infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions

fedora-hubs: delete unused ansible role + config

Browse source 
Signed-off-by: Clement Verna <cverna@tutanota.com>
This commit is contained in:
Clement Verna 2019-04-23 11:56:47 +02:00
parent ba71e878c2
commit 18048e10ed
32 changed files with 0 additions and 846 deletions
Download patch file Download diff file Expand all files Collapse all files

1
inventory/group_vars/bodhi2
View file

@ -113,6 +113,5 @@ csi_relationship: |
* Blockerbugs checks bodhi for lists of updates.
* fedora-packages will try to query bodhi for the release status of
updates.
* fedora-hubs has some widgets that display bodhi update information.
* fedora-easy-karma, abrt, 'fedpkg update', an eclipse plugin and other
client tools make queries to the bodhi webapp here.

1
inventory/group_vars/bodhi2-stg
View file

@ -116,6 +116,5 @@ csi_relationship: |
* Blockerbugs checks bodhi for lists of updates.
* fedora-packages will try to query bodhi for the release status of
updates.
* fedora-hubs has some widgets that display bodhi update information.
* fedora-easy-karma, abrt, 'fedpkg update', an eclipse plugin and other
client tools make queries to the bodhi webapp here.

33
inventory/group_vars/hubs-stg
View file

@ -1,33 +0,0 @@
---
# Define resources for this group of hosts here.
lvm_size: 20000
mem_size: 4096
num_cpus: 2
# for systems that do not match the above - specify the same parameter in
# the host_vars/$hostname file
tcp_ports: [ 80 ]
fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-hubs,sysadmin-veteran
# These are consumed by a task in roles/fedmsg/base/tasks/main.yml
fedmsg_certs:
- service: shell
owner: hubs
group: hubs
can_send:
- logger.log
- hubs.user.created
- hubs.user.role.added
- hubs.user.role.changed
- hubs.user.role.removed
- hubs.hub.created
- hubs.hub.updated
- hubs.widget.updated
# Used by the hubs role
hubs_url_hostname: hubs.stg.fedoraproject.org
hubs_db_host: db01.stg.phx2.fedoraproject.org
hubs_oidc_url: id.stg.fedoraproject.org
hubs_oidc_secret: "{{ hubs_stg_oidc_secret }}"

1
master.yml
View file

@ -138,7 +138,6 @@
- import_playbook: /srv/web/infra/ansible/playbooks/hosts/fedora-bootstrap.fedorainfracloud.org.yml
- import_playbook: /srv/web/infra/ansible/playbooks/hosts/fedimg-dev.fedorainfracloud.org.yml
- import_playbook: /srv/web/infra/ansible/playbooks/hosts/glittergallery-dev.fedorainfracloud.org.yml
- import_playbook: /srv/web/infra/ansible/playbooks/hosts/hubs-dev.fedorainfracloud.org.yml
- import_playbook: /srv/web/infra/ansible/playbooks/hosts/iddev.fedorainfracloud.org.yml
- import_playbook: /srv/web/infra/ansible/playbooks/hosts/lists-dev.fedorainfracloud.org.yml
- import_playbook: /srv/web/infra/ansible/playbooks/hosts/magazine2.fedorainfracloud.org.yml

6
playbooks/include/proxies-websites.yml
View file

@ -290,12 +290,6 @@
cert_name: "{{wildcard_cert_name}}"
tags: ostree
- role: httpd/website
site_name: hubs.fedoraproject.org
sslonly: true
server_aliases: [hubs.stg.fedoraproject.org]
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: flocktofedora.org
server_aliases:

23
roles/fedmsg/irc/templates/ircbot.py
View file

@ -78,29 +78,6 @@ config = dict(
),
),
# For fedora-hubs (not fedora-apps)
dict(
network='chat.freenode.net',
port=6667,
make_pretty=True,
make_terse=True,
{% if env == 'staging' %}
nickname='fn-stg-hubs',
{% else %}
nickname='fm-hubs',
{% endif %}
channel='fedora-hubs',
filters=dict(
topic=[
'^((?!(github\.create|github\.issue\.|github\.pull_request\.|github\.commit_comment|github\.star|pagure)).)*$',
],
body=[
"^((?!(fedora-hubs)).)*$",
],
),
),
# For that commops crew!
dict(
network='chat.freenode.net',

