infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions

resultsdb: drop old vm's and adjust other apps to new openshift url

Browse source 
Drop resultsdb vars and playbooks.
resultsdb is now in openshift and on a different url.
Adjust bodhi, pagure dist git for the new url.
Drop taskotron roles.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi 2022-06-21 14:01:28 -07:00
parent 1a7a0b372a
commit 68141d381b
23 changed files with 4 additions and 800 deletions
Download patch file Download diff file Expand all files Collapse all files

54
inventory/group_vars/resultsdb_dev
View file

@ -1,54 +0,0 @@
---
############################################################
# general information
############################################################
allowed_hosts:
- 10.5.124
deployment_type: dev
execdb_db_host: "{{ execdb_db_host_machine }}"
############################################################
# execdb details
############################################################
execdb_db_host_machine: db-qa01.qa.fedoraproject.org
execdb_db_name: execdb_dev
execdb_db_password: "{{ dev_execdb_db_password }}"
execdb_db_port: 5432
execdb_db_user: "{{ dev_execdb_db_user }}"
execdb_endpoint: 'execdb'
execdb_secret_key: "{{ dev_execdb_secret_key }}"
external_hostname: taskotron-dev.fedoraproject.org
freezes: false
resultsdb_db_host: "{{ resultsdb_db_host_machine }}"
############################################################
# resultsdb details
############################################################
# the db_host_machine bits are so that delegation continues to work, even if
# that db is localhost relative to resultsdb
#
resultsdb_db_host_machine: db-qa01.qa.fedoraproject.org
resultsdb_db_name: resultsdb_dev
resultsdb_db_password: "{{ dev_resultsdb_db_password }}"
resultsdb_db_port: 5432
resultsdb_db_user: "{{ dev_resultsdb_db_user }}"
resultsdb_endpoint: 'resultsdb_api'
############################################################
# resultsdb-frontend details
############################################################
resultsdb_fe_endpoint: "resultsdb"
resultsdb_frontend_secret_key: "{{ dev_resultsdb_frontend_secret_key }}"
resultsdb_secret_key: "{{ dev_resultsdb_secret_key }}"
tcp_ports: [80, 443, "{{ resultsdb_db_port }}", "{{ execdb_db_port }}"]
vault_db_host: "{{ vault_db_host_machine }}"
vault_db_host_machine: db-qa01.qa.fedoraproject.org
vault_db_name: vault_dev
vault_db_password: "{{ dev_vault_db_password }}"
vault_db_port: 5432
vault_db_user: "{{ dev_vault_db_user }}"
vault_endpoint: 'vault'
vault_masterkey: "{{dev_vault_masterkey}}"
############################################################
# vault details
############################################################
vault_public_url: "https://taskotron-dev.fedoraproject.org/vault"
vault_secret_key: "{{ dev_vault_secret_key }}"

