Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

openshift: remove old roles for no longer deployed applications

Browse source 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi 2022-06-21 17:14:02 -07:00
parent 21cc8ab0cb
commit 77ab5bea00
27 changed files with 0 additions and 758 deletions
Download patch file Download diff file Expand all files Collapse all files

57
roles/openshift-apps/accountsystem/files/deploymentconfig_caiapi.yml
View file

@ -1,57 +0,0 @@
apiVersion: v1
kind: DeploymentConfig
metadata:
labels:
app: accountsystem
service: caiapi
name: caiapi
spec:
replicas: 1
selector:
deploymentconfig: caiapi
strategy:
activeDeadlineSeconds: 21600
recreateParams:
timeoutSeconds: 600
template:
metadata:
labels:
app: accountsystem
deploymentconfig: caiapi
spec:
containers:
- name: caiapi
image: docker-registry.default.svc:5000/accountsystem/caiapi:latest
env:
- name: CAIAPI_SETTINGS
value: /etc/caiapi/caiapi.cfg
ports:
- containerPort: 8080
volumeMounts:
- name: config-volume
mountPath: /etc/caiapi
readOnly: true
- name: oidc
mountPath: /etc/caiapi_oidc.json"
readyOnly: true
readinessProbe:
timeoutSeconds: 1
initialDelaySeconds: 5
httpGet:
path: /
port: 8080
livenessProbe:
timeoutSeconds: 1
initialDelaySeconds: 30
httpGet:
path: /
port: 8080
volumes:
- name: config-volume
configMap:
name: caiapi-configmap
- name: oidc
secret:
secretName: oidc
triggers:
- type: ConfigChange

15
roles/openshift-apps/accountsystem/files/service_caiapi.yml
View file

@ -1,15 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: caiapi
labels:
app: accountsystem
service: caiapi
namespace: accountsystem
spec:
ports:
- name: web
port: 8080
targetPort: 8080
selector:
deploymentconfig: caiapi

22
roles/openshift-apps/accountsystem/templates/buildconfig_caiapi.yml
View file

@ -1,22 +0,0 @@
apiVersion: v1
kind: BuildConfig
metadata:
labels:
build: caiapi-build
name: caiapi-build
spec:
runPolicy: Serial
source:
git:
uri: https://github.com/fedora-infra/noggin.git
ref: {{ env }}
contextDir: CAIAPI
strategy:
sourceStrategy:
from:
kind: DockerImage
name: registry.access.redhat.com/rhscl/python-36-rhel7:latest
output:
to:
kind: ImageStreamTag
name: caiapi:latest

12
roles/openshift-apps/accountsystem/templates/caiapi.cfg
View file

@ -1,12 +0,0 @@
OIDC_CLIENT_SECRETS = '/etc/caiapi_oidc.json'
KRB5_REALM = '{{ ipa_realm }}'
KRB5_PRINCIPAL = 'CAIAPI/caiapi{{ env_suffix }}.fedoraproject.org'
KRB5_KEYTAB = '/etc'
LDAP_SERVER = 'ldaps://ipa01{{ env_suffix }}.fedoraproject.org'
LDAP_CACERT = '/etc'
{% if env == "staging" %}
LDAP_BASE = 'dc=stg,dc=fedoraproject,dc=org'
{% else %}
LDAP_BASE = 'dc=fedoraproject,dc=org'
{% endif %}
# TODO: Include file for CLIENTS

11
roles/openshift-apps/accountsystem/templates/configmap_caiapi.yml
View file

@ -1,11 +0,0 @@
{% macro load_file(filename) %}{% include filename %}{%- endmacro -%}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: caiapi-configmap
labels:
app: accountsystem
data:
caiapi.cfg: |-
{{ load_file('caiapi.cfg') | indent(6) }}

14
roles/openshift-apps/fas-changes/files/service.yml
View file

@ -1,14 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: fas-changes
labels:
app: fas-changes
spec:
ports:
- name: web
port: 8080
targetPort: 8080
selector:
app: fas-changes
deploymentconfig: fas-changes