11
roles/haproxy/templates/haproxy.cfg
View file

@ -178,17 +178,6 @@ backend fedocal-backend
{% endif %}
option httpchk GET /calendar
frontend hubs-frontend
bind 0.0.0.0:10068
default_backend hubs-backend
backend hubs-backend
balance hdr(appserver)
{% if env != "production" %}
server hubs01 hubs01:80 check inter 10s rise 1 fall 2
{% endif %}
option httpchk GET /
# IMPORTANT: 10023-10026 will NOT work because of selinux policies
frontend datagrepper-frontend

21
roles/hubs/defaults/main.yml
View file

@ -1,21 +0,0 @@
main_user: hubs
hubs_dev_mode: false
hubs_secret_key: changeme
hubs_base_dir: "/srv/hubs"
hubs_code_dir: "{{ hubs_base_dir }}/fedora-hubs"
hubs_conf_dir: "{{ hubs_base_dir }}/config"
hubs_var_dir: "{{ hubs_base_dir }}/var"
hubs_log_dir: "{{ hubs_base_dir }}/log"
hubs_db_type: sqlite
hubs_db_user: hubs
hubs_db_password: changeme
hubs_db_host: localhost
hubs_db_name: hubs
hubs_url_hostname: "{{ ansible_fqdn }}"
hubs_url: http{% if not hubs_dev_mode %}s{% endif %}://{{ hubs_url_hostname }}{% if hubs_dev_mode %}:5000{% endif %}
hubs_ssl_cert: /etc/pki/tls/certs/{{ hubs_url_hostname }}.crt
hubs_ssl_key: /etc/pki/tls/private/{{ hubs_url_hostname }}.key
hubs_fas_username: null
hubs_fas_password: null
hubs_oidc_url: iddev.fedorainfracloud.org
hubs_oidc_secret: changeme

9
roles/hubs/files/nginx_proxy_params
View file

@ -1,9 +0,0 @@
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
# we don't want nginx trying to do something clever with
# redirects, we set the Host: header above already.
proxy_redirect off;
# OpenID Connect uses large headers, we need bigger buffers.
proxy_buffer_size 128k;
proxy_buffers 8 256k;

14
roles/hubs/files/pg_hba.conf
View file

@ -1,14 +0,0 @@
# PostgreSQL Client Authentication Configuration File
# ===================================================
#
# Refer to the "Client Authentication" section in the PostgreSQL
# documentation for a complete description of this file.
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5

26
roles/hubs/handlers/main.yml
View file

@ -1,26 +0,0 @@
- name: restart postgresql
service: name=postgresql state=restarted
- name: restart hubs triage
service: name=fedora-hubs-triage@* state=restarted
listen: "hubs configuration change"
when: not hubs_dev_mode
- name: restart hubs workers
service: name=fedora-hubs-worker@* state=restarted
listen: "hubs configuration change"
when: not hubs_dev_mode
- name: restart hubs SSE server
service: name=fedora-hubs-sse state=restarted
listen: "hubs configuration change"
when: not hubs_dev_mode
# Webserver
- name: restart hubs webapp
service: name=fedora-hubs-webapp state=restarted
listen: "hubs configuration change"
when: not hubs_dev_mode
- name: restart nginx
service: name=nginx state=restarted

