diff --git a/playbooks/openshift-apps/fas-stg.yml b/playbooks/openshift-apps/fas-stg.yml new file mode 100644 index 0000000000..4b8c20d244 --- /dev/null +++ b/playbooks/openshift-apps/fas-stg.yml @@ -0,0 +1,160 @@ +- name: make the app be real + hosts: os_masters_stg[0] + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + vars: + fas_db_host: "db-fas01{{ env_suffix }}.{{ datacenter }}.fedoraproject.org" + gen_cert: false + wsgi_procs: 4 + wsgi_threads: 1 + + pre_tasks: + - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README + + roles: + - role: openshift/project + app: fas + description: FAS + appowners: + - puiterwijk + - pingou + allow_fas_db: true + - role: openshift/imagestream + app: fas + imagename: fas + - role: openshift/imagestream + app: fas + imagename: totpcgi + - role: openshift/imagestream + app: fas + imagename: yubikey + - role: openshift/object + app: fas + template: buildconfig-fas.yml + objectname: buildconfig-fas.yml + - role: openshift/object + app: fas + template: buildconfig-yubikey.yml + objectname: buildconfig-yubikey.yml + - role: openshift/object + app: fas + template: buildconfig-totpcgi.yml + objectname: buildconfig-totpcgi.yml + - role: openshift/object + app: fas + template_fullpath: "{{roles_path}}/fas_server/templates/configmap.yml" + objectname: configmap-fas.yml + - role: openshift/object + app: fas + template_fullpath: "{{roles_path}}/yubikey/templates/configmap.yml" + objectname: configmap-yubikey.yml + - role: openshift/object + app: fas + template_fullpath: "{{roles_path}}/totpcgi/templates/configmap.yml" + objectname: configmap-totpcgi.yml + - role: openshift/object + app: fas + template_fullpath: "{{roles_path}}/totpcgi/templates/configmap.yml" + objectname: configmap-totpcgi-vpn.yml + when: env == "production" + - role: openshift/secret-file + app: fas + privatefile: "keytabs/{{env}}/fas_sync" + key: fas_sync_keytab + secret_name: fas-sync-keytab + - role: openshift/secret-file + app: fas + privatefile: "fas-gpg/pubring.gpg" + key: pubring.gpg + secret_name: fas-gpg-pubring + - role: openshift/object + app: fas + file: service-fas.yml + objectname: service-fas.yml + - role: openshift/object + app: fas + file: service-yubikey.yml + objectname: service-yubikey.yml + - role: openshift/object + app: fas + file: service-totpcgi.yml + objectname: service-totpcgi.yml + - role: openshift/object + app: fas + file: service-totpcgi-vpn.yml + objectname: service-totpcgi-vpn.yml + when: env == "production" + - role: openshift/route + app: fas + routename: fas + host: "admin-test.stg.fedoraproject.org" + path: "/accounts" + serviceport: dynamic + servicename: fas + annotations: + haproxy.router.openshift.io/timeout: 5m + - role: openshift/route + app: fas + routename: fas-static + host: "admin-test.stg.fedoraproject.org" + path: "/accounts/static" + serviceport: static + servicename: fas + - role: openshift/route + app: fas + routename: totpcgi-provision + host: "admin-test.stg.fedoraproject.org" + path: "/totpcgiprovision" + serviceport: provision + servicename: totpcgi + - role: openshift/route + app: fas + routename: totpcgi + host: "fas-all{{ env_suffix }}.{{ datacenter }}.fedoraproject.org" + serviceport: totp + servicename: totpcgi + termination_passthrough: true + - role: openshift/route + app: fas + routename: totpcgi-vpn + host: "fas-all.vpn.fedoraproject.org" + serviceport: totp + servicename: totpcgi-vpn + termination_passthrough: true + when: env == "production" + - role: openshift/object + app: fas + template: deploymentconfig-fas.yml + objectname: deploymentconfig-fas.yml + - role: openshift/object + app: fas + template: deploymentconfig-yubikey.yml + objectname: deploymentconfig-yubikey.yml + - role: openshift/object + app: fas + template: deploymentconfig-totpcgi.yml + objectname: deploymentconfig-totpcgi.yml + - role: openshift/object + app: fas + template: deploymentconfig-totpcgi.yml + objectname: deploymentconfig-totpcgi-vpn.yml + when: env == "production" + - role: openshift/secret-tls + app: fas + key: tls-cert-primary + secret_name: tls-cert-primary + private_cert: "2fa-certs/keys/fas-all{{ env_suffix }}.{{ datacenter }}.fedoraproject.org.crt" + private_key: "2fa-certs/keys/fas-all{{ env_suffix }}.{{ datacenter }}.fedoraproject.org.key" + - role: openshift/secret-tls + app: fas + key: tls-cert-vpn + secret_name: tls-cert-vpn + private_cert: "2fa-certs/keys/fas-all.vpn.fedoraproject.org.crt" + private_key: "2fa-certs/keys/fas-all.vpn.fedoraproject.org.key" + when: env == "production"