copr: we no longer use mbs

This commit is contained in:
clime 2018-02-23 08:21:56 +01:00
parent f39c2b99ee
commit e8ea8a80c8
13 changed files with 0 additions and 370 deletions

View file

@ -12,5 +12,3 @@ csi_purpose: Provide a publicly accessible frontend for 3rd party packages (copr
csi_relationship: |
- This host provides the frontend part of copr only.
- It's the point of contact between end users and the copr build system (backend, package singer)
copr_mbs_cli_login: Y29wcg==##vtvvikhcjncwkfkdcssv

View file

@ -39,5 +39,4 @@
roles:
- base
- copr/frontend
- copr/mbs
- nagios_client

View file

@ -7,9 +7,6 @@
- /etc/fedmsg.d/relay.py
- /etc/fedmsg.d/ssl.py
- name: install the MBS config
template: src="fedmsg.d/mbs.py" dest=/etc/fedmsg.d/
- name: install fedmsg-relay
dnf: state=latest name=fedmsg-relay

View file

@ -1,23 +0,0 @@
config = dict(
sign_messages=False,
validate_signatures=False,
endpoints={
# This is the output side of the relay to which all other
# services can listen.
"relay_outbound": [
"tcp://{{ copr_backend_ips[0] }}:4001",
],
},
# This is the address of an active->passive relay. It is used for the
# fedmsg-logger command which requires another service with a stable
# listening address for it to send messages to.
# It is also used by the git-hook, for the same reason.
# It is also used by the mediawiki php plugin which, due to the oddities of
# php, can't maintain a single passive-bind endpoint of it's own.
relay_inbound=[
"tcp://{{ copr_backend_ips[0] }}:2003",
],
)

View file

@ -8,11 +8,6 @@ Alias /robots.txt /var/www/html/robots.txt
ServerAlias copr-fe.cloud.fedoraproject.org
WSGIPassAuthorization On
# Needs to be above WSGIScriptAlias /
# http://stackoverflow.com/a/9690110
IncludeOptional /etc/httpd/conf/vhost[s]/mbs/mbs.conf
WSGIDaemonProcess 127.0.0.1 user=copr-fe group=copr-fe threads=15 display-name=other maximum-requests=8000 graceful-timeout=20
WSGIDaemonProcess api user=copr-fe group=copr-fe threads=15 display-name=api maximum-requests=8000 graceful-timeout=20
WSGIDaemonProcess backend user=copr-fe group=copr-fe threads=15 display-name=backend maximum-requests=8000 graceful-timeout=20

View file

@ -1,14 +0,0 @@
[Unit]
Description=Generic fedmsg processing hub
After=network.target
Documentation=https://fedmsg.readthedocs.org/
[Service]
ExecStart=/usr/bin/fedmsg-hub
Type=simple
User=mbs
Group=mbs
Restart=on-failure
[Install]
WantedBy=multi-user.target

View file

@ -1,19 +0,0 @@
# Needs to be above WSGIScriptAlias /
# @TODO With this configuration it needs to be accessed via [1] instead of [2]
# [1] http://127.0.0.1:8080/module-build-service/module-build-service/1/module-builds/
# [2] http://127.0.0.1:8080/module-build-service/1/module-builds/
WSGIDaemonProcess module-build-service user=mbs group=mbs threads=15 display-name=module-build-service
WSGIScriptAlias /module-build-service /opt/module-build-service/mbs.wsgi
<Location /module-build-service>
Require host localhost
WSGIProcessGroup module-build-service
</Location>
<Directory /opt/module-build-service>
WSGIApplicationGroup %{GLOBAL}
Require all granted
</Directory>
RewriteEngine On
RewriteRule ^/module/(.*)$ /module-build-service/module-build-service/$1 [PT]

View file

@ -1,18 +0,0 @@
#!/usr/bin/python2
import logging
import os
import sys
# so that errors are not sent to stdout
logging.basicConfig(stream=sys.stderr)
os.environ["COPRS_ENVIRON_PRODUCTION"] = "1"
sys.path.insert(0, os.path.dirname(__file__))
from module_build_service import app
if app.debug:
from werkzeug.debug import DebuggedApplication
app = DebuggedApplication(app, True)
application = app

View file

@ -1,7 +0,0 @@
- import_tasks: "{{ handlers_path }}/restart_services.yml"
- name: daemon reload
command: systemctl daemon-reload
- name: restart httpd
service: name=httpd state=restarted