3
roles/hubs/meta/main.yml
View file

@ -1,3 +0,0 @@
dependencies:
- certbot
- mongodb

52
roles/hubs/tasks/db-postgresql.yml
View file

@ -1,52 +0,0 @@
# Set up Postgres, create the database, and populate it.
- name: Install dependencies
dnf: name={{ item }} state=present
with_items:
- postgresql-server
- python3-psycopg2
# For the ansible module
- python-psycopg2
- name: Set up postgresql database
command: postgresql-setup --initdb
args:
creates: /var/lib/pgsql/data/base
- name: Set up postgresql access rules to allow local access
copy:
src: pg_hba.conf
dest: /var/lib/pgsql/data/pg_hba.conf
owner: postgres
group: postgres
mode: 0600
notify: restart postgresql
- name: Start and enable postgresql
service: name=postgresql state=started enabled=yes
- name: Set up the DB user
postgresql_user:
name: hubs
password: "{{ hubs_db_password }}"
role_attr_flags: NOSUPERUSER,NOCREATEROLE,NOCREATEDB
become: true
become_user: postgres
- name: Create the database
postgresql_db:
name: hubs
owner: hubs
register: db_creation
become: true
become_user: postgres
- name: Populate the Fedora Hubs database
command: "python3 {{ hubs_code_dir }}/populate.py"
args:
chdir: "{{ hubs_code_dir }}"
environment:
HUBS_CONFIG: "{{ hubs_conf_dir }}/hubs.py"
become: true
become_user: "{{ main_user }}"
when: db_creation|succeeded and db_creation is changed and hubs_dev_mode

9
roles/hubs/tasks/db-sqlite.yml
View file

@ -1,9 +0,0 @@
- name: Create and populate the Fedora Hubs database
command: "python3 {{ hubs_code_dir }}/populate.py"
args:
creates: "{{ hubs_var_dir }}/hubs.db"
chdir: "{{ hubs_code_dir }}"
environment:
HUBS_CONFIG: "{{ hubs_conf_dir }}/hubs.py"
become: true
become_user: "{{ main_user }}"

82
roles/hubs/tasks/dev.yml
View file

@ -1,82 +0,0 @@
# Set up the Python development environment
- name: Install Fedora Hubs requirements.txt into hubs virtualenv
pip:
requirements: "{{ hubs_code_dir }}/requirements.txt"
executable: pip3
- name: Install Fedora Hubs test-requirements.txt into hubs virtualenv
pip:
requirements: "{{ hubs_code_dir }}/test-requirements.txt"
executable: pip3
- name: Install other packages into hubs virtualenv
pip:
name: "{{ item }}"
executable: pip3
with_items:
- bleach
- name: Install Fedora Hubs into the virtualenv
command: "pip3 install -e {{ hubs_code_dir }}"
args:
creates: "/usr/lib/python3.6/site-packages/fedora-hubs.egg-link"
# Set up JavaScript requirements
- name: Install npm packages
command: npm install
become: true
become_user: "{{ main_user }}"
args:
creates: node_modules
chdir: "{{ hubs_code_dir }}/js"
- name: Build JavaScript assets
command: npm run build
become: true
become_user: "{{ main_user }}"
args:
chdir: "{{ hubs_code_dir }}/js"
creates: "{{ hubs_code_dir }}/hubs/static/js/build/common.js"
# Development tools
- name: Install helpful development packages
dnf: name={{ item }} state=present
with_items:
- git
- vim-enhanced
- name: Install Fedora Hubs development tools
dnf: name={{ item }} state=present
with_items:
- python3-honcho
- python3-tox
- name: Ease local access to the database
copy:
content: "*:*:hubs:hubs:{{ hubs_db_password }}"
dest: /home/{{ main_user }}/.pgpass
mode: 600
owner: "{{ main_user }}"
group: "{{ main_user }}"
when: hubs_db_type == "postgresql"
- name: Install a custom bashrc
template: src=bashrc dest=/home/{{ main_user }}/.bashrc
- name: Install Honcho's env file
template: src=honcho-env dest={{ hubs_base_dir }}/.env
- name: Install Honcho's procfile
template: src=honcho-procfile dest={{ hubs_base_dir }}/Procfile
- name: Link to the FAS credentials file if any
file:
state: link
path: "/etc/fedmsg.d/fas_credentials.py"
src: "{{ hubs_code_dir }}/fedmsg.d/fas_credentials.py"
notify: "hubs configuration change"

