
+#    {
+#        'type':'rsync',
+#        'url':'rsync://releases.ubuntu.com/releases/',
+#        'category':'Ubuntu CD Images'
+#        },
+#    {
+#        'type':'rsync',
+#        'url':'rsync://ports.ubuntu.com/ubuntu-ports/',
+#        'category':'Ubuntu Ports Archive'
+#    },
+#    {
+#        'type':'rsync',
+#        'url':'rsync://security.ubuntu.com/ubuntu/',
+#        'category':'Ubuntu Security Archive'
+#    },
+]