diff --git a/roles/openshift-apps/openscanhub/files/openscanhub-deployment-fedora-osh-hub.yml b/roles/openshift-apps/openscanhub/files/openscanhub-deployment-fedora-osh-hub.yml index d97180cb4d..2f8905e33a 100644 --- a/roles/openshift-apps/openscanhub/files/openscanhub-deployment-fedora-osh-hub.yml +++ b/roles/openshift-apps/openscanhub/files/openscanhub-deployment-fedora-osh-hub.yml @@ -53,6 +53,9 @@ spec: name: openscanhub-pvc-osh-configs - mountPath: /etc/keytabs name: openscanhub-keytab + - mountPath: /usr/lib/python3.9/site-packages/osh/hub/settings_local.py + name: settings_local-configmap + subPath: settings_local.py dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler @@ -69,3 +72,6 @@ spec: secret: defaultMode: 420 secretName: openscanhub-keytab + - name: settings_local-configmap + configMap: + name: settings_local-config diff --git a/roles/openshift-apps/openscanhub/templates/settings_local-configmap.yml b/roles/openshift-apps/openscanhub/templates/settings_local-configmap.yml new file mode 100644 index 0000000000..503628887c --- /dev/null +++ b/roles/openshift-apps/openscanhub/templates/settings_local-configmap.yml @@ -0,0 +1,15 @@ +{% macro load_file(filename) %}{% include filename %}{%- endmacro -%} +--- +apiVersion: v1 +kind: List +metadata: {} +items: +- apiVersion: v1 + kind: ConfigMap + metadata: + name: settings_local-config + labels: + app: openscanhub + data: + settings_local.ocp.py: |- + {{ load_file('settings_local.ocp.py') | indent(6) }} diff --git a/roles/openshift-apps/openscanhub/templates/settings_local.ocp.py b/roles/openshift-apps/openscanhub/templates/settings_local.ocp.py new file mode 100644 index 0000000000..d855b2de3c --- /dev/null +++ b/roles/openshift-apps/openscanhub/templates/settings_local.ocp.py @@ -0,0 +1,133 @@ +# SPDX-License-Identifier: GPL-3.0-or-later +# SPDX-FileCopyrightText: Copyright contributors to the OpenScanHub project. + +""" +Instance-specific settings. +""" + +import os + +DEBUG = True +TEMPLATE_DEBUG = DEBUG + +ADMINS = ( + ('Siteshwar Vashisht', 'svashisht@redhat.com'), +) + +MANAGERS = ADMINS + +DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.postgresql', + 'NAME': 'openscanhub', + 'USER': 'openscanhub', +{% if env == 'staging' %} + 'PASSWORD': '{{ openscanhub_db_password_stg }}', + 'HOST': 'db01.stg.iad2.fedoraproject.org', +{% else %} + 'PASSWORD': '{{ openscanhub_db_password }}', + 'HOST': 'db01.iad2.fedoraproject.org', +{% endif %} + 'PORT': '5432', + }, +} + +LOGGING = { + 'version': 1, + 'disable_existing_loggers': False, + 'formatters': { + 'verbose': { + 'format': '%(levelname)-7s %(asctime)s %(pathname)-50s:%(lineno)d %(funcName)s %(message)s' + }, + 'simple': { + 'format': '%(levelname)s %(message)s' + }, + }, + 'handlers': { + 'file': { + 'level': 'DEBUG', + 'class': 'logging.handlers.RotatingFileHandler', + 'formatter': 'verbose', + 'filename': '/var/log/osh/hub/hub.log', + 'maxBytes': 10 * (1024 ** 2), # 10 MB + 'backupCount': 14, + }, + }, + 'loggers': { + 'osh': { + 'handlers': ['file'], + 'level': 'DEBUG', + 'propagate': True, + }, + # 'django.db.backends': { + # 'handlers': ['file'], + # 'propagate': False, + # 'level': 'INFO', + # }, + 'kobo': { + 'handlers': ['file'], + 'level': 'DEBUG', + 'propagate': True, + } + } +} + +# Local time zone for this installation. Choices can be found here: +# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name +# although not all choices may be available on all operating systems. +# On Unix systems, a value of None will cause Django to use the same +# timezone as the operating system. +# If running in a Windows environment this must be set to the same as your +# system time zone. +TIME_ZONE = 'Europe/Prague' + +# TODO: Change it for Fedora staging and production deployments. +KRB_AUTH_PRINCIPAL = 'HTTP/covscan.lab.eng.brq2.redhat.com@REDHAT.COM' +KRB_AUTH_KEYTAB = '/etc/httpd/conf/httpd.keytab' + +# Regular users cannot bind to port 25. +EMAIL_PORT = 8025 + +############################################################################### +# OpenScanHub SPECIFIC +############################################################################### + +# Absolute path to task logs and other files +FILES_PATH = '/var/lib/osh/hub' + +# Files for kobo tasks with predefined structure +TASK_DIR = os.path.join(FILES_PATH, 'tasks') + +# Root directory for uploaded files +UPLOAD_DIR = os.path.join(FILES_PATH, 'upload') + +BZ_URL = "https://bugzilla.stage.redhat.com" +JIRA_URL = "https://issues.stage.redhat.com" + +# TODO: Change or remove this URL? +ET_URL = 'https://errata-web-01.host.stage.eng.bos.redhat.com' + +# TODO: Change or remove these URLs? +UMB_BROKER_URLS = [ + 'amqps://umb-broker01.stage.api.redhat.com:5671', + 'amqps://umb-broker02.stage.api.redhat.com:5671', + 'amqps://umb-broker03.stage.api.redhat.com:5671', + 'amqps://umb-broker04.stage.api.redhat.com:5671', + 'amqps://umb-broker05.stage.api.redhat.com:5671', + 'amqps://umb-broker06.stage.api.redhat.com:5671'] + +# TODO: Change or remove this setting? +# https://github.com/openscanhub/fedora-infra/issues/3 +UMB_CLIENT_CERT = '/etc/osh/hub/msg-client-osh.pem' +UMB_TOPIC_PREFIX = 'topic://VirtualTopic.eng.OpenScanHub.scan' + +# E-mail address used in the From: field of notifications generated by OpenScanHub +NOTIFICATION_EMAIL_ADDRESS = "no-reply@example.org" +# E-mail address where notifications about failed/cancelled tasks are sent +DEVEL_EMAIL_ADDRESS = "no-reply@example.org" + +URL_PREFIX = "" +STATIC_URL = URL_PREFIX + '/static/' + +# TODO: Change this for staging and production deployments. +ALLOWED_HOSTS = ['*']