73
inventory/group_vars/resultsdb_prod
View file

@ -1,73 +0,0 @@
---
############################################################
# general information
############################################################
allowed_hosts:
- 10.3.160.0/19
deployment_type: prod
execdb_db_host: "{{ execdb_db_host_machine }}"
############################################################
# execdb details
############################################################
execdb_db_host_machine: db01.iad2.fedoraproject.org
execdb_db_name: execdb
execdb_db_password: "{{ prod_execdb_db_password }}"
execdb_db_port: 5432
execdb_db_user: "{{ prod_execdb_db_user }}"
execdb_endpoint: 'execdb'
execdb_secret_key: "{{ prod_execdb_secret_key }}"
external_hostname: taskotron.fedoraproject.org
############################################################
# fedmsg details
############################################################
fedmsg_active: True
fedmsg_cert_prefix: resultsdb
fedmsg_certs:
- can_send:
- logger.log
group: sysadmin
owner: root
service: shell
- can_send:
- taskotron.result.new
- resultsdb.result.new
group: apache
owner: root
service: resultsdb
ipa_client_shell_groups:
- sysadmin-qa
ipa_client_sudo_groups:
- sysadmin-qa
ipa_host_group: resultsdb
ipa_host_group_desc: ResultsDB application servers
# common items for the releng-* boxes
lvm_size: 50000
mem_size: 16384
nrpe_procs_crit: 300
nrpe_procs_warn: 250
num_cpus: 4
# for systems that do not match the above - specify the same parameter in
# the host_vars/$hostname file
primary_auth_source: ipa
resultsdb_db_host: "{{ resultsdb_db_host_machine }}"
############################################################
# resultsdb details
############################################################
# the db_host_machine bits are so that delegation continues to work, even if
# that db is localhost relative to resultsdb
resultsdb_db_host_machine: db01.iad2.fedoraproject.org
resultsdb_db_name: resultsdb
resultsdb_db_password: "{{ prod_resultsdb_db_password }}"
resultsdb_db_port: 5432
resultsdb_db_user: "{{ prod_resultsdb_db_user }}"
resultsdb_endpoint: 'resultsdb_api'
############################################################
# resultsdb-frontend details
############################################################
resultsdb_fe_endpoint: "resultsdb"
resultsdb_frontend_secret_key: "{{ prod_resultsdb_frontend_secret_key }}"
resultsdb_secret_key: "{{ prod_resultsdb_secret_key }}"
tcp_ports: [80, 443, "{{ resultsdb_db_port }}"]
vpn: true

68
inventory/group_vars/resultsdb_stg
View file

@ -1,68 +0,0 @@
---
############################################################
# general information
############################################################
allowed_hosts:
- 10.3.160.0/19
deployment_type: stg
execdb_db_host: "{{ execdb_db_host_machine }}"
############################################################
# execdb details
############################################################
execdb_db_host_machine: db-qa01.qa.fedoraproject.org
execdb_db_name: execdb_stg
execdb_db_password: "{{ stg_execdb_db_password }}"
execdb_db_port: 5432
execdb_db_user: "{{ stg_execdb_db_user }}"
execdb_endpoint: 'execdb'
execdb_secret_key: "{{ stg_execdb_secret_key }}"
external_hostname: taskotron.stg.fedoraproject.org
############################################################
# fedmsg details
############################################################
fedmsg_active: True
fedmsg_cert_prefix: resultsdb
fedmsg_certs:
- can_send:
- logger.log
group: sysadmin
owner: root
service: shell
- can_send:
- taskotron.result.new
- resultsdb.result.new
group: apache
owner: root
service: resultsdb
# make sure we're using the stg fedsmg bus
fedmsg_env: stg
freezes: false
ipa_client_shell_groups:
- fi-apprentice
- sysadmin-noc
- sysadmin-qa
- sysadmin-veteran
ipa_client_sudo_groups:
- sysadmin-qa
ipa_host_group: resultsdb
ipa_host_group_desc: ResultsDB application servers
resultsdb_db_host: "{{ resultsdb_db_host_machine }}"
############################################################
# resultsdb details
############################################################
# the db_host_machine bits are so that delegation continues to work, even if
# that db is localhost relative to resultsdb
resultsdb_db_host_machine: db01.stg.iad2.fedoraproject.org
resultsdb_db_name: resultsdb_stg
resultsdb_db_password: "{{ stg_resultsdb_db_password }}"
resultsdb_db_port: 5432
resultsdb_db_user: "{{ stg_resultsdb_db_user }}"
resultsdb_endpoint: 'resultsdb_api'
############################################################
# resultsdb-frontend details
############################################################
resultsdb_fe_endpoint: "resultsdb"
resultsdb_frontend_secret_key: "{{ stg_resultsdb_frontend_secret_key }}"
resultsdb_secret_key: "{{ stg_resultsdb_secret_key }}"
tcp_ports: [80, 443, "{{ resultsdb_db_port }}"]

