PR#49: mirror_pagure_ansible: Add a role for this service - fedora-infra/ansible

fedora-infra / ansible

#49 mirror_pagure_ansible: Add a role for this service

Merged 3 years ago by pingou. Opened 3 years ago by pingou.

fedora-infra/ pingou/ansible mirror_from_pagure into master

mirror_pagure_ansible: Add a role for this service

Pierre-Yves Chibon • 3 years ago

93cf23a

playbooks/groups/batcave.yml

file modified

+10

		`@@ -30,6 +30,16 @@`
		`certname: "{{wildcard_cert_name}}"`
		`SSLCertificateChainFile: "{{wildcard_int_file}}"`
		`- openvpn/client`
		`+ - role: rabbit/user`
		`+ username: "mirror_pagure_ansible{{ env_suffix }}"`
		`+ - role: rabbit/queue`
		`+ username: "mirror_pagure_ansible{{ env_suffix }}"`
		`+ queue_name: "mirror_pagure_ansible{{ env_suffix }}"`
		`+ routing_keys:`
		`+ - "io.pagure.*.pagure.git.receive"`
		`+ thresholds:`
		`+ warning: 10`
		`+ critical: 100`
		`- batcave`
		`- { role: nfs/client, when: inventory_hostname.startswith('batcave'), mnt_dir: '/srv/web/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' }`
		`- { role: nfs/client, when: inventory_hostname.startswith('batcave01'), mnt_dir: '/mnt/fedora/app', nfs_src_dir: 'fedora_app/app' }`

roles/mirror_pagure_ansible/tasks/main.yml

file added

+115

		`@@ -0,0 +1,115 @@`
		`+ - name: Install packages`
		`+ package: state=present name={{ item }}`
		`+ with_items:`
		`+ - fedora-messaging`
		`+ - git`
		`+ tags:`
		`+ - packages`
		`+ - mirror_pagure_ansible`
		`+`
		`+`
		`+ # Create the user the service will run under`
		`+`
		`+ - name: Setup pagure user`
		`+ user:`
		`+ name: mirror_pagure_ansible`
		`+ shell: /sbin/nologin`
		`+ comment: "mirror_pagure_ansible User"`
		`+ tags:`
		`+ - mirror_pagure_ansible`
		`+ - mirror_pagure_ansible/user`
		`+`
		`+ # configure all the fedora-messaging files`
		`+`
		`+ - name: Create /etc/pki/fedora-messaging`
		`+ file:`
		`+ dest: /etc/pki/fedora-messaging`
		`+ mode: 0775`
		`+ owner: root`
		`+ group: root`
		`+ state: directory`
		`+ tags:`
		`+ - config`
		`+ - mirror_pagure_ansible`
		`+`
		`+ - name: deploy pagure/rabbitmq certificate`
		`+ copy: src={{ item.src }}`
		`+ dest=/etc/pki/fedora-messaging/{{ item.dest }}`
		`+ owner={{ item.owner }} group={{ item.group}} mode={{ item.mode }}`
		`+ with_items:`
		`+ - src: "{{private}}/files/rabbitmq/production/pki/issued/mirror_pagure_ansible{{env_suffix}}.crt"`
		`+ dest: mirror_pagure_ansible.crt`
		`+ owner: mirror_pagure_ansible`
		`+ group: mirror_pagure_ansible`
		`+ mode: "0644"`
		`+ - src: "{{private}}/files/rabbitmq/production/pki/private/mirror_pagure_ansible{{env_suffix}}.key"`
		`+ dest: mirror_pagure_ansible.key`
		`+ owner: mirror_pagure_ansible`
		`+ group: mirror_pagure_ansible`
		`+ mode: "0600"`
		`+ - src: "{{private}}/files/rabbitmq/production/pki/ca.crt"`
		`+ dest: cacert.pem`
		`+ owner: mirror_pagure_ansible`
		`+ group: mirror_pagure_ansible`
		`+ mode: "0644"`
		`+ tags:`
		`+ - pagure`
		`+ - fedora-messaging`
		`+`
		`+ - name: Setup mirror_pagure_ansible fedora-messaging config`
		`+ template:`
		`+ src: mirror_pagure_ansible.cfg`
		`+ dest: /etc/fedora-messaging/mirror_pagure_ansible.toml`
		`+ owner: mirror_pagure_ansible`
		`+ group: mirror_pagure_ansible`
		`+ mode: 0640`
		`+ tags:`
		`+ - config`
		`+ - mirror_pagure_ansible`
		`+`
		`+ # Install the script`
		`+`
		`+ - name: Create /usr/local/libexec/mirror_pagure_ansible`
		`+ file:`
		`+ dest: /usr/local/libexec/mirror_pagure_ansible`
		`+ mode: 0775`
		`+ owner: root`
		`+ group: root`
		`+ state: directory`
		`+ tags:`
		`+ - config`
		`+ - mirror_pagure_ansible`
		`+`
		`+ - name: Install the consumer`
		`+ template:`
		`+ src: mirror_from_pagure_bus.py`
		`+ dest: /usr/local/libexec/mirror_pagure_ansible/mirror_from_pagure_bus.py`
		`+ tags:`
		`+ - packages`
		`+ - mirror_pagure_ansible`
		`+`
		`+`
		`+ # Install and start the service`
		`+`
		`+ - name: Install the dedicated service file for mirror_pagure_ansible`
		`+ template:`
		`+ src: mirror_pagure_ansible.service`
		`+ dest: /etc/systemd/system/mirror_pagure_ansible.service`
		`+ owner: root`
		`+ group: root`
		`+ mode: 0755`
		`+ notify:`
		`+ - reload systemd`
		`+ tags:`
		`+ - config`
		`+ - mirror_pagure_ansible`
		`+`
		`+ - name: Enable and started the service`
		`+ service:`
		`+ name: mirror_pagure_ansible.service`
		`+ enabled: yes`
		`+ state: started`
		`+ tags:`
		`+ - config`
		`+ - mirror_pagure_ansible`
		`+`

