Re: PROPOSAL: employ a variant of upstream dist-git package into FedoraInfra

Michal Novotny <clime@xxxxxxxxxx> · Mon, 31 Oct 2016 15:49:12 +0100

Hello, I have finished the first version of the dist-git(-min) package. 

If it was possible, I'd like to test it in the staging environment. Differences from what I have locally are:
- nfs mounts on /srv/cache/lookaside
- fedmsg emitting
- integration with pagure (?)
- /repo/pkgs/upload.cgi under ssl

Attached is a patch to ansible that employs the package. It still a bit a proof of concept.

Currently the code is hosted on GitHub (https://github.com/clime/dist-git) but I plan to move to Pagure soon.

Thanks
clime

On Thu, Oct 13, 2016 at 2:35 PM, Pierre-Yves Chibon <pingou@xxxxxxxxxxxx> wrote:
On Thu, Oct 13, 2016 at 02:04:04PM +0200, Michal Novotny wrote:

>    Hey,

>

>    I'd like to propose employment of an upstream dist-git package for

>    deploying pkgs machines. This is the package I have in mind:

>    https://github.com/release-engineering/dist-git. This package contains

>    scripts and selinux policy for dist-git files.



I am not sure we're using this, I believe all our work is in the ansible repo,

afaik there is no dist-git repo/rpm.



>    I will collect all the other use-cases and ideally write a suite of

>    regression tests based on that. I know pkgs.fedoraproject.org is somehow

>    related to pagure but I need to additionally investigate this.



We're hoping to use pagure as a front-end for the git repos in dist-git at one

point, there are still a few issues to level first though.





Pierre

_______________________________________________

infrastructure mailing list -- infrastructure@lists.fedoraproject.org

To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org



From 4894b98e56ef70cd2d23038e4b2826d5f5bdb104 Mon Sep 17 00:00:00 2001
From: clime <clime@xxxxxxxxxx>
Date: Mon, 31 Oct 2016 15:25:14 +0100
Subject: [PATCH] employ dist-git-min

---
 roles/distgit/tasks/main.yml | 216 +++++--------------------------------------
 1 file changed, 25 insertions(+), 191 deletions(-)

diff --git a/roles/distgit/tasks/main.yml b/roles/distgit/tasks/main.yml
index b72f8a7..a264c8a 100644
--- a/roles/distgit/tasks/main.yml
+++ b/roles/distgit/tasks/main.yml
@@ -4,6 +4,10 @@
 # This is a bit complex, so I'm dividing it into sections.
 
 # -- Common ----------------------------------------------
+
+- name: install the dist-git package
+  shell: "dnf -y install /tmp/tito/noarch/dist-git-*0.13-1.git.1.4fefd7f.fc24.noarch.rpm"
+
 # This is very basic stuff that is needed by multiple of the next sections.
 - name: install the needed packages
   yum: pkg={{item}} state=present
@@ -17,20 +21,6 @@
   tags:
   - distgit
 
-- name: install the httpd config file
-  copy: src=pkgs.fedoraproject.org.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org.conf
-  notify:
-  - reload httpd
-  tags:
-  - distgit
-
-- name: install the httpd config directory
-  file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org state=directory
-  notify:
-  - reload httpd
-  tags:
-  - distgit
-
 - name: install the mod_ssl configuration
   copy: src=ssl.conf dest=/etc/httpd/conf.d/ssl.conf
   notify:
@@ -38,17 +28,6 @@
   tags:
   - distgit
 
-- name: install the keytab
-  copy: src="{{ private }}/files/keytabs/{{env}}/pkgs"
-        dest=/etc/httpd.keytab
-        owner=apache
-        group=apache
-        mode=0600
-  notify:
-  - reload httpd
-  tags:
-  - distgit
-
 - name: allow httpd to access the files on NFS
   seboolean: name=httpd_use_nfs state=yes persistent=yes
   tags:
@@ -65,11 +44,6 @@
   - distgit
 
 # -- Dist Git --------------------------------------------
-# This is the Git setup itself: group, root directory, scripts,...
-- name: create the distgit root directory (/srv/git)
-  file: dest=/srv/git state=directory mode=0755
-  tags:
-  - distgit
 
 - name: check the selinux context of the distgit root directory
   command: matchpathcon /srv/git
@@ -89,13 +63,8 @@
   - distgit
   - selinux
 
