From 51e29f46c91758963ccd23385ed1149129c4a499 Mon Sep 17 00:00:00 2001 From: Ryan Lerch Date: Wed, 10 Nov 2021 21:52:31 +1000 Subject: [PATCH] [discourse2fedmsg] prepare discourse2fedmsg for openshift deployment Signed-off-by: Ryan Lerch --- playbooks/openshift-apps/discourse2fedmsg.yml | 61 +++++++++++++++---- .../datagrepper/templates/configmap.yml | 2 +- .../discourse2fedmsg/files/buildconfig.yml | 24 -------- .../discourse2fedmsg/files/imagestream.yml | 18 ------ .../discourse2fedmsg/files/service.yml | 10 ++- .../templates/buildconfig.yml | 36 +++++++++++ .../discourse2fedmsg/templates/configmap.yml | 34 +++++++++++ .../templates/deploymentconfig.yml | 61 ++++++++++++++++--- .../templates/discourse2fedmsg.cfg.py | 6 ++ .../templates/fedora-messaging.toml | 8 +-- .../discourse2fedmsg/templates/wsgi.py | 4 ++ 11 files changed, 190 insertions(+), 74 deletions(-) delete mode 100644 roles/openshift-apps/discourse2fedmsg/files/buildconfig.yml create mode 100644 roles/openshift-apps/discourse2fedmsg/templates/buildconfig.yml create mode 100644 roles/openshift-apps/discourse2fedmsg/templates/configmap.yml create mode 100644 roles/openshift-apps/discourse2fedmsg/templates/discourse2fedmsg.cfg.py rename roles/openshift-apps/{datagrepper => discourse2fedmsg}/templates/fedora-messaging.toml (78%) create mode 100644 roles/openshift-apps/discourse2fedmsg/templates/wsgi.py diff --git a/playbooks/openshift-apps/discourse2fedmsg.yml b/playbooks/openshift-apps/discourse2fedmsg.yml index 8d93e090bc..222fb675c9 100644 --- a/playbooks/openshift-apps/discourse2fedmsg.yml +++ b/playbooks/openshift-apps/discourse2fedmsg.yml @@ -1,5 +1,5 @@ - name: make the app be real - hosts: os_masters_stg[0] + hosts: os_masters[0]:os_masters_stg[0] user: root gather_facts: False @@ -9,19 +9,48 @@ - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: + - role: rabbit/user + username: "discourse2fedmsg{{ env_suffix }}" + - role: openshift/project app: discourse2fedmsg - description: discourse2fedmsg + description: "Relay Discourse webhooks to Fedora Messaging" appowners: - puiterwijk + - ryanlerch + - abompard + tags: + - apply-appowners + + - role: openshift/secret-file + app: discourse2fedmsg + secret_name: fedora-messaging-ca + key: cacert.pem + privatefile: "rabbitmq/{{env}}/pki/ca.crt" + - role: openshift/secret-file + app: discourse2fedmsg + secret_name: fedora-messaging-crt + key: discourse2fedmsg-cert.pem + privatefile: "rabbitmq/{{env}}/pki/issued/discourse2fedmsg{{env_suffix}}.crt" + - role: openshift/secret-file + app: discourse2fedmsg + secret_name: fedora-messaging-key + key: discourse2fedmsg-key.pem + privatefile: "rabbitmq/{{env}}/pki/private/discourse2fedmsg{{env_suffix}}.key" + + - role: openshift/imagestream + app: discourse2fedmsg + imagename: discourse2fedmsg + - role: openshift/object app: discourse2fedmsg - file: imagestream.yml - objectname: imagestream.yml - - role: openshift/object - app: discourse2fedmsg - file: buildconfig.yml + template: buildconfig.yml objectname: buildconfig.yml + + - role: openshift/object + app: discourse2fedmsg + template: configmap.yml + objectname: configmap.yml - role: openshift/start-build app: discourse2fedmsg @@ -35,14 +64,22 @@ - role: openshift/route app: discourse2fedmsg