21
inventory/host_vars/resultsdb01.iad2.fedoraproject.org
View file

@ -1,21 +0,0 @@
---
############################################################
# networking
############################################################
datacenter: iad2
eth0_ipv4_gw: 10.3.163.254
eth0_ipv4_ip: 10.3.163.89
ks_repo: http://10.3.163.35/pub/fedora/linux/releases/31/Server/x86_64/os/
############################################################
# install
############################################################
ks_url: http://10.3.163.35/repo/rhel/ks/kvm-fedora-31-iad2
############################################################
# virtual machine
############################################################
lvm_size: 50000
mem_size: 16384
num_cpus: 4
sudoers: "{{ private }}/files/sudo/qavirt-sudoers"
vmhost: vmhost-x86-05.iad2.fedoraproject.org
volgroup: /dev/vg_guests

20
inventory/host_vars/resultsdb01.stg.iad2.fedoraproject.org
View file

@ -1,20 +0,0 @@
---
############################################################
# networking
############################################################
datacenter: iad2
eth0_ipv4_gw: 10.3.166.254
eth0_ipv4_ip: 10.3.166.36
ks_repo: http://10.3.163.35/pub/fedora/linux/releases/31/Server/x86_64/os/
############################################################
# install
############################################################
ks_url: http://10.3.163.35/repo/rhel/ks/kvm-fedora-31-iad2
############################################################
# virtual machine
############################################################
lvm_size: 50000
mem_size: 16384
num_cpus: 4
vmhost: vmhost-x86-05.stg.iad2.fedoraproject.org
volgroup: /dev/vg_guests

10
inventory/inventory
View file

@ -601,16 +601,6 @@ openqa01.iad2.fedoraproject.org
[testcase_stats]
openqa01.iad2.fedoraproject.org
[resultsdb:children]
resultsdb_stg
resultsdb_prod
[resultsdb_stg]
resultsdb01.stg.iad2.fedoraproject.org
[resultsdb_prod]
resultsdb01.iad2.fedoraproject.org
[smtp_mm]
smtp-mm-ib01.fedoraproject.org
smtp-mm-osuosl01.fedoraproject.org

113
playbooks/groups/resultsdb.yml
View file

@ -1,113 +0,0 @@
---
# create a new resultsdb production server
# NOTE: make sure there is room/space for this server on the vmhost
# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=resultsdb_dev:resultsdb_stg:resultsdb_prod"
- name: make the box be real
hosts: resultsdb_stg:resultsdb_prod
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
pre_tasks:
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
roles:
- { role: base, tags: ['base'] }
- { role: rkhunter, tags: ['rkhunter'] }
- { role: nagios_client, tags: ['nagios_client'] }
- { role: hosts, tags: ['hosts']}
- { role: openvpn/client,
when: deployment_type == "prod" }
- ipa/client
- { role: collectd/base, tags: ['collectd_base'] }
- { role: sudo, tags: ['sudo'] }
- apache
- fedmsg/base
- { role: dnf-automatic, tags: ['dnfautomatic'] }
# Set up for fedora-messaging
- { role: rabbit/user,
username: "resultsdb{{ env_suffix }}"}
- role: rabbit/queue
username: "resultsdb{{ env_suffix }}"
queue_name: "resultsdb{{ env_suffix }}_ci_listener"
routing_keys:
- "org.centos.prod.ci.pipeline.allpackages-build.complete"
- "org.centos.prod.ci.pipeline.allpackages-build.image.complete"
- "org.centos.prod.ci.pipeline.allpackages-build.package.test.functional.complete"
- "org.centos.prod.ci.pipeline.allpackages-build.package.complete"
- "org.centos.prod.ci.pipeline.allpackages-build.package.ignored"
- "org.centos.prod.ci.koji-build.test.queued"
- "org.centos.prod.ci.koji-build.test.running"
- "org.centos.prod.ci.koji-build.test.complete"
- "org.centos.prod.ci.koji-build.test.error"
when: deployment_type == "prod"
thresholds:
warning: 10
critical: 100
tags:
- rabbit/queue
- role: rabbit/queue
username: "resultsdb{{ env_suffix }}"
queue_name: "resultsdb{{ env_suffix }}_ci_listener"
routing_keys:
- "org.centos.*.ci.pipeline.allpackages-build.complete"
- "org.centos.*.ci.pipeline.allpackages-build.image.complete"
- "org.centos.*.ci.pipeline.allpackages-build.package.test.functional.complete"
- "org.centos.*.ci.pipeline.allpackages-build.package.complete"
- "org.centos.*.ci.pipeline.allpackages-build.package.ignored"
- "org.centos.*.ci.koji-build.test.queued"
- "org.centos.*.ci.koji-build.test.running"
- "org.centos.*.ci.koji-build.test.complete"
- "org.centos.*.ci.koji-build.test.error"
when: deployment_type == "stg"
tags:
- rabbit/queue
tasks:
# this is how you include other task lists
- import_tasks: "{{ tasks_path }}/motd.yml"
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
- name: configure resultsdb production
hosts: resultsdb_stg:resultsdb_prod
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- { role: taskotron/resultsdb-fedmsg, tags: ['resultsdb-fedmsg'], when: deployment_type == "prod"}
- { role: taskotron/resultsdb-backend, tags: ['resultsdb-be'] }
- { role: taskotron/resultsdb-frontend, tags: ['resultsdb-fe'] }
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
- name: Install ci-resultsdb-listener
hosts: resultsdb_stg:resultsdb_prod
user: root
gather_facts: True
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- { role: ci_resultsdb, tags: ['ci_resultsdb'] }

