# TODO: Support additional selinux types
%global selinux_variants targeted
%{!?_selinux_policy_version: %global _selinux_policy_version %(%{__sed} -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp 2>/dev/null)}
%global modulename tower

%global awx_version 1.0.7.9
%global awx_release 1
%global commit 8a66213dbe5e8b90128ef84754d434172c7ed48d
%global shortcommit %(c=%{commit}; echo ${c:0:7})

%global distro_python_sitelib %(/usr/bin/python -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")

# Remove brp-python-bytecompile from os_install_post
%global __os_install_post /usr/lib/rpm/redhat/brp-compress \
  %{!?__debug_package:/usr/lib/rpm/redhat/brp-strip %{__strip}} \
  /usr/lib/rpm/redhat/brp-strip-static-archive %{__strip} \
  /usr/lib/rpm/redhat/brp-strip-comment-note %{__strip} %{__objdump} \
  /usr/lib/rpm/redhat/brp-python-hardlink

# Bytecompile using the correct interpreter, and then
# remove tower python source files
%define __spec_install_post \
 %{__arch_install_post} \
 %{__os_install_post} \
 echo "Bytecompiling Tower itself (errors will fail) ..." \
 %{_sourcedir}/bytecompile.sh %{buildroot}/var/lib/awx/venv/awx/lib/python2.7/site-packages/awx/ \
 echo "Bytecompiling Tower site-packages (errors ignored) ..." \
 %{_sourcedir}/bytecompile.sh --no-fail-on-errors %{buildroot}/var/lib/awx/venv/awx/ \
 echo "Bytecompiling Ansible site-packages (errors ignored) ..." \
 %{_sourcedir}/bytecompile.sh --no-fail-on-errors %{buildroot}/var/lib/awx/venv/ansible/ \
 echo "Removing ansible-tower python source files ..." \
 %{__python} %{_sourcedir}/remove_tower_source.py %{buildroot}/%{python_sitelib} %{buildroot}/var/lib/awx/venv/awx/lib/python2.7/site-packages \
%{nil}

# Don't break the RPM build on pycompile errors
%define _python_bytecompile_errors_terminate_build 0

Name: ansible-awx
Summary: REST api, server, plugins, UI, & CLI client for ansible
Version: %{awx_version}
Release: %{awx_release}.git%{shortcommit}%{?dist}
# source should have .git database to get the version from build scripts
Source0: awx-%{commit}.tar.gz
Source1: %{modulename}.te
Source2: remove_tower_source.py
Source3: ansible-tower.sysconfig
Source4: bytecompile.sh
Source5: %{modulename}.fc
Source6: %{name}-setup-%{version}.tar.gz
Source7: tower-license-0.1.tar.gz
%if 0
Source8: python-deps.tar.gz
%endif
Provides: awx = %{version}-%{release}
Obsoletes: awx < 1.4.5-0

Group: Development/Libraries
License: Apache v2
Url: http://github.com/ansible/awx

# Build Requirements
BuildArch: x86_64
BuildRequires: python-devel
BuildRequires: python-setuptools
BuildRequires: python2-pip
BuildRequires: python-virtualenv
BuildRequires: checkpolicy
BuildRequires: selinux-policy-devel
BuildRequires: /usr/share/selinux/devel/policyhelp
BuildRequires: hardlink
BuildRequires: sed
# BuildRequires: npm
# BuildRequires: nodejs-grunt-cli
# The following are needed for python vendoring
BuildRequires: git2u-core
BuildRequires: make
BuildRequires: gcc
BuildRequires: bzip2
BuildRequires: postgresql-devel
BuildRequires: libffi-devel
BuildRequires: openssl-devel
BuildRequires: openldap-devel
BuildRequires: libxml2-devel
BuildRequires: libxslt-devel
BuildRequires: xmlsec1-devel, xmlsec1-openssl-devel
BuildRequires: libtool-ltdl-devel
BuildRequires: swig
BuildRequires: python-pycurl
BuildRequires: libcurl-devel

BuildRequires: nodejs gettext

Requires: ansible-awx-server = %{version}-%{release}
Requires: ansible-awx-ui = %{version}-%{release}

%description
REST api, server, plugins, Web UI, & CLI client for ansible.

%package server
Summary: Ansible AWX REST API
Requires: ansible-awx-venv-ansible = %{version}-%{release}
Requires: ansible-awx-venv-tower = %{version}-%{release}
Requires: nginx
Requires: ansible
Requires: sshpass
Requires: postgresql96
Requires: supervisor >= 3.0
Requires: bubblewrap >= 0.1.2
Requires: git
Requires: subversion
Requires: mercurial
Requires: sos
Requires: rsync
Requires: rsyslog
Requires: xmlsec1
Requires: xmlsec1-openssl
Requires: memcached
Requires: erlang
Requires: rabbitmq-server
Requires: python-crypto
# SELinux requirements
%if "%{_selinux_policy_version}" != ""
Conflicts: selinux-policy < 3.13.1-60.el7
# for seboolean Ansible module
Requires: libsemanage-python
%endif
Requires(post): policycoreutils
Requires(post): libselinux-utils
Requires(postun): policycoreutils

%description server
Ansible AWX Server and REST API

%package ui
Summary: Ansible AWX UI
Requires: ansible-awx-server = %{version}-%{release}

%description ui
UI for Ansible AWX

%package setup
Summary: Installer for Ansible AWX

%description setup
Installer for Ansible AWX

%package venv-ansible
Summary: Ansible virtual environment
AutoReqProv: no
Requires(pre): python
Requires(pre): python-virtualenv

%description venv-ansible
Ansible virtual environment

%package venv-tower
Summary: Tower virtual environment
AutoReqProv: no
Requires(pre): python
Requires(pre): python-virtualenv

%description venv-tower
Tower virtual environment

%prep
%setup -q -n awx

tar -xf %{SOURCE6}

mkdir SELinux
cp -p %{SOURCE1} %{SOURCE5} SELinux/

%if 0
tar -xf %{SOURCE8}
%endif


%build
# Disable debuginfo packages
%define _enable_debug_package 0
%define debug_package %{nil}


%install

mkdir -p %{buildroot}/var/lib/awx
mv %{name}-setup-%{version}/ %{buildroot}/var/lib/awx/setup

# Generate setup file list and exclude inventory file
find %{buildroot}/var/lib/awx/setup -type f ! -name inventory | sed "s|%{buildroot}||g" > %{name}-%{version}-setup-filelist
find %{buildroot}/var/lib/awx/setup -type d | sed "s|%{buildroot}|%dir |g" >> %{name}-%{version}-setup-filelist

# Create folder for the virtualenvs
export VENV_BASE=venv
mkdir -p $VENV_BASE

# Fix m2crypto builds (details at http://pkgs.fedoraproject.org/cgit/m2crypto.git/tree/m2crypto.spec)
export SWIG_FEATURES="-cpperraswarn"

%if 0
export PIP_OPTIONS="--find-links=tower/requirements/vendor --no-index"

cat >> setup.cfg <<EOF
[easy_install]
allow_hosts = ''
find_links = file://$PWD/tower/requirements/vendor/
EOF

cp setup.cfg ~/.pydistutils.cfg
%endif

# Install the Ansible venv and requirements
%{__make} requirements_ansible

export CPPFLAGS="-DXMLSEC_NO_SIZE_T"
# Install the Tower venv and requirements
%{__make} requirements_awx

# Build to the dist folder
python setup.py build

# Build SELinux policy package (.pp)
pushd SELinux
for selinuxvariant in %{selinux_variants}; do
    make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile
    mv %{modulename}.pp %{modulename}.pp.${selinuxvariant}
    make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean
done
popd

