Drop freshmaker (#8321)

inventory/group_vars/freshmaker_backend

@@ -1,47 +0,0 @@
----
-lvm_size: 20000
-mem_size: 4096
-num_cpus: 2
-
-# Set this to True for the F28 release and onwards.
-freezes: false
-
-tcp_ports: [ 3000, 3001, 3002, 3003,
-             3004, 3005, 3006, 3007 ]
-
-# These people get told when something goes wrong.
-fedmsg_error_recipients:
-- ralph@fedoraproject.org
-- jkaluza@fedoraproject.org
-- cqi@fedoraproject.org
-- qwan@fedoraproject.org
-
-# Neeed for rsync from log01 for logs.
-custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
-
-fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs,sysadmin-veteran
-
-# These are consumed by a task in roles/fedmsg/base/main.yml
-fedmsg_certs:
-- service: freshmaker
-  owner: fedmsg
-  group: fedmsg
-  can_send: []
-
-# For the MOTD
-csi_security_category: High
-csi_primary_contact: Factory 2 factory2-members@fedoraproject.org
-csi_purpose: Run the on-demand-compose-service backend scheduler.
-csi_relationship: |
-    The freshmaker backend runs as a fedmsg-hub process here.
-    
-    It listens to events from fedmsg and requests rebuilds of compound
-    artifacts, mediated by some policy in the config.
-
-    This host:
-    
-    - relies on db01 for its database of activity (what has been rebuilt?)
-    - Will need access to commit to the modules namespace of dist-git.
-    - Will need token-based access to ODCS to request repos.
-    - Will need token-based access to MBS to request module builds.
-    - Will need a kerberos principle to request container builds from koji/osbs.

inventory/group_vars/freshmaker_backend_stg

@@ -1,47 +0,0 @@
----
-lvm_size: 20000
-mem_size: 2048
-num_cpus: 2
-
-# Set this to True for the F28 release and onwards.
-freezes: false
-
-tcp_ports: [ 3000, 3001, 3002, 3003,
-             3004, 3005, 3006, 3007 ]
-
-# These people get told when something goes wrong.
-fedmsg_error_recipients:
-- ralph@fedoraproject.org
-- jkaluza@fedoraproject.org
-- cqi@fedoraproject.org
-- qwan@fedoraproject.org
-
-# Neeed for rsync from log01 for logs.
-custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
-
-fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs,sysadmin-veteran
-
-# These are consumed by a task in roles/fedmsg/base/main.yml
-fedmsg_certs:
-- service: freshmaker
-  owner: fedmsg
-  group: fedmsg
-  can_send: []
-
-# For the MOTD
-csi_security_category: High
-csi_primary_contact: Factory 2 factory2-members@fedoraproject.org
-csi_purpose: Run the on-demand-compose-service backend scheduler.
-csi_relationship: |
-    The freshmaker backend runs as a fedmsg-hub process here.
-    
-    It listens to events from fedmsg and requests rebuilds of compound
-    artifacts, mediated by some policy in the config.
-
-    This host:
-    
-    - relies on db01 for its database of activity (what has been rebuilt?)
-    - Will need access to commit to the modules namespace of dist-git.
-    - Will need token-based access to ODCS to request repos.
-    - Will need token-based access to MBS to request module builds.
-    - Will need a kerberos principle to request container builds from koji/osbs.

inventory/group_vars/freshmaker_frontend

@@ -1,45 +0,0 @@
----
-lvm_size: 20000
-mem_size: 2048
-num_cpus: 2
-
-# Set this to True for the F28 release and onwards.
-freezes: false
-
-# Definining these vars has a number of effects
-# 1) mod_wsgi is configured to use the vars for its own setup
-# 2) iptables opens enough ports for all threads for fedmsg
-# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads
-wsgi_fedmsg_service: freshmaker
-wsgi_procs: 2
-wsgi_threads: 2
-
-tcp_ports: [ 80 ]
-
-# Neeed for rsync from log01 for logs.
-custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
-
-fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs,sysadmin-veteran
-
-# These are consumed by a task in roles/fedmsg/base/main.yml
-fedmsg_certs:
-- service: freshmaker
-  owner: fedmsg
-  group: fedmsg
-  can_send: []
-
-# For the MOTD
-csi_security_category: Moderate
-csi_primary_contact: Factory 2 factory2-members@fedoraproject.org
-csi_purpose: Run the freshmaker frontend API.
-csi_relationship: |
-    The apache/mod_wsgi app is the only thing really running here
-
-    It should only be used to report status on what's happening with the
-    freshmaker backend.  The freshmaker frontend doesn't receive requests for
-    activity.
-
-    This host:
-    
-    - relies on db01 for its database of activity (what rebuilds are in
-      progress, and why?)

