Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Badges: test the Flask version in staging

Browse source 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit is contained in:
Aurélien Bompard 2024-05-29 15:30:41 +02:00
parent 8b3860962c
commit 004bdfccdd
No known key found for this signature in database
GPG key ID: 31584CFEB9BF64AD
7 changed files with 112 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

3
roles/openshift-apps/badges/templates/buildconfig.yml
View file

@ -74,7 +74,8 @@ spec:
type: Git
git:
uri: https://github.com/fedora-infra/tahrir.git
ref: {{ (env == 'production')|ternary('stable', 'staging') }}
# ref: {{ (env == 'production')|ternary('stable', 'staging') }}
ref: {{ (env == 'production')|ternary('stable', 'flask') }}
contextDir: /
strategy:
type: Source

14
roles/openshift-apps/badges/templates/client_secrets.json Normal file
View file

@ -0,0 +1,14 @@
{
"web": {
"auth_uri": "https://id{{env_suffix}}.fedoraproject.org/openidc/Authorization",
"client_id": "tahrir",
"client_secret": "{{ (env == 'production')|ternary(tahrir_oidc_client_secret, tahrir_oidc_client_secret_staging) }}",
"issuer": "https://id{{env_suffix}}.fedoraproject.org/openidc/",
"redirect_uris": [
"https://badges{{env_suffix}}.fedoraproject.org/oidc/authorize",
"https://badges.apps.ocp{{env_suffix}.fedoraproject.org/oidc/authorize"
],
"token_uri": "https://id{{env_suffix}}.fedoraproject.org/openidc/Token",
"userinfo_uri": "https://id{{env_suffix}}.fedoraproject.org/openidc/UserInfo"
}
}

8
roles/openshift-apps/badges/templates/configmap.yml
View file

@ -21,6 +21,12 @@ items:
{{ load_file('tahrir.ini') | indent(6) }}
secrets.ini: |-
{{ load_file('secrets.ini') | indent(6) }}
tahrir.cfg: |-
{{ load_file('tahrir.cfg.py') | indent(6) }}
gunicorn.conf.py: |-
{{ load_file('gunicorn.conf.py') | indent(6) }}
client_secrets.json: |-
{{ load_file('client_secrets.json') | indent(6) }}
- apiVersion: v1
kind: ConfigMap
metadata:
@ -30,4 +36,4 @@ items:
data:
wsgi.py: |-
{{ load_file('wsgi.py') | indent(6) }}
__init__.py: ""
__init__.py: ""

34
roles/openshift-apps/badges/templates/deploymentconfig.yml
View file

@ -60,10 +60,12 @@ spec:
readOnly: true
env:
- name: GUNICORN_CMD_ARGS
value: "--bind=0.0.0.0:8080"
- name: FLASK_CONFIG
value: "/etc/badges/tahrir.cfg"
- name: APP_MODULE
value: "deploy.wsgi"
- name: APP_CONFIG
value: "/etc/badges/gunicorn.conf.py"
- name: KRB5_CONFIG
value: /etc/ipa/krb5.conf
- name: KRB5_CLIENT_KTNAME
@ -71,18 +73,22 @@ spec:
- name: FEDORA_MESSAGING_CONF
value: /etc/badges/fm-tahrir.toml
# readinessProbe:
# timeoutSeconds: 1
# initialDelaySeconds: 5
# httpGet:
# path: /api/v1/healthz/ready
# port: 8080
# livenessProbe:
# timeoutSeconds: 1
# initialDelaySeconds: 20
# httpGet:
# path: /api/v1/healthz/live
# port: 8080
{% if env == 'staging' %}
readinessProbe:
timeoutSeconds: 10
initialDelaySeconds: 5
periodSeconds: 60
httpGet:
path: "/healthz/ready"
port: 8080
livenessProbe:
timeoutSeconds: 10
initialDelaySeconds: 10
periodSeconds: 60
httpGet:
path: "/healthz/live"
port: 8080
{% endif %}
volumes:
- name: etc-badges

