PR#250: Miscellaneous - mainly mbs-scheduler.service - fm-orchestrator

fm-orchestrator

#250 Miscellaneous - mainly mbs-scheduler.service

Closed 7 years ago by mprahl. Opened 7 years ago by frostyx.

frostyx/fm-orchestrator misc-1 into master

Install client_secrets.json to /etc

Jakub Kadlčík • 7 years ago

4df3302

Move OIDC_CLIENT_SECRETS to base configuration

Jakub Kadlčík • 7 years ago

31ea6d0

Install service files

Jakub Kadlčík • 7 years ago

a03ad8c

Create mbs-frontend.service

Jakub Kadlčík • 7 years ago

945a08c

conf/config.py

file modified

+1 -2

		`@@ -57,6 +57,7 @@`

		`FAS_URL = 'https://admin.stg.fedoraproject.org/accounts'`
		`REQUIRE_PACKAGER = True`
		`+ OIDC_CLIENT_SECRETS = "client_secrets.json"`

		`# Available backends are: console, file, journal.`
		`LOG_BACKEND = 'journal'`
		`@@ -115,8 +116,6 @@`
		`KOJI_ARCHES = ['x86_64']`
		`KOJI_REPOSITORY_URL = 'http://kojipkgs.stg.fedoraproject.org/repos'`

		`- OIDC_CLIENT_SECRETS = "client_secrets.json"`
		`-`

		`class TestConfiguration(BaseConfiguration):`
		`LOG_BACKEND = 'console'`

conf/mbs-frontend.service

file added

+14

		`@@ -0,0 +1,14 @@`
		`+ [Unit]`
		`+ Description=Frontend for the Module Build Service`
		`+ After=network.target`
		`+ Documentation=https://pagure.io/fm-orchestrator`
		`+`
		`+ [Service]`
		`+ ExecStart=/usr/bin/mbs-frontend`
		`+ Type=simple`
		`+ User=root`
		`+ Group=root`
		`+ Restart=on-failure`
		`+`
		`+ [Install]`
		`+ WantedBy=multi-user.target`

module-build-service.spec

file modified

+5 -2

		`@@ -67,8 +67,8 @@`

		`%install`
		`%py2_install`
		`- %{__install} -pm644 conf/mbs-scheduler.service \`
		`- %{buildroot}%{_unitdir}/mbs-scheduler.service`
		`+ mkdir -p %{buildroot}%{_unitdir}`
		`+ %{__install} -pm644 conf/*.service %{buildroot}%{_unitdir}/`


		`%files`
		`@@ -76,11 +76,14 @@`
		`%license LICENSE`
		`%{python2_sitelib}/module_build_service*`
		`%{_bindir}/mbs-*`
		`+ %{_unitdir}/mbs-scheduler.service`
		`+ %{_unitdir}/mbs-frontend.service`
		`%dir %{_sysconfdir}/module-build-service`
		`%config %{_sysconfdir}/module-build-service/cacert.pem`
		`%config %{_sysconfdir}/module-build-service/config.py`
		`%config %{_sysconfdir}/module-build-service/koji.conf`
		`%config %{_sysconfdir}/module-build-service/copr.conf`
		`+ %config %{_sysconfdir}/module-build-service/client_secrets.json`
		`%config %{_sysconfdir}/module-build-service/fedmsg.d/logging.py`
		`%config %{_sysconfdir}/module-build-service/fedmsg.d/module_build_service.py`
		`%exclude %{_sysconfdir}/module-build-service/*.py[co]`

setup.py

file modified

+2 -1

		`@@ -32,7 +32,8 @@`
		`data_files=[('/etc/module-build-service/', ['conf/cacert.pem',`
		`'conf/config.py',`
		`'conf/copr.conf',`
		`- 'conf/koji.conf']),`
		`+ 'conf/koji.conf',`
		`+ 'client_secrets.json']),`
		`('/etc/module-build-service/fedmsg.d/', ['fedmsg.d/logging.py',`
		`'fedmsg.d/module_build_service.py']),`
		`],`

frostyx commented 7 years ago

I am currently working on ansible playbook for MBS and these are things that I encountered so far. Can you review, please?

jkaluza commented 7 years ago

I'm not sure if we should install our current client-secrets.json. It exists in the fm-orchestrator root directory just for development purposes. Generally people should not use our mbs-authorizer OIDC token in their deployment and I'm afraid they would do so if that file is present there by default.

Other changes look correct to me.

mprahl commented 7 years ago

We don't want admins running MBS' frontend that way (i.e. mbs-frontend or python manage.py runssl), as that is using a development server. Please use mod_wsgi with Apache instead or uwsgi with nginx.

mprahl commented 7 years ago

@frostyx, I will close this PR, but feel free to reopen it when you have time to rework it. Just as a heads up, the scheduler is no longer run by a Python script, but is instead run by fedmsg-hub.

See this PR for more information:
https://pagure.io/fm-orchestrator/pull-request/263