29
roles/openshift-apps/fas-changes/templates/buildconfig.yml
View file

@ -1,29 +0,0 @@
apiVersion: build.openshift.io/v1
kind: BuildConfig
metadata:
name: fas-changes
labels:
app: fas-changes
build: fas-changes
spec:
runPolicy: Serial
source:
type: Git
git:
uri: https://github.com/abompard/fas-changes.git
ref: main
contextDir: /
strategy:
type: Source
sourceStrategy:
from:
kind: ImageStreamTag
name: python:3.6
namespace: openshift
output:
to:
kind: ImageStreamTag
name: fas-changes:latest
triggers:
- type: ConfigChange
- type: ImageChange

10
roles/openshift-apps/fas-changes/templates/config.py
View file

@ -1,10 +0,0 @@
#
# This is the config file for FAS Changes as intended to be used in OpenShift
#
ACCESS_KEY = "only-for-fas2ipa"
DB_NAME = "fas2"
DB_HOST = "db-fas{{ env_suffix }}"
DB_USER = "fasreadonly"
DB_PASSWORD = "{{ fas_db_readonly_password }}"

15
roles/openshift-apps/fas-changes/templates/configmap.yml
View file

@ -1,15 +0,0 @@
{% macro load_file(filename) %}{% include filename %}{%- endmacro -%}
---
apiVersion: v1
kind: List
metadata: {}
items:
- apiVersion: v1
kind: ConfigMap
metadata:
name: fas-changes-config
labels:
app: fas-changes
data:
fas-changes.cfg: |-
{{ load_file('config.py') | indent(6) }}

59
roles/openshift-apps/fas-changes/templates/deploymentconfig.yml
View file

@ -1,59 +0,0 @@
apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
name: fas-changes
labels:
app: fas-changes
spec:
replicas: 1
selector:
app: fas-changes
deploymentconfig: fas-changes
strategy:
type: Rolling
activeDeadlineSeconds: 21600
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 600
updatePeriodSeconds: 1
template:
metadata:
creationTimestamp: null
labels:
app: fas-changes
deploymentconfig: fas-changes
spec:
containers:
- name: fas-changes
imagePullPolicy: Always
ports:
- containerPort: 8080
#protocol: TCP
#resources: {}
#terminationMessagePath: /dev/termination-log
#terminationMessagePolicy: File
volumeMounts:
- name: fas-changes-config-volume
mountPath: "/etc/fas-changes"
readOnly: true
env:
- name: FLASK_SETTINGS
value: "/etc/fas-changes/fas-changes.cfg"
# - name: SCRIPT_NAME
# value: "/fas-changes"
volumes:
- name: fas-changes-config-volume
configMap:
name: fas-changes-config
triggers:
- imageChangeParams:
automatic: true
containerNames:
- fas-changes
from:
kind: ImageStreamTag
name: fas-changes:latest
type: ImageChange
- type: ConfigChange

6
roles/openshift-apps/ipsilon/files/imagestream.yml
View file

@ -1,6 +0,0 @@
apiVersion: v1
kind: ImageStream
metadata:
name: ipsilon
labels:
build: ipsilon

15
roles/openshift-apps/ipsilon/files/service.yml
View file

@ -1,15 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: ipsilon
labels:
app: ipsilon
service: ipsilon
namespace: ipsilon
spec:
ports:
- name: web
port: 8080
targetPort: 8080
selector:
deploymentconfig: ipsilon

