copr: we no longer use mbs

2018-02-23 08:21:56 +01:00 · 2018-02-23 08:21:56 +01:00 · e8ea8a80c8
commit e8ea8a80c8
parent f39c2b99ee
13 changed files with 0 additions and 370 deletions
--- a/inventory/group_vars/copr-front
+++ b/inventory/group_vars/copr-front
@ -12,5 +12,3 @@ csi_purpose: Provide a publicly accessible frontend for 3rd party packages (copr
 csi_relationship: |
  - This host provides the frontend part of copr only.
  - It's the point of contact between end users and the copr build system (backend, package singer)
 copr_mbs_cli_login: Y29wcg==##vtvvikhcjncwkfkdcssv
--- a/playbooks/groups/copr-frontend.yml
+++ b/playbooks/groups/copr-frontend.yml
@ -39,5 +39,4 @@
  roles:
   - base
   - copr/frontend
   - copr/mbs
   - nagios_client
--- a/roles/copr/backend/tasks/fedmsg.yml
+++ b/roles/copr/backend/tasks/fedmsg.yml
@ -7,9 +7,6 @@
    - /etc/fedmsg.d/relay.py
    - /etc/fedmsg.d/ssl.py
 - name: install the MBS config
  template: src="fedmsg.d/mbs.py" dest=/etc/fedmsg.d/
 - name: install fedmsg-relay
  dnf: state=latest name=fedmsg-relay
--- a/roles/copr/backend/templates/fedmsg.d/mbs.py
+++ b/roles/copr/backend/templates/fedmsg.d/mbs.py
@ -1,23 +0,0 @@
 config = dict(
    sign_messages=False,
    validate_signatures=False,
    endpoints={
        # This is the output side of the relay to which all other
        # services can listen.
        "relay_outbound": [
            "tcp://{{ copr_backend_ips[0] }}:4001",
        ],
    },
    # This is the address of an active->passive relay.  It is used for the
    # fedmsg-logger command which requires another service with a stable
    # listening address for it to send messages to.
    # It is also used by the git-hook, for the same reason.
    # It is also used by the mediawiki php plugin which, due to the oddities of
    # php, can't maintain a single passive-bind endpoint of it's own.
    relay_inbound=[
        "tcp://{{ copr_backend_ips[0] }}:2003",
    ],
 )
--- a/roles/copr/frontend/files/httpd/coprs.conf
+++ b/roles/copr/frontend/files/httpd/coprs.conf
@ -8,11 +8,6 @@ Alias /robots.txt /var/www/html/robots.txt
    ServerAlias copr-fe.cloud.fedoraproject.org
    WSGIPassAuthorization On
    # Needs to be above WSGIScriptAlias /
    # http://stackoverflow.com/a/9690110
    IncludeOptional /etc/httpd/conf/vhost[s]/mbs/mbs.conf
    WSGIDaemonProcess 127.0.0.1 user=copr-fe group=copr-fe threads=15 display-name=other maximum-requests=8000 graceful-timeout=20
    WSGIDaemonProcess api user=copr-fe group=copr-fe threads=15 display-name=api maximum-requests=8000 graceful-timeout=20
    WSGIDaemonProcess backend user=copr-fe group=copr-fe threads=15 display-name=backend maximum-requests=8000 graceful-timeout=20
--- a/roles/copr/mbs/files/fedmsg-hub.service
+++ b/roles/copr/mbs/files/fedmsg-hub.service
@ -1,14 +0,0 @@
 [Unit]
 Description=Generic fedmsg processing hub
 After=network.target
 Documentation=https://fedmsg.readthedocs.org/
 [Service]
 ExecStart=/usr/bin/fedmsg-hub
 Type=simple
 User=mbs
 Group=mbs
 Restart=on-failure
 [Install]
 WantedBy=multi-user.target
--- a/roles/copr/mbs/files/httpd/mbs.conf
+++ b/roles/copr/mbs/files/httpd/mbs.conf
@ -1,19 +0,0 @@