4
roles/bodhi2/base/templates/production.ini.j2
View file

@ -100,8 +100,8 @@ wiki_url = https://{{env_prefix}}fedoraproject.org/w/api.php
test_case_base_url = https://{{env_prefix}}fedoraproject.org/wiki/
# URL of the resultsdb for integrating checks and stuff
# resultsdb_api_url = https://taskotron.fedoraproject.org/resultsdb_api/
resultsdb_url = https://taskotron{{env_suffix}}.fedoraproject.org/resultsdb/
resultsdb_api_url = https://resultdb{{env_suffix}}.fedoraproject.org/
resultsdb_url = https://resultsdb{{env_suffix}}.fedoraproject.org/results/
# Set this to True to enable gating based on policies enforced by Greenwave. If you set this to
# True, be sure to have celery-beat enabled in one of the Celery workers.

2
roles/ci_resultsdb/files/restart-on-fail.conf
View file

@ -1,2 +0,0 @@
[Service]
Restart=on-failure

50
roles/ci_resultsdb/tasks/main.yml
View file

@ -1,50 +0,0 @@
---
- name: install ci_resultsdb's
package: name={{ item }} state=present
with_items:
- python-ci-resultsdb-listener
- fedora-messaging
tags:
- packages
- name: make systemd drop-in override dir
file: name=/etc/systemd/system/httpd.service.d
state=directory
recurse=yes
owner=root group=root
tags:
- config
- name: override httpd service to restart on failure
copy: dest=/etc/systemd/system/httpd.service.d/restart-on-fail.conf
src=restart-on-fail.conf
notify:
- reload systemd
- reload httpd
tags:
- config
- name: Create /etc/ci-resultsdb-listener/
file: name=/etc/ci-resultsdb-listener/
state=directory
recurse=yes
owner=root group=root
tags:
- config
- name: generate ci-resultsdb config files
template: src={{ item.file }}
dest={{ item.location }}/{{ item.file }}
owner=root group=root mode=0644
with_items:
- { file: listener.cfg, location: /etc/ci-resultsdb-listener/}
- { file: config.toml, location: /etc/fedora-messaging/}
notify:
- reload httpd
tags:
- config
- name: Start and enable the fedora-messaging service
service: name={{ item }} enabled=yes state=started
with_items:
- fm-consumer@config.service

