Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Delete old bodhi1 role. We are on bodhi2 now.

Browse source
This commit is contained in:
Kevin Fenzi 2016-01-05 20:58:26 +00:00
parent 7b25e705aa
commit f4f25234a4
25 changed files with 0 additions and 1867 deletions
Download patch file Download diff file Expand all files Collapse all files

15
roles/bodhi/backend/files/bodhi-masher.conf
View file

@ -1,15 +0,0 @@
Alias /updates/static /usr/share/bodhi/static
WSGISocketPrefix run/wsgi
WSGIRestrictSignal Off
WSGIDaemonProcess bodhi user=masher group=masher display-name=bodhi
WSGIPythonOptimize 1
WSGIScriptAlias /updates /usr/share/bodhi/bodhi.wsgi/updates
<Directory /usr/share/bodhi>
WSGIProcessGroup bodhi
Order deny,allow
Allow from all
</Directory>

17
roles/bodhi/backend/files/el6-epel-testing.mash
View file

@ -1,17 +0,0 @@
# mash config file
[el6-epel-testing]
rpm_path = %(arch)s/
source_path = SRPMS/
debuginfo_path = %(arch)s/debug
debuginfo = True
multilib = True
multilib_method = devel
tag = dist-6E-epel-testing
inherit = False
strict_keys = True
keys = 0608b895
use_repoview = True
repoviewurl = http://download.fedoraproject.org/pub/epel/testing/6/%(arch)s/
repoviewtitle = "Fedora EPEL Testing 6 - %(arch)s"
arches = i386 x86_64 ppc64

17
roles/bodhi/backend/files/el6-epel.mash
View file

@ -1,17 +0,0 @@
# mash config file
[el6-epel]
rpm_path = %(arch)s/
source_path = SRPMS/
debuginfo_path = %(arch)s/debug
debuginfo = True
multilib = True
multilib_method = devel
tag = dist-6E-epel
inherit = False
strict_keys = True
keys = 0608b895
use_repoview = True
repoviewurl = http://download.fedoraproject.org/pub/epel/6/%(arch)s/
repoviewtitle = "Fedora EPEL 6 - %(arch)s"
arches = i386 x86_64 ppc64

18
roles/bodhi/backend/files/epel7-testing.mash
View file

@ -1,18 +0,0 @@
# mash config file
[epel7-testing]
rpm_path = %(arch)s/
source_path = SRPMS/
debuginfo_path = %(arch)s/debug
debuginfo = True
multilib = False
tag = epel7-testing
inherit = False
strict_keys = True
keys = 352C64E5
use_repoview = True
repoviewurl = http://download.fedoraproject.org/pub/epel/testing/7/%(arch)s/
repoviewtitle = "Fedora EPEL Testing 7 - %(arch)s"
arches = x86_64 ppc64
hash_packages = True
delta = False

18
roles/bodhi/backend/files/epel7.mash
View file

@ -1,18 +0,0 @@
# mash config file
[epel7]
rpm_path = %(arch)s/
source_path = SRPMS/
debuginfo_path = %(arch)s/debug
debuginfo = True
multilib = False
tag = epel7
inherit = False
strict_keys = True
keys = 352C64E5
use_repoview = True
repoviewurl = http://download.fedoraproject.org/pub/epel/7/%(arch)s/
repoviewtitle = "Fedora EPEL 7 - %(arch)s"
arches = x86_64 ppc64
hash_packages = True
delta = False

21
roles/bodhi/backend/files/f20-updates-testing.mash
View file

@ -1,21 +0,0 @@
# mash config file
[f20-updates-testing]
rpm_path = %(arch)s/
source_path = SRPMS/
debuginfo = True
multilib = True
multilib_method = devel
tag = f20-updates-testing
inherit = False
strict_keys = True
keys = 246110C1
repoviewurl = http://download.fedoraproject.org/pub/fedora/linux/updates/testing/20/%(arch)s/
repoviewtitle = "Fedora 20 Updates Testing - %(arch)s"
arches = armhfp i386 x86_64
delta = True
#delta_dirs = /pub/fedora/linux/releases/20/Everything/%(arch)s/os/,/mnt/koji/mash/updates/f20-updates/%(arch)s/
#parent_repos = http://download.fedoraproject.org/pub/fedora/linux/updates/20/%(arch)s, http://download.fedoraproject.org/pub/fedora/linux/releases/20/Everything/%(arch)s/os
# point to branched till we release then use above
delta_dirs = /pub/fedora/linux/development/20/%(arch)s/os/
parent_repos = http://download.fedoraproject.org/pub/fedora/linux/development/20/%(arch)s/os/

20
roles/bodhi/backend/files/f20-updates.mash
View file

@ -1,20 +0,0 @@
[f20-updates]
rpm_path = %(arch)s/
source_path = SRPMS/
debuginfo = True
multilib = True
multilib_method = devel
tag = f20-updates
inherit = False
strict_keys = True
keys = 246110C1
repoviewurl = http://download.fedoraproject.org/pub/fedora/linux/updates/20/%(arch)s/
repoviewtitle = "Fedora 20 Updates - %(arch)s"
arches = armhfp i386 x86_64
delta = True
#generate deltas against branched
delta_dirs = /pub/fedora/linux/development/20/%(arch)s/os/,/mnt/koji/mash/updates/f20-updates/%(arch)s/
parent_repos = http://download.fedoraproject.org/pub/fedora/linux/development/20/%(arch)s/os
# Bellow needs enabling at GA
#delta_dirs = /pub/fedora/linux/releases/20/Everything/%(arch)s/os/,/mnt/koji/mash/updates/f20-updates/%(arch)s/
#parent_repos = http://download.fedoraproject.org/pub/fedora/linux/releases/20/Everything/%(arch)s/os

22
roles/bodhi/backend/files/f21-updates-testing.mash
View file

@ -1,22 +0,0 @@
# mash config file
[f21-updates-testing]
rpm_path = %(arch)s/
source_path = SRPMS/
debuginfo = True
multilib = True
multilib_method = devel
tag = f21-updates-testing
inherit = False
strict_keys = True
keys = 95A43F54
repoviewurl = http://download.fedoraproject.org/pub/fedora/linux/updates/testing/21/%(arch)s/
repoviewtitle = "Fedora 21 Updates Testing - %(arch)s"
arches = armhfp i386 x86_64
hash_packages = True
delta = True
delta_dirs = /pub/fedora/linux/releases/21/Everything/%(arch)s/os/,/mnt/koji/mash/updates/f21-updates/%(arch)s/
parent_repos = http://download.fedoraproject.org/pub/fedora/linux/updates/21/%(arch)s, http://download.fedoraproject.org/pub/fedora/linux/releases/21/Everything/%(arch)s/os
# point to branched till we release then use above
#delta_dirs = /pub/fedora/linux/development/21/%(arch)s/os/
#parent_repos = http://download.fedoraproject.org/pub/fedora/linux/development/21/%(arch)s/os/

20
roles/bodhi/backend/files/f21-updates.mash
View file

@ -1,20 +0,0 @@
[f21-updates]
rpm_path = %(arch)s/
source_path = SRPMS/
debuginfo = True
multilib = True
multilib_method = devel
tag = f21-updates
inherit = False
strict_keys = True
keys = 95A43F54
repoviewurl = http://download.fedoraproject.org/pub/fedora/linux/updates/21/%(arch)s/
repoviewtitle = "Fedora 21 Updates - %(arch)s"
arches = armhfp i386 x86_64
hash_packages = True
delta = True
#generate deltas against branched
#delta_dirs = /pub/fedora/linux/development/21/%(arch)s/os/,/mnt/koji/mash/updates/f21-updates/%(arch)s/
#parent_repos = http://download.fedoraproject.org/pub/fedora/linux/development/21/%(arch)s/os
delta_dirs = /pub/fedora/linux/releases/21/Everything/%(arch)s/os/,/mnt/koji/mash/updates/f21-updates/%(arch)s/
parent_repos = http://download.fedoraproject.org/pub/fedora/linux/releases/21/Everything/%(arch)s/os

