def configure(cache):
javan_rhino_syslog_file = "/etc/rsyslog.d/22-javan-rhino.conf"
javan_rhino_logrotate_file = "/etc/logrotate.d/javan-rhino"
env_file = join(etc_dir(), "environment_variables")
environment = hookenv.config('environment')
session_secret = hookenv.config('session_secret')
memcache_session_secret = hookenv.config('memcache_session_secret')
if session_secret and memcache_session_secret:
env_extra = env_vars()
additional_vars = {
'SERVER__LOGS_PATH': logs_dir(),
'SESSION_SECRET': session_secret,
'SESSION_MEMCACHED_SECRET': memcache_session_secret,
'SESSION_MEMCACHED_HOST': ",".join(
sorted(cache.memcache_hosts())),
}
env_extra.update(additional_vars)
render(source='javan-rhino_env.j2',
target=env_file,
context={'env_extra': sorted(env_extra.items())})
render(
source='javan-rhino_systemd.j2',
target=SYSTEMD_CONFIG,
context={
'working_dir': code_dir(),
'user': user(),
'env_file': env_file,
'environment': environment,
})
# render syslog config to get talisker logs on disk
render(source='javan-rhino_syslog.tmpl',
target=javan_rhino_syslog_file,
context={
'logfile': "/var/log/javan-rhino.log",
})
# And rotate them
render(source='javan-rhino_logrotate.tmpl',
target=javan_rhino_logrotate_file,
context={
'logfile': "/var/log/javan-rhino.log",
})
# reload rsyslog
check_call(['systemctl', 'force-reload', 'rsyslog'])
check_call(['systemctl', 'enable', basename(SYSTEMD_CONFIG)])
check_call(['systemctl', 'daemon-reload'])
check_port('ols.{}.express'.format(service_name()), port())
set_state('service.configured')
hookenv.status_set('active', 'systemd unit configured')
else:
hookenv.status_set('blocked',
'Service requires session_secret and '
'memcache_session_secret to be set')
def setup_poller():
hookenv.log('Enabling poller ...')
hookenv.log('Writing poller crontab at {}.'.format(CRONTAB_PATH))
render('snap-build-poller_cron.j2', CRONTAB_PATH,
{'code_dir': code_dir(),
'environment': hookenv.config('environment'),
'logs_dir': logs_dir(),
'user': user()})
hookenv.log("Writing service logrotate file.")
render('snap-build-poller_logrotate.j2', LOGROTATE_PATH,
{'logs_dir': logs_dir()})
hookenv.log('Poller cron enabled!')
hookenv.status_set('active', 'systemd unit configured and poller enabled')
set_state('service.poller_enabled')
def configure(cache):
environment = hookenv.config('environment')
session_secret = hookenv.config('session_secret')
memcache_session_secret = hookenv.config('memcache_session_secret')
sentry_dsn = hookenv.config('sentry_dsn')
lp_api_username = hookenv.config('lp_api_username') or ''
lp_api_consumer_key = hookenv.config('lp_api_consumer_key') or ''
lp_api_token = hookenv.config('lp_api_token') or ''
lp_api_token_secret = hookenv.config('lp_api_token_secret') or ''
github_auth_client_id = hookenv.config('github_auth_client_id') or ''
github_auth_client_secret = (hookenv.config('github_auth_client_secret')
or '')
github_webhook_secret = hookenv.config('github_webhook_secret') or ''
http_proxy = hookenv.config('http_proxy') or ''
if session_secret and memcache_session_secret:
render(source='snap-build_systemd.j2',
target=SYSTEMD_CONFIG,
context={
'working_dir': code_dir(),
'user': user(),
'session_secret': session_secret,
'logs_path': logs_dir(),
'environment': environment,
'cache_hosts': sorted(cache.memcache_hosts()),
'memcache_session_secret': memcache_session_secret,
'sentry_dsn': sentry_dsn,
'lp_api_username': lp_api_username,
'lp_api_consumer_key': lp_api_consumer_key,
'lp_api_token': lp_api_token,
'lp_api_token_secret': lp_api_token_secret,
'github_auth_client_id': github_auth_client_id,
'github_auth_client_secret': github_auth_client_secret,
'github_webhook_secret': github_webhook_secret,
'http_proxy': http_proxy,
})
check_call(['systemctl', 'enable', basename(SYSTEMD_CONFIG)])
check_call(['systemctl', 'daemon-reload'])
check_port('ols.{}.express'.format(service_name()), port())
set_state('service.configured')
hookenv.status_set('active', 'systemd unit configured')
else:
hookenv.status_set(
'blocked', 'Service requires session_secret and '
'memcache_session_secret to be set')
def migrate(pgsql):
db_name = hookenv.config('db_name')
if pgsql.master is None or pgsql.master.dbname != db_name:
hookenv.log('Database context not available yet; skipping')
return
node_env = get_node_env(hookenv.config('environment'))
render(source='knexfile.js.j2',
target=KNEXFILE_ADMIN,
context={
'node_env': node_env,
'db_conn': pgsql.master.uri,
})
