copr: we no longer use mbs
This commit is contained in:
parent
f39c2b99ee
commit
e8ea8a80c8
13 changed files with 0 additions and 370 deletions
|
@ -12,5 +12,3 @@ csi_purpose: Provide a publicly accessible frontend for 3rd party packages (copr
|
|||
csi_relationship: |
|
||||
- This host provides the frontend part of copr only.
|
||||
- It's the point of contact between end users and the copr build system (backend, package singer)
|
||||
|
||||
copr_mbs_cli_login: Y29wcg==##vtvvikhcjncwkfkdcssv
|
||||
|
|
|
@ -39,5 +39,4 @@
|
|||
roles:
|
||||
- base
|
||||
- copr/frontend
|
||||
- copr/mbs
|
||||
- nagios_client
|
||||
|
|
|
@ -7,9 +7,6 @@
|
|||
- /etc/fedmsg.d/relay.py
|
||||
- /etc/fedmsg.d/ssl.py
|
||||
|
||||
- name: install the MBS config
|
||||
template: src="fedmsg.d/mbs.py" dest=/etc/fedmsg.d/
|
||||
|
||||
- name: install fedmsg-relay
|
||||
dnf: state=latest name=fedmsg-relay
|
||||
|
||||
|
|
|
@ -1,23 +0,0 @@
|
|||
config = dict(
|
||||
|
||||
sign_messages=False,
|
||||
validate_signatures=False,
|
||||
|
||||
endpoints={
|
||||
# This is the output side of the relay to which all other
|
||||
# services can listen.
|
||||
"relay_outbound": [
|
||||
"tcp://{{ copr_backend_ips[0] }}:4001",
|
||||
],
|
||||
},
|
||||
|
||||
# This is the address of an active->passive relay. It is used for the
|
||||
# fedmsg-logger command which requires another service with a stable
|
||||
# listening address for it to send messages to.
|
||||
# It is also used by the git-hook, for the same reason.
|
||||
# It is also used by the mediawiki php plugin which, due to the oddities of
|
||||
# php, can't maintain a single passive-bind endpoint of it's own.
|
||||
relay_inbound=[
|
||||
"tcp://{{ copr_backend_ips[0] }}:2003",
|
||||
],
|
||||
)
|
|
@ -8,11 +8,6 @@ Alias /robots.txt /var/www/html/robots.txt
|
|||
ServerAlias copr-fe.cloud.fedoraproject.org
|
||||
WSGIPassAuthorization On
|
||||
|
||||
|
||||
# Needs to be above WSGIScriptAlias /
|
||||
# http://stackoverflow.com/a/9690110
|
||||
IncludeOptional /etc/httpd/conf/vhost[s]/mbs/mbs.conf
|
||||
|
||||
WSGIDaemonProcess 127.0.0.1 user=copr-fe group=copr-fe threads=15 display-name=other maximum-requests=8000 graceful-timeout=20
|
||||
WSGIDaemonProcess api user=copr-fe group=copr-fe threads=15 display-name=api maximum-requests=8000 graceful-timeout=20
|
||||
WSGIDaemonProcess backend user=copr-fe group=copr-fe threads=15 display-name=backend maximum-requests=8000 graceful-timeout=20
|
||||
|
|
|
@ -1,14 +0,0 @@
|
|||
[Unit]
|
||||
Description=Generic fedmsg processing hub
|
||||
After=network.target
|
||||
Documentation=https://fedmsg.readthedocs.org/
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/bin/fedmsg-hub
|
||||
Type=simple
|
||||
User=mbs
|
||||
Group=mbs
|
||||
Restart=on-failure
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,19 +0,0 @@
|
|||
# Needs to be above WSGIScriptAlias /
|
||||
# @TODO With this configuration it needs to be accessed via [1] instead of [2]
|
||||
# [1] http://127.0.0.1:8080/module-build-service/module-build-service/1/module-builds/
|
||||
# [2] http://127.0.0.1:8080/module-build-service/1/module-builds/
|
||||
|
||||
WSGIDaemonProcess module-build-service user=mbs group=mbs threads=15 display-name=module-build-service
|
||||
WSGIScriptAlias /module-build-service /opt/module-build-service/mbs.wsgi
|
||||
<Location /module-build-service>
|
||||
Require host localhost
|
||||
WSGIProcessGroup module-build-service
|
||||
</Location>
|
||||
|
||||
<Directory /opt/module-build-service>
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
RewriteEngine On
|
||||
RewriteRule ^/module/(.*)$ /module-build-service/module-build-service/$1 [PT]
|
|
@ -1,18 +0,0 @@
|
|||
#!/usr/bin/python2
|
||||
import logging
|
||||
import os
|
||||
import sys
|
||||
|
||||
# so that errors are not sent to stdout
|
||||
logging.basicConfig(stream=sys.stderr)
|
||||
|
||||
os.environ["COPRS_ENVIRON_PRODUCTION"] = "1"
|
||||
sys.path.insert(0, os.path.dirname(__file__))
|
||||
|
||||
from module_build_service import app
|
||||
|
||||
if app.debug:
|
||||
from werkzeug.debug import DebuggedApplication
|
||||
app = DebuggedApplication(app, True)
|
||||
|
||||
application = app
|
|
@ -1,7 +0,0 @@
|
|||
- import_tasks: "{{ handlers_path }}/restart_services.yml"
