diff --git a/Dockerfile.dev-container b/Dockerfile.dev-container new file mode 100644 index 0000000000..313e52aa3a --- /dev/null +++ b/Dockerfile.dev-container @@ -0,0 +1,10 @@ +FROM fedora:latest +MAINTAINER test +RUN ["dnf", "-y", "install", "openssh-server", "openssh-clients", "iputils", "systemd", "sssd-client"] +RUN mkdir -p /root/.ssh +RUN curl -o /root/.ssh/authorized_keys https://raw.githubusercontent.com/hashicorp/vagrant/master/keys/vagrant.pub +RUN mkdir -p /home/vagrant +RUN systemctl enable sshd.service +EXPOSE 22 +EXPOSE 6543 +CMD [ "/usr/sbin/init" ] diff --git a/Vagrantfile b/Vagrantfile index f73c44b33e..74333d2825 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -62,7 +62,11 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| config.vm.provision "ansible" do |ansible| ansible.playbook = "devel/ansible/playbook.yml" ansible.extra_vars = { - fas_username: fas_username + fas_username: fas_username, + in_container: false, + use_freeipa: true, + use_httpd: true, + vagrant_user: "vagrant" } end diff --git a/Vagrantfile.container b/Vagrantfile.container new file mode 100644 index 0000000000..31a09658c3 --- /dev/null +++ b/Vagrantfile.container @@ -0,0 +1,216 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# On your host: +# git clone https://github.com/fedora-infra/bodhi.git +# cd bodhi +# export VAGRANT_VAGRANTFILE=./Vagrantfile.container +# vagrant up + +# The networking setup: all other containers are set to use the 'bodhi' container's +# namespace (it has to be 'bodhi' because vagrant needs to ssh into 'bodhi', if we +# have bodhi use another container's namespace that does not work). Other containers +# wait for bodhi to be running (via `podman container exists bodhi`) before running, +# using a trigger. bodhi waits for other containers to be up before provisioning. + +# This means if you're destroying containers, bodhi must be the last one destroyed. +# Containers are destroyed in reverse order from the command line, so this is the +# safe way to destroy all containers: +# vagrant destroy bodhi postgres waiverdb greenwave rabbitmq + +require 'etc' + +VAGRANTFILE_API_VERSION = "2" + +Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| + + # To cache update packages (which is helpful if frequently doing `vagrant destroy && vagrant up`) + # you can create a local directory and share it to the guest's DNF cache. Uncomment the line below + # to create a dnf cache directory, and a line in the Bodhi container config below to use it + # + # Dir.mkdir('.dnf-cache') unless File.exists?('.dnf-cache') + + # waiverdb database container + config.vm.define "postgres" do |postgres| + postgres.vm.host_name = "postgres.example.com" + # set up container volumes in a dedicated temp space (so we can relabel them safely) + postgres.trigger.before :up do |trigger1| + trigger1.run = {inline: "rm -rf /tmp/bodhi-dev-postgres"} + end + postgres.trigger.before :up do |trigger2| + trigger2.run = {inline: "mkdir -p /tmp/bodhi-dev-postgres"} + end + postgres.trigger.before :up do |trigger3| + trigger3.run = {inline: "curl -o /tmp/bodhi-dev-postgres/waiverdb.dump.xz https://infrastructure.fedoraproject.org/infra/db-dumps/waiverdb.dump.xz"} + end + postgres.trigger.before :up do |trigger4| + trigger4.run = {inline: "unxz --keep --force /tmp/bodhi-dev-postgres/waiverdb.dump.xz"} + end + postgres.trigger.before :up do |trigger5| + trigger5.run = {inline: "cp ./devel/docker/settings/restore_waiverdb.sh /tmp/bodhi-dev-postgres/restore_waiverdb.sh"} + end + # wait for bodhi to be up, as we're joining its namespace + postgres.trigger.before :up do |trigger6| + trigger6.run = {inline: "bash -c 'until podman container exists bodhi || (( count++ >= 600 )); do sleep 1; done'"} + end + postgres.vm.provider "docker" do |domain| + domain.image = "docker.io/library/postgres:latest" + # this allows all access, but it's kinda pointless to set a + # password since this file is checked into a public repo... + # just be aware this setup leaves an unsecured postgresql + # accessible on your dev box + domain.env = {POSTGRES_HOST_AUTH_METHOD: "trust"} + domain.create_args = ["--health-cmd=pg_isready --host=localhost --username=waiverdb --dbname=waiverdb", "--health-interval=5s", "--health-timeout=30s", "--health-retries=3", "--network=container:bodhi"] + domain.has_ssh = false + # the name wdb_pgdata is what restore_waiverdb.sh expects + domain.volumes = ["/tmp/bodhi-dev-postgres/restore_waiverdb.sh:/docker-entrypoint-initdb.d/restore_db.sh:Z", "/tmp/bodhi-dev-postgres/waiverdb.dump:/docker-entrypoint-initdb.d/wdb_pgdata:Z"] + domain.name = "postgres" + end + end + + # waiverdb service container + config.vm.define "waiverdb" do |waiverdb| + waiverdb.vm.host_name = "waiverdb.example.com" + # Forward traffic on the host to the development waiverDB on the guest + waiverdb.vm.network "forwarded_port", guest: 6544, host: 6544 + # set up container volumes in a dedicated temp space (so we can relabel them safely) + waiverdb.trigger.before :up do |trigger1| + trigger1.run = {inline: "rm -rf /tmp/bodhi-dev-waiverdb"} + end + waiverdb.trigger.before :up do |trigger2| + trigger2.run = {inline: "mkdir -p /tmp/bodhi-dev-waiverdb"} + end + waiverdb.trigger.before :up do |trigger3| + trigger3.run = {inline: "cp ./devel/docker/settings/waiverdb-settings.py /tmp/bodhi-dev-waiverdb/waiverdb-settings.py"} + end + # access postgres via localhost (we share a network namespace) + waiverdb.trigger.before :up do |trigger4| + trigger4.run = {inline: "sed -i -e 's,wdb:5432,localhost:5432,g' /tmp/bodhi-dev-waiverdb/waiverdb-settings.py"} + end + waiverdb.trigger.before :up do |trigger4| + trigger4.run = {inline: "cp ./devel/docker/settings/run_waiverdb.sh /tmp/bodhi-dev-waiverdb/run_waiverdb.sh"} + end + # wait for bodhi to be up, as we're joining its namespace + waiverdb.trigger.before :up do |trigger5| + trigger5.run = {inline: "bash -c 'until podman container exists bodhi || (( count++ >= 600 )); do sleep 1; done'"} + end + waiverdb.vm.provider "docker" do |domain| + domain.image = "quay.io/factory2/waiverdb:latest" + domain.create_args = ["-i", "--entrypoint=/usr/libexec/run_waiverdb.sh", "--network=container:bodhi"] + domain.has_ssh = false + domain.volumes = ["/tmp/bodhi-dev-waiverdb/waiverdb-settings.py:/etc/waiverdb/settings.py:Z", "/tmp/bodhi-dev-waiverdb/run_waiverdb.sh:/usr/libexec/run_waiverdb.sh:Z"] + domain.name = "waiverdb" + end + end + + # greenwave container + config.vm.define "greenwave" do |greenwave| + # Forward traffic on the host to the development greenwave on the guest + greenwave.vm.network "forwarded_port", guest: 6545, host: 6545 + # set up container volumes in a dedicated temp space (so we can relabel them safely) + greenwave.trigger.before :up do |trigger1| + trigger1.run = {inline: "rm -rf /tmp/bodhi-dev-greenwave /tmp/bodhi-dev-policies"} + end + greenwave.trigger.before :up do |trigger2| + trigger2.run = {inline: "mkdir -p /tmp/bodhi-dev-greenwave /tmp/bodhi-dev-policies"} + end + greenwave.trigger.before :up do |trigger3| + trigger3.run = {inline: "curl -o /tmp/bodhi-dev-policies/fedora_tmpl.yaml https://pagure.io/fedora-infra/ansible/raw/main/f/roles/openshift-apps/greenwave/templates/fedora.yaml"} + end + greenwave.trigger.before :up do |trigger4| + trigger4.run = {inline: "jinja2 --format=yaml -o /tmp/bodhi-dev-policies/fedora.yaml /tmp/bodhi-dev-policies/fedora_tmpl.yaml"} + end + greenwave.trigger.before :up do |trigger5| + trigger5.run = {inline: "rm -f /tmp/bodhi-dev-greenwave/fedora_tmpl.yaml"} + end + greenwave.trigger.before :up do |trigger6| + trigger6.run = {inline: "cp ./devel/docker/settings/greenwave-settings.py /tmp/bodhi-dev-greenwave/greenwave-settings.py"} + end + # access waiverdb via localhost (we share a network namespace) + greenwave.trigger.before :up do |trigger7| + trigger7.run = {inline: "sed -i -e 's,waiverdb:6544,localhost:6544,g' /tmp/bodhi-dev-greenwave/greenwave-settings.py"} + end + # wait for bodhi to be up, as we're joining its namespace + greenwave.trigger.before :up do |trigger8| + trigger8.run = {inline: "bash -c 'until podman container exists bodhi || (( count++ >= 600 )); do sleep 1; done'"} + end + greenwave.vm.provider "docker" do |domain| + domain.image = "quay.io/factory2/greenwave:latest" + # this is setting args for the container's own entrypoint, which is + # a wrapper script that runs this command inside the venv + domain.cmd = ["gunicorn", "--bind", "0.0.0.0:6545", "--access-logfile", "-", "--error-logfile", "-", "--enable-stdio-inheritance", "greenwave.wsgi:app"] + domain.create_args = ["-i", "--network=container:bodhi"] + domain.has_ssh = false + domain.volumes = ["/tmp/bodhi-dev-greenwave/greenwave-settings.py:/etc/greenwave/settings.py:Z", "/tmp/bodhi-dev-policies:/etc/greenwave/policies:Z"] + domain.name = "greenwave" + end + end + + # rabbitmq container + config.vm.define "rabbitmq" do |rabbitmq| + rabbitmq.vm.host_name = "rabbitmq.example.com" + # Forward traffic on the host to the RabbitMQ management UI on the guest. + # This allows developers to view message queues at http://localhost:15672/ + rabbitmq.vm.network "forwarded_port", guest: 15672, host: 15672 + + # wait for bodhi to be up, as we're joining its namespace + rabbitmq.trigger.before :up do |trigger1| + trigger1.run = {inline: "bash -c 'until podman container exists bodhi || (( count++ >= 600 )); do sleep 1; done'"} + end + + rabbitmq.vm.provider "docker" do |domain| + domain.image = "docker.io/library/rabbitmq:3-management" + domain.create_args = ["-i", "--network=container:bodhi"] + domain.has_ssh = false + domain.name = "rabbitmq" + end + end + + + # bodhi container + config.vm.define "bodhi", primary: true do |bodhi| + bodhi.vm.host_name = "bodhi-dev.example.com" + # we need ssh on this container so ansible provisioning can run + bodhi.ssh.insert_key = true + bodhi.ssh.username = "root" + + # bootstrap and run with ansible + bodhi.vm.provision "ansible" do |ansible| + ansible.playbook = "devel/ansible/playbook.yml" + ansible.extra_vars = { + in_container: true, + use_freeipa: false, + use_httpd: false, + vagrant_user: "root" + } + end + + # Forward traffic on the host to the development server on the guest, + # so you can access bodhi at http://localhost:6543 + bodhi.vm.network "forwarded_port", guest: 6543, host: 6543 + + # wait for other containers to be up before proceeding with provisioning + bodhi.trigger.before :provision do |trigger1| + trigger1.run = {inline: "bash -c 'until (podman container exists postgres && podman container exists waiverdb && podman container exists greenwave && podman container exists rabbitmq) || (( count++ >= 600 )); do echo Waiting for other containers...; sleep 1; done'"} + end + + bodhi.vm.provider "docker" do |domain| + # we build the container image on the fly from Dockerfile.dev-container + domain.build_dir = "." + domain.dockerfile = "Dockerfile.dev-container" + # we have to disable label separation for this container as we want to + # map this entire working directory into the container. we can't copy + # it to a temp dir as we do for the other containers as then live + # changes wouldn't work, and we don't want to relabel the checkout in + # place as that would cause other problems + # for AUDIT_WRITE, see https://bugzilla.redhat.com/show_bug.cgi?id=1923728 + # it's needed for sshd to work inside the container, on F38 host at least + domain.create_args = ["-i", "--security-opt=label=disable", "--cap-add=AUDIT_WRITE"] + domain.has_ssh = true + domain.name = "bodhi" + domain.volumes = ["./:/home/vagrant/bodhi"] + # uncomment this line to use the DNF cache directory described above + # domain.volumes = ["./:/home/vagrant/bodhi", ".dnf-cache:/var/cache/dnf"] + end + end +end diff --git a/bodhi-server/bodhi/server/__init__.py b/bodhi-server/bodhi/server/__init__.py index 5b76da8e5d..f1258996b6 100644 --- a/bodhi-server/bodhi/server/__init__.py +++ b/bodhi-server/bodhi/server/__init__.py @@ -249,6 +249,7 @@ def main(global_config, testing=None, session=None, **settings): config.add_translation_dirs('bodhi.server:locale/') # Authentication & Authorization + testing = testing or bodhi_config.get('auth.completely-insecure-testing') if testing: # use a permissive security policy while running unit tests fake_identity = munchify( diff --git a/devel/ansible/playbook.yml b/devel/ansible/playbook.yml index 15d8e33f03..a6e97c4b43 100644 --- a/devel/ansible/playbook.yml +++ b/devel/ansible/playbook.yml @@ -9,11 +9,14 @@ shell: "ping -c 5 ipsilon.tinystage.test" ignore_errors: yes register: ping_response + when: use_freeipa - name: Give reason for failure fail: msg: Provisioning bodhi requires the base tinystage setup to be running. - when: ping_response.rc != 0 + when: "use_freeipa and ping_response.rc != 0" roles: - - rabbitmq - - bodhi + - role: bodhi + - role: rabbitmq + # the container env uses a rabbitmq container + when: not in_container diff --git a/devel/ansible/roles/bodhi/tasks/freeipa.yml b/devel/ansible/roles/bodhi/tasks/freeipa.yml new file mode 100644 index 0000000000..a7aec11d28 --- /dev/null +++ b/devel/ansible/roles/bodhi/tasks/freeipa.yml @@ -0,0 +1,79 @@ +- name: Enroll system as IPA client + shell: + cmd: ipa-client-install --hostname {{ ansible_fqdn }} --domain tinystage.test --realm {{ krb_realm }} --server ipa.tinystage.test -p {{ ipa_admin_user }} -w {{ ipa_admin_password }} -U -N --force-join + creates: /etc/ipa/default.conf + +- name: pip install oidc-register + pip: + name: oidc-register + executable: pip3 + +- name: Get the content of the CA cert + slurp: + src: /etc/ipa/ca.crt + register: ca_crt + +- name: Put tinystage root CA in the list of CA's + blockinfile: + block: "{{ ca_crt.content | b64decode }}" + path: "{{ item }}" + loop: + - /etc/pki/tls/certs/ca-bundle.crt + - /usr/local/lib/python{{ python3_version.stdout }}/site-packages/httplib2/cacerts.txt + - /srv/venv/lib/python{{ python3_version.stdout }}/site-packages/certifi/cacert.pem + +- name: Register with Ipsilon + command: python3 /home/vagrant/bodhi/devel/register-with-ipsilon.py + register: _ipsilon_registration + +- name: Generate and get SSL cert + shell: + cmd: ipa-getcert request -f /etc/pki/tls/certs/server.pem -k /etc/pki/tls/private/server.key -K HTTP/{{ ansible_fqdn }} -N {{ ansible_fqdn }} + creates: /etc/pki/tls/certs/server.pem + when: "use_httpd and not in_container" + +- name: Check the cert is there + wait_for: + path: /etc/pki/tls/certs/server.pem + state: present + when: "use_httpd and not in_container" + +- name: Check the key is there + wait_for: + path: /etc/pki/tls/private/server.key + state: present + when: "use_httpd and not in_container" + +- name: Setup mod_ssl + lineinfile: + path: /etc/httpd/conf.d/ssl.conf + regexp: "^SSLCertificateFile " + line: SSLCertificateFile /etc/pki/tls/certs/server.pem + when: "use_httpd and not in_container" +- name: Setup mod_ssl + lineinfile: + path: /etc/httpd/conf.d/ssl.conf + regexp: "^SSLCertificateKeyFile " + line: SSLCertificateKeyFile /etc/pki/tls/private/server.key + when: "use_httpd and not in_container" +- name: Setup mod_ssl + lineinfile: + path: /etc/httpd/conf.d/ssl.conf + insertbefore: "" + regexp: "^RequestHeader set X-Forwarded-Proto https$" + line: RequestHeader set X-Forwarded-Proto https + when: "use_httpd and not in_container" + +- name: Copy the create users and groups script + template: + src: create-freeipa-users-grps.py + dest: /home/vagrant/create-freeipa-users-grps.py + mode: 0644 + owner: "{{ vagrant_user }}" + group: "{{ vagrant_user }}" + +- name: Add development users to tinystage + shell: python3 create-freeipa-users-grps.py > users-creation.log + args: + chdir: /home/vagrant/ + creates: users-creation.log diff --git a/devel/ansible/roles/bodhi/tasks/main.yml b/devel/ansible/roles/bodhi/tasks/main.yml index 66726a7bd5..beb5a2418a 100644 --- a/devel/ansible/roles/bodhi/tasks/main.yml +++ b/devel/ansible/roles/bodhi/tasks/main.yml @@ -5,8 +5,6 @@ - bash-completion - cmake - createrepo_c - - docker - - docker-compose - expat-devel - fedora-messaging - freetype-devel @@ -15,6 +13,7 @@ - graphviz - htop - httpie + - krb5-devel - libffi-devel - libjpeg-devel - libjpeg-turbo-devel @@ -80,39 +79,83 @@ - tree - vim-enhanced - zlib-devel - # Auth + state: present + +- name: Install the message printing systemd unit files + template: + src: "{{ item }}" + dest: /etc/systemd/system/{{ item }} + mode: 0644 + with_items: + - print-messages.service + +- name: Start and enable the message queue-related services + service: + name: "{{ item }}" + state: restarted + enabled: yes + with_items: + - fm-consumer@config + - print-messages + +- name: Install docker packages + dnf: + name: + - docker + - docker-compose + state: present + when: not in_container + +- name: Install httpd package + dnf: + name: - httpd + state: present + when: use_httpd + +# need FreeIPA as we use it to issue the cert, and can't use it in +# container deployment as we don't use hostmanager there +- name: Install mod_ssl package + dnf: + name: - mod_ssl - - ipa-client state: present + when: "use_httpd and use_freeipa and not in_container" -- name: Install krb5-devel with yum - yum: - name: krb5-devel +- name: Install FreeIPA client package + dnf: + name: + - ipa-client state: present + when: use_freeipa - name: Initialize PostgreSQL command: postgresql-setup initdb args: creates: /var/lib/pgsql/data/pg_hba.conf + # in the container env, we use the same database container as waiverdb + when: not in_container - replace: dest: /var/lib/pgsql/data/pg_hba.conf regexp: "host all all 127.0.0.1/32 ident" replace: "host all all 127.0.0.1/32 trust" + when: not in_container - replace: dest: /var/lib/pgsql/data/pg_hba.conf regexp: "host all all ::1/128 ident" replace: "host all all ::1/128 trust" + when: not in_container - service: name: postgresql state: started enabled: yes + when: not in_container - name: Create a database for Bodhi - shell: runuser -l postgres -c 'createdb bodhi2' && touch /home/vagrant/.db-created + shell: runuser -l postgres -c 'createdb -h localhost bodhi2' && touch /home/vagrant/.db-created args: creates: /home/vagrant/.db-created @@ -140,20 +183,20 @@ name: /srv/venv state: directory mode: 0755 - owner: vagrant - group: vagrant + owner: "{{ vagrant_user }}" + group: "{{ vagrant_user }}" - name: Create the virtualenv command: virtualenv --system-site-packages /srv/venv/ become: yes - become_user: vagrant + become_user: "{{ vagrant_user }}" args: creates: /srv/venv/bin/python - name: Install bodhi with poetry command: poetry install become: yes - become_user: vagrant + become_user: "{{ vagrant_user }}" args: chdir: /home/vagrant/bodhi/{{ item }} environment: @@ -170,7 +213,7 @@ timeout: 1000 - name: Import database - shell: xzcat /tmp/bodhi2.dump.xz | runuser -l postgres -c 'psql bodhi2' && touch /home/vagrant/.db-imported + shell: xzcat /tmp/bodhi2.dump.xz | runuser -l postgres -c 'psql -h localhost bodhi2' && touch /home/vagrant/.db-imported args: creates: /home/vagrant/.db-imported @@ -197,7 +240,40 @@ loop: - {key: "celery_config", value: "%(here)s/bodhi/bodhi-server/celeryconfig.py"} - {key: "pungi.basepath", value: "%(here)s/bodhi/devel/ci/integration/bodhi/"} + +- name: Use tinystage SMTP server + ini_file: + path: /home/vagrant/development.ini + section: app:main + option: "{{ item.key }}" + value: "{{ item.value }}" + loop: - {key: "smtp_server", value: "tinystage.tinystage.test:1025"} + when: use_freeipa + +- name: Adjust base URL and cors config in the config for direct usage (not via httpd) + ini_file: + path: /home/vagrant/development.ini + section: app:main + option: "{{ item.key }}" + value: "{{ item.value }}" + loop: + - {key: "base_address", value: "http://localhost:6543/"} +# - {key: "cors_origins_rw", value: "http://0.0.0.0:6543 http://localhost:6543"} +# - {key: "cors_connect_src", value: "http://0.0.0.0:6543 http://localhost:6543 http://localhost:6545 https://*.fedoraproject.org/ wss://hub.fedoraproject.org:9939/"} + - {key: "cors_origins_rw", value: "*"} + - {key: "cors_connect_src", value: "*"} + when: not use_httpd + +- name: Configure permissive testing auth + ini_file: + path: /home/vagrant/development.ini + section: app:main + option: "{{ item.key }}" + value: "{{ item.value }}" + loop: + - {key: "auth.completely-insecure-testing", value: "ralph"} + when: not use_freeipa - name: Creates /etc/bodhi directory file: @@ -206,7 +282,7 @@ - name: Apply database migrations become: yes - become_user: vagrant + become_user: "{{ vagrant_user }}" command: poetry run alembic -c alembic.ini upgrade head args: chdir: /home/vagrant/bodhi/bodhi-server @@ -215,7 +291,7 @@ BODHI_CONFIG: /home/vagrant/development.ini - name: Install the systemd unit files - copy: + template: src: "{{ item }}" dest: /etc/systemd/system/{{ item }} mode: 0644 @@ -224,23 +300,41 @@ - celery.service - name: Install the .bashrc - copy: - src: .bashrc + template: + src: bashrc dest: /home/vagrant/.bashrc mode: 0644 - owner: vagrant - group: vagrant + owner: "{{ vagrant_user }}" + group: "{{ vagrant_user }}" + +- name: Install the root .bashrc + template: + src: bashrc + dest: /root/.bashrc + mode: 0644 + owner: root + group: root + when: in_container - name: Install the .vimrc copy: src: .vimrc dest: /home/vagrant/.vimrc mode: 0644 - owner: vagrant - group: vagrant + owner: "{{ vagrant_user }}" + group: "{{ vagrant_user }}" -- name: Install the motd +- name: Install the root .vimrc copy: + src: .vimrc + dest: /root/.vimrc + mode: 0644 + owner: root + group: root + when: in_container + +- name: Install the motd + template: src: motd dest: /etc/motd mode: 0644 @@ -248,8 +342,8 @@ - name: create the composes directories file: path: "/srv/{{item}}" - owner: vagrant - group: vagrant + owner: "{{ vagrant_user }}" + group: "{{ vagrant_user }}" state: directory with_items: - composes @@ -270,106 +364,42 @@ dest: /etc/bash_completion.d/bodhi-client.bash state: link -# Auth - -- name: Enroll system as IPA client - shell: - cmd: ipa-client-install --hostname {{ ansible_fqdn }} --domain tinystage.test --realm {{ krb_realm }} --server ipa.tinystage.test -p {{ ipa_admin_user }} -w {{ ipa_admin_password }} -U -N --force-join - creates: /etc/ipa/default.conf +- name: Configure FreeIPA authentication and Apache + import_tasks: freeipa.yml + when: use_freeipa -- name: pip install oidc-register - pip: - name: oidc-register - executable: pip3 - -- name: Get the content of the CA cert - slurp: - src: /etc/ipa/ca.crt - register: ca_crt - -- name: Put tinystage root CA in the list of CA's - blockinfile: - block: "{{ ca_crt.content | b64decode }}" - path: "{{ item }}" - loop: - - /etc/pki/tls/certs/ca-bundle.crt - - /usr/local/lib/python{{ python3_version.stdout }}/site-packages/httplib2/cacerts.txt - - /srv/venv/lib/python{{ python3_version.stdout }}/site-packages/certifi/cacert.pem - -- name: Register with Ipsilon - command: python3 /home/vagrant/bodhi/devel/register-with-ipsilon.py - register: _ipsilon_registration - -- name: Generate and get SSL cert - shell: - cmd: ipa-getcert request -f /etc/pki/tls/certs/server.pem -k /etc/pki/tls/private/server.key -K HTTP/{{ ansible_fqdn }} -N {{ ansible_fqdn }} - creates: /etc/pki/tls/certs/server.pem - -- name: Check the cert is there - wait_for: - path: /etc/pki/tls/certs/server.pem - state: present - -- name: Check the key is there - wait_for: - path: /etc/pki/tls/private/server.key - state: present - -- name: Setup mod_ssl - lineinfile: - path: /etc/httpd/conf.d/ssl.conf - regexp: "^SSLCertificateFile " - line: SSLCertificateFile /etc/pki/tls/certs/server.pem -- name: Setup mod_ssl - lineinfile: - path: /etc/httpd/conf.d/ssl.conf - regexp: "^SSLCertificateKeyFile " - line: SSLCertificateKeyFile /etc/pki/tls/private/server.key -- name: Setup mod_ssl - lineinfile: - path: /etc/httpd/conf.d/ssl.conf - insertbefore: "" - regexp: "^RequestHeader set X-Forwarded-Proto https$" - line: RequestHeader set X-Forwarded-Proto https - -- name: Copy the create users and groups script - template: - src: create-freeipa-users-grps.py - dest: /home/vagrant/create-freeipa-users-grps.py - mode: 0644 - owner: vagrant - group: vagrant +- name: Start and enable the bodhi-related services + service: + name: "{{ item }}" + state: restarted + enabled: yes + with_items: + - bodhi + - celery -- name: Add development users to tinystage - shell: python create-freeipa-users-grps.py > users-creation.log - args: - chdir: /home/vagrant/ - creates: users-creation.log +- name: Start and enable docker + service: + name: docker + state: restarted + enabled: yes + when: not in_container - name: Setup httpd - copy: + template: src: bodhi.httpd.conf dest: /etc/httpd/conf.d/bodhi.conf + when: use_httpd - name: Allow apache to reverse proxy seboolean: name: httpd_can_network_connect state: yes persistent: yes - - -- name: Start and enable the bodhi-related services - service: - name: "{{ item }}" - state: restarted - enabled: yes - with_items: - - bodhi - - docker - - celery + when: use_httpd - name: Start enable httpd service: name: httpd state: restarted enabled: yes + when: use_httpd diff --git a/devel/ansible/roles/bodhi/files/.bashrc b/devel/ansible/roles/bodhi/templates/bashrc similarity index 82% rename from devel/ansible/roles/bodhi/files/.bashrc rename to devel/ansible/roles/bodhi/templates/bashrc index dbd8716219..3405220359 100644 --- a/devel/ansible/roles/bodhi/files/.bashrc +++ b/devel/ansible/roles/bodhi/templates/bashrc @@ -13,8 +13,13 @@ shopt -s expand_aliases alias bci="sudo -E /home/vagrant/bodhi/devel/ci/bodhi-ci" alias bdocs="make -C /home/vagrant/bodhi/docs clean && make -C /home/vagrant/bodhi/docs html && make -C /home/vagrant/bodhi/docs man" alias blog="sudo journalctl -u bodhi -u fm-consumer@config" -alias brestart="sudo systemctl restart bodhi && sudo systemctl restart fm-consumer@config && echo 'The Application is running on https://bodhi-dev.example.com'" -alias bstart="sudo systemctl start bodhi && sudo systemctl start fm-consumer@config && echo 'The Application is running on https://bodhi-dev.example.com'" +{% if in_container %} +alias brestart="sudo systemctl restart bodhi && sudo systemctl restart fm-consumer@config && echo 'The application is running on http://localhost:6543'" +alias bstart="sudo systemctl start bodhi && sudo systemctl start fm-consumer@config && echo 'The application is running on http://localhost:6543'" +{% else %} +alias brestart="sudo systemctl restart bodhi && sudo systemctl restart fm-consumer@config && echo 'The application is running on https://bodhi-dev.example.com'" +alias bstart="sudo systemctl start bodhi && sudo systemctl start fm-consumer@config && echo 'The application is running on https://bodhi-dev.example.com'" +{% endif %} alias bstop="sudo systemctl stop bodhi && sudo systemctl stop fm-consumer@config" alias blint="pre-commit run -a" alias bmessages="sudo journalctl -u print-messages" @@ -48,6 +53,7 @@ function btest { } +{% if not in_container %} function bstartdeps { pushd /tmp; curl -o waiverdb.dump.xz https://infrastructure.fedoraproject.org/infra/db-dumps/waiverdb.dump.xz @@ -68,9 +74,14 @@ function bremovedeps { rm -f /tmp/waiverdb.dump* rm -f /home/vagrant/bodhi/devel/docker/settings/policies/* } +{% endif %} +{% if in_container %} +export BODHI_URL="http://localhost:6543/" +{% else %} export BODHI_URL="https://bodhi-dev.example.com/" export BODHI_OPENID_PROVIDER="https://ipsilon.tinystage.test/idp/" +{% endif %} export PYTHONWARNINGS="once" export BODHI_CI_ARCHIVE_PATH="/home/vagrant/bodhi-ci-test_results/" diff --git a/devel/ansible/roles/bodhi/files/bodhi.httpd.conf b/devel/ansible/roles/bodhi/templates/bodhi.httpd.conf similarity index 78% rename from devel/ansible/roles/bodhi/files/bodhi.httpd.conf rename to devel/ansible/roles/bodhi/templates/bodhi.httpd.conf index cb09d2c41a..a870189ea8 100644 --- a/devel/ansible/roles/bodhi/files/bodhi.httpd.conf +++ b/devel/ansible/roles/bodhi/templates/bodhi.httpd.conf @@ -1,7 +1,9 @@ ProxyPass "/" "http://localhost:6543/" ProxyPassReverse "/" "http://localhost:6543/" +{% if use_freeipa and not in_container %} # Redirect to HTTPS RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} +{% endif %} diff --git a/devel/ansible/roles/bodhi/files/bodhi.service b/devel/ansible/roles/bodhi/templates/bodhi.service similarity index 93% rename from devel/ansible/roles/bodhi/files/bodhi.service rename to devel/ansible/roles/bodhi/templates/bodhi.service index c4edbbc118..374b3cfb4a 100644 --- a/devel/ansible/roles/bodhi/files/bodhi.service +++ b/devel/ansible/roles/bodhi/templates/bodhi.service @@ -5,7 +5,7 @@ Wants=network-online.target [Service] Environment=PYTHONWARNINGS=once VIRTUAL_ENV=/srv/venv BODHI_CONFIG=/home/vagrant/development.ini -User=vagrant +User={{ vagrant_user }} WorkingDirectory=/home/vagrant/bodhi/bodhi-server ExecStart=/usr/bin/poetry run pserve /home/vagrant/development.ini --reload diff --git a/devel/ansible/roles/bodhi/files/celery.service b/devel/ansible/roles/bodhi/templates/celery.service similarity index 93% rename from devel/ansible/roles/bodhi/files/celery.service rename to devel/ansible/roles/bodhi/templates/celery.service index eaf21ce2b0..0799609411 100644 --- a/devel/ansible/roles/bodhi/files/celery.service +++ b/devel/ansible/roles/bodhi/templates/celery.service @@ -5,7 +5,7 @@ Wants=network-online.target [Service] Environment=VIRTUAL_ENV=/srv/venv BODHI_CONFIG=/home/vagrant/development.ini -User=vagrant +User={{ vagrant_user }} WorkingDirectory=/home/vagrant/bodhi/bodhi-server ExecStart=/usr/bin/poetry run celery -A bodhi.server.tasks.app worker -l info -Q celery,has_koji_mount -B diff --git a/devel/ansible/roles/bodhi/files/motd b/devel/ansible/roles/bodhi/templates/motd similarity index 56% rename from devel/ansible/roles/bodhi/files/motd rename to devel/ansible/roles/bodhi/templates/motd index 0a019e3489..29b73a0b14 100644 --- a/devel/ansible/roles/bodhi/files/motd +++ b/devel/ansible/roles/bodhi/templates/motd @@ -1,23 +1,33 @@ Welcome to the Bodhi development environment! Here are some helpful commands: +{% if not in_container %} bci: Run the Bodhi CI test suite. +{% endif %} bdocs: Build Bodhi's documentation. -bfedmsg: Display the log of Bodhi's messages on the bus. -blog: View Bodhi's log. (Support all the systemctl options, such as -lf) +blint: Run a series of linter checks. +btest: Run Bodhi's test suite (includes blint and bdocs). +bmessages: Display the log of Bodhi's messages on the bus. +blog: View Bodhi's log. (Support all the systemctl options, such as -lf). bresetdb: Drop and reimport the database. brestart: Restart the Bodhi service. bodhi-shell: Get a handy python shell initialized with Bodhi models. bstart: Start the Bodhi service. bstop: Stop the Bodhi service. -btest: Run Bodhi's test suite. -blint: Run a series of linter checks. -bstartdeps: Create and Run WaiverDB and Greenwave docker services -bstopdeps: Stop WaiverDB and Greenwave docker services -bremovedeps: Destroy WaiverDB and Greenwave docker services - +{% if not in_container %} +bstartdeps: Create and Run WaiverDB and Greenwave docker services. +bstopdeps: Stop WaiverDB and Greenwave docker services. +bremovedeps: Destroy WaiverDB and Greenwave