96
roles/ci_resultsdb/templates/config.toml
View file

@ -1,96 +0,0 @@
# A sample configuration for fedora-messaging. This file is in the TOML format.
# For complete details on all configuration options, see the documentation
# https://fedora-messaging.readthedocs.io/en/latest/configuration.html.
amqp_url = "amqps://resultsdb{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub"
{% if env == "staging" %}
topic_prefix = "org.fedoraproject.stg"
{% else %}
topic_prefix = "org.fedoraproject.prod"
{% endif %}
publish_exchange = "amq.topic"
passive_declares = true
callback = "resultsdb_listener.consumer:Consumer"
[queues."resultsdb{{ env_suffix }}_ci_listener"]
durable = true
auto_delete = false
exclusive = true
arguments = {}
# Note the double brackets below.
# To add another binding, add another [[bindings]] section.
[[bindings]]
queue = "resultsdb{{ env_suffix }}_ci_listener"
exchange = "amq.topic"
routing_keys = [
'org.centos.prod.ci.pipeline.allpackages-build.complete',
'org.centos.prod.ci.pipeline.allpackages-build.image.complete',
'org.centos.prod.ci.pipeline.allpackages-build.package.test.functional.complete',
'org.centos.prod.ci.pipeline.allpackages-build.package.complete',
'org.centos.prod.ci.pipeline.allpackages-build.package.ignored',
'org.centos.prod.ci.koji-build.test.queued',
'org.centos.prod.ci.koji-build.test.running',
'org.centos.prod.ci.koji-build.test.complete',
'org.centos.prod.ci.koji-build.test.error',
{% if env == "staging" -%}
'org.centos.stage.ci.pipeline.allpackages-build.complete',
'org.centos.stage.ci.pipeline.allpackages-build.image.complete',
'org.centos.stage.ci.pipeline.allpackages-build.package.test.functional.complete',
'org.centos.stage.ci.pipeline.allpackages-build.package.complete',
'org.centos.stage.ci.pipeline.allpackages-build.package.ignored',
'org.centos.stage.ci.koji-build.test.queued',
'org.centos.stage.ci.koji-build.test.running',
'org.centos.stage.ci.koji-build.test.complete',
'org.centos.stage.ci.koji-build.test.error',
{%- endif %}
]
[tls]
ca_cert = "/etc/pki/rabbitmq/resultsdb.ca"
keyfile = "/etc/pki/rabbitmq/resultsdb.key"
certfile = "/etc/pki/rabbitmq/resultsdb.crt"
[client_properties]
app = "resultsdb_listener"
# Some suggested extra fields:
# URL of the project that provides this consumer
app_url = "https://pagure.io/ci-resultsdb-listener/"
# Contact emails for the maintainer(s) of the consumer - in case the
# broker admin needs to contact them, for e.g.
app_contacts_email = ["pingou@fedoraproject.org"]
[qos]
prefetch_size = 0
prefetch_count = 25
[log_config]
version = 1
disable_existing_loggers = true
[log_config.formatters.simple]
format = "[%(name)s %(levelname)s] %(message)s"
[log_config.handlers.console]
class = "logging.StreamHandler"
formatter = "simple"
stream = "ext://sys.stdout"
[log_config.loggers.fedora_messaging]
level = "INFO"
propagate = false
handlers = ["console"]
[log_config.loggers.resultsdb_listener]
level = "DEBUG"
propagate = false
handlers = ["console"]
[log_config.root]
level = "WARNING"
handlers = ["console"]

6
roles/ci_resultsdb/templates/listener.cfg
View file

@ -1,6 +0,0 @@
[general]
datagrepper_url = https://apps.fedoraproject.org/datagrepper/raw
[sender]
sender_type = ResultsdbSender
resultsdb_url = http://127.0.0.1/resultsdb_api/api/v2.0/

