Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

[discourse2fedmsg] prepare discourse2fedmsg for openshift deployment

Browse source 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
This commit is contained in:
Ryan Lercho 2021-11-10 21:52:31 +10:00
parent aa11d465e6
commit 51e29f46c9
11 changed files with 190 additions and 74 deletions
Download patch file Download diff file Expand all files Collapse all files

61
playbooks/openshift-apps/discourse2fedmsg.yml
View file

@ -1,5 +1,5 @@
- name: make the app be real
hosts: os_masters_stg[0]
hosts: os_masters[0]:os_masters_stg[0]
user: root
gather_facts: False
@ -9,19 +9,48 @@
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- role: rabbit/user
username: "discourse2fedmsg{{ env_suffix }}"
- role: openshift/project
app: discourse2fedmsg
description: discourse2fedmsg
description: "Relay Discourse webhooks to Fedora Messaging"
appowners:
- puiterwijk
- ryanlerch
- abompard
tags:
- apply-appowners
- role: openshift/secret-file
app: discourse2fedmsg
secret_name: fedora-messaging-ca
key: cacert.pem
privatefile: "rabbitmq/{{env}}/pki/ca.crt"
- role: openshift/secret-file
app: discourse2fedmsg
secret_name: fedora-messaging-crt
key: discourse2fedmsg-cert.pem
privatefile: "rabbitmq/{{env}}/pki/issued/discourse2fedmsg{{env_suffix}}.crt"
- role: openshift/secret-file
app: discourse2fedmsg
secret_name: fedora-messaging-key
key: discourse2fedmsg-key.pem
privatefile: "rabbitmq/{{env}}/pki/private/discourse2fedmsg{{env_suffix}}.key"
- role: openshift/imagestream
app: discourse2fedmsg
imagename: discourse2fedmsg
- role: openshift/object
app: discourse2fedmsg
file: imagestream.yml
objectname: imagestream.yml
- role: openshift/object
app: discourse2fedmsg
file: buildconfig.yml
template: buildconfig.yml
objectname: buildconfig.yml
- role: openshift/object
app: discourse2fedmsg
template: configmap.yml
objectname: configmap.yml
- role: openshift/start-build
app: discourse2fedmsg
@ -35,14 +64,22 @@
- role: openshift/route
app: discourse2fedmsg
routename: discourse2fedmsg
serviceport: 8080-tcp
servicename: discourse2fedmsg
host: "discourse2fedmsg{{ env_suffix }}.fedoraproject.org"
serviceport: web
servicename: discourse2fedmsg-web
- role: openshift/object
app: discourse2fedmsg
template: deploymentconfig.yml
objectname: deploymentconfig.yml
- role: openshift/rollout
app: discourse2fedmsg
dcname: discourse2fedmsg
# - role: openshift/start-build
# app: discourse2fedmsg
# buildname: discourse2fedmsg
# tags:
# - never
# - build
# - role: openshift/rollout
# app: discourse2fedmsg
# dcname: discourse2fedmsg

2
roles/openshift-apps/datagrepper/templates/configmap.yml
View file

@ -20,7 +20,7 @@ items:
metadata:
name: wsgi-script
labels:
app: {{ app }}
app: Datagrepper
data:
wsgi.py: |-
{{ load_file('wsgi.py') | indent(6) }}

24
roles/openshift-apps/discourse2fedmsg/files/buildconfig.yml
View file

@ -1,24 +0,0 @@
apiVersion: v1
kind: BuildConfig
metadata:
name: discourse2fedmsg-build
labels:
environment: "discourse2fedmsg"
spec:
output:
to:
kind: ImageStreamTag
name: discourse2fedmsg:latest
source:
type: Git
git:
uri: https://pagure.io/discourse2fedmsg.git
strategy:
type: Source
sourceStrategy:
from:
kind: ImageStreamTag
name: python-27-rhel7:latest
triggers:
- type: ConfigChange
- type: ImageChange

18
roles/openshift-apps/discourse2fedmsg/files/imagestream.yml
View file

@ -8,21 +8,3 @@ spec:
local: false
status:
dockerImageRepository: ""
---
apiVersion: v1
kind: ImageStream
metadata:
name: python-27-rhel7
spec:
lookupPolicy:
local: false
tags:
- from:
kind: DockerImage
name: registry.access.redhat.com/rhscl/python-27-rhel7
importPolicy: {}
name: latest
referencePolicy:
type: Source
status:
dockerImageRepository: ""

10
roles/openshift-apps/discourse2fedmsg/files/service.yml
View file

@ -1,16 +1,14 @@
apiVersion: v1
kind: Service
metadata:
name: discourse2fedmsg-web
labels:
app: discourse2fedmsg
name: discourse2fedmsg
spec:
ports:
- name: 8080-tcp
port: 8080
protocol: TCP
targetPort: 8080
- name: web
port: 8080
targetPort: 8080
selector:
app: discourse2fedmsg
deploymentconfig: discourse2fedmsg

36
roles/openshift-apps/discourse2fedmsg/templates/buildconfig.yml Normal file
View file

@ -0,0 +1,36 @@
apiVersion: v1
kind: BuildConfig
metadata:
name: discourse2fedmsg
labels:
app: discourse2fedmsg
build: discourse2fedmsg
spec:
output:
to:
kind: ImageStreamTag
name: discourse2fedmsg:latest
source:
type: Git
git:
uri: https://github.com/fedora-infra/discourse2fedmsg.git
{% if env == "staging" %}
ref: staging
{% else %}
ref: stable
{% endif %}
strategy:
type: Source
sourceStrategy:
from:
kind: ImageStreamTag
namespace: openshift
name: python:3.6
triggers:
- type: ConfigChange
- type: ImageChange
{% if discourse2fedmsg_stg_github_secret is defined and env == 'staging' %}
- type: GitHub
github:
secret: "{{ discourse2fedmsg_stg_github_secret }}"
{% endif %}

