Administration Guide

This guide is intended for administrators that are trying to deploy Anitya in their environment. For reference you can check release-monitoring.org ansible deployment role in Fedora infrastructure.

Installation

Anitya is not currently available in any distribution’s default repository. To install it from PyPI:

$ pip install anitya

Note

Javascript dependencies are not part of Anitya PyPI package. To install them you need to have npm installed and run npm install inside anitya/static folder.

Configuration

If the ANITYA_WEB_CONFIG environment variable is set to a file system path Anitya can read, the configuration is loaded from that location. Otherwise, the configuration is read from /etc/anitya/anitya.toml. If neither can be read, Anitya will log a warning and use its configuration defaults.

Warning

The default configuration for Anitya includes a secret key for web sessions. It is not safe to use the default configuration in a production environment.

Anitya uses TOML as its configuration format. A complete configuration file with inline documentation is below.

# This is a TOML-format file. For the spec, see https://github.com/toml-lang/toml#spec

# Secret key used to generate the CSRF token in the forms.
secret_key = "changeme please"

# The lifetime of the session, in seconds.
permanent_session_lifetime = 3600

# URL to the database
db_url = "sqlite:////var/tmp/anitya-dev.sqlite"

# List of web administrators. The values should be the value of the "id" column
# for the user in the "users" table of the database. They need to log in before
# this record is created. An example value would be
# "65536ed7-bdd3-4a1e-8252-10d874fd706b"
# You can also find this infromation in the settings page when logged in to Anitya
anitya_web_admins = []

# The email to use in the 'From' header when sending emails.
admin_email = "admin@fedoraproject.org"

# The SMTP server to send mail through
smtp_server = "smtp.example.com"

# Whether or not to send emails to MAIL_ADMIN via SMTP_SERVER when HTTP 500
# errors occur.
email_errors = false

# List of users that are not allowed to sign in, by "id" from the "users" table.
blacklisted_users = []

# The type of session protection used by social-auth.
session_protection = "strong"

# The authentication backends to use. For valid values, see social-auth's
# documentation.
social_auth_authentication_backends = [
    "social_core.backends.fedora.FedoraOpenId",
    "social_core.backends.gitlab.GitLabOAuth2",
    "social_core.backends.github.GithubOAuth2",
    "social_core.backends.google.GoogleOAuth2",
    "social_core.backends.yahoo.YahooOAuth2",
    "social_core.backends.open_id.OpenIdAuth"
]

# Force the application to require HTTPS on authentication redirects.
social_auth_redirect_is_https = true

# List of platforms for which Anitya should automatically create new projects
# when Libraries.io announces a new version. See https://libraries.io/ for the
# list of valid platforms. By default, Anitya will only update existing projects
# via Libraries.io.
librariesio_platform_whitelist = []
sse_feed = "http://firehose.libraries.io/events"

# Default regular expression used for custom backend
default_regex = """\
                (?i)%(name)s(?:[-_]?(?:minsrc|src|source))?[-_](+[^-/_\\s]+?(?:[-_]\
                (?:rc|devel|dev|alpha|beta)\\d+)?)(?:[-_](?:minsrc|src|source|asc|release))?\
                \.(?:tar|t[bglx]z|tbz2|zip)\
                """

# Github access token
# This is used by GitHub API for github backend
# Permission needed by Anitya:
# * repo:status
# * public_repo
github_access_token = "foobar"

# Check service configuration
# Number of workers
cron_pool = 10
# Worker timeout in seconds
check_timeout = 600
# When this number of failed checks is reached,
# project will be automatically removed, if no version was retrieved yet
check_error_threshold=100

# Configurable links to package repositories for package mappings in distributions
# If you want to add any new distribution just add a new entry to this section
# %s will be filled in HTML template by the name of package mapping
[distro_mapping_links]
AlmaLinux = "https://git.almalinux.org/rpms/%s"
Fedora = "https://src.fedoraproject.org/rpms/%s"
PLD-Linux = "https://github.com/pld-linux/%s"
Ubuntu = "https://launchpad.net/ubuntu/+source/%s"

# The logging configuration, in Python dictConfig format.
[anitya_log_config]
    version = 1
    disable_existing_loggers = true

    [anitya_log_config.formatters]
        [anitya_log_config.formatters.simple]
            format = "[%(name)s %(levelname)s] %(message)s"

    [anitya_log_config.handlers]
        [anitya_log_config.handlers.console]
            class = "logging.StreamHandler"
            formatter = "simple"
            stream = "ext://sys.stdout"

    [anitya_log_config.loggers]
        [anitya_log_config.loggers.anitya]
            level = "WARNING"
            propagate = false
            handlers = ["console"]

    [anitya_log_config.root]
        level = "ERROR"
        handlers = ["console"]

Anitya uses second configuration file for Fedora messaging. A sample configuration file is bellow. To know more about the configuration of fedora messaging please refer to fedora messaging configuration documentation.

# A sample configuration for fedora-messaging. This file is in the TOML format.
# For complete details on all configuration options, see the documentation.
# https://fedora-messaging.readthedocs.io/en/latest/configuration.html

amqp_url = "amqp://"

[tls]
ca_cert = "/etc/pki/tls/certs/ca-bundle.crt"
keyfile = "/my/client/key.pem"
certfile = "/my/client/cert.pem"

Services

Anitya is made up of a WSGI Application, an Update Service that could be run separately, an optional Libraries.io SSE client, SAR Script, and requires a Database.

WSGI Application

The WSGI application is located at anitya/wsgi.py. This application handles the web interface for creating, updating, and viewing projects. It also offers a REST API.

There is also a anitya.wsgi file that could be used directly. You can find example anitya.wsgi in Anitya repository. You can use this file with Apache server or deploy it by flask. Fedora uses Apache so you can look at their configuration.

Update Service

The service that checks for project updates is located at anitya/check_service.py in the git repository and Python package. To enable it, just start this service.

Note

This script should be also available system wide, installed by `scripts argument in python setup. See python setup documentation for more info.

Libraries.io SSE client

This optional service listens to SSE feed for messages published by the libraries.io service.

The service is located at anitya/librariesio_consumer.py. To enable it just start the service.

Note

This script should be also available system wide, installed by `scripts argument in python setup. See python setup documentation for more info.

SAR Script

Subject Access Requests script is intended for handling GDPR users requests for obtaining their data from Anitya. This script could be found in anitya/sar.py. It just connects to the database using Anitya configuration and takes out user relevant data.

Note

This script should be also available system wide, installed by `scripts argument in python setup. See python setup documentation for more info.

Database

Anitya should work with any SQL database, but it is only tested with SQLite and PostgreSQL. It is recommended to use PostgreSQL in a production deployment. The SQLite database can’t work with update service, because it doesn’t allow database changes in parallel threads.

For creating a database schema you can use createdb.py script from Anitya repository.

After this you need to apply any migrations done above the basic database schema. You can run the migrations by using the alembic tool. You can use the configuration file alembic.ini from Anitya repository.

alembic -c <path_to_alembic.ini> upgrade head

Note

The migrations needs to be applied each time upgrade of Anitya is done.

Fedora messaging

The Anitya needs to connect to RabbitMQ server which will listen for it’s messages. For deployment of your own RabbitMQ server please look at the official documentation.