From e8ea8a80c8cedca17d905559379b8b81a916f2ba Mon Sep 17 00:00:00 2001 From: clime Date: Fri, 23 Feb 2018 08:21:56 +0100 Subject: [PATCH] copr: we no longer use mbs --- inventory/group_vars/copr-front | 2 - playbooks/groups/copr-frontend.yml | 1 - roles/copr/backend/tasks/fedmsg.yml | 3 - roles/copr/backend/templates/fedmsg.d/mbs.py | 23 --- roles/copr/frontend/files/httpd/coprs.conf | 5 - roles/copr/mbs/files/fedmsg-hub.service | 14 -- roles/copr/mbs/files/httpd/mbs.conf | 19 --- roles/copr/mbs/files/mbs.wsgi | 18 -- roles/copr/mbs/handlers/main.yml | 7 - roles/copr/mbs/tasks/main.yml | 154 ------------------ roles/copr/mbs/templates/config.py | 58 ------- roles/copr/mbs/templates/copr.conf | 10 -- .../mbs/templates/module_build_service.py | 56 ------- 13 files changed, 370 deletions(-) delete mode 100644 roles/copr/backend/templates/fedmsg.d/mbs.py delete mode 100644 roles/copr/mbs/files/fedmsg-hub.service delete mode 100644 roles/copr/mbs/files/httpd/mbs.conf delete mode 100755 roles/copr/mbs/files/mbs.wsgi delete mode 100644 roles/copr/mbs/handlers/main.yml delete mode 100644 roles/copr/mbs/tasks/main.yml delete mode 100644 roles/copr/mbs/templates/config.py delete mode 100644 roles/copr/mbs/templates/copr.conf delete mode 100644 roles/copr/mbs/templates/module_build_service.py diff --git a/inventory/group_vars/copr-front b/inventory/group_vars/copr-front index d49a97457d..7c9a288117 100644 --- a/inventory/group_vars/copr-front +++ b/inventory/group_vars/copr-front @@ -12,5 +12,3 @@ csi_purpose: Provide a publicly accessible frontend for 3rd party packages (copr csi_relationship: | - This host provides the frontend part of copr only. - It's the point of contact between end users and the copr build system (backend, package singer) - -copr_mbs_cli_login: Y29wcg==##vtvvikhcjncwkfkdcssv diff --git a/playbooks/groups/copr-frontend.yml b/playbooks/groups/copr-frontend.yml index 42c951c1f5..f669bbc15d 100644 --- a/playbooks/groups/copr-frontend.yml +++ b/playbooks/groups/copr-frontend.yml @@ -39,5 +39,4 @@ roles: - base - copr/frontend - - copr/mbs - nagios_client diff --git a/roles/copr/backend/tasks/fedmsg.yml b/roles/copr/backend/tasks/fedmsg.yml index 95ab59c3cf..ce85789774 100644 --- a/roles/copr/backend/tasks/fedmsg.yml +++ b/roles/copr/backend/tasks/fedmsg.yml @@ -7,9 +7,6 @@ - /etc/fedmsg.d/relay.py - /etc/fedmsg.d/ssl.py -- name: install the MBS config - template: src="fedmsg.d/mbs.py" dest=/etc/fedmsg.d/ - - name: install fedmsg-relay dnf: state=latest name=fedmsg-relay diff --git a/roles/copr/backend/templates/fedmsg.d/mbs.py b/roles/copr/backend/templates/fedmsg.d/mbs.py deleted file mode 100644 index 7e03728747..0000000000 --- a/roles/copr/backend/templates/fedmsg.d/mbs.py +++ /dev/null @@ -1,23 +0,0 @@ -config = dict( - - sign_messages=False, - validate_signatures=False, - - endpoints={ - # This is the output side of the relay to which all other - # services can listen. - "relay_outbound": [ - "tcp://{{ copr_backend_ips[0] }}:4001", - ], - }, - - # This is the address of an active->passive relay. It is used for the - # fedmsg-logger command which requires another service with a stable - # listening address for it to send messages to. - # It is also used by the git-hook, for the same reason. - # It is also used by the mediawiki php plugin which, due to the oddities of - # php, can't maintain a single passive-bind endpoint of it's own. - relay_inbound=[ - "tcp://{{ copr_backend_ips[0] }}:2003", - ], -) diff --git a/roles/copr/frontend/files/httpd/coprs.conf b/roles/copr/frontend/files/httpd/coprs.conf index 71a69466b0..054d507e06 100644 --- a/roles/copr/frontend/files/httpd/coprs.conf +++ b/roles/copr/frontend/files/httpd/coprs.conf @@ -8,11 +8,6 @@ Alias /robots.txt /var/www/html/robots.txt ServerAlias copr-fe.cloud.fedoraproject.org WSGIPassAuthorization On - - # Needs to be above WSGIScriptAlias / - # http://stackoverflow.com/a/9690110 - IncludeOptional /etc/httpd/conf/vhost[s]/mbs/mbs.conf - WSGIDaemonProcess 127.0.0.1 user=copr-fe group=copr-fe threads=15 display-name=other maximum-requests=8000 graceful-timeout=20 WSGIDaemonProcess api user=copr-fe group=copr-fe threads=15 display-name=api maximum-requests=8000 graceful-timeout=20 WSGIDaemonProcess backend user=copr-fe group=copr-fe threads=15 display-name=backend maximum-requests=8000 graceful-timeout=20 diff --git a/roles/copr/mbs/files/fedmsg-hub.service b/roles/copr/mbs/files/fedmsg-hub.service deleted file mode 100644 index 88b75415d9..0000000000 --- a/roles/copr/mbs/files/fedmsg-hub.