resultsdb all in one role

playbooks/openshift-apps/resultsdb-frontend.yml

@@ -1,61 +0,0 @@
-- name: make the app be real
-  # hosts: os_masters[0]:os_masters_stg[0]
-  hosts: os_masters_stg[0]
-  user: root
-  gather_facts: False
-
-  vars_files:
-    - /srv/web/infra/ansible/vars/global.yml
-    - /srv/private/ansible/vars.yml
-    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-    - /srv/web/infra/ansible/roles/openshift-apps/resultsdb-frontend/vars/main.yml
-
-  roles:
-    # The openshift/project role breaks if the project already exists:
-    # https://pagure.io/fedora-infrastructure/issue/6404
-    - role: openshift/project
-      app: resultsdb-frontend
-      description: resultsdb
-      appowners:
-        - ralph
-        - mjia
-        - dcallagh
-        - gnaponie
-        - cverna
-        - pingou
-        - lholecek
-        - vmaljulin
-        - lrossett
-      tags:
-        - apply-appowners
-
-    - role: openshift/object
-      app: resultsdb-frontend
-      template: secrets.yml
-      objectname: secrets.yml
-
-    - role: openshift/object
-      app: resultsdb-frontend
-      template: configmaps.yml
-      objectname: configmaps.yml
-
-    - role: openshift/object
-      app: resultsdb-frontend
-      template: deploymentconfigs.yml
-      objectname: deploymentconfigs.yml
-
-    - role: openshift/object
-      app: resultsdb-frontend
-      template: services.yml
-      objectname: services.yml
-
-    - role: openshift/route
-      app: resultsdb-frontend
-      routename: web
-      host: "resultsdb{{ env_suffix }}.fedoraproject.org"
-      serviceport: web
-      servicename: resultsdb-frontend
-
-    - role: openshift/rollout
-      app: resultsdb-frontend
-      dcname: "resultsdb-frontend"

playbooks/openshift-apps/resultsdb.yml

@@ -1,3 +1,4 @@
+---
 - name: setup the database
   hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org
   gather_facts: no
@@ -27,10 +28,10 @@
 
 
 - name: make the app be real
-  hosts: os_masters[0]:os_masters_stg[0]
+  # hosts: os_masters[0]:os_masters_stg[0]
+  hosts: os_masters_stg[0]
   user: root
-  gather_facts: False
+  gather_facts: no
-
   vars_files:
     - /srv/web/infra/ansible/vars/global.yml
     - /srv/private/ansible/vars.yml
@@ -59,11 +60,6 @@
       tags:
         - apply-appowners
 
-    - role: openshift/object
-      app: resultsdb
-      template: secrets.yml
-      objectname: secrets.yml
-
     - role: openshift/secret-file
       app: resultsdb
       secret_name: resultsdb-fedora-messaging-key
@@ -82,28 +78,70 @@
       key: resultsdb.ca
       privatefile: "rabbitmq/{{env}}/pki/ca.crt"
 
+    # backend objects
     - role: openshift/object
       app: resultsdb
-      template: configmaps.yml
+      template: backend/secrets.yml
-      objectname: configmaps.yml
+      objectname: backend-secrets.yml
 
     - role: openshift/object
       app: resultsdb
-      template: deploymentconfigs.yml
+      template: backend/configmaps.yml
-      objectname: deploymentconfigs.yml
+      objectname: backend-configmaps.yml
 
     - role: openshift/object
       app: resultsdb
-      template: services.yml
+      template: backend/deploymentconfigs.yml
-      objectname: services.yml
+      objectname: backend-deploymentconfigs.yml
+
+    - role: openshift/object
+      app: resultsdb
+      template: backend/services.yml
+      objectname: backend-services.yml
 
     - role: openshift/route
       app: resultsdb
-      routename: api-pretty
+      routename: resultsdb-api
       host: "resultsdb{{ env_suffix }}.fedoraproject.org"
       serviceport: api
       servicename: resultsdb-api
+      path: /api
 
+    # frontend objects
+    - role: openshift/object
+      app: resultsdb
+      template: frontend/secrets.yml
+      objectname: frontend-secrets.yml
+
+    - role: openshift/object
+      app: resultsdb
+      template: frontend/configmaps.yml
+      objectname: frontend-configmaps.yml
+
+    - role: openshift/object
+      app: resultsdb
+      template: frontend/deploymentconfigs.yml
+      objectname: frontend-deploymentconfigs.yml
+
+    - role: openshift/object
+      app: resultsdb
+      template: frontend/services.yml
+      objectname: frontend-services.yml
+
+    - role: openshift/route
+      app: resultsdb
+      host: "resultsdb{{ env_suffix }}.fedoraproject.org"
+      serviceport: web
+      servicename: resultsdb-frontend
+      path: /web
+
+    # rollouts
     - role: openshift/rollout
       app: resultsdb
       dcname: "resultsdb-api"
+      failed_when: false
+
+    - role: openshift/rollout
+      app: resultsdb
+      dcname: "resultsdb-frontend"
+      failed_when: false

roles/openshift-apps/resultsdb-frontend/templates/routes.yml

@@ -1,17 +0,0 @@
-apiVersion: v1
-  kind: Route
-  metadata:
-    name: "resultsdb-frontend"
-    labels:
-      app: resultsdb
-      service: web
-  spec:
-    path: /web
-    port:
-      targetPort: web
-    to:
-      kind: Service
-      name: "resultsdb-frontend"
-    tls:
-      termination: edge
-      insecureEdgeTerminationPolicy: Redirect

roles/openshift-apps/resultsdb-frontend/templates/secrets.yml

@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: resultsdb-frontend-key
-  labels:
-    app: resultsdb
-    service: web
-stringData:
-{% if env == 'staging' %}
-  RESULTSDB_FRONTEND_SECRET_KEY: "{{ stg_resultsdb_frontend_secret_key }}"
-{% else %}
-  RESULTSDB_FRONTEND_SECRET_KEY: "{{ prod_resultsdb_frontend_secret_key }}"
-{% endif %}

roles/openshift-apps/resultsdb-frontend/vars/main.yml

@@ -1,5 +0,0 @@
----
-stg_resultsdb_frontend_image: 'quay.io/fedora-kube-sig/resultsdb:latest'
-prod_resultsdb_frontend_image: 'quay.io/fedora-kube-sig/resultsdb:latest'
-prod_resultsdb_frontend_api_url: 'https://resultsdb.fedoraproject.org/'
-stg_resultsdb_frontend_api_url: 'https://resultsdb.stg.fedoraproject.org/'

roles/openshift-apps/resultsdb/templates/backend/deploymentconfigs.yml

@@ -49,6 +49,17 @@ spec:
           image: "{{ prod_resultsdb_image }}"
 {% endif %}
           imagePullPolicy: Always
+          env:
+            - name: RESULTSDB_WSGI_SCRIPT_PATH
+              value: "/usr/share/resultsdb/resultsdb.wsgi"
+            - name: RESULTSDB_THREADS
+              value: "5"
+            - name: RESULTSDB_CONF_PATH
+              value: "/etc/httpd/conf.d/resultsdb.conf"
+            - name: RESULTSDB_LOG_LEVEL
+              value: "info"
+            - name: RESULTSDB_MESSAGING
+              value: "Y"
           ports:
             - containerPort: 5001
           volumeMounts:
@@ -113,4 +124,4 @@ spec:
             secretName: resultsdb-fedora-messaging-key
 {% endif %}
   triggers:
-    - type: ConfigChange}
+    - type: ConfigChange

roles/openshift-apps/resultsdb/templates/frontend/configmaps.yml

@@ -29,19 +29,17 @@ metadata:
     service: web
 data:
   resultsdb_frontend.conf: |-
-    WSGIDaemonProcess resultsdb_frontend user=apache group=apache threads=5 home=/usr/share/resultsdb_frontend
+    WSGIDaemonProcess resultsdb_frontend user=apache group=apache threads=5
-    WSGIScriptAlias / /usr/share/resultsdb_frontend/conf/resultsdb_frontend.wsgi
+    WSGIScriptAlias /web /usr/share/resultsdb_frontend/resultsdb_frontend.wsgi
-    WSGISocketPrefix run/wsgi
+    WSGISocketPrefix /tmp/wsgi
-
-    # this isn't the best way to force SSL but it works for now
-    #RewriteEngine On
-    #RewriteCond %{HTTPS} !=on
-    #RewriteRule ^/resultsdb_frontend/admin/?(.*) https://%{SERVER_NAME}/$1 [R,L]
     
     <Directory /usr/share/resultsdb_frontend>
         WSGIProcessGroup resultsdb_frontend 
         WSGIApplicationGroup %{GLOBAL}
         WSGIScriptReloading On
+    
+        Order deny,allow
+        Allow from all
         <IfModule mod_authz_core.c>
             # Apache 2.4
             Require all granted

roles/openshift-apps/resultsdb/templates/frontend/deploymentconfigs.yml

@@ -27,13 +27,19 @@ spec:
 {% endif %}
           imagePullPolicy: Always
           ports:
-            - containerPort: 5001
+            - containerPort: 5002
-          envFrom:
+          env:
-            - secretRef:
+            - name: RESULTSDB_WSGI_SCRIPT_PATH
-                name: resultsdb-frontend-key
+              value: "/usr/share/resultsdb_frontend/resultsdb_frontend.wsgi"
+            - name: RESULTSDB_THREADS
+              value: "5"
+            - name: RESULTSDB_CONF_PATH
+              value: "/etc/httpd/conf.d/resultsdb_frontend.conf"
+            - name: RESULTSDB_LOG_LEVEL
+              value: "info"
           volumeMounts:
             - name: config-volume
-              mountPath: /etc/resultsdb
+              mountPath: /etc/resultsdb_frontend
               readOnly: true
             - name: httpd-config-volume
               mountPath: /etc/httpd/conf.d
@@ -43,13 +49,13 @@ spec:
             initialDelaySeconds: 5
             httpGet:
               path: /
-              port: 5001
+              port: 5002
           livenessProbe:
             timeoutSeconds: 1
             initialDelaySeconds: 30
             httpGet:
               path: /
-              port: 5001
+              port: 5002
           # Limit to 384MB memory. This is probably *not* enough but it is
           # necessary in the current environment to allow for 2 replicas and
           # rolling updates, without hitting the (very aggressive) memory quota.
@@ -59,8 +65,8 @@ spec:
               cpu: 0.3
       volumes:
         - name: config-volume
-          configMap:
+          secret:
-            name: "resultsdb-frontend-app-config"
+            secretName: "resultsdb-frontend-app-config"
         - name: httpd-config-volume
           configMap:
             name: "resultsdb-frontend-httpd-config"

roles/openshift-apps/resultsdb/templates/frontend/secrets.yml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  # name: resultsdb-frontend-key
+  name: resultsdb-frontend-app-config
+  labels:
+    app: resultsdb
+    service: web
+stringData:
+  settings.py: |-
+    import os    
+{% if env == 'staging' %}
+    RDB_URL = '{{ stg_resultsdb_frontend_api_url }}'
+{% else %}
+    RDB_URL = '{{ prod_resultsdb_frontend_api_url }}'
+{% endif %}
+{% if env == 'staging' %}
+    SECRET_KEY = '{{ stg_resultsdb_frontend_secret_key }}'
+{% else %}
+    SECRET_KEY = '{{ prod_resultsdb_frontend_secret_key }}'
+{% endif %}
+    FILE_LOGGING = False
+    LOGFILE = '/var/log/resultsdb_frontend/resultsdb_frontend.log'
+    SYSLOG_LOGGING = False
+    STREAM_LOGGING = True

roles/openshift-apps/resultsdb/templates/frontend/services.yml

@@ -11,5 +11,5 @@ spec:
     service: web
   ports:
     - name: web
-      port: 5001
+      port: 5002
-      targetPort: 5001
+      targetPort: 5002

roles/openshift-apps/resultsdb/templates/routes.yml

@@ -1,16 +0,0 @@
-apiVersion: v1
-  kind: Route
-  metadata:
-    name: "resultsdb-test-api"
-    labels:
-      app: resultsdb
-  spec:
-    path: /api
-    port:
-      targetPort: api
-    to:
-      kind: Service
-      name: "resultsdb-api"
-    tls:
-      termination: edge
-      insecureEdgeTerminationPolicy: Redirect

roles/openshift-apps/resultsdb/vars/main.yml

@@ -1,6 +1,16 @@
+# backend vars
+prod_resultsdb_image: quay.io/fedora-kube-sig/resultsdb-backend:latest-f35
+stg_resultsdb_image: quay.io/fedora-kube-sig/resultsdb-backend:latest-f35
+
 resultsdb_publish: true
 resultsdb_mod_wsgi_dir: '${MOD_WSGI_MODULES_DIRECTORY}'
 
 # For CRASHED see: https://pagure.io/task-abicheck/issue/19
 # For QUEUED and RUNNING see: https://pagure.io/fedora-infrastructure/issue/8989
 resultsdb_additional_result_outcomes: ['CRASHED', 'QUEUED', 'RUNNING']
+
+# frontend vars
+stg_resultsdb_frontend_image: 'quay.io/fedora-kube-sig/resultsdb-frontend:latest-f35'
+prod_resultsdb_frontend_image: 'quay.io/fedora-kube-sig/resultsdb-frontend:latest-f35'
+prod_resultsdb_frontend_api_url: 'http://resultsdb-api.resultsdb.svc.cluster.local:5001/api/v2.0'
+stg_resultsdb_frontend_api_url: 'http://resultsdb-api.resultsdb.svc.cluster.local:5001/api/v2.0'