copr: we no longer use mbs

2018-02-23 08:21:56 +01:00 · 2018-02-23 08:21:56 +01:00 · e8ea8a80c8
commit e8ea8a80c8
parent f39c2b99ee
13 changed files with 0 additions and 370 deletions
--- a/inventory/group_vars/copr-front
+++ b/inventory/group_vars/copr-front
@ -12,5 +12,3 @@ csi_purpose: Provide a publicly accessible frontend for 3rd party packages (copr
 csi_relationship: |
  - This host provides the frontend part of copr only.
  - It's the point of contact between end users and the copr build system (backend, package singer)
-
-copr_mbs_cli_login: Y29wcg==##vtvvikhcjncwkfkdcssv
--- a/playbooks/groups/copr-frontend.yml
+++ b/playbooks/groups/copr-frontend.yml
@ -39,5 +39,4 @@
  roles:
   - base
   - copr/frontend
-   - copr/mbs
   - nagios_client
--- a/roles/copr/backend/tasks/fedmsg.yml
+++ b/roles/copr/backend/tasks/fedmsg.yml
@ -7,9 +7,6 @@
    - /etc/fedmsg.d/relay.py
    - /etc/fedmsg.d/ssl.py

- name: install the MBS config
-  template: src="fedmsg.d/mbs.py" dest=/etc/fedmsg.d/
-
 - name: install fedmsg-relay
  dnf: state=latest name=fedmsg-relay

--- a/roles/copr/backend/templates/fedmsg.d/mbs.py
+++ b/roles/copr/backend/templates/fedmsg.d/mbs.py
@ -1,23 +0,0 @@
-config = dict(
-
-    sign_messages=False,
-    validate_signatures=False,
-
-    endpoints={
-        # This is the output side of the relay to which all other
-        # services can listen.
-        "relay_outbound": [
-            "tcp://{{ copr_backend_ips[0] }}:4001",
-        ],
-    },
-
-    # This is the address of an active->passive relay.  It is used for the
-    # fedmsg-logger command which requires another service with a stable
-    # listening address for it to send messages to.
-    # It is also used by the git-hook, for the same reason.
-    # It is also used by the mediawiki php plugin which, due to the oddities of
-    # php, can't maintain a single passive-bind endpoint of it's own.
-    relay_inbound=[
-        "tcp://{{ copr_backend_ips[0] }}:2003",
-    ],
-)
--- a/roles/copr/frontend/files/httpd/coprs.conf
+++ b/roles/copr/frontend/files/httpd/coprs.conf
@ -8,11 +8,6 @@ Alias /robots.txt /var/www/html/robots.txt
    ServerAlias copr-fe.cloud.fedoraproject.org
    WSGIPassAuthorization On

-
-    # Needs to be above WSGIScriptAlias /
-    # http://stackoverflow.com/a/9690110
-    IncludeOptional /etc/httpd/conf/vhost[s]/mbs/mbs.conf
-
    WSGIDaemonProcess 127.0.0.1 user=copr-fe group=copr-fe threads=15 display-name=other maximum-requests=8000 graceful-timeout=20
    WSGIDaemonProcess api user=copr-fe group=copr-fe threads=15 display-name=api maximum-requests=8000 graceful-timeout=20
    WSGIDaemonProcess backend user=copr-fe group=copr-fe threads=15 display-name=backend maximum-requests=8000 graceful-timeout=20
--- a/roles/copr/mbs/files/fedmsg-hub.service
+++ b/roles/copr/mbs/files/fedmsg-hub.service
@ -1,14 +0,0 @@
-[Unit]
-Description=Generic fedmsg processing hub
-After=network.target
-Documentation=https://fedmsg.readthedocs.org/
-
-[Service]
-ExecStart=/usr/bin/fedmsg-hub
-Type=simple
-User=mbs
-Group=mbs
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target
--- a/roles/copr/mbs/files/httpd/mbs.conf
+++ b/roles/copr/mbs/files/httpd/mbs.conf
@ -1,19 +0,0 @@
-# Needs to be above WSGIScriptAlias /
-# @TODO With this configuration it needs to be accessed via [1] instead of [2]
-# [1] http://127.0.0.1:8080/module-build-service/module-build-service/1/module-builds/
-# [2] http://127.0.0.1:8080/module-build-service/1/module-builds/
-
-WSGIDaemonProcess module-build-service user=mbs group=mbs threads=15 display-name=module-build-service
-WSGIScriptAlias /module-build-service /opt/module-build-service/mbs.wsgi
-<Location /module-build-service>
-    Require host localhost
