the-new-hotness: Prepare for OpenShift

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
2019-02-13 15:40:38 +01:00 · 2019-02-13 15:40:38 +01:00 · ae91fb8d63
commit ae91fb8d63
parent c257814584
6 changed files with 372 additions and 0 deletions
--- a/master.yml
+++ b/master.yml
@ -121,6 +121,7 @@
 #- import_playbook: /srv/web/infra/ansible/playbooks/openshift-apps/modernpaste.yml
 #- import_playbook: /srv/web/infra/ansible/playbooks/openshift-apps/rats.yml
 #- import_playbook: /srv/web/infra/ansible/playbooks/openshift-apps/transtats.yml
+#- import_playbook: /srv/web/infra/ansible/playbooks/openshift-apps/the-new-hotness.yml

 #
 # host playbooks
--- a/playbooks/openshift-apps/the-new-hotness.yml
+++ b/playbooks/openshift-apps/the-new-hotness.yml
@ -0,0 +1,69 @@
+- name: make the app be real
+  hosts: os-masters-stg[0]
+  user: root
+  gather_facts: False
+
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - "/srv/private/ansible/vars.yml"
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  roles:
+  - role: openshift/project
+    app: the-new-hotness
+    description: Fedora-messaging consumer that listens to release-monitoring.org and files bugzilla bugs in response.
+    appowners:
+    - zlopez
+
+#  - role: openshift/secret-file
+#    app: release-monitoring
+#    secret_name: release-monitoring-fedmsg-key
+#    key: fedmsg-release-monitoring.key
+#    privatefile: fedmsg-certs/keys/release-monitoring-stg.release-monitoring.org.key
+#    when: env == "staging"
+#  - role: openshift/secret-file
+#    app: release-monitoring
+#    secret_name: release-monitoring-fedmsg-cert
+#    key: fedmsg-release-monitoring.crt
+#    privatefile: fedmsg-certs/keys/release-monitoring-stg.release-monitoring.org.crt
+#    when: env == "staging"
+#  - role: openshift/secret-file
+#    app: release-monitoring
+#    secret_name: release-monitoring-fedmsg-key
+#    key: fedmsg-release-monitoring.key
+#    privatefile: fedmsg-certs/keys/release-monitoring-release-monitoring.org.key
+#    when: env != "staging"
+#  - role: openshift/secret-file
+#    app: release-monitoring
+#    secret_name: release-monitoring-fedmsg-cert
+#    key: fedmsg-release-monitoring.crt
+#    privatefile: fedmsg-certs/keys/release-monitoring-release-monitoring.org.crt
+
+  - role: openshift/object
+    app: the-new-hotness
+    template: imagestream.yml
+    objectname: imagestream.yml
+
+  - role: openshift/object
+    app: the-new-hotness
+    template: buildconfig.yml
+    objectname: buildconfig.yml
+
+  - role: openshift/object
+    app: the-new-hotness
+    template: configmap.yml
+    objectname: configmap.yml
+
+  - role: openshift/start-build
+    app: the-new-hotness
+    buildname: the-new-hotness-build
+    objectname: the-new-hotness-build
+
+  - role: openshift/object
+    app: the-new-hotness
+    file: deploymentconfig.yml
+    objectname: deploymentconfig.yml
+
+  - role: openshift/rollout
+    app: the-new-hotness
+    dcname: the-new-hotness
--- a/roles/openshift-apps/the-new-hotness/files/deploymentconfig.yml
+++ b/roles/openshift-apps/the-new-hotness/files/deploymentconfig.yml
@ -0,0 +1,60 @@
+- apiVersion: v1
+  kind: DeploymentConfig
+  metadata:
+    labels:
+      app: the-new-hotness
+      service: the-new-hotness
+    name: the-new-hotness
+  spec:
+    replicas: 1
+    selector:
+      deploymentconfig: the-new-hotness
+    strategy:
+      activeDeadlineSeconds: 21600
+      recreateParams:
+        timeoutSeconds: 600
+      type: Recreate
+    template:
+      metadata:
+        creationTimestamp: null
+        labels:
+          app: the-new-hotness
+          deploymentconfig: the-new-hotness
+      spec:
+        containers:
+          - name: the-new-hotness
+            image: the-new-hotness/the-new-hotness:latest
+            command: ["fedora-messaging", "consume"]
+            volumeMounts:
+              - name: config-volume
+                mountPath: /etc/fedora-messaging
+                readOnly: true
+#              - name: fedmsg-key-volume
+#                mountPath: /etc/pki/fedmsg/key
+#                readOnly: true
+#              - name: fedmsg-crt-volume
+#                mountPath: /etc/pki/fedmsg/crt
+#                readOnly: true