64
roles/hubs/tasks/dev_deps.yml
View file

@ -1,64 +0,0 @@
- name: Install Fedora Hubs development packages
dnf: name={{ item }} state=present
with_items:
- gcc
- gcc-c++
- libffi-devel
- openssl-devel
- python-sphinx
- python2-devel
- python3-devel
- python3-virtualenv
- python3-flask-oidc
- python3-moksha-common
- redhat-rpm-config
- sqlite-devel
- npm
- fedmsg-hub
- name: Install the distribution versions of requirements.txt
dnf: name={{ item }} state=present
with_items:
- python3-alembic
- python3-arrow
- python3-beautifulsoup4
- python3-bleach
- python3-blinker
- python3-dateutil
- python3-decorator
- python3-dogpile-cache
- python3-fedmsg
- python3-fedmsg-meta-fedora-infrastructure
- python3-fedora
- python3-flask
- python3-flask-oidc
- python3-html5lib
- python3-humanize
- python3-iso3166
- python3-markdown
- python3-munch
- python3-pkgwat-api
- python3-pygments
- python3-pygments-markdown-lexer
- python3-pymongo
- python3-pytz
- python3-redis
- python3-requests
- python3-retask
- python3-six
- python3-sqlalchemy
- python3-twisted
- name: Create the directory structure
file:
path: "{{ item.path }}"
state: directory
owner: "{{ main_user }}"
group: "{{ main_user }}"
mode: "{{ item.mode }}"
#setype: httpd_sys_content_rw_t
with_items:
- {path: "{{ hubs_base_dir }}", mode: 755}
- {path: "{{ hubs_conf_dir }}", mode: 750}
- {path: "{{ hubs_var_dir }}", mode: 750}

98
roles/hubs/tasks/main.yml
View file

@ -1,98 +0,0 @@
---
- name: Install external dependencies
dnf: name={{ item }} state=present
with_items:
- redis
- python3-fedmsg
- postfix
- include_tasks: dev_deps.yml
when: hubs_dev_mode
- include_tasks: prod_deps.yml
when: not hubs_dev_mode
- name: Add a basic Hubs configuration file
template:
src: "{{ item }}"
dest: "{{ hubs_conf_dir }}/hubs.py"
owner: root
group: "{{ main_user }}"
mode: 0640
with_first_found:
- hubs_config.{{ ansible_hostname }}
- hubs_config
notify: "hubs configuration change"
- name: Add a basic fedmsg configuration file
template:
src: "{{ item }}"
dest: "/etc/fedmsg.d/fedora-hubs.py"
with_first_found:
- fedmsg_config.{{ ansible_hostname }}
- fedmsg_config
notify: "hubs configuration change"
- name: Configure application to authenticate with the OIDC provider (dev)
block:
- dnf: name=python3-flask-oidc state=present
- command:
oidc-register
--output-file {{ hubs_conf_dir }}/client_secrets.json
https://{{ hubs_oidc_url }}/ {{ hubs_url }}
args:
creates: "{{ hubs_conf_dir }}/client_secrets.json"
notify: "hubs configuration change"
when: hubs_oidc_url == "iddev.fedorainfracloud.org"
- name: Configure application to authenticate with the OIDC provider
template:
src: oidc_client_secrets.json
dest: "{{ hubs_conf_dir }}/client_secrets.json"
owner: root
group: "{{ main_user }}"
mode: 0640
notify: "hubs configuration change"
when: hubs_oidc_url != "iddev.fedorainfracloud.org"
- name: Fix the permissions on the OIDC secrets file
file:
path: "{{ hubs_conf_dir }}/client_secrets.json"
owner: root
group: "{{ main_user }}"
mode: 0640
- name: Start and enable the common services
service: name={{ item }} state=started enabled=yes
with_items:
- redis
- postfix
# Set up, create, and populate the database.
- include_tasks: db-{{ hubs_db_type }}.yml
# Services
- name: Disable the system-wide fedmsg daemons
service: name={{ item }} state=stopped enabled=no
with_items:
# We use honcho in dev mode and fedmsg-hub-3 in prod mode
- fedmsg-hub
# We use honcho in dev mode and fedmsg-relay-3 in prod mode
- fedmsg-relay
# Include mode-specific tasks
- include_tasks: dev.yml
when: hubs_dev_mode
- include_tasks: prod.yml
when: not hubs_dev_mode

19
roles/hubs/tasks/prod.yml
View file

@ -1,19 +0,0 @@
- name: Install the service environment file
template:
src: env
dest: /etc/sysconfig/fedora-hubs
- name: Start and enable the services in prod mode
service: name={{ item }} state=started enabled=yes
with_items:
- fedmsg-relay-3
- fedmsg-hub-3
- fedora-hubs-triage@1
- fedora-hubs-triage@2
- fedora-hubs-worker@1
- fedora-hubs-worker@2
- fedora-hubs-worker@3
- fedora-hubs-worker@4
- fedora-hubs-sse
- include_tasks: web-apache.yml

2
roles/hubs/tasks/prod_deps.yml
View file

@ -1,2 +0,0 @@
- name: Install the Fedora Hubs package
dnf: name=fedora-hubs state=present

42
roles/hubs/tasks/web-apache.yml
View file

@ -1,42 +0,0 @@
# Webserver config
- name: Install the webserver packages
dnf: name={{ item }} state=present
with_items:
- python3-mod_wsgi
- libselinux-python
- policycoreutils-python
- name: Apache configuration for hubs
template:
src: apache.conf
dest: /etc/httpd/conf.d/fedora-hubs.conf
notify:
- restart apache
- name: Allow network connection for Apache
seboolean:
name: httpd_can_network_connect
state: yes
persistent: yes
- name: Allow execmem for Apache
seboolean:
name: httpd_execmem
state: yes
persistent: yes
- name: Allow Apache to write to the cache files
sefcontext:
setype: httpd_sys_rw_content_t
target: "/var/lib/fedora-hubs(/.*)?"
- name: Start and enable the services
service: name={{ item }} state=started enabled=yes
with_items:
- httpd

80
roles/hubs/tasks/web-nginx.yml
View file

@ -1,80 +0,0 @@
# Webserver config
- name: Install the webserver packages
dnf: name={{ item }} state=present
with_items:
- python3-gunicorn
- nginx
- libsemanage-python
- name: install python3-certbot-nginx
dnf: name=python3-certbot-nginx state=present
when: hubs_ssl_cert != None
- name: get the letsencrypt cert
command: certbot certonly -n --standalone --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx" -d {{ hubs_url_hostname }} --agree-tos --email admin@fedoraproject.org
args:
creates: "{{ hubs_ssl_key }}"
when: hubs_ssl_cert != None
notify:
- restart nginx
- name: Nginx configuration for hubs
template:
src: nginx.conf
dest: /etc/nginx/conf.d/fedora-hubs.conf
notify:
- restart nginx
- name: Nginx SSL configuration
template:
src: "{{ item }}"
dest: /etc/nginx/ssl_params
with_first_found:
- nginx_ssl_params.{{ ansible_hostname }}
- nginx_ssl_params
when: hubs_ssl_cert != None
notify:
- restart nginx
- name: Nginx proxy configuration
copy:
src: "{{ item }}"
dest: /etc/nginx/proxy_params
with_first_found:
- nginx_proxy_params.{{ ansible_hostname }}
- nginx_proxy_params
notify:
- restart nginx
- name: Allow network connection for Nginx
seboolean:
name: httpd_can_network_connect
state: yes
persistent: yes
- name: Create the log directory
file:
path: "{{ hubs_log_dir }}"
owner: "{{ main_user }}"
state: directory
- name: Install the Gunicorn config file
template:
src: gunicorn.py
dest: "{{ hubs_conf_dir }}/gunicorn.py"
notify: "hubs configuration change"
- name: Start and enable the services
service: name={{ item }} state=started enabled=yes
with_items:
- fedora-hubs-webapp
- nginx

27
roles/hubs/templates/apache.conf
View file

@ -1,27 +0,0 @@
Alias /static /usr/lib/python3.6/site-packages/hubs/static
WSGIScriptAlias / /usr/share/fedora-hubs/hubs.wsgi
WSGIDaemonProcess hubs user=hubs group=hubs display-name=hubs maximum-requests=1000 processes=4 threads=30
WSGISocketPrefix run/wsgi
WSGIRestrictStdout On
WSGIRestrictSignal Off
WSGIPythonOptimize 1
<Directory "/usr/share/fedora-hubs">
<Files hubs.wsgi>
Order deny,allow
Allow from all
Require all granted
</Files>
WSGIProcessGroup hubs
</Directory>
<Directory "/usr/lib/python3.6/site-packages/hubs/static">
Order deny,allow
Allow from all
Require all granted
</Directory>
# SSE
ProxyPass /sse http://localhost:8080
ProxyPassReverse /sse http://localhost:8080