docker services. +{% endif %} +{% if in_container %} +The BODHI_URL environment variable is set to http://localhost:6543/ +{% else %} The BODHI_URL environment variable is set to https://bodhi-dev.example.com/ +{% endif %} so the bodhi client will use the local development server. +{% if in_container %} +Only unauthenticated requests will work through the client. +{% endif %} Happy hacking! diff --git a/devel/ansible/roles/rabbitmq/files/print-messages.service b/devel/ansible/roles/bodhi/templates/print-messages.service similarity index 91% rename from devel/ansible/roles/rabbitmq/files/print-messages.service rename to devel/ansible/roles/bodhi/templates/print-messages.service index 8f88d4fb92..b6461ac3d6 100644 --- a/devel/ansible/roles/rabbitmq/files/print-messages.service +++ b/devel/ansible/roles/bodhi/templates/print-messages.service @@ -4,7 +4,7 @@ After=network-online.target Wants=network-online.target [Service] -User=vagrant +User={{ vagrant_user }} ExecStart=/usr/bin/fedora-messaging consume --callback="fedora_messaging.example:printer" [Install] diff --git a/devel/ansible/roles/rabbitmq/files/rabbitmq.repo b/devel/ansible/roles/rabbitmq/files/rabbitmq.repo new file mode 100644 index 0000000000..4e25d38ba9 --- /dev/null +++ b/devel/ansible/roles/rabbitmq/files/rabbitmq.repo @@ -0,0 +1,6 @@ +[rabbitmq-repo] +name=RabbitMQ 3.12 side repo +baseurl=https://adamwill.fedorapeople.org/rabbitmq-repo/$basearch/ +enabled=1 +metadata_expire=3600 +gpgcheck=0 diff --git a/devel/ansible/roles/rabbitmq/tasks/main.yml b/devel/ansible/roles/rabbitmq/tasks/main.yml index ad949a2ab0..563562bfd5 100644 --- a/devel/ansible/roles/rabbitmq/tasks/main.yml +++ b/devel/ansible/roles/rabbitmq/tasks/main.yml @@ -1,3 +1,10 @@ +- name: Set up side repo with RabbitMQ 3.12 for Fedora 39 + copy: + src: rabbitmq.repo + dest: /etc/yum.repos.d/rabbitmq.repo + mode: 0644 + when: ansible_distribution == 'Fedora' and ansible_distribution_major_version|int == 39 + - name: Install RabbitMQ packages package: name: "{{ item }}" @@ -7,20 +14,28 @@ - fedora-messaging # SELinux +- name: check if selinux is enabled + command: selinuxenabled + register: selinux + failed_when: 1 == 0 + - name: compile policy module command: checkmodule -o local-rabbitmq.mod -m -M /home/vagrant/bodhi/devel/ansible/roles/rabbitmq/files/local-rabbitmq.te args: creates: local-rabbitmq.mod + when: selinux.rc == 0 - name: package policy module command: semodule_package -o local-rabbitmq.pp -m local-rabbitmq.mod args: creates: local-rabbitmq.pp + when: selinux.rc == 0 - name: install policy module command: semodule -i local-rabbitmq.pp args: creates: /var/lib/selinux/targeted/active/modules/400/local-rabbitmq/ + when: selinux.rc == 0 - name: Create RabbitMQ systemd override directory file: @@ -61,20 +76,3 @@ read_priv: .* write_priv: .* state: present - -- name: Install the systemd unit files - copy: - src: "{{ item }}" - dest: /etc/systemd/system/{{ item }} - mode: 0644 - with_items: - - print-messages.service - -- name: Start and enable the rabbitmq-related services - service: - name: "{{ item }}" - state: restarted - enabled: yes - with_items: - - fm-consumer@config - - print-messages diff --git a/devel/docker/settings/restore_waiverdb.sh b/devel/docker/settings/restore_waiverdb.sh old mode 100644 new mode 100755 diff --git a/devel/docker/settings/run_waiverdb.sh b/devel/docker/settings/run_waiverdb.sh new file mode 100755 index 0000000000..5b6dd30b86 --- /dev/null +++ b/devel/docker/settings/run_waiverdb.sh @@ -0,0 +1,3 @@ +#!/bin/sh +. /venv/bin/activate +waiverdb wait-for-db && waiverdb db upgrade && gunicorn --bind 0.0.0.0:6544 --access-logfile=- --enable-stdio-inheritance waiverdb.wsgi:app diff --git a/docs/developer/index.rst b/docs/developer/index.rst index f4fc642992..1d5661de93 100644 --- a/docs/developer/index.rst +++ b/docs/developer/index.rst @@ -167,18 +167,11 @@ that runs ``sudo devel/ci/bodhi-ci`` for you. Create a Bodhi development environment ====================================== -There are two ways to bootstrap a Bodhi development environment. You can use Vagrant, or you can use -virtualenv on an existing host. `Vagrant`_ allows contributors to get quickly up and running with a -Bodhi development environment by automatically configuring a virtual machine. `Virtualenv`_ is -a more manual option for building a development environment on an existing system. If you aren't -sure which development environment you would like to use, Vagrant is recommended as it get you a -working system more quickly and with less effort. If you would like to use Vagrant, see the -:doc:`Bodhi Vagrant Guide `. If you would like to use Virtualenv, see the -:doc:`Bodhi Virtualenv Guide `. +You can use Vagrant to create a Bodhi development environment. Using a local virtual environment +is no longer supported. See the :doc:`Bodhi Vagrant Guide ` for more details. -If you use Vagrant, you can configure Visual Studio Code to run unit-tests inside with :doc:`Bodhi Vagrant - VS Code Guide `. +You can configure Visual Studio Code to run unit-tests inside with :doc:`Bodhi Vagrant - VS Code Guide `. .. _docs/user/release_notes.rst: https://github.com/fedora-infra/bodhi/blob/develop/docs/user/release_notes.rst#release-notes .. _type hints: https://docs.python.org/3/library/typing.html .. _Vagrant: https://www.vagrantup.com -.. _Virtualenv: https://virtualenv.pypa.io/en/stable/ diff --git a/docs/developer/vagrant.rst b/docs/developer/vagrant.rst index b0e976e193..3759b2bce3 100644 --- a/docs/developer/vagrant.rst +++ b/docs/developer/vagrant.rst @@ -2,43 +2,89 @@ Vagrant ======= -`Vagrant`_ allows contributors to get quickly up and running with a Bodhi development environment by -automatically configuring a virtual machine. Before you get started, ensure that your host machine -has virtualization extensions enabled in its BIOS so the guest is not slow. To -get started, simply use these commands:: +`Vagrant`_ allows contributors to get quickly up and running with a Bodhi development environment. +There are two options: a virtual machine-based development environment which uses a full Ipsilion +and FreeIPA-backed authentication mechanism provided by tinystage +(https://github.com/fedora-infra/tiny-stage), or