4
roles/distgit/pagure/templates/pagure.cfg
View file

@ -243,11 +243,11 @@ REQUIRED_GROUPS = {
}
{% if env == 'staging' %}
RESULTSDB_URL = 'https://taskotron.stg.fedoraproject.org/resultsdb_api/'
RESULTSDB_URL = 'https://resultsdb.stg.fedoraproject.org/'
FAS_URL = 'https://accounts.stg.fedoraproject.org'
FAS_OPENID_ENDPOINT = 'https://id.stg.fedoraproject.org/openid/'
{% else %}
RESULTSDB_URL = 'https://taskotron.fedoraproject.org/resultsdb_api/'
RESULTSDB_URL = 'https://resultsdb.fedoraproject.org/'
FAS_URL = 'https://accounts.fedoraproject.org'
{% endif %}

2
roles/taskotron/resultsdb-backend/defaults/main.yml
View file

@ -1,2 +0,0 @@
---
extra_enablerepos: ''

112
roles/taskotron/resultsdb-backend/tasks/main.yml
View file

@ -1,112 +0,0 @@
---
- name: start httpd (provided in the apache role)
service: name=httpd state=started
- name: ensure packages required for resultsdb are installed (yum - required for testdays)
package:
state: present
name:
- resultsdb
- mod_wsgi
- python-psycopg2
- libsemanage-python
when: ansible_distribution_major_version|int <= 7 and ansible_distribution == 'RedHat'
- name: ensure packages required for resultsdb are installed (dnf)
dnf: name={{ item }} state=present
with_items:
- resultsdb
- python3-mod_wsgi
- python3-psycopg2
- python3-libsemanage
- logrotate
when: ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora' and ansible_cmdline.ostree is not defined
- name: ensure packages required for resultsdb are installed (dnf)
dnf: name={{ item }} state=present
with_items:
- resultsdb
- python3-mod_wsgi
- python3-psycopg2
- python2-libsemanage
when: ansible_distribution_major_version|int > 7 and ansible_distribution == 'RedHat' and ansible_cmdline.ostree is not defined
- name: ensure database is created
delegate_to: "{{ resultsdb_db_host_machine }}"
become_user: postgres
become: true
postgresql_db: db={{ resultsdb_db_name }}
- name: ensure resultsdb db user has access to database
delegate_to: "{{ resultsdb_db_host_machine }}"
become_user: postgres
become: true
postgresql_user: db={{ resultsdb_db_name }} user={{ resultsdb_db_user }} password={{ resultsdb_db_password }} role_attr_flags=NOSUPERUSER
- name: ensure selinux lets httpd talk to postgres
seboolean: name=httpd_can_network_connect_db persistent=yes state=yes
- name: ensure selinux lets fedora-messaging emit messages
seboolean: name=httpd_execmem persistent=yes state=yes
- name: generate resultsdb config
template: src=settings.py.j2 dest=/etc/resultsdb/settings.py owner=root group=root mode=0644
notify:
- reload httpd
- name: generate resultsdb apache config
template: src=resultsdb.conf.j2 dest=/etc/httpd/conf.d/resultsdb.conf owner=root group=root mode=0644
notify:
- reload httpd
- name: create directory for fedora-messaging
file:
path: "{{ item }}"
owner: root
group: root
mode: 0755
state: directory
with_items:
- "/etc/pki/rabbitmq/"
- "/etc/fedora-messaging"
tags:
- fedora-messaging
- name: copy fedora-messaging certificates
copy:
src: "{{ item.src }}"
dest: "/etc/pki/rabbitmq/{{ item.dest }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
mode: "{{ item.mode }}"
with_items:
- src: "{{private}}/files/rabbitmq/{{env}}/pki/issued/resultsdb{{ env_suffix }}.crt"
dest: resultsdb.crt
owner: root
group: apache
mode: "444"
- src: "{{private}}/files/rabbitmq/{{env}}/pki/private/resultsdb{{ env_suffix }}.key"
dest: resultsdb.key
owner: root
group: apache
mode: "440"
- src: "{{private}}/files/rabbitmq/{{env}}/pki/ca.crt"
dest: resultsdb.ca
owner: root
group: apache
mode: "444"
tags:
- fedora-messaging
- name: generate fedora-messaging config
template: src=config.toml.j2 dest=/etc/fedora-messaging/config.toml owner=root group=root mode=0644
notify:
- reload httpd
tags:
- fedora-messaging
# this command will clear the exising database and it's now being run every time, regardless of whether
# /etc/resultsdb-is-init exists or not. We've already lost a lot of data, so commenting this command out
# while we figure out how to handle the problem
#- name: initialize resultsdb database
# shell: PROD='true' resultsdb init_db && touch /etc/resultsdb/db-is-init creates=/etc/resultsdb-is-init

19
roles/taskotron/resultsdb-backend/templates/config.toml.j2
View file

@ -1,19 +0,0 @@
# Configuration for fedora-messaging. This file is in the TOML format.
# For complete details on all configuration options, see the documentation.
{% if ansible_hostname == "resultsdb01.iad2.fedoraproject.org" %}
amqp_url = "amqps://resultsdb{{ env_suffix }}:@rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org/%2Fpubsub"
{% else %}
amqp_url = "amqps://resultsdb{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub"
{% endif %}
{% if env == "staging" %}
topic_prefix = "org.fedoraproject.stg"
{% else %}
topic_prefix = "org.fedoraproject.prod"
{% endif %}
[tls]
ca_cert = "/etc/pki/rabbitmq/resultsdb.ca"
keyfile = "/etc/pki/rabbitmq/resultsdb.key"
certfile = "/etc/pki/rabbitmq/resultsdb.crt"

38
roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2
View file

@ -1,38 +0,0 @@
{% if deployment_type in ['stg', 'prod'] %}
WSGIDaemonProcess resultsdb user=apache group=apache threads=20 processes=4
{% else %}
WSGIDaemonProcess resultsdb user=apache group=apache threads=5
{% endif %}
WSGIScriptAlias /{{ resultsdb_endpoint }} /usr/share/resultsdb/resultsdb.wsgi
WSGISocketPrefix run/wsgi
# this isn't the best way to force SSL but it works for now
#RewriteEngine On
#RewriteCond %{HTTPS} !=on
#RewriteRule ^/resultsdb/admin/?(.*) https://%{SERVER_NAME}/$1 [R,L]
<Directory /usr/share/resultsdb>
WSGIProcessGroup resultsdb
WSGIApplicationGroup %{GLOBAL}
WSGIScriptReloading On
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require method GET
Require ip 127.0.0.1 ::1{% for host in allowed_hosts %} {{ host }}{% endfor %}
</RequireAny>
</IfModule>
<IfModule !mod_auth_core.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>
#Alias /resultsdb/static /var/www/resultsdb/resultsdb/static
#<Directory /var/www/resultsdb/resultsdb/static>
#Order allow,deny
#Allow from all
#</Directory>

26
roles/taskotron/resultsdb-backend/templates/settings.py.j2
View file

@ -1,26 +0,0 @@
SECRET_KEY = '{{ resultsdb_secret_key }}'
SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://{{ resultsdb_db_user }}:{{ resultsdb_db_password }}@{{ resultsdb_db_host }}:{{ resultsdb_db_port }}/{{ resultsdb_db_name }}'
FILE_LOGGING = False
LOGFILE = '/var/log/resultsdb/resultsdb.log'
SYSLOG_LOGGING = False
STREAM_LOGGING = True
{% if deployment_type in ['local', 'dev']%}
MESSAGE_BUS_PUBLISH = False
MESSAGE_BUS_PUBLISH_TASKOTRON = False
{% else %}
MESSAGE_BUS_PUBLISH = True
MESSAGE_BUS_PUBLISH_TASKOTRON = True
{% endif %}
MESSAGE_BUS_PLUGIN = 'fedmsg'
MESSAGE_BUS_KWARGS = {'modname': 'resultsdb'}
{% if deployment_type in ['local'] %}
# This is for the Testdays deployment
MESSAGE_BUS_PLUGIN = 'dummy'
{% endif %}
# Extend the list of allowed outcomes
# See: https://pagure.io/task-abicheck/issue/19
ADDITIONAL_RESULT_OUTCOMES = ('CRASHED', )

