some template changes

Signed-off-by: Brian Stinson <bstinson@redhat.com>

tasks/mbs-backend.yml

@@ -160,7 +160,7 @@
 
 - name: Copy mbs-backend koji keytab
   copy:
-    src: "{{ mbs_pki_store }}/krb5/{{ mbs_config_krb_keytab }}"
+    src: "{{ pkistore }}/krb5/{{ mbs_config_krb_keytab }}"
     dest: /etc/module-build-service/{{ mbs_config_krb_keytab }}
     owner: fedmsg
     group: fedmsg

tasks/mbs-frontend.yml

@@ -13,7 +13,6 @@
     tasks_from: pki-tls
   vars:
     pki_hostname: "{{ mbs_frontend_host }}"
-    pkistore: "{{ mbs_pki_store }}"
   when: mbs_frontend_https_enabled | bool
 
 - name: Install mbs-frontend packages
@@ -38,7 +37,7 @@
 
 - name: Ensure we have proper httpd keytab
   copy:
-    src: "{{ mbs_pki_store }}/krb5/{{ mbs_frontend_krb_keytab }}"
+    src: "{{ pkistore }}/krb5/{{ mbs_frontend_krb_keytab }}"
     dest: "/etc/httpd/conf.d/{{ mbs_frontend_krb_keytab }}"
     owner: apache
   when: (mbs_config_no_auth | bool) == False