inventory/group_vars/freshmaker_frontend_stg

@@ -1,45 +0,0 @@
----
-lvm_size: 20000
-mem_size: 2048
-num_cpus: 1
-
-# Set this to True for the F28 release and onwards.
-freezes: false
-
-# Definining these vars has a number of effects
-# 1) mod_wsgi is configured to use the vars for its own setup
-# 2) iptables opens enough ports for all threads for fedmsg
-# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads
-wsgi_fedmsg_service: freshmaker
-wsgi_procs: 2
-wsgi_threads: 2
-
-tcp_ports: [ 80 ]
-
-# Neeed for rsync from log01 for logs.
-custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
-
-fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs,sysadmin-veteran
-
-# These are consumed by a task in roles/fedmsg/base/main.yml
-fedmsg_certs:
-- service: freshmaker
-  owner: fedmsg
-  group: fedmsg
-  can_send: []
-
-# For the MOTD
-csi_security_category: Moderate
-csi_primary_contact: Factory 2 factory2-members@fedoraproject.org
-csi_purpose: Run the freshmaker frontend API.
-csi_relationship: |
-    The apache/mod_wsgi app is the only thing really running here
-
-    It should only be used to report status on what's happening with the
-    freshmaker backend.  The freshmaker frontend doesn't receive requests for
-    activity.
-
-    This host:
-    
-    - relies on db01 for its database of activity (what rebuilds are in
-      progress, and why?)

inventory/group_vars/freshmaker_stg

@@ -1,28 +0,0 @@
----
-# For app config
-freshmaker_messaging_topic_prefix:
-- org.fedoraproject.stg
-
-freshmaker_parsers:
-- freshmaker.parsers.git:GitReceiveParser
-
-freshmaker_handlers:
-- freshmaker.handlers.git:GitModuleMetadataChangeHandler
-- freshmaker.handlers.git:GitRPMSpecChangeHandler
-
-freshmaker_admins:
-  users:
-  - jkaluza
-  - cqi
-  - qwan
-  - sochotni
-  groups: []
-
-freshmaker_dry_run: True
-freshmaker_log_level: debug
-#
-#freshmaker_handler_build_whitelist:
-#  global:
-#    module:
-#    - name:
-#      - testmodule

inventory/host_vars/freshmaker-backend01.phx2.fedoraproject.org

@@ -1,14 +0,0 @@
----
-nm: 255.255.255.0
-gw: 10.5.126.254
-dns: 10.5.126.21
-
-ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
-ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
-
-eth0_ip: 10.5.126.130
-
-volgroup: /dev/vg_guests
-vmhost: virthost21.phx2.fedoraproject.org
-
-datacenter: phx2

inventory/host_vars/freshmaker-backend01.stg.phx2.fedoraproject.org

@@ -1,14 +0,0 @@
----
-nm: 255.255.255.0
-gw: 10.5.128.254
-dns: 10.5.126.21
-
-ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
-ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
-
-eth0_ip: 10.5.128.63
-
-volgroup: /dev/vg_guests
-vmhost: virthost04.stg.phx2.fedoraproject.org
-
-datacenter: phx2

inventory/host_vars/freshmaker-frontend01.phx2.fedoraproject.org

@@ -1,14 +0,0 @@
----
-nm: 255.255.255.0
-gw: 10.5.126.254
-dns: 10.5.126.21
-
-ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
-ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
-
-eth0_ip: 10.5.126.68
-
-volgroup: /dev/vg_guests
-vmhost: virthost01.phx2.fedoraproject.org
-
-datacenter: phx2

inventory/host_vars/freshmaker-frontend01.stg.phx2.fedoraproject.org

@@ -1,14 +0,0 @@
----
-nm: 255.255.255.0
-gw: 10.5.128.254
-dns: 10.5.126.21
-
-ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
-ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
-
-eth0_ip: 10.5.128.62
-
-volgroup: /dev/vg_guests
-vmhost: virthost01.stg.phx2.fedoraproject.org
-
-datacenter: phx2

inventory/inventory

@@ -67,26 +67,6 @@ repospanner-temp03.fedoraproject.org
 [certgetter]
 certgetter01.phx2.fedoraproject.org
 
