diff --git a/roles/copr/mbs/files/conf.py b/roles/copr/mbs/files/conf.py deleted file mode 100644 index 4fa31202b2..0000000000 --- a/roles/copr/mbs/files/conf.py +++ /dev/null @@ -1,14 +0,0 @@ -import sys -sys.path.insert(1, '/etc/module-build-service') - -from base_config import confdir, dbdir, \ - BaseConfiguration, \ - DevConfiguration, \ - TestConfiguration - - -class ProdConfiguration(BaseConfiguration): - SYSTEM = 'copr' - FAS_USERNAME = 'someuser' - FAS_PASSWORD = 'secretpassword' - OIDC_CLIENT_SECRETS = '/etc/module-build-service/client_secrets.json' diff --git a/roles/copr/mbs/files/config.py b/roles/copr/mbs/files/config.py new file mode 100644 index 0000000000..ce8049df16 --- /dev/null +++ b/roles/copr/mbs/files/config.py @@ -0,0 +1,44 @@ +import sys +sys.path.insert(1, '/etc/module-build-service') + +import base_config as base +from base_config import confdir, dbdir + + +class ProdConfiguration(base.ProdConfiguration): + SYSTEM = 'copr' + FAS_USERNAME = 'someuser' + FAS_PASSWORD = 'secretkey' + OIDC_CLIENT_SECRETS = '/etc/module-build-service/client_secrets.json' + + +class DevConfiguration(base.DevConfiguration): + SYSTEM = 'copr' + + +class BaseConfiguration(base.BaseConfiguration): + pass + + +class TestConfiguration(base.TestConfiguration): + pass + + + + + + +# import sys +# sys.path.insert(1, '/etc/module-build-service') +# +# from base_config import confdir, dbdir, \ +# BaseConfiguration, \ +# DevConfiguration, \ +# TestConfiguration +# +# +# class ProdConfiguration(BaseConfiguration): +# SYSTEM = 'copr' +# FAS_USERNAME = 'someuser' +# FAS_PASSWORD = 'secretpassword' +# OIDC_CLIENT_SECRETS = '/etc/module-build-service/client_secrets.json' diff --git a/roles/copr/mbs/files/fedmsg-hub.service b/roles/copr/mbs/files/fedmsg-hub.service new file mode 100644 index 0000000000..88b75415d9 --- /dev/null +++ b/roles/copr/mbs/files/fedmsg-hub.service @@ -0,0 +1,14 @@ +[Unit] +Description=Generic fedmsg processing hub +After=network.target +Documentation=https://fedmsg.readthedocs.org/ + +[Service] +ExecStart=/usr/bin/fedmsg-hub +Type=simple +User=mbs +Group=mbs +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/roles/copr/mbs/files/mbs.wsgi b/roles/copr/mbs/files/mbs.wsgi new file mode 100755 index 0000000000..4fd78c11ee --- /dev/null +++ b/roles/copr/mbs/files/mbs.wsgi @@ -0,0 +1,18 @@ +#!/usr/bin/python2 +import logging +import os +import sys + +# so that errors are not sent to stdout +logging.basicConfig(stream=sys.stderr) + +os.environ["COPRS_ENVIRON_PRODUCTION"] = "1" +sys.path.insert(0, os.path.dirname(__file__)) + +from module_build_service import app + +if app.debug: + from werkzeug.debug import DebuggedApplication + app = DebuggedApplication(app, True) + +application = app diff --git a/roles/copr/mbs/tasks/main.yml b/roles/copr/mbs/tasks/main.yml index 8ab5122f16..a2c41ac980 100644 --- a/roles/copr/mbs/tasks/main.yml +++ b/roles/copr/mbs/tasks/main.yml @@ -1,7 +1,12 @@ --- +# @TODO need to have comment here, to explain why not to use dnf module - name: Install python and deps for ansible modules - raw: dnf install -y python2 python2-dnf libselinux-python + command: dnf install -y python2 python2-dnf libselinux-python + + +- name: Enable copr repo + command: dnf -y copr enable @copr/copr - name: Install stuff dnf: name={{ item }} state=latest @@ -32,43 +37,64 @@ - swig - systemd-devel + - python-systemd + # Required for copr - # @TODO Get there a new version to fix - AttributeError: 'CoprClient' object has no attribute 'get_module_repo' - copr-cli + - python-copr # Install