22
roles/bodhi/backend/files/f22-updates-testing.mash
View file

@ -1,22 +0,0 @@
# mash config file
[f22-updates-testing]
rpm_path = %(arch)s/
source_path = SRPMS/
debuginfo = True
multilib = True
multilib_method = devel
tag = f22-updates-testing
inherit = False
strict_keys = True
keys = 8E1431D5
repoviewurl = http://download.fedoraproject.org/pub/fedora/linux/updates/testing/22/%(arch)s/
repoviewtitle = "Fedora 22 Updates Testing - %(arch)s"
arches = armhfp i386 x86_64
hash_packages = True
delta = True
#delta_dirs = /pub/fedora/linux/releases/22/Everything/%(arch)s/os/,/mnt/koji/mash/updates/f22-updates/%(arch)s/
#parent_repos = http://download.fedoraproject.org/pub/fedora/linux/updates/22/%(arch)s, http://download.fedoraproject.org/pub/fedora/linux/releases/22/Everything/%(arch)s/os
# point to branched till we release then use above
delta_dirs = /pub/fedora/linux/development/22/%(arch)s/os/
parent_repos = http://download.fedoraproject.org/pub/fedora/linux/development/22/%(arch)s/os/

20
roles/bodhi/backend/files/f22-updates.mash
View file

@ -1,20 +0,0 @@
[f22-updates]
rpm_path = %(arch)s/
source_path = SRPMS/
debuginfo = True
multilib = True
multilib_method = devel
tag = f22-updates
inherit = False
strict_keys = True
keys = 8E1431D5
repoviewurl = http://download.fedoraproject.org/pub/fedora/linux/updates/22/%(arch)s/
repoviewtitle = "Fedora 22 Updates - %(arch)s"
arches = armhfp i386 x86_64
hash_packages = True
delta = True
#generate deltas against branched
delta_dirs = /pub/fedora/linux/development/22/%(arch)s/os/,/mnt/koji/mash/updates/f22-updates/%(arch)s/
parent_repos = http://download.fedoraproject.org/pub/fedora/linux/development/22/%(arch)s/os
#delta_dirs = /pub/fedora/linux/releases/22/Everything/%(arch)s/os/,/mnt/koji/mash/updates/f22-updates/%(arch)s/
#parent_repos = http://download.fedoraproject.org/pub/fedora/linux/releases/22/Everything/%(arch)s/os

111
roles/bodhi/backend/files/fedora-epel-push
View file

@ -1,111 +0,0 @@
#!/bin/sh
SOURCE=/mnt/koji/mash/updates
DEST=/pub/epel/
OPTIONS="-rlptDvHh --stats --delay-updates $RSYNC_OPTS"
for rel in 5 6; do
OUTPUT1=$(rsync $OPTIONS --exclude "repodata/*" --exclude "headers/*" \
$SOURCE/el$rel-epel/ $DEST/$rel/)
OUTPUT2=$(rsync $OPTIONS --delete --delete-delay \
$SOURCE/el$rel-epel/ $DEST/$rel/)
# Grep out some signals from the stats
bytes=$(echo "$OUTPUT1" | grep "Literal data" | awk ' { print $3 } ')
deleted=$(echo "$OUTPUT2" | grep "deleting " | wc -l)
# If anything changed, then publish a fedmsg message as bodhi.updates.sync
if [ "$bytes" != "0" -o "$deleted" != "0" ]; then
echo "{\"bytes\": \"$bytes\", \"deleted\": \"$deleted\", \"repo\": \"epel\", \"release\": \"$rel\"}" | fedmsg-logger \
--cert-prefix ftpsync \
--modname bodhi \
--topic updates.epel.sync \
--json-input &> /dev/null
fi
OUTPUT1=$(rsync $OPTIONS --exclude "repodata/*" --exclude "headers/*" \
$SOURCE/el$rel-epel-testing/ $DEST/testing/$rel/)
OUTPUT2=$(rsync $OPTIONS --delete --delete-delay \
$SOURCE/el$rel-epel-testing/ $DEST/testing/$rel/)
# Grep out some signals from the stats
bytes=$(echo "$OUTPUT1" | grep "Literal data" | awk ' { print $3 } ')
deleted=$(echo "$OUTPUT2" | grep "deleting " | wc -l)
# If anything changed, then publish a fedmsg message as bodhi.updates.sync
if [ "$bytes" != "0" -o "$deleted" != "0" ]; then
echo "{\"bytes\": \"$bytes\", \"deleted\": \"$deleted\", \"repo\": \"epel-testing\", \"release\": \"$rel\"}" | fedmsg-logger \
--cert-prefix ftpsync \
--modname bodhi \
--topic updates.epel.sync \
--json-input &> /dev/null
fi
done
for rel in 7; do
OUTPUT1=$(rsync $OPTIONS --exclude "repodata/*" \
$SOURCE/epel$rel/ $DEST/$rel/)
OUTPUT2=$(rsync $OPTIONS --delete --delete-delay \
$SOURCE/epel$rel/ $DEST/$rel/)
# Grep out some signals from the stats
bytes=$(echo "$OUTPUT1" | grep "Literal data" | awk ' { print $3 } ')
deleted=$(echo "$OUTPUT2" | grep "deleting " | wc -l)
# If anything changed, then publish a fedmsg message as bodhi.updates.sync
if [ "$bytes" != "0" -o "$deleted" != "0" ]; then
echo "{\"bytes\": \"$bytes\", \"deleted\": \"$deleted\", \"repo\": \"epel\", \"release\": \"$rel\"}" | fedmsg-logger \
--cert-prefix ftpsync \
--modname bodhi \
--topic updates.epel.sync \
--json-input &> /dev/null
fi
OUTPUT1=$(rsync $OPTIONS --exclude "repodata/*" \
$SOURCE/epel$rel-testing/ $DEST/testing/$rel/)
OUTPUT2=$(rsync $OPTIONS --delete --delete-delay \
$SOURCE/epel$rel-testing/ $DEST/testing/$rel/)
# Grep out some signals from the stats
bytes=$(echo "$OUTPUT1" | grep "Literal data" | awk ' { print $3 } ')
deleted=$(echo "$OUTPUT2" | grep "deleting " | wc -l)
# If anything changed, then publish a fedmsg message as bodhi.updates.sync
if [ "$bytes" != "0" -o "$deleted" != "0" ]; then
echo "{\"bytes\": \"$bytes\", \"deleted\": \"$deleted\", \"repo\": \"epel-testing\", \"release\": \"$rel\"}" | fedmsg-logger \
--cert-prefix ftpsync \
--modname bodhi \
--topic updates.epel.sync \
--json-input &> /dev/null
fi
done
for rel in 5 6 7; do
if [ ${rel} -eq 7 ]; then
TARGET_DIR=${DEST}/${rel}/x86_64/e
else
TARGET_DIR=${DEST}/${rel}/x86_64
fi
if [ -f ${TARGET_DIR}/epel-release*rpm ]; then
# We have a file to match. [This may sort wrong at -9 -> -10]
CANDIDATE=$( ls ${TARGET_DIR}/epel-release-*rpm | sort | tail -n 1)
TARGET=${DEST}/epel-release-latest-${rel}.noarch.rpm
# Does our symbolic link exist?
if [ -L ${TARGET} ]; then
# check to see if the link matches the candidate
TEST=$( readlink ${TARGET} )
if [ ${TEST} != ${CANDIDATE} ]; then
ln -sf $(echo ${CANDIDATE}|sed -e "s|$DEST|./|g" -e 's|//|/|g') ${TARGET}
fi
else
# first time for everything.
ln -sf $(echo ${CANDIDATE}|sed -e "s|$DEST|./|g" -e 's|//|/|g') ${TARGET}
fi
else
echo "No target file for epel-release ${rel} to link against."
fi
done