# Install the tower-license package into the tower venv
#$VENV_BASE/awx/bin/pip install %{SOURCE7}

# Move site-packages to the buildroot
PYTHON_VER=$(basename $(ls -d venv/ansible/lib/python* | head --lines 1))
mkdir -p %{buildroot}/var/lib/awx/venv/ansible/lib/${PYTHON_VER}
mv venv/ansible/lib/${PYTHON_VER}/site-packages %{buildroot}/var/lib/awx/venv/ansible/lib/${PYTHON_VER}/site-packages

mkdir -p %{buildroot}/var/lib/awx/venv/awx/lib/python2.7
mv venv/awx/lib/python2.7/site-packages %{buildroot}/var/lib/awx/venv/awx/lib/python2.7/site-packages
mkdir -p %{buildroot}/var/lib/awx/venv/awx/bin
mv venv/awx/bin/uwsgi %{buildroot}/var/lib/awx/venv/awx/bin/uwsgi
mv venv/awx/bin/daphne %{buildroot}/var/lib/awx/venv/awx/bin/daphne
mv venv/awx/bin/celery %{buildroot}/var/lib/awx/venv/awx/bin/celery

PYTHON_INTERPRETER='#!/var/lib/awx/venv/awx/bin/python'
sed -i "1 s|^.*$|$PYTHON_INTERPRETER|" %{buildroot}/var/lib/awx/venv/awx/bin/daphne
sed -i "1 s|^.*$|$PYTHON_INTERPRETER|" %{buildroot}/var/lib/awx/venv/awx/bin/celery

# Install to the buildroot (non virtualenv)
mkdir -p %{buildroot}/rpm-tmp
%{__make} ui-release
python setup.py install --root=%{buildroot}/rpm-tmp

# Move files from rpm-tmp folder to the appropriate base folders
mv %{buildroot}/rpm-tmp/usr/lib/python2.7/site-packages/* %{buildroot}/var/lib/awx/venv/awx/lib/python2.7/site-packages

mkdir -p %{buildroot}/usr/bin
mv %{buildroot}/rpm-tmp/usr/bin/* %{buildroot}/usr/bin

# Symlinks to old tower-python and tower-manage executables
ln -s %{_bindir}/awx-manage %{buildroot}/%{_bindir}/tower-manage
ln -s %{_bindir}/awx-python %{buildroot}/%{_bindir}/tower-python

mkdir -p %{buildroot}/usr/share/sosreport/sos/plugins
mv %{buildroot}/rpm-tmp/usr/share/sosreport/sos/plugins/* %{buildroot}/usr/share/sosreport/sos/plugins

mkdir -p %{buildroot}/usr/share/doc/ansible-tower
mv %{buildroot}/rpm-tmp/usr/share/doc/awx/* %{buildroot}/usr/share/doc/ansible-tower

mkdir -p %{buildroot}/usr/share/awx
mv %{buildroot}/rpm-tmp/usr/share/awx/* %{buildroot}/usr/share/awx

mkdir -p %{buildroot}/var/lib/awx
mv %{buildroot}/rpm-tmp/var/lib/awx/* %{buildroot}/var/lib/awx

rm -rf %{buildroot}/rpm-tmp

# Create other needed folders
install -d %{buildroot}/%{_sysconfdir}/tower/
install -d %{buildroot}/%{_sysconfdir}/sysconfig/
install -d %{buildroot}/var/log/tower
install -d %{buildroot}/var/lib/awx/job_status
install -d %{buildroot}/%{_datadir}/awx
install -d -m 0750 %{buildroot}/var/run/memcached

# SELinux setup
install -p -m644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/sysconfig/ansible-tower
for selinuxvariant in %{selinux_variants}
do
  install -d %{buildroot}%{_datadir}/selinux/${selinuxvariant}
  install -p -m 644 SELinux/%{modulename}.pp.${selinuxvariant} \
    %{buildroot}%{_datadir}/selinux/${selinuxvariant}/%{modulename}.pp
done
/usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux

%clean
rm -rf %{buildroot}

%preun
ansible-tower-service stop

%pre server
getent group awx >/dev/null || groupadd -r awx
getent passwd awx >/dev/null || \
    useradd -r -g awx -d /var/lib/awx -s /bin/bash awx