-    WSGIProcessGroup module-build-service
-</Location>
-
-<Directory /opt/module-build-service>
-    WSGIApplicationGroup %{GLOBAL}
-    Require all granted
-</Directory>
-
-RewriteEngine On
-RewriteRule ^/module/(.*)$ /module-build-service/module-build-service/$1 [PT]
--- a/roles/copr/mbs/files/mbs.wsgi
+++ b/roles/copr/mbs/files/mbs.wsgi
@ -1,18 +0,0 @@
-#!/usr/bin/python2
-import logging
-import os
-import sys
-
-# so that errors are not sent to stdout
-logging.basicConfig(stream=sys.stderr)
-
-os.environ["COPRS_ENVIRON_PRODUCTION"] = "1"
-sys.path.insert(0, os.path.dirname(__file__))
-
-from module_build_service import app
-
-if app.debug:
-    from werkzeug.debug import DebuggedApplication
-    app = DebuggedApplication(app, True)
-
-application = app
--- a/roles/copr/mbs/handlers/main.yml
+++ b/roles/copr/mbs/handlers/main.yml
@ -1,7 +0,0 @@
- import_tasks: "{{ handlers_path }}/restart_services.yml"
-
- name: daemon reload
-  command: systemctl daemon-reload
-
- name: restart httpd
-  service: name=httpd state=restarted
--- a/roles/copr/mbs/tasks/main.yml
+++ b/roles/copr/mbs/tasks/main.yml
@ -1,154 +0,0 @@
---
-
-# Cant use the ansible dnf module here. It doesnt work without these pacakges.
-# Therefore using command module
- name: Install python and deps for ansible modules
-  command: dnf install --refresh -y python2 python2-dnf libselinux-python
-
-
- name: Install stuff
-  dnf: name={{ item }} state=latest
-  with_items:
-    # Those things are explicitly listed in Vagrantfile
-    # https://pagure.io/fm-orchestrator/blob/master/f/Vagrantfile
-    # Should they be covered by spec file?
-    - fedmsg-hub
-    - fedmsg-relay
-    - fedpkg
-    - gcc
-    - gcc
-    - gcc-c++
-    - krb5-workstation
-    - libffi-devel
-    - openssl-devel
-    - python-virtualenv
-    - redhat-rpm-config
-    - redhat-rpm-config
-    - swig
-    - systemd-devel
-
-    # Not covered by Vagrantfile nor .spec file,
-    # but it seems to be required
-    - python-systemd
-
-    # Required for copr
-    - copr-cli
-    - python2-copr
-
-
- name: Install module-build-service package
-  dnf: name=module-build-service state=latest
-  notify:
-    - restart httpd
-    - restart fedmsg-hub
-
-
-# Post-install stuff
-
-# We don't need following configs because everything required is set in
-# module_build_service.py. It only causes problems with overriding our settings
- name: Remove redundant fedmsg.d files
-  file: path="{{item}}" state=absent
-  with_items:
-    - /etc/fedmsg.d/endpoints.py
-    - /etc/fedmsg.d/relay.py
-    - /etc/fedmsg.d/ssl.py
-
- name: setup module_build_service
-  template: src=module_build_service.py dest=/etc/fedmsg.d/module_build_service.py mode=0644 owner=root group=root
-
- name: Listen to copr-be-dev
-  lineinfile:
-    dest: /etc/fedmsg.d/module_build_service.py
-    insertafter:
-    line: "{{ item }}"
-  with_items:
-    - "    config['endpoints']['relay_outbound'].append('tcp://{{ copr_backend_ips[0] }}:4001')"
-    - "    config['relay_inbound'].append('tcp://{{ copr_backend_ips[0] }}:2003')"
-  when: env == "staging"
-
-
-# We want to run fedmsg-hub as 'mbs' user, because we don't want to rpmbuild as 'fedmsg'
- name: Copy modified fedmsg-hub.service file
-  copy: src=fedmsg-hub.service dest=/etc/systemd/system/fedmsg-hub.service
-  notify: daemon reload
-
-
-# Create user and group for mbs
- name: Create group for mbs-frontend
-  group: name=mbs state=present gid=1002
-
- name: Create user for mbs-frontend
-  user: name=mbs group=mbs uid=1002
-
-
-
-# The config provided by MBS package is a python file
-# Instead of replacing values by regex in such file, rather rename
-# the original file and then install own configuration file which
-# inherits the original one and then customizes it.
- name: Stat base_config
-  stat: path=/etc/module-build-service/base_config.py
-  register: base_config_stat
-
- name: Move config.py to base_config.py
-  command: mv /etc/module-build-service/config.py /etc/module-build-service/base_config.py creates=/etc/module-build-service/base_config.py
-
- name: Touch __init__.py file
-  copy: dest=/etc/module-build-service/__init__.py force=no content=''
-
- name: Copy production config
-  template: src=config.py dest=/etc/module-build-service/config.py
-
- name: Copy config for copr-cli
-  template: src=copr.conf dest=/etc/module-build-service/copr.conf
-
-
- name: Upgrade database
-  command: mbs-upgradedb
-
-#- name: Generate cert
-#  command: mbs-gencert
-#  args:
-#    creates: /etc/module-build-service/server.crt
-#
-#- name: generate cacert.pem
-#  shell: cat /etc/module-build-service/server.crt /etc/module-build-service/server.key > /etc/module-build-service/cacert.pem
-#  args:
-#    creates: /etc/module-build-service/cacert.pem
-
- name: Chown /etc/module-build-service to mbs:mbs
-  file: path=/etc/module-build-service owner=mbs group=mbs recurse=yes mode=g+w
-
- name: Add copr-fe to mbs group
-  user: name=copr-fe groups=mbs append=yes
-
- name: Allow writing into DB file in SELinux
-  file: path="{{item}}" setype=httpd_sys_rw_content_t
-  with_items:
-    - /etc/module-build-service
-    - /etc/module-build-service/module_build_service.db
-
-# Run module-build-service processes
- name: Enable fedmsg-relay
-  service: name=fedmsg-relay enabled=yes state=started
-  when: inventory_hostname == 'copr-fe.cloud.fedoraproject.org'
-
- name: Run fedmsg-hub
-  service: name=fedmsg-hub enabled=yes state=started
-
-
-
-# Prepare and run MBS frontend
- name: Create /opt/module-build-service
-  file:  path=/opt/module-build-service state=directory
-
- name: Copy mbs.wsgi file
-  copy: src=mbs.wsgi dest=/opt/module-build-service/mbs.wsgi
-
- name: Create vhosts directory
-  file: path=/etc/httpd/conf/vhosts/mbs state=directory
-
- name: Copy httpd/mbs.conf to vhosts directory
-  copy: src=httpd/mbs.conf dest=/etc/httpd/conf/vhosts/mbs/mbs.conf
-  notify: reload httpd
--- a/roles/copr/mbs/templates/config.py
+++ b/roles/copr/mbs/templates/config.py
@ -1,58 +0,0 @@
-import sys
-sys.path.insert(1, '/etc/module-build-service')
-
-import base_config as base
-from base_config import confdir, dbdir
-
-
-class ProdConfiguration(base.ProdConfiguration):
-    SYSTEM = 'copr'
-    SECRET_KEY = '{{ copr_mbs_secret_key }}'
-
-    YAML_SUBMIT_ALLOWED = True
-
-    PDC_INSECURE = False
-
-    # Only copr-frontend is allowed to communicate with this mbs instance
-    # Therefore we don't require it to authenicate first, we trust it
-    NO_AUTH = True
-
-    # Use production instances of PDC and Koji
-    KOJI_REPOSITORY_URL = 'https://kojipkgs.fedoraproject.org/repos'
-    PDC_URL = 'https://pdc.fedoraproject.org/rest_api/v1'
-
-    # Do not restrict to only trusted repositories, allow everything
-    SCMURLS = []
-    ALLOW_CUSTOM_SCMURLS = True
-
-{% if env == 'staging' %}
-    MESSAGING_TOPIC_PREFIX = ['org.fedoraproject.dev', 'org.fedoraproject.stg']
-{% else %}
-    MESSAGING_TOPIC_PREFIX = ['org.fedoraproject.prod', 'org.fedoraproject.dev']
-{% endif %}
-
-    # Allow custom component repositories
-    RPMS_ALLOW_REPOSITORY = True
