Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Greenwave: Configure staging to use Fedora Messaging

Browse source 
Signed-off-by: Clement Verna <cverna@tutanota.com>
This commit is contained in:
Clement Verna 2019-04-02 15:48:39 +02:00
parent cac1c82e89
commit 1c421f1b76
5 changed files with 176 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

20
playbooks/openshift-apps/greenwave.yml
View file

@ -9,6 +9,8 @@
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles: roles:
- role: rabbit/user
username: "greenwave{{ env_suffix }}"
# The openshift/project role breaks if the project already exists: # The openshift/project role breaks if the project already exists:
# https://pagure.io/fedora-infrastructure/issue/6404 # https://pagure.io/fedora-infrastructure/issue/6404
- role: openshift/project - role: openshift/project
@ -24,15 +26,21 @@
- apply-appowners - apply-appowners
- role: openshift/secret-file - role: openshift/secret-file
app: greenwave app: greenwave
secret_name: greenwave-fedmsg-key secret_name: greenwave-fedora-messaging-key
key: fedmsg-greenwave.key key: greenwave.key
privatefile: fedmsg-certs/keys/greenwave-greenwave-web-greenwave.app.os.stg.fedoraproject.org.key privatefile: "rabbitmq/{{env}}/pki/private/greenwave{{env_suffix}}.key"
when: env == "staging" when: env == "staging"
- role: openshift/secret-file - role: openshift/secret-file
app: greenwave app: greenwave
secret_name: greenwave-fedmsg-crt secret_name: greenwave-fedora-messaging-crt
key: fedmsg-greenwave.crt key: greenwave.crt
privatefile: fedmsg-certs/keys/greenwave-greenwave-web-greenwave.app.os.stg.fedoraproject.org.crt privatefile: "rabbitmq/{{env}}/pki/issued/greenwave{{env_suffix}}.crt"
when: env == "staging"
- role: openshift/secret-file
app: greenwave
secret_name: greenwave-fedora-messaging-ca
key: greenwave.ca
privatefile: "rabbitmq/{{env}}/pki/ca.crt"
when: env == "staging" when: env == "staging"
- role: openshift/secret-file - role: openshift/secret-file
app: greenwave app: greenwave

5
roles/openshift-apps/greenwave/templates/buildconfig.yml
View file

@ -8,6 +8,10 @@ spec:
runPolicy: Serial runPolicy: Serial
source: source:
dockerfile: |- dockerfile: |-
{% if env == 'staging' %}
# See imagestream.yml for the definition
FROM greenwave-upstream:latest
{% else %}
# See imagestream.yml for the definition # See imagestream.yml for the definition
FROM greenwave-upstream:latest FROM greenwave-upstream:latest
@ -31,6 +35,7 @@ spec:
# Become non-root again # Become non-root again
USER 1001 USER 1001
ENTRYPOINT docker/install-ca.sh && gunicorn-3 --workers 8 --timeout 127 --bind 0.0.0.0:8080 --access-logfile=- --enable-stdio-inheritance greenwave.wsgi:app ENTRYPOINT docker/install-ca.sh && gunicorn-3 --workers 8 --timeout 127 --bind 0.0.0.0:8080 --access-logfile=- --enable-stdio-inheritance greenwave.wsgi:app
{% endif %}
strategy: strategy:
type: Docker type: Docker
dockerStrategy: dockerStrategy:

67
roles/openshift-apps/greenwave/templates/config.toml Normal file
View file

@ -0,0 +1,67 @@
# A sample configuration for fedora-messaging. This file is in the TOML format.
# For complete details on all configuration options, see the documentation
# https://fedora-messaging.readthedocs.io/en/latest/configuration.html.
amqp_url = "amqp://greenwave{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub"
publish_exchange = "amq.topic"
callback = "greenwave.consumers.fedora_messaging_consumer:fedora_messaging_callback"
# Note the double brackets below.
# To add another binding, add another [[bindings]] section.
[[bindings]]
queue = "greenwave"
exchange = "amq.topic"
routing_keys = [
"org.fedoraproject.prod.taskotron.result.new",
"org.fedoraproject.stg.taskotron.result.new",
"org.fedoraproject.prod.waiver.new",
"org.fedoraproject.stg.waiver.new",
]
[tls]
ca_cert = "/etc/pki/rabbitmq/ca/greenwave.ca"
keyfile = "/etc/pki/rabbitmq/key/greenwave.key"
certfile = "/etc/pki/rabbitmq/crt/greenwave.crt"
[client_properties]
app = "greenwave"
[queues.greenwave]
durable = true
auto_delete = false
exclusive = false
arguments = {}
[qos]
prefetch_size = 0
prefetch_count = 25
[log_config]
version = 1
disable_existing_loggers = true
[log_config.formatters.simple]
format = "[%(name)s %(levelname)s] %(message)s"
[log_config.handlers.console]
class = "logging.StreamHandler"
formatter = "simple"
stream = "ext://sys.stdout"
[log_config.loggers.fedora_messaging]
level = "INFO"
propagate = false
handlers = ["console"]
[log_config.root]
level = "WARNING"
handlers = ["console"]
# greenwave consumer configuration
[consumer_config]
topic_prefix = 'org.fedoraproject'
environment = '{{ env }}'
waiverdb_topic_suffix = 'waiver.new'
resultsdb_topic_suffix = 'taskotron.result.new'

13
roles/openshift-apps/greenwave/templates/configmap.yml
View file

@ -258,3 +258,16 @@ data:
greenwave_api_url='https://greenwave-web-greenwave.app.os.fedoraproject.org/api/v1.0' greenwave_api_url='https://greenwave-web-greenwave.app.os.fedoraproject.org/api/v1.0'
{% endif %} {% endif %}
) )
{% if env == 'staging' %}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: fedora-messaging-configmap
labels:
app: greenwave
{% macro load_file(filename) %}{% include filename %}{%- endmacro -%}
data:
config.toml: |-
{{ load_file('config.toml') | indent }}
{% endif %}

77
roles/openshift-apps/greenwave/templates/deploymentconfig.yml
View file

@ -55,6 +55,82 @@ spec:
kind: ImageStreamTag kind: ImageStreamTag
name: greenwave:latest name: greenwave:latest
- type: ConfigChange - type: ConfigChange
{% if env == 'staging' %}
---
# For fedmsg consumers
apiVersion: v1
kind: DeploymentConfig
metadata:
name: greenwave-fedmsg-consumers
labels:
app: greenwave
service: fedmsg-consumers
spec:
replicas: 1
selector:
service: fedmsg-consumers
template:
metadata:
labels:
app: greenwave
service: fedmsg-consumers
spec:
containers:
- name: fedmsg-consumers
image: registry/greenwave:latest
ports:
- containerPort: 8081
command:
- fedora-messaging consume"
volumeMounts:
- name: config-volume
mountPath: /etc/greenwave
readOnly: true
- name: fedora-messaging-config-volume
mountPath: /etc/fedora-messaging
readOnly: true
- name: fedora-messaging-ca-volume
mountPath: /etc/pki/rabbitmq/ca
readOnly: true
- name: fedora-messaging-key-volume
mountPath: /etc/pki/rabbitmq/key
readOnly: true
- name: fedora-messaging-crt-volume
mountPath: /etc/pki/rabbitmq/crt
readOnly: true
resources:
limits:
memory: 384Mi
volumes:
# Give the fedmsg-consumer container access to the general config
- name: config-volume
configMap:
name: greenwave-configmap
# But *also* access to the fedmsg-specific config
- name: fedora-messaging-config-volume
configMap:
name: fedora-messaging-configmap
# And... this secret volume gets set up in the playbook
- name: fedora-messaging-ca-volume
secret:
secretName: greenwave-fedora-messaging-ca
- name: fedora-messaging-key-volume
secret:
secretName: greenwave-fedora-messaging-key
- name: fedora-messaging-crt-volume
secret:
secretName: greenwave-fedora-messaging-crt
triggers:
- type: ImageChange
imageChangeParams:
automatic: true
containerNames:
- fedmsg-consumers
from:
kind: ImageStreamTag
name: greenwave:latest
- type: ConfigChange
{% else %}
--- ---
# For fedmsg consumers # For fedmsg consumers
apiVersion: v1 apiVersion: v1
@ -123,6 +199,7 @@ spec:
kind: ImageStreamTag kind: ImageStreamTag
name: greenwave:latest name: greenwave:latest
- type: ConfigChange - type: ConfigChange
{% endif %}
--- ---
# For memcached # For memcached
apiVersion: v1 apiVersion: v1