%post server
# Generate or reuse key file
if [ ! -f /etc/tower/SECRET_KEY ]; then
    /usr/bin/python -c "import uuid; file('/etc/tower/SECRET_KEY', 'wb').write(uuid.uuid4().hex)"
fi
chown root:awx /etc/tower/SECRET_KEY
chmod 640 /etc/tower/SECRET_KEY

# Create sosreport symlinks
ln -s ../../../../../share/sosreport/sos/plugins/tower.py  %{distro_python_sitelib}/sos/plugins/ || :

# allow needed httpd access
for selinuxvariant in %{selinux_variants} ; do
    semodule -s ${selinuxvariant} -i %{_datadir}/selinux/${selinuxvariant}/%{modulename}.pp 2> /dev/null || :
done
/sbin/fixfiles -R %{modulename} restore || :
/sbin/restorecon -R /var/lib/awx/venv /var/lib/awx/job_status /var/run/memcached || :
chown -R memcached:memcached /var/run/memcached || :

%postun server
sed -i -e '/^# START AWX/,/^# END AWX/d' /etc/supervisord.conf
# Remove custom policy
if [ $1 -eq 0 ] ; then
    for selinuxvariant in %{selinux_variants} ; do
        /usr/sbin/semodule -s ${selinuxvariant} -r %{modulename} 2> /dev/null || :
    done
    # Remove sosreport symlinks
    rm -f %{distro_python_sitelib}/sos/plugins/tower.py || :
fi

%pre venv-ansible
systemctl stop supervisord >/dev/null 2>&1 || :
getent group awx >/dev/null || groupadd -r awx
getent passwd awx >/dev/null || \
    useradd -r -g awx -d /var/lib/awx -s /bin/bash awx
virtualenv --system-site-packages /var/lib/awx/venv/ansible > /dev/null

%pre venv-tower
systemctl stop supervisord >/dev/null 2>&1 || :
getent group awx >/dev/null || groupadd -r awx
getent passwd awx >/dev/null || \
    useradd -r -g awx -d /var/lib/awx -s /bin/bash awx
virtualenv --clear --system-site-packages /var/lib/awx/venv/awx > /dev/null

%files
%defattr(-,root,root)

%files server
%exclude /var/lib/awx/setup
%exclude /var/lib/awx/venv
%defattr(-,root,root)
%doc %{_datadir}/doc/ansible-tower
%{_bindir}/awx-manage
%{_bindir}/awx-python
%{_bindir}/tower-manage
%{_bindir}/tower-python
%{_bindir}/ansible-tower-service
%{_bindir}/failure-event-handler
/var/run/memcached
%dir %attr(0755,awx,awx) /var/lib/awx
%attr(0755,awx,awx) /var/log/tower
/var/lib/awx/*
%{_datadir}/selinux/*/%{modulename}.pp
%{_datadir}/awx/
%{_datadir}/sosreport/sos/plugins/tower.py*
%config(noreplace) %{_sysconfdir}/tower
%config(noreplace) %{_sysconfdir}/sysconfig/ansible-tower

%files ui
%defattr(-,root,root)
/var/lib/awx/venv/awx/lib/python2.7/site-packages/awx/static
/var/lib/awx/venv/awx/lib/python2.7/site-packages/awx/ui/static

%files setup -f %{name}-%{version}-setup-filelist
%defattr(-,root,root)
%config(noreplace) /var/lib/awx/setup/inventory
%{_bindir}/ansible-tower-setup

%files venv-ansible
%defattr(-,root,root)
/var/lib/awx/venv/ansible

%files venv-tower
%exclude /var/lib/awx/venv/awx/lib/python2.7/site-packages/awx/static
%exclude /var/lib/awx/venv/awx/lib/python2.7/site-packages/awx/ui/static
%exclude /var/lib/awx/venv/awx/lib/python2.7/site-packages/awx/devonly.py*
%defattr(-,root,root)
/var/lib/awx/venv/awx

%changelog
* Tue Sep 25 2018 Billy Chan <shing@shing.cloud> 1.0.7.9-1.git8a66213
 - new release