-[freshmaker_frontend]
-freshmaker-frontend01.phx2.fedoraproject.org
-
-[freshmaker_frontend_stg]
-freshmaker-frontend01.stg.phx2.fedoraproject.org
-
-[freshmaker_backend]
-freshmaker-backend01.phx2.fedoraproject.org
-
-[freshmaker_backend_stg]
-freshmaker-backend01.stg.phx2.fedoraproject.org
-
-[freshmaker_stg:children]
-freshmaker_frontend_stg
-freshmaker_backend_stg
-
-[freshmaker:children]
-freshmaker_frontend
-freshmaker_backend
-
 [backup]
 backup01.phx2.fedoraproject.org
 
@@ -765,8 +745,6 @@ elections01.stg.phx2.fedoraproject.org
 #fas01.stg.phx2.fedoraproject.org
 fedimg01.stg.phx2.fedoraproject.org
 fedocal01.stg.phx2.fedoraproject.org
-freshmaker-backend01.stg.phx2.fedoraproject.org
-freshmaker-frontend01.stg.phx2.fedoraproject.org
 github2fedmsg01.stg.phx2.fedoraproject.org
 happinesspackets-stg.fedorainfracloud.org
 ipa01.stg.phx2.fedoraproject.org
@@ -962,7 +940,6 @@ badges_backend
 busgateway
 bugyou
 fedimg
-freshmaker_backend
 mbs_backend
 notifs_backend
 pdc_backend
@@ -974,7 +951,6 @@ badges_backend_stg
 busgateway_stg
 bugyou_stg
 fedimg_stg
-freshmaker_backend_stg
 mbs_backend_stg
 notifs_backend_stg
 pdc_backend_stg

master.yml

@@ -45,7 +45,6 @@
 - import_playbook: /srv/web/infra/ansible/playbooks/groups/elections.yml
 - import_playbook: /srv/web/infra/ansible/playbooks/groups/fedimg.yml
 - import_playbook: /srv/web/infra/ansible/playbooks/groups/fedocal.yml
-- import_playbook: /srv/web/infra/ansible/playbooks/groups/freshmaker.yml
 - import_playbook: /srv/web/infra/ansible/playbooks/groups/github2fedmsg.yml
 - import_playbook: /srv/web/infra/ansible/playbooks/groups/gnome-backups.yml
 - import_playbook: /srv/web/infra/ansible/playbooks/groups/ipa.yml

playbooks/groups/freshmaker.yml

@@ -1,91 +0,0 @@
-- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=freshmaker:freshmaker_stg"
-
-- name: make the box be real
-  hosts: freshmaker:freshmaker_stg
-  user: root
-  gather_facts: True
-
-  vars_files:
-   - /srv/web/infra/ansible/vars/global.yml
-   - "/srv/private/ansible/vars.yml"
-   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-
-  pre_tasks:
-  - import_tasks: "{{ tasks_path }}/yumrepos.yml"
-
-  roles:
-  - base
-  - rkhunter
-  - nagios_client
-  - hosts
-  - fas_client
-  - rsyncd
-  - sudo
-  - collectd/base
-
-  tasks:
-  - import_tasks: "{{ tasks_path }}/2fa_client.yml"
-  - import_tasks: "{{ tasks_path }}/motd.yml"
-
-  handlers:
-  - import_tasks: "{{ handlers_path }}/restart_services.yml"
-
-- name: openvpn on the prod frontend nodes
-  hosts: freshmaker_frontend
-  user: root
-  gather_facts: True
-
-  vars_files:
-   - /srv/web/infra/ansible/vars/global.yml
-   - "/srv/private/ansible/vars.yml"
-   - "{{ vars_path }}/{{ ansible_distribution }}.yml"
-
-  roles:
-  - openvpn/client
-
-  handlers:
-  - import_tasks: "{{ handlers_path }}/restart_services.yml"
-
-- name: set up Freshmaker frontend
-  hosts: freshmaker_frontend:freshmaker_frontend_stg
-  user: root
-  gather_facts: True
-
-  vars_files:
-   - /srv/web/infra/ansible/vars/global.yml
-   - "/srv/private/ansible/vars.yml"
-   - "{{ vars_path }}/{{ ansible_distribution }}.yml"
-
-  roles:
-  - mod_wsgi
-  - role: freshmaker/frontend
-    # TLS is terminated for us at the proxy layer (like for every other app).
-    freshmaker_force_ssl: False
-    freshmaker_servername: null
-
-  handlers:
-  - import_tasks: "{{ handlers_path }}/restart_services.yml"
-
-- name: set up Freshmaker backend
-  hosts: freshmaker_backend:freshmaker_backend_stg
-  user: root
-  gather_facts: True
-
-  vars_files:
-   - /srv/web/infra/ansible/vars/global.yml
-   - "/srv/private/ansible/vars.yml"
-   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-
-  roles:
-  - fedmsg/base
-  - role: freshmaker/backend
-    freshmaker_servername: freshmaker{{env_suffix}}.fedoraproject.org
-
-  - role: keytab/service
-    service: freshmaker
-    owner_user: fedmsg
-    owner_group: fedmsg
-    host: "freshmaker{{env_suffix}}.fedoraproject.org"
-
-  handlers:
-  - import_tasks: "{{ handlers_path }}/restart_services.yml"