72
roles/bodhi/backend/files/fedora-updates-push
View file

@ -1,72 +0,0 @@
#!/bin/sh
SOURCE=/mnt/koji/mash/updates
DEST=/pub/fedora/linux/updates/
ATOMICSOURCE=/mnt/koji/mash/atomic/
ATOMICDEST=/pub/fedora/linux/atomic/
OPTIONS="-rlptDvHh --stats --delay-updates $RSYNC_OPTS"
for rel in 20 21 22; do
OUTPUT1=$(rsync $OPTIONS --exclude "repodata/*" \
$SOURCE/f$rel-updates/ $DEST/$rel/ --link-dest $DEST/testing/$rel/)
OUTPUT2=$(rsync $OPTIONS --delete --delete-delay --exclude=Live --exclude=Images \
$SOURCE/f$rel-updates/ $DEST/$rel/)
# Grep out some signals from the stats
bytes=$(echo "$OUTPUT1" | grep "Literal data" | awk ' { print $3 } ')
deleted=$(echo "$OUTPUT2" | grep "deleting " | wc -l)
# If anything changed, then publish a fedmsg message as bodhi.updates.sync
if [ "$bytes" != "0" -o "$deleted" != "0" ]; then
echo "{\"bytes\": \"$bytes\", \"deleted\": \"$deleted\", \"repo\": \"updates\", \"release\": \"$rel\"}" | fedmsg-logger \
--cert-prefix ftpsync \
--modname bodhi \
--topic updates.fedora.sync \
--json-input &> /dev/null
fi
done
for rel in 20 21 22; do
OUTPUT1=$(rsync $OPTIONS --exclude "repodata/*" \
$SOURCE/f$rel-updates-testing/ $DEST/testing/$rel/)
OUTPUT2=$(rsync $OPTIONS --delete --delete-delay --exclude=Live --exclude=Images \
$SOURCE/f$rel-updates-testing/ $DEST/testing/$rel/)
# Grep out some signals from the stats
bytes=$(echo "$OUTPUT1" | grep "Literal data" | awk ' { print $3 } ')
deleted=$(echo "$OUTPUT2" | grep "deleting " | wc -l)
# If anything changed, then publish a fedmsg message as bodhi.updates.sync
if [ "$bytes" != "0" -o "$deleted" != "0" ]; then
echo "{\"bytes\": \"$bytes\", \"deleted\": \"$deleted\", \"repo\": \"updates-testing\", \"release\": \"$rel\"}" | fedmsg-logger \
--cert-prefix ftpsync \
--modname bodhi \
--topic updates.fedora.sync \
--json-input &> /dev/null
fi
done
for rel in 21 22; do
OUTPUT1=$(rsync $OPTIONS --ignore-existing \
$ATOMICSOURCE/$rel/objects/ $ATOMICDEST/$rel/objects/)
OUTPUT2=$(rsync $OPTIONS --delete --delete-delay --exclude=objects/ \
$ATOMICSOURCE/$rel/ $ATOMICDEST/$rel/)
# Grep out some signals from the stats
bytes=$(echo "$OUTPUT1" | grep "Literal data" | awk ' { print $3 } ')
deleted=$(echo "$OUTPUT2" | grep "deleting " | wc -l)
# If anything changed, then publish a fedmsg message as bodhi.updates.sync
if [ "$bytes" != "0" -o "$deleted" != "0" ]; then
echo "{\"bytes\": \"$bytes\", \"deleted\": \"$deleted\", \"repo\": \"atomic\", \"release\": \"$rel\"}" | fedmsg-logger \
--cert-prefix ftpsync \
--modname bodhi \
--topic updates.fedora.sync \
--json-input &> /dev/null
fi
done

20
roles/bodhi/backend/files/update-fullfilelist
View file

@ -1,20 +0,0 @@
#!/bin/bash
# currently runs on releng2.fedora.phx.redhat.com
MOD=$1
[ -z "$MOD" ] && {
echo "usage: $0 <module>"
exit 1
}
TMPFILE=$(mktemp -p /tmp/)
pushd /pub/$MOD > /dev/null
find * -print > $TMPFILE
if diff $TMPFILE fullfilelist > /dev/null; then
rm -f $TMPFILE
else
mv $TMPFILE fullfilelist
fi
chmod 0644 fullfilelist
popd > /dev/null

3
roles/bodhi/backend/meta/main.yml
View file

@ -1,3 +0,0 @@
---
dependencies:
- { role: bodhi/base }

235
roles/bodhi/backend/tasks/main.yml
View file

@ -1,235 +0,0 @@
---
# tasklist for setting up bodhi/masher (requires bodhi/base)
# This is the base set of files needed for bodhi/masher
- name: add ftpsync group
group: name=ftpsync gid=263 system=yes state=present
- name: add ftpsync user
user: name=ftpsync uid=263 group=ftpsync createhome=yes system=yes state=present
- name: add the ftpsync update-fullfilelist script
copy: src=update-fullfilelist dest=/usr/local/bin/update-fullfilelist owner=ftpsync group=ftpsync mode=555
- name: add masher group
group: name=masher gid=751 system=yes state=present
# masher user 751
- name: add masher user as 751 - and group
user: name=masher uid=751 group=masher home=/home/masher groups=mock,ftpsync
- name: install needed packages
yum: pkg={{ item }} state=present
with_items:
- python-fedora-turbogears
tags:
- packages
- name: install bodhi-masher /etc/httpd/conf.d/bodhi.conf file
copy: >
src="bodhi-masher.conf"
dest="/etc/httpd/conf.d/bodhi.conf"
owner=root
group=root
mode=0644
notify:
- reload httpd
tags:
- config
- name: change owner and group attributes of bodhi.pem file
file: >
path="/etc/pki/bodhi/bodhi.pem"
owner=masher
group=masher
when: inventory_hostname.startswith('bodhi-backend')
tags:
- config
- name: change owner and group attributes of /var/log/bodhi directory
file: path=/var/log/bodhi owner=masher group=masher
when: inventory_hostname.startswith('bodhi-backend')
tags:
- config
- name: setup /etc/bodhi/mash.conf file...
template: >
src=mash.conf
dest=/etc/bodhi/mash.conf
owner=masher
group=masher
mode=0640
tags:
- config
- name: change type part of SELinux file context
file: >
dest=/var/tmp/bodhi/comps/
setype=httpd_sys_script_rw_t
state=directory
recurse=yes
tags:
- config
- name: change owner attribute of /var/tmp/bodhi-bz.cookie file
file: >
path=/var/tmp/bodhi-bz.cookie
owner=masher
tags:
- config
- name: install /etc/bodhi/*.mash files
copy: >
src="{{ item }}"
dest="/etc/bodhi/{{ item }}"
owner=masher
mode=0640
with_items:
- f20-updates.mash
- f20-updates-testing.mash
- f21-updates.mash
- f21-updates-testing.mash
- f22-updates.mash
- f22-updates-testing.mash
- el6-epel.mash
- el6-epel-testing.mash
- epel7.mash
- epel7-testing.mash
tags:
- config
# tasks for setting up epelmasher
- name: install needed packages
yum: pkg={{ item }} state=present
with_items:
- repoview
tags:
- packages
- name: install bodhi-epel-masher /etc/bodhi/bodhi.cfg file
template: >
src="bodhi-epel-masher.cfg.j2"
dest="/etc/bodhi/bodhi.cfg"
owner=masher
group=masher
mode=0600
when: inventory_hostname.startswith('bodhi-backend02')
notify:
- reload httpd
tags:
- config
# tasklist for setting up jobrunner
- name: install bodhi-masher-jobrunner /etc/bodhi/bodhi.cfg file
template: >
src="bodhi-masher-jobrunner.cfg.j2"
dest="/etc/bodhi/bodhi.cfg"
owner=masher
group=masher
mode=0600
when: inventory_hostname.startswith('bodhi-backend01')
notify:
- reload httpd
tags:
- config
#
# koji ssl cert for owner sync jobs below
#
- name: copy koji ssl cert for owner sync
copy: src="{{ private }}/files/pkgdb_key_and_cert.pem" dest=/etc/pki/pkgdb/pkgdb.pem mode=600
tags:
- config
#
# cron job that syncs packages to koji
#
- name: put owner-sync-pkgdb in place
template: src=owner-sync-pkgdb.j2 dest=/usr/local/bin/owner-sync-pkgdb mode=0755
tags:
- config
- name: sync packages from pkgdb2 to koji (el5)
cron: name="owner-sync-el5" minute="7,17,27,37,47,57" user="root"
job="/usr/local/bin/owner-sync-pkgdb dist-5E-epel"
cron_file=update-koji-owner-EL-5
state=absent
when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
- name: sync packages from pkgdb2 to koji (el6)
cron: name="owner-sync-el5" minute="7,17,27,37,47,57" user="root"
job="/usr/local/bin/owner-sync-pkgdb dist-6E-epel"
cron_file=update-koji-owner-EL-6
state=absent
when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
- name: sync packages from pkgdb2 to koji (epel7)
cron: name="owner-sync-el5" minute="7,17,27,37,47,57" user="root"
job="/usr/local/bin/owner-sync-pkgdb epel7"
cron_file=update-koji-owner-epel7
state=absent
when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
- name: sync packages from pkgdb2 to koji (f20)
cron: name="owner-sync-el5" minute="7,17,27,37,47,57" user="root"
job="/usr/local/bin/owner-sync-pkgdb f20"
cron_file=update-koji-owner-f20
state=absent
when: inventory_hostname.startswith('bodhi-backend01')
#
# cron job that syncs updates to master mirror
#
- name: put fedora-updates-push in place
copy: src=fedora-updates-push dest=/usr/local/bin/fedora-updates-push mode=0755
tags:
- config
when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
- name: put fedora-epel-push in place
copy: src=fedora-epel-push dest=/usr/local/bin/fedora-epel-push mode=0755
tags:
- config
when: inventory_hostname.startswith('bodhi-backend02') and env == "production"
- name: put update-fullfilelist in place
copy: src=update-fullfilelist dest=/usr/local/bin/update-fullfilelist mode=0755
tags:
- config
when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
- name: Kill the bodhi1 Updates sync cron job.
cron: name="updates-sync" minute="15,45" user="ftpsync"
job="/usr/local/bin/lock-wrapper fedora-updates-push '/usr/local/bin/fedora-updates-push && /usr/local/bin/update-fullfilelist fedora"
cron_file=updates-sync
state=absent
when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
tags:
- config
- name: Kill the bodhi1 epel Updates sync cron job.
cron: name="epel-updates-sync" minute="15,45" user="ftpsync"
job="/usr/local/bin/lock-wrapper fedora-epel-push '/usr/local/bin/fedora-epel-push && /usr/local/bin/update-fullfilelist epel"
cron_file=updates-sync
state=absent
when: inventory_hostname.startswith('bodhi-backend02') and env == "production"
tags:
- config
- name: directory sizes update cron job.
cron: name="directory-sizes-update" minute="30" hour="19" user="ftpsync"
job="/usr/bin/find /srv/pub/alt/ /srv/pub/archive/ /srv/pub/fedora-secondary/ /srv/pub/fedora/ /srv/pub/epel/ -type d ! -path '/srv/pub/fedora/.snapshot*' ! -path '/srv/pub/epel/.snapshot*' ! -path '/srv/pub/alt/.snapshot*' ! -path '/srv/pub/archive/.snapshot*' ! -path '/srv/pub/fedora-secondary/.snapshot*' ! -path '/srv/pub/alt/stage*' ! -path '/srv/pub/alt/tmp' ! -path '/srv/pub/alt/screenshots/f21/source' | grep -v snapshot | /usr/bin/xargs -n 1 /usr/bin/du --exclude=.snapshot --exclude=stage -sh > /tmp/DIRECTORY_SIZES.txt 2> /dev/null; cp /tmp/DIRECTORY_SIZES.txt /srv/pub/"
cron_file=directory-sizes-update
state=absent
when: inventory_hostname.startswith('bodhi-backend02') and env == "production"
tags:
- config
- name: setup cache directory for package signing by releng
file: state=directory mode=770 owner=masher group=sysadmin-releng path=/var/cache/sigul
tags:
- config