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=Generic fedmsg processing hub -After=network.target -Documentation=https://fedmsg.readthedocs.org/ - -[Service] -ExecStart=/usr/bin/fedmsg-hub -Type=simple -User=mbs -Group=mbs -Restart=on-failure - -[Install] -WantedBy=multi-user.target diff --git a/roles/copr/mbs/files/httpd/mbs.conf b/roles/copr/mbs/files/httpd/mbs.conf deleted file mode 100644 index c5205edded..0000000000 --- a/roles/copr/mbs/files/httpd/mbs.conf +++ /dev/null @@ -1,19 +0,0 @@ -# Needs to be above WSGIScriptAlias / -# @TODO With this configuration it needs to be accessed via [1] instead of [2] -# [1] http://127.0.0.1:8080/module-build-service/module-build-service/1/module-builds/ -# [2] http://127.0.0.1:8080/module-build-service/1/module-builds/ - -WSGIDaemonProcess module-build-service user=mbs group=mbs threads=15 display-name=module-build-service -WSGIScriptAlias /module-build-service /opt/module-build-service/mbs.wsgi - - Require host localhost - WSGIProcessGroup module-build-service - - - - WSGIApplicationGroup %{GLOBAL} - Require all granted - - -RewriteEngine On -RewriteRule ^/module/(.*)$ /module-build-service/module-build-service/$1 [PT] diff --git a/roles/copr/mbs/files/mbs.wsgi b/roles/copr/mbs/files/mbs.wsgi deleted file mode 100755 index 4fd78c11ee..0000000000 --- a/roles/copr/mbs/files/mbs.wsgi +++ /dev/null @@ -1,18 +0,0 @@ -#!/usr/bin/python2 -import logging -import os -import sys - -# so that errors are not sent to stdout -logging.basicConfig(stream=sys.stderr) - -os.environ["COPRS_ENVIRON_PRODUCTION"] = "1" -sys.path.insert(0, os.path.dirname(__file__)) - -from module_build_service import app - -if app.debug: - from werkzeug.debug import DebuggedApplication - app = DebuggedApplication(app, True) - -application = app diff --git a/roles/copr/mbs/handlers/main.yml b/roles/copr/mbs/handlers/main.yml deleted file mode 100644 index 316966663b..0000000000 --- a/roles/copr/mbs/handlers/main.yml +++ /dev/null @@ -1,7 +0,0 @@ -- import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: daemon reload - command: systemctl daemon-reload - -- name: restart httpd - service: name=httpd state=restarted diff --git a/roles/copr/mbs/tasks/main.yml b/roles/copr/mbs/tasks/main.yml deleted file mode 100644 index b734bd2e9f..0000000000 --- a/roles/copr/mbs/tasks/main.yml +++ /dev/null @@ -1,154 +0,0 @@ ---- - -# Cant use the ansible dnf module here. It doesnt work without these pacakges. -# Therefore using command module -- name: Install python and deps for ansible modules - command: dnf install --refresh -y python2 python2-dnf libselinux-python - - -- name: Install stuff - dnf: name={{ item }} state=latest - with_items: - # Those things are explicitly listed in Vagrantfile - # https://pagure.io/fm-orchestrator/blob/master/f/Vagrantfile - # Should they be covered by spec file? - - fedmsg-hub - - fedmsg-relay - - fedpkg - - gcc - - gcc - - gcc-c++ - - krb5-workstation - - libffi-devel - - openssl-devel - - python-virtualenv - - redhat-rpm-config - - redhat-rpm-config - - swig - - systemd-devel - - # Not covered by Vagrantfile nor .spec file, - # but it seems to be required - - python-systemd - - # Required for copr - - copr-cli - - python2-copr - - -- name: Install module-build-service package - dnf: name=module-build-service state=latest - notify: - - restart httpd - - restart fedmsg-hub - - -# Post-install stuff - -# We don't need following configs because everything required is set in -# module_build_service.py. It only causes problems with overriding our