roles/freshmaker/backend/defaults/main.yml

@@ -1,3 +0,0 @@
----
-freshmaker_upgrade: False
-freshmaker_migrate_db: False

roles/freshmaker/backend/meta/main.yml

@@ -1,3 +0,0 @@
----
-dependencies:
-    - { role: freshmaker/base }

roles/freshmaker/backend/tasks/main.yml

@@ -1,44 +0,0 @@
----
-- name: install the latest Freshmaker package
-  package:
-    name: freshmaker
-    state: latest
-    update_cache: yes
-  when: freshmaker_upgrade
-  notify:
-  - restart fedmsg-hub
-  tags:
-  - freshmaker
-  - freshmaker/backend
-
-- name: generate the Freshmaker koji config
-  template:
-    src: etc/koji.conf.d/freshmaker.conf.j2
-    dest: /etc/koji.conf.d/freshmaker.conf
-    owner: fedmsg
-    group: fedmsg
-    mode: 0440
-  notify:
-  - restart fedmsg-hub
-  tags:
-  - freshmaker
-  - freshmaker/backend
-
-- name: ensure fedmsg-hub starts on boot
-  service:
-    name: "fedmsg-hub"
-    enabled: yes
-
-# This will initialize Alembic if the database is empty, and migrate to the
-# latest revision
-- name: migrate the database
-  command: "{{ item }}"
-  with_items:
-  - freshmaker-manager upgradedb
-  - freshmaker-manager db migrate
-  become: yes
-  become_user: fedmsg
-  when: freshmaker_migrate_db
-  tags:
-  - freshmaker
-  - freshmaker/backend

roles/freshmaker/backend/templates/etc/koji.conf.d/freshmaker.conf.j2

@@ -1,13 +0,0 @@
-[freshmaker_prod]
-server = https://koji.fedoraproject.org/kojihub
-weburl = https://koji.fedoraproject.org/koji
-topurl = https://kojipkgs.fedoraproject.org/
-authtype = kerberos
-krb_rdns = false
-
-[freshmaker_stg]
-server = https://koji.stg.fedoraproject.org/kojihub
-weburl = https://koji.stg.fedoraproject.org/koji
-topurl = https://kojipkgs.stg.fedoraproject.org/
-authtype = kerberos
-krb_rdns = false

roles/freshmaker/base/defaults/main.yml

@@ -1,29 +0,0 @@
----
-freshmaker_force_postgres_ssl: False
-freshmaker_handler_build_whitelist: null
-freshmaker_handler_build_blacklist: null
-freshmaker_pdc_insecure: False
-freshmaker_stg_krb_auth_client_keytab: "/etc/krb5.freshmaker_freshmaker.stg.fedoraproject.org.keytab"
-freshmaker_stg_krb_auth_principal: "freshmaker/freshmaker.stg.fedoraproject.org@STG.FEDORAPROJECT.ORG"
-freshmaker_prod_krb_auth_client_keytab: "/etc/krb5.freshmaker_freshmaker.fedoraproject.org.keytab"
-freshmaker_prod_krb_auth_principal: "freshmaker/freshmaker.fedoraproject.org@FEDORAPROJECT.ORG"
-freshmaker_stg_git_base_url: git://pkgs.stg.fedoraproject.org
-freshmaker_stg_git_ssh_base_url: ssh://%s@pkgs.stg.fedoraproject.org
-freshmaker_stg_git_user: null
-freshmaker_prod_git_base_url: git://pkgs.fedoraproject.org
-freshmaker_prod_git_ssh_base_url: ssh://%s@pkgs.fedoraproject.org
-freshmaker_prod_git_user: null
-freshmaker_stg_odcs_server_url: https://odcs.fedoraproject.org
-freshmaker_prod_odcs_server_url: https://odcs.stg.fedoraproject.org
-freshmaker_stg_odcs_sigkeys: []
-freshmaker_prod_odcs_sigkeys: []
-freshmaker_stg_mbs_auth_token: null
-freshmaker_prod_mbs_auth_token: null
-freshmaker_dry_run: False
-freshmaker_admins: {"users": [], "groups": []}
-freshmaker_log_level: info
-freshmaker_servername: localhost
-
-freshmaker_messaging_topic_prefix:  []
-freshmaker_parsers: []
-freshmaker_handlers: []

