Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Add Flatpak Cache as a OpenStack app

Browse source
This commit is contained in:
Leo Puvilland 2023-11-29 13:37:44 -08:00
parent c2b5cf45ac
commit 0beee2770d
No known key found for this signature in database
GPG key ID: 20EA96682F9368EB
9 changed files with 251 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

61
playbooks/openshift-apps/flatpak-cache.yml Normal file
View file

@ -0,0 +1,61 @@
- name: make the app be real
# hosts: os_control_stg[0]:os_control[0]
hosts: os_control_stg[0]
user: root
gather_facts: False
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- /srv/private/ansible/vars.yml
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
vars:
roles:
- role: openshift/project
app: flatpak-cache
description: "Flatpak Cache"
appowners:
- leo
tags:
- apply-appowners
- role: openshift/object
app: flatpak-cache
file: imagestream.yml
objectname: imagestream.yml
- role: openshift/object
app: flatpak-cache
template: buildconfig.yml
objectname: buildconfig.yml
- role: openshift/object
app: flatpak-cache
file: storage.yml
objectname: storage.yml
- role: openshift/object
app: flatpak-cache
template: configmap.yml
objectname: configmap.yml
- role: openshift/object
app: flatpak-cache
file: service.yml
objectname: service.yml
# Routes
- role: openshift/route
app: flatpak-cache
routename: web
host: "flatpak-cache.apps.ocp{{ env_suffix }}.fedoraproject.org"
servicename: web
serviceport: web
annotations:
haproxy.router.openshift.io/timeout: 5m
- role: openshift/object
app: flatpak-cache
template: deployment.yml
objectname: deployment.yml

10
roles/openshift-apps/flatpak-cache/files/imagestream.yml Normal file
View file

@ -0,0 +1,10 @@
apiVersion: image.openshift.io/v1
items:
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
name: flatpak-cache
labels:
build: flatpak-cache
kind: List
metadata: {}

15
roles/openshift-apps/flatpak-cache/files/service.yml Normal file
View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
name: flatpak-cache
labels:
app: flatpak-cache
service: flatpak-cache
namespace: flatpak-cache
spec:
ports:
- name: web
port: 80
targetPort: 8080
selector:
deploymentconfig: flatpak-cache

11
roles/openshift-apps/flatpak-cache/files/storage.yml Normal file
View file

@ -0,0 +1,11 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 20Gi
storageClassName: ocs-storagecluster-cephfs

41
roles/openshift-apps/flatpak-cache/templates/buildconfig.yml Normal file
View file

@ -0,0 +1,41 @@
---
apiVersion: build.openshift.io/v1
items:
- apiVersion: build.openshift.io/v1
kind: BuildConfig
metadata:
labels:
build: flatpak-cache-build
name: flatpak-cache-build
spec:
runPolicy: Serial
source:
dockerfile: |-
FROM fedora:39
LABEL \
name="flatpak-cache" \
vendor="Fedora Infrastructure" \
license="MIT"
RUN dnf install -y \
gettext \
hostname \
nss_wrapper \
bind-utils \
varnish && \
dnf autoremove -y && \
dnf clean all -y
EXPOSE 80
type: Dockerfile
strategy:
type: Docker
dockerStrategy:
noCache: true
output:
to:
kind: ImageStreamTag
name: flatpak-cache:latest
triggers:
- type: ImageChange
- type: ConfigChange
kind: List
metadata: {}

17
roles/openshift-apps/flatpak-cache/templates/configmap.yml Normal file
View file

@ -0,0 +1,17 @@
{% macro load_file(filename) %}{% include filename %}{%- endmacro -%}
---
apiVersion: v1
kind: List
metadata: {}
items:
- apiVersion: v1
kind: ConfigMap
metadata:
name: flatpak-cache-configmap
labels:
app: flatpak-cache
data:
flatpak-cache.vcl: |-
{{ load_file('flatpak-cache.vcl') | indent(6) }}
start.sh: |-
{{ load_file('start.sh') | indent(6) }}

55
roles/openshift-apps/flatpak-cache/templates/deployment.yml Normal file
View file

@ -0,0 +1,55 @@
- apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: flatpak-cache
app.kubernetes.io/component: flatpak-cache
app.kubernetes.io/instance: flatpak-cache
app.kubernetes.io/name: flatpak-cache
app.kubernetes.io/part-of: flatpak-cache-app
name: flatpak-cache
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: flatpak-cache
strategy:
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
app: flatpak-cache
deployment: flatpak-cache
spec:
containers:
- env:
volumeMounts:
- name: config-volume
mountPath: /etc/varnish
readOnly: true
- name: data
mountPath: /srv
imagePullPolicy: Always
name: flatpak-cache
command:
- bash
args:
- /etc/varnish/start.sh
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- name: config-volume
configMap:
name: flatpak-cache-configmap
- name: data
persistentVolumeClaim:
claimName: data

35
roles/openshift-apps/flatpak-cache/templates/flatpak-cache.vcl Normal file
View file

@ -0,0 +1,35 @@
vcl 4.1;
import std;
acl whitelist {
"localhost";
"10.3.174.52";
"10.3.174.61";
"10.3.174.62";
"10.3.174.63";
"10.3.174.64";
"10.3.174.57";
"10.3.174.42";
"10.3.174.43";
"10.3.174.21";
"10.3.174.22";
"10.3.174.23";
"10.3.174.24";
"10.3.174.25";
"10.3.174.26";
}
backend default {
.host = "dl.flathub.org";
.port = "80";
}
sub vcl_recv {
set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", "");
if (std.ip(req.http.X-Actual-IP, "0.0.0.0") !~ whitelist && client.ip !~ whitelist) {
return (pass);
# return(synth(403, "Access denied."));
}
set req.http.Host = "dl.flathub.org";
}

6
roles/openshift-apps/flatpak-cache/templates/start.sh Normal file
View file

@ -0,0 +1,6 @@
exec varnishd \
-F \
-f /etc/varnish/flatpak-cache.vcl
-a :8080
-t 120
-s file,/srv/varnish_storage.bin,20G