View file

@ -1,154 +0,0 @@
---
# Cant use the ansible dnf module here. It doesnt work without these pacakges.
# Therefore using command module
- name: Install python and deps for ansible modules
command: dnf install --refresh -y python2 python2-dnf libselinux-python
- name: Install stuff
dnf: name={{ item }} state=latest
with_items:
# Those things are explicitly listed in Vagrantfile
# https://pagure.io/fm-orchestrator/blob/master/f/Vagrantfile
# Should they be covered by spec file?
- fedmsg-hub
- fedmsg-relay
- fedpkg
- gcc
- gcc
- gcc-c++
- krb5-workstation
- libffi-devel
- openssl-devel
- python-virtualenv
- redhat-rpm-config
- redhat-rpm-config
- swig
- systemd-devel
# Not covered by Vagrantfile nor .spec file,
# but it seems to be required
- python-systemd
# Required for copr
- copr-cli
- python2-copr
- name: Install module-build-service package
dnf: name=module-build-service state=latest
notify:
- restart httpd
- restart fedmsg-hub
# Post-install stuff
# We don't need following configs because everything required is set in
# module_build_service.py. It only causes problems with overriding our settings
- name: Remove redundant fedmsg.d files
file: path="{{item}}" state=absent
with_items:
- /etc/fedmsg.d/endpoints.py
- /etc/fedmsg.d/relay.py
- /etc/fedmsg.d/ssl.py
- name: setup module_build_service
template: src=module_build_service.py dest=/etc/fedmsg.d/module_build_service.py mode=0644 owner=root group=root
- name: Listen to copr-be-dev
lineinfile:
dest: /etc/fedmsg.d/module_build_service.py
insertafter:
line: "{{ item }}"
with_items:
- " config['endpoints']['relay_outbound'].append('tcp://{{ copr_backend_ips[0] }}:4001')"
- " config['relay_inbound'].append('tcp://{{ copr_backend_ips[0] }}:2003')"
when: env == "staging"
# We want to run fedmsg-hub as 'mbs' user, because we don't want to rpmbuild as 'fedmsg'
- name: Copy modified fedmsg-hub.service file
copy: src=fedmsg-hub.service dest=/etc/systemd/system/fedmsg-hub.service
notify: daemon reload
# Create user and group for mbs
- name: Create group for mbs-frontend
group: name=mbs state=present gid=1002
- name: Create user for mbs-frontend
user: name=mbs group=mbs uid=1002
# The config provided by MBS package is a python file
# Instead of replacing values by regex in such file, rather rename
# the original file and then install own configuration file which
# inherits the original one and then customizes it.
- name: Stat base_config
stat: path=/etc/module-build-service/base_config.py
register: base_config_stat
- name: Move config.py to base_config.py
command: mv /etc/module-build-service/config.py /etc/module-build-service/base_config.py creates=/etc/module-build-service/base_config.py
- name: Touch __init__.py file
copy: dest=/etc/module-build-service/__init__.py force=no content=''
- name: Copy production config
template: src=config.py dest=/etc/module-build-service/config.py
- name: Copy config for copr-cli
template: src=copr.conf dest=/etc/module-build-service/copr.conf
- name: Upgrade database
command: mbs-upgradedb
#- name: Generate cert
# command: mbs-gencert
# args:
# creates: /etc/module-build-service/server.crt
#
#- name: generate cacert.pem
# shell: cat /etc/module-build-service/server.crt /etc/module-build-service/server.key > /etc/module-build-service/cacert.pem
# args:
# creates: /etc/module-build-service/cacert.pem
- name: Chown /etc/module-build-service to mbs:mbs
file: path=/etc/module-build-service owner=mbs group=mbs recurse=yes mode=g+w
- name: Add copr-fe to mbs group
user: name=copr-fe groups=mbs append=yes
- name: Allow writing into DB file in SELinux
file: path="{{item}}" setype=httpd_sys_rw_content_t
with_items:
- /etc/module-build-service
- /etc/module-build-service/module_build_service.db
# Run module-build-service processes
- name: Enable fedmsg-relay
service: name=fedmsg-relay enabled=yes state=started
when: inventory_hostname == 'copr-fe.cloud.fedoraproject.org'
- name: Run fedmsg-hub
service: name=fedmsg-hub enabled=yes state=started
# Prepare and run MBS frontend
- name: Create /opt/module-build-service
file: path=/opt/module-build-service state=directory
- name: Copy mbs.wsgi file
copy: src=mbs.wsgi dest=/opt/module-build-service/mbs.wsgi
- name: Create vhosts directory
file: path=/etc/httpd/conf/vhosts/mbs state=directory
- name: Copy httpd/mbs.conf to vhosts directory
copy: src=httpd/mbs.conf dest=/etc/httpd/conf/vhosts/mbs/mbs.conf
notify: reload httpd