4
roles/openshift-apps/badges/templates/gunicorn.conf.py Normal file
View file

@ -0,0 +1,4 @@
bind = ["0.0.0.0:8080"]
accesslog = "-"
errorlog = "-"
timeout = 60

57
roles/openshift-apps/badges/templates/tahrir.cfg.py Normal file
View file

@ -0,0 +1,57 @@
#
# This is the config file for Tahrir as intended to be used in OpenShift
#
{% if env == 'staging' %}
SECRET_KEY = "{{tahrirstgSessionSecret}}"
{% else %}
SECRET_KEY = "{{tahrirSessionSecret}}"
{% endif %}
TEMPLATES_AUTO_RELOAD = False
SESSION_COOKIE_HTTPONLY = True
SESSION_COOKIE_SECURE = True
{% if env == 'staging' %}
SQLALCHEMY_DATABASE_URI = "postgresql://{{tahrirDBUser}}:{{tahrirstgDBPassword}}@db01.stg.iad2.fedoraproject.org/tahrir"
TAHRIR_TITLE = "Fedora Badges (staging!)"
{% else %}
SQLALCHEMY_DATABASE_URI = "postgresql://{{tahrirDBUser}}:{{tahrirDBPassword}}@db-tahrir/tahrir"
TAHRIR_TITLE = "Fedora Badges"
{% endif %}
OIDC_CLIENT_SECRETS = "/etc/badges/client_secrets.json"
TAHRIR_ADMIN_GROUPS = ["sysadmin-main", "sysadmin-badges"]
TAHRIR_DEFAULT_ISSUER = "fedora-project"
TAHRIR_DEFAULT_AVATAR = "retro"
TAHRIR_DISPLAY_TAGS = ["content", "development", "community", "quality", "event", "miscellaneous"]
TAHRIR_PNGS_PATH = "/var/lib/badges/pngs"
TAHRIR_SITEDOCS_SUBDIR = "fedora-sitedocs"
TAHRIR_USE_FEDMSG = True
TAHRIR_EMAIL_DOMAIN = "{{env_prefix}}fedoraproject.org"
TAHRIR_FAS_URL = "https://accounts{{env_suffix}}.fedoraproject.org"
TAHRIR_SOCIAL_TWITTER = True
TAHRIR_SOCIAL_TWITTER_USER_TEXT = "Check out all these #fedorabadges :trophy:"
TAHRIR_SOCIAL_TWITTER_USER_HASH = "#fedora"
# If this is true, we'll store the email from the user's FAS account, if
# not, then we'll use their FAS_USERNAME@fedoraproject.org. For Fedora
# Infrastructure we want this to be false due to some inconsistencies between
# the fedbadges backend awarder and the tahrir frontend. Other deployments
# may set this to true with no problem.
TAHRIR_USE_OPENID_EMAIL = False
# Cache
CACHE = {
# disabled, trying to see if this fix this bug
# https://pagure.io/fedora-infrastructure/issue/8689
"backend": "dogpile.cache.null",
"expiration_time": 100,
"arguments": {
"url": "memcached01{{env_suffix}}:11211",
"distributed_lock": true,
"lock_timeout": 5,
},
}

9
roles/openshift-apps/badges/templates/wsgi.py
View file

@ -1,5 +1,12 @@
{% if env == "staging" %}
from werkzeug.middleware.proxy_fix import ProxyFix
from tahrir.app import create_app
application = create_app()
application.wsgi_app = ProxyFix(application.wsgi_app, x_proto=1, x_host=1)
{% else %}
from pyramid.paster import get_app, setup_logging
ini_path = '/etc/badges/tahrir.ini'
setup_logging(ini_path)
application = get_app(ini_path, 'main')
application = get_app(ini_path, 'main')
{% endif %}