152
roles/bodhi/backend/templates/bodhi-epel-masher.cfg.j2
View file

@ -1,152 +0,0 @@
[global]
##
## Bodhi Production Masher Configuration
##
## $Id: bodhi-prod.cfg.erb,v 1.8 2008/05/21 23:38:07 lmacken Exp $
##
arches = 'i386 x86_64 ppc/ppc64'
# EPEL specific configuration
epel7_arches = 'x86_64 ppc64'
epel7-testing_arches = 'x86_64 ppc64'
el6-epel_arches = 'x86_64 i386 ppc64'
el6-epel-testing_arches = 'x86_64 i386 ppc64'
el5-epel_arches = 'x86_64 i386 ppc'
el5-epel-testing_arches = 'x86_64 i386 ppc'
# For pushing EPEL updates from the masher
bodhi_url = 'http://localhost/updates'
sqlobject.dburi="notrans_postgres://bodhi:{{ bodhiPassword }}@db-bodhi/bodhi"
masher = None # we are the masher
server.socket_port=8084
server.environment="production"
autoreload.on = False
server.webpath="/updates"
server.log_file = "server.log"
server.log_to_screen = False
server.thread_pool = 50
server.socket_queue_size = 30
# We probably want to have apache do this for us...
#gzipFilter.on = True
session_filter.on = False
base_url_filter.on = True
base_url_filter.use_x_forwarded_host = False
base_url_filter.base_url = 'https://admin.fedoraproject.org'
tg.strict_parameters = True
tg.ignore_parameters = ["_csrf_token"]
# Periodic jobs
jobs = ''
# Query the Fedora Package Database for the list of Critical Path Packages.
critpath.type = 'pkgdb'
# FAS2
#sqlalchemy.dburi="sqlite:///"
fas.url = 'https://admin.fedoraproject.org/accounts/'
identity.provider='jsonfas2'
identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity"
visit.manager="jsonfas2"
visit.saprovider.model="fedora.accounts.tgfas.Visit"
visit.cookie.secure = True
# Our identity that we use to fetch bugzilla details and such
bodhi_password='<%= bodhiBugzillaPassword %>'
bodhi_email = 'updates@fedoraproject.org'
# TurboMail 3.0 settings
mail.on = True
mail.transport = 'smtp'
mail.smtp.server = 'bastion'
# The 'utf-8-qp' encoding causes problems with TurboMail 3.x
# https://fedorahosted.org/bodhi/ticket/648
mail.message.encoding = 'utf-8'
notice_sender = 'updates@fedoraproject.org'
security_team = 'security_respons-members@fedoraproject.org'
release_team_address = 'bodhiadmin-members@fedoraproject.org'
fedora_announce_list = 'package-announce@lists.fedoraproject.org'
fedora_test_announce_list = 'test@lists.fedoraproject.org'
fedora_epel_announce_list = 'epel-package-announce@lists.fedoraproject.org'
fedora_epel_test_announce_list = 'epel-devel@lists.fedoraproject.org'
build_dir = '/mnt/koji/packages'
mashed_dir = '/mnt/koji/mash/updates/'
mashed_stage_dir = '/mnt/koji/mash/updates/'
mash_conf = '/etc/bodhi/mash.conf'
comps_dir = '/var/tmp/bodhi/comps'
base_address = 'https://admin.fedoraproject.org'
#bz_server = 'https://bzprx.vip.phx.redhat.com/xmlrpc.cgi'
bz_server = 'https://bugzilla.redhat.com/xmlrpc.cgi'
bz_cookie = '/var/tmp/bodhi-bz.cookie'
bz_products = 'Fedora,Fedora EPEL,oVirt'
acl_system = 'pkgdb'
pkgdb_url = 'https://admin.fedoraproject.org/pkgdb'
buildsystem = 'koji'
client_cert = '/etc/pki/bodhi/bodhi.pem'
clientca_cert = '/etc/pki/bodhi/fedora-upload-ca.cert'
serverca_cert = '/etc/pki/bodhi/fedora-server-ca.cert'
masher_lock_id = 'FEDORA-EPEL'
master_repomd = 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%d/%s/repodata/repomd.xml'
fedora_master_repomd = 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%d/%s/repodata/repomd.xml'
fedora_epel_master_repomd = 'http://download01.phx2.fedoraproject.org/pub/epel/%d/%s/repodata/repomd.xml'
[logging]
[[handlers]]
[[[debug_out]]]
class='TimedRotatingFileHandler'
args="('/var/log/bodhi/server.log', 'D', 7)"
level='DEBUG'
formatter='full_content'
[[[access_out]]]
class='TimedRotatingFileHandler'
level='INFO'
args="('/var/log/bodhi/access.log', 'D', 7)"
formatter='message_only'
[[[error_out]]]
class='TimedRotatingFileHandler'
args="('/var/log/bodhi/server.log', 'D', 7)"
level='ERROR'
formatter='full_content'
[[loggers]]
[[[bodhi]]]
level='DEBUG'
qualname='bodhi'
handlers=['debug_out']
propagate=0
[[[allinfo]]]
level='INFO'
handlers=['debug_out']
propagate=0
#[[[access]]]
#level='INFO'
#qualname='turbogears.access'
#handlers=['debug_out']
[[[turbomail]]]
level='INFO'
qualname='turbomail'
handlers=['debug_out']

