resultsdb all in one role

2022-04-25 11:49:15 -03:00 · 2022-04-25 11:49:15 -03:00 · 47232b234c
commit 47232b234c
parent 6d3114e3bd
15 changed files with 137 additions and 161 deletions
--- a/playbooks/openshift-apps/resultsdb-frontend.yml
+++ b/playbooks/openshift-apps/resultsdb-frontend.yml
@ -1,61 +0,0 @@
- name: make the app be real
-  # hosts: os_masters[0]:os_masters_stg[0]
-  hosts: os_masters_stg[0]
-  user: root
-  gather_facts: False
-
-  vars_files:
-    - /srv/web/infra/ansible/vars/global.yml
-    - /srv/private/ansible/vars.yml
-    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-    - /srv/web/infra/ansible/roles/openshift-apps/resultsdb-frontend/vars/main.yml
-
-  roles:
-    # The openshift/project role breaks if the project already exists:
-    # https://pagure.io/fedora-infrastructure/issue/6404
-    - role: openshift/project
-      app: resultsdb-frontend
-      description: resultsdb
-      appowners:
-        - ralph
-        - mjia
-        - dcallagh
-        - gnaponie
-        - cverna
-        - pingou
-        - lholecek
-        - vmaljulin
-        - lrossett
-      tags:
-        - apply-appowners
-
-    - role: openshift/object
-      app: resultsdb-frontend
-      template: secrets.yml
-      objectname: secrets.yml
-
-    - role: openshift/object
-      app: resultsdb-frontend
-      template: configmaps.yml
-      objectname: configmaps.yml
-
-    - role: openshift/object
-      app: resultsdb-frontend
-      template: deploymentconfigs.yml
-      objectname: deploymentconfigs.yml
-
-    - role: openshift/object
-      app: resultsdb-frontend
-      template: services.yml
-      objectname: services.yml
-
-    - role: openshift/route
-      app: resultsdb-frontend
-      routename: web
-      host: "resultsdb{{ env_suffix }}.fedoraproject.org"
-      serviceport: web
-      servicename: resultsdb-frontend
-
-    - role: openshift/rollout
-      app: resultsdb-frontend
-      dcname: "resultsdb-frontend"
--- a/playbooks/openshift-apps/resultsdb.yml
+++ b/playbooks/openshift-apps/resultsdb.yml
@ -1,3 +1,4 @@
+---
 - name: setup the database
  hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org
  gather_facts: no
@ -27,10 +28,10 @@


 - name: make the app be real
-  hosts: os_masters[0]:os_masters_stg[0]
+  # hosts: os_masters[0]:os_masters_stg[0]
+  hosts: os_masters_stg[0]
  user: root
-  gather_facts: False
-
+  gather_facts: no
  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - /srv/private/ansible/vars.yml
@ -59,11 +60,6 @@
      tags:
        - apply-appowners

-    - role: openshift/object
-      app: resultsdb
-      template: secrets.yml
-      objectname: secrets.yml
-
    - role: openshift/secret-file
      app: resultsdb
      secret_name: resultsdb-fedora-messaging-key
@ -82,28 +78,70 @@
      key: resultsdb.ca
      privatefile: "rabbitmq/{{env}}/pki/ca.crt"

+    # backend objects
    - role: openshift/object
      app: resultsdb
-      template: configmaps.yml
-      objectname: configmaps.yml
+      template: backend/secrets.yml
+      objectname: backend-secrets.yml

    - role: openshift/object
      app: resultsdb
-      template: deploymentconfigs.yml
-      objectname: deploymentconfigs.yml
+      template: backend/configmaps.yml
+      objectname: backend-configmaps.yml

    - role: openshift/object
      app: resultsdb
-      template: services.yml
-      objectname: services.yml
+      template: backend/deploymentconfigs.yml
+      objectname: backend-deploymentconfigs.yml
+
+    - role: openshift/object
+      app: resultsdb
+      template: backend/services.yml
+      objectname: backend-services.yml

    - role: openshift/route
      app: resultsdb
-      routename: api-pretty
+      routename: resultsdb-api
      host: "resultsdb{{ env_suffix }}.fedoraproject.org"
      serviceport: api
      servicename: resultsdb-api
+      path: /api
+
+    # frontend objects
+    - role: openshift/object
+      app: resultsdb
+      template: frontend/secrets.yml
+      objectname: frontend-secrets.yml
+
+    - role: openshift/object
+      app: resultsdb
+      template: frontend/configmaps.yml
+      objectname: frontend-configmaps.yml
+
+    - role: openshift/object
+      app: resultsdb
+      template: frontend/deploymentconfigs.yml
+      objectname: frontend-deploymentconfigs.yml
+
+    - role: openshift/object
+      app: resultsdb
+      template: frontend/services.yml
+      objectname: frontend-services.yml
+
+    - role: openshift/route
+      app: resultsdb
+      host: "resultsdb{{ env_suffix }}.fedoraproject.org"
+      serviceport: web
+      servicename: resultsdb-frontend
+      path: /web
+
+    # rollouts
+    - role: openshift/rollout
+      app: resultsdb
+      dcname: "resultsdb-api"
+      failed_when: false

    - role: openshift/rollout
      app: resultsdb
-      dcname: "resultsdb-api"
+      dcname: "resultsdb-frontend"
+      failed_when: false
--- a/roles/openshift-apps/resultsdb-frontend/templates/routes.yml
+++ b/roles/openshift-apps/resultsdb-frontend/templates/routes.yml
@ -1,17 +0,0 @@
-apiVersion: v1
-  kind: Route
-  metadata:
-    name: "resultsdb-frontend"
-    labels:
-      app: resultsdb
-      service: web
-  spec:
-    path: /web
-    port:
-      targetPort: web
-    to:
-      kind: Service
-      name: "resultsdb-frontend"
-    tls:
-      termination: edge
-      insecureEdgeTerminationPolicy: Redirect
--- a/roles/openshift-apps/resultsdb-frontend/templates/secrets.yml
+++ b/roles/openshift-apps/resultsdb-frontend/templates/secrets.yml
@ -1,13 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: resultsdb-frontend-key
-  labels:
-    app: resultsdb
-    service: web
-stringData:
-{% if env == 'staging' %}
-  RESULTSDB_FRONTEND_SECRET_KEY: "{{ stg_resultsdb_frontend_secret_key }}"
-{% else %}
-  RESULTSDB_FRONTEND_SECRET_KEY: "{{ prod_resultsdb_frontend_secret_key }}"
-{% endif %}
--- a/roles/openshift-apps/resultsdb-frontend/vars/main.yml
+++ b/roles/openshift-apps/resultsdb-frontend/vars/main.yml
@ -1,5 +0,0 @@
---
-stg_resultsdb_frontend_image: 'quay.io/fedora-kube-sig/resultsdb:latest'
-prod_resultsdb_frontend_image: 'quay.io/fedora-kube-sig/resultsdb:latest'
-prod_resultsdb_frontend_api_url: 'https://resultsdb.fedoraproject.org/'
-stg_resultsdb_frontend_api_url: 'https://resultsdb.stg.fedoraproject.org/'
--- a/roles/openshift-apps/resultsdb/templates/backend/configmaps.yml
+++ b/roles/openshift-apps/resultsdb/templates/backend/configmaps.yml
@ -47,4 +47,4 @@ data:
    ca_cert = "/etc/pki/rabbitmq/ca/resultsdb.ca"
    keyfile = "/etc/pki/rabbitmq/key/resultsdb.key"
    certfile = "/etc/pki/rabbitmq/crt/resultsdb.crt"
-{% endif %}
+{% endif %}
--- a/roles/openshift-apps/resultsdb/templates/backend/deploymentconfigs.yml
+++ b/roles/openshift-apps/resultsdb/templates/backend/deploymentconfigs.yml
@ -49,6 +49,17 @@ spec:
          image: "{{ prod_resultsdb_image }}"
 {% endif %}
          imagePullPolicy: Always
+          env:
+            - name: RESULTSDB_WSGI_SCRIPT_PATH
+              value: "/usr/share/resultsdb/resultsdb.wsgi"
+            - name: RESULTSDB_THREADS
+              value: "5"
+            - name: RESULTSDB_CONF_PATH
+              value: "/etc/httpd/conf.d/resultsdb.conf"
+            - name: RESULTSDB_LOG_LEVEL
+              value: "info"
+            - name: RESULTSDB_MESSAGING
+              value: "Y"
          ports:
            - containerPort: 5001
          volumeMounts:
@ -113,4 +124,4 @@ spec:
            secretName: resultsdb-fedora-messaging-key
 {% endif %}
  triggers:
-    - type: ConfigChange}
+    - type: ConfigChange
--- a/roles/openshift-apps/resultsdb/templates/backend/secrets.yml
+++ b/roles/openshift-apps/resultsdb/templates/backend/secrets.yml
--- a/roles/openshift-apps/resultsdb/templates/backend/services.yml
+++ b/roles/openshift-apps/resultsdb/templates/backend/services.yml
--- a/roles/openshift-apps/resultsdb/templates/frontend/configmaps.yml
+++ b/roles/openshift-apps/resultsdb/templates/frontend/configmaps.yml
@ -29,25 +29,23 @@ metadata:
    service: web
 data:
  resultsdb_frontend.conf: |-
-    WSGIDaemonProcess resultsdb_frontend user=apache group=apache threads=5 home=/usr/share/resultsdb_frontend
-    WSGIScriptAlias / /usr/share/resultsdb_frontend/conf/resultsdb_frontend.wsgi
-    WSGISocketPrefix run/wsgi
-
-    # this isn't the best way to force SSL but it works for now
-    #RewriteEngine On
-    #RewriteCond %{HTTPS} !=on
-    #RewriteRule ^/resultsdb_frontend/admin/?(.*) https://%{SERVER_NAME}/$1 [R,L]
-
+    WSGIDaemonProcess resultsdb_frontend user=apache group=apache threads=5
+    WSGIScriptAlias /web /usr/share/resultsdb_frontend/resultsdb_frontend.wsgi
+    WSGISocketPrefix /tmp/wsgi
+    
    <Directory /usr/share/resultsdb_frontend>
-      WSGIProcessGroup resultsdb_frontend
-      WSGIApplicationGroup %{GLOBAL}
-      WSGIScriptReloading On
-      <IfModule mod_authz_core.c>
-        # Apache 2.4
-        Require all granted
-      </IfModule>
-      <IfModule !mod_auth_core.c>
-        Order allow,deny
+        WSGIProcessGroup resultsdb_frontend 
+        WSGIApplicationGroup %{GLOBAL}
+        WSGIScriptReloading On
+    
+        Order deny,allow
        Allow from all
-      </IfModule>
-    </Directory>
+        <IfModule mod_authz_core.c>
+            # Apache 2.4
+            Require all granted
+        </IfModule>
+        <IfModule !mod_auth_core.c>
+          Order allow,deny
+          Allow from all
+        </IfModule>
+    </Directory> 
--- a/roles/openshift-apps/resultsdb/templates/frontend/deploymentconfigs.yml
+++ b/roles/openshift-apps/resultsdb/templates/frontend/deploymentconfigs.yml
@ -27,13 +27,19 @@ spec:
 {% endif %}
          imagePullPolicy: Always
          ports:
-            - containerPort: 5001
-          envFrom:
-            - secretRef:
-                name: resultsdb-frontend-key
+            - containerPort: 5002
+          env:
+            - name: RESULTSDB_WSGI_SCRIPT_PATH
+              value: "/usr/share/resultsdb_frontend/resultsdb_frontend.wsgi"
+            - name: RESULTSDB_THREADS
+              value: "5"
+            - name: RESULTSDB_CONF_PATH
+              value: "/etc/httpd/conf.d/resultsdb_frontend.conf"
+            - name: RESULTSDB_LOG_LEVEL
+              value: "info"
          volumeMounts:
            - name: config-volume
-              mountPath: /etc/resultsdb
+              mountPath: /etc/resultsdb_frontend
              readOnly: true
            - name: httpd-config-volume
              mountPath: /etc/httpd/conf.d
@ -43,13 +49,13 @@ spec:
            initialDelaySeconds: 5
            httpGet:
              path: /
-              port: 5001
+              port: 5002
          livenessProbe:
            timeoutSeconds: 1
            initialDelaySeconds: 30
            httpGet:
              path: /
-              port: 5001
+              port: 5002
          # Limit to 384MB memory. This is probably *not* enough but it is
          # necessary in the current environment to allow for 2 replicas and
          # rolling updates, without hitting the (very aggressive) memory quota.
@ -59,8 +65,8 @@ spec:
              cpu: 0.3
      volumes:
        - name: config-volume
-          configMap:
-            name: "resultsdb-frontend-app-config"
+          secret:
+            secretName: "resultsdb-frontend-app-config"
        - name: httpd-config-volume
          configMap:
            name: "resultsdb-frontend-httpd-config"
--- a/roles/openshift-apps/resultsdb/templates/frontend/secrets.yml
+++ b/roles/openshift-apps/resultsdb/templates/frontend/secrets.yml
@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  # name: resultsdb-frontend-key
+  name: resultsdb-frontend-app-config
+  labels:
+    app: resultsdb
+    service: web
+stringData:
+  settings.py: |-
+    import os    
+{% if env == 'staging' %}
+    RDB_URL = '{{ stg_resultsdb_frontend_api_url }}'
+{% else %}
+    RDB_URL = '{{ prod_resultsdb_frontend_api_url }}'
+{% endif %}
+{% if env == 'staging' %}
+    SECRET_KEY = '{{ stg_resultsdb_frontend_secret_key }}'
+{% else %}
+    SECRET_KEY = '{{ prod_resultsdb_frontend_secret_key }}'
+{% endif %}
+    FILE_LOGGING = False
+    LOGFILE = '/var/log/resultsdb_frontend/resultsdb_frontend.log'
+    SYSLOG_LOGGING = False
+    STREAM_LOGGING = True
--- a/roles/openshift-apps/resultsdb/templates/frontend/services.yml
+++ b/roles/openshift-apps/resultsdb/templates/frontend/services.yml
@ -11,5 +11,5 @@ spec:
    service: web
  ports:
    - name: web
-      port: 5001
-      targetPort: 5001
+      port: 5002
+      targetPort: 5002
--- a/roles/openshift-apps/resultsdb/templates/routes.yml
+++ b/roles/openshift-apps/resultsdb/templates/routes.yml
@ -1,16 +0,0 @@
-apiVersion: v1
-  kind: Route
-  metadata:
-    name: "resultsdb-test-api"
-    labels:
-      app: resultsdb
-  spec:
-    path: /api
-    port:
-      targetPort: api
-    to:
-      kind: Service
-      name: "resultsdb-api"
-    tls:
-      termination: edge
-      insecureEdgeTerminationPolicy: Redirect
--- a/roles/openshift-apps/resultsdb/vars/main.yml
+++ b/roles/openshift-apps/resultsdb/vars/main.yml
@ -1,6 +1,16 @@
+# backend vars
+prod_resultsdb_image: quay.io/fedora-kube-sig/resultsdb-backend:latest-f35
+stg_resultsdb_image: quay.io/fedora-kube-sig/resultsdb-backend:latest-f35
+
 resultsdb_publish: true
 resultsdb_mod_wsgi_dir: '${MOD_WSGI_MODULES_DIRECTORY}'

 # For CRASHED see: https://pagure.io/task-abicheck/issue/19
 # For QUEUED and RUNNING see: https://pagure.io/fedora-infrastructure/issue/8989
 resultsdb_additional_result_outcomes: ['CRASHED', 'QUEUED', 'RUNNING']
+
+# frontend vars
+stg_resultsdb_frontend_image: 'quay.io/fedora-kube-sig/resultsdb-frontend:latest-f35'
+prod_resultsdb_frontend_image: 'quay.io/fedora-kube-sig/resultsdb-frontend:latest-f35'
+prod_resultsdb_frontend_api_url: 'http://resultsdb-api.resultsdb.svc.cluster.local:5001/api/v2.0'
+stg_resultsdb_frontend_api_url: 'http://resultsdb-api.resultsdb.svc.cluster.local:5001/api/v2.0'