greenwave: make prod start using fedora-messaging
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
This commit is contained in:
Pierre-Yves Chibon
parent
2af44e8323
commit
07baaf81b1
5 changed files with 20 additions and 96 deletions
|
|
@ -31,74 +31,83 @@
|
||||||
- pingou
|
- pingou
|
||||||
tags:
|
tags:
|
||||||
- apply-appowners
|
- apply-appowners
|
||||||
|
|
||||||
- role: openshift/secret-file
|
- role: openshift/secret-file
|
||||||
app: greenwave
|
app: greenwave
|
||||||
secret_name: greenwave-fedora-messaging-key
|
secret_name: greenwave-fedora-messaging-key
|
||||||
key: greenwave.key
|
key: greenwave.key
|
||||||
privatefile: "rabbitmq/{{env}}/pki/private/greenwave{{env_suffix}}.key"
|
privatefile: "rabbitmq/{{env}}/pki/private/greenwave{{env_suffix}}.key"
|
||||||
when: env == "staging"
|
|
||||||
- role: openshift/secret-file
|
- role: openshift/secret-file
|
||||||
app: greenwave
|
app: greenwave
|
||||||
secret_name: greenwave-fedora-messaging-crt
|
secret_name: greenwave-fedora-messaging-crt
|
||||||
key: greenwave.crt
|
key: greenwave.crt
|
||||||
privatefile: "rabbitmq/{{env}}/pki/issued/greenwave{{env_suffix}}.crt"
|
privatefile: "rabbitmq/{{env}}/pki/issued/greenwave{{env_suffix}}.crt"
|
||||||
when: env == "staging"
|
|
||||||
- role: openshift/secret-file
|
- role: openshift/secret-file
|
||||||
app: greenwave
|
app: greenwave
|
||||||
secret_name: greenwave-fedora-messaging-ca
|
secret_name: greenwave-fedora-messaging-ca
|
||||||
key: greenwave.ca
|
key: greenwave.ca
|
||||||
privatefile: "rabbitmq/{{env}}/pki/ca.crt"
|
privatefile: "rabbitmq/{{env}}/pki/ca.crt"
|
||||||
when: env == "staging"
|
|
||||||
- role: openshift/secret-file
|
- role: openshift/secret-file
|
||||||
app: greenwave
|
app: greenwave
|
||||||
secret_name: greenwave-fedmsg-key
|
secret_name: greenwave-fedmsg-key
|
||||||
key: fedmsg-greenwave.key
|
key: fedmsg-greenwave.key
|
||||||
privatefile: fedmsg-certs/keys/greenwave-greenwave-web-greenwave.app.os.fedoraproject.org.key
|
privatefile: fedmsg-certs/keys/greenwave-greenwave-web-greenwave.app.os.fedoraproject.org.key
|
||||||
when: env != "staging"
|
|
||||||
- role: openshift/secret-file
|
- role: openshift/secret-file
|
||||||
app: greenwave
|
app: greenwave
|
||||||
secret_name: greenwave-fedmsg-crt
|
secret_name: greenwave-fedmsg-crt
|
||||||
key: fedmsg-greenwave.crt
|
key: fedmsg-greenwave.crt
|
||||||
privatefile: fedmsg-certs/keys/greenwave-greenwave-web-greenwave.app.os.fedoraproject.org.crt
|
privatefile: fedmsg-certs/keys/greenwave-greenwave-web-greenwave.app.os.fedoraproject.org.crt
|
||||||
when: env != "staging"
|
|
||||||
- role: openshift/object
|
- role: openshift/object
|
||||||
app: greenwave
|
app: greenwave
|
||||||
template: imagestream.yml
|
template: imagestream.yml
|
||||||
objectname: imagestream.yml
|
objectname: imagestream.yml
|
||||||
