August 2016 - infrastructure - Fedora Mailing-Lists

Flock discussions recap/request for input

by Kevin Fenzi

Greetings. At the recent flock conference Infrastructure workshop, we had a nice lively discussion on a number of items. However, as is normal, we don't want to make decisions about things without being open and allowing input from everyone, including those that couldn't be at flock. So, I thought I would write up what we talked about and the consensus we came up with and ask for any more input from this list before we start implementing things. It's possible there's something we didn't think about or that needs more discussion, so do feel free to reply to this email with any parts you want to comment on. * Containers in Fedora Infrastructure: * We want to look at moving things that make sense to containers. * A good initial candidate is the mirrorlist servers. * Would use the existing OSBS build system to build them. * Would run on proxies. * Would have haproxy list their socket as primary and old mirrorlists as secondary. * The container would have mirrorlist-server wsgi in it along with the pkl updated hourly. * Could allow us to spin up more as needed, but also should allow faster answers from proxies as they don't have to depend on or query over the vpn. * Contributor resources in the fedorainfracloud * Once our cloud is upgraded, we can use ipsilon to let users login to the cloud and spin up instances for Fedora related needs. * Outgoing restrictions would be added on port 25 and the like * To start with users would only get 1 external floating ip. * Initial rollout would enable qa and packager groups, need to see if docs and i18n or other groups would have a use for it. * would note that we can terminate any instance for any reason. * Patrick would write some scripting to notify users after some time and terminate if we didn't get an answer back. * Long term instances should be moved to persistent infra playbooks. * Build setup and requirements for infrastructure applications. * Will get releng to set us up some side tags that we can build from src.rpm in. * all prod builds to be done in koji. * Up to maintainers what priority they place on getting into EPEL/Fedora. Encouraged for many reasons. * FAS3 status * Was running in staging, but we disabled for now until we can finish a security audit. * Need to get python-fedora changes lined up and ready/pushed out. * Need to get fas3 fas_client packaged and ready to go. * Need more testing in staging. * Hopefully move production over after f25 is out. * Fedora Infrastructure support setup * Talked about on the list a fair bit. * Support can be determined by looking at the domain: fedoraproject.org - full 24x7 support, monitoring, uses RFR stg.fedoraproject.org - 8x5 support, monitoring fedoracommunity.org - some support, monitoring, uses simple RFR fedorainfracloud.org - unsupported, apps run by contributors * Fedora CA and cert infrastructure. * Current CA expires in 2018. * Plans being worked on now to back fas3 with freeipa so we could move to kerberos tickets for koji then * Need to figure out what would need to happen to sigul for that. * Wait and see pending freeipa/fas3 integration. * koji alternative arch proposals (on devel list, fesco ticket) * Not too much infrastructure work here. * will need to increase storage for primary koji, but can regain from secondaries once their last releases go end of life. Thats all I had notes on from the workshop, but there may well have been other items, please do chime in with them if you think of anything, or have any thoughts on the above. kevin

7 years, 8 months

3
3
0 / 0

Freeze Break Request (Retroactive): Adding new staging database host for testing in qa

by Tim Flink

I completely forgot that we were in Alpha freeze earlier today and made some changes without requesting a freeze break. The changes shouldn't impact production in any meaningful way but I can back all the changes out if need be. In summary, I did the following: - created new dns entries for db-qa-stg01.qa - added a new db-qa-stg01.qa host to inventory - changed the postgres_server role to support dnf for f22+ - added the new db-qa-stg01.qa host to the postgres-server playbook I've attached a diff to this email for review. Tim

7 years, 8 months

2
3
0 / 0

Re: 'Meeting Agenda Item: Introduction Marc'

by Marc Bagatela

employment in the furture On Tue, Aug 9, 2016 at 2:34 PM, Marc Bagatela <mbphilly84(a)gmail.com> wrote: > Hi everyone My name is Marc > IRC: marc84 > I can write Basic bash script but I willing to learn other programming > language like python and also want to learn about web application. I have > LPIC-1 certification and I want to improve my current linux administrator > skills. I also have Linux User groups(Linux, Linux(tech support) & gentoo > linux) on facebook and I also attend fosscon. > > What i want to learn? > I want to know everything what infrastructure team and system > administrator what they do. I like to learn new application and programming > skills that will help me become a linux administrator and also help me get >

