resultsdb-ci-listener playbook and role

2021-07-01 18:09:19 -03:00 · 2021-07-01 18:09:19 -03:00 · 2d209bef3a
commit 2d209bef3a
parent 56333c899f
5 changed files with 269 additions and 0 deletions
--- a/playbooks/openshift-apps/resultsdb-ci-listener.yml
+++ b/playbooks/openshift-apps/resultsdb-ci-listener.yml
@ -0,0 +1,61 @@
+- name: make the app be real
+  # hosts: os_masters[0]:os_masters_stg[0]
+  hosts: os_masters_stg[0]
+  user: root
+  gather_facts: False
+
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - /srv/private/ansible/vars.yml
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  roles:
+    TODO: uncomment
+    - role: rabbit/user
+      username: "resultsdb-ci-listener{{ env_suffix }}"
+
+    # The openshift/project role breaks if the project already exists:
+    # https://pagure.io/fedora-infrastructure/issue/6404
+    - role: openshift/project
+      app: resultsdb-ci-listener
+      description: resultsdb-ci-listener
+      appowners:
+        - ralph
+        - mjia
+        - dcallagh
+        - gnaponie
+        - cverna
+        - pingou
+        - lholecek
+        - vmaljulin
+        - lrossett
+      tags:
+        - apply-appowners
+
+    - role: openshift/secret-file
+      app: resultsdb-ci-listener
+      secret_name: resultsdb-ci-listener-fedora-messaging-key
+      key: resultsdb-ci-listener.key
+      privatefile: "rabbitmq/{{env}}/pki/private/resultsdb{{env_suffix}}.key"
+
+    - role: openshift/secret-file
+      app: resultsdb-ci-listener
+      secret_name: resultsdb-ci-listener-fedora-messaging-crt
+      key: resultsdb-ci-listener.crt
+      privatefile: "rabbitmq/{{env}}/pki/issued/resultsdb{{env_suffix}}.crt"
+
+    - role: openshift/secret-file
+      app: resultsdb-ci-listener
+      secret_name: resultsdb-ci-listener-fedora-messaging-ca
+      key: resultsdb-ci-listener.ca
+      privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+
+    - role: openshift/object
+      app: resultsdb-ci-listener
+      template: configmaps.yml
+      objectname: configmaps.yml
+
+    - role: openshift/object
+      app: resultsdb-ci-listener
+      template: deploymentconfigs.yml
+      objectname: deploymentconfigs.yml
--- a/roles/openshift-apps/resultsdb-ci-listener/templates/configmaps.yml
+++ b/roles/openshift-apps/resultsdb-ci-listener/templates/configmaps.yml
@ -0,0 +1,131 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "fedora-messaging-configmap"
+  labels:
+    app: resultsdb-ci-listener
+data:
+  config.toml: |-
+    # A sample configuration for fedora-messaging. This file is in the TOML format.
+    # For complete details on all configuration options, see the documentation
+    # https://fedora-messaging.readthedocs.io/en/latest/configuration.html.
+
+    amqp_url = "amqps://resultsdb{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub"
+
+
+{% if env == "staging" %}
+    topic_prefix = "org.fedoraproject.stg"
+{% else %}
+    topic_prefix = "org.fedoraproject.prod"
+{% endif %}
+
+    publish_exchange = "amq.topic"
+    passive_declares = true
+
+    callback = "resultsdb_listener.consumer:Consumer"
+
+
+    [queues."resultsdb{{ env_suffix }}_ci_listener"]
+    durable = true
+    auto_delete = false
+    exclusive = true
+    arguments = {}
+
+    # Note the double brackets below.
+    # To add another binding, add another [[bindings]] section.
+    [[bindings]]
+    queue = "resultsdb{{ env_suffix }}_ci_listener"
+    exchange = "amq.topic"
+    routing_keys = [
+{% if  env == "staging" %}
+        'org.centos.stage.ci.pipeline.allpackages-build.complete',
+        'org.centos.stage.ci.pipeline.allpackages-build.image.complete',
+        'org.centos.stage.ci.pipeline.allpackages-build.package.test.functional.complete',
+        'org.centos.stage.ci.pipeline.allpackages-build.package.complete',
+        'org.centos.stage.ci.pipeline.allpackages-build.package.ignored',
+        'org.centos.stage.ci.koji-build.test.queued',
+        'org.centos.stage.ci.koji-build.test.running',
+        'org.centos.stage.ci.koji-build.test.complete',
+        'org.centos.stage.ci.koji-build.test.error'
+{% else %}
+        'org.centos.prod.ci.pipeline.allpackages-build.complete',
+        'org.centos.prod.ci.pipeline.allpackages-build.image.complete',
+        'org.centos.prod.ci.pipeline.allpackages-build.package.test.functional.complete',
+        'org.centos.prod.ci.pipeline.allpackages-build.package.complete',
+        'org.centos.prod.ci.pipeline.allpackages-build.package.ignored',
+        'org.centos.prod.ci.koji-build.test.queued',
+        'org.centos.prod.ci.koji-build.test.running',
+        'org.centos.prod.ci.koji-build.test.complete',
+        'org.centos.prod.ci.koji-build.test.error'
+{%- endif %}
+    ]
+
+    [tls]
+    ca_cert = "/etc/pki/rabbitmq/ca/resultsdb-ci-listener.ca"
+    keyfile = "/etc/pki/rabbitmq/key/resultsdb-ci-listener.key"
+    certfile = "/etc/pki/rabbitmq/crt/resultsdb-ci-listener.crt"
+
+    [client_properties]
+    app = "resultsdb_listener"
+    # Some suggested extra fields:
+    # URL of the project that provides this consumer
+    app_url = "https://pagure.io/ci-resultsdb-listener/"
+    # Contact emails for the maintainer(s) of the consumer - in case the
+    # broker admin needs to contact them, for e.g.
+    app_contacts_email = [
+      "pingou@fedoraproject.org",
+      "lrossett@fedoraproject.org"
+    ]
+
+    [qos]
+    prefetch_size = 0
+    prefetch_count = 25
+
+    [log_config]
+    version = 1
+    disable_existing_loggers = true
+
+    [log_config.formatters.simple]
+    format = "[%(name)s %(levelname)s] %(message)s"
+
+    [log_config.handlers.console]
+    class = "logging.StreamHandler"
+    formatter = "simple"
+    stream = "ext://sys.stdout"
+
+    [log_config.loggers.fedora_messaging]
+    level = "INFO"
+    propagate = false
+    handlers = ["console"]
+
+    [log_config.loggers.resultsdb_listener]
+    level = "DEBUG"
+    propagate = false
+    handlers = ["console"]
+
+    [log_config.root]
+    level = "WARNING"
+    handlers = ["console"]
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "resultsdb-ci-listener-cfg"
+  labels:
+    app: resultsdb-ci-listener
+data:
+  listener.cfg: |-
+    [general]
+{% if env == "staging" %}
+    datagrepper_url = https://apps.stg.fedoraproject.org/datagrepper/raw
+{% else %}
+    datagrepper_url = https://apps.fedoraproject.org/datagrepper/raw
+{% endif %}
+
+    [sender]
+    sender_type = ResultsdbSender
+{% if env == "staging" %}
+    resultsdb_url = {{ stg_results_ci_listener_resultsdb_url }}
+{% else %}
+    resultsdb_url = {{ prod_results_ci_listener_resultsdb_url }}
+{% endif %}
--- a/roles/openshift-apps/resultsdb-ci-listener/templates/deploymentconfigs.yml
+++ b/roles/openshift-apps/resultsdb-ci-listener/templates/deploymentconfigs.yml
@ -0,0 +1,77 @@
+apiVersion: v1
+kind: DeploymentConfig
+metadata:
+  name: "resultsdb-ci-listener"
+  labels:
+    app: resultsdb-ci-listener
+spec:
+  replicas: 1
+  selector:
+    app: resultsdb-ci-listener
+  strategy:
+    type: Rolling
+  template:
+    metadata:
+      labels:
+        app: resultsdb-ci-listener
+    spec:
+      containers:
+        - name: listener
+{% if env == 'staging' %}
+          image: "{{ stg_resultsdb_ci_listener_image }}"
+{% else %}
+          image: "{{ prod_resultsdb_ci_listener_image }}"
+{% endif %}
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 5001
+          volumeMounts:
+            - name: config-volume
+              mountPath: /etc/ci-resultsdb-listener
+              readOnly: true
+{% if deployment_type not in ['local', 'dev'] %}
+            - name: fedora-messaging-ca-volume
+              mountPath: /etc/pki/rabbitmq/ca
+              readOnly: true
+            - name: fedora-messaging-key-volume
+              mountPath: /etc/pki/rabbitmq/key
+              readOnly: true
+            - name: fedora-messaging-crt-volume
+              mountPath: /etc/pki/rabbitmq/crt
+              readOnly: true
+            - name: fedora-messaging-config-volume
+              mountPath: /etc/fedora-messaging
+              readOnly: true
+{% endif %}
+          livenessProbe:
+            timeoutSeconds: 1
+            initialDelaySeconds: 30
+            exec:
+              command:
+                - ps
+                - -C
+                - fedora-messaging
+          resources:
+            limits:
+              memory: 500Mi
+              cpu: 0.3
+      volumes:
+        - name: config-volume
+          configMap:
+            name: resultsdb-ci-listener-cfg
+{% if deployment_type not in ['local', 'dev']%}
+        - name: fedora-messaging-config-volume
+          configMap:
+            name: fedora-messaging-configmap
+        - name: fedora-messaging-ca-volume
+          secret:
+            secretName: resultsdb-ci-listener-fedora-messaging-key
+        - name: fedora-messaging-crt-volume
+          secret:
+            secretName: resultsdb-ci-listener-fedora-messaging-crt
+        - name: fedora-messaging-key-volume
+          secret:
+            secretName: resultsdb-ci-listener-fedora-messaging-key
+{% endif %}
+  triggers:
+    - type: ConfigChange
--- a/roles/openshift-apps/resultsdb-ci-listener/vars/main.yml
+++ b/roles/openshift-apps/resultsdb-ci-listener/vars/main.yml
--- a/roles/openshift-apps/resultsdb-ci-listener/vars/vars.yml
+++ b/roles/openshift-apps/resultsdb-ci-listener/vars/vars.yml