+        volumes:
+          - name: config-volume
+            configMap:
+              name: the-new-hotness-configmap
+#          - name: fedmsg-key-volume
+#            secret:
+#              secretName: release-monitoring-fedmsg-key
+#          - name: fedmsg-crt-volume
+#            secret:
+#              secretName: release-monitoring-fedmsg-cert
+    triggers:
+      - imageChangeParams:
+          automatic: true
+          containerNames:
+            - the-new-hotness
+          from:
+            kind: ImageStreamTag
+            name: the-new-hotness:latest
+            namespace: the-new-hotness
+        type: ImageChange
+      - type: ConfigChange
+kind: List
+metadata: {}
--- a/roles/openshift-apps/the-new-hotness/files/imagestream.yml
+++ b/roles/openshift-apps/the-new-hotness/files/imagestream.yml
@ -0,0 +1,10 @@
+apiVersion: v1
+items:
+  - apiVersion: v1
+    kind: ImageStream
+    metadata:
+      name: the-new-hotness
+      labels:
+        build: the-new-hotness
+kind: List
+metadata: {}
--- a/roles/openshift-apps/the-new-hotness/templates/buildconfig.yml
+++ b/roles/openshift-apps/the-new-hotness/templates/buildconfig.yml
@ -0,0 +1,72 @@
+      apiVersion: v1
+items:
+  - apiVersion: v1
+    kind: BuildConfig
+    metadata:
+      labels:
+        build: the-new-hotness-build
+      name: the-new-hotness-build
+    spec:
+      runPolicy: Serial
+      source:
+        dockerfile: |-
+          FROM fedora:29
+          LABEL \
+            name="the-new-hotness" \
+            vendor="Fedora Infrastructure" \
+            license="GPLv2+"
+          RUN dnf install -y \
+                  git \
+                  koji \
+                  rpm-python \
+                  python3-bugzilla \
+                  python3-dogpile-cache \
+                  python3-requests \
+                  fedora-messaging \
+                  python3-fedora-messaging \
+                  python3-pip \
+                  python3-setuptools && \
+              dnf autoremove -y && \
+              dnf clean all -y
+          RUN git clone https://github.com/fedora-infra/the-new-hotness.git && \
+                  pushd the-new-hotness && \
+  {% if env == 'staging' %}
+                  git checkout staging && \
+  {% else %}
+                  git checkout production && \
+  {% endif %}
+                  python3 setup.py install && \
+                  pip-3 install . && \
+                  pushd hotness_schema && \
+                  python3 setup.py install && \
+                  pip-3 install . && \
+                  rm -rf the-new-hotness
+          EXPOSE 9940
+type: Dockerfile
+git:
+  uri: https://github.com/fedora-infra/the-new-hotness.git
+  {% if env == 'staging' %}
+  ref: staging
+  {% else %}
+  ref: production
+  {% endif %}
+strategy:
+  type: Docker
+output:
+  to:
+    kind: ImageStreamTag
+    name: the-new-hotness:latest
+triggers:
+  {% if stg_anitya_github_secret is defined and env == 'staging' %}
+- type: GitHub
+  github:
+    secret: "{{ stg_hotness_github_secret }}"
+  {% elif anitya_github_secret is defined and env == 'production' %}
+- type: GitHub
+  github:
+    secret: "{{ hotness_github_secret }}"
+  {% endif %}
+- type: ConfigChange
+- type: ImageChange
+kind: List
+metadata: {}
--- a/roles/openshift-apps/the-new-hotness/templates/configmap.yml
+++ b/roles/openshift-apps/the-new-hotness/templates/configmap.yml
@ -0,0 +1,160 @@
+---
+apiVersion: v1
+kind: List
+metadata: {}
+items:
+  - apiVersion: v1
+    kind: ConfigMap
+    metadata:
+      name: the-new-hotness-configmap
+      labels:
+        app: the-new-hotness
+    data:
+      anitya.toml: |-
+        # This file is in the TOML format.
+        # For complete details on all configuration options, see the documentation
+        # https://fedora-messaging.readthedocs.io/en/latest/configuration.html.
+
+        amqp_url = "amqps://messaging-bridge{{ env_suffix }}.fedoraproject.org:@rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org/%2Fpubsub"
+
+        publish_exchange = "amq.topic"
+
+        callback = "hotness.consumers:BugzillaTicketFiler"
+
+        # Note the double brackets below.
+        # To add another binding, add another [[bindings]] section.