7 years, 8 months

1
0
0 / 0

'Meeting Agenda Item: Introduction Marc'

by Marc Bagatela

Hi everyone My name is Marc IRC: marc84 I can write Basic bash script but I willing to learn other programming language like python and also want to learn about web application. I have LPIC-1 certification and I want to improve my current linux administrator skills. I also have Linux User groups(Linux, Linux(tech support) & gentoo linux) on facebook and I also attend fosscon. What i want to learn? I want to know everything what infrastructure team and system administrator what they do. I like to learn new application and programming skills that will help me become a linux administrator and also help me get --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus

7 years, 8 months

1
0
0 / 0

Builds from git repo with unpacked sources

by Michal Sekletar

Hello everyone, this is my first post to Fedora Infrastructure list, allow me to quickly introduce myself. My name is Michal Sekletar and I work for Red Hat. I co-maintain systemd in both Fedora and RHEL. Also I am Fedora user and contributor for more than 5 years now. Some of you probably know that Red Hat's internal infrastructure (dist-git and build system) has a lot in common with what is available to Fedora packagers. Recently, internally they introduced very nice feature that might be also useful to Fedora packagers. It is the ability to build packages from exploded sources. Packager no longer uploads tarball to lookaside cache and maintains patches in dist-git, but points rhpkg (internal equivalent of fedpkg) to git repo that contains exploded sources with downstream patches applied on top. This allows for easy cherry-picking of patches between branches and a ton of other nice features that make maintainer's life easier. I briefly talked about this with Ralph at Flock. He suggested that I send an email to this list where we can start the discussion if this is something we want in Fedora, and in case yes, how to get there. Cheers, Michal

7 years, 8 months

4
5
0 / 0

unable to login to ask.fedoraproject.org

by Morgan Read

Hello folk I'm trying to post to: https://ask.fedoraproject.org/en/question/90082/fedora-24-doesnt-do-anyth... I write my post and click the login/signup button I'm referred to: https://ask.fedoraproject.org/en/account/signin/ Where I click on the 'fedora' button I'm referred to: https://id.fedoraproject.org/login/fas?ipsilon_transaction_id=bc5d2be8-f3... Where I enter my credentials and click the login button I'm referred to: https://ask.fedoraproject.org/en/account/signin/complete/?next=%2F&janrai... entity%2Clp.is_member%2Cmode%2Cns%2Cns.cla%2Cns.lp%2Cns.sreg%2Cop_endpoint%2Cresponse_nonce%2Creturn_to%2Csigned%2Csreg.email%2Csreg.nickname&openid.sreg.email=mstuff%40read.org.nz&openid.sreg.nickname=mread Where my 'Screen Name' is prepopulated with 'mread' (my FAS username), and; My 'Email Address' is prepopulated with 'mstuff(a)read.org.nz' And, I click the 'signup' button (Why do I have to 'signup' and not 'signin' when the top of the page says 'please sign in'?) And, I'm referred back to the same page with the announcement in RED: 'this email is already used by someone else, please choose another' Please can someone direct me out of this mindless loop so that I can post to the ask forum please