settings -- name: Remove redundant fedmsg.d files - file: path="{{item}}" state=absent - with_items: - - /etc/fedmsg.d/endpoints.py - - /etc/fedmsg.d/relay.py - - /etc/fedmsg.d/ssl.py - -- name: setup module_build_service - template: src=module_build_service.py dest=/etc/fedmsg.d/module_build_service.py mode=0644 owner=root group=root - -- name: Listen to copr-be-dev - lineinfile: - dest: /etc/fedmsg.d/module_build_service.py - insertafter: - line: "{{ item }}" - with_items: - - " config['endpoints']['relay_outbound'].append('tcp://{{ copr_backend_ips[0] }}:4001')" - - " config['relay_inbound'].append('tcp://{{ copr_backend_ips[0] }}:2003')" - when: env == "staging" - - -# We want to run fedmsg-hub as 'mbs' user, because we don't want to rpmbuild as 'fedmsg' -- name: Copy modified fedmsg-hub.service file - copy: src=fedmsg-hub.service dest=/etc/systemd/system/fedmsg-hub.service - notify: daemon reload - - -# Create user and group for mbs -- name: Create group for mbs-frontend - group: name=mbs state=present gid=1002 - -- name: Create user for mbs-frontend - user: name=mbs group=mbs uid=1002 - - - -# The config provided by MBS package is a python file -# Instead of replacing values by regex in such file, rather rename -# the original file and then install own configuration file which -# inherits the original one and then customizes it. -- name: Stat base_config - stat: path=/etc/module-build-service/base_config.py - register: base_config_stat - -- name: Move config.py to base_config.py - command: mv /etc/module-build-service/config.py /etc/module-build-service/base_config.py creates=/etc/module-build-service/base_config.py - -- name: Touch __init__.py file - copy: dest=/etc/module-build-service/__init__.py force=no content='' - -- name: Copy production config - template: src=config.py dest=/etc/module-build-service/config.py - -- name: Copy config for copr-cli - template: src=copr.conf dest=/etc/module-build-service/copr.conf - - -- name: Upgrade database - command: mbs-upgradedb - -#- name: Generate cert -# command: mbs-gencert -# args: -# creates: /etc/module-build-service/server.crt -# -#- name: generate cacert.pem -# shell: cat /etc/module-build-service/server.crt /etc/module-build-service/server.key > /etc/module-build-service/cacert.pem -# args: -# creates: /etc/module-build-service/cacert.pem - -- name: Chown /etc/module-build-service to mbs:mbs - file: path=/etc/module-build-service owner=mbs group=mbs recurse=yes mode=g+w - -- name: Add copr-fe to mbs group - user: name=copr-fe groups=mbs append=yes - -- name: Allow writing into DB file in SELinux - file: path="{{item}}" setype=httpd_sys_rw_content_t - with_items: - - /etc/module-build-service - - /etc/module-build-service/module_build_service.db - -# Run module-build-service processes -- name: Enable fedmsg-relay - service: name=fedmsg-relay enabled=yes state=started - when: inventory_hostname == 'copr-fe.cloud.fedoraproject.org' - -- name: Run fedmsg-hub - service: name=fedmsg-hub enabled=yes state=started - - - -# Prepare and run MBS frontend -- name: Create /opt/module-build-service - file: path=/opt/module-build-service state=directory - -- name: Copy mbs.wsgi file - copy: src=mbs.wsgi dest=/opt/module-build-service/mbs.wsgi - -- name: Create vhosts directory - file: path=/etc/httpd/conf/vhosts/mbs state=directory - -- name: Copy httpd/mbs.conf to vhosts directory - copy: src=httpd/mbs.conf dest=/etc/httpd/conf/vhosts/mbs/mbs.conf - notify: reload httpd diff --git a/roles/copr/mbs/templates/config.py b/roles/copr/mbs/templates/config.py deleted file mode 100644 index 28f89215e0..0000000000 --- a/roles/copr/mbs/templates/config.py +++ /dev/null @@ -1,58 +0,0 @@ -import sys -sys.path.insert(1, '/etc/module-build-service') - -import base_config as base -from base_config import confdir, dbdir - - -class ProdConfiguration(base.ProdConfiguration): - SYSTEM = 'copr' - SECRET_KEY = '{{ copr_mbs_secret_key }}' - - YAML_SUBMIT_ALLOWED = True - - PDC_INSECURE = False - - # Only copr-frontend is allowed to communicate