routename: discourse2fedmsg - serviceport: 8080-tcp - servicename: discourse2fedmsg + host: "discourse2fedmsg{{ env_suffix }}.fedoraproject.org" + serviceport: web + servicename: discourse2fedmsg-web - role: openshift/object app: discourse2fedmsg template: deploymentconfig.yml objectname: deploymentconfig.yml - - role: openshift/rollout - app: discourse2fedmsg - dcname: discourse2fedmsg + # - role: openshift/start-build + # app: discourse2fedmsg + # buildname: discourse2fedmsg + # tags: + # - never + # - build + + # - role: openshift/rollout + # app: discourse2fedmsg + # dcname: discourse2fedmsg diff --git a/roles/openshift-apps/datagrepper/templates/configmap.yml b/roles/openshift-apps/datagrepper/templates/configmap.yml index 1e378d444f..dc546d5910 100644 --- a/roles/openshift-apps/datagrepper/templates/configmap.yml +++ b/roles/openshift-apps/datagrepper/templates/configmap.yml @@ -20,7 +20,7 @@ items: metadata: name: wsgi-script labels: - app: {{ app }} + app: Datagrepper data: wsgi.py: |- {{ load_file('wsgi.py') | indent(6) }} diff --git a/roles/openshift-apps/discourse2fedmsg/files/buildconfig.yml b/roles/openshift-apps/discourse2fedmsg/files/buildconfig.yml deleted file mode 100644 index 0c99a5ca7a..0000000000 --- a/roles/openshift-apps/discourse2fedmsg/files/buildconfig.yml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -kind: BuildConfig -metadata: - name: discourse2fedmsg-build - labels: - environment: "discourse2fedmsg" -spec: - output: - to: - kind: ImageStreamTag - name: discourse2fedmsg:latest - source: - type: Git - git: - uri: https://pagure.io/discourse2fedmsg.git - strategy: - type: Source - sourceStrategy: - from: - kind: ImageStreamTag - name: python-27-rhel7:latest - triggers: - - type: ConfigChange - - type: ImageChange diff --git a/roles/openshift-apps/discourse2fedmsg/files/imagestream.yml b/roles/openshift-apps/discourse2fedmsg/files/imagestream.yml index e9a5ecb587..5ebe2e0d2b 100644 --- a/roles/openshift-apps/discourse2fedmsg/files/imagestream.yml +++ b/roles/openshift-apps/discourse2fedmsg/files/imagestream.yml @@ -8,21 +8,3 @@ spec: local: false status: dockerImageRepository: "" ---- -apiVersion: v1 -kind: ImageStream -metadata: - name: python-27-rhel7 -spec: - lookupPolicy: - local: false - tags: - - from: - kind: DockerImage - name: registry.access.redhat.com/rhscl/python-27-rhel7 - importPolicy: {} - name: latest - referencePolicy: - type: Source -status: - dockerImageRepository: "" diff --git a/roles/openshift-apps/discourse2fedmsg/files/service.yml b/roles/openshift-apps/discourse2fedmsg/files/service.yml index ea7ad9b567..2d886dedfb 100644 --- a/roles/openshift-apps/discourse2fedmsg/files/service.yml +++ b/roles/openshift-apps/discourse2fedmsg/files/service.yml @@ -1,16 +1,14 @@ apiVersion: v1 kind: Service metadata: + name: discourse2fedmsg-web labels: app: discourse2fedmsg - name: discourse2fedmsg spec: ports: - - name: 8080-tcp - port: 8080 - protocol: TCP - targetPort: 8080 + - name: web + port: 8080 + targetPort: 8080 selector: app: discourse2fedmsg deploymentconfig: discourse2fedmsg - diff --git a/roles/openshift-apps/discourse2fedmsg/templates/buildconfig.yml b/roles/openshift-apps/discourse2fedmsg/templates/buildconfig.yml new file mode 100644 index 