roles/mirror_pagure_ansible/templates/mirror_from_pagure_bus.py

file added

+115

		`@@ -0,0 +1,115 @@`
		`+ """`
		`+ This script runs in a loop and clone or update the clone of the ansible repo`
		`+ hosted in pagure.io`
		`+ """`
		`+ from __future__ import print_function`
		`+`
		`+ import datetime`
		`+ import logging`
		`+ import os`
		`+ import sched`
		`+ import subprocess`
		`+ import sys`
		`+ import time`
		`+`
		`+ from fedora_messaging import api, config`
		`+`
		`+`
		`+ _log = logging.getLogger(__name__)`
		`+`
		`+`
		`+`
		`+ def run_command(command, cwd=None):`
		`+ """ Run the specified command in a specific working directory if one`
		`+ is specified.`
		`+`
		`+ :arg command: the command to run`
		`+ :type command: list`
		`+ :kwarg cwd: the working directory in which to run this command`
		`+ :type cwd: str or None`
		`+ """`
		`+ output = None`
		`+ try:`
		`+ output = subprocess.check_output(command, cwd=cwd, stderr=subprocess.PIPE)`
		`+ except subprocess.CalledProcessError as e:`
		+ _log.error("Command `%s` return code: `%s`", " ".join(command), e.returncode)
		`+ _log.error("stdout:\n-------\n%s", e.stdout)`
		`+ _log.error("stderr:\n-------\n%s", e.stderr)`
		`+ raise`
		`+`
		`+ return output`
		`+`
		`+`
		`+ class MirrorFromPagure(object):`
		`+ """`
		`+ A fedora-messaging consumer update a local mirror of a repo hosted on`
		`+ pagure.io.`
		`+`
		`+ Three configuration key is used from fedora-messaging's`
		`+ "consumer_config" key:`
		`+ - "mirror_folder", which indicates where mirrors should be store`
		`+ - "urls", which is a list of mirrors to keep up to date`
		`+ - "triggers_name", the fullname of the project (ie: name or namespace/name)`
		`+ that we want to trigger a refresh of our clone on`
		`+`
		`+ ::`
		`+`
		`+ [consumer_config]`
		`+ mirror_folder = "mirrors"`
		`+ trigger_names = ["Fedora-Infra/ansible"]`
		`+ urls = ["https://pagure.io/Fedora-Infra/ansible.git"]`
		`+ """`
		`+`
		`+ def __init__(self):`
		`+ """Perform some one-time initialization for the consumer."""`
		`+ self.path = config.conf["consumer_config"]["mirror_folder"]`
		`+ self.urls = config.conf["consumer_config"]["urls"]`
		`+ self.trigger_names = config.conf["consumer_config"]["trigger_names"]`
		`+`
		`+ if not os.path.exists(self.path):`
		`+ raise OSError("No folder %s found on disk" % self.path)`
		`+`
		`+ def __call__(self, message, cnt=0):`
		`+ """`
		`+ Invoked when a message is received by the consumer.`
		`+`
		`+ Args:`
		`+ message (fedora_messaging.api.Message): The message from AMQP.`
		`+ """`
		`+ _log.info("Received topic: %s", message.topic)`
		`+ if message.topic == "io.pagure.prod.pagure.git.receive":`
		`+ repo_name = message.body.get("repo", {}).get("fullname")`
		`+ if repo_name not in self.trigger_names:`
		`+ _log.info("Not the pagure repo of interest, bailing")`
		`+ return`
		`+ elif message.topic == "org.fedoraproject.prod.infragit.receive":`
		`+ pass`
		`+ else:`
		`+ _log.info("Unexpected topic received: %s", message.topic)`
		`+ return`
		`+`
		`+ try:`
		`+ for url in self.urls:`
		`+ _log.info("Syncing %s", url)`
		`+ name = url.rsplit("/", 1)[-1]`
		`+`
		`+ dest_folder = os.path.join(self.path, name)`
		`+ if not os.path.exists(dest_folder):`
		`+ _log.info(" Cloning as new %s", url)`
		`+ cmd = ["git", "clone", "--mirror", url]`
		`+ run_command(cmd, cwd=self.path)`
		`+`
		`+ _log.info(`
		`+ " Running git fetch with transfer.fsckObjects=1 in %s",`
		`+ dest_folder`
		`+ )`
		`+ cmd = ["git", "-c", "transfer.fsckObjects=1", "fetch"]`
		`+ run_command(cmd, cwd=dest_folder)`
		`+`
		`+ except Exception:`
		`+ _log.exception("Something happened while calling git")`
		`+ if cnt >= 3:`
		`+ raise`
		`+ _log.info(" Re-running in 10 seconds")`
		`+ time.sleep(10)`
		`+ self.__call__(message, cnt=cnt+1)`