51
roles/openshift-apps/ipsilon/templates/Dockerfile
View file

@ -1,51 +0,0 @@
FROM fedora:32
RUN curl -o /etc/yum.repos.d/infra-tags.repo https://infrastructure.fedoraproject.org/infra/ansible/files/common/fedora-infra-tags.repo
{% if env == "staging" %}
RUN curl -o /etc/yum.repos.d/infra-tags-stg.repo https://infrastructure.fedoraproject.org/infra/ansible/files/common/fedora-infra-tags-stg.repo
RUN curl -o /etc/yum.repos.d/fedora-updates-testing.repo https://src.fedoraproject.org/rpms/fedora-repos/raw/main/f/fedora-updates-testing.repo
{% endif %}
RUN dnf install -y \
{% if env == "staging" %}
--enablerepo=updates-testing \
{% endif %}
ipsilon \
ipsilon-openid \
ipsilon-saml2 \
ipsilon-authgssapi \
ipsilon-authldap \
ipsilon-openidc \
ipsilon-theme-Fedora \
mod_auth_openidc \
python-psycopg2 \
python-setuptools \
python-jinja2 \
httpd \
python3-mod_wsgi \
#python3-fasjson-client \
git
# Fedora specific stuff
RUN cd /tmp && \
git clone --branch {{ env }} https://pagure.io/fedora-infra/ipsilon-fedora.git && \
cd ipsilon-fedora && \
./install.sh
# Cleanup
RUN dnf remove -y git && rm -rf /tmp/ipsilon-fedora
# Set up krb5
RUN rm -f /etc/krb5.conf && ln -sf /etc/ipsilon/krb5.conf /etc/krb5.conf
# Set up LDAP
RUN rm -f /etc/openldap/ldap.conf && ln -sf /etc/ipa/ldap.conf /etc/openldap/ldap.conf
RUN ln -s /etc/ipsilon/ipsilon.conf /var/lib/ipsilon/ipsilon.conf
# Install some more deps that are not yet in Fedora nor in the infra repo. This is very temporary. (added in 2020)
RUN dnf install -y \
https://abompard.fedorapeople.org/aaa/python3-jsonref-0.2-1.fc32.noarch.rpm \
https://abompard.fedorapeople.org/aaa/python3-bravado-core-5.17.0-1.fc32.noarch.rpm \
https://abompard.fedorapeople.org/aaa/python3-bravado-10.6.2-1.fc32.noarch.rpm \
https://abompard.fedorapeople.org/aaa/python3-fasjson-client-0.0.3-1.fc32.noarch.rpm
EXPOSE 8080
ENTRYPOINT bash /etc/ipsilon/start.sh

22
roles/openshift-apps/ipsilon/templates/buildconfig.yml
View file

@ -1,22 +0,0 @@
{% macro load_file(filename) %}{% include filename %}{%- endmacro -%}
apiVersion: v1
kind: BuildConfig
metadata:
labels:
build: ipsilon
name: ipsilon
spec:
runPolicy: Serial
source:
type: Dockerfile
dockerfile: |-
{{ load_file('Dockerfile') | indent(6) }}
strategy:
type: Docker
dockerStrategy:
# Prevent Docker from caching the git clone step in the Dockerfile
noCache: true
output:
to:
kind: ImageStreamTag
name: ipsilon:latest

82
roles/openshift-apps/ipsilon/templates/deploymentconfig.yml
View file

@ -1,82 +0,0 @@
apiVersion: v1
kind: DeploymentConfig
metadata:
labels:
app: ipsilon
service: ipsilon
name: ipsilon
spec:
replicas: 0
selector:
deploymentconfig: ipsilon
strategy:
activeDeadlineSeconds: 21600
recreateParams:
timeoutSeconds: 600
resources: {}
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 600
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
creationTimestamp: null
labels:
app: ipsilon
deploymentconfig: ipsilon
spec:
containers:
- name: ipsilon
image: ipsilon:latest
ports:
- containerPort: 8080
volumeMounts:
- name: config-volume
mountPath: /etc/ipsilon
readOnly: true
- name: ipa-config-volume
mountPath: /etc/ipa
readOnly: true
- name: keytab-volume
mountPath: /etc/keytabs
readOnly: true
- name: httpdir-volume
mountPath: /httpdir
readinessProbe:
timeoutSeconds: 5
initialDelaySeconds: 1
httpGet:
path: /
port: 8080
livenessProbe:
timeoutSeconds: 5
initialDelaySeconds: 1
httpGet:
path: /
port: 8080
volumes:
- name: config-volume
configMap:
name: ipsilon-configmap
- name: keytab-volume
secret:
secretName: ipsilon-keytab
- name: ipa-config-volume
configMap:
name: ipa-client-config
- name: httpdir-volume
emptyDir: {}
triggers:
- imageChangeParams:
automatic: true
containerNames:
- ipsilon
from:
kind: ImageStreamTag
name: ipsilon:latest
namespace: ipsilon
type: ImageChange
- type: ConfigChange

10
roles/openshift-apps/ipsilon/vars/build.yml
View file

@ -1,10 +0,0 @@
---
oidc_scope_filenames:
- account-scopes
- mbs
- beaker
- waiverdb
- odcs
- wiki
- src
- kerneltest