|
||||
|
||||
- name: daemon reload
|
||||
command: systemctl daemon-reload
|
||||
|
||||
- name: restart httpd
|
||||
service: name=httpd state=restarted
|
|
@ -1,154 +0,0 @@
|
|||
---
|
||||
|
||||
# Cant use the ansible dnf module here. It doesnt work without these pacakges.
|
||||
# Therefore using command module
|
||||
- name: Install python and deps for ansible modules
|
||||
command: dnf install --refresh -y python2 python2-dnf libselinux-python
|
||||
|
||||
|
||||
- name: Install stuff
|
||||
dnf: name={{ item }} state=latest
|
||||
with_items:
|
||||
# Those things are explicitly listed in Vagrantfile
|
||||
# https://pagure.io/fm-orchestrator/blob/master/f/Vagrantfile
|
||||
# Should they be covered by spec file?
|
||||
- fedmsg-hub
|
||||
- fedmsg-relay
|
||||
- fedpkg
|
||||
- gcc
|
||||
- gcc
|
||||
- gcc-c++
|
||||
- krb5-workstation
|
||||
- libffi-devel
|
||||
- openssl-devel
|
||||
- python-virtualenv
|
||||
- redhat-rpm-config
|
||||
- redhat-rpm-config
|
||||
- swig
|
||||
- systemd-devel
|
||||
|
||||
# Not covered by Vagrantfile nor .spec file,
|
||||
# but it seems to be required
|
||||
- python-systemd
|
||||
|
||||
# Required for copr
|
||||
- copr-cli
|
||||
- python2-copr
|
||||
|
||||
|
||||
- name: Install module-build-service package
|
||||
dnf: name=module-build-service state=latest
|
||||
notify:
|
||||
- restart httpd
|
||||
- restart fedmsg-hub
|
||||
|
||||
|
||||
# Post-install stuff
|
||||
|
||||
# We don't need following configs because everything required is set in
|
||||
# module_build_service.py. It only causes problems with overriding our settings
|
||||
- name: Remove redundant fedmsg.d files
|
||||
file: path="{{item}}" state=absent
|
||||
with_items:
|
||||
- /etc/fedmsg.d/endpoints.py
|
||||
- /etc/fedmsg.d/relay.py
|
||||
- /etc/fedmsg.d/ssl.py
|
||||
|
||||
- name: setup module_build_service
|
||||
template: src=module_build_service.py dest=/etc/fedmsg.d/module_build_service.py mode=0644 owner=root group=root
|
||||
|
||||
- name: Listen to copr-be-dev
|
||||
lineinfile:
|
||||
dest: /etc/fedmsg.d/module_build_service.py
|
||||
insertafter:
|
||||
line: "{{ item }}"
|
||||
with_items:
|
||||
- " config['endpoints']['relay_outbound'].append('tcp://{{ copr_backend_ips[0] }}:4001')"
|
||||
- " config['relay_inbound'].append('tcp://{{ copr_backend_ips[0] }}:2003')"
|
||||
when: env == "staging"
