From 21dbe39c3326239f396142daf623f741403ddf60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= Date: Tue, 30 Nov 2021 22:43:49 +0100 Subject: [PATCH] Blockerbugs: OpenShift --- playbooks/openshift-apps/blockerbugs.yml | 97 ++++++++++++++++ .../blockerbugs/files/service.yml | 16 +++ .../blockerbugs/templates/buildconfig.yml | 27 +++++ .../blockerbugs/templates/cron.yml | 72 ++++++++++++ .../templates/deploymentconfig.yml | 109 ++++++++++++++++++ .../blockerbugs/templates/imagestream.yml | 10 ++ .../blockerbugs/templates/secret.yml | 11 ++ 7 files changed, 342 insertions(+) create mode 100644 playbooks/openshift-apps/blockerbugs.yml create mode 100644 roles/openshift-apps/blockerbugs/files/service.yml create mode 100644 roles/openshift-apps/blockerbugs/templates/buildconfig.yml create mode 100644 roles/openshift-apps/blockerbugs/templates/cron.yml create mode 100644 roles/openshift-apps/blockerbugs/templates/deploymentconfig.yml create mode 100644 roles/openshift-apps/blockerbugs/templates/imagestream.yml create mode 100644 roles/openshift-apps/blockerbugs/templates/secret.yml diff --git a/playbooks/openshift-apps/blockerbugs.yml b/playbooks/openshift-apps/blockerbugs.yml new file mode 100644 index 0000000000..c1bae2c279 --- /dev/null +++ b/playbooks/openshift-apps/blockerbugs.yml @@ -0,0 +1,97 @@ +- name: prepare setting up the database + #hosts: db01.stg.iad2.fedoraproject.org:db01.iad2.fedoraproject.org + hosts: db01.stg.iad2.fedoraproject.org + gather_facts: no + user: root + + tasks: + - name: install psycopg2 for the postgresql ansible modules + package: name=python3-psycopg2 state=present + tags: + - packages + +- name: setup the database + #hosts: db01.stg.iad2.fedoraproject.org:db01.iad2.fedoraproject.org + hosts: db01.stg.iad2.fedoraproject.org + gather_facts: no + become: yes + become_user: postgres + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" + + tasks: + - name: Create the database user + postgresql_user: + name: "{{ blockerbugs_db_user }}" + password: "{{ blockerbugs_db_pass }}" + - name: Create the database itself + postgresql_db: + name: "{{ blockerbugs_db_name }}" + owner: "{{ blockerbugs_db_user }}" + encoding: UTF-8 + - name: Test the database creation + postgresql_db: + name: "{{ blockerbugs_db_name }}" + owner: "{{ blockerbugs_db_user }}" + encoding: UTF-8 + +- name: make the app be real + #hosts: os_control_stg[0]:os_control[0] + hosts: os_control_stg[0] + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - role: openshift/project + app: blockerbugs + description: Blockerbugs + appowners: + - frantisekz + - pingou + tags: + - appowners + + - role: openshift/object + app: blockerbugs + template: buildconfig.yml + objectname: buildconfig.yml + + - role: openshift/object + app: blockerbugs + template: deploymentconfig.yml + objectname: deploymentconfig.yml + + - role: openshift/object + app: blockerbugs + template: imagestream.yml + objectname: imagestream.yml + + - role: openshift/object + app: blockerbugs + file: service.yml + objectname: service.yml + + - role: openshift/object + app: blockerbugs + template: secret.yml + objectname: secret.yml + + - role: openshift/route + app: blockerbugs + routename: blockerbugs + host: "qa{{ env_suffix }}.fedoraproject.org" + path: "/blockerbugs" + serviceport: 8080-tcp + servicename: blockerbugs + + - role: openshift/start-build + app: blockerbugs + buildname: blockerbugs-build + objectname: blockerbugs-build diff --git a/roles/openshift-apps/blockerbugs/files/service.yml b/roles/openshift-apps/blockerbugs/files/service.yml new file mode 100644 index 0000000000..e33654de16 --- /dev/null +++ b/roles/openshift-apps/blockerbugs/files/service.yml @@ -0,0 +1,16 @@ +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: blockerbugs + name: blockerbugs +spec: + ports: + - name: 8080-tcp + port: 8080 + protocol: TCP + targetPort: 8080 + selector: + app: blockerbugs + deploymentconfig: blockerbugs \ No newline at end of file diff --git a/roles/openshift-apps/blockerbugs/templates/buildconfig.yml b/roles/openshift-apps/blockerbugs/templates/buildconfig.yml new file mode 100644 index 0000000000..f573efb6bc --- /dev/null +++ b/roles/openshift-apps/blockerbugs/templates/buildconfig.yml @@ -0,0 +1,27 @@ +--- +apiVersion: v1 +kind: BuildConfig +metadata: + name: blockerbugs-build + labels: + environment: "blockerbugs" +spec: + output: + to: + kind: ImageStreamTag + name: blockerbugs:latest + source: + type: Git + git: + uri: https://pagure.io/fedora-qa/blockerbugs + # Change to develop/master once we iron things out! + ref: "develop" + strategy: + type: Source + sourceStrategy: + from: + kind: DockerImage + name: registry.access.redhat.com/ubi8/python-39 + triggers: + - type: ConfigChange + - type: ImageChange \ No newline at end of file diff --git a/roles/openshift-apps/blockerbugs/templates/cron.yml b/roles/openshift-apps/blockerbugs/templates/cron.yml new file mode 100644 index 0000000000..1f205bbeea --- /dev/null +++ b/roles/openshift-apps/blockerbugs/templates/cron.yml @@ -0,0 +1,72 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: sync +spec: + successfulJobsHistoryLimit: 3 + failedJobsHistoryLimit: 1 + concurrencyPolicy: Forbid + activeDeadlineSeconds: 900 + startingDeadlineSeconds: 180 + schedule: "0 * * * *" + jobTemplate: + spec: + template: + metadata: + labels: + parent: "cronjobbuild" + spec: + containers: + - name: blockerbugs-sync + image: blockerbugs:latest + command: ["python", "/opt/app-root/src/blockerbugs/cli.py", "sync"] + env: + - name: POSTGRESQL_USER + value: "blockerbugs" + - name: POSTGRESQL_DATABASE + value: "blockerbugs" + - name: POSTGRESQL_SERVICE_HOST + value: "db01{{ env_suffix }}.iad2.fedoraproject.org" + - name: POSTGRESQL_SERVICE_PORT + value: "5432" + - name: POSTGRESQL_PASSWORD + value: "{{ blockerbugs_db_password }}" + - name: FAS_PASSWORD + value: "{{ blockerbugs_fas_password }}" + - name: FAS_USER + value: "{{ blockerbugs_fas_user }}@fedoraproject.org" + - name: FAS_ADMIN_GROUP + value: "qa-admin" + - name: PAGURE_BOT_USERNAME + value: "blockerbot" + - name: PAGURE_BOT_ENABLED + value: "True" + - name: PAGURE_REPO + value: "fedora-qa/blocker-review" + - name: PAGURE_REPO_TOKEN + value: "{{ blockerbugs_pagure_repo_token_secret }}" + - name: PAGURE_REPO_WEBHOOK_KEY + value: "{{ blockerbugs_pagure_repo_webhook_key_secret }}" + - name: PAGURE_URL + value: "https://{{ env_suffix }}pagure.io/" + - name: PAGURE_API + value: "https://{{ env_suffix }}pagure.io/api/0/" + - name: BUGZILLA_URL + value: "{{ blockerbugs_bugzilla_url }}" + - name: BODHI_URL + value: "https://bodhi{{ env_suffix }}.fedoraproject.org/" + - name: OPENSHIFT_PROD +{% if env == 'staging' %} + value: "0" +{% else %} + value: "1" +{% endif %} + - name: blockerbugs-secret-volume + mountPath: /opt/app-root/secret/ + readOnly: true + restartPolicy: Never + startingDeadlineSeconds: 600 + volumes: + - name: blockerbugs-secret-volume + secret: + secretName: blockerbugs-secret \ No newline at end of file diff --git a/roles/openshift-apps/blockerbugs/templates/deploymentconfig.yml b/roles/openshift-apps/blockerbugs/templates/deploymentconfig.yml new file mode 100644 index 0000000000..80a478cd9c --- /dev/null +++ b/roles/openshift-apps/blockerbugs/templates/deploymentconfig.yml @@ -0,0 +1,109 @@ +--- +apiVersion: v1 +kind: DeploymentConfig +metadata: + labels: + app: blockerbugs + service: blockerbugs + name: blockerbugs +spec: + replicas: 1 + selector: + app: blockerbugs + deploymentconfig: blockerbugs + strategy: + type: Recreate + recreateParams: + mid: + failurePolicy: Abort + execNewPod: + containerName: blockerbugs + # BBA would automatically proceed with upgrade_db if necessary + # init_db isn't dropping anything, so it's safe to call every time the pod starts + command: ["python", "/opt/app-root/src/blockerbugs/cli.py", "init_db"] + # and then just the gunicorn for the frontend part + volumes: + - blockerbugs-secret-volume + template: + metadata: + labels: + app: blockerbugs + deploymentconfig: blockerbugs + spec: + containers: + - name: blockerbugs + image: blockerbugs:latest + ports: + - containerPort: 8080 + resources: {} + env: + - name: POSTGRESQL_USER + value: "blockerbugs" + - name: POSTGRESQL_DATABASE + value: "blockerbugs" + - name: POSTGRESQL_SERVICE_HOST + value: "db01{{ env_suffix }}.iad2.fedoraproject.org" + - name: POSTGRESQL_SERVICE_PORT + value: "5432" + - name: POSTGRESQL_PASSWORD + value: "{{ blockerbugs_db_password }}" + - name: FAS_PASSWORD + value: "{{ blockerbugs_fas_password }}" + - name: FAS_USER + value: "{{ blockerbugs_fas_user }}@fedoraproject.org" + - name: FAS_ADMIN_GROUP + value: "qa-admin" + - name: PAGURE_BOT_USERNAME + value: "blockerbot" + - name: PAGURE_BOT_ENABLED + value: "True" + - name: PAGURE_REPO + value: "fedora-qa/blocker-review" + - name: PAGURE_REPO_TOKEN + value: "{{ blockerbugs_pagure_repo_token_secret }}" + - name: PAGURE_REPO_WEBHOOK_KEY + value: "{{ blockerbugs_pagure_repo_webhook_key_secret }}" + - name: PAGURE_URL + value: "https://{{ env_suffix }}pagure.io/" + - name: PAGURE_API + value: "https://{{ env_suffix }}pagure.io/api/0/" + - name: BUGZILLA_URL + value: "{{ blockerbugs_bugzilla_url }}" + - name: BODHI_URL + value: "https://bodhi{{ env_suffix }}.fedoraproject.org/" + - name: OPENSHIFT_PROD +{% if env == 'staging' %} + value: "0" +{% else %} + value: "1" +{% endif %} + - name: blockerbugs-secret-volume + mountPath: /opt/app-root/secret/ + readOnly: true + readinessProbe: + timeoutSeconds: 5 + initialDelaySeconds: 5 + httpGet: + path: / + port: 8080 + livenessProbe: + timeoutSeconds: 15 + initialDelaySeconds: 30 + httpGet: + path: / + port: 8080 + volumes: + - name: blockerbugs-secret-volume + secret: + secretName: blockerbugs-secret + + triggers: + - type: ConfigChange + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - blockerbugs + from: + kind: ImageStreamTag + name: blockerbugs:latest \ No newline at end of file diff --git a/roles/openshift-apps/blockerbugs/templates/imagestream.yml b/roles/openshift-apps/blockerbugs/templates/imagestream.yml new file mode 100644 index 0000000000..fc811483df --- /dev/null +++ b/roles/openshift-apps/blockerbugs/templates/imagestream.yml @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: ImageStream +metadata: + name: blockerbugs +spec: + lookupPolicy: + local: false +status: + dockerImageRepository: "" \ No newline at end of file diff --git a/roles/openshift-apps/blockerbugs/templates/secret.yml b/roles/openshift-apps/blockerbugs/templates/secret.yml new file mode 100644 index 0000000000..c7c30148ad --- /dev/null +++ b/roles/openshift-apps/blockerbugs/templates/secret.yml @@ -0,0 +1,11 @@ +--- +{% macro load_file(filename) %}{% include filename %}{%- endmacro -%} +apiVersion: v1 +kind: Secret +metadata: + name: blockerbugs-secret + labels: + app: blockerbugs +stringData: + client_secrets.json: |- + {{ load_file('client_secrets.json') | indent }}