View file

@ -1,58 +0,0 @@
import sys
sys.path.insert(1, '/etc/module-build-service')
import base_config as base
from base_config import confdir, dbdir
class ProdConfiguration(base.ProdConfiguration):
SYSTEM = 'copr'
SECRET_KEY = '{{ copr_mbs_secret_key }}'
YAML_SUBMIT_ALLOWED = True
PDC_INSECURE = False
# Only copr-frontend is allowed to communicate with this mbs instance
# Therefore we don't require it to authenicate first, we trust it
NO_AUTH = True
# Use production instances of PDC and Koji
KOJI_REPOSITORY_URL = 'https://kojipkgs.fedoraproject.org/repos'
PDC_URL = 'https://pdc.fedoraproject.org/rest_api/v1'
# Do not restrict to only trusted repositories, allow everything
SCMURLS = []
ALLOW_CUSTOM_SCMURLS = True
{% if env == 'staging' %}
MESSAGING_TOPIC_PREFIX = ['org.fedoraproject.dev', 'org.fedoraproject.stg']
{% else %}
MESSAGING_TOPIC_PREFIX = ['org.fedoraproject.prod', 'org.fedoraproject.dev']
{% endif %}
# Allow custom component repositories
RPMS_ALLOW_REPOSITORY = True
RPMS_ALLOW_CACHE = True
MODULES_ALLOW_REPOSITORY = True
# Determines how many builds can be submitted to the builder
# and be in the build state at a time. Set this to 0 for no restrictions
# We can set some limit in the future, once we need it
NUM_CONSECUTIVE_BUILDS = 0
# When MBS frontend runs on same machine as scheduler,
# it is fine to set this to localhost
SERVER_NAME = 'localhost'
class DevConfiguration(base.DevConfiguration):
SYSTEM = 'copr'
class BaseConfiguration(base.BaseConfiguration):
pass
class TestConfiguration(base.TestConfiguration):
pass

View file

@ -1,10 +0,0 @@
[copr-cli]
# Username belongs to build owner and is provided by MBS on runtime
username =
# API login for copr proxyuser
login = {{ copr_mbs_cli_login }}
token = {{ copr_mbs_cli_token }}
copr_url = {% if env == 'staging' %}http{% else %}https{% endif %}://{{ copr_frontend_public_hostname }}

View file

@ -1,56 +0,0 @@
import os
config = {
# Just for dev.
"validate_signatures": False,
# Talk to the relay, so things also make it to composer.stg in our dev env
"active": True,
# Since we're in active mode, we don't need to declare any of our own
# passive endpoints. This placeholder value needs to be here for the tests
# to pass in Jenkins, though. \o/
"endpoints": {
"fedora-infrastructure": [
# Just listen to staging for now, not to production (spam!)
{% if inventory_hostname.startswith('copr-fe.cloud') %}
"tcp://hub.fedoraproject.org:9940"
{% else %}
#"tcp://stg.fedoraproject.org:9940"
{% endif %}
],
},
# Start of code signing configuration
# 'sign_messages': True,
# 'validate_signatures': True,
# 'crypto_backend': 'x509',
# 'crypto_validate_backends': ['x509'],
# 'ssldir': '/opt/module_build_service/pki',
# 'crl_location': 'http://localhost/crl/ca.crl',
# 'crl_cache': '/etc/pki/fedmsg/crl.pem',
# 'crl_cache_expiry': 10,
# 'ca_cert_location': 'http://localhost/crl/ca.crt',
# 'ca_cert_cache': '/etc/pki/fedmsg/ca.crt',
# 'ca_cert_cache_expiry': 0, # Never expires
# 'certnames': {
# 'module_build_service.localhost': 'localhost'
# }
# End of code signing configuration
}
# developer's instance (docker/vagrant/...)
if 'MODULE_BUILD_SERVICE_DEVELOPER_ENV' in os.environ and \
os.environ['MODULE_BUILD_SERVICE_DEVELOPER_ENV'].lower() in (
'1', 'on', 'true', 'y', 'yes'):
config['endpoints']['relay_outbound'] = ["tcp://fedmsg-relay:2001"]
config['relay_inbound'] = ["tcp://fedmsg-relay:2003"]
else:
# These configuration values are reasonable for most other configurations.
{% if inventory_hostname.startswith('copr-fe.cloud') %}
config['endpoints']['relay_outbound'] = ["tcp://127.0.0.1:4001"]
config['relay_inbound'] = ["tcp://127.0.0.1:2003"]
{% else %}
config['endpoints']['relay_outbound'] = ['tcp://172.25.32.175:4001']
config['relay_inbound'] = ['tcp://172.25.32.175:2003']
{% endif %}