templates/config.py.j2

@@ -0,0 +1,155 @@
+# This file is maintained in Ansible and will be overwritten.
+# Do not edit locally.
+
+
+class ProdConfiguration(object):
+    DEBUG = False
+
+    SECRET_KEY = '{{ mbs_secret_key }}'
+
+    SQLALCHEMY_DATABASE_URI = 'postgresql://{{ mbs_db_user }}:{{ mbs_db_password }}@{{ mbs_db_host }}:{{ mbs_db_port }}/{{ mbs_db_name }}'
+    SQLALCHEMY_TRACK_MODIFICATIONS = True
+
+    CELERY_BROKER_URL = '{{ mbs_broker_url }}'
+
+    # Global network-related values, in seconds
+    NET_TIMEOUT = 120
+    NET_RETRY_INTERVAL = 30
+
+    SYSTEM = 'koji'
+    MESSAGING = '{{ mbs_messaging }}'
+    MESSAGING_TOPIC_PREFIX = {{ mbs_messaging_topic_prefix }}
+    KOJI_CONFIG = '/etc/module-build-service/koji.conf'
+    KOJI_PROFILE = '{{ mbs_koji_profile }}'
+    ARCHES = {{ mbs_arches }}
+    KOJI_PROXYUSER = {{ mbs_koji_proxyuser }}
+    KOJI_REPOSITORY_URL = '{{ mbs_koji_repository_url }}'
+    PDC_URL = '{{ mbs_pdc_url }}'
+    PDC_INSECURE = {{ mbs_pdc_insecure }}
+    PDC_DEVELOP = {{ mbs_pdc_develop }}
+    SCMURLS = {{ mbs_scmurls }}
+
+    RESOLVER = '{{ mbs_resolver }}'
+
+    # This is a whitelist of prefixes of koji tags we're allowed to manipulate
+    KOJI_TAG_PREFIXES = {{ mbs_koji_tag_prefixes }}
+
+    # Permission name to require for newly created Koji tags
+    KOJI_TAG_PERMISSION = '{{ mbs_koji_tag_permission }}'
+
+    DEFAULT_DIST_TAG_PREFIX = '{{ mbs_default_dist_tag_prefix }}'
+
+    # Use the same priority as all other builds
+    KOJI_BUILD_PRIORITY = {{ mbs_koji_build_priority }}
+
+    # Control where modules get tagged post-build.
+    BASE_MODULE_NAMES = set({{ mbs_base_module_names }})
+    KOJI_CG_TAG_BUILD = {{ mbs_koji_cg_tag_build }}
+    KOJI_CG_BUILD_TAG_TEMPLATE = '{{ mbs_koji_cg_build_tag_template }}'
+    KOJI_CG_DEFAULT_BUILD_TAG = '{{ mbs_koji_cg_default_build_tag }}'
+
+    # yes, we want everyone to authenticate
+    NO_AUTH = False
+
+    YAML_SUBMIT_ALLOWED = {{ mbs_yaml_submit_allowed }}
+
+    # Allow maintainers to specify something that differs from the git branch.
+    ALLOW_NAME_OVERRIDE_FROM_SCM = {{ mbs_allow_name_override_from_scm }}
+    ALLOW_STREAM_OVERRIDE_FROM_SCM = {{ mbs_allow_stream_override_from_scm }}
+
+    # How often should we resort to polling, in seconds
+    # Set to zero to disable polling
+    POLLING_INTERVAL = {{ mbs_polling_interval }}
+
+    # Determines how many builds that can be submitted to the builder
+    # and be in the build state at a time. Set this to 0 for no restrictions
+    # New name
+    NUM_CONCURRENT_BUILDS = {{ mbs_num_concurrent_builds }}
+
+    RPMS_DEFAULT_REPOSITORY = '{{ mbs_rpms_default_repository }}'
+    RPMS_ALLOW_REPOSITORY = {{ mbs_rpms_allow_repository }}
+    RPMS_DEFAULT_CACHE = '{{ mbs_rpms_default_cache }}'
+    RPMS_ALLOW_CACHE = {{ mbs_rpms_allow_cache }}
+    MODULES_DEFAULT_REPOSITORY = '{{ mbs_modules_default_repository }}'
+    MODULES_ALLOW_REPOSITORY = {{ mbs_modules_allow_repository }}
+    MODULES_ALLOW_SCRATCH = {{ mbs_modules_allow_scratch }}
+
+    # Our per-build logs for the Koji content generator go here.
+    # CG imports are controlled by KOJI_ENABLE_CONTENT_GENERATOR
+    BUILD_LOGS_DIR = '/var/tmp'
+
+    # Time after which MBS will delete koji targets it created.
+    KOJI_TARGET_DELETE_TIME = {{ mbs_koji_target_delete_time }}
+
+    # Whether or not to import modules back to koji.
+    KOJI_ENABLE_CONTENT_GENERATOR = {{ mbs_koji_enable_content_generator }}
+
+    # Available backends are: console, file.
+    LOG_BACKEND = 'console'
+
+    # Available log levels are: debug, info, warn, error.
+    LOG_LEVEL = '{{ mbs_log_level }}'
+
+    REBUILD_STRATEGY_ALLOW_OVERRIDE = {{ mbs_rebuild_strategy_allow_override }}
+    REBUILD_STRATEGY = '{{ mbs_rebuild_strategy }}'
+
+    # For handling stream collision modules, matching an external repo URL to
+    # extract the ursine content root tag.
+    KOJI_EXTERNAL_REPO_URL_PREFIX = '{{ mbs_koji_external_repo_url_prefix }}'
+
+    ALLOWED_PRIVILEGED_MODULE_NAMES = {{ mbs_allowed_privileged_module_names }}
+
+    STREAM_SUFFIXES = {
+        r'el\d+\.\d+\.\d+\.z': 0.1,
+    }
+
+    GREENWAVE_URL = '{{ mbs_greenwave_url }}'
+    GREENWAVE_SUBJECT_TYPE = '{{ mbs_greenwave_subject_type }}'
+    GREENWAVE_DECISION_CONTEXT = '{{ mbs_greenwave_decision_context }}'
+
+{% if mbs_frontend  %}
+    # Settings for Kerberos + LDAP auth
+    AUTH_METHOD = '{{ mbs_auth_method }}'
+    KERBEROS_HTTP_HOST = '{{ mbs_krb_http_host }}'
+    KERBEROS_KEYTAB = '/etc/module-build-service/httpd.keytab'
+    LDAP_URI = '{{ mbs_ldap_uri }}'
+    LDAP_GROUPS_DN = '{{ mbs_ldap_groups_dn }}'
+    # These groups are allowed to submit builds.
+    ALLOWED_GROUPS = {{ mbs_allowed_groups }}
+    # These users don't need to be part of a group to submit builds.
+    ALLOWED_USERS = {{ mbs_allowed_users }}
+    # These groups are allowed to cancel the builds of other users.
+    ADMIN_GROUPS = {{ mbs_admin_groups }}
+    # These groups are allowed to import the virtual module.
+    ALLOWED_GROUPS_TO_IMPORT_MODULE = {{ mbs_allowed_groups_to_import_module }}
+    BR_STREAM_OVERRIDE_MODULE = '{{ mbs_br_stream_override_module }}'
+    BR_STREAM_OVERRIDE_REGEXES = [
+{% for regex in mbs_br_stream_override_regexes %}
+        r'{{ regex }}',
+{% endfor %}
+    ]
+    PRODUCT_PAGES_URL = '{{ mbs_product_pages_url }}'
+    PRODUCT_PAGES_SCHEDULE_TASK_NAME = '{{ mbs_product_pages_schedule_task_name }}'
+    PRODUCT_PAGES_MODULE_STREAMS = {
+{% for regex, values in mbs_product_pages_module_streams.items() %}
+        r'{{ regex }}': {{ values }},
+{% endfor %}
+    }
+{% else %}
+    # Settings for Kerberos
+    KRB_KEYTAB = '/etc/module-build-service/mbs.keytab'
+    KRB_PRINCIPAL = '{{ mbs_krb_principal }}'
+    KRB_CCACHE = '/var/tmp/mbs.ccache'
+
+    NUM_WORKERS = {{ mbs_num_workers }}
+{% endif %}
+
+{% if mbs_koji_tag_extra_opts is defined %}
+    KOJI_TAG_EXTRA_OPTS = {{ mbs_koji_tag_extra_opts }}
+{% endif %}
+
+    SCRATCH_BUILD_ONLY_BRANCHES = [
+{% for regex in mbs_scratch_build_only_branches %}
+        r'{{ regex }}',
+{% endfor %}
+    ]

