diff --git a/playbooks/openshift-apps/mirrormanager.yml b/playbooks/openshift-apps/mirrormanager.yml index 83e395f11e..fe7b2f9b7c 100644 --- a/playbooks/openshift-apps/mirrormanager.yml +++ b/playbooks/openshift-apps/mirrormanager.yml @@ -112,10 +112,27 @@ key: ssh_mirrorlist_proxies.key privatefile: "mirrormanager/id_rsa" + # Fedora Messaging + - role: openshift/secret-file + app: mirrormanager + secret_name: fedora-messaging-ca + key: cacert.pem + privatefile: "rabbitmq/{{env}}/pki/ca.crt" + - role: openshift/secret-file + app: mirrormanager + secret_name: fedora-messaging-crt + key: cert.pem + privatefile: "rabbitmq/{{env}}/pki/issued/mirrormanager{{env_suffix}}.crt" + - role: openshift/secret-file + app: mirrormanager + secret_name: fedora-messaging-key + key: key.pem + privatefile: "rabbitmq/{{env}}/pki/private/mirrormanager{{env_suffix}}.key" + # Deployment config - role: openshift/object app: mirrormanager - file: deploymentconfig.yml + template: deploymentconfig.yml objectname: deploymentconfig.yml # Cron jobs @@ -148,12 +165,12 @@ app: mirrormanager buildname: mm tags: - - never - - build + - never + - build - role: openshift/rollout app: mirrormanager dcname: frontend tags: - - never - - rollout + - never + - rollout diff --git a/roles/openshift-apps/mirrormanager/files/deploymentconfig.yml b/roles/openshift-apps/mirrormanager/files/deploymentconfig.yml deleted file mode 100644 index fbe5b2e40c..0000000000 --- a/roles/openshift-apps/mirrormanager/files/deploymentconfig.yml +++ /dev/null @@ -1,106 +0,0 @@ ---- -apiVersion: apps.openshift.io/v1 -kind: DeploymentConfig -metadata: - name: frontend - labels: - app: mirrormanager -spec: - replicas: 1 - selector: - app: mirrormanager - deploymentconfig: frontend - strategy: - type: Rolling - activeDeadlineSeconds: 21600 - rollingParams: - intervalSeconds: 1 - maxSurge: 25% - maxUnavailable: 25% - timeoutSeconds: 600 - updatePeriodSeconds: 1 - template: - metadata: - creationTimestamp: null - labels: - app: mirrormanager - deploymentconfig: frontend - spec: - containers: - - name: mirrormanager - imagePullPolicy: Always - ports: - - containerPort: 8080 - volumeMounts: - - name: config - mountPath: "/etc/mirrormanager" - readOnly: true - - name: secrets - mountPath: "/etc/mirrormanager-secrets" - readOnly: true - - name: data - mountPath: "/var/lib/mirrormanager" - - name: logs - mountPath: "/var/log/mirrormanager" - - name: wsgi-script - mountPath: "/opt/app-root/src/deploy" - readOnly: true - - name: scripts - mountPath: "/opt/scripts" - readOnly: true - # - name: ipa-config - # mountPath: "/etc/ipa" - # readOnly: true - env: - - name: MM2_CONFIG - value: "/etc/mirrormanager/mirrormanager2.cfg" - - name: APP_MODULE - value: "deploy.wsgi" - - name: APP_CONFIG - value: "/etc/mirrormanager/gunicorn.conf.py" - # readinessProbe: - # timeoutSeconds: 10 - # initialDelaySeconds: 5 - # periodSeconds: 60 - # httpGet: - # path: "/healthz/ready" - # port: 8080 - # livenessProbe: - # timeoutSeconds: 10 - # initialDelaySeconds: 10 - # periodSeconds: 60 - # httpGet: - # path: "/healthz/live" - # port: 8080 - volumes: - - name: config - configMap: - name: config - - name: secrets - secret: - secretName: secrets - - name: data - persistentVolumeClaim: - claimName: data - - name: logs - persistentVolumeClaim: - claimName: logs - - name: wsgi-script - configMap: - name: wsgi-script - - name: scripts - configMap: - name: scripts - # - name: ipa-config - # configMap: - # name: ipa-client-config - triggers: - - type: ConfigChange - - type: ImageChange - imageChangeParams: - automatic: true - containerNames: - - mirrormanager - from: - kind: ImageStreamTag - name: mirrormanager2:latest diff --git a/roles/openshift-apps/mirrormanager/templates/_macros.yml b/roles/openshift-apps/mirrormanager/templates/_macros.yml new file mode 100644 index 0000000000..4813e73920 --- /dev/null +++ b/roles/openshift-apps/mirrormanager/templates/_macros.yml @@ -0,0 +1,91 @@ +{% macro common_volume_mounts() %} + volumeMounts: + - name: config + mountPath: "/etc/mirrormanager" + readOnly: true + - name: scripts + mountPath: "/opt/scripts" + readOnly: true + - name: var-lib + mountPath: "/var/lib/mirrormanager" + - name: logs + mountPath: "/var/log/mirrormanager" + - name: wsgi-script + mountPath: "/opt/app-root/src/deploy" + readOnly: true + - name: mirrorlist-cache + mountPath: /var/cache/mirrorlist +{%- if with_ssh %} + - name: ssh-key + mountPath: /etc/mirrormanager-ssh/ssh_mirrorlist_proxies.key + subPath: ssh_mirrorlist_proxies.key + readOnly: true +{%- endif %} + - name: fedora-messaging-ca-volume + mountPath: /etc/pki/fedora-messaging/ca + readOnly: true + - name: fedora-messaging-key-volume + mountPath: /etc/pki/fedora-messaging/key + readOnly: true + - name: fedora-messaging-crt-volume + mountPath: /etc/pki/fedora-messaging/crt + readOnly: true + # - name: ipa-config + # mountPath: "/etc/ipa" + # readOnly: true + +{% macro common_volumes(with_ssh=False) %} + volumes: + - name: config + configMap: + name: config + - name: var-lib + persistentVolumeClaim: + claimName: data + - name: logs + persistentVolumeClaim: + claimName: logs + - name: wsgi-script + configMap: + name: wsgi-script + - name: scripts + configMap: + name: scripts + - name: mirrorlist-cache + persistentVolumeClaim: + claimName: mirrorlist-cache +{%- if with_ssh %} + - name: ssh-key + secret: + secretName: ssh-mirrorlist-proxies-key +{%- endif %} + - name: fedora-messaging-ca-volume + secret: + secretName: fedora-messaging-ca + - name: fedora-messaging-key-volume + secret: + secretName: fedora-messaging-key + - name: fedora-messaging-crt-volume + secret: + secretName: fedora-messaging-crt + # - name: ipa-config + # configMap: + # name: ipa-client-config +{% endmacro %} + + +{% macro common_env() %} + - name: MM2_CONFIG + value: "/etc/mirrormanager/mirrormanager2.cfg" + - name: FEDORA_MESSAGING_CONF + value: "/etc/mirrormanager/fedora-messaging.toml" + # Defaults to 80 columns, not very readable + - name: COLUMNS + value: "160" +{% endmacro %} + + +{% macro security_context() %} + securityContext: + supplementalGroups: [1001280000] +{% endmacro %} diff --git a/roles/openshift-apps/mirrormanager/templates/cmd-emergency-expire-repo.yml b/roles/openshift-apps/mirrormanager/templates/cmd-emergency-expire-repo.yml index 8f8d1f25c8..12ed248cc2 100644 --- a/roles/openshift-apps/mirrormanager/templates/cmd-emergency-expire-repo.yml +++ b/roles/openshift-apps/mirrormanager/templates/cmd-emergency-expire-repo.yml @@ -1,3 +1,4 @@ +{% from "_macros.yml" import common_volume_mounts, common_volumes, common_env, security_context %} # Manual command --- apiVersion: batch/v1 @@ -21,44 +22,9 @@ spec: - "{{ product }}" - "{{ version }}" env: - # Defaults to 80 columns, not very readable - - name: COLUMNS - value: "160" + {{ common_env() }} volumeMounts: - - name: config - mountPath: "/etc/mirrormanager" - readOnly: true - - name: scripts - mountPath: "/opt/scripts" - readOnly: true - - name: ssh-key - mountPath: /etc/mirrormanager-ssh/ssh_mirrorlist_proxies.key - subPath: ssh_mirrorlist_proxies.key - readOnly: true - - name: data - mountPath: /data - - name: var-lib - mountPath: "/var/lib/mirrormanager" - - name: logs - mountPath: "/var/log/mirrormanager" + {{ common_volume_mounts(with_ssh=True) }} volumes: - - name: config - configMap: - name: config - - name: scripts - configMap: - name: scripts - - name: ssh-key - secret: - secretName: ssh-mirrorlist-proxies-key - - name: data - persistentVolumeClaim: - claimName: mirrorlist-cache - - name: var-lib - persistentVolumeClaim: - claimName: data - - name: logs - persistentVolumeClaim: - claimName: logs - securityContext: - supplementalGroups: [1001280000] + {{ common_volumes(with_ssh=True) }} + {{ security_context() }} diff --git a/roles/openshift-apps/mirrormanager/templates/configmap.yml b/roles/openshift-apps/mirrormanager/templates/configmap.yml index 97442c952d..10809d4347 100644 --- a/roles/openshift-apps/mirrormanager/templates/configmap.yml +++ b/roles/openshift-apps/mirrormanager/templates/configmap.yml @@ -21,6 +21,8 @@ items: {{ load_file('scan-primary-mirror.toml') | indent(6) }} scan-primary-mirror-centos.toml: |- {{ load_file('scan-primary-mirror-centos.toml') | indent(6) }} + fedora-messaging.toml: |- + {{ load_file('fedora-messaging.toml') | indent(6) }} logrotate.conf: |- {{ load_file('logrotate.conf') | indent(6) }} ssh_known_hosts: |- diff --git a/roles/openshift-apps/mirrormanager/templates/cron-accesses.yml b/roles/openshift-apps/mirrormanager/templates/cron-accesses.yml index a2f57b4851..0bd9ab4555 100644 --- a/roles/openshift-apps/mirrormanager/templates/cron-accesses.yml +++ b/roles/openshift-apps/mirrormanager/templates/cron-accesses.yml @@ -1,3 +1,4 @@ +{% from "_macros.yml" import common_volume_mounts, common_volumes, common_env %} --- apiVersion: batch/v1 kind: CronJob @@ -15,30 +16,16 @@ spec: spec: restartPolicy: Never containers: - - name: mirrormanager - image: image-registry.openshift-image-registry.svc:5000/mirrormanager/mirrormanager2:latest - command: ["bash", "/opt/scripts/create_statistics.sh"] - volumeMounts: - - name: config - mountPath: "/etc/mirrormanager" - readOnly: true - - name: scripts - mountPath: "/opt/scripts" - readOnly: true - - name: ssh-key - mountPath: /etc/mirrormanager-ssh/ssh_mirrorlist_proxies.key - subPath: ssh_mirrorlist_proxies.key - readOnly: true + - name: mirrormanager + image: image-registry.openshift-image-registry.svc:5000/mirrormanager/mirrormanager2:latest + command: ["bash", "/opt/scripts/create_statistics.sh"] + env: + {{ common_env() | indent(4) }} + volumeMounts: + {{ common_volume_mounts(with_ssh=True) | indent(4) }} volumes: - - name: config - configMap: - name: config - - name: scripts - configMap: - name: scripts - - name: ssh-key - secret: - secretName: ssh-mirrorlist-proxies-key + {{ common_volumes(with_ssh=True) | indent(4) }} + --- ## Also include stats from the previous day apiVersion: batch/v1 @@ -57,27 +44,12 @@ spec: spec: restartPolicy: Never containers: - - name: mirrormanager - image: image-registry.openshift-image-registry.svc:5000/mirrormanager/mirrormanager2:latest - command: ["bash", "/opt/scripts/create_statistics.sh", "yesterday"] - volumeMounts: - - name: config - mountPath: "/etc/mirrormanager" - readOnly: true - - name: scripts - mountPath: "/opt/scripts" - readOnly: true - - name: ssh-key - mountPath: /etc/mirrormanager-ssh/ssh_mirrorlist_proxies.key - subPath: ssh_mirrorlist_proxies.key - readOnly: true + - name: mirrormanager + image: image-registry.openshift-image-registry.svc:5000/mirrormanager/mirrormanager2:latest + command: ["bash", "/opt/scripts/create_statistics.sh", "yesterday"] + env: + {{ common_env() | indent(4) }} + volumeMounts: + {{ common_volume_mounts(with_ssh=True) | indent(4) }} volumes: - - name: config - configMap: - name: config - - name: scripts - configMap: - name: scripts - - name: ssh-key - secret: - secretName: ssh-mirrorlist-proxies-key + {{ common_volumes(with_ssh=True) | indent(4) }} diff --git a/roles/openshift-apps/mirrormanager/templates/cron-crawler.yml b/roles/openshift-apps/mirrormanager/templates/cron-crawler.yml index 00c35cabb3..9d0fda498f 100644 --- a/roles/openshift-apps/mirrormanager/templates/cron-crawler.yml +++ b/roles/openshift-apps/mirrormanager/templates/cron-crawler.yml @@ -1,6 +1,7 @@ # ### Crawler cron jobs # +{% from "_macros.yml" import common_volume_mounts, common_volumes, common_env %} {% for cronjob in mirrormanager_cron_crawler %} --- # Category: {{ cronjob.category }} @@ -20,45 +21,30 @@ spec: spec: restartPolicy: Never containers: - - name: mirrormanager - image: image-registry.openshift-image-registry.svc:5000/mirrormanager/mirrormanager2:latest - command: - - "/opt/app-root/bin/mm2_crawler" - - "--threads" - - "{{ cronjob.threads }}" - - "--global-timeout" - - "{{ cronjob.timeout }}" + - name: mirrormanager + image: image-registry.openshift-image-registry.svc:5000/mirrormanager/mirrormanager2:latest + command: + - "/opt/app-root/bin/mm2_crawler" + - "--threads" + - "{{ cronjob.threads }}" + - "--global-timeout" + - "{{ cronjob.timeout }}" {% if cronjob.host_timeout is defined %} - - "--host-timeout" - - "{{ cronjob.host_timeout }}" + - "--host-timeout" + - "{{ cronjob.host_timeout }}" {% endif %} - - "--category" - - "{{ cronjob.category }}" - - "--{{ cronjob.include_disabled | ternary('include', 'exclude') }}-disabled" - - "--no-fail" - - "crawl" - env: - # Defaults to 80 columns, not very readable - - name: COLUMNS - value: "160" - volumeMounts: - - name: config - mountPath: "/etc/mirrormanager" - readOnly: true - - name: data - mountPath: "/var/lib/mirrormanager" - - name: logs - mountPath: "/var/log/mirrormanager" + - "--category" + - "{{ cronjob.category }}" + - "--{{ cronjob.include_disabled | ternary('include', 'exclude') }}-disabled" + - "--no-fail" + - "crawl" + env: + {{ common_env() | indent(4) }} + volumeMounts: + {{ common_volume_mounts() | indent(4) }} + volumes: - - name: config - configMap: - name: config - - name: data - persistentVolumeClaim: - claimName: data - - name: logs - persistentVolumeClaim: - claimName: logs + {{ common_volumes() | indent(4) }} {% endfor %} --- # @@ -80,29 +66,28 @@ spec: spec: restartPolicy: Never containers: - - name: mirrormanager - image: image-registry.openshift-image-registry.svc:5000/mirrormanager/mirrormanager2:latest - command: - - "logrotate" - - "-v" - - "--state" - - "/var/log/mirrormanager/logrotate.state" - - "/etc/mirrormanager/logrotate.conf" - volumeMounts: + - name: mirrormanager + image: image-registry.openshift-image-registry.svc:5000/mirrormanager/mirrormanager2:latest + command: + - "logrotate" + - "-v" + - "--state" + - "/var/log/mirrormanager/logrotate.state" + - "/etc/mirrormanager/logrotate.conf" + volumeMounts: + - name: config + mountPath: "/etc/mirrormanager" + readOnly: true + - name: logs + mountPath: "/var/log/mirrormanager" + volumes: - name: config - mountPath: "/etc/mirrormanager" - readOnly: true + configMap: + name: config - name: logs - mountPath: "/var/log/mirrormanager" - volumes: - - name: config - configMap: - name: config - - name: logs - persistentVolumeClaim: - claimName: logs - securityContext: - supplementalGroups: [1001280000] + persistentVolumeClaim: + claimName: logs + {{ security_context() | indent(4) }} --- # ### Download GeoIP database @@ -123,21 +108,20 @@ spec: spec: restartPolicy: Never containers: - - name: mirrormanager - image: image-registry.openshift-image-registry.svc:5000/mirrormanager/mirrormanager2:latest - command: - - "curl" - - "--create-dirs" - - "--output-dir" - - "/var/lib/mirrormanager/geoip" - - "-O" - - "https://infrastructure.fedoraproject.org/infra/bigfiles/geoip/GeoLite2-City.mmdb" - volumeMounts: - - name: data - mountPath: "/var/lib/mirrormanager" - volumes: - - name: data - persistentVolumeClaim: - claimName: data - securityContext: - supplementalGroups: [1001280000] + - name: mirrormanager + image: image-registry.openshift-image-registry.svc:5000/mirrormanager/mirrormanager2:latest + command: + - "curl" + - "--create-dirs" + - "--output-dir" + - "/var/lib/mirrormanager/geoip" + - "-O" + - "https://infrastructure.fedoraproject.org/infra/bigfiles/geoip/GeoLite2-City.mmdb" + volumeMounts: + - name: var-lib + mountPath: "/var/lib/mirrormanager" + volumes: + - name: var-lib + persistentVolumeClaim: + claimName: data + {{ security_context() | indent(4) }} diff --git a/roles/openshift-apps/mirrormanager/templates/cron-geoip.yml b/roles/openshift-apps/mirrormanager/templates/cron-geoip.yml index a7c0011beb..b15277c16a 100644 --- a/roles/openshift-apps/mirrormanager/templates/cron-geoip.yml +++ b/roles/openshift-apps/mirrormanager/templates/cron-geoip.yml @@ -1,3 +1,4 @@ +{% from "_macros.yml" import security_context %} --- # Download GeoIP database apiVersion: batch/v1 @@ -26,14 +27,13 @@ spec: - "-O" - "https://infrastructure.fedoraproject.org/infra/bigfiles/geoip/GeoLite2-City.mmdb" volumeMounts: - - name: data + - name: var-lib mountPath: "/var/lib/mirrormanager" volumes: - - name: data + - name: var-lib persistentVolumeClaim: claimName: data - securityContext: - supplementalGroups: [1001280000] + {{ security_context() | indent(4) }} --- # Generate the mirrors location text file apiVersion: batch/v1 @@ -61,14 +61,13 @@ spec: volumeMounts: - name: config mountPath: "/etc/mirrormanager" - - name: data + - name: var-lib mountPath: "/var/lib/mirrormanager" volumes: - name: config configMap: name: config - - name: data + - name: var-lib persistentVolumeClaim: claimName: data - securityContext: - supplementalGroups: [1001280000] + {{ security_context() | indent(4) }} diff --git a/roles/openshift-apps/mirrormanager/templates/cron-mirrorlist-cache.yml b/roles/openshift-apps/mirrormanager/templates/cron-mirrorlist-cache.yml index d3e04fd2c0..025e50b9d4 100644 --- a/roles/openshift-apps/mirrormanager/templates/cron-mirrorlist-cache.yml +++ b/roles/openshift-apps/mirrormanager/templates/cron-mirrorlist-cache.yml @@ -1,3 +1,4 @@ +{% from "_macros.yml" import common_volume_mounts, common_volumes, common_env %} --- apiVersion: batch/v1 kind: CronJob @@ -15,37 +16,16 @@ spec: spec: restartPolicy: Never containers: - - name: mirrormanager - image: image-registry.openshift-image-registry.svc:5000/mirrormanager/mirrormanager2:latest - command: ["bash", "/opt/scripts/update-mirrorlist-cache.sh"] - volumeMounts: - - name: config - mountPath: "/etc/mirrormanager" - readOnly: true - - name: scripts - mountPath: "/opt/scripts" - readOnly: true - - name: ssh-key - mountPath: /etc/mirrormanager-ssh/ssh_mirrorlist_proxies.key - subPath: ssh_mirrorlist_proxies.key - readOnly: true - - name: data - mountPath: /data + - name: mirrormanager + image: image-registry.openshift-image-registry.svc:5000/mirrormanager/mirrormanager2:latest + command: ["bash", "/opt/scripts/update-mirrorlist-cache.sh"] + env: + {{ common_env() | indent(4) }} + volumeMounts: + {{ common_volume_mounts(with_ssh=True) | indent(4) }} volumes: - - name: config - configMap: - name: config - - name: scripts - configMap: - name: scripts - - name: ssh-key - secret: - secretName: ssh-mirrorlist-proxies-key - - name: data - persistentVolumeClaim: - claimName: mirrorlist-cache - securityContext: - supplementalGroups: [1001280000] + {{ common_volumes(with_ssh=True) | indent(4) }} + {{ security_context() | indent(4) }} --- # Sync netblocks list once a day apiVersion: batch/v1 @@ -64,24 +44,16 @@ spec: spec: restartPolicy: Never containers: - - name: mirrormanager - image: image-registry.openshift-image-registry.svc:5000/mirrormanager/mirrormanager2:latest - command: ["mm2_get-netblocks", "--debug", "global", "/data/global_netblocks.txt"] - volumeMounts: - - name: config - mountPath: "/etc/mirrormanager" - readOnly: true - - name: data - mountPath: /data + - name: mirrormanager + image: image-registry.openshift-image-registry.svc:5000/mirrormanager/mirrormanager2:latest + command: ["mm2_get-netblocks", "--debug", "global", "/var/cache/mirrorlist/global_netblocks.txt"] + env: + {{ common_env() | indent(4) }} + volumeMounts: + {{ common_volume_mounts() | indent(4) }} volumes: - - name: config - configMap: - name: config - - name: data - persistentVolumeClaim: - claimName: mirrorlist-cache - securityContext: - supplementalGroups: [1001280000] + {{ common_volumes() | indent(4) }} + {{ security_context() | indent(4) }} --- # Run the script for Internet2 netblocks very late to # make sure the files are all there. The script is @@ -105,22 +77,11 @@ spec: containers: - name: mirrormanager image: image-registry.openshift-image-registry.svc:5000/mirrormanager/mirrormanager2:latest - command: ["mm2_get-netblocks", "--debug", "internet2", "/data/i2_netblocks.txt"] - volumeMounts: - - name: config - mountPath: "/etc/mirrormanager" - readOnly: true - - name: data - mountPath: /data - volumes: - - name: config - configMap: - name: config - - name: data - persistentVolumeClaim: - claimName: mirrorlist-cache - securityContext: - supplementalGroups: [1001280000] + command: ["mm2_get-netblocks", "--debug", "internet2", "/var/cache/mirrorlist/i2_netblocks.txt"] + env: + {{ common_env() | indent(4) }} + {{ volumes() | indent(4) }} + {{ security_context() | indent(4) }} --- # Amazon EC2 netblocks apiVersion: batch/v1 diff --git a/roles/openshift-apps/mirrormanager/templates/cron-primary-mirror.yml b/roles/openshift-apps/mirrormanager/templates/cron-primary-mirror.yml index 054a27129b..41270de570 100644 --- a/roles/openshift-apps/mirrormanager/templates/cron-primary-mirror.yml +++ b/roles/openshift-apps/mirrormanager/templates/cron-primary-mirror.yml @@ -1,6 +1,7 @@ # ### Primary mirror scanning cron jobs # +{% from "_macros.yml" import volumes, common_env, security_context %} {% for cronjob in mirrormanager_cron_primary_mirror %} --- # Category: {{ cronjob.category }} @@ -20,43 +21,24 @@ spec: spec: restartPolicy: Never containers: - - name: mirrormanager - image: image-registry.openshift-image-registry.svc:5000/mirrormanager/mirrormanager2:latest - command: ["bash", "/opt/scripts/primary-mirror-wrapper.sh", "{{ cronjob.category }}"] - volumeMounts: - - name: config - mountPath: "/etc/mirrormanager" - readOnly: true - - name: scripts - mountPath: "/opt/scripts" - readOnly: true - - name: data - mountPath: "/var/lib/mirrormanager" - - name: logs - mountPath: "/var/log/mirrormanager" - - name: mirror - mountPath: "/srv/pub" - - name: mirror-archive - mountPath: "/srv/pub/archive" + - name: mirrormanager + image: image-registry.openshift-image-registry.svc:5000/mirrormanager/mirrormanager2:latest + command: ["bash", "/opt/scripts/primary-mirror-wrapper.sh", "{{ cronjob.category }}"] + env: + {{ common_env() | indent(4) }} + volumeMounts: + {{ common_volume_mounts(with_ssh=True) | indent(4) }} + - name: mirror + mountPath: "/srv/pub" + - name: mirror-archive + mountPath: "/srv/pub/archive" volumes: - - name: config - configMap: - name: config - - name: scripts - configMap: - name: scripts - - name: data - persistentVolumeClaim: - claimName: data - - name: logs - persistentVolumeClaim: - claimName: logs + {{ common_volumes(with_ssh=True) | indent(4) }} - name: mirror persistentVolumeClaim: claimName: primary-mirror - name: mirror-archive persistentVolumeClaim: claimName: primary-mirror-archive - securityContext: - supplementalGroups: [1001280000] + {{ security_context() | indent(4) }} {% endfor %} diff --git a/roles/openshift-apps/mirrormanager/templates/cron-propagation.yml b/roles/openshift-apps/mirrormanager/templates/cron-propagation.yml index 870296a46d..9c1f9eda10 100644 --- a/roles/openshift-apps/mirrormanager/templates/cron-propagation.yml +++ b/roles/openshift-apps/mirrormanager/templates/cron-propagation.yml @@ -1,3 +1,7 @@ +# +# Propagation checks +# +{% from "_macros.yml" import volumes, common_env, security_context %} --- apiVersion: batch/v1 kind: CronJob @@ -15,25 +19,21 @@ spec: spec: restartPolicy: Never containers: - - name: mirrormanager - image: image-registry.openshift-image-registry.svc:5000/mirrormanager/mirrormanager2:latest - command: - - "/opt/app-root/bin/mm2_crawler" - - "--threads" - - "50" - - "propagation" - env: - # Defaults to 80 columns, not very readable - - name: COLUMNS - value: "160" - volumeMounts: - - name: config - mountPath: "/etc/mirrormanager" - readOnly: true + - name: mirrormanager + image: image-registry.openshift-image-registry.svc:5000/mirrormanager/mirrormanager2:latest + command: + - "/opt/app-root/bin/mm2_crawler" + - "--threads" + - "50" + - "propagation" + env: + {{ common_env() | indent(4) }} + volumeMounts: + {{ common_volume_mounts() | indent(4) }} + volumes: - - name: config - configMap: - name: config + {{ common_volumes() | indent(4) }} + --- apiVersion: batch/v1 kind: CronJob @@ -51,29 +51,23 @@ spec: spec: restartPolicy: Never containers: - - name: mirrormanager - image: image-registry.openshift-image-registry.svc:5000/mirrormanager/mirrormanager2:latest - command: - - "/opt/app-root/bin/mm2_crawler" - - "--threads" - - "50" - - "propagation" - - "--product" - - "CentOS" - - "--version" - - "9-stream" - env: - # Defaults to 80 columns, not very readable - - name: COLUMNS - value: "160" - volumeMounts: - - name: config - mountPath: "/etc/mirrormanager" - readOnly: true + - name: mirrormanager + image: image-registry.openshift-image-registry.svc:5000/mirrormanager/mirrormanager2:latest + command: + - "/opt/app-root/bin/mm2_crawler" + - "--threads" + - "50" + - "propagation" + - "--product" + - "CentOS" + - "--version" + - "9-stream" + env: + {{ common_env() | indent(4) }} + volumeMounts: + {{ common_volume_mounts() | indent(4) }} volumes: - - name: config - configMap: - name: config + {{ common_volumes() | indent(4) }} --- apiVersion: batch/v1 kind: CronJob @@ -91,15 +85,13 @@ spec: spec: restartPolicy: Never containers: - - name: mirrormanager - image: image-registry.openshift-image-registry.svc:5000/mirrormanager/mirrormanager2:latest - command: - - "/opt/app-root/bin/mm2_expire-stats" - volumeMounts: - - name: config - mountPath: "/etc/mirrormanager" - readOnly: true + - name: mirrormanager + image: image-registry.openshift-image-registry.svc:5000/mirrormanager/mirrormanager2:latest + command: + - "/opt/app-root/bin/mm2_expire-stats" + env: + {{ common_env() | indent(4) }} + volumeMounts: + {{ common_volume_mounts() | indent(4) }} volumes: - - name: config - configMap: - name: config + {{ common_volumes() | indent(4) }} diff --git a/roles/openshift-apps/mirrormanager/templates/deploymentconfig.yml b/roles/openshift-apps/mirrormanager/templates/deploymentconfig.yml new file mode 100644 index 0000000000..494cd00738 --- /dev/null +++ b/roles/openshift-apps/mirrormanager/templates/deploymentconfig.yml @@ -0,0 +1,78 @@ +{% from "_macros.yml" import common_volume_mounts, common_volumes, common_env %} +--- +apiVersion: apps.openshift.io/v1 +kind: DeploymentConfig +metadata: + name: frontend + labels: + app: mirrormanager +spec: + replicas: 1 + selector: + app: mirrormanager + deploymentconfig: frontend + strategy: + type: Rolling + activeDeadlineSeconds: 21600 + rollingParams: + intervalSeconds: 1 + maxSurge: 25% + maxUnavailable: 25% + timeoutSeconds: 600 + updatePeriodSeconds: 1 + template: + metadata: + creationTimestamp: null + labels: + app: mirrormanager + deploymentconfig: frontend + spec: + containers: + - name: mirrormanager + imagePullPolicy: Always + ports: + - containerPort: 8080 + env: + - name: APP_MODULE + value: "deploy.wsgi" + - name: APP_CONFIG + value: "/etc/mirrormanager/gunicorn.conf.py" + {{ common_env() }} + + # readinessProbe: + # timeoutSeconds: 10 + # initialDelaySeconds: 5 + # periodSeconds: 60 + # httpGet: + # path: "/healthz/ready" + # port: 8080 + # livenessProbe: + # timeoutSeconds: 10 + # initialDelaySeconds: 10 + # periodSeconds: 60 + # httpGet: + # path: "/healthz/live" + # port: 8080 + + volumeMounts: + {{ common_volume_mounts() }} + - name: secrets + mountPath: "/etc/mirrormanager-secrets" + readOnly: true + + volumes: + {{ common_volumes() }} + - name: secrets + secret: + secretName: secrets + + triggers: + - type: ConfigChange + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - mirrormanager + from: + kind: ImageStreamTag + name: mirrormanager2:latest diff --git a/roles/openshift-apps/mirrormanager/templates/update-mirrorlist-cache.sh b/roles/openshift-apps/mirrormanager/templates/update-mirrorlist-cache.sh index 3f9a9520cd..b685344a43 100644 --- a/roles/openshift-apps/mirrormanager/templates/update-mirrorlist-cache.sh +++ b/roles/openshift-apps/mirrormanager/templates/update-mirrorlist-cache.sh @@ -4,7 +4,7 @@ MIRRORLIST_PROXY="{% for host in groups['mirrorlist_proxies'] %} {{ host }} {% e MM_USER=mirrormanager MM_ROOT=/opt/app-root MM_SSH_KEY=/etc/mirrormanager-ssh/ssh_mirrorlist_proxies.key -CACHEDIR=/data +CACHEDIR=/var/cache/mirrorlist set -e set -x