23
roles/openshift-apps/sanitarium/files/buildconfig.yml
View file

@ -1,23 +0,0 @@
---
apiVersion: v1
kind: BuildConfig
metadata:
name: sanitarium
labels:
app: sanitarium
spec:
completionDeadlineSeconds: 1800
runPolicy: Serial
strategy:
dockerStrategy:
dockerfilePath: Dockerfile.server
source:
type: Git
git:
uri: https://github.com/puiterwijk/Sanitarium.git
triggers:
- type: ConfigChange
output:
to:
kind: ImageStreamTag
name: sanitarium:latest

13
roles/openshift-apps/sanitarium/files/service.yml
View file

@ -1,13 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: sanitarium
labels:
app: sanitarium
spec:
ports:
- name: web
port: 8080
targetPort: 8080
selector:
deploymentconfig: sanitarium

106
roles/openshift-apps/sanitarium/templates/deploymentconfig.yml
View file

@ -1,106 +0,0 @@
apiVersion: v1
kind: DeploymentConfig
metadata:
name: sanitarium
labels:
app: sanitarium
spec:
replicas: 1
selector:
app: sanitarium
strategy:
activeDeadlineSeconds: 21600
recreateParams:
timeoutSeconds: 600
template:
metadata:
name: sanitarium
labels:
app: sanitarium
spec:
containers:
- env:
- name: SERVICE_ROOT
value: 'https://sanitarium-sanitarium.app.os{{env_suffix}}.fedoraproject.org'
- name: OIDC_PROVIDER_ROOT
value: "https://id{{env_suffix}}.fedoraproject.org/openidc/"
- name: OIDC_CLIENT_ID
value: sanitarium
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: sanitarium
key: oidc-client-secret
- name: OIDC_SUPPORTS_OOB
value: 'no'
- name: OIDC_REQUIRED_SCOPES
value: 'openid,profile'
- name: REQUIRE_TPM
value: 'no'
- name: REQUIRE_MEASUREMENT
value: 'no'
- name: OIDC_TOKEN_INFO_URL
value: 'https://id{{env_suffix}}.fedoraproject.org/openidc/TokenInfo'
- name: OIDC_USERNAME_CLAIM
value: sub
- name: INTERMEDIATE_CERT_VALIDITY
value: 8h
- name: SSH_CERT_VALIDITY
value: 5m
- name: SSH_CERT_SIGNING_KEY_PATH
value: /sshkey/signer.key/signer
- name: SSH_CERT_ADD_GITHUB
value: 'yes'
- name: INTERMEDIATE_SIGNING_KEY_PATH
value: /sshkey/intermediate.key/intermediate
image: >-
docker-registry.default.svc:5000/sanitarium/sanitarium:latest
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /info
port: 8080
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: sanitarium
ports:
- containerPort: 8080
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /info
port: 8080
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
limits:
memory: 80Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- name: signer
mountPath: /sshkey/signer.key
readyOnly: true
- name: intermediate
mountPath: /sshkey/intermediate.key
readyOnly: true
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- name: signer
secret:
secretName: signer
- name: intermediate
secret:
secretName: intermediate
triggers:
- type: ConfigChange

13
roles/openshift-apps/sanitarium/templates/secret.yml
View file

@ -1,13 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: sanitarium
labels:
app: sanitarium
stringData:
{% if env == 'staging' %}
oidc-client-secret: "{{sanitarium_stg_oidc_secret}}"
{% endif %}
{% if env == 'production' %}
oidc-client-secret: "{{sanitarium_prod_oidc_secret}}"
{% endif %}

14
roles/openshift-apps/test-auth/files/service.yml
View file

@ -1,14 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: test-auth
labels:
app: test-auth
spec:
ports:
- name: web
port: 8080
targetPort: 8080
selector:
app: test-auth
deploymentconfig: test-auth

41
roles/openshift-apps/test-auth/templates/buildconfig.yml
View file

@ -1,41 +0,0 @@
apiVersion: build.openshift.io/v1
kind: BuildConfig
metadata:
name: test-auth
labels:
app: test-auth
build: test-auth
spec:
runPolicy: Serial
source:
type: Git
git:
uri: https://github.com/abompard/test-auth.git
{% if env == "staging" %}
ref: main
{% else %}
ref: stable
{% endif %}
contextDir: /
strategy:
type: Source
sourceStrategy:
from:
kind: ImageStreamTag
name: python:3.6
namespace: openshift
output:
to:
kind: ImageStreamTag
name: test-auth:latest
triggers:
- type: ConfigChange
- type: ImageChange
- type: GitHub
{% if test_auth_stg_github_secret is defined and env == 'staging' %}
github:
secret: "{{ test_auth_stg_github_secret }}"
{% elif test_auth_github_secret is defined and env == 'production' %}
github:
secret: "{{ test_auth_github_secret }}"
{% endif %}