module-build-service -- name: Enable copr-dev repo - command: dnf -y copr enable frostyx/module-build-service +#- name: Enable copr-dev repo +#command: dnf -y copr enable frostyx/module-build-service - name: Install module-build-service package #dnf: name=module-build-service state=latest #command: dnf -y install https://frostyx.fedorapeople.org/module-build-service-1.0.2-1.fc24.noarch.rpm - command: dnf -y install https://kojipkgs.fedoraproject.org//packages/module-build-service/1.0.2/2.fc26/noarch/module-build-service-1.0.2-2.fc26.noarch.rpm + #command: dnf -y install https://kojipkgs.fedoraproject.org//packages/module-build-service/1.0.2/2.fc26/noarch/module-build-service-1.0.2-2.fc26.noarch.rpm + command: dnf -y install https://kojipkgs.fedoraproject.org//packages/module-build-service/1.1.0/1.fc26/noarch/module-build-service-1.1.0-1.fc26.noarch.rpm + # Post-install stuff -- name: Copy config to fedmsg.d (probably workarounding .spec here) - command: creates=/etc/fedmsg.d/module_build_service.py - cp /etc/module-build-service/fedmsg.d/module_build_service.py /etc/fedmsg.d/ + +- name: Remove /etc/fedmsg.d/relay.py + file: path=/etc/fedmsg.d/relay.py state=absent + +- name: Install fedmsg.d/mbs-scheduler.py + #command: wget https://pagure.io/fm-orchestrator/raw/master/f/fedmsg.d/mbs-scheduler.py -P /etc/fedmsg.d + get_url: url=https://pagure.io/fm-orchestrator/raw/master/f/fedmsg.d/mbs-scheduler.py dest=/etc/fedmsg.d + + + # We want to run fedmsg-hub as 'mbs' user, because we don't want to rpmbuild as 'fedmsg' +- name: Copy modified fedmsg-hub.service file + copy: src=fedmsg-hub.service dest=/etc/systemd/system/fedmsg-hub.service + +- name: Reload unit files + command: systemctl daemon-reload + + + - name: FOO #command: grep -q '^127\.0\.0\.1 fedmsg-relay$' /etc/hosts || echo "127.0.0.1 fedmsg-relay" >> /etc/hosts - command: echo "127.0.0.1 fedmsg-relay" >> /etc/hosts + #command: echo "127.0.0.1 fedmsg-relay" >> /etc/hosts + lineinfile: dest=/etc/hosts line='127.0.0.1 fedmsg-relay' - name: FOO #command: echo "export KRB5CCNAME=FILE:/var/tmp/krbcc" > /etc/profile.d/module_build_service_developer_env.sh - lineinfile: dest=/etc/profile.d/module_build_service_developer_env.sh create=yes state=present line='export KRB5CCNAME=FILE:/var/tmp/krbcc' + lineinfile: dest=/etc/profile.d/module_build_service_developer_env.sh create=yes line='export KRB5CCNAME=FILE:/var/tmp/krbcc' - name: FOO #command: echo "export MODULE_BUILD_SERVICE_DEVELOPER_ENV=1" >> /etc/profile.d/module_build_service_developer_env.sh - lineinfile: dest=/etc/profile.d/module_build_service_developer_env.sh state=present line='export MODULE_BUILD_SERVICE_DEVELOPER_ENV=1' + lineinfile: dest=/etc/profile.d/module_build_service_developer_env.sh line='export MODULE_BUILD_SERVICE_DEVELOPER_ENV=1' # - name: FOO # command: source /etc/profile.d/module_build_service_developer_env.sh # Create user and group for mbs +# @TODO use gid= and uid= - name: Create group for mbs-frontend group: name=mbs state=present @@ -82,26 +108,50 @@ - name: Export krbcc command: echo 'export KRB5CCNAME=FILE:/var/tmp/krbcc' >> ~/.bashrc -- name: Set properties in config - replace: - dest: /etc/module-build-service/config.py - regexp: '^ {{ item.key }} = .*$' - replace: ' {{ item.key }} = {{ item.value }}' - backup: yes - with_items: - - { key: 'SYSTEM', value: '"copr"'} - #- { key: 'REQUIRE_PACKAGER', value: 'False'} - #- { key: 'OIDC_CLIENT_SECRETS', value: '"/etc/module-build-service/client_secrets.json"'} +# - name: Set properties in config +# replace: +# dest: /etc/module-build-service/config.py +# regexp: '^ {{ item.key }} = .