159
roles/bodhi/backend/templates/bodhi-masher-jobrunner.cfg.j2
View file

@ -1,159 +0,0 @@
[global]
##
## Bodhi Production Masher Configuration
##
## $Id: bodhi-prod.cfg.erb,v 1.8 2008/05/21 23:38:07 lmacken Exp $
##
# Release status
# pre-beta enforces the 'Pre Beta' policy defined here:
# https://fedoraproject.org/wiki/Updates_Policy
f22.status = 'pre_beta'
f22.post_beta.mandatory_days_in_testing = 7
f22.post_beta.critpath.num_admin_approvals = 0
f22.post_beta.critpath.min_karma = 2
f22.post_beta.critpath.stable_after_days_without_negative_karma = 14
f22.pre_beta.mandatory_days_in_testing = 3
f22.pre_beta.critpath.num_admin_approvals = 0
f22.pre_beta.critpath.min_karma = 1
sqlobject.dburi="notrans_postgres://bodhi:{{ bodhiPassword }}@db-bodhi/bodhi"
masher = None # we are the masher
server.socket_port=8084
server.environment="production"
autoreload.on = False
server.webpath="/updates"
server.log_file = "server.log"
server.log_to_screen = False
server.thread_pool = 50
server.socket_queue_size = 30
# We probably want to have apache do this for us...
#gzipFilter.on = True
session_filter.on = False
base_url_filter.on = True
base_url_filter.use_x_forwarded_host = False
base_url_filter.base_url = 'https://admin.fedoraproject.org'
tg.strict_parameters = True
tg.ignore_parameters = ["_csrf_token"]
# Periodic jobs
jobs = 'nagmail cache_release_data refresh_metrics approve_testing_updates expire_buildroot_overrides clean_pending_tags'
# Query the Fedora Package Database for the list of Critical Path Packages.
critpath.type = 'pkgdb'
# FAS2
#sqlalchemy.dburi="sqlite:///"
fas.url = 'https://admin.fedoraproject.org/accounts/'
identity.provider='jsonfas2'
identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity"
visit.manager="jsonfas2"
visit.saprovider.model="fedora.accounts.tgfas.Visit"
visit.cookie.secure = True
# Our identity that we use to fetch bugzilla details and such
bodhi_password='<%= bodhiBugzillaPassword %>'
bodhi_email = 'updates@fedoraproject.org'
# TurboMail 3.0 settings
mail.on = True
mail.transport = 'smtp'
mail.smtp.server = 'bastion'
# The 'utf-8-qp' encoding causes problems with TurboMail 3.x
# https://fedorahosted.org/bodhi/ticket/648
mail.message.encoding = 'utf-8'
notice_sender = 'updates@fedoraproject.org'
security_team = 'security_respons-members@fedoraproject.org'
release_team_address = 'bodhiadmin-members@fedoraproject.org'
fedora_announce_list = 'package-announce@lists.fedoraproject.org'
fedora_test_announce_list = 'test@lists.fedoraproject.org'
fedora_epel_announce_list = 'epel-package-announce@lists.fedoraproject.org'
fedora_epel_test_announce_list = 'epel-devel@lists.fedoraproject.org'
build_dir = '/mnt/koji/packages'
mashed_dir = '/mnt/koji/mash/updates/'
mashed_stage_dir = '/mnt/koji/mash/updates/'
mash_conf = '/etc/bodhi/mash.conf'
comps_dir = '/var/tmp/bodhi/comps'
base_address = 'https://admin.fedoraproject.org'
#bz_server = 'https://bzprx.vip.phx.redhat.com/xmlrpc.cgi'
bz_server = 'https://bugzilla.redhat.com/xmlrpc.cgi'
bz_cookie = '/var/tmp/bodhi-bz.cookie'
bz_products = 'Fedora,Fedora EPEL,oVirt'
acl_system = 'pkgdb'
pkgdb_url = 'https://admin.fedoraproject.org/pkgdb'
buildsystem = 'koji'
client_cert = '/etc/pki/bodhi/bodhi.pem'
clientca_cert = '/etc/pki/bodhi/fedora-upload-ca.cert'
serverca_cert = '/etc/pki/bodhi/fedora-server-ca.cert'
masher_lock_id = 'FEDORA'
master_repomd = 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%d/%s/repodata/repomd.xml'
fedora_master_repomd = 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%d/%s/repodata/repomd.xml'
fedora_epel_master_repomd = 'http://download01.phx2.fedoraproject.org/pub/epel/%d/%s/repodata/repomd.xml'
arches = 'i386 x86_64'
[logging]
[[handlers]]
[[[debug_out]]]
class='TimedRotatingFileHandler'
args="('/var/log/bodhi/server.log', 'D', 7)"
level='DEBUG'
formatter='full_content'
[[[access_out]]]
class='TimedRotatingFileHandler'
level='INFO'
args="('/var/log/bodhi/access.log', 'D', 7)"
formatter='message_only'
[[[error_out]]]
class='TimedRotatingFileHandler'
args="('/var/log/bodhi/server.log', 'D', 7)"
level='ERROR'
formatter='full_content'
[[loggers]]
[[[bodhi]]]
level='DEBUG'
qualname='bodhi'
handlers=['debug_out']
propagate=0
[[[allinfo]]]
level='INFO'
handlers=['debug_out']
propagate=0
#[[[access]]]
#level='INFO'
#qualname='turbogears.access'
#handlers=['debug_out']
[[[turbomail]]]
level='INFO'
qualname='turbomail'
handlers=['debug_out']
[[[urllib3]]]
level='WARN'
qualname='urllib3'
handlers=['debug_out']

142
roles/bodhi/backend/templates/bodhi-masher.cfg.j2
View file

@ -1,142 +0,0 @@
[global]
##
## Bodhi Production Masher Configuration
##
## $Id: bodhi-prod.cfg.erb,v 1.8 2008/05/21 23:38:07 lmacken Exp $
##
sqlobject.dburi="notrans_postgres://bodhi:{{ bodhiPassword }}@db-bodhi/bodhi"
masher = None # we are the masher
server.socket_port=8084
server.environment="production"
autoreload.on = False
server.webpath="/updates"
server.log_file = "server.log"
server.log_to_screen = False
server.thread_pool = 50
server.socket_queue_size = 30
# We probably want to have apache do this for us...
#gzipFilter.on = True
session_filter.on = False
base_url_filter.on = True
base_url_filter.use_x_forwarded_host = False
base_url_filter.base_url = 'https://admin.fedoraproject.org'
tg.strict_parameters = True
tg.ignore_parameters = ["_csrf_token"]
# Periodic jobs
jobs = ''
# Query the Fedora Package Database for the list of Critical Path Packages.
# This pkgdb feature is currently broken in staging.
<% if environment == "production" %>
critpath.type = 'pkgdb'
<% end %>
# FAS2
#sqlalchemy.dburi="sqlite:///"
fas.url = 'https://admin.fedoraproject.org/accounts/'
identity.provider='jsonfas2'
identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity"
visit.manager="jsonfas2"
visit.saprovider.model="fedora.accounts.tgfas.Visit"
visit.cookie.secure = True
# Our identity that we use to fetch bugzilla details and such
bodhi_password='<%= bodhiBugzillaPassword %>'
bodhi_email = 'updates@fedoraproject.org'
mail.on = True
mail.server = 'bastion'
notice_sender = 'updates@fedoraproject.org'
security_team = 'security_respons-members@fedoraproject.org'
release_team_address = 'bodhiadmin-members@fedoraproject.org'
fedora_announce_list = 'package-announce@lists.fedoraproject.org'
fedora_test_announce_list = 'test@lists.fedoraproject.org'
fedora_epel_announce_list = 'epel-package-announce@lists.fedoraproject.org'
fedora_epel_test_announce_list = 'epel-devel@lists.fedoraproject.org'
build_dir = '/mnt/koji/packages'
mashed_dir = '/mnt/koji/mash/updates/'
mashed_stage_dir = '/mnt/koji/mash/updates/'
mash_conf = '/etc/bodhi/mash.conf'
comps_dir = '/var/tmp/bodhi/comps'
base_address = 'https://admin.fedoraproject.org'
#bz_server = 'https://bzprx.vip.phx.redhat.com/xmlrpc.cgi'
bz_server = 'https://bugzilla.redhat.com/xmlrpc.cgi'
bz_cookie = '/var/tmp/bodhi-bz.cookie'
bz_products = 'Fedora,Fedora EPEL,oVirt'
acl_system = 'pkgdb'
pkgdb_url = 'https://admin.fedoraproject.org/pkgdb'
buildsystem = 'koji'
client_cert = '/etc/pki/bodhi/bodhi.pem'
clientca_cert = '/etc/pki/bodhi/fedora-upload-ca.cert'
serverca_cert = '/etc/pki/bodhi/fedora-server-ca.cert'
masher_lock_id = 'FEDORA'
master_repomd = 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%d/%s/repodata/repomd.xml'
fedora_master_repomd = 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%d/%s/repodata/repomd.xml'
fedora_epel_master_repomd = 'http://download01.phx2.fedoraproject.org/pub/epel/%d/%s/repodata/repomd.xml'
arches = 'armhfp i386 x86_64'
[logging]
[[handlers]]
[[[debug_out]]]
class='TimedRotatingFileHandler'
args="('/var/log/bodhi/server.log', 'D', 7)"
level='DEBUG'
formatter='full_content'
[[[access_out]]]
class='TimedRotatingFileHandler'
level='INFO'
args="('/var/log/bodhi/access.log', 'D', 7)"
formatter='message_only'
[[[error_out]]]
class='TimedRotatingFileHandler'
args="('/var/log/bodhi/server.log', 'D', 7)"
level='ERROR'
formatter='full_content'
[[loggers]]
[[[bodhi]]]
level='DEBUG'
qualname='bodhi'
handlers=['debug_out']
propagate=0
[[[allinfo]]]
level='INFO'
handlers=['debug_out']
propagate=0
#[[[access]]]
#level='INFO'
#qualname='turbogears.access'
#handlers=['debug_out']
[[[turbomail]]]
level='INFO'
qualname='turbomail'
handlers=['debug_out']
[[[urllib3]]]
level='WARN'
qualname='urllib3'
handlers=['debug_out']