7 years, 8 months

2
1
0 / 0

[PATCH 1/4] Move mod_wsgi to a role rather than a included tasks

by Michael Scherer

--- files/mod_wsgi/wsgi.conf | 14 -------------- playbooks/groups/ask.yml | 2 +- playbooks/groups/autocloud-web.yml | 2 +- playbooks/groups/badges-web.yml | 2 +- playbooks/groups/basset.yml | 2 +- playbooks/groups/blockerbugs.yml | 2 +- playbooks/groups/bodhi2.yml | 2 +- playbooks/groups/datagrepper.yml | 2 +- playbooks/groups/elections.yml | 2 +- playbooks/groups/fas.yml | 2 +- playbooks/groups/fas3.yml | 2 +- playbooks/groups/fedocal.yml | 2 +- playbooks/groups/github2fedmsg.yml | 2 +- playbooks/groups/ipa.yml | 2 +- playbooks/groups/ipsilon.yml | 2 +- playbooks/groups/kerneltest.yml | 2 +- playbooks/groups/koschei-web.yml | 2 +- playbooks/groups/mailman.yml | 2 +- playbooks/groups/mdapi.yml | 2 +- playbooks/groups/mirrorlist2.yml | 2 +- playbooks/groups/noc.yml | 2 +- playbooks/groups/notifs-web.yml | 2 +- playbooks/groups/nuancier.yml | 2 +- playbooks/groups/packages.yml | 2 +- playbooks/groups/pdc.yml | 4 +--- playbooks/groups/pkgdb.yml | 2 +- playbooks/groups/statscache.yml | 4 +--- playbooks/groups/sundries.yml | 2 +- playbooks/groups/tagger.yml | 2 +- playbooks/groups/zanata2fedmsg.yml | 2 +- .../hosts/grafana.cloud.fedoraproject.org.yml | 2 +- playbooks/hosts/graphite.fedorainfracloud.org.yml | 2 +- playbooks/hosts/iddev.fedorainfracloud.org.yml | 2 +- playbooks/hosts/lists-dev.fedorainfracloud.org.yml | 2 +- .../hosts/modernpaste.fedorainfracloud.org.yml | 2 +- roles/mod_wsgi/files/wsgi.conf | 14 ++++++++++++++ roles/mod_wsgi/handlers/main.yml | 2 ++ roles/mod_wsgi/tasks/mod_wsgi.yml | 22 ++++++++++++++++++++++ tasks/mod_wsgi.yml | 22 ---------------------- 39 files changed, 72 insertions(+), 74 deletions(-) delete mode 100644 files/mod_wsgi/wsgi.conf create mode 100644 roles/mod_wsgi/files/wsgi.conf create mode 100644 roles/mod_wsgi/handlers/main.yml create mode 100644 roles/mod_wsgi/tasks/mod_wsgi.yml delete mode 100644 tasks/mod_wsgi.yml diff --git a/files/mod_wsgi/wsgi.conf b/files/mod_wsgi/wsgi.conf deleted file mode 100644 index 6c32a15..0000000 --- a/files/mod_wsgi/wsgi.conf +++ /dev/null @@ -1,14 +0,0 @@ -LoadModule wsgi_module modules/mod_wsgi.so - -# Some apps, notably anything that uses hg, need these off -WSGIRestrictStdin Off -WSGIRestrictStdout Off - -# Put the socket somewhere writable -WSGISocketPrefix run/wsgi - -# Do not Optimize without stripping docstrings -WSGIPythonOptimize 0 - -# Set WSGIApplicationGroup to global -WSGIApplicationGroup %{GLOBAL} diff --git a/playbooks/groups/ask.yml b/playbooks/groups/ask.yml index e52b1fb..574e309 100644 --- a/playbooks/groups/ask.yml +++ b/playbooks/groups/ask.yml @@ -18,6 +18,7 @@ - fas_client - collectd/base - apache + - mod_wsgi - ask - fedmsg/base - rsyncd @@ -29,7 +30,6 @@ - include: "{{ tasks }}/yumrepos.yml" - include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/autocloud-web.yml b/playbooks/groups/autocloud-web.yml index 52c5ac4..47ec534 100644 --- a/playbooks/groups/autocloud-web.yml +++ b/playbooks/groups/autocloud-web.yml @@ -21,6 +21,7 @@ - fas_client - collectd/base - apache + - mod_wsgi - fedmsg/base - sudo - role: openvpn/client @@ -29,7 +30,6 @@ tasks: - include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/badges-web.yml b/playbooks/groups/badges-web.yml index cff2680..3f53cd9 100644 --- a/playbooks/groups/badges-web.yml +++ b/playbooks/groups/badges-web.yml @@ -29,6 +29,7 @@ - sudo - { role: openvpn/client, when: env != "staging" } + - mod_wsgi - role: collectd/web-service site: frontpage url: "http://localhost/" @@ -42,7 +43,6 @@ - include: "{{ tasks }}/yumrepos.yml" - include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/basset.yml b/playbooks/groups/basset.yml index 1af41a4..3ee7b82 100644 --- a/playbooks/groups/basset.yml +++ b/playbooks/groups/basset.yml @@ -26,6 +26,7 @@ - mongodb - rabbitmq - apache + - mod_wsgi - basset/frontend - basset/worker @@ -33,7 +34,6 @@ - include: "{{ tasks }}/yumrepos.yml" - include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/blockerbugs.yml b/playbooks/groups/blockerbugs.yml index 27d4b16..113eda6 100644 --- a/playbooks/groups/blockerbugs.yml +++ b/playbooks/groups/blockerbugs.yml @@ -23,13 +23,13 @@ - { role: openvpn/client, when: env != "staging" } - apache + - mod_wsgi - blockerbugs tasks: - include: "{{ tasks }}/yumrepos.yml" - include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/bodhi2.yml b/playbooks/groups/bodhi2.yml index 0a12c32..df9fac2 100644 --- a/playbooks/groups/bodhi2.yml +++ b/playbooks/groups/bodhi2.yml @@ -22,6 +22,7 @@ - { role: openvpn/client, when: env != "staging" } - apache + - mod_wsgi - { role: bodhi2/base, when: "inventory_hostname.startswith('bodhi0')" } - { role: fedmsg/base, when: "inventory_hostname.startswith('bodhi0')" } @@ -29,7 +30,6 @@ - include: "{{ tasks }}/yumrepos.yml" - include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/datagrepper.yml b/playbooks/groups/datagrepper.yml index 9e343c0..c6eeaa1 100644 --- a/playbooks/groups/datagrepper.yml +++ b/playbooks/groups/datagrepper.yml @@ -25,12 +25,12 @@ - { role: openvpn/client, when: env != "staging" } - apache + - mod_wsgi tasks: - include: "{{ tasks }}/yumrepos.yml" - include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/elections.yml b/playbooks/groups/elections.yml index 756fc37..afdc6a2 100644 --- a/playbooks/groups/elections.yml +++ b/playbooks/groups/elections.yml @@ -21,13 +21,13 @@ - { role: openvpn/client, when: env != "staging" } - apache + - mod_wsgi - collectd/base tasks: - include: "{{ tasks }}/yumrepos.yml" - include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/fas.yml b/playbooks/groups/fas.yml index bff9deb..3243a22 100644 --- a/playbooks/groups/fas.yml +++ b/playbooks/groups/fas.yml @@ -22,6 +22,7 @@ - rsyncd - memcached - apache + - mod_wsgi - fas_server - fedmsg/base - sudo @@ -33,7 +34,6 @@ - include: "{{ tasks }}/yumrepos.yml" - include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/fas3.yml b/playbooks/groups/fas3.yml index 3c93166..021b492 100644 --- a/playbooks/groups/fas3.yml +++ b/playbooks/groups/fas3.yml @@ -22,6 +22,7 @@ - rsyncd - memcached - apache + - mod_wsgi - fas3_server - fedmsg/base - sudo @@ -33,7 +34,6 @@ - include: "{{ tasks }}/yumrepos.yml" #- include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/fedocal.yml b/playbooks/groups/fedocal.yml index 3bee8ea..ec2989b 100644 --- a/playbooks/groups/fedocal.yml +++ b/playbooks/groups/fedocal.yml @@ -21,13 +21,13 @@ - { role: openvpn/client, when: env != "staging" } - apache + - mod_wsgi - collectd/base tasks: - include: "{{ tasks }}/yumrepos.yml" - include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/github2fedmsg.yml b/playbooks/groups/github2fedmsg.yml index ac8264a..99fe0eb 100644 --- a/playbooks/groups/github2fedmsg.yml +++ b/playbooks/groups/github2fedmsg.yml @@ -27,12 +27,12 @@ - { role: openvpn/client, when: env != "staging" } - apache + - mod_wsgi tasks: - include: "{{ tasks }}/yumrepos.yml" - include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/ipa.yml b/playbooks/groups/ipa.yml index 609fb46..8ebfcf0 100644 --- a/playbooks/groups/ipa.yml +++ b/playbooks/groups/ipa.yml @@ -20,12 +20,12 @@ - sudo - { role: openvpn/client, when: env != "staging" } + - mod_wsgi tasks: - include: "{{ tasks }}/yumrepos.yml" - include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/ipsilon.yml b/playbooks/groups/ipsilon.yml index 5706119..9bbccdf 100644 --- a/playbooks/groups/ipsilon.yml +++ b/playbooks/groups/ipsilon.yml @@ -26,12 +26,12 @@ - { role: openvpn/client, when: env != "staging" } - apache + - mod_wsgi tasks: - include: "{{ tasks }}/yumrepos.yml" - include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/kerneltest.yml b/playbooks/groups/kerneltest.yml index 46ec3b8..221b1d3 100644 --- a/playbooks/groups/kerneltest.yml +++ b/playbooks/groups/kerneltest.yml @@ -27,12 +27,12 @@ - { role: openvpn/client, when: env != "staging" } - apache + - mod_wsgi tasks: - include: "{{ tasks }}/yumrepos.yml" - include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/koschei-web.yml b/playbooks/groups/koschei-web.yml index a21edf1..9314f57 100644 --- a/playbooks/groups/koschei-web.yml +++ b/playbooks/groups/koschei-web.yml @@ -20,13 +20,13 @@ - collectd/base - { role: sudo, sudoers: "{{ private }}/files/sudo/koschei01-sudoers" } - { role: openvpn/client, when: env != "staging" } + - mod_wsgi - koschei/frontend tasks: - include: "{{ tasks }}/yumrepos.yml" - include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/mailman.yml b/playbooks/groups/mailman.yml index c4f837d..b3d0da0 100644 --- a/playbooks/groups/mailman.yml +++ b/playbooks/groups/mailman.yml @@ -26,13 +26,13 @@ when: env != "staging" } - apache - spamassassin + - mod_wsgi tasks: # this is how you include other task lists - include: "{{ tasks }}/yumrepos.yml" - include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/mdapi.yml b/playbooks/groups/mdapi.yml index f07ee88..656c139 100644 --- a/playbooks/groups/mdapi.yml +++ b/playbooks/groups/mdapi.yml @@ -21,12 +21,12 @@ - { role: openvpn/client, when: env != "staging" } - collectd/base + - mod_wsgi tasks: - include: "{{ tasks }}/yumrepos.yml" - include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/mirrorlist2.yml b/playbooks/groups/mirrorlist2.yml index bbc8468..aea46eb 100644 --- a/playbooks/groups/mirrorlist2.yml +++ b/playbooks/groups/mirrorlist2.yml @@ -56,6 +56,7 @@ - fas_client - collectd/base - apache + - mod_wsgi - httpd/mod_ssl - role: httpd/certificate @@ -95,7 +96,6 @@ - include: "{{ tasks }}/yumrepos.yml" - include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: diff --git a/playbooks/groups/noc.yml b/playbooks/groups/noc.yml index 1d426ad..34d4bd3 100644 --- a/playbooks/groups/noc.yml +++ b/playbooks/groups/noc.yml @@ -22,12 +22,12 @@ - { role: openvpn/client, when: env != "staging" } - apache + - mod_wsgi tasks: - include: "{{ tasks }}/yumrepos.yml" - include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/notifs-web.yml b/playbooks/groups/notifs-web.yml index afb8c7f..3c49b35 100644 --- a/playbooks/groups/notifs-web.yml +++ b/playbooks/groups/notifs-web.yml @@ -23,6 +23,7 @@ - fas_client - collectd/base - apache + - mod_wsgi - fedmsg/base - notifs/frontend - sudo @@ -33,7 +34,6 @@ - include: "{{ tasks }}/yumrepos.yml" - include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/nuancier.yml b/playbooks/groups/nuancier.yml index 1d48752..5237609 100644 --- a/playbooks/groups/nuancier.yml +++ b/playbooks/groups/nuancier.yml @@ -26,12 +26,12 @@ - { role: openvpn/client, when: env != "staging" } - apache + - mod_wsgi tasks: - include: "{{ tasks }}/yumrepos.yml" - include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/packages.yml b/playbooks/groups/packages.yml index 81e8997..a7f8505 100644 --- a/playbooks/groups/packages.yml +++ b/playbooks/groups/packages.yml @@ -27,12 +27,12 @@ - { role: openvpn/client, when: env != "staging" } - apache + - mod_wsgi tasks: - include: "{{ tasks }}/yumrepos.yml" - include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/pdc.yml b/playbooks/groups/pdc.yml index 49e0fe1..f57bed8 100644 --- a/playbooks/groups/pdc.yml +++ b/playbooks/groups/pdc.yml @@ -42,12 +42,10 @@ - role: openvpn/client when: env != "staging" - apache + - mod_wsgi - fedmsg/base - pdc/frontend - tasks: - - include: "{{ tasks }}/mod_wsgi.yml" - - name: stuff just for the backend nodes hosts: pdc-backend:pdc-backend-stg user: root diff --git a/playbooks/groups/pkgdb.yml b/playbooks/groups/pkgdb.yml index 95b70ff..9c3cc4d 100644 --- a/playbooks/groups/pkgdb.yml +++ b/playbooks/groups/pkgdb.yml @@ -25,12 +25,12 @@ - { role: openvpn/client, when: env != "staging" } - apache + - mod_wsgi tasks: - include: "{{ tasks }}/yumrepos.yml" - include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/statscache.yml b/playbooks/groups/statscache.yml index 3d1cd1e..a0a61ad 100644 --- a/playbooks/groups/statscache.yml +++ b/playbooks/groups/statscache.yml @@ -44,13 +44,11 @@ roles: - apache + - mod_wsgi - role: openvpn/client when: env != "staging" - statscache/frontend - tasks: - - include: "{{ tasks }}/mod_wsgi.yml" - - name: Stuff just for the fedmsg backend hosts: statscache-backend:statscache-backend-stg user: root diff --git a/playbooks/groups/sundries.yml b/playbooks/groups/sundries.yml index c7e66c2..537694f 100644 --- a/playbooks/groups/sundries.yml +++ b/playbooks/groups/sundries.yml @@ -23,6 +23,7 @@ - fas_client - collectd/base - apache + - mod_wsgi - geoip - geoip-city-wsgi/app - role: koji_reminder @@ -56,7 +57,6 @@ - include: "{{ tasks }}/yumrepos.yml" - include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/tagger.yml b/playbooks/groups/tagger.yml index ab32b1c..f781868 100644 --- a/playbooks/groups/tagger.yml +++ b/playbooks/groups/tagger.yml @@ -27,12 +27,12 @@ - { role: openvpn/client, when: env != "staging" } - apache + - mod_wsgi tasks: - include: "{{ tasks }}/yumrepos.yml" - include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/zanata2fedmsg.yml b/playbooks/groups/zanata2fedmsg.yml index c23a9a2..0628d17 100644 --- a/playbooks/groups/zanata2fedmsg.yml +++ b/playbooks/groups/zanata2fedmsg.yml @@ -27,12 +27,12 @@ - { role: openvpn/client, when: env != "staging" } - apache + - mod_wsgi tasks: - include: "{{ tasks }}/yumrepos.yml" - include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/hosts/grafana.cloud.fedoraproject.org.yml b/playbooks/hosts/grafana.cloud.fedoraproject.org.yml index 799d110..1933031 100644 --- a/playbooks/hosts/grafana.cloud.fedoraproject.org.yml +++ b/playbooks/hosts/grafana.cloud.fedoraproject.org.yml @@ -24,6 +24,7 @@ - base - rkhunter - apache + - mod_wsgi #- graphite/graphite #- graphite/statsd #- graphite/fedmsg2statsd @@ -33,7 +34,6 @@ - include: "{{ tasks }}/yumrepos.yml" #- include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/hosts/graphite.fedorainfracloud.org.yml b/playbooks/hosts/graphite.fedorainfracloud.org.yml index c120980..d04bc38 100644 --- a/playbooks/hosts/graphite.fedorainfracloud.org.yml +++ b/playbooks/hosts/graphite.fedorainfracloud.org.yml @@ -24,6 +24,7 @@ - base - rkhunter - apache + - mod_wsgi - certbot - graphite/graphite - graphite/statsd @@ -33,7 +34,6 @@ - include: "{{ tasks }}/yumrepos.yml" #- include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/hosts/iddev.fedorainfracloud.org.yml b/playbooks/hosts/iddev.fedorainfracloud.org.yml index 54784d8..848a8c1 100644 --- a/playbooks/hosts/iddev.fedorainfracloud.org.yml +++ b/playbooks/hosts/iddev.fedorainfracloud.org.yml @@ -24,6 +24,7 @@ - sudo - hosts - apache + - mod_wsgi - base pre_tasks: @@ -33,7 +34,6 @@ - include: "{{ tasks }}/cloud_setup_basic.yml" - name: set hostname (required by some services, at least postfix need it) hostname: name="{{inventory_hostname}}" - - include: "{{ tasks }}/mod_wsgi.yml" handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/hosts/lists-dev.fedorainfracloud.org.yml b/playbooks/hosts/lists-dev.fedorainfracloud.org.yml index aa7d3c7..31185e2 100644 --- a/playbooks/hosts/lists-dev.fedorainfracloud.org.yml +++ b/playbooks/hosts/lists-dev.fedorainfracloud.org.yml @@ -33,13 +33,13 @@ - sudo - hosts - apache + - mod_wsgi - base tasks: - include: "{{ tasks }}/postfix_basic.yml" - include: "{{ tasks }}/yumrepos.yml" - include: "{{ tasks }}/motd.yml" - - include: "{{ tasks }}/mod_wsgi.yml" # Basic Apache config - name: install mod_ssl diff --git a/playbooks/hosts/modernpaste.fedorainfracloud.org.yml b/playbooks/hosts/modernpaste.fedorainfracloud.org.yml index 996d764..7d07691 100644 --- a/playbooks/hosts/modernpaste.fedorainfracloud.org.yml +++ b/playbooks/hosts/modernpaste.fedorainfracloud.org.yml @@ -24,6 +24,7 @@ - sudo - hosts - apache + - mod_wsgi - base pre_tasks: @@ -33,4 +34,3 @@ - include: "{{ tasks }}/cloud_setup_basic.yml" - name: set hostname (required by some services, at least postfix need it) hostname: name="{{inventory_hostname}}" - - include: "{{ tasks }}/mod_wsgi.yml" diff --git a/roles/mod_wsgi/files/wsgi.conf b/roles/mod_wsgi/files/wsgi.conf new file mode 100644 index 0000000..6c32a15 --- /dev/null +++ b/roles/mod_wsgi/files/wsgi.conf @@ -0,0 +1,14 @@ +LoadModule wsgi_module modules/mod_wsgi.so + +# Some apps, notably anything that uses hg, need these off +WSGIRestrictStdin Off +WSGIRestrictStdout Off + +# Put the socket somewhere writable +WSGISocketPrefix run/wsgi + +# Do not Optimize without stripping docstrings +WSGIPythonOptimize 0 + +# Set WSGIApplicationGroup to global +WSGIApplicationGroup %{GLOBAL} diff --git a/roles/mod_wsgi/handlers/main.yml b/roles/mod_wsgi/handlers/main.yml new file mode 100644 index 0000000..f599732 --- /dev/null +++ b/roles/mod_wsgi/handlers/main.yml @@ -0,0 +1,2 @@ +- name: restart apache + command: /usr/local/bin/conditional-restart.sh httpd httpd diff --git a/roles/mod_wsgi/tasks/mod_wsgi.yml b/roles/mod_wsgi/tasks/mod_wsgi.yml new file mode 100644 index 0000000..06c8aa5 --- /dev/null +++ b/roles/mod_wsgi/tasks/mod_wsgi.yml @@ -0,0 +1,22 @@ +--- +# install mod_wsgi +- name: install mod_wsgi + yum: name=mod_wsgi state=present + tags: + - packages + when: ansible_distribution_major_version|int < 22 + +- name: install mod_wsgi + dnf: name=mod_wsgi state=present + tags: + - packages + when: ansible_distribution_major_version|int > 21 + +- name: wsgi.conf + copy: src="wsgi.conf" dest=/etc/httpd/conf.d/wsgi.conf + notify: + - restart apache + tags: + - config + + diff --git a/tasks/mod_wsgi.yml b/tasks/mod_wsgi.yml deleted file mode 100644 index c4d9deb..0000000 --- a/tasks/mod_wsgi.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# install mod_wsgi -- name: install mod_wsgi - yum: name=mod_wsgi state=present - tags: - - packages - when: ansible_distribution_major_version|int < 22 - -- name: install mod_wsgi - dnf: name=mod_wsgi state=present - tags: - - packages - when: ansible_distribution_major_version|int > 21 - -- name: wsgi.conf - copy: src="{{ files }}/mod_wsgi/wsgi.conf" dest=/etc/httpd/conf.d/wsgi.conf - notify: - - restart apache - tags: - - config - - -- 1.8.3.1