a container-based development environment which +uses a simple authentication mechanism where you are logged in as an administrator all the time. +The virtual machine-based environment allows you to test authentication-related changes, but uses +substantially more resources and is slower than the container-based environment. + + +Getting set up - virtual machine option +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + +If you choose the virtual machine-based environment, before you get started, ensure that your host +machine has virtualization extensions enabled in its BIOS so the guest is not slow. To get FreeIPA +and Ipsilon running, you must also ensure that tinystage is running before trying to provision +bodhi with vagrant. To set up tinystage, use these commands (from wherever it makes sense in your +system to check out the tiny-stage repo):: + + $ git clone https://github.com/fedora-infra/tiny-stage + $ pushd tiny-stage/ + $ vagrant up + $ popd + +Then to get set up for the virtual machine option, simply use these commands:: $ sudo dnf install ansible libvirt vagrant-libvirt vagrant-sshfs vagrant-hostmanager $ sudo systemctl enable libvirtd $ sudo systemctl start libvirtd -As of 2022, bodhi now uses OpenID Connect (OIDC) for authentication. For the vagrant development environment, -this requires a running FreeIPA and Ipsilon instance. Running tinystage -(https://github.com/fedora-infra/tiny-stage) will set these up. Ensure that tinystage is running before trying -to provision bodhi with vagrant. To set up tinystage:: - $ git clone https://github.com/fedora-infra/tiny-stage - $ pushd tiny-stage/ - $ vagrant up - $ popd +Getting set up - container option +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + +You don't need to worry about virtualization extensions or tinystage in this case. To get set up +for the container option, just use these commands:: + + $ sudo dnf install ansible vagrant podman-docker python3-jinja2-cli + $ export VAGRANT_VAGRANTFILE=./Vagrantfile.container + +Note this will also install vagrant's libvirt provider by default, which pulls in a lot of libvirt +dependencies. If you are sure you won't want to use Vagrant with virtual machines at all, you can do: + + $ sudo dnf install ansible vagrant podman-docker python3-jinja2-cli podman-docker --setopt=install_weak_deps=False + +to avoid pulling it in. -Next, check out the bodhi code and run ``vagrant up``:: +The second command is what tells vagrant to use the alternative Vagrantfile for the container +option (the file for the virtual machine option is the default). You must run this in any shell +you want to run vagrant from, including running it again after starting a new terminal, +rebooting the system, and so on. If you need to use vagrant with a different project, or you +want to switch to the virtual machine method, first run ``vagrant destroy bodhi postgres waiverdb greenwave rabbitmq`` +to destroy all containers, then run ``unset VAGRANT_VAGRANTFILE``. You could of course come up +with an alternative way to set ``VAGRANT_VAGRANTFILE`` which makes the most sense for you, for +example an alias or a wrapper script. + + +Starting the development environment +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + +Either way, once you've got set up, check out the bodhi code and run ``vagrant up``:: $ git clone https://github.com/fedora-infra/bodhi $ cd bodhi $ vagrant up -Your newly provisioned bodhi development instance is now available at https://bodhi-dev.example.com/. +Your newly provisioned bodhi development instance is now available at https://bodhi-dev.example.com/ for +the virtual machine-based environment, or http://localhost:6543/ for the container-based environment. The Vagrant guest runs an AMQP message broker (RabbitMQ) which has a web interface for monitoring and -administration of the Fedora Messaging queue at http://bodhi-dev.example.com:15672/. The default username -is ``guest`` and the password is ``guest``. +administration of the Fedora Messaging queue at http://bodhi-dev.example.com:15672/ (VM environment) +or http://localhost:15672/ (container environment). The default username is ``guest`` +and the password is ``guest``. .. _Vagrant: https://www.vagrantup.com -Authentication -^^^^^^^^^^^^^^ +Authentication (virtual machine environment) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + The Vagrant environment will configure Bodhi server and Bodhi's CLI to use the tiny-stage Ipsilon (https://ipsilon.tinystage.test) for authentication. The users are defined in the tiny-stage FreeIPA @@ -53,6 +99,15 @@ not be a copy of your real fas account, it will just have the same username with ``password`` and fake complementary data. +Authentication (container environment) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + +The container-based environment will always consider you to be logged in as 'ralph', an administrator +(and former Bodhi maintainer). If you need anything more sophisticated than this, you must use the +virtual machine-based environment. + + Quick tips about the Bodhi Vagrant environment ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -66,13 +121,30 @@ Once you are inside the development environment, there are a helpful set of comm ``.bashrc`` that will be printed to the screen via the ``/etc/motd`` file. Be sure to familiarize yourself with these: -.. include:: ../../devel/ansible/roles/bodhi/files/motd - :literal: +bci: Run the Bodhi CI test suite (only in the VM-based environment). +bdocs: Build Bodhi's documentation. +blint: Run a series of linter checks. +btest: Run Bodhi's test suite (includes blint and bdocs). +bmessages: Display the log of Bodhi's messages on the bus. +blog: View Bodhi's log. (Support all the systemctl options, such as -lf). +bresetdb: Drop and reimport the database. +brestart: Restart the Bodhi service. +bodhi-shell: Get a handy python shell initialized with Bodhi models. +bstart: Start the Bodhi service. +bstop: Stop the Bodhi service. +bstartdeps: Create and Run WaiverDB and Greenwave docker services (only in the VM-based environment). +bstopdeps: Stop WaiverDB and Greenwave docker services (only in the VM-based environment). +bremovedeps: Destroy WaiverDB and