Blockerbugs: OpenShift

playbooks/openshift-apps/blockerbugs.yml

@@ -0,0 +1,97 @@
+- name: prepare setting up the database
+  #hosts: db01.stg.iad2.fedoraproject.org:db01.iad2.fedoraproject.org
+  hosts: db01.stg.iad2.fedoraproject.org
+  gather_facts: no
+  user: root
+
+  tasks:
+  - name: install psycopg2 for the postgresql ansible modules
+    package: name=python3-psycopg2 state=present
+    tags:
+    - packages
+
+- name: setup the database
+  #hosts: db01.stg.iad2.fedoraproject.org:db01.iad2.fedoraproject.org
+  hosts: db01.stg.iad2.fedoraproject.org
+  gather_facts: no
+  become: yes
+  become_user: postgres
+  vars_files:
+  - /srv/web/infra/ansible/vars/global.yml
+  - "/srv/private/ansible/vars.yml"
+  - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml"
+
+  tasks:
+  - name: Create the database user
+    postgresql_user:
+      name: "{{ blockerbugs_db_user }}"
+      password: "{{ blockerbugs_db_pass }}"
+  - name: Create the database itself
+    postgresql_db:
+      name: "{{ blockerbugs_db_name  }}"
+      owner: "{{ blockerbugs_db_user }}"
+      encoding: UTF-8
+  - name: Test the database creation
+    postgresql_db:
+      name: "{{ blockerbugs_db_name  }}"
+      owner: "{{ blockerbugs_db_user }}"
+      encoding: UTF-8
+
+- name: make the app be real
+  #hosts: os_control_stg[0]:os_control[0]
+  hosts: os_control_stg[0]
+  user: root
+  gather_facts: False
+
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - "/srv/private/ansible/vars.yml"
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  roles:
+  - role: openshift/project
+    app: blockerbugs
+    description: Blockerbugs
+    appowners:
+    - frantisekz
+    - pingou
+    tags:
+      - appowners
+
+  - role: openshift/object
+    app: blockerbugs
+    template: buildconfig.yml
+    objectname: buildconfig.yml
+
+  - role: openshift/object
+    app: blockerbugs
+    template: deploymentconfig.yml
+    objectname: deploymentconfig.yml
+
+  - role: openshift/object
+    app: blockerbugs
+    template: imagestream.yml
+    objectname: imagestream.yml
+
+  - role: openshift/object
+    app: blockerbugs
+    file: service.yml
+    objectname: service.yml
+
+  - role: openshift/object
+    app: blockerbugs
+    template: secret.yml
+    objectname: secret.yml
+
+  - role: openshift/route
+    app: blockerbugs
+    routename: blockerbugs
+    host: "qa{{ env_suffix }}.fedoraproject.org"
+    path: "/blockerbugs"
+    serviceport: 8080-tcp
+    servicename: blockerbugs
+
+  - role: openshift/start-build
+    app: blockerbugs
+    buildname: blockerbugs-build
+    objectname: blockerbugs-build

roles/openshift-apps/blockerbugs/files/service.yml

@@ -0,0 +1,16 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: blockerbugs
+  name: blockerbugs
+spec:
+  ports:
+  - name: 8080-tcp
+    port: 8080
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    app: blockerbugs
+    deploymentconfig: blockerbugs

roles/openshift-apps/blockerbugs/templates/buildconfig.yml

@@ -0,0 +1,27 @@
+---
+apiVersion: v1
+kind: BuildConfig
+metadata:
+  name: blockerbugs-build
+  labels:
+    environment: "blockerbugs"
+spec:
+  output:
+    to:
+      kind: ImageStreamTag
+      name: blockerbugs:latest
+  source:
+    type: Git
+    git:
+      uri: https://pagure.io/fedora-qa/blockerbugs
+      # Change to develop/master once we iron things out!
+      ref: "develop"
+  strategy:
+    type: Source
+    sourceStrategy:
+      from:
+        kind: DockerImage
+        name: registry.access.redhat.com/ubi8/python-39
+  triggers:
+  - type: ConfigChange
+  - type: ImageChange

roles/openshift-apps/blockerbugs/templates/cron.yml

@@ -0,0 +1,72 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: sync
+spec:
+  successfulJobsHistoryLimit: 3
+  failedJobsHistoryLimit: 1
+  concurrencyPolicy: Forbid
+  activeDeadlineSeconds: 900
+  startingDeadlineSeconds: 180
+  schedule: "0 * * * *"
+  jobTemplate:
+    spec:
+      template:
+        metadata:
+          labels:
+            parent: "cronjobbuild"
+        spec:
+          containers:
+          - name: blockerbugs-sync
+            image: blockerbugs:latest
+            command: ["python", "/opt/app-root/src/blockerbugs/cli.py", "sync"]
+        env:
+        - name: POSTGRESQL_USER
+          value: "blockerbugs"
+        - name: POSTGRESQL_DATABASE
+          value: "blockerbugs"
+        - name: POSTGRESQL_SERVICE_HOST
+          value: "db01{{ env_suffix }}.iad2.fedoraproject.org"
+        - name: POSTGRESQL_SERVICE_PORT
+          value: "5432"
+        - name: POSTGRESQL_PASSWORD
+          value: "{{ blockerbugs_db_password }}"
+        - name: FAS_PASSWORD
+          value: "{{ blockerbugs_fas_password }}"
+        - name: FAS_USER
+          value: "{{ blockerbugs_fas_user }}@fedoraproject.org"
+        - name: FAS_ADMIN_GROUP
+          value: "qa-admin"
+        - name: PAGURE_BOT_USERNAME
+          value: "blockerbot"
+        - name: PAGURE_BOT_ENABLED
+          value: "True"
+        - name: PAGURE_REPO
+          value: "fedora-qa/blocker-review"
+        - name: PAGURE_REPO_TOKEN
+          value: "{{ blockerbugs_pagure_repo_token_secret }}"
+        - name: PAGURE_REPO_WEBHOOK_KEY
+          value: "{{ blockerbugs_pagure_repo_webhook_key_secret }}"
+        - name: PAGURE_URL
+          value: "https://{{ env_suffix }}pagure.io/"
+        - name: PAGURE_API
+          value: "https://{{ env_suffix }}pagure.io/api/0/"
+        - name: BUGZILLA_URL
+          value: "{{ blockerbugs_bugzilla_url }}"
+        - name: BODHI_URL
+          value: "https://bodhi{{ env_suffix }}.fedoraproject.org/"
+        - name: OPENSHIFT_PROD
+{% if env == 'staging' %}
+          value: "0"
+{% else %}
+          value: "1"
+{% endif %}
+        - name: blockerbugs-secret-volume
+          mountPath: /opt/app-root/secret/
+          readOnly: true
+          restartPolicy: Never
+          startingDeadlineSeconds: 600
+          volumes:
+          - name: blockerbugs-secret-volume
+            secret:
+              secretName: blockerbugs-secret