+        [[bindings]]
+        queue = "the-new-hotness"
+        exchange = "amq.topic"
+        routing_keys = [
+            "org.release-monitoring.prod.anitya.project.version.update",
+            "org.release-monitoring.prod.anitya.project.map.new",
+            "org.fedoraproject.prod.buildsys.task.state.change",
+        ]
+
+        [tls]
+        ca_cert = ""
+        keyfile = ""
+        certfile = ""
+
+        [client_properties]
+        app = "the-new-hotness"
+
+        [queues.the-new-hotness]
+        durable = true
+        auto_delete = false
+        exclusive = false
+        arguments = {}
+
+        [qos]
+        prefetch_size = 0
+        prefetch_count = 25
+
+        [log_config]
+        version = 1
+        disable_existing_loggers = true
+
+        [log_config.formatters.simple]
+        format = "[%(name)s %(levelname)s] %(message)s"
+
+        [log_config.handlers.console]
+        class = "logging.StreamHandler"
+        formatter = "simple"
+        stream = "ext://sys.stdout"
+
+        [log_config.loggers.fedora_messaging]
+        level = "INFO"
+        propagate = false
+        handlers = ["console"]
+
+        [log_config.root]
+        level = "WARNING"
+        handlers = ["console"]
+
+        # the-new-hotness consumer configuration
+        [consumer_config]
+        repo_url = "https://pagure.io/releng/fedora-scm-requests"
+{% if env == "staging" %}
+        mdapi_url = "https://apps.stg.fedoraproject.org/mdapi"
+        pdc_url = "https://pdc.stg.fedoraproject.org"
+        dist_git_url = "https://src.stg.fedoraproject.org"
+{% else %}
+        mdapi_url = "https://apps.fedoraproject.org/mdapi"
+        pdc_url = "https://pdc.fedoraproject.org"
+        dist_git_url = "https://src.fedoraproject.org"
+{% endif %}
+        # The time in seconds the-new-hotness should wait for a socket to connect
+        # before giving up.
+        connect_timeout = 15
+        # The time in seconds the-new-hotness should wait for a read from a socket
+        # before giving up.
+        read_timeout = 15
+        # The number of times the-new-hotness should retry a network request that
+        # that failed for any reason (e.g. read timeout, DNS error, etc)
+        requests_retries = 3
+        yum_config = "/etc/hotness-yum.conf"
+        # If true, publish fedmsg messages instead of fedora-messaging messages
+        legacy_messaging = false
+
+        [consumer_config.bugzilla]
+        enabled = true
+        #user = None
+        #password = None
+        api_key = "{{ upstream_release_bugzilla_api_token }}"
+{% if env == "staging" %}
+        url = "https://partner-bugzilla.redhat.com"
+        explanation_url = "https://stg.fedoraproject.org/wiki/Upstream_release_monitoring"
+{% else %}
+        url = "https://bugzilla.redhat.com"
+        explanation_url = "https://fedoraproject.org/wiki/Upstream_release_monitoring"
+{% endif %}
+        product = "Fedora"
+        version = "rawhide"
+        keywords = "FutureFeature,Triaged"
+        bug_status = "NEW"
+        short_desc_template = "%(name)s-%(latest_upstream)s is available"
+        description_template = """
+Latest upstream release: %(latest_upstream)s
+Current version/release in %(repo_name)s: %(repo_version)s-%(repo_release)s
+URL: %(url)s
+
+Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy
+
+More information about the service that created this bug can be found at: %(explanation_url)s
+
+Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.
+
+Based on the information from anitya: https://release-monitoring.org/project/%(projectid)s/
+"""
+
+        [consumer_config.koji]
+{% if env == "staging" %}
+        server = "https://koji.stg.fedoraproject.org/kojihub"
+        weburl = "https://koji.stg.fedoraproject.org/koji"
+{% else %}
+        server = "https://koji.fedoraproject.org/kojihub"
+        weburl = "https://koji.fedoraproject.org/koji"
+{% endif %}
+        krb_principal = "hotness/hotness01{{env_suffix}}.phx2.fedoraproject.org@{{ipa_realm}}"
+        krb_keytab = "/etc/krb5.hotness_hotness01{{env_suffix}}.phx2.fedoraproject.org.keytab"
+        krb_ccache = ""
+        krb_proxyuser = ""
+        krb_sessionopts = {timeout = 3600, krb_rdns = false}
+        git_url = "https://src.fedoraproject.org/cgit/rpms/{package}.git"
+        user_email = [
+            "Fedora Release Monitoring",
+            "<release-monitoring@fedoraproject.org>",
+        ]
+        opts = {scratch = true}
+        priority = 30
+        target_tag = "rawhide"
+
+        [consumer_config.anitya]
+        url = "https://release-monitoring.org"
+        username = "{{ fedoraDummyUser }}"
+        password = "{{ fedoraDummyPassword }}"
+
+        [consumer_config.cache]
+        backend = "dogpile.cache.dbm"
+        expiration_time = 300
+        arguments = {filename = "/var/tmp/the-new-hotness-