205
roles/bodhi/backend/templates/bodhi-prod.cfg.erb
View file

@ -1,205 +0,0 @@
[global]
##
## Bodhi Production Configuration
##
## $Id: bodhi-prod.cfg.erb,v 1.8 2008/05/21 23:38:07 lmacken Exp $
##
# Release status
# pre-beta enforces the 'Pre Beta' policy defined here:
# https://fedoraproject.org/wiki/Updates_Policy
f22.status = 'post_beta'
f22.post_beta.mandatory_days_in_testing = 7
f22.post_beta.critpath.num_admin_approvals = 0
f22.post_beta.critpath.min_karma = 2
f22.post_beta.critpath.stable_after_days_without_negative_karma = 14
f22.pre_beta.mandatory_days_in_testing = 3
f22.pre_beta.critpath.num_admin_approvals = 0
f22.pre_beta.critpath.min_karma = 1
# Bodhi Defaults:
#
# The number of admin approvals it takes to be able to push a critical path
# # update to stable for a pending release.
# critpath.num_admin_approvals = 0
#
# # The net karma required to submit a critial path update to a pending release)
# critpath.min_karma = 2
#
# # Allow critpath to submit for stable after 2 weeks with no negative karma
# critpath.stable_after_days_without_negative_karma = 14
## A notice to flash on the front page
#frontpage_notice = 'Bodhi is now enforcing the <a href="https://fedoraproject.org/wiki/Package_update_acceptance_criteria">Package Update Acceptance Criteria</a> across all Fedora releases.'
## A notice to flash on the New Update page
#newupdate_notice = 'Koji is currently down for a scheduled outage. Please see <a href="http://status.fedoraproject.org/">status.fedoraproject.org</a> for more information'
# Query the Fedora Package Database for the list of Critical Path Packages.
<% if environment == "production" %>
critpath.type = 'pkgdb'
<% else %>
<% end %>
<% if environment == "production" %>
deployment_type = "prod"
<% end %>
<% if environment == "staging" %>
deployment_type = "stg"
<% end %>
<% if environment == "development" %>
deployment_type = "dev"
<% end %>
# We no longer require proventester karma for critpath approval
# https://fedorahosted.org/bodhi/ticket/653
critpath.num_admin_approvals = 0
#f17.pre_beta.critpath.num_admin_approvals = 0
query_wiki_test_cases = True
sqlobject.dburi="notrans_postgres://bodhi:<%= bodhiPassword %>@db-bodhi/bodhi"
masher = 'http://releng04/updates'
# For the build auto-complete widget
tg_mochikit.packed = True
server.socket_port=8084
server.environment="production"
autoreload.on = False
server.webpath="/updates"
server.log_file = "server.log"
server.log_to_screen = False
server.thread_pool = 50
server.socket_queue_size = 30
# We probably want to have apache do this for us...
#gzipFilter.on = True
session_filter.on = False
base_url_filter.on = True
base_url_filter.use_x_forwarded_host = False
<% if environment == "staging" %>
base_url_filter.base_url = 'https://admin.stg.fedoraproject.org'
<% else %>
base_url_filter.base_url = 'https://admin.fedoraproject.org'
<% end %>
tg.strict_parameters = True
tg.ignore_parameters = ["_csrf_token"]
# Periodic jobs
jobs = 'cache_release_data'
# FAS2
#sqlalchemy.dburi="sqlite:///"
fas.url = 'https://admin.fedoraproject.org/accounts/'
identity.provider='jsonfas2'
identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity"
visit.manager="jsonfas2"
visit.saprovider.model="fedora.accounts.tgfas.Visit"
visit.cookie.secure = True
visit.cookie.httponly = True
# Our identity that we use to fetch bugzilla details and such
bodhi_password='<%= bodhiBugzillaPassword %>'
bodhi_email = 'updates@fedoraproject.org'
security_team = 'security_respons-members@fedoraproject.org'
release_team_address = 'bodhiadmin-members@fedoraproject.org'
fedora_announce_list = 'package-announce@lists.fedoraproject.org'
fedora_test_announce_list = 'test@lists.fedoraproject.org'
mashed_dir = '/mnt/koji/mash/updates'
# TurboMail 3.0 settings
<% if environment == "staging" %>
mail.on = False
<% else %>
mail.on = True
<% end %>
mail.transport = 'smtp'
mail.smtp.server = 'bastion'
# The 'utf-8-qp' encoding causes problems with TurboMail 3.x
# https://fedorahosted.org/bodhi/ticket/648
mail.message.encoding = 'utf-8'
notice_sender = 'updates@fedoraproject.org'
#bz_server = 'https://bzprx.vip.phx.redhat.com/xmlrpc.cgi'
bz_server = 'https://bugzilla.redhat.com/xmlrpc.cgi'
bz_cookie = '/var/tmp/bodhi-bz.cookie'
bz_products = 'Fedora,Fedora EPEL,oVirt'
build_dir = '/mnt/koji/packages'
<% if environment == "staging" %>
base_address = 'https://admin.stg.fedoraproject.org'
<% else %>
base_address = 'https://admin.fedoraproject.org'
<% end %>
acl_system = 'pkgdb'
<% if environment == "staging" %>
pkgdb_url = 'http://localhost/pkgdb'
<% else %>
pkgdb_url = 'https://admin.fedoraproject.org/pkgdb'
<% end %>
<% if environment == "staging" %>
buildsystem = 'dev'
<% else %>
buildsystem = 'koji'
<% end %>
client_cert = '/etc/pki/bodhi/bodhi.pem'
clientca_cert = '/etc/pki/bodhi/fedora-upload-ca.cert'
serverca_cert = '/etc/pki/bodhi/fedora-server-ca.cert'
[logging]
[[handlers]]
[[[debug_out]]]
class='TimedRotatingFileHandler'
args="('/var/log/bodhi/server.log', 'D', 7)"
level='DEBUG'
formatter='full_content'
[[[access_out]]]
class='TimedRotatingFileHandler'
level='INFO'
args="('/var/log/bodhi/access.log', 'D', 7)"
formatter='message_only'
[[[error_out]]]
class='TimedRotatingFileHandler'
args="('/var/log/bodhi/server.log', 'D', 7)"
level='ERROR'
formatter='full_content'
[[loggers]]
[[[bodhi]]]
level='DEBUG'
qualname='bodhi'
handlers=['debug_out']
propagate=0
[[[allinfo]]]
level='INFO'
handlers=['debug_out']
propagate=0
#[[[access]]]
#level='INFO'
#qualname='turbogears.access'
#handlers=['debug_out']
[[[turbomail]]]
level='INFO'
qualname='turbomail'
handlers=['debug_out']
[[[urllib3]]]
level='WARN'
qualname='urllib3'
handlers=['debug_out']

14
roles/bodhi/backend/templates/mash.conf
View file

@ -1,14 +0,0 @@
[defaults]
{% if environment == 'staging' %}
buildhost = http://koji.stg.fedoraproject.org/kojihub
{% else %}
buildhost = http://koji.fedoraproject.org/kojihub
{% endif %}
symlink = False
configdir = /etc/bodhi/
repodir = /mnt/koji
fork = True
use_sqlite = True
strict_keys = True
max_delta_rpm_size = 1500000000

