Hello, I have finished the first version of the dist-git(-min) package.
If it was possible, I'd like to test it in the staging environment.
Differences from what I have locally are:
- nfs mounts on /srv/cache/lookaside
- fedmsg emitting
- integration with pagure (?)
- /repo/pkgs/upload.cgi under ssl
Attached is a patch to ansible that employs the package. It still a bit a
proof of concept.
Currently the code is hosted on GitHub (https://github.com/clime/dist-git)
but I plan to move to Pagure soon.
Thanks
clime
On Thu, Oct 13, 2016 at 2:35 PM, Pierre-Yves Chibon <pin...@pingoured.fr>
wrote:
> On Thu, Oct 13, 2016 at 02:04:04PM +0200, Michal Novotny wrote:
> > Hey,
> >
> > I'd like to propose employment of an upstream dist-git package for
> > deploying pkgs machines. This is the package I have in mind:
> > https://github.com/release-engineering/dist-git. This package
> contains
> > scripts and selinux policy for dist-git files.
>
> I am not sure we're using this, I believe all our work is in the ansible
> repo,
> afaik there is no dist-git repo/rpm.
>
> > I will collect all the other use-cases and ideally write a suite of
> > regression tests based on that. I know pkgs.fedoraproject.org is
> somehow
> > related to pagure but I need to additionally investigate this.
>
> We're hoping to use pagure as a front-end for the git repos in dist-git at
> one
> point, there are still a few issues to level first though.
>
>
> Pierre
> _______________________________________________
> infrastructure mailing list -- infrastructure@lists.fedoraproject.org
> To unsubscribe send an email to infrastructure-leave@lists.
> fedoraproject.org
>
From 4894b98e56ef70cd2d23038e4b2826d5f5bdb104 Mon Sep 17 00:00:00 2001
From: clime <cl...@redhat.com>
Date: Mon, 31 Oct 2016 15:25:14 +0100
Subject: [PATCH] employ dist-git-min
---
roles/distgit/tasks/main.yml | 216 +++++--------------------------------------
1 file changed, 25 insertions(+), 191 deletions(-)
diff --git a/roles/distgit/tasks/main.yml b/roles/distgit/tasks/main.yml
index b72f8a7..a264c8a 100644
--- a/roles/distgit/tasks/main.yml
+++ b/roles/distgit/tasks/main.yml
@@ -4,6 +4,10 @@
# This is a bit complex, so I'm dividing it into sections.
# -- Common ----------------------------------------------
+
+- name: install the dist-git package
+ shell: "dnf -y install /tmp/tito/noarch/dist-git-*0.13-1.git.1.4fefd7f.fc24.noarch.rpm"
+
# This is very basic stuff that is needed by multiple of the next sections.
- name: install the needed packages
yum: pkg={{item}} state=present
@@ -17,20 +21,6 @@
tags:
- distgit
-- name: install the httpd config file
- copy: src=pkgs.fedoraproject.org.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org.conf
- notify:
- - reload httpd
- tags:
- - distgit
-
-- name: install the httpd config directory
- file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org state=directory
- notify:
- - reload httpd
- tags:
- - distgit
-
- name: install the mod_ssl configuration
copy: src=ssl.conf dest=/etc/httpd/conf.d/ssl.conf
notify:
@@ -38,17 +28,6 @@
tags:
- distgit
-- name: install the keytab
- copy: src="{{ private }}/files/keytabs/{{env}}/pkgs"
- dest=/etc/httpd.keytab
- owner=apache
- group=apache
- mode=0600
- notify:
- - reload httpd
- tags:
- - distgit
-
- name: allow httpd to access the files on NFS
seboolean: name=httpd_use_nfs state=yes persistent=yes
tags:
@@ -65,11 +44,6 @@
- distgit
# -- Dist Git --------------------------------------------
-# This is the Git setup itself: group, root directory, scripts,...
-- name: create the distgit root directory (/srv/git)
- file: dest=/srv/git state=directory mode=0755
- tags:
- - distgit
- name: check the selinux context of the distgit root directory
command: matchpathcon /srv/git
@@ -89,13 +63,8 @@
- distgit
- selinux
-- name: create the distgit root directory (/srv/git/repositories)
- file: dest=/srv/git/repositories state=directory mode=2775 group=packager
- tags:
- - distgit
-
# These should all map to pkgdb namespaces
-- name: create our namespace directories inside there..
+- name: create our namespace directories inside dist-git root directory
file: dest=/srv/git/repositories/{{item}} state=directory mode=2775 group=packager
with_items:
- rpms
@@ -107,39 +76,31 @@
tags:
- distgit
-- name: install the distgit scripts
+- name: install pkgdb2 integration script
copy: src={{item}} dest=/usr/local/bin/{{item}} owner=root group=root mode=0755
with_items:
- - setup_git_package
- - mkbranch
- - mkbranch_branching
- pkgdb2-clone
tags:
- config
- distgit
-- name: install the Dist Git-related httpd config
- copy: src=git-smart-http.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/git-smart-http.conf
- notify:
- - reload httpd
+- name: install pkgdb2 integration script
+ template: src={{item}} dest=/usr/local/bin/{{item}} owner=root group=root mode=0755
+ with_items:
+ - pkgdb_sync_git_branches.py
+ - genacls.sh
+ - genacls.pkgdb
tags:
+ - config
- distgit
-- name: Symlink pkgs-git-repos-list
- copy: src=repolist.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/repolist.conf
+- name: Copy pkgs-git-repos-list
+ copy: src=repolist.conf dest=/etc/httpd/conf.d/dist-git/repolist.conf
notify:
- reload httpd
tags:
- distgit
-- name: install the pkgdb_sync_git_branches.py scripts
- template: src={{item}} dest=/usr/local/bin/{{item}} owner=root group=root mode=0755
- with_items:
- - pkgdb_sync_git_branches.py
- tags:
- - config
- - distgit
-
- name: schedule the update hook check
cron: >
name="check-update-hooks" cron_file="ansible-check-update-hooks"
@@ -149,43 +110,18 @@
tags:
- distgit
-# -- Gitolite --------------------------------------------
-# This is the permission management for package maintainers, using Gitolite.
-- name: create the /var/log/gitolite directory
- file: path=/var/log/gitolite owner=root group=packager state=directory mode=2775
- tags:
- - distgit
-
-- name: create the gen-acls group
- group: name=gen-acls gid=417 state=present
- tags:
- - distgit
-
-- name: create the gen-acls user
- user: >
- name=gen-acls
- comment="dummy system account for the gen-acls fedmsg job"
- uid=417
- group=gen-acls
- shell=/bin/bash
- home=/srv/git
- tags:
- - distgit
-
-- name: create the /etc/gitolite/conf directory
- file: path=/etc/gitolite/conf owner=gen-acls group=gen-acls state=directory mode=0755
+- name: Add the genacl daily cron job
+ copy: src=genacls.cron dest=/etc/cron.d/genacls.cron
+ owner=root mode=644
tags:
+ - config
- distgit
-- name: create the /etc/gitolite/logs directory
- file: path=/etc/gitolite/logs owner=gen-acls group=packager
- state=directory mode=0775
- tags:
- - distgit
-- name: create the /etc/gitolite/local/VREF directory
- file: path=/etc/gitolite/local/VREF owner=gen-acls group=packager
- state=directory mode=0775
+# -- Gitolite --------------------------------------------
+# This is the permission management for package maintainers, using Gitolite.
+- name: create the /var/log/gitolite directory
+ file: path=/var/log/gitolite owner=root group=packager state=directory mode=2775
tags:
- distgit
@@ -194,27 +130,6 @@
tags:
- distgit
-- name: Create the rpms symlink (should not be needed, might still be used by some old scripts)
- command: ln -s /srv/git/repositories / /srv/git/rpms
- creates=/srv/git/rpms
- tags:
- - config
- - distgit
-
-- name: Create the gitolite.rc symlink
- command: ln -s /etc/gitolite/gitolite.rc /srv/git/.gitolite.rc
- creates=/srv/git/.gitolite.rc
- tags:
- - config
- - distgit
-
-- name: Create the gitolite configuration symlink
- command: ln -s /etc/gitolite/ /srv/git/.gitolite
- creates=/srv/git/.gitolite
- tags:
- - config
- - distgit
-
- name: Copy in RepoAliases.header
copy: src=RepoAliases.header dest=/etc/gitolite/RepoAliases.header owner=root group=root mode=0755
@@ -225,41 +140,6 @@
- config
- distgit
-- name: install the genacls.sh script
- template: src={{item}} dest=/usr/local/bin/{{item}} mode=0755
- with_items:
- - genacls.sh
- tags:
- - config
- - distgit
-
-- name: install the genacls.pkgdb scripts
- template: src={{item}} dest=/usr/local/bin/{{item}}
- owner=root group=root mode=0755
- with_items:
- - genacls.pkgdb
- #when: env != "staging"
- tags:
- - config
- - distgit
-
-#- name: install the genacls.pkgdb scripts
-# template: src={{item}} dest=/usr/local/bin/genacls.pkgdb
-# owner=root group=root mode=0755
-# with_items:
-# - genacls.pkgdb.stg
-# when: env == "staging"
-# tags:
-# - config
-# - distgit
-
-- name: Add the genacl daily cron job
- copy: src=genacls.cron dest=/etc/cron.d/genacls.cron
- owner=root mode=644
- tags:
- - config
- - distgit
-
- name: install the fedmsg configuration
copy: src=fedmsg-genacls-config.py dest=/etc/fedmsg.d/genacls.py owner=root group=root mode=0644
tags:
@@ -284,18 +164,6 @@
- config
- distgit
-- name: Fix permissions on the Gitolite stuff
- file: dest={{ item.name }} group=packager mode={{ item.mode }} state={{ item.state }}
- with_items:
- - {name: /etc/gitolite/hooks, mode: 770, state: directory}
- - {name: /etc/gitolite/hooks/common, mode: 770, state: directory}
-
-- name: Fix permissions on the Gitolite stuff (touch update if it does not exist)
- copy: content="" dest=/etc/gitolite/hooks/common/update force=no owner=root group=packager mode=0755
- tags:
- - distgit
- - config
-
# -- CGit ------------------------------------------------
# This is the pretty web view of the repositories, using CGit.
- name: install the prod cgitrc file
@@ -311,7 +179,7 @@
- reload httpd
- name: install the CGit-related httpd redirect config
- copy: src=redirect.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/redirect.conf
+ copy: src=redirect.conf dest=/etc/httpd/conf.d/dist-git/redirect.conf
tags: distgit
notify:
- reload httpd
@@ -326,7 +194,7 @@
# -- Lookaside Cache -------------------------------------
# This is the annex to Dist Git, where we host source tarballs.
- name: install the Lookaside Cache httpd configs
- template: src={{item}} dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/{{item}}
+ template: src={{item}} dest=/etc/httpd/conf.d/dist-git/{{item}}
with_items:
- lookaside.conf
- lookaside-upload.conf
@@ -335,12 +203,6 @@
tags:
- distgit
-- name: create the Lookaside Cache root directory
- file: dest=/srv/cache/lookaside/pkgs state=directory
- owner=apache group=apache
- tags:
- - distgit
-
- name: set the selinux boolean nis_enabled
seboolean: name=nis_enabled persistent=yes state=yes
tags:
@@ -423,34 +285,6 @@
tags:
- distgit
-- name: create /srv/web directory
- file: dest=/srv/web state=directory
-
-- name: install the upload CGI script
- copy: src=dist-git-upload.cgi dest=/srv/web/upload.cgi owner=root group=root mode=0755
- notify:
- - reload httpd
- tags:
- - distgit
-
-- name: check the selinux context of the upload CGI script
- command: matchpathcon /srv/web/upload.cgi
- register: upcgicontext
- always_run: yes
- changed_when: false
- tags:
- - config
- - lookaside
- - selinux
-
-- name: set the SELinux policy for the upload CGI script
- command: semanage fcontext -a -t git_script_exec_t "/srv/web/upload.cgi"
- when: upcgicontext.stdout.find('git_script_exec_t') == -1
- tags:
- - config
- - lookaside
- - selinux
-
# Three tasks for handling our selinux policy for upload.cgi
- name: ensure a directory exists for our SELinux policy
file: dest=/usr/local/share/selinux/ state=directory
--
2.7.4
_______________________________________________
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