-    RPMS_ALLOW_CACHE = True
-    MODULES_ALLOW_REPOSITORY = True
-
-    # Determines how many builds can be submitted to the builder
-    # and be in the build state at a time. Set this to 0 for no restrictions
-    # We can set some limit in the future, once we need it
-    NUM_CONSECUTIVE_BUILDS = 0
-
-    # When MBS frontend runs on same machine as scheduler,
-    # it is fine to set this to localhost
-    SERVER_NAME = 'localhost'
-
-
-class DevConfiguration(base.DevConfiguration):
-    SYSTEM = 'copr'
-
-
-class BaseConfiguration(base.BaseConfiguration):
-    pass
-
-
-class TestConfiguration(base.TestConfiguration):
-    pass
--- a/roles/copr/mbs/templates/copr.conf
+++ b/roles/copr/mbs/templates/copr.conf
@ -1,10 +0,0 @@
-[copr-cli]
-
-# Username belongs to build owner and is provided by MBS on runtime
-username =
-
-# API login for copr proxyuser
-login = {{ copr_mbs_cli_login }}
-token = {{ copr_mbs_cli_token }}
-
-copr_url = {% if env == 'staging' %}http{% else %}https{% endif %}://{{ copr_frontend_public_hostname }}
--- a/roles/copr/mbs/templates/module_build_service.py
+++ b/roles/copr/mbs/templates/module_build_service.py
@ -1,56 +0,0 @@
-import os
-
-config = {
-    # Just for dev.
-    "validate_signatures": False,
-
-    # Talk to the relay, so things also make it to composer.stg in our dev env
-    "active": True,
-
-    # Since we're in active mode, we don't need to declare any of our own
-    # passive endpoints.  This placeholder value needs to be here for the tests
-    # to pass in Jenkins, though.  \o/
-    "endpoints": {
-        "fedora-infrastructure": [
-            # Just listen to staging for now, not to production (spam!)
-{% if inventory_hostname.startswith('copr-fe.cloud') %}
-"tcp://hub.fedoraproject.org:9940"
-{% else %}
-#"tcp://stg.fedoraproject.org:9940"
-{% endif %}
-        ],
-    },
-
-    # Start of code signing configuration
-    # 'sign_messages': True,
-    # 'validate_signatures': True,
-    # 'crypto_backend': 'x509',
-    # 'crypto_validate_backends': ['x509'],
-    # 'ssldir': '/opt/module_build_service/pki',
-    # 'crl_location': 'http://localhost/crl/ca.crl',
-    # 'crl_cache': '/etc/pki/fedmsg/crl.pem',
-    # 'crl_cache_expiry': 10,
-    # 'ca_cert_location': 'http://localhost/crl/ca.crt',
-    # 'ca_cert_cache': '/etc/pki/fedmsg/ca.crt',
-    # 'ca_cert_cache_expiry': 0,  # Never expires
-    # 'certnames': {
-    #     'module_build_service.localhost': 'localhost'
-    # }
-    # End of code signing configuration
-}
-
-# developer's instance (docker/vagrant/...)
-if 'MODULE_BUILD_SERVICE_DEVELOPER_ENV' in os.environ and \
-   os.environ['MODULE_BUILD_SERVICE_DEVELOPER_ENV'].lower() in (
-       '1', 'on', 'true', 'y', 'yes'):
-    config['endpoints']['relay_outbound'] = ["tcp://fedmsg-relay:2001"]
-    config['relay_inbound'] = ["tcp://fedmsg-relay:2003"]
-else:
-    # These configuration values are reasonable for most other configurations.
-{% if inventory_hostname.startswith('copr-fe.cloud') %}
-    config['endpoints']['relay_outbound'] = ["tcp://127.0.0.1:4001"]
-    config['relay_inbound'] = ["tcp://127.0.0.1:2003"]
-{% else %}
-    config['endpoints']['relay_outbound'] = ['tcp://172.25.32.175:4001']
-    config['relay_inbound'] = ['tcp://172.25.32.175:2003']
-{% endif %}