diff --git a/playbooks/openshift-apps/resultsdb-frontend.yml b/playbooks/openshift-apps/resultsdb-frontend.yml new file mode 100644 index 0000000000..5538ba1a40 --- /dev/null +++ b/playbooks/openshift-apps/resultsdb-frontend.yml @@ -0,0 +1,61 @@ +- name: make the app be real + # hosts: os_masters[0]:os_masters_stg[0] + hosts: local + # user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + - /srv/web/infra/ansible/roles/openshift-apps/resultsdb/vars/main.yml + + roles: + # The openshift/project role breaks if the project already exists: + # https://pagure.io/fedora-infrastructure/issue/6404 + - role: openshift/project + app: resultsdb-frontend + description: resultsdb + appowners: + - ralph + - mjia + - dcallagh + - gnaponie + - cverna + - pingou + - lholecek + - vmaljulin + - lrossett + tags: + - apply-appowners + + - role: openshift/object + app: resultsdb-frontend + template: secrets.yml + objectname: secrets.yml + + - role: openshift/object + app: resultsdb-frontend + template: configmaps.yml + objectname: configmaps.yml + + - role: openshift/object + app: resultsdb-frontend + template: deploymentconfigs.yml + objectname: deploymentconfigs.yml + + - role: openshift/object + app: resultsdb-frontend + template: services.yml + objectname: services.yml + + - role: openshift/route + app: resultsdb-frontend + routename: web + host: "resultsdb{{ env_suffix }}.fedoraproject.org" + serviceport: web + servicename: resultsdb-frontend + + - role: openshift/rollout + app: resultsdb-frontend + dcname: "resultsdb-frontend" diff --git a/roles/openshift-apps/resultsdb-frontend/templates/configmaps.yml b/roles/openshift-apps/resultsdb-frontend/templates/configmaps.yml new file mode 100644 index 0000000000..6ea489a2e3 --- /dev/null +++ b/roles/openshift-apps/resultsdb-frontend/templates/configmaps.yml @@ -0,0 +1,53 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: "resultsdb-frontend-app-config" + labels: + app: resultsdb + service: web +data: + settings.py: |- + import os +{% if env == 'staging' %} + RDB_URL = '{{ stg_resultsdb_frontent_api_url }}' +{% else %} + RDB_URL = '{{ prod_resultsdb_frontent_api_url }}' +{% endif %} + SECRET_KEY = os.environ['RESULTSDB_FRONTEND_SECRET_KEY'] + + FILE_LOGGING = False + LOGFILE = '/var/log/resultsdb_frontend/resultsdb_frontend.log' + SYSLOG_LOGGING = False + STREAM_LOGGING = True +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: "resultsdb-frontend-httpd-config" + labels: + app: resultsdb + service: web +data: + resultsdb_frontend.conf: |- + WSGIDaemonProcess resultsdb_frontend user=apache group=apache threads=5 home=/usr/share/resultsdb_frontend + WSGIScriptAlias / /usr/share/resultsdb_frontend/conf/resultsdb_frontend.wsgi + WSGISocketPrefix run/wsgi + + # this isn't the best way to force SSL but it works for now + #RewriteEngine On + #RewriteCond %{HTTPS} !=on + #RewriteRule ^/resultsdb_frontend/admin/?(.*) https://%{SERVER_NAME}/$1 [R,L] + + + WSGIProcessGroup resultsdb_frontend + WSGIApplicationGroup %{GLOBAL} + WSGIScriptReloading On + + # Apache 2.4 + Require all granted + + + Order allow,deny + Allow from all + + diff --git a/roles/openshift-apps/resultsdb-frontend/templates/deploymentconfigs.yml b/roles/openshift-apps/resultsdb-frontend/templates/deploymentconfigs.yml new file mode 100644 index 0000000000..4c23d8d9e1 --- /dev/null +++ b/roles/openshift-apps/resultsdb-frontend/templates/deploymentconfigs.yml @@ -0,0 +1,68 @@ +apiVersion: v1 +kind: DeploymentConfig +metadata: + name: "resultsdb-frontend" + labels: + app: resultsdb + service: web +spec: + replicas: 2 + selector: + app: resultsdb + service: web + strategy: + type: Rolling + template: + metadata: + labels: + app: resultsdb + service: web + spec: + containers: + - name: webapp +{% if env == 'staging' %} + image: "{{ stg_resultsdb_frontend_image }}" +{% else %} + image: "{{ prod_resultsdb_frontend_image }}" +{% endif %} + imagePullPolicy: Always + ports: + - containerPort: 5001 + envFrom: + - secretRef: + name: resultsdb-frontend-key + volumeMounts: + - name: config-volume + mountPath: /etc/resultsdb + readOnly: true + - name: httpd-config-volume + mountPath: /etc/httpd/conf.d + readOnly: true + readinessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 5 + httpGet: + path: / + port: 5001 + livenessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 30 + httpGet: + path: / + port: 5001 + # Limit to 384MB memory. This is probably *not* enough but it is + # necessary in the current environment to allow for 2 replicas and + # rolling updates, without hitting the (very aggressive) memory quota. + resources: + limits: + memory: 384Mi + cpu: 0.3 + volumes: + - name: config-volume + configMap: + name: "resultsdb-frontend-app-config" + - name: httpd-config-volume + configMap: + name: "resultsdb-frontend-httpd-config" + triggers: + - type: ConfigChange diff --git a/roles/openshift-apps/resultsdb-frontend/templates/routes.yml b/roles/openshift-apps/resultsdb-frontend/templates/routes.yml new file mode 100644 index 0000000000..f817ccede1 --- /dev/null +++ b/roles/openshift-apps/resultsdb-frontend/templates/routes.yml @@ -0,0 +1,17 @@ +apiVersion: v1 + kind: Route + metadata: + name: "resultsdb-frontend" + labels: + app: resultsdb + service: web + spec: + path: /web + port: + targetPort: web + to: + kind: Service + name: "resultsdb-frontend" + tls: + termination: edge + insecureEdgeTerminationPolicy: Redirect diff --git a/roles/openshift-apps/resultsdb-frontend/templates/secrets.yml b/roles/openshift-apps/resultsdb-frontend/templates/secrets.yml new file mode 100644 index 0000000000..bc4d513906 --- /dev/null +++ b/roles/openshift-apps/resultsdb-frontend/templates/secrets.yml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + name: resultsdb-frontend-key + labels: + app: resultsdb + service: web +stringData: +{% if env == 'staging' %} + RESULTSDB_FRONTEND_SECRET_KEY: "{{ stg_resultsdb_frontend_secret_key }}" +{% else %} + RESULTSDB_FRONTEND_SECRET_KEY: "{{ prod_resultsdb_frontend_secret_key }}" +{% endif %} diff --git a/roles/openshift-apps/resultsdb-frontend/templates/services.yml b/roles/openshift-apps/resultsdb-frontend/templates/services.yml new file mode 100644 index 0000000000..59c82887ec --- /dev/null +++ b/roles/openshift-apps/resultsdb-frontend/templates/services.yml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: "resultsdb-frontend" + labels: + app: resultsdb + service: web +spec: + selector: + app: resultsdb + service: web + ports: + - name: web + port: 5001 + targetPort: 5001 diff --git a/roles/openshift-apps/resultsdb-frontend/vars/main.yml b/roles/openshift-apps/resultsdb-frontend/vars/main.yml new file mode 100644 index 0000000000..ed97d539c0 --- /dev/null +++ b/roles/openshift-apps/resultsdb-frontend/vars/main.yml @@ -0,0 +1 @@ +---