diff --git a/roles/pagure/upstreamfirst-frontend/files/pagure_fast_worker.service b/roles/pagure/upstreamfirst-frontend/files/pagure_fast_worker.service new file mode 100644 index 0000000000..b8fde35439 --- /dev/null +++ b/roles/pagure/upstreamfirst-frontend/files/pagure_fast_worker.service @@ -0,0 +1,15 @@ +[Unit] +Description=Pagure worker for backend git interaction +After=redis.target +Documentation=https://pagure.io/pagure + +[Service] +ExecStart=/usr/bin/celery worker -A pagure.lib.tasks --loglevel=info --autoreload -Q fast_workers -c 5 +Environment="PAGURE_CONFIG=/etc/pagure/pagure.cfg" +Type=simple +User=git +Restart=on-failure + +[Install] +WantedBy=multi-user.target + diff --git a/roles/pagure/upstreamfirst-frontend/files/pagure_medium_worker.service b/roles/pagure/upstreamfirst-frontend/files/pagure_medium_worker.service new file mode 100644 index 0000000000..2d3d4049e0 --- /dev/null +++ b/roles/pagure/upstreamfirst-frontend/files/pagure_medium_worker.service @@ -0,0 +1,15 @@ +[Unit] +Description=Pagure worker for backend git interaction +After=redis.target +Documentation=https://pagure.io/pagure + +[Service] +ExecStart=/usr/bin/celery worker -A pagure.lib.tasks --loglevel=info --autoreload -Q medium_workers -c 5 +Environment="PAGURE_CONFIG=/etc/pagure/pagure.cfg" +Type=simple +User=git +Restart=on-failure + +[Install] +WantedBy=multi-user.target + diff --git a/roles/pagure/upstreamfirst-frontend/files/pagure_slow_worker.service b/roles/pagure/upstreamfirst-frontend/files/pagure_slow_worker.service new file mode 100644 index 0000000000..6d7a0ce515 --- /dev/null +++ b/roles/pagure/upstreamfirst-frontend/files/pagure_slow_worker.service @@ -0,0 +1,15 @@ +[Unit] +Description=Pagure worker for backend git interaction +After=redis.target +Documentation=https://pagure.io/pagure + +[Service] +ExecStart=/usr/bin/celery worker -A pagure.lib.tasks --loglevel=info --autoreload -Q slow_workers -c 5 +Environment="PAGURE_CONFIG=/etc/pagure/pagure.cfg" +Type=simple +User=git +Restart=on-failure + +[Install] +WantedBy=multi-user.target + diff --git a/roles/pagure/upstreamfirst-frontend/tasks/main.yml b/roles/pagure/upstreamfirst-frontend/tasks/main.yml index 8ed1636fb9..13df9370f9 100644 --- a/roles/pagure/upstreamfirst-frontend/tasks/main.yml +++ b/roles/pagure/upstreamfirst-frontend/tasks/main.yml @@ -12,6 +12,7 @@ - pagure-milters - pagure-webhook - python-psycopg2 + - python2-pygments2 - redis - libsemanage-python - mod_ssl @@ -85,6 +86,13 @@ - gitolite - pagure +- name: create the /attachments folder + file: state=directory + path=/srv/attachments + owner=git group=git mode=0775 + tags: + - pagure + - name: Adjust owner of /srv/git file: name=/srv/git state=directory recurse=yes owner=git group=git tags: @@ -184,6 +192,19 @@ - stunnel - config +- name: Add the different service files for the different workers + copy: src={{ item }}.service + dest=/etc/systemd/system/{{ item }}.service + owner=root group=root mode=0755 + with_items: + - pagure_fast_worker + - pagure_medium_worker + - pagure_slow_worker + notify: + - reload systemd + tags: + - pagure + # Set-up Pagure @@ -281,6 +302,43 @@ tags: - pagure +- name: check the selinux context of the git repo directory + command: matchpathcon /srv/git + register: distgitcontext + check_mode: no + changed_when: false + tags: + - config + - pagure + - selinux + +- name: set the SELinux policy for the distgit root directory + command: semanage fcontext -a -t gitosis_var_lib_t "/srv/git(/.*)?" + when: distgitcontext.stdout.find('gitosis_var_lib_t') == -1 + tags: + - config + - pagure + - selinux + +- name: check the selinux context of the releases directory + command: matchpathcon /var/www/releases + register: distgitcontext + check_mode: no + changed_when: false + tags: + - config + - pagure + - selinux + +# Note: On Fedora its httpd_sys_content_rw_t - Don't we love confusions? +- name: set the SELinux policy for the releases directory + command: semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/releases(/.*)?" + when: distgitcontext.stdout.find('httpd_sys_rw_content_t') == -1 + tags: + - config + - pagure + - selinux + - name: copy over our custom selinux module copy: src=selinux/pagure.pp dest=/usr/local/share/pagure.pp register: selinux_module @@ -338,10 +396,15 @@ - redis - pagure_ev - pagure_ci - - pagure_loadjon + - pagure_loadjson - pagure_logcom - pagure_milter - pagure_webhook + - pagure_worker + - pagure_gitolite_worker + - pagure_fast_worker + - pagure_medium_worker + - pagure_slow_worker - haveged ignore_errors: true tags: diff --git a/roles/pagure/upstreamfirst-frontend/templates/pagure.wsgi b/roles/pagure/upstreamfirst-frontend/templates/pagure.wsgi index b04abac4d8..7f327fd0eb 100644 --- a/roles/pagure/upstreamfirst-frontend/templates/pagure.wsgi +++ b/roles/pagure/upstreamfirst-frontend/templates/pagure.wsgi @@ -4,7 +4,7 @@ # two possible version of python-sqlalchemy and python-jinja2 # These lines make sure the application uses the correct version. import __main__ -__main__.__requires__ = ['SQLAlchemy >= 0.8', 'jinja2 >= 2.4'] +__main__.__requires__ = ['SQLAlchemy >= 0.8', 'jinja2 >= 2.4', 'Pygments>=2.1.0'] import pkg_resources import os @@ -23,6 +23,8 @@ os.environ['TEMP'] = '/srv/tmp/' #sys.path.insert(0, '/path/to/pagure/') -## The most import line to make the wsgi working -from pagure import APP as application -#application.debug = True +# The most import line to make the wsgi working +from pagure.flask_app import create_app + +application = create_app() +application.debug = True