|
||||
|
||||
|
||||
# We want to run fedmsg-hub as 'mbs' user, because we don't want to rpmbuild as 'fedmsg'
|
||||
- name: Copy modified fedmsg-hub.service file
|
||||
copy: src=fedmsg-hub.service dest=/etc/systemd/system/fedmsg-hub.service
|
||||
notify: daemon reload
|
||||
|
||||
|
||||
# Create user and group for mbs
|
||||
- name: Create group for mbs-frontend
|
||||
group: name=mbs state=present gid=1002
|
||||
|
||||
- name: Create user for mbs-frontend
|
||||
user: name=mbs group=mbs uid=1002
|
||||
|
||||
|
||||
|
||||
# The config provided by MBS package is a python file
|
||||
# Instead of replacing values by regex in such file, rather rename
|
||||
# the original file and then install own configuration file which
|
||||
# inherits the original one and then customizes it.
|
||||
- name: Stat base_config
|
||||
stat: path=/etc/module-build-service/base_config.py
|
||||
register: base_config_stat
|
||||
|
||||
- name: Move config.py to base_config.py
|
||||
command: mv /etc/module-build-service/config.py /etc/module-build-service/base_config.py creates=/etc/module-build-service/base_config.py
|
||||
|
||||
- name: Touch __init__.py file
|
||||
copy: dest=/etc/module-build-service/__init__.py force=no content=''
|
||||
|
||||
- name: Copy production config
|
||||
template: src=config.py dest=/etc/module-build-service/config.py
|
||||
|
||||
- name: Copy config for copr-cli
|
||||
template: src=copr.conf dest=/etc/module-build-service/copr.conf
|
||||
|
||||
|
||||
- name: Upgrade database
|
||||
command: mbs-upgradedb
|
||||
|
||||
#- name: Generate cert
|
||||
# command: mbs-gencert
|
||||
# args:
|
||||
# creates: /etc/module-build-service/server.crt
|
||||
#
|
||||
#- name: generate cacert.pem
|
||||
# shell: cat /etc/module-build-service/server.crt /etc/module-build-service/server.key > /etc/module-build-service/cacert.pem
|
||||
# args:
|
||||
# creates: /etc/module-build-service/cacert.pem
|
||||
|
||||
- name: Chown /etc/module-build-service to mbs:mbs
|
||||
file: path=/etc/module-build-service owner=mbs group=mbs recurse=yes mode=g+w
|
||||
|
||||
- name: Add copr-fe to mbs group
|
||||
user: name=copr-fe groups=mbs append=yes
|
||||
|
||||
- name: Allow writing into DB file in SELinux
|
||||
file: path="{{item}}" setype=httpd_sys_rw_content_t
|
||||
with_items:
|
||||
- /etc/module-build-service
|
||||
- /etc/module-build-service/module_build_service.db
|
||||
|
||||
# Run module-build-service processes
|
||||
- name: Enable fedmsg-relay
|
||||
service: name=fedmsg-relay enabled=yes state=started
|
||||
when: inventory_hostname == 'copr-fe.cloud.fedoraproject.org'
|
||||
|
||||
- name: Run fedmsg-hub
|
||||
service: name=fedmsg-hub enabled=yes state=started
|
||||
|
||||
|
||||
|
||||
# Prepare and run MBS frontend
|
||||
- name: Create /opt/module-build-service
|
||||
file: path=/opt/module-build-service state=directory
|
||||
|
||||
- name: Copy mbs.wsgi file
|
||||
copy: src=mbs.wsgi dest=/opt/module-build-service/mbs.wsgi
|
||||
|
||||
- name: Create vhosts directory
|
||||
file: path=/etc/httpd/conf/vhosts/mbs state=directory
|
||||
|
||||
- name: Copy httpd/mbs.conf to vhosts directory
|
||||
copy: src=httpd/mbs.conf dest=/etc/httpd/conf/vhosts/mbs/mbs.conf
|
||||
notify: reload httpd
|
|
@ -1,58 +0,0 @@
|
|||
import sys
|
||||
sys.path.insert(1, '/etc/module-build-service')
|
||||
|
||||
import base_config as base
|
||||
from base_config import confdir, dbdir
|
||||
|
||||
|
||||
class ProdConfiguration(base.ProdConfiguration):
|
||||
SYSTEM = 'copr'
|
||||
SECRET_KEY = '{{ copr_mbs_secret_key }}'
|
||||
|
||||
YAML_SUBMIT_ALLOWED = True
|
||||
|
||||
PDC_INSECURE = False
|
||||
|
||||
# Only copr-frontend is allowed to communicate with this mbs instance
|
||||
# Therefore we don't require it to authenicate first, we trust it
|
||||
NO_AUTH = True
|
||||
|
||||
# Use production instances of PDC and Koji
|
||||
KOJI_REPOSITORY_URL = 'https://kojipkgs.fedoraproject.org/repos'
|
||||
