Add zezere playbook and files

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>

playbooks/openshift-apps/zezere.yml

@@ -0,0 +1,48 @@
+- name: make the app be real
+  hosts: os_masters_stg[0]
+  user: root
+  gather_facts: False
+
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - "/srv/private/ansible/vars.yml"
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  roles:
+  - role: openshift/project
+    app: zezere
+    description: Zezere provisioning service
+    appowners:
+    - puiterwijk
+    - pbrobinson
+  - role: openshift/imagestream
+    app: zezere
+    imagename: zezere
+  - role: openshift/object
+    app: zezere
+    objectname: buildconfig.yml
+    file: buildconfig.yml
+  - role: openshift/start-build
+    app: zezere
+    buildname: zezere
+  - role: openshift/object
+    app: zezere
+    file: service.yml
+    objectname: service.yml
+  - role: openshift/route
+    app: zezere
+    routename: zezere
+    host: "provision{{ env_suffix }}.fedoraproject.org"
+    servicename: zezere
+    serviceport: 8080
+  - role: openshift/object
+    app: zezere
+    template: secret.yml
+    objectname: secret.yml
+  - role: openshift/object
+    app: zezere
+    template: deploymentconfig.yml
+    objectname: deploymentconfig.yml
+  - role: openshift/rollout
+    app: zezere
+    dcname: zezere

roles/openshift-apps/zezere/files/buildconfig.yml

@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: BuildConfig
+metadata:
+  labels:
+    build: zezere-build
+  name: zezere-build
+spec:
+  runPolicy: Serial
+  source:
+    git:
+      uri: https://github.com/fedora-iot/zezere.git
+      ref: master
+  strategy:
+    sourceStrategy:
+      env:
+        - name: SECRET_KEY
+          value: notsecret
+        - name: ALLOWED_HOSTS
+          value: building.fedoraproject.org
+        - name: DATABASE_engine
+          value: django.db.backends.sqlite3
+      from:
+        kind: DockerImage
+        name: registry.access.redhat.com/rhscl/python-36-rhel7:latest
+  output:
+    to:
+      kind: ImageStreamTag
+      name: zezere:latest

roles/openshift-apps/zezere/files/service.yml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: zezere
+  labels:
+    app: zezere
+    service: zezere
+  namespace: zezere
+spec:
+  ports:
+    - name: web
+      port: 8080
+      targetPort: 8080
+  selector:
+    deploymentconfig: zezere

roles/openshift-apps/zezere/templates/deploymentconfig.yml

@@ -0,0 +1,88 @@
+apiVersion: v1
+kind: DeploymentConfig
+metadata:
+  labels:
+    app: zezere
+    service: zezere
+  name: zezere
+spec:
+  replicas: 1
+  selector:
+    deploymentconfig: zezere
+  strategy:
+    activeDeadlineSeconds: 21600
+    recreateParams:
+      timeoutSeconds: 600
+  template:
+    metadata:
+      labels:
+        app: zezere
+        deploymentconfig: zezere
+    spec:
+      containers:
+      - name: zezere
+        image: docker-registry.default.svc:5000/zezere/zezere:latest
+        env:
+          - name: ALLOWED_HOSTS
+            value: "*"
+          - name: WEB_CONCURRENCY
+            value: 8
+          - name: SECRET_KEY
+            valueFrom:
+              secretKeyRef:
+                name: zezere
+                key: secret_key
+          - name: DEBUG
+            value: no
+          - name: AUTH_METHOD
+            value: oidc
+          - name: OIDC_OP_AUTHORIZATION_ENDPOINT
+            value: "https://id{{ env_suffix }}.fedoraproject.org/openidc/Authorization"
+          - name: OIDC_OP_TOKEN_ENDPOINT
+            value: "https://id{{ env_suffix }}.fedoraproject.org/openidc/Token"
+          - name: OIDC_OP_USER_ENDPOINT
+            value: "https://id{{ env_suffix }}.fedoraproject.org/openidc/UserInfo"
+          - name: OIDC_OP_JWKS_ENDPOINT
+            value: "https://id{{ env_suffix }}.fedoraproject.org/openidc/Jwks"
+          - name: OIDC_RP_CLIENT_ID
+            value: "provisionfpo"
+          - name: OIDC_RP_CLIENT_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: zezere
+                key: oidc_client_secret
+          - name: OIDC_RP_SIGN_ALGO
+            value: RS256
+          - name: SECURE_PROXY_SSL_HEADER_NAME
+            value: HTTP_X_FORWARDED_PROTO
+          - name: SECURE_PROXY_SSL_HEADER_VALUE
+            value: https
+          - name: DATABASE_engine
+            value: "django.db.backends.postgresql_psycopg2"
+          - name: DATABASE_host
+            value: "todo"
+          - name: DATABASE_name
+            value: "todo"
+          - name: DATABASE_user
+            value: "todo"
+          - name: DATABASE_password
+            valueFrom:
+              secretKeyRef:
+                name: zezere
+                key: database_password
+        ports:
+        - containerPort: 8080
+        readinessProbe:
+          timeoutSeconds: 1
+          initialDelaySeconds: 5
+          httpGet:
+            path: /
+            port: 8080
+        livenessProbe:
+          timeoutSeconds: 1
+          initialDelaySeconds: 30
+          httpGet:
+            path: /
+            port: 8080
+  triggers:
+  - type: ConfigChange

roles/openshift-apps/zezere/templates/secret.yml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: zezere
+  labels:
+    app: zezere
+stringData:
+{% if env == 'staging' %}
+  secret_key: "{{ zezere_secret_key_staging }}"
+  oidc_client_secret: "{{ zezere_oidc_client_secret_staging }}"
+  database_password: "{{ zezere_db_password_staging }}"
+{% else %}
+  secret_key: "{{ zezere_secret_key_production }}"
+  oidc_client_secret: "{{ zezere_oidc_client_secret_production }}"
+  database_password: "{{ zezere_db_password_production }}"
+{% endif %}