7 years, 8 months

2
4
0 / 0

[PATCH 1/3] Whitespace cleanup, make ansible-lint happy

by Michael Scherer

--- roles/dnf-automatic/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/dnf-automatic/tasks/main.yml b/roles/dnf-automatic/tasks/main.yml index 80b8046..2a41f19 100644 --- a/roles/dnf-automatic/tasks/main.yml +++ b/roles/dnf-automatic/tasks/main.yml @@ -1,9 +1,9 @@ --- # -# This role adds dnf automatic package and configuration. -# We want this on any public facing Fedora installs so we -# can pick up security updates. +# This role adds dnf automatic package and configuration. +# We want this on any public facing Fedora installs so we +# can pick up security updates. # - name: install dnf-automatic -- 1.8.3.1

7 years, 8 months

2
3
0 / 0

[PATCH] Simplify the task to install cronjob

by Michael Scherer

Giving directly the file to deploy and doing magic with the variable permit to have a clearer idea of what is deployed when reading the task for the first time --- roles/mdapi/tasks/main.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/roles/mdapi/tasks/main.yml b/roles/mdapi/tasks/main.yml index d884654..ac4dacd 100644 --- a/roles/mdapi/tasks/main.yml +++ b/roles/mdapi/tasks/main.yml @@ -19,11 +19,12 @@ - name: Install the meta-data fetch cron job when: inventory_hostname.startswith(('mdapi01')) - template: src={{ item.file }} - dest={{ item.location }}/{{ item.file }} + template: + src: "{{ item | basename }}" + dest: "{{ item }}" with_items: - - { file: 'mdapi.cron', location: /etc/cron.d } - - { file: 'mdapi.cfg', location: /etc/mdapi } + - /etc/cron.d/mdapi.cron + - /etc/mdapi/mdapi.cfg tags: - mdapi - config -- 1.8.3.1

7 years, 8 months

1
0
0 / 0

[PATCH 1/3] Whitespace cleanup, make ansible-lint happy

by Michael Scherer

--- roles/dnf-automatic/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/dnf-automatic/tasks/main.yml b/roles/dnf-automatic/tasks/main.yml index 80b8046..2a41f19 100644 --- a/roles/dnf-automatic/tasks/main.yml +++ b/roles/dnf-automatic/tasks/main.yml @@ -1,9 +1,9 @@ --- # -# This role adds dnf automatic package and configuration. -# We want this on any public facing Fedora installs so we -# can pick up security updates. +# This role adds dnf automatic package and configuration. +# We want this on any public facing Fedora installs so we +# can pick up security updates. # - name: install dnf-automatic -- 1.8.3.1

7 years, 8 months

1
2
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

infrastructure August 2016