|
|
||||||
- role: openshift/object
|
- role: openshift/object
|
||||||
app: greenwave
|
app: greenwave
|
||||||
template: buildconfig.yml
|
template: buildconfig.yml
|
||||||
objectname: buildconfig.yml
|
objectname: buildconfig.yml
|
||||||
tags:
|
tags:
|
||||||
- apply-buildconfig
|
- apply-buildconfig
|
||||||
|
|
||||||
- role: openshift/object
|
- role: openshift/object
|
||||||
app: greenwave
|
app: greenwave
|
||||||
template: configmap.yml
|
template: configmap.yml
|
||||||
objectname: configmap.yml
|
objectname: configmap.yml
|
||||||
|
|
||||||
- role: openshift/object
|
- role: openshift/object
|
||||||
app: greenwave
|
app: greenwave
|
||||||
file: service.yml
|
file: service.yml
|
||||||
objectname: service.yml
|
objectname: service.yml
|
||||||
|
|
||||||
- role: openshift/route
|
- role: openshift/route
|
||||||
app: greenwave
|
app: greenwave
|
||||||
routename: web-pretty
|
routename: web-pretty
|
||||||
host: "greenwave{{ env_suffix }}.fedoraproject.org"
|
host: "greenwave{{ env_suffix }}.fedoraproject.org"
|
||||||
serviceport: web
|
serviceport: web
|
||||||
servicename: greenwave-web
|
servicename: greenwave-web
|
||||||
|
|
||||||
# TODO -- someday retire this old route in favor of the pretty one above.
|
# TODO -- someday retire this old route in favor of the pretty one above.
|
||||||
- role: openshift/object
|
- role: openshift/object
|
||||||
app: greenwave
|
app: greenwave
|
||||||
file: route.yml
|
file: route.yml
|
||||||
objectname: route.yml
|
objectname: route.yml
|
||||||
|
|
||||||
- role: openshift/object
|
- role: openshift/object
|
||||||
app: greenwave
|
app: greenwave
|
||||||
template: deploymentconfig.yml
|
template: deploymentconfig.yml
|
||||||
objectname: deploymentconfig.yml
|
objectname: deploymentconfig.yml
|
||||||
tags:
|
tags:
|
||||||
- apply-deploymentconfig
|
- apply-deploymentconfig
|
||||||
|
|
||||||
- role: openshift/rollout
|
- role: openshift/rollout
|
||||||
app: greenwave
|
app: greenwave
|
||||||
dcname: greenwave-web
|
dcname: greenwave-web
|
||||||
|
|
||||||
- role: openshift/rollout
|
- role: openshift/rollout
|
||||||
app: greenwave
|
app: greenwave
|
||||||
dcname: greenwave-fedmsg-consumers
|
dcname: greenwave-fedmsg-consumers
|
||||||
|
|
|
||||||
|
|
@ -8,13 +8,6 @@ spec:
|
||||||
runPolicy: Serial
|
runPolicy: Serial
|
||||||
source:
|
source:
|
||||||
dockerfile: |-
|
dockerfile: |-
|
||||||
{% if env == 'staging' %}
|
|
||||||
# See imagestream.yml for the definition
|
|
||||||
FROM greenwave-upstream:latest
|
|
||||||
USER 0
|
|
||||||
RUN dnf -y install fedora-messaging && dnf clean all
|
|
||||||
USER 1001
|
|
||||||
{% else %}
|
|
||||||
# See imagestream.yml for the definition
|
# See imagestream.yml for the definition
|
||||||
FROM greenwave-upstream:latest
|
FROM greenwave-upstream:latest
|
||||||
|
|
||||||
|
|
@ -24,6 +17,8 @@ spec:
|
||||||
# Become root during build to chmod
|
# Become root during build to chmod
|
||||||
USER 0
|
USER 0
|
||||||
|
|
||||||
|
RUN dnf -y install fedora-messaging && dnf clean all
|
||||||
|
|
||||||
# create a symlink for configuring the fedmsg consumers.
|
# create a symlink for configuring the fedmsg consumers.
|
||||||
RUN ln -sfn /etc/fedmsg-greenwave.d/greenwave.py /etc/fedmsg.d/zz_greenwave.py
|
RUN ln -sfn /etc/fedmsg-greenwave.d/greenwave.py /etc/fedmsg.d/zz_greenwave.py
|
||||||
|
|
||||||
|
|
@ -37,7 +32,6 @@ spec:
|
||||||
|
|
||||||
# Become non-root again
|
# Become non-root again
|
||||||
USER 1001
|
USER 1001
|
||||||
{% endif %}
|
|
||||||
strategy:
|
strategy:
|
||||||
type: Docker
|
type: Docker
|
||||||
dockerStrategy:
|
dockerStrategy:
|
||||||
|
|
|
||||||
|
|
@ -12,16 +12,6 @@ data:
|
||||||
fedora.yaml: |-
|
fedora.yaml: |-
|
||||||
{{ load_file('fedora.yaml') | indent }}
|
{{ load_file('fedora.yaml') | indent }}
|
||||||
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: greenwave-fedmsg-configmap
|
|
||||||
data:
|
|
||||||
greenwave.py: |-
|
|
||||||
{{ load_file('greenwave.py') | indent }}
|
|
||||||
|
|
||||||
{% if env == 'staging' %}
|
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
|
|
@ -32,4 +22,3 @@ metadata:
|
||||||
data:
|
data:
|
||||||
config.toml: |-
|
config.toml: |-
|
||||||
{{ load_file('config.toml') | indent }}
|
{{ load_file('config.toml') | indent }}
|
||||||
{% endif %}
|
|
||||||
|
|
|
||||||
|
|
@ -55,7 +55,7 @@ spec:
|
||||||
kind: ImageStreamTag
|
kind: ImageStreamTag
|
||||||
name: greenwave:latest
|
name: greenwave:latest
|
||||||
- type: ConfigChange
|
- type: ConfigChange
|
||||||
{% if env == 'staging' %}
|
|
||||||
---
|
---
|
||||||
# For fedmsg consumers
|
# For fedmsg consumers
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
|
|
@ -129,76 +129,7 @@ spec:
|
||||||
kind: ImageStreamTag
|
kind: ImageStreamTag
|
||||||
name: greenwave:latest
|
name: greenwave:latest
|
||||||
- type: ConfigChange
|
- type: ConfigChange
|
||||||
{% else %}
|
|
||||||
---
|
|
||||||
# For fedmsg consumers
|
|
||||||
apiVersion: v1
|
|
||||||
kind: DeploymentConfig
|
|
||||||
metadata:
|
|
||||||
name: greenwave-fedmsg-consumers
|
|
||||||
labels:
|
|
||||||
app: greenwave
|
|
||||||
service: fedmsg-consumers
|
|
||||||
spec:
|
|
||||||
replicas: 1
|
|
||||||
selector:
|
|
||||||
service: fedmsg-consumers
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app: greenwave
|
|
||||||
service: fedmsg-consumers
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- name: fedmsg-consumers
|
|
||||||
image: registry/greenwave:latest
|
|
||||||
ports:
|
|
||||||
- containerPort: 8081
|
|
||||||
command:
|
|
||||||
- '/usr/bin/fedmsg-hub-3'
|
|
||||||
volumeMounts:
|
|
||||||
- name: config-volume
|
|
||||||
mountPath: /etc/greenwave
|
|
||||||
readOnly: true
|
|
||||||
- name: fedmsg-config-volume
|
|
||||||