roles/freshmaker/base/handlers/main.yml

@@ -1,3 +0,0 @@
----
-- name: restart fedmsg-hub daemon
-  command: /usr/local/bin/conditional-restart.sh fedmsg-hub python2-fedmsg

roles/freshmaker/base/tasks/main.yml

@@ -1,30 +0,0 @@
----
-- name: install the packages required for Freshmaker frontend
-  package:
-    name: ["httpd", "mod_wsgi", "mod_auth_openidc",
-           "libsemanage-python", "python-psycopg2", "freshmaker"]
-    state: present
-  when: inventory_hostname.startswith('freshmaker-frontend')
-  tags:
-  - freshmaker
-
-- name: install the packages required for Freshmaker backend
-  package:
-    name: ["python-psycopg2", "freshmaker"]
-    state: present
-  when: inventory_hostname.startswith('freshmaker-backend')
-  tags:
-  - freshmaker
-
-- name: generate Freshmaker app config
-  template:
-    src: etc/freshmaker/config.py.j2
-    dest: /etc/freshmaker/config.py
-    owner: fedmsg
-    group: fedmsg
-    mode: 0440
-  notify:
-  - restart apache
-  - restart fedmsg-hub daemon
-  tags:
-  - freshmaker

roles/freshmaker/base/templates/etc/freshmaker/config.py.j2

@@ -1,263 +0,0 @@
-# -*- coding: utf-8 -*-
-
-from os import path, environ
-
-confdir = path.abspath(path.dirname(__file__))
-# use parent dir as dbdir else fallback to current dir
-dbdir = path.abspath(path.join(confdir, '..')) if confdir.endswith('conf') \
-    else confdir
-
-
-class BaseConfiguration(object):
-    # Make this random (used to generate session keys)
-    SECRET_KEY = '74d9e9f9cd40e66fc6c4c2e9987dce48df3ce98542529fd0'
-    SQLALCHEMY_DATABASE_URI = 'sqlite:///{0}'.format(path.join(
-        dbdir, 'freshmaker.db'))
-    SQLALCHEMY_TRACK_MODIFICATIONS = False
-
-    HOST = '0.0.0.0'
-    PORT = 5001
-
-    DEBUG = False
-    # Global network-related values, in seconds
-    NET_TIMEOUT = 120
-    NET_RETRY_INTERVAL = 30
-
-    SYSTEM = 'koji'
-    MESSAGING = 'fedmsg'  # or amq
-
-    # Available backends are: console, file, journal.
-    LOG_BACKEND = 'journal'
-
-    # Path to log file when LOG_BACKEND is set to "file".
-    LOG_FILE = 'freshmaker.log'
-
-    # Available log levels are: debug, info, warn, error.
-    LOG_LEVEL = 'info'
-
-    MESSAGING_TOPIC_PREFIX = ['org.fedoraproject.prod']
-
-    # Parsers defined for parse specific messages
-    PARSERS = [
-        'freshmaker.parsers.bodhi:BodhiUpdateCompleteStableParser',
-        'freshmaker.parsers.git:GitReceiveParser',
-        'freshmaker.parsers.koji:KojiTaskStateChangeParser',
-        'freshmaker.parsers.mbs:MBSModuleStateChangeParser',
-    ]
-
-    # List of enabled composing handlers.
-    HANDLERS = [
-        "freshmaker.handlers.bodhi:BodhiUpdateCompleteStableHandler",
-        "freshmaker.handlers.git:GitDockerfileChangeHandler",
-        "freshmaker.handlers.git:GitModuleMetadataChangeHandler",
-        "freshmaker.handlers.git:GitRPMSpecChangeHandler",
-        "freshmaker.handlers.koji:KojiTaskStateChangeHandler",
-        "freshmaker.handlers.mbs:MBSModuleStateChangeHandler",
-    ]
-
-    # Base URL of git repository with source artifacts.
-    GIT_BASE_URL = "git://pkgs.fedoraproject.org"
-
-    # SSH base URL of git repository
-    GIT_SSH_BASE_URL = "ssh://%s@pkgs.fedoraproject.org/"
-
-    # GIT user for cloning and pushing repo
-    GIT_USER = ""
-
-    # PDC API URL
-    PDC_URL = 'http://pdc.fedoraproject.org/rest_api/v1'
-
-    # Read Koji configuration from profile instead of reading them from
-    # configuration file directly. For staging Koji, it is stg.
-    KOJI_PROFILE = 'koji'
-    KOJI_PROXYUSER = False
-    KOJI_BUILD_OWNER = 'freshmaker'
-
-    # Settings for docker image rebuild handler
-    KOJI_CONTAINER_SCRATCH_BUILD = False
-
-    SSL_ENABLED = False
-
-    # whitelist and blacklist for handlers to decide whether an artifact
-    # can be built.
-    #
-    # In format of:
-    #
-    # { <handler_name> :
-    #     { <artifact_type>: <list_of_name_branch_dict> }
-    # }
-    #
-    # Here is an example of allowing MBSModuleStateChangeHandler to build
-    # any module that module name matches 'base-.*' but not:
-    #   1. module name matches 'base-test-module'
-    # or:
-    #   2. module from branch 'rawhide'
-    #
-    # HANDLER_BUILD_WHITELIST = {
-    #     "MBSModuleStateChangeHandler": {
-    #         "module": [
-    #             {
-    #                 'name': 'base-.*',
-    #             },
-    #         ],
-    #     },
-    # }
-    # HANDLER_BUILD_BLACKLIST = {
-    #     "MBSModuleStateChangeHandler": {
-    #         "module": [
-    #             {
-    #                 'name': 'base-test-module',
-    #             },
-    #             {
-    #                 'branch': 'rawhide',
-    #             },
-    #         ],
-    #     },
-    # }
-
-
-class DevConfiguration(BaseConfiguration):
-    DEBUG = True
-    LOG_BACKEND = 'console'
-    LOG_LEVEL = 'debug'
-
-    MESSAGING_TOPIC_PREFIX = ['org.fedoraproject.dev', 'org.fedoraproject.stg']
-
-    # Global network-related values, in seconds
-    NET_TIMEOUT = 5
-    NET_RETRY_INTERVAL = 1
-
-    KOJI_CONTAINER_SCRATCH_BUILD = True
-
-    LIGHTBLUE_VERIFY_SSL = False
-
-
-class TestConfiguration(BaseConfiguration):
-    LOG_BACKEND = 'console'
-    LOG_LEVEL = 'debug'
-    DEBUG = True
-
-    SQLALCHEMY_DATABASE_URI = 'sqlite:///{0}'.format(
-        path.join(dbdir, 'tests', 'test_freshmaker.db'))
-
-    MESSAGING = 'in_memory'
-    PDC_URL = 'http://pdc.fedoraproject.org/rest_api/v1'
-
-    # Global network-related values, in seconds
-    NET_TIMEOUT = 3
-    NET_RETRY_INTERVAL = 1
-    MBS_AUTH_TOKEN = "testingtoken"
-
-    KOJI_CONTAINER_SCRATCH_BUILD = True
-
-    LIGHTBLUE_SERVER_URL = ''  # replace with real dev server url
-    LIGHTBLUE_VERIFY_SSL = False
-
-
-class ProdConfiguration(BaseConfiguration):
-    AUTH_BACKEND = 'openidc'
-    # use kerberos for talking to koji
-    KRB_AUTH_USE_KEYTAB = True
-
-    PDC_INSECURE = {{ freshmaker_pdc_insecure }}
-    # No auth is required by Freshmaker, read-only PDC accesss is enough.
-    PDC_DEVELOP = True
-
-{% if env == 'staging' %}
-    SECRET_KEY = "{{ freshmaker_stg_secret_key }}"
-
-    AUTH_OPENIDC_USERINFO_URI = 'https://id.stg.fedoraproject.org/openidc/UserInfo'
-
-    SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://freshmaker:{{freshmaker_stg_db_password}}@db-freshmaker/freshmaker{{ '?sslmode=require' if freshmaker_force_postgres_ssl else '' }}'
-
-    KOJI_PROFILE = 'freshmaker_stg'
-
-    MBS_BASE_URL = "https://mbs.stg.fedoraproject.org"
-    MBS_AUTH_TOKEN = "{{ freshmaker_stg_mbs_auth_token }}"
-
-    PDC_URL = 'https://pdc.stg.fedoraproject.org/rest_api/v1'
-
-    GIT_BASE_URL = "{{ freshmaker_stg_git_base_url }}"
-    GIT_SSH_BASE_URL = "{{ freshmaker_stg_git_ssh_base_url }}"
-    GIT_USER = "{{ freshmaker_stg_git_user }}"
-
-    ODCS_SERVER_URL = "{{ freshmaker_prod_odcs_server_url }}"
-    ODCS_SIGKEYS = {{ freshmaker_prod_odcs_sigkeys }}
-
-    KRB_AUTH_CLIENT_KEYTAB = "{{ freshmaker_stg_krb_auth_client_keytab }}"
-    KRB_AUTH_PRINCIPAL = "{{ freshmaker_stg_krb_auth_principal }}"
-{% else %}
-    SECRET_KEY = "{{ freshmaker_prod_secret_key }}"
-
-    AUTH_OPENIDC_USERINFO_URI = 'https://id.fedoraproject.org/openidc/UserInfo'
-
-    SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://freshmaker:{{freshmaker_prod_db_password}}@db-freshmaker/freshmaker{{ '?sslmode=require' if freshmaker_force_postgres_ssl else '' }}'
-
-    KOJI_PROFILE = "freshmaker_production"
-
-    MBS_BASE_URL = "https://mbs.fedoraproject.org"
-    MBS_AUTH_TOKEN = "{{ freshmaker_prod_mbs_auth_token }}"
-
-    PDC_URL = 'https://pdc.fedoraproject.org/rest_api/v1'
-
-    GIT_BASE_URL = "{{ freshmaker_prod_git_base_url }}"
-    GIT_SSH_BASE_URL = "{{ freshmaker_prod_git_ssh_base_url }}"
-    GIT_USER = "{{ freshmaker_prod_git_user }}"
-
-    ODCS_SERVER_URL = "{{ freshmaker_prod_odcs_server_url }}"
-    ODCS_SIGKEYS = {{ freshmaker_prod_odcs_sigkeys }}
-
-    KRB_AUTH_CLIENT_KEYTAB = "{{ freshmaker_prod_krb_auth_client_keytab }}"
-    KRB_AUTH_PRINCIPAL = "{{ freshmaker_prod_krb_auth_principal }}"
-{% endif %}
-
-    # requests_kerberos module does not support setting keytab, but the krb5
-    # library checks the KRB5_CLIENT_KTNAME environment variable to set the
-    # path to keytab.
-    environ["KRB5_CLIENT_KTNAME"] = KRB_AUTH_CLIENT_KEYTAB
-
-    MESSAGING = 'fedmsg'
-    MESSAGING_SENDER = 'fedmsg'
-    MESSAGING_BACKENDS = {
-        'fedmsg': {
-            'SERVICE': 'freshmaker',
-        },
-        'in_memory': {
-            'SERVICE': 'freshmaker',
-        }
-    }
-
-    MESSAGING_TOPIC_PREFIX = [
-    {% for prefix in freshmaker_messaging_topic_prefix %}
-        '{{ prefix }}',
-    {% endfor %}
-    ]
-
-    PARSERS = [
-    {% for parser in freshmaker_parsers %}
-        '{{ parser }}',
-    {% endfor %}
-    ]
-
-    HANDLERS = [
-    {% for handler in freshmaker_handlers %}
-        '{{ handler }}',
-    {% endfor %}
-    ]
-
-{% if freshmaker_handler_build_whitelist %}
-    HANDLER_BUILD_WHITELIST = {{ freshmaker_handler_build_whitelist }}
-{% endif %}
-
-{% if freshmaker_handler_build_blacklist %}
-    HANDLER_BUILD_BLACKLIST = {{ freshmaker_handler_build_blacklist }}
-{% endif %}
-
-    DRY_RUN = {{ freshmaker_dry_run }}
-
-    ADMINS = {{ freshmaker_admins }}
-
-    LOG_LEVEL = "{{ freshmaker_log_level }}"
-{% if freshmaker_servername %}
-    SERVER_NAME = "{{ freshmaker_servername }}"
-{% endif %}

roles/freshmaker/frontend/defaults/main.yml

@@ -1,11 +0,0 @@
----
-freshmaker_upgrade: False
-freshmaker_migrate_db: False
-freshmaker_force_ssl: True
-freshmaker_endpoint: ''
-freshmaker_allowed_named_hosts: []
-freshmaker_allowed_hosts: []
-freshmaker_servername: localhost
-freshmaker_stg_oidc_client_id: 'unset'
-freshmaker_stg_oidc_client_secret: 'unset'
-

roles/freshmaker/frontend/meta/main.yml

@@ -1,3 +0,0 @@
----
-dependencies:
-    - { role: freshmaker/base }

roles/freshmaker/frontend/tasks/main.yml

@@ -1,47 +0,0 @@
----
-- name: install the latest Freshmaker package
-  yum:
-    name: freshmaker
-    state: latest
-    update_cache: yes
-  with_items:
-  - freshmaker
-  when: freshmaker_upgrade
-  notify:
-  - restart apache
-  tags:
-  - freshmaker
-  - freshmaker/frontend
-
-- name: ensure selinux lets httpd talk to postgres
-  seboolean: name={{item}} state=yes persistent=yes
-  with_items:
-  - httpd_can_network_connect_db
-  - httpd_can_network_connect
-  when: "'enabled' in ansible_selinux.status"
-  tags:
-  - freshmaker
-  - freshmaker/frontend
-  - selinux
-
-- name: make httpd logs world readable
-  file:
-    name: /var/log/httpd
-    state: directory
-    mode: 0755
-  tags:
-  - freshmaker
-  - freshmaker/frontend
-
-- name: generate the Freshmaker httpd config
-  template:
-    src: etc/httpd/conf.d/freshmaker.conf.j2
-    dest: /etc/httpd/conf.d/freshmaker.conf
-    owner: apache
-    group: apache
-    mode: 0440
-  notify:
-  - restart apache
-  tags:
-  - freshmaker
-  - freshmaker/frontend

roles/freshmaker/frontend/templates/etc/httpd/conf.d/freshmaker.conf.j2

@@ -1,49 +0,0 @@
-{% if freshmaker_force_ssl %}
-# Force SSL
-RewriteEngine On
-RewriteCond %{HTTPS} off
-RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
-{% endif %}
-
-WSGIDaemonProcess freshmaker user=fedmsg group=fedmsg processes={{wsgi_procs}} threads={{wsgi_threads}} home=/usr/share/freshmaker
-WSGIScriptAlias /{{ freshmaker_endpoint }} /usr/share/freshmaker/freshmaker.wsgi
-
-{% if freshmaker_servername != inventory_hostname and freshmaker_servername != None %}
-# Redirect from the hostname of this machine to user-visible hostname.
-RewriteEngine On
-<If "%{HTTP_HOST} == '{{ inventory_hostname }}'">
-RewriteRule (.*) "%{REQUEST_SCHEME}://{{ freshmaker_servername }}%{REQUEST_URI}" [R,L]
-</If>
-{% endif %}
-
-{% if env == 'staging' %}
-OIDCOAuthClientID {{ freshmaker_stg_oidc_client_id }}
-OIDCOAuthClientSecret {{ freshmaker_stg_oidc_client_secret }}
-OIDCOAuthIntrospectionEndpoint https://id.stg.fedoraproject.org/openidc/TokenInfo
-{% else %}
-OIDCOAuthClientID {{ freshmaker_prod_oidc_client_id }}
-OIDCOAuthClientSecret {{ freshmaker_prod_oidc_client_secret }}
-OIDCOAuthIntrospectionEndpoint https://id.fedoraproject.org/openidc/TokenInfo
-{% endif %}
-
-OIDCOAuthIntrospectionEndpointAuth client_secret_post
-OIDCOAuthIntrospectionEndpointParams token_type_hint=Bearer
-
-<Directory /usr/share/freshmaker>
-    WSGIProcessGroup freshmaker
-    WSGIApplicationGroup %{GLOBAL}
-
-    {% if freshmaker_allowed_named_hosts or freshmaker_allowed_hosts %}
-    # Only requests from following hosts/ips are allowed.
-    <RequireAny>
-        {{ 'Require host ' ~ freshmaker_allowed_named_hosts|join(' ') if freshmaker_allowed_named_hosts else '' }}
-        {{ 'Require ip ' ~ freshmaker_allowed_hosts|join(' ') if freshmaker_allowed_hosts else '' }}
-    </RequireAny>
-    {% endif %}
-
-    {% if not freshmaker_allowed_named_hosts and not freshmaker_allowed_hosts %}
-    # No auth mechanism configured, so everyone is allowed to access Freshmaker.
-    Require all granted
-    {% endif %}
-
-</Directory>