202
roles/bodhi/backend/templates/owner-sync-pkgdb.j2
View file

@ -1,202 +0,0 @@
#!/usr/bin/python2
# cronjobs are run on releng01.stg
# Looks like:
# /usr/local/bin/owner-sync-pkgdb f19
# /usr/local/bin/owner-sync-pkgdb dist-5E-epel
# /usr/local/bin/owner-sync-pkgdb dist-6E-epel
# /usr/local/bin/owner-sync-pkgdb epel7
import sys
import os
import ConfigParser
from urlparse import urljoin
import requests
DEBUG=False
VERIFY=True
{% if env == 'staging' %}
BASEURL = os.environ.get('PACKAGEDBURL') or 'https://admin.stg.fedoraproject.org/pkgdb/'
{% else %}
BASEURL = os.environ.get('PACKAGEDBURL') or 'https://admin.fedoraproject.org/pkgdb/'
{% endif %}
if not BASEURL.endswith('/'):
BASEURL = BASEURL + '/'
# Why do we have this? Seems insecure....
sys.path.append('.')
try:
import koji
except:
import brew as koji
extraArchList = {'kernel': ('i586', 'i686', 'noarch'),
'kernel-xen-2.6': ('i586', 'i686', 'noarch'),
'glibc': ('i686',),
'openssl': ('i686',),
'em8300-kmod': ('i586', 'i686'),
'sysprof-kmod': ('i586', 'i686'),
}
def usage():
print "Usage: owner-sync <tag>"
print " <tag>: tag to synchronize owners for"
sys.exit(1)
def get_options():
# shamelessly stolen from koji CLI
opts = {
{% if env == 'staging' %}
'server': 'http://koji.stg.fedoraproject.org/kojihub',
'weburl': 'http://koji.stg.fedoraproject.org/koji',
{% else %}
'server': 'http://koji.fedoraproject.org/kojihub',
'weburl': 'http://koji.fedoraproject.org/koji',
{% endif %}
'cert': '/etc/pki/pkgdb/pkgdb.pem',
'ca': '/etc/pki/pkgdb/fedora-server-ca.cert',
'serverca': '/etc/pki/pkgdb/fedora-server-ca.cert'
}
for configFile in ('/etc/koji.conf', os.path.expanduser('~/.koji/config')):
if os.access(configFile, os.F_OK):
f = open(configFile)
config = ConfigParser.ConfigParser()
config.readfp(f)
f.close()
if config.has_section('koji'):
for name, value in config.items('koji'):
if opts.has_key(name):
opts[name] = value
for entry in opts.keys():
if entry == 'server' or entry == 'weburl':
pass
opts[entry] = os.path.expanduser(opts[entry])
return opts
if __name__ == '__main__':
try:
tag=sys.argv[1]
except:
print "ERROR: no tag specified!\n"
usage()
if tag.endswith('epel') or tag.startswith('epel'):
if tag.startswith('epel'):
version = tag.split('epel')[1]
else:
version = tag.split('-')[1][:-1]
data = requests.get(urljoin(BASEURL, 'api/collections'), verify=VERIFY).json()
branch_names = set()
for collection in (c for c in data['collections'] if c['status'] != 'EOL'):
### TODO: check with pingou that this is now returning the same
# format as the collection names in api/vcs
# By moving the data from gitbranchname into branchname, I think
# that the data will now match
branch_names.add(collection['branchname'])
if tag.startswith('epel'):
# Ex: epel7 => epel7
reponame = tag
else:
# Ex: dist-6E-epel => el6
reponame = 'el%s' % version
if reponame not in branch_names:
print 'tag %s => repo %s: does not seem to be a non-EOL branch' % (tag, reponame)
sys.exit(1)
# EPEL needs a separate entry in koji for each epel version
data = requests.get(urljoin(BASEURL, 'api/vcs?format=json'), verify=VERIFY).json()
acls = data['packageAcls']
pkgs = {}
for pkg_name in acls:
try:
owners = acls[pkg_name][reponame]
except KeyError:
# Package is not branched for this release
continue
if len(owners['commit']['people']):
# Arbitrarily take the first committer listed as the owner in
# koji
pkgs[pkg_name] = owners['commit']['people'][0]
else:
pkgs[pkg_name] = 'orphan'
pkgList = pkgs.keys()
BuildEPEL = True
arches = ["primary"]
else:
# Fedora only needs one entry per package for all Fedora releases
# Use the owner from bugzilla for simplicity
data = requests.get(urljoin(BASEURL, 'api/bugzilla?format=json'), verify=VERIFY).json()
acls = data['bugzillaAcls']
pkgList = acls['Fedora'].keys()
pkgs = {}
for pkg in acls['Fedora']:
owner = acls['Fedora'][pkg]['owner']
owner = owner.replace('group::', '').replace('@', '')
pkgs[pkg] = owner
#pkgs = dict(((p, acls['Fedora'][p]['owner']) for p in acls['Fedora']))
BuildEPEL = False
{% if env == 'staging' %}
arches = ["primary"]
{% else %}
arches = ["primary", "arm", "ppc", "s390"]
{% endif %}
pkgList.sort()
options = get_options()
for arch in arches:
if arch == "primary":
{% if env == 'staging' %}
session = koji.ClientSession("http://koji.stg.fedoraproject.org/kojihub")
{% else %}
session = koji.ClientSession("http://koji.fedoraproject.org/kojihub")
{% endif %}
else:
session = koji.ClientSession("http://%s.koji.fedoraproject.org/kojihub" % arch)
try:
session.ssl_login(options['cert'], options['ca'], options['serverca'])
except:
print "Unable to sync to %s hub" % arch
continue
kojitag = session.getTag(tag)
if kojitag is None:
print "ERROR: tag %s does not exist!\n" % (tag)
usage()
kojipkgs = {}
kojiusers = [user['name'] for user in session.listUsers()]
for p in session.listPackages(tagID=tag, inherited = True):
kojipkgs[p['package_name']] = p
for pkg in pkgList:
owner = pkgs[pkg]
if DEBUG:
print '[DEBUG] Package: %s, Owner: %s' % (pkg, owner)
if not owner in kojiusers:
# add the user first
if DEBUG:
print "Adding user %s" % owner
else:
session.createUser(owner)
kojiusers.append(owner)
if not kojipkgs.has_key(pkg):
if DEBUG:
print "Adding package %s for %s with owner %s" % (pkg, tag, owner)
else:
extraArches = None
if pkg in extraArchList:
extraArches = extraArchList[pkg]
session.packageListAdd(tag, pkg, owner = owner, extra_arches=extraArches)
elif kojipkgs[pkg]['owner_name'] != owner:
if DEBUG:
print "Setting owner for %s in %s to %s" % (pkg, tag, owner)
else:
session.packageListSetOwner(tag, pkg, owner, force = True)

123
roles/bodhi/base/tasks/main.yml
View file

@ -1,123 +0,0 @@
---
# tasklist for setting up bodhi
# This is the base set of files needed for bodhi
- name: install needed packages
yum: pkg={{ item }} state=present
with_items:
- bodhi-server
tags:
- packages
- bodhi
- name: setup /etc/bodhi/ directory
file: path=/etc/bodhi owner=root group=root mode=0755 state=directory
tags:
- config
- bodhi
- name: setup basic /etc/bodhi/ contents
template: >
src="bodhi-prod.cfg.j2"
dest="/etc/bodhi/bodhi.cfg"
owner=bodhi
group=bodhi
mode=0600
when: inventory_hostname.startswith('bodhi0')
notify:
- reload httpd
tags:
- config
- bodhi
- name: setup basic /etc/httpd/conf.d/ bodhi contents
template: >
src="bodhi-app.conf"
dest="/etc/httpd/conf.d/bodhi.conf"
owner=root
group=root
mode=0644
when: inventory_hostname.startswith('bodhi0')
notify:
- reload httpd
tags:
- config
- bodhi
- name: setup /etc/pki/bodhi directory
file: path=/etc/pki/bodhi owner=root group=root mode=0755 state=directory
tags:
- config
- bodhi
- name: install bodhi.pem file
copy: >
src="{{ private }}/files/bodhi_key_and_cert.pem"
dest="/etc/pki/bodhi/bodhi.pem"
owner=bodhi
group=bodhi
mode=0400
when: inventory_hostname.startswith('bodhi0')
tags:
- config
- bodhi
- name: install bodhi certificates
copy: >
src="{{ private }}/files/fedora-ca.cert"
dest="/etc/pki/bodhi/{{ item }}"
owner=root
group=root
mode=0644
with_items:
- fedora-server-ca.cert
- fedora-upload-ca.cert
tags:
- config
- bodhi
- name: setup /var/log/bodhi directory
file: path=/var/log/bodhi owner=bodhi group=bodhi mode=0755 state=directory
when: inventory_hostname.startswith('bodhi0')
tags:
- config
- bodhi
- name: check the selinux context of the bugzilla cookie
command: matchpathcon /var/tmp/bodhi-bz.cookie
register: cookiecontext
always_run: yes
changed_when: "1 != 1"
tags:
- config
- bodhi
- selinux
- name: set the SELinux policy for the bugzilla cookie
command: semanage fcontext -a -t httpd_tmp_t "/var/tmp/bodhi-bz.cookie"
when: cookiecontext.stdout.find('httpd_tmp_t') == -1
tags:
- config
- bodhi
- selinux
- name: enable httpd_tmp_exec SELinux boolean
seboolean: name=httpd_tmp_exec state=yes persistent=yes
tags:
- config
- bodhi
- selinux
- name: enable httpd_can_network_connect_db SELinux boolean
seboolean: name=httpd_can_network_connect_db state=yes persistent=yes
tags:
- config
- bodhi
- selinux
- name: enable httpd_can_network_connect SELinux boolean
seboolean: name=httpd_can_network_connect state=yes persistent=yes
tags:
- config
- bodhi
- selinux

20
roles/bodhi/base/templates/bodhi-app.conf
View file

@ -1,20 +0,0 @@
Alias /updates/static /usr/share/bodhi/static
WSGISocketPrefix run/wsgi
WSGIRestrictSignal Off
WSGIDaemonProcess bodhi user=bodhi group=bodhi display-name=bodhi processes={{wsgi_procs}} threads={{wsgi_threads}}
WSGIPythonOptimize 1
WSGIScriptAlias /updates /usr/share/bodhi/bodhi.wsgi/updates
# Hack, to work around some weirdness with python-tgmochikit & TG1
Alias /updates/tg_widgets/tgmochikit/packed/MochiKit/MochiKit.js /usr/lib/python2.6/site-packages/tgmochikit/static/javascript/1.4.2/packed/MochiKit/MochiKit.js
<Directory /usr/share/bodhi>
WSGIProcessGroup bodhi
SetEnvIf User-Agent Riddler GoAway=1
Order allow,deny
Allow from all
Deny from env=GoAway
</Directory>

199
roles/bodhi/base/templates/bodhi-prod.cfg.j2
View file

@ -1,199 +0,0 @@
[global]
##
## Bodhi Production Configuration
##
## $Id: bodhi-prod.cfg.erb,v 1.8 2008/05/21 23:38:07 lmacken Exp $
##
# Release status
# pre-beta enforces the 'Pre Beta' policy defined here:
# https://fedoraproject.org/wiki/Updates_Policy
f23.status = 'pre_beta'
f23.post_beta.mandatory_days_in_testing = 7
f23.post_beta.critpath.num_admin_approvals = 0
f23.post_beta.critpath.min_karma = 2
f23.post_beta.critpath.stable_after_days_without_negative_karma = 14
f23.pre_beta.mandatory_days_in_testing = 3
f23.pre_beta.critpath.num_admin_approvals = 0
f23.pre_beta.critpath.min_karma = 1
# Bodhi Defaults:
#
# The number of admin approvals it takes to be able to push a critical path
# # update to stable for a pending release.
# critpath.num_admin_approvals = 0
#
# # The net karma required to submit a critial path update to a pending release)
# critpath.min_karma = 2
#
# # Allow critpath to submit for stable after 2 weeks with no negative karma
# critpath.stable_after_days_without_negative_karma = 14
{% if env == "staging" %}
admin_groups = "packager"
{% endif %}
## A notice to flash on the front page
#frontpage_notice = 'Bodhi is now enforcing the <a href="https://fedoraproject.org/wiki/Package_update_acceptance_criteria">Package Update Acceptance Criteria</a> across all Fedora releases.'
## A notice to flash on the New Update page
#newupdate_notice = 'Koji is currently down for a scheduled outage. Please see <a href="http://status.fedoraproject.org/">status.fedoraproject.org</a> for more information'
# Query the Fedora Package Database for the list of Critical Path Packages.
{% if env == "production" %}
critpath.type = 'pkgdb'
{% endif %}
{% if env == "production" %}
deployment_type = "prod"
{% endif %}
{% if env == "staging" %}
deployment_type = "stg"
{% endif %}
{% if env == "development" %}
deployment_type = "dev"
{% endif %}
# We no longer require proventester karma for critpath approval
# https://fedorahosted.org/bodhi/ticket/653
critpath.num_admin_approvals = 0
#f17.pre_beta.critpath.num_admin_approvals = 0
query_wiki_test_cases = True
sqlobject.dburi="notrans_postgres://bodhi:{{ bodhiPassword }}@db-bodhi/bodhi"
masher = 'http://releng04/updates'
# For the build auto-complete widget
tg_mochikit.packed = True
server.socket_port=8084
server.environment="production"
autoreload.on = False
server.webpath="/updates"
server.log_file = "server.log"
server.log_to_screen = False
server.thread_pool = 50
server.socket_queue_size = 30
# We probably want to have apache do this for us...
#gzipFilter.on = True
session_filter.on = False
base_url_filter.on = True
base_url_filter.use_x_forwarded_host = False
{% if env == "staging" %}
base_url_filter.base_url = 'https://admin.stg.fedoraproject.org'
{% else %}
base_url_filter.base_url = 'https://admin.fedoraproject.org'
{% endif %}
tg.strict_parameters = True
tg.ignore_parameters = ["_csrf_token"]
# Periodic jobs
jobs = 'cache_release_data'
# FAS2
#sqlalchemy.dburi="sqlite:///"
{% if env == "staging" %}
fas.url = 'https://admin.stg.fedoraproject.org/accounts/'
{% else %}
fas.url = 'https://admin.fedoraproject.org/accounts/'
{% endif %}
identity.provider='jsonfas2'
identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity"
visit.manager="jsonfas2"
visit.saprovider.model="fedora.accounts.tgfas.Visit"
visit.cookie.secure = True
visit.cookie.httponly = True
# Our identity that we use to fetch bugzilla details and such
bodhi_password='{{ bodhiBugzillaPassword }}'
bodhi_email = 'updates@fedoraproject.org'
security_team = 'security_respons-members@fedoraproject.org'
release_team_address = 'bodhiadmin-members@fedoraproject.org'
fedora_announce_list = 'package-announce@lists.fedoraproject.org'
fedora_test_announce_list = 'test@lists.fedoraproject.org'
mashed_dir = '/mnt/koji/mash/updates'
# TurboMail 3.0 settings
{% if env == "staging" %}
mail.on = False
{% else %}
mail.on = True
{% endif %}
mail.transport = 'smtp'
mail.smtp.server = 'bastion'
# The 'utf-8-qp' encoding causes problems with TurboMail 3.x
# https://fedorahosted.org/bodhi/ticket/648
mail.message.encoding = 'utf-8'
notice_sender = 'updates@fedoraproject.org'
{% if env == "staging" %}
bz_server = 'https://partner-bugzilla.redhat.com/xmlrpc.cgi'
{% else %}
bz_server = 'https://bugzilla.redhat.com/xmlrpc.cgi'
{% endif %}
# Don't store cookies and tokens persistently on disk
#bz_cookie = '/var/tmp/bodhi-bz.cookie'
#bz_token = None
bz_products = 'Fedora,Fedora EPEL,oVirt'
build_dir = '/mnt/koji/packages'
{% if env == "staging" %}
base_address = 'https://admin.stg.fedoraproject.org'
{% else %}
base_address = 'https://admin.fedoraproject.org'
{% endif %}
acl_system = 'pkgdb'
{% if env == "staging" %}
pkgdb_url = 'https://admin.stg.fedoraproject.org/pkgdb'
{% else %}
pkgdb_url = 'https://admin.fedoraproject.org/pkgdb'
{% endif %}
buildsystem = 'koji'
{% if env == "staging" %}
koji_hub = 'https://10.5.126.87/kojihub'
koji_url = 'http://10.5.126.87'
{% endif %}
client_cert = '/etc/pki/bodhi/bodhi.pem'
clientca_cert = '/etc/pki/bodhi/fedora-upload-ca.cert'
serverca_cert = '/etc/pki/bodhi/fedora-server-ca.cert'
[logging]
[[handlers]]
[[[syslog_out]]]
class='handlers.SysLogHandler'
level='DEBUG'
args="('/dev/log', handlers.SysLogHandler.LOG_LOCAL4)"
formatter='full_content'
[[loggers]]
[[[bodhi]]]
level='DEBUG'
qualname='bodhi'
handlers=['syslog_out']
propagate=0
[[[allinfo]]]
level='INFO'
handlers=['syslog_out']
propagate=0
[[[turbomail]]]
level='INFO'
qualname='turbomail'
handlers=['syslog_out']
[[[urllib3]]]
level='WARN'
qualname='urllib3'
handlers=['syslog_out']