Greenwave docker services (only in the VM-based environment). Keep in mind that all ``vagrant`` commands should be run with your current working directory set to your Bodhi checkout. The code from your development host will be mounted in ``/home/vagrant/bodhi`` -in the guest. You can edit this code on the host, and the vagrant-sshfs plugin will cause the -changes to automatically be reflected in the guest's ``/home/vagrant/bodhi`` folder. +in the guest. You can edit this code on the host, and the changes will automatically be reflected +in the guest's ``/home/vagrant/bodhi`` folder (using vagrant-sshfs in the virtual machine environment, +and a container volume in the container environment). Note that in the container-based environment +the path ``/home/vagrant/bodhi`` is used for compatibility with the VM-based environment, but there +is no user called 'vagrant', and the folder is owned by root. root inside the container maps to +the user who ran vagrant outside the container (this is a default podman behaviour for rootless +containers). The development server is run inside the Vagrant environment by the ``bodhi.service`` systemd unit. You can use ``bodhi-shell`` to get a Python shell quickly set up with a nice environment for you to hack @@ -108,9 +180,26 @@ in. Here's an example where we use ``bodhi-shell`` to set an update's request to In [3]: s().commit() When you are done with your Vagrant guest, you can destroy it permanently by running this command on -the host:: +the host (for the virtual machine-based environment):: $ vagrant destroy -If you wish to use a custom ``Vagrantfile``, you can set the environment variable +For the container-based environment, to delete all the containers, run: + + $ vagrant destroy bodhi postgres waiverdb greenwave rabbitmq + +The order is important. + +If you wish to use a different custom ``Vagrantfile``, you can set the environment variable ``VAGRANT_VAGRANTFILE`` as a path to a script. + + +Limitations and warnings for the container-based environment +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + +You cannot run the CI in the container-based environment, as the CI setup itself uses containers. + +Authentication is very basic, as noted above. The lack of a proper OIDC authentication setup also +means that the ``bodhi`` CLI client will not work for any authenticated requests, as it is set up +to always expect an OIDC flow for such requests. Unauthenticated requests should work. diff --git a/docs/developer/virtualenv.rst b/docs/developer/virtualenv.rst deleted file mode 100644 index e57850470e..0000000000 --- a/docs/developer/virtualenv.rst +++ /dev/null @@ -1,146 +0,0 @@ -========== -Virtualenv -========== - -Dependencies -^^^^^^^^^^^^ -``sudo dnf install libffi-devel postgresql-devel openssl-devel koji pcaro-hermit-fonts freetype-devel libjpeg-turbo-devel zeromq-devel git gcc redhat-rpm-config fedora-cert python2-dnf yum`` - -Setup virtualenvwrapper -^^^^^^^^^^^^^^^^^^^^^^^ -``sudo dnf -y install python-virtualenvwrapper python-createrepo_c createrepo_c`` - -Add the following to your `~/.bashrc`:: - - export WORKON_HOME=$HOME/.virtualenvs - source /usr/bin/virtualenvwrapper.sh - -Set PYTHONPATH -^^^^^^^^^^^^^^ - -Add the following to your `~/.bashrc` - -``export PYTHONPATH=$PYTHONPATH:$HOME/.virtualenvs`` - -Then on the terminal :: - - source ~/.bashrc - -Clone the source -^^^^^^^^^^^^^^^^ -:: - - git clone https://github.com/fedora-infra/bodhi.git - cd bodhi - -Bootstrap the virtualenv -^^^^^^^^^^^^^^^^^^^^^^^^ -:: - - ./bootstrap.py - workon bodhi-python2.7 - -Setting up -^^^^^^^^^^ -``python setup.py develop`` - -``pip install psycopg2 pyramid_debugtoolbar`` - -Create the `development.ini `_ file -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Copy ``devel/development.ini.example`` to ``development.ini``: -:: - - cp devel/development.ini.example development.ini - -Run the test suite -^^^^^^^^^^^^^^^^^^ -``py.test`` - -Import the bodhi2 database -^^^^^^^^^^^^^^^^^^^^^^^^^^ -:: - - curl -O https://infrastructure.fedoraproject.org/infra/db-dumps/bodhi2.dump.xz - sudo -u postgres createdb bodhi2 - sudo -u postgres psql -c "create role bodhi2;" - xzcat bodhi2.dump.xz | sudo -u postgres psql bodhi2 - -.. note:: If you do not have a PostgreSQL server running, please see the - instructions at the bottom of the file. - - -Adjust database configuration in `development.ini `_ file -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Set the configuration key -`sqlalchemy.url `_ -to point to the postgresql database. Something like: -:: - - sqlalchemy.url = postgresql://postgres:anypasswordworkslocally@localhost/bodhi2 # gitleaks:allow - - -Upgrade the database -^^^^^^^^^^^^^^^^^^^^ -``alembic upgrade head`` - - -Run the web app -^^^^^^^^^^^^^^^ -``pserve development.ini --reload`` - - - -Setup the postgresql server -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -1. Install postgresql -~~~~~~~~~~~~~~~~~~~~~ -:: - - dnf install postgresql-server - - -2. Setup the Database -~~~~~~~~~~~~~~~~~~~~~ - -As a privileged user on a Fedora system run the following: -:: - - sudo postgresql-setup initdb - - -3. Adjust PostgreSQL Connection Settings -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -As a privileged user on a Fedora system modify the pg_hba.conf file: -:: - - vi /var/lib/pgsql/data/pg_hba.conf - -Then adjust the content at the bottom of the file to match the following. - -:: - - # TYPE DATABASE USER ADDRESS METHOD - - # "local" is for Unix domain socket connections only - local all all peer - # IPv4 local connections are *trusted*, any password will work. - host all all 127.0.0.1/32 trust - # IPv6 local connections are *trusted*, any password will work. - host all all ::1/128 trust - -If you need to make other modifications to postgresql please make them now. - -4. Start PostgreSQL -~~~~~~~~~~~~~~~~~~~ - -As a privileged user on a Fedora system run the following: -:: - - sudo systemctl start postgresql.service - - diff --git a/docs/index.rst b/docs/index.rst index 34f47443ba..07147f3ed8 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -63,7 +63,6 @@ Contributor Guide developer/releases developer/vagrant developer/vagrant_vscode - developer/virtualenv developer/models