# knex's migration facilities don't include granting database
# privileges. We don't care very deeply about fine-grained privileges
# here, so let's just grant general query and manipulation access (but
# not schema modification) to our roles.
roles = hookenv.config('db_roles')
if isinstance(roles, str):
roles = [roles]
con = psycopg2.connect(pgsql.master)
with con.cursor() as cur:
quoted_roles = ', '.join(quote_identifier(role) for role in roles)
cur.execute(
dedent('''\
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT ALL PRIVILEGES ON TABLES TO {}
''').format(quoted_roles))
cur.execute(
dedent('''\
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT ALL PRIVILEGES ON SEQUENCES TO {}
''').format(quoted_roles))
migrate_cmd = [
'npm',
'run',
'migrate:latest',
'--',
'--knexfile',
KNEXFILE_ADMIN,
'--env',
node_env,
]
check_call(migrate_cmd, cwd=code_dir())
leader_set(migrated=True)
def configure(pgsql, cache):
db_name = hookenv.config('db_name')
if pgsql.master is None or pgsql.master.dbname != db_name:
hookenv.log('Database context not available yet; skipping')
return
environment = hookenv.config('environment')
base_url = hookenv.config('base_url')
session_secret = hookenv.config('session_secret')
memcache_session_secret = hookenv.config('memcache_session_secret')
sentry_dsn = hookenv.config('sentry_dsn')
sentry_dsn_public = hookenv.config('sentry_dsn_public')
lp_api_username = hookenv.config('lp_api_username') or ''
lp_api_consumer_key = hookenv.config('lp_api_consumer_key') or ''
lp_api_token = hookenv.config('lp_api_token') or ''
lp_api_token_secret = hookenv.config('lp_api_token_secret') or ''
github_auth_client_id = hookenv.config('github_auth_client_id') or ''
github_auth_client_secret = (hookenv.config('github_auth_client_secret')
or '')
github_webhook_secret = hookenv.config('github_webhook_secret') or ''
http_proxy = hookenv.config('http_proxy') or ''
trusted_networks = (hookenv.config('trusted_networks') or '').split()
if session_secret and memcache_session_secret:
render(source='knexfile.js.j2',
target=KNEXFILE_NORMAL,
context={
'node_env': get_node_env(environment),
'db_conn': pgsql.master.uri,
})
# XXX cjwatson 2017-03-08: Set NODE_ENV from here instead of in .env
# files? This may make more sense as part of entirely getting rid
# of {staging,production}.env
# (https://github.com/canonical-websites/build.snapcraft.io/issues/276).
render(source='snap-build_systemd.j2',
target=SYSTEMD_CONFIG,
context={
'working_dir': code_dir(),
'user': user(),
'base_url': base_url,
'session_secret': session_secret,
'logs_path': logs_dir(),
'environment': environment,
'cache_hosts': sorted(cache.memcache_hosts()),
'memcache_session_secret': memcache_session_secret,
'sentry_dsn': sentry_dsn,
'sentry_dsn_public': sentry_dsn_public,
'lp_api_username': lp_api_username,
'lp_api_consumer_key': lp_api_consumer_key,
'lp_api_token': lp_api_token,
'lp_api_token_secret': lp_api_token_secret,
'github_auth_client_id': github_auth_client_id,
'github_auth_client_secret': github_auth_client_secret,
'github_webhook_secret': github_webhook_secret,
'knex_config_path': KNEXFILE_NORMAL,
'http_proxy': http_proxy,
'trusted_networks': trusted_networks,
})
check_call(['systemctl', 'enable', basename(SYSTEMD_CONFIG)])
check_call(['systemctl', 'daemon-reload'])
check_port('ols.{}.express'.format(service_name()), port())
set_state('service.configured')
hookenv.status_set('active', 'systemd unit configured')
else:
hookenv.status_set(
'blocked', 'Service requires session_secret and '
'memcache_session_secret to be set')
from subprocess import check_call, check_output
from textwrap import dedent
import psycopg2
from charmhelpers.core import hookenv
from charmhelpers.core.host import restart_on_change
from charmhelpers.core.templating import render
from charms.apt import queue_install
from charms.leadership import leader_set
from charms.reactive import set_state, when, when_not
from ols.base import check_port, code_dir, logs_dir, service_name, user
from ols.http import port
SYSTEMD_CONFIG = '/lib/systemd/system/snap-build.service'
KNEXFILE_NORMAL = join(code_dir(), 'knexfile-normal.js')
KNEXFILE_ADMIN = join(code_dir(), 'knexfile-admin.js')
SECRETS_PATH = join(code_dir(), 'secrets.env')
def get_node_env(environment):
if environment in ('staging', 'production'):
return 'production'
else:
return 'development'
def quote_identifier(identifier):
# Fail if it's not ASCII.
identifier.encode('US-ASCII')
return '"{}"'.format(identifier.replace('"', '""'))
from subprocess import check_call, check_output
from textwrap import dedent
import psycopg2
from charmhelpers.core import hookenv
from charmhelpers.core.host import restart_on_change
from charmhelpers.core.templating import render
from charms.apt import queue_install
from charms.leadership import leader_set
from charms.reactive import when, when_not, set_state
from ols.base import check_port, code_dir, logs_dir, service_name, user
from ols.http import port
SYSTEMD_CONFIG = '/lib/systemd/system/snap-build.service'
KNEXFILE_NORMAL = join(code_dir(), 'knexfile-normal.js')
KNEXFILE_ADMIN = join(code_dir(), 'knexfile-admin.js')
def get_node_env(environment):
if environment in ('staging', 'production'):
return 'production'
else:
return 'development'
def quote_identifier(identifier):
# Fail if it's not ASCII.
identifier.encode('US-ASCII')
return '"{}"'.format(identifier.replace('"', '""'))