roles/openshift-apps/blockerbugs/templates/deploymentconfig.yml

@@ -0,0 +1,109 @@
+---
+apiVersion: v1
+kind: DeploymentConfig
+metadata:
+  labels:
+    app: blockerbugs
+    service: blockerbugs
+  name: blockerbugs
+spec:
+  replicas: 1
+  selector:
+    app: blockerbugs
+    deploymentconfig: blockerbugs
+  strategy:
+    type: Recreate
+    recreateParams:
+      mid:
+        failurePolicy: Abort
+        execNewPod:
+          containerName: blockerbugs
+          # BBA would automatically proceed with upgrade_db if necessary
+          # init_db isn't dropping anything, so it's safe to call every time the pod starts
+          command: ["python", "/opt/app-root/src/blockerbugs/cli.py", "init_db"]
+          # and then just the gunicorn for the frontend part
+          volumes:
+           - blockerbugs-secret-volume
+  template:
+    metadata:
+      labels:
+        app: blockerbugs
+        deploymentconfig: blockerbugs
+    spec:
+      containers:
+      - name: blockerbugs
+        image: blockerbugs:latest
+        ports:
+        - containerPort: 8080
+        resources: {}
+        env:
+        - name: POSTGRESQL_USER
+          value: "blockerbugs"
+        - name: POSTGRESQL_DATABASE
+          value: "blockerbugs"
+        - name: POSTGRESQL_SERVICE_HOST
+          value: "db01{{ env_suffix }}.iad2.fedoraproject.org"
+        - name: POSTGRESQL_SERVICE_PORT
+          value: "5432"
+        - name: POSTGRESQL_PASSWORD
+          value: "{{ blockerbugs_db_password }}"
+        - name: FAS_PASSWORD
+          value: "{{ blockerbugs_fas_password }}"
+        - name: FAS_USER
+          value: "{{ blockerbugs_fas_user }}@fedoraproject.org"
+        - name: FAS_ADMIN_GROUP
+          value: "qa-admin"
+        - name: PAGURE_BOT_USERNAME
+          value: "blockerbot"
+        - name: PAGURE_BOT_ENABLED
+          value: "True"
+        - name: PAGURE_REPO
+          value: "fedora-qa/blocker-review"
+        - name: PAGURE_REPO_TOKEN
+          value: "{{ blockerbugs_pagure_repo_token_secret }}"
+        - name: PAGURE_REPO_WEBHOOK_KEY
+          value: "{{ blockerbugs_pagure_repo_webhook_key_secret }}"
+        - name: PAGURE_URL
+          value: "https://{{ env_suffix }}pagure.io/"
+        - name: PAGURE_API
+          value: "https://{{ env_suffix }}pagure.io/api/0/"
+        - name: BUGZILLA_URL
+          value: "{{ blockerbugs_bugzilla_url }}"
+        - name: BODHI_URL
+          value: "https://bodhi{{ env_suffix }}.fedoraproject.org/"
+        - name: OPENSHIFT_PROD
+{% if env == 'staging' %}
+          value: "0"
+{% else %}
+          value: "1"
+{% endif %}
+        - name: blockerbugs-secret-volume
+          mountPath: /opt/app-root/secret/
+          readOnly: true
+        readinessProbe:
+          timeoutSeconds: 5
+          initialDelaySeconds: 5
+          httpGet:
+            path: /
+            port: 8080
+        livenessProbe:
+          timeoutSeconds: 15
+          initialDelaySeconds: 30
+          httpGet:
+            path: /
+            port: 8080
+      volumes:
+      - name: blockerbugs-secret-volume
+        secret:
+          secretName: blockerbugs-secret
+
+  triggers:
+  - type: ConfigChange
+  - type: ImageChange
+    imageChangeParams:
+      automatic: true
+      containerNames:
+      - blockerbugs
+      from:
+        kind: ImageStreamTag
+        name: blockerbugs:latest

roles/openshift-apps/blockerbugs/templates/imagestream.yml

@@ -0,0 +1,10 @@
+---
+apiVersion: v1
+kind: ImageStream
+metadata:
+  name: blockerbugs
+spec:
+  lookupPolicy:
+    local: false
+status:
+  dockerImageRepository: ""

roles/openshift-apps/blockerbugs/templates/secret.yml

@@ -0,0 +1,11 @@
+---
+{% macro load_file(filename) %}{% include filename %}{%- endmacro -%}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: blockerbugs-secret
+  labels:
+    app: blockerbugs
+stringData:
+  client_secrets.json: |-
+    {{ load_file('client_secrets.json') | indent }}