-- name: create the distgit root directory (/srv/git/repositories)
-  file: dest=/srv/git/repositories state=directory mode=2775 group=packager
-  tags:
-  - distgit
-
 # These should all map to pkgdb namespaces
-- name: create our namespace directories inside there..
+- name: create our namespace directories inside dist-git root directory
   file: dest=/srv/git/repositories/{{item}} state=directory mode=2775 group=packager
   with_items:
   - rpms
@@ -107,39 +76,31 @@
   tags:
   - distgit
 
-- name: install the distgit scripts
+- name: install pkgdb2 integration script
   copy: src={{item}} dest=/usr/local/bin/{{item}} owner=root group=root mode=0755
   with_items:
-    - setup_git_package
-    - mkbranch
-    - mkbranch_branching
     - pkgdb2-clone
   tags:
   - config
   - distgit
 
-- name: install the Dist Git-related httpd config
-  copy: src=git-smart-http.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/git-smart-http.conf
-  notify:
-  - reload httpd
+- name: install pkgdb2 integration script
+  template: src={{item}} dest=/usr/local/bin/{{item}} owner=root group=root mode=0755
+  with_items:
+    - pkgdb_sync_git_branches.py
+    - genacls.sh
+    - genacls.pkgdb
   tags:
+  - config
   - distgit
 
-- name: Symlink pkgs-git-repos-list
-  copy: src=repolist.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/repolist.conf
+- name: Copy pkgs-git-repos-list
+  copy: src=repolist.conf dest=/etc/httpd/conf.d/dist-git/repolist.conf
   notify:
   - reload httpd
   tags:
   - distgit
 
-- name: install the pkgdb_sync_git_branches.py scripts
-  template: src={{item}} dest=/usr/local/bin/{{item}} owner=root group=root mode=0755
-  with_items:
-    - pkgdb_sync_git_branches.py
-  tags:
-  - config
-  - distgit
-
 - name: schedule the update hook check
   cron: >
     name="check-update-hooks" cron_file="ansible-check-update-hooks"
@@ -149,43 +110,18 @@
   tags:
   - distgit
 
-# -- Gitolite --------------------------------------------
-# This is the permission management for package maintainers, using Gitolite.
-- name: create the /var/log/gitolite directory
-  file: path=/var/log/gitolite owner=root group=packager state=directory mode=2775
-  tags:
-  - distgit
-
-- name: create the gen-acls group
-  group: name=gen-acls gid=417 state=present
-  tags:
-  - distgit
-
-- name: create the gen-acls user
-  user: >
-        name=gen-acls
-        comment="dummy system account for the gen-acls fedmsg job"
-        uid=417
-        group=gen-acls
-        shell=/bin/bash
-        home=/srv/git
-  tags:
-  - distgit
-
-- name: create the /etc/gitolite/conf directory
-  file: path=/etc/gitolite/conf owner=gen-acls group=gen-acls state=directory mode=0755
+- name: Add the genacl daily cron job
+  copy: src=genacls.cron dest=/etc/cron.d/genacls.cron
+        owner=root mode=644
   tags:
+  - config
   - distgit
 
-- name: create the /etc/gitolite/logs directory
-  file: path=/etc/gitolite/logs owner=gen-acls group=packager
-        state=directory mode=0775
-  tags:
-  - distgit
 
-- name: create the /etc/gitolite/local/VREF directory
-  file: path=/etc/gitolite/local/VREF owner=gen-acls group=packager
-        state=directory mode=0775
+# -- Gitolite --------------------------------------------
+# This is the permission management for package maintainers, using Gitolite.
+- name: create the /var/log/gitolite directory
+  file: path=/var/log/gitolite owner=root group=packager state=directory mode=2775
   tags:
   - distgit
 
@@ -194,27 +130,6 @@
   tags:
   - distgit
 
-- name: Create the rpms symlink (should not be needed, might still be used by some old scripts)
-  command: ln -s /srv/git/repositories / /srv/git/rpms
-           creates=/srv/git/rpms
-  tags:
-  - config
-  - distgit
-
-- name: Create the gitolite.rc symlink
-  command: ln -s /etc/gitolite/gitolite.rc /srv/git/.gitolite.rc
-           creates=/srv/git/.gitolite.rc
-  tags:
-  - config
-  - distgit
-
-- name: Create the gitolite configuration symlink
-  command: ln -s /etc/gitolite/ /srv/git/.gitolite
-           creates=/srv/git/.gitolite
-  tags:
-  - config
-  - distgit
-
 - name: Copy in RepoAliases.header
   copy: src=RepoAliases.header dest=/etc/gitolite/RepoAliases.header owner=root group=root mode=0755
 