mountPath: /etc/fedmsg-greenwave.d
|
|
||||||
readOnly: true
|
|
||||||
- name: fedmsg-key-volume
|
|
||||||
mountPath: /etc/pki/fedmsg/key
|
|
||||||
readOnly: true
|
|
||||||
- name: fedmsg-crt-volume
|
|
||||||
mountPath: /etc/pki/fedmsg/crt
|
|
||||||
readOnly: true
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
memory: 384Mi
|
|
||||||
volumes:
|
|
||||||
# Give the fedmsg-consumer container access to the general config
|
|
||||||
- name: config-volume
|
|
||||||
configMap:
|
|
||||||
name: greenwave-configmap
|
|
||||||
# But *also* access to the fedmsg-specific config
|
|
||||||
- name: fedmsg-config-volume
|
|
||||||
configMap:
|
|
||||||
name: greenwave-fedmsg-configmap
|
|
||||||
# And... this secret volume gets set up in the playbook
|
|
||||||
- name: fedmsg-key-volume
|
|
||||||
secret:
|
|
||||||
secretName: greenwave-fedmsg-key
|
|
||||||
- name: fedmsg-crt-volume
|
|
||||||
secret:
|
|
||||||
secretName: greenwave-fedmsg-crt
|
|
||||||
triggers:
|
|
||||||
- type: ImageChange
|
|
||||||
imageChangeParams:
|
|
||||||
automatic: true
|
|
||||||
containerNames:
|
|
||||||
- fedmsg-consumers
|
|
||||||
from:
|
|
||||||
kind: ImageStreamTag
|
|
||||||
name: greenwave:latest
|
|
||||||
- type: ConfigChange
|
|
||||||
{% endif %}
|
|
||||||
---
|
---
|
||||||
# For memcached
|
# For memcached
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,8 @@ PORT = 8080
|
||||||
DEBUG = False
|
DEBUG = False
|
||||||
POLICIES_DIR = '/etc/greenwave/'
|
POLICIES_DIR = '/etc/greenwave/'
|
||||||
|
|
||||||
|
MESSAGING = "fedora-messaging"
|
||||||
|
|
||||||
{% if env == 'staging' %}
|
{% if env == 'staging' %}
|
||||||
DIST_GIT_BASE_URL = 'https://src.stg.fedoraproject.org'
|
DIST_GIT_BASE_URL = 'https://src.stg.fedoraproject.org'
|
||||||
DIST_GIT_URL_TEMPLATE = '{DIST_GIT_BASE_URL}/{pkg_namespace}/{pkg_name}/raw/{rev}/f/gating.yaml'
|
DIST_GIT_URL_TEMPLATE = '{DIST_GIT_BASE_URL}/{pkg_namespace}/{pkg_name}/raw/{rev}/f/gating.yaml'
|
||||||
|
|
@ -14,7 +16,6 @@ WAIVERDB_API_URL = 'https://waiverdb-web-waiverdb.app.os.stg.fedoraproject.org/a
|
||||||
RESULTSDB_API_URL = 'https://taskotron.stg.fedoraproject.org/resultsdb_api/api/v2.0'
|
RESULTSDB_API_URL = 'https://taskotron.stg.fedoraproject.org/resultsdb_api/api/v2.0'
|
||||||
GREENWAVE_API_URL = 'https://greenwave.stg.fedoraproject.org/api/v1.0'
|
GREENWAVE_API_URL = 'https://greenwave.stg.fedoraproject.org/api/v1.0'
|
||||||
CORS_URL = '*'
|
CORS_URL = '*'
|
||||||
MESSAGING = "fedora-messaging"
|
|
||||||
{% else %}
|
{% else %}
|
||||||
DIST_GIT_BASE_URL = 'https://src.fedoraproject.org'
|
DIST_GIT_BASE_URL = 'https://src.fedoraproject.org'
|
||||||
DIST_GIT_URL_TEMPLATE = '{DIST_GIT_BASE_URL}/{pkg_namespace}/{pkg_name}/raw/{rev}/f/gating.yaml'
|
DIST_GIT_URL_TEMPLATE = '{DIST_GIT_BASE_URL}/{pkg_namespace}/{pkg_name}/raw/{rev}/f/gating.yaml'
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue