A stab at summershum deployment.

2014-02-19 17:25:50 +00:00 · 2014-02-19 17:25:50 +00:00 · d903e76839
commit d903e76839
parent b7060c4f29
14 changed files with 250 additions and 0 deletions
--- a/files/hosts/summershum01.phx2.fedoraproject.org-hosts
+++ b/files/hosts/summershum01.phx2.fedoraproject.org-hosts
@ -0,0 +1,5 @@
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
 10.5.126.52     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
 10.5.126.23     infrastructure.fedoraproject.org
 10.5.126.71     db-summershum       db-summershum
--- a/files/hosts/summershum01.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/summershum01.stg.phx2.fedoraproject.org-hosts
@ -0,0 +1,11 @@
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
 10.5.126.89     admin.fedoraproject.org
 10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
 10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
 10.5.126.23     infrastructure.fedoraproject.org
 10.5.126.81     memcached03 memcached03.stg app01 app01.stg
 10.5.126.85     db-summershum       db-summershum
--- a/inventory/group_vars/summershum
+++ b/inventory/group_vars/summershum
@ -0,0 +1,21 @@
 ---
 # Define resources for this group of hosts here. 
 lvm_size: 20000
 mem_size: 1024
 num_cpus: 2
 # for systems that do not match the above - specify the same parameter in
 # the host_vars/$hostname file
 tcp_ports: [ 3000 ]
 fas_client_groups: sysadmin-noc,sysadmin-badges
 # These are consumed by a task in roles/fedmsg_base/main.yml
 fedmsg_certs:
 - service: shell
  owner: root
  group: sysadmin
 - service: summershum
  owner: root
  group: fedmsg
--- a/inventory/group_vars/summershum-stg
+++ b/inventory/group_vars/summershum-stg
@ -0,0 +1,21 @@
 ---
 # Define resources for this group of hosts here. 
 lvm_size: 20000
 mem_size: 1024
 num_cpus: 2
 # for systems that do not match the above - specify the same parameter in
 # the host_vars/$hostname file
 tcp_ports: [ 3000 ]
 fas_client_groups: sysadmin-noc,sysadmin-badges
 # These are consumed by a task in roles/fedmsg_base/main.yml
 fedmsg_certs:
 - service: shell
  owner: root
  group: sysadmin
 - service: summershum
  owner: root
  group: fedmsg
--- a/inventory/host_vars/summershum01.phx2.fedoraproject.org
+++ b/inventory/host_vars/summershum01.phx2.fedoraproject.org
@ -0,0 +1,14 @@
 ---
 nm: 255.255.255.0
 gw: 10.5.126.254
 dns: 10.5.126.21
 ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6
 ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/
 eth0_ip: 10.5.126.205
 volgroup: /dev/vg_virthost01
 vmhost: virthost01.phx2.fedoraproject.org
 datacenter: phx2
--- a/inventory/host_vars/summershum01.stg.phx2.fedoraproject.org
+++ b/inventory/host_vars/summershum01.stg.phx2.fedoraproject.org
@ -0,0 +1,14 @@
 ---
 nm: 255.255.255.0
 gw: 10.5.126.254
 dns: 10.5.126.21
 ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6
 ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/
 eth0_ip: 10.5.126.209
 volgroup: /dev/vg_virthost10
 vmhost: virthost10.phx2.fedoraproject.org
 datacenter: phx2
--- a/inventory/inventory
+++ b/inventory/inventory
@ -379,8 +379,15 @@ paste01.stg.phx2.fedoraproject.org
 pkgs01.stg.phx2.fedoraproject.org
 proxy01.stg.phx2.fedoraproject.org
 releng01.stg.phx2.fedoraproject.org
 summershum01.stg.phx2.fedoraproject.org
 value01.stg.phx2.fedoraproject.org
 [summershum]
 summershum01.phx2.fedoraproject.org
 [summershum-stg]
 summershum01.stg.phx2.fedoraproject.org
 [taskotron]
 taskotron-dev01.qa.fedoraproject.org
--- a/playbooks/groups/summershum.yml
+++ b/playbooks/groups/summershum.yml
@ -0,0 +1,69 @@
 # create a new summershum server
 # NOTE: should be used with --limit most of the time
 # NOTE: make sure there is room/space for this server on the vmhost
 # NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars
 - name: make summershum server
  hosts: summershum;summershum-stg
  user: root
  gather_facts: False
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
   - "{{ private }}/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
  tasks:
  - include: "{{ tasks }}/virt_instance_create.yml"
  - include: "{{ tasks }}/accelerate_prep.yml"
  handlers:
  - include: "{{ handlers }}/restart_services.yml"
 - name: dole out the generic configuration
  hosts: summershum;summershum-stg
  user: root
  gather_facts: True
  accelerate: True
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
   - "{{ private }}/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
  roles:
  - base
  - rkhunter
  - denyhosts
  - nagios_client
  - fas_client
  - fedmsg_base
  tasks:
  - include: "{{ tasks }}/hosts.yml"
  - include: "{{ tasks }}/yumrepos.yml"
  - include: "{{ tasks }}/2fa_client.yml"
  - include: "{{ tasks }}/motd.yml"
  - include: "{{ tasks }}/sudo.yml"