roles/mirror_pagure_ansible/templates/mirror_pagure_ansible.cfg

file added

+84

		`@@ -0,0 +1,84 @@`
		`+ amqp_url = "amqps://mirror_pagure_ansible{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub"`
		`+`
		`+ publish_exchange = "amq.topic"`
		`+ passive_declares = true`
		`+`
		`+ callback = "mirror_from_pagure_bus:MirrorFromPagure"`
		`+`
		`+ # Don't use topic_prefix, since outgoing message topics are derived from incoming messages.`
		`+ # topic_prefix = ""`
		`+`
		`+ # Note the double brackets below.`
		`+ # To add another binding, add another [[bindings]] section.`
		`+ [[bindings]]`
		`+ queue = "mirror_pagure_ansible{{ env_suffix }}"`
		`+ exchange = "amq.topic"`
		`+ routing_keys = [`
		`+ "io.pagure.*.pagure.git.receive",`
		`+ ]`
		`+`
		`+ [tls]`
		`+ ca_cert = "/etc/pki/fedora-messaging/cacert.pem"`
		`+ keyfile = "/etc/pki/fedora-messaging/mirror_pagure_ansible-key.pem"`
		`+ certfile = "/etc/pki/fedora-messaging/mirror_pagure_ansible-cert.pem"`
		`+`
		`+ [client_properties]`
		`+ app = "RoboSignatory"`
		`+ app_url = "https://pagure.io/Fedora-Infra/mirror_from_pagure"`
		`+ app_contacts_email = ["pingou@fedoraproject.org"]`
		`+`
		`+ [queues."mirror_pagure_ansible{{ env_suffix }}"]`
		`+ durable = true`
		`+ auto_delete = false`
		`+ exclusive = false`
		`+ arguments = {}`
		`+`
		`+ [consumer_config]`
		`+ mirror_folder = "/srv/"`
		`+ trigger_names = ["fedora-infrastructure"]`
		`+ urls = [`
		`+ "https://pagure.io/fedora-infrastructure.git",`
		`+ ]`
		`+`
		`+ [qos]`
		`+ prefetch_size = 0`
		`+ prefetch_count = 25`
		`+`
		`+ [log_config]`
		`+ version = 1`
		`+ disable_existing_loggers = true`
		`+`
		`+ [log_config.formatters.simple]`
		`+ format = "[%(levelname)s %(name)s] %(message)s"`
		`+`
		`+ [log_config.handlers.console]`
		`+ class = "logging.StreamHandler"`
		`+ formatter = "simple"`
		`+ stream = "ext://sys.stdout"`
		`+`
		`+ [log_config.loggers.fedora_messaging]`
		`+ level = "INFO"`
		`+ propagate = false`
		`+ handlers = ["console"]`
		`+`
		`+ [log_config.loggers.twisted]`
		`+ level = "INFO"`
		`+ propagate = false`
		`+ handlers = ["console"]`
		`+`
		`+ [log_config.loggers.pika]`
		`+ level = "WARNING"`
		`+ propagate = false`
		`+ handlers = ["console"]`
		`+`
		`+ # If your consumer sets up a logger, you must add a configuration for it`
		`+ # here in order for the messages to show up. e.g. if it set up a logger`
		`+ # called 'example_printer', you could do:`
		`+ [log_config.loggers.mirror_from_pagure_bus]`
		`+ level = "DEBUG"`
		`+ propagate = false`
		`+ handlers = ["console"]`
		`+`
		`+ [log_config.root]`
		`+ level = "ERROR"`
		`+ handlers = ["console"]`

roles/mirror_pagure_ansible/templates/mirror_pagure_ansible.service

file added

+15

		`@@ -0,0 +1,15 @@`
		`+ [Unit]`
		`+ Description=Fedora Messaging consumer`
		`+ Documentation=http://fedora-messaging.readthedocs.io/`
		`+`
		`+ [Service]`
		`+ Type=simple`
		`+ Environment="PYTHONPATH=/usr/local/libexec/mirror_pagure_ansible"`
		`+ ExecStart=/usr/bin/fedora-messaging --conf /etc/fedora-messaging/mirror_pagure_ansible.toml consume`
		`+ Restart=on-failure`
		`+ User=mirror_pagure_ansible`
		`+ Group=mirror_pagure_ansible`
		`+`
		`+ [Install]`
		`+ WantedBy=multi-user.target`
		`+`