 # Needs to be above WSGIScriptAlias /
 # @TODO With this configuration it needs to be accessed via [1] instead of [2]
 # [1] http://127.0.0.1:8080/module-build-service/module-build-service/1/module-builds/
 # [2] http://127.0.0.1:8080/module-build-service/1/module-builds/
 WSGIDaemonProcess module-build-service user=mbs group=mbs threads=15 display-name=module-build-service
 WSGIScriptAlias /module-build-service /opt/module-build-service/mbs.wsgi
 <Location /module-build-service>
    Require host localhost
    WSGIProcessGroup module-build-service
 </Location>
 <Directory /opt/module-build-service>
    WSGIApplicationGroup %{GLOBAL}
    Require all granted
 </Directory>
 RewriteEngine On
 RewriteRule ^/module/(.*)$ /module-build-service/module-build-service/$1 [PT]
--- a/roles/copr/mbs/files/mbs.wsgi
+++ b/roles/copr/mbs/files/mbs.wsgi
@ -1,18 +0,0 @@
 #!/usr/bin/python2
 import logging
 import os
 import sys
 # so that errors are not sent to stdout
 logging.basicConfig(stream=sys.stderr)
 os.environ["COPRS_ENVIRON_PRODUCTION"] = "1"
 sys.path.insert(0, os.path.dirname(__file__))
 from module_build_service import app
 if app.debug:
    from werkzeug.debug import DebuggedApplication
    app = DebuggedApplication(app, True)
 application = app
--- a/roles/copr/mbs/handlers/main.yml
+++ b/roles/copr/mbs/handlers/main.yml
@ -1,7 +0,0 @@
 - import_tasks: "{{ handlers_path }}/restart_services.yml"
 - name: daemon reload
  command: systemctl daemon-reload
 - name: restart httpd
  service: name=httpd state=restarted
--- a/roles/copr/mbs/tasks/main.yml
+++ b/roles/copr/mbs/tasks/main.yml
@ -1,154 +0,0 @@
 ---
 # Cant use the ansible dnf module here. It doesnt work without these pacakges.
 # Therefore using command module
 - name: Install python and deps for ansible modules
  command: dnf install --refresh -y python2 python2-dnf libselinux-python
 - name: Install stuff
  dnf: name={{ item }} state=latest
  with_items:
    # Those things are explicitly listed in Vagrantfile
    # https://pagure.io/fm-orchestrator/blob/master/f/Vagrantfile
    # Should they be covered by spec file?
    - fedmsg-hub
    - fedmsg-relay
    - fedpkg
    - gcc
    - gcc
    - gcc-c++
    - krb5-workstation
    - libffi-devel
    - openssl-devel
    - python-virtualenv
    - redhat-rpm-config
    - redhat-rpm-config
    - swig
    - systemd-devel
    # Not covered by Vagrantfile nor .spec file,
    # but it seems to be required
    - python-systemd
    # Required for copr
    - copr-cli
    - python2-copr
 - name: Install module-build-service package
  dnf: name=module-build-service state=latest
  notify:
    - restart httpd
    - restart fedmsg-hub
 # Post-install stuff
 # We don't need following configs because everything required is set in
 # module_build_service.py. It only causes problems with overriding our settings
 - name: Remove redundant fedmsg.d files
  file: path="{{item}}" state=absent
  with_items:
    - /etc/fedmsg.d/endpoints.py
    - /etc/fedmsg.d/relay.py
    - /etc/fedmsg.d/ssl.py
 - name: setup module_build_service
  template: src=module_build_service.py dest=/etc/fedmsg.d/module_build_service.py mode=0644 owner=root group=root
 - name: Listen to copr-be-dev
  lineinfile:
    dest: /etc/fedmsg.d/module_build_service.py
    insertafter:
    line: "{{ item }}"
  with_items:
    - "    config['endpoints']['relay_outbound'].append('tcp://{{ copr_backend_ips[0] }}:4001')"
    - "    config['relay_inbound'].append('tcp://{{ copr_backend_ips[0] }}:2003')"
  when: env == "staging"
 # We want to run fedmsg-hub as 'mbs' user, because we don't want to rpmbuild as 'fedmsg'
 - name: Copy modified fedmsg-hub.service file
  copy: src=fedmsg-hub.service dest=/etc/systemd/system/fedmsg-hub.service
  notify: daemon reload
 # Create user and group for mbs
 - name: Create group for mbs-frontend
  group: name=mbs state=present gid=1002
 - name: Create user for mbs-frontend
  user: name=mbs group=mbs uid=1002
 # The config provided by MBS package is a python file
 # Instead of replacing values by regex in such file, rather rename
 # the original file and then install own configuration file which
 # inherits the original one and then customizes it.
 - name: Stat base_config
  stat: path=/etc/module-build-service/base_config.py
  register: base_config_stat
 - name: Move config.py to base_config.py
  command: mv /etc/module-build-service/config.py /etc/module-build-service/base_config.py creates=/etc/module-build-service/base_config.py
 - name: Touch __init__.py file
  copy: dest=/etc/module-build-service/__init__.py force=no content=''
 - name: Copy production config
  template: src=config.py dest=/etc/module-build-service/config.py
 - name: Copy config for copr-cli
  template: src=copr.conf dest=/etc/module-build-service/copr.conf
 - name: Upgrade database
  command: mbs-upgradedb
 #- name: Generate cert
 #  command: mbs-gencert
 #  args:
 #    creates: /etc/module-build-service/server.crt
 #
 #- name: generate cacert.pem
 #  shell: cat /etc/module-build-service/server.crt /etc/module-build-service/server.key > /etc/module-build-service/cacert.pem
 #  args:
 #    creates: /etc/module-build-service/cacert.pem
 - name: Chown /etc/module-build-service to mbs:mbs
  file: path=/etc/module-build-service owner=mbs group=mbs recurse=yes mode=g+w
 - name: Add copr-fe to mbs group
  user: name=copr-fe groups=mbs append=yes
 - name: Allow writing into DB file in SELinux
  file: path="{{item}}" setype=httpd_sys_rw_content_t
  with_items:
    - /etc/module-build-service
    - /etc/module-build-service/module_build_service.db
 # Run module-build-service processes
 - name: Enable fedmsg-relay
  service: name=fedmsg-relay enabled=yes state=started
  when: inventory_hostname == 'copr-fe.cloud.fedoraproject.org'
 - name: Run fedmsg-hub
  service: name=fedmsg-hub enabled=yes state=started
 # Prepare and run MBS frontend
 - name: Create /opt/module-build-service
  file:  path=/opt/module-build-service state=directory
 - name: Copy mbs.wsgi file
  copy: src=mbs.wsgi dest=/opt/module-build-service/mbs.wsgi
 - name: Create vhosts directory
  file: path=/etc/httpd/conf/vhosts/mbs state=directory
 - name: Copy httpd/mbs.conf to vhosts directory
  copy: src=httpd/mbs.conf dest=/etc/httpd/conf/vhosts/mbs/mbs.conf
  notify: reload httpd
--- a/roles/copr/mbs/templates/config.py
+++ b/roles/copr/mbs/templates/config.py
@ -1,58 +0,0 @@
 import sys
 sys.path.insert(1, '/etc/module-build-service')
 import base_config as base
 from base_config import confdir, dbdir
 class ProdConfiguration(base.ProdConfiguration):
    SYSTEM = 'copr'
    SECRET_KEY = '{{ copr_mbs_secret_key }}'
    YAML_SUBMIT_ALLOWED = True
    PDC_INSECURE = False
    # Only copr-frontend is allowed to communicate with this mbs instance
    # Therefore we don't require it to authenicate first, we trust it
    NO_AUTH = True
    # Use production instances of PDC and Koji
    KOJI_REPOSITORY_URL = 'https://kojipkgs.fedoraproject.org/repos'
    PDC_URL = 'https://pdc.fedoraproject.org/rest_api/v1'
    # Do not restrict to only trusted repositories, allow everything
    SCMURLS = []
    ALLOW_CUSTOM_SCMURLS = True
 {% if env == 'staging' %}
    MESSAGING_TOPIC_PREFIX = ['org.fedoraproject.dev', 'org.fedoraproject.stg']
 {% else %}
    MESSAGING_TOPIC_PREFIX = ['org.fedoraproject.prod', 'org.fedoraproject.dev']
 {% endif %}
    # Allow custom component repositories
    RPMS_ALLOW_REPOSITORY = True
    RPMS_ALLOW_CACHE = True
    MODULES_ALLOW_REPOSITORY = True
    # Determines how many builds can be submitted to the builder
    # and be in the build state at a time. Set this to 0 for no restrictions
    # We can set some limit in the future, once we need it
    NUM_CONSECUTIVE_BUILDS = 0
    # When MBS frontend runs on same machine as scheduler,
    # it is fine to set this to localhost
    SERVER_NAME = 'localhost'
 class DevConfiguration(base.DevConfiguration):
    SYSTEM = 'copr'
 class BaseConfiguration(base.BaseConfiguration):
    pass
 class TestConfiguration(base.TestConfiguration):
    pass
--- a/roles/copr/mbs/templates/copr.conf
+++ b/roles/copr/mbs/templates/copr.conf
@ -1,10 +0,0 @@
 [copr-cli]
 # Username belongs to build owner and is provided by MBS on runtime
 username =
 # API login for copr proxyuser
 login = {{ copr_mbs_cli_login }}
 token = {{ copr_mbs_cli_token }}
 copr_url = {% if env == 'staging' %}http{% else %}https{% endif %}://{{ copr_frontend_public_hostname }}
--- a/roles/copr/mbs/templates/module_build_service.py
+++ b/roles/copr/mbs/templates/module_build_service.py
@ -1,56 +0,0 @@
 import os
 config = {
    # Just for dev.
    "validate_signatures": False,
    # Talk to the relay, so things also make it to composer.stg in our dev env
    "active": True,
    # Since we're in active mode, we don't need to declare any of our own
    # passive endpoints.  This placeholder value needs to be here for the tests
    # to pass in Jenkins, though.  \o/
    "endpoints": {
        "fedora-infrastructure": [
            # Just listen to staging for now, not to production (spam!)
 {% if inventory_hostname.startswith('copr-fe.cloud') %}
 "tcp://hub.fedoraproject.org:9940"
 {% else %}
 #"tcp://stg.fedoraproject.org:9940"
 {% endif %}
        ],
    },
    # Start of code signing configuration
    # 'sign_messages': True,
    # 'validate_signatures': True,
    # 'crypto_backend': 'x509',
    # 'crypto_validate_backends': ['x509'],
    # 'ssldir': '/opt/module_build_service/pki',
    # 'crl_location': 'http://localhost/crl/ca.crl',
    # 'crl_cache': '/etc/pki/fedmsg/crl.pem',
    # 'crl_cache_expiry': 10,
    # 'ca_cert_location': 'http://localhost/crl/ca.crt',
    # 'ca_cert_cache': '/etc/pki/fedmsg/ca.crt',
    # 'ca_cert_cache_expiry': 0,  # Never expires
    # 'certnames': {
    #     'module_build_service.localhost': 'localhost'
    # }
    # End of code signing configuration
 }
 # developer's instance (docker/vagrant/...)
 if 'MODULE_BUILD_SERVICE_DEVELOPER_ENV' in os.environ and \
   os.environ['MODULE_BUILD_SERVICE_DEVELOPER_ENV'].lower() in (
       '1', 'on', 'true', 'y', 'yes'):
    config['endpoints']['relay_outbound'] = ["tcp://fedmsg-relay:2001"]
    config['relay_inbound'] = ["tcp://fedmsg-relay:2003"]
 else:
    # These configuration values are reasonable for most other configurations.
 {% if inventory_hostname.startswith('copr-fe.cloud') %}
    config['endpoints']['relay_outbound'] = ["tcp://127.0.0.1:4001"]
    config['relay_inbound'] = ["tcp://127.0.0.1:2003"]
 {% else %}
    config['endpoints']['relay_outbound'] = ['tcp://172.25.32.175:4001']
    config['relay_inbound'] = ['tcp://172.25.32.175:2003']
 {% endif %}