  # The proxies don't actually need to talk to these hosts so we won't bother
  # putting them on the vpn.
  #- include: "{{ tasks }}/openvpn_client.yml"
  #  when: env != "staging"
  handlers:
  - include: "{{ handlers }}/restart_services.yml"
 - name: dole out the service-specific config
  hosts: summershum;summershum-stg
  user: root
  gather_facts: True
  accelerate: True
  roles:
  - fedmsg-hub
  - summershum
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
   - "{{ private }}/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
--- a/roles/fedmsg_base/tasks/main.yml
+++ b/roles/fedmsg_base/tasks/main.yml
@ -6,6 +6,7 @@
  yum: pkg={{ item }} state=installed
  with_items:
  - fedmsg
  - libsemanage-python
  tags:
  - packages
@ -23,6 +24,7 @@
  - endpoints-fedbadges.py
  - endpoints-nuancier.py
  - endpoints-mailman.py
  - endpoints-summershum.py
  - relay.py
  - pkgdb.py
  - logging.py
--- a/roles/fedmsg_base/templates/endpoints-summershum.py.j2
+++ b/roles/fedmsg_base/templates/endpoints-summershum.py.j2
@ -0,0 +1,13 @@
 {% if env == 'staging' %}
 suffix  = 'stg.phx2.fedoraproject.org'
 {% else %}
 suffix = 'phx2.fedoraproject.org'
 {% endif %}
 config = dict(
    endpoints={
        "summershum.summershum01": [
            "tcp://summershum01.%s:3000" % suffix,
        ],
    },
 )
--- a/roles/fedmsg_base/templates/ssl.py.j2
+++ b/roles/fedmsg_base/templates/ssl.py.j2
@ -119,6 +119,9 @@ config = dict(
        ("fedbadges.badges-backend01", "fedbadges-badges-backend01.%s" % suffix),
        ("shell.badges-backend01", "shell-badges-backend01.%s" % suffix),
        ("summershum.summershum01", "summershum-summershum01.%s" % suffix),
        ("shell.summershum01", "shell-summershum01.%s" % suffix),
        ("tahrir.badges-web01", "tahrir-badges-web01.%s" % suffix),
        ("shell.badges-web01", "shell-badges-web01.%s" % suffix),
        ("tahrir.badges-web02", "tahrir-badges-web02.%s" % suffix),
--- a/roles/summershum/files/patched-fedmsg-hub
+++ b/roles/summershum/files/patched-fedmsg-hub
@ -0,0 +1,16 @@
 #!/usr/bin/python
 # This file is managed by ansible.
 #
 # Its like "permanent hotfix" so that the fedmsg-hub loads
 # the forward-compat sqlalchemy.
 #
 __requires__ = ['fedmsg', "sqlalchemy>=0.8"]
 import sys
 from pkg_resources import load_entry_point
 if __name__ == '__main__':
    sys.exit(
        load_entry_point('fedmsg', 'console_scripts', 'fedmsg-hub')()
    )
--- a/roles/summershum/tasks/main.yml
+++ b/roles/summershum/tasks/main.yml
@ -0,0 +1,37 @@
 ---
 # Configuration for the summershum consumer
 - name: install needed packages
  yum: pkg={{ item }} state=installed
  with_items:
  - python-summershum
  - python-psycopg2
 - name: ensure summershum has a place to unpack files
  file: >
    dest=/var/cache/summershum
    state=directory
    mode=0755
    owner=fedmsg
    group=fedmsg
 - name: copy database configuration
  template: >
    src={{ item }} dest=/etc/fedmsg.d/{{ item }}
    owner=fedmsg group=fedmsg mode=0600
  with_items:
  - summershum.py
  notify:
  - restart fedmsg-hub
 # Here I'm "permanently" hotfixing the fedmsg-hub
 # It needs to load the forward-compat sqlalchemy0.7 package from the get-go.
 - name: copy over patched fedmsg-hub
  copy: >
    src=patched-fedmsg-hub dest=/usr/bin/fedmsg-hub
    owner=root group=root mode=0755
  tags:
  - patches
  - hotfix
  notify:
  - restart fedmsg-hub
--- a/roles/summershum/templates/summershum.py
+++ b/roles/summershum/templates/summershum.py
@ -0,0 +1,17 @@
 config = {
    # This is just a key to tell the fedmsg-hub to initialize us.
    'summershum.enabled': True,
    'summershum.sqlalchemy.url': 'postgresql://{{summershum_db_user}}:{{summershum_db_password}}@db-summershum/summershum',
    'summershum.lookaside': 'http://pkgs.fedoraproject.org/lookaside/pkgs/',
    'summershum.datagrepper': 'https://apps.fedoraproject.org/datagrepper/',
    'logging': {
        'loggers': {
            'summershum': {
                'handlers': ['console'],
                'level': 'DEBUG',
                'propagate': False
            },
        },
    },
 }