Run MBS on copr-frontend instance (unfinished)

playbooks/groups/copr-frontend.yml

@@ -36,5 +36,6 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - base
+   - base
-  - copr/frontend
+   - copr/frontend
+   - copr/mbs

roles/copr/mbs/files/httpd/mbs.conf

@@ -0,0 +1,49 @@
+NameVirtualHost *:443
+LoadModule wsgi_module modules/mod_wsgi.so
+WSGISocketPrefix /var/run/wsgi
+#Alias /robots.txt /var/www/html/robots.txt
+
+<VirtualHost *:443>
+    #ServerName copr.fedorainfracloud.org/module-build-service
+    #ServerAlias copr-fe.cloud.fedoraproject.org/module-build-service
+
+    ServerName module-build-service
+    ServerAlias module-build-service
+
+    WSGIPassAuthorization On
+    #WSGIDaemonProcess 127.0.0.1 user=mbs group=mbs threads=15 display-name=other
+    WSGIDaemonProcess module-build-service user=mbs group=mbs threads=15 display-name=module-build-service
+    #WSGIScriptAlias / /usr/share/copr/coprs_frontend/application
+    #WSGIScriptAlias / /usr/bin/mbs-frontend
+    #WSGIScriptAlias / /usr/share/copr/coprs_frontend/mbs
+    WSGIScriptAlias /module-build-service /usr/share/copr/coprs_frontend/mbs
+    WSGIProcessGroup 127.0.0.1/module-build-service
+
+
+    #ErrorLog logs/error_coprs
+    #CustomLog logs/access_coprs common
+
+    <Directory /usr/share/copr>
+        WSGIApplicationGroup %{GLOBAL}
+    Require all granted
+    </Directory>
+</VirtualHost>
+
+
+<IfModule mod_status.c>
+ExtendedStatus On
+
+<Location /server-status>
+    SetHandler server-status
+    Require all denied
+    Require host localhost .redhat.com
+</Location>
+</IfModule>
+
+<IfModule mpm_prefork_module>
+    StartServers          8
+    MinSpareServers       8
+    MaxSpareServers      20
+    MaxClients          50
+    MaxRequestsPerChild   10000
+</IfModule>

roles/copr/mbs/tasks/main.yml

@@ -0,0 +1,98 @@
+---
+
+- name: Install python and deps for ansible modules
+  raw: dnf install -y python2 python2-dnf libselinux-python
+
+- name: Install stuff
+  dnf: name={{ item }} state=latest
+  with_items:
+    # Those things are explicitly listed in Vagrantfile
+    # https://pagure.io/fm-orchestrator/blob/master/f/Vagrantfile
+    # Should they be covered by spec file?
+    - fedmsg-relay
+    - fedpkg
+    - gcc
+    - gcc
+    - gcc-c++
+    - git
+    - koji
+    - krb5-workstation
+    - libffi-devel
+    - openssl-devel
+    - python
+    - python-devel
+    - python-devel
+    - python-flask
+    - python-mock
+    - python-virtualenv
+    - redhat-rpm-config
+    - redhat-rpm-config
+    - rpm-build
+    - swig
+    - systemd-devel
+
+    # Required for copr
+    - copr-cli
+
+
+# Install module-build-service
+- name: Enable copr-dev repo
+  command: dnf -y copr enable frostyx/module-build-service
+
+- name: Install module-build-service package
+  #dnf: name=module-build-service state=latest
+  command: dnf install https://frostyx.fedorapeople.org/module-build-service-1.0.2-1.fc24.noarch.rpm
+
+
+# Post-install stuff
+- name: Copy config to fedmsg.d (probably workarounding .spec here)
+  command: creates=/etc/fedmsg.d/module_build_service.py
+    cp /etc/module-build-service/fedmsg.d/module_build_service.py /etc/fedmsg.d/
+
+
+# Create user and group for mbs
+- name: Create group for mbs-frontend
+  group: name=mbs state=present
+
+- name: Create user for mbs-frontend
+  user: name=mbs group=mbs
+
+
+
+- name: Upgrade database
+  command: mbs-upgradedb
+
+- name: Generate cert
+  command: mbs-gencert
+
+- name: Export krbcc
+  command: echo 'export KRB5CCNAME=FILE:/var/tmp/krbcc' >> ~/.bashrc
+
+- name: Set properties in config
+  replace:
+    dest: /etc/module-build-service/config.py
+    regexp: '^    {{ item.key }} = .*$'
+    replace: '    {{ item.key }} = {{ item.value }}'
+    backup: yes
+  with_items:
+    - { key: 'SYSTEM', value: '"copr"'}
+    - { key: 'REQUIRE_PACKAGER', value: 'False'}
+    - { key: 'OIDC_CLIENT_SECRETS', value: '"/etc/module-build-service/client_secrets.json"'}
+
+
+# @TODO Should be packaged in module-build-service package? Or should already exist on copr-frontend instance?
+- name: Copy cacert.pem
+  command: wget https://pagure.io/fm-orchestrator/raw/master/f/conf/cacert.pem -O /etc/module-build-service/cacert.pem
+
+
+# Run module-build-service processes
+- name: Enable fedmsg-relay
+  service: name=fedmsg-relay enabled=yes state=started
+
+- name: Run fedmsg-hub
+  service: name=fedmsg-hub enabled=yes state=started
+
+- name: copy apache files to conf.d
+  copy: src=httpd/mbs.conf dest=/etc/httpd/conf.d/mbs.conf
+  tags:
+  - config