17
roles/openshift-apps/test-auth/templates/client_secrets.json
View file

@ -1,17 +0,0 @@
{
"web": {
"auth_uri": "https://id{{env_suffix}}.fedoraproject.org/openidc/Authorization",
"client_id": "test-auth",
{% if env == 'staging' %}
"client_secret": "{{ test_auth_stg_oidc_client_secret }}",
{% else %}
"client_secret": "{{ test_auth_oidc_client_secret }}",
{% endif %}
"issuer": "https://id{{env_suffix}}.fedoraproject.org/openidc/",
"redirect_uris": [
"https://test-auth.app.os{{env_suffix}}.fedoraproject.org/oidc/oidc_callback"
],
"token_uri": "https://id{{env_suffix}}.fedoraproject.org/openidc/Token",
"userinfo_uri": "https://id{{env_suffix}}.fedoraproject.org/openidc/UserInfo"
}
}

18
roles/openshift-apps/test-auth/templates/config.py
View file

@ -1,18 +0,0 @@
#
# This is the config file for Test Auth as intended to be used in OpenShift
#
# Deployed to a subpath
# APPLICATION_ROOT = '/test-auth/'
# Cookies
SECRET_KEY = "{{ test_auth_session_secret }}"
SESSION_COOKIE_NAME = 'test-auth'
SESSION_COOKIE_HTTPONLY = True
SESSION_COOKIE_SECURE = True
# Auth
OIDC_CLIENT_SECRETS = "/etc/test-auth/oidc.json"
OPENID_ENDPOINT = "https://id{{ env_suffix }}.fedoraproject.org/openid/"
FAS_OPENID_ENDPOINT = "https://id{{ env_suffix }}.fedoraproject.org/openid/"

17
roles/openshift-apps/test-auth/templates/configmap.yml
View file

@ -1,17 +0,0 @@
{% macro load_file(filename) %}{% include filename %}{%- endmacro -%}
---
apiVersion: v1
kind: List
metadata: {}
items:
- apiVersion: v1
kind: ConfigMap
metadata:
name: test-auth-config
labels:
app: test-auth
data:
test-auth.cfg: |-
{{ load_file('config.py') | indent(6) }}
oidc.json: |-
{{ load_file('client_secrets.json') | indent(6) }}

59
roles/openshift-apps/test-auth/templates/deploymentconfig.yml
View file

@ -1,59 +0,0 @@
apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
name: test-auth
labels:
app: test-auth
spec:
replicas: 1
selector:
app: test-auth
deploymentconfig: test-auth
strategy:
type: Rolling
activeDeadlineSeconds: 21600
rollingParams:
intervalSeconds: 1
maxSurge: 25%
maxUnavailable: 25%
timeoutSeconds: 600
updatePeriodSeconds: 1
template:
metadata:
creationTimestamp: null
labels:
app: test-auth
deploymentconfig: test-auth
spec:
containers:
- name: test-auth
imagePullPolicy: Always
ports:
- containerPort: 8080
#protocol: TCP
#resources: {}
#terminationMessagePath: /dev/termination-log
#terminationMessagePolicy: File
volumeMounts:
- name: test-auth-config-volume
mountPath: "/etc/test-auth"
readOnly: true
env:
- name: TESTAUTH_SETTINGS
value: "/etc/test-auth/test-auth.cfg"
# - name: SCRIPT_NAME
# value: "/test-auth"
volumes:
- name: test-auth-config-volume
configMap:
name: test-auth-config
triggers:
- imageChangeParams:
automatic: true
containerNames:
- test-auth
from:
kind: ImageStreamTag
name: test-auth:latest
type: ImageChange
- type: ConfigChange

7
roles/openshift-apps/test-auth/templates/secret-webhook.yml
View file

@ -1,7 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: test-auth-github-webhook-secret
data:
WebHookSecretKey: "{{ (env == 'production')|ternary(test_auth_github_secret, test_auth_stg_github_secret) }}"
type: Opaque