with this mbs instance - # Therefore we don't require it to authenicate first, we trust it - NO_AUTH = True - - # Use production instances of PDC and Koji - KOJI_REPOSITORY_URL = 'https://kojipkgs.fedoraproject.org/repos' - PDC_URL = 'https://pdc.fedoraproject.org/rest_api/v1' - - # Do not restrict to only trusted repositories, allow everything - SCMURLS = [] - ALLOW_CUSTOM_SCMURLS = True - -{% if env == 'staging' %} - MESSAGING_TOPIC_PREFIX = ['org.fedoraproject.dev', 'org.fedoraproject.stg'] -{% else %} - MESSAGING_TOPIC_PREFIX = ['org.fedoraproject.prod', 'org.fedoraproject.dev'] -{% endif %} - - # Allow custom component repositories - RPMS_ALLOW_REPOSITORY = True - RPMS_ALLOW_CACHE = True - MODULES_ALLOW_REPOSITORY = True - - # Determines how many builds can be submitted to the builder - # and be in the build state at a time. Set this to 0 for no restrictions - # We can set some limit in the future, once we need it - NUM_CONSECUTIVE_BUILDS = 0 - - # When MBS frontend runs on same machine as scheduler, - # it is fine to set this to localhost - SERVER_NAME = 'localhost' - - -class DevConfiguration(base.DevConfiguration): - SYSTEM = 'copr' - - -class BaseConfiguration(base.BaseConfiguration): - pass - - -class TestConfiguration(base.TestConfiguration): - pass diff --git a/roles/copr/mbs/templates/copr.conf b/roles/copr/mbs/templates/copr.conf deleted file mode 100644 index 6796042d3c..0000000000 --- a/roles/copr/mbs/templates/copr.conf +++ /dev/null @@ -1,10 +0,0 @@ -[copr-cli] - -# Username belongs to build owner and is provided by MBS on runtime -username = - -# API login for copr proxyuser -login = {{ copr_mbs_cli_login }} -token = {{ copr_mbs_cli_token }} - -copr_url = {% if env == 'staging' %}http{% else %}https{% endif %}://{{ copr_frontend_public_hostname }} diff --git a/roles/copr/mbs/templates/module_build_service.py b/roles/copr/mbs/templates/module_build_service.py deleted file mode 100644 index d9099de1e9..0000000000 --- a/roles/copr/mbs/templates/module_build_service.py +++ /dev/null @@ -1,56 +0,0 @@ -import os - -config = { - # Just for dev. - "validate_signatures": False, - - # Talk to the relay, so things also make it to composer.stg in our dev env - "active": True, - - # Since we're in active mode, we don't need to declare any of our own - # passive endpoints. This placeholder value needs to be here for the tests - # to pass in Jenkins, though. \o/ - "endpoints": { - "fedora-infrastructure": [ - # Just listen to staging for now, not to production (spam!) -{% if inventory_hostname.startswith('copr-fe.cloud') %} -"tcp://hub.fedoraproject.org:9940" -{% else %} -#"tcp://stg.fedoraproject.org:9940" -{% endif %} - ], - }, - - # Start of code signing configuration - # 'sign_messages': True, - # 'validate_signatures': True, - # 'crypto_backend': 'x509', - # 'crypto_validate_backends': ['x509'], - # 'ssldir': '/opt/module_build_service/pki', - # 'crl_location': 'http://localhost/crl/ca.crl', - # 'crl_cache': '/etc/pki/fedmsg/crl.pem', - # 'crl_cache_expiry': 10, - # 'ca_cert_location': 'http://localhost/crl/ca.crt', - # 'ca_cert_cache': '/etc/pki/fedmsg/ca.crt', - # 'ca_cert_cache_expiry': 0, # Never expires - # 'certnames': { - # 'module_build_service.localhost': 'localhost' - # } - # End of code signing configuration -} - -# developer's instance (docker/vagrant/...) -if 'MODULE_BUILD_SERVICE_DEVELOPER_ENV' in os.environ and \ - os.environ['MODULE_BUILD_SERVICE_DEVELOPER_ENV'].lower() in ( - '1', 'on', 'true', 'y', 'yes'): - config['endpoints']['relay_outbound'] = ["tcp://fedmsg-relay:2001"] - config['relay_inbound'] = ["tcp://fedmsg-relay:2003"] -else: - # These configuration values are reasonable for most other configurations. -{% if inventory_hostname.startswith('copr-fe.cloud') %} - config['endpoints']['relay_outbound'] = ["tcp://127.0.0.1:4001"] - config['relay_inbound'] = ["tcp://127.0.0.1:2003"] -{% else %} - config['endpoints']['relay_outbound'] = ['tcp://172.25.32.175:4001'] - config['relay_inbound'] = ['tcp://172.25.32.175:2003'] -{% endif %}