0000000000..bf5d1ea0bf --- /dev/null +++ b/roles/openshift-apps/discourse2fedmsg/templates/buildconfig.yml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: BuildConfig +metadata: + name: discourse2fedmsg + labels: + app: discourse2fedmsg + build: discourse2fedmsg +spec: + output: + to: + kind: ImageStreamTag + name: discourse2fedmsg:latest + source: + type: Git + git: + uri: https://github.com/fedora-infra/discourse2fedmsg.git +{% if env == "staging" %} + ref: staging +{% else %} + ref: stable +{% endif %} + strategy: + type: Source + sourceStrategy: + from: + kind: ImageStreamTag + namespace: openshift + name: python:3.6 + triggers: + - type: ConfigChange + - type: ImageChange + {% if discourse2fedmsg_stg_github_secret is defined and env == 'staging' %} + - type: GitHub + github: + secret: "{{ discourse2fedmsg_stg_github_secret }}" + {% endif %} diff --git a/roles/openshift-apps/discourse2fedmsg/templates/configmap.yml b/roles/openshift-apps/discourse2fedmsg/templates/configmap.yml new file mode 100644 index 0000000000..d86e36ede7 --- /dev/null +++ b/roles/openshift-apps/discourse2fedmsg/templates/configmap.yml @@ -0,0 +1,34 @@ +{% macro load_file(filename) %}{% include filename %}{%- endmacro -%} +--- +apiVersion: v1 +kind: List +metadata: {} +items: +- apiVersion: v1 + kind: ConfigMap + metadata: + name: discourse2fedmsg-config + labels: + app: discourse2fedmsg + data: + discourse2fedmsg.cfg: |- + {{ load_file('discourse2fedmsg.cfg.py') | indent(6) }} +- apiVersion: v1 + kind: ConfigMap + metadata: + name: wsgi-script + labels: + app: discourse2fedmsg + data: + wsgi.py: |- + {{ load_file('wsgi.py') | indent(6) }} + __init__.py: "" +- apiVersion: v1 + kind: ConfigMap + metadata: + name: fedora-messaging-config + labels: + app: discourse2fedmsg + data: + config.toml: |- + {{ load_file('fedora-messaging.toml') | indent(6) }} diff --git a/roles/openshift-apps/discourse2fedmsg/templates/deploymentconfig.yml b/roles/openshift-apps/discourse2fedmsg/templates/deploymentconfig.yml index 8412681c61..9e52fb6eb7 100644 --- a/roles/openshift-apps/discourse2fedmsg/templates/deploymentconfig.yml +++ b/roles/openshift-apps/discourse2fedmsg/templates/deploymentconfig.yml @@ -7,7 +7,7 @@ metadata: service: discourse2fedmsg name: discourse2fedmsg spec: - replicas: 2 + replicas: 1 selector: app: discourse2fedmsg deploymentconfig: discourse2fedmsg @@ -24,24 +24,67 @@ spec: name: discourse2fedmsg env: - name: APP_MODULE - value: "discourse2fedmsg:app" - - name: DISCOURSE2FEDMSG_SECRET - value: "{{ discourse2fedmsg_secret }}" + value: "deploy.wsgi" + - name: FLASK_CONFIG + value: "/etc/discourse2fedmsg/discourse2fedmsg.cfg" ports: - containerPort: 8080 protocol: TCP + volumeMounts: + - name: discourse2fedmsg-config-volume + mountPath: "/etc/discourse2fedmsg" + readOnly: true + - name: wsgi-script-volume + mountPath: "/opt/app-root/src/deploy" + readOnly: true + - name: fedora-messaging-config-volume + mountPath: "/etc/fedora-messaging" + readOnly: true + - name: fedora-messaging-ca-volume + mountPath: /etc/pki/fedora-messaging/cacert.pem + subPath: cacert.pem + readOnly: true + - name: fedora-messaging-crt-volume + mountPath: /etc/pki/fedora-messaging/noggin-cert.pem + subPath: noggin-cert.pem + readOnly: true + - name: fedora-messaging-key-volume + mountPath: /etc/pki/fedora-messaging/noggin-key.pem + subPath: noggin-key.pem + readOnly: true readinessProbe: - timeoutSeconds: 1 + timeoutSeconds: 10 initialDelaySeconds: 5 + periodSeconds: 60 httpGet: - path: / + path: "/healthz/ready" port: 8080 livenessProbe: - timeoutSeconds: 1 - initialDelaySeconds: 30 + timeoutSeconds: 10 + initialDelaySeconds: 3 + periodSeconds: 60 httpGet: - path: / + path: "/healthz/live" port: 8080 + volumes: + - name: discourse2fedmsg-config-volume + configMap: + name: discourse2fedmsg-config + - name: wsgi-script-volume + configMap: + name: wsgi-script + - name: fedora-messaging-config-volume + configMap: + name: fedora-messaging-config + - name: fedora-messaging-ca-volume + secret: + secretName: fedora-messaging-ca + - name: fedora-messaging-crt-volume + secret: + secretName: fedora-messaging-crt + - name: fedora-messaging-key-volume + secret: + secretName: fedora-messaging-key triggers: - type: ConfigChange diff --git a/roles/openshift-apps/discourse2fedmsg/templates/discourse2fedmsg.cfg.py b/roles/openshift-apps/discourse2fedmsg/templates/discourse2fedmsg.cfg.py new file mode 100644 index 0000000000..b36c34c11d --- /dev/null +++ b/roles/openshift-apps/discourse2fedmsg/templates/discourse2fedmsg.cfg.py @@ -0,0 +1,6 @@ +# secret set in discourse webhooks UI +{% if env == "staging" %} +DISCOURSE2FEDMSG_SECRET = "{{ discourse2fedmsg_stg_webhook_secret }}" +{% else %} +DISCOURSE2FEDMSG_SECRET = "{{ discourse2fedmsg_webhook_secret }}" +{% endif %} diff --git a/roles/openshift-apps/datagrepper/templates/fedora-messaging.toml b/roles/openshift-apps/discourse2fedmsg/templates/fedora-messaging.toml similarity index 78% rename from roles/openshift-apps/datagrepper/templates/fedora-messaging.toml rename to roles/openshift-apps/discourse2fedmsg/templates/fedora-messaging.toml index e1c9313743..7c84c1196a 100644 --- a/roles/openshift-apps/datagrepper/templates/fedora-messaging.toml +++ b/roles/openshift-apps/discourse2fedmsg/templates/fedora-messaging.toml @@ -1,4 +1,4 @@ -amqp_url = "amqps://noggin:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub" +amqp_url = "amqps://discourse2fedmsg:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub" # Just check if the queue exist, don't try to create it (the server does not allow it). passive_declares = true @@ -13,11 +13,11 @@ topic_prefix = "org.fedoraproject.prod" [tls] ca_cert = "/etc/pki/fedora-messaging/cacert.pem" -keyfile = "/etc/pki/fedora-messaging/noggin-key.pem" -certfile = "/etc/pki/fedora-messaging/noggin-cert.pem" +keyfile = "/etc/pki/fedora-messaging/discourse2fedmsg-key.pem" +certfile = "/etc/pki/fedora-messaging/discourse2fedmsg-cert.pem" [client_properties] -app = "Noggin" +app = "Discourse2Fedmsg" [log_config] version = 1 diff --git a/roles/openshift-apps/discourse2fedmsg/templates/wsgi.py b/roles/openshift-apps/discourse2fedmsg/templates/wsgi.py new file mode 100644 index 0000000000..befa9f84c1 --- /dev/null +++ b/roles/openshift-apps/discourse2fedmsg/templates/wsgi.py @@ -0,0 +1,4 @@ +from werkzeug.middleware.proxy_fix import ProxyFix +from discourse2fedmsg.app import create_app +application = create_app() +application.wsgi_app = ProxyFix(application.wsgi_app, x_proto=1, x_host=1)