34
roles/openshift-apps/discourse2fedmsg/templates/configmap.yml Normal file
View file

@ -0,0 +1,34 @@
{% macro load_file(filename) %}{% include filename %}{%- endmacro -%}
---
apiVersion: v1
kind: List
metadata: {}
items:
- apiVersion: v1
kind: ConfigMap
metadata:
name: discourse2fedmsg-config
labels:
app: discourse2fedmsg
data:
discourse2fedmsg.cfg: |-
{{ load_file('discourse2fedmsg.cfg.py') | indent(6) }}
- apiVersion: v1
kind: ConfigMap
metadata:
name: wsgi-script
labels:
app: discourse2fedmsg
data:
wsgi.py: |-
{{ load_file('wsgi.py') | indent(6) }}
__init__.py: ""
- apiVersion: v1
kind: ConfigMap
metadata:
name: fedora-messaging-config
labels:
app: discourse2fedmsg
data:
config.toml: |-
{{ load_file('fedora-messaging.toml') | indent(6) }}

61
roles/openshift-apps/discourse2fedmsg/templates/deploymentconfig.yml
View file

@ -7,7 +7,7 @@ metadata:
service: discourse2fedmsg
name: discourse2fedmsg
spec:
replicas: 2
replicas: 1
selector:
app: discourse2fedmsg
deploymentconfig: discourse2fedmsg
@ -24,24 +24,67 @@ spec:
name: discourse2fedmsg
env:
- name: APP_MODULE
value: "discourse2fedmsg:app"
- name: DISCOURSE2FEDMSG_SECRET
value: "{{ discourse2fedmsg_secret }}"
value: "deploy.wsgi"
- name: FLASK_CONFIG
value: "/etc/discourse2fedmsg/discourse2fedmsg.cfg"
ports:
- containerPort: 8080
protocol: TCP
volumeMounts:
- name: discourse2fedmsg-config-volume
mountPath: "/etc/discourse2fedmsg"
readOnly: true
- name: wsgi-script-volume
mountPath: "/opt/app-root/src/deploy"
readOnly: true
- name: fedora-messaging-config-volume
mountPath: "/etc/fedora-messaging"
readOnly: true
- name: fedora-messaging-ca-volume
mountPath: /etc/pki/fedora-messaging/cacert.pem
subPath: cacert.pem
readOnly: true
- name: fedora-messaging-crt-volume
mountPath: /etc/pki/fedora-messaging/noggin-cert.pem
subPath: noggin-cert.pem
readOnly: true
- name: fedora-messaging-key-volume
mountPath: /etc/pki/fedora-messaging/noggin-key.pem
subPath: noggin-key.pem
readOnly: true
readinessProbe:
timeoutSeconds: 1
timeoutSeconds: 10
initialDelaySeconds: 5
periodSeconds: 60
httpGet:
path: /
path: "/healthz/ready"
port: 8080
livenessProbe:
timeoutSeconds: 1
initialDelaySeconds: 30
timeoutSeconds: 10
initialDelaySeconds: 3
periodSeconds: 60
httpGet:
path: /
path: "/healthz/live"
port: 8080
volumes:
- name: discourse2fedmsg-config-volume
configMap:
name: discourse2fedmsg-config
- name: wsgi-script-volume
configMap:
name: wsgi-script
- name: fedora-messaging-config-volume
configMap:
name: fedora-messaging-config
- name: fedora-messaging-ca-volume
secret:
secretName: fedora-messaging-ca
- name: fedora-messaging-crt-volume
secret:
secretName: fedora-messaging-crt
- name: fedora-messaging-key-volume
secret:
secretName: fedora-messaging-key
triggers:
- type: ConfigChange

6
roles/openshift-apps/discourse2fedmsg/templates/discourse2fedmsg.cfg.py Normal file
View file

@ -0,0 +1,6 @@
# secret set in discourse webhooks UI
{% if env == "staging" %}
DISCOURSE2FEDMSG_SECRET = "{{ discourse2fedmsg_stg_webhook_secret }}"
{% else %}
DISCOURSE2FEDMSG_SECRET = "{{ discourse2fedmsg_webhook_secret }}"
{% endif %}

8
roles/openshift-apps/datagrepper/templates/fedora-messaging.toml → roles/openshift-apps/discourse2fedmsg/templates/fedora-messaging.toml
View file

@ -1,4 +1,4 @@
amqp_url = "amqps://noggin:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub"
amqp_url = "amqps://discourse2fedmsg:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub"
# Just check if the queue exist, don't try to create it (the server does not allow it).
passive_declares = true
@ -13,11 +13,11 @@ topic_prefix = "org.fedoraproject.prod"
[tls]
ca_cert = "/etc/pki/fedora-messaging/cacert.pem"
keyfile = "/etc/pki/fedora-messaging/noggin-key.pem"
certfile = "/etc/pki/fedora-messaging/noggin-cert.pem"
keyfile = "/etc/pki/fedora-messaging/discourse2fedmsg-key.pem"
certfile = "/etc/pki/fedora-messaging/discourse2fedmsg-cert.pem"
[client_properties]
app = "Noggin"
app = "Discourse2Fedmsg"
[log_config]
version = 1

4
roles/openshift-apps/discourse2fedmsg/templates/wsgi.py Normal file
View file

@ -0,0 +1,4 @@
from werkzeug.middleware.proxy_fix import ProxyFix
from discourse2fedmsg.app import create_app
application = create_app()
application.wsgi_app = ProxyFix(application.wsgi_app, x_proto=1, x_host=1)