Start porting elections to openshift

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>

playbooks/openshift-apps/elections.yml

@@ -0,0 +1,52 @@
+- name: make the app be real
+  hosts: os-masters-stg[0]
+  user: root
+  gather_facts: False
+
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - "/srv/private/ansible/vars.yml"
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  roles:
+  - role: openshift/project
+    app: elections
+    description: Fedora Elections apps
+    appowners:
+    - cverna
+    - pingou
+  - role: openshift/object
+    app: elections
+    template: imagestream.yml
+    objectname: imagestream.yml
+  - role: openshift/object
+    app: elections
+    template: buildconfig.yml
+    objectname: buildconfig.yml
+
+  - role: openshift/object
+    app: elections
+    template: configmap.yml
+    objectname: configmap.yml
+
+  - role: openshift/start-build
+    app: elections
+    buildname: elections-build
+    objectname: elections-build
+
+  - role: openshift/object
+    app: elections
+    file: service.yml
+    objectname: service.yml
+
+  - role: openshift/route
+    app: elections
+    routename: elections
+    host: "elections{{ env_suffix }}.fedoraproject.org"
+    serviceport: 8080-tcp
+    servicename: elections
+
+  - role: openshift/object
+    app: elections
+    file: deploymentconfig.yml
+    objectname: deploymentconfig.yml

roles/openshift-apps/elections/files/deploymentconfig.yml

@@ -0,0 +1,69 @@
+---
+apiVersion: v1
+kind: DeploymentConfig
+metadata:
+  labels:
+    app: elections
+    service: elections
+  name: elections
+spec:
+  replicas: 1
+  selector:
+    app: elections
+    deploymentconfig: elections
+  strategy:
+    type: Recreate
+    recreateParams:
+#      mid:
+#        failurePolicy: Abort
+#        execNewPod:
+#          containerName: elections
+#          command: ["alembic", "upgrade", "head", "-c", "/opt/app-root/config/alembic.ini"]
+#          env:
+#          - name: PYTHONPATH
+#            value: /opt/app-root/src
+#          volumes:
+#            - config-volume
+  template:
+    metadata:
+      labels:
+        app: elections
+        deploymentconfig: elections
+    spec:
+      containers:
+      - name: elections
+        image: elections:latest
+        ports:
+        - containerPort: 8080
+        resources: {}
+        volumeMounts:
+        - name: config-volume
+          mountPath: /opt/app-root/config/
+          readOnly: true
+        readinessProbe:
+          timeoutSeconds: 1
+          initialDelaySeconds: 5
+          httpGet:
+            path: /
+            port: 8080
+        livenessProbe:
+          timeoutSeconds: 1
+          initialDelaySeconds: 30
+          httpGet:
+            path: /
+            port: 8080
+      volumes:
+      - name: config-volume
+        configMap:
+          name: elections-configmap
+
+  triggers:
+  - type: ConfigChange
+  - type: ImageChange
+    imageChangeParams:
+      automatic: true
+      containerNames:
+      - elections
+      from:
+        kind: ImageStreamTag
+        name: elections:latest

roles/openshift-apps/elections/files/service.yml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: elections
+  name: elections
+spec:
+  ports:
+  - name: 8080-tcp
+    port: 8080
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    app: elections
+    deploymentconfig: elections

roles/openshift-apps/elections/templates/alembic.ini

@@ -0,0 +1,50 @@
+# A generic, single database configuration.
+
+[alembic]
+# path to migration scripts
+script_location = /usr/share/fedora-elections/alembic
+
+# template used to generate migration files
+# file_template = %%(rev)s_%%(slug)s
+
+# set to 'true' to run the environment during
+# the 'revision' command, regardless of autogenerate
+# revision_environment = false
+
+sqlalchemy.url = postgresql://{{ elections_db_user }}:{{ elections_db_pass }}@{{ elections_db_host }}/{{ elections_db_name }}
+
+
+# Logging configuration
+[loggers]
+keys = root,sqlalchemy,alembic
+
+[handlers]
+keys = console
+
+[formatters]
+keys = generic
+
+[logger_root]
+level = WARN
+handlers = console
+qualname =
+
+[logger_sqlalchemy]
+level = WARN
+handlers =
+qualname = sqlalchemy.engine
+
+[logger_alembic]
+level = INFO
+handlers =
+qualname = alembic
+
+[handler_console]
+class = StreamHandler
+args = (sys.stderr,)
+level = NOTSET
+formatter = generic
+
+[formatter_generic]
+format = %(levelname)-5.5s [%(name)s] %(message)s
+datefmt = %H:%M:%S