PDC_URL = 'https://pdc.fedoraproject.org/rest_api/v1'
|
||||
|
||||
# Do not restrict to only trusted repositories, allow everything
|
||||
SCMURLS = []
|
||||
ALLOW_CUSTOM_SCMURLS = True
|
||||
|
||||
{% if env == 'staging' %}
|
||||
MESSAGING_TOPIC_PREFIX = ['org.fedoraproject.dev', 'org.fedoraproject.stg']
|
||||
{% else %}
|
||||
MESSAGING_TOPIC_PREFIX = ['org.fedoraproject.prod', 'org.fedoraproject.dev']
|
||||
{% endif %}
|
||||
|
||||
# Allow custom component repositories
|
||||
RPMS_ALLOW_REPOSITORY = True
|
||||
RPMS_ALLOW_CACHE = True
|
||||
MODULES_ALLOW_REPOSITORY = True
|
||||
|
||||
# Determines how many builds can be submitted to the builder
|
||||
# and be in the build state at a time. Set this to 0 for no restrictions
|
||||
# We can set some limit in the future, once we need it
|
||||
NUM_CONSECUTIVE_BUILDS = 0
|
||||
|
||||
# When MBS frontend runs on same machine as scheduler,
|
||||
# it is fine to set this to localhost
|
||||
SERVER_NAME = 'localhost'
|
||||
|
||||
|
||||
class DevConfiguration(base.DevConfiguration):
|
||||
SYSTEM = 'copr'
|
||||
|
||||
|
||||
class BaseConfiguration(base.BaseConfiguration):
|
||||
pass
|
||||
|
||||
|
||||
class TestConfiguration(base.TestConfiguration):
|
||||
pass
|
|
@ -1,10 +0,0 @@
|
|||
[copr-cli]
|
||||
|
||||
# Username belongs to build owner and is provided by MBS on runtime
|
||||
username =
|
||||
|
||||
# API login for copr proxyuser
|
||||
login = {{ copr_mbs_cli_login }}
|
||||
token = {{ copr_mbs_cli_token }}
|
||||
|
||||
copr_url = {% if env == 'staging' %}http{% else %}https{% endif %}://{{ copr_frontend_public_hostname }}
|
|
@ -1,56 +0,0 @@
|
|||
import os
|
||||
|
||||
config = {
|
||||
# Just for dev.
|
||||
"validate_signatures": False,
|
||||
|
||||
# Talk to the relay, so things also make it to composer.stg in our dev env
|
||||
"active": True,
|
||||
|
||||
# Since we're in active mode, we don't need to declare any of our own
|
||||
# passive endpoints. This placeholder value needs to be here for the tests
|
||||
# to pass in Jenkins, though. \o/
|
||||
"endpoints": {
|
||||
"fedora-infrastructure": [
|
||||
# Just listen to staging for now, not to production (spam!)
|
||||
{% if inventory_hostname.startswith('copr-fe.cloud') %}
|
||||
"tcp://hub.fedoraproject.org:9940"
|
||||
{% else %}
|
||||
#"tcp://stg.fedoraproject.org:9940"
|
||||
{% endif %}
|
||||
],
|
||||
},
|
||||
|
||||
# Start of code signing configuration
|
||||
# 'sign_messages': True,
|
||||
# 'validate_signatures': True,
|
||||
# 'crypto_backend': 'x509',
|
||||
# 'crypto_validate_backends': ['x509'],
|
||||
# 'ssldir': '/opt/module_build_service/pki',
|
||||
# 'crl_location': 'http://localhost/crl/ca.crl',
|
||||
# 'crl_cache': '/etc/pki/fedmsg/crl.pem',
|
||||
# 'crl_cache_expiry': 10,
|
||||
# 'ca_cert_location': 'http://localhost/crl/ca.crt',
|
||||
# 'ca_cert_cache': '/etc/pki/fedmsg/ca.crt',
|
||||
# 'ca_cert_cache_expiry': 0, # Never expires
|
||||
# 'certnames': {
|
||||
# 'module_build_service.localhost': 'localhost'
|
||||
# }
|
||||
# End of code signing configuration
|
||||
}
|
||||
|
||||
# developer's instance (docker/vagrant/...)
|
||||
if 'MODULE_BUILD_SERVICE_DEVELOPER_ENV' in os.environ and \
|
||||
os.environ['MODULE_BUILD_SERVICE_DEVELOPER_ENV'].lower() in (
|
||||
'1', 'on', 'true', 'y', 'yes'):
|
||||
config['endpoints']['relay_outbound'] = ["tcp://fedmsg-relay:2001"]
|
||||
config['relay_inbound'] = ["tcp://fedmsg-relay:2003"]
|
||||
else:
|
||||
# These configuration values are reasonable for most other configurations.
|
||||
{% if inventory_hostname.startswith('copr-fe.cloud') %}
|
||||
config['endpoints']['relay_outbound'] = ["tcp://127.0.0.1:4001"]
|
||||
config['relay_inbound'] = ["tcp://127.0.0.1:2003"]
|
||||
{% else %}
|
||||
config['endpoints']['relay_outbound'] = ['tcp://172.25.32.175:4001']
|
||||
config['relay_inbound'] = ['tcp://172.25.32.175:2003']
|
||||
{% endif %}
|
Loading…
Add table
Add a link
Reference in a new issue