*$' +# replace: ' {{ item.key }} = {{ item.value }}' +# backup: yes +# with_items: +# - { key: 'SYSTEM', value: '"copr"'} +# #- { key: 'REQUIRE_PACKAGER', value: 'False'} +# #- { key: 'OIDC_CLIENT_SECRETS', value: '"/etc/module-build-service/client_secrets.json"'} +# + + +- name: Stat base_config + stat: path=/etc/module-build-service/base_config.py + register: base_config_stat + +- name: Move config.py to base_config.py + command: mv /etc/module-build-service/config.py /etc/module-build-service/base_config.py + when: base_config_stat.stat.exists == False + +- name: Touch __init__.py file + file: path=/etc/module-build-service/__init__.py state=touch + +- name: Copy production config + copy: src=config.py dest=/etc/module-build-service/config.py + + +- name: Chown /etc/module-build-service to mbs:mbs + file: path=/etc/module-build-service owner=mbs group=mbs recurse=yes + + # @TODO Should be packaged in module_build_service package? Or we need to create our own? - name: Obtain client_secrets.json - command: wget https://pagure.io/fm-orchestrator/raw/master/f/conf/client_secrets.json -P /etc/module-build-service/ + #command: wget https://pagure.io/fm-orchestrator/raw/master/f/conf/client_secrets.json -P /etc/module-build-service/ + get_url: url=https://pagure.io/fm-orchestrator/raw/master/f/conf/client_secrets.json dest=/etc/module-build-service/ # @TODO Should be packaged in module-build-service package? Or should already exist on copr-frontend instance? - name: Copy cacert.pem - command: wget https://pagure.io/fm-orchestrator/raw/master/f/conf/cacert.pem -O /etc/module-build-service/cacert.pem + #command: wget https://pagure.io/fm-orchestrator/raw/master/f/conf/cacert.pem -O /etc/module-build-service/cacert.pem + get_url: url=https://pagure.io/fm-orchestrator/raw/master/f/conf/cacert.pem dest=/etc/module-build-service/cacert.pem @@ -125,16 +175,37 @@ #service: name=mbs-frontend enabled=yes state=started shell: nohup mbs-frontend < /dev/null >& /tmp/mbs-frontend.out & -- name: copy apache files to conf.d - copy: src=httpd/mbs.conf dest=/etc/httpd/conf.d/mbs.conf - tags: - - config + # @FIXME Update the current coprs.conf + #- name: copy apache files to conf.d + #copy: src=httpd/mbs.conf dest=/etc/httpd/conf.d/mbs.conf + #tags: + #- config + +- name: Create /opt/module-build-service + file: path=/opt/module-build-service state=directory + +- name: Copy mbs.wsgi file + copy: src=mbs.wsgi dest=/opt/module-build-service/mbs.wsgi # Only for testing purposes # Use it as: python submit_build.py 127.0.0.1:5000 - name: Download submit_build.py - command: wget https://pagure.io/fm-orchestrator/raw/master/f/contrib/submit_build.py + #command: wget https://pagure.io/fm-orchestrator/raw/master/f/contrib/submit_build.py + get_url: url=https://pagure.io/fm-orchestrator/raw/master/f/contrib/submit_build.py dest=./ - name: Download submit-build.json - command: wget https://pagure.io/fm-orchestrator/raw/master/f/contrib/submit-build.json + #command: wget https://pagure.io/fm-orchestrator/raw/master/f/contrib/submit-build.json + get_url: url=https://pagure.io/fm-orchestrator/raw/master/f/contrib/submit-build.json dest=./ + + +# @TODO +# +# - I am currently storing my personal token in /etc/module-build-service/copr.conf +# +# - I am currently running mbs-frontend manually +# - Because of issue with in httpd config. See coprs.conf +# +# +# - Do not use wget, use http://docs.ansible.com/ansible/get_url_module.html instead +# - Rewrited, needs testing