diff --git a/inventory/group_vars/pagure b/inventory/group_vars/pagure index b6ef4b2f41..9cdf8c81cd 100644 --- a/inventory/group_vars/pagure +++ b/inventory/group_vars/pagure @@ -8,6 +8,8 @@ num_cpus: 6 # the host_vars/$hostname file tcp_ports: [ 22, 25, 80, 443, 9418, + # Used for the eventsource + 8080, # This is for the pagure public fedmsg relay 9940] diff --git a/inventory/group_vars/pagure-stg b/inventory/group_vars/pagure-stg index 2faf7cff1b..ed37c4eac7 100644 --- a/inventory/group_vars/pagure-stg +++ b/inventory/group_vars/pagure-stg @@ -13,6 +13,10 @@ tcp_ports: [ 22, 25, 80, 443, 9418, # This is for the pagure public fedmsg relay 9940] +stunnel_service: "eventsource" +stunnel_source_port: 8080 +stunnel_destination_port: 8080 + # These are consumed by a task in roles/fedmsg/base/main.yml fedmsg_certs: - service: shell diff --git a/playbooks/manual/upgrade/mote.yml b/playbooks/manual/upgrade/mote.yml index af1c31e1a4..5bc2977886 100644 --- a/playbooks/manual/upgrade/mote.yml +++ b/playbooks/manual/upgrade/mote.yml @@ -1,5 +1,5 @@ - name: push packages out - hosts: value-stg + hosts: value;value-stg user: root vars_files: - /srv/web/infra/ansible/vars/global.yml @@ -22,7 +22,7 @@ when: testing - name: verify the config and restart it - hosts: value-stg + hosts: value;value-stg user: root vars_files: - /srv/web/infra/ansible/vars/global.yml diff --git a/roles/copr/backend/files/provision/provision_builder_tasks.yml b/roles/copr/backend/files/provision/provision_builder_tasks.yml index 70c78c4709..6f7a28feee 100644 --- a/roles/copr/backend/files/provision/provision_builder_tasks.yml +++ b/roles/copr/backend/files/provision/provision_builder_tasks.yml @@ -76,5 +76,5 @@ - name: disable core dumps ini_file: dest=/etc/systemd/coredump.conf section=Coredump option=Storage value=none - notify: - - systemctl daemon-reload +# notify: +# - systemctl daemon-reload diff --git a/roles/pagure/frontend/files/stunnel.service b/roles/pagure/frontend/files/stunnel.service new file mode 100644 index 0000000000..8701ba266f --- /dev/null +++ b/roles/pagure/frontend/files/stunnel.service @@ -0,0 +1,14 @@ +[Unit] +Description=stunnel +After=network.target +Documentation=https://infrastructure.fedoraproject.org/infra/docs/fedmsg-websocket.txt + +[Service] +ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf +Type=forking +User=root +Group=root +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/roles/pagure/frontend/tasks/main.yml b/roles/pagure/frontend/tasks/main.yml index 3a176399e9..e474ee096d 100644 --- a/roles/pagure/frontend/tasks/main.yml +++ b/roles/pagure/frontend/tasks/main.yml @@ -11,6 +11,7 @@ - redis - libsemanage-python - mod_ssl + - stunnel tags: - pagure - packages @@ -127,6 +128,39 @@ - restart pagure_milter +# Set-up stunnel for the event source server + +- name: install stunnel service definition + copy: src=stunnel.service + dest=/usr/lib/systemd/system/stunnel.service + owner=root group=root mode=0755 + notify: + - reload systemd + - restart stunnel + tags: + - pagure + - stunnel + +- name: ensure old stunnel init file is gone + file: dest=/etc/init.d/stunnel/stunnel.init state=absent + tags: + - pagure + - stunnel + - config + +- name: install stunnel.conf + template: src={{ item.file }} + dest={{ item.dest }} + owner=root group=root mode=0600 + with_items: + - { file: stunnel-conf.j2, dest: /etc/stunnel/stunnel.conf } + notify: restart stunnel + tags: + - pagure + - stunnel + - config + + # Set-up Pagure - name: create the /var/www/releases folder @@ -165,6 +199,7 @@ copy: > src={{ private}}/files/httpd/{{ item }} dest=/etc/pki/tls/certs/{{ item }} owner=root group=root mode=0600 + notify: restart stunnel with_items: - pagure.io.cert - pagure.io.key diff --git a/roles/pagure/frontend/templates/stunnel-conf.j2 b/roles/pagure/frontend/templates/stunnel-conf.j2 new file mode 100644 index 0000000000..6dcf68a09d --- /dev/null +++ b/roles/pagure/frontend/templates/stunnel-conf.j2 @@ -0,0 +1,8 @@ +cert = /etc/pki/tls/certs/pagure.io.cert +key = /etc/pki/tls/certs/pagure.io.key +pid = /var/run/stunnel.pid + +[{{ stunnel_service }}] + +accept = {{ stunnel_source_port }} +connect = {{ stunnel_destination_port }} diff --git a/roles/review-stats/build/files/review-stats.cron b/roles/review-stats/build/files/review-stats.cron new file mode 100644 index 0000000000..9947516f88 --- /dev/null +++ b/roles/review-stats/build/files/review-stats.cron @@ -0,0 +1,2 @@ +MAILTO=tibbs@fedoraproject.org +0,30 * * * * apache /usr/local/bin/review-stats.py -c /usr/local/share/review-stats/review-stats.cfg -t /usr/local/share/review-stats/templates -d /srv/web/review-stats/ diff --git a/roles/review-stats/build/tasks/main.yml b/roles/review-stats/build/tasks/main.yml index 6fcc4abbc9..438c39f9c0 100644 --- a/roles/review-stats/build/tasks/main.yml +++ b/roles/review-stats/build/tasks/main.yml @@ -39,3 +39,11 @@ - review-stats - review-stats/build +- name: Install the review-stats cronjob + copy: > + src=review-stats.cron dest=/etc/cron.d/review-stats.cron + owner=root group=root mode=0644 + tags: + - cron + - review-stats + - review-stats/build diff --git a/roles/supybot/files/meetings_by_team.sh b/roles/supybot/files/meetings_by_team.sh index b2486d992e..ec2807bbf1 100755 --- a/roles/supybot/files/meetings_by_team.sh +++ b/roles/supybot/files/meetings_by_team.sh @@ -8,6 +8,6 @@ for f in `find -type f -mtime -30 | grep -v "fedora-meeting\."` do teamname=$(basename $f | awk -F. '{ print $1 }' ) mkdir -p $BASELOCATION/$teamname - ln -s $PWD/$f $BASELOCATION/$teamname/ 2> /dev/null + ln -f -s $PWD/$f $BASELOCATION/$teamname/ 2> /dev/null done diff --git a/roles/taiga/templates/local.py b/roles/taiga/templates/local.py index c117a9ce5f..b4ca5fcdfc 100644 --- a/roles/taiga/templates/local.py +++ b/roles/taiga/templates/local.py @@ -12,7 +12,7 @@ DEBUG = False TEMPLATE_DEBUG = False PUBLIC_REGISTER_ENABLED = True -DEFAULT_FROM_EMAIL = "no-reply@example.com" +DEFAULT_FROM_EMAIL = "nobody@fedoraproject.org" SERVER_EMAIL = DEFAULT_FROM_EMAIL INSTALLED_APPS += ["taiga_contrib_fas_openid_auth"]