2
roles/taskotron/resultsdb-fedmsg/tasks/main.yml
View file

@ -1,2 +0,0 @@
- name: ensure selinux lets httpd talk to the fedmsg-relay
seboolean: name=httpd_can_network_connect persistent=yes state=yes

2
roles/taskotron/resultsdb-frontend/defaults/main.yml
View file

@ -1,2 +0,0 @@
---
extra_enablerepos: ''

38
roles/taskotron/resultsdb-frontend/tasks/main.yml
View file

@ -1,38 +0,0 @@
---
- name: start httpd (provided in the apache role)
service: name=httpd state=started
- name: ensure packages required for resultsdb_frontend are installed (yum - required for testdays)
package:
state: present
name:
- resultsdb_frontend
- mod_wsgi
when: ansible_distribution_major_version|int <= 7 and ansible_distribution == 'RedHat'
- name: ensure packages required for resultsdb_frontend are installed (dnf)
dnf: name={{ item }} state=present
with_items:
- resultsdb_frontend
- python3-mod_wsgi
when: ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora' and ansible_cmdline.ostree is not defined
- name: ensure packages required for resultsdb_frontend are installed (dnf)
dnf: name={{ item }} state=present
with_items:
- resultsdb_frontend
- python3-mod_wsgi
when: ansible_distribution_major_version|int > 7 and ansible_distribution == 'RedHat' and ansible_cmdline.ostree is not defined
- name: ensure selinux lets httpd talk to the network
seboolean: name=httpd_can_network_connect persistent=yes state=yes
- name: generate resultsdb_frontend config
template: src=settings.py.j2 dest=/etc/resultsdb_frontend/settings.py owner=root group=root mode=0644
notify:
- reload httpd
- name: generate resultsdb_frontend apache config
template: src=resultsdb_frontend.conf.j2 dest=/etc/httpd/conf.d/resultsdb_frontend.conf owner=root group=root mode=0644
notify:
- reload httpd

35
roles/taskotron/resultsdb-frontend/templates/resultsdb_frontend.conf.j2
View file

@ -1,35 +0,0 @@
{% if deployment_type in ['stg', 'prod'] %}
WSGIDaemonProcess resultsdb_frontend user=apache group=apache threads=20 processes=4
{% else %}
WSGIDaemonProcess resultsdb_frontend user=apache group=apache threads=5
{% endif %}
WSGIScriptAlias /{{ resultsdb_fe_endpoint }} /usr/share/resultsdb_frontend/resultsdb_frontend.wsgi
WSGISocketPrefix run/wsgi
# this isn't the best way to force SSL but it works for now
#RewriteEngine On
#RewriteCond %{HTTPS} !=on
#RewriteRule ^/resultsdb_frontend/admin/?(.*) https://%{SERVER_NAME}/$1 [R,L]
<Directory /usr/share/resultsdb_frontend>
WSGIProcessGroup resultsdb_frontend
WSGIApplicationGroup %{GLOBAL}
WSGIScriptReloading On
<IfModule mod_authz_core.c>
# Apache 2.4
Require all granted
</IfModule>
<IfModule !mod_auth_core.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>
#Alias /resultsdb_frontend/static /var/www/resultsdb_frontend/resultsdb_frontend/static
#<Directory /var/www/resultsdb_frontend/resultsdb_frontend/static>
#Order allow,deny
#Allow from all
#</Directory>

9
roles/taskotron/resultsdb-frontend/templates/settings.py.j2
View file

@ -1,9 +0,0 @@
# while you can use this as a template, we recommend that you use the blockerbugs
# cli to generate a config file
RDB_URL = 'http://127.0.0.1/{{ resultsdb_endpoint }}/api/v2.0'
SECRET_KEY = '{{ resultsdb_frontend_secret_key }}'
FILE_LOGGING = False
LOGFILE = '/var/log/resultsdb_frontend/resultsdb_frontend.log'
SYSLOG_LOGGING = False
STREAM_LOGGING = True