templates/koji.conf.j2

@@ -0,0 +1,13 @@
+# This file is maintained in Ansible and will be overwritten.
+# Do not edit locally.
+
+{% for config in mbs_koji_configs %}
+[{{ config.name }}]
+server = {{ config.server }}
+weburl = {{ config.weburl }}
+topurl = {{ config.topurl }}
+authtype = {{ config.authtype }}
+krbservice = {{ config.krbservice }}
+
+{% endfor %}
+

templates/mbs-poller.service.j2

@@ -0,0 +1,16 @@
+{{ ansible_managed | comment }}
+
+[Unit]
+Description=MBS Poller
+After=network.target{{ ' rabbitmq-server.service' if mbs_systemd_wait_for_rabbitmq else '' }}
+
+[Service]
+Type=simple
+# Always restart the service, even if it exits cleanly
+Restart=always
+RestartSec=1
+User=fedmsg
+ExecStart=/usr/bin/celery beat -A module_build_service.scheduler.celery_app --loglevel=info --pidfile /var/run/fedmsg/mbs-scheduler.pid -s /var/run/fedmsg/mbs-scheduler.db
+
+[Install]
+WantedBy=multi-user.target

templates/mbs-worker@.service.j2

@@ -0,0 +1,16 @@
+{{ ansible_managed | comment }}
+
+[Unit]
+Description=MBS worker %I
+After=network.target{{ ' rabbitmq-server.service' if mbs_systemd_wait_for_rabbitmq else '' }}
+
+[Service]
+Type=simple
+# Always restart the service, even if it exits cleanly
+Restart=always
+RestartSec=1
+User=fedmsg
+ExecStart=/usr/bin/celery worker -n mbs-worker-%I -Q mbs-default,mbs-%I -A module_build_service.scheduler.celery_app --loglevel=info --max-tasks-per-child={{ mbs_celery_max_worker_tasks }}
+
+[Install]
+WantedBy=multi-user.target