48
roles/hubs/templates/bashrc
View file

@ -1,48 +0,0 @@
# .bashrc
# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi
alias vi=vim
# Uncomment the following line if you don't like systemctl's auto-paging feature:
# export SYSTEMD_PAGER=
# User specific aliases and functions
# If adding new functions to this file, note that you can add help text to the function
# by defining a variable with name _<function>_help containing the help text
# Honcho has issues outputing UTF-8 in Vagrant SSH
# https://github.com/nickstenning/honcho/issues/51
export PYTHONIOENCODING=utf-8
export HUBS_CONFIG={{ hubs_conf_dir }}/hubs.py
export FLASK_APP={{ hubs_code_dir }}/hubs/app.py
workon() {
[ "$1" == "hubs" ] || ( echo "No such virtualenv."; exit 1 )
cd {{ hubs_code_dir }}
}
alias hup="pushd ~ ; honcho start ; popd"
hreset() {
{% if hubs_db_type == "postgresql" %}
sudo -u postgres dropdb hubs
sudo -u postgres createdb -O hubs hubs
{% else %}
rm {{ hubs_var_dir }}/hubs.db
{% endif %}
rm {{ hubs_var_dir }}/cache.db
pushd {{ hubs_code_dir }}
python3 populate.py
popd
}
# Enable autocomplete for the fedora-hubs command
eval "$(_FEDORA_HUBS_COMPLETE=source fedora-hubs)"

2
roles/hubs/templates/env
View file

@ -1,2 +0,0 @@
HUBS_CONFIG={{ hubs_conf_dir }}/hubs.py
WEBAPP_CONFIG={{ hubs_conf_dir }}/gunicorn.py

32
roles/hubs/templates/fedmsg_config
View file

@ -1,32 +0,0 @@
config = {
# Database
{% if hubs_db_type == "postgresql" %}
'hubs.sqlalchemy.uri': 'postgresql://{{ hubs_db_user }}:{{ hubs_db_password }}@{{ hubs_db_host }}/{{ hubs_db_name }}',
{% else %}
'hubs.sqlalchemy.uri': 'sqlite:///{{ hubs_var_dir }}/hubs.db',
{% endif %}
# Some configuration for the general hubs cache.
"fedora-hubs.cache": {
"backend": "dogpile.cache.dbm",
#"expiration_time": 0,
"arguments": {
"filename": "{{ hubs_var_dir }}/cache.db",
},
},
{% if hubs_fas_username and hubs_fas_password %}
# FAS credentials
'fas_credentials': {
'username': '{{ hubs_fas_username }}',
'password': '{{ hubs_fas_password }}',
{% if env == "staging" %}
'base_url': "https://admin.stg.fedoraproject.org/accounts/",
{% endif %}
},
{% endif %}
# Use fedmsg-relay to publish messages
'active': True,
}

8
roles/hubs/templates/gunicorn.py
View file

@ -1,8 +0,0 @@
# flake8:noqa
bind = "127.0.0.1:8000"
threads = 12
logconfig = "{{ hubs_conf_dir }}/logging.ini"
accesslog = "{{ hubs_log_dir }}/access.log"
errorlog = "{{ hubs_log_dir }}/error.log"
access_log_format = '%(h)s %(l)s %(u)s %(t)s "%(r)s" %(s)s %(b)s "%(f)s" "%(a)s" (%(L)ss)'

3
roles/hubs/templates/honcho-env
View file

@ -1,3 +0,0 @@
FLASK_DEBUG=1
FLASK_APP={{ hubs_code_dir }}/hubs/app.py
HUBS_CONFIG={{ hubs_conf_dir }}/hubs.py