roles/openshift-apps/elections/templates/buildconfig.yml

@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: BuildConfig
+metadata:
+  name: elections-build
+  labels:
+    environment: "elections"
+spec:
+  output:
+    to:
+      kind: ImageStreamTag
+      name: elections:latest
+  source:
+    type: Git
+    git:
+      uri: https://pagure.io/elections.git
+{% if env == 'staging' %}
+      ref: "staging"
+{% else %}
+      ref: "production"
+{% endif %}
+  strategy:
+    type: Source
+    sourceStrategy:
+      from:
+        kind: ImageStreamTag
+        namespace: openshift
+        name: python:2.7
+  triggers:
+  - type: ConfigChange
+  - type: ImageChange

roles/openshift-apps/elections/templates/configmap.yml

@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: elections-configmap
+  labels:
+    app: elections
+data:
+  alembic.ini: |-
+    {% include('alembic.ini') %}
+  fedora-elections.cfg: |-
+    {% include('fedora-elections.cfg') %}

roles/openshift-apps/elections/templates/fedora-elections.cfg

@@ -0,0 +1,56 @@
+# Beware that the quotes around the values are mandatory
+
+import os
+
+### Secret key for the Flask application
+SECRET_KEY='{{ elections_secret_key }}'
+
+### url to the database server:
+DB_URL='postgresql://{{ elections_db_user }}:{{ elections_db_pass }}@{{ elections_db_host }}/{{ elections_db_name }}'
+
+## One ore more FAS group that will have admin rights over the whole
+## application, including all elections past, present and future
+FEDORA_ELECTIONS_ADMIN_GROUP = 'elections'
+
+
+## Fedora-elections can integrate with FAS to retrieve information about the
+## candidates, the following configuration keys are required for this
+## integration.
+## URL of the FAS server to use
+{% if env == 'staging' %}
+FAS_BASE_URL = 'https://admin.stg.fedoraproject.org/accounts/'
+{% else %}
+FAS_BASE_URL = 'https://admin.fedoraproject.org/accounts/'
+{% endif %}
+FAS_USERNAME = '{{ fedorathirdpartyUser }}'
+FAS_PASSWORD = '{{ fedorathirdpartyPassword }}'
+## This should be ``True`` but should be changed to ``False`` if the FAS server
+## used does not have a valid SSL certificate.
+FAS_CHECK_CERT = True
+
+# This is required to fix login
+PREFERRED_URL_SCHEME='https'
+
+# Make browsers send session cookie only via HTTPS
+SESSION_COOKIE_SECURE = True
+SESSION_COOKIE_NAME = 'elections'
+
+# Used by SESSION_COOKIE_PATH
+APPLICATION_ROOT = '/voting/'
+
+DOGPILE_CACHE = {
+    'backend': 'dogpile.cache.memcached',
+    'arguments': {
+        'url': ["memcached01:11211"],
+        'distributed_lock': True,
+    },
+}
+
+## URLs to fedmenu resources
+{% if env == 'staging' %}
+FEDMENU_URL = 'https://apps.stg.fedoraproject.org/fedmenu'
+FEDMENU_DATA_URL = 'https://apps.stg.fedoraproject.org/js/data.js'
+{% else %}
+FEDMENU_URL = 'https://apps.fedoraproject.org/fedmenu'
+FEDMENU_DATA_URL = 'https://apps.fedoraproject.org/js/data.js'
+{% endif %}

roles/openshift-apps/elections/templates/imagestream.yml

@@ -0,0 +1,10 @@
+---
+apiVersion: v1
+kind: ImageStream
+metadata:
+  name: elections
+spec:
+  lookupPolicy:
+    local: false
+status:
+  dockerImageRepository: ""