@@ -225,41 +140,6 @@
   - config
   - distgit
 
-- name: install the genacls.sh script
-  template: src={{item}} dest=/usr/local/bin/{{item}} mode=0755
-  with_items:
-    - genacls.sh
-  tags:
-  - config
-  - distgit
-
-- name: install the genacls.pkgdb scripts
-  template: src={{item}} dest=/usr/local/bin/{{item}}
-            owner=root group=root mode=0755
-  with_items:
-    - genacls.pkgdb
-  #when: env != "staging"
-  tags:
-  - config
-  - distgit
-
-#- name: install the genacls.pkgdb scripts
-#  template: src={{item}} dest=/usr/local/bin/genacls.pkgdb
-#            owner=root group=root mode=0755
-#  with_items:
-#    - genacls.pkgdb.stg
-#  when: env == "staging"
-#  tags:
-#  - config
-#  - distgit
-
-- name: Add the genacl daily cron job
-  copy: src=genacls.cron dest=/etc/cron.d/genacls.cron
-        owner=root mode=644
-  tags:
-  - config
-  - distgit
-
 - name: install the fedmsg configuration
   copy: src=fedmsg-genacls-config.py dest=/etc/fedmsg.d/genacls.py owner=root group=root mode=0644
   tags:
@@ -284,18 +164,6 @@
   - config
   - distgit
 
-- name: Fix permissions on the Gitolite stuff
-  file: dest={{ item.name }} group=packager mode={{ item.mode }} state={{ item.state }}
-  with_items:
-    - {name: /etc/gitolite/hooks, mode: 770, state: directory}
-    - {name: /etc/gitolite/hooks/common, mode: 770, state: directory}
-
-- name: Fix permissions on the Gitolite stuff (touch update if it does not exist)
-  copy: content="" dest=/etc/gitolite/hooks/common/update force=no owner=root group=packager mode=0755
-  tags:
-  - distgit
-  - config
-
 # -- CGit ------------------------------------------------
 # This is the pretty web view of the repositories, using CGit.
 - name: install the prod cgitrc file
@@ -311,7 +179,7 @@
   - reload httpd
 
 - name: install the CGit-related httpd redirect config
-  copy: src=redirect.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/redirect.conf
+  copy: src=redirect.conf dest=/etc/httpd/conf.d/dist-git/redirect.conf
   tags: distgit
   notify:
   - reload httpd
@@ -326,7 +194,7 @@
 # -- Lookaside Cache -------------------------------------
 # This is the annex to Dist Git, where we host source tarballs.
 - name: install the Lookaside Cache httpd configs
-  template: src={{item}} dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/{{item}}
+  template: src={{item}} dest=/etc/httpd/conf.d/dist-git/{{item}}
   with_items:
   - lookaside.conf
   - lookaside-upload.conf
@@ -335,12 +203,6 @@
   tags:
   - distgit
 
-- name: create the Lookaside Cache root directory
-  file: dest=/srv/cache/lookaside/pkgs state=directory
-        owner=apache group=apache
-  tags:
-  - distgit
-
 - name: set the selinux boolean nis_enabled
   seboolean: name=nis_enabled persistent=yes state=yes
   tags:
@@ -423,34 +285,6 @@
   tags:
   - distgit
 
-- name: create /srv/web directory
-  file: dest=/srv/web state=directory
-
-- name: install the upload CGI script
-  copy: src=dist-git-upload.cgi dest=/srv/web/upload.cgi owner=root group=root mode=0755
-  notify:
-  - reload httpd
-  tags:
-  - distgit
-
-- name: check the selinux context of the upload CGI script
-  command: matchpathcon /srv/web/upload.cgi
-  register: upcgicontext
-  always_run: yes
-  changed_when: false
-  tags:
-  - config
-  - lookaside
-  - selinux
-
-- name: set the SELinux policy for the upload CGI script
-  command: semanage fcontext -a -t git_script_exec_t "/srv/web/upload.cgi"
-  when: upcgicontext.stdout.find('git_script_exec_t') == -1
-  tags:
-  - config
-  - lookaside
-  - selinux
-
 # Three tasks for handling our selinux policy for upload.cgi
 - name: ensure a directory exists for our SELinux policy
   file: dest=/usr/local/share/selinux/ state=directory
-- 
2.7.4

_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx




