diff --git a/playbooks/openshift-apps/resultsdb-frontend.yml b/playbooks/openshift-apps/resultsdb-frontend.yml
deleted file mode 100644
index fcba6eb401..0000000000
--- a/playbooks/openshift-apps/resultsdb-frontend.yml
+++ /dev/null
@@ -1,61 +0,0 @@
-- name: make the app be real
- # hosts: os_masters[0]:os_masters_stg[0]
- hosts: os_masters_stg[0]
- user: root
- gather_facts: False
-
- vars_files:
- - /srv/web/infra/ansible/vars/global.yml
- - /srv/private/ansible/vars.yml
- - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- - /srv/web/infra/ansible/roles/openshift-apps/resultsdb-frontend/vars/main.yml
-
- roles:
- # The openshift/project role breaks if the project already exists:
- # https://pagure.io/fedora-infrastructure/issue/6404
- - role: openshift/project
- app: resultsdb-frontend
- description: resultsdb
- appowners:
- - ralph
- - mjia
- - dcallagh
- - gnaponie
- - cverna
- - pingou
- - lholecek
- - vmaljulin
- - lrossett
- tags:
- - apply-appowners
-
- - role: openshift/object
- app: resultsdb-frontend
- template: secrets.yml
- objectname: secrets.yml
-
- - role: openshift/object
- app: resultsdb-frontend
- template: configmaps.yml
- objectname: configmaps.yml
-
- - role: openshift/object
- app: resultsdb-frontend
- template: deploymentconfigs.yml
- objectname: deploymentconfigs.yml
-
- - role: openshift/object
- app: resultsdb-frontend
- template: services.yml
- objectname: services.yml
-
- - role: openshift/route
- app: resultsdb-frontend
- routename: web
- host: "resultsdb{{ env_suffix }}.fedoraproject.org"
- serviceport: web
- servicename: resultsdb-frontend
-
- - role: openshift/rollout
- app: resultsdb-frontend
- dcname: "resultsdb-frontend"
diff --git a/playbooks/openshift-apps/resultsdb.yml b/playbooks/openshift-apps/resultsdb.yml
index c20978b591..cddc37279c 100644
--- a/playbooks/openshift-apps/resultsdb.yml
+++ b/playbooks/openshift-apps/resultsdb.yml
@@ -1,3 +1,4 @@
+---
- name: setup the database
hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org
gather_facts: no
@@ -27,10 +28,10 @@
- name: make the app be real
- hosts: os_masters[0]:os_masters_stg[0]
+ # hosts: os_masters[0]:os_masters_stg[0]
+ hosts: os_masters_stg[0]
user: root
- gather_facts: False
-
+ gather_facts: no
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- /srv/private/ansible/vars.yml
@@ -59,11 +60,6 @@
tags:
- apply-appowners
- - role: openshift/object
- app: resultsdb
- template: secrets.yml
- objectname: secrets.yml
-
- role: openshift/secret-file
app: resultsdb
secret_name: resultsdb-fedora-messaging-key
@@ -82,28 +78,70 @@
key: resultsdb.ca
privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+ # backend objects
- role: openshift/object
app: resultsdb
- template: configmaps.yml
- objectname: configmaps.yml
+ template: backend/secrets.yml
+ objectname: backend-secrets.yml
- role: openshift/object
app: resultsdb
- template: deploymentconfigs.yml
- objectname: deploymentconfigs.yml
+ template: backend/configmaps.yml
+ objectname: backend-configmaps.yml
- role: openshift/object
app: resultsdb
- template: services.yml
- objectname: services.yml
+ template: backend/deploymentconfigs.yml
+ objectname: backend-deploymentconfigs.yml
+
+ - role: openshift/object
+ app: resultsdb
+ template: backend/services.yml
+ objectname: backend-services.yml
- role: openshift/route
app: resultsdb
- routename: api-pretty
+ routename: resultsdb-api
host: "resultsdb{{ env_suffix }}.fedoraproject.org"
serviceport: api
servicename: resultsdb-api
+ path: /api
+
+ # frontend objects
+ - role: openshift/object
+ app: resultsdb
+ template: frontend/secrets.yml
+ objectname: frontend-secrets.yml
+
+ - role: openshift/object
+ app: resultsdb
+ template: frontend/configmaps.yml
+ objectname: frontend-configmaps.yml
+
+ - role: openshift/object
+ app: resultsdb
+ template: frontend/deploymentconfigs.yml
+ objectname: frontend-deploymentconfigs.yml
+
+ - role: openshift/object
+ app: resultsdb
+ template: frontend/services.yml
+ objectname: frontend-services.yml
+
+ - role: openshift/route
+ app: resultsdb
+ host: "resultsdb{{ env_suffix }}.fedoraproject.org"
+ serviceport: web
+ servicename: resultsdb-frontend
+ path: /web
+
+ # rollouts
+ - role: openshift/rollout
+ app: resultsdb
+ dcname: "resultsdb-api"
+ failed_when: false
- role: openshift/rollout
app: resultsdb
- dcname: "resultsdb-api"
\ No newline at end of file
+ dcname: "resultsdb-frontend"
+ failed_when: false
diff --git a/roles/openshift-apps/resultsdb-frontend/templates/routes.yml b/roles/openshift-apps/resultsdb-frontend/templates/routes.yml
deleted file mode 100644
index f817ccede1..0000000000
--- a/roles/openshift-apps/resultsdb-frontend/templates/routes.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: v1
- kind: Route
- metadata:
- name: "resultsdb-frontend"
- labels:
- app: resultsdb
- service: web
- spec:
- path: /web
- port:
- targetPort: web
- to:
- kind: Service
- name: "resultsdb-frontend"
- tls:
- termination: edge
- insecureEdgeTerminationPolicy: Redirect
diff --git a/roles/openshift-apps/resultsdb-frontend/templates/secrets.yml b/roles/openshift-apps/resultsdb-frontend/templates/secrets.yml
deleted file mode 100644
index bc4d513906..0000000000
--- a/roles/openshift-apps/resultsdb-frontend/templates/secrets.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
- name: resultsdb-frontend-key
- labels:
- app: resultsdb
- service: web
-stringData:
-{% if env == 'staging' %}
- RESULTSDB_FRONTEND_SECRET_KEY: "{{ stg_resultsdb_frontend_secret_key }}"
-{% else %}
- RESULTSDB_FRONTEND_SECRET_KEY: "{{ prod_resultsdb_frontend_secret_key }}"
-{% endif %}
diff --git a/roles/openshift-apps/resultsdb-frontend/vars/main.yml b/roles/openshift-apps/resultsdb-frontend/vars/main.yml
deleted file mode 100644
index ddc804006b..0000000000
--- a/roles/openshift-apps/resultsdb-frontend/vars/main.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-stg_resultsdb_frontend_image: 'quay.io/fedora-kube-sig/resultsdb:latest'
-prod_resultsdb_frontend_image: 'quay.io/fedora-kube-sig/resultsdb:latest'
-prod_resultsdb_frontend_api_url: 'https://resultsdb.fedoraproject.org/'
-stg_resultsdb_frontend_api_url: 'https://resultsdb.stg.fedoraproject.org/'
diff --git a/roles/openshift-apps/resultsdb/templates/configmaps.yml b/roles/openshift-apps/resultsdb/templates/backend/configmaps.yml
similarity index 99%
rename from roles/openshift-apps/resultsdb/templates/configmaps.yml
rename to roles/openshift-apps/resultsdb/templates/backend/configmaps.yml
index 753fd5dfe6..a1a9f1b878 100644
--- a/roles/openshift-apps/resultsdb/templates/configmaps.yml
+++ b/roles/openshift-apps/resultsdb/templates/backend/configmaps.yml
@@ -47,4 +47,4 @@ data:
ca_cert = "/etc/pki/rabbitmq/ca/resultsdb.ca"
keyfile = "/etc/pki/rabbitmq/key/resultsdb.key"
certfile = "/etc/pki/rabbitmq/crt/resultsdb.crt"
-{% endif %}
\ No newline at end of file
+{% endif %}
diff --git a/roles/openshift-apps/resultsdb/templates/deploymentconfigs.yml b/roles/openshift-apps/resultsdb/templates/backend/deploymentconfigs.yml
similarity index 88%
rename from roles/openshift-apps/resultsdb/templates/deploymentconfigs.yml
rename to roles/openshift-apps/resultsdb/templates/backend/deploymentconfigs.yml
index c7ebd028ad..a829280451 100644
--- a/roles/openshift-apps/resultsdb/templates/deploymentconfigs.yml
+++ b/roles/openshift-apps/resultsdb/templates/backend/deploymentconfigs.yml
@@ -49,6 +49,17 @@ spec:
image: "{{ prod_resultsdb_image }}"
{% endif %}
imagePullPolicy: Always
+ env:
+ - name: RESULTSDB_WSGI_SCRIPT_PATH
+ value: "/usr/share/resultsdb/resultsdb.wsgi"
+ - name: RESULTSDB_THREADS
+ value: "5"
+ - name: RESULTSDB_CONF_PATH
+ value: "/etc/httpd/conf.d/resultsdb.conf"
+ - name: RESULTSDB_LOG_LEVEL
+ value: "info"
+ - name: RESULTSDB_MESSAGING
+ value: "Y"
ports:
- containerPort: 5001
volumeMounts:
@@ -113,4 +124,4 @@ spec:
secretName: resultsdb-fedora-messaging-key
{% endif %}
triggers:
- - type: ConfigChange}
+ - type: ConfigChange
diff --git a/roles/openshift-apps/resultsdb/templates/secrets.yml b/roles/openshift-apps/resultsdb/templates/backend/secrets.yml
similarity index 100%
rename from roles/openshift-apps/resultsdb/templates/secrets.yml
rename to roles/openshift-apps/resultsdb/templates/backend/secrets.yml
diff --git a/roles/openshift-apps/resultsdb/templates/services.yml b/roles/openshift-apps/resultsdb/templates/backend/services.yml
similarity index 100%
rename from roles/openshift-apps/resultsdb/templates/services.yml
rename to roles/openshift-apps/resultsdb/templates/backend/services.yml
diff --git a/roles/openshift-apps/resultsdb-frontend/templates/configmaps.yml b/roles/openshift-apps/resultsdb/templates/frontend/configmaps.yml
similarity index 55%
rename from roles/openshift-apps/resultsdb-frontend/templates/configmaps.yml
rename to roles/openshift-apps/resultsdb/templates/frontend/configmaps.yml
index e5c7c17604..877bacd22c 100644
--- a/roles/openshift-apps/resultsdb-frontend/templates/configmaps.yml
+++ b/roles/openshift-apps/resultsdb/templates/frontend/configmaps.yml
@@ -29,25 +29,23 @@ metadata:
service: web
data:
resultsdb_frontend.conf: |-
- WSGIDaemonProcess resultsdb_frontend user=apache group=apache threads=5 home=/usr/share/resultsdb_frontend
- WSGIScriptAlias / /usr/share/resultsdb_frontend/conf/resultsdb_frontend.wsgi
- WSGISocketPrefix run/wsgi
-
- # this isn't the best way to force SSL but it works for now
- #RewriteEngine On
- #RewriteCond %{HTTPS} !=on
- #RewriteRule ^/resultsdb_frontend/admin/?(.*) https://%{SERVER_NAME}/$1 [R,L]
-
+ WSGIDaemonProcess resultsdb_frontend user=apache group=apache threads=5
+ WSGIScriptAlias /web /usr/share/resultsdb_frontend/resultsdb_frontend.wsgi
+ WSGISocketPrefix /tmp/wsgi
+
- WSGIProcessGroup resultsdb_frontend
- WSGIApplicationGroup %{GLOBAL}
- WSGIScriptReloading On
-
- # Apache 2.4
- Require all granted
-
-
- Order allow,deny
+ WSGIProcessGroup resultsdb_frontend
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIScriptReloading On
+
+ Order deny,allow
Allow from all
-
-
+
+ # Apache 2.4
+ Require all granted
+
+
+ Order allow,deny
+ Allow from all
+
+
diff --git a/roles/openshift-apps/resultsdb-frontend/templates/deploymentconfigs.yml b/roles/openshift-apps/resultsdb/templates/frontend/deploymentconfigs.yml
similarity index 72%
rename from roles/openshift-apps/resultsdb-frontend/templates/deploymentconfigs.yml
rename to roles/openshift-apps/resultsdb/templates/frontend/deploymentconfigs.yml
index 4c23d8d9e1..90a46463ee 100644
--- a/roles/openshift-apps/resultsdb-frontend/templates/deploymentconfigs.yml
+++ b/roles/openshift-apps/resultsdb/templates/frontend/deploymentconfigs.yml
@@ -27,13 +27,19 @@ spec:
{% endif %}
imagePullPolicy: Always
ports:
- - containerPort: 5001
- envFrom:
- - secretRef:
- name: resultsdb-frontend-key
+ - containerPort: 5002
+ env:
+ - name: RESULTSDB_WSGI_SCRIPT_PATH
+ value: "/usr/share/resultsdb_frontend/resultsdb_frontend.wsgi"
+ - name: RESULTSDB_THREADS
+ value: "5"
+ - name: RESULTSDB_CONF_PATH
+ value: "/etc/httpd/conf.d/resultsdb_frontend.conf"
+ - name: RESULTSDB_LOG_LEVEL
+ value: "info"
volumeMounts:
- name: config-volume
- mountPath: /etc/resultsdb
+ mountPath: /etc/resultsdb_frontend
readOnly: true
- name: httpd-config-volume
mountPath: /etc/httpd/conf.d
@@ -43,13 +49,13 @@ spec:
initialDelaySeconds: 5
httpGet:
path: /
- port: 5001
+ port: 5002
livenessProbe:
timeoutSeconds: 1
initialDelaySeconds: 30
httpGet:
path: /
- port: 5001
+ port: 5002
# Limit to 384MB memory. This is probably *not* enough but it is
# necessary in the current environment to allow for 2 replicas and
# rolling updates, without hitting the (very aggressive) memory quota.
@@ -59,8 +65,8 @@ spec:
cpu: 0.3
volumes:
- name: config-volume
- configMap:
- name: "resultsdb-frontend-app-config"
+ secret:
+ secretName: "resultsdb-frontend-app-config"
- name: httpd-config-volume
configMap:
name: "resultsdb-frontend-httpd-config"
diff --git a/roles/openshift-apps/resultsdb/templates/frontend/secrets.yml b/roles/openshift-apps/resultsdb/templates/frontend/secrets.yml
new file mode 100644
index 0000000000..5689051132
--- /dev/null
+++ b/roles/openshift-apps/resultsdb/templates/frontend/secrets.yml
@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ # name: resultsdb-frontend-key
+ name: resultsdb-frontend-app-config
+ labels:
+ app: resultsdb
+ service: web
+stringData:
+ settings.py: |-
+ import os
+{% if env == 'staging' %}
+ RDB_URL = '{{ stg_resultsdb_frontend_api_url }}'
+{% else %}
+ RDB_URL = '{{ prod_resultsdb_frontend_api_url }}'
+{% endif %}
+{% if env == 'staging' %}
+ SECRET_KEY = '{{ stg_resultsdb_frontend_secret_key }}'
+{% else %}
+ SECRET_KEY = '{{ prod_resultsdb_frontend_secret_key }}'
+{% endif %}
+ FILE_LOGGING = False
+ LOGFILE = '/var/log/resultsdb_frontend/resultsdb_frontend.log'
+ SYSLOG_LOGGING = False
+ STREAM_LOGGING = True
diff --git a/roles/openshift-apps/resultsdb-frontend/templates/services.yml b/roles/openshift-apps/resultsdb/templates/frontend/services.yml
similarity index 82%
rename from roles/openshift-apps/resultsdb-frontend/templates/services.yml
rename to roles/openshift-apps/resultsdb/templates/frontend/services.yml
index 59c82887ec..3c9730506a 100644
--- a/roles/openshift-apps/resultsdb-frontend/templates/services.yml
+++ b/roles/openshift-apps/resultsdb/templates/frontend/services.yml
@@ -11,5 +11,5 @@ spec:
service: web
ports:
- name: web
- port: 5001
- targetPort: 5001
+ port: 5002
+ targetPort: 5002
diff --git a/roles/openshift-apps/resultsdb/templates/routes.yml b/roles/openshift-apps/resultsdb/templates/routes.yml
deleted file mode 100644
index 32ca3120f4..0000000000
--- a/roles/openshift-apps/resultsdb/templates/routes.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-apiVersion: v1
- kind: Route
- metadata:
- name: "resultsdb-test-api"
- labels:
- app: resultsdb
- spec:
- path: /api
- port:
- targetPort: api
- to:
- kind: Service
- name: "resultsdb-api"
- tls:
- termination: edge
- insecureEdgeTerminationPolicy: Redirect
diff --git a/roles/openshift-apps/resultsdb/vars/main.yml b/roles/openshift-apps/resultsdb/vars/main.yml
index ffa81c7c46..5e9db8b649 100644
--- a/roles/openshift-apps/resultsdb/vars/main.yml
+++ b/roles/openshift-apps/resultsdb/vars/main.yml
@@ -1,6 +1,16 @@
+# backend vars
+prod_resultsdb_image: quay.io/fedora-kube-sig/resultsdb-backend:latest-f35
+stg_resultsdb_image: quay.io/fedora-kube-sig/resultsdb-backend:latest-f35
+
resultsdb_publish: true
resultsdb_mod_wsgi_dir: '${MOD_WSGI_MODULES_DIRECTORY}'
# For CRASHED see: https://pagure.io/task-abicheck/issue/19
# For QUEUED and RUNNING see: https://pagure.io/fedora-infrastructure/issue/8989
resultsdb_additional_result_outcomes: ['CRASHED', 'QUEUED', 'RUNNING']
+
+# frontend vars
+stg_resultsdb_frontend_image: 'quay.io/fedora-kube-sig/resultsdb-frontend:latest-f35'
+prod_resultsdb_frontend_image: 'quay.io/fedora-kube-sig/resultsdb-frontend:latest-f35'
+prod_resultsdb_frontend_api_url: 'http://resultsdb-api.resultsdb.svc.cluster.local:5001/api/v2.0'
+stg_resultsdb_frontend_api_url: 'http://resultsdb-api.resultsdb.svc.cluster.local:5001/api/v2.0'