7
roles/hubs/templates/honcho-procfile
View file

@ -1,7 +0,0 @@
web: /usr/bin/flask-3 run --host 0.0.0.0 --port 5000
triage: fedora-hubs run triage
worker: fedora-hubs run worker
sse: /usr/bin/twistd-3 -l - --pidfile= -n hubs-sse
fedmsg_hub: /usr/bin/fedmsg-hub-3
fedmsg_relay: /usr/bin/fedmsg-relay-3
js_build: cd {{ hubs_code_dir }}/js && npm run dev

28
roles/hubs/templates/hubs_config
View file

@ -1,28 +0,0 @@
# Enter any hubs configuration here
SECRET_KEY = "{{ hubs_secret_key }}"
{% if hubs_dev_mode %}
# Allow the cookie to be sent of http since we work on localhost
OIDC_ID_TOKEN_COOKIE_SECURE = False
{% endif %}
OIDC_CLIENT_SECRETS = "{{ hubs_conf_dir }}/client_secrets.json"
OIDC_OPENID_REALM = "{{ hubs_url }}/oidc_callback"
{% if hubs_ssl_cert == None %}
# There's an SSL proxy, flask_oidc will generate a redirect_uri without https
# if we don't overwrite it here.
OVERWRITE_REDIRECT_URI = "{{ hubs_url }}/oidc_callback"
{% endif %}
SSE_URL = {
# "host": "sse.example.com",
{% if hubs_dev_mode %}
"port": "8080",
{% else %}
{% if hubs_ssl_cert == None %}
"scheme": "https", # Because of the SSL proxy
{% endif %}
"path": "/sse",
{% endif %}
}

76
roles/hubs/templates/nginx.conf
View file

@ -1,76 +0,0 @@
upstream hubs {
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response
# for UNIX domain socket setups
#server unix:/tmp/gunicorn.sock fail_timeout=0;
# for a TCP configuration
server 127.0.0.1:8000 fail_timeout=0;
}
upstream hubs-sse {
# SSE server (twisted-based)
server 127.0.0.1:8080 fail_timeout=0;
}
# Main server block
server {
{% if hubs_ssl_cert == None %}
listen 80;
listen [::]:80;
{% else %}
listen 443 deferred;
listen [::]:443 deferred;
include ssl_params;
{% endif %}
server_name {{ hubs_url_hostname }};
client_max_body_size 4G;
keepalive_timeout 5;
location / {
# checks for static file, if not found proxy to app
try_files $uri @proxy_to_app;
}
# path for static files
location /static {
alias /usr/lib/python3.6/site-packages/hubs/static;
}
location /sse/ {
include proxy_params;
proxy_pass http://hubs-sse/;
# Allow long-running queries (SSE):
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache off;
chunked_transfer_encoding off;
keepalive_timeout 0;
proxy_read_timeout 30m;
}
location @proxy_to_app {
include proxy_params;
proxy_pass http://hubs;
}
#error_page 500 502 503 504 /500.html;
#location = /500.html {
# root /path/to/app/current/public;
#}
}
{% if hubs_ssl_cert != None %}
# Redirect cleartext traffic to HTTPS
server {
listen 80;
listen [::]:80;
server_name {{ hubs_url_hostname }};
return 301 https://$server_name$request_uri;
}
{% endif %}

5
roles/hubs/templates/nginx_ssl_params
View file

@ -1,5 +0,0 @@
ssl on;
ssl_certificate {{ hubs_ssl_cert }};
ssl_certificate_key {{ hubs_ssl_key }};
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

13
roles/hubs/templates/oidc_client_secrets.json
View file

@ -1,13 +0,0 @@
{
"web": {
"client_id": "hubs",
"auth_uri": "https://{{ hubs_oidc_url }}/openidc/Authorization",
"issuer": "https://{{ hubs_oidc_url }}/openidc/",
"client_secret": "{{ hubs_oidc_secret }}",
"token_uri": "https://{{ hubs_oidc_url }}/openidc/Token",
"userinfo_uri": "https://{{ hubs_oidc_url }}/openidc/UserInfo",
"redirect_uris": [
"{{ hubs_url }}/oidc_callback"
]
}
}