From db786b6797d26aa1d2ae643c697629f5ade1b485 Mon Sep 17 00:00:00 2001 From: Randy Barlow Date: Thu, 30 May 2019 21:45:21 +0000 Subject: [PATCH] bodhi: Major cruft cleanup. I worked with nirik, mizdebsk, and puiterwijk to clean up Bodhi's roles and playbooks to remove lots of old crufty things, and this is what we came up with. Signed-off-by: Randy Barlow --- playbooks/groups/bodhi-backend.yml | 7 - playbooks/manual/upgrade/bodhi.yml | 16 +- roles/bodhi2/backend/files/fedmsg-hub.conf | 3 - roles/bodhi2/backend/files/koji-config | 9 -- roles/bodhi2/backend/tasks/main.yml | 180 ++------------------- roles/bodhi2/backend/templates/mash.conf | 18 --- roles/bodhi2/base/handlers/main.yml | 3 - roles/bodhi2/base/tasks/main.yml | 99 ------------ 8 files changed, 21 insertions(+), 314 deletions(-) delete mode 100644 roles/bodhi2/backend/files/fedmsg-hub.conf delete mode 100644 roles/bodhi2/backend/files/koji-config delete mode 100644 roles/bodhi2/backend/templates/mash.conf delete mode 100644 roles/bodhi2/base/handlers/main.yml diff --git a/playbooks/groups/bodhi-backend.yml b/playbooks/groups/bodhi-backend.yml index cd88124e96..540d2d7679 100644 --- a/playbooks/groups/bodhi-backend.yml +++ b/playbooks/groups/bodhi-backend.yml @@ -28,7 +28,6 @@ - nagios_client - collectd/base - hosts - - builder_repo - fas_client - sudo - rkhunter @@ -48,21 +47,15 @@ nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub/' - bodhi2/backend - - role: collectd/fedmsg-service - process: fedmsg-hub - user: masher - - role: keytab/service owner_user: apache owner_group: apache - extra_acl_user: fedmsg service: bodhi host: "bodhi.fedoraproject.org" when: env == "production" - role: keytab/service owner_user: apache owner_group: apache - extra_acl_user: fedmsg service: bodhi host: "bodhi.stg.fedoraproject.org" when: env == "staging" diff --git a/playbooks/manual/upgrade/bodhi.yml b/playbooks/manual/upgrade/bodhi.yml index 1701646863..1882fa993b 100644 --- a/playbooks/manual/upgrade/bodhi.yml +++ b/playbooks/manual/upgrade/bodhi.yml @@ -1,4 +1,4 @@ -- name: check to see if a mash is going on before we do anything... +- name: check to see if a compose is going on before we do anything... hosts: bodhi_backend:bodhi_backend_stg user: root vars_files: @@ -8,11 +8,11 @@ tasks: - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - name: Check for the existance of a mashing lock. + - name: Check for running composes shell: "curl https://bodhi{{env_suffix}}.fedoraproject.org/composes/" register: composes - - name: Fail if we found that a mash was in progress + - name: Fail if we found that a compose was in progress fail: msg: "There are composes in progress." any_errors_fatal: true @@ -29,18 +29,13 @@ - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - - name: clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} - command: dnf clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} - check_mode: no - name: dnf update bodhi-server packages from main repo - dnf: name="{{ item }}" state=latest + dnf: name="{{ item }}" state=latest update_cache=true with_items: - - bodhi-docs - bodhi-server - name: dnf update bodhi-server packages from testing repo - dnf: name="{{ item }}" state=latest enablerepo=infrastructure-tags-stg + dnf: name="{{ item }}" state=latest enablerepo=infrastructure-tags-stg update_cache=true with_items: - - bodhi-docs - bodhi-server when: testing @@ -110,7 +105,6 @@ command: /usr/bin/alembic-3 -c /etc/bodhi/alembic.ini upgrade head args: chdir: /usr/share/bodhi/ - when: inventory_hostname.startswith(('bodhi-backend01.phx2', 'bodhi-backend01.stg.phx2')) - name: Start the fedora-messaging backend service: diff --git a/roles/bodhi2/backend/files/fedmsg-hub.conf b/roles/bodhi2/backend/files/fedmsg-hub.conf deleted file mode 100644 index 9e276c48c9..0000000000 --- a/roles/bodhi2/backend/files/fedmsg-hub.conf +++ /dev/null @@ -1,3 +0,0 @@ -[Service] -User=apache -Group=apache diff --git a/roles/bodhi2/backend/files/koji-config b/roles/bodhi2/backend/files/koji-config deleted file mode 100644 index 2e8afcb7b3..0000000000 --- a/roles/bodhi2/backend/files/koji-config +++ /dev/null @@ -1,9 +0,0 @@ -[koji] -;client certificate -cert = /etc/pki/pkgdb/pkgdb.pem - -;certificate of the CA that issued the client certificate -ca = /etc/pki/pkgdb/fedora-server-ca.cert - -;certificate of the CA that issued the HTTP server certificate -serverca = /etc/pki/pkgdb/fedora-server-ca.cert diff --git a/roles/bodhi2/backend/tasks/main.yml b/roles/bodhi2/backend/tasks/main.yml index e754ab42c7..8867d11da1 100644 --- a/roles/bodhi2/backend/tasks/main.yml +++ b/roles/bodhi2/backend/tasks/main.yml @@ -2,87 +2,39 @@ # tasklist for setting up bodhi/composer (requires bodhi/base) # This is the base set of files needed for bodhi/composer +# The ftpsync group and user are needed to sync the files to the master mirror - name: add ftpsync group group: name=ftpsync gid=263 system=yes state=present tags: - bodhi - - name: add ftpsync user user: name=ftpsync uid=263 group=ftpsync createhome=yes system=yes state=present tags: - bodhi - name: install needed packages - package: name={{ item }} state=present - with_items: - - bodhi-composer - - python3-pyramid_sawing - - sigul - - fedora-repo-zdicts - # Are these still needed? - - compose-utils - - pungi-utils - - python-scandir - - python2-fedfind - - python2-fedmsg-meta-fedora-infrastructure - - python2-koji-cli-plugins - - python2-pdc-client - - python2-productmd + package: + name: + - bodhi-composer + - python3-pyramid_sawing + - sigul + # This is used to generate zchunk data more efficiently + - fedora-repo-zdicts + # The new-updates-sync script uses this + - ostree + - pungi-utils + # Needed for runroot + - python2-koji-cli-plugins + state: present tags: - packages - bodhi -- name: install python3-ccolutils on fedora bodhi backends - package: name=python3-cccolutils state=present - tags: - - packages - - bodhi - -- name: install bodhi-composer - package: name=bodhi-composer state=present - tags: - - packages - - bodhi - -- name: install ostree - package: name=ostree state=present - tags: - - packages - - bodhi - -- name: add masher group - group: name=masher gid=751 system=yes state=present - tags: - - bodhi - -# masher user 751 -- name: add masher user as 751 - and group - user: name=masher uid=751 group=masher home=/home/masher groups=mock,ftpsync,bodhi - tags: - - bodhi - - name: add apache user to the masher group so it can talk to the monitoring socket user: name=apache groups=mock,ftpsync,masher append=yes tags: - bodhi -- name: add nrpe to the apache group so it can talk to the monitoring socket - user: name=nrpe groups=apache append=yes - tags: - - fedmsgmonitor - - nagios_client - -- name: install bodhi.pem file - copy: > - src="{{ private }}/files/bodhi_key_and_cert.pem" - dest="/etc/pki/bodhi/bodhi.pem" - owner=apache - group=apache - mode=0400 - tags: - - config - - bodhi - - name: Put pungi configurations in place template: src="{{item}}" dest=/etc/bodhi/{{item}} with_items: @@ -95,29 +47,6 @@ - bodhi/pungi - config -- name: setup /etc/bodhi/mash.conf file... - template: > - src=mash.conf - dest=/etc/bodhi/mash.conf - owner=apache - group=apache - mode=0640 - tags: - - config - - bodhi - when: env == "production" - -# tasks for setting up epelmasher - -- name: install needed packages - package: name={{ item }} state=present - with_items: - - repoview - tags: - - packages - - bodhi - when: env == "production" - # # koji ssl cert for owner sync jobs below # @@ -131,26 +60,6 @@ - bodhi - cron -- name: remove all old koji-sync cronjobs - file: - path: /etc/cron.d/{{item}} - state: absent - with_items: - - update-koji-owner-EL-6 - - update-koji-owner-EL-6 - - update-koji-owner-epel7 - - update-koji-owner-fedora - - update-koji-owner-fedora-container - - update-koji-owner-modules - tags: - - bodhi - - cron - -- name: have fedmsg own /usr/share/fedmsg, so it can write the CRL there. - file: path=/usr/share/fedmsg state=directory owner=fedmsg group=fedmsg - tags: - - bodhi - - name: sync packages from pagure-on-dist-git to koji (all branches) # XXX If you modify this taglist. Please also modify the other copy in # bodhi2/backend/files/koji-sync-listener.py @@ -163,17 +72,6 @@ - bodhi - cron -- name: Ensure that /var/lib/bodhi exists - file: - path: /var/lib/bodhi - state: directory - mode: 0755 - owner: apache - group: apache - tags: - - bodhi - - cron - - name: put the koji sync listener script in place copy: src: koji-sync-listener.py @@ -226,6 +124,7 @@ - bodhi - cron +# These next two are used by quick-fedora-mirror - name: put update-fullfiletimelist in place copy: src="{{ files }}/scripts/update-fullfiletimelist" dest=/usr/local/bin/update-fullfiletimelist mode=0755 when: env == "production" @@ -233,7 +132,6 @@ - config - bodhi - cron - - name: add create-filelist script from quick-fedora-mirror copy: src="{{ files }}/scripts/create-filelist" dest=/usr/local/bin/create-filelist mode=0755 when: env == "production" @@ -258,6 +156,7 @@ - bodhi - cron +# This generates https://dl.fedoraproject.org/pub/DIRECTORY_SIZES.txt - name: directory sizes update cron job. cron: name="directory-sizes-update" minute="30" hour="19" user="ftpsync" job="/usr/bin/find /pub/alt/ /pub/archive/ /pub/fedora-secondary/ /pub/fedora/ /pub/epel/ -type d ! -path '/pub/alt/screenshots/f21/source' | grep -v snapshot | /usr/bin/xargs -n 1 /usr/bin/du --exclude=.snapshot -sh > /tmp/DIRECTORY_SIZES.txt 2> /dev/null; cp /tmp/DIRECTORY_SIZES.txt /pub/" @@ -352,15 +251,6 @@ - bodhi - config -- name: have the apache own /var/cache/bodhi because of course.. - file: > - path="/var/cache/bodhi" - owner=apache - group=apache - tags: - - config - - bodhi - - name: ensure apache is disabled on the backend service: name=httpd enabled=no state=stopped tags: @@ -415,41 +305,3 @@ template: src=kojiprofile.conf dest=/etc/koji.conf.d/bodhi.conf tags: - bodhi - -- name: Install dist-repo-regen.py - copy: - src: dist-repo-regen.py - dest: /usr/local/bin/dist-repo-regen.py - mode: 0755 - owner: apache - group: apache - when: inventory_hostname.startswith('bodhi-backend01.stg') - tags: - - bodhi - - tag2distrepo - -- name: Install cron job to regenerate dist repos regularly - cron: - cron_file: dist-repo-regen - name: dist-repo-regen - job: /usr/local/bin/dist-repo-regen.py - user: apache - minute: 42 - when: inventory_hostname.startswith('bodhi-backend01.stg') - tags: - - bodhi - - cron - - tag2distrepo - -- name: Redirect debugging output from dist-repo-regen cron to mizdebsk - cron: - cron_file: dist-repo-regen - name: MAILTO - value: mizdebsk - env: yes - user: apache - when: inventory_hostname.startswith('bodhi-backend01.stg') - tags: - - bodhi - - cron - - tag2distrepo diff --git a/roles/bodhi2/backend/templates/mash.conf b/roles/bodhi2/backend/templates/mash.conf deleted file mode 100644 index a99ea7d08d..0000000000 --- a/roles/bodhi2/backend/templates/mash.conf +++ /dev/null @@ -1,18 +0,0 @@ -[defaults] -{% if env == 'staging' %} -buildhost = https://koji.stg.fedoraproject.org/kojihub -{% else %} -buildhost = https://koji.fedoraproject.org/kojihub -{% endif %} - -symlink = False -configdir = /etc/bodhi/ -repodir = /mnt/koji -fork = True -use_sqlite = True -{% if env == 'staging' %} -strict_keys = False -{% else %} -strict_keys = True -{% endif %} -max_delta_rpm_size = 1500000000 diff --git a/roles/bodhi2/base/handlers/main.yml b/roles/bodhi2/base/handlers/main.yml deleted file mode 100644 index a9cabe6fe5..0000000000 --- a/roles/bodhi2/base/handlers/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -- name: reload bodhi httpd - command: /usr/local/bin/conditional-reload.sh httpd httpd - when: not inventory_hostname.startswith('bodhi-backend') diff --git a/roles/bodhi2/base/tasks/main.yml b/roles/bodhi2/base/tasks/main.yml index ecb46b7918..d7b6be4306 100644 --- a/roles/bodhi2/base/tasks/main.yml +++ b/roles/bodhi2/base/tasks/main.yml @@ -2,22 +2,6 @@ # tasklist for setting up bodhi # This is the base set of files needed for bodhi -- name: install needed packages - package: name={{ item }} state=present - with_items: - - bodhi-docs - - bodhi-server - - libsemanage-python - tags: - - packages - - bodhi - -- name: setup /etc/bodhi/ directory - file: path=/etc/bodhi owner=root group=root mode=0755 state=directory - tags: - - config - - bodhi - - name: Configure alembic template: src: alembic.ini @@ -27,86 +11,3 @@ tags: - config - bodhi - -- name: setup /etc/pki/bodhi directory - file: path=/etc/pki/bodhi owner=root group=root mode=0755 state=directory - tags: - - config - - bodhi - -- name: setup /var/cache/bodhi directory - file: dest=/var/cache/bodhi mode=0755 state=directory - tags: - - config - - bodhi - -- name: Create ccache directory - file: dest=/var/run/bodhi.ccache mode=0700 state=directory - owner=apache group=apache - tags: - - config - - bodhi - -#- name: check the selinux context of the bugzilla cookie -# command: matchpathcon /var/tmp/bodhi-bz.cookie -# register: cookiecontext -# check_mode: no -# changed_when: "1 != 1" -# tags: -# - config -# - bodhi -# - selinux -# -#- name: set the SELinux policy for the bugzilla cookie -# command: semanage fcontext -a -t httpd_tmp_t "/var/tmp/bodhi-bz.cookie" -# when: cookiecontext.stdout.find('httpd_tmp_t') == -1 -# tags: -# - config -# - bodhi -# - selinux - -- name: enable httpd_tmp_exec SELinux boolean - seboolean: name=httpd_tmp_exec state=yes persistent=yes - tags: - - config - - bodhi - - selinux - -- name: enable httpd_can_network_connect_db SELinux boolean - seboolean: name=httpd_can_network_connect_db state=yes persistent=yes - tags: - - config - - bodhi - - selinux - -- name: enable httpd_can_network_connect SELinux boolean - seboolean: name=httpd_can_network_connect state=yes persistent=yes - tags: - - config - - bodhi - - selinux - -- name: enable httpd_execmem SELinux boolean - seboolean: name=httpd_execmem state=yes persistent=yes - tags: - - config - - bodhi - - selinux - -#- name: check the selinux context of bodhi's homedir -# command: matchpathcon /usr/share/bodhi/.fedora -# register: homedir -# check_mode: no -# changed_when: "1 != 1" -# tags: -# - config -# - bodhi -# - selinux - -#- name: /usr/share/bodhi/.fedora file contexts -# command: semanage fcontext -a -t httpd_sys_rw_content_t "/usr/share/bodhi/.fedora" -# when: homedir.stdout.find('httpd_sys